Category Archives: NSA Spying

China Gave Trump an Ultimatum to Deal with N. Korea?

Posted on by

BEIJING – China urged the United States to sack the head of the U.S. Pacific Command in return for exerting more pressure on North Korea amid concerns over its growing nuclear and missile threats, a source close to U.S.-China ties said Saturday.

The Chinese leadership headed by President Xi Jinping made the request, through its ambassador in the United States, to dismiss Adm. Harry Harris, known as a hard-liner on China, including with respect to the South China Sea issue, the source said.

China urged U.S. to fire Pacific Command chief Harris in return for pressure on North KoreaAdm. Harry Harris, head of the U.S. Pacific Command, addresses the Lowy Institute think tank in Sydney last December. | AFP-JIJI

China’s envoy to the United States, Cui Tiankai, conveyed the request to the U.S. side, to coincide with the first face-to-face, two-day meeting between President Donald Trump and Xi in Florida from April 6, but the Trump administration likely rejected it, the source said.

China is a longtime economic and diplomatic benefactor of North Korea.

As the head of Pacific Command, Harris, who was born in Japan and raised in the United States, plays a vital role in the security of the region.

He was responsible in ordering last month the dispatch of the USS Carl Vinson aircraft carrier to waters near off the Korean Peninsula in a show of force amid signs the North was preparing to test-fire another ballistic missile or conduct a sixth nuclear test.

The Trump administration has called for exerting “maximum pressure” on North Korea to prod it to give up its nuclear and missile programs. The administration has said all options — including a military strikes — remain on the table.

Harris has pushed for the U.S. deployment of the advanced Terminal High Altitude Area Defense (THAAD) anti-missile system to South Korea. China has opposed the deployment, saying it could undermine its security interests and the strategic balance of the region.

He has also called for continuing U.S. “freedom of navigation” operations in the contested South China Sea. Overlapping territorial claims, as well as land construction and militarization of outposts in disputed areas in the sea, remain a source of tension in the region.

According to the source, Cui also asked the Trump administration not to label China as a currency manipulator. As per the request, the United States did not label China as such, in light of Beijing’s role in helping Washington deal with the North Korean issue.

*** Related reading: 2013 Study Finds North Korea Has Indigenous Capabilities to Produce Nuclear Weapons

An example of the open-source evidence used for Kemp's study: A 2011 image from a television broadcast in North Korea showing Kim-Jong Il inspecting a flow-forming machine located in an underground tunnel. This type of machine is able to produce centrifuge rotors for North Korea's uranium-enrichment program.

An example of the open-source evidence used for Kemp’s study: A 2011 image from a television broadcast in North Korea showing Kim-Jong Il inspecting a flow-forming machine located in an underground tunnel. This type of machine is able to produce centrifuge rotors for North Korea’s uranium-enrichment program.

***

Is the United States partners in the Asia Pacific region ready to deal with 5000 tunnels and an underground operation?

Image result for north korea underground tunnel  The entrance of an ‘intrusion tunnel’ under the DMZ between South and North Korea, Telegraph

North Korea’s Secret Strategy in a War with America: Go Underground

North Korea, one of the most secretive countries in the world, is no stranger to building underground military facilities. Whether a tunnel dug under the demilitarized zone designed to pass thousands of troops an hour, or bunkers to accommodate the regime’s leadership, North Korea has built extensive underground facilities designed to give it an edge in wartime.

One of the earliest examples of North Korean underground engineering was the discovery of several tunnels leading from North Korea under the demilitarized zone to South Korea. The first tunnel was located in 1974, extending one kilometer south of the DMZ. The tunnel was large enough to move up to two thousand troops per hour under the DMZ. A U.S. Navy officer and South Korean Marine corporal were killed by a booby trap while investigating the tunnel. Thanks to a tip from a North Korean defector, an even larger tunnel was discovered in 1978, a mile long and nearly seven feet wide.

Since then at least four tunnels have been discovered, with reinforced concrete slabs, electricity for lighting and fresh air generation, and narrow railway gauges to shuttle dirt and rock back to the tunnel entrance. Collectively, the four tunnels would have likely been able to move a brigade’s worth of troops an hour under South Korea’s defenses.

It’s difficult to determine how many tunnels exist. One report says that Kim Il-sung, the founder of the North Korean state and Kim Jong-un’s grandfather, ordered each of the ten frontline combat divisions to dig two tunnels. If completed, that would theoretically mean another dozen or so tunnels remain undiscovered. A former South Korean general, Han Sung-chu, claims there are at least eighty-four tunnels—some reaching as far as downtown Seoul. The South Korean government does not believe Han’s numbers—nor the claimed ability to reach Seoul—are credible. A forty-mile tunnel would reportedly generate a seven-hundred-thousand-ton debris pile, which has not been picked up by satellite. Despite the warnings, the last major tunnel was discovered in 1990 and South Korea seems to believe that the tunneling danger has passed.

If it has passed, it may be because North Korea has decided to tunnel in different ways. The North Korean People’s Liberation Army Air Force is believed to have three different underground air bases at Wonsan, Jangjin and Onchun. The underground base at Wonsan reportedly includes a runway 5,900 feet long and ninety feet wide that passes through a mountain. According to a defector, during wartime NK PLAAF aircraft, including MiG-29 fighters and Su-25 Frogfoot ground-attack aircraft, would take off from conventional air bases but return to underground air bases. This is plausible, as one would expect North Korean air bases to be quickly destroyed during wartime.

