When is it Enough for Putin and Russia?

Posted on March 31, 2017March 31, 2017 by Denise Simon

NBC

FBI: Russian Citizen Pleads Guilty For Involvement In Global Botnet Conspiracy

The summary below for the most part echoes the same testimony delivered by 6 panel members in two separate hearings before the Senate on March 30, 2017.

Two particular panel witness members were Clint Watts and Thomas Rid. (videos included)

There are several experts and those in media commentary that say there is no evidence of Russian intrusions. But there IS in fact evidence and attribution does required a long time to investigate, collaborate and convey, which is why the FBI has taken so long to provide. There are countless private corporations in the cyber industry, not tied to government in any form. They are hired to protect systems, investigate intrusions and research hacks and variations of interference both nationally and globally.

The United States is hardly the only victim of Russian intrusion, as Europe and the Baltic States are having the exact issues. But Americans rarely pay attention to anything outside the United States.

So, when is enough…enough for Putin? No one knows and due to the constant successes listed so far, there is very little reason for ‘active measures’ of asymmetric warfare tactics to cease….it is cheap ad effective and for the most part anonymous. The mission objective by the Kremlin is division, chaos, leaked propaganda and repeat….works doesn’t it.

DailyMail

Propaganda is nothing new. But Moscow is frighteningly effective—and worse is on the way.

***

What the Russians want: How Russia uses cyber attacks and hybrid warfare to advance its interests

What, exactly, do the Russians want? Their very active cyber operations obviously serve state goals, but what are those goals, and how can they inform a Western response?

ITSEF’s second day opened with a panel on Russian hybrid warfare—a combination of cyberattack and information operations with both conventional and irregular military operations. Larry Hanauer, of the Intelligence and National Security Alliance, chaired a discussion among the Hoover Institution’s Herb Lin, Lookout’s Mike Murray, and LIFARS CEO Ondrej Krehel.

Policy driven by resentment.

Hanauer’s opening question was open-ended: what are Russia’s policy goals, and how does it use hybrid warfare to advance them? The panel was in agreement that the key to understanding Russian actions in cyberspace is to recognize them as driven by resentment. Lin called that resentment “longstanding.” It stems from the collapse of the Soviet Union at the end of the Cold War and Russia’s treatment internationally since then. Russian leaders and a substantial set of the Russian population views that treatment as disrespectful, contemptuous.

Russia has a very long tradition of using deception and propaganda, Lin said, and he added that the country doesn’t draw clear lines between peace and war. “It’s always war, even below the level of armed conflict.” The long-term goal is restoration of Russia’s place in the world. Creation of chaos through the dissemination of fake news and other information operations is simply battlespace preparation. Cyber, he added, gives you low-cost tools you didn’t have before. “It’s an attack on brainspace, and we’re all in the attack surface.”

Murray agreed, noting one current success of Russian information operations. We’ve been distracted from their intervention in Syria by news and fake news surrounding the US elections.

One of the more prominent features of the Russian way of cyber warfare is their willingness and ability to use criminal organizations for operational purposes. During the Cold War, Krehel explained, “if you did harm to the US, you were a hero.” Among other possibilities, that harm could be reputational or it could be economic, and criminals are well-adapted to inflicting those kinds of harm. There’s a view now, among Russian leaders, that they can expose personal information of essentially all Americans, and that this will yield a comprehensive picture of American finances down to the individual level. It’s very important to the Russian government, Krehel observed, to understand what the US can afford, and what capabilities we’re investing in, and all manner of data go into building up that picture. Lin: agreed that Russian espionage aggregates data in ways that render those data more valuable than the simple loss would impose on any single victim.

As a side note on the Russian President, the panel appeared to agree, as one member put it, that we now see one man, President Putin, who is able to use the resources of a modern nation-state to redress a deeply held personal grievance.

Chaos as statecraft.

This general orientation, according to Murray, can be encapsulated by noting that all war, to Russia, is about political ends. There’s no separation of politics from the economy or business. The increase in chaos we see in Western news, information, and political culture is, from a Russian point of view, a desirable thing.

And chaos serves tactical as well as strategic ends. Krehel expanded on this by asserting that Russia wants chaos because it doesn’t have the funding, the financial resources, of, say, the US. Thus Russian security services hand intelligence over to criminal groups. “A normal government doesn’t hand over its political agenda to criminal groups,” he said, but Russia’s does.

Murray offered an evocative story: “The number two guy in Russia has two pictures on his desk: one of Putin, and the other of Tupac Shakur.” So there’s a kind of gangster ethos at the highest levels. And whie using criminal gangs as cutouts also affords an obvious form of deniability, we shouldn’t be deceived.

In response to Hanauer’s question about who might be the leading cyber actors in the Russian government, Krehel said that they were the organizations one would expect, with the FSB and GRU occupying prominent positions. Different units within the government do cooperate—resource and manpower constraints make this inevitable—and in those services “loyalty is high, and rated very highly.”

You cheated them. Expect payback.

There’s also a common motivation, and Russian information operations play into it, especially domestically. “Russia believes all of you in this room cheated them,” Krehel said, and this theme is consciously exploited to the population as a whole, but particularly to the security services. “So the GRU’s big objective is to cripple you financially. And then they want to make you look ridiculous.”

