Category Archives: FBI

Russia Hacked Burisma Per Area 1

Posted on by

Someone alert Tucker Carlson that Russia is still inside our political system.

Just reported by a California based company called Area 1 it began when the whole Burisma scandal broke last Fall during the impeachment hearings.

Image result for burisma

WSJ/Volz:

Hackers believed to be affiliated with Russia’s military breached the Ukrainian gas company where former Vice President Joe Biden’s son had served on the board as it became a focus of the impeachment inquiry into President Trump, according to a U.S. cybersecurity firm.

Attempts to hack into Burisma Holdings began last November, as Congress was holding hearings into whether Mr. Trump abused his office by pressuring his Ukrainian counterpart to work with his personal lawyer, Rudy Giuliani, to investigate Mr. Biden and his son, Hunter according to research published Monday by Area 1, a California based company.

The hacking attempts are ongoing and are linked to the Russian military intelligence unit previously known as the GRU, which hacked and leaked Democratic emails during the 2016 presidential election, Area 1 said.

The Russia Embassy in Washington didn’t immediately respond to a request for comment. They have historically denied hacking into U.S. elections.

It wasn’t known what information the hackers were seeking or what they obtained, the firm said. In at least one instance, the hackers tricked the recipient of a phishing email into sharing login credentials that allowed them access into on the Burisma’s servers, the company said. Area 1’s findings were earlier reported by the New York Times.

Messrs. Trump and Giuliani have argued without evidence, that Mr. Biden’s anti-corruption push in Ukraine was designed to head off any investigation of Burisma. Both Bidens have denied wrongdoing and said they never discussed business in Ukraine.

Area 1’s documentation is found here.

In part from the preface of the report:

Like all phishing campaigns, we observe the GRU was successful because they found ways to appear authentic to their targets, rather than using any technical sophistication. Everything about their approach is technically unremarkable, yet highly effective. In this campaign the GRU combines several different authenticity techniques to achieve success: Domain-based authenticityBusiness process and application authenticityPartner and supply chain authenticityA key aspect of cyberattack preemption is having a deep understanding of cyber actor patterns and continually discovering and deconstructing campaigns to anticipate future ones. Our report is not noteworthy because we identify the GRU launching a phishing campaign, nor is the targeting of a Ukrainian company particularly novel. It is significant because Burisma Holdings is publically entangled in U.S. foreign and domestic politics. The timing of the GRU’s campaign in relation to the 2020 U.S. elections raises the spectre that this is an early warning of what we have anticipated since the successful cyberattacks undertaken during the 2016 U.S. elections.

Area 1 Security has correlated this campaign against Burisma Holdings with specific tactics, techniques, and procedures (TTPs) used exclusively by the GRU in phishing for credentials. Repeatedly, the GRU uses Ititch, NameSilo, and NameCheap for domain registration; MivoCloud and M247 as Internet Service Providers; Yandex for MX record assignment; and a consistent pattern of lookalike domains.

Special counsel Robert Mueller indicted seven officers with the G.R.U in 2018.

 

Pelosi Says ‘no war’ but What About the Gerasimov Doctrine?

Posted on by

The 800 lb. gorilla in the room, meaning in Congress is the 2002 AUMF, Authorization for Military Force. That was 18+ years ago and since that time warfare has changed. No longer will we see convention forces take the battlefield that looks that of Ramadi, North Korea or driving the Taliban from power in Afghanistan.

Modern warfare is best described today by the doctrine developed by Russian General Valery Gerasimov. This site has published several items on Gerasimov in recent years where in summary his military paper lays out theories of modern warfare and the new rules. The strategies include politics, cyber, media, leaks, space, fake news, conventional, asymmetric a tactics of extortion and influence.
The United States does not want war but bad guys do and they often get it.
As long as the United States responds and remains defensive on all fronts, we are in a forever war and the bad guys multiply.

