Category Archives: Russia

Securing the Elections, FBI Investigating Hacks

Posted on by

Securing the vote.

The states, which under the US system are responsible for conducting elections, remain concerned about the integrity of the ballot. Thirty-six  states have now deployed Albert sensors on their voting infrastructure to allow the Department of Homeland Security to observe state systems that manage either voter information or voting devices (Reuters).

The states also want the Feds to share more threat intelligence. Forty-four states and the District of Columbia took part in a Department of Homeland Security exercise this week  (US Department of Homeland Security). The states appear to have gained enough insight into the value of threat intelligence to decide that they want more of it (Reuters). Some advocate Federal standards for the conduct of elections, perhaps even mandatory standards (Atlantic Council). More here.

Meanwhile:

Then there is the matter the FBI is investigating in California.

The FBI launched investigations after two Southern California Democratic U.S. House candidates were targeted by computer hackers, though it’s unclear whether politics had anything to do with the attacks.

A law enforcement official told The Associated Press the FBI looked into hacks involving David Min in the 45th Congressional District and Hans Keirstead in the adjacent 48th District. Both districts are in Orange County and are seen as potential pickups as the Democratic Party seeks to win control of the Congress in November.

A person with knowledge of the Min investigation told the AP on Monday that two laptops used by senior staffers for the candidate were found infected with malware in March. It’s not clear what, if any, data was stolen, and there is no evidence the breach influenced the contest.

The CEO of a biomedical research company, Keirstead last summer was the victim of a broad “spear-phishing” attack, in which emails that appear to come from a friend or familiar source are designed to help hackers snatch sensitive or confidential information, the law enforcement official said. There is no evidence Keirstead lost valuable information.

The investigations so far have not turned up evidence the two candidates in Orange County were political targets.

The official and the knowledgeable person were not authorized to discuss the cases publicly and spoke only on condition of anonymity.

Keirstead was narrowly defeated in the June primary for the seat held by Republican Rep. Dana Rohrabacher. Min came in third in the contest to unseat Republican Rep. Mimi Walters.

Min’s staff was alerted to a potential cyberattack by a facility manager in the software incubator where his campaign rented space. It was later found the computers were infected with software that records and sends keystrokes, with additional software that concealed it from conventional anti-virus tools used by the campaign.

Hackers also used a broad spear-phishing attack in an attempt to gain access, and FBI investigators are still piecing together additional details, the official said.

The two laptops were replaced, and Min’s computer was not infected. The attack on the computers was first reported by Reuters.

Keirstead campaign officials detected repeated attempts to access the campaign’s website.

Rolling Stone magazine, which first reported that cyberattack, said hackers or bots tried different username-password combinations in a rapid-fire sequence over a two-and-a-half-month period to get inside the campaign’s WordPress-hosted website.

According to the campaign, there were also more than 130,000 so-called brute force attempts over a monthlong period to gain access to the campaign’s server through the cloud-server company that hosted the Keirstead campaign’s website, Rolling Stone said.

Computer security experts say that many attempts to gain access to a site hosted with the popular and free WordPress software is not unusual.

“Every WordPress hosted website sees 130,000 brute force attempts over a monthlong period, regardless whether it’s Bohemian basket weaving, a blog about furry costume construction, or a politician website,” said Robert Graham, a cybersecurity expert who created the BlackICE personal firewall.

“Hackers don’t know or care who you are: they only care that you use WordPress,” Graham said in a text message.

Min finished third behind fellow Democrat Katie Porter, who faces Walters in November. In the 48th District, Rohrabacher will face Democrat Harley Rouda, who snagged the second runoff spot by defeating Keirstead by 125 votes.

Is that Russian Submarine Threat Still out There?

Posted on by

It is not just the U.S. Navy that is on alert. Europe’s top Navy Commander:

NAPLES, Italy — Russia is deploying more submarines to the Mediterranean, the Black Sea and North Atlantic than at any time since the Cold War as part of a growing power game driving the U.S. to revive a decommissioned fleet and NATO to strengthen its naval defenses, the Navy’s top commander in the theater said.

Russia is upgrading its submarine forces and improving their missile capabilities, all while relations between Moscow and NATO remain tense over Russia’s annexation of Ukraine’s Crimean Peninsula in 2014, Adm. James Foggo, commander of U.S. Naval Forces Europe and Africa, said in an interview earlier this month.

“The illegal annexation of Crimea … that certainly has put a strain on our relationship,” Foggo told Stars and Stripes. “It’s their bad behavior, not ours. It’s the things they are doing.”

