The radical provisions hidden in their tax-and-spend spree….Thank you Senator Hagerty. Have you called Washingon yet?
Category Archives: Cyber War
About that Drone Attack on the Pennsylvania Power Grid
The Drive: U.S. officials believe that a DJI Mavic 2, a small quadcopter-type drone, with a thick copper wire attached underneath it via nylon cords was likely at the center of an attempted attack on a power substation in Pennsylvania last year. An internal U.S. government report that was issued last month says that this is the first time such an incident has been officially assessed as a possible drone attack on energy infrastructure in the United States, but that this is likely to become more commonplace as time goes on. This is a reality The War Zone has sounded the alarm about in the past, including when we were first to report on a still unexplained series of drone flights near the Palo Verde nuclear powerplant in Arizona in 2019.
ABC News was first to report on the Joint Intelligence Bulletin (JIB) covering the incident in Pennsylvania last year, which the Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI), and the National Counterterrorism Center (NCTC) published on Oct. 28, 2021. The document, which ABC obtained a copy of, but only released a small portion of, is marked unclassified, but parts also labeled Law Enforcement Sensitive (LES) and For Official Use Only (FOUO). Other outlets have since obtained copies of this document, which reportedly says that this likely attack took place on July 16, 2020, but does not identify where the substation in question was located.
DHS via ABC News
RELATED READING: FBI Strategic Intelligence/Assessment on Domestic Terrorism
A portion of an annotated satellite image from a US Joint Intelligence Bulletin regarding a likely attempted drone attack on a power substation in Pennsylvania in 2020.
“This is the first known instance of a modified UAS [unmanned aerial system] likely being used in the United States to specifically target energy infrastructure,” the JIB states. “We assess that a UAS recovered near an electrical substation was likely intended to disrupt operations by creating a short circuit to cause damage to transformers or distribution lines, based on the design and recovery location.”
ABC and other outlets have reported that the JIB says that this assessment is based in part on other unspecified incidents involving drones dating back to 2017. As already noted, The War Zone previously reported on another worrisome set of incidents around Arizona’s Palo Verde Generating Station, the largest nuclear power plant in the United States in terms of its output of electricity, in 2019. In the process of reporting that story, we uncovered other reported drone flights that prompted security concerns near the Limerick Generating Station nuclear power plant in Pennsylvania earlier that year.
The Night A Mysterious Drone Swarm Descended On Palo Verde Nuclear Power Plant By Tyler Rogoway and Joseph Trevithick Posted in The War Zone
Here’s What’s In New Guidelines For Defending Infrastructure Against Drone Attacks By Brett Tingley Posted in The War Zone
The Y-12 Nuclear Development Site Has Deployed Its First Anti-Drone System By Brett Tingley Posted in The War Zone
Some Chinese-Made Drones Cleared By Pentagon For U.S. Government Use By Brett Tingley Posted in The War Zone
Is The United States Firing Off “Electricity Bombs” in Syria? By Joseph Trevithick Posted in The War Zone
“To date, no operator has been identified and we are producing this assessment now to expand awareness of this event to federal, state, local, tribal, and territorial law enforcement and security partners who may encounter similarly modified UAS,” the JIB adds.
Beyond the copper wire strung up underneath it, the drone reportedly had its camera and internal memory card removed. Efforts were taken to remove any identifying markings, indicating efforts by the operator or operators to conceal the identifies and otherwise make it difficult to trace the drone’s origins.
DHS via ABC News
A low-quality image showing the drone recovered after the likely attempted attack in Pennsylvania. The green lines are the nylon cables. A copper wire was attached to the bottom ends of both lines.
It’s unclear how much of a threat this particular drone posed in its modified configuration. The apparent intended method of attack would appear to be grounded, at least to some degree, in actual science. The U.S. military employed Tomahawk cruise missiles loaded with spools of highly-conductive carbon fiber wire against power infrastructure to create blackouts in Iraq during the first Gulf War in 1991. F-117 Nighthawk stealth combat jets dropped cluster bombs loaded with BLU-114/B submunitions packed with graphite filament over Serbia to the same effect in 1999.