The adversaries of our nation watch us more than we watch ourselves, there are divisions, departments, teams, units and various skill sets that are assigned and dedicated to all things United States all to pinpoint our weaknesses and fractures in our systems. They DO find them.
When third in the line of succession to the presidency, Speaker Nancy Pelosi calls President Trump and ‘insecure imposter’ and an ‘assassin’, it becomes one of many jumping off points for our adversaries to exploit. When the media calls Trump a liar, members of Congress use racist, unfit and unstable, the enemy takes delight.

So, taking out General Soleimani was long overdue and as for bad guys multiplying?

Source IISS report

Enter the cyber trolls, the deep fakes, the false news stories, hacks, ransomware, espionage, theft, plants, drones, terrorists embedded with migrants, illicit transfer of goods including weapons, money and people generated by rogue nations.

So, while there is little debate about the AUMF, there is a past due need to update and define all lanes of modern warfare and for a full new unanimous vote on military force which does now include cyber and space.
When Speaker Pelosi announced last week ‘NO WAR’ and the House passed a non-binding resolution to limit President Trump’s war powers against Iran, you can bet Russia was listening as were North Korea, Syria, China and even Iran.

This is a pre-911 mentality regarding foreign policy, United States doctrine and national security. Such was the case several days ago when Iran launched their cyber operation to begin brute force attacks against several targets inside the United States. The Department of Homeland Security’s CISA division (Cybersecurity and Infrastructure Security Agency) sent out several advanced warnings nationally for state and local governments as well as private business and corporations to be on the ready and harden systems with robust firewalls. They are asked for information regarding intrusions and attacks, Well, Texas Governor Abbot did respond. A few Texas state systems were the victims of of brute force cyber hits. The extent of that action appears to be rather minimal but no computer system network ever wants to reveal the damage such that it would or could invite more resulting in more ransomware.

Noted in the Gerasimov Doctrine, hard and soft power across many domains, past and over any boundaries, Russia collaborating with China, Iran and North Korea counter-balance conventional warfare with hybrid tactics and it is cheaper and often missed by experts and media until the real damage is noted.

Congress has held many hearings on what is an act of war against the United States and yet, here we are with a tired and outdated AUMF that does not address gray zone operations. Just ask Ukraine, East Europe and Crimea how Russia was successful in applying hybrid warfare tactics. Maybe we should just rename the Gerasimov Doctrine civilian military operations, perhaps the Democrats and Pelosi would better understand the burdens of the Commander in Chief and that of the Secretary of Defense along with the intelligence agencies. It is an ugly world.

Democrats Cant be Trusted with Intelligence Briefings

Posted on by

This site on May of 2018, wrote a piece regarding John Kerry’s global shadow foreign policy operations. His organization is called Diplomacy Works. Two areas of concentration for John Kerry via his organization since he launched it in 2017 are Iran and North Korea.

On his team of over 50 people are: Jeremy Ben-Ami, President of J Street and a former Clinton advisor, former Ambassador for Qatar, Dana Smith Shell, who also worked for Clinton and Kerry. Then there is Antony Blinken who is a former US Deputy Secretary of State and former National Security Advisor; former Ambassador Nicholas Burns who worked for Hillary; former Senator Tom Daschle; Jonathan Finer, former policy planner at the US State Department; Michele Flournoy, Juan Gonzalez, a special advisor to VP Joe Biden; Avril Haines, former Deputy National Secruity Advisor to Obama; Dr. Colin Kahl, former Special Assistant to President Obama and VP Joe Biden; Robert Malley, former Special Assistant to the Obama White House; Jen Psaki, former Obama White House communications director; former Ambassador Wendy Sherman to name a few.

Sounds like all Deep Staters….right? They are.

So with America just off the 2-3 year Mueller investigation, with continued lawsuits against policy decisions from the Trump White House, with constant leaks that came from not only the FBI and members of Congress to the media including the Washington Post and the New York Times and then the leak of the leak to the pesky whistle-blower about a phone call that launched the impeachment adventure, no one inside the Trump White House should trust anyone inside the Beltway.

