About that Drone Attack on the Pennsylvania Power Grid

The Drive: U.S. officials believe that a DJI Mavic 2, a small quadcopter-type drone, with a thick copper wire attached underneath it via nylon cords was likely at the center of an attempted attack on a power substation in Pennsylvania last year. An internal U.S. government report that was issued last month says that this is the first time such an incident has been officially assessed as a possible drone attack on energy infrastructure in the United States, but that this is likely to become more commonplace as time goes on. This is a reality The War Zone has sounded the alarm about in the past, including when we were first to report on a still unexplained series of drone flights near the Palo Verde nuclear powerplant in Arizona in 2019.

ABC News was first to report on the Joint Intelligence Bulletin (JIB) covering the incident in Pennsylvania last year, which the Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI), and the National Counterterrorism Center (NCTC) published on Oct. 28, 2021. The document, which ABC obtained a copy of, but only released a small portion of, is marked unclassified, but parts also labeled Law Enforcement Sensitive (LES) and For Official Use Only (FOUO). Other outlets have since obtained copies of this document, which reportedly says that this likely attack took place on July 16, 2020, but does not identify where the substation in question was located.


DHS via ABC News

RELATED READING: FBI Strategic Intelligence/Assessment on Domestic Terrorism

A portion of an annotated satellite image from a US Joint Intelligence Bulletin regarding a likely attempted drone attack on a power substation in Pennsylvania in 2020.

“This is the first known instance of a modified UAS [unmanned aerial system] likely being used in the United States to specifically target energy infrastructure,” the JIB states. “We assess that a UAS recovered near an electrical substation was likely intended to disrupt operations by creating a short circuit to cause damage to transformers or distribution lines, based on the design and recovery location.”

ABC and other outlets have reported that the JIB says that this assessment is based in part on other unspecified incidents involving drones dating back to 2017. As already noted, The War Zone previously reported on another worrisome set of incidents around Arizona’s Palo Verde Generating Station, the largest nuclear power plant in the United States in terms of its output of electricity, in 2019. In the process of reporting that story, we uncovered other reported drone flights that prompted security concerns near the Limerick Generating Station nuclear power plant in Pennsylvania earlier that year.

The Night A Mysterious Drone Swarm Descended On Palo Verde Nuclear Power Plant By Tyler Rogoway and Joseph Trevithick Posted in The War Zone
Here’s What’s In New Guidelines For Defending Infrastructure Against Drone Attacks By Brett Tingley Posted in The War Zone
The Y-12 Nuclear Development Site Has Deployed Its First Anti-Drone System By Brett Tingley Posted in The War Zone
Some Chinese-Made Drones Cleared By Pentagon For U.S. Government Use By Brett Tingley Posted in The War Zone
Is The United States Firing Off “Electricity Bombs” in Syria? By Joseph Trevithick Posted in The War Zone

“To date, no operator has been identified and we are producing this assessment now to expand awareness of this event to federal, state, local, tribal, and territorial law enforcement and security partners who may encounter similarly modified UAS,” the JIB adds.

Beyond the copper wire strung up underneath it, the drone reportedly had its camera and internal memory card removed. Efforts were taken to remove any identifying markings, indicating efforts by the operator or operators to conceal the identifies and otherwise make it difficult to trace the drone’s origins.


DHS via ABC News

A low-quality image showing the drone recovered after the likely attempted attack in Pennsylvania. The green lines are the nylon cables. A copper wire was attached to the bottom ends of both lines.

It’s unclear how much of a threat this particular drone posed in its modified configuration. The apparent intended method of attack would appear to be grounded, at least to some degree, in actual science. The U.S. military employed Tomahawk cruise missiles loaded with spools of highly-conductive carbon fiber wire against power infrastructure to create blackouts in Iraq during the first Gulf War in 1991. F-117 Nighthawk stealth combat jets dropped cluster bombs loaded with BLU-114/B submunitions packed with graphite filament over Serbia to the same effect in 1999.

Regardless, the incident only underscores the ever-growing risks that small drones pose to critical infrastructure, as well as other civilian and military targets, in the United States. If this modified drone did pose a real risk, it would also highlight the low barrier to entry to at least attempt to carry out such attacks. New DJI Mavic 2s can be purchased online right now for between $2,000 and $4,000.

