Biden Gives Putin a List of Entities to not Hack

Yup…16 of them. All the other parts of infrastructure is okay or not as important? Does the same list apply to hackers from China, Iran or North Korea? Do they get a copy too?

Primer:

Remember MH17? Just for what context on Russian operatives, it is not just the United States.

Russian hackers compromised the computer systems of the Dutch national police while the latter were conducting a criminal probe into the downing of Malaysia Airlines Flight 17 (MH17), according to a new report. MH17 was a scheduled passenger flight from Amsterdam to Kuala Lumpur, which was shot down over eastern Ukraine on July 17, 2014. All 283 passengers and 15 crew on board, 196 of them Dutch citizens, were killed.

Dutch newspaper De Volkskrant, which revealed this new information last week, said the compromise of the Dutch national police’s computer systems was not detected by Dutch police themselves, but by the Dutch General Intelligence and Security Service (AIVD). The paper said that neither the police nor the AIVD were willing to confirm the breach, but added that it had confirmed the breach took place through multiple anonymous sources.

On July 5, 2017, the Netherlands, Ukraine, Belgium, Australia and Malaysia announced the establishment of the Joint Investigation Team (JIT) into the downing of flight MH-17. The multinational group stipulated that possible suspects of the downing of flight MH17 would be tried in the Netherlands. In September 2017, the AIVD said it possessed information about Russian targets in the Netherlands, which included an IP address of a police academy system. That system turned out to have been compromised, which allowed the attackers to access police systems. According to four anonymous sources, evidence of the attack was detected in several different places.

The police academy is part of the Dutch national police, and non-academy police personnel can access the network using their log-in credentials. Some sources suggest that the Russian Foreign Intelligence Service (SVR) carried out the attack through a Russian hacker group known as APT29, or Cozy Bear. However, a growing number of sources claim the attack was perpetrated by the Main Directorate of the Russian Armed Forces’ General Staff, known commonly as GRU, through a hacker group known as APT28, or Fancy Bear. SVR attackers are often involved in prolonged espionage operations and are careful to stay below the radar, whereas the GRU is believed to be more heavy-handed and faster. The SVR is believed to be partly responsible for the compromise of United States government agencies and companies through the supply chain attack known as the SolarWinds cyber attack, which came to light in late 2020. source

Live blog: Biden, Putin finish Geneva summit, confirms ... source

(notice Victoria Nuland at the table?)

FNC:

President Biden told reporters Wednesday he gave President Vladimir Putin a list of 16 critical infrastructure entities that are “off limits” to a Russian cyberattack.

Those entities include energy, water, health care, emergency, chemical, nuclear, communications, government, defense, food, commercial facilities, IT, transportation, dams, manufacturing and financial services.

“We’ll find out whether we have a cybersecurity arrangement that begins to bring some order,” Biden said. Putin, for his part, denied any involvement in a recent spate of cyberattacks that have hit major industries across the U.S.

“I looked at him. I said, ‘How would you feel if ransomware took on the pipelines from your oil fields?’ He said, ‘It would matter.’ This is not about just our self-interest.” the president said.

Biden refused to say if military action was on the table if Russia was found to be responsible for a ransomware attack.

“In terms of the red line you laid down is military response an option for a ransomware attack?” a reporter asked.

“Thank you very much,” Biden said as he abruptly tried to end the shorter-than-expected conference. “No, we didn’t talk about military response,” he said when pressed again.

Biden in another moment had said he didn’t make any threats but rather “simple assertions.”

Biden stressed the need for both nation “to take action against criminals that conduct ransomware activities on their territory.”

Putin, in his own press conference after the meeting, claimed that American sources say that a “majority” of the cyberattacks in the world come from within the U.S.

The number of organizations affected by ransomware has jumped 102% compared to the beginning of 2020 and “shows no sign of slowing down,” according to a research note last month from IT security firm Check Point.

Both Colonial Pipeline and JBS Holdings, a meat-processing company, have been subject to major cyberattacks, where against the guidance of the FBI they paid millions of dollars in ransom to resume operation. The Colonial Pipeline attack was linked back to a Russian hacking group.