Another underground development is a series of troop bunkers near the DMZ. A North Korean defector disclosed that, starting in 2004, North Korea began building bunkers capable of concealing between 1,500 and two thousand fully armed combat troops near the border. At least eight hundred bunkers were built, not including decoys, meant to conceal units such as light-infantry brigades and keep them rested until the start of an invasion.

Other underground facilities are believed to have been constructed to shelter the North’s leadership. According to a South Korean military journal, the United States believes there are between six thousand and eight thousand such shelters scattered across the country. This information was reportedly gathered from defectors in order to hunt down regime members in the event of war or government collapse.

North Korea is believed to have hundreds of artillery-concealing caves just north of the DMZ. Known as Hardened Artillery Sites, or HARTS, these are usually tunneled into the sides of mountains. An artillery piece, such as a 170-millimeter Koksan gun or 240-millimeter multiple-launch rocket system, can fire from the mouth of the cave and then withdraw into the safety of the mountain to reload. These sites are used to provide artillery support for an invasion of South Korea or direct fire against Seoul itself. As of 1986, and estimated two hundred to five hundred HARTS were thought to exist.

According to a report by the Nautilus Institute, North Korea is also thought to have “radar sites in elevator shafts that can be raised up like a submarine periscope; submarine and missile patrol boat bases in tunnels hewn in rock; tunnels a kilometer or more in length for storing vehicles and supplies, or to hide the population of a nearby city.”

How would the United States and South Korea deal with these underground facilities in wartime? First, it would have to locate the facilities. These facilities are hard to spot via satellite, and gleaning information from defectors is perhaps the best way to learn about them in peacetime. Once war commences, signal intelligence will pick up radio transmissions from previously unknown underground locations, enemy troops will from concealed positions or tunnel entrances, and artillery counter-battery radars will fix the positions of HARTS. It is likely that, despite advance preparations, many of these positions will be a surprise to Washington and Seoul.

Once located, there are three ways of dealing with the sites. The first and safest way to deal with them is to bomb them from above. This presents the least risk to allied forces, but it will also prove difficult to determine whether air or artillery strikes have had good effect. The use of bombs or artillery shells may cause cave-ins that prevent allied forces from entering an underground complex and exploiting any intelligence found inside.

Another option is to simply station troops outside tunnels and shoot anyone who ventures outside. While also a safer option, an underground complex will always have multiple exits—the tunnels Kim Il-sung ordered his divisions to dig were to each have four or five exit points. The most thorough way to deal with the tunnels would be to enter them. This would be by far the most effective way to deal with regime holdouts, but also the most dangerous.

Pyongyang’s eventual defeat in any wartime scenario is a given, but its underground headquarters, fortifications and troop depots have the potential to not only enhance the Korean People’s Army’s ability to mount a surprise attack, but also to prolong the war, confounding the high-tech armed forces of its adversaries. Such underground shelters, wherever they are, will likely be the site of the endgame phase of the war, as the regime is driven underground by rapidly advancing allied forces. Only then will we discover the true extent of North Korea’s extensive underground empire.

US Sanctions did not Stop Russian Election Hacking

Posted on by

Image result for apt 28 russia The RegisterUK

Wired: Ten days after US intelligence agencies pinned the breach of the Democratic National Committee last October on the Russian government, Vice President Joe Biden promised government would “send a message” to the Kremlin. Two months later, the White House announced new sanctions against a handful of Russian officials and companies, and kicked 35 Russian diplomats out of the country. Six months later, it appears that the message has been thoroughly ignored.

The Russian hackers who gleefully spilled the emails of the DNC, Colin Powell, and the Clinton campaign remain as busy as ever, this time targeting the elections of France and Germany. And that failure to stop Russia’s online adventurism, cybersecurity analysts say, points to a rare sort of failure in digital diplomacy: Even after clearly identifying the hackers behind one the most brazen nation-state attacks against US targets in modern history, America still hasn’t figured out how to  stop them.

Poking the Bear

In a recent report tracking the Kremlin-affiliated activity of the hacker group known as Pawn Storm, a.k.a. APT 28 or Fancy Bear, the security firm Trend Micro identified phishing sites that they say were used to target the political campaigns of left-leaning politicians Emmanuel Macron and Angela Merkel in upcoming French and German elections. The analysts also found that the phishing domains had been registered in March and April of 2017, leaving no doubt the attacks started well after the US government’s attempt at deterrence last year.

“It seems like the opposite effect is happening. There’s definitely not even a slowing down” of the Pawn Storm attacks, says Trend Micro researcher Ed Cabrera. “It’s an emboldening.”

Speaking in a Senate hearing yesterday, FBI director James Comey had no illusions that the Obama administration’s response measures would keep Russian hackers away from future American elections, either. “I think one of the lessons that the Russians may have drawn from this is that this works,” Comey told the Senate Intelligence Committee. “I expect to see them to come back in 2018, and especially in 2020,” for the next US presidential election.

That failure to effectively deter Russia from its attempts at so-called “influence operations” of stealing and leaking documents doesn’t mean deterrence won’t work to stop state-sponsored hacking, says Peter Singer, a strategist at the New America Foundation. It means that the US just hasn’t gone far enough. “Never speak to me of cyber-deterrence if this is how we respond to the most important cyberattack so far in history,” Singer says. “We’ve put out the message not just to APT28 or Russia but any state or non-state attacker that this is going to be low cost, high gain.”

The Obama White House’s move to sanction Russian companies and hackers, eject diplomats and seize two Russian-owned compounds on US soil were “too little, too late,” Singer wrote in testimony to the House Armed Services Committee last month. That reaction, he pointed out, took more than six months to materialize, after even the private-sector cybersecurity community had come to the consensus that Russia was behind the attack. And even those sanctions didn’t cut deep enough for Russia’s highest-level leaders, Singer argues.

