Category Archives: Russia

The Cyber-Threats to SCADA Increasing

Posted on by
Dell has reached out to this site with updated/corrected links for the item below:

Please refer to https://www.quest.com and https://www.quest.com/solutions/network-security/

What is SCADA? A computerized system that controls all national infrastructure. This includes water, power grids, transportation and supply chains.

In 2012:

The last “INTERNET SECURITY THREAT REPORT published by Symantec reports that in 2012, there were eighty-five public SCADA vulnerabilities, a massive decrease over the 129 vulnerabilities in 2011. Since the emergence of the Stuxnet worm in 2010, SCADA systems have attracted more attention from security researchers.

Today, 2015 there is a significantly more chilling condition.

 

A recent report published by Dell revealed a 100 percent increase in the number of attacks on industrial control (SCADA) systems.

The new Dell Annual Threat Report revealed that the number of attacks against supervisory control and data acquisition (SCADA) systems doubled in 2014 respect the previous year. Unfortunately, the majority of incidents occurred in SCADA systems is not reported. The experts confirmed that in the majority of cases the APT are politically motivated.

“Attacks against SCADA systems are on the rise, and tend to be political in nature as they target operational capabilities within power plants, factories, and refineries,” the researchers explained. “We saw worldwide SCADA attacks increase from 91,676 in January 2012 to 163,228 in January 2013, and 675,186 in January 2014.”

The countries with the greatest number of attacks are the Finland, the United Kingdom, and the United States, where online SCADA systems are widespread.

“In 2014, Dell saw 202,322 SCADA attacks in Finland, 69,656 in the UK, and 51,258 in the US” continues the report.

The experts noticed that buffer overflow is the vulnerability in SCADA system most exploited by hackers (25%), among other key attack methods there are the lack of input validation (9%) and Information Exposure (9%).

SCADA Attack methods Dell Report

 

Security experts speculate that the number of the attacks will continue to increase in the next years.

“This lack of information sharing combined with the vulnerability of industrial machinery due to its advanced age means that we can likely expect more SCADA attacks to occur in the coming months and years.” states the report.

 

The data published by Dell are aligned with the findings included in a report recently published by the ICS-CERT. The CERT responded to 245 incidents in Fiscal Year 2014, more than half of the incidents reported by asset owners and industry partners involved sophisticated APT.

Let’s closed with the suggestions provided by Dell experts to protect SCADA systems from attacks:

  • Make sure all software and systems are up to date. Too often with industrial companies, systems that are not used every day remain installed and untouched as long as they are not actively causing problems. However, should an employee one day connect that system to the Internet, it could become a threat vector for SCADA attacks.
  • Make sure your network only allows connections with approved IPs.
  • Follow operational best practices for limiting exposure, such as restricting USB ports if they aren’t necessary and ensuring Bluetooth is disabled.
  • In addition, reporting and sharing information about SCADA attacks can help ensure the industrial community as a whole is appropriately aware of emerging threats.

Who Knew about Bergdahl and Prisoner Swap?

Posted on by

Per flash traffic: At 0430Z, TF 1 Geronimo reported a B Co missing soldier after he did not show up for the 0900L morning roll call at Mest OP, grid 42SVB 59236 47877 Yahya Khail District, Paktika.  A full search was ordered.  At 0535Z, TF 1 Geronimo initiated DUSTWUN procedures for the missing soldier.  At 0645Z, all remaining units had reported in 100% accountability.   Geronimo TOC ordered blocking positions set in and around Mest OP.  At 0707Z, Predator (VooDoo) was on station in support.  At 0940Z, a Pathfinder and tracking dog team arrived at Mest OP in support.  At 0945Z, Predator (Pfingston) arrived on station in support.  At 1012Z, LLVI receives traffic that an American Soldier with a camera is looking for someone who speaks English.  At 1303Z, Graphic 33(2x F-18) arrived on station in support.  At 1309Z, FF receive intelligence that a U.S. soldier has been captured.  At 1351Z, VooDoo and Pfingston RIP with Predator (Sijan).   At 1520Z, Sijan RIPs with Predator (Kisling) and DUDE-21 (2x F-15) arrives on station to support.  Between 1725Z and 1800Z, B Co conducted 2 breaches of suspected enemy locations with NSTR.  Additional forces were moving into the area to place blocking positions and conduct searches based on all of the aerial and ground based intelligence sources available throughout the day and through the night.

ISAF Tracking #06-2426

Event Title:CAPTURED SOLDIER
Zone:null
Placename:ISAF# 06-2426
Outcome:null

S:1 X US SOLDIER
A: MISSSING SOLDIER
L:VB 592 478
T:300430zJUNE09
U: Bco 1-501
R: INITIATE DUSTWUN

Action operations to find Bergdahl are explained fully here.

So who in the media and in the DC circles knew about Bergdahl from the immediate days he removed his uniform and left America behind? What were the swift demands of the Haqqani network demand for the return of Bergdahl?

Untangling the Mysteries Behind Bowe Bergdahl’s Rescue Mission

It was before dawn at Observation Post Mest-Malak, a U.S. Army outpost surrounded by Taliban-controlled villages in eastern Afghanistan, when the men in Blackfoot Company 2nd Platoon first noticed that Bowe Bergdahl was missing. An Army veteran who says he was one of Bergdahl’s closest friends in Afghanistan and spoke to Newsweek on the condition of anonymity, remembers the moment well. “[Specialist Shane] Cross came over and he whispered, ‘Hey, you seen Bergdahl?’ and I knew instantly he was gone. I said, ‘He’s gone. He’s fucking gone.’”

The U.S. Army boasts that it does not leave men behind, so when Private First Class Bergdahl disappeared in Paktika province on June 30, 2009, the Army was going to find him, no matter the cost.

