Category Archives: Industry Jobs Oil Economics

Gorbachev Warning Cold War, Useful Idiots

Posted on by
The phrase ‘useful idiots’, supposedly Lenin’s, refers to Westerners duped into saying good things about bad regimes.
Vladimir Lenin and Joseph Stalin used the term “polyezniy idiot” or “useful idiot” to describe sympathizers in the West who blindly supported Communist leaders.
The adulation of left-wing dictators and strongmen by Western intellectuals, journalists, and celebrities didn’t begin with Stalin (in 1921 Duranty had hailed Lenin for his “cool, far-sighted, reasoned sense of realities”), and it certainly didn’t end with him. Mona Charen chronicled the phenomenon in her superb 2003 book “Useful Idiots,” which recalls example after jaw-dropping example of American liberals defending, flattering, and excusing the crimes of one Communist ruler and regime after another. Fidel Castro, Ho Chi Minh, Mao Zedong, the Khmer Rouge, Leonid Brezhnev, Kim Il Sung, the Sandinistas: Over and over the pattern was repeated, from the dawn of the Bolshevik Revolution to the collapse of the Iron Curtain — and beyond.
And so now we have a former Russia leader Gorbachev sounding the clarion call to the West, especially Europe that not only are you idiots but you are ‘irrelevant as a global power’, The matter did not begin with Lenin and Stalin and will not end with Putin until it goes far beyond Ukraine and into the Baltics, of which the KGB ‘useful idiot’ program for recruiting and indoctrination is already underway.
By Bettina Borgfeld 
BERLIN (Reuters) – Former Soviet leader Mikhail Gorbachev warned in a speech in Berlin on Saturday that East-West tensions over the Ukraine crisis were threatening to push the world into a new Cold War, 25 years after the fall of the Berlin Wall.

Gorbachev, who is credited with forging a rapprochement with the West that led to the demise of communist regimes across Eastern Europe, accused the West, and the United States in particular, of not fulfilling their promises after 1989.

“The world is on the brink of a new Cold War. Some say that it has already begun,” said Gorbachev, who is feted in Germany for his pivotal role in helping create the conditions for the Berlin Wall’s peaceful opening on Nov. 9, 1989, heralding the end of the Cold War.

“And yet, while the situation is dramatic, we do not see the main international body, the U.N. Security Council, playing any role or taking any concrete action.”

The conflict in eastern Ukraine has killed more than 4,000 people since the start of an uprising by pro-Russian separatists in mid-April.

The Cold War

Soviet leader Nikita Khrushchev with U.S. President John F. Kennedy at the U.S. Embassy during their …

Russia blames the crisis on Kiev and the West, but NATO says it has overwhelming evidence that Russia has aided the rebels militarily in the conflict.

Gorbachev, 83, also criticized Europe and said it was in danger of becoming irrelevant as a global power.

“Instead of becoming a leader of change in a global world, Europe has turned into an arena of political upheaval, of competition for spheres of influence and finally of military conflict,” he said.

“The consequence inevitably is Europe weakening at a time when other centers of power and influence are gaining momentum. If this continues, Europe will lose a strong voice in global affairs and gradually become irrelevant.”

Speaking at an event at Berlin’s Brandenburg Gate, Gorbachev said the West had exploited Russia’s weakness after the collapse of the Soviet Union in 1991.

“Euphoria and triumphalism went to the heads of Western leaders,” he said. “Taking advantage of Russia’s weakening and the lack of a counterweight, they claimed monopoly leadership and domination of the world, refusing to heed words of caution from many of those present here,” he said.

Gorbachev said the West had made mistakes that upset Russia with the enlargement of NATO, with its actions in the former Yugoslavia, Iraq, Libya and Syria and with plans for a missile defense system.

“To put it metaphorically, a blister has now turned into a bloody, festering wound,” he said. “And who is suffering the most from what’s happening? I think the answer is more than clear: It is Europe.”

(Writing by Erik Kirschbaum; Editing by Rosalind Russell)

By Nicolas Miletitch

Donetsk (Ukraine) (AFP) – Armoured convoys headed to bolster rebel positions in east Ukraine Sunday as shelling rocked separatist stronghold Donetsk and fears mounted of a return to full-scale fighting.

Shelling rumbled on throughout the afternoon on the edge of Donetsk, where government forces regularly exchange heavy fire with insurgent fighters, but was less intense than overnight when mortar fire was heard close to the centre for around two hours, an AFP journalist reported.

It was among the fiercest combat in the city since the September 5 signing of a frequently-violated ceasefire that halted all-out confrontations across most of the conflict zone but failed to end constant bombardments at strategic hotspots.

An AFP crew saw a convoy of 20 military vehicles and 14 howitzer cannons without number plates or markings driving through the rebel town of Makiivka in the direction of the nearby frontline around Donetsk.

The Organisation for Security and Cooperation in Europe (OSCE) voiced concern Saturday after its monitors witnessed unmarked columns of tanks and troop carriers moving through east Ukraine in territory held by pro-Russia separatists.