Past working relationships from the Obama administration go on to be renewed relationships in new and often obscure places and such continues to be true with the names listed above. Take for example the name above Jonathan Winer….he at one point was special envoy to Libya and assistant secretary of state for international law under John Kerry. If his name is rather familiar, it should be. He and Christopher Steele are old pals from 2009. He too got his hands of the dossier summary and conferred with Victoria Nuland and Sidney Blumenthal.

Then there is Wendy Sherman, that when working for John Kerry was assigned as the North Korea Policy coordinator. Prior to that, Sherman directed the 1988 Democratic National Committee. She also did stints at Emily’s List, for former Secretary of State Warren Christopher, as president of Fannie Mae Foundation and even was a foreign policy advisor to Hillary Clinton during her 2008 presidential campaign.

Kinda wonder now about those deep state relationships right? If you care to understand just one more among John Kerry’s team, let’s look at Robert Malley. He is a lawyer and most of all a communist sympathizer. Yup, a real anti-semite and in 2008 held meetings with Hamas. In 2014, the Obama administration named Malley to the National Security Council to work with Susan Rice as an expert on the Middle East.

So, when it comes to covert military operations such as that of the drone strike killing Qassim Soleimani and the failed strike in Yemen to take out the other Quds Force commander, Abdul Reza Shala’i who commands the Houthis, would you advise the Gang of 8 or others in Congress?

By the way, directly after the strike to kill Soleimani, Trump dispatched a back channel message via the Swiss embassy to Iran to NOT ESCALATE. Well, Iran did.

The failed strike was first reported by the Washington Post…hummm, how did they know? Shala’i does need to meet a drone as he leads the commanders in Syria, Yemen and Lebanon. Remember how those missiles and drones from Yemen strike Saudi Arabian targets?

The United States has a $15 million bounty on him. Shala’i directed the plot to assassinate the Saudi ambassador in Washington DC in 2011.

photo

This was a plot right out of Hollywood actually that included an Iranian-American used car salesman and resident of Texas names Manssor Arbabsiar who has a cousin high up in the Quds Force named…wait for it….Abdul Reza Shahla’i. The assassination by the way paid well if successful, $1.5 million. (criminal complaint found here)

This was a plot right here in our homeland…those Democrats overlook the connections including Soleimani….

 

DHS Website Hacked with Pro-Iranian Messages

Posted on by

Seems with the timing, that as I was publishing an article yesterday about Iran’s robust cyber operations, they or proxies were at work taking down our own Department of Homeland Security website. Another thought is a domestic Iranian sympathizer took down the site.

A website within the Department of Homeland Security was offline Sunday after a hacker uploaded photos onto the site that included an Iranian flag and an image depicting a bloodied President Donald Trump being punched in the face.

 

The images appeared on the Federal Depository Library Program program’s website late Saturday before the site was taken offline. The Cybersecurity and Infrastructure Security Agency, a division of the Department of Homeland Security, said it was monitoring the situation.

“We are aware the website of the Federal Depository Library Program was defaced with pro-Iranian, anti-US messaging,” the cybersecurity agency said in a statement. “At this time, there is no confirmation that this was the action of Iranian state-sponsored actors. The website was taken offline and is no longer accessible.”

The statement added that “in these times of increased threats” all organizations should increase cyber monitoring, back up IT systems, implement secure authentication and have an incident response plan ready should a hack take place.

DHS also issued a two-week National Terrorism System advisory noting the U.S. drone strike in Iraq last week that killed Iran commander Qassem Soleimani. That spurred Iran and several affiliated extremist organizations to state publicly they intend to retaliate against the U.S.

“Iran maintains a robust cyber program and can execute cyber attacks against the United States,” DHS warned. “Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.”

The library program website essentially had been replaced with a page exclaiming “Iranian Hackers!” An image of Iran’s supreme leader Ayatollah Ali Khamenei also was posted, along with a message that “martyrdom was (Soleimani’s) reward for years of implacable efforts.

A graphic showed Trump being punched by a fist from Iran amid a flurry of missiles.

“With his departure and with God’s power, his work and path will not cease and severe revenge awaits those criminals who have tainted their filthy hands with his blood and blood of the other martyrs,” a message on the website read.