 

 

Half of Pandemic Money Stolen, Just $400 Billion

At least 30% of unemployment claims are fraudulent. 70% of the money has left our shores…oh don’t worry…the Biden administration has set aside $2 billion to stop this. What?

Beware of increased unemployment fraud due to identity theft

Axios:

Criminals may have stolen as much as half of the unemployment benefits the U.S. has been pumping out over the past year, some experts say.

Why it matters: Unemployment fraud during the pandemic could easily reach $400 billion, according to some estimates, and the bulk of the money likely ended in the hands of foreign crime syndicates — making this not just theft, but a matter of national security.

Catch up quick: When the pandemic hit, states weren’t prepared for the unprecedented wave of unemployment claims they were about to face.

  • They all knew fraud was inevitable, but decided getting the money out to people who desperately needed it was more important than laboriously making sure all of them were genuine.

By the numbers: Blake Hall, CEO of ID.me, a service that tries to prevent this kind of fraud, tells Axios that America has lost more than $400 billion to fraudulent claims. As much as 50% of all unemployment monies might have been stolen, he says.

  • Haywood Talcove, the CEO of LexisNexis Risk Solutions, estimates that at least 70% of the money stolen by impostors ultimately left the country, much of it ending up in the hands of criminal syndicates in China, Nigeria, Russia and elsewhere.
  • “These groups are definitely backed by the state,” Talcove tells Axios.
  • Much of the rest of the money was stolen by street gangs domestically, who have made up a greater share of the fraudsters in recent months.

What they’re saying: “Widespread fraud at the state level in pandemic unemployment insurance during the previous Administration is one of the most serious challenges we inherited,” said White House economist Gene Sperling.

  • President Biden has been clear that this type of activity from criminal syndicates is despicable and unacceptable. It is why we passed $2 billion for UI modernizations in the American Rescue Plan, instituted a Department of Justice Anti-Fraud Task Force and an all-of-government Identity Theft and Public Benefits Initiative.”

How it works: Scammers often steal personal information and use it to impersonate claimants. Other groups trick individuals into voluntarily handing over their personal information.

  • “Mules” — low-level criminals — are given debit cards and asked to withdraw money from ATMs. That money then gets transferred abroad, often via bitcoin.

The big picture: Before the pandemic, unemployment claims were relatively rare, and generally lasted for such short amounts of time that international criminal syndicates didn’t view them as a lucrative target.

  • After unemployment insurance became the primary vehicle by which the U.S. government tried to keep the economy afloat, however, all that changed.
  • Unemployment became where the big money was — and was also being run by bureaucrats who weren’t as quick to crack down on criminals as private companies normally are.
  • Unemployment fraud is now offered on the dark web on a software-as-a-service basis, much like ransomware. States without fraud-detection services are naturally targeted the most.

The bottom line: Many states are now getting more sophisticated about preventing this kind of fraud. But it’s far too late.

*** What Is Unemployment Insurance Fraud? | does

Consequences should also be on the states and we don’t spend anything more in unemployment until at least 50% is recovered…..billions of dollars likely ending up in the hands of foreign crime syndicates based in China, Russia and other countries, experts say.

“Fraud is being perpetrated by domestic and foreign actors,” Blake Hall, CEO and founder of ID.ME, told FOX Business. “We are successfully disrupting attempted fraud from international organized crime rings, including Russia, China, Nigeria and Ghana, as well as U.S. street gangs.”

Haywood Talcove, the CEO of LexisNexis Risk Solution, suggested the bulk of the money – about $250 billion – went to international criminal groups, most of which are backed by the state. The money is essentially being used as their slush fund for “nefarious purposes,” such as terrorism, illegal drugs and child trafficking, Talcove said.

The criminals have been able to access the money by stealing personal information and using it to impersonate claimants or buying it on the dark web. The groups also use an army of internet thieves to submit fraudulent claims. States, which administer the aid, may be prepared to combat fraud from individuals who are trying double-dip or cash in on benefits they don’t need, but not international criminals using the dark web to exploit the system.

