Category Archives: NSA Spying

Iran Deal Terms Revealed, They DID Lie

Posted on by

   Do you wonder what world leaders know that we don’t? Shall we start with the Iranian nuclear deal?

From the White House website January 2016:

On January 16, 2016, the International Atomic Energy Agency verified that Iran has completed the necessary steps under the Iran deal that will ensure Iran’s nuclear program is and remains exclusively peaceful.

Before this agreement, Iran’s breakout time — or the time it would have taken for Iran to gather enough fissile material to build a weapon — was only two to three months. Today, because of the Iran deal, it would take Iran 12 months or more. And with the unprecedented monitoring and access this deal puts in place, if Iran tries, we will know and sanctions will snap back into place.

Here’s how we got to this point. Since October, Iran has:

  • Shipped 25,000 pounds of enriched uranium out of the country
  • Dismantled and removed two-thirds of its centrifuges
  • Removed the calandria from its heavy water reactor and filled it with concrete
  • Provided unprecedented access to its nuclear facilities and supply chain

Because Iran has completed these steps, the U.S. and international community can begin the next phase under the JCPOA, which means the U.S. will begin lifting its nuclear-related sanctions on Iran. However, a number of U.S. sanctions authorities and designations will continue to remain in place. More here.

Sept, 2015: Democratic senators Tuesday blocked for the second time an attempt by frustrated Republicans to stop the Iran nuclear agreement from taking effect. Majority Leader Mitch McConnell, R-Ky., vowed to try again to derail the deal.

Senators voted 56-42 in favor of bringing to the floor a resolution of disapproval opposing the Iran deal — four votes shy of the 60 Republican leaders need to advance the resolution. It was the second time in less than a week that Democrats safeguarded the Iran agreement. The votes spare President Obama from having to veto a disapproval resolution since it will not come to his desk. The House rejected the vote, so what did the Obama White House do? They took it to the UN and bypassed Congress completely…Now we know more details as it is demonstrated that Obama, John Kerry and Ben Rhodes all lied. Consequence? None yet unless we demand them.

 

U.N. Agency Publishes Secret Iran Deal Docs On Exemptions Obama Admin Dismissed

Top Nuclear Expert: “You just have to ask the question of, what else is being hidden?”

TWS: Iran was given secret exemptions allowing the country to exceed restrictions set out by the landmark nuclear deal inked last year, some of which were made public this week by the United Nations nuclear watchdog and others that are likely still being withheld, according to diplomatic sources and a top nuclear expert who spoke to THE WEEKLY STANDARD.

The International Atomic Energy Agency (IAEA) on Friday posted documents revealing that Iran had been given exemptions in January that permit the country to stockpile uranium in excess of the 300 kilogram limit set by the nuclear deal, experts said. The agreements had been kept secret for almost a year, but recent reports indicated that the Trump administration intended to make them public.

TWS reported earlier in December that top Democratic senators also supported releasing the documents.

Some details of the exemptions had previously been leaked. The Institute for Science and International Security (ISIS) revealed in September that Iran had been allowed to exceed certain caps in the deal so that the country could come into compliance with the deal’s terms.

Administration officials dismissed the ISIS report at the time, and surrogates who White House officials have described as the administration’s “echo chamber” criticized the organization.

“The administration was really nasty after we released these documents,” David Albright, the founder and president of ISIS, told TWS on Friday. “It was very tough for us to get the information. … I think that if we hadn’t released, they had every intention to keep it secret. They may have given lip service to openness, but I think their intention was to keep it secret.”

Albright credited the release of the documents as a step towards greater transparency, despite administration attempts to conceal the agreements.

“You just have to ask the question of, what else is being hidden?” said Albright. “The administration did it to try to minimize the chance that people would know what was in these decisions, and certainly keep those people from talking to people like me in the technical community that can actually interpret what’s in those decisions.”

A source who works with Congress on the Iran issue and who had been briefed on some of the exemptions confirmed that assessment.

“The Obama team was just hoping to get through the next few weeks without revealing that they’ve been allowing Iran to go beyond the nuclear deal the whole time,” said the source. “That way the president and Secretary of State Kerry could keep declaring that Iran has been following the deal, and their echo chamber could keep saying the nuclear deal is working.”

