Category Archives: Russia

Russian Information Troops, Others Helping the West

Posted on by

Going back a few years, it is important to understand how the cyber war began and where the Russians are today. While many in the United States laugh about the Russians hacked the Super Bowl and other ridiculous comments, there is a real seriousness that must be considered. So, for those who consider the Russian hacking thing to be ‘fake-news’, consider what the experts in the UK published in 2011.

Primer: Norway accuses group linked to Russia of carrying out cyber-attack, Norwegian intelligence service PST among targets of malicious emails believed to have been sent by APT 29.

***

Not too sure any agency or those collaborative countries know the depth of Russian cyber/espionage activity, except to offer very educated guesses and estimates based on other confirmed facts.

In part:

The narrative of “information war” is developing within Russia, but mostly under

the influence of initiatives taken overseas. The approach to CNO by the USA and

to a lesser extent by its allies is followed closely. The most recent senior comment

on the subject at the time of writing came from influential long-term Duma deputy,

and former Secretary of the Security Council and Deputy Minister of Defence,

Andrey Kokoshin – a long-term proponent of the vital importance of information

superiority for Russian security [71], with, intriguingly, a first qualification in

radio-electronics from the then Bauman Higher Technical College [72].

Speaking at the launch of a report entitled “’Cyber Wars’ and International

Security” published in late January 2011 jointly by the Institute of International

Security Issues of the Russian Academy of Sciences and the Faculty of World

Politics of Moscow State University, Kokoshin said that “the development of

issues of information warfare and ‘cyber wars’ must take place on an

interdisciplinary level… the experience of many states shows that information

warfare is not just a function of the Armed Forces: other state institutions including

the secret services take part in it [73]”. This makes an interesting counterpoint to

the FSB statement cited earlier in this paper which appeared to be suggesting that it

was not the business of the Armed Forces at all. The “’Cyber Wars’ and

International Security” report, according to the Russian Ministry of Defence

newspaper Krasnaya Zvezda, “examines primarily US and Chinese policy in this

area… The study examines issues such as operations in cyberspace as an integral

part of information operations [74].” At the time of writing, the report itself

appeared to be unavailable in open sources.

Meanwhile, Russian security concerns will continue to be prompted by the fact that

“influencing the transfer and storage of data means that the physical destruction of

your opponent’s facilities is no longer required [75]” – potentially negating all the

benefits of Russia’s hard-won military reforms. Efforts will continue to be

“directed at introducing international legal mechanisms that would make it possible

to contain potential aggressors from uncontrolled and surreptitious use of

cyberweapons against the Russian Federation and its geopolitical allies [76].”

So, Russian statements and initiatives on cyber operations have to be placed in this

context of observing rapidly-developing capabilities overseas, and listening to

public announcements in the USA and elsewhere of ever-greater potential and

willingness to inflict damage on adversaries by means of cyber attack. At present,

the urgent arguments for the creation of “Information Troops” within the Armed

Forces have not yet given rise to any visible change in tasking or designation of

military structures, and visions of Russia’s potential organised cyber warriors

range from the heroic and omnipotent [77] to the realms of surreal parody [78]; but

there is no doubt that the preoccupation with a perceived lack of capacity to

prosecute or defend against CNO within the military will continue to provoke calls

for action. Read the full summary here.

**** This is important due to the declarations made by U.S. domestic intelligence agencies, as they cannot be dismissed. This site recently published some items on three Russians arrested and are moved to treason cases.

Related reading: Russian Hacking, We knew Because we had an Inside Operative(s)

Related reading: $500 million for new Russian cyber army, 2014

Related reading: Russian cyber group seen preparing to attack banks, 2015

Some of these operatives were aiding the United States for as long as 7 years.

****

Russian officers ‘passed secrets to US for 7 years’

TheTimesUK: Two senior officers from Russia’s FSB spy agency passed state secrets to the United States for at least seven years in an espionage coup for Washington, it was alleged yesterday.

Ruslan Stoyanov is accused of handing over data supplied by two FSB officers

Sergei Mikhailov and Dmitri Dokuchayev have been charged with treason alongside Ruslan Stoyanov, a manager from the cybersecurity and anti-virus company Kaspersky Lab, who is accused of being an intermediary.

