Category Archives: Russia

WTH Congressman Rohrabacher? Such a Wild Story

Posted on by

It is a well known secret or rather fact that 90% of the Russians inside the United States are here on a Kremlin mission. Will we ever know all the names of the Russians that Obama expelled from the United States in December of 2016 as a response to the hacking and intrusion into our election architecture with bots and intelligence leaks? Not likely…but read on, this is almost like an Alfred Hitchcock movie.

As for a video and background:

But how about this Congressman?

Dana Rohrabacher, a Republican representative from California, openly acknowledges such a meeting with Rinat Akhmetshin, an alleged Soviet spy in Berlin. The topic? A high-profile Russian money laundering case and related sanctions on Russia. A pretty good summary is here from Weiss.

Digging deeper

It all began before 2012, when Barack Obama signed the law titled the Magnitsky Act. Creepy things are included as the basis of this law which is noted on page 9 of the 15 page bill.

(7) Sergei Leonidovich Magnitsky died on November 16,

2009, at the age of 37, in Matrosskaya Tishina Prison in

Moscow, Russia, and is survived by a mother, a wife, and

2 sons.

(8) On July 6, 2011, Russian President Dimitry Medvedev’s

Human Rights Council announced the results of its independent

investigation into the death of Sergei Magnitsky. The Human

Rights Council concluded that Sergei Magnitsky’s arrest and

detention was illegal; he was denied access to justice by the

courts and prosecutors of the Russian Federation; he was investigated

by the same law enforcement officers whom he had

accused of stealing Hermitage Fund companies and illegally

obtaining a fraudulent $230,000,000 tax refund; he was denied

necessary medical care in custody; he was beaten by 8 guards

with rubber batons on the last day of his life; and the ambulance

crew that was called to treat him as he was dying was deliberately

kept outside of his cell for one hour and 18 minutes

until he was dead. The report of the Human Rights Council

also states the officials falsified their accounts of what happened

to Sergei Magnitsky and, 18 months after his death, no officials

had been brought to trial for his false arrest or the crime

he uncovered. The impunity continued in April 2012, when

Russian authorities dropped criminal charges against Larisa

Litvinova, the head doctor at the prison where Magnitsky died.

(9) The systematic abuse of Sergei Magnitsky, including

his repressive arrest and torture in custody by officers of the

Ministry of the Interior of the Russian Federation that Mr.

Magnitsky had implicated in the embezzlement of funds from

the Russian Treasury and the misappropriation of 3 companies

from his client, Hermitage Capital Management, reflects how

deeply the protection of human rights is affected by corruption.

(10) The politically motivated nature of the persecution

of Mr. Magnitsky is demonstrated by—

(A) the denial by all state bodies of the Russian Federation

of any justice or legal remedies to Mr. Magnitsky

during the nearly 12 full months he was kept without

trial in detention; and

(B) the impunity since his death of state officials he

testified against for their involvement in corruption and

the carrying out of his repressive persecution.

*** It was in 2013, that a list of people were added to the Treasury sanction list.

BOGATIROV, Letscha (a.k.a. BOGATYREV, Lecha; a.k.a. BOGATYRYOV, Lecha); DOB 14 Mar 1975; POB Atschkoi, Chechen Republic, Russia (individual) [MAGNIT].

DROGANOV, Aleksey O.; DOB 11 Oct 1975; POB Lesnoi Settlement, Pushkin Area, Moscow Region, Russia (individual) [MAGNIT].

DUKUZOV, Kazbek; DOB 1974; POB Urus-Martan District, Chechen Republic, Russia (individual) [MAGNIT].

KARPOV, Pavel; DOB 27 Aug 1977; POB Moscow, Russia (individual) [MAGNIT].

KHIMINA, Yelena; DOB 11 Sep 1953; POB Moscow, Russia (individual) [MAGNIT].

KOMNOV, Dmitriy; DOB 17 May 1977; POB Kashira Region, Moscow, Russia (individual) [MAGNIT].

KRIVORUCHKO, Aleksey (a.k.a. KRIVORUCHKO, Alex; a.k.a. KRIVORUCHKO, Alexei); DOB 25 Aug 1977; POB Moscow Region, Russia (individual) [MAGNIT].

KUZNETSOV, Artem (a.k.a. KUZNETSOV, Artyom); DOB 28 Feb 1975; POB Baku, Azerbaijan (individual) [MAGNIT].

LOGUNOV, Oleg; DOB 04 Feb 1962; POB Irkutsk Region, Russia (individual) [MAGNIT].

PECHEGIN, Andrey I.; DOB 24 Sep 1965; POB Moscow Region, Russia (individual) [MAGNIT].

PODOPRIGOROV, Sergei G.; DOB 08 Jan 1974; POB Moscow, Russia (individual) [MAGNIT].

PROKOPENKO, Ivan Pavlovitch; DOB 28 Sep 1973; POB Vinnitsa, Ukraine (individual) [MAGNIT].

SILCHENKO, Oleg F.; DOB 25 Jun 1977; POB Samarkand, Uzbekistan (individual) [MAGNIT].

STASHINA, Yelena (a.k.a. STASHINA, Elena; a.k.a. STASHINA, Helen); DOB 05 Nov 1963; POB Tomsk, Russia (individual) [MAGNIT].

STEPANOVA, Olga G.; DOB 29 Jul 1962; POB Moscow, Russia (individual) [MAGNIT].

TOLCHINSKIY, Dmitri M. (a.k.a. TOLCHINSKY, Dmitry); DOB 11 May 1982; POB Moscow, Russia (individual) [MAGNIT].

UKHNALYOVA, Svetlana (a.k.a. UKHNALEV, Svetlana; a.k.a. UKHNALEVA, Svetlana V.); DOB 14 Mar 1973; POB Moscow, Russia (individual) [MAGNIT].

VINOGRADOVA, Natalya V.; DOB 16 Jun 1973; POB Michurinsk, Russia (individual) [MAGNIT].

*** What you ask?

Well, on May 3, 2017, FBI Director James Comey appeared before the Senate for the annual hearing. Senator Grassley made it a point to ask a few key questions regarding FARA and why FusionGPS was not listed or registered as required by law. Great question. It seems FusionGPS is a Russian front operation.

