DOJ Charges 6 Russian Military Hackers for Global Cyberattacks

FNC: The Justice Department on Monday announced the indictment of six military hackers with the Russian GRU who allegedly carried out a global conspiracy that included cyberattacks around the world.

The alleged attacks hit targets in Ukraine, the 2018 Winter Olympics in South Korea, and western Pennsylvania.

“No country has weaponized its cyber-capabilities as maliciously and irresponsibly as Russia,” Assistant Attorney General John C. Demers said at a DOJ press conference.

The defendants are six current and former members of GRU, Russia’s military intelligence service. The DOJ said the attacks began in November 2015 and continued until at least October 2019. The allegations do not include any interference in U.S. elections.

The alleged attacks include malware strikes against the Ukrainian power grid, Ministry of Finance, and State Treasury Service; spearphishing campaigns and attacks against French President Emmanuel Macron’s political party, local French governments, and French politicians before their 2017 elections; the global NotPetya malware attack that infected computer worldwide including those in medical facilities in western Pennsylvania and a large American pharmaceutical company; the Olympic Destroyer attack that targeted computers supporting the 2018 Olympics; a spearphishing campaign targeting South Korean officials and citizens, as well as Olympic athletes; another spearphishing campaign against the United Kingdom’s Defence Science and Technology Laboratory, and attacks targeting government entities and companies in Georgia.

(Source: FBI)

(Source: FBI)

The NotPetya attack alone allegedly resulted in nearly $1 billion in losses, the DOJ said.

The Olympic attacks allegedly came after Russian athletes were banned from competing under the Russia flag due to their country’s government-sponsored doping efforts. The defendants – Yuriy Sergeyevich Andrienko, Sergey Vladimirovich , Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko and Petr Nikolayevich Pliskin – are charged with conspiracy, computer hacking, wire fraud, aggravated identity theft and false registration of a domain name.

“The crimes committed by these defendants,” said Western District of Pennsylvania U.S. Attorney Scott Brady, “are truly breathtaking in their scope, scale, and impact.”

The Justice Department thanked tech companies including Google, Facebook and Twitter for assisting them in their investigation, but did not explain how they helped.

***

In part from the Justice Department: These GRU hackers and their co-conspirators engaged in computer intrusions and attacks intended to support Russian government efforts to undermine, retaliate against, or otherwise destabilize: (1) Ukraine; (2) Georgia; (3) elections in France; (4) efforts to hold Russia accountable for its use of a weapons-grade nerve agent, Novichok, on foreign soil; and (5) the 2018 PyeongChang Winter Olympic Games after Russian athletes were banned from participating under their nation’s flag, as a consequence of Russian government-sponsored doping effort.

Their computer attacks used some of the world’s most destructive malware to date, including: KillDisk and Industroyer, which each caused blackouts in Ukraine; NotPetya, which caused nearly $1 billion in losses to the three victims identified in the indictment alone; and Olympic Destroyer, which disrupted thousands of computers used to support the 2018 PyeongChang Winter Olympics.  The indictment charges the defendants with conspiracy, computer hacking, wire fraud, aggravated identity theft, and false registration of a domain name.

According to the indictment, beginning in or around November 2015 and continuing until at least in or around October 2019, the defendants and their co-conspirators deployed destructive malware and took other disruptive actions, for the strategic benefit of Russia, through unauthorized access  to victim computers (hacking).  As alleged, the conspiracy was responsible for the following destructive, disruptive, or otherwise destabilizing computer intrusions and attacks:

  • Ukrainian Government & Critical Infrastructure: December 2015 through December 2016 destructive malware attacks against Ukraine’s electric power grid, Ministry of Finance, and State Treasury Service, using malware known as BlackEnergy, Industroyer, and KillDisk;
  • French Elections: April and May 2017 spearphishing campaigns and related hack-and-leak efforts targeting French President Macron’s “La République En Marche!” (En Marche!) political party, French politicians, and local French governments prior to the 2017 French elections;
  • Worldwide Businesses and Critical Infrastructure (NotPetya): June 27, 2017 destructive malware attacks that infected computers worldwide using malware known as NotPetya, including hospitals and other medical facilities in the Heritage Valley Health System (Heritage Valley) in the Western District of Pennsylvania; a FedEx Corporation subsidiary, TNT Express B.V.; and a large U.S. pharmaceutical manufacturer, which together suffered nearly $1 billion in losses from the attacks;
  • PyeongChang Winter Olympics Hosts, Participants, Partners, and Attendees: December 2017 through February 2018 spearphishing campaigns and malicious mobile applications targeting South Korean citizens and officials, Olympic athletes, partners, and visitors, and International Olympic Committee (IOC) officials;
  • PyeongChang Winter Olympics IT Systems (Olympic Destroyer): December 2017 through February 2018 intrusions into computers supporting the 2018 PyeongChang Winter Olympic Games, which culminated in the Feb. 9, 2018, destructive malware attack against the opening ceremony, using malware known as Olympic Destroyer;
  • Novichok Poisoning Investigations: April 2018 spearphishing campaigns targeting investigations by the Organisation for the Prohibition of Chemical Weapons (OPCW) and the United Kingdom’s Defence Science and Technology Laboratory (DSTL) into the nerve agent poisoning of Sergei Skripal, his daughter, and several U.K. citizens; and
  • Georgian Companies and Government Entities: a 2018 spearphishing campaign targeting a major media company, 2019 efforts to compromise the network of Parliament, and a wide-ranging website defacement campaign in 2019.

Cybersecurity researchers have tracked the Conspirators and their malicious activity using the labels “Sandworm Team,” “Telebots,” “Voodoo Bear,” and “Iron Viking.”

CIA Labs Launches for Advanced Research Projects

This new initiative is to allow the agency to attract and retain scientists and engineers, who are highly sought after by some of America’s top technology firms, like Google and Oracle. MIT’s Technology Review, which wrote about this initiative, referred to it as a “skunkworks”.

The Central Intelligence Agency announced Monday the launch of its first-ever federal lab, a new internal organization that will allow its officers to obtain patents and licenses for intellectual property they create while working at the agency.

The new office, called CIA Labs, will be an in-house research and development office through which the spy agency will develop the future technology it needs for intelligence collection for national security, while also helping U.S. economic security, according to Dawn Meyerriecks, head of CIA’s Directorate of Science and Technology, in an agency press release.

CIA Labs photo

In a speech last week at the Intelligence and National Security Summit, Meyerriecks listed several broad areas where the agency has intellectual property that could “change the conversation” around key emerging technologies. She listed 5G, battery technology, augmented and virtual reality, artificial intelligence and machine learning, computation, geospatial information representation, navigation, and analytics as areas of focus.

“It’s an endless list that we collectively own, but the world desperately needs,” Meyerriecks said. “And if your attitude is ‘I will get this to production and then I will wait for the next procurement opportunity,’ then we are collectively part of the problem, not part of the solution.”

She added that the agency already has two provisional patents, but didn’t go into detail.

The lab is an investment the CIA is making to recognize the entrepreneurs inside the agency, an area not covered by the intelligence community’s other innovation and advanced research hubs, In-Q-Tel and the Intelligence Advanced Research Projects Activity.

The federal lab designation will allow the agency to strengthen its connection to academia, industry and the 300 federal labs across the United States. The CIA press release added that the labs will allow for internship and externships for officers. CIA labs will also provide career incentives at the agency because the investors can receive license revenue from users outside the agency.

“Some phenomenal innovations have come from CIA over the years, and with CIA Labs, we’re now better positioned to optimize developments and further invest in our scientists and technologists. In an evolving threat landscape, CIA Labs will help us maintain our competitive edge and protect our nation,” Meyerriecks said in a statement Monday.

*** CIA Labs to focus on blockchain research among other areas ... photo

Officers who develop new technologies at CIA Labs will be allowed to patent, license, and profit from their work, making 15% of the total income from the new invention with a cap of $150,000 per year. That could double most agency salaries and make the work more competitive with Silicon Valley.

CIA Labs is looking at areas including artificial intelligence, data analytics, biotechnology, advanced materials, and high-performance quantum computing.