They are said to have helped the US pinpoint Russian hacking during the presidential election. The news of the arrests in December emerged late last month and details of the charges have not been officially released.

Yesterday a source familiar with the investigation said that the two FSB officers received payments to pass secret data to Mr Stoyanov and a representative of another cybersecurity company. The information was then transferred to “acquaintances abroad who worked closely with foreign special services”.

“This is not a one-off story, this activity was carried out for a minimum of seven years and caused substantial harm to the interests of the Russian Federation,” the source told the Rosbalt news agency.

 

Mr Mikhailov, a department head at the FSB’s Centre for Information Security, was arrested dramatically during a conference in Moscow. A sack was pulled over his head and he was marched out of the room. Mr Dokuchayev, one of Mr Mikhailov’s subordinates, is said to be a former hacker known as “Forb” who was recruited to the FSB under threat of prosecution.

Security and law-enforcement sources have told Russian media that the men passed information indirectly to the CIA or an organisation close to it.

Ivan Pavlov, a lawyer, is acting for one of the three accused men although he has refused to say which one. He said all three had been charged with state treason, which carries a potential 20-year prison sentence. The case files “refer to America but not the CIA”, he claimed.

Novaya Gazeta, the independent newspaper, said that Mr Mikhailov was suspected of handing the US information on Vladimir Fomenko, the owner of King Servers. Hackers used servers provided by the company to breach election databases in Illinois and Arizona last summer, according to ThreatConnect, a US cybersecurity company.

Mr Pavlov said yesterday that Mr Mikhailov had retracted an initial confession to the treason charge.

There has been a flurry of leaks about the highly secret treason investigation in Russian media, suggesting a clash of interests inside the FSB.

Two sources told the RBK news agency that the centre where the two accused officers worked was in conflict with the Centre for Information Defence and Special Communications, a rival FSB body with overlapping responsibilities. Andrei Ivashko, the head of that rival centre, is said to be friends with Konstantin Malofeev, founder of Tsargrad, a small television channel that first revealed the FSB arrests.

The scandal has been spiced further by reports that it may be linked to the arrest of three men from the Shaltai-Boltai (Humpty Dumpty) hacking group. Vladimir Anikeyev, known as “Lewis”, and two associates nicknamed March Hare and The Hatter were taken into custody in November but the arrests only emerged recently. They are charged with gaining “illegal access to computer information”.

Some media claimed that Mr Mikhailov had infiltrated the group and was using it for his own purposes, but a lawyer acting for Mr Anikeyev said yesterday that the treason case and the arrest of his client were not connected.

 

Gibridnaya Voina vs. President Trump

Posted on by

Russia looks for weakness, they have found it. The War College understands and warns that Russia is at war with the West, is the West paying attention? Some are, others not so much. The White House relented or was ‘all-in’ from the beginning.

War has changed in the 21st century and combat is not always kinetic. Russia’s battlefields are the internet, financial markets and television airwaves. The goal is not necessarily to take and hold territory but to expand Russia’s sphere of influence and achieve political goals.

This is hybrid warfare, or gibridnaya voina, the much hyped and discussed way of war. But, as intelligence expert Mark Galeotti tells us on this week’s War College, Moscow’s conception of hybrid war isn’t new – it’s a reaction to and an Eastern adaptation of American military strategy during the Cold War. The goal is simple – expand Russian soft power to make the world more agreeable to the Kremlin’s point of view.

US eases sanctions against Russian Federal Security Service

“All transactions and activities” with participation of the Russian Federal Security Service are now authorized.
***

Related reading: Russian Hacking, We knew Because we had an Inside Operative(s)

So, it was the Kremlin’s political/diplomatic coup and it worked. Meanwhile, Trump authorized the U.S. Army to bolster Europe and NATO.

cyber_gl1 by zerohedge on Scribd

 

Russian Hacking, We knew Because we had an Inside Operative(s)

Posted on by

This Executive Order is in draft form and does not include Russia, which is quite curious. The question of ‘why’ must be asked based on information noted below.