“But now it’s public. The only reason that the nuclear deal is still in place is because the Obama team has been secretly rewriting to let Iran cheat. The only question is, what’s still not being told?”

The now-confirmed exemptions reported on by ISIS include allowing Iran to keep low-enriched uranium (LEU) in various forms beyond what’s allowed under the nuclear deal. The concession applies to forms that have been “deemed unrecoverable” for use in a nuclear weapon, and Iran has promised not to build a facility to try recover them.

That language is not in the nuclear deal, and Obama officials have struggled to defend it. At a State Department press briefing in September after the release of the ISIS report, journalists pressed spokesperson John Kirby on the decision.

“You’re using this term that’s not in the document. I’m just trying to figure out how we can actually check that or understand what it means,” said Associated Press reporter Bradley Klapper. “If you say some things are usable but some things aren’t, but I don’t know which are which, that’s not spelled out in the document. That seems to be a new idea here.”

Albright suggested to TWS that the uranium could actually be recoverable and used in a rush to a nuclear weapon. The State Department in September distorted the nature of the exemption, he said.

“If this whole thing rests on [Iran] promising not to build a facility that they’d probably only build in secret if they were going to actually break out, then this material probably should not be deemed non-recoverable,” he continued. “The State Department … deliberately distorted what was in these decisions to make this point that somehow ‘non-recoverable’ meant [the LEU] really would never be able to be recovered, regardless if they build a facility.”

Denying Russian Encroachment is Dereliction of Security

Posted on by

Hillary Clinton is no novice to security measures when it comes to global adversarial incursions. Her team of political operatives are not neophytes either.

By virtue of Hillary’s emails, inspector general’s reports and non-approved (unknown servers) and violations of data protection, Hillary’s team are guilty of malfeasance of duty and management. For proof, read the FBI search warrant of the Abedin/Weiner computers and hard-drive.

FBI Search warrant Huma

Have you considered why certain buildings in government have harden structures including sound proof windows, SCIFs, entry and exit procedures, security clearances and action protocol when transmitting information in hardcopy and electronically? This is due to thousands of foreign tasking of espionage of history that include Russia, China and North Korea to mention a few. Not all hacking is equal, there are viruses, malware, electronic theft and propaganda.

Schiller

A distinction should also be made between hacking and SIGINT, signals intelligence. SIGINT is the interception of data used by foreign powers which can and does include scooping and snooping. There are electronic signals, radars and weapons systems that are all part of the target base applied by foreign adversaries and allies. No part of the United States government or civilian enterprise is exempt or omitted by outside powers including outright spying and theft of industrial espionage, patent information and intelligence.

Beyond this, there is the whole model of propaganda, real and fake news. Under Barack Obama, the United States has been in a reactionary mode rather than installing and actively pursuing defensive and countermeasures when it comes to biased, misleading, filtered or altered influence causing ill legitimate attitudes, movements, synthesis and policy decisions. The master of this game is Russia.

The U.S. government spent more than a decade preparing responses to malicious hacking by a foreign power but had no clear strategy when Russia launched a disinformation campaign over the internet during the U.S. election campaign, current and former White House cyber security advisers said.

Far more effort has gone into plotting offensive hacking and preparing defenses against the less probable but more dramatic damage from electronic assaults on the power grid, financial system or direct manipulation of voting machines.

Over the last several years, U.S. intelligence agencies tracked Russia’s use of coordinated hacking and disinformation in Ukraine and elsewhere, the advisers and intelligence experts said, but there was little sustained, high-level government conversation about the risk of the propaganda coming to the United States.

A former White House official cautioned that any U.S. government attempt to counter the flow of foreign state-backed disinformation through deterrence would face major political, legal and moral obstacles.  

“You would have to have massive surveillance and curtailed freedom and that is a cost we have not been willing to accept,” said the former official, who spoke on condition of anonymity. “They (Russia) can control distribution of information in ways we don’t.”

Clinton Watts, a security consultant, former FBI agent and a fellow at the nonprofit Foreign Policy Research Institute, said the U.S. government no longer has an organization, such as the U.S. Information Agency, that provided counter-narratives during the Cold War.