Pressure Points

Instead, Singer says, the US should have retaliated in a way that Putin would have felt personally: exposing his hidden personal wealth. “You have to go after the leverage points against the Russian oligarchy,” Singer says. He points to Putin’s fury at the Panama Papers leak from the tax haven law firm of Mossack Fonseca, which revealed portions of the Russian president’s secret wealth. “Reveal where things are hidden,” says Singer. “Make their lives more difficult.”

More broadly, Russian officials fear evidence of their corruption being exposed, says Jim Lewis, a cybersecurity and foreign policy analyst at the Center for Strategic and International Studies. That sort of counter-leak, he says, could be a significant card for the US to play. “We need to think if we want to be more aggressive in our responses,” says Lewis. “We need to think about how to make it more painful for them to continue to do this.”

Last December, in the wake of the sanctions, Lewis told WIRED he felt they were in fact strong enough to rile the Kremlin—he called them the “the biggest retaliatory move against Russian espionage since the Cold War.” However much they may have helped the US though, Lewis says, their deterrent effect doesn’t seem to have extended to US allies like France and Germany. Hence the Pawn Storm hackers’ targeting of the Macron campaign—a hacking attempt Macron’s staff has said failed—as well as German targets including a think tank associated with Germany president Angel Merkel’s Christian Democratic Union party and the German parliament. The latter hack resulted in actual theft of documents that could still be leaked ahead of the country’s September election, in another Russian attempt to destabilize the European Union.

“The Russians appear to have interpreted the sanctions as only applying to actions against the US,” Lewis says. “On a collective level, we need to think about where NATO and the EU can take action.”

Lack of Action

Which raises the third problem with America’s digital diplomatic strategy: President Trump. The Trump administrations weak commitment to European allies, and his softening of Obama’s stance, can only have emboldened Russia further, rather than helping curtail their efforts. Trump has even continued to doubt publicly that the attacks on Democratic targets in the 2016 campaign originated in Russia in the first place, despite his own intelligence officials repeatedly pointing to the Kremlin’s involvement. More than three months after he momentarily conceded Russia’s involvement, Trump earlier this week again floated the unsubstantiated notion it “could’ve been China.”

That lack of commitment to even naming Russia—not to mention deterring its next attack—has left the US on its back foot, says Peter Singer. Even Republican leaders like Mitch McConnell and Paul Ryan, who criticized Obama’s sanctions for being too light or too late, Singer points out, are now fighting instead just to maintain sanctions against Russia rather than lift them. “The response to something being too little is to do more, not to do nothing,” says Singer. “And that’s what we’ve done since.”

All of which means the notion of deterring Russian attacks on elections or civil society is, for the moment, defunct. Expect the Kremlin’s habit of electoral-meddling will get worse before it gets better—until someone gives them a reason not to.

*** Image result for apt 28 russia FireEye

Meanwhile, Germany looks to take a more aggressive posture against Russian intrusion.

The head of Germany’s domestic intelligence agency accused Russian rivals of gathering large amounts of political data in cyber attacks and said it was up to the Kremlin to decide whether it wanted to put it to use ahead of Germany’s September elections….

Hans-Georg Maassen, president of the BfV agency, said “large amounts of data” were seized during a May 2015 cyber attack on the Bundestag, or lower house of parliament, which has previously been blamed on APT28, a Russian hacking group….

Germany’s top cyber official last week confirmed attacks on two foundations affiliated with Germany’s ruling coalition parties that were first identified by security firm Trend Micro.

“We recognize this as a campaign being directed from Russia. Our counterpart is trying to generate information that can be used for disinformation or for influencing operations,” he said. “Whether they do it or not is a political decision … that I assume will be made in the Kremlin.”

Maassen said it appeared that Moscow had acted in a similar manner in the United States, making a “political decision” to use information gathered through cyber attacks to try to influence the U.S. presidential election.

Berlin was studying what legal changes were needed to allow authorities to purge stolen data from third-party servers, and to potentially destroy servers used to carry out cyber attacks.

We believe it is necessary that we are in a position to be able to wipe out these servers if the providers and the owners of the servers are not ready to ensure that they are not used to carry out attacks,” Maassen said….

He said intelligence agencies knew which servers were used by various hacker groups, including APT10, APT28 and APT29.

 

Russia’s Hybrid Warfare, Here to Stay

Posted on by

Seems like everyday, Russia is in our house, in fact it is true. The hybrid warfare crafted by the Kremlin is here to stay so exactly when does the Trump White House deal with this constant threat? What threat you ask?

Adam Meyers is from the cyber-security firm CrowdStrike. As the Vice President of Intelligence, Adam heads a team that identifies the perpetrators of cyber-crimes, both in the private and public sectors. CrowdStrike helped to identify the hackers behind the Democratic National Committee’s email leaks last year, and more recently the mastermind behind the Kelihos Botnet.

*** Notice, there was no intrusion into Marie Le Pen’s campaign operations. Why? Putin endorses LePen and has provided campaign funds to her.

According to Trend Micro researchers, the campaign of French presidential candidate Emmanuel Macron has been hit by the same Russian hackers who targeted Democratic campaign officials in the U.S. before last year’s presidential election, the New York Times reports.

On March 15, the researchers say, they saw the Pawn Storm group (a.k.a. Fancy Bear, APT28 or the Sofacy Group) begin targeting Macron’s campaign with phishing attacks seeking campaign officials’ login information.

“The phishing pages we are talking about are very personalized Web pages to look like the real address,” Mounir Mahjoubi, Macron’s digital director, told the Times. “They were pixel perfect. It’s exactly the same page. That means there was talent behind it and time went into it — talent, money, experience, time and will.”