His platoon-mates all knew Bergdahl was eccentric, a quiet kid who prided himself on the wilderness survival skills he learned growing up in Idaho. He was one of the fittest in the platoon, two of them told Newsweek, and he was meticulous about the gun-cleaning, field-manual-memorizing details of military life. He and his buddies liked to spend nights drinking chai with the Afghan National Police officers stationed up on a dusty hill. He smoked a pipe. Some of the guys thought he was weird, but they all thought he was reliable. “Up until the second he walked away, he was the example of the good soldier,” says Army Specialist Gerald Sutton. “He was always doing his job. We never had to worry about him.” Bergdahl’s close friend from the platoon adds: “He always did what he was told, always there to help you. Always.”

In downtime bitch sessions, when the men talked about shooting themselves in the foot or other schemes to get out of the war early, Bergdahl reportedly said his plan would be to walk to India. Or he said he would shed his weapons and gear, Siddhartha-like, and join the Kochis, nomadic Pashtun tribes whose dark tents dotted the Afghan valleys that looked eerily similar to the Idaho backcountry where he had honed his Man vs. Wild skills. His buddies thought it was just talk. “Everybody wanted to leave. We thought he was just venting,” the friend says. “We didn’t take it seriously. [At OP Mest] you couldn’t even walk outside the base. We were in contact with the enemy anytime we left…. It was like, ‘Whatever, [Bergdahl], you’re full of shit.’”

But he did leave. Alone and unarmed, the 23-year-old was abducted within hours by local Zadran tribe militants, sources tell Newsweek, who passed him up the Taliban’s regional chain of command. He was held as a hostage for five years, and only returned last year after a prisoner swap that freed five Taliban fighters from the U.S. military’s Guantanamo Bay Detention Camp.

04_10_FE0115_Bergdahl_10 From left, Colonel Bradley J. Kamrowski, Ph.D., Major General Joseph P. DiSalvo, and Colonel Ronald N. Wool deliver a press conference in San Antonio, Texas to report on Sgt. Bowe Bergdahl’s return to the United States and reintegration at Brooke Army Medical Center. Drew Anthony Smith/Getty

Ten months after returning to home soil, Bergdahl was formally charged on March 25, 2015, with two crimes under the Army’s Uniform Code of Military Justice: “Desertion With Intent to Shirk Important or Hazardous Duty” and the more serious “Misbehavior Before the Enemy by Endangering the Safety of a Command, Unit or Place.” He is awaiting an Article 32 hearing, similar to a grand jury, and is working a desk job at Fort Sam Houston in San Antonio. The Army tries dozens of desertion cases each year (17 men were found guilty of the charge in 2009), and the maximum punishment is five years in military prison, a dishonorable discharge and the loss of back pay. The misbehavior-and-endangerment charge is far more serious, exceptionally rare (according to Stars & Stripes, the last high-profile case was in 1968) and brings the maximum penalty of life in prison.

‘You’re Gonna Be Looking for Bergdahl’

Why Bowe Bergdahl walked into a hostile war zone isn’t much clearer now than it was the day he left. OP Mest was operating without an officer at the time, and according to his lawyer, Bergdahl snuck away to report disciplinary problems in his unit to an officer at a nearby base.

For the men he left behind in Blackfoot Company and the 1st Battalion of the 501st Regiment that night, life in Afghanistan changed instantly and dramatically. “From the second he left until we left the country, our whole mission was screwed up,” Bergdahl’s friend says. “[In] every operation order until March 2010, he was thrown in the mix: ‘You’re gonna be looking for Bergdahl.’”

“It changed the mission [in Afghanistan] for everyone,” says Sergeant Jordan Vaughan, who served in a separate Blackfoot Company platoon and says he was sent on at least 50 missions to find the missing soldier. “We stopped the regular counter-insurgency mission and instead went and looked for Bergdahl.” According to Vaughan and other men from Blackfoot Company, at least eight soldiers were killed on those searches. Platoon medic Josh Cornelison told NBC News last June, “Every single person that died [out there] was doing something to find Bowe Bergdahl.”

In both legal and moral terms, the charge that Bergdahl’s actions led to the deaths of fellow soldiers is the most important and disturbing one he faces, and yet the Pentagon has steadfastly denied the claim. “I do not know of specific circumstances or details of U.S. soldiers dying as a result of efforts to find and rescue Sergeant Bergdahl,” former defense secretary Chuck Hagel said last summer. Bergdahl had been promoted during his captivity.

The families of those fallen men are outraged and frustrated by this apparent contradiction of facts and testimony. “They’re not liars,” says Cheryl Brandes of the soldiers’ claims. Her son, Matthew Martinek, died from wounds suffered during an ambush on September 4, 2009, while on a mission, his comrades told her, to find Bergdahl. “There needs to be an investigation,” she told Fox News. “Why is this such a cover-up? Why can they not just tell us, ‘Yes, your son was looking for another soldier?’ What’s so bad about that?”

The Pentagon cannot answer Brandes without conceding an awkward and troubling fact: On the day her son was flanked by Taliban militants in an ambush that also killed 2nd Lieutenant Darryn Andrews, officials in Washington and Kabul already had overwhelming intelligence that Bergdahl was no longer in Afghanistan.

‘We Assumed It Became a CIA Operation’

From the hilltop guard post at OP Mest, it was just 25 miles or so to the Pakistani border, and, according to a former State Department official who spoke to Newsweek on the condition of anonymity, there was a widespread assumption in Kabul that Bergdahl would be shuttled to Pakistan as fast as his captors were able.

The day he was reported DUSTWUN (Duty Status Whereabouts Unknown), American military commanders working with the International Security Assistance Force (ISAF) ordered a secretive military unit—variously referred to as the intelligence support activity, mission support activity, the activity or gray fox—to track leads about his whereabouts. One of the first officers on the case was an unconventional-operations specialist who was attending a jirga, a meeting of Afghan tribal elders, when he got the call about Bergdahl. The officer, who is not authorized to discuss the case and spoke on the condition of anonymity, says, “I got a call from our guy in Kabul. He said, ‘Hey, we got a lost puppy.’  “We just happened to be talking to the elders in this tribe with knowledge of the area [where Bergdahl went missing],” the officer tells Newsweek. He says he immediately got to work, calling dozens of sources across Afghanistan. “We talked to Taliban lawyers and mullahs, border security police, a lot of people.”  The intelligence-gathering quickly brought precise information about Bergdahl’s captors. “We knew how they were going to move him, where they were going to move him. We figured it would be 48 hours at the most before he was across the border,” the officer says. When he investigated whether the Army could prevent Bergdahl’s captors from taking him across that border, the answer was clear. “There is no way to shut down border traffic. It’s the Silk Road, for God’s sake,” he says. “It’s been a smugglers’ transit route for thousands of years. So [the Taliban] better be pretty good at it. And they are.”