The sightings of armoured columns came after Ukraine’s military said Friday a large convoy of tanks and other heavy weapons entered the country from Russia across a section of border that has fallen under the control of rebel fighters.

Russia denies being involved in the fighting in the east.

However, it openly gives the rebels political and humanitarian backing and it is not clear how the insurgents could themselves have access to so much sophisticated and well-maintained weaponry.

In March, Russian soldiers without identification markings took over the southern Ukrainian region of Crimea. Moscow annexed the peninsula shortly after.

The OSCE reports from the east came as fears mounted of a total breakdown in the two-month truce, with the war having already killed some 4,000 people, according to UN figures.

Russian Tanks Are Probably In Ukraine But We Don&# … Play video

Russian Tanks Are Probably In Ukraine But We Don't …

Ukraine’s military said Sunday that three servicemen were killed and thirteen injured as shelling hit government positions around the region.

Rebel leader Alexander Zakharchenko risked heavy fire Sunday morning as he toured the insurgents’ forward positions around the ruins of the Donetsk airport, where Ukrainian troops are battling fiercely to maintain a toe-hold, Russian outlet LifeNews reported.

“They continue to bombard our aiport, nothing is changing,” Zakharchenko was filmed as saying.

– Tanks, cannons, tankers –

Unidentified military columns have been seen increasingly by foreign journalists in the east in recent days, and Ukraine’s military on Sunday repeated allegations that Russia is covertly deploying troops to bolster rebels ahead of a fresh offensive.

The OSCE’s statement gives weight to concerns that the stuttering peace process could soon be ditched definitively.

“More than 40 trucks and tankers” were seen driving on a highway on the eastern outskirts of Makiivka, said the OSCE representatives, who are in Ukraine monitoring the ceasefire.

“Of these, 19 were large trucks –- Kamaz type, covered, and without markings or number plates –- each towing a 122mm howitzer and containing personnel in dark green uniforms without insignia. Fifteen were Kraz troop carriers,” the report said.

Separately, the OSCE monitors said they had seen “a convoy of nine tanks moving west, also unmarked” just southwest of Donetsk.

The OSCE said all these forces were on territory controlled by the separatists’ self-declared Donetsk People’s Republic.

The Swiss foreign minister and OSCE chairperson-in-office, Didier Burkhalter, said he was “very concerned about a resurgence of violence in the eastern regions of Ukraine”, and urged all sides to act responsibly.

– New Cold War? –

The conflict has sent relations between Western backers of Ukraine and Russia to their lowest level in decades.

Russian President Vladimir Putin is gearing up for a fraught week of diplomacy with visits to the Asia-Pacific Economic Cooperation summit in Beijing and Group of 20 meeting in Brisbane, Australia, where he looks likely to face a hostile reception from Western leaders.

The last Soviet leader, Mikhail Gorbachev, said the world “is on the brink of a new Cold War” sparked by Ukraine.

“Some are even saying that it has already begun,” Gorbachev said at an event Saturday marking the 25th anniversary of the fall of the Berlin Wall.

Russia’s economy is suffering from European Union and US sanctions imposed in response to Moscow’s support for the separatists.

With Russia welcoming last week’s rebel elections, which were billed as boosting the separatists’ claim to independence, the sanctions look set to remain in place — and possibly be reinforced.

Dragonfly vs. America, Courtesy of Russia

Posted on by

Can you live without electricity for a day or two? Yes of course if you in advance right? Can you live without power for a week or so? Yes of course with advanced notice right? Can you live without power for a month, 4 months or 18 months? NOPE. It is time to not only think about preparations, but to get prepared and then to practice procedures for short term and long term power outages and the reason is Russia.

There is a sad truth to what is below, the United States is not prepared and what is worse we are not declaring war to stop Russia either. Russia has hacked into U.S. government sites, hacked into corporate sites and hacked into the financial industry all without so much as a whimper as a U.S. reply. We have no countermeasures, we have no offensive measures and have not even written a strongly worded letter.

 

Russia has gone to the dragons against America, well actually to the Dragonflies and this is what you need to know and do. Remember the entire infrastructure is tied to SCADA, that includes water systems, transportation systems, water, hospitals, schools and retail.

Dragonfly: Western Energy Companies Under Sabotage Threat

Cyberespionage campaign stole information from targets and had the capability to launch sabotage operations.

An ongoing cyberespionage campaign against a range of targets, mainly in the energy sector, gave attackers the ability to mount sabotage operations against their victims. The attackers, known to Symantec as Dragonfly, managed to compromise a number of strategically important organizations for spying purposes and, if they had used the sabotage capabilities open to them, could have caused damage or disruption to energy supplies in affected countries.

Among the targets of Dragonfly were energy grid operators, major electricity generation firms, petroleum pipeline operators, and energy industry industrial equipment providers. The majority of the victims were located in the United States, Spain, France, Italy, Germany, Turkey, and Poland.

