Category Archives: The Denise Simon Experience

Fake URL’s and Shortening During Arab Spring/Iran

Posted on by

In 2014, it was reported but not widely so.

Edward Snowden leaked a top-secret GCHQ document which details the operations and the techniques used by JTRIG unit for propaganda and internet deception.

SecurityAffairs: The JTRIG unit of the British GCHQ intelligence agency has designed a collection of applications that were used to manipulate for internet deception and surveillance, including the modification of the results of the online polls. The hacking tools have the capability to disseminate fake information, for example artificially increasing the counter of visit for specific web sites, and could be also used to censor video content judged to be “extremist.” The set of application remembers me the NSA catalog published in December when the Germany’s Der Spiegel has revealed another disturbing article on the NSAsurveillance, the document leaked by tge media agency was an internal NSA catalog that offers spies backdoors into a wide range of equipment from major vendors.

The existence of the tools was revealed by the last collection of documents leaked by Edward Snowden, the applications were created by GCHQ’s Joint Threat Research Intelligence Group (JTRIG) and are considered one of the most advanced system for propaganda and internet deception. JTRIG is the secret unit mentioned for the first time in a collection of documents leaked by Snowden which describe the Rolling Thunder operation, the group ran DoS attack against chatrooms used by hacktivists. More here.

It is being reported again and it may be just good tradecraft by British intelligence.

British Spies Used a URL Shortener to Honeypot Arab Spring Dissidents

Motherboard: A shadowy unit of the British intelligence agency GCHQ tried to influence online activists during the 2009 Iranian presidential election protests and the 2011 democratic uprisings largely known as the Arab Spring, as new evidence gathered from documents leaked by Edward Snowden shows.

The GCHQ’s special unit, known as the Joint Threat Research Intelligence Group or JTRIG, was first revealed in 2014, when leaked top secret documents showed it tried to infiltrate and manipulate—using “dirty trick” tactics such as honeypots—online communities including those of Anonymous hacktivists, among others.

The group’s tactics against hacktivists have been previously reported, but its influence campaign in the Middle East has never been reported before. I was able to uncover it because I was myself targeted in the past, and was aware of a key detail, a URL shortening service, that was actually redacted in Snowden documents published in 2014.

THE HONEYPOT

A now-defunct free URL shortening service—lurl.me—was set up by GCHQ that enabled social media signals intelligence. Lurl.me was used on Twitter and other social media platforms for the dissemination of pro-revolution messages in the Middle East.

These messages were intended to attract people who were protesting against their government in order to manipulate them and collect intelligence that would help the agency further its aims around the world. The URL shortener made it easy to track them.

I was able to uncover it because I was myself targeted in the past

The project is linked to the GCHQ unit called the Joint Threat Research Intelligence Group or JTRIG, whose mission is to use “dirty tricks” to “destroy, deny, degrade [and] disrupt” enemies by “discrediting” them, according to leaked documents.

The URL shortening service was codenamed DEADPOOL and was one of JTRIG’s “shaping and honeypots” tools, according to a GCHQ document leaked in 2014.

Leaked GCHQ document listing shaping and honeypot tools used by JTRIG.

Earlier in the same year, NBC News released a leaked document showing that JTRIG attacked the hacktivist outfits Anonymous and LulzSec by launching Distributed Denial of Service (DDoS) attacks on chatroom servers know as Internet Relay Chat (IRC) networks.

The group also identified individuals by using social engineering techniques to trick them into clicking links—a technique commonly used by cybercriminals.

One slide showed a covert agent sending a link—redacted by NBC in the slide—to an individual known as P0ke. According to the slide, this enabled the signals intelligence needed to deanonymize P0ke and discover his name, along with his Facebook and email accounts.

In the fall of 2010, I was an early member of the AnonOps IRC network attacked by JTRIG and used by a covert GCHQ agent to contact P0ke, and in 2011 I co-founded LulzSec with three others. The leaked document also shows that JTRIG was monitoring conversations between P0ke and the LulzSec ex-member Jake Davis, who went by the pseudonym Topiary.

Through multiple sources, I was able to confirm that the redacted deanonymizing link sent to P0ke by a covert agent was to the website lurl.me.