The technology is so readily available that non-state actors around the world, from terrorists in the Middle East to drug cartels in Mexico, are already employing commercial quad and hexacopter-type drones armed with improvised explosive payloads on a variety of targets on and off more traditional battlefields. This includes attempted assassinations of high-profile individuals.

The U.S. government is finally coming to terms with these threats and there are certainly some steps being taken, at least at the federal level, to protect civilian and domestic military facilities against small drones. At the same time, it is equally clear that there is still much work to be done.

This particular incident in Pennsylvania last year highlights separate security concerns relating to Chinese-made small drones that are now widely available in the United States and are even in use within the U.S. government. DJI, or Da Jiang Innovations, is by far the largest Chinese drone maker selling products commercially in the United States today and has been at the center of these debates in recent years.

Whether or not the modified Mavic 2 posed a real danger in this instance or if this was truly the first-ever attempted drone attack on energy infrastructure in the United States, it definitely reflects threats are real now and will only become more dangerous as time goes on.

Durham’s Next Arrests Could Snag Some Hillary Operatives

Keep a close watch for names like Fiona Hill, a top witness in the first Trump impeachment.  Fiona currently serves as a Senior Fellow at the Brookings Institution in Washington. She is a member of the Council on Foreign Relations and the Trilateral Commission. Next up could be Strobe Talbot, a top Clinton operative and head of the Brookings Institute, a left-wing political think tank. Strobe became friends with future President Bill Clinton when both were Rhodes Scholars at the University of Oxford;Then there could be a Mr. Charles Dolan Jr., who was the state chairman of the Clinton-Gore campaigns in Virginia in 1992 and 1996 and was appointed to a position in the State Department in the Clinton administration.

Dolan has years of political and communications experience to kglobal in his role as senior vice president. He has advised or managed Presidential and Congressional campaigns, state party conventions and platform committee hearings. He is also an adjunct professor at the George Washington University School of Media and Public Affairs, and a graduate of the University of Massachusetts, Amherst where he earned a B.A. and of Harvard University’s Kennedy School of Government, where he earned an M.P.A. in Government and Business.

Prior to joining kglobal, Chuck was an executive vice president at Prism Public Affairs and formerly a senior vice president for public affairs at Ketchum Public Relations and also worked as a senior vice president at the government relations firm, Cassidy and Associates. He served as vice-chairman of the United States Advisory Commission on Public Diplomacy, a seven-member commission that advises the U.S. government on press and information activities of U.S. missions abroad, and the government’s international radio and television operations. And, he is a former executive director of the Democratic Governors Association. He also worked as a legislative assistant on Capitol Hill.

These people circle around DC block by block and year after year.

 

 

 

Exactly where was all of this during the Mueller investigation?

Another item that should have your blood boiling is the matter of paying off Andrew McCabe a few weeks ago. Remember that? Those on the top floor of the FBI remain dirty in this whole fake operation include McCabe. He was fired by Trump and sued. Merrick Garland, the head of the Department of Justice rather quietly settled with McCabe restoring his full reputation, pension and attorney’s fees. This tells you that Garland knew of Durham’s soon to be arrest of Igor Danchenko and how the FBI was so complicit in the whole affair. Better pay off McCabe now before more heads roll under the Durham investigation.

More details below…

  1. In part from the New York Times:

    Most of the important claims in the dossier — a series of reports written by Mr. Danchenko’s employer, Christopher Steele, a former British intelligence agent — have not been proven, and some have been refuted, including by Mr. Mueller. F.B.I. agents interviewed Mr. Danchenko several times in 2017 when they were seeking to run down the claims.

    The first false statement charge in the indictment concerns Mr. Danchenko’s interactions with a person the indictment describes as a public relations executive with strong ties to the Democratic Party.

    The indictment said Mr. Danchenko falsely told the F.B.I. that he had not discussed the claims in the dossier with the public relations executive. But, the indictment said, the executive — who in his professional career frequently interacted with Eurasian clients, with a particular focus on Russia — was a source for some of the claims, including gossip about the ouster of Paul Manafort as Mr. Trump’s campaign chairman.

    The indictment did not name the person it called “PR Executive-1,” but its description matched the career of Charles Dolan Jr., who was the state chairman of the Clinton-Gore campaigns in Virginia in 1992 and 1996 and was appointed to a position in the State Department in the Clinton administration.

    Mr. Dolan was earlier named in a declaration by Olga Galkina, one of Mr. Danchenko’s sources, as someone to whom Mr. Danchenko had introduced her; the indictment also said that the executive and a source who appears to be Ms. Galkina had regular interactions, including in ways that indicated they supported Mrs. Clinton’s campaign.

