Malhama Tactical, Elite Jihadis, Expanding Beyond Syria

Image result for russian vdv .pdf VDV

Unconfirmed: Abu Rofik (or Rafik) Abdul Mukaddim Tatarstani – Russian speaking al-Qaida operative in Syiria Killed in airstrike. Abu Rafiq claims to be a former VDV member. VDV is:

Russia’s elite airborne force (parachute and air assault) is the Vozdushno-Desantnye Voyska (VDV).1 It can be considered a strategic force, on a par with their rocket and space forces. With its origins in the 1930s, Russia’s airborne force is currently the largest and most highly-mechanised in the world. Having fought with distinction during World War II, against the mujahideen in Afghanistan, and in the Five-Day War with Georgia, the presence of Russian airborne troops in Crimea and eastern Ukraine only confirmed their status as an elite force within the Russian military.

Image result for Malhama TacticalSouthfront

Note: Great War is (‘Mal’hama’) in the Hadith.

The Blackwater of Jihad

A consortium of elite, well-paid fighters from across the former Soviet Union are training jihadis in Syria. Their business model could go global.

FP: Heavily armed and expertly kitted with body armor and ballistic helmets, the men can be seen defending bunkers, storming buildings, and even posing by whiteboards giving tactical lessons. Though the titles of these YouTube videos are written in Russian Cyrillic, their background music is an a cappella Islamic chant known as a nasheed, which is often used by extremist groups in propaganda films. But the men are no ordinary jihadis. They are members of Malhama Tactical, the world’s first jihadi private military contractor (PMC) and consulting firm.

Malhama Tactical isn’t an enormous military conglomerate like the infamous Blackwater (now named Academi). It consists of 10 well-trained fighters from Uzbekistan and the restive Muslim-majority republics of the Russian Caucasus. But size isn’t everything in military consulting, especially in the era of social media. Malhama promotes its battles across online platforms, and the relentless marketing has paid off: The outfit’s fighting prowess and training programs are renowned among jihadis in Syria and their admirers elsewhere. It helps that until now the group has specialized its services, focusing on overthrowing Bashar al-Assad’s regime and replacing it with a strict Islamic government.

The group’s leader is a 24-year-old from Uzbekistan who goes by the name Abu Rofiq (an Arabic pseudonym that means father of Rofiq). Little is known about him other than that he cycles through personal social media accounts rapidly, using fake names and false information to throw off surveillance efforts. In virtually every video and photo posted online, he wears a scarf or balaclava to cover his face from the nose down, leaving visible only his narrow dark eyes and long, somewhat tangled, pitch-black hair. He speaks fluent Russian, but with a slight Uzbek accent.

Since launching in May 2016, Malhama has grown to do brisk business in Syria, having been contracted to fight, and provide training and other battlefield consulting, alongside groups like the al Qaeda-affiliated Jabhat Fateh al-Sham (formerly known as the Nusra Front) and the Turkistan Islamic Party, a Uighur extremist group from China’s restive Xinjiang province. And despite recent rebel setbacks in Syria, including the loss of Aleppo, demand for Malhama Tactical’s services in the country is as strong as ever, Abu Rofiq told Foreign Policy in an interview conducted over the messaging app Telegram.

But he is also beginning to think about expanding elsewhere. His group is willing to take work, Abu Rofiq says, wherever Sunni Muslims are oppressed. He cites China and Myanmar as places that would benefit from jihad. He also suggests that Malhama Tactical might go back to its roots, returning to fight in the North Caucasus against the Russian government.

In November, the group placed job ads on Facebook looking for instructors with combat experience to join the group. The ad described the outfit as a “fun and friendly team” looking for recruits who are willing to “constantly engage, develop, and learn” and work with Jabhat Fateh al-Sham. It even specified that instructors were privy to benefits like vacation time and one day off a week from jihad. The wording was more befitting of a Fortune 500 company than a group of extremists fighting in a brutal and bloody war. Jihad went global long before Malhama Tactical, but rarely with so entrepreneurial a spirit.

*** whwv8t3bbz4

Although Malhama Tactical is the first PMC to work exclusively for extremist groups, it’s hardly the first foreign PMC to enter the Syrian battlefield. The Syrian war has now lasted for nearly six years and cost the lives of more than 400,000 men, women, and children. And amid the chaos of groups like the Islamic State, the left-wing Kurdish People’s Protection Units, and Jabhat Fateh al-Sham vying for territory and influence, the Syrian front has also been a boon for military contractors, who have found work fighting on both sides of the war.

The first iteration of PMCs in Syria was the Slavonic Corps, an ill-fated, Hong Kong-registered company comprising ex-Russian military that briefly worked alongside government forces in 2013, according to a report by the Interpreter magazine. But it quickly became clear that they did not have the full support of the Syrian government. First, the Syrian army stole their vehicles, then their paychecks never arrived, and finally a Syrian air force helicopter crashed into the Slavonic Corps convoy after flying too low and running into power lines, injuring one mercenary. The Slavonic Corps’ misadventures came to an end when the group disbanded after a defeat by rebels in the desert near the city of Sukhnah in southern Syria in October 2013. The mercenaries returned home to Moscow and were promptly arrested by the Russian Federal Security Service (FSB) for their unsanctioned Syrian intervention.