He said that most major Russian disinformation campaigns in the United States and Europe have started at Russian-government funded media outlets, such as RT television or Sputnik News, before being amplified on Twitter by others.

A defense spending pill passed this month calls for the State Department to establish a “Global Engagement Center” to take on some of that work, but similar efforts to counter less sophisticated Islamic State narratives have fallen short.

The U.S. government formally accused Russia of a campaign of cyber attacks against U.S. political organizations in October, a month before the Nov. 8 election.

U.S. ‘STUCK’

James Lewis, a cyber security expert at the Center for Strategic & International Studies who has worked for the departments of State and Commerce and the U.S. military, said Washington needed to move beyond antiquated notions of projecting influence if it hoped to catch up with Russia.

“They have RT and all we know how to do is send a carrier battle group,” Lewis said. “We’re going to be stuck until we find a way deal with that.” More here including Alex Jones from Reuters.

Then there is Iran who has and continues to use propaganda to build internal reputation and power, the same as Putin of Russia himself.

When Iran detained our Navy personnel, consider the traction that was gained both positive and negative.

NR: The sight of members of the American military, disarmed and under Iranian control, is of enormous propaganda value in Iran’s ongoing war against the United States. To its allies in the Middle East, the photo demonstrates Iran’s strength – how many jihadist countries have had this many American servicemembers under their power? – and it demonstrates American weakness. Then there’s this: “This time, the Americans were cooperative in proving their innocence, and they quickly accepted their faults without resistance,” the analyst, Hamidreza Taraghi, said in a phone interview. “The Marines apologized for having strayed into Iranian waters.” Never fear, John Kerry made friends with the Iranians, and that made all the difference: Also playing a role was the strong relationship that has developed between Mr. Kerry and the Iranian foreign minister, Mohammad Javad Zarif, during negotiations on the nuclear deal, Mr. Taraghi said. “John Kerry and Zarif were on the phone during the past hours, and this helped the problem to be resolved quickly due to their direct contact,” he said. Nations that take illegal propaganda photos, crow about their seizure of American boats, confiscate part of their equipment, and then point to our allegedly admitted faults aren’t “easing tensions,” they’re flexing their muscles. I’m glad our sailors and boats are back in American hands — minus, apparently, their GPS equipment — but once again Iran has thumbed its nose at the U.S., demonstrating that it does what it wants — whether it’s testing missiles, launching rockets near U.S. warships, or taking, questioning, and photographing American sailors who (allegedly) stray into Iranian waters.

Not only does government need to harden security, but civilians must as well. That includes people, information, news, systems, software and brick and mortar structures. Separating fact from fiction, providing exact and true definitions and not conflating conditions is the charter and mission in the future.

 

Russian State, Non-State Cyber Intrusions Sway Voting/Political Decisions

Posted on by

In October, before the U.S. presidential election, a Russian man suspected of carrying out cyberattacks against U.S. targets was arrested in Prague and was also wanted by Interpol. What information could have been gained in this case that has provided additional evidence to government officials for further investigations? Anyone remember in 2012 when the Russian hacked LinkedIn?

Everyone appears to be in denial about the ability and reasons that Russia and or their non-state actors swayed the U.S. campaign and voting process. No one official has ever claimed actual votes were altered, but rather the argument is actual affectation of information, attitudes and decisions by candidates and voters. There is a distinct difference and words matter.

Russia is artful when it comes to practicing hybrid warfare, cyber is but one tactic, the other successful tactic is propaganda. It works.

APT 28, Russia (Advanced Persistent Threat) has been seen to have moved on from the United States political season and turned towards Germany’s political season in recent days. This is not likely to affect vote tally results but rather polling attitudes going into consideration of votes for candidates.

This site has been writing about hacking and cyber intrusions for more than two years. While government agency officials have pointed with evidence that Russia played a significant role, it is also important to remember there are thousands of outside government cyber experts that are hired by government to protect against cyber intrusions and to investigate and report that of which is otherwise unknown by government due to being in the private sector. These are generally known as ‘White Hats’. White Hats in their forensic work look for types of penetration, commonality in code or language, trace IP addresses, concepts, malware, login files, brute force, where stolen data later appeared, partitions and code based platforms.