Regardless, the incident only underscores the ever-growing risks that small drones pose to critical infrastructure, as well as other civilian and military targets, in the United States. If this modified drone did pose a real risk, it would also highlight the low barrier to entry to at least attempt to carry out such attacks. New DJI Mavic 2s can be purchased online right now for between $2,000 and $4,000.
The technology is so readily available that non-state actors around the world, from terrorists in the Middle East to drug cartels in Mexico, are already employing commercial quad and hexacopter-type drones armed with improvised explosive payloads on a variety of targets on and off more traditional battlefields. This includes attempted assassinations of high-profile individuals.
The U.S. government is finally coming to terms with these threats and there are certainly some steps being taken, at least at the federal level, to protect civilian and domestic military facilities against small drones. At the same time, it is equally clear that there is still much work to be done.
This particular incident in Pennsylvania last year highlights separate security concerns relating to Chinese-made small drones that are now widely available in the United States and are even in use within the U.S. government. DJI, or Da Jiang Innovations, is by far the largest Chinese drone maker selling products commercially in the United States today and has been at the center of these debates in recent years.
Whether or not the modified Mavic 2 posed a real danger in this instance or if this was truly the first-ever attempted drone attack on energy infrastructure in the United States, it definitely reflects threats are real now and will only become more dangerous as time goes on.
CIA Director in Moscow Did not Stop 90,000 Russian Troops at Ukraine Border
Senator Marco Rubio appears to be the only person really concerned about a Russian invasion of Ukraine. While CIA Director Bill Burns took a delegation to Moscow for what is said to be high level meetings, it has proven to be ineffective in altering Russian operations versus Ukraine. 
As usual we have this –>The Ukrainian Defense Ministry sent a release saying that about 90,000 Russian troops are stationed close to the border in areas east of the country controlled by rebel forces. This comes two days after Ukraine denied that Russian military personnel were in the area.
Eastern Ukraine has been a contentious area for years. In 2014, Moscow annexed the Crimean Peninsula shortly after the Ukrainian Revolution. Over 14,000 people have died as a result of the conflict.
Russian officials said the troops were present due to maneuvers. Kremlin spokesman Dmitry Peskov said that “Russia maintains troops presence on its territory wherever it deems necessary.”
The ministry’s statement said specifically that units of the Russian 41st army have remained in Yelnya, about 260 kilometers (about 160 miles) north of the Ukrainian border.
On Tuesday, Ukraine’s Defense Minister Andriy Taran submitted his resignation and Ukrainian lawmakers quickly approved it Wednesday. Davyd Arakhamia, the head of the parliamentary faction of President Volodymyr Zelenskyy’s Servant of the People party, said Taran had health problems.
Ukrainian media reported however that Zelenskyy’s office was behind the resignation of Taran and four other ministers, who were also dismissed by parliament on Wednesday.
Russia has cast its weight behind a separatist insurgency in Ukraine’s east that erupted shortly after Moscow’s 2014 annexation of Ukraine’s Crimean Peninsula.
A massive buildup of Russian troops in Russia’s west have been fueling fears of an escalation of large-scale hostilities.
Russian officials said that the troops were deployed as part of measures to counter security threats posed by the deployment of NATO forces near Russian borders. Russia and the alliance also have blamed each other for conducting destabilizing military exercises near the borders.
****
The CIA and the delegation came back empty handed it seems.
THE DIRECTOR OF THE United States Central Intelligence Agency has returned to Washington from a surprise visit to Russia, where he led a high-level team of American officials in meetings with their Russian counterparts. The two-day visit was announced almost simultaneously by both the American and Russian governments, following the arrival of the CIA director, William Burns, to Moscow on Tuesday.
Little information has emerged about the participants in the meetings. A statement from the American embassy in Moscow said simply that Burns had traveled there at the request of President Joe Biden, and that other United States officials had traveled with him. It is believed that Karen Donfried, the State Department’s assistant secretary for European and Eurasian Affairs, traveled with Burns. According to the American embassy, the meetings were held on Tuesday and Wednesday and concerned “a range of issues in the bilateral relationship between the United States and Russia.