Lin agreed. “That’s an accurate picture of how it works on the ground. Russia is a thugocracy, a state of organized crime.” He has seen reports (unconfirmed reports, he stressed, but he also clearly thought them plausible) that there are formal memoranda of understanding from the FSB to criminal gangs, outlining what the gangs can expect in return for services. “Other governments have done this, but it’s a way of life in Russia. The line between intelligence services and gangs is very vague.”

There’s no such thing as a win-win, Lin said, in the Russian worldview. “To Russia, it’s always win-lose.” Hanauer noted that this seemed a point of difference between Russia and China, and Lin agreed. Where there have been agreements of a sort between the US and China moderate conduct in cyberspace, Lin thinks there’s little evidence that such deterrent or confidence building agreements will have much effect in US-Russian relations.

Protect what’s important? Everything’s important (to the Russians).

Asked about defensive measures, Lin said that, “while there’s a logic to saying, ‘protect what’s important,’ to a good intelligence agency there’s never too much data.”

There are preferences for certain kinds of targets, which Krehel enumerated: first, oil, second, pharma, and a distant third, tech. Tech was less actively prospected because of Russian confidence that “they’re so much better at tech than we are.” Lin agreed, and said there was some basis for that confidence. “In the physics community, for example, we’ve long noted the sophistication of Russian physicists. They have great theoretical insight.”

Humiliation as statecraft, and the commodity tools used to do it.

Murray said he’d recently heard someone lamenting that he missed the Chinese, who just stole without embarrassing you. “That says a lot about Russian operations.”

Turning to the embarrassment inflicted during the US elections, Hanauer asked what kinds of tools the Russians were using for their attacks? Lin answered that the most consequential hack—Democratic Party operative John Podesta’s email—was phishing, a very basic approach.

Krehel said that, during the run-up to the election, he observed the Democratic and Republican National Committee networks being equally pressured by the Russians, the former more successfully than the latter. The approach in both cases focused on human engineering.

The Russian services, Murray explained, focus on engineering end-to-end systems. “‘PowerShell’ is the magic word for Russian coding.” There’s an emphasis on the least common denominator—phishing, PowerShell, darkside commodity tools—in effect a startup mentality. “All their tools are malleable and in motion, all the time.”

Critical infrastructure and acts of war.

Hanauer asked about the much-feared prospect of an attack on US critical infrastructure. Are we seeing, he asked, Russian attacks on US critical infrastructure? And if and when we do, would these be acts of war? “If they’re not trying [to hit US critical infrastructure]” Lin said, “then someone over there should be fired.” In Murray’s view, “Everyone’s trying to figure out the act-of-war line.” He reviewed briefly the history of Russian attacks (a coordinated mix of criminal and intelligence service attacks) on the Ukrainian power grid. He thought Russia would be more circumspect about doing such things to the US grid because, of course, the US is potentially a more dangerous adversary than Ukraine. But he also thought that if the Russians came to believe such attacks would be useful, they wouldn’t hesitate to undertake them.

– See more at: https://thecyberwire.com/events/sinet-itsef-2017/what-the-russians-want-how-russia-uses-cyber-attacks-and-hybrid-warfare-to-advance-its-interests.html#sthash.FnUREpYT.dpuf

Please Don’t Sign it Mr. Trump, You Cant Sign it…

Posted on March 29, 2017March 29, 2017 by Denise Simon

(CNN)FBI Director James Comey warned Wednesday that Americans should not have expectations of “absolute privacy,” adding that he planned to finish his term leading the FBI.

“There is no such thing as absolute privacy in America; there is no place outside of judicial reach,” Comey said at a Boston College conference on cybersecurity. He made the remark as he discussed the rise of encryption since 2013 disclosures by former National Security Agency contractor Edward Snowden revealed sensitive US spy practices.

“Even our communications with our spouses, with our clergy members, with our attorneys are not absolutely private in America,” Comey added. “In appropriate circumstances, a judge can compel any one of us to testify in court about those very private communications.”

Did you get that? What? Keep reading, it gets worse….

Here’s the Data Republicans Just Allowed ISPs to Sell Without Your Consent

Privacy watchdogs blasted the vote as a brazen GOP giveaway to the broadband industry.

Motherboard: Financial and medical information. Social Security numbers. Web browsing history. Mobile app usage. Even the content of your emails and online chats.

These are among the types of private consumer information that House Republicans voted on Tuesday to allow your internet service provider (ISP) to sell to the highest bidder without your permission, prompting outrage from privacy watchdogs.

The House action, which was rammed through by a vote of 215 – 205 on a largely partisan basis by the GOP majority, represents another nail in the coffin of landmark Federal Communications Commission consumer privacy rules that were passed in 2016. The rules, which were set to go into effect later this year, would have required broadband providers to obtain “opt-in” consent before using, sharing, or selling private consumer data.

“Ignoring calls from thousands of their constituents, House Republicans just joined their colleagues in the Senate in violating internet users’ privacy rights,” Craig Aaron, CEO of DC-based public interest group Free Press Action Fund, said in a statement. “They voted to take away the privacy rights of hundreds of millions of Americans just so a few giant companies could pad their already considerable profits.”

