Readout: Senate Meeting at WH on N. Korea

Image result for senate at white house north korea WaPo

Joint Statement by Secretary of State Rex Tillerson, Secretary of Defense James Mattis, Director of National Intelligence Dan Coats

Press Operations

Past efforts have failed to halt North Korea’s unlawful weapons programs and nuclear and ballistic missile tests. With each provocation, North Korea jeopardizes stability in Northeast Asia and poses a growing threat to our allies and the U.S. homeland.

North Korea’s pursuit of nuclear weapons is an urgent national security threat and top foreign policy priority. Upon assuming office, President Trump ordered a thorough review of U.S. policy pertaining to the Democratic People’s Republic of Korea (DPRK).

Today, along with Chairman of the Joint Chiefs of Staff Gen. Joe Dunford, we briefed members of Congress on the review. The president’s approach aims to pressure North Korea into dismantling its nuclear, ballistic missile, and proliferation programs by tightening economic sanctions and pursuing diplomatic measures with our allies and regional partners.

We are engaging responsible members of the international community to increase pressure on the DPRK in order to convince the regime to de-escalate and return to the path of dialogue. We will maintain our close coordination and cooperation with our allies, especially the Republic of Korea and Japan, as we work together to preserve stability and prosperity in the region.

The United States seeks stability and the peaceful denuclearization of the Korean peninsula. We remain open to negotiations towards that goal. However, we remain prepared to defend ourselves and our allies.

***

North Korea Threatens Indo-Asia-Pacific Region, Harris Tells Legislators
WASHINGTON, April 26, 2017 — North Korea remains the most immediate threat to the security of the United States and its allies in the Indo-Asia-Pacific, Navy Adm. Harry B. Harris Jr., the commander of U.S. Pacific Command, told the House Armed Services Committee today.


Addressing security challenges in the Indo-Asia-Pacific region, the commander noted how North Korea threatened Australia in the past week with a nuclear strike.

“[It’s] a powerful reminder to the entire international community that North Korea’s missiles point in every direction,” Harris said. “The only nation to have tested nuclear devices in this century, North Korea has vigorously pursued an aggressive weapons test schedule with more than 60 listed missile events in recent years.”
Sense of Urgency

With every test, Kim Jong Un moves closer to his stated goal of a pre-emptive nuclear strike capability against American cities, and he’s not afraid to fail in public, the admiral said.

“Defending our homeland is my top priority, so I must assume that Kim Jong Un’s nuclear claims are true; I know his aspirations certainly are. And that should provide all of us a sense of urgency to ensure Pacom and U.S. Forces Korea are prepared to fight tonight with the best technology on the planet,” he said.

Threats from North Korea are why the United States has deployed its Terminal High Altitude Area Defense system to South Korea, put the USS Carl Vinson carrier strike group back on patrol in Northeast Asia and introduced the newest and best military platforms in the Indo-Asia-Pacific region, the admiral said.

And they are also why the U.S. is emphasizing trilateral cooperation between Japan, South Korea and calling on China to exert its “considerable economic influence to stop Pyongyang’s unprecedented weapons testing,” Harris said.

“As [President Donald J. Trump] and [Defense Secretary Jim Mattis] have made clear, all options are on the table. We want to bring Kim Jong Un to his senses, not to his knees,” the commander said.

Advancing Partnerships

The admiral named Russia, China and the Islamic State of Iraq and Syria as the other global and regional threats, but emphasized U.S. regional partnerships.
“We’ve strengthened America’s network of alliances and partnerships, working with like-minded partners on shared security threats like North Korea and ISIS. It’s a key component to our regional strategy,” he said.

Harris said he continues to rely on Australia for its advanced military capabilities and global operations leadership, and noted that last week’s trips by Vice President Mike Pence and Mattis to Northeast Asia emphasized U.S. alliances with South Korea and Japan.

The United States has also advanced its partnerships with regional powers such as India, Indonesia, Malaysia, New Zealand, Singapore, Sri Lanka and Vietnam, Harris said. Such partnerships, he said, reinforce “the rules-based security order that has helped underwrite peace and prosperity throughout the region for decades.”