Feds Seized 2 Cyber Domains of Hackers/SolarWinds

DOJ:

Domain Names Were in Part Used to Control a Cobalt Strike Software Tool that the Actors Implanted on Victim Networks

WASHINGTON – On May 28, pursuant to court orders issued in the Eastern District of Virginia, the United States seized two command-and-control (C2) and malware distribution domains used in recent spear-phishing activity that mimicked email communications from the U.S. Agency for International Development (USAID). This malicious activity was the subject of a May 27 Microsoft security alert, titled “New sophisticated email-based attack from Nobelium,” and a May 28 FBI and Cybersecurity and Infrastructure Security Agency joint cybersecurity advisory.

The Department’s seizure of the two domains was aimed at disrupting the malicious actors’ follow-on exploitation of victims, as well as identifying compromised victims. However, the actors may have deployed additional backdoor accesses between the time of the initial compromises and last week’s seizures.

“Last week’s action is a continued demonstration of the Department’s commitment to proactively disrupt hacking activity prior to the conclusion of a criminal investigation,” said Assistant Attorney General John C. Demers for the Justice Department’s National Security Division. “Law enforcement remains an integral part of the U.S. government’s broader disruption efforts against malicious cyber-enabled activities, even prior to arrest, and we will continue to evaluate all possible opportunities to use our unique authorities to act against such threats.”

“Cyber intrusions and spear-phishing email attacks can cause widespread damage throughout affected computer networks, and can result in significant harm to individual victims, government agencies, NGOs, and private businesses,” said Acting U.S. Attorney Raj Parekh for the Eastern District of Virginia. “As demonstrated by the court-authorized seizure of these malicious domains, we are committed to using all available tools to protect the public and our government from these worldwide hacking threats.”

“Friday’s court-authorized domain seizures reflect the FBI Washington Field Office’s continued commitment to cyber victims in our region,” said Assistant Director in Charge Steven M. D’Antuono of the FBI’s Washington Field Office. “These actions demonstrate our ability to quickly respond to malicious cyber activities by leveraging our unique authorities to disrupt our cyber adversaries.”

“The FBI remains committed to disrupting this type of malicious cyber activity targeting our federal agencies and the American public,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division. “We will continue to use all of the tools in our toolbelt and leverage our domestic and international partnerships to not only disrupt this type of hacking activity but to impose risk and consequences upon our adversaries to combat these threats.”

On or about May 25, malicious actors commenced a wide-scale spear-phishing campaign leveraging a compromised USAID account at an identified mass email marketing company. Specifically, the compromised account was used to send spear-phishing emails, purporting to be from USAID email accounts and containing a “special alert,” to thousands of email accounts at over one hundred entities. More here.

Solarwinds Management Tools - Full Control Networks source

More details on the backstory of SolarWinds

“This release includes bug fixes, increased stability and performance improvements.”

The routine software update may be one of the most familiar and least understood parts of our digital lives. A pop-up window announces its arrival and all that is required of us is to plug everything in before bed. The next morning, rather like the shoemaker and the elves, our software is magically transformed.

Last spring, a Texas-based company called SolarWinds made one such software update available to its customers. It was supposed to provide the regular fare — bug fixes, performance enhancements — to the company’s popular network management system, a software program called Orion that keeps a watchful eye on all the various components in a company’s network. Customers simply had to log into the company’s software development website, type a password and then wait for the update to land seamlessly onto their servers.

The routine update, it turns out, is no longer so routine.

Hackers believed to be directed by the Russian intelligence service, the SVR, used that routine software update to slip malicious code into Orion’s software and then used it as a vehicle for a massive cyberattack against America.

“Eighteen thousand [customers] was our best estimate of who may have downloaded the code between March and June of 2020,” Sudhakar Ramakrishna, SolarWinds president and CEO, told NPR. “If you then take 18,000 and start sifting through it, the actual number of impacted customers is far less. We don’t know the exact numbers. We are still conducting the investigation.”

On Thursday, the Biden administration announced a roster of tough sanctions against Russia as part of what it characterized as the “seen and unseen” response to the SolarWinds breach.