Following the Kremlin’s own intervention in Syria in September 2015, nearly 1,500 Russian mercenaries arrived from the “Wagner” group, an infamous and secretive Russian PMC that previously fought alongside Russian-backed separatists in eastern Ukraine, according to an investigation by Sky News. Their mission was to assist the Assad regime, and unlike the Slavonic Corps, Wagner enjoys extensive support from the Russian government. Dmitry Utkin, a former special forces brigade commander of Russia’s military intelligence service, allegedly leads the group. Although little is known about Wagner, it’s believed that it mimics Academi’s model by operating as an elite infantry unit and relies on the Russian government for support, even flying into Syria on board official military aircraft and training at a Russian special forces base in Molkino in southwestern Russia. Wagner remains in Syria to this day.

At the same time, a litany of Russian-speaking fighters have fought alongside jihadi groups waging war against the Syrian government. According to the Soufan Group, there are at least 4,700 foreign fighters from the former Soviet Union in Syria, the majority of whom come from the Russian republics of Chechnya and Dagestan. These fighters typically arrive in Syria better equipped and trained than local militants and with years of experience fighting the Russian government in the mountains of Chechnya and Dagestan during the 1990s and 2000s.

These battle-hardened fighters quickly earned respect from local militants, who noticed the Russian speakers took on a much higher death rate than local fighters. They came to populate the ranks of both the Islamic State and Jabhat Fateh al-Sham, as well as various smaller groups, where locals refer to them as inghimasi, a term used among jihadis to refer to fighters who plunge into enemy front lines to inflict the maximum amount of casualties with no plan of returning alive. The archetypal inghimasi fights until he runs out of ammunition before detonating his suicide vest as his position is overrun.

But while many of their compatriots have become front-line shock troops, the former Soviet fighters of Malhama Tactical go a different way, carving out their own distinct niche between the worlds of professional PMCs and jihadi groups operating in Syria. They function as consultants, arms dealers, and, on occasion, elite warriors.

***

Malhama’s elite status makes sense against the background of Abu Rofiq’s own military career. Abu Rofiq told FP that he had moved as a young man from Uzbekistan to Russia, where, in addition to starting a family, he joined one of the Russian government’s most elite military units, a group of airborne troops known as the VDV. In 2013, Abu Rofiq left Russia for Syria, where rather than joining one faction, like most foreign fighters do, he remained independent and moved between them, before founding Malhama in 2016.

Throughout 2016, Malhama Tactical’s units trained the hard-line Islamist rebel group Ahrar al-Sham and Jabhat Fateh al-Sham in urban combat to help their fight against the Syrian regime in Aleppo. In one video, trainees practice firing multiple rocket-propelled grenade (RPG) rounds and work as squads to assault a building. In another, a two-man team clears rooms and eliminates targets using grenades and gunfire, all under the watchful eye of Malhama instructors.

This type of training isn’t cheap — the RPG rounds Malhama uses in its practice sessions are estimated to cost around $800 each on the black market — which is why military training for most rebel and jihadi groups in Syria has tended to consist of little more than marching, acrobatics, and basic marksmanship. But for jihadi groups that can afford it, Malhama Tactical’s infantry training is worth the expense. One European military contractor who spoke on the condition of anonymity acknowledged that the group’s tactical skills would provide it, and whomever it trains, a distinct advantage on the Syrian battlefield.

***

Malhama Tactical’s operators have, on occasion, also acted as special forces for different jihadi groups. In September 2016, they embedded with the Turkistan Islamic Party to help it repulse an Assad regime attack in southern Aleppo, according to a rebel activist source familiar with the group. However, Abu Rofiq says his outfit’s primary goal is to train other rebel and jihadi groups in combat, rather than fight on the front lines. Abu Rofiq admitted that Malhama also produces equipment for other jihadi groups as needed. Malhama, for example, manufactures accessories for the PKM, an extremely popular Russian-made 7.62 mm machine gun. The vests and grips, widely used in Aleppo during the intense fighting there, have become especially sought after among jihadis.

Malhama Tactical also takes its social media presence very seriously. The group advertises its services through Facebook, YouTube, Twitter, and the Russian social media site VKontakte, although the group’s account has been suspended. Its Instagram feed has the feel of something produced by a major corporate gun manufacturer. It features artsy, filtered photos of weapons and fighters taken from multiple angles, interspersed between various high-quality Malhama logo designs. With more than 208,160 views on YouTube, Malhama has a large reach, especially for its size. By comparison, the Free Syrian Army al-Moutasem Brigade, which is 50 times larger and half a year older, has just over 110,000 YouTube views. Everyone from rebels in Syria to Ukrainian soldiers and Russian separatists in Donetsk has commented on the group’s posts.