Leaked GCHQ slide from document titled “Hacktivism: Online Covert Action.”

COVERT DISRUPTION

Further investigation of the URL shortener using public data on the web exposed a revealing case study of JTRIG’s other operations that used the DEADPOOL tool, including covert operations in the Middle East.

The Internet Archive shows that the website was active as early as June 2009 and was last seen online on November 2013. A snapshot of the website shows it was a ”free URL shortening service” to ”help you get links to your friends and family fast.”

Snapshot of lurl.me.

Public online resources, search engines and social media websites such as Twitter, Blogspot and YouTube show it being used to fulfill GCHQ geopolitical objectives outlined in previously leaked documents. Almost all 69 Twitter pages that Google has indexed referencing lurl.me are anti-government tweets from supposed Iranian or Middle Eastern activists.

The vast majority are from Twitter accounts with an egg avatar only active for a few days and have a few tweets, but there were a couple from legitimate accounts that have been tweeting for years, who have retweeted or quoted the other accounts tweeting from the URL shortener.

According to agency documents published by The Intercept, one of the strategies for measuring the effectiveness of an operation is to check online to see if a message has been “understood accepted, remembered and changed behaviour”. This could for example involve tracking those who shared or clicked on the lurl.me links created by GCHQ.

The group also identified individuals by using social engineering techniques to trick them into clicking links

Another JTRIG document published by The Intercept titled “Behavioural Science Support for JTRIG’S Effects and Online HUMINT Operations” can be used to understand the content associated with social media accounts that used the URL shortener.

JTRIG has an operations group for global targets, which then has a subteam for Iran, According to the document. It further states that “the Iran team currently aims to achieve counter-proliferation by: (1) discrediting the Iranian leadership and its nuclear programme; (2) delaying and disrupting access to materials used in the nuclear programme; (3) conducting online HUMINT; and (4) counter-censorship.”

The document goes on to detail the methods that JTRIG employs to achieve these goals, such as creating false personas, uploading YouTube videos, and starting Facebook groups to push specific information or agendas. Many of the techniques outlined are evident in social media accounts that aggressively use the URL shortener.

Page from leaked GCHQ document titled “Behavioural Science Support for JTRIG’S Effects and Online HUMINT Operations,” published at The Intercept.

AGENTS OF THE CAMPAIGN

There appear to be a small number of Twitter accounts that were only active during the month of June 2009, have very few followers, and repeatedly tweet the same content and links from lurl.me. One of the earliest and prolific accounts to tweet using the URL shortener is 2009iranfree.   Read more here from Motherboard.