NPR’s months-long examination of that landmark attack — based on interviews with dozens of players from company officials to victims to cyber forensics experts who investigated, and intelligence officials who are in the process of calibrating the Biden administration’s response — reveals a hack unlike any other, launched by a sophisticated adversary who took aim at a soft underbelly of digital life: the routine software update.

By design, the hack appeared to work only under very specific circumstances. Its victims had to download the tainted update and then actually deploy it. That was the first condition. The second was that their compromised networks needed to be connected to the Internet, so the hackers could communicate with their servers.

For that reason, Ramakrishna figures the Russians successfully compromised about 100 companies and about a dozen government agencies. The companies included Microsoft, Intel and Cisco; the list of federal agencies so far includes the Treasury, Justice and Energy departments and the Pentagon.

Beware of Russian Influence on Vaccine Disinformation

It is additional definition of the cyber war…

Operatives at the behest of Moscow have never passed up the opportunity to exploit a crisis in the Western world. It has gone on for years, back to the days of the KGB, now know as the SVR.

Opinion | Operation Infektion: A three-part video series ... Yet, does media keep making the same mistakes?

Readers and researchers must validate the sources, all of them and check them often. Big media has fallen victim as well and some make corrections while others don’t bother.

Even CNN has admitted as much –>

Washington (CNN)Online platforms directed by Russian intelligence are spreading disinformation about two of the coronavirus vaccines being used in the US, a State Department spokesperson confirmed to CNN on Sunday.

The agency’s Global Engagement Center identified three Russian outlets — News Front, New Eastern Outlook and Oriental Review — that are spreading not only misinformation about the virus, but also regarding “international organizations, military conflicts, protests; and any divisive issue that they can exploit,” according to the spokesperson.
“These sites all vary in their reach, tone, and audience — but they all are spreading Russian propaganda and disinformation. The State Department’s finding of a link between these sites and Russian Intelligence is a result of a joint interagency conclusion,” the spokesperson said.

In part:

French and German YouTubers, bloggers and influencers have been offered money by a supposedly UK-based PR agency with apparent Russian connections to falsely tell their followers the Pfizer/BioNTech vaccine is responsible for hundreds of deaths.

Fazze, an “influencer marketing platform … connecting bloggers and advertisers”, claimed to be based at 5 Percy Street in London but is not registered there. On Tuesday, it temporarily closed its website and made its Instagram account private.

The agency contacted several French health and science YouTubers last week and asked them, in poor English, to “explain … the death rate among the vaccinated with Pfizer is almost 3x higher than the vaccinated by AstraZeneca”.

The influencers were told to publish links on YouTube, Instagram or TikTok to reports in Le Monde, on Reddit and on the Ethical Hacker website about a leaked report containing data that supposedly substantiates the claim.

The article in Le Monde is about data reportedly stolen by Russian hackers from the European Medicines Agency and later published on the Dark Web. It contains no information on mortality rates. The pages on the other two sites have been deleted.

The influencers were asked to tell their subscribers that “the mainstream media ignores this theme”, and to ask: “Why some governments actively purchasing Pfizer vaccine, which is dangerous to the health of the people?”

The brief also included requests to “act like you have the passion and interest in this topic”, and to avoid using the words “advertising” or “sponsored” in posts or videos because “the material should be presented as your own independent view”.

Screen shots of the emails were posted on Twitter by Léo Grasset, a popular French science YouTuber with nearly 1.2m subscribers. Grasset said the campaign had a “colossal budget” but that the agency refused to identify its client.

The French investigative news site Numerama also published extracts from the exchanges, including Fazze’s exhortation to “encourage viewers to draw their own conclusions, take care of themselves and their loved ones”.

Mirko Drotschman, a German YouTuber and podcaster with 1.5 million subscribers, also posted a screenshot of an email asking him to take part in an “information campaign” about “a significant number of deaths” after the Pfizer shot.

“Please send us statistics on the age of your subscribers … and how much it would cost,” the mail concluded. The French investigative website Fact&Furious posted a mail describing Fazze’s budget as “considerable” and the fee as “the rate you wish”.