Still, Mahjoubi said none of the attacks was successful.

He described the phishing attacks as the invisible side of a Russian campaign against Macron, with the visible side being fake news published on Russian news sites like Sputnik and RT. More here.

***

Panel to Senate: Cyber Operations Influence Political Processes Worldwide

Russia used “useful idiots” to meddle in the U.S. presidential election and “fellow travelers” opposed to European Union and NATO to influence elections in France and Germany, while Islamic terrorists used “agent provocateurs” to topple Spain’s government in 2004 and cast another pall over French voting, a cyber security expert told a congressional subcommittee Thursday.

That, in capsule form, is how cyber is changing how the public views elections, Clint Watts, of the Foreign Policy Research Institute, said at the Senate Armed Services cybersecurity subcommittee hearing.

So far in the case of the United States warding off this kind of activity, “far more is said than done.” He added it is a “human challenge, not technical ones” that needs to be addressed.

In the American and European elections, he said at the panel’s first public hearing since being formed the Russians created content, sent it out as if were “nuclear-powered and “pushed [it] in unison from many locations,” including “gray outlets” that appear to be legitimate sources of news. They also did all of this over long periods of time.

The goal in the American election was to plant doubt in the integrity of the voting, he said. He added there was no indication that actual votes were tampered with.

Later in answer to a question, Watts said the Russians “are picking parties and supporting them” in the United States and financially in Europe.

In cyber, not all is as it appears and its speed is instantaneous.

Rand Waltzman, senior information scientist at the RAND Corporation, described how an American special forces raid that successfully rescued a hostage and killed a number of terrorists in Iraq was turned into a terrorist propaganda victory. “Those guys film everything,” he said describing how they recorded the incident by placing the bodies on prayer rugs so it appeared that soldiers killed innocent civilians. The video was posted before the special forces soldiers returned to their base. “How did they manage to this so fast?” Their mobile phones.

This changed the story of what happened 180 degrees and put the United States in the position of having to refute the video rather than telling a story of rescue.

He said this kind of quick reaction by adversaries — misinformation, fake news — requires new thinking on cyber security. Instead of the traditional “denial of service” by causing a crash, they are applying “cognitive denial of service” — misinformation and propaganda — to achieve their ends.

“We’re hamstrung” by bureaucracy and directives in addressing the new “hyperkinetic world,” Michael Lumpkin, former acting under secretary of defense for policy, said. The United States’ government efforts in public diplomacy, public affairs and information operations have not been synchronized so that it becomes a credible source of information. It also needs to take the necessary steps “to make sure our information is accurate” before releasing it. “That has not always been the case.”

John Inglis, former deputy director of the National Security Agency, used his organization’s handling of metadata collection as an example. “You need to go first” to establish credibility and explain the value of what it is you are doing. “We went second. That made it more difficult to put it back in the bottle.”

Watts said one approach would be to have a rating non-profit, private agency, similar to Consumer Reports, vet every story on Twitter, Facebook and Google. He added Facebook and Google “are moving in that direction” to eliminate false news, but so far Twitter has not acted.

When asked how he rated RT, the Russian-sponsored media outlet, as a source of news, he said 70 percent was true, 20 percent was misleading and 10 percent false. Watts said he rated some American media outlets as falling in the same percentages of true, misleading and false.

A continuing difficulty in improving cyber security in and out of government is “how do you get people to share problems,” Waltzman said when they would prefer not to admit being hacked or even attacked. Lumpkin said more also needs to be done in training people how not to “provide access to adversaries unwittingly” and holding them accountable for security.

As for recruiting skilled cyber workers, “they’re motivated people out there” interested in the challenges they can find in government, rather than private sector, careers, Watts said. “Give them the space to be the tech savants they are.”

*** Need more? Do you ever watch C-Span and listen to testimony before Congressional committees? No? Too bad, but here is some help:

Full Spectrum Influence Operations: Synchronization of White, Gray and Black Efforts

Russian cyber enabled influence operations demonstrate never-before-seen synchronization of Active Measures.  Content created by white outlets (RT and Sputnik News) promoting the release of compromising material will magically generate manipulated truths and falsehoods from conspiratorial websites promoting Russian foreign policy positions, Kremlin preferred candidates or attacking Russian opponents.  Hackers, hecklers and honeypots rapidly extend these information campaigns amongst foreign audiences. As a comparison, the full spectrum synchronization, scale, repetition and speed of Russia’s cyber-enabled information operations far outperform the Islamic State’s recently successful terrorism propaganda campaigns or any other electoral campaign seen to date.

Cyber-enabled Influence Thrives When Paired with Physical Actors and Their Actions – 

American obsession with social media has overlooked the real world actors assisting Russian influence operations in cyber space, specifically “Useful Idiots,” “Fellow Travelers,” and “Agent Provocateurs.”

“Useful Idiots” – Meddling in the U.S. and now European elections has been accentuated by Russian cultivation and exploitation of “Useful Idiots” – a Soviet era term referring to unwitting American politicians, political groups and government representatives who further amplify Russian influence amongst Western populaces by utilizing Russian kompromat and resulting themes.

“Fellow Travelers” – In some cases, Russia has curried the favor of “Fellow Travelers” – a Soviet term referring to individuals ideologically sympathetic to Russia’s anti-EU, anti-NATO and anti-immigration ideology. A cast of alternative right characters across Europe and America now openly push Russia’s agenda both on-the-ground and online accelerating the spread of Russia’s cyber-enabled influence operations.