This operation also includes several other people that are Russian operatives that have been lobbying members of Congress to amend or repeal the Magnitsky Act. The letter for background is here demanding a full investigation and why. Senator Grassley is right to demand some answers as the matter includes dead bodies, embezzlement of more than $200 million and of course is part of a wide Russian intrusion and chaos campaign. The FBI cannot begin to come close to closing this case, it has years of history and is worldwide.

Remember that US Attorney Preet Bharara that Jeff Sessions fired? That was not a good idea, unless there was something else nefarious in history with people in the Trump orbit. No implication or inference here, however there is much more to the whole event.

Anyway…try this too.

A Russian lawyer who was a witness in a US federal court case connected to the largest money-laundering scheme in Russian history was hospitalized after plunging four stories on Tuesday in Moscow, a spokesman said.

 Nikolai Gorokhov William Browder

There are conflicting reports about what happened to the lawyer, Nikolai Gorokhov. His spokesman, William Browder — who was an alleged victim in the money-laundering scheme — says he was “thrown from the fourth floor of his apartment building.” Russian media, often controlled by the state, says he “fell while he and workers were trying to lift a Jacuzzi into his apartment.”

“His name is redacted in all the documents,” Browder told BuzzFeed News regarding court filings in the US Southern District. “The feds were very concerned for his safety. I can confirm his role.” The Department of Justice didn’t immediately return a request for comment.

The case, USA v. Prevezon, is on the brink of going to trial in Manhattan — right in the middle of a massive shakeup of federal prosecutors by President Trump.

In court filings, the Department of Justice alleges that Prevezon, a Cyprus-based real estate company owned by a Russian national, purchased several New York City apartments with funds linked to a decade-old $230 million tax fraud case — the biggest in Russian history — perpetrated by gangsters and corrupt officials. In court filings, Prevezon says the DOJ has no hard evidence to back up its claims.

Last week, after plenty of drama, Trump fired Preet Bharara, the high-profile US attorney who was handling the case. Now prominent New York City defense attorney Marc Mukasey — the son of former US Attorney General Michael Mukasey, who at one point was defending Prevezon — is reportedly on the shortlist to replace Bharara.

Prevezon has filed a last-chance motion to get the case thrown out before trial — but if the judge rules against them, it’s scheduled to be presented to a New York City jury on May 15. It’s unclear when Trump — whose presidential campaign is facing close scrutiny for possible ties to Russia — will appoint Bharara’s successor.

Those involved in the case believe that it will stay on track, and experts agree that the case should proceed as scheduled, despite Bharara’s ousting.

“I don’t see the US government withdrawing from this case,” Will Pomeranz, deputy director of the Wilson Center’s Kennan Institute and a leading expert on Russian commercial and constitutional law, told BuzzFeed News. “It’s unlikely that with a case on the eve of going to trial is one that they’re going to back away from. And if they did, it would obviously send a signal.”

Michael Mukasey is no longer involved in the Prevezon defense and did not respond to a request to comment for this article. Prevezon’s current firm, Quinn Emanuel, said that it could not comment on the record. The DOJ said that it could not comment because the case is ongoing.

So how did Russian gangsters allegedly steal nearly a quarter-billion in taxpayer dollars? According to the DOJ, they literally stole companies.

In 2007, investigators say, an organization of Russian mobsters, corrupt officials, and law enforcement orchestrated a raid on three companies held by the Hermitage Fund, which at one time was the largest Western investor in Russia. Cops associated with the would-be fraudsters stormed the offices of the companies and seized key assets. Then, they re-registered the companies, putting themselves in charge. After they took control, the thieves ginned up sham lawsuits that resulted in rulings against the companies totaling a massive $973 million. But the payoff came later, when these stolen companies filed for tax refunds to the tune of $230 million, which was immediately approved by tax officials in cahoots with the fraudsters.

Once he caught wind of what happened, the founder of Hermitage, William Browder — also the spokesman for the lawyer who was hospitalized Tuesday in Moscow — fought back by enlisting a group of accountants and lawyers to suss out who was behind the scheme. One attorney, Sergei Magnitsky, was particularly successful. By digging through bank records, Magnitsky was able to track the $230 million — which happened to be the exact amount that Hermitage paid in taxes in 2006 — to bank accounts opened with obscure banks controlled by Russian gangsters.

But when Magnitsky brought this to the attention of the Russian Interior Ministry in 2008, instead of going after the culprits, the government jailed Magnitsky. A year later, he died in prison at age 37.

Preet Bharara Timothy A. Clary / AFP / Getty Images

The Russian authorities claimed Magnitsky died of heart failure and enacted a smear campaign against him, saying he and Browder had stolen the $230 million themselves. However, it was later revealed through investigative reports that Magnitsky had been denied medical care and likely tortured while in jail, which raised suspicion around his death.

The Magnitsky affair heightened tension between the Russian and United States governments. In 2012, President Obama signed the Magnitsky Act, which froze the assets of Russian human rights abusers and banned them from obtaining visas to enter the country. In 2013, the first 18 names were added to the list, including a number of people allegedly linked to the $230 million Hermitage tax heist. Vladimir Putin responded by banning 18 US citizens from entering Russia — including Bharara and a team of prosecutors who had put away a major Russian arms dealer.

“The reason that [the Prevezon case] is so important,” Browder told BuzzFeed News, “is this is the first major case going to trial involving money laundering from the crimes that led to the death of Sergei Magnitsky.”

In the years since Magnitsky’s death, Browder has led a crusade seeking justice for his former lawyer. And in 2013, he told BuzzFeed News, he walked a complaint into the Manhattan district attorney’s office, claiming that Hermitage’s investigators had linked funds from the $230 tax fraud to Prevezon and its real estate holdings in New York City. The Manhattan DA’s office turned the case over to Bharara, who announced in September 2013 that he was bringing a civil forfeiture claim to seize the assets of Prevezon, freezing $14 million of the company’s assets tied to the US bank accounts.

In court filings, Prevezon claims that the DOJ “tells two stories: one story about a $230 million Russian tax fraud, and another separate story about [Prevezon’s] legitimate real estate business,” but says that prosecutors “fail to connect the two.”