According to LinkedIn, Fazze’s management come from Moscow and have worked for an agency reportedly founded by a Russian entrepreneur.

French media have pointed to the similarities between Fazze’s message and the official Twitter account of Russia’s Sputnik V – a viral vector vaccine like AstraZeneca – which has repeatedly claimed “real world data” shows they are “safer and more efficient” than mRNA vaccines.

An EU study last month accused Russian and Chinese media of “state-sponsored disinformation” aimed at sowing mistrust in western vaccines by sensationalising safety concerns, making “unfounded links between shots and deaths in Europe”, and promoting Russian and Chinese vaccines as superior.

 

Anyone Notice the Battle for the Arctic?

The Pentagon has a civilian advisory committee where retired flag officers meet and discuss global and domestic conflicts, research them and then present those items to key Pentagon personnel. The question is, do any discussions include the battle for the Arctic?

When General Lloyd Austin, Secretary of Defense says that climate change and white supremacy are the biggest existential threat to the homeland…others for sure are arguing other real threats and that includes the Arctic.

Back in March of 2018, testimony was presented the Senate Armed Services Committee by commanders of the U.S. Pacific Fleet, the U.S. European Command and the Coast Guard Commandant that the Russian footprint in the Arctic has robustly surpassed that of the United States.

In part:

The U.S. lacks abilities
Despite a change in rhetoric, the facts on the ground remain the same: The U.S. is falling further and further behind in the region, operating a single aging polar-class icebreaker.

“The Arctic is the only theater of operations where the U.S. Navy is outclassed by a peer competitor. Russian surface warships have demonstrated the ability to carry out complex combined operations in the High North, while the American Navy maintains a policy that only submarines operate above the Bering Strait. Are submarines enough of a deterrence? Probably. But I don’t think they provide the real presence needed to assert the U.S.’ rights to the opening Arctic,” Holland explains.

Any reaction by the U.S. to catch up in the Arctic comes about 10 years to late, says Huebert. “Yes, as the current ICEX military exercise shows U.S. submarines have the capability of patrolling the Arctic and surfacing through the ice, but what is lacking are the constabulary capabilities in the form of surface vessels and icebreakers.”

Is the U.S. Waking up?
After more than a decade of lobbying by the U.S. Coast Guard to secure funds to construct a new icebreaker, the agency may finally make progress on this front. Congress’ upcoming appropriations bill is likely to include funding to design and construct a new icebreaker. Still, this falls way short of what would be needed, says Holland. “That is good, but it is late, and there’s no commitment to build the three to five more [icebreakers] that is estimated we’ll need. Nor is there any thought about designing the Navy’s ships of the future so they can operate in the High North.”

Holland hopes that the change in rhetoric marks a newfound seriousness by America’s military leadership about the rapidly growing challenges in the Arctic. This also includes China’s emergence as an Arctic power and its desire to utilize the NSR as its own Polar Silk Road as laid out in its newly-released Arctic strategy.

“These countries have a clear strategic vision for what they want out of the Arctic. As do European Arctic states. It’s time for the U.S. to stand up for its rights and responsibilities as an Arctic nation.” More here.

Why is this even a topic for real?

President Vladimir Putin in recent years has made Russia’s Arctic region a strategic priority and ordered investment in military infrastructure and mineral extraction.

Moscow: Russian Foreign Minister Sergei Lavrov on Monday warned Western countries against staking claims in the Arctic ahead of this week’s Arctic Council meeting in Reykjavik.

The Arctic in recent years has become the site of geopolitical competition between the countries that form the Arctic Council (Russia, the United States, Canada, Norway, Denmark, Sweden, Finland and Iceland) as global warming makes the region more accessible.

A ministerial meeting of the eight-country council will take place on Wednesday and Thursday.

“It has been absolutely clear for everyone for a long time that this is our territory, this is our land,” Lavrov said at a press conference in Moscow.

“We are responsible for ensuring our Arctic coast is safe,” he said.