Confronting Challenges

But more work remains to be done, he cautioned.

“We must be ready to confront all challenges from a position of strength and with credible combat power,” Harris told legislators.

He added, “So I ask this committee to support continued investment to improve our military capabilities. I need weapons systems of increased lethality, precision, speed and range that are networked and cost-effective [without] restricting ourselves with funding uncertainties [that] reduce our warfighting readiness. So I urge the congress to repeal sequestration and improve the proposed Defense Department budget.”

Russia Funds and Manages Conflict in Ukraine, 11,000 Dead

Ukraine, the forgotten war:

The situation in the ATO area remains controlled by Ukraine’s Army. Russian occupation forces shelled Ukrainian positions 21 times during the past 24 hours.

The epicenter of confrontation was Prymorsky area. Militants shelled Shyrokyne from 122 mm light portable rocket system Partyzan and IFV weaponry. The enemy shelled Mariinka from IFV, grenade launchers of different systems and heavy machine guns. Krasnohorivka positions were shelled from anti-tank grenade launchers and Vodyane – from IFV and heavy machine guns. Hnutove was shelled from small arms. Snipers were shooting in Mariinka.

In Donetsk region militants shelled Avdivka and Verkhnyotoretske from 82 mm mortars, anti-tank grenade launchers and heavy machine guns. Ukrainian positions near Troitske and Pisky were hit from anti-tank grenade launchers and small arms. More here.

Russia Funds and Manages Conflict in Ukraine, Leaks Show

Hacked emails show that the Kremlin directs and funds the ostensibly independent republics in eastern Ukraine and runs military operations there. In late 2016, Ukrainian hacker groups released emails purportedly taken from the office of Kremlin official Vladislav Surkov, who oversees Ukraine policy for Russian President Vladimir Putin. The Surkov leaks confirm what many have long suspected: the Kremlin has orchestrated and funded the supposedly independent governments in the Donbas, and seeks to disrupt internal Ukrainian politics, making the task of rebuilding modern Ukraine impossible. Russia has consistently denied accusations from Kyiv and the West that it is providing the separatists with troops, weapons, and other material support or meddling in Ukrainian affairs. The emails from Surkov’s office betray the official Kremlin line, revealing the extent of Russian involvement in the seizure of Ukrainian territory, the creation of puppet “people’s republics,” and the funding to ensure their survival.

There have been three tranches of information from Surkov’s account: a PDF document detailing plans to destabilize Ukraine, a dump of 2,337 emails, and a final dump of 1,000 emails. While the plot to destabilize Ukraine with its detailed plan to use energy tariffs to foment revolution has garnered attention, its veracity is disputed. The trove of 2,337 emails, released by the group called “Ukrainian Cyber Alliance,” including the hacker group Cyber Hunta and research collective InformNapalm, covers the period from September 2013 to November 2014, when Russia illegally annexed Crimea and deployed separatist proxies in eastern Ukraine to start a war. The final dump dates from September 2014 to September 2016. We have analyzed the overlooked second and third troves. Here’s what we found.

On May 16, 2014, a little-known Russian “political consultant” named Aleksandr Borodai was elected prime minister of the self-proclaimed Donetsk People’s Republic. At the time, many noted that Borodai was a friend and former employee of Russian billionaire Konstantin Malofeyev, the founder of Marshall Capital and, according to a separate set of leaked documents, a funder to far-right political organizations in Europe. While Malofeyev denied all connections to Borodai (“You can find a link between me and almost any Orthodox activist. But that doesn’t mean I’m paying them a salary or that we’re in the same business.”), the Surkov leaks show otherwise. Three days before the announcement of the government of the Donetsk People’s Republic, an employee from Malofeyev’s Marshall Capital emailed Surkov’s office a list of candidates for the separatist republic’s government. Some of these “candidates” had an asterisk by their name, signifying that they “are people who we have checked, and are especially recommended.”