Within days, this officer was told by his superior to give up the search: “I was told to drop it, that someone else has got it.” The following week, he learned that the Joint Special Operations Command (JSOC), which planned and executed the most sensitive raids of the war—including Operation Neptune Spear, the mission that killed Osama bin Laden in May 2011—had also been called off. “When JSOC was told to stand down,” the officer tells Newsweek, “we assumed it became a CIA operation in Pakistan.”

The moment Bergdahl was taken across the Afghan-Pakistani border, the search for him jumped its own distinct legal boundary. Rescuing the “lost puppy” went from the purview of traditional military operations to a covert intelligence mission. “Anything south of that line was outside the area of Operation Enduring Freedom,” the military mission in Afghanistan, the officer says. At that point, “it would have taken the president or a CIA operation to call a cross-border raid.”

By the second week of July, civilian and military officials were so confident Bergdahl had been smuggled across the Pakistani border that the JSOC and clandestine special operations units were called off the search…

So why did the Army continue to send infantrymen in Afghanistan on dozens of missions in hostile territory to find him?

A High-Value Hostage

The militants who captured Bergdahl were never coy about their identity or why they had kidnapped him. Two days after he was abducted, they held the Taliban equivalent of a press conference to take responsibility and make their demands. “The case will be referred to Sirajuddin Haqqani and other top Taliban leadership,” Mullah Sangeen, a well-known Taliban commander in Paktika, told a CBS reporter on July 2, 2009. “They have to decide the future of the U.S. soldier, but we would not mind a prisoner exchange.”

The Pentagon was equally clear about the players involved. “An American soldier captured in southeastern Afghanistan is being held by a notorious militant clan, a senior U.S. military official said,” is how CNN’s Barbara Starr put it. Reports by the BBC, The Washington Post, and The Long War Journal concurred: Bergdahl had been taken by the Haqqani Network.

The Haqqanis were a terrorist threat that was well known in Washington and Kabul, and they were a constant source of diplomatic headaches. During the Cold War, Jalaluddin Haqqani was a handsomely paid CIA proxy in the fight against the Soviets, but after 9/11, his family took up arms against the latest infidel invaders. “In Pakistan’s tribal areas of North and South Waziristan, Maulavi [Jalaluddin] Haqqani and his sons run a network of madrasas and training bases and provide protection for foreign fighters and terrorist groups, including Al-Qaeda,” The New York Times reported in June 2008.

In November of that year, the Haqqanis lured Times reporter David Rohde to an interview south of Kabul, then snatched him and immediately smuggled him across the border to Pakistan’s Federally Administered Tribal Areas. “The Haqqanis oversee a sprawling Taliban mini-state in North Waziristan with the acquiescence of the Pakistani military,” Rohde said in A Rope and a Prayer, the 2010 book he co-wrote with his wife, Kristen Mulvihill, about his seven months as a Haqqani hostage. By the spring of 2009, several months into his captivity, Rohde’s situation was common knowledge to then-secretary of state Hillary Clinton, State Department ambassadors to the region, management of The New York Times, American intelligence and law enforcement agencies, as well as the private hostage negotiators and consultants Rohde’s wife and family had recruited.

On June 20, 2009, Rohde fled in a daring and successful escape, the details of which remain unclear. Ten days later, in a stroke of luck for a terrorist group that had made kidnapping a pillar of its business, the Haqqanis replaced the journalist with an even more valuable hostage—the first and only American soldier captured in that war.

‘Looking for Someone Who Speaks English’

Before Sangeen called that press conference, Bergdahl’s captors hurried to make a proof-of-life tape and deliver it to the highest-ranking American official they could reach in Kabul. Having video proof was a high priority for the militants, first discussed in a conversation intercepted by American spy planes about six hours after Bergdahl’s platoon reported him missing. “An American soldier with a camera is looking for someone who speaks English” is how the Army interpreter paraphrased the intercepted radio or cellphone chatter. That message, which was logged in the classified Army record later published by WikiLeaks, matches the memories of men in Blackfoot Company who heard the interpreter’s words over the radio that morning. It is cited as proof by some members of the platoon and multiple media organizations that Bergdahl had gone looking to join the Taliban, that he was a traitor. “That means he’s going to collaborate with the enemy, [doesn’t] it?” Sean Hannity said on his Fox News show.

But according to Robert Young Pelton, a journalist consulted by the military to help find Bergdahl, that message was wrong, a bad translation from the captor’s Pashto language. It wasn’t the young American who had a camera and was looking for someone who spoke English; it was Bergdahl’s kidnappers, hurrying to speak to and record proof of their high-value hostage.

Pelton was working in Afghanistan as the director of AfPax, a subscription-based, conflict-zone information service. For a monthly fee, he provided clients with a stream of information gathered by local sources. “We had subscribers from every venue: media, State Department, [nongovernmental organizations], etc.,” Pelton tells Newsweek. “The military, special operations, came to us and asked us for help [tracking Bergdahl].” One former military intelligence officer who would not talk on the record about the Bergdahl incident tells Newsweek that AfPax was the best source of clean intelligence in Afghanistan at the time.

The day after Bergdahl walked off his base, the spy planes picked up another conversation between militants about their new prize: “Can you guys make a video of him and announce it all over Afghanistan that we have one of the Americans?” the first asked. Another man replied, “We already have a video of him.”

