SecDef Austin Fires all Advisory Board(s) Members

Dismissed were hundreds of members of 42 Pentagon advisory boards. 42 separate advisory boards? Really?

Current members being told to step down are only those appointed by the Pentagon and not those appointed by the White House or Congress. For example four people appointed by the Pentagon to a congressionally mandated commission on stripping the names of Confederate generals from military bases will be removed but others on that panel appointed by Congress will remain.
A review of all the boards, and whether they are still needed, will now be the focus before new members are named.

The 42 advisory boards cost taxpayers millions of dollars each year and some of their work is believed to be potentially redundant, which added to the need for the review.
The action effectively removes, for now, several hundred people serving on boards who advise on everything from defense policy, science, innovation, health issues, coastal engineering, sexual misconduct and diversity and inclusion.

WASHINGTON—Defense Secretary Lloyd Austin dismissed every member of the Pentagon’s policy advisory boards Monday, ousting last-minute Trump administration nominees as well as officials appointed by previous administrations.

Lloyd Austin Confirmed As 1st Black Pentagon Chief In U.S. History :  President Biden Takes Office : NPR

By removing every member, Mr. Austin avoided selectively firing those appointed by the Trump administration. The defense chief will name new members to each of the least a dozen boards in the coming weeks.

The move was foreshadowed last week when Mr. Austin suspended the onboarding process for Trump administration nominees to Pentagon advisory boards, effectively preventing them from being seated.

Mr. Austin’s directive last week applied to Trump nominees who were still in the security clearance process. Among those who were affected then were Corey Lewandowski, former President Donald Trump’s 2016 presidential campaign manager, and David Bossie, a former Trump deputy campaign manager, both of whom had been named to the Defense Business Board, an unpaid group that advises the defense secretary and other leaders on business practices.

Because of their potential access to classified information, it can take months for someone to get through the security clearance process and formally join a board. Mr. Austin’s directive last week suspended that process.

In the last weeks of the Trump administration, then acting Defense Secretary Chris Miller named at least a dozen supporters of President Trump to various Pentagon advisory boards.

Those included retired Brig. Gen. Anthony Tata, who weeks earlier had been rejected by the Senate for consideration as the Pentagon’s top policy official, even as he served in that position since June in an acting capacity. Senators and some retired generals expressed concern over inflammatory tweets he made years ago on Islam, President Barack Obama and Democratic lawmakers.

The advisory boards, some of which date back to at least the 1950s, were intended to be bipartisan and offer a diversity of opinion to Pentagon leaders on potential policies.

Among those removed from policy boards by Mr. Miller were former Secretaries of State Madeleine Albright and Henry Kissinger, former House Majority Leader Eric Cantor (R., Va.) and former Rep. Jane Harman (D., Calif.), a onetime senior Democrat on the House Intelligence committee.

 

Biden Leaving Troops in Afghanistan Past the May Deadline

For many many months, the Trump administration was negotiating a peace deal with the Taliban. Frankly, all that the Taliban has agreed to, they have violated. Trump also issued a schedule to lower troop levels in Afghanistan to only a small tight residual number in May of 2021 along with contractors. With the new possible threat(s) of the Taliban and their growing connection to al Qaeda, Biden has decided to leave troop levels in the region at the present level with an increase in Syria and possibly Iraq. All the while, Iran just hosted a Taliban leader for talks where the topic(s) are unknown. Further, Taliban officials have been meeting in Moscow with Russian officials. Those details are found here. 

President Biden also has another immediate issue before him and that is the release of a U.S. contractor that went missing in Afghanistan about a year ago. Mark Frerichs, a navy veteran went missing about a year ago while he was working as a contractor on an engineering project. It is thought he is in the custody of the Haqqani network. The U.S. State Department is offering a $5 million reward that leads to Frerichs’ return. 

So, it is rather fitting that just this week, a very old FOIA request for former Defense Secretary Donald Rumsfeld documents have been released. Frankly, the questions which were referred to at the Pentagon as ‘snowflakes’ reflects his frustration of the layers of bureaucracy  within the Department of Defense and his anger at getting real answers and challenging the quality of intelligence reports. Sound familiar? It is clearly a problem that after 20+ years has not found a quality solution. Just read a few of his snowflakes and judge for your self.