Malhama’s YouTube and Facebook pages also showcase free online guides for jihadis, covering improvised grenade construction, weapon cleaning, room clearing, and urban combat, among other skills. The group’s instructors organize online training sessions — on subjects including battlefield first aid; the use of weapons, such as RPG-7s; hand signal systems for urban combat; and introductions on how to conduct ambushes — when in-person assistance and consulting is not possible.

Although Malhama Tactical charges for its services, Abu Rofiq insists he isn’t a mercenary. He says his group’s motivation transcends money. “Our goal is different; we are fighting for an idea,” he said — namely, jihad against Assad.

“We’ll see a lot more of this activity going forward in the decades to come,” said Sean McFate, an associate professor at the National Defense University and author of The Modern Mercenary, a book about private armies. For McFate, the growth of Malhama Tactical is a natural offshoot of the prolonged Syrian war, but the outfit’s mixture of extremist ideology with the privatization of war is a unique and troubling trend. “A jihadi group doing this is a new level because if you’re talking about hardcore idealists paying for [military training], then that’s a milestone of modern warfare,” McFate said.

Abu Rofiq’s leadership has also brought him unwanted attention from the Russian government, which views him as a major terrorism threat. On Feb. 7, Russian airstrikes flattened Abu Rofiq’s apartment in Idlib, killing his wife, infant son, and several other civilians. Despite initial reports to the contrary, a local source confirmed that the airstrikes missed Abu Rofiq entirely. He had exited his apartment just moments before to help casualties from another nearby bombing.

In either case, Abu Rofiq’s jihadi PMC model has already had a significant effect on battles in northern Syria and could soon inspire copycat organizations outside the Middle East. Even if Abu Rofiq is killed and Malhama Tactical is destroyed, he’s already shaken up the war against Assad — and maybe even the future of the global military-industrial complex.

Neil Hauer, lead analyst for the SecDev Group in Ottawa, Canada, contributed to this report.

 

Putin Financing Marine Le Pen’s Presidential Run

Marine Le Pen’s links to Russia under US scrutiny

Image result for marine le pen and putin

Ms Le Pen’s Front National party has made no secret of the fact that it has taken foreign loans to help bankroll its presidential campaigns because, it has argued, French banks refuse to stump up the funds.

But in light of allegations of Russian interference in the US election of Donald Trump, scrutiny has now turned to Ms Le Pen, who is polled to reach the final round of France’s presidential elections in May.

In an extract of a letter dated November 28 to James Clapper, who heads up 17 American intelligence organisations and agencies, he notes that the Front National “publicly acknowledged that it had received a $9.8 million loan from a Russian bank with links to the Kremlin, allegedly brokered by a sanctioned Russian Duma deputy, according to French press reporting.”

The bank in question was First Czech Russian Bank (FCRB) in Moscow. Mr Turner goes on: “In February 2016, the FN asked Russia for a $30 million load to fund the FN leader Marine Le Pen’s 2017 campaign. More here from the Telegraph.

dgse franceFITSANAKIS: France’s primary intelligence agency warned the country’s government this week that Russia has launched a secret operation to try to influence the outcome of the upcoming French presidential election in favor of the far right. According to the Paris-based weekly newspaper Le Canard Enchaîné, France’s Directorate-General for External Security (DGSE) has notified the country’s leadership that a covert operation by the Kremlin is already underway, and is expected to intensify in the run-up to April’s election. The spy agency allegedly believes that Russian efforts aim to promote Marine Le Pen, leader of the ultra-right National Front. Le Pen wants to curb immigration to France and remove the country from the European Union.

In an article published on Wednesday, Le Canard Enchaîné said the DGSE’s warning has alarmed the Élysée Palace. The paper also said that French President François Hollande, who chairs the country’s defense council, has decided to devote the entire agenda of the council’s next meeting to the subject of Russia’s alleged interference in the election. Anonymous sources told the paper that, according to a classified DGSE report, Russian spy agencies are using automated systems designed to “fill the Internet with tens of millions” of articles, images and memes that support the National Front candidate. Additionally, several news media that are controlled by Moscow will try to discredit Le Pen’s rivals for the presidency. At the same time, websites such as WikiLeaks —which some American commentators accuse of working with Moscow— will publish leaked information designed to damage Le Pen’s competitors.

The Le Canard Enchaîné allegations sound very similar to accusations leveled against the Kremlin by American intelligence agencies and by members of the United States Democratic Party. However, these allegations have not been supported by concrete evidence, and Russia denies that it had any involvement in last November’s presidential election in the US, which was won by Donald Trump.

*** Meanwhile…. As top U.S. commanders are sounding the alarm of the forgotten war in Afghanistan due to the terror factions operating there including the even more deadly Taliban, Russia is legitimizing them to counter NATO. Are the Western leaders nurturing relationships with the Kremlin good with that as coalition countries have troops in Afghanistan?

Image result for russia taliban

In part from The Hill:

“The Russian involvement this year has become more difficult,” Gen. John Nicholson told the Senate Armed Services Committee. “First, they have begun to publicly legitimize the Taliban. This narrative that they promote is that the Taliban are fighting Islamic State and the Afghan government is not fighting Islamic State and that, therefore, there could be spillover of this group into the region. This is a false narrative.”