A minute-long video, which was posted on social media by the Russian TASS news agency on Tuesday, showed a group of five American officials meeting with five Russian officials. The latter appeared to include Nikolai Patrushev, a close political ally of Russian President Vladimir Putin, who heads the Security Council of Russia —a body that is roughly equivalent to the United States National Security Council. Prior to his current role, Patrushev served as director of the Russian Federal Security Service (FSB).
It is worth noting that Burns speaks Russian and served twice as a diplomat in Russia, most recently as the American ambassador there. Some observers noted that Burns’ trip to Moscow is part of a broader pattern of increasingly frequent meetings between American and Russian officials in recent months. The last four months have seen at least four visits to Russia by senior officials in the Biden administration.
Microsoft Reveals Continued Hacks of Technology Companies
The Russia-linked hackers behind last year’s compromise of a wide swath of the U.S. government and scores of private companies, including SolarWinds Corp. , have stepped up their attacks in recent months, breaking into technology companies in an effort to steal sensitive information, cybersecurity experts said.
In a campaign that dates back to May of this year, the hackers have targeted more than 140 technology companies including those that manage or resell cloud-computing services, according to new research from Microsoft Corp. The attack, which was successful with as many as 14 of these technology companies, involved unsophisticated techniques like phishing or simply guessing user passwords in hopes of gaining access to systems, Microsoft said.
***
Source: In a recent blog post to the company’s website, Microsoft’s corporate vice president of customer security and trust, Tom Burt, wrote that “state actor Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain.”
Nobelium is “attacking a different part of the supply chain: resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers,” according to the company.
Burt wrote that 609 Microsoft customers had been informed that they’d been attacked between July and October of this year close to 23,000 times “with a success rate in the low single digits.”
The attacks, according to the executive, were not aimed at a specific flaw in any of the systems, rather, they were “password spray and phishing” attacks, which are aimed at stealing credentials that grant the attackers access to privileged information.
The Russian state-backed hacking group is, according to Burt, “trying to gain long-term, systematic access to a variety of points in the technology supply chain, and establish a mechanism for surveilling – now or in the future – targets of interest to the Russian government.”
***
Over 600 Microsoft customers targeted since July
“Since May, we have notified more than 140 resellers and technology service providers that have been targeted by Nobelium,” said Tom Burt, Corporate Vice President at Microsoft.
“We continue to investigate, but to date we believe as many as 14 of these resellers and service providers have been compromised.”
As Burt added, in all, more than 600 Microsoft customers were attacked thousands of times, although with a very low rate of success between July and October.
“These attacks have been a part of a larger wave of Nobelium activities this summer. In fact, between July 1 and October 19 this year, we informed 609 customers that they had been attacked 22,868 times by Nobelium, with a success rate in the low single digits,” Burt said.
“By comparison, prior to July 1, 2021, we had notified customers about attacks from all nation-state actors 20,500 times over the past three years.”
This shows that Nobelium is still attempting to launch attacks similar to the one they pulled off after breaching SolarWinds’ systems to gain long-term access to the systems of targets of interest and establish espionage and exfiltration channels.
Microsoft also shared measures MSPs, cloud service providers, and other tech orgs can take to protect their networks and customers from these ongoing Nobelium attacks.
Nobelium’s high profile targets
Nobelium is the hacking division of the Russian Foreign Intelligence Service (SVR), also tracked as APT29, Cozy Bear, and The Dukes.
In April 2021, the U.S. government formally blamed the SVR division for coordinating the SolarWinds “broad-scope cyber espionage campaign” that led to the compromise of multiple U.S. government agencies.
At the end of July, the US Department of Justice was the last US govt entity to disclose that 27 US Attorneys’ offices were breached during the SolarWinds global hacking spree.
In May, the Microsoft Threat Intelligence Center (MSTIC) also reported a phishing campaign targeting government agencies from 24 countries.
Earlier this year, Microsoft detailed three Nobelium malware strains used for maintaining persistence on compromised networks: a command-and-control backdoor dubbed ‘GoldMax,’ an HTTP tracer tool tracked as ‘GoldFinder,’ a persistence tool and malware dropper named ‘Sibot.’