“Agent Provocateurs” – Ever more dangerous may be Russia’s renewed placement and use of “Agent Provocateurs” – Russian agents or manipulated political supporters who commit or entice others to commit illegal, surreptitious acts to discredit opponent political groups and power falsehoods in cyber space. Shots fired in a Washington, D.C. pizza parlor by an American who fell victim to a fake news campaign called #PizzaGate demonstrate the potential for cyber-enabled influence to result in real world consequences. While this campaign cannot be directly linked to Russia, the Kremlin currently has the capability to foment, amplify, and through covert social media accounts, encourage Americans to undertake actions either knowingly or unknowingly as Agent Provocateurs.

Each of these actors assists Russia’s online efforts to divide Western electorates across political, social, and ethnic lines while maintaining a degree of “plausible deniability” with regards to Kremlin interventions. In general, Russian influence operations targeting closer to Moscow and further from Washington, D.C. will utilize greater quantities and more advanced levels of human operatives to power cyber-influence operations. Russia’s Crimean campaign and their links to an attempted coup in Montenegro demonstrate the blend of real world and cyber influence they can utilize to win over target audiences. The physical station or promotion of gray media outlets and overt Russian supporters in Eastern Europe were essential to their influence of the U.S. Presidential election and sustaining “plausible deniability.”

It’s important to note that America is not immune to infiltration either, physically or virtually.  In addition to the Cold War history of Soviet agents recruiting Americans for Active Measures purposes, the recently released dossier gathered by ex MI6 agent Chris Steele alleges on page 8 that Russia used “Russian émigré & associated offensive cyber operatives in U.S.” during their recent campaign to influence the U.S. election. While still unverified, if true, the employment of such agents of influence in the U.S. would provide further plausible deniability and provocation capability for Russian cyber-enabled influence operations.

2) How can the U.S. government counter cyber-enabled influence operations?

When it comes to America countering cyber-enabled influence operations, when all is said and done, far more is said than done. When the U.S. has done something to date, at best, it has been ineffective. At worst, it has been counterproductive. Despite spending hundreds of millions of dollars since 9/11, U.S. influence operations have made little or no progress in countering al Qaeda, its spawn the Islamic State or any connected jihadist threat group radicalizing and recruiting via social media.

Policymakers and strategists should take note of this failure before rapidly plunging into an information battle with state sponsored cyber-enabled influence operations coupled with widespread hacking operations – a far more complex threat than any previous terrorist actor we’ve encountered.  Thus far, U.S. cyber influence has been excessively focused on bureaucracy and expensive technology tools – social media monitoring systems that have failed to detect the Arab Spring, the rise of ISIS, the Islamic State’s taking of Mosul, and most recently Russia’s influence of the U.S. election.  America will only succeed in countering Russian influence by turning its current approaches upside down, clearly determining what it seeks to achieve with its counter influence strategy and then harnessing top talent empowered rather than shackled by technology – a methodology prioritizing Task, Talent, Teamwork and Technology in that order.

Task – Witnessing the frightening possibility of Russian interference in the recent U.S. Presidential election, American policy makers have immediately called to counter Russian cyber influence.  But the U.S. should take pause in rushing into such efforts. The U.S. and Europe lack a firm understanding of what is currently taking place.  The U.S. should begin by clearly mapping out the purpose and scope of Russian cyber influence methods.  Second, American politicians, political organizations and government officials must reaffirm their commitment to fact over fiction by regaining the trust of their constituents through accurate communications. They must also end their use of Russian kompromat stolen from American citizens’ private communications as ammunition in political contests. Third, the U.S. must clearly articulate its policies with regards to the European Union, NATO, and immigration, which, at present, sometimes seems to mirror rather than counters that of the Kremlin. Only after these three actions have been completed, can the U.S. government undertake efforts to meet the challenge of Russian information warfare through its agencies as I detailed during my previous testimony.

Talent –Russia’s dominance in cyber-enabled influence operations arises not from their employment of sophisticated technology, but through the employment of top talent. Actual humans, not artificial intelligence, achieved Russia’s recent success in information warfare. Rather than developing cyber operatives internally, Russia leverages an asymmetric advantage by which they coopt, compromise or coerce components of Russia’s cyber criminal underground.  Russia deliberately brings select individuals into their ranks, such as those GRU [Russia’s foreign intelligence agency] leaders and proxies designated in the 29 December 2016 U.S. sanctions. Others in Russia with access to sophisticated malware, hacking techniques or botnets are compelled to act on behalf of the Kremlin.

The U.S. has top talent for cyber influence but will be unlikely and unable to leverage it against its adversaries.  The U.S. focuses on technologists failing to blend them with needed information campaign tacticians and threat analysts.  Even further, U.S. agency attempts to recruit cyber and influence operation personnel excessively focus on security clearances and rudimentary training thus screening out many top picks.  Those few that can pass these screening criteria are placed in restrictive information environments deep inside government buildings and limited to a narrow set of tools.  The end result is a lesser-qualified cyber-influence cadre with limited capability relying on outside contractors to read, collate and parse open source information from the Internet on their behalf.  The majority of the top talent needed for cyber-enabled influence resides in the private sector, has no need for a security clearance, has likely used a controlled substance during their lifetime and can probably work from home easier and more successfully than they could from a government building.

Teamwork – Russia’s cyber-enabled influence operations excel because they seamlessly integrate cyber operations, influence efforts, intelligence operatives and diplomats into a cohesive strategy.  Russia doesn’t obsess over their bureaucracy and employs competing and even overlapping efforts at times to win their objectives.