“I believe its intent is to undermine the United States and NATO,” he later added.

Nicholson was testifying about the current situation in Afghanistan, which he called a stalemate that he needs a few thousand more troops to break.

Among the challenges in the country are the actions of external actors such as Pakistan, Iran and Russia, Nicholson said.

He said Russia’s meddling in Afghanistan started in 2016 and continues to increase.

In addition to spreading a narrative that the Taliban is fighting the Afghan branch of the Islamic State in Iraq and Syria (ISIS), Russia has also organized a series of meetings to discuss the future of Afghanistan without inviting the Afghan government, Nicholson said. More here.

 

Red Cross Stops Operations, 1000’s More Troops Need, A’Stan

Primer: Red Cross Suspends Operations In Afghanistan After Six Employees Killed

Afghanistan hosts the Red Cross's fourth-largest humanitarian program in the world. (file photo)

Afghanistan hosts the Red Cross’s fourth-largest humanitarian program in the world. (file photo)

The International Committee of the Red Cross suspended operations in Afghanistan after gunmen killed six employees helping to deliver emergency relief to a remote northern region hit by heavy snowstorms.

The governor of Jowzjan Province said the aid convoy was attacked by suspected Islamic State gunmen. The head of the Red Cross called the incident the “worst attack against us” in 20 years.

A search operation was under way to find two charity workers who were still missing late on February 8.

“Our operations are on hold, indeed, because we need to understand what exactly happened before we can hopefully resume our operations,” the charity’s director of operations, Dominik Stillhart, said. More here.

WASHINGTON, Feb. 9, 2017 — A few thousand more troops for the train, advise and assist mission in Afghanistan would help to break what is now a stalemate with the Taliban, the Islamic State of Iraq and the Levant and other adversaries there, the commander of NATO’s Resolute Support mission and of U.S. forces in Afghanistan said here today.

Army Gen. John W. Nicholson Jr. testified this morning before the Senate Armed Services Committee on the situation in Afghanistan.

U.S. and NATO troops perform two complementary missions in Afghanistan, Nicholson said: the U.S. counterterrorism mission, called Operation Freedom’s Sentinel, and the NATO train, advise and assist mission, called Operation Resolute Support.

“I have adequate resourcing in my counterterrorism mission,” the general said. But the train, advise and assist mission has a shortfall of a few thousand troops, he added, noting that the extra troops could come from the United States and its allies, many of whom are fighting in Afghanistan.

Bolstering Offensive Capability

Nicholson said offensive capability will break the stalemate in Afghanistan, and the Afghan security forces’ key offensive capabilities are their special forces and air force.

“As a result of our training, equipping and partnering, the 17,000-strong Afghan special forces are the best in the region,” the general told the Senate panel. “They now operate independently on roughly 80 percent of their missions.”

The Afghan air force also is gaining capability, he added, noting that its first ground-attack aircraft entered the fight in April and the force is now integrating intelligence surveillance and reconnaissance assets into new targeting processes.

According to a Defense Department statement issued Dec. 19, the fiscal year 2017 budget amendment requests $264 million to procure 53 UH-60 Black Hawk helicopters and to begin to refurbish and modify some of them. The request also would fund more aircraft already in the Afghan inventory, including 30 more armed MD-530 helicopters for $227 million, six more A-29 fixed-wing close-attack aircraft for $174.5 million, and five AC-208 fixed-wing aircraft for $80 million.

The request includes $69 million to train aircrew and maintenance personnel, and DoD officials said it will seek funding for more UH-60s and AC-208s in future fiscal years.

“Congressional approval of funding for the Afghan air force is key to improving the offensive capability of the Afghan national defense and security forces, [and] there is an urgency to this request in order to get these aircraft and aircrews into the fight as soon as possible,” Nicholson said.

The investment in the Afghan air force will help them take over responsibility for their own close air support, “and even more important, will lead to an offensive capability that allows them to overmatch the Taliban or any other group on the battlefield, anywhere around the country,” the general said.

No Safe Haven

Nicholson said the main objective in Afghanistan is to keep the nation from being used as a safe haven from which terrorists could attack the United States and its allies.

“Of the 98 U.S.-designated terrorist groups globally, 20 operate in the Afghanistan-Pakistan region, along with three violent extremist organizations,” Nicholson told the senators.

This is the highest concentration of terrorist groups anywhere in the world, and it underscores the counterterrorism platform’s importance in the Central Asia-South Asia region, because it protects the American homeland, he added.

“We remain very focused on the defeat of al-Qaida and its associates, as well as the defeat of Islamic State Khorasan Province, which is the ISIL affiliate in Afghanistan,” he said.

Many nations are committed to Afghanistan’s success, Nicholson said.

At NATO’s July summit in Warsaw, Poland, the alliance reaffirmed its commitment to sustain the Afghan national defense and security forces through 2020. At an October conference in Brussels, 75 countries and organizations confirmed their intention to provide $15.2 billion to Afghanistan development needs. And India dedicated another $1 billion on top of the $2 billion it already had given to Afghan development needs.