The company argues that Bharara’s former office has told “a graphic and disturbing story” about the tax fraud and Magnitsky’s death, but maintains that “[t]hose allegations are irrelevant to [Prevezon]” and “designed to inflame the reader [of the complaint] and to create prejudice against” the real estate company.

It is true that the DOJ makes no claim that the defendants from Prevezon were directly connected to the alleged theft of the $230 million. And in the end, if the US government is successful in its prosecution, a civil forfeiture ruling against the real estate company would only be the first small step in linking Russian individuals to laundered funds from the $230 million tax fraud in the court of law.

A number of other countries — including Britain, Switzerland, and Lithuania — will be watching the outcome of the case because they have opened criminal probes and frozen assets their investigators believe are tied to the $230 million heist. In total, to date, more than $40 million in assets tied to these cases has been frozen around the globe.

“It’s an example of the problem,” Pomeranz said, “but it’s just a small microcosm of the problem.”

 

 

Think Tank Predicted Russian Cyberwar v. United States

Posted on by

Washington, D.C., May 3, 2017 – A Rand Corporation 1967 paper predicted many of the cyber dilemmas faced by policy makers today, and a 2017 expanded analysis of the “GRIZZLY STEPPE” hacking by Russian cyber operators disclosed key findings about the techniques the hackers used and ways to mitigate them, according to the National Security Archive publication today of 40+ highlighted primary sources from the critically-praised “Cyber Vault” at http://nsarchive.gwu.edu/cybervault.

Compiled and edited by noted intelligence historian Dr. Jeffrey T. Richelson, the Cyber Vault collection of primary sources is growing by a dozen or more documents every week, and includes the declassified briefings provided by the National Security Agency to the George W. Bush and Barack Obama transition teams in 2000 and 2009, respectively.  The collection also includes a 2016 order from the U.S. Cyber Command to set up a unit with the mission of debilitating and destroying computer and communications operations of the terrorist group ISIS.

The Cyber Vault team obtained the 2016 order under the Freedom of Information Act (FOIA).  The project has filed scores of other FOIA and declassification requests as part of a multi-year documentation contribution to the growing field of cyber studies, with the support of the William and Flora Hewlett Foundation.

The 2000 transition briefing explicitly foreshadowed the Edward Snowden controversy, warning the new White House team that the 4th Amendment-protected communications of Americans were inextricably mixed with those of foreigners on the Internet.  The 2016 U.S. Cyber Command order established a joint task force designed to bring the resources of the Defense Department, Intelligence Community, and Justice Department to bear against the terrorist group that the Trump administration has since designated its top foreign policy priority.

Cyber Vault Highlights

By Jeffrey T. Richelson

On March 30, 2016, the National Security Archive opened its Cyber Vault, a repository of documents on all aspects of cyber activity – including computer network defense (and other other aspects of cybersecurity), computer network attack, and computer network exploitation. The more than 750 documents currently in the vault have been drawn from a variety of sources – Freedom of Information Act releases, websites of both U.S. federal and state government organizations, courts, foreign government organizations, NATO, government contractors, think-tanks, advocacy groups, and media websites (including Wikileaks and those that posted documents provided by Edward Snowden).

In addition to relying on a multitude of sources to populate the Cyber Vault, the Archive has sought to accumulate a diverse set of documents – which has guided its collection strategy. As a result, the Cyber Vault includes significant documents from the 1960s and each subsequent decade, on cyber organization, on policy and strategy, on domestic and foreign cyber activities, on cybersecurity requirements, and on cyber crimes and the related investigations. Also included are intelligence assessments and theses. The documents also represent a spectrum of classifications, from unclassified, to formerly classified, and – in the cases of Wikileaks and Snowden documents – currently classified documents. Many of the documents cut across a number of categories.

Among the documents represented from the 1960s and 1970s are two seminal papers.  One is Willis Ware’s 1967 effort, Secrecy and Privacy in Computer Systems (Document 1), written for the RAND Corporation, and one of the very first systematic approaches to information leakage, security, and privacy. The other (Document 2), produced by a staff member of Britain’s signals intelligence agency, the Government Communications Headquarters (GCHQ), represents the initial development of public key cryptography – although it was not declassified until years after the concept had been made public by American mathematicians.

That document is also one of several illustrating or concerning foreign government cyber efforts. A much more recent GCHQ product (Document 29) was one of the documents provided to Glenn Greenwald and Laura Poitras by Edward Snowden – a briefing on efforts to deanonymize users of The Onion Router (TOR) network, which had been developed by  members of the U.S. Naval Research Laboratory (Document 32) as a means of protecting online communications. Chinese cyber organization, policy, and operations are covered, collectively, by two documents – an unclassified paper (Document 36) produced under the auspices of the NATO Cooperative Cyber Defence Centre of Excellence and a Top Secret codeword NSA briefing (Document 24) on the People Republic of China’s computer network exploitation activity. Current Russian cyber activities are discussed in an extract (Document 35) from the controversial “Trump Dossier,” written by a former British Secret Intelligence Service officer.

Other documents concern hostile cyber activities from an earlier era. One, from 1998  (Document 12) provides information to the then director of the FBI, Louis Freeh, concerning the SOLAR SUNRISE investigation concerning intrusions into at least 11 unclassified DoD Computer systems at various locations in the United States. Another FBI memo (Document 13), concerns a 1999 investigation into intrusions into computer systems in the United States, the United Kingdom, Canada, Brazil, and Germany – an investigation which took some of the investigators to Moscow. In a newly released portion, it discusses possible response to intrusions – including the creation of “honeypots” containing “beacon” files.

In addition to being the victim of intrusions, the U.S. has also debated and formulated policy, granted authority over, and conducted intrusions in pursuit of national security objectives. In March 1997, Secretary of Defense William Cohen assigned the responsibility for computer network attack and exploitation to the National Security Agency in a short memo (Document 10). During that Spring a senior NSA official addressed the issue of cyberwar in a Secret article (Document 11) in a NSA journal. Many years later, according to a number of accounts, U.S. and Israeli cyber personnel were able to penetrate industrial control systems associated with the Iranian nuclear program and damage centrifuges that could produce weapons-grade material. While there have been no publicly released executive branch documents concerning the “Stuxnet” operation, it has been the subject of reports by RAND and the Congressional Research Service. (Document 26).