To Pelton, who tracked Rohde and other kidnapping victims in eastern Afghanistan, Bergdahl’s destination was never in doubt: “We knew he was going to Pakistan as soon as [the Army] said they were missing a guy.” Pelton worked with RC-East commanders—conventional U.S. forces in eastern Afghanistan—for about two weeks before he was told to stop. “We went over to their office and they had maps on the wall, and we would point to Pakistan and say, ‘He’s going that way.’ That’s when they told us to wave off,” he says.

Pelton, who wrote about his work tracking Bergdahl for Vice, says, “Everyone knew that Bergdahl was in Pakistan, and now everyone is trying to rewrite history.”

Ransom Demand: $19m and 25 Prisoners

By the time the Haqqanis released their first proof-of-life video to the media, some Army officials had been informed that Bergdahl was already over the border. According to Qayum Karzai, the older brother of then-Afghan president Hamid Karzai, the Haqqanis delivered their first messages, via a courier, to Major General Edward Reeder Jr., commander of Special Operations in Operation Enduring Freedom at the time. The militants wanted $19 million and 25 prisoners from Gitmo, roughly the same ransom demands first made to free Rohde. “Everyone knew he was in Pakistan…the Afghan government, tribal leaders, Afghan reporters,” Karzai tells Newsweek. “Everyone talked about it.” At a time when many feared Bergdahl had been killed, Karzai says he also helped deliver a message from the prisoner to his parents in Idaho.

According to Linda Robinson, a senior policy analyst at the Rand Corporation, who interviewed Reeder for her book One Hundred Victories: Special Ops and the Future of American Warfare, the general learned of Bergdahl’s location from two sources. The first, a former Taliban minister who had joined the Afghan government, told Reeder that Bergdahl had been taken to Miran Shah, the same town where Rohde spent most of his seven months in captivity. The second was the courier. Sometime shortly after Reeder received the first ransom demand, the courier brought a second message that lowered the ransom to $5 million and dropped the request for a prisoner swap. Reeder told Robinson he passed the message up the chain of command, but to his surprise, “none of his superiors followed up on it.”

Reeder declined to comment on this story through an Army public affairs officer. Both retired general Stanley McChrystal, Reeder’s superior at the time, and retired general Mike Flynn, the director of the Defense Intelligence Agency during the search, also declined to answer Newsweek’s questions related to the Bergdahl case. (Reporter’s disclosure: For the first year of Bergdahl’s captivity, I worked in his hometown, and his father was the UPS deliveryman at the office where I worked.)

On July 18, 2009, 18 days after Bergdahl had walked away from his base, the Haqqanis released a video of him to the international press, and ABC News reported that, according to “a person actively involved in the search,” he had been taken to Pakistan. In interviews with ABC News, U.S. officials at the Pentagon and in Kabul denied the claim, insisting he was still in Afghanistan.

‘The War Was About to Be Lost’

The idea that America’s only prisoner of war in the post-9/11 era was being held inside the borders of a key ally in its War on Terror posed some serious problems. In mid-2009, when Bergdahl apparently was smuggled over one of the most dangerous borders in the world, Washington had real concerns over “not wanting to go to war with Pakistan,” says Ahmed Rashid, a Lahore, Pakistan–based journalist and author.

Bergdahl’s abduction coincided with the start of the largest American surge in the 13 years of that war—from less than 40,000 servicemen in early 2009 to about 100,000 in late 2010. In the summer of 2009, the Taliban were ascendant across southern Afghanistan, and, as Robinson writes, the Americans realized “the war was about to be lost.” The escalation affected both sides of the border. On the Pakistan side, CIA drone strikes (that the Bureau of Investigative Journalism reports likely killed many more civilians than militants) rose from 35 in 2008 to 117 in 2010. After an errant ISAF helicopter killed three Pakistani soldiers stationed near the border, the Pakistanis temporarily cut off the ISAF’s main supply artery, and relations between Washington and Islamabad hit new lows.

Rashid, who consulted with both the Rohde and Bergdahl families during their negotiation efforts, says the captured soldier was an inconvenient truth for the Americans. At such a delicate moment, a covert cross-border raid to retrieve one infantryman was a catastrophic risk. Bergdahl was trumped, says Rashid, by the top American priority: “protect the already fragile but still useful relationship with Pakistan to get at Al-Qaeda.”

On Christmas Day 2009, nearly six months after the Army called off its elite special operations and JSOC units from the search, and after commanding officers sent the men of Blackfoot Company on nearly six months’ worth of raids and missions to allegedly find him, the Haqqanis released a second proof-of-life video, a strange and uncomfortable spectacle. A thin Bergdahl sometimes reads and sometimes rambles through a lengthy indictment of American policy:

“And so do I, my family members, my fellow soldiers in the Army and their families, and all the regular Americans, do we or even should we trust those that send us to be killed in the name of America? Because aren’t our leaders, be it Obama or a Bush or whoever, aren’t they simply the puppets of the lobbies that pay for their election campaigns?”

Speaking for the Pentagon, Rear Admiral Gregory Smith called the video an affront to the soldier’s family and friends. “It reflects nothing more than the violent, deceitful tactics of the Taliban insurgency,” he said. “We will continue our search for Bowe Bergdahl.”

‘You Will Be Hunted…’

In the days after Bergdahl disappeared, Blackfoot Company scrambled its platoons. For the first 35 to 40 days, according to several men, the search was “nonstop.” Squads were sent to follow every lead, in any direction. For some, that meant driving to sit in far-off “blocking positions” to intercept any Taliban vehicles that might be stowing him. Some soldiers were sent beyond the reach of the Army’s supply trucks, to desert frontiers where contracted Russian pilots air-dropped food and water from helicopters that looked older than the Americans on the receiving end. The soldiers of Blackfoot Company were also sent to raid distant Afghan villages. Infantrymen distributed pamphlets to Afghan civilians asking for information about Bergdahl. The flyers had pictures of American soldiers kicking down doors and a caption that read, “If you do not release the U.S. soldier then…you will be hunted.”

Bergdahl’s platoon’s missions soon ranged beyond Paktika and into neighboring border provinces. “It was a wild goose chase,” says Bergdahl’s friend from the 2nd Platoon. “We went all over southeast Afghanistan.” But, he adds, “we did whack a lot of people in the process.”