Let’s examine some facts and history.

It was also proven last year that as part of the Russian aggression with the Ukraine, that power grid was hacked by Russian operations. Due to major sanctions applied to Russia for at least the annexation of Crimea and the invasion of Ukraine and the continued threat to East Europe and NATO, the Russian Defense Ministry launched a more aggressive cyber command. Beyond hacking the non-classified but still a protected system at the White House in 2015, there are others of note.

In the past year, researchers have also linked Russian hackers believed to be working for the government to other spying campaigns, including against NATO, the Ukrainian government, energy companies in Poland, and an academic at an American university who was targeted because he studies Ukraine.

On Tuesday, CNN reported that according to U.S. officials, Russian hackers had penetrated portions of the White House computer network by gaining access from another “perch,” at the State Department, where intruders had gotten inside the unclassified email system.

The intrusion reported by CNN is not “a new incident,” a spokesman for the National Security Council said. Rather, it was acknowledged by the White House last year after intruders accessed an unclassified network used by the Executive Office of the President. More here.

From 2014, long before the presidential election cycle was set into motion:

As reported by Heritage, according to FBI Director James Comey, “There are two kinds of big companies in the United States. There are those who’ve been hacked…and those who don’t know they’ve been hacked.”[1]

A recent survey by the Ponemon Institute showed the average cost of cyber crime for U.S. retail stores more than doubled from 2013 to an annual average of $8.6 million per company in 2014.[2] The annual average cost per company of successful cyber attacks increased to $20.8 million in financial services, $14.5 million in the technology sector, and $12.7 million in communications industries.

This paper lists known cyber attacks on private U.S. companies since the beginning of 2014. (A companion paper discussed cyber breaches in the federal government.)[3] By its very nature, a list of this sort is incomplete. The scope of many attacks is not fully known. For example, in July, the U.S. Computer Emergency Readiness Team issued an advisory that more than 1,000 U.S. businesses have been affected by the Backoff malware, which targets point-of-sale (POS) systems used by most retail industries.[4] These attacks targeted administrative and customer data and, in some cases, financial data.

This list includes only cyber attacks that have been made known to the public. Most companies encounter multiple cyber attacks every day, many unknown to the public and many unknown to the companies themselves.

The data breaches below are listed chronologically by month of public notice.

January

  • Target (retail). In January, Target announced an additional 70 million individuals’ contact information was taken during the December 2013 breach, in which 40 million customer’s credit and debit card information was stolen.[5]
  • Neiman Marcus (retail). Between July and October 2013, the credit card information of 350,000 individuals was stolen, and more than 9,000 of the credit cards have been used fraudulently since the attack.[6] Sophisticated code written by the hackers allowed them to move through company computers, undetected by company employees for months.
  • Michaels (retail). Between May 2013 and January 2014, the payment cards of 2.6 million Michaels customers were affected.[7] Attackers targeted the Michaels POS system to gain access to their systems.
  • Yahoo! Mail (communications). The e-mail service for 273 million users was reportedly hacked in January, although the specific number of accounts affected was not released.[8]

April

  • Aaron Brothers (retail). The credit and debit card information for roughly 400,000 customers of Aaron Brothers, a subsidiary of Michaels, was compromised by the same POS system malware.[9]
  • AT&T (communications). For two weeks AT&T was hacked from the inside by personnel who accessed user information, including social security information.[10]

May

  • eBay (retail). Cyber attacks in late February and early March led to the compromise of eBay employee log-ins, allowing access to the contact and log-in information for 233 million eBay customers.[11] eBay issued a statement asking all users to change their passwords.
  • Five Chinese hackers indicted. Five Chinese nationals were indicted for computer hacking and economic espionage of U.S. companies between 2006 and 2014. The targeted companies included Westinghouse Electric (energy and utilities), U.S. subsidiaries of SolarWorld AG (industrial), United States Steel (industrial), Allegheny Technologies (technology), United Steel Workers Union (services), and Alcoa (industrial).[12]
  • Unnamed public works (energy and utilities). According to the Department of Homeland Security, an unnamed public utility’s control systems were accessed by hackers through a brute-force attack[13] on employee’s log-in passwords.[14]