The Navy is reviving 2nd Fleet, though on a smaller scale than the one deactivated in 2011, to supply more ships in what Foggo described as growing competition between Russia and NATO in the Atlantic Ocean.

The renewed 2nd Fleet will be a Norfolk, Va.-based joint forces command, with many details yet to be worked out, Foggo said, adding that Navy leaders will know more after NATO’s July summit in Brussels. More here.

***

This is not really a new condition, it has been going on for a few years without any real U.S. response that is until the Omnibus was passed where monies were allocated for air-dropped sonobuoys that can detect submarines and transmit data back to motherships. The warnings began with Russia, operating in the Mediterranean where missiles were fired into Syria on several occasions.

The United States and Britain have been playing cat and mouse with Russia in several locations. Under Exercise Dynamic Mongoose, 10 NATO countries have been practicing hunting tactics of stealth submarines off Norway’s coast.

This past April, Lockheed Martin was awarded a $1 billion contract for a hypersonic cruise missile.

The Hypersonic Conventional Strike Weapon program is one of two hypersonic weapon prototyping efforts being pursued by the Air Force, and comes in addition to the Tactical Boost Glide program, which the Air Force is working on with DARPA and Raytheon. The service plans to have a prototype ready by 2023.

The Tactical Boost Glide is designed to operate at 5 times the speed of sound to enhance current military systems.

The United States has 70 nuclear powered submarines and 52 attack submarines along with 4 cruise missile armed submarines and 14 ballistic missile submarines. They all patrol bodies of water across the globe.

Russian Subs Are Reheating a Cold War Chokepoint - Defense One  photo

Adm. John Richardson, Chief of Naval Operations has confirmed increased foreign submarine operations.

According to GlobalFirePower.com, North Korea has the world’s largest submarine fleet by raw numbers with 76, though most of Pyongyang’s fleet consists of shorter-range, electric-diesel coastal patrol craft. China and Russia, both with modern nuclear-powered fleets that rival the U.S. fleet, have 68 subs and 63 subs, respectively.

NATO Secretary-General Jens Stoltenberg, in an interview with the Frankfurt Allgemeine and other news outlets in December, said the Kremlin is investing heavily in its submarine fleet, with 13 delivered since 2013. NATO countries, he said, have let their underwater firepower lag. “We have practiced less and lost skills,” the NATO chief said.

A particular point of concern, said one former high-level U.S. Navy official, is that Moscow may be attempting to tap into or sever some of the 550,000 miles of underwater fiber-optic cables that span the Atlantic and Arctic sea lanes.

“Russians have had a capability … to do things with these cables for the last 20 to 30 years,” said Tom Callender, who once served as head of capabilities for the Navy’s deputy undersecretary office and is now a senior defense fellow at The Heritage Foundation.

“Russians have had a capability … to do things with these cables for the last 20 to 30 years,” said Tom Callender, who once served as head of capabilities for the Navy’s deputy undersecretary office and is now a senior defense fellow at The Heritage Foundation.More than 95 percent of the global internet traffic — military and civilian, classified and unclassified — is transmitted across the network of submerged cables along the ocean floor, according to Washington-based tech firm TeleGeography. The quantity is massive compared with just a decade ago, when just 1 percent of all online traffic went through the cables.

Seabed vulnerability

The majority of the 285 underwater cables in place crisscross beneath heavily trafficked sea lanes of the Atlantic and Arctic regions. According to TeleGeography, the longest single cable stretches 24,000 miles and relays internet traffic and other electronic communications from Europe, Asia and Africa.

The scale and scope of global communications moving through the network of cables — some of which are only 2 inches thick — present a lucrative target that is vulnerable to attack by U.S. adversaries. It also poses a significant challenge to U.S. forces defending the lines. Read more detail here.

 

So, What Really Goes in Space to Have a Space Force?

Posted on by

Primer: Did you know there is something called the OuterSpace Treaty? Yup, it covers arms control, verification and compliance. Sounds great right? Problem is it is dated 2002.

Then there is the NASA summary of the 1967 Space Treaty.

GPS is operated and maintained by the U.S. Air Force. GPS.gov is maintained by the National Coordination Office for Space-Based Positioning, Navigation, and Timing.

Like the Internet, GPS is an essential element of the global information infrastructure. The free, open, and dependable nature of GPS has led to the development of hundreds of applications affecting every aspect of modern life. GPS technology is now in everything from cell phones and wristwatches to bulldozers, shipping containers, and ATM’s.

GPS boosts productivity across a wide swath of the economy, to include farming, construction, mining, surveying, package delivery, and logistical supply chain management. Major communications networks, banking systems, financial markets, and power grids depend heavily on GPS for precise time synchronization. Some wireless services cannot operate without it.