Concern over possible Russian intrusion into U.S. computer systems related to elections became a significant subject of discussion in the 2016 presidential election. Apprehensions over the possibility of such intrusions go back at least a decade. A December 2007 report (Document 20) was commissioned by Ohio’s Secretary of State, and contained disturbing results about the vulnerability of Ohio’s electronic voting systems. In the wake of a poorly-received, brief analysis of alleged Russian cyber activity related to the 2016 election, the Department of Homeland Security’s National Cybersecurity and Communications Integration Center produced more detailed examination (Document 41) of the GRIZZLY STEPPE activity.

By the time the DHS report was issued, President Trump had been presented with a draft executive order on cybersecurity (Document 40 ), which would undoubtedly have been the first of a significant number of presidential actions on cybersecurity – just as President Obama had signed a number of cyber-related executive orders and presidential directives, including one (Document 34) that established a Cyber Threat Intelligence Integration Center. Ultimately, the Trump draft order became the first in a series of drafts, and no order has yet been signed.

Other highlight documents include:

    • A 1979 exploration (Document 5) in an NSA journal on computer system vulnerabilities
    • A 1996 treatment (Document 9) of the threat to computer systems from human Intelligence operations.
    • A 2001 memo (Document 15) from the director of NSA concerning a major computer outage at the agency.
    • A 2008 Director of National Intelligence cyber counterintelligence plan (Document 21).
    • A 2016 USCYBERCOM order (Document 37) to establish a task force to combat ISIS in cyber space
    • A 2016 examination (Document 38) of cyber threats to nuclear weapons systems.
    • A 2016 DHS Office of Intelligence and Analysis briefing (Document 39) on cyber threats to the homeland

 

Russia’s Hybrid Warfare, Here to Stay

Posted on by

Seems like everyday, Russia is in our house, in fact it is true. The hybrid warfare crafted by the Kremlin is here to stay so exactly when does the Trump White House deal with this constant threat? What threat you ask?

Adam Meyers is from the cyber-security firm CrowdStrike. As the Vice President of Intelligence, Adam heads a team that identifies the perpetrators of cyber-crimes, both in the private and public sectors. CrowdStrike helped to identify the hackers behind the Democratic National Committee’s email leaks last year, and more recently the mastermind behind the Kelihos Botnet.

*** Notice, there was no intrusion into Marie Le Pen’s campaign operations. Why? Putin endorses LePen and has provided campaign funds to her.

According to Trend Micro researchers, the campaign of French presidential candidate Emmanuel Macron has been hit by the same Russian hackers who targeted Democratic campaign officials in the U.S. before last year’s presidential election, the New York Times reports.

On March 15, the researchers say, they saw the Pawn Storm group (a.k.a. Fancy Bear, APT28 or the Sofacy Group) begin targeting Macron’s campaign with phishing attacks seeking campaign officials’ login information.

“The phishing pages we are talking about are very personalized Web pages to look like the real address,” Mounir Mahjoubi, Macron’s digital director, told the Times. “They were pixel perfect. It’s exactly the same page. That means there was talent behind it and time went into it — talent, money, experience, time and will.”

Still, Mahjoubi said none of the attacks was successful.

He described the phishing attacks as the invisible side of a Russian campaign against Macron, with the visible side being fake news published on Russian news sites like Sputnik and RT. More here.

***

Panel to Senate: Cyber Operations Influence Political Processes Worldwide

Russia used “useful idiots” to meddle in the U.S. presidential election and “fellow travelers” opposed to European Union and NATO to influence elections in France and Germany, while Islamic terrorists used “agent provocateurs” to topple Spain’s government in 2004 and cast another pall over French voting, a cyber security expert told a congressional subcommittee Thursday.

That, in capsule form, is how cyber is changing how the public views elections, Clint Watts, of the Foreign Policy Research Institute, said at the Senate Armed Services cybersecurity subcommittee hearing.

So far in the case of the United States warding off this kind of activity, “far more is said than done.” He added it is a “human challenge, not technical ones” that needs to be addressed.

In the American and European elections, he said at the panel’s first public hearing since being formed the Russians created content, sent it out as if were “nuclear-powered and “pushed [it] in unison from many locations,” including “gray outlets” that appear to be legitimate sources of news. They also did all of this over long periods of time.

The goal in the American election was to plant doubt in the integrity of the voting, he said. He added there was no indication that actual votes were tampered with.

Later in answer to a question, Watts said the Russians “are picking parties and supporting them” in the United States and financially in Europe.

In cyber, not all is as it appears and its speed is instantaneous.

Rand Waltzman, senior information scientist at the RAND Corporation, described how an American special forces raid that successfully rescued a hostage and killed a number of terrorists in Iraq was turned into a terrorist propaganda victory. “Those guys film everything,” he said describing how they recorded the incident by placing the bodies on prayer rugs so it appeared that soldiers killed innocent civilians. The video was posted before the special forces soldiers returned to their base. “How did they manage to this so fast?” Their mobile phones.

This changed the story of what happened 180 degrees and put the United States in the position of having to refute the video rather than telling a story of rescue.

He said this kind of quick reaction by adversaries — misinformation, fake news — requires new thinking on cyber security. Instead of the traditional “denial of service” by causing a crash, they are applying “cognitive denial of service” — misinformation and propaganda — to achieve their ends.

“We’re hamstrung” by bureaucracy and directives in addressing the new “hyperkinetic world,” Michael Lumpkin, former acting under secretary of defense for policy, said. The United States’ government efforts in public diplomacy, public affairs and information operations have not been synchronized so that it becomes a credible source of information. It also needs to take the necessary steps “to make sure our information is accurate” before releasing it. “That has not always been the case.”

John Inglis, former deputy director of the National Security Agency, used his organization’s handling of metadata collection as an example. “You need to go first” to establish credibility and explain the value of what it is you are doing. “We went second. That made it more difficult to put it back in the bottle.”

Watts said one approach would be to have a rating non-profit, private agency, similar to Consumer Reports, vet every story on Twitter, Facebook and Google. He added Facebook and Google “are moving in that direction” to eliminate false news, but so far Twitter has not acted.