As the weeks wore on, another Blackfoot Company team leader, Sergeant Johnathan Rice, suspected his commanders weren’t really looking for Bergdahl. “Common sense dictates that [whoever took him wasn’t] going to keep him around for long.” But unlike most of the soldiers in his platoon, Rice saw a method in the Army’s madness. “From an infantryman standpoint, we were doing our job for once,” he says. “We were actually going to towns, doing our assaults, raiding places.”

Before Bergdahl went missing, Rice says, his men had their hands tied. “We weren’t able to do ‘hard knocks’—when you hit a target and breach their house early in the morning or overnight. We would need a ridiculous amount of intel to get the green light to do that kind of thing. But if it was a mission to retrieve Bergdahl, it was an instant green light. It was always worded as ‘These people could have information on Bergdahl.’ But my speculation is that they were targets that we wanted to bring in anyway.”

Rice felt his men were now taking the fight to the enemy, rather than “just knocking on the door and asking to have some tea.” Before Bergdahl left, “we were walking through markets buying goats because we had nothing else to do.” During these searches for Bergdahl, “we had excuses to hit high-value targets or hit people of interest.”

“A lot of valuable intelligence was gathered,” Rice says, and Bergdahl was the excuse his commanders needed to do their jobs. “Leadership took the opportunity, and I stand 100 percent behind it.”

The #Bergdahl Lynch Mob

After being held hostage for five years, a pale and bald Sergeant Bergdahl emerged from the back of a militant’s Nissan, allegedly in the border province of Khost, and boarded an American Blackhawk helicopter. Within a day, about 8,000 miles to the west, five Taliban detainees (at least two of whom had been in leadership positions) boarded a U.S. C-17 military transport plane at Guantanamo Bay, Cuba, and were flown to Qatar, where they would be free but monitored and travel-restricted for a year. When National Security Adviser Susan Rice announced the swap as a triumph for America, further proof the U.S. Army doesn’t abandon its men, the frustrations of the soldiers who had searched for Bergdahl roiled social media.

In the fall of 2009, the Army had the men in Blackfoot Company sign nondisclosure agreements, requiring them to never talk about the Bergdahl affair. But as stories from Afghan War soldiers started showing up on Twitter and Facebook, six veterans of the 2nd Platoon, including Specialist Sutton, were recruited by Republican strategist Richard Grenell for a media tour. They were flown to New York last summer from Michigan, South Dakota, Texas, Washington and California and, says Sutton, put up in a cramped Manhattan hotel paid for by Fox News. They trashed Bergdahl, calling him a deserter first and foremost, but also, some said, a traitor, a sympathizer of America’s enemy and a coward.

Much of the mainstream political media jumped in gleefully, speculating about Bergdahl’s motives, his politics and his religion. They also opined on his parents’ politics and religious beliefs, his father’s “suspicious” beard, how frequently they talked to their son. And most important to the analysts of policy and politics, they talked about whether Bergdahl was “worth it.”

After those soldiers and their families went public, Bergdahl’s hometown of Hailey, Idaho, was swarmed, and the FBI was called in when Bergdahl’s family received multiple death threats. This spring, with each update about his case, including the recent news that he will face desertion and misbehavior-and-endangerment charges, the #Bergdahl lynch mob is roused again, overflowing with the righteous vengeance of those who want Bergdahl imprisoned for life, or worse. “The evidence shows right now that U.S. soldiers were killed searching for the man,” Bill O’Reilly said on his Fox News show in late March. That statement is not quite accurate. The full truth—that the Army sent infantrymen on dangerous missions to find a soldier it knew was no longer missing—is far more complicated, and confounding.

Forged in the political heat of TV news studios, the vitriolic descriptions of Bergdahl’s character and behavior do not match what those who knew him best say about him now. “He was a heck of a soldier,” says Bergdahl’s friend from 2nd Platoon. “He was odd. He was different, which is why the other guys didn’t like him.… He did meditating and Buddhist stuff and people thought it was weird. I’m weird. Everyone is weird in their own way.”

In politics and war, simple myths are more useful than complex realities. The soldiers who searched for Bergdahl did so without question, and in their selflessness, they called upon the military’s essential and sacred codes of honor. The families and small towns that lost men in those searches bear a powerful witness to the horror and confusion of America’s longest war. They deserve an honest accounting of what happened to their sons and why.

And as he prepares to defend himself against the charge that he caused their deaths, so does Bowe Bergdahl.

This story was updated to clarify that Qayum Karzai did not deliver, handle, or have knowledge of the video or ransom demands for Bowe Bergdahl. He helped deliver a letter from the prisoner to his parents. 

Who is hosting the Hacker’s Servers?

Posted on by

State report reveal 130 compromised websites used in travel-related watering hole attacks