***Donald H. Rumsfeld - U.S. PRESIDENTIAL HISTORY

35 of the most notable items from the new collection is below from the National Archives. 

A follow-on DNSA publication covering the rest of Rumsfeld’s tenure as secretary will appear through ProQuest later in 2021.

One such snowflake was written on March 3, 2003. At 8:16 AM, Rumsfeld wrote to Senior Military Assistant LTG Bantz J. Craddock and Department of Defense General Counsel William Haynes with the subject “KSM”. He wanted to know, “Do we know where the information to find Khalid Sheikh Mohammed came from? Was it from GTMO detainees?” There is no response from either Craddock or Haynes in the DOD release to the Archive, though Rumsfeld’s question is likely a push back to the false claims made by CIA Director George Tenet that the Agency’s resort to torture of Abu Zubaydah led to the capture of Khalid Sheikh Mohammed.

The Senate Select Committee on Intelligence torture report would later reveal that key intelligence on KSM as the mastermind of the 9/11 attacks came from the FBI’s non-coercive, rapport-building interrogation of Abu Zubaydah.[1] This success was prior to the CIA’s contract psychologists, James Mitchell and Bruce Jessen, taking over the interrogation at the CIA “Detention Site Green” in Thailand, which was created to house Zubaydah in 2002.  Their approach to Zubaydah would include 83 water board sessions yet fail to produce any valuable intelligence.  CIA clandestine services chief Jose Rodriguez (and perhaps Gina Haspel, who would later become DCI, though CIA redactions of documents continue to obscure her role) ordered the destruction of the torture videotapes, commenting that “the heat from destoying [sic] is nothing compared to what it would be if the tapes ever got into public domain.”

Later on March 3, under the subject “Contingencies”, Rumsfeld wrote to Under Secretary of Defense for Policy Doug Feith, stating, “We need to plan what we will do if Saddam Hussein is captured. We need to plan what we will do if we catch an imposter.” There is no record of Feith’s answer in the DOD release to the Archive.

Throughout Rumsfeld’s tenure, his snowflakes circulated daily through the highest levels of the Pentagon. With scant limitations on their subject matter, the all-encompassing documents are sometimes an hourly paper trail inside the Office of the Secretary of Defense during six years of tremendous consequence for U.S. foreign policy. The declassified documents also provide an account that at times contradicts DOD public statements.  For example, The Washington Post published a selection of the memos in the six part series “The Afghanistan Papers” in September 2019 revealing that officials misled the American public about the war in Afghanistan.

The entire corpus of snowflakes also details many aspects of the day-to-day operations of the Pentagon, the modernization of the U.S. armed forces, and Rumsfeld’s personal agenda against bureaucracy. “Bureaucracy is driving people nuts,” he wrote in an April 8, 2002, memo at 7:41AM. “If we can take two or three layers out of this place, we will be a lot better off.” In a separate April 8 letter, the secretary suggested cutting all major Pentagon programs by at least 20 percent. (The DOD budget increased by 37.54 percent between FY2001 and FY2006.) On March 11, 2002, Rumsfeld wrote to colleagues, “I am getting tired of seeing the word ‘joint’ everywhere.”

Rumsfeld, Snowflake by Snowflake - Open Source with ...

Other topics in the collection include:

  • the military budgeting process and efforts to rein in defense spending;
  • military planning, procurement, and expenditures;
  • nuclear issues – weapons, proliferation, safety;
  • decision making on military wages, benefits, tours of duty, and veterans issues;
  • military intelligence;
  • Defense Department relations with the CIA and Homeland Security;
  • Rumsfeld’s relations with the State Department and National Security Council;
  • U.S. relations with NATO;
  • U.S. military relations with Russia, former Soviet republics, and other countries;
  • Rumsfeld’s interactions with the news media, Congress, and the public;
  • Guantanamo detainees, interrogation, and torture;
  • concerns about the International Criminal Court and U.S. liability for war crimes;
  • the hunt for Osama bin Laden and other terrorists;
  • the Joint Strike Fighter program; and
  • the emergency landing of a U.S. EP-3 at Hainan Island in 2001

Donald Rumsfeld’s Snowflakes, Part 1: The Pentagon and U.S. Foreign Policy, 2001-2003 will be a critical research tool for historians and will be available through many college and research libraries. Part II, which covers the last three years of Rumsfeld’s tenure as secretary of defense from 2004 to 2006, will be published in 2021. Learn more about accessing the Digital National Security Archive through your library online and how to request a free trial here.