One example of an immediate problem Meyerriecks says the agency faces is being overwhelmed by the amount of data it collects. Militaries and intelligence agencies around the world deal in a multitude of sensors like, for instance, the kind of tech found on drones. The CIA’s own sensors suck up incalculable mountains of data per second, she says. Officers badly want to develop massive computational power in a relatively small, low-power sensor so the sorting can be done quickly on the device instead of being sent back to a central system.

Of course, efforts to develop new technology inevitably run into questions about how it will actually be used, especially at an agency that has long been a fundamental instrument of American power. Some inventions have been uncontroversial: during the Cold War, Meyerriecks says, the agency helped develop lithium-ion batteries, an innovative power source now widely used by the public. More recently, however, during the war on terrorism, the agency poured resources into advancing nascent drone technology that has made tech-enabled covert assassination a weapon of choice for every American president since 9/11 despite despite ongoing controversy over its potential illegality.

When Iran Buys Arms, Tanks and Air Defense Systems, Blame Europe

Primer: The 3rd Khordad system, which is based on the Russian S-300 and shot down a U.S. sophisticated large Global Hawk US drone in June 2019. Iran is the major supplier of weapons to Syria.

Iran’s foreign minister says the country will meet its strategic needs by purchasing weapons from Russia and China, and has no need for European weapons once the UN embargo is lifted in October.

Iran announces mass production of domestic main battle ...

(Bloomberg) — European governments that aren’t backing the U.S. re-imposition of United Nations sanctions on Iran are wedded to the “silly” 2015 nuclear deal and haven’t proposed an alternative for preventing new conventional arms sales to Iran, Secretary of State Michael Pompeo said.

With European powers stressing their commitment to the accord on Sunday, Pompeo doubled down on the U.S. decision to invoke the “snapback” of sanctions in a dispute that’s helped estrange President Donald Trump’s administration and Europe.

“The Europeans who have not joined us in this, they know we’re right,” Pompeo said on Fox News’s “Sunday Morning Futures.” “They tell us privately they don’t want the arms sales to come back” and expressed this view in a letter “that they’re very concerned about these arms sales.” He didn’t elaborate on who sent the letter or when.

The U.S. on Saturday said that all of the UN resolutions on Iran that were in place before the 2015 deal — from a ban on arms deals to restrictions on Iran’s ballistic missile activity and its nuclear enrichment — have now gone back into effect. But 13 of 15 Security Council members say they don’t consider the U.S. move valid.

Can’t Proceed

“It is illegitimate for the U.S. to demand the Security Council invoke the snapback mechanism” because it is no longer a participant of the deal, Chinese Ambassador Zhang Jun wrote in a letter to the Security Council on Saturday that was seen by Bloomberg News.

UN Secretary General Antonio Guterres also weighed in on the disagreement on Saturday, noting in a letter that he couldn’t proceed in acting upon the U.S. snapback because of the “uncertainty over whether or not the process” was “indeed initiated”.

Although Europeans have expressed private concern, “they haven’t lifted a finger, they haven’t done the work that needs to be done” or have outlined an option to the U.S. snapback, Pompeo said. “I hope they’ll join us. I hope they get to the right place. They’re still wedded to this silly nuclear deal that was signed now five years ago.”

Weapons Purchases

Absent the snapback, Iran would be able to resume buying arms, tanks and air defense systems, Pompeo said. “All of those in a couple of weeks, would have been permitted to have been sold,” he said.

European powers on Sunday stressed their commitment to the nuclear agreement.

“We have worked tirelessly to preserve the nuclear agreement and remain committed to do so,” the foreign ministers of France, Germany and the U.K. said in a statement. Josep Borrell, the European Union’s foreign policy chief, said the accord is “a key pillar” of nuclear non-proliferation that deserves support.

Since quitting the accord in 2018, the Trump administration has plowed ahead with efforts to undermine the deal, ratcheting up sanctions on Iran and threatening allies if they do business with the Islamic republic. Trump is expected to speak on Tuesday to the UN General Assembly, which is being held virtually this year.