By Bill Gertz

One hundred thirty websites are hosting malicious software on their websites in what the State Department is calling a sophisticated Russian cyber spying operation, according to security analysts.
“These websites include news services, foreign embassies and local businesses that were compromised by threat actors to serve as ‘watering holes,’” according to a report by the Overseas Security Advisory Council distributed this week. A watering hole is a hijacked website used by cyber attackers to deliver malware to unsuspecting victims.
“For example, users may navigate to one of these malicious sites with the intent of checking travel requirements or the status of a visa application and unknowingly download the embedded malware onto their computers,” the report said.
The report identified the locations of the compromised websites as the United States, South America, Europe, Asia, India and Australia.
The report appears to indicate Russian intelligence may be behind the operations. Also, none of the compromised websites are in China, an indication that Beijing’s hackers could be involved.
A total of 15 of the 130 websites used for watering holes were government embassy websites located in Washington, DC, and two were involved in passport and visa services and others are offering travel services.
The embassy targeting suggests some or all of the operations are linked to foreign intelligence services that are breaking into the networks as part of tracking and monitoring of foreign travel.
Another possibility is that the operation are part of information warfare efforts designed to influence policies and publics. Both Russia and China are engaged in significant strategic information operations targeting foreign governments and the private sector.
“The threat actors are likely attempting to gather information from entities with vested interests in international operations,” the report said. “Identified victims in this sector include embassies, defense industrial base groups, and think tanks.”
The report, based on data provided by the security firm iSight Partners, says the watering holes are likely part of cyber espionage operations.
“Analysis indicates this campaign has a global reach, continuing to target users of identified intelligence value long after the initial infection,” the report says.
The compromised websites are increasingly functioning as indirect malicious software attack tools. The compromised sites represent a different method than widely used spear phishing – the use of emails to trigger malicious software downloads.
“Rather than send a malicious email directly to a target of interest, threat actors research and compromise a high-traffic website that will likely be visited by numerous targets of interest,” the report said.
“Watering holes are effective, as they often exploit existing vulnerabilities on a user’s machine,” the report said. More sophisticated threat actors have been observed employing zero-day exploits – those which are previously unknown and evade antivirus and intrusion detection systems (IDS) to successfully compromise victims. Zero-days were used in the widely publicized Forbes.com watering hole in late 2014.”
The hijacked websites appear to be part of a campaign spanning 26 upper-level Internet domains and include affiliations with 21 nations and the European Union.
According to iSight, evidence suggests the campaign is “likely tied to cyber espionage operations with a nexus to the Russian Federation.”
The compromised government websites included those from Afghanistan, Iraq, Jordan, Namibia, Qatar and Zambia. The report recommended not visiting any of those embassy websites or risk being infected with malware.
Technically, the attackers arranged for computer users who visited the compromised websites to be infected with an embedded JavaScript that redirected users to a Google-shortened URL, and then on to websites the mapped their computer systems. This “profiling” is used by cyber spies to identify valuable targets and control that specific victims who are injected with a malware payload.
The profiling is used to identify targets that will produce “high intelligence value” returns, indicating sophisticated cyber spies are involved. The infection also employed a technique called the use of “evercookie” a derivative of the small files that are inserted on computers and can be used by remote servers to tailor information, such as advertisements, to specific user.
While normal cookies can be easily removed, evercookies store data in multiple locations, a method that makes them extremely difficult to find and removed. The use of evercookies also permits long-term exploitation by cyber attackers.
To counter watering hole attacks, users should make sure system and software security updates are applied, and avoid visiting suspicious websites.
In particular, network monitoring should be used to spot unusual activities, specifically geared toward attacks that exploit zero-day vulnerabilities.
“The threat of watering holes is likely to remain high, given their increasing popularity and success in the last year,” the report said.
The report, “Compromised Global Websites Target Unsuspecting Travelers,” was produced by OSAC’s Research & Information Support Center (RISC). It is available for OSAC members at osac.gov. *** But there is more.

SAN FRANCISCO (Reuters) – Hacking attacks that destroy rather than steal data or that manipulate equipment are far more prevalent than widely believed, according to a survey of critical infrastructure organizations throughout North and South America.

The poll by the Organization of American States, released on Tuesday, found that 40 percent of respondents had battled attempts to shut down their computer networks, 44 percent had dealt with bids to delete files and 54 percent had encountered “attempts to manipulate” their equipment through a control system.

Those figures are all the more remarkable because only 60 percent of the 575 respondents said they had detected any attempts to steal data, long considered the predominant hacking goal.

By far the best known destructive hacking attack on U.S. soil was the electronic assault last year on Sony Corp’s Sony Pictures Entertainment, which wiped data from the Hollywood fixture’s machines and rendered some of its internal networks inoperable.

The outcry over that breach, joined by President Barack Obama, heightened the perception that such destruction was an unusual extreme, albeit one that has been anticipated for years.

Destruction of data presents little technical challenge compared with penetrating a network, so the infrequency of publicized incidents has often been ascribed to a lack of motive for attackers.

Now that hacking tools are being spread more widely, however, more criminals, activists, spies and business rivals are experimenting with such methods.

“Everyone got outraged over Sony, but far more vulnerable are these services we depend on day to day,” said Adam Blackwell, secretary of multidimensional security at the Washington, D.C.-based group of 35 nations.

The survey went to companies and agencies in crucial sectors as defined by the OAS members. Almost a third of the respondents were public entities, with communications, security and finance being the most heavily represented industries.

The questions did not delve into detail, leaving the amount of typical losses from breaches and the motivations of suspected attackers as matters for speculation. The survey-takers were not asked whether the attempted hacks succeeded, and some attacks could have been carried off without their knowledge.

The survey did allow anonymous participants to provide a narrative of key events if they chose, although those will not be published.

Blackwell told Reuters that one story of destruction involved a financial institution. Hackers stole money from accounts and then deleted records to make it difficult to reconstruct which customers were entitled to what funds.

“That was a really important component” of the attack, Blackwell said.

In another case, thieves manipulated equipment in order to divert resources from a company in the petroleum industry.

Blackwell said that flat security budgets and uneven government involvement could mean that criminal thefts of resources, such as power, could force blackouts or other safety threats.

At security company Trend Micro Inc. , which compiled the report for the OAS, Chief Cybersecurity Officer Tom Kellermann said additional destructive or physical attacks came from political activists and organized crime groups.

“We are facing a clear and present danger where we have non-state actors willing to destroy things,” he said. “This is going to be the year we suffer a catastrophe in the hemisphere, and when you will see kinetic response to a threat actor.”

So-called “ransomware,” which encrypts data files and demands payment be sent to remote hackers, could also have been interpreted as destructive, since it often leaves information unrecoverable.

A spokesman for the U.S. Department of Homeland Security, SY Lee, said the department did not keep statistics on how often critical U.S. institutions are attacked or see destructive software and would not “speculate” on whether 4 out of 10 seeing deletion attempts would be alarming.

U.S. political leaders cite attacks on critical infrastructure as one of their greatest fears, and concerns about protecting essential manufacturers and service providers drove a recent executive order and proposed legislation to encourage greater information-sharing about threats between the private sector and government.

Yet actual destructive attacks or manipulation of equipment are infrequently revealed. That is in part because breach-disclosure laws in more than 40 states center on the potential risks to consumers from the theft of personal information, as with hacks of retailers including Home Depot Inc and Target Corp.