20170419 haring 1

A portion of the document sent from the office of Konstantin Malofeyev to Vladislav Surkov, aide to President Putin.

The Kremlin also had a hand in maintaining the puppet government. On June 16, 2014, one of the candidates with an asterisk by his name—the “elected” Chairman of the Supreme Soviet, Denis Pushilin—sent Surkov’s office a spreadsheet with expenses for a new press center in Donetsk. The budget included estimated salaries for an editor, journalist, and other monthly expenses, along with the cost of a router and other pieces of office equipment. The Kremlin not just manages their puppet republic in eastern Ukraine, it is micromanaging and propping it up.

20170419 haring 2

Part of the expense list sent by the Donetsk People’s Republic official Denis Pushilin to Surkov, including the cost of a laptop, router, camera, and other pieces of office equipment.

But that’s not all. The Kremlin actively works to disrupt and slow down the reform process in Ukraine by promoting pro-Russian candidates and proposals. For example, Surkov has met with and assisted pro-Russian activists and leaders who live in Crimea, Dnipro, Kharkiv, Kyiv, and Slovyansk. The emails show that Surkov keeps lists of pro-Russian activists across the country that he can deploy when he needs a favor.

The leaks also show that Surkov actively monitors Ukraine’s reforms and works with editors to push a pro-Russian agenda in Ukrainian and Russian outlets. Surkov has significant influence on the media narrative in eastern Ukraine. For example, on August 25, 2014, he received an email asking for edits to a letter that was supposedly from local citizens living in eastern Ukraine; in it, they told of the horrors resulting from the Ukrainian military’s “Anti-Terrorist Operation” and its effect on women, the elderly, and children, supposedly from the perspective of a suffering civilian. The letter was published by Russian Reporter and RT a few days later with minor wording changes.

20170419 haring 3

Comparison of the letter sent from the “public representatives of the Donbass” to the Ukrainian government, with the original version sent to Surkov (left) and the version that was later posted online (right), after suggested edits.

Predictably, Kremlin officials have refuted the authenticity of these emails. However, cyber experts have pronounced these leaked emails genuine based on the routing information and some individuals have confirmed the authenticity of individual documents. The hackers published a nearly one-gigabyte Outlook data file that included the inbox, outbox, drafts, deleted email, spam, and other folders from [email protected] ’s account. While it is easy to fake screenshots, PDF documents, and other files, faking email inboxes is difficult. Within the email files, every message in the second trove of emails contains the same header information — where it originated, which servers it moved through, and so on—which indicates the messages are likely genuine. Using basic digital forensics, which involves uncovering and examining electronic evidence located on digital storage, including computers, cell phones, and networks, we can verify specific details in the emails, suggesting that the leaks are authentic. A majority of the emails are copied and pasted information from news articles, brief summaries of current events in Abkhazia, Moldova, South Ossetia, and Ukraine, and emails related to business developments in Russia. This high ratio of “uninteresting to interesting” bolsters the authenticity of the leaks because nearly all genuine email account hacks have a similar profile. In other words, political officials’ inboxes look much like the average person’s work inbox: full of schedules and routine briefings, with only a handful of incriminating emails. Surkov’s inbox follows this pattern.

In his own words, the Surkov leaks show that the Kremlin directs and funds the ostensibly independent republics in eastern Ukraine and runs military operations there. Yet nearly all media in the West speak about the war in the Donbas as being run by Kremlin-backed separatists, but this isn’t a true characterization. Moscow is actively guiding and managing this breakaway state, down to paying invoices for office equipment. The leaks provides clear, irrefutable evidence that the Donetsk People’s Republic is not an independent actor; it is a creature of the Kremlin and should be treated as such. It’s time for the media and foreign governments to catch up and call it what it is: a Russian hybrid war.

China is Charged With Control of North Korea, Bad Idea?

President Trump has conferred to Asian leaders over the matter of North Korea’s missile tests and the threats of a nuclear strike. Many conversations have been filling the phone wires that put President Xi of China in charge of handling Kim Jung Un. Okay, but can or will China do all that is necessary and will it resolve the threat of an escalated war in the region? The answer is unknown.

