Category Archives: Military

Details: Cozy Bear, Solarwinds, FireEye and the Hack of the US Govt

Posted on by

Cozy Bear (also called APT29, a known unit of Russia’s SVR foreign intelligence service) appears to have been behind the attack, the Wall Street Journal reports. Moscow denies any involvement in the incident. Reuters adds that the Kremlin thinks the Americans should have been more mutual, more cooperative.

FireEye calls the backdoor “Sunburst.” Microsoft’s Security Response Center has a detailed account of how the malware functions. Both FireEye and Microsoft have upgraded their security products to include measures for detecting and protecting against the attack. SolarWinds urges its customers to “upgrade to Orion Platform version 2020.2.1 HF 1 as soon as possible.”

Global cybersecurity firm FireEye hacked by foreign ... source

When FireEye Inc. discovered that it was hacked this month, the cybersecurity firm’s investigators immediately set about trying to figure out how attackers got past its defenses.

It wasn’t just FireEye that got attacked, they quickly found out. Investigators discovered a vunerability in a product made by one of its software providers, Texas-based SolarWinds Corp.

“We looked through 50,000 lines of source code, which we were able to determine there was a backdoor within SolarWinds,” said Charles Carmakal, senior vice president and chief technical officer at Mandiant, FireEye’s incident response arm.

After discovering the backdoor, FireEye contacted SolarWinds and law enforcement, Carmakal said.

In part: Washington — U.S. government agencies were ordered to scour their networks for malware and disconnect potentially compromised servers after authorities learned that the Treasury and Commerce departments had been hacked in a months-long global cyberespionage campaign. The campaign was discovered when a prominent cybersecurity firm learned it had been breached.

In a rare emergency directive issued late Sunday, the Department of Homeland Security’s cybersecurity arm warned of an “unacceptable risk” to the executive branch from a feared large-scale penetration of U.S. government agencies that could date back to mid-year or earlier.

“This can turn into one of the most impactful espionage campaigns on record,” said cybersecurity expert Dmitri Alperovitch.

The apparent conduit for the Treasury and Commerce Department hacks – and the FireEye compromise – is a hugely popular piece of server software called SolarWinds. It’s used by hundreds of thousands of organizations globally, including most Fortune 500 companies and multiple U.S. federal agencies that will now be scrambling to patch up their networks, said Alperovitch, the former chief technical officer of the cybersecurity firm CrowdStrike.

On its website, SolarWinds says it has 300,000 customers worldwide, including all five branches of the U.S. military, the Pentagon, the State Department, NASA, the National Security Agency, the Department of Justice and the White House. It says the 10 leading U.S. telecommunications companies and top five U.S. accounting firms are also among customers.

The DHS directive – only the fifth since such directives were created in 2015 – said U.S. agencies should immediately disconnect or power down any machines running the impacted SolarWinds software.

“We believe that this vulnerability is the result of a highly-sophisticated, targeted and manual supply chain attack by a nation state,” said SolarWinds CEO Kevin Thompson said in a statement. He said it was working with the FBI, FireEye and intelligence community. More here.

***  SolarWinds of Austin posts sharp rise in revenue - Austin ... source

Many more details on consequence –>

It turns out that the attackers also compromised the Department of Homeland Security. SolarWinds revealed to the Securities and Exchange Commission that the breach may affect 18,000 customers.

It appears that, in March 2020, someone managed to modify the SolarWinds Orion software during the build process—that is, the process that translates the human-readable code and merges it into a form that a computer can execute. This timing is based on both the Microsoft and FireEye analyses, as well as the reported versions affected by SolarWinds.

This modification included a sophisticated and stealthy Trojan program, designed to remotely control any computer that installed SolarWinds Orion. When customers installed the latest update, the Trojan program would start running on the victims’ computers. This is considered a software “supply chain attack”: The intended victims received a polluted copy of the Orion software directly or indirectly from SolarWinds.

What Now?

Christmas is now officially cancelled for three groups. The first is for the IT staff working for the perhaps 18,000 SolarWinds customers affected by the breach, who are going to have to spend the next weeks rebuilding their networks and going over everything with a fine-toothed comb looking for various backdoors. This is going to be a lot of work to sort out. The only good thing is that most of the customers don’t have secondary backdoors to worry about, because the biggest problem faced by the attacker was simply the target-rich environment. Each effort at exploitation increases the risk of discovery, and in the end, there are only so many people who can conduct these attacks.