GPS saves lives by preventing transportation accidents, aiding search and rescue efforts, and speeding the delivery of emergency services and disaster relief. GPS is vital to the Next Generation Air Transportation System (NextGen) that will enhance flight safety while increasing airspace capacity. GPS also advances scientific aims such as weather forecasting, earthquake monitoring, and environmental protection.

Finally, GPS remains critical to U.S. national security, and its applications are integrated into virtually every facet of U.S. military operations. Nearly all new military assets — from vehicles to munitions — come equipped with GPS.

***

There is a robust debate within Washington and the Pentagon if whether or not a new branch of Armed Services is really needed. Presently, the Air Force has most exclusive authority of all things space except for research and exploration which is performed by NASA.

There is even a debate within the Air Force which was raised last February.

US Air Force Chief of Staff General David L. Goldfein predicted it’ll only be a “matter of years” before American forces find themselves “fighting from space.” To prepare for this grim possibility, he said the Air Force needs new tools and a new approach to training leaders. Oh, and lots of money.

“[It’s] time for us as a service, regardless of specialty badge, to embrace space superiority with the same passion and sense of ownership as we apply to air superiority today,” he said.

These are some of the strongest words yet from the Air Force chief of staff to get the Pentagon thinking about space—and to recognize the U.S. Air Force as the service branch best suited for the job. “I believe we’re going to be fighting from space in a matter of years,” he said. “And we are the service that must lead joint war fighting in this new contested domain. This is what the nation demands.”

The USAF and other military officials have been saying this for years, but Goldfein’s comments had an added sense of urgency this time around. Rep. Mike Rogers, the Strategic Forces Subcommittee chairman, recently proposed the creation of a new “Space Corps,” one that would be modeled after the Marines. The proposed service branch, it was argued, would keep the United States ahead of rival nations like Russia and China. The idea was scrapped this past December—at least for now. Needless to say, Rogers’ proposal did not go over well with the USAF; the creation of the first new uniformed service branch in 70 years would see Pentagon funds siphoned away from the Air Force. Hence Goldfein’s speech on Friday, in which he argued that the USAF is the service branch best positioned to protect American interests in space.

But in order to protect “contested environments,” the US Air Force will need to exercise competency in “multi-domain operations,” he said. This means the ability to collect battlefield intelligence from “all domains,” including air, ground, sea, cyber, and space. “I look forward to discussing how we can leverage new technology and new ways of networking multi-domain sensors and resilient communications to bring more lethality to the fight,” said Goldfein.

Indeed, the USAF has plenty of work to do make this happen, and to keep up with its rivals. China, for example, recently proposed far-fetched laser-armed satellite to remove space junk, while also demonstrating its ability to shoot down missiles in space. Should a major conflict break out in the near future, space will most certainly represent the first battlefield.

“When you think of how dependent the US military is on satellites for everything from its communication and navigation to command and surveillance, we are already fighting in space, even if it’s not like the movies depicted,” Peter W. Singer, fellow at New America and author of Ghost Fleet: A Novel of the Next World War, told Gizmodo. “If we were ever to fight another great power, like a China or Russia, it is likely the opening round of battle would be completely silent, as in space no one would hear the other side jamming or even destroying each other’s satellites.”

To prepare the United States for this possibility, Goldfein said the Air Force needs to invest in new technologies and train a new generation of leaders. On that last point, the CSAF ordered Lt. Gen. Steven Kwast, the commander of Air Education and Training Command, to develop a program to train officers and non-commissioned officers for space ops. “We need to build a joint, smart space force and a space-smart joint force,” Goldfein said.

As reported in SpaceNews, the USAF is asking for $8.5 billion for space programs in the 2019 budget, of which $5.9 billion would go to research and development, and the remaining for procurement of new satellite and launch services. Over next five years it hopes to spend $44.3 billion on development of new space systems, which is 18 percent more than it said it would need last year to cover the same period.

 

Trouble Ahead After DPRK’s FM Visit to Tehran

Posted on by

So, it appears there is more to the teaming up between Tehran and Pyongyang.

The Iranian President Rouhani told the North Korean Foreign Minister in a recent confab to NOT trust the United States.

Meanwhile, SecState, Mike Pompeo issued a proposal to North Korea calling for a timeline Pompeo that would mandate North Korea hand over 60 to 70 percent of its nuclear warheads to a third party within six to eight months, according to the report.

North Korea has reportedly rejected a formal timeline for its denuclearization proposed by Secretary of State Mike Pompeo.

Vox reported Wednesday that Pyongyang has rejected the timeline several times over the past two months amid continued negotiations over North Korea’s nuclear program.