In part from FNC: U.S. commercial satellite images indicated increased activity around North Korea’s nuclear test site, while Kim has said that the country’s preparation for an ICBM launch is in its “final stage.”

South Korea’s Defense Ministry has said the North appears ready to conduct such “strategic provocations” at any time. South Korean Acting Prime Minister Hwang Kyo-ahn has instructed his military to strengthen its “immediate response posture” in case North Korea does something significant on the April 25 anniversary of its military. North Korea often marks significant dates by displaying military capability.

In a statement released late Friday, North Korea’s Foreign Ministry accused Trump of driving the region into an “extremely dangerous phase” with his sending of the aircraft carrier and said the North was ready to stand up against any kind of threated posed by the United States.

With typical rhetorical flourish, the ministry said North Korea “will react to a total war with an all-out war, a nuclear war with nuclear strikes of its own style and surely win a victory in the death-defying struggle against the U.S. imperialists.”

*** So, China appears to have taken some steps to send North Korea a message like refusing a coal shipment. But was that just a one off tactic? Cutting off oil and gasoline shipments…was that too yet another gesture by China? How about access to banking and ATM machines?

PYONGYANG, North Korea (AP) — No modern airport terminal is complete without an ATM, and Pyongyang’s now has two. But they don’t work — because of new Chinese sanctions, according to bank employees — and it’s not clear when they will.

ATMs are an alien enough concept in North Korea that those in the capital’s shiny new Sunan International Airport have a video screen near the top showing how they work and how to set up an account to use them. The explanatory video is in Korean, but the machines, which are meant primarily for Chinese businesspeople and tourists, don’t give out cash in the North Korean currency.

Humm right? But can we really trust China to go the distance to stop North Korea? I offer this answer…NO.

China has been angry with the United States over deploying the THAAD missile defense system in S. Korea. China is one of the largest know hacking networks in the world…remember that? Alright, how about this lil gem?

***

Researchers claim China trying to hack South Korea missile defense efforts

Deployment of THAAD upsets China, seen as espionage tool.

Sean Gallagher: Chinese government officials have been very vocal in their opposition to the deployment of the Terminal High-Altitude Air Defense (THAAD) system in South Korea, raising concerns that the anti-ballistic missile system’s sensitive radar sensors could be used for espionage. And according to researchers at the information security firm FireEye, Chinese hackers have transformed objection to action by targeting South Korean military, government, and defense industry networks with an increasing number of cyberattacks. Those attacks included a denial of service attack against the website of South Korea’s Ministry of Foreign Affairs, which the South Korean government says originated from China.

FireEye’s director of cyber-espionage analysis John Hultquist told the Wall Street Journal that FireEye had detected a surge in attacks against South Korean targets from China since February, when South Korea announced it would deploy THAAD in response to North Korean missile tests. The espionage attempts have focused on organizations associated with the THAAD deployment. They have included “spear-phishing” e-mails carrying attachments loaded with malware along with “watering hole” attacks that put exploit code to download malware onto websites frequented by military, government, and defense industry officials.

FireEye claims to have found evidence that the attacks were staged by two groups connected to the Chinese military. One, dubbed Tonto Team by FireEye, operates from the same region of China as previous North Korean hacking operations. The other is known among threat researchers as APT10, or “Stone Panda”—the same group believed to be behind recent espionage efforts against US companies lobbying the Trump administration on global trade. These groups have also been joined in attacks by two “patriotic hacking” groups not directly tied to the Chinese government, Hultquist told the Journal—including one calling itself “Denounce Lotte Group” targeting the South Korean conglomerate Lotte. Lotte made the THAAD deployment possible through a land swap with the South Korean government.

APT = Advanced Persistent Threat 10 refers to China as noted here with this summary which was found as early as 2009.  In part it includes:

“Operation Cloud Hopper” uses internet addresses also used by the threat actor known in the cybersecurity community as “APT10.” Using a combination of unique hacking tools and open source software, it has attempted to gather information about diplomatic and political organizations, as well as intellectual property, according to the report.