    Mr. Dolan’s lawyer, Ralph D. Martin, confirmed in an email that his client was the executive named in the indictment, but said that Mr. Dolan, as a potential witness in the case, would have no comment.

  2. The sordid and insipid details TF:

3. Lastly from top Jonathan Turley:

Danchenko is not someone who immediately comes across as an apex defendant — the highest target in an investigation. He was a key source used by others to advance false or unsubstantiated claims against Trump. He is the type of defendant that prosecutors pressure to flip against those who retained him or used him in this effort. In other words, he strikes me as someone who can be used as a building block to apex defendants.

Potential apex targets above him in the investigation range from Steele himself to Clinton general counsel Marc Elias to Clinton campaign officials.

The indictment circles around an unnamed figure called PR-Executive-1 who was a close Clinton adviser who held high positions in the Democratic party and prior Clinton campaigns. Most embarrassing are references to the Clinton adviser meeting with possible Russian intelligence figures and other Russian sources, including this line:

PR Executive-1 gifted to Russian Sub-Source-1 an autobiography of Hillary Clinton, which he signed and inscribed with the handwritten message, “To my good friend [first name of Russian Sub-Source-1], A Great Democrat.”

That is one book I think Hillary Clinton would like back.

The indictment describes the individual in this way:

“PR Executive-1 had served as (1) chairman of a national Democratic political organization, (2) state chairman of former President Clinton’s 1992 and 1996 presidential campaigns, and (3) an advisor to Hillary Clinton’s 2008 Presidential campaign. Moreover, beginning in or about 1997, President Clinton appointed PR Executive-! to two four-year terms on an advisory commission at the U.S. State Department. With respect to the 2016 Clinton Campaign, PR Executive-! actively campaigned and participated in calls and events as a volunteer on behalf of Hillary Clinton.”

There is no indication if Durham has possible evidence of criminal acts by those figures but there is every indication that he is not done by a long shot with this investigation.

 

Dads on Duty in Public Schools has Remarkable Results

Primer: In 2020, USAToday published in part the following:

Schools are safe, safer in fact than they’ve been for decades, and not because of the presence of an armed police officer in the hallways. Rather, schools provide structure and supervision that many kids lack during their out-of-school hours.

Although SROs may give parents some sense of comfort that their children are protected while at school, students actually face certain perils because of constant police presence. The well-traveled school-to-prison pipeline has been documented by research in terms of greater reliance on the justice system in response to student infractions, especially for minority youngsters.

***'The School has Just Been Happy': Concerned Fathers Form ...

If children are not punished in some form with violence and criminal activity it adds to the already broken juvenile justice system.

SHREVEPORT, La. — A group of fathers in Shreveport are taking safety into their own hands after repeated violence broke out in one school, where 23 students were arrested over a short three-day period. “Dads on Duty” showed up and the daily brawls suddenly came to an end.

One of the father’s, Michael LaFitte, launched a group called “Dads on Duty.” It ignited a desire in 40 fathers to sign up and take shifts at Southwood High School in Shreveport. Their goal is to simply maintain a peaceful environment, and thus far, it’s been profoundly successful, CBS News reported.

Although none of the fathers have a “pedigree” of expertise, i.e. degrees in school counseling or criminal justice, they do have some relevant experience, namely concerned parents who have a shared, invested interest in a safe learning environment for their kids.

“We’re dads. We decided the best people who can take care of our kids are who? Are us,” LaFitte told the news outlet.


School violence increased last month, when ongoing fights resulted in 23 teen arrests over three days. Sept. 16 was an extremely violent day, which led to 14 arrests after two major fights erupted, requiring the school’s resource officer to call for backup officers to respond, Fox reported.

“We had a fight at 9:30,” Caddo Parish Sheriff Steve Prator said at the time, according to KSLA. “I believe that there were seven kids that were. I call them kids, that sounds innocent. Seven of these thugs were expelled or sent home.”

However, since “Dads on Duty” was launched and deployed, there have been no instances of violence. Moreover, some students said their presence has helped the environment at the school, CBS reported.


“I immediately felt a form of safety,” one of the students said. “We stopped fighting; people started going to class.”

“You ever heard of ‘a look?’” one student asked while describing a “power” the student said all fathers have.