The U.S. campaign has united partners such as the U.K., France and Germany with Russia and China, all of whom have sought to salvage the accord. Their support for the deal has left the U.S. isolated on the United Nations Security Council.

Why U.S., Other Powers Differ on Iran Nuclear Deal: QuickTake

Iranian President Hassan Rouhani, at a cabinet meeting on Sunday shown on state television news, called the U.S. move a sign of “certain failure” which only demonstrates that President Donald Trump’s strategy has resulted in “maximum isolation” for Washington.

On Saturday, the commander of the Islamic Revolutionary Guard Corps threatened Iran would set U.S. military outposts in the Persian Gulf “on fire at once” if its adversary tried to start a war.

To enforce those measures, if countries like Russia and China disregard them, the U.S. could use tools such as secondary sanctions on shippers, insurers and banks. It could even threaten interdictions of ships at sea.

Read More: Iran Warns U.S. Against War Before UN Sanctions Showdown

“In the coming days, the United States will announce a range of additional measures to strengthen implementation of UN sanctions and hold violators accountable,” Pompeo said in his statement on Saturday. “Our maximum pressure campaign on the Iranian regime will continue until Iran reaches a comprehensive agreement with us to rein in its proliferation threats and stops spreading chaos, violence and bloodshed.”

Speaking Sunday at a church in Plano, Texas, Pompeo, said he prays that “the Iranian people that they will get a government that they deserve that respects the dignity of the lives of the Iranian people.”

The Iranian rial hit a low on the unregulated open market on Sunday, weakening 4.6% compared with last week and briefly breaching 280,000 per U.S. dollar, according to two currency trading channels on the Telegram messaging app.

SecDef Says China, Russia Have ‘Weaponized Space’

Primer: Now we are beginning to understand the creation of the new military branch known as the Space Force and further it is important to embrace the work of NASA and SpaceX.

Is the Space Force Necessary? If Done Correctly, Yes | CyberDB

A year ago, two intelligence agencies have recently released documents that describe in general terms the nature of the threat. Russia and China are developing kinetic and non-kinetic means designed to disrupt, degrade and destroy U.S. space systems. Mechanisms being tested include directed energy weapons such as lasers, spacecraft that can physically manipulate satellites, terrestrial anti-satellite munitions, jammers that can disrupt uplinks and downlinks, and cyber tools that can impair satellites, ground stations and the equipment of warfighters reliant on space-based systems.

For instance, China is believed to possess 120 intelligence and reconnaissance satellites, many of which are operated by the People’s Liberation Army to track the movements of U.S. forces. Russia only possesses about 20 such satellites. And while Russia pioneered development of systems for hacking and attacking U.S. space systems, it is China that is continually increasing it outlays for counterspace technologies. For example, Beijing tested an anti-satellite weapon in 2007 and has continued refining that technology.

With a typical Army combat brigade containing 2,000 pieces of equipment dependent on space systems to function, this is a serious matter. In wartime, counterspace attacks could prevent the joint force from accessing GPS signals vital to the operation of smart bombs, block the transmission of critical intelligence, and even impede the ability of the president to receive timely warning of a nuclear attack. The nation’s entire global military posture could be degraded by disruption of links traveling through orbital assets. More here from Forbes

The U.S. plan for a Space Force risks escalating a 'space arms race'

China and Russia have introduced weapons to space, including killer satellites, Secretary of Defense Mark Esper said Wednesday.

“In space, Moscow and Beijing have turned a once peaceful arena into a warfighting domain,” Esper said.

“They have weaponized space through killer satellites, directed energy weapons, and more in an effort to exploit our systems and chip away at our military advantage.”

Directed energy weapons use converted chemical or electrical energy and focus it on a target, resulting in physical damage. Weapons used by the U.S. military include systems that use high energy lasers.

Directed energy weapons can be very effective against swarm attacks, a Pentagon official said in 2018.

“We often think about directed energy as large lasers, and I’ve certainly been involved with some of that for decades, but we also have high power microwaves which can be very effective as what we call an electronics kill,” Dr. Michael D. Griffin, under secretary of Defense for Research and Engineering, said at the time.