June

  • Feedly (communications). Feedly’s 15 million users were temporarily affected by three distributed denial-of-service attacks.[15]
  • Evernote (technology). In the same week as the Feedly cyber attack, Evernote and its 100 million users faced a similar denial-of-service attack.[16]
  • P.F. Chang’s China Bistro (restaurant). Between September 2013 and June 2014, credit and debit card information from 33 P.F. Chang’s restaurants was compromised and reportedly sold online.[17]

August

  • U.S. Investigations Services (services). U.S. Investigations Services, a subcontractor for federal employee background checks, suffered a data breach in August, which led to the theft of employee personnel information.[18] Although no specific origin of attack was reported, the company believes the attack was state-sponsored.
  • Community Health Services (health care). At Community Health Service (CHS), the personal data for 4.5 million patients were compromised between April and June.[19] CHS warns that any patient who visited any of its 206 hospital locations over the past five years may have had his or her data compromised. The sophisticated malware used in the attack reportedly originated in China. The FBI warns that other health care firms may also have been attacked.
  • UPS (services). Between January and August, customer information from more than 60 UPS stores was compromised, including financial data,[20] reportedly as a result of the Backoff malware attacks.
  • Defense Industries (defense). Su Bin, a 49-year-old Chinese national, was indicted for hacking defense companies such as Boeing.[21] Between 2009 and 2013, Bin reportedly worked with two other hackers in an attempt to steal manufacturing plans for defense programs, such as the F-35 and F-22 fighter jets.

September

  • Home Depot (retail). Cyber criminals reportedly used malware to compromise the credit card information for roughly 56 million shoppers in Home Depot’s 2,000 U.S. and Canadian outlets.[22]
  • Google (communications). Reportedly, 5 million Gmail usernames and passwords were compromised.[23] About 100,000 were released on a Russian forum site.
  • Apple iCloud (technology). Hackers reportedly used passwords hacked with brute-force tactics and third-party applications to access Apple user’s online data storage, leading to the subsequent posting of celebrities’ private photos online.[24] It is uncertain whether users or Apple were at fault for the attack.
  • Goodwill Industries International (retail). Between February 2013 and August 2014, information for roughly 868,000 credit and debit cards was reportedly stolen from 330 Goodwill stores.[25] Malware infected the chain store through infected third-party vendors.
  • SuperValu (retail). SuperValu was attacked between June and July, and suffered another malware attack between late August and September.[26] The first theft included customer and payment card information from some of its Cub Foods, Farm Fresh, Shop ‘n Save, and Shoppers stores. The second attack reportedly involved only payment card data.
  • Bartell Hotels (hotel). The information for up to 55,000 customers was reportedly stolen between February and May.[27]
  • U.S. Transportation Command contractors (transportation). A Senate report revealed that networks of the U.S. Transportation Command’s contractors were successfully breached 50 times between June 2012 and May 2013.[28] At least 20 of the breaches were attributed to attacks originating from China.

October

  • J.P. Morgan Chase (financial). An attack in June was not noticed until August.[29] The contact information for 76 million households and 7 million small businesses was compromised. The hackers may have originated in Russia and may have ties to the Russian government.
  • Dairy Queen International (restaurant). Credit and debit card information from 395 Dairy Queen and Orange Julius stores was compromised by the Backoff malware.[30]
  • Snapsave (communications). Reportedly, the photos of 200,000 users were hacked from Snapsave, a third-party app for saving photos from Snapchat, an instant photo-sharing app.[31]

Securing Information

As cyber attacks on retail, technology, and industrial companies increase so does the importance of cybersecurity. From brute-force attacks on networks to malware compromising credit card information to disgruntled employees sabotaging their companies’ networks from the inside, companies and their customers need to secure their data. To improve the private sector’s ability to defend itself, Congress should:

  • Create a safe legal environment for sharing information. As the leaders of technological growth, private companies are in most ways at the forefront of cyber security. Much like government agencies, companies must share information that concerns cyber threats and attack among themselves and with appropriate private-public organizations.[32] Congress needs to create a safe environment in which companies can voluntarily share information without fear of legal or regulatory backlash.
  • Work with international partners. As with the Backoff malware attacks, attacks can affect hundreds if not thousands of individual networks. These infected networks can then infect companies outside the U.S. and vice versa. U.S. and foreign companies and governments need to work together to increase overall cybersecurity and to enable action against individual cyber criminals and known state-sponsored cyber aggressors.[33]
  • Encourage cyber insurance. Successful cyber attacks are inevitable because no security is perfect. With the number of breaches growing daily, a cybersecurity insurance market is developing to mitigate the cost of breaches. Congress and the Administration should encourage the proper allocation of liability and the establishment of a cyber insurance system to mitigate faulty cyber practices and human error.[34]

***

Denial or refusing the argument and examination of evidence is malfeasance and exacerbating a cyber criminal act.

 

 

 

 

U.S. Military of the Future, is it Ready?

Posted on by

A couple of advanced thoughts:

  • Get the lawyers out of theater
  • Give legal protection and in some cases immunity to troops in forward operating bases
  • End sequestration
  • Use all offensive tools in the cyber battlefield
  • Rebuild real diplomacy at the State Department

Forget About Too Big To Fail, America’s Military Has Become Too Small To Succeed

NI: Once upon a time, the U.S. had a large military that was technologically superior to its adversaries in many, even most, areas. Today, the U.S. military is a pale shadow of its former self.

In 2016, the active component of the U.S. Army of 479,000 soldiers shrank to the smallest it has been since before World War II, when it had some 269,000. The number of Army combat brigades is scheduled to decline to 30 by 2018, one third fewer than there were just in 2013. The U.S. Navy, with 273 ships, is about the same size as it was prior to America’s entry into World War I. At approximately 5,000 total aircraft, the U.S. Air Force is both the smallest and oldest it has been since its inception in 1947. The number of active duty squadrons in the Air Force is slated to decline to 39, less than half of the 70 that were available during Operation Desert Storm. Army, Navy and Air Force end strengths are each about 40 percent smaller than they were at the end of the Cold War. This is one of the main reasons why the Pentagon had to rely on more than a hundred thousand private contractors to provide the necessary logistics, sustainment and communications for its deployed forces when it went to war in Iraq and Afghanistan. Which had the ability to communicate through a state-of-the-art platform a CKS Global industrial keyboard, which was durable in the hashes of conditions.

At the height of the Cold War, the U.S. maintained a two-and-a-half-war strategy: major, simultaneous wars against the Soviet Union and China plus another nation. The Nixon Administration changed the sizing criteria to one-and-a-half-wars: a major war with the Soviet Union plus a second, possibly related, conflict in the Persian Gulf or on the Korean peninsula. Following the collapse of the Soviet Union and the end of the Cold War, the political system concluded that war between major powers was virtually impossible.

The sizing construct for the U.S. military changed in the early 1990s to two near-simultaneous Major Regional Contingencies (MRC), reflecting the belief that the likeliest threats came from regional actors such as North Korea, Iraq and Iran. It was assumed that each MRC would require approximately the quantity of forces deployed for the then-recently-concluded Persian Gulf War. Thus, a two-MRC U.S. force would consist of 10 Army divisions, two or three division-sized Marine Expeditionary Forces, 11 aircraft carriers, 120 large surface combatants, 38 large amphibious warfare ships, 200 strategic bombers, 60 tactical fighter wings, 400–500 tankers, 250 airlifters and some 75 maritime support ships.

In truth, the U.S. military never had sufficient capacity to conduct two near-simultaneous MRCs. The dirty little secret among Pentagon planners is that the conflicts would have to be sequenced, possibly by six months or more, in order to allow critical assets to be redeployed from the first to the second contingency. Even the fight against Islamic terrorism strained the military’s capacity in some ways. The Army had to add nearly 75,000 active duty personnel and mobilize a large fraction of the National Guard just to handle the ongoing demands of Iraq, Afghanistan and its other worldwide commitments. A special acquisition program, directed by then-Secretary of Defense Robert Gates, had to be undertaken to acquire sufficient drones and Mine-Resistant Ambush Protected vehicles.