Furthermore, students say the fathers bring a sense of security as they crack “dad jokes” while interacting with teens in the hallways.

“They just make funny jokes like, ‘Oh, hey, your shoe is untied,’ but it’s really not untied,” one student told CBS.

“The school has just been happy — and you can feel it,” another student said.

As teen violence has also increased in other locales, the fathers said they will keep with the program indefinitely and would like to start chapters throughout Louisiana and even the country.

“Because not everybody has a father figure at home – or a male, period, in their life. So just to be here makes a big difference,” the group of dads said.

Microsoft Reveals Continued Hacks of Technology Companies

The Russia-linked hackers behind last year’s compromise of a wide swath of the U.S. government and scores of private companies, including SolarWinds Corp. , have stepped up their attacks in recent months, breaking into technology companies in an effort to steal sensitive information, cybersecurity experts said.

In a campaign that dates back to May of this year, the hackers have targeted more than 140 technology companies including those that manage or resell cloud-computing services, according to new research from Microsoft Corp. The attack, which was successful with as many as 14 of these technology companies, involved unsophisticated techniques like phishing or simply guessing user passwords in hopes of gaining access to systems, Microsoft said.

***SolarWinds Hackers Accessed US Justice Department Email ...

Source: In a recent blog post to the company’s website, Microsoft’s corporate vice president of customer security and trust, Tom Burt, wrote that “state actor Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain.”

Nobelium is “attacking a different part of the supply chain: resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers,” according to the company.

Burt wrote that 609 Microsoft customers had been informed that they’d been attacked between July and October of this year close to 23,000 times “with a success rate in the low single digits.”

The attacks, according to the executive, were not aimed at a specific flaw in any of the systems, rather, they were “password spray and phishing” attacks, which are aimed at stealing credentials that grant the attackers access to privileged information.

The Russian state-backed hacking group is, according to Burt, “trying to gain long-term, systematic access to a variety of points in the technology supply chain, and establish a mechanism for surveilling – now or in the future – targets of interest to the Russian government.”

***

Over 600 Microsoft customers targeted since July

“Since May, we have notified more than 140 resellers and technology service providers that have been targeted by Nobelium,” said Tom Burt, Corporate Vice President at Microsoft.

“We continue to investigate, but to date we believe as many as 14 of these resellers and service providers have been compromised.”

As Burt added, in all, more than 600 Microsoft customers were attacked thousands of times, although with a very low rate of success between July and October.

“These attacks have been a part of a larger wave of Nobelium activities this summer. In fact, between July 1 and October 19 this year, we informed 609 customers that they had been attacked 22,868 times by Nobelium, with a success rate in the low single digits,” Burt said.

“By comparison, prior to July 1, 2021, we had notified customers about attacks from all nation-state actors 20,500 times over the past three years.”

Nobelium MSP attacks
Nobelium MSP attacks (Microsoft)

This shows that Nobelium is still attempting to launch attacks similar to the one they pulled off after breaching SolarWinds’ systems to gain long-term access to the systems of targets of interest and establish espionage and exfiltration channels.

Microsoft also shared measures MSPs, cloud service providers, and other tech orgs can take to protect their networks and customers from these ongoing Nobelium attacks.

Nobelium’s high profile targets

Nobelium is the hacking division of the Russian Foreign Intelligence Service (SVR), also tracked as APT29, Cozy Bear, and The Dukes.

In April 2021, the U.S. government formally blamed the SVR division for coordinating the SolarWinds “broad-scope cyber espionage campaign” that led to the compromise of multiple U.S. government agencies.

At the end of July, the US Department of Justice was the last US govt entity to disclose that 27 US Attorneys’ offices were breached during the SolarWinds global hacking spree.

In May, the Microsoft Threat Intelligence Center (MSTIC) also reported a phishing campaign targeting government agencies from 24 countries.

Earlier this year, Microsoft detailed three Nobelium malware strains used for maintaining persistence on compromised networks: a command-and-control backdoor dubbed ‘GoldMax,’ an HTTP tracer tool tracked as ‘GoldFinder,’ a persistence tool and malware dropper named ‘Sibot.’

Two months later, they revealed four more malware families Nobelium used in their attacks: a malware downloader known as ‘BoomBox,’ a shellcode downloader and launcher known as ‘VaporRage,’ a malicious HTML attachment dubbed ‘EnvyScout,’ and a loader named ‘NativeZone.’

