AP Blames FBI for Few Warning on Fancy Bear Hacks

While much of the global hacking came to a scandal status in 2015-16, the Russian ‘Fancy Bear’ activity goes back to at least 2008. The FBI is an investigative wing and works in collaboration with foreign intelligence and outside cyber experts. For official warnings to be provided to U.S. government agencies, contractors, media or political operations, the FBI will generally make an official visit to affected entities to gather evidence. The NSA, Cyber Command and the DHS all have cyber experts that track and work to make accurate attributions of the hackers.

Image result for fancy bear apt 28

The Department of Homeland Security is generally the agency to make official warnings. The Associated Press gathered independent cyber experts to perform an independent study and is ready to blame the FBI for not going far enough in warnings.

When it came to the Clinton presidential campaign hack, the FBI made several attempts to officials there and were met with disdain and distrust. The FBI wanted copies of the ‘log-in’ files for evidence and were denied.

In part the AP report states:

“CLOAK-AND-DAGGER”

In the absence of any official warning, some of those contacted by AP brushed off the idea that they were taken in by a foreign power’s intelligence service.

“I don’t open anything I don’t recognize,” said Joseph Barnard, who headed the personnel recovery branch of the Air Force’s Air Combat Command.

That may well be true of Barnard; Secureworks’ data suggests he never clicked the malicious link sent to him in June 2015. But it isn’t true of everyone.

An AP analysis of the data suggests that out of 312 U.S. military and government figures targeted by Fancy Bear, 131 clicked the links sent to them. That could mean that as many as 2 in 5 came perilously close to handing over their passwords.

It’s not clear how many gave up their credentials in the end or what the hackers may have acquired.

Some of those accounts hold emails that go back years, when even many of the retired officials still occupied sensitive posts.

Overwhelmingly, interviewees told AP they kept classified material out of their Gmail inboxes, but intelligence experts said Russian spies could use personal correspondence as a springboard for further hacking, recruitment or even blackmail.

“You start to have information you might be able to leverage against that person,” said Sina Beaghley, a researcher at the RAND Corp. who served on the NSC until 2014.

In the few cases where the FBI did warn targets, they were sometimes left little wiser about what was going on or what to do.

Rob “Butch” Bracknell, a 20-year military veteran who works as a NATO lawyer in Norfolk, Virginia, said an FBI agent visited him about a year ago to examine his emails and warn him that a “foreign actor” was trying to break into his account.

“He was real cloak-and-dagger about it,” Bracknell said. “He came here to my work, wrote in his little notebook and away he went.”

Left to fend for themselves, some targets have been improvising their cybersecurity.

Retired Gen. Roger A. Brady, who was responsible for American nuclear weapons in Europe as part of his past role as commander of the U.S. Air Force there, turned to Apple support this year when he noticed something suspicious on his computer. Hughes, a former DIA head, said he had his hard drive replaced by the “Geek Squad” at a Best Buy in Florida after his machine began behaving strangely. Keller, the former senior spy satellite official, said it was his son who told him his emails had been posted to the web after getting a Google alert in June 2016.

A former U.S. ambassador to Russia, Michael McFaul, who like many others was repeatedly targeted by Fancy Bear but has yet to receive any warning from the FBI, said the lackluster response risked something worse than last year’s parade of leaks.

“Our government needs to be taking greater responsibility to defend its citizens in both the physical and cyber worlds, now, before a cyberattack produces an even more catastrophic outcome than we have already experienced,” McFaul said. Read the full article here.

Image result for fancy bear apt 28 photo

***

Every organization has a Chief Technology Officer, even small business has a ‘go-to’ person for issues. To be in denial there are any vulnerabilities is reckless and dangerous. To assume systems are adequately protected against cyber intrusions is also derelict in duty.

Fancy Bear is listed as APT 28. APT=Advanced Persistent Threat.