 

March 11, 2002
April 8, 2002
September 12, 2003
October 23, 2003

A few more:

October 10, 2001
Rumsfeld requests a daily report on the location of Osama bin Laden.

 

November 8, 2001
Rumsfeld inquires: “Why doesn’t Pakistan sever its relationship with [sic] Taliban?”

 

November 29, 2001
Rumsfeld accuses career employees in the OSD of undermining his decisions and working too slowly.

 

January 5, 2002
Rumsfeld complains to George Tenet about the CIA.

 

February 15, 2002
Rumsfeld directs his staff to develop a white paper on detainees and the Geneva Conventions.

 

March 11, 2002
Rumsfeld suggests further classification review of the already pre-reviewed Annual Report to the President and the Congress.

 

March 11, 2002
Rumsfeld says the DOD annual report is not conclusive or upbeat enough.

 

March 12, 2002
Rumsfeld recounts his conversation with Russian MoD Sergei Ivanov at a Washington Wizards basketball game.

 

March 14, 2002
Rumsfeld asks how to fix the requirements process.

 

March 16, 2002
Rumsfeld inquiries into U.S. nuclear policy.

 

March 26, 2002
Under the subject “Business As Usual”, Rumsfeld questions whether the Department should cut educational programs while at war.

 

March 28, 2002
Rumsfeld pushes to lift restrictions on contractors providing force protection.

 

March 28, 2002
Rumsfeld proposes a weekly meeting on Afghanistan, stating that it is “drifting”.

April 3, 2002
Rumsfeld’s thoughts on the Middle East.

 

April 8, 2002
Rumsfeld instructs his staff to create a list of all the major “processes” at the Pentagon and shorten them by atleast 20 percent.

 

April 9, 2002
Rumsfeld expresses concern about a “zero defect mentality” in promotion process.

 

 

April 12, 2002
Rumsfeld ruminates on the creation of a new Homeland Security Department.

 

April 15, 2002
Rumsfeld details a conversation with Henry Kissinger about the ICC.

 

April 15, 2002
Rumsfeld contacts Tenet about the ICC.

 

April 23, 2002
Rumsfeld considers possibly renegotiating a Russia-NATO arrangement.

 

April 23, 2002
Rumsfeld proposes using contractors to train the Afghan army.

 

April 23, 2002
Rumsfeld asks if a DOD chart of the PPB system is a joke, or whether it should be.

 

May 5, 2002
Rumsfeld tells Hank Crumpton to “speak up”.

 

May 22, 2002
Rumsfeld circulates a letter comparing interrogation techniques in Afghanistan to Guantanamo.

 

August 8, 2002
Rumsfeld questions whether it is right for pilots to use amphetamines.

 

August 17, 2002
Rumsfeld ruminates on the U.S. and Western Europe “stopping proliferation, reducing weapons of mass destruction and contrubitng to peace and stability” around the world.

 

August 19, 2002
Rumsfeld addresses the President, Vice President, CIA Director, and National Security Advisor on U.S. policy towards Iran and North Korea.

 

October 1, 2002
Rumsfeld sends handwritten notes from an interview with a detainee to Fieth.

 

March 3, 2003
Rumsfeld requests a contingency plan for the possibility of capturing an imposter of Saddam Hussein.

 

March 3, 2003
Rumsfeld contacts Tenet about the intelligence that led to capturing KSM.

 

March 26, 2003
Rumsfeld requests material to brief the President privately on a post-Saddam Iraq.

 

Biden Admin Anti-Israel, Pro Iran

First question is where is Trita Parsi, Ben Rhodes and Ploughshares….

Those answers may be related to –>

The Department of Justice charged a political scientist and frequent contributor to left-leaning foreign policy publications and mainstream newspapers with acting as an unregistered agent for Iran, according to an announcement from federal prosecutors.

Using the guise of a free-thinking academic, Kaveh Lotfolah Afrasiabi has since 2007 been pushing regime propaganda in publications including the New York Times, Boston GlobeWashington Post, and the Nation magazine, as well as many academic journals. Afrasiabi was formally charged on Tuesday with “acting and conspiring to act as an unregistered agent of the Government of the Islamic Republic of Iran,” according to an indictment unsealed in a Brooklyn federal court. More details here.