“These expressions of international commitment reflect the importance the world places on stability in Afghanistan and confidence in the Afghan people and Afghan government,” Nicholson said, noting that the NATO mission has an exceptional partnership with Afghan President Ashraf Ghani, Chief Executive Abdullah Abdullah, and the security forces and people of Afghanistan.

No. 1 Goal

The general said the No. 1 goal of the Afghanistan fight is to protect the homeland from any attack emanating from the region.

An Afghan soldier searches people receiving supplies in Afghanistan’s Parwan province during a humanitarian aid mission, Jan. 28, 2017. Army photo by Sgt. 1st Class Eliodoro Molina

An Afghan soldier searches people receiving supplies in Afghanistan’s Parwan province during a humanitarian aid mission, Jan. 28, 2017. Army photo by Sgt. 1st Class Eliodoro Molina

 

“We have achieved that in the last 15 years, [but] we need to stay on top of that, because of this confluence of 20 terrorist groups in the region,” he said. “I believe this is an enduring commitment to keep pressure on these groups and help the Afghans move toward a successful end state.”

Success in Afghanistan might be the maintenance of the enduring counterterrorism effort to keep pressure on terrorist groups, Nicholson said.

“It means that we would destroy the Islamic State and al-Qaida inside Afghanistan, something we’re actively pursuing every day. It means that we would help the Afghan security forces and government to extend their control to a larger and larger percentage of the population,” he said. It means the NATO mission would help Afghanistan become a more stable and prosperous entity in a critical part of the world, he added.

“I recognize the distance of Afghanistan and the length of this [war] has been challenging for the American people to support,” Nicholson said. “However, I personally believe that this effort we’re undertaking there is protecting the homeland and preventing these terrorists from bringing their fight to our doorstep.”

 

You Playing the Slot Machine Next to that Russian?

Russian organized crime is not a new phenomenon by any stretch and does operate in the United States. In 2011:

Russian organized crime syndicates and criminally linked oligarchs may attempt to collude with state or state-allied actors to undermine competition in strategic markets like natural gas, oil, aluminum, and precious metals, the National Security Council attests. At the same time, transnational criminal networks in Russia are establishing new ties to global drug trafficking networks to raise quick capital. Nuclear material trafficking is an especially prominent concern in the former Soviet Union, the report stated, adding that the US would continue to cooperate with Moscow and the nations of the region to combat illicit drugs and organized crime.

Image result for semion mogilevich fbi

The report singled out the Russian mob run by Semion Mogilevich. He is wanted by the US for fraud, racketeering, and money laundering and was recently added to the FBI’s Ten Most Wanted list.

Mogilevich and several members of his organization were charged in 2003 in the Eastern District of Pennsylvania in a 45-count racketeering indictment with involvement in a sophisticated securities fraud and money-laundering scheme, in which they allegedly used a Pennsylvania company, YBM Magnex, to defraud investors of more than $150 million. Even after that indictment—and being placed on the FBI’s Ten Most Wanted list—Mogilevich has continued to expand his operations. Mogilevich was arrested by Russian police on tax charges in January 2008 and was released pending trial in July 2009. Other members of his organization remain at large.

Mogilevich’s criminal empire currently operates in Europe (including Italy, Chech Republic, Switzerland and Russia) the United States, the Ukraine, Israel and the United Kingdom. He also allegedly has ties with organized crime in South America, Pakistan and Japan. Mogilevich is considered one of the smartest and most powerful gangsters in the world. More here from Forbes.

**** Meanwhile, about those casinos and the fun slot machines, at least for those who cheat…

Image result for slot machines in casinos

Wired: In early June 2014, accountants at the Lumiere Place Casino in St. Louis noticed that several of their slot machines had—just for a couple of days—gone haywire. The government-approved software that powers such machines gives the house a fixed mathematical edge, so that casinos can be certain of how much they’ll earn over the long haul—say, 7.129 cents for every dollar played. But on June 2 and 3, a number of Lumiere’s machines had spit out far more money than they’d consumed, despite not awarding any major jackpots, an aberration known in industry parlance as a negative hold. Since code isn’t prone to sudden fits of madness, the only plausible explanation was that someone was cheating.

Casino security pulled up the surveillance tapes and eventually spotted the culprit, a black-haired man in his thirties who wore a Polo zip-up and carried a square brown purse. Unlike most slots cheats, he didn’t appear to tinker with any of the machines he targeted, all of which were older models manufactured by Aristocrat Leisure of Australia. Instead he’d simply play, pushing the buttons on a game like Star Drifter or Pelican Pete while furtively holding his iPhone close to the screen.

He’d walk away after a few minutes, then return a bit later to give the game a second chance. That’s when he’d get lucky. The man would parlay a $20 to $60 investment into as much as $1,300 before cashing out and moving on to another machine, where he’d start the cycle anew. Over the course of two days, his winnings tallied just over $21,000. The only odd thing about his behavior during his streaks was the way he’d hover his finger above the Spin button for long stretches before finally jabbing it in haste; typical slots players don’t pause between spins like that.