APT28 made at least two attempts to compromise Eastern European government organizations:
In a late 2013 incident, a FireEye device
deployed at an Eastern European Ministry of
Foreign Affairs detected APT28 malware in
the client’s network.
More recently, in August 2014 APT28 used a
lure (Figure 3) about hostilities surrounding a
Malaysia Airlines flight downed in Ukraine in
a probable attempt to compromise the Polish
government. A SOURFACE sample employed
in the same Malaysia Airlines lure was
referenced by a Polish computer security
company in a blog post.
The Polish security
company indicated that the sample was “sent
to the government,” presumably the Polish
government, given the company’s locations and visibility.
Additionally:
Other probable APT28 targets that we have
identified:
Norwegian Army (Forsvaret)
Government of Mexico
Chilean Military
Pakistani Navy
U.S. Defense Contractors
European Embassy in Iraq
Special Operations Forces Exhibition (SOFEX)
in Jordan
Defense Attaches in East Asia
Asia-Pacific Economic Cooperation
There is also NATO, the World Bank and military trade shows. Pure and simple, it is industrial espionage.
MALWARE
Evolves and Maintains Tools for Continued, Long-Term Use
Uses malware with flexible and lasting platforms
Constantly evolves malware samples for continued use
Malware is tailored to specific victims’ environments, and is designed to hamper reverse engineering efforts
Development in a formal code development environment
Various Data Theft Techniques
Backdoors using HTTP protocol
Backdoors using victim mail server
Local copying to defeat closed/air gapped networks
TARGETING
Georgia and the Caucasus
Ministry of Internal Affairs
Ministry of Defense
Journalist writing on Caucasus issues
Kavkaz Center
Eastern European Governments & Militaries
Polish Government
Hungarian Government
Ministry of Foreign Affairs in Eastern Europe
Baltic Host exercises
Security-related Organizations
NATO
OSCE
Defense attaches
Defense events and exhibitions
RUSSIAN ATTRIBUTES
Russian Language Indicators
Consistent use of Russian language in malware over a period of six years
Lure to journalist writing on Caucasus issues suggests APT28 understands both Russian and English
Malware Compile Times Correspond to Work Day in Moscow’s Time Zone
Consistent among APT28 samples with compile times from 2007 to 2014
The compile times align with the standard workday in the UTC + 4 time zone which includes major Russian cities such as Moscow and St. Petersburg
FireEye, is a non-government independent cyber agencies that has performed and continues to perform cyber investigations and attributions. There are others that do the same. To blame exclusively the FBI for lack of warnings is unfair.
Hacking conditions were especially common during the Obama administration and countless hearings have been held on The Hill, while still there is no cyber policy, legislation or real consequence. Remember too, it was the Obama administration that chose to do nothing with regard to Russia’s interference until after the election in November and then only in December did Obama expel several Russians part of diplomatic operations and those possibly working under cover including shuttering two dachas and one mission post in San Francisco.

What the Uranium One Documents Reveal

Our Operations

Uranium One is engaged through its subsidiaries and joint ventures in uranium production, and in the exploration and development of uranium properties, in Kazakhstan, the United States, Tanzania and elsewhere. Uranium One is focused on low cost and low technical risk operations, with existing, near and medium-term production visibility in some of the world’s largest uranium resource jurisdictions.

Uranium One is a joint venture partner with JSC NAC Kazatomprom, the Kazakhstan state-owned atomic energy company, in six major producing uranium mines in Kazakhstan – Akdala, South Inkai, Karatau, Akbastau, Zarechnoye and Kharasan. The company also operates the Willow Creek uranium mine in Wyoming, and is the operator of, and owns a 13.9 percent interest in, the Mkuju River uranium development project in Tanzania.

Uranium One’s revenues are largely derived from the sale of uranium concentrates. The company sells its uranium to major nuclear utilities in Russia, Europe, North America, South America, Middle East and Asia.

***

This was an internal coup advanced by the Obama administration. What is worse, where are those Hillary, State Department of CFIUS or White House related emails?