So, Breitbart has published an item that details several clues that the Biden administration will be more pro Iran and anti Israel and suggests much of that is already underway. It appears that Breitbart is accurate in this assessment when one also includes the fact that John Kerry is on the Biden team and Biden has chosen Wendy Sherman to be the #2 at the State Department. Sherman was John Kerry’s right hand person during the entire Iran nuclear deal. In fact Biden’s selections for key positions at the State Department are almost all Obama re-treads.

The Deal is for Real - Defense One

Gotta wonder if any of the White House press corps will even bother to ask some hard questions of Jen Psaki…

The Lincoln Project is Not Our Ally. | by Lauren ... source

Meanwhile, we know how disgusting and nefarious the members of The Lincoln Project are….but fair warning as it appears they are the newest version of Fusion GPS…opposition research. How is that related to Iran?

The experienced political grifters who founded the Lincoln Project aren’t going to let Donald Trump’s imminent departure or the end of the 2020 U.S. election cycle impede their cash flow.

Four founding members of the controversial super PAC, which recently parted ways with cofounder John Weaver after dozens of young men accused him of sexually inappropriate behavior, are taking their talents to Israel in an effort to make money by advising one of Prime Minister Benjamin Netanyahu’s opponents in the Jewish state’s upcoming elections.

The Associated Press confirmed that Steve Schmidt, Rick Wilson, Stuart Stevens, and Reed Galen were recently hired to advise Gideon Sa’ar, a Netanyahu rival who left the Likud Party in 2019 after an unsuccessful campaign for party leadership. Sa’ar, who founded the New Hope party in December 2020, has accused Netanyahu of being too conciliatory to Palestinian interests.

Israel’s legislative elections will take place on March 23.

***

Prime Minister Netanyahu has taken a very hard stance against the nuclear deal and his opposition has been more soft on the approach. There is another fact that barely made any headlines stating that Iran is the new defacto headquarters for al Qaeda. Remember them?

Analysis: 2 wanted al Qaeda leaders operate in Iran | FDD ... source

For 37 years, under Republican and Democratic administrations alike, the Islamic Republic of Iran has been designated as a state sponsor of terrorism.

Tehran sponsors Hezbollah in Lebanon, Syria and other countries, Shia militias in Iraq, Houthi rebels in Yemen, and Hamas and Palestinian Islamic Jihad in Gaza.

In 1998, an indictment issued by a U.S. district court stated that al Qaeda had “forged alliances” with the “government of Iran and its associated terrorist group Hezbollah for the purpose of working together against their perceived common enemies in the West, particularly the United States.”

In 2011, a federal judge in New York ruled that the Tehran regime had provided support for the attacks of Sept. 11, 2001.

From 2011 to 2016, the Obama administration repeated in formal terrorist designations and other official statements that the Iranian regime had a “secret deal” with al Qaeda that allows the group to “to funnel funds and operatives through” Iranian territory.

Under President Obama, the Treasury and State Departments described this network inside Iran as al Qaeda’s “core facilitation pipeline,” identified its leader as Yasin al-Suri, who had been allowed by “Iranian authorities” to operate inside Iran since 2005. This month, the State Department revealed that he is still working inside Iran.

Another document seized during that raid, but not released until 2017, states that al Qaeda operatives in Iran were given “everything they needed,” including “money, arms” and “training in Hezbollah camps in Lebanon, in exchange for striking American interests in Saudi Arabia and the Gulf.”

Then, two months ago, it was revealed that Abdullah Ahmed Abdullah, al Qaeda’s second-in-command, a planner of the 1998 bombings of two U.S. embassies in Africa, had been living comfortably in Tehran, permitted to maintain a false identity as a Lebanese history professor. He was about to go somewhere in his car when assassins — presumably dispatched by Israel — ended his career.

Which raised a question: To what extent are Iran’s rulers currently enabling al Qaeda? Last week, Secretary of State Mike Pompeo provided an answer.

For the past five years, he told reporters at the National Press Club, Iran’s rulers “have provided safe haven and logistical support — things like travel documents, ID cards, passports — that enable al Qaeda activity.”