Last week, the Senate passed its version of the legislation. President Trump, who “strongly” supports the FCC privacy rollback, is expected to sign the measure soon, as part of the widening Republican campaign to reverse federal safeguards across broad swaths of the economy, including rules protecting the environment, public health, and consumer interests.

Privacy watchdogs say the FCC’s policy is necessary because ISPs can see everything that consumers do online. Unless you use a Virtual Private Network (VPN), every website you visit, every mobile app you use, every online search you conduct, is visible on their networks. Needless to say, this data is immensely valuable because it can be used to create detailed profiles for marketing and tracking purposes.

Related reading: Is Your Favorite Website Spying on You?

Corporate giants like Comcast, AT&T and Verizon already rake in billions of dollars annually from internet, cable, and mobile subscriptions. Now, these broadband firms will be able to make even more money by selling your private data to third party marketers without your permission.

“What the heck are you thinking? What is in your mind?”

Last year, the FCC detailed the data covered by its privacy policy. Thanks to Capitol Hill Republicans, ISPs will no longer be required to obtain “opt-in” consent before using, sharing, or selling this data.

Image: FCC

“What the heck are you thinking?” Rep. Michael Capuano, the Massachusetts Democrat, demanded of his GOP colleagues during floor debate earlier Tuesday. “What is in your mind? Why would you want to give out any of your personal information to a faceless corporation for the sole purpose of them selling it?”

Privacy advocates are particularly outraged because Republican lawmakers are nuking the FCC privacy policy using a controversial legislative tool called the Congressional Review Act (CRA), which allows Congress to nullify recently-approved federal regulations. “Resolutions of disapproval” passed under the CRA cannot be filibustered, and prohibit the agency in question, in this case the FCC, from adopting “substantially similar” privacy rules in the future.

“Once President Trump signs this resolution, there will be no effective federal cop on the beat to proactively protect consumer information collected by ISPs,” Dallas Harris, Policy Fellow at DC-based digital rights group Public Knowledge, said in a statement. “Without the FCC’s broadband privacy rules, Americans go from being internet users to marketing data—from people to the product.”

It should come as no surprise that many of the Republicans leading the charge to roll back the FCC’s privacy rules, including Rep. Marsha Blackburn of Tennessee, have received vast sums of campaign cash from the broadband industry.

Over the course of Blackburn’s 14-year career in the House, she has received $75,750 from AT&T and $72,650 from Verizon, her second and third largest corporate donors, respectively, according to the Center for Responsive Politics. Blackburn has also received $66,000 from NCTA, the broadband industry trade group, and $49,500 from Comcast.

For the last year, the broadband industry has complained that the FCC’s privacy policy is unfair because it doesn’t apply to so-called “edge providers” like Google and Facebook, which are regulated by the Federal Trade Commission (FTC). But instead of fighting to bolster the FTC’s privacy policy to create a level playing field, Republican lawmakers instead chose to eliminate the FCC’s more robust protections. Now the measure moves to Trump’s desk.

“If President Trump was serious about his campaign promises to stand up for the rights of the individual over the powerful special interests in Washington DC, then he would veto this bill,” Nathan White, Senior Legislative Manager at Access Now, said in a statement.

Russia is a Threat, China Aggression is Under-Reported

Posted on March 28, 2017March 28, 2017 by Denise Simon

President Jimmy Carter gave away the Panama Canal which was officially transferred in 2000. Few know about the other canal project in Nicaragua, which is designed to be bigger and better. It was launched by a Chinese billionaire however, it appears the Chinese government is actually behind it.

Image result for china nicaragua canal

The whole matter is shrouded in secrecy while the Panama Canal is going through a huge expansion.

Image result for china militarize islands PBS

China has been creating islands in the South China Sea while other islands are a source of major dispute. China has been seen as militarizing the manufactured islands giving rise to concerns of major cargo and global shipping lanes. Could China be making a worldwide play to control commerce and sea transportation?

Chinese state firms have expressed an interest to develop land around the Panama Canal, the chief executive of the vital trade thoroughfare said, underlining China’s outward push into infrastructure via railways and ports around the world. China’s state firms have in recent years already chalked up investments in key logistics nodes, including Piraeus in Greece and Bandar Malaysia, a major development project that is set to be the terminal for a proposed high-speed rail link between Kuala Lumpur and Singapore. More here from Reuters.

So is there more to this under reported threat by China? Yes. For instance:

HONG KONG — When the United States Air Force wanted help making military robots more perceptive, it turned to a Boston-based artificial intelligence start-up called Neurala. But when Neurala needed money, it got little response from the American military.

So Neurala turned to China, landing an undisclosed sum from an investment firm backed by a state-run Chinese company.

Chinese firms have become significant investors in American start-ups working on cutting-edge technologies with potential military applications. The start-ups include companies that make rocket engines for spacecraft, sensors for autonomous navy ships, and printers that make flexible screens that could be used in fighter-plane cockpits. Many of the Chinese firms are owned by state-owned companies or have connections to Chinese leaders.

The deals are ringing alarm bells in Washington. According to a new white paper commissioned by the Department of Defense, Beijing is encouraging Chinese companies with close government ties to invest in American start-ups specializing in critical technologies like artificial intelligence and robots to advance China’s military capacity as well as its economy. More here from the New York Times.