The Dragonfly group is well resourced, with a range of malware tools at its disposal and is capable of launching attacks through a number of different vectors. Its most ambitious attack campaign saw it compromise a number of industrial control system (ICS) equipment providers, infecting their software with a remote access-type Trojan. This caused companies to install the malware when downloading software updates for computers running ICS equipment. These infections not only gave the attackers a beachhead in the targeted organizations’ networks, but also gave them the means to mount sabotage operations against infected ICS computers.

This campaign follows in the footsteps of Stuxnet, which was the first known major malware campaign to target ICS systems. While Stuxnet was narrowly targeted at the Iranian nuclear program and had sabotage as its primary goal, Dragonfly appears to have a much broader focus with espionage and persistent access as its current objective with sabotage as an optional capability if required.

In addition to compromising ICS software, Dragonfly has used spam email campaigns and watering hole attacks to infect targeted organizations. The group has used two main malware tools: Backdoor.Oldrea and Trojan.Karagany. The former appears to be a custom piece of malware, either written by or for the attackers.

Prior to publication, Symantec notified affected victims and relevant national authorities, such as Computer Emergency Response Centers (CERTs) that handle and respond to Internet security incidents.

Background
The Dragonfly group, which is also known by other vendors as Energetic Bear, appears to have been in operation since at least 2011 and may have been active even longer than that. Dragonfly initially targeted defense and aviation companies in the US and Canada before shifting its focus mainly to US and European energy firms in early 2013.

The campaign against the European and American energy sector quickly expanded in scope. The group initially began sending malware in phishing emails to personnel in target firms. Later, the group added watering hole attacks to its offensive, compromising websites likely to be visited by those working in energy in order to redirect them to websites hosting an exploit kit. The exploit kit in turn delivered malware to the victim’s computer. The third phase of the campaign was the Trojanizing of legitimate software bundles belonging to three different ICS equipment manufacturers.

Dragonfly bears the hallmarks of a state-sponsored operation, displaying a high degree of technical capability. The group is able to mount attacks through multiple vectors and compromise numerous third party websites in the process. Dragonfly has targeted multiple organizations in the energy sector over a long period of time. Its current main motive appears to be cyberespionage, with potential for sabotage a definite secondary capability.

Analysis of the compilation timestamps on the malware used by the attackers indicate that the group mostly worked between Monday and Friday, with activity mainly concentrated in a nine-hour period that corresponded to a 9am to 6pm working day in the UTC +4 time zone. Based on this information, it is likely the attackers are based in Eastern Europe.

figure1_9.png
Figure. Top 10 countries by active infections (where attackers stole information from infected computers)

Tools employed
Dragonfly uses two main pieces of malware in its attacks. Both are remote access tool (RAT) type malware which provide the attackers with access and control of compromised computers. Dragonfly’s favored malware tool is Backdoor.Oldrea, which is also known as Havex or the Energetic Bear RAT. Oldrea acts as a back door for the attackers on to the victim’s computer, allowing them to extract data and install further malware.

Oldrea appears to be custom malware, either written by the group itself or created for it. This provides some indication of the capabilities and resources behind the Dragonfly group.

Once installed on a victim’s computer, Oldrea gathers system information, along with lists of files, programs installed, and root of available drives. It will also extract data from the computer’s Outlook address book and VPN configuration files. This data is then written to a temporary file in an encrypted format before being sent to a remote command-and-control (C&C) server controlled by the attackers.

The majority of C&C servers appear to be hosted on compromised servers running content management systems, indicating that the attackers may have used the same exploit to gain control of each server. Oldrea has a basic control panel which allows an authenticated user to download a compressed version of the stolen data for each particular victim.

The second main tool used by Dragonfly is Trojan.Karagany. Unlike Oldrea, Karagany was available on the underground market. The source code for version 1 of Karagany was leaked in 2010. Symantec believes that Dragonfly may have taken this source code and modified it for its own use. This version is detected by Symantec as Trojan.Karagany!gen1.

Karagany is capable of uploading stolen data, downloading new files, and running executable files on an infected computer. It is also capable of running additional plugins, such as tools for collecting passwords, taking screenshots, and cataloging documents on infected computers.

Symantec found that the majority of computers compromised by the attackers were infected with Oldrea. Karagany was only used in around 5 percent of infections. The two pieces of malware are similar in functionality and what prompts the attackers to choose one tool over another remains unknown.

Multiple attack vectors
The Dragonfly group has used at least three infection tactics against targets in the energy sector. The earliest method was an email campaign, which saw selected executives and senior employees in target companies receive emails containing a malicious PDF attachment. Infected emails had one of two subject lines: “The account” or “Settlement of delivery problem”. All of the emails were from a single Gmail address.

The spam campaign began in February 2013 and continued into June 2013. Symantec identified seven different organizations targeted in this campaign. The number of emails sent to each organization ranged from one to 84.

The attackers then shifted their focus to watering hole attacks, comprising a number of energy-related websites and injecting an iframe into each which redirected visitors to another compromised legitimate website hosting the Lightsout exploit kit. Lightsout exploits either Java or Internet Explorer in order to drop Oldrea or Karagany on the victim’s computer. The fact that the attackers compromised multiple legitimate websites for each stage of the operation is further evidence that the group has strong technical capabilities.