Russia Weaponizing the Arctic

Posted on by

Russian Military Build-Up in Arctic Highlights Kremlin’s Militarized Mindset

Image result for russia arctic  Image result for russia arctic

Jamestown: Despite Russia’s economic crisis, which has already imposed restrictions on military spending (see EDM, May 3), the Kremlin is trying to implement a questionable buildup in the Arctic, aimed at strengthening Russian military might. During a recent board session of the Russian Ministry of Defense, Minister Sergei Shoigu paid special attention to the implementation of the “2020 Activity Plan by the Northern Fleet.” He reminded participants that the Northern Fleet, an “inter-service strategic formation,” was formed over two years ago “in order to protect [the] northern borders of Russia” (Mil.ru, July 27). He mentioned in particular that the construction of “closed-loop” (self-sustaining) military towns will be finished on the Franz Josef Land archipelago and the Novosibirsk Islands in 2016. A joint situational awareness system is being created to support air defense.   The Russian defense ministry intends to build or reconstruct ten airfields in the Arctic. “Russia’s Federal Agency for Special Construction [Spetsstroy] is building military infrastructure facilities on six islands in the Arctic,” Izvestia quotes a ministry official. According to this source, over 100 tons of military equipment for more than 150 facilities are planned to be delivered to these remote military garrisons. In addition to the materiel supply, more than 190 tons of construction materials—including precast concrete, cement, metal, pipes, fittings and equipment—will be delivered to the Arctic for building the facilities (Izvestia, July 11). The construction and renovation of runways and other structures is ongoing at Severomorsk-1 airfield (Murmansk oblast) as well as Nagurskoye air base (Alexandra Land Island, in the Franz Josef Archipelago). The airfields at Rogachevo (Arkhangelsk oblast), Tiksi (Yakutia Republic) and Temp (Kotelny Island in the Arctic Ocean) are also under construction. It was announced that beginning next year, Tiksi is to become the permanent base for a formation of high-altitude MiG-31 interceptors (Rossiiskaya Gazeta, July 19).   Meanwhile, troops deployed in the Arctic are undergoing intensive training. Specifically, units of mobile rapid-reaction forces are being exposed to the conditions of the Far North. During several snap inspection exercises in the past year, the Russian General Staff has concentrated on the ability to reinforce three land-based brigades in Murmansk oblast—the 200th Motorized Rifle Brigade (Pechenga), the 80th Arctic Motorized Rifle Brigade (Alakurtti) and the 61st Marine Brigade (Sputnik)—with airborne units based in Ivanovo and Pskov (western-central Russia) (Mil.ru April 9, 2015).   Over the last decade, the Russian leadership has become obsessed with the notion that climate change will result in the imminent melting of the polar ice cap in the Arctic Ocean. At this point, these politicians argue, Russia will be able to tap a wealth of heretofore inaccessible natural resources, such as oil and natural gas from the seabed. In addition, the role of the Northern Sea Route (which hugs Russia’s Arctic coast) will increase dramatically, providing huge revenues to Moscow from cargo ships allowed to pass through this transit corridor connecting Europe, Asia and North America.   However, climate change is unlikely to bring only benefits for Russia. In addition to polar ice, the Arctic permafrost will also melt. Consequently, a belt of Russia’s northern coast is expected to turn into a swamp many kilometers deep, making it impossible to build the infrastructure necessary to serve the Northern Sea Route or the facilities required to extract the region’s oil and gas. Moreover, the United Nations Convention on the Law of the Sea (UNCLOS) prohibits parties to the agreement from placing restrictions on foreign ships passing along the Northern Sea Route. Thus, Russia (a party to UNCLOS) is obligated to provide passing foreign vessels with communications as well as meteorological, hydrological and rescue services at its own expense. This means that President Vladimir Putin’s dream of cashing in on the route is wishful thinking. Even now, his plans clearly diverge from reality. Transit traffic via the Northern Sea Route has dropped catastrophically: from 1.18 million tons in 2013, to 39,000 tons in 2015 (Regnum, December 8, 2015).   For almost 80 years of this route’s existence, no one had any reason to question its economic viability. Military bases and prison camps were the main destination and departure points along the Northern Sea Route. Now, with transcontinental cargo traffic having collapsed, Moscow’s main hope is that this route will be used for transporting offshore oil. However, all major Western oil companies have so far refused to develop the Arctic shelf: it is too dangerous and expensive. Furthermore, sections of the Northern Sea Route are inaccessible to larger ships. Vessels with a draught of over 12 meters cannot operate in the vicinity of the Novosibirsk Islands, for example (Fni.no, November 8, 1999).   Future prosperity in the Arctic looks highly doubtful, but the Kremlin lives according to a different logic. It believes that the possession of even hypothetical treasures in the Far North will inevitably encourage other countries to forcibly take them from Russia. Therefore, the Kremlin has demanded that the defense ministry “strengthen the battle capability” in the region.   In executing this order, the Russian military is bound to redevelop old Cold War–style scenarios, even though none of the other Arctic-region countries have shown any sign of militarization in recent years. Nearly Russia’s entire military potential in the Far North is currently concentrated on the Kola Peninsula—the extreme west of the Russian Arctic. This was no accident, and it stems from the Arctic region’s role as a zone of military confrontation between the Soviet Union and the United States throughout the Cold War. It was convenient to deliver nuclear strikes against the enemy from the depths of the ice-covered ocean. The main task of all Soviet Armed forces in the Arctic—the naval surface fleet, the air force and ground troops—was to ensure nuclear submarine combat patrols and the protection of their bases on the Kola Peninsula. No one at that time suggested the need to control and defend thousands of miles of ice desert. Surface vessels of the Northern Fleet, in fact, cannot operate east of Novaya Zemlya—beyond this point they lack ground support and air protection. To ensure wide-scale patrols, it is not enough to restore Soviet-era airfields and station there a few dozen jets. Thousands of tons of fuel will also be required. Deploying small garrisons in the Arctic makes no military sense either. Thus, Russia is spending massive resources simply for Shoigu to be able to report to Putin that the country’s unobtainable natural wealth is being protected.