When asked how he rated RT, the Russian-sponsored media outlet, as a source of news, he said 70 percent was true, 20 percent was misleading and 10 percent false. Watts said he rated some American media outlets as falling in the same percentages of true, misleading and false.

A continuing difficulty in improving cyber security in and out of government is “how do you get people to share problems,” Waltzman said when they would prefer not to admit being hacked or even attacked. Lumpkin said more also needs to be done in training people how not to “provide access to adversaries unwittingly” and holding them accountable for security.

As for recruiting skilled cyber workers, “they’re motivated people out there” interested in the challenges they can find in government, rather than private sector, careers, Watts said. “Give them the space to be the tech savants they are.”

*** Need more? Do you ever watch C-Span and listen to testimony before Congressional committees? No? Too bad, but here is some help:

Full Spectrum Influence Operations: Synchronization of White, Gray and Black Efforts

Russian cyber enabled influence operations demonstrate never-before-seen synchronization of Active Measures.  Content created by white outlets (RT and Sputnik News) promoting the release of compromising material will magically generate manipulated truths and falsehoods from conspiratorial websites promoting Russian foreign policy positions, Kremlin preferred candidates or attacking Russian opponents.  Hackers, hecklers and honeypots rapidly extend these information campaigns amongst foreign audiences. As a comparison, the full spectrum synchronization, scale, repetition and speed of Russia’s cyber-enabled information operations far outperform the Islamic State’s recently successful terrorism propaganda campaigns or any other electoral campaign seen to date.

Cyber-enabled Influence Thrives When Paired with Physical Actors and Their Actions – 

American obsession with social media has overlooked the real world actors assisting Russian influence operations in cyber space, specifically “Useful Idiots,” “Fellow Travelers,” and “Agent Provocateurs.”

“Useful Idiots” – Meddling in the U.S. and now European elections has been accentuated by Russian cultivation and exploitation of “Useful Idiots” – a Soviet era term referring to unwitting American politicians, political groups and government representatives who further amplify Russian influence amongst Western populaces by utilizing Russian kompromat and resulting themes.

“Fellow Travelers” – In some cases, Russia has curried the favor of “Fellow Travelers” – a Soviet term referring to individuals ideologically sympathetic to Russia’s anti-EU, anti-NATO and anti-immigration ideology. A cast of alternative right characters across Europe and America now openly push Russia’s agenda both on-the-ground and online accelerating the spread of Russia’s cyber-enabled influence operations.

“Agent Provocateurs” – Ever more dangerous may be Russia’s renewed placement and use of “Agent Provocateurs” – Russian agents or manipulated political supporters who commit or entice others to commit illegal, surreptitious acts to discredit opponent political groups and power falsehoods in cyber space. Shots fired in a Washington, D.C. pizza parlor by an American who fell victim to a fake news campaign called #PizzaGate demonstrate the potential for cyber-enabled influence to result in real world consequences. While this campaign cannot be directly linked to Russia, the Kremlin currently has the capability to foment, amplify, and through covert social media accounts, encourage Americans to undertake actions either knowingly or unknowingly as Agent Provocateurs.

Each of these actors assists Russia’s online efforts to divide Western electorates across political, social, and ethnic lines while maintaining a degree of “plausible deniability” with regards to Kremlin interventions. In general, Russian influence operations targeting closer to Moscow and further from Washington, D.C. will utilize greater quantities and more advanced levels of human operatives to power cyber-influence operations. Russia’s Crimean campaign and their links to an attempted coup in Montenegro demonstrate the blend of real world and cyber influence they can utilize to win over target audiences. The physical station or promotion of gray media outlets and overt Russian supporters in Eastern Europe were essential to their influence of the U.S. Presidential election and sustaining “plausible deniability.”

It’s important to note that America is not immune to infiltration either, physically or virtually.  In addition to the Cold War history of Soviet agents recruiting Americans for Active Measures purposes, the recently released dossier gathered by ex MI6 agent Chris Steele alleges on page 8 that Russia used “Russian émigré & associated offensive cyber operatives in U.S.” during their recent campaign to influence the U.S. election. While still unverified, if true, the employment of such agents of influence in the U.S. would provide further plausible deniability and provocation capability for Russian cyber-enabled influence operations.

2) How can the U.S. government counter cyber-enabled influence operations?

When it comes to America countering cyber-enabled influence operations, when all is said and done, far more is said than done. When the U.S. has done something to date, at best, it has been ineffective. At worst, it has been counterproductive. Despite spending hundreds of millions of dollars since 9/11, U.S. influence operations have made little or no progress in countering al Qaeda, its spawn the Islamic State or any connected jihadist threat group radicalizing and recruiting via social media.

Policymakers and strategists should take note of this failure before rapidly plunging into an information battle with state sponsored cyber-enabled influence operations coupled with widespread hacking operations – a far more complex threat than any previous terrorist actor we’ve encountered.  Thus far, U.S. cyber influence has been excessively focused on bureaucracy and expensive technology tools – social media monitoring systems that have failed to detect the Arab Spring, the rise of ISIS, the Islamic State’s taking of Mosul, and most recently Russia’s influence of the U.S. election.  America will only succeed in countering Russian influence by turning its current approaches upside down, clearly determining what it seeks to achieve with its counter influence strategy and then harnessing top talent empowered rather than shackled by technology – a methodology prioritizing Task, Talent, Teamwork and Technology in that order.

Task – Witnessing the frightening possibility of Russian interference in the recent U.S. Presidential election, American policy makers have immediately called to counter Russian cyber influence.  But the U.S. should take pause in rushing into such efforts. The U.S. and Europe lack a firm understanding of what is currently taking place.  The U.S. should begin by clearly mapping out the purpose and scope of Russian cyber influence methods.  Second, American politicians, political organizations and government officials must reaffirm their commitment to fact over fiction by regaining the trust of their constituents through accurate communications. They must also end their use of Russian kompromat stolen from American citizens’ private communications as ammunition in political contests. Third, the U.S. must clearly articulate its policies with regards to the European Union, NATO, and immigration, which, at present, sometimes seems to mirror rather than counters that of the Kremlin. Only after these three actions have been completed, can the U.S. government undertake efforts to meet the challenge of Russian information warfare through its agencies as I detailed during my previous testimony.