On June 9, Lumiere Place shared its findings with the Missouri Gaming Commission, which in turn issued a statewide alert. Several casinos soon discovered that they had been cheated the same way, though often by different men than the one who’d bilked Lumiere Place. In each instance, the perpetrator held a cell phone close to an Aristocrat Mark VI model slot machine shortly before a run of good fortune.

By examining rental-car records, Missouri authorities identified the Lumiere Place scammer as Murat Bliev, a 37-year-old Russian national. Bliev had flown back to Moscow on June 6, but the St. Petersburg–based organization he worked for, which employs dozens of operatives to manipulate slot machines around the world, quickly sent him back to the United States to join another cheating crew. The decision to redeploy Bliev to the US would  prove to be a rare misstep for a venture that’s quietly making millions by cracking some of the gaming industry’s most treasured algorithms.

From Russia With Cheats

Russia has been a hotbed of slots-related malfeasance since 2009, when the country outlawed virtually all gambling. (Vladimir Putin, who was prime minister at the time, reportedly believed the move would reduce the power of Georgian organized crime.) The ban forced thousands of casinos to sell their slot machines at steep discounts to whatever customers they could find. Some of those cut-rate slots wound up in the hands of counterfeiters eager to learn how to load new games onto old circuit boards. Others apparently went to Murat Bliev’s bosses in St. Petersburg, who were keen to probe the machines’ source code for vulnerabilities.

By early 2011, casinos throughout central and eastern Europe were logging incidents in which slots made by the Austrian company Novomatic paid out improbably large sums. Novomatic’s engineers could find no evidence that the machines in question had been tampered with, leading them to theorize that the cheaters had figured out how to predict the slots’ behavior. “Through targeted and prolonged observation of the individual game sequences as well as possibly recording individual games, it might be possible to allegedly identify a kind of ‘pattern’ in the game results,” the company admitted in a February 2011 notice to its customers.

Recognizing those patterns would require remarkable effort. Slot machine outcomes are controlled by programs called pseudorandom number generators that produce baffling results by design. Government regulators, such as the Missouri Gaming Commission, vet the integrity of each algorithm before casinos can deploy it.

But as the “pseudo” in the name suggests, the numbers aren’t truly random. Because human beings create them using coded instructions, PRNGs can’t help but be a bit deterministic. (A true random number generator must be rooted in a phenomenon that is not manmade, such as radioactive decay.) PRNGs take an initial number, known as a seed, and then mash it together with various hidden and shifting inputs—the time from a machine’s internal clock, for example—in order to produce a result that appears impossible to forecast. But if hackers can identify the various ingredients in that mathematical stew, they can potentially predict a PRNG’s output. That process of reverse engineering becomes much easier, of course, when a hacker has physical access to a slot machine’s innards.

Knowing the secret arithmetic that a slot machine uses to create pseudorandom results isn’t enough to help hackers, though. That’s because the inputs for a PRNG vary depending on the temporal state of each machine. The seeds are different at different times, for example, as is the data culled from the internal clocks. So even if they understand how a machine’s PRNG functions, hackers would also have to analyze the machine’s gameplay to discern its pattern. That requires both time and substantial computing power, and pounding away on one’s laptop in front of a Pelican Pete is a good way to attract the attention of casino security.

The Lumiere Place scam showed how Murat Bliev and his cohorts got around that challenge. After hearing what had happened in Missouri, a casino security expert named Darrin Hoke, who was then director of surveillance at L’Auberge du Lac Casino Resort in Lake Charles, Louisiana, took it upon himself to investigate the scope of the hacking operation. By interviewing colleagues who had reported suspicious slot machine activity and by examining their surveillance photos, he was able to identify 25 alleged operatives who’d worked in casinos from California to Romania to Macau. Hoke also used hotel registration records to discover that two of Bliev’s accomplices from St. Louis had remained in the US and traveled west to the Pechanga Resort & Casino in Temecula, California. On July 14, 2014, agents from the California Department of Justice detained one of those operatives at Pechanga and confiscated four of his cell phones, as well as $6,000. (The man, a Russian national, was not indicted; his current whereabouts are unknown.)

The cell phones from Pechanga, combined with intelligence from investigations in Missouri and Europe, revealed key details. According to Willy Allison, a Las Vegas–based casino security consultant who has been tracking the Russian scam for years, the operatives use their phones to record about two dozen spins on a game they aim to cheat. They upload that footage to a technical staff in St. Petersburg, who analyze the video and calculate the machine’s pattern based on what they know about the model’s pseudorandom number generator. Finally, the St. Petersburg team transmits a list of timing markers to a custom app on the operative’s phone; those markers cause the handset to vibrate roughly 0.25 seconds before the operative should press the spin button.

“The normal reaction time for a human is about a quarter of a second, which is why they do that,” says Allison, who is also the founder of the annual World Game Protection Conference. The timed spins are not always successful, but they result in far more payouts than a machine normally awards: Individual scammers typically win more than $10,000 per day. (Allison notes that those operatives try to keep their winnings on each machine to less than $1,000, to avoid arousing suspicion.) A four-person team working multiple casinos can earn upwards of $250,000  in a single week.