Humm, need more? Both China and North Korea are known for hacking. China may have some obscure agreement with North Korea to hack selected global sites. As we know, North Korea is a threat as they are continuing to advance their missile program and super thrust rocket engines which are tied to their nuclear weapons program. China provides that communications, telecom and internet platform and servers for North Korea.

Image result for china hacking BBC

North Korea relies on China for Internet connectivity, partially due to longstanding ties between the two nations and partly because it has few options. North Korea borders just three countries: South Korea, with which it is still technically at war, Russia and China. The Chinese Internet is well developed and the Russian border is far from Pyongyang, the North Korean capital, making China a good choice. Going back to 2014, the U.S. State Department was well aware of all these conditions between China and North Korea, still no solution by the Obama administration.

***

Hackers associated with the Chinese government have repeatedly infiltrated the computer systems of U.S. airlines, technology companies and other contractors involved in the movement of U.S. troops and military equipment, a U.S. Senate panel has found.

Cybersecurity expert Dmitri Alperovitch, chief technology officer with the security firm Crowdstrike, said China had for years shown a keen interest in th the logistical patterns of the U.S. military.

The investigation focused on the U.S. military’s ability to seamlessly tap civilian air, shipping and other transportation assets for tasks including troop deployments and the timely arrival of supplies from food to ammunition to fuel. U.S. authorities charged five Chinese military officers, accusing them of hacking into American nuclear, metal and solar companies to steal trade secrets.

Last month, Community Health Systems (CYH.N), one of the largest U.S. hospital groups, said Chinese hackers had stolen Social Security numbers and other personal data from some 4.5 million patients.

*** North Korea has an elite and secret hacking unit as well known as Bureau 121. The Department of Defense submitted a report to Congress on Bureau 121 using asymmetric warfare. North Korea also has an additional cyber unit known as Office 91.

Office 91 is thought to be the headquarters of North Korea’s hacking operation although the bulk of the hackers and hacking and infiltration into networks is done from Unit 121, which operates out of North Korea and has satellite offices overseas, particularly in Chinese cities that are near the North Korean border. One such outpost is reportedly the Chilbosan Hotel in Shenyang, a major city about 150 miles from the border. A third operation, called Lab 110, participates in much the same work.

There are also several cyberunits under North Korea’s other arm of government, the Workers’ Party of Korea.

Unit 35 is responsible for training cyberagents and is understood to handle domestic cyberinvestigations and operations. Unit 204 takes part in online espionage and psychological warfare and Office 225 trains agents for missions in South Korea that can sometimes have a cyber component. More here from PCWorld.

*** China is well aware of North Korea activities, while China has and is becoming more aggressive globally. There is clearly collusion, yet what is the West and in particular the United States prepared to do in response remains unclear. However, China did approve 38 Trump trademarks. President Trump meets with Xi Jinping, maybe we will know more in April.

Russian FSB Officers Charged in Yahoo Hack and More

Posted on March 15, 2017March 15, 2017 by Denise Simon

NBC, Washington

Yahoo announced on Thursday that the account information of at least 500 million users was stolen by hackers two years ago, in the biggest known intrusion of one company’s computer network.

In a statement, Yahoo said user information — including names, email addresses, telephone numbers, birth dates, encrypted passwords and, in some cases, security questions — was compromised in 2014 by what it believed was a “state-sponsored actor.” More here from NYT’s.

U.S. Charges Russian FSB Officers and Their Criminal Conspirators for Hacking Yahoo and Millions of Email Accounts

FSB Officers Protected, Directed, Facilitated and Paid Criminal Hackers

Karim Taloverov, arrested in Canada

A grand jury in the Northern District of California has indicted four defendants, including two officers of the Russian Federal Security Service (FSB), for computer hacking, economic espionage and other criminal offenses in connection with a conspiracy, beginning in January 2014, to access Yahoo’s network and the contents of webmail accounts. The defendants are Dmitry Aleksandrovich Dokuchaev, 33, a Russian national and resident; Igor Anatolyevich Sushchin, 43, a Russian national and resident; Alexsey Alexseyevich Belan, aka “Magg,” 29, a Russian national and resident; and Karim Baratov, aka “Kay,” “Karim Taloverov” and “Karim Akehmet Tokbergenov,” 22, a Canadian and Kazakh national and a resident of Canada.

The defendants used unauthorized access to Yahoo’s systems to steal information from about at least 500 million Yahoo accounts and then used some of that stolen information to obtain unauthorized access to the contents of accounts at Yahoo, Google and other webmail providers, including accounts of Russian journalists, U.S. and Russian government officials and private-sector employees of financial, transportation and other companies. One of the defendants also exploited his access to Yahoo’s network for his personal financial gain, by searching Yahoo user communications for credit card and gift card account numbers, redirecting a subset of Yahoo search engine web traffic so he could make commissions and enabling the theft of the contacts of at least 30 million Yahoo accounts to facilitate a spam campaign.

The charges were announced by Attorney General Jeff Sessions of the U.S. Department of Justice, Director James Comey of the FBI, Acting Assistant Attorney General Mary McCord of the National Security Division, U.S. Attorney Brian Stretch for the Northern District of California and Executive Assistant Director Paul Abbate of the FBI’s Criminal, Cyber, Response and Services Branch.