Meanwhile, U.S. government counter influence efforts have fallen into the repeated trap of pursuing bureaucratic whole-of-government approaches. Whether it is terror groups or nation states, these approaches assign tangential tasks to competing bureaucratic entities focused on their primary mission more than countering cyber influence.  Whole-of-government approaches to countering cyber influence will assign no responsible entity with the authority and needed resources to tackle our country’s cyber adversaries.  Moving forward, a task force led by a single entity must be created to counter the rise of Russian cyber-enabled operations.

Technology – Over more than a decade, I’ve repeatedly observed the U.S. buying technology tools in the cyber- influence space for problems they don’t fully understand. These tech tool purchases have excessively focused on social media analytical packages producing an incomprehensible array of charts depicting connected dots with different colored lines. Many of these technology products represent nothing more than modern snake oil for the digital age.  They may work well for Internet marketing but routinely muddy the waters for understanding cyber influence and the bad actors hiding amongst social media storm.

Detecting cyber influence operations requires the identification of specific needles, amongst stacks of needles hidden in massive haystacks. These needles are cyber hackers and influencers seeking to hide their hand in the social media universe. Based on my experience, the most successful technology for identifying cyber and influence actors comes from talented analysts that first comprehensively identify threat actor intentions and techniques and then build automated applications specifically tailored to detect these actors.  The U.S. government should not buy technical tools nor seek to build expensive, enterprise-wide solutions for cyber-influence analytics that rapidly become outdated and obsolete.  Instead, top talent should be allowed to nimbly purchase or rent the latest and best tools on the market for whatever current or emerging social media platforms or hacker malware kits arise.

3. What can the public and private sector do to counter influence operations?

I’ve already outlined my recommendations for U.S. government actions to thwart Russia’s Active Measures online in my previous testimony on 30 March 2017. Social media companies and mainstream media outlets must restore the integrity of information by reaffirming the purity of their systems. In the roughly one month since I last testified however, the private sector has made significant advances in this regard. Facebook has led the way, continuing their efforts to reduce fake news distribution and removing up to 30,000 false accounts from its system just this past week. Google has added a fact checking function to their search engine for news stories and further refined its search algorithm to sideline false and misleading information. Wikipedia launched a crowd-funded effort to fight fake news this week.  The key remaining private sector participant is Twitter, as their platform remains an critical networking and dissemination vector for cyber-enabled influence operations.  Their participation in fighting fake news and nefarious cyber influence will be essential. I hope they will follow the efforts of other social media platforms as their identification and elimination of fake news spreading bots and false accounts may provide a critical block to Russian manipulation and influence of the upcoming French and German elections.

In conclusion, my colleagues and I identified, tracked and traced the rise of Russian influence operations on social media with home computers and some credit cards. While cyber-influence operations may appear highly technical in execution, they are very human in design and implementation.  Technology and money will not be the challenge for America in countering Russia’s online Active Measures; it will be humans and the bureaucracies America has created that prevent our country from employing its most talented cyber savants against the greatest enemies to our democracy. Full article here.

Military Prepping for Major Power Grid Hack

Posted on by

Image result for u.s. power grid

Military Is Ramping Up Preparation For Major U.S. Power Grid Hack

By 2020, the Pentagon hopes to be able to repair our power grid within a week of a massive attack

The U.S. Department of Defense is growing increasingly concerned about hackers taking down our power grid and crippling the nation, which is why the Pentagon has created a $77-million security plan that it hopes will be up and running by 2020.

The U.S. power grid is threatened every few days. While these physical and cyber attacks have never led to wide-scale outages, attacks are getting more sophisticated. According to a 494-page report released by the Department of Energy in January, the nation’s grid “faces imminent danger from cyber attacks.” Such a major, sweeping attack could threaten “U.S. lifeline networks, critical defense infrastructure, and much of the economy; it could also endanger the health and safety of millions of citizens.” If it were to happen today, America could be powered-down and vulnerable for weeks.

The DoD is working on an automated system to speed up recovery time to a week or less — what it calls the Rapid Attack Detection, Isolation, and Characterization (RADICS) program. DARPA, the Pentagon’s research arm, originally solicited proposals in late 2015, asking for technology that did three things. Primarily, it had to detect early warning signs and distinguish between attacks and normal outages, but it also had to pinpoint the access point of the attack and determine what malicious software was used. Finally, it must include an emergency system that can rapidly connect various power-supply centers, without any human coordination. This would allow emergency and military responders to have an ad hoc communication system in place moments after an attack.

“If a well-coordinated cyberattack on the nation’s power grid were to occur today, the time it would take to restore power would pose daunting national security challenges,” said DARPA program manager John Everett, in a statement, at the time. “Beyond the severe domestic impacts, including economic and human costs, prolonged disruption of the grid would hamper military mobilization and logistics, impairing the government’s ability to project force or pursue solutions to international crises.”

DARPA plans to spend $77 million on RADICS. Last November, SRI International announced it had received $7.3 million from the program. In December, Raython was granted $9 million. The latest addition is BAE Systems, which received $8.6 million last month to develop technology that detects and contains power-grid threats, and creates a secure emergency provisional system that restores some power and communication in the wake of an attack — what is being called a secure emergency network.

According to the military news site Defense Systems, BAE’s SEN would rely on radio, satellite, or wireless internet — whatever is available that allows the grid to continue working. The SEN would serve as a wireless connection between separate power grid stations.

While the ultimate goal of the RADICS program will be the restoration of civilian power and communications, the SEN will prioritize communication networks that would be used for defense or combat, so the U.S. government can still wage war while the rest of us are in the dark.