Talent –Russia’s dominance in cyber-enabled influence operations arises not from their employment of sophisticated technology, but through the employment of top talent. Actual humans, not artificial intelligence, achieved Russia’s recent success in information warfare. Rather than developing cyber operatives internally, Russia leverages an asymmetric advantage by which they coopt, compromise or coerce components of Russia’s cyber criminal underground.  Russia deliberately brings select individuals into their ranks, such as those GRU [Russia’s foreign intelligence agency] leaders and proxies designated in the 29 December 2016 U.S. sanctions. Others in Russia with access to sophisticated malware, hacking techniques or botnets are compelled to act on behalf of the Kremlin.

The U.S. has top talent for cyber influence but will be unlikely and unable to leverage it against its adversaries.  The U.S. focuses on technologists failing to blend them with needed information campaign tacticians and threat analysts.  Even further, U.S. agency attempts to recruit cyber and influence operation personnel excessively focus on security clearances and rudimentary training thus screening out many top picks.  Those few that can pass these screening criteria are placed in restrictive information environments deep inside government buildings and limited to a narrow set of tools.  The end result is a lesser-qualified cyber-influence cadre with limited capability relying on outside contractors to read, collate and parse open source information from the Internet on their behalf.  The majority of the top talent needed for cyber-enabled influence resides in the private sector, has no need for a security clearance, has likely used a controlled substance during their lifetime and can probably work from home easier and more successfully than they could from a government building.

Teamwork – Russia’s cyber-enabled influence operations excel because they seamlessly integrate cyber operations, influence efforts, intelligence operatives and diplomats into a cohesive strategy.  Russia doesn’t obsess over their bureaucracy and employs competing and even overlapping efforts at times to win their objectives.

Meanwhile, U.S. government counter influence efforts have fallen into the repeated trap of pursuing bureaucratic whole-of-government approaches. Whether it is terror groups or nation states, these approaches assign tangential tasks to competing bureaucratic entities focused on their primary mission more than countering cyber influence.  Whole-of-government approaches to countering cyber influence will assign no responsible entity with the authority and needed resources to tackle our country’s cyber adversaries.  Moving forward, a task force led by a single entity must be created to counter the rise of Russian cyber-enabled operations.

Technology – Over more than a decade, I’ve repeatedly observed the U.S. buying technology tools in the cyber- influence space for problems they don’t fully understand. These tech tool purchases have excessively focused on social media analytical packages producing an incomprehensible array of charts depicting connected dots with different colored lines. Many of these technology products represent nothing more than modern snake oil for the digital age.  They may work well for Internet marketing but routinely muddy the waters for understanding cyber influence and the bad actors hiding amongst social media storm.

Detecting cyber influence operations requires the identification of specific needles, amongst stacks of needles hidden in massive haystacks. These needles are cyber hackers and influencers seeking to hide their hand in the social media universe. Based on my experience, the most successful technology for identifying cyber and influence actors comes from talented analysts that first comprehensively identify threat actor intentions and techniques and then build automated applications specifically tailored to detect these actors.  The U.S. government should not buy technical tools nor seek to build expensive, enterprise-wide solutions for cyber-influence analytics that rapidly become outdated and obsolete.  Instead, top talent should be allowed to nimbly purchase or rent the latest and best tools on the market for whatever current or emerging social media platforms or hacker malware kits arise.

3. What can the public and private sector do to counter influence operations?

I’ve already outlined my recommendations for U.S. government actions to thwart Russia’s Active Measures online in my previous testimony on 30 March 2017. Social media companies and mainstream media outlets must restore the integrity of information by reaffirming the purity of their systems. In the roughly one month since I last testified however, the private sector has made significant advances in this regard. Facebook has led the way, continuing their efforts to reduce fake news distribution and removing up to 30,000 false accounts from its system just this past week. Google has added a fact checking function to their search engine for news stories and further refined its search algorithm to sideline false and misleading information. Wikipedia launched a crowd-funded effort to fight fake news this week.  The key remaining private sector participant is Twitter, as their platform remains an critical networking and dissemination vector for cyber-enabled influence operations.  Their participation in fighting fake news and nefarious cyber influence will be essential. I hope they will follow the efforts of other social media platforms as their identification and elimination of fake news spreading bots and false accounts may provide a critical block to Russian manipulation and influence of the upcoming French and German elections.

In conclusion, my colleagues and I identified, tracked and traced the rise of Russian influence operations on social media with home computers and some credit cards. While cyber-influence operations may appear highly technical in execution, they are very human in design and implementation.  Technology and money will not be the challenge for America in countering Russia’s online Active Measures; it will be humans and the bureaucracies America has created that prevent our country from employing its most talented cyber savants against the greatest enemies to our democracy. Full article here.

Sea of Japan is Crowded v. North Korea

Posted on by

Japan’s biggest warship Izumo departs from Yokosuka base following the first order in history for the forces to protect U.S. ships amid heightened tension over North Korea.

Japan has dispatched its biggest warship, in the first such operation since it passed controversial laws expanding the role of its military.
The helicopter carrier Izumo is escorting a US supply vessel heading to refuel the naval fleet in the region.
The ships include the Carl Vinson aircraft carrier group which was sent to the Korean peninsula.
North Korea has threatened to sink the Carl Vinson and a US submarine, amid rising tensions in the region.
It also carried out a failed missile test on Sunday, despite repeated warnings from the US and others to stop its nuclear and missile activity.

***

Japan launched a new spy satellite into orbit tonight (March 16) to help keep an eye on the nation’s unpredictable, nuclear-armed neighbor, North Korea.

The Information Gathering Satellite (IGS) Radar 5 lifted off atop a Japanese H-IIA rocket from Tanegashima Space Center in southern Japan at 9:20 p.m. EDT (0120 GMT, and 10:20 a.m. local Japan time on March 17). While the Japan Aerospace Exploration Agency did not provide a live webcast for the IGS Radar 5 launch, a video stream was available via the company Neconvideo Visual Solutions.

Japan started the IGS program in 1998, presumably in response to North Korean missile tests around that time that sent missiles close to, or flying over, Japan.