 

–Aleksandr Golts

Hillary’s Relationship with Russia is Approved Espionage

Posted on by

Dealing with evil, the evil empire as President Reagan declared. Quite actually under the Barack Obama administration it is nothing more than groveling with the Kremlin.

The United States has an Open Skies Treaty. and one must question why. Further, the Russians have taken full advantage of it.

Then there was the red line threat by Obama where it was later dismissed and handed over to Putin to handle those chemical weapons in Syria for removal.

Then we heard about the Bill and Hillary deal with the Canadian operative on Uranium One giving over rights of U.S. uranium supply to Russia.

But now we have yet another operation concocted by the White House and the Hillary State Department and this one is a blockbuster as noted by going back in history through the original WikiLeaks cables.

It is highly suggested to read the full document below, as it summarizes how Hillary allowed trade secrets and professional Russian espionage within the United States.

****

The full document is here.

FROM RUSSIA WITH Money

Hillary Clinton, the Russian Reset, and Cronyism

NYPost: Key players in a main component of the reset — a Moscow-based, Silicon Valley-styled campus for developing biomed, space, nuclear and IT technologies called “Skolkovo” — poured tens of millions of dollars into the Clinton Foundation, the report by journalist Peter Schweizer alleges.

As the Obama administration’s top diplomat, Hillary Clinton was at the center of US efforts on the reset in general and Skolkovo in particular, Schweizer argues.

Yet, “Of the 28 US, European and Russian companies that participated in Skolkovo, 17 of them were Clinton Foundation donors” or sponsored speeches by former President Bill Clinton, Schweizer told The Post.

“It raises the question — do you need to pay money to sit at the table?”

In one example cited by Schweizer, Skolkovo Foundation member and then-Cisco CEO John Chambers donated between $1 million and $5 million in personal and corporate cash to the Clinton Foundation, the report says.

But Skolkovo wound up making America less safe, Schweizer argues, because it shared advanced US technology that Russia can develop for both civilian and military applications, a concern raised already by Army and FBI officials.

Many of Skolkovo’s research projects involved “dual-use” technologies, meaning they would have both civilian and military uses, the report said, citing one in particular — a hybrid airship called an “Atlant” developed at the Skolkovo Aeronautical Center.

“Particularly noteworthy is Atlant’s ability to deliver military cargoes,” including “radar surveillance, air and missile defense and delivery of airborne troops,” the Skolkovo Foundation bragged in a document Schweizer cites.

Hillary Clinton personally launched the State Department’s efforts toward a Russian reset, presenting her Russian then-counterpart, Sergei Lavrov, with a prop reset button in Geneva in 2009.

The reset petered out by the end of 2011, when Russian President Vladimir Putin accused Hillary of fomenting Russian protests over suspicions of fraud in that year’s parliamentary elections.

But by then, the damage had already been done, Schweizer feels.

“I think the idea that you’re going to help develop a Russian version of Silicon Valley, which, by the way, will be controlled by the Russian government, and then not to expect that the technology will be siphoned off for military uses, is incredibly naive,” Schweizer said.

As early as 2010, cybersecurity experts also expressed deep concerns about Russia using Skolkovo to develop hacking capabilities.

Russia’s FSB spy agency — the successor to the KGB — reportedly keeps two of its information warfare “security centers” at Skolkovo, the report says.

“There certainly is an irony that as we are now concerned about Russian cyber-attacks on the US, that the reset played a role in enhancing their cyber-capabilities,” Schweizer said.

In this latest report, as in his book, “Clinton Cash: The Untold Story of How and Why Foreign Governments and Businesses Helped Make Bill and Hillary Rich,” Schweizer concedes he found no “smoking gun” evidence that any of the donors who poured cash into the Clinton coffers actually were promised, or received, any State Department favors in return.