The Trump administration’s draft of the executive order on cybersecurity obtained by the Washington Post by April Glaser on Scribd

Those people involved in internet forensics and that track hackers, malicious code, malware, ransomware and intrusions are all dedicated to finding the cracks in code and even more finding the hackers while further understanding their code and patterns. I get emails about this topic every day that include a variety of global companies operating in this realm.

Back in December of 2015, ODNI James Clapper announced Russian intrusions into several American infrastructure locations. This was before the announcement of Russian intrusions into the U.S. political apparatus. In can be presumed the United States has long had the help of operatives inside adversarial countries, most of all Russia. Spies are out there and further, it is estimated there are 100,000 foreign spies inside the United States as of this moment. Heh, before Barack Obama left his presidency, he did expelled many Russians and closed two Russian compounds.

IN 2014, U.S. Cyber operations quietly penetrated Russian systems without declaring in specific language the exact operations.

In 2014, National Security Agency chief Adm. Mike Rogers told Congress that U.S. adversaries are performing electronic “reconnaissance” on a regular basis so that they can be in a position to disrupt the industrial control systems that run everything from chemical facilities to water treatment plants.

“All of that leads me to believe it is only a matter of when, not if, we are going to see something dramatic,” he said at the time.

Rogers didn’t discuss the U.S.’s own penetration of adversary networks. But the hacking undertaken by the NSA, which regularly penetrates foreign networks to gather intelligence, is very similar to the hacking needed to plant precursors for cyber weapons, said Gary Brown, a retired colonel and former legal adviser to U.S. Cyber Command, the military’s digital war fighting arm. More here.

It is unclear if we have recruited people inside Russia to work on the behalf of the United States, but clues tell us we did, with success.

In part from RFEL: At the simplest level, two FSB officers working in cyberdefense, Sergei Mikhailov and Dmitry Dokuchayev, as well as Ruslan Stoyanov, a former Interior Ministry official who works for the cyber security company Kaspersky Lab, are reportedly being charged with espionage.

According to Russian media reports, Mikhailov is suspected of alerting U.S. intelligence to the FSB’s connection to a Russian server-rental company called King Servers.

Last year, the U.S.-based cybersecurity firm ThreatConnect had identified King Servers as the nexus for hacking attacks against the United States.

If U.S. intelligence did indeed have a highly placed source like Mikhailov, it would explain why it was able to conclude with such a high degree of confidence that Russia was behind the cyberattacks during the election campaign.

The timing of the arrests and the timing of the decision by former U.S. President Barack Obama to declassify and make public parts of the U.S. intelligence report on the alleged Russian hacking also makes sense.

Mikhailov was arrested in December. And the U.S. released the intelligence report a month later, in January.

If Mikhailov was indeed a source, then Washington would have been reluctant to declassify its intelligence for fear of compromising him.

After he was arrested, this, of course, would no longer be an issue.

So far, so straightforward. Until it isn’t.

Leaks to the Russian media have also connected Mikhailov and his subordinate Dokuchayev to a hacker group known as Shaltai-Boltai, or Humpty Dumpty, which in the past has released embarrassing material about top Russian officials.

Vladimir Anikeyev, the founder of Shaltai-Boltai, has also been arrested, but is not being charged with espionage.

Moreover, Russian media reports claim that Dokuchayev is actually a former hacker known as Forb, who was serving a prison sentence for credit-card theft when he was recruited by the FSB, where he held the rank of major.

As Leonid Bershidsky notes in his column for Bloomberg, “parallel to their official duties, officers often run private security operations involving blackmail and protection. If Mikhailov ran such a business out of the FSB’s Information Security Center, he wouldn’t stand out among his colleagues.”

And it’s also not unusual for the FSB to recruit former hackers. In fact, it’s pretty much standard practice.

This is where the story diverts into the murky world of FSB officers and their civilian collaborators monetizing their positions and forming protection rackets.

“An FSB officer, recruited from the hacking community, can use his rank and position to obtain compromising material and sell it to wealthy clients. A team profiting from these opportunities can include both officers and civilians,” Bershidsky writes.