APT10 was identified in a 2013 report by FireEye detailing its use of the Poison Ivy family of malware, which the new report says ceased after FireEye revealed its findings. Also in 2013, FireEye identified APT1, which appears to be Unit 61398 of China’s People’s Liberation Army. The PwC-BAE report notes that the “Operation Cloud Hopper” attacks tend to occur during business hours in China.

Since 2009, APT10 has been observed to target mostly government and U.S. defense organizations, but now “has almost certainly been undertaking a global operation of unprecedented size and scale targeting a number of MSPs,” the report says.

CIA WikiLeaks Mole a Russian or Defector?

The truth is often stranger than fiction and when it does finally come out, the twists and turns to the stories are shocking. So, it has been announced that the FBI and CIA are on a full blown mole search investigation to determine who within or as a contractor to the CIA is loyal or on the payroll of a foreign rogue nation such as Russia.

Schindler at the Observer wrote and explained that the last major Soviet penetration of NSA during the Cold War was Ron Pelton, a former agency analyst who started selling secrets to the KGB in 1980. Pelton betrayed highly sensitive signals intelligence programs to Moscow and was convicted of espionage in 1986 after Vitaly Yurchenko, a KGB officer who temporarily defected to the United States, tipped off the FBI about an NSA source selling secrets to the Kremlin.

Image result for ron pelton espionage Quazoo

So, could it be Bernie Sanders? After all, he honeymooned in Yaroslavl, Soviet Union…not modern day Russia. Anyone hear of Evgeny Buryakov who is alleged to have attempted to recruit Carter Page an early advisor to Donald Trump? Could it be John Kerry himself as part of a larger plot for Russian cooperation over Syria or Iran? It is thought that the mole is an insider or contractor, yet who could pass thumb drives or envelops via dead drops?

None of the above is real or proven, it is just suggested to think out of the box as we are only restrained by our own limits of imagination. We had never heard of Edward Snowden either right?

*** What about those ‘Shadow Brokers’? One must understand the world of espionage and how it has adjusted due to the internet and global communications with encryption.

A message from Vladimir Putin can take many forms.

It can be as heavy-handed as a pair of Russian bombers buzzing the Alaska coast, or as lethal as the public assassination of a defector on the streets of Kiev. Now Putin may be sending a message to the American government through a more subtle channel: an escalating series of U.S. intelligence leaks that last week exposed a National Security Agency operation in the Middle East and the identity of an agency official who participated.

The leaks by self-described hackers calling themselves “the Shadow Brokers” began in the final months of the Obama administration and increased in frequency and impact after the U.S. bombing of a Syrian airfield this month—a move that angered Russia. The group has not been tied to the Kremlin with anything close to the forensic certitude of last year’s election-related hacks, but security experts say the Shadow Brokers’ attacks fit the pattern established by Russia’s GRU during its election hacking. In that operation, according to U.S. intelligence findings, Russia created fictitious Internet personas to launder some of their stolen emails, including the fake whistleblowing site called DCLeaks and a notional Romanian hacker named “Guccifer 2.0.”

“I think there’s something going on between the U.S. and Russia that we’re just seeing pieces of,” said security technologist Bruce Schneier, chief technology officer at IBM Resilient. “What happens when the deep states go to war with each other and don’t tell the rest of us?”
The Shadow Brokers made their deubt in August, appearing out of nowhere to publish a set of secret hacking tools belonging to the “Equation Group”—the security industry’s name for the NSA’s elite Tailored Access Operations program, which penetrates foreign computers to gather intelligence. At that time, the Shadow Brokers claimed to be mercenary hackers trying to sell the NSA’s secrets to the highest bidder. But they went on to leak more files for free, seemingly timed with the public thrusts and parries between the Obama administration and the Russian government.