In September 2013, Dragonfly began using a new version of this exploit kit, known as the Hello exploit kit. The landing page for this kit contains JavaScript which fingerprints the system, identifying installed browser plugins. The victim is then redirected to a URL which in turn determines the best exploit to use based on the information collected.

Trojanized software
The most ambitious attack vector used by Dragonfly was the compromise of a number of legitimate software packages. Three different ICS equipment providers were targeted and malware was inserted into the software bundles they had made available for download on their websites. All three companies made equipment that is used in a number of industrial sectors, including energy.

The first identified Trojanized software was a product used to provide VPN access to programmable logic controller (PLC) type devices. The vendor discovered the attack shortly after it was mounted, but there had already been 250 unique downloads of the compromised software.

The second company to be compromised was a European manufacturer of specialist PLC type devices. In this instance, a software package containing a driver for one of its devices was compromised. Symantec estimates that the Trojanized software was available for download for at least six weeks in June and July 2013.

The third firm attacked was a European company which develops systems to manage wind turbines, biogas plants, and other energy infrastructure. Symantec believes that compromised software may have been available for download for approximately ten days in April 2014.

The Dragonfly group is technically adept and able to think strategically. Given the size of some of its targets, the group found a “soft underbelly” by compromising their suppliers, which are invariably smaller, less protected companies.

Two additional links are below for more information and key use.

http://energy.gov/sites/prod/files/Large%20Power%20Transformer%20Study%20-%20June%202012_0.pdf

http://www.fgdc.gov/usng/

 

 

 

Obama subervient to Iran and Russia

Posted on by

America has been caught up in Ebola, the midterm elections and the DACA executive order allowing tens of thousands to come across the southern border. We have been horrified by a handful of beheadings of Daesh (ISIS) in Iraq.

Now the real work begins for Americans to get engaged as some very nefarious events could occur between now and the time the 114th Congress is seated in January of 2015.

It is important to look at the Middle East with particular emphasis as a 3rd Intifada is brewing there again in Israel. Meanwhile, we cannot ignore Vladimir Putin any longer and his aggression on Ukraine and the handful of Baltic States.

The community organizer, Barack Obama cannot compete in any arena with other world leaders that include those of China, Russia and Iran.

On the Denise Simon Experience Radio show hosted by Cowboy Logic Radio, Alex Holstein spend almost two hours putting into perspective matters of geo-politics and the future implications.

Alex Holstein is the Director of Corporate & Government Relations for Geopoliticalmonitor Intelligence Corps.  He holds a BA from the University of Southern California and an MSc. in Russian and Post-Soviet Studies from the London School of Economics, where he wrote his thesis on the Soviet KGB. Through years of extensive research and worldwide experience, Alex has developed a strong grasp of foreign affairs, maintaining a particular interest in espionage, terrorism, special operations, border security and international relations. A former Executive Director of the Republican Party of San Diego County, he has managed communications and stakeholder engagement for major statewide and national political and issue advocacy campaigns in both California and Washington D.C., including the California Recall 2003 and the US Presidential Election 2004. He is currently a contributing expert for International Security and Intelligence issues at the SUN News Network in Canada. Geopoliticalmonitor Intelligence Corp. GPMGlobalSolutions.com / Geopoliticalmonitor.com

As a subject matter expert with well placed and selected placeholders, Alex explained in layman’s terms the implications of Syria, Iran, Iraq and what the near future holds. To hear the show, click here.
 

Most disturbing is the actions of Putin as noted here:

(Reuters) – Russian President Vladimir Putin held talks with top security chiefs on Thursday over a “deterioration of the situation” in eastern Ukraine after pro-Russian rebels there accused Kiev of launching a new offensive in violation of a ceasefire.

Sporadic violence has flared since the Sept. 5 truce in a conflict that has cost over 4,000 lives; but the ceasefire has looked particularly fragile this week with separatists and the central government accusing each other of violations.

Andrei Purgin, deputy prime minister of the self-proclaimed Donetsk People’s Republic, said the Ukrainian army had launched “all-out war” on rebel positions, Russian news agency RIA said.

Ukrainian military spokesman Vladyslav Seleznyov denied this, saying the army remained in agreed positions.

“We refute these allegations…we’re strictly fulfilling the Minsk memorandum (on a ceasefire),” he said by telephone.

A Kremlin statement said the presidential Security Council, which groups key security and defense officials under Putin’s chairmanship, discussed among other things a “deterioration of the situation in the Donbass due to repeated violations of the ceasefire by the armed forces of Ukraine.”

It did not say what decisions, if any, had been reached over the conflict that broke out in the industrialized east after the overthrow of Ukraine’s Moscow-backed leader Viktor Yanukovich in February and Russia’s subsequent annexation of Crimea.

A Reuters witness in the rebel stronghold of Donetsk said there was no sign the conflict was escalating.

Representatives of the separatist regions earlier put out a joint statement calling for a redrafting of the Minsk deal, which established a ceasefire in exchange for Kiev granting “special status” to eastern territories.