Image result for u.s. power grid Called the “largest interconnected machine,” the U.S. electricity grid is a complex digital and physical system crucial to life and commerce in this country. Today, it is made up of more than 7,000 power plants, 55,000 substations, 160,000 miles of high-voltage transmission lines and millions of miles of low-voltage distribution lines. This web of generators, substations and power lines is organized into three major interconnections, operated by 66 balancing authorities and 3,000 different utilities. That’s a lot of power, and many possible vulnerabilities. More here from USNews.

*** Last year from the Department of Energy:

Today’s electric grid increasingly uses “smart” devices that can be controlled remotely — letting operators manage the grid better and more efficiently. But as the electric grid becomes smarter, it also becomes more vulnerable to hackers. That’s why a new initiative underway at the National Renewable Energy Laboratory (NREL) aims to prevent hackers from gaining control of parts of the nation’s power grid, which could damage electrical equipment and cause localized power outages.

Tackling the challenge is Erfan Ibrahim and his team at NREL’s Cyber Physical Systems Security and Resilience Center. Ibrahim’s team launched an effort to build the Test Bed for Secure Distributed Grid Management. It’s a hardware system that mimics the communications, power systems, and cybersecurity layers for a utility’s power distribution system, the part of the power grid that carries power from substations to homes and businesses.

The test bed incorporates a lot of brand-new cybersecurity technologies that need to be tested in order to make the system as secure as possible. So, naturally, they tried to break it. Specifically, they tried to hack the system.

Approaching the system from three different angles, they found a single vulnerability, which was due to a misconfigured cybersecurity device. Through that one cyber vulnerability, a designated white hat hacker was able to get into the system, gain administrator rights, and launch a denial of service attack that disabled the entire testbed. That’s the type of insight the test bed is designed to provide. One of the cybersecurity firms actually refined its product after seeing how it performed on the test bed.

Important Unreported Recent Aggressions of Russia

Posted on by

It was just a few days ago that the United States deployed advanced fighter jets to Estonia as a rather ‘in-your-face’ tactic to Russia. Why not, Russia has a history of doing the same to the United States including the spy ship on our Atlantic coast line, buzzed our destroyers and the constant flying of bombers near U.S. airspace of Alaska. So…what is the full story of our F-35’s in Estonia?

On Apr. 25, two U.S. Air Force F-35As belonging to the 34th Fighter Squadron, from Hill Air Force Base, Utah, deployed to the UK since mid April, flew from RAF Lakenheath, UK, to Ämari, Estonia.

Based on the information gathered by aircraft spotters, airband listeners and ADS-B monitors, who tracked the mission to Estonia of the F-35s, the two 5th generation multirole combat aircraft , 14-5102 and 14-5094, using radio callsign “Conan 01” and accompanied by “Quid 89”, a 100ARW KC-135 from RAF Mildenhall, departed from RAF Lakenheath at 07.35z.

The trio landed in Estonia shortly before 11.00z and took part in a brief ceremony (at this link you can find some interesting photographs).

Noteworthy, the quick visit to Estonia was “accompanied” by a rather unusual activity of U.S. and British spyplanes in the Baltic region.

In fact, as the F-35s headed towards Amari in formation with their KC-135 tanker, as many as three RC-135s (including a RAF bird) operated in the airspaces over or close to Estonia.

The U.S. Air Force dispatched an RC-135W Rivet Joint 62-4139 “Haiti 79” and an RC-135U Combat Sent 64-14847 “Spool 06” to the Baltic states. The Rivet Joint positioned off Kaliningrad Oblast, where some of the most active Russian bases in the Baltic region are located, whereas the Combat Sent started a racetrack over Estonia, not far from the border of mainland Russia.

 Shortly thereafter, even a RAF RC-135W “Airseeker,”one of the three ex-USAF KC-135 tanker converted to the Rivet Joint variant starting back in 2011, from RAF Waddington joined the scene. The British intelligence gathering plane that, just like the American “RJs” is equipped with all sorts of antennae and sensors, to eavesdrop enemy signals, transmissions, detect frequencies used by radio and radars and pinpoint sites of interest, mobile stations, SAM batteries, etc., maintained a racetrack off Kaliningrad

At 14.43Z, the two JSFs departed Ämari to return to the UK and shortly thereafter both the U.S. and RAF spyplanes headed back to their homebases.

Although we can’t but speculate here, it appears to be quite likely that the RC-135 missions to the Baltic were somehow related to the deployment of the F-35 so close to the Russian border. In fact, whilst Rivet Joint and Combat Sent aircraft regularly fly to the region and can be daily tracked online as they head towards the international airspace off Lithuania, Estonia and Latvia, the presence of three such spyplanes not too far away from one another seems to suggest their missions were coordinated and probably related to something “big” happening there.

And the only “big thing” (Zapad 2017 preparation aside) we are currently aware of is the first presence of the JSF in Estonia. Moreover, not only was the type of racetrack flown by the Combat Sent unusual, but it was also located in a pretty interesting position: east of Ämari, as if the RC-135U, an aircraft designed to collect technical intelligence on adversary radar emitter systems, was there to detect emissions from Russian radars interested in the F-35.

However, there is another possibility: what if the American and British spyplanes were there to deter the Russian from using their radars?

Indeed, whilst three RC-135s flying at the same time in the same area is something unusual, it is quite weird that the three spyplanes had their ADS-B transponder turned on during their missions.

“If they wanted to hide, they would do” says the ADS-B / ModeS tracking enthusiast who runs the popular @CivMilAir and @ADSBTweetBot Twitter feeds. “The daily RC-135s flights over the Middle East very rarely show up and even the daily missions to the Baltics can usually be tracked during their transit to the area of operations, where often the transponder is turned off. That’s why I believe they remained trackable on purpose.”