“Cyber crime poses a significant threat to our nation’s security and prosperity, and this is one of the largest data breaches in history,” said Attorney General Sessions. “But thanks to the tireless efforts of U.S. prosecutors and investigators, as well as our Canadian partners, today we have identified four individuals, including two Russian FSB officers, responsible for unauthorized access to millions of users’ accounts. The United States will vigorously investigate and prosecute the people behind such attacks to the fullest extent of the law.”

“Today we continue to pierce the veil of anonymity surrounding cyber crimes,” said Director Comey. “We are shrinking the world to ensure that cyber criminals think twice before targeting U.S. persons and interests.”

“ The criminal conduct at issue, carried out and otherwise facilitated by officers from an FSB unit that serves as the FBI’s point of contact in Moscow on cybercrime matters, is beyond the pale,” said Acting Assistant Attorney General McCord. “Once again, the Department and the FBI have demonstrated that hackers around the world can and will be exposed and held accountable. State actors may be using common criminals to access the data they want, but the indictment shows that our companies do not have to stand alone against this threat. We commend Yahoo and Google for their sustained and invaluable cooperation in the investigation aimed at obtaining justice for, and protecting the privacy of their users.”

“This is a highly complicated investigation of a very complex threat. It underscores the value of early, proactive engagement and cooperation between the private sector and the government,” said Executive Assistant Director Abbate. “The FBI will continue to work relentlessly with our private sector and international partners to identify those who conduct cyber-attacks against our citizens and our nation, expose them and hold them accountable under the law, no matter where they attempt to hide.”

“Silicon Valley’s computer infrastructure provides the means by which people around the world communicate with each other in their business and personal lives. The privacy and security of those communications must be governed by the rule of law, not by the whim of criminal hackers and those who employ them. People rightly expect that their communications through Silicon Valley internet providers will remain private, unless lawful authority provides otherwise. We will not tolerate unauthorized and illegal intrusions into the Silicon Valley computer infrastructure upon which both private citizens and the global economy rely,” said U.S. Attorney Stretch. “Working closely with Yahoo and Google, Department of Justice lawyers and the FBI were able to identify and expose the hackers responsible for the conduct described today, without unduly intruding into the privacy of the accounts that were stolen. We commend Yahoo and Google for providing exemplary cooperation while zealously protecting their users’ privacy.”

Summary of Allegations

According to the allegations of the Indictment:

The FSB officer defendants, Dmitry Dokuchaev and Igor Sushchin, protected, directed, facilitated and paid criminal hackers to collect information through computer intrusions in the U.S. and elsewhere. In the present case, they worked with co-defendants Alexsey Belan and Karim Baratov to obtain access to the email accounts of thousands of individuals.

Belan had been publicly indicted in September 2012 and June 2013 and was named one of FBI’s Cyber Most Wanted criminals in November 2013. An Interpol Red Notice seeking his immediate detention has been lodged (including with Russia) since July 26, 2013. Belan was arrested in a European country on a request from the U.S. in June 2013, but he was able to escape to Russia before he could be extradited.

Instead of acting on the U.S. government’s Red Notice and detaining Belan after his return, Dokuchaev and Sushchin subsequently used him to gain unauthorized access to Yahoo’s network. In or around November and December 2014, Belan stole a copy of at least a portion of Yahoo’s User Database (UDB), a Yahoo trade secret that contained, among other data, subscriber information including users’ names, recovery email accounts, phone numbers and certain information required to manually create, or “mint,” account authentication web browser “cookies” for more than 500 million Yahoo accounts.

Belan also obtained unauthorized access on behalf of the FSB conspirators to Yahoo’s Account Management Tool (AMT), which was a proprietary means by which Yahoo made and logged changes to user accounts. Belan, Dokuchaev and Sushchin then used the stolen UDB copy and AMT access to locate Yahoo email accounts of interest and to mint cookies for those accounts, enabling the co-conspirators to access at least 6,500 such accounts without authorization.

Some victim accounts were of predictable interest to the FSB, a foreign intelligence and law enforcement service, such as personal accounts belonging to Russian journalists; Russian and U.S. government officials; employees of a prominent Russian cybersecurity company; and numerous employees of other providers whose networks the conspirators sought to exploit. However, other personal accounts belonged to employees of commercial entities, such as a Russian investment banking firm, a French transportation company, U.S. financial services and private equity firms, a Swiss bitcoin wallet and banking firm and a U.S. airline.

During the conspiracy, the FSB officers facilitated Belan’s other criminal activities, by providing him with sensitive FSB law enforcement and intelligence information that would have helped him avoid detection by U.S. and other law enforcement agencies outside Russia, including information regarding FSB investigations of computer hacking and FSB techniques for identifying criminal hackers. Additionally, while working with his FSB conspirators to compromise Yahoo’s network and its users, Belan used his access to steal financial information such as gift card and credit card numbers from webmail accounts; to gain access to more than 30 million accounts whose contacts were then stolen to facilitate a spam campaign; and to earn commissions from fraudulently redirecting a subset of Yahoo’s search engine traffic.