AQ leaders in Iran also are allowed to “to fundraise, to freely communicate with al-Qaeda members around the world, and to perform many other functions that were previously directed from Afghanistan or Pakistan.”

He added: “As a result of this assistance, al Qaeda has centralized its leadership inside of Tehran.”

He named and announced sanctions on two such AQ leaders, and designated three members of an al Qaeda-linked group that, he said, operates on the border between Iran and Iraq.

Most media covered Mr. Pompeo’s remarks dismissively. The Associated Press told readers that “many in the intelligence community” found Mr. Pompeo’s charges regarding the Tehran-AQ link “overblown given a history of animosity between the two.”

The New York Times accused Mr. Pompeo of “demonizing Iran,” in order to make “any effort by Mr. Biden to resuscitate the Iran nuclear deal more difficult.”

And, of course, those who sympathize with Iran’s rulers were outraged. Jamal Abdi, president of the National Iranian American Council (NIAC), asserted that Mr. Pompeo has “leaked materials to the advocacy group Foundation for Defense of Democracies aimed at supporting the claim of Iran and al Qaeda ties.”

That’s false. Beginning in 2011, colleagues at FDD worked hard to persuade the U.S. government to declassify and release primary source documents retrieved from Osama bin Laden’s villa in Pakistan. Mr. Pompeo, as CIA director, did that in 2017.

These documents are key for understanding how al Qaeda operates — in Iran and many other countries. But, as noted, the fact that AQ had an “agreement” with the Iranian regime had been revealed by the Obama administration years earlier. Why NIAC would not want additional information released I leave for you to consider.

The Obama administration ended up transferring billions of dollars to Iran’s rulers in exchange for their promise to slow-walk their nuclear program. The money was used to develop missiles that can carry nuclear warheads, establish military bases in Syria, arm Houthi rebels, attack Saudi oil facilities, and similar purposes.

And while Iran’s rulers remained in the Joint Comprehensive Plan of Action (JCPOA) along with our European allies, they have repeatedly violated their obligations, for example announcing this past weekend that they were preparing to produce uranium metal, which they had agreed not to do for 15 years.

France, Germany and Britain urged the theocrats to “return to compliance with their JCPOA commitments without further delay.” A prediction: Iran’s rulers will promise to do that if the price is right. But they won’t keep their promise. Because they are not with us. They are with the terrorists — including those who attacked us on 9/11. source and hat tip

 

Chinese Communist Party is “inside the gates”

In part from Breitbart:

Secretary of State Michael Pompeo warned lawmakers that the threat from the Chinese Communist Party is “inside the gates” during a meeting with House Republican lawmakers on Friday.

Pompeo told members of the conservative Republican Study Committee that as a former lawmaker, he is aware of the threat posed by China but that he did not appreciate “the scope and the scale and the nature” of how close the threat is until he became Central Intelligence Agency director.

This CCP infection inside the United States goes beyond Senator Feinstein, Congressman Eric Swalwell, former California Senator, Barbara Boxer or even closing the Chinese embassy in Houston. There is the Thousand Talents Program that has wormed it's way through academia and the Confucius Institutes.

How about a little known Florida congresswoman, Stephanie Murphy (D-FL)? She is quite dedicated to China due in part to her husband Sean and his manufacturing company, 3N2. His company produces sports equipment/apparel in China. Further, she advocates for all the democrat policy points including open-border policies and more studies into “gun-violence”. Crazy enough, Murphy actually joined a small group of Democrats in calling to remove tariffs on the Chinese government.

None of this is actually new when it comes to Stephanie Murphy, in fact it goes back as far as 2017. Did anyone notice?

When you are on social media, do you actually work hard to determine if you are being trolled by some foreign entity? We are quite aware of Russian disinformation but going back years, at least to 2016 (interesting year), China's own troll farm has been just as successful in the social media sphere and you are likely a victim. DC politicians are just as likely to be willing accomplices.

There is or was a Chinese operation called the 50-centers and you probably clicked on a lot of their social media posts.

The Left-leaning policy organization Foreign Policy published the following in 2016.