Under Securities and Exchange Commission guidelines, publicly traded companies must disclose breaches with a potential material financial impact, but many corporations can argue that even deletion of internal databases, theft and manipulation of equipment are not material.

Much more is occurring at vital facilities behind the scenes, and that is borne out by the OAS report, said Chris Blask, who chairs the public-private Information Sharing and Analysis Center for cybersecurity issues with the industrial control systems that automate power, manufacturing and other processes.

“I don’t think the public has any appreciation for the scale of attacks against industrial systems,” Blask said. “This happens all the time.”

 

Russian Aggression Noticed Globally

Posted on by

The West has gone back to the future, Cold War conditions when it comes to Russia. When it comes to Ukraine, the media refers to the conflict as coming from Russian separatists, this is a misnomer, they are ‘Soviet’ loyalists.

US aerospace command moving comms gear back to Cold War bunker

Washington (AFP) – The US military command that scans North America’s skies for enemy missiles and aircraft plans to move its communications gear to a Cold War-era mountain bunker, officers said.

 

The shift to the Cheyenne Mountain base in Colorado is designed to safeguard the command’s sensitive sensors and servers from a potential electromagnetic pulse (EMP) attack, military officers said.

The Pentagon last week announced a $700 million contract with Raytheon Corporation to oversee the work for North American Aerospace Command (NORAD) and US Northern Command.

Admiral William Gortney, head of NORAD and Northern Command, said that “because of the very nature of the way that Cheyenne Mountain’s built, it’s EMP-hardened.”

“And so, there’s a lot of movement to put capability into Cheyenne Mountain and to be able to communicate in there,” Gortney told reporters.

“My primary concern was… are we going to have the space inside the mountain for everybody who wants to move in there, and I’m not at liberty to discuss who’s moving in there,” he said.

The Cheyenne mountain bunker is a half-acre cavern carved into a mountain in the 1960s that was designed to withstand a Soviet nuclear attack. From inside the massive complex, airmen were poised to send warnings that could trigger the launch of nuclear missiles.

But in 2006, officials decided to move the headquarters of NORAD and US Northern Command from Cheyenne to Petersen Air Force base in Colorado Springs. The Cheyenne bunker was designated as an alternative command center if needed.

That move was touted a more efficient use of resources but had followed hundreds of millions of dollars worth of modernization work at Cheyenne carried out after the attacks of September 11, 2001.

Now the Pentagon is looking at shifting communications gear to the Cheyenne bunker, officials said.

“A lot of the back office communications is being moved there,” said one defense official.

Officials said the military’s dependence on computer networks and digital communications makes it much more vulnerable to an electromagnetic pulse, which can occur naturally or result from a high-altitude nuclear explosion.

Under the 10-year contract, Raytheon is supposed to deliver “sustainment” services to help the military perform “accurate, timely and unambiguous warning and attack assessment of air, missile and space threats” at the Cheyenne and Petersen bases.

Raytheon’s contract also involves unspecified work at Vandenberg Air Force Base in California and Offutt Air Force Base in Nebraska.

***

AMARI AIR BASE, Estonia –  Russia is so close that the F-16 fighter pilots can see it on the horizon as they swoop down over a training range in Estonia in the biggest ever show of U.S. air power in the Baltic countries.

The simulated bombs release smoke on impact, but the M-61 cannon fires live ammunition, rattling the aircraft with a deafening tremor and shattering targets on the ground.

 

The four-week drill is part of a string of non-stop exercises by U.S. land, sea and air forces in Europe — from Estonia in the north to Bulgaria in the south — scaled up since last year to reassure nervous NATO allies after Russia’s military intervention in Ukraine. U.S. and Russian forces are now essentially back in a Cold War-style standoff, flexing their muscles along NATO’s eastern flank.

The saber-rattling raises the specter that either side could misinterpret a move by the other, triggering a conflict between two powers with major nuclear arsenals despite a sharp reduction from the Cold War era.

“A dangerous game of military brinkmanship is now being played in Europe,” said Ian Kearns, director of the European Leadership Network, a London-based think-tank. “If one commander or one pilot makes a mistake or a bad decision in this situation, we may have casualties and a high-stakes cycle of escalation that is difficult to stop.”

With memories of five decades of Soviet occupation still fresh, many in the Baltic countries find the presence of U.S. forces a comfort rather than a risk.

In recent months, Estonia, Latvia and Lithuania have seen hundreds of U.S. armored vehicles, tanks and helicopters arrive on their soil. With a combined population of just over 6 million, tiny armies and no combat aircraft or vehicles, the last time tanks rumbled through their streets was just over 20 years ago, when remnants of the Soviet army pulled out of the region.

The commander of Estonia’s tiny air force, Col. Jaak Tarien, described the roar of American F-16s taking off from Amari — a former Soviet air base — as “the sound of freedom.”

Normally based in Aviano, Italy, 14 fighter jets and about 300 personnel from the 510th Fighter Squadron are training together with the Estonians — but also the Swedish and Finnish air forces. Meanwhile, Spain’s air force is in charge of NATO’s rotating air patrols over the Baltic countries.

“A month-long air exercise with a full F-16 squadron and, at the same time, a Spanish detachment doing air policing; that is unprecedented in the Baltics,” said Tarien, who studied at the U.S. Air Force Academy in Colorado Springs.

In Moscow the U.S. Air Force drills just 60 miles from the Russian border are seen in a different light.

“It takes F-16 fighters just a few minutes to reach St. Petersburg,” Foreign Ministry spokesman Alexander Lukashevich said, referring to the major Russian port city on the Baltic Sea. He expressed concern that the ongoing exercise could herald plans to “permanently deploy strike aircraft capable of carrying nuclear weapons at the Russian border.”

Moscow also says the U.S. decision to deploy armored vehicles in Eastern Europe violates an earlier agreement between Russia and NATO.

American officials say their troop deployments are on a rotational basis.