When Dokuchaev and Sushchin learned that a target of interest had accounts at webmail providers other than Yahoo, including through information obtained as part of the Yahoo intrusion, they tasked their co-conspirator, Baratov, a resident of Canada, with obtaining unauthorized access to more than 80 accounts in exchange for commissions. On March 7, the Department of Justice submitted a provisional arrest warrant to Canadian law enforcement authorities, requesting Baratov’s arrest. On March 14, Baratov was arrested in Canada and the matter is now pending with the Canadian authorities.

An indictment is merely an accusation, and a defendant is presumed innocent unless proven guilty in a court of law.

The FBI, led by the San Francisco Field Office, conducted the investigation that resulted in the charges announced today. The case is being prosecuted by the U.S. Department of Justice National Security Division’s Counterintelligence and Export Control Section and the U.S. Attorney’s Office for the Northern District of California, with support from the Justice Department’s Office of International Affairs.

Defendants: At all times relevant to the charges, the Indictment alleges as follows:

- Dmitry Aleksandrovich Dokuchaev, 33, was an officer in the FSB Center for Information Security, aka “Center 18.” Dokuchaev was a Russian national and resident.

- Igor Anatolyevich Sushchin, 43, was an FSB officer, a superior to Dokuchaev within the FSB, and a Russian national and resident. Sushchin was embedded as a purported employee and Head of Information Security at a Russian investment bank.

- Alexsey Alexseyevich Belan, aka “Magg,” 29, was born in Latvia and is a Russian national and resident. U.S. Federal grand juries have indicted Belan twice before, in 2012 and 2013, for computer fraud and abuse, access device fraud and aggravated identity theft involving three U.S.-based e-commerce companies and the FBI placed Belan on its “Cyber Most Wanted” list. Belan is currently the subject of a pending “Red Notice” requesting that Interpol member nations (including Russia) arrest him pending extradition. Belan was also one of two criminal hackers named by President Barack Obama on Dec. 29, 2016, pursuant to Executive Order 13694, as a Specially Designated National subject to sanctions.

- Karim Baratov, aka “Kay,” “Karim Taloverov” and “Karim Akehmet Tokbergenov,” 22. He is a Canadian and Kazakh national and a resident of Canada.

Victims: Yahoo; more than 500 million Yahoo accounts for which account information about was stolen by the defendants; more than 30 million Yahoo accounts for which account contents were accessed without authorization to facilitate a spam campaign; and at least 18 additional users at other webmail providers whose accounts were accessed without authorization.

Time Period: As alleged in the Indictment, the conspiracy began at least as early as 2014 and, even though the conspirators lost their access to Yahoo’s networks in September 2016, they continued to utilize information stolen from the intrusion up to and including at least December 2016.

Crimes:

Count(s)	Defendant(s)	Charge	Statute 18 U.S.C.	Conduct	Maximum Penalty
1	All	Conspiring to commit computer fraud and abuse	§ 1030(b)	Defendants conspired to hack into the computers of Yahoo and accounts maintained by Yahoo, Google and other providers to steal information from them. First, Belan gained access to Yahoo’s servers and stole information that allowed him, Dokuchaev, and Sushchin to gain unauthorized access to individual Yahoo user accounts. Then, Dokuchaev and Sushchin tasked Baratov with gaining access to individual user accounts at Google and other Providers (but not Yahoo) and paid Baratov for providing them with the account passwords. In some instances, Dokuchaev and Sushchin tasked Baratov with targeting accounts that they learned of through access to Yahoo’s UDB and AMT (e.g., Gmail accounts that served as a Yahoo user’s secondary account).	10 years
2	Dokuchaev Sushchin Belan	Conspiring to engage in economic espionage	§ 1831(a)(5)	Starting on Nov. 4, 2014, Belan stole, and the defendants thereafter transferred, received and possessed the following Yahoo trade secrets: the Yahoo UDB, which was proprietary and confidential Yahoo technology and information, including subscriber names, secondary accounts, phone numbers, challenge questions and answers; the AMT, Yahoo’s interface to the UDB; and Yahoo’s cookie “minting” source code, which enabled the defendants to manufacture account cookies to then gain access to individual Yahoo user accounts.	15 years
3	Dokuchaev Sushchin Belan	Conspiring to engage in theft of trade secrets	§ 1832(a)(5)	See Count 2	10 years
4-6	Dokuchaev Sushchin Belan	Economic espionage	§§ 1831(a)(1), (a)(4), and 2	See Count 2	15 years (each count)
7-9	Dokuchaev Sushchin Belan	Theft of trade secrets	§§ 1832(a)(1), and 2	See Count 2	10 years (each count)
10	Dokuchaev Sushchin Belan	Conspiring to commit wire fraud	§ 1349	The defendants fraudulently schemed to gain unauthorized access to Yahoo’s network through compromised Yahoo employee accounts and then used the Yahoo trade secrets to gain unauthorized access to valuable non-public information in individual Yahoo user accounts.	20 years
11-13	Dokuchaev Sushchin Belan	Accessing (or attempting to access) a computer without authorization to obtain information for the purpose of commercial advantage and private financial gain.	§§ 1030(a)(2)(C), 1030(c)(2)(B)(i)-(iii), and 2	The defendants gained unauthorized access to Yahoo’s corporate network and obtained information regarding Yahoo’s network architecture and the UDB.	5 years (each count)
14-17	Dokuchaev Sushchin Belan	Transmitting code with the intent to cause damage to computers.	§§ 1030(a)(5)(A), 1030(c)(4)(B), and 2	During the course of their unauthorized access to Yahoo’s network, the defendants transmitted code on Yahoo’s network in order to maintain a persistent presence, to redirect Yahoo search engine users and to mint cookies for individual Yahoo accounts.	10 years (each count)
18-24	Dokuchaev Sushchin Belan	Accessing (or attempting to access) a computer without authorization to obtain information for the purpose of commercial advantage and private financial gain.	§§ 1030(a)(2)(C), 1030(c)(2)(B)(i)-(iii), and 2	Defendants obtained unauthorized access to individual Yahoo user accounts.	5 years (each count)
25-36	Dokuchaev Sushchin Belan	Counterfeit access device fraud	§§ 1029(a)(1), 1029(b)(1), and 2	Defendants used minted cookies to gain unauthorized access to individual Yahoo user accounts.	10 years (each count)
37	Dokuchaev Sushchin Belan	Counterfeit access device making equipment	§§ 1029(a)(4)	Defendants used software to mint cookies for unauthorized access to individual Yahoo user accounts.	15 years
38	Dokuchaev Sushchin Baratov	Conspiring to commit access device fraud	§§ 1029(b)(2)	Defendants Dokuchaev and Sushchin tasked Baratov with gaining unauthorized access to individual user accounts at Google and other Providers and then paid Baratov for providing them with the account passwords. In some instances, Dokuchaev and Sushchin tasked Baratov with targeting accounts that they learned of through access to Yahoo’s UDB and AMT (e.g., Gmail accounts that served as a Yahoo user’s secondary account).	7 ½ years.
39	Dokuchaev Sushchin Baratov	Conspiring to commit wire fraud	§ 1349	See Count 38	20 years
40-47	Dokuchaev Baratov	Aggravated identity theft	§ 1028A(a)(1)	See Count 38	2 years