The timeline Pompeo proposed would mandate North Korea hand over 60 to 70 percent of its nuclear warheads to a third party within six to eight months, according to the report.

However, it is unclear how many warheads North Korean leader Kim Jong Un has, making it difficult to verify that Pyongyang has actually turned over an agreed-upon percentage.

Trump administration officials in recent weeks have expressed frustration with North Korea’s efforts to denuclearize despite President Trump hailing his June summit with Kim in Singapore as a success.

“The ultimate timeline for denuclearization will be set by Chairman Kim, at least in part,” Pompeo told Channel NewsAsia in an interview last week.

“The decision is his. He made a commitment, and we’re very hopeful that over the coming weeks and months we can make substantial progress towards that and put the North Korean people on a trajectory towards a brighter future very quickly.”

White House national security adviser John Bolton told Fox News on Tuesday that “North Korea that has not taken the steps we feel are necessary to denuclearize.”

Iran fires attack on Trump as it tells North Korea: ‘US ... photo

Then we have yet another emerging hacking warning from CERT.

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have identified a Trojan malware variant—referred to as KEYMARBLE—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

US-CERT encourages users and administrators to review Malware Analysis Report (MAR) MAR-10135536-17 and the US-CERT page on HIDDEN COBRA – North Korean Malicious Cyber Activity for more information.

Not to leave out Iran’s cyber attack warnings.

Iranian hackers have laid the groundwork to carry out extensive cyber attacks against private U.S. and European companies, U.S. officials warn, according to NBC News. Although experts don’t believe any such attack is imminent, the preparations could enable denial-of-service attacks on infrastructure including electric grids and water plants, plus health care and technology companies across the U.S., Europe, and Middle East, say U.S. officials at the 2018 Aspen Security Forum.

A spokesperson for the Iranian mission to the United Nations, Alireza Miryousefi, told NBC News that the U.S. is more aggressive in terms of cyber attacks, and Iran’s moves are merely defensive.

***

As sanctions reimposed in response to its nuclear program begin to bite, Iran seems poised to follow the trail North Korea blazed in cyberspace: state-directed hacking that aims at direct theft to redress economic pain. Accenture researchers have been tracking ransomware strains, many of them requiring payment in Bitcoin or other cryptocurrencies, and they’ve concluded that they represent an incipient Iranian campaign against targets of opportunity that offer the prospect of quick financial gain. Tehran’s state-directed hackers have a reputation as being relatively less sophisticated than those run by Russia and China (and indeed those run by major Western powers, the Five Eyes and their closest friends) but they also have a reputation as determined fast-learners.

CCN: As the US gets ready to impose sanctions on Iran, hackers in that country are working on ransomware to secure bitcoin, according to cybersecurity experts interviewed by The Wall Street Journal.

Accenture PLC’s cybersecurity intelligence group has followed five Iranian built ransomware variations in the last two years. The hackers are hoping to secure payments in cryptocurrencies, according to Jim Guinn, who oversees the industrial cybersecurity business at Accenture.

Several clues link the ransomware to Iran. Samples include messages in Farsi that are connected to Iran based computers.

A recent Accenture report noted the ransomware could be driven by Iranian government supported parties, criminals, or both.

Scourge Continues

Ransomware has plagued both businesses and governments for years, having disabled payment systems at the San Francisco Municipal Transportation Agency, U.K hospitals and cargo shipments. Government supported hackers in some instances have obtained cryptocurrency payments from victims.

One variant of ransomware that iDefense discovered has been linked to Iran’s government, according to CrowdStrike Inc., another cybersecurity firm. The software, called Tyrant, was developed to discourage Iranian citizens from downloading software designed to discourage government snooping, CrowdStrike noted.

Palo Alto Networks Inc. and Symantec Corp. issued reports last month that described a pair of data stealing operations connected to Iran.

Crypto Mining Linked To Iran

Crypto mining software, which robs computers of their processing power to mine cryptocurrencies, has also been linked to Iran.

Accenture cited crypto mining software installed on Middle Eastern customer networks equipped with digital clues to Iran.

Crypto mining software has created problems in gas and oil facilities in the Middle East, Guinn said. He estimated millions of dollars of compute cycles have been stolen in the last year.

Iran Denies Culpability

Iran has claimed it has not been involved in cyber attacks, and that it has been a hacking victim.

A cyber attack called Stuxnet initiated by the U.S. and Israel about a decade ago disabled uranium-enrichment centrifuges for Iran’s nuclear program. Iran has since focused on enhancing its own cyber capabilities, according to government officials and security researchers.