Repeat Business

Since there are no slot machines to swindle in his native country, Murat Bliev didn’t linger long in Russia after his return from St. Louis. He made two more trips to the US in 2014, the second of which began on December 3. He went straight from Chicago O’Hare Airport to St. Charles, Missouri, where he met up with three other men who’d been trained to scam Aristocrat’s Mark VI model slot machines: Ivan Gudalov, Igor Larenov, and Yevgeniy Nazarov. The quartet planned to spend the next several days hitting various casinos in Missouri and western Illinois.

Bliev should never have come back. On December 10, not long after security personnel spotted Bliev inside the Hollywood Casino in St. Louis, the four scammers were arrested. Because Bliev and his cohorts had pulled their scam across state lines, federal authorities charged them with conspiracy to commit fraud. The indictments represented the first significant setbacks for the St. Petersburg organization; never before had any of its operatives faced prosecution.

Bliev, Gudalov, and Larenov, all of whom are Russian citizens, eventually accepted plea bargains and were each sentenced to two years in federal prison, to be followed by deportation. Nazarov, a Kazakh who was granted religious asylum in the US in 2013 and is a Florida resident, still awaits sentencing, which indicates that he is cooperating with the authorities: In a statement to WIRED, Aristocrat representatives noted that one of the four defendants has yet to be sentenced because he “continues to assist the FBI with their investigations.”

Whatever information Nazarov provides may be too outdated to be of much value. In the two years since the Missouri arrests, the St. Petersburg organization’s field operatives have become much cagier. Some of their new tricks were revealed last year, when Singaporean authorities caught and prosecuted a crew: One member, a Czech named Radoslav Skubnik, spilled details about the organization’s financial structure (90 percent of all revenue goes back to St. Petersburg) as well as operational tactics. “What they’ll do now is they’ll put the cell phone in their shirt’s chest pocket, behind a little piece  of mesh,” says Allison. “So they don’t have to hold it in their hand while they record.” And Darrin Hoke, the security expert, says he has received reports that scammers may be streaming video back to Russia via Skype, so they no longer need to step away from a slot machine to upload their footage.

The Missouri and Singapore cases appear to be the only instances in which scammers have been prosecuted, though a few have also been caught and banned by individual casinos. At the same time, the St. Petersburg organization has sent its operatives farther and farther afield. In recent months, for example, at least three casinos in Peru have reported being cheated by Russian gamblers who played aging Novomatic Coolfire slot machines.

The economic realities of the gaming industry seem to guarantee that the St. Petersburg organization will continue to flourish. The machines have no easy technical fix. As Hoke notes, Aristocrat, Novomatic, and any other manufacturers whose PRNGs have been cracked “would have to pull all  the machines out of service and put something else in, and they’re not going to do that.” (In Aristocrat’s statement to WIRED, the company stressed that it has been unable “to identify defects in the targeted games” and that its machines “are built to and approved against rigid regulatory technical standards.”) At the same time, most casinos can’t afford to invest in the newest slot machines, whose PRNGs use encryption to protect mathematical secrets; as long as older, compromised machines are still popular with customers, the smart financial move for casinos is to keep using them and accept the occasional loss to scammers.

So the onus will be on casino security personnel to keep an eye peeled for the scam’s small tells. A finger that lingers too long above a spin button may be a guard’s only clue that hackers in St. Petersburg are about to make another score.

 

Russian Information Troops, Others Helping the West

Going back a few years, it is important to understand how the cyber war began and where the Russians are today. While many in the United States laugh about the Russians hacked the Super Bowl and other ridiculous comments, there is a real seriousness that must be considered. So, for those who consider the Russian hacking thing to be ‘fake-news’, consider what the experts in the UK published in 2011.

Primer: Norway accuses group linked to Russia of carrying out cyber-attack, Norwegian intelligence service PST among targets of malicious emails believed to have been sent by APT 29.

***

Not too sure any agency or those collaborative countries know the depth of Russian cyber/espionage activity, except to offer very educated guesses and estimates based on other confirmed facts.

In part:

The narrative of “information war” is developing within Russia, but mostly under

the influence of initiatives taken overseas. The approach to CNO by the USA and

to a lesser extent by its allies is followed closely. The most recent senior comment

on the subject at the time of writing came from influential long-term Duma deputy,

and former Secretary of the Security Council and Deputy Minister of Defence,

Andrey Kokoshin – a long-term proponent of the vital importance of information

superiority for Russian security [71], with, intriguingly, a first qualification in

radio-electronics from the then Bauman Higher Technical College [72].

Speaking at the launch of a report entitled “’Cyber Wars’ and International

Security” published in late January 2011 jointly by the Institute of International

Security Issues of the Russian Academy of Sciences and the Faculty of World

Politics of Moscow State University, Kokoshin said that “the development of

issues of information warfare and ‘cyber wars’ must take place on an

interdisciplinary level… the experience of many states shows that information

warfare is not just a function of the Armed Forces: other state institutions including

the secret services take part in it [73]”. This makes an interesting counterpoint to

the FSB statement cited earlier in this paper which appeared to be suggesting that it

was not the business of the Armed Forces at all. The “’Cyber Wars’ and

International Security” report, according to the Russian Ministry of Defence

newspaper Krasnaya Zvezda, “examines primarily US and Chinese policy in this

area… The study examines issues such as operations in cyberspace as an integral

part of information operations [74].” At the time of writing, the report itself

appeared to be unavailable in open sources.