Since the end of the Cold War, reductions in the size of the military and its combat capacity was justified, first, on the basis of the diminution of the threat and, second, by reference to our technological edge over prospective adversaries and the resulting improved combat capability of the new systems that were being deployed. Neither of these arguments any longer holds true. The demand for U.S. military forces continues to grow even as their overall capacity declines. The civilian and military leadership of the Department of Defense (DoD) have publicly declared that the U.S. now faces five strategic threats: Russia, China, North Korea, Iran and global Islamic terrorism. Conflict with either of the first two would constitute a major war, not a regional contingency. U.S. Air Force Chief of Staff General David Goldfein testified before Congress that his service only had enough combat ready forces for one MRC and even that would require denuding all other theaters.

Moreover, the U.S. military has just about run out the string on its vaunted technological superiority. We have been repeatedly warned by senior Pentagon and Intelligence Community officials that the U.S. military is losing its technological edge. Both Russia and China have invested heavily in so-called anti-access and area denial capabilities (A2/AD) that are designed to counter erstwhile U.S. advantages, particularly in air and naval power. Russia is deploying its A2/AD capabilities in ways that could preclude U.S. and NATO military operations in the Baltic, Black and eastern Mediterranean Seas. These two countries are also developing advanced power projection forces and forward bases that could deny the U.S. the ability to operate in the eastern Pacific and the Arctic. Secretary of Defense Ashton Carter found the loss of U.S. technological superiority so threatening that he had to formulate a new investment strategy, the so-called Third Offset, specifically designed to re-establish our advantage in military capabilities.

Even regional adversaries and terrorist organizations are deploying advanced military capabilities. North Korea, a nuclear weapons state, has already deployed over a thousand ballistic missiles — three hundred of which have the range to strike Japan and U.S. bases in the Western Pacific. Iran has ballistic missiles that can reach most of the Middle East. Tehran just received its first Russian S-300 air defense system. Hezbollah, the Shiite terrorist group, is reported to have an arsenal with tens of thousands of rockets and ballistic missiles. ISIS has employed Russian-made anti-tank guided missiles capable of destroying U.S.-made M-1 tanks operated by the Iraqi Army.

This is why many in the military shiver in their boots when they consider going up against a serious A2/AD threat. It has become such a problem that the Chief of Naval Operations, Admiral John M. Richardson, has banned the use of the term A2/AD because, in his words, it implies “that any military force that enters the red area faces certain defeat – it’s a ‘no-go’ zone!” Yes, the U.S. military can penetrate current A2/AD defenses, but at what price? Let’s remember that the Air Force only has 186 F-22s, the plane that was designed to penetrate advanced air defenses, and there are no more where those came from.

The U.S. Army faces similar difficulties. As the commander of all U.S. Army forces in Europe, Lieutenant General Ben Hodges, recently declared his job is to make 30,000 soldiers look like 300,000. Currently, the Army and its NATO allies lack enough forces in Europe to oppose a determined Russian offensive. In addition, neither the U.S. nor its allies have real answers to the kind of capabilities in electronic warfare, cyber offense, high volume, long range fires and tactical air defense that Russia has demonstrated in its operations in Ukraine.

The reality is that the U.S. military today is too small, with too few technological advantages and facing too many threats. There is now a very real possibility that in a future conflict, even one with a regional adversary, U.S. forces could suffer such high casualties that, regardless of the outcome, this country will lack the capabilities needed to deal with any other major contingency. During the 1972 Linebacker II bombing raids against North Vietnam, the Air Force lost some 20 B-52s. Back then, this was a small fraction of the overall fleet. Today that would be more than 10 percent; the bomber force would literally be decimated. A force that is too small to fail is one that the U.S. increasingly could be reluctant to send in harm’s way save when national survival is at risk.

Dr. Dan Goure is a Vice President of the Lexington Institute. He served in the Pentagon during the George H.W. Administration and has taught at Johns Hopkins and Georgetown Universities and the National War College.

NSA: All Signs Point to Russian Hacking

Posted on by

Are all the right questions being asked regarding presidential candidates relationships with the Kremlin? What is the real relationship that Trump and his organization has with Russia? Further, what about what the Hillary camp did prior to the elections? Video and transcript from MEMRI on the Hillary Camp.