***

William Campbell, the FBI informant, documented for his FBI handlers the first illegal activity by Russians nuclear industry officials in fall 2009, nearly a entire year before the Russian state-owned Rosatom nuclear firm won Obama administration approval for the Uranium One deal, the memos show.

Evidence gathered by an FBI undercover informant conflicts with several media reports as well as statements by Justice officials concerning the connections between a Russian nuclear bribery case and the Obama administration’s approval of the sale of uranium One to Russia’s state-owned Rosatom nuclear company. More here.

*** Image result for uranium one photo

During Campbell’s time working as a confidential informant, he was required by the Russians to launder large sums of money to financial institutions in Cyprus, Latvia and Seychelles. With Campbell’s help the FBI uncovered an extensive money Russian nuclear money laundering apparatus and Campbell was working solo. He was required to launder money, from his own salary, on particular days and times when Russian money handlers would be working at the banks. If he missed a scheduled pay time for any reason his Russian counterparts would threaten him, he told his attorney. He was also required on many occasions to deliver cash directly to those who were being paid off, most of which he recorded on hidden cameras for the FBI.

It didn’t end there. In order to keep his cover he spent many nights with his Russian counterparts drinking, collecting information and more importantly gaining their trust. He was in his early 60s and his once unblemished driving record ended with a DUI in 2008 and two other reckless driving charges in 2010 and 2012, said Toensing, who noted they were all misdemeanors.

THE PLAYERS

The cast of characters deep within the Russian nuclear agency also included another American businessman named Rod Fisk, whose company Transportation Logistics International, also known as TLI,  was the primary transport company for Russian enriched uranium sold to the United States.

Fisk passed away in 2011, and his Vice President Daren Condrey replaced him. In 2015, Daren Condrey, of Maryland, pleaded guilty to conspiring to violate the Foreign Corrupt Practices Act (FCPA) and conspiring to commit wire fraud, according to the DOJ.

Adding to the colorful array of Russian criminals the FBI was watching, was a Russian national named Vadim Mikerin. He was then a top official of the Russian nuclear arms subsidiary Tenex. Mikerin, who had close ties to elite members of the Kremlin, and who bragged in emails and documents about his families connections to current Russian President Vladimir Putin, would later become president of Tenam, the American subsidiary that began operations in 2010, according to the contract. Boris Rubizhevsky, another Russian national from New Jersey,  who was  president of the security firm NEXGEN Security, also pleaded guilty in 2015, to conspiracy to commit money laundering.  He served as a consultant to TENAM and to Mikerin. He was sentenced to prison last week along with three years of supervised release and a $26,500 fine, according to a recent Reuters report.

Mikerin was eventually arrested for a racketeering scheme that dated back to 2004, and included fraud, extortion and money laundering. But he only plead guilty to money-laundering. He was sentenced to 48 months in prison in December 2015. More here.

Vadim Mikerin (image from flickr.com by Tenam USA) / Flickr

 

Here are five revelations from those documents reviewed by The Hill:

Russia saw its purchase of Uranium One as part of a strategy to dominate global uranium markets, including making the United States more dependent on Moscow’s nuclear fuel.

Documents the informant gave the FBI clearly show that the purchase of Uranium One was seen by Russia and its American consultants as one tool in a strategy to “control” the uranium market worldwide. In the United States, that strategy focused on securing billions of new uranium contracts to create a new reliance on Russian nuclear fuel just as the Cold War-era Megatons to Megawatts program was ending.

Uranium One did export some of its U.S. uranium ore.

News organizations, including The Washington Post, continue to report none of Uranium One’s product left the U.S. after Russia took control. In fact, the Nuclear Regulatory Commission (NRC) approved an export license for a third party trucking firm to export Uranium One ore to Canada for enrichment, and that some of that uranium ended up in Europe, NRC memos show. Uranium One itself admits that as much as 25 percent of the uranium it exported to Canada ended up with European or Asian clients through what is know in the industry as “book transfers.”

The FBI informant Douglas Campbell does have information to share with Congress about Rosatom’s Uranium One purchase.