“The Russian government can hire such a team through intermediaries if it needs something sensitive done — but so can foreign intelligence services. It’s a murky world in which actors are both predator and prey. The Kremlin enjoys access to brilliant and unscrupulous people; the downside, of course, is that they may be hard to control.”

If you follow this line of logic, then it’s easy to imagine that Mikhailov and Dokuchayev inadvertently or unwittingly sold information exposing King Server’s FSB connections to a front for U.S. intelligence.

But the fact of the matter is we simply don’t know.

And if things aren’t confusing enough yet, there is also the matter of the bitter personal and clan rivalries in the shadow world of the Russian security services.

In a recent post on his blog KrebsOnSecurity, Brian Krebs, author of the book Spam Nation: The Inside Story Of Organized Cybercrime, suggested the whole affair might be traced to a personal rivalry between Mikhailov and Pavel Vrublevsky, an Internet businessman whose partner owns King Servers.

Mark Galeotti, an expert on Russia’s security services and a senior research fellow at the Institute of International Relations in Prague, notes that the FSB’s Information Security Center, which Mikhailov headed and where Dokuchayev was his subordinate, has emerged as “a pivotal agency” and “a source of power.”

And this makes it a prime arena for fierce rivalries and power plays.

“This is probably an intelligence leak that is being cleared up. But the question is: why now? And I wonder if domestic politics explains the leaking of the information now. It could be a rebuke to the FSB for having messed up,” Galeotti said on last week’s Power Vertical Podcast.

 

 

The First call and Next Putin/Trump Phone Call?

Posted on by

President Trump spoke with Vladimir Putin on Saturday and the readouts of the calls from both sides don’t quite match. Notwithstanding, is this the real reason for the call?  

News has been circulating on the internet since Friday[27 Jan]stating that Syrian President Bashar al-Assad is experiencing serious health problems. Some media outlets said that Assad had suffered a stroke; while others said that he was shot and has been taken to Damascus Hospital for treatment.  

France’s Le Point, speculated that Assad might have been assassinated by his personal Iranian Bodyguard Mehdi al-Yaacoubi, going so far as to say that he shot him in the head.  

Lebanese newspaper, al-Mustaqbal, quoted “reliable sources” as saying that Assad suffered from a cerebral infraction and was transferred to Damascus Hospital where he is being treated under high security.  

As for the Saudi newspaper Okaz, Assad is suffering from a “brain tumor.” He tried to cover up his illness through short and frequent appearances.  According to its sources, Assad is being treated by a Russian-Syrian medical team on a weekly basis, adding that he has undergone medical tests when he was in Moscow in October.  

Pro-Syrian regime Lebanese newspaper al-Diyar reported on Friday that Assad suffered from a stroke, but denied the news today.  

There were also rumors that Assad is at the American University Hospital

(AUH) in Beirut. However, Al Arabiya contacted the hospital and no information on the issue was given. Al Arabiya has also tried to contact Damascus Hospital, but there has been no response. On the other hand, in a statement carried by the Presidency of the Syrian Arab Republic page on Facebook, Syrian authorities said that such rumors were incorrect.

***

Meanwhile, not being able yet to add credibility to the rumors above, on to the next call and when….

***

Arab no more: Russia plans Syria name change in draft constitution

A draft Syrian constitution prepared by Russia suggests that the word “Arab” will be removed from the official name of the Syrian Arab Republic, currently ruled by a faction of the pan-Arab nationalist Baath Party.

Russia’s constitutional proposals were revealed during the Astana peace talks this week, according to Sputnik.

As far back as June 2016, the state-owned Russian news agency reported: “Russia suggested that Syria should change its official name from the Syrian Arab Republic to the Republic of Syria, in order to appeal to ethnic minorities such as Kurds and Turkmen.”

Pre-war Syria had a 74 percent majority Arab population; nine percent were Kurds and there were about 100,000 Turkmen. More here.