Spyplanes, including the U-Boat (as the RC-135U Combat Sent is nicknamed in the pilot community), usually operate in “due regard” with transponder switched off, with no radio comms with the ATC control, using the concept of “see and avoid” where the pilot flying is responsible for avoiding all traffic conflicts. Even if RC-135s can be regularly tracked online, they tend to keep a low-profile when reaching the area of operations, turning off the ADS-B to avoid being detected at least by commercial ADS-B receivers like those feeding online flight tracking systems such as Flightradar24.com, PlaneFinder.net or Global ADS Exchange.

On Apr. 25, both RC-135s could tracked throughout their missions suggesting they did purposely broadcast their position for everyone to see, to let everyone know they were there.

Russian spyplanes have done pretty much the same in the past: the Tu-214R, Russia’s most advanced intelligence gathering aircraft deployed to Syria and flew along the border with Ukraine with its transponder turned on. In that case it was a sort of “show of force”; yesterday was likely a way to prevent some interesting details about the F-35 to be gathered by the Russians.

By the way, it’s not the first time U.S. stealth jets flying to the Baltics are directly or undirectly “accompanied” by Rivet Joints: on Apr. 27, 2016, two F-22s deployed to Siauliai Air Base Lithuania. Supported (so to say) by an RC-135W.

***

This site has often posted about the Gerasimov Doctrine. There is more with regards to ‘active measures’ which in modern day terms is chaos. With regard to Ukraine it looks like this:

Before the Ukrainian crisis, the Russian Federation Chief of General Staff, General Valery Gerasimov, published an article explaining the General Staff’s view of modern military operations.[2] One key point of General Gerasimov’s views, later termed the Gerasimov Doctrine, is that non-military means to affect a target country or region such as “economic sanctions, disruption of diplomatic ties, and political and diplomatic pressure” are not means to reduce chaos or avoid war, but rather means to increase stress and support traditional military operations.[3]

The idea is that existing stressors in a target region combined with stressors introduced through military and non-military means shape the environment for follow-on decisive military operations. The doctrine features six stages.

  1. Covert Origins
  2. Escalations
  3. Start of Conflict Activities
  4. Crisis
  5. Resolution
  6. Restoration of Peace (Postconflict Settlement)

Descriptions of the early stages point to the existence or creation of chaos: “Emergence of differences of interest” are linked with “formation of political opposition,” which lead to “intensifying contradictions.”[4] These methods were clearly in action in Ukraine and to a lesser extent Georgia.[5] They also may already be at work in Belarus, as this article in Belarus Digest suggests.

Then we have the U.S. election intrusion:

  General Director of Russia’s Political Information Center: The U.S. Influenced Russia’s 2016 Duma Elections 

The General Director of Russia’s Political Information Center, Aleksei Mukhin, said there is evidence that the U.S. influenced Russia’s 2016 Duma elections. Mukhin said: “As my colleagues have pointed out quite fairly, the problem is far bigger than attempts at meddling in the 2016 election process. My center has identified direct traces of such interference and very serious and deep ones.

“As soon as Russia took the trouble of looking into the activity of some non-governmental organizations in its territory and adopted laws restricting that activity [it happened during preparations for the 2016 State Duma elections] it became clear that the United States had taken measures to create special units, including those within its armed forces, secret services, government agencies and also non-governmental organizations, for direct information confrontation with Russia. [In particular] the number of centers producing anti-Russian content, addressed mostly to the Russian-speaking audience, was increased [Mukhin refers to Voice of America, Radio Liberty radio stations, and the commercial U.S. television network CNN]. At the legislative level [in the United States] strategies of causing resistance to Russian information policies have been enhanced at the legal level. Their implementation is a sure way towards intervention in Russia’s internal affairs.”

***

‘Izvestia’: Russia Will  Never Join The Western Coalition Led By The U.S.

According to Pro-Kremlin daily IzvestiaRussia will never join the Western Coalition led by the U.S. in Syria. Quoting two unidentified diplomatic sources, Izvestia wrote: “Moscow will never join a coalition under American auspices. We have explained that to our partners behind closed doors. We argue that their actions in Syria are illegitimate. They indeed proposed that we join them, but under the main condition that the U.S. leads the cause of the fight against terror. We are likewise unwilling to do so… If some coalition receives UN Security Council [approval] for action in Syria, we’ll consider it, but it will be a completely different formation [as opposed to the current coalition].”

***

One more item:

This site has previously posted about the Russian annexing of the Arctic region with no rebuke from the Obama administration. Wanna see what the Russians are gloating about now?

UPI: The Russian Ministry of Defense has released a virtual tour showcasing a newly constructed military base located in a remote area in the Arctic.

The tour, presented on the defense ministry’s website, allows visitors to browse through various structures of the base. It does not depict or discuss any military hardware.

The release marks a notable departure from Kremlin tradition regarding military matters, which are typically highly classified. BBC News reports the facility is built to house 150 personnel for 18-month long deployments and that it is designed to withstand extremely cold temperatures.

The Kremlin considers the Arctic to be a strategic location for Russia’s air defenses.

Units of Russian Arctic Trefoil military base, 30 Mar 17

Getty Images Image caption The large complex is permanent and has plenty of energy and storage capacity

The Arctic Trefoil permanent base is in Franz Josef Land, a huge ice-covered, desolate archipelago. The Russian military sees the resource-rich Arctic as a key strategic region. President Vladimir Putin visited the new base, on Alexandra Land, last month.

It is built on stilts – to help withstand the extreme cold – and will house 150 personnel on 18-month tours of duty. Winter temperatures typically plunge to minus 40C. See the tour here.