In the years since, North Korea has repeatedly threatened to annihilate Japan (and South Korea and the United States), and continued to develop its nuclear-weapon and missile programs. The IGS satellites keep tabs on such efforts, help the Japanese government respond to natural disasters and perform several other functions, experts believe.

The first IGS craft lifted off in 2003. IGS Radar 5 is the 15th one in the program to take flight, though not all have made it to orbit. Two were lost to a launch failure in November 2003.

Some of the IGS spacecraft use optical sensors to study the ground below, whereas others depend on radar instruments. As its name suggests, IGS Radar 5 falls into this latter category.

Little else is known about the newly launched satellite; Japan does not reveal many details about its IGS spacecraft. It’s unclear, for example, what orbit IGS Radar 5 will inhabit, though some of the satellite’s predecessors are known to circle the Earth at an altitude of about 300 miles (480 kilometers).

France joins in.

Forbes: France’s Mistral amphibious assault carrier docked in Nagasaki, Japan on April 29 in advance of military exercises to be conducted with the U.K., U.S. and Japan. Nagasaki is the closest major Japanese port to South Korea, and coming at a time of tension on the peninsula, the French and U.K. naval presence sends a strong message to both China and North Korea. Japan’s increased naval activity is also welcome support for South Korea, and will decrease diplomatic tension between the two natural allies. The U.K. and French presence shows that NATO, including the U.S., is strongly behind South Korea. The effect of these international allied naval forces is to pressure North Korea to abandon its self-destructive drive for ever more powerful nuclear weapons atop long-range missiles capable of reaching North America.

The naval forces gathering in East Asia is an alliance of democracies making a point against autocracies like North Korea, and its allies, China and Russia. While North Korea is building nuclear weapons and missiles capable of reaching the continental U.S., China is making more complaints about the U.S. Terminal High Altitude Air Defense (THAAD) anti-missile system emplacement in South Korea than it is about North Korea’s offensive buildup. This is a strong indicator that China remains firmly on the side of its ally North Korea in the current crisis.

Russia supports China and North Korea, by calling for de-escalation to the status quo which allows for North Korea to periodically increase its nuclear development without significant consequences. Russia stated that THAAD, which protects South Korea, erodes China’s deterrent. Why does China need a “deterrent” against non-nuclear South Korea? To me it appears more of a threat.

President Trump flattered President Xi in recent days, no doubt buttering him up in case the U.S. needs to launch a pre-emptive strike on North Korea. But giving China a good trade deal or concession on Taiwan in exchange for pressuring North Korea, which China should have done long ago, would go too far. Russia and China’s vague calls for peace and negotiation at this point are far too little, far too late. Trump’s tough approach now has China’s nationalist state-owned media, the Global Times, defending economic sanctions on North Korea.

Trump should keep up the pressure. It worked in Syria, and it will work with North Korea. That is peace through strength.

Important Unreported Recent Aggressions of Russia

Posted on by

It was just a few days ago that the United States deployed advanced fighter jets to Estonia as a rather ‘in-your-face’ tactic to Russia. Why not, Russia has a history of doing the same to the United States including the spy ship on our Atlantic coast line, buzzed our destroyers and the constant flying of bombers near U.S. airspace of Alaska. So…what is the full story of our F-35’s in Estonia?

On Apr. 25, two U.S. Air Force F-35As belonging to the 34th Fighter Squadron, from Hill Air Force Base, Utah, deployed to the UK since mid April, flew from RAF Lakenheath, UK, to Ämari, Estonia.

Based on the information gathered by aircraft spotters, airband listeners and ADS-B monitors, who tracked the mission to Estonia of the F-35s, the two 5th generation multirole combat aircraft , 14-5102 and 14-5094, using radio callsign “Conan 01” and accompanied by “Quid 89”, a 100ARW KC-135 from RAF Mildenhall, departed from RAF Lakenheath at 07.35z.

The trio landed in Estonia shortly before 11.00z and took part in a brief ceremony (at this link you can find some interesting photographs).

Noteworthy, the quick visit to Estonia was “accompanied” by a rather unusual activity of U.S. and British spyplanes in the Baltic region.

In fact, as the F-35s headed towards Amari in formation with their KC-135 tanker, as many as three RC-135s (including a RAF bird) operated in the airspaces over or close to Estonia.

The U.S. Air Force dispatched an RC-135W Rivet Joint 62-4139 “Haiti 79” and an RC-135U Combat Sent 64-14847 “Spool 06” to the Baltic states. The Rivet Joint positioned off Kaliningrad Oblast, where some of the most active Russian bases in the Baltic region are located, whereas the Combat Sent started a racetrack over Estonia, not far from the border of mainland Russia.

 Shortly thereafter, even a RAF RC-135W “Airseeker,”one of the three ex-USAF KC-135 tanker converted to the Rivet Joint variant starting back in 2011, from RAF Waddington joined the scene. The British intelligence gathering plane that, just like the American “RJs” is equipped with all sorts of antennae and sensors, to eavesdrop enemy signals, transmissions, detect frequencies used by radio and radars and pinpoint sites of interest, mobile stations, SAM batteries, etc., maintained a racetrack off Kaliningrad

At 14.43Z, the two JSFs departed Ämari to return to the UK and shortly thereafter both the U.S. and RAF spyplanes headed back to their homebases.

Although we can’t but speculate here, it appears to be quite likely that the RC-135 missions to the Baltic were somehow related to the deployment of the F-35 so close to the Russian border. In fact, whilst Rivet Joint and Combat Sent aircraft regularly fly to the region and can be daily tracked online as they head towards the international airspace off Lithuania, Estonia and Latvia, the presence of three such spyplanes not too far away from one another seems to suggest their missions were coordinated and probably related to something “big” happening there.

And the only “big thing” (Zapad 2017 preparation aside) we are currently aware of is the first presence of the JSF in Estonia. Moreover, not only was the type of racetrack flown by the Combat Sent unusual, but it was also located in a pretty interesting position: east of Ämari, as if the RC-135U, an aircraft designed to collect technical intelligence on adversary radar emitter systems, was there to detect emissions from Russian radars interested in the F-35.