Justice officials have suggested in recent stories that Campbell has little on Uranium One because his work forced on nuclear bribery involving a different Rosatom subsidiary. While it’s true Campbell’s undercover work focused on criminality inside the Rosatom subsidiary Tenex, he did gather extensive documents about Rosatom’s efforts to win approval to buy Uranium One.

The FBI did have evidence that Rosatom officials were engaged in criminality well before the Obama administration approved Rosatom’s purchase of Uranium One.

Evidence that a foreign company is involved in criminality can disqualify it from Committee on Foreign Investment in the United States (CFIUS) approval to buy a sensitive U.S. asset. And Campbell helped the FBI recorded the first criminal activity by Rosatom officials inside its Tenex arm in November 2009, nearly an entire year before CFIUS approved Rosatom’s purchase of Uranium One.

Justice officials trusted the informant Campbell enough to keep him working undercover for six years and to pay him more than $51,000 once the convictions were secured.

A check obtained by The Hill shows the FBI paid Campbell an informant fee of more than $51,000 in January 2016, shortly after the last convictions in the Russian nuclear bribery case were made.

Foreign Agent Registry, in U.S. and Russia for Media

FARA is the most broken system we have when it comes to checks and balances…we cant begin to determine foreign media operations in the U.S. that are really espionage networks much less ad agencies or lobbyists. Scary right? How about foreign students that are operatives or foreign workers with jobs in government roles or in government contractor positions…we dont even know what we dont know….

Senator Chuck Grassley has called for some changes to FARA.

This is getting testier by the day….the United States is requiring RT to register as a foreign agent. Likewise, Moscow is requiring the same…so thinking about WikiLeaks or Fusion GPS, is there enough evidence they should be registered as foreign agents? Sheesh…here is the rub…

Russian Lawmakers: 9 US-Funded News Outlets Could Be Forced to Register as ‘Foreign Agents’

Russia said Thursday it has warned nine United States government-funded news operations they will probably be designated “foreign agents” under new legislation in retaliation to a U.S. demand that Kremlin-supported television station RT register as such in the United States.

The Russian Justice Ministry said Thursday it had notified the Voice of America (VOA), Radio Free Europe/Radio Liberty (RFE/RL) and seven separate regional outlets active in Russia they could be affected.

The ministry published a list of the outlets on its website, including a statement that said the changes were likely to become law “in the near future.”

Expands 2012 law

Russia’s lower house of parliament approved amendments Wednesday to expand a 2012 law that targets non-governmental organizations to include foreign media. A declaration as a foreign agent would require foreign media to regularly disclose their objectives, full details of finances, funding sources and staffing.

Media outlets also may be required to disclose on their social platforms and internet sites visible in Russia that they are “foreign agents.” The amendments also would allow the extrajudicial blocking of websites the Kremlin considers undesirable.

“We can’t say at this time what effect this will have on our news gathering operations within Russia,” said VOA Director Amanda Bennett. “All we can say is that Voice of America is, by law, an independent, unbiased, fact-based newsorganization, and we remain committed to those principles.”

RFE/RL President Tom Kent said until the legislation becomes law, “we do not know how the Ministry of Justice will use this law in the context of our work.”

No access to cable in Russia

Kent said unlike Sputnik and other Russian media operating in the U.S., U.S. media outlets operating in Russia do not have access to cable television and radio frequencies.

“Russian media in the U.S. are distributing their programs on American cable television. Sputnik has its own radio frequency in Washington. This means that even at the moment there is no equality,” he said.

The speaker of Russia’s lower house, the Duma, said Tuesday that foreign-funded media outlets that refused to register as foreign agents under the proposed legislation would be prohibited from operating in the country.

However, since the law’s language is so broad, it potentially could be used to target any foreign media group, especially if it is in conflict with the Kremlin. Comparatively, the U.S. law targets only state-funded groups. The privately owned American television channel CNN and the German public broadcaster Deutsche Welle also have been mentioned as potential targets.