Dmitri Dokuchae et al Indictment Redacted

17-278

National Security Division (NSD)

USAO – California, Northern

Topic:

Counterintelligence and Export Control

Updated March 15, 2017

Plan to Destroy N. Korea Missile Nuclear Program

Posted on March 14, 2017March 14, 2017 by Denise Simon

Report: Japan’s Largest Warship Heading to South China Sea, Will Train With U.S., Indian Navies

Izumo is one of two helicopter carriers the Japanese have built for the stated claim of anti-submarine warfare and humanitarian aid and disaster relief operations. The ship entered into service in 2015 and its sister ship Kaga is set to commission this year.

Both ships field seven Mitsubishi-built SH-60k ASW helicopters and seven AgustaWestland MCM-101 mine countermeasure (MCM) helicopters, according to U.S. Naval Institute’s Combat Fleets of the World. Both ships can also accommodate U.S. Marine Corps MV-22 Osprey tilt-rotor aircraft.

Japanese officials have said the threat of an expanded Chinese submarine fleet was a key driver of Japan developing the ship class.

Izumo’s ASW capability fits in with the goals of Malabar 2017 trilateral exercise with India and the U.S., according to a December interview with U.S. 7^th Fleet commander Adm. Joseph Aucoin with the Press Trust of India.

Aucoin promised a larger and more complex ASW exercise in 2017 that would combine new capabilities of the Indian and U.S. forces in the region – like the Indian and U.S. P-8A and Indian P-8I ASW aircraft.

Beijing, for its part, has been vocally opposed to Japan operating warships in the South China Sea and leaned on memories of Imperial Japanese actions in World War II.

Meanwhile:

Side-by-Side

The aircraft carrier USS Carl Vinson conducts a replenishment at sea with the fleet replenishment oiler USNS Tippecanoe in the South China Sea, March 5, 2017. Navy photo by Petty Officer 2nd Class Sean M. Castellan.

***

The United States will permanently station attack drones in South Korea, the US military announced.

The announcement came a week after North Korea shot off four ballistic missiles into the Sea of Japan, also known as the East Sea, and while the US and South Korea are conducting their annual joint military exercises.

“The stationing of this company, which will be assigned to the 2nd Combat Aviation Brigade of the 2nd Infantry Division, directly supports the US Army’s strategic plan to add one Gray Eagle company to each division in the Army,” USFK said in a news release.

“The UAS adds significant intelligence, surveillance and reconnaissance capability to US Forces Korea and our ROK (Republic of Korea) partners.” More here from CNN.

*** The conditions in N. Korea and the plan? Military planners are beginning to consider the unthinkable — a first-strike targeting North Korea’s nuclear facilities

North Korea has been developing nuclear weapons now for more than two decades. A number of international diplomatic efforts slowed this progress, but the last such program failed in 2009. The country which calls itself the Democratic People’s Republic of Korea (DPRK), tested its first nuclear weapon in 2006. Since then the DPRK has accelerated its progress, testing new nuclear devices in 2009, 2013, and then two more last year.

The explosive yields on these bombs have been small (for nuclear weapons) however, analysts believe this points to a disturbing possibility– that North Korea is attempting to build miniaturized nuclear warheads. While its propaganda channels already claim to have achieved this capacity, the DPRK’s nuclear test program seems to be a step-by-step approach to building nuclear missiles.