From the start, outside experts had little doubt that Russian intelligence was pulling the strings. “Circumstantial evidence and conventional wisdom indicates Russian responsibility,” exiled NSA whistleblower Edward Snowden tweeted last August. “Why did they do it? No one knows, but I suspect this is more diplomacy than intelligence, related to the escalation around the [Democratic National Committee] hack.”

The FBI started investigating, and in August agents arrested an NSA contractor named Hal Martin after discovering that Martin had been stockpiling agency secrets in his house for two decades. But even as Martin cooled his heels in federal custody, the Shadow Brokers continued to post messages and files.

Snowden and other experts speculated that the Russians obtained the code without the help of an insider. As a matter of tradecraft, intelligence agencies, including the NSA, secretly own, lease, or hack so-called staging servers on the public internet to launch attacks anonymously. By necessity, those machines are loaded up with at least some of the agency’s tools. Snowden theorized that the Russians penetrated one of those servers and collected an NSA jackpot. “NSA malware staging servers getting hacked by a rival is not new,” he wrote.
Whatever their origin, the leaks dried up on Jan. 12, when the Shadow Brokers announced their “retirement” 10 days before Donald Trump’s swearing-in. The group didn’t reemerge until this month, after the Syrian military’s deadly chemical-weapons attack in Ghouta. Reportedly moved by images of the Syrian children injured or killed in the attack, Trump responded by ordering the launch of 59 Tomahawk missiles at a Syrian government air base—departing drastically from the will of Putin, who considers Syrian President Bashar al-Assad a strategic ally.

The Russian government immediately condemned the U.S. response. Two days later, so did the Shadow Brokers. The group broke its months-long silence and released another tranche of NSA secrets along with a lengthy open letter to Trump protesting the Syrian missile strike. Abandoning any pretense of a profit motive, the Shadow Brokers claimed now to be disillusioned U.S. voters—“the peoples who getting you elected,” as they put in, using phrasing that holds dual meaning coming from a suspected Kremlin operation.

The Shadow Brokers have been playing hardball ever since. Their most recent release, on Friday, exposed the code for a sophisticated NSA toolkit targeting Windows machines, putting some of the agency’s capabilities, circa 2013, in the hands of every newbie hacker able to use a keyboard.

This time, the Shadow Brokers didn’t stop with code. For the first time in their short history, they also released internal NSA spreadsheets, documents, and slide decks, some bedecked with the insignia and “Top Secret” markings familiar to anyone who’s browsed the Snowden leaks.

The leak exposes in detail a 2013 NSA hacking operation called Jeep Flea Market that gained deep access to Dubai-based EastNets, a company that handles wire transfers for a number of Middle East banks, something of obvious interest to U.S. intelligence. (EastNets denies the breach.) But the Shadow Brokers exposed more than just an NSA operation. Metadata left in the files identified the full name of a 35-year-old NSA worker in San Antonio who was apparently involved in the hack. (The Daily Beast was unable to reach him for comment.)
NSA hackers don’t face the same danger as CIA officers working undercover in a foreign country, but the likelihood that Russia has begun exposing them by name, while linking them to specific operations, raises the stakes for the intelligence community. If nothing else, the San Antonio NSA worker could plausibly face criminal and civil charges in the United Arab Emirates, just as hackers working for Russian and Chinese intelligence have been indicted in the U.S.

It’s conceivable that the Shadow Brokers included the name by mistake. Groups like WikiLeaks and the journalists with the Snowden cache are accustomed to scrubbing identifying metadata from documents. But a less-experienced hand might overlook it. Schneier is doubtful. “If we’re assuming an intelligent and strategic actor, which I think we are, then you have to assume that they did that on purpose,” he said.

Nothing is certain; the Shadow Brokers are a puzzle with missing pieces. But Friday’s Shadow Brokers release obliterated one theory on the spot. The NSA would never have put classified spreadsheets and PowerPoint slides on a staging server. They could only have come from inside the NSA.