The second group is the U.S. intelligence community. This attack started in March with the first exploitation starting in April. Either they didn’t know about it—a failure in the “defend forward” philosophy—or they did know about it, in which case they also failed to defend forward. There are going to be tough questions that the intelligence community will need to answer internally.

The final group is the Russian government. This was an amazingly valuable intelligence feed, capturing U.S. government communication leading up to the transition as well as critical insights into U.S. financial controls. Now the feed has gone dark and Russia has lost a hugely powerful asset. But then again, these are a bunch of Russian spies, so in the immortal words of every sysadmin: “fsck those guys”.

More here.

Could Crimea Soon be Free of Russian Occupation/Annexation?

Posted on by

Just a few days ago…

Crimea | History, Map, Geography, & People | Britannica

France24: The UN General Assembly on Monday adopted a resolution urging Russia to end its “temporary occupation” of Crimea, which Moscow took over in 2014, “without delay.”

The resolution on the militarization of the peninsula of Crimea, the port of Sevastopol and parts of the Black Sea and the Sea of Azov was adopted by 63 countries, with 17 voting against and 62 abstaining.

The resolution is non-binding but has political significance. It was put forward by 40 countries, including Britain, France, Germany and the Baltic states, as well the United States, Australia, Canada and Turkey.

The resolution “urges the Russian Federation, as the occupying Power, immediately, completely and unconditionally to withdraw its military forces from Crimea and end its temporary occupation of the territory of Ukraine without delay.”

Facing the “continuing destabilization of Crimea owing to transfers by the Russian Federation of advanced weapon systems, including nuclear-capable aircraft and missiles, weapons, ammunition and military personnel to the territory of Ukraine,” the resolution called on Russia to stop all such transfers “without delay.”

Fighting between Ukrainian troops and forces backed by Russia has left more than 13,000 dead since 2014, when Russia annexed Crimea and pro-Russian forces in the east of Ukraine rebelled against Kiev.

At the UN Security Council, tensions between Russia and western countries over the conflict remain in sharp focus, as was shown by an informal meeting last week by Moscow on the 2015 Minsk accords between Ukraine and Russia, which were sponsored by France and Germany.

Berlin and Paris sparked Russian fury by boycotting the meeting, described by European countries as an international platform offered to the Donbass separatists, several of whom had been invited to speak by Moscow.

*** Analysis: Why Russia's Crimea move fails legal test - BBC News  source

Is Crimea Now Costing Russia More Than It Is Worth?

Paul Goble
In the euphoria that surrounded Vladimir Putin’s annexation of Ukraine’s Crimea six years ago, most Russians were more than willing to spend money to integrate that region into the Russian Federation. But at that time, they had little idea just how much that process would cost. Not only did that aggressive breach of international law trigger Western sanctions against Russia, but the authorities in Moscow also never gave the public an honest estimate of just how much money would need to be spent, nor for how long, even after the Kremlin proclaimed the peninsula’s absorption an accomplished fact. Were the Russian economy doing well, that might not matter; but it is not (see EDM, May 6, 12, 18, November 30), and the subsidies going to Crimea are, of course, unavailable to support the domestic needs of the increasingly hard-pressed Russian people in Russia proper. That contradiction could, therefore, encourage Putin to try to launch a new military advance to cover these losses.

Russian regional affairs analyst Anton Chablin points out that the recently released budget figures for 2021 show enormous spending on Crimea is set to continue. Moscow plans to channel no less than 102 billion rubles ($1.5 billion) to support 68 percent of the budget of Crimea. That figure is larger than the subsidies going to Dagestan and Chechnya: 96.7 billion rubles ($1.4 billion) and 78.8 billion rubles ($1.1 billion), respectively. When the Russian economy was somewhat healthier, Russians generally ignored those costs as the generous outlays to the country’s newest imperial possession were not considered a serious problem. But now, the situation has changed; and the numbers Chablin cites will likely lead an increasing number of Russians to ask whether Crimea is worth it. Although such a mental shift may not push Moscow to return Crimea to Ukraine, it could certainly further undermine Russian support for Putin and make it more likely he will launch some new offensive to rebuild “patriotic” fervor around himself (Akcent.site, December 7).