Meanwhile, Russian security concerns will continue to be prompted by the fact that

“influencing the transfer and storage of data means that the physical destruction of

your opponent’s facilities is no longer required [75]” – potentially negating all the

benefits of Russia’s hard-won military reforms. Efforts will continue to be

“directed at introducing international legal mechanisms that would make it possible

to contain potential aggressors from uncontrolled and surreptitious use of

cyberweapons against the Russian Federation and its geopolitical allies [76].”

So, Russian statements and initiatives on cyber operations have to be placed in this

context of observing rapidly-developing capabilities overseas, and listening to

public announcements in the USA and elsewhere of ever-greater potential and

willingness to inflict damage on adversaries by means of cyber attack. At present,

the urgent arguments for the creation of “Information Troops” within the Armed

Forces have not yet given rise to any visible change in tasking or designation of

military structures, and visions of Russia’s potential organised cyber warriors

range from the heroic and omnipotent [77] to the realms of surreal parody [78]; but

there is no doubt that the preoccupation with a perceived lack of capacity to

prosecute or defend against CNO within the military will continue to provoke calls

for action. Read the full summary here.

**** This is important due to the declarations made by U.S. domestic intelligence agencies, as they cannot be dismissed. This site recently published some items on three Russians arrested and are moved to treason cases.

Related reading: Russian Hacking, We knew Because we had an Inside Operative(s)

Related reading: $500 million for new Russian cyber army, 2014

Related reading: Russian cyber group seen preparing to attack banks, 2015

Some of these operatives were aiding the United States for as long as 7 years.

****

Russian officers ‘passed secrets to US for 7 years’

TheTimesUK: Two senior officers from Russia’s FSB spy agency passed state secrets to the United States for at least seven years in an espionage coup for Washington, it was alleged yesterday.

Ruslan Stoyanov is accused of handing over data supplied by two FSB officers

Sergei Mikhailov and Dmitri Dokuchayev have been charged with treason alongside Ruslan Stoyanov, a manager from the cybersecurity and anti-virus company Kaspersky Lab, who is accused of being an intermediary.

They are said to have helped the US pinpoint Russian hacking during the presidential election. The news of the arrests in December emerged late last month and details of the charges have not been officially released.

Yesterday a source familiar with the investigation said that the two FSB officers received payments to pass secret data to Mr Stoyanov and a representative of another cybersecurity company. The information was then transferred to “acquaintances abroad who worked closely with foreign special services”.

“This is not a one-off story, this activity was carried out for a minimum of seven years and caused substantial harm to the interests of the Russian Federation,” the source told the Rosbalt news agency.

 

Mr Mikhailov, a department head at the FSB’s Centre for Information Security, was arrested dramatically during a conference in Moscow. A sack was pulled over his head and he was marched out of the room. Mr Dokuchayev, one of Mr Mikhailov’s subordinates, is said to be a former hacker known as “Forb” who was recruited to the FSB under threat of prosecution.

Security and law-enforcement sources have told Russian media that the men passed information indirectly to the CIA or an organisation close to it.

Ivan Pavlov, a lawyer, is acting for one of the three accused men although he has refused to say which one. He said all three had been charged with state treason, which carries a potential 20-year prison sentence. The case files “refer to America but not the CIA”, he claimed.

Novaya Gazeta, the independent newspaper, said that Mr Mikhailov was suspected of handing the US information on Vladimir Fomenko, the owner of King Servers. Hackers used servers provided by the company to breach election databases in Illinois and Arizona last summer, according to ThreatConnect, a US cybersecurity company.

Mr Pavlov said yesterday that Mr Mikhailov had retracted an initial confession to the treason charge.

There has been a flurry of leaks about the highly secret treason investigation in Russian media, suggesting a clash of interests inside the FSB.

Two sources told the RBK news agency that the centre where the two accused officers worked was in conflict with the Centre for Information Defence and Special Communications, a rival FSB body with overlapping responsibilities. Andrei Ivashko, the head of that rival centre, is said to be friends with Konstantin Malofeev, founder of Tsargrad, a small television channel that first revealed the FSB arrests.

The scandal has been spiced further by reports that it may be linked to the arrest of three men from the Shaltai-Boltai (Humpty Dumpty) hacking group. Vladimir Anikeyev, known as “Lewis”, and two associates nicknamed March Hare and The Hatter were taken into custody in November but the arrests only emerged recently. They are charged with gaining “illegal access to computer information”.

Some media claimed that Mr Mikhailov had infiltrated the group and was using it for his own purposes, but a lawyer acting for Mr Anikeyev said yesterday that the treason case and the arrest of his client were not connected.