The amendments, which Amnesty International said would inflict a “serious blow” to media freedom in Russia if they become law, were approved in response to a U.S. accusation that RT executed a Russian-mandated influence campaign on U.S. citizens during the 2016 presidential election, a charge the television channel denies.

Putin has last word

The amendments must next be approved by the Russian Senate and then signed into law by President Vladimir Putin.

RT, which is funded by the Kremlin to provide Russia’s perspective on global issues, confirmed Monday it met the Justice Department’s deadline by registering as a foreign agent in the U.S.

The United States considers RT a propaganda arm of Russia, and told it to register its foreign operation under the Foreign Agents Registration Act aimed at attorneys and lobbyists representing political interests.

Former KGB Officer Hired for US Embassy Moscow Security

Image result for u.s. embassy moscow

photo

Added: Oct 27, 2017 1:51 pm

Local Guard Services for US Mission Russia.  Contract was awarded in accordance with FAR 6.302-2, Unusual and compelling urgency.

Contract is in accordance with 52.216-25 CONTRACT DEFINITIZATION.

The 4 page contract is here, it appears it was an emergency choice and hire.
Are there any people left in the contract office that have any brains? Is there anyone at the State Department providing guidance or final approvals with brains?

US embassy hires security firm of former Russian spy who worked with Putin

The US embassy in Moscow is to be guarded by a company owned by a former head of KGB counter-intelligence who worked with British double agent Kim Philby and young Vladimir Putin, after cuts to US staff demanded by Russia.

Elite Security Holdings was awarded a $2.83 million contract to provide “local guard services for US mission Russia,” which includes the Moscow embassy and consulates in St Petersburg, Yekaterinburg and Vladivostok, according to a post on a US state procurement website.

The contract and background of the firm came to light in a Kommersant newspaper report on Friday.

Elite Security, a private company and the oldest part of the eponymous holding, was founded in 1997 by Viktor Budanov and his son Dmitry, according to a Russian business registry.

A 2002 article posted on the site of Russia’s foreign intelligence service identified Mr Budanov as a major general in the agency who became a Soviet spy in 1966 and retired a year after the collapse of the USSR.

His long work in Soviet and Russian intelligence could raise questions about whether the guard services contract poses a security or intelligence risk to the US mission.

The US embassy referred The Telegraph to the state department, which did not respond to requests for comment.

Moscow forced Washington to cut its diplomatic staff in Russia from more than 1,200 to 455 in response to sanctions adopted against Russia in August.

Before his work in foreign intelligence Mr Budanov was the director of the KGB’s counter-intelligence division, he has told Russian media.

He also was head of the KGB branch in East Germany in the late 1980s, where a young Mr Putin served under him. In a 2007 interview, Mr Budanov lamented the collapse of the USSR, praised Mr Putin’s leadership and warned that Russia “can’t constantly act as (the Americans) want” or it would be destroyed.

He has also said he worked with Britain’s most infamous Soviet double agent after Philby defected to the USSR in 1963 and was once a guest at a private lunch given in Philby’s honour by Yury Andropov, the KGB head who became leader of the Soviet Union.

In the 1990s, Mr Budanov became acquainted with high-level US intelligence officials while providing business intelligence and security to foreign companies.

He formed a joint venture with the former assistant director of the National Security Agency and said in 2007 he personally knew the head of security at the US embassy in Moscow.

International Risk and Information Services, a company Mr Budanov founded in 1992 that later became part of Elite Security Holdings, says on its website it employs staff with experience in “state security organs”.

In testimony before a UK court in 1993, Oleg Gordievsky, a KGB bureau chief in London who became a British agent, said ​Mr Budanov had drugged and interrogated him after he was recalled to Moscow under suspicion.

Mr Budanov also handled sensitive operations like teaching Bulgarian agents how to use a poisonous umbrella to kill dissidents, Mr Gordievsky said.

Secret Planes, Russia, China and the United States oh My