“We don’t have an email or a pirated voice mail message saying, ‘We’ll give you money if you help us with Skokovo,’” Schweizer told The Post. “But what we do have is a pattern that shows a high percentage of participants in Skolkovo who happen to be Clinton Foundation donors.

“I think that everybody at the Russian reset table seems to walk away with something,” he added.

“The Clintons, they get their donations and speaking fees in the millions of dollars. The Russians get access to advanced US technology. The tech companies [that participated in the reset, including Cisco, Intel, Microsoft] get special access to the Russian market and workforce.

“But the American people get nothing. In fact, we get a rival — Russia — with enhanced technological capabilities. At best, that makes them a tougher competitor [in legitimate commerce],” Schweizer said.

“At worst, they get a more robust military, with technologies that we helped develop, and that can be sold to our enemies.”

The Clinton Foundation is sure to be a sore spot in Hillary’s campaign for the presidency, Schweizer predicted — tainted as it is, despite its laudable philanthropy.

“At the entire Democratic convention, they did not mention the Clinton Foundation once,” he said. “And it’s been the Clintons’ life work for 16-plus years.”

The Clinton campaign did not respond to requests from The Post for comment on the report.

“All I ask is that people look at the money. Who made the deals, who benefited from the deals,” Schweizer said. “We can’t get inside people’s heads as to why they did something, but we should follow the money.”

 

‘Breaking the Cross’, When not If…

Posted on by

U.K. Police Chief Says Attack Is a Matter of ‘When, Not If’

In part from Newsweek: U.K. police are treating the prospect of an attempted extremist attack on home soil as an inevitability said the head of the Metropolitan police, The Guardian reports.

Over the last 12 months France, Germany, Belgium and Turkey have experienced deadly attacks claimed by militant group Islamic State (ISIS). Sir Bernard Hogan-Howe said he wanted to offer reassurance to the British public that the trend would not endanger the U.K., and said police vigilance has not changed.

“I know that with each new outrage and especially those on our doorstep in Europe, there is a greater sense of fear that Britain will be the next victim in this wave of cruel and mindless mass murder,” he said.

“Our threat level has been at severe for two years—it remains there. It means an attack is highly likely. You could say it is a case of when, not if.”

Hogan-Howe spoke as Britain’s most senior counter-terrorism police officer, assistant commissioner Mark Rowley, said the greatest advantage U.K. police had in preventing attacks was public assistance. The BBC reported that relevant hotlines receive over 3,600 calls a day and Rowley said even more input was appreciated. More here.

Breaking the Cross: Latest ISIS Magazine Aimed At Christians

Clarion: In a break in tone from previous issues the Islamic State’s Dabiq focuses on tackling Christianity in particular and western ideologies in general.

DISCLAIMER: Clarion Project does not endorse the contents of the Islamic State’s propaganda magazine Dabiq. We are sharing this information because we believe that to defeat the pernicious ideology of Islamism

IslamismGlossary Item

The interpretation of Islam as a governmental system in which strict Sharia law must be enforced; synonymous with Political Islam.

we need to expose and discredit it, which means revealing what the group says it believes and wants in full.

The fifteenth issue of the Islamic State’s Dabiq magazine is called Breaking the Cross and is targeted at discrediting Christianity and Western secularism.

Unlike previous issues which were primarily directed at Muslim-majority societies, this issue is full of propaganda aimed at converting non-Muslims to the Islamic State’s puritanical and bloodthirsty interpretation of Islam.

The foreword includes direct attacks on the ideologies of Christianity, feminism, secular liberalism and atheism, naming them individually and offering rebuttals. It also references the recent attacks in France and Germany and threatens further violent attacks.

The magazine puts forward a dual approach. On the one hand ISIS calls on the population of Europe to “abandon their infidelity and accept Islam, the religion of sincerity and submission to the Lord of the heavens and the earth.”

On the other they threaten continual warfare against those who do not, saying “we call you to reflect on these questions as the bloodthirsty knights of the Caliphate

CaliphateGlossary Item

An Islamic State where Sharia is the basis of governance; usually used in reference to past Islamic empires in the Middle East.

continue to wage their war of just terror against you.”