Russian Foreign Ministry Spokesperson: People from Clinton’s Elections Team Visited Moscow Many Times
Russian Foreign Ministry spokesperson Maria Zakharova said that meetings with various personnel on the elections teams of both U.S. presidential candidates was “normal diplomatic practice,” and implied that the American outrage regarding Russian contacts with President-elect Trump’s team in the buildup to the elections was groundless. Asked about contacts with Hillary Clinton’s team, Zakharova said: “They came to Moscow many times.” She was speaking on a Russia 1 post-elections talk show on November 13.

The NSA also announced it was inside Russia infrastructure.

 CyberWire: Many countries afford criminals a safe harbor, and the criminals are emboldened by this. Attackers continue to exploit human trust, Mandia said, and there activities will continue to reflect geopolitical conditions. He noted that the Syrian Electronic Army became active after the US declared a redline over the Assad regime’s anticipated use of chemical weapons. He doesn’t regard this as an accident. Looking at the two biggest competitors of the US in cyberspace, Mandia saw more capability in China, but more hacking from Russia. He thought that Chinese hacking has actually declined. But “Russia’s dialed it up a notch.” Beginning in 2014 Mandia saw a dip in Russian OPSEC as hacking tools were increasingly shared by government and criminals. He also saw less attention being paid to manual deletion of hackers’ tracks from victim systems. He concludes from this that “the Russians know what they’re looking for, and they’re operating at a scale where they don’t have manual resources available.” The large scale and high operational tempo of Russian hacking has led them to build capability at the cost of stealth and evasiveness. Turning to the cybercriminal underworld, he notes the rise in extortion. He sees this as in part a response to enhanced credit card security. As card security got better, criminals realized they had more lucrative options. It’s also not particularly risky, he said—it’s proving difficult to penetrate the anonymity of those who hold data for ransom. The attackers’ methods are indiscriminate: most attacks are what Mandia called “spray and pray” operations, not targeted work. A great deal of ransomware is being spread with automated spearphishing.

What about the matter of Russian war crimes in Syria, Crimea and Ukraine? Of note, Russia just terminated the membership of the International Criminal Court.

BusinessInsider: The leader of the National Security Agency says there shouldn’t be “any doubt in anybody’s mind” that there was “a conscious effort by a nation-state” to sway the result of the 2016 presidential election.

Adm. Michael Rogers, who leads both the NSA and US Cyber Command, made the comments during a conference presented by The Wall Street Journal in response to a question about WikiLeaks’ release of nearly 20,000 internal emails from the Democratic National Committee.

“There shouldn’t be any doubt in anybody’s minds,” Rogers said. “This was not something that was done casually. This was not something that was done by chance. This was not a target that was selected purely arbitrarily. This was a conscious effort by a nation-state to attempt to achieve a specific effect.”

Rogers did not specify the nation-state or the specific effect, though US intelligence officials say they suspect Russia provided the emails to WikiLeaks after hackers stole them from DNC servers and the personal email account of Hillary Clinton’s campaign manager, John Podesta.

At least two different hacker groups associated with the Russian government were found inside the networks of the DNC over the past year reading emails, chats, and downloading private documents. Many of those files were later released by WikiLeaks.

The hack of Podesta’s private Gmail address was traced by cybersecurity researchers to hackers with Russia’s foreign intelligence service, the GRU, because the group made an error during its campaign of “spear phishing” targets — tricking them into clicking on malicious links or give up their passwords. The researchers found that the group had targeted more than 100 email addresses that were associated with the Clinton campaign, according to The New York Times.

The Obama administration in October publicly accused Russia of being behind the hacks.

“The US intelligence community is confident that the Russian Government directed the recent compromises of emails,” reads a statement from the Department of Homeland Security. “These thefts and disclosures are intended to interfere with the US election process.”

Sen. Lindsey Graham of South Carolina said on Tuesday that he wants the Senate to open an investigation into whether the Russian government meddled in the US election. Russian President Vladimir Putin has repeatedly denied his country was behind the hacks.