Concurrent to its nuclear program, North Korea has also forged ahead with the testing of new missile types. Among these, are the Taepodong-2 intercontinental ballistic missile (ICBM), theoretically capable of reaching the west coast of the United States, as well as the Scud-derived Hwasong and Rodong missiles, which were tested this week, and have a strike range which threatens regional US allies such as South Korea and Japan. One final, and perhaps most worrying threat is the Pukkuksong-1 submarine-launched ballistic missile (SLBM) which can be launched from beneath the waves.

Clearly, the country is hell-bent on creating the ability to launch a nuclear attack. The likely reason for this is to function as a so-called “nuclear deterrent.” Should an adversarial nation such as the US or South Korea attempt to attack the North, they can retaliate with nuclear weapons and make such an attack too costly to be considered. Assuming this, all intentional diplomatic efforts have gone into trying to prevent it.

Unfortunately, they have failed.

“Many analysts believe that North Korea already has the capability to place a nuclear weapon on top of a Rodong missile, so South Korea and Japan are already threatened by a possible North Korean nuclear strike,” says Scott Snyder, Director of the Program on U.S.-Korea Policy at the Council on Foreign Relations.

John Schilling, an expert on missile technology from DPRK analysis portal 38 North also supports this view.

“North Korea is probably capable of mounting atomic warheads in the Scud-ER and similar Rodong missiles today, giving them a credible deterrent against South Korea and Japan. The history of their nuclear testing suggests a focused effort at developing lightweight atomic weapons, with consistent results in the last few tests pointing to at least one warhead design having achieved high reliability. Almost certainly this warhead will fit their existing missiles,” he explains.

Even using the small-yield devices so far developed by the DPRK, a nuclear first strike, if successful could easily kill millions in north Asia, and cripple the global economy. Given this, the US and its regional allies are taking defensive measures.

The most talked up of these is the US deployment this week of the Terminal High Altitude Area Defense (THAAD) system to South Korea. This anti-ballistic missile system fires its own missiles to intercept incoming threats before they hit their targets. It is combined with other systems in use including Aegis and Patriot to provide a measure of breathing room. But in a real war, it might not be sufficient.

“THAAD, Aegis, and Patriot are all capable of engaging multiple targets simultaneously, and will probably destroy most missiles aimed at South Korea or Japan. With nuclear warheads on some of those missiles, ‘most’ may not be enough,” says Schilling.

With the situation growing ever more dire, military planners are beginning to consider the unthinkable – a first-strike targeting North Korea’s nuclear facilities. This would theoretically cripple the country’s nuclear weapons production and would buy time for a more congenial government to come to power in Pyongyang.

To say such an action would be difficult and risky however would be a massive understatement.

Some North Korean nuclear sites, such as the Yongbyon nuclear complex are above ground and would be relatively easy to destroy. Other sites, however, are likely located in hardened underground shelters, meaning that a large strike element would be necessary.

“Much of the Yongbyon nuclear complex could be destroyed by air attacks — aircraft and/or cruise missiles. But underground facilities first have to be found and then have to be struck by precision munitions — finding things is the potentially difficult part — North Korea denies a lot of information to the outside world,” says Bruce W. Bennet, a senior defense researcher at RAND Corporation.

“A major attack against those facilities almost certainly cannot be done without starting a wider conflict.”

Even if nuclear weapons are not used, North Korea has enough artillery aimed at South Korea to all but level the capital Seoul and cause hundreds of thousands of casualties.

Scott Snyder agrees that such a first-strike would likely lead to a disastrous war.

“The United States could not strike North Korean nuclear facilities without running the risk of nuclear disaster. Pre-emptive options plausibly might be used to strike North Korean missile sites but North Korea would likely retaliate to such strikes,” he says.

Alternative options such as information operations aiming to destabilize the North Korean regime could be more attractive, as would be additional diplomatic pressure by China. But this itself could leave the DPRK’s leadership feeling even more under siege and may precipitate yet more irrational behavior.

The situation on the Korean Peninsula remains one of the greatest challenges currently facing the international community. With the DPRK preparing for what looks like yet another nuclear test, countries in the region, and major powers like the US and China need to present a united front in order to deter aggression and work together on a possible solution. The only other alternative would be war. More here.

*** In 2013 it was reported: North Korea is reported to have more than thousand missiles of varying capabilities, ranging from short-range (120 km and above) to long-range (greater than 5,500km). The country is believed to have developed its missile programme from Scuds, which it received from Egypt in 1970s. The following decade saw North Korea build its own Scuds – the Hwasong-5 and Hwasong-6, and a medium-range missile, the Nodong. These technologies are said to have been extensively used by the country in building its long-range missile, Taepodong.

***

A greater concern than multiple Scud-type missiles would be if North Korea proved the ability to fire simultaneous salvos of other types of missiles that could carry heavier payload, said one U.S. official, speaking on the condition of anonymity.

North Korea theoretically had enough launchers to send at least 36 ballistic missiles of various types at the same time, said Joseph S. Bermudez, a strategic advisor at Allsource Analysis Inc and contributor to the 38 North Korea monitoring project. More here including comprehensive details on THAAD.