Sections include “Why we hate you and fight you” along with a conversion story “Why I came to Islam” from a former Christian woman from Finland. The piece focuses on the supposed inconsistencies in Christianity as opposed to the alleged purity and simplicity of Islam.

The main feature “Breaking the Cross” is an extended rebuttal of Christian and Jewish theology which sets forth the arguments to believe in Islam. The bulk of the theological arguments are fairly standard lines of attack about the alleged absurdity of the Trinity and the alleged corruption of scripture by Jews and Christians such as many imams might argue.

The leap from mainstream Islamic monotheism to the violent slaughter of anyone who disagrees with ISIS is not explained clearly.

The shift in emphasis to appeal to a European and Western audience comes at the same time as a shift in instructions to fighters not to attempt to travel to Islamic-State-held lands in Iraq and Syria, but simply to carry out terrorist attacks in their home countries.

Read the latest issue of the Islamic State’s propaganda magazine Dabiq: Breaking the Cross.

Read all the issues of the Islamic State’s propaganda magazine Dabiq, hosted on Clarion Project. 

Russian spies claim they can now collect crypto keys

Posted on by

Filed under Vlad’s Glad…ah ha ha

Russian spies claim they can now collect crypto keys—but don’t say how

Putin gave KGB’s successor agency two weeks to deal with encrypted services.

ArsTechnica: Russia’s intelligence agency the FSB, successor to the KGB, has posted a notice on its website claiming that it now has the ability to collect crypto keys for Internet services that use encryption. This meets a two-week deadline given by Vladimir Putin to the FSB to develop such a capability. However, no details have been provided of how the FSB is able to do this.

The FSB’s announcement follows the passage of Russia’s wide-ranging surveillance law, which calls for metadata and content to be stored for six months, plus access to encrypted services, as Ars reported back in June.

The new capability seems to go even further, since the FSB notice (in Russian) speaks of obtaining the “information necessary for decoding the electronic messaging received, sent, delivered, and (or) processed by users of the ‘Internet’ network.”

Being able to decode Internet communications would seem to imply getting hold of any crypto keys that are used. However, as an article on The Daily Dot points out, it is still not clear what the new laws will require: “No one seems to know what this new law means in the slightest. Or, more accurately, the people who do know are keeping mum.”

Three of the services that are likely to be most affected by the new requirements are Facebook’s WhatsApp, Telegram, and Viber. Ars has asked all three for clarification on what the Russian authorities have asked for, and what information the companies are or will be providing, but has not yet received any reply. This post will be updated with responses when they are received.

Related reading: Is the U.S. Hacking Back? Uh Huh

The Daily Dot quotes Russian technologist Anton Nesterov as saying that it’s not even clear whether the new legislation applies to VPNs or basic SSL keys, nor whether mainstream electronic payment systems must hand over their keys as a matter of routine.

Nesterov also points out the dangers involved in providing this information, not least because leaks of such valuable data are always a risk.

***** 

In part from CSO: Networks at some 20 organizations in Russia — including scientific and military institutions, defense contractors, and public authorities — were found to be infected with the malware, the Russian Federal Security Service (FSB) said Saturday. The range of infected sites suggests that the targets were deliberately selected as part of a cyber-espionage operation, the FSB said.

Analysis of the attack showed that filenames, parameters and infection methods used in the malware are similar to those involved in other high-profile cyber-espionage operations around the world.

The software was adapted to the characteristics of each PC targeted, and delivered in a malicious email attachment, the FSB said.

Once installed, it downloaded additional modules to perform tasks such as monitoring network traffic, capturing and transmitting screenshots and keystroke logs, or recording audio and video using the PC’s microphone and webcam.

The FSB is working with ministries and other government agencies to identify all the victims of the malware, and to limit its effects, it said.

Russia is said to be the source, not the target, of another government-related cyber-attack. Last week, evidence emerged suggesting Russian involvement in an attack on computers at the Democratic National Committee, where recent data leaks have tarnished the campaign of presidential candidate Hillary Clinton.

Rival republican candidate Donald Trump last week suggested Russian spies should infiltrate Clinton’s email system in search of 30,000 messages allegedly missing from an investigation into her use of a private email server for official correspondence while secretary of state.