Which sets the stage for a revival of a storied Cold War intelligence ritual, with the declining agency morale that comes with it: the Russian mole hunt. “I think we’re most likely looking at someone who went rogue from within, or a contractor who had access to this information,” said Eric O’Neill, national-security strategist for Carbon Black. “Either way, we have someone in the intelligence community that’s a pretty high-placed spy.”

A former FBI surveillance specialist, in 2001 O’Neill helped bring down Robert Hannsen, a double agent in the bureau who’d been secretly spying for Russia. “The FBI must be scrambling right now,” he said. “There’s so many leaks going on: this leak, the CIA Vault7 leaks, and at the same time there’s the investigation into any administration ties to Russia, and the DNC intrusion, and all these leaks coming out of the White House. There’s only so much that the FBI’s national security agents can do.”

If Russia did have a mole inside the NSA in 2013, the most recent date of the documents, Schneier thinks it unlikely that it does now, or else the Shadow Brokers wouldn’t exist. “You only publish when it’s more useful as an embarrassment than as intelligence,” he said. “So if you have a human asset inside the NSA, you wouldn’t publish. That asset is too important.”

It’s also possible, though unprecedented in the public record, that Russia found a way into the NSA’s classified network. A competing theory focuses on the FBI’s early suspect, Hal Martin. He’s not the Shadow Brokers, but he reportedly worked in the NSA’s Tailored Access Operations program and had 50,000 gigabytes of classified material in his home. Might he himself have been hacked? Martin is charged in Maryland with 20 counts of willful retention of national defense information, but prosecutors have not made any accusation that his trove slipped into enemy hands.

As Snowden demonstrated when he walked out of the NSA with a thumb drive of secrets, it’s comparatively easy now to steal and smuggle classified information. But O’Neill says the FBI’s counterintelligence mission is easier too, because of the rampant audit trails and server logs in classified networks.

“It’s much easier getting the secrets out now, but on the flip side, it’s also easier for law enforcement and the FBI to track down who had access to the data,” he says. “I like to think this mole hunt is going to be a little easier than it was in the past.”

Until then, expect the Shadow Brokers to stick around. In their Friday dump, they hinted at more revelations this week: “Who knows what we having next time?”

*** WASHINGTON — Forget about spies. It’s rogue insiders that cause heartburn at U.S. intelligence agencies these days.

Few spy cases have broken in the past decade and a half. In contrast, a proliferation of U.S. intelligence and military insiders have gone rogue and spilled secrets to journalists or WikiLeaks, the anti-secrecy group.

The leaks are as damaging as any major spy case, perhaps more so. And they have underscored the ease of stealing secrets in the modern age, sometimes with a single stroke of a keyboard.

Since early March, WikiLeaks has published part of a trove of documents purportedly created by cyber units of the Central Intelligence Agency. WikiLeaks continues to upload the documents and hacking tools, dubbed Vault 7, to the internet for all to see.

For its part, a mysterious group that calls itself the Shadow Brokers has re-emerged and dumped a large catalog of stolen National Security Agency hacking tools on the internet, including evidence the agency had penetrated Middle Eastern banking networks.

“In the past, we’ve lost secrets to foreign adversaries,” retired Air Force Gen. Michael Hayden, a former director of both the CIA and the NSA, said in an interview. “Now we’ve got the self-motivated insider that is our most important counterintelligence challenge.”

Hayden cited the cases of Army Pfc. Chelsea Manning, convicted in 2013 for releasing three-quarters of a million classified or sensitive military and diplomatic documents to WikiLeaks. He also mentioned Edward Snowden, the former NSA contractor who shook public opinion with his disclosures to journalists in 2013 about U.S. surveillance practices. Hayden added the Vault 7 disclosures last month, which others presume were stolen by a contract employee at the CIA. Read more here.

 

 

 

CNN Reported Dossier Basis for Trump Surveillance, But…

The FBI last year used a dossier of allegations of Russian ties to Donald Trump’s campaign as part of the justification to win approval to secretly monitor a Trump associate, according to US officials briefed on the investigation.