NTD Photo

Chief of Naval Operations Adm. John Richardson inspects new technologies being developed and tested at the High Energy Laser Systems Test Facility and USS Desert Ship, a land-based launch facility designed to simulate a ship at sea, at White Sands Missile Range, N.M., on Jan. 25, 2017. (Navy photo by Chief Petty Officer Elliott Fabrizio)

“That sort of thing—it’s really hard to envision handling swarming attacks by purely kinetic means—so that’s one of the future threats that I think we face.”

Killer satellites are satellites with the capability to kill and destroy.

**

Esper said America’s competitors and adversaries “exploit cyberspace to undermine our security without confronting our conventional strengths.”

“They do this all in an increasingly gray zone of engagement that keeps us in a perpetual state of competition. The national defense strategy guides us as we adapt the force to this challenging complex security environment by status quo and continue outpacing the competition,” he added.

But strong investment is enabling the military to move forward with developing hypersonic weapons and other modern tools.

“Thanks to our largest research and development budget in the department’s history, we are advancing critical technologies to maintain our military edge in areas such as hypersonic weapons, directed energy and autonomous systems,” Esper said.

Esper was speaking during the Air Force Association’s Virtual Air, Space & Cyber Conference.

Following an increase of $3.6 billion, the Department of Defense’s budget for research and development was $95.3 billion in fiscal year 2019, according to its financial report (pdf).

President Donald Trump’s administration officially launched Space Force late last year, establishing it as a sixth branch of the military.

“Amid grave threats to our national security, American superiority in space is absolutely vital,” Trump said when signing legislation that included funding for the branch.

The Defense Space Strategy, released earlier this year, outlines what the United States needs to do to achieve a “comprehensive military advantage” in space within 10 years.

Three key objectives are identified for the Space Force: to maintain America’s space superiority; to provide space support to all joint military operations; and to “ensure space stability”—or to deter aggression and uphold international agreements in space with a persistent presence, similar to how the Navy polices international waters.

Esper said he’s proud of the progress made in implementing the strategy, which will “ensure our dominance across all domains.”

Esper spoke a day after Gen. John Raymond, who heads Space Force.

Raymond revealed that the force’s Space Based Infrared System satellites were used to detect Iranian missiles aimed at American war planes in January.

Raymond praised the 2nd Space Warning Squadron at Buckley Air Force Base, Colorado.

“They operated the world’s best missile warning capabilities and they did outstanding work, and I’m very very proud of them,” he said at the conference.

Trump had said “an early warning system that worked very well” helped avoid U.S. casualties, but didn’t disclose the nature of the system.

 

2 Iranians Charged with Stealing Terabytes of National Security Data

JTN: Two Iranian nationals have been charged in connection with an intermittently state-sponsored campaign to target computers inside the United States, Europe and the Middle East, the Department of Justice announced Wednesday. The cyber-intruders acted at times on behalf of the Islamic Republic of Iran, the DOJ said.

iranian-hackers.png photo

In a 10-count indictment dated Sept. 15, Iranians Hooman Heidarian, 30, and Mehdi Farhadi, 34, were charged with stealing hundreds of terabytes of data. The purloined data included a range of confidential documents pertaining to national security, foreign policy intelligence, aerospace data, and unpublished scientific research, the DOJ said.

“In some instances, the defendants’ hacks were politically motivated or at the behest of Iran, including instances where they obtained information regarding dissidents, human rights activists, and opposition leaders,” the DOJ wrote in a Wednesday statement. “In other instances, the defendants sold the hacked data and information on the black market for private financial gain.”

The alleged perpetrators selected their victims after conducting “online reconnaissance” to target the victims’ areas of expertise, the DOJ wrote.

“Unfortunately, our cases demonstrate that at least four nations — Iran, China, Russia and North Korea — will allow criminal hackers to victimize individuals and companies from around the world, as long as these hackers will also work for that country’s government — gathering information on human rights activists, dissidents and others of intelligence interest,” Assistant Attorney General for National Security John C. Demers said in a statement. ” Today’s defendants will now learn that such service to the Iranian regime is not an asset, but a criminal yoke that they will now carry until the day they are brought to justice.”