The first signs of popular unhappiness about this spending are likely to emerge as the State Duma (lower chamber of parliament) considers the budget, Chablin writes. Deputies almost certainly will focus on three things: 1) the growth in Moscow’s subsidies rather than the declines the Kremlin had promised in earlier years; 2) the overly optimistic predictions about tax collection made by the Russian regime in Crimea that are unlikely to be met and that will force Moscow to pay out even more than it is budgeting; and, especially offensive to many in the current environment, 3) the fact that the administration on the peninsula continues to spend ever more money on itself rather than on things like vacation resorts that might benefit average Russians (Akcent.site, December 7).

From the beginning of the annexation, independent Russian observers did point out that the direct costs associated with integrating Crimea would be far larger than and last longer than the Kremlin promised. Historian Arkady Popov, for example, said that the Kremlin’s pledge to end subsidies amounting to a trillion rubles ($160 billion) after only five or six years was absurd. Not only was that amount, in fact, more than Moscow could possibly afford—it exceeded the projected subsidies to the North Caucasus and the Russian Far East over the same period—but it was actually far less than would be needed given the collapse of the economy in Crimea since Russia occupied it (Ej.ru, September 28, 2015). And even then, there were Russians complaining that Moscow had “billions” for Crimea but no money to refurbish their decaying housing
(Forum-msk.org, March 26, 2014).

In the intervening years, various experts have attempted to put a price on Moscow’s assistance to Crimea; however, the Russian government has done what it can to obscure what it has been spending. Perhaps the best estimate came last year. It was prepared by economist Sergei Aleksashenko, who, in a book-length study, asserts that Crimea had by then cost Russia 1.5 trillion rubles ($23.5 billion). That figure, he points out in the piece, equals approximately 10,000 rubles ($160) for every man, woman and child in the Russian Federation. Or put another way, Aleksashenko continues, Moscow is now spending on Crimea 357 times the amount it is spending on the Russian Academy of Sciences, even though he concedes that a majority of Russians, as of 2019, did not think that the annexation was having a negative impact on their lives (Forbes.ru, March 24, 2019).

That passive acceptance may now be changing. For one thing, these budget figures are coming to light at a time of pandemic-induced suffering. And for another, Russians are increasingly aware of the collateral financial costs associated with Crimea that are not being counted in those base subsidy amounts. Among the largest of these associated costs, which has attracted significant attention recently, is what Moscow may be forced to spend in the coming months to ensure that the peninsula has enough drinking water (see EDM, February 26, August 12). Those estimated expenses are sufficiently great that Putin might decide on an alternative solution: launching a new military campaign against Ukraine to gain control of water supplies that Crimea lost access to when Russia occupied it (see EDM, May 21). If that were to happen, what may seem like a minor budgetary dispute could reignite the military conflict between Moscow and Kyiv, with all the far-reaching consequences that would involve.

 

 

14 Fort Hood Soldiers Fired, Suspended

Posted on by

Army leaders are firing or suspending 14 officers and enlisted soldiers at Fort Hood, Texas, and ordering policy changes to address chronic leadership failures at the base that contributed to a widespread pattern of violence including murder, sexual assaults and harassment.

Two general officers are among those being removed from their jobs, as top Army leaders on Tuesday announced the findings of an independent panel’s investigation into problems at the Texas base.

Army to fire, suspend Fort Hood troops | khou.com

The actions, taken by Army Secretary Ryan McCarthy, come in the aftermath of a year that saw 25 soldiers assigned to Fort Hood die due to suicide, homicide or accidents, including the bludgeoning death of Spc. Vanessa Guillen. Guillen was missing for about two months before her remains were found.

The firings and suspensions include Army Maj. Gen. Scott Efflandt, who was left in charge of the base earlier this year when Guillen was killed, as well as Maj. Gen. Jeffery Broadwater, commander of the 1st Cavalry Divisions. The administrative actions are expected to trigger investigations that could lead to a wide range of punishments. Those punishments could go from a simple letter of reprimand to a military discharge.

The base commander, Army Lt. Gen. Pat White, will not face any administrative action. He was deployed to Iraq as the commander there for much of the year.

Army leaders had already delayed Efflandt’s planned transfer to Fort Bliss, where he was slated to take over leadership of the 1st Armored Division. Command of a division is a key step in an Army officer’s career.

Efflandt’s move was paused while the team of independent investigators conducted its probe into whether leadership failures contributed to the killings of several people, including Guillen, and who should be held accountable.