The dossier has also been cited by FBI Director James Comey in some of his briefings to members of Congress in recent weeks, as one of the sources of information the bureau has used to bolster its investigation, according to US officials briefed on the probe.
This includes approval from the secret court that oversees the Foreign Intelligence Surveillance Act (FISA) to monitor the communications of Carter Page, two of the officials said. Last year, Page was identified by the Trump campaign as an adviser on national security. More here from CNN.
Okay, so everyone remains angry with James Comey right? Okay, well hold on….this could get complicated. We cant dismiss the notion that Obama and Susan Rice had a valid reason for their surveillance
actions, at least some as the below case was provided to the White House.
Enter Evigeniy Mikhailovich Bogachev.
Image result for evgeniy mikhailovich bogachev

U.S. v Evgeniy Mikhailovich Bogachev et al by Brian Ries on Scribd

Bogachev was a case from 2014 investigated by CrowdStrike and then later offered help to the FBI office in Omaha and later the FBI office in Pittsburgh finally after countless months, ran a global cyber operation and succeeded in stopping international bank thefts in the millions of dollars. Many Russian immigrants located in Brighton Beach were recruited to be mules going to domestic banks, opening accounts and later withdrawing funds, cleaning all traces of the stolen millions. It should be noted that CrowdStrike was the same firm the Hillary campaign hired to investigate intrusions.

Image result for evgeniy mikhailovich bogachev

Now it gets even more interesting.

The matter of Bogachev with his named operation of ‘Business Club’ and his global cyber operatives hacking with sophisticated bots, malware and remote servers came to the attention of the Russian Federation. They liked what the Bogachev Zeus operation had the ability to do. So, top Kremlin officials allowed the operation to continue without prosecution if they would work to gather intelligence on the global reaction to Putin annexing Crimea and moving in on Ukraine.

All of this came to the attention also of U.S. based private cyber professional where they studied the code, the IP addresses, the servers, the patterns, names and other common cyber traits. The DNC hack attributions are a dovetail to the ‘Business Club’ operation due to style, coding, networks, language and server locations.

In 2015, the Obama State Department issued sanctions and a $3 million dollar bounty on Bogachev who operated with the alias of ‘Slavik’. Russia of course is not only not cooperating but refuses to admit any such action was real and the evidence is not vetted. This is a usual response by top Russian officials.

An estimated $100 million was stolen via cyber operations by Slavik and computers infected with various versions of Zeus still exist while the FBI was able to seized all those known to their sting operation.

The FBI described the cyber sting operation as hand to hand combat with Bogachev and his operation on the Zeus case was deemed successful. It is unknown at this time who and where is he still operating. The summary of this operation was taken from the full article published by ‘Wired’ under the title ‘The Hunt for Russia’s Most Notorious Hacker’

Late last year, the DHS released a joint statement which read in part:

This activity by Russian intelligence services is part of a decade-long campaign of cyber-enabled operations directed at the U.S. Government and its citizens. These cyber operations have included spearphishing, campaigns targeting government organizations, critical infrastructure, think tanks, universities, political organizations, and corporations; theft of information from these organizations; and the recent public release of some of this stolen information.  In other countries, Russian intelligence services have also undertaken damaging and disruptive cyber-attacks, including on critical infrastructure, in some cases masquerading as third parties or hiding behind false online personas designed to cause victim to misattribute the source of the attack.  The Joint Analysis Report provides technical indicators related to many of these operations, recommended mitigations and information on how to report such incidents to the U.S. Government.

A great deal of analysis and forensic information related to Russian government activity has been published by a wide range of security companies.  The U.S. Government can confirm that the Russian government, including Russia’s civilian and military intelligence services, conducted many of the activities generally described by a number of these security companies.  The Joint Analysis Report recognizes the excellent work undertaken by security companies and private sector network owners and operators, and provides new indicators of compromise and malicious infrastructure identified during the course of investigations and incident response.  The U.S. Government seeks to arm network defenders with the tools they need to identify,, detect and disrupt Russian malicious cyber activity that is targeting our country’s and our allies’ networks.