Russia has substantially increased its own military activity in the Baltic Sea region over the past year, prompting complaints of airspace violations in Estonia, Finland and Sweden, and staged large maneuvers near the borders of Estonia and Latvia.

“Russia is threatening nearly everybody; it is their way,” said Mac Thornberry, the Republican chairman of the U.S. House Armed Services Committee, during a recent visit to Vilnius, the Lithuanian capital.

“They want to intimidate the Baltic states, Poland, Ukraine and Romania, country after country. And the question is, do you let the bully get away with that or do you stand up and say ‘no, you can threaten, but we will not allow you to run over us,'” Thornberry said.

The Pentagon has said that some 3,000 U.S. troops will be conducting training exercises in Eastern Europe this year. That’s a small number compared to the hundreds of thousands of U.S. troops that have been withdrawn from Europe since the days when the Iron Curtain divided the continent. But the fact that they are carrying out exercises in what used to be Moscow’s backyard makes it all the more sensitive; the Kremlin sees NATO’s eastward expansion as a top security threat.

During a symbolic visit to Estonia in September, U.S. President Barack Obama said that the defense of the Baltic capitals of Tallinn, Riga and Vilnius is just as important as defending Berlin, Paris and London — a statement warmly received in Estonia, a nation of 1.3 million and with a mere 5,500 soldiers on active duty.

Welcoming the U.S. fighter squadron to Estonia, U.S. Ambassador Jeffrey D. Levine said the air drill was needed “to deter any power that might question our commitment to Article 5” — NATO’s key principle of collective defense of its members.

On Wednesday, The Associated Press observed bombing and strafing drills at the Tapa training ground both from the ground and from the back seat of one of the two F-16s taking part.

On board the fighter jet, the pull of the G-force was excruciating as the pilot swooped down onto his target before brutally ascending to circle the range.

After dropping six practice bombs each, the two jets returned to Amari air base, flying so low over the flat Estonian countryside that they frequently had to gain altitude to avoid radio towers.

On the ground, Lt. Col. Christopher Austin, commander of the 510th Squadron, dismissed the risk of his pilots making any rash moves that could provoke a reaction from the Russians.

“We stay far enough away so that we don’t have to worry about any (border) zones or anything like that,” he said. “We don’t even think about it.”

30 Guilty Verdicts, Bomber did not Shed a Tear

Posted on by

17 of the 30 charges carry the death penalty, and Jokar Tsarneav sat in the courtroom listening to each ‘guilty’ verdict being read for all charges. He showed no emotion. The jury was shown every piece of evidence, each video captured, including broken bodies.

Now that the trial is over, the sentencing phase begins as these are all Federal charges. Sentencing will commence next week.

A jihadi….

Legal council for Jokar is Ms. Judy Clarke, a 60-year-old lawyer based in San Diego, is defending Tsarnaev. A “master strategist” in death penalty cases, according to the New York Times, she has represented some of the most difficult clients in recent US history.

“She has stood up to the plate in the kinds of cases that bring the greatest disdain from the public,” as Gerald Goldstein, a Texas lawyer who knows her well, told the newspaper.

She represented Ted Kaczynski, known as the Unabomber, and al-Qaeda operative Zacarias Moussaoui. Another one of her clients, Jared Lee Loughner, shot and killed six people and wounded Congresswoman Gabrielle Giffords.

Profile: Who is Boston bomber Dzhokhar Tsarnaev?

Dzhokhar Tsarnaev has been found guilty of carrying out the 2013 Boston Marathon bombings, but what do we know about him?

A second-year medical student. An all-star wrestler. Recipient of a $2,500 (£1,635) scholarship for promising school children.

These are some of the superlatives that described the man behind the deadliest terror attack on US soil since 9/11.

Tsarnaev and his elder brother, Tamerlan, planted bombs close to the finish line of the Boston Marathon two years ago.

When the brothers’ bombs exploded on 15 April 2013, killing three and injuring over 260 people, friends of Tsarnaev expressed shock at the news and described him as a popular teenager.

The older brother was killed in shootout with police on 18 April. Tsarnaev fled the shootout and was captured a day later, after being found hiding a boat in the backyard of a house in Watertown – a suburb of Boston.

The brothers had been living in the Massachusetts town of Cambridge, home of the prestigious Harvard University. Tsarnaev attended the University of Massachusetts, and, according to his father, was studying medicine with aspirations of becoming a brain surgeon.

Ethnic Chechens, the family emigrated to the US in 2002.

Their route from the troubled Caucasus region of southern Russia to the US is not exactly clear.

They are thought to have lived in Kyrgyzstan, a Central Asian republic which is home to many Chechen refugees who were deported under Stalin. Tsarnaev is thought to have have been born there in 1994.

Chechnya is a predominantly Muslim area that has fought for full independence from Russian in the past.

The family was forced to flee to the neighbouring Russian republic of Dagestan after the Second Chechen War broke out in 1999.

Three years later, they made their way to the US. Tsarnaev became an American citizen in 2012.

Police vehicle
A large manhunt was launched in the days following the bombing

Shortly before the bombing, the brothers’ father, Anzor Tsarnaev, moved back to Dagestan following a divorce from his wife.

In the wake of the bombing, Anzor Tsarnaev told the BBC he believed the secret services had frame his sons.

Both had attended the Cambridge Rindge and Latin School.

Tsarnaev’s Facebook profile listed “Islam” as his world view and said his life goals as “career and money”. On the Russian social networking site VKontakte he was a member of various Chechen groups.

Rolling Stone
Rolling Stone’s decision to feature Mr Tsarnaev on its cover prompted an uproar

Shortly after the bombings, the brothers’ uncle, Ruslan Tsarni, said the brothers had “put shame on our family and on the entire Chechen ethnicity,” and noted that he had not seen his nephews since December 2005.

There had never been any apparent sign of “hatred toward the US” or else he would have turned them over to the police himself, he said.

He went on to describe the brothers as “being losers,” when asked what might have provoked the bombings.

“These are the only reasons I can imagine of. Anything else, anything else to do with religion, with Islam, it’s a fraud, it’s a fake,” he said.