*** 26 Fort Hood soldiers died this year, officials announce 26 died this year.

According to investigators, Guillen, 20, was bludgeoned to death at Fort Hood by Spc. Aaron Robinson, who killed himself on July 1 as police were trying to take him into custody. Guillen was missing for more than two months before her remains were found. Her family has said Robinson sexually harassed her, though the Army has said there is no evidence supporting that claim.

The body of Pvt. Mejhor Morta was found in July near a reservoir by the base. In June, officials discovered the remains of another missing soldier, Gregory Morales, about 10 miles from that lake. All together, so far this year, 25 soldiers assigned to Fort Hood have died due to suicide, homicide or accidents, compared with 32 last year and 24 in 2018.

In an Associated Press interview last month, White said that he and other commanders bear responsibility for the problems. But he said it will take time to correct what some believe are systemic failures, and that some units will respond more quickly than others.

“I think all leadership is accountable for it, if you’re in this chain of command,” White said. “We have got to do everything we can to get this back on track.”

Under Army procedures, when a soldier is fired or suspended from a post, it can often lead to a fuller investigation into the matter. While some can move on to another Army job, a firing or suspension can often signal the end of a soldier’s career.

Army leaders have said this year that they are concerned that 20 years of war have led the service to focus so much on readiness that they have paid less attention to the well-being of the soldiers and their families.

Cuba and China: ‘Havana Syndrome’ was Caused by Directed Microwave Radiation

Posted on by

3 -4 years?

Source: A NEW REPORT BY the United States National Academies of Sciences, Engineering, and Medicine, has found that the so-called ‘Havana Syndrome’, which afflicted American and Canadian diplomats in Cuba and China in 2016 and 2017, was likely caused by directed microwave radiation. The study, which was commissioned by the US Department of State, is the latest in a long list of scientific assessments of the mysterious syndrome. The case remains a source of debate in the scientific, diplomatic and intelligence communities.

In 2017 Washington recalled the majority of its personnel from the US embassy in Havana, and at least two more diplomats from the US consulate in the Chinese city of Guangzhou. The evacuees reported experiencing “unusual acute auditory or sensory phenomena” and hearing “unusual sounds or piercing noises”. Subsequent tests showed that they suffered from sudden and unexplained loss of hearing, and possibly from various forms of brain injuries. In April of 2019 the Canadian embassy evacuated all family members of its personnel stationed in the Cuban capital over similar health concerns.

Unsolved 'sonic attacks' mystery sours U.S.-Cuba relations | America Magazine

The latest study by the National Academies of Sciences resulted from the coordination of leading toxicologists, epidemiologists, electrical engineers and neurologists. The resulting 66-page report describes in detail the symptoms experienced by nearly 40 US government employees, who were examined for the purposes of the study. Its authors said they examined numerous potential causes, including psychological factors, infectious diseases, directed radio frequency energy, and even exposure to insecticides. Ultimately, the authors concluded that “many of the distinctive and acute signs, symptoms and observations reported by [US government] employees are consistent with the effects of directed, pulsed radio frequency (RF) energy”, according to their report.

However, the study does not attempt to answer the burning question of whether the symptoms experienced by the sufferers resulted from deliberate attacks, and if so, who may have been behind them. Some have accused the governments of Cuba and/or Russia of being responsible for the syndrome. However, the Cuban and Russian governments have strongly denied the accusations. The National Academies of Sciences report does state that the systematic study of pulsed radio frequency energy has a history of over half a century in Russia and the Soviet Union.

***

Description

In late 2016, U.S. Embassy personnel in Havana, Cuba, began to report the development of an unusual set of symptoms and clinical signs. For some of these patients, their case began with the sudden onset of a loud noise, perceived to have directional features, and accompanied by pain in one or both ears or across a broad region of the head, and in some cases, a sensation of head pressure or vibration, dizziness, followed in some cases by tinnitus, visual problems, vertigo, and cognitive difficulties. Other personnel attached to the U.S. Consulate in Guangzhou, China, reported similar symptoms and signs to varying degrees, beginning in the following year. As of June 2020, many of these personnel continue to suffer from these and/or other health problems. Multiple hypotheses and mechanisms have been proposed to explain these clinical cases, but evidence has been lacking, no hypothesis has been proven, and the circumstances remain unclear.