Another message claimed the hack was the work of an Iranian “security group,” adding that “this is only small part of Iran’s cyber ability!”

Iran has promised a military response to Soleimani’s killing. Trump has vowed that if Iran attacks an American base or any American, “which I would strongly advise them not to do, we will hit them harder than they have ever been hit before!”

I also received the following bulletin yesterday from the DHS email system.

Image

 

 

Locked Shields Versus Iran

Posted on by

Since the death of several Iranian warlords including Qassim Soleimani, the United States has dispatched more military personnel to the Middle East. The Patriot missile batteries scattered in the region including in Bahrain are now at the ready. When it comes to cyber operations inside Iran, little is being discussed as a means of retribution against the United States. Iran does have cyber warfare capabilities and does use them.

It has been mentioned in recent days that President Trump has been quite measured in responding to Iran’s various attacks including striking Saudi oil fields, hitting oil tankers and shooting down one of the drones operated by the United States. In fact, the United States did respond directly after the downing of our drone by inserting an effective cyber-attack against Iran’s weapons systems by targeting the controls of the missile systems.

APT33 phishing Read details from Security Affairs.

Iran has an estimated 100,000 volunteer cyber trained operatives that has been expanding for the last ten years led by the Basij, a paramilitary network. The cyber unit known for controlling the Iranian missile launchers is Sepehr 110 is a large target of the United States and Israel. Iran also mobilizes cyber criminals and proxy networks including another one known as OilRig.

In 2018, the United States charged 9 Iranians (Mabna Hackers) for conducting massive cyber theft, wire fraud and identity theft that affected hundreds of universities, companies and other proprietary entities.

Due to a more global cyber threat by Iran known to collaborate with North Korea, China and Russia, NATO has been quite aggressive in cyber defense operations via the Cooperative Cyber Defense Center of Excellence applying the Locked Shields Program.

Not too be lost in the cyber threat conditions, Iran also uses their cyber team to blast out propaganda using social media platforms. If this sounds quite familiar, it is. The Russian propaganda operations manual is also being used by Iran. The bots and trolls are at work in Europe to keep France, Britain and Germany connected to the Iranian nuclear deal and to maintain trade operations with Iran including diplomatic operations. There are fake Iranian and Russian accounts still today all over Twitter and Facebook for which Europe is slow to respond if at all.

Meet APT33, which the West calls the Iranian hacking crew(s), the other slang name is Elfin. APT33 is not only hacking, but it is performing cyber-espionage as well. There are many outside government organizations researching and decoding Iran’s cyber operations that cooperate with inside U.S. government cyber operations located across the globe that also cooperate with NATO.

Recorded Future is one such non-government pro-active cyber operation working on Iran. These include attributions of cyber attacks by Iran against Saudi Arabia as well as the West by decoding phishing campaigns, relationships, malware and webshells and security breeches.

Recent published results include in part:

Nasr Institute and Kavosh Redux

In our previous report, “Iran’s Hacker Hierarchy Exposed,” we concluded that the exposure of one APT33 contractor, the Nasr Institute, by FireEye in 2017, along with our intelligence on the composition and motivations of the Iranian hacker community, pointed to a tiered structure within Iran’s state-sponsored offensive cyber program. We assessed that many Iranian state-sponsored operations were directed by the Iranian Revolutionary Guard Corps (IRGC) or the Ministry of Intelligence and Security (MOIS).

According to a sensitive Insikt Group source who provided information for previous research, these organizations employed a mid-level tier of ideologically aligned task managers responsible for the compartmentalized tasking of over 50 contracting organizations, who conducted activities such as vulnerability research, exploit development, reconnaissance, and the conducting of network intrusions or attacks. Each of these discrete components, in developing an offensive cyber capability, were purposefully assigned to different contracting groups to protect the integrity of overarching operations and to ensure the IRGC and/or MOIS retained control of operations and mitigated the risk from rogue hackers. Read more here in detail from a published summary of 6 months ago.