A May 17 paper written by professors at Harvard, Stanford, and the University of California, San Diego provides the most detailed and ambitious description of China’s 50-centers available to date. It confirms the existence of a “massive secret operation” in China pumping out an estimated 488 million fabricated social media posts per year, part of an effort to “regularly distract the public and change the subject” from any policy-related issues that threaten to anger citizens enough to turn them out onto the streets. But the research finds no evidence these 50-centers are, in fact, paid 50 cents, nor does it find they engage in direct and angry argument with their opponents. Instead, they are mostly bureaucrats already on the public payroll, responding to government directives at a time of heightened tension to flood social media with pro-government cheerleading.

Opinion: How Chinese paid cyber-troll farms are upending ... photo

Understanding the behavior of pro-government netizens is important, given the stakes. In the past two and a half years, the Chinese government has used a combination of muscle and guile to cow online opinion leaders into submission, muzzling social media as a political force, and leaching public dialogue of much of its independence. But beneath the peppy, pablum-filled surface that has resulted, Chinese social media remains a contested space. In countless online chat rooms, bulletin boards, and Weibo threads, Chinese social media roils with the same ideological debates that also increasingly consume Chinese academics and elites.

Broadly speaking, the clash pits so-called leftists — that is, conservatives and neo-Confucianists who marry stout Chinese nationalism, a yearning for reconstructed socialism, and the quest for a reversion to hierarchy and filial piety — against rightists, or reformists, who continue to espouse what a Westerner would recognize as universal values, such as civil and human rights, government transparency, and democracy and constitutionalism. It’s more common for the two camps to exchange barbs than ideas. The leftists label the rightists sellouts, turncoats, and “public intellectuals,” the latter delivered with an implicit sneer. The rightists often call the leftists “50-centers,” regardless of who really pays their bills.

What is worse is a separate issue known as the Chinese cyber-attacks. A for instance however:

More than two dozen universities in the United States and around the world were targeted as part of an effort by the People’s Liberation Army, the Chinese military, to build up its naval and submarine forces.

iDefense, one security firm, tracked the Chinese cyberattacks to a hacking group known variously as Temp.Periscope, Leviathan or Mudcarp. A second firm, FireEye, calls the hacking group APT40 or Temp.Periscope.

FireEye said the operations appear linked to Chinese activities in the South China Sea, where Beijing has built disputed islands and deployed advanced missiles on them beginning a year ago. The Chinese military hacker unit in charge of that region is the Chengdu-based Unit 78020.

The 27 universities included the University of Hawaii, the University of Washington and the Massachusetts Institute of Technology.

Take caution, judge slowly. Secretary of State Mike Pompeo is right.

 

 

 

FBI is Investigating a Mysterious Postcard

SolarWinds hackers also breached the US NNSA nuclear ... source

(Reuters) – The FBI is investigating a mysterious postcard sent to the home of cybersecurity firm FireEye’s chief executive days after it found initial evidence of a suspected Russian hacking operation on dozens of U.S. government agencies and private American companies.

U.S. officials familiar with the postcard are investigating whether it was sent by people associated with a Russian intelligence service due its timing and content, which suggests internal knowledge of last year’s hack well before it was publicly disclosed in December.

Moscow has denied involvement in the hack, which U.S. intelligence agencies publicly attributed here to Russian state actors.

The postcard carries FireEye’s logo, is addressed to CEO Kevin Mandia, and calls into question the ability of the Milpitas, California-based firm to accurately attribute cyber operations to the Russian government.

People familiar with Mandia’s postcard summarized its content to Reuters. It shows a cartoon with the text: “Hey look Russians” and “Putin did it!”

The opaque message itself did not help FireEye find the breach, but rather arrived in the early stages of its investigation. This has led people familiar with the matter to believe the sender was attempting to “troll” or push the company off the trail by intimidating a senior executive.

Reuters could not determine who sent the postcard. U.S. law enforcement and intelligence agencies are spearheading the probe into its origin, the sources familiar said.

The FBI did not provide comment. A FireEye representative declined to discuss the postcard.

A disinformation researcher from the Rand Corporation, Todd Helmus, received a similar postcard in 2019, based on an image of it Helmus posted to Twitter. Helmus, who studies digital propaganda, said he received the postcard after testifying to Congress about Russian disinformation tactics.

FireEye discovered the Russian hacking campaign – now known as “Solorigate” for how it leveraged supply chain vulnerabilities in network management firm Solarwinds – because of an anomalous device login from within FireEye’s network. The odd login triggered a security alert and subsequent investigation, which led to the discovery of the operation.