Rebels say Ukraine has violated the deal by seeking to revoke a law that would have granted eastern regions autonomy. Kiev says this was a consequence of Sunday’s separatist leadership elections which it says go against the agreement.

The Ukrainian military said three soldiers had been killed on Thursday, reporting a total of 26 separate artillery clashes with separatists.

In summary, make no mistake that the adversaries of America, Iran, Russia and China are working in cadence for their own agendas and completely against America, hence our State Department, National Security Council and the White House and willfully allowing this. Question is to what end?

Behpajooh and John Kerry

Posted on by

At least four secret letters have been dispatched from the White House and sent to Iran. The full contents of the letters are still unknown except the most recent was revealed by the Wall Street Journal containing two items, points of collaboration over the ISIS war in Iraq and striking a final deal on the Iranian nuclear program.

Denials have been made by the White House that the United States was not working with Iran on the matter of Iraq as noted here. ‘Appearing on NBC’s “Meet the Press” last month, National Security Adviser Susan Rice said the U.S. wasn’t working with Iran on the fight against the Islamic State. “We are not in coordination or direct consultation with the Iranians about any aspect of the fight against ISIL,” Rice said, using an alternate acronym for the jihadist group. “It is a fact that, in Iraq, they also are supporting the Iraqis against ISIL, but we are not coordinating. We are doing this very differently and independently.”

After doing some deep research, it was found that under SecState John Kerry, nothing else matters when it comes to Iraq, Syria, Russia or Iran except gaining a nuclear deal with the help of the P5+1, a deal that has excluded the U.S. Congress and ALL allies in the Middle East.

The United States under the G. W. Bush administration worked a stealthy mission to halt the Iran program in coordination with Israel by creating and infecting the Iranian nuclear program with an undetected virus into the computers controlling the spinning centrifuges. Outside companies were identified and sanctions and later targeted via a thumb drive to infect the computer network to bring a halt to the cascading centrifuge system.

One such company was Behpajooh and there are many more, but all of these associated firms have been ignored by the State Department, Treasury, the interagency and the envoy working in cadence with John Kerry giving freedom to Iran to continue their program.

The betrayal of the State Department and the White House of allies and Congress is epic in nature, when this could lead to a nuclear arms race in the Middle East, a long future of hostilities with Daesh and a much sooner launch of a nuclear weapon by Iran on their targeted enemies the little Satan and the big Satan, Israel and the United States.

Here is the story on how Stuxnet came to be. Clearly, the Bush administration and Israel were clandestine in this regard and the mission was successful. It now begs the question, will it happen again if a deal is reached by the November 24 deadline?

An Unprecedented Look at Stuxnet, the World’s First Digital Weapon

In January 2010, inspectors with the International Atomic Energy Agency visiting the Natanz uranium enrichment plant in Iran noticed that centrifuges used to enrich uranium gas were failing at an unprecedented rate. The cause was a complete mystery—apparently as much to the Iranian technicians replacing the centrifuges as to the inspectors observing them.

Five months later a seemingly unrelated event occurred. A computer security firm in Belarus was called in to troubleshoot a series of computers in Iran that were crashing and rebooting repeatedly. Again, the cause of the problem was a mystery. That is, until the researchers found a handful of malicious files on one of the systems and discovered the world’s first digital weapon.

Stuxnet, as it came to be known, was unlike any other virus or worm that came before. Rather than simply hijacking targeted computers or stealing information from them, it escaped the digital realm to wreak physical destruction on equipment the computers controlled.

Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon, written by WIRED senior staff writer Kim Zetter, tells the story behind Stuxnet’s planning, execution and discovery. In this excerpt from the book, which will be released November 11, Stuxnet has already been at work silently sabotaging centrifuges at the Natanz plant for about a year. An early version of the attack weapon manipulated valves on the centrifuges to increase the pressure inside them and damage the devices as well as the enrichment process. Centrifuges are large cylindrical tubes—connected by pipes in a configuration known as a “cascade”—that spin at supersonic speed to separate isotopes in uranium gas for use in nuclear power plants and weapons. At the time of the attacks, each cascade at Natanz held 164 centrifuges. Uranium gas flows through the pipes into the centrifuges in a series of stages, becoming further “enriched” at each stage of the cascade as isotopes needed for a nuclear reaction are separated from other isotopes and become concentrated in the gas.

As the excerpt begins, it’s June 2009—a year or so since Stuxnet was first released, but still a year before the covert operation will be discovered and exposed. As Iran prepares for its presidential elections, the attackers behind Stuxnet are also preparing their next assault on the enrichment plant with a new version of the malware. They unleash it just as the enrichment plant is beginning to recover from the effects of the previous attack. Their weapon this time is designed to manipulate computer systems made by the German firm Siemens that control and monitor the speed of the centrifuges. Because the computers are air-gapped from the internet, however, they cannot be reached directly by the remote attackers. So the attackers have designed their weapon to spread via infected USB flash drives. To get Stuxnet to its target machines, the attackers first infect computers belonging to five outside companies that are believed to be connected in some way to the nuclear program. The aim is to make each “patient zero” an unwitting carrier who will help spread and transport the weapon on flash drives into the protected facility and the Siemens computers. Although the five companies have been referenced in previous news reports, they’ve never been identified. Four of them are identified in this excerpt.