Russia to Hand over Large Number of Armored Vehicles to Syrian Army

The activists released several images in social networks showing several groups of the Russian armored vehicles of Vodnik in Tartus port in Mediterranean Sea.
The activists also said that the Syrian army will receive the Russian armored vehicles soon. Military journalists underlined that deployment of high-speed Vodnik armored vehicles along with T90 tanks will help the Syrian army in the war on terrorism.
The Arabic desk of massdar news said it seems that these armored vehicles have been imported to equip Faylaq al-Khames forces that were formed by the Syrian army and Russia’s full military back up.
Media sources disclosed on Saturday that the Russian Armed Forces would likely send back a number of soldiers and military hardware to Humeimim base in Lattakia province to reinvigorate their forces’ combat capabilities again. The Russian language Nezavisimaya Gazeta daily said Russia seemed to redeploy its forces and equipment to the Humeimim base after the Astana peace talks.
The daily opined that liberation of Aleppo had not been a turning point in war on ISIL terrorists in Syria and Moscow made a hurried decision when started to withdraw a part of its forcers and equipment from Syria.

***

In part from Newsweek: Buried within the U.S. intelligence community’s report on Russian activities in the presidential election is clear evidence that the Kremlin is financing and choreographing anti-fracking propaganda in the United States. By targeting fracking, Putin hopes to increase oil and gas prices, destabilize the U.S. economy and threaten America’s energy independence.

Fracking, or hydraulic fracturing, is a decades-old drilling technique in which water and sand is pumped through rock at a high pressure to release previously unreachable deposits of oil and natural gas.

Thanks to new technologies which are making the process more efficient and environmentally friendly, fracking now supports 4.3 million jobs and generates about half a trillion dollars in economic benefit to the United States every year. Additionally, natural gas prices have dropped in half thanks to the corresponding boost in supply, saving American families an average of $200 a year.

Fracking is the major reason why the United States is on pace to become completely energy independent by 2020. America relies on fracking to produce more than 1.5 billion barrels of oil a year — over half of the total U.S. oil output.

Russia sees all this as a threat. More here from Newsweek.

Or could the next conversation include Afghanistan?

Challenging the U.S., Moscow Pushes Into Afghanistan

WSJ: Russia is making fresh inroads into Afghanistan that could complicate U.S. efforts to strengthen the fragile Kabul government, stamp out the resilient Taliban insurgency and end America’s longest war.

Moscow last month disclosed details of contacts with the Taliban, saying that it is sharing information and cooperating with the radical movement on strategy to fight the local affiliate of Islamic State.

 

For Trump: Inter arma enim silent leges

Posted on by

Translation: For among times of arms, the laws fall mute. But is this true?

Much opposition was forced on President GW Bush for his actions by executive order and presidential findings directly after the 9/11 attack. Bush ordered countless legal authorities inside and outside government for legal decisions on every step he took including that of ‘enhanced interrogation techniques’.

We have a major debate that will not be solved any time soon on the legality of the President Trump executive order on the refugee question which has caused major protests and legal action already as we see detentions of foreign nationals at airports. All executive orders are subject to judicial review. Presidents have been given the option of using extraordinary power and in many cases that is a good condition, yet in the matter of law, there have been without question many abuses.

This post is not meant to form any conclusion on the legal veracity of this executive order, rather it is designed to add it more facts and additional questions moving forward. President Trump has a mess to clean up left by Barack Obama, of this, there is no dispute. The White House did take action at the stroke of the pen to begin to make America safer, however was this action taken too soon and without legal opinions including that of the Office of Legal Council? That has not been answered.

So, here are some items that must be included in this debate that extends the whole view and argument.

These are not in any specific order so the reader can individually prioritize.