Mexico Cartels Use Video Games to Recruit Children

Beyond the constant threat of Tik Tok, Facebook and Instagram there are at least 2 video games, World of Warcraft and Second Life. Parents, are you managing this or paying attention…globally?

World of Warcraft: Cataclysm | RPG Site.Second Life Review | Game Rankings & Reviews

Beyond parents…what about State Attorneys General or the Department of Justice? crickets….

In full:

Mexican criminal groups have hit on a new way to recruit vulnerable young people into their ranks: reaching out to them while they play video games.

On October 11, authorities in the southern state of Oaxaca announced they had rescued three children, between the ages of 11 and 14, who had reportedly been convinced to run away from home by a human trafficking ring after being contacted through a video game named Free Fire.

The three were found at a home in the town of Santa Lucia de Camino, where they were being held and were set to be sent to Monterrey in the northern state of Nuevo León. They had left their homes a couple of days earlier after receiving messages from a trafficker, posing as a 13-year-old boy in the game.

Earlier in October, a young girl was also rescued after having been lured by a human trafficking group in the western state of Jalisco.

This was far from the most sophisticated such scheme to be discovered in Mexico this year. In September, Mexican investigative journalist Óscar Balderas revealed how one of the country’s foremost criminal actors is trying to recruit children through the most popular video games in the world.

On September 18, a teenage boy playing Grand Theft Auto V online at 3 a.m. received a message from a gamer purporting to be a young man, wearing a bulletproof vest and a military-style helmet in his profile picture. The boy was invited to an in-game event named “RECLUTAMIENTO ABIERTO CDN-ZETAZ VIEJA ESCUELA-35 BATALLON.” The Northeast Cartel (Cartel del Noreste – CDN) and the Old School Zetas (Zetas Vieja Escuela) are both splinter groups of the Zetas, which have been involved in some of Mexico’s worst violence in recent years.

SEE ALSO: Colombia’s Ongoing Child Recruitment Crisis

This fits a pattern reported by numerous young gamers in Mexico in recent months. According to Balderas, messages are sent in the early hours of the morning, when parents are unlikely to be supervising their children’s online activity, openly inviting young gamers to join criminal groups and selling this as a glamorous lifestyle. Some messages alleged that they were being sent by the Sinaloa Cartel or the Jalisco Cartel New Generation (Cartel Jalisco Nueva Generación – CJNG).

In an interview with InSight Crime, Balderas stated that after contacting young people online, the representatives of criminal groups invite them to in-person meetings where they are abducted and forced to join.

And it seems this tactic is more widespread. Since this story broke in September, around ten families have come forward to tell the journalist about similar experiences with online recruitment.

Criminal groups in Mexico routinely abuse numerous children and teenagers and force them to serve in a range of roles, including as hitmen, drug runners or to work in drug manufacturing facilities.

InSight Crime Analysis

Reaching out to impressionable teenagers through video games is fitting for the times.

“It could seem like a pretty inefficient way of getting one or two more sicarios (hitmen) but it’s a silent way of recruiting. If they go ahead and kidnap kids or teenagers in person, this will draw attention. But this is a way of inviting teenagers of their own free will, of getting their loyalty,” Balderas explained to InSight Crime.

It’s also a very low-risk way of proceeding. It appears the recruiters create profiles located in Mexican cities and then send out invitations to all players currently online in a certain radius. The vast majority will probably ignore such messages as spam but a few curious players will accept and get in touch.

Those contacted in this way state that the recruiters appeal to their sense of adventure, promising them excitement, action, money and possessions.

SEE ALSO: Going Door to Door: Mexico City’s Response To Child Recruitment

Islamic terror groups have used this technique for years, with leaks from former National Security Agency (NSA) operative in 2013 revealing how extremists had turned to video games such as World of Warcraft and Second Life.

And the COVID-19 pandemic has only made this strategy more attractive. With schools closed, children have been forced to study online but access to learning platforms and monitoring of their activities by parents and teachers has ranged widely.

Also in September, a Wall Street Journal investigation unveiled how Facebook leadership knew the CJNG was recruiting “aspiring cartel hitmen” via the social network. Despite warnings from a specialized team, pages advertising the CJNG on Facebook and Instagram remained up for up to five months. When they were taken down, new ones soon popped up.

It hasn’t helped. A search on Instagram, the day before this article was published, immediately turned up multiple accounts showing young children carrying weapons, wearing military-style gear or singing the praises of criminal groups in Mexico.