Two months later, they revealed four more malware families Nobelium used in their attacks: a malware downloader known as ‘BoomBox,’ a shellcode downloader and launcher known as ‘VaporRage,’ a malicious HTML attachment dubbed ‘EnvyScout,’ and a loader named ‘NativeZone.’
Naval Engineer Arrested for Passing Classified Submarine Data to Foreign Entity
His code name is Alice. Making use of dead drops tells he watched too many Hollywood movies.
Sunday, October 10, 2021
Maryland Nuclear Engineer and Spouse Arrested on Espionage-Related Charges
Jonathan and Diana Toebbe, both of Annapolis, Maryland, were arrested in Jefferson County, West Virginia, by the FBI and the Naval Criminal Investigative Service (NCIS) on Saturday, Oct. 9. They will have their initial appearances on Tuesday, Oct. 12, in federal court in Martinsburg, West Virginia. For almost a year, Jonathan Toebbe, 42, aided by his wife, Diana, 45, sold information known as Restricted Data concerning the design of nuclear-powered warships to a person they believed was a representative of a foreign power. In actuality, that person was an undercover FBI agent. The Toebbes have been charged in a criminal complaint alleging violations of the Atomic Energy Act.
“The complaint charges a plot to transmit information relating to the design of our nuclear submarines to a foreign nation,” said Attorney General Merrick B. Garland. “The work of the FBI, Department of Justice prosecutors, the Naval Criminal Investigative Service and the Department of Energy was critical in thwarting the plot charged in the complaint and taking this first step in bringing the perpetrators to justice.”
Jonathan Toebbe is an employee of the Department of the Navy who served as a nuclear engineer and was assigned to the Naval Nuclear Propulsion Program, also known as Naval Reactors. He held an active national security clearance through the U.S. Department of Defense, giving him access to Restricted Data. Toebbe worked with and had access to information concerning naval nuclear propulsion including information related to military sensitive design elements, operating parameters and performance characteristics of the reactors for nuclear powered warships.
The complaint affidavit alleges that on April 1, 2020, Jonathan Toebbe sent a package to a foreign government, listing a return address in Pittsburgh, Pennsylvania, containing a sample of Restricted Data and instructions for establishing a covert relationship to purchase additional Restricted Data. The affidavit also alleges that, thereafter, Toebbe began corresponding via encrypted email with an individual whom he believed to be a representative of the foreign government. The individual was really an undercover FBI agent. Jonathan Toebbe continued this correspondence for several months, which led to an agreement to sell Restricted Data in exchange for thousands of dollars in cryptocurrency.
On June 8, 2021, the undercover agent sent $10,000 in cryptocurrency to Jonathan Toebbe as “good faith” payment. Shortly afterwards, on June 26, Jonathan and Diana Toebbe traveled to a location in West Virginia. There, with Diana Toebbe acting as a lookout, Jonathan Toebbe placed an SD card concealed within half a peanut butter sandwich at a pre-arranged “dead drop” location. After retrieving the SD card, the undercover agent sent Jonathan Toebbe a $20,000 cryptocurrency payment. In return, Jonathan Toebbe emailed the undercover agent a decryption key for the SD Card. A review of the SD card revealed that it contained Restricted Data related to submarine nuclear reactors. On Aug. 28, Jonathan Toebbe made another “dead drop” of an SD card in eastern Virginia, this time concealing the card in a chewing gum package. After making a payment to Toebbe of $70,000 in cryptocurrency, the FBI received a decryption key for the card. It, too, contained Restricted Data related to submarine nuclear reactors. The FBI arrested Jonathan and Diana Toebbe on Oct. 9, after he placed yet another SD card at a pre-arranged “dead drop” at a second location in West Virginia.
Trial Attorneys Matthew J. McKenzie and S. Derek Shugert of the National Security Division’s Counterintelligence and Export Control Section, Assistant U.S. Attorneys Jarod J. Douglas and Lara Omps-Botteicher of the Northern District of West Virginia, and Special Assistant U.S. Attorney Jessica Lieber Smolar for the Western District of Pennsylvania are prosecuting the case on behalf of the government. The FBI and the NCIS are investigating the case.