The Department of State asked the National Academies to review the cases, their clinical features and management, epidemiologic investigations, and scientific evidence in support of possible causes, and advise on approaches for the investigation of potential future cases. In An Assessment of Illness in U.S. Government Employees and Their Families at Overseas Embassies, the committee identifies distinctive clinical features, considers possible causes, evaluates plausible mechanisms and rehabilitation efforts, and offers recommendations for future planning and responses.

Obama’s normalizing relations did not work out so well. The big question now is whether there is a human rights violation and diplomatic consequence.

Biden Nominates Gen. Lloyd Austin for SecDef with Intel Scandals

Posted on by

It was 2016. Prior to that it was the withdraw of forces from Iraq and Afghanistan. This nomination hearing should be quite contentious. There was also this gem –>

A $500m effort to train Syrian forces against the Islamic State has resulted in only a handful of fighters actively battling the jihadi army, the top military commander overseeing the war has testified.

“We’re talking four or five,” General Lloyd Austin, commander of US Central Command, told a dissatisfied Senate armed services committee on Wednesday.

The training initiative is Barack Obama’s linchpin for retaking Syrian territory from Isis. The Pentagon anticipated in late 2014 that it would have trained 5,000 anti-Isis Syrian rebels by now.

“The program is much smaller than we hoped,” conceded the Pentagon’s policy chief, Christine Wormuth, saying there were between 100 and 120 fighters currently being trained. Wormuth said they were “getting terrific training”.

but read on…

NYT’s: Officials from the United States Central Command altered intelligence reports to portray a more optimistic picture of the war against the Islamic State in Iraq and Syria than events on the ground warranted, a congressional panel said in a report issued Thursday.

The interim report, from a task force established by the Republican chairmen of the House Armed Services Committee, Intelligence Committee and Defense Appropriations Subcommittee, found “widespread dissatisfaction” among Central Command intelligence analysts, who said superiors were doctoring their assessments of American efforts to defeat the Islamic State. Central Command, known as Centcom, is the military headquarters in Tampa, Fla., that oversees American military operations across the Middle East and Central Asia.

“Intelligence products approved by senior Centcom leaders typically provided a more positive depiction of U.S. antiterrorism efforts than was warranted by facts on the ground and were consistently more positive than analysis produced by other elements of the intelligence community,” a news release about the report said.

“What happened at Centcom is unacceptable — our war fighters suffer when bad analysis is presented to senior policy makers,” said Representative Ken Calvert, Republican of California. “The leadership failures at Centcom reach to the very top of the organization.”

The 10-page report detailed persistent problems in 2014 and 2015 in Central Command’s description and analysis of American efforts to train Iraqi forces. Although it offers no definitive evidence that senior Obama administration officials ordered the reports to be doctored, it describes analysts as feeling as though they were under pressure from Centcom leaders to present a more optimistic view of the threat posed by the Islamic State, also known as ISIS or ISIL.

“Throughout the first half of 2015, many Central Command press releases, statements and congressional testimonies were significantly more positive than actual events,” the report said. “For example, a Centcom official stated publicly that a major military assault to take back Mosul could begin as early as April or May 2015.”

Mosul, Iraq’s second-largest city, remains under the control of the Islamic State.

“After months of investigation, this much is very clear,” Representative Mike Pompeo, Republican of Kansas, said in a statement. “From the middle of 2014 to the middle of 2015, the United States Central Command’s most senior intelligence leaders manipulated the command’s intelligence products to downplay the threat from ISIS in Iraq.”

Republicans created the task force after learning that analysts had raised concerns that intelligence about the Islamic State was being manipulated. The report released Thursday is to be followed up by more extensive findings as the investigation continues. There is an additional, ongoing investigation of Centcom intelligence by the Department of Defense inspector general. More here.

*** Biden picks retired Army general Lloyd Austin to run Pentagon - Times of India

Gen. Lloyd Austin III, currently vice chief of staff of the Army, would become the next top U.S. commander for the Middle East — directing the end of the U.S. combat role in Afghanistan — if the Senate confirms his nomination.

Austin, 59, would be the first African-American general to lead CentCom. Nearly all international combat troops are to leave Afghanistan by the end of 2014.

If confirmed, Austin would replace Marine Gen. James Mattis, who took the CentCom helm in August 2010.

Mattis has not yet announced his plans once he leaves CentCom, and his departure appears to be unconnected to the recent scandal involving Tampa socialite Jill Kelley. Mattis has not been linked to the controversy. More here.