Keith Alexander, chief executive of IronNet Cybersecurity Inc. and former director of the U.S. Cyber Command and the National Security Agency said crypto mining and theft is a way for cash-strapped countries to make fast profits.

Guinn said hackers have also stolen intellectual property.

What About those 3 Dead Russian Journalists?

Posted on by

Rather interesting that fellow journalists are not outrages and there is not full reporting on these murders. Jim Acosta? April Ryan? CNN? (snarky)

Mikhail Khodorkovsky, a Russian exile and Putin foe has a news organization called Investigation Control Center. Three investigative journalists were dispatched to (CAR) Central African Republic to determine why a Putin connected militant group Wagner is operating there. Sadly, it did not end well.

On the 31st of July news broke about the murder of the Russian journalists Orkhan Djemal, Alexander Rastorguev and Kirril Radchenko. They were working in the Rental African Republic on a joint project with Mikhail Khodorkovsky’s Investigation Control Center. In particular, they intended to visit the grounds of Berengo estate, where, it is alleged, the base of the mercenaries of the private military organisation “Wenger” is situated.

The journalists arrived in Bangi, the capital of CAR, on Saturday. The next day they went to Berengo’s estate. However, they were denied access, requiring accreditation from CAR’s Ministry of Defense. Their details were noted down and they were promised that they would be given a pass after five days.

On Monday the group had to meet the fixer (a journalism consultant) from a UN delegation called Martin (he was the one who recommended the driver to the journalists). The journey ought to have taken about a day and a half because of roadblocks and poor-quality roads.

On Sunday evening the journalists were ambushed and shot in their vehicle at around 22:00 local time.

French media reported that the murders were motivated by theft – the journalists were carrying roughly 9,000 dollars and their equipment. Mikhail Khodorkovsky has promised to help find and identify the journalists’ killers.

***

Photographs of journalists Orkhan Dzhemal (right), Kirill Radchenko (center) and Aleksandr Rastorguyev are seen at a small memorial to the slain jounalists outside the Central House of Journalists in Moscow. Photographs of journalists Orkhan Dzhemal (right), Kirill Radchenko (center) and Aleksandr Rastorguyev are seen at a small memorial to the slain jounalists outside the Central House of Journalists in Moscow.

Russian investigators said they have opened a criminal case to look into the deaths of the journalists. Russian Foreign Ministry spokeswoman Maria Zakharova said on August 1 that the stated purpose of their visit to the CAR was tourism, seeming to take them to task for allegedly misstating the intent of the trip.

That remark drew rare criticism of the ministry from a senior pro-Kremlin lawmaker. Leonid Slutsky, chairman of the Foreign Affairs Committee in the State Duma, the lower house of parliament, wrote on Telegram that issues such as the purpose of the trip were “not very important now.”

“What is important is that Russian citizens have been killed,” he wrote. “Here we should follow the example of our ‘strategic friends’ from across the ocean: the United States does not leave the death of any of its citizens without consequences. No matter what country they were in and what political views they adhered to.”

Henri Depele, the mayor of the town of Sibut, around 200 kilometers northeast of the capital, Bangui, said the journalists were killed late on July 30. Their driver survived the attack.

***

The investigative media outlet the journalists worked for is financed by Mikhail Khodorkovsky, a former oil tycoon who spent 10 years in prison following convictions in financial-crimes trials supporters contend were a Kremlin-orchestrated campaign to seize his company’s production assets and punish him for challenges to President Vladimir Putin.

He was pardoned by Putin, released, and flown out of Russia in 2010, and now lives in Europe, where he is one of Putin’s most vehement critics.

TsUR has published a number of investigations alleging corruption by senior members of Putin’s entourage.

Khodorkovsky called the three journalists who were killed “brave men who were not prepared simply to collect documentary material, but wanted to ‘feel’ it in the palms of their hands…. Rest in peace.”

Dzhemal, 51, was a respected Russian military correspondent who covered conflicts around the world. He was seriously injured in Libya in 2011 and published a book in 2008 giving a firsthand account of the five-day Russia-Georgia war.

Rastorguyev, 47, was a prominent documentary filmmaker and a contributor to RFE/RL. He was among the three directors of an award-winning 2013 film about leaders of the Russian opposition.

Radchenko, 33, started his career as a projectionist, but had become a cameraman in recent years. He served as an election observer in Chechnya in March.

The Central African Republic has been riddled by violence, often fought along religious lines between predominantly Christian and Muslim militias, since a 2013 rebellion overthrew then-President Francois Bozize.

Most of the country is beyond the control of the Bangui government, and a 12,000-strong UN peacekeeping mission has struggled to keep a lid on the violence.