The Lead-Up to the 2009 Attack

The two weeks leading up to the release of the next attack were tumultuous ones in Iran. On June 12, 2009, the presidential elections between incumbent Mahmoud Ahmadinejad and challenger Mir-Hossein Mousavi didn’t turn out the way most expected. The race was supposed to be close, but when the results were announced—two hours after the polls closed—Ahmadinejad had won with 63 percent of the vote over Mousavi’s 34 percent. The electorate cried foul, and the next day crowds of angry protesters poured into the streets of Tehran to register their outrage and disbelief. According to media reports, it was the largest civil protest the country had seen since the 1979 revolution ousted the shah and it wasn’t long before it became violent. Protesters vandalized stores and set fire to trash bins, while police and Basijis, government-loyal militias in plainclothes, tried to disperse them with batons, electric prods, and bullets.

That Sunday, Ahmadinejad gave a defiant victory speech, declaring a new era for Iran and dismissing the protesters as nothing more than soccer hooligans soured by the loss of their team. The protests continued throughout the week, though, and on June 19, in an attempt to calm the crowds, the Ayatollah Ali Khamenei sanctioned the election results, insisting that the margin of victory—11 million votes—was too large to have been achieved through fraud. The crowds, however, were not assuaged.

The next day, a twenty-six-year-old woman named Neda Agha-Soltan got caught in a traffic jam caused by protesters and was shot in the chest by a sniper’s bullet after she and her music teacher stepped out of their car to observe.

Two days later on June 22, a Monday, the Guardian Council, which oversees elections in Iran, officially declared Ahmadinejad the winner, and after nearly two weeks of protests, Tehran became eerily quiet. Police had used tear gas and live ammunition to disperse the demonstrators, and most of them were now gone from the streets. That afternoon, at around 4:30 p.m. local time, as Iranians nursed their shock and grief over events of the previous days, a new version of Stuxnet was being compiled and unleashed.

Recovery From Previous Attack

While the streets of Tehran had been in turmoil, technicians at Natanz had been experiencing a period of relative calm. Around the first of the year, they had begun installing new centrifuges again, and by the end of February they had about 5,400 of them in place, close to the 6,000 that Ahmadinejad had promised the previous year. Not all of the centrifuges were enriching uranium yet, but at least there was forward movement again, and by June the number had jumped to 7,052, with 4,092 of these enriching gas. In addition to the eighteen cascades enriching gas in unit A24, there were now twelve cascades in A26 enriching gas. An additional seven cascades had even been installed in A28 and were under vacuum, being prepared to receive gas.

The performance of the centrifuges was improving too. Iran’s daily production of low-enriched uranium was up 20 percent and would remain consistent throughout the summer of 2009. Despite the previous problems, Iran had crossed a technical milestone and had succeeded in producing 839 kilograms of low-enriched uranium—enough to achieve nuclear-weapons breakout capability. If it continued at this rate, Iran would have enough enriched uranium to make two nuclear weapons within a year. This estimate, however, was based on the capacity of the IR-1 centrifuges currently installed at Natanz. But Iran had already installed IR-2 centrifuges in a small cascade in the pilot plant, and once testing on these was complete and technicians began installing them in the underground hall, the estimate would have to be revised. The more advanced IR-2 centrifuges were more efficient. It took 3,000 IR-1s to produce enough uranium for a nuclear weapon in one year, but it would take just 1,200 IR-2 centrifuges to do the same.

Cue Stuxnet 1.001, which showed up in late June.

The Next Assault

To get their weapon into the plant, the attackers launched an offensive against computers owned by four companies. All of the companies were involved in industrial control and processing of some sort, either manufacturing products and assembling components or installing industrial control systems. They were all likely chosen because they had some connection to Natanz as contractors and provided a gateway through which to pass Stuxnet to Natanz through infected employees.

To ensure greater success at getting the code where it needed to go, this version of Stuxnet had two more ways to spread than the previous one. Stuxnet 0.5 could spread only by infecting Step 7 project files—the files used to program Siemens PLCs. This version, however, could spread via USB flash drives using the Windows Autorun feature or through a victim’s local network using the print-spooler zero-day exploit that Kaspersky Lab, the antivirus firm based in Russia, and Symantec later found in the code.

Based on the log files in Stuxnet, a company called Foolad Technic was the first victim. It was infected at 4:40 a.m. on June 23, a Tuesday. But then it was almost a week before the next company was hit.

The following Monday, about five thousand marchers walked silently through the streets of Tehran to the Qoba Mosque to honor victims killed during the recent election protests. Late that evening, around 11:20 p.m., Stuxnet struck machines belonging to its second victim—a company called Behpajooh.