  1. Should President Trump have set an effective date of this Executive Order?
  2. How was TSA, DHS and all other associated agencies briefed on those already in transit and with validated travel documents in hand?
  3. Did the White House consider exemptions or waivers for those that have been vetted previously that worked or work for the USG in some capacity?
  4. Why were some countries on this list while others were not? The San Bernardino shooters were from Pakistan, but do we need Pakistan for the war in Afghanistan?
  5. The majority of the terrorists on 9/11 were from Saudi Arabia and yet Saudi was omitted from the list, why? Could it be that Trump had/has business interests there or because some that were formally in the Kingdom did aide often the United States when it came to terror like in the case of kidnapped CIA operative William Buckley in Beirut of which the Saudis helped finance his recovery? It is without question the Saudis dislike Iran as much as the United States.
  6. We have seen millions of refugees enter all parts of Europe in recent years and yet they can enter the United States under the ‘visa waiver’ program. Did the Trump White House take this under full consideration? The answer is a ‘kinda, yes’ they did but that review has been ordered and not yet deployed.
  7. We have countless refugees and asylees entering the United States from our southern border, but was Mexico on the list? No, yet we don’t know either if the phone discussion President Trump had with President Nieto, this topic was addressed.
  8. There are in fact limitations to who can be accepted into the United States under 8 U.S. Code S 1182 and applying those restrictions remain in the authority of the President while waivers can be issued and it is germane to ask if this law has been considered.
  9. Refugees too have rights and legal protections which was in fact determined after WW II and we have witnessed millions in the Middle East that are forced to live outside their homeland in camps that are simply inhumane. So when it comes to the ‘huddle masses’, the United States does have a responsibility however, the genesis of the current refugee/asylee issue remains with Susan Rice, Barack Obama and Hillary Clinton. The solution in the long term is almost impossible for President Trump and his team to solve unless the hostilities and conflicts in the Middle East are solved.
  10. The protests of those standing against the Trump executive order was not spontaneous, nor were those immediate lawsuits against this temporary refugee ban. Following the money and the continued chaos will not soon go away. What is the proper counter-measure going forward? A question that remains without an answer.
  11. In 2011, Obama did ban Iraqis wanting to enter the United States and this was in fact the exact year the United States pulled out in total from Iraqi. Obama did however issue some selective waivers. The concern for Obama at the time was the matter of two people in Kentucky plotting a terror attack. This alone is a single great argument for Trump’s action and Senator Schumer should be reminded as should Nancy Pelosi. But it is not the full argument as noted by the items above.
  12. It should be noted the actions of President Carter who ordered all Iranians to leave the United States and cut all interactions with Iran with few exceptions.

There are historical events that do offer President Trump great legal standing that is unless courts will rule otherwise in upcoming cases.

ABC: Over the veto of President Woodrow Wilson, Congress passed the 1917 Immigration Act amid social outcry over national security during World War I. According to the Office of the Historian of the U.S. Department of State, the legislation extended to barring most Asian nation immigration overall, with the exception of Japan, which was protected by a prior bilateral diplomatic agreement, and the Philippines, then a U.S. colony.

The act was officially repealed by the Magnuson Act in 1943, in the context of the U.S. alliance with China against Japan during World War II. Still, actual Chinese immigration to the U.S. remained capped at 105 persons a year until 1965.

National Origins Formula

For the first time in the 1920s — through the Emergency Quota Act of 1921 and the Immigration Act of 1924, or the Johnson-Reed Act — the U.S. further restricted immigration by establishing a wide-scale quota system based on national origins. According to the Office of the Historian of the U.S. Department of State, in addition to putting a blanket ban on immigration from Asian countries, now including Japan in the case of the Johnson-Reed Act, the national origins immigration policies also had the effect of reducing immigration from southern and eastern Europe.

According to a 2015 report by the Pew Research Center about 20th century U.S. immigration, the impact of the system was intended to “try to restore earlier immigration patterns by capping total annual immigration and imposing numerical quotas based on immigrant nationality that favored northern and western European countries.”

The U.S. immigration system remained based on the national origin of would-be immigrants until the passage of the Immigration Act of 1965 during the presidency of Lyndon B. Johnson.

“It was designed for racist reasons,” said Steve Legomsky, professor of law at the Washington University School of Law in St. Louis, referring to the national origins system as well as the prior exclusion of Asian immigrants. “Today, I don’t think that’s what’s driving the immigration ban [proposed by Trump]. I think it’s more a fear of terrorism and a concern for national security.”

Legomsky, who was also formerly the chief counsel of U.S. Citizenship and Immigration Services, added that “the impulses are different [now], but the effect is the same.”

In summary, this article is hardly complete with all the facts and laws, rather it is meant for the reader to consider a wider range of moving parts while inviting the reader to individually research more before an ‘all in’ as full support of Trump’s executive action be assumed.

Your comments are invited and encouraged.

In closing, it was in 2014 that now deceased Justice Scalia said, in times of war, laws fall silent.