However, there is another possibility: what if the American and British spyplanes were there to deter the Russian from using their radars?

Indeed, whilst three RC-135s flying at the same time in the same area is something unusual, it is quite weird that the three spyplanes had their ADS-B transponder turned on during their missions.

“If they wanted to hide, they would do” says the ADS-B / ModeS tracking enthusiast who runs the popular @CivMilAir and @ADSBTweetBot Twitter feeds. “The daily RC-135s flights over the Middle East very rarely show up and even the daily missions to the Baltics can usually be tracked during their transit to the area of operations, where often the transponder is turned off. That’s why I believe they remained trackable on purpose.”

Spyplanes, including the U-Boat (as the RC-135U Combat Sent is nicknamed in the pilot community), usually operate in “due regard” with transponder switched off, with no radio comms with the ATC control, using the concept of “see and avoid” where the pilot flying is responsible for avoiding all traffic conflicts. Even if RC-135s can be regularly tracked online, they tend to keep a low-profile when reaching the area of operations, turning off the ADS-B to avoid being detected at least by commercial ADS-B receivers like those feeding online flight tracking systems such as Flightradar24.com, PlaneFinder.net or Global ADS Exchange.

On Apr. 25, both RC-135s could tracked throughout their missions suggesting they did purposely broadcast their position for everyone to see, to let everyone know they were there.

Russian spyplanes have done pretty much the same in the past: the Tu-214R, Russia’s most advanced intelligence gathering aircraft deployed to Syria and flew along the border with Ukraine with its transponder turned on. In that case it was a sort of “show of force”; yesterday was likely a way to prevent some interesting details about the F-35 to be gathered by the Russians.

By the way, it’s not the first time U.S. stealth jets flying to the Baltics are directly or undirectly “accompanied” by Rivet Joints: on Apr. 27, 2016, two F-22s deployed to Siauliai Air Base Lithuania. Supported (so to say) by an RC-135W.

***

This site has often posted about the Gerasimov Doctrine. There is more with regards to ‘active measures’ which in modern day terms is chaos. With regard to Ukraine it looks like this:

Before the Ukrainian crisis, the Russian Federation Chief of General Staff, General Valery Gerasimov, published an article explaining the General Staff’s view of modern military operations.[2] One key point of General Gerasimov’s views, later termed the Gerasimov Doctrine, is that non-military means to affect a target country or region such as “economic sanctions, disruption of diplomatic ties, and political and diplomatic pressure” are not means to reduce chaos or avoid war, but rather means to increase stress and support traditional military operations.[3]

The idea is that existing stressors in a target region combined with stressors introduced through military and non-military means shape the environment for follow-on decisive military operations. The doctrine features six stages.

  1. Covert Origins
  2. Escalations
  3. Start of Conflict Activities
  4. Crisis
  5. Resolution
  6. Restoration of Peace (Postconflict Settlement)

Descriptions of the early stages point to the existence or creation of chaos: “Emergence of differences of interest” are linked with “formation of political opposition,” which lead to “intensifying contradictions.”[4] These methods were clearly in action in Ukraine and to a lesser extent Georgia.[5] They also may already be at work in Belarus, as this article in Belarus Digest suggests.

Then we have the U.S. election intrusion:

  General Director of Russia’s Political Information Center: The U.S. Influenced Russia’s 2016 Duma Elections 

The General Director of Russia’s Political Information Center, Aleksei Mukhin, said there is evidence that the U.S. influenced Russia’s 2016 Duma elections. Mukhin said: “As my colleagues have pointed out quite fairly, the problem is far bigger than attempts at meddling in the 2016 election process. My center has identified direct traces of such interference and very serious and deep ones.

“As soon as Russia took the trouble of looking into the activity of some non-governmental organizations in its territory and adopted laws restricting that activity [it happened during preparations for the 2016 State Duma elections] it became clear that the United States had taken measures to create special units, including those within its armed forces, secret services, government agencies and also non-governmental organizations, for direct information confrontation with Russia. [In particular] the number of centers producing anti-Russian content, addressed mostly to the Russian-speaking audience, was increased [Mukhin refers to Voice of America, Radio Liberty radio stations, and the commercial U.S. television network CNN]. At the legislative level [in the United States] strategies of causing resistance to Russian information policies have been enhanced at the legal level. Their implementation is a sure way towards intervention in Russia’s internal affairs.”

***

‘Izvestia’: Russia Will  Never Join The Western Coalition Led By The U.S.

According to Pro-Kremlin daily IzvestiaRussia will never join the Western Coalition led by the U.S. in Syria. Quoting two unidentified diplomatic sources, Izvestia wrote: “Moscow will never join a coalition under American auspices. We have explained that to our partners behind closed doors. We argue that their actions in Syria are illegitimate. They indeed proposed that we join them, but under the main condition that the U.S. leads the cause of the fight against terror. We are likewise unwilling to do so… If some coalition receives UN Security Council [approval] for action in Syria, we’ll consider it, but it will be a completely different formation [as opposed to the current coalition].”

***

One more item:

This site has previously posted about the Russian annexing of the Arctic region with no rebuke from the Obama administration. Wanna see what the Russians are gloating about now?

UPI: The Russian Ministry of Defense has released a virtual tour showcasing a newly constructed military base located in a remote area in the Arctic.

The tour, presented on the defense ministry’s website, allows visitors to browse through various structures of the base. It does not depict or discuss any military hardware.

The release marks a notable departure from Kremlin tradition regarding military matters, which are typically highly classified. BBC News reports the facility is built to house 150 personnel for 18-month long deployments and that it is designed to withstand extremely cold temperatures.

The Kremlin considers the Arctic to be a strategic location for Russia’s air defenses.

Units of Russian Arctic Trefoil military base, 30 Mar 17

Getty Images Image caption The large complex is permanent and has plenty of energy and storage capacity

The Arctic Trefoil permanent base is in Franz Josef Land, a huge ice-covered, desolate archipelago. The Russian military sees the resource-rich Arctic as a key strategic region. President Vladimir Putin visited the new base, on Alexandra Land, last month.

It is built on stilts – to help withstand the extreme cold – and will house 150 personnel on 18-month tours of duty. Winter temperatures typically plunge to minus 40C. See the tour here.