FireEye worked closely with Microsoft to determine that the infiltration at FireEye in fact represented a hacking campaign that struck at least eight federal agencies including the Treasury, State and Commerce Departments.

When the postcard was sent, FireEye had not yet determined who was behind the cyberattack. A person familiar with the postcard investigation said “this is not typically the Russian SVR’s playbook” but “times are rapidly changing.” SVR is an acronym for the Foreign Intelligence Service of Russia.

A former U.S. intelligence official said the postcard reminded him of a now public mission by U.S. Cyber Command where they sent private messages to Russian hackers ahead of the 2018 congressional elections in the United States.

“The message then from the U.S. was ‘watch your back, we see you’ similar to here,” the former official said.

The extent of the damages tied to the U.S. government hack remains unclear. Emails belonging to senior officials were stolen from an unclassified network at the Treasury and Commerce Departments.FBI says 'ongoing' SolarWinds hack was probably the work ...

Related reading: Third malware strain discovered in SolarWinds supply chain attack

Now known in the cyber world, the heck of Solarwinds continues to rock the nation.

Kaspersky reports finding code similarities between the Sunburst backdoor in SolarWinds’ Orion platform and a known backdoor, Kazuar, which Palo Alto Networks in 2017 associated with the Turla threat group. Kaspersky is cautious about attribution, and notes that there are several possibilities:

  • Sunburst and Kazuar are the work of the same threat group.
  • Sunburst’s developers borrowed from Kazuar.
  • Both backdoors derived from a common source.
  • Kazuar’s developers jumped ship to another threat group that produced Kazuar.
  • Whoever developed Sunburst deliberately introduced subtle false flag clues into their code.

Reuters points out that Estonian intelligence services have long attributed Turla activity to Russia’s FSB (which was unavailable to Reuters for comment).

In an updated Solorigate advisory, CISA released detection and mitigation advice for post-compromise activity in the Microsoft 365 (M365) and Azure environment.

The US District Court for the Southern District of Ohio has responded to Solorigate by requiring that court documents be filed on paper, the Columbus Dispatch reports.

***

Related reading: The SolarWinds Hackers Shared Tricks With a Notorious Russian Spy Group

Reuters: Investigators at Moscow-based cybersecurity firm Kaspersky said the “backdoor” used to compromise up to 18,000 customers of U.S. software maker SolarWinds closely resembled malware tied to a hacking group known as “Turla,” which Estonian authorities have said operates on behalf of Russia’s FSB security service.

The findings are the first publicly-available evidence to support assertions by the United States that Russia orchestrated the hack, which compromised a raft of sensitive federal agencies and is among the most ambitious cyber operations ever disclosed.

Moscow has repeatedly denied the allegations. The FSB did not respond to a request for comment.

Costin Raiu, head of global research and analysis at Kaspersky, said there were three distinct similarities between the SolarWinds backdoor and a hacking tool called “Kazuar” which is used by Turla.

The similarities included the way both pieces of malware attempted to obscure their functions from security analysts, how the hackers identified their victims, and the formula used to calculate periods when the viruses lay dormant in an effort to avoid detection.

“One such finding could be dismissed,” Raiu said. “Two things definitely make me raise an eyebrow. Three is more than a coincidence.”

Confidently attributing cyberattacks is extremely difficult and strewn with possible pitfalls. When Russian hackers disrupted the Winter Olympics opening ceremony in 2018, for example, they deliberately imitated a North Korean group to try and deflect the blame.

Raiu said the digital clues uncovered by his team did not directly implicate Turla in the SolarWinds compromise, but did show there was a yet-to-be determined connection between the two hacking tools.

It’s possible they were deployed by the same group, he said, but also that Kazuar inspired the SolarWinds hackers, both tools were purchased from the same spyware developer, or even that the attackers planted “false flags” to mislead investigators.

Security teams in the United States and other countries are still working to determine the full scope of the SolarWinds hack. Investigators have said it could take months to understand the extent of the compromise and even longer to evict the hackers from victim networks.

U.S. intelligence agencies have said the hackers were “likely Russian in origin” and targeted a small number of high-profile victims as part of an intelligence-gathering operation.