“Let me emphasise once again — this is our land and our waters,” he added.

“But when NATO tries to justify its advance into the Arctic, this is probably a slightly different situation and here we have questions for our neighbours like Norway who are trying to justify the need for NATO to come into the Arctic.”

The United States in February sent strategic bombers to train in Norway as part of Western efforts to bolster its military presence in the region.

For the first time since the 1980s, the US Navy deployed an aircraft carrier in the Norwegian Sea in 2018.

President Vladimir Putin in recent years has made Russia’s Arctic region a strategic priority and ordered investment in military infrastructure and mineral extraction.

As ice cover in the Arctic decreases, Russia is hoping to make use of the Northern Sea Route shipping channel to export oil and gas to overseas markets.

Lavrov will meet with his US counterpart Antony Blinken on the sidelines of the Arctic Council ministerial meeting in a test of Moscow’s strained relationship with Washington.

Despite mounting tensions, Russia and the United States during climate negotiations earlier this year noted the Arctic as an area of cooperation.

Three Russian ballistic missile submarines participated in Arctic training drills near the North Pole, and the Russian Ministry of Defense shared footage on Friday of the submarines bursting through the ice.
The drills entailed Russian submarines breaching the ice and Russian troops conducting cold-weather ground maneuvers on the open ice. A pair of MiG-31 Foxhound jet interceptors also flew over the Arctic, with support from an Il-78 aerial refueling tanker. According to Russia’s Navy, about 600 Russian military personnel and civilian personnel were present and about 200 models of Russian weapons and military equipment were involved. Source
An officer speaks on walkie-talkie as the Bastion anti-ship missile systems take positions on the Alexandra Land island near Nagurskoye, Russia, Monday, May 17, 2021. Bristling with missiles and radar, Russia’s northernmost military base projects the country’s power and influence across the Arctic from a remote, desolate island amid an intensifying international competition for the region’s vast resources. Russia’s northernmost military outpost sits on the 80th parallel North, projecting power over wide swathes of Arctic amid an intensifying international rivalry over the polar region’s vast resources. (AP Photo/Alexander Zemlianichenko)

For a scary photo essay of the Russians in the Arctic, click here.

 

So while it appears that nobody is really heeding these warnings, yet another discussion was held in 2019 at the Aspen Security Conference. Here the Pentagon released a new Arctic strategy document challenging and addressing the gains made by China and Russia in the Arctic region.

Moscow is deploying more resources northwards and investing in Arctic-capable forces, while Beijing has declared itself a “near-Arctic” power. The U.S. is moving to meet this challenge and give the region more prominence in its strategic planning.

Schultz said the U.S. “should be concerned about Russia, who is way ahead of us in this game, and the emerging aggressive China, who is pushing into the game.” He noted that while Americans may “think about the Arctic as a very faraway place,” the “Russian world view is very much based on the Arctic.”

A “polar security cutter” is currently under construction for the Coast Guard, effectively a militarized ice breaker. Its order demonstrates the U.S military pivot towards the Arctic and an effort to close the gap with its rivals, particularly Russia. More here.

In part of that released strategy document is the following:

NDS goals and priorities guide DoD’s strategic approach to the Arctic.The Joint Force must be able to deter, and if necessary, defeat great power aggression. DoD must prioritize efforts to address the central problem the NDS identifiesi.e., the Joint Force’s eroding competitive edge against China and Russia,and the NDS imperative to ensure favorable regional balances of power in the IndoPacific and Europe. Developing a more lethal, resilient, agile, and ready Joint Force will ensure that our military sustains its competitive advantages, not only for these key regions of strategic competition, but globally as well.Maintaining a credible deterrent for the Arctic region requires DoD to understand and shape the Arctic’s geostrategic landscape for future operations and to respond effectively to contingencies in the Arctic region, both independently and in cooperation with others. DoD’s strategic approach seeks to do so by implementing three ways in support of thedesired Arctic endstate(each described in detail in this document):

Building Arctic awareness;

Enhancing Arctic operations;and

Strengthening the rulesbased order in the Arctic

Read the full 19 page document here.