It was easy to see why Behpajooh was a target. It was an engineering firm based in Esfahan—the site of Iran’s new uranium conversion plant, built to turn milled uranium ore into gas for enriching at Natanz, and was also the location of Iran’s Nuclear Technology Center, which was believed to be the base for Iran’s nuclear weapons development program. Behpajooh had also been named in US federal court documents in connection with Iran’s illegal procurement activities.

Behpajooh was in the business of installing and programming industrial control and automation systems, including Siemens systems. The company’s website made no mention of Natanz, but it did mention that the company had installed Siemens S7-400 PLCs, as well as the Step 7 and WinCC software and Profibus communication modules at a steel plant in Esfahan. This was, of course, all of the same equipment Stuxnet targeted at Natanz.

At 5:00 a.m. on July 7, nine days after Behpajooh was hit, Stuxnet struck computers at Neda Industrial Group, as well as a company identified in the logs only as CGJ, believed to be Control Gostar Jahed. Both companies designed or installed industrial control systems.

electrical systems for the oil and gas industry in Iran, as well as for power plants and mining and process facilities. In 2000 and 2001 the company had installed Siemens S7 PLCs in several gas pipeline operations in Iran and had also installed Siemens S7 systems at the Esfahan Steel Complex. Like Behpajooh, Neda had been identified on a proliferation watch list for its alleged involvement in illicit procurement activity and was named in a US indictment for receiving smuggled microcontrollers and other components.

About two weeks after it struck Neda, a control engineer who worked for the company popped up on a Siemens user forum on July 22 complaining about a problem that workers at his company were having with their machines. The engineer, who posted a note under the user name Behrooz, indicated that all PCs at his company were having an identical problem with a Siemens Step 7 .DLL file that kept producing an error message. He suspected the problem was a virus that spread via flash drives.

When he used a DVD or CD to transfer files from an infected system to a clean one, everything was fine, he wrote. But when he used a flash drive to transfer files, the new PC started having the same problems the other machine had. A USB flash drive, of course, was Stuxnet’s primary method of spreading. Although Behrooz and his colleagues scanned for viruses, they found no malware on their machines. There was no sign in the discussion thread that they ever resolved the problem at the time.

It’s not clear how long it took Stuxnet to reach its target after infecting machines at Neda and the other companies, but between June and August the number of centrifuges enriching uranium gas at Natanz began to drop. Whether this was the result solely of the new version of Stuxnet or the lingering effects of the previous version is unknown. But by August that year, only 4,592 centrifuges were enriching at the plant, a decrease of 328 centrifuges since June. By November, that number had dropped even further to 3,936, a difference of 984 in five months. What’s more, although new machines were still being installed, none of them were being fed gas.

Clearly there were problems with the cascades, and technicians had no idea what they were. The changes mapped precisely, however, to what Stuxnet was designed to do.

Reprinted from Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon Copyright © 2014 by Kim Zetter. Published by Crown Publishers, an imprint of Random House LLC.

 

Putin: Nyet on NATO

Posted on by

Vladimir is getting a huge pass by the White House and John Kerry ignoring what he is doing. Seems the burden of dealing with Russia’s aggressions comes down to General Breedlove, the U.S. Commander of U.S. European and the 17th Supreme Allied Commander, Europe.

Russia seems to be pretty angry with its neighboring countries in the Baltic Sea—especially Sweden. A couple of weeks ago, on October 2, Sweden’s authority for signals intelligence (FRA) leaked a photo of a Russian fighter jet flying only about 30 feet away from a Swedish Armed Forces intelligence plane. Russian warships have threatened a Finnish research vessel in the Baltic Sea on two occasions—August 2 and September 2, and on October 7, armed NATO fighter jets followed Russian fighters above the Swedish island Öland in the Baltic Sea. Last year the country simulated a nuclear attack against Sweden, and Russian jets have been showing off their weapons by exposing their undercarriages when approaching Swedish aircraft.

Portuguese fighter jets intercepted seven Russian jets over the Baltic Sea. Simultaneously, Turkish fighters were scrambled to intercept two Russian bombers and two fighters over the Black Sea.

The English RAF also intercepted eight Russian aircraft over the North Sea. After the interception, the formation split, with the fighters and a tanker returning to Russia while two bombers continued towards the Atlantic. The bombers were later intercepted again by the Portuguese over the Atlantic. For a full list of Russian military aggression in the last year go here.

The Pentagon is well aware of these activities and has intelligence briefings daily with the NATO command. Then last week, it finally came out that Russia was responsible for hacking into the White House internet systems. On Tuesday came reports in the American media that Russian-based hackers had breached some computer networks at the White House earlier this month, triggering an investigation by the FBI, the National Security Agency and the Secret Service. No Obama administration official went on record over the alleged incident, preferring to feed anonymous anti-Russian comments to the Washington Post and many other press outlets.

Then there is Poland, Preparing for Invasion

But Poland is the real issue when it comes to defending NATO’s exposed Eastern frontier from Russian aggression. Only Poland, which occupies the Alliance’s central front, has the military power to seriously blunt any Russian moves westward. As in 1920, when the Red Army failed to push past Warsaw, Poland is the wall that will defend Central Europe from any westward movement by Moscow’s military. To their credit, and thanks to a long history of understanding the Russian mentality better than most NATO and EU members, Warsaw last fall, when the violent theft of Crimea was still just a Kremlin dream, announced a revised national security strategy emphasizing territorial defense. Eschewing American-led overseas expeditions like those to Iraq and Afghanistan that occupied Poland’s Ministry of Defense (MoD) during the post-9/11 era, this new doctrine makes defending Poland from Eastern aggression the main job of its military. Presciently, then-Foreign Minister Radek Sikorski, contradicting optimistic European and NATO presumptions of our era that conventional war in Europe was unthinkable, stated in May 2013, “I’m afraid conflict in Europe is imaginable.”

Particularly in light of the fact that both NATO and the Obama administration rejected my advice to seriously bolster Alliance defenses in the East with four heavy brigades, including the two brigades that Warsaw explicitly asked NATO — meaning, in practice, the United States — for after this year’s Russo-Ukrainian War began in earnest, the issue of Poland’s military readiness is of considerable importance to countries far beyond Poland. Instead of creating a militarily viable NATO tripwire that would deter Russian aggression, the Alliance, and Washington, DC, have opted for symbolic gestures — speeches, military visits, small exercises — that impress the Western media but not the Russians.

Simply put: Can Poland defend itself if Putin decides to move his aggression westward? Even if NATO rides to the rescue, as they would be required to under Article 5 — that is now an “if” question to many in Warsaw — will the Polish military be able to buy sufficient time for the Alliance to come to their aid? Notwithstanding that Poland (and Estonia) are the only “new NATO” members that take their Alliance obligations fully seriously, spending more than the required two percent of GDP on defense — a standard almost all longstanding NATO members can’t manage to meet — there are serious doubts about the ability of Poland’s armed forces to defend against a major Russian move to the West.

There is good news. When it comes to resisting what I term Special War — that shadowy amalgam of espionage, terrorism, and subversion at which the Kremlin excels — Warsaw, with its long acquaintance with sneaky Russian games, is probably better equipped than any almost NATO country to deter and defeat Putin’s secret offensive. The recent arrests of two Polish agents of Russian military intelligence (GRU), one of them a Polish military officer assigned to the MoD, sent a clear message to Moscow that Special War will be countered with aggressive counterintelligence.

When it comes to conventional defense, however, the news from Poland appears less rosy. Despite the fact that no one questions the basic competence of the Polish armed forces, nor the impressiveness of their current defense acquisition program, there is a matter of size. The recent MoD announcement that it is moving thousands of troops closer to the country’s borders with Belarus and Ukraine, where any threat would emerge, is encouraging but not sufficient (thanks to the Cold War, when Poland’s Communist military was directed westward, most of its major military bases are closer to Germany than the East). Since the abandonment of conscription five years ago, a cumbersome process that caused readiness problems for some time, Warsaw’s armed forces come to only 120,000 active duty troops, with less than 48,000 in the ground forces (i.e. the army). That number is insufficient to man the army’s structure of three divisions with thirteen maneuver brigades (ten of them armored or mechanized).

A solution to this manpower shortfall was supposed to be found in the establishment of the National Reserve Forces (NSR), with 20,000 fully trained part-time volunteers who would flesh out the order of battle in a crisis. Yet the NSR, which was announced by the MoD five years ago with much fanfare, has had considerable teething problems, with shortages of recruits and inadequate training budgets. Recent reports indicate both morale and readiness are low among NSR soldiers, who feel poorly treated by the regular military, while none dispute that the force has only recruited and trained 10,000 troops, half the target figure.

Quality can compensate for deficient quantity to an extent, and Poland’s recent acquisition of more late-model Leopard II tanks from Germany, adding to the 124 it already has, means they will be able to replace most of their Soviet-model legacy armor, and meet any Russian incursion on an equal footing in terms of quality, if not quantity. By approximately 2020, the air force will have wholly replaced its Soviet-era helicopters, buying 150 modern airframes, while the MoD plans to purchase thirty-two late-model attack helicopters by 2022, which would pose a significant threat to Russian armor.

More interesting still are plans taking shape to give Warsaw asymmetric deep-strike capabilities to resist Russian aggression. The navy and the army intend to acquire long-range missiles to counter superior Russian numbers, but the cornerstone of the deterrence concept called “Polish Fangs” by Warsaw is the AGM-158 Joint Air-to-Surface Standoff Missile (JASSM), to be carried by the air force’s F-16 fleet (the wing of forty-eight F-16’s is the backbone of Polish airpower). Combined with drones and Poland’s excellent special operations forces, which are among the best in NATO, Warsaw believes that the American-made JASSM on the American-made F-16 will give them an important qualitative advantage over the Russians, including the ability to precisely hit targets up to 370 kilometers behind enemy lines.

Look up in the sky, you just may see Russian aircraft….then if you do, send a tweet to the White House, they are missing the memos.