Posts Tagged ‘Ukraine’

Putin’s Plan

December 17, 2019

The title of this book is identical to the title of a chapter in Messing with the Enemy an excellent book by Clint Watts. In the fall of 2015 Russia’s dedicated hacking campaign proved to be unique in history. Unlike the hacking of criminals, Russia didn’t pursue indiscriminate breaches for financial gain. It sought information from politicians, government officials, journalists, media personalities, and foreign policy experts numbering in the thousands, according to government and media estimates.

The Russians had perpetrated cyberattacks as part of its military campaigns prior to invading Georgia in 2008, when it defaced and disabled Georgian government websites as part of a psychological warfare campaign. In 2014, a pro-Russian group called CyberBerkut surfaced alongside Kremlin hackers and penetrated Ukraine’s Central Election Commission, altering the nation-wide presidential vote in favor of Russia’s preferred candidate, Dmytro Yarosh. Fortnately, the Ukrainian caught the manipulation before the results were aired. Throughout 2015 and 2016, Ukrainian businesses and government agencies suffered endless cyber assaults. The Blackenergy attack struck power grids of the Ivano-Frankivsk region of Ukraine, disabling electricity during one of the country’s coldest periods. Watts writes, “These attacks, though, sought to damage infrastructure and undermine Eastern European countries through humiliation and confusion. The Russian-connected breaches surfacing in America, though, sought something different.

Beginning in the late summer of 2015 and extending through the fall, Russia undertook the largest, most sophisticated, most targeted hacking campaign in world history, breaking into the email accounts of thousands of American citizens and institutions. Analysts believe that the cyber offensive was perpetrated by two of Russia’s intelligence agencies: The Main Intelligence Directorate, known as GRU, and the Federal Security Service, known as FSB, which is primarily an internal intelligence arm, but is particularly sophisticated in cyber operations.

The GRU and FSB operatives act as Advanced Persistent Threats (APTs), a reference to their dedicated targeting and a wide array of cyber-hacking techniques. APTs have sufficient resourcing to stay on their targets until they penetrate the systems they want to access. They use a range of techniques, from the simple to the complex, employing all forms of social engineering and specifically tailored malware known as “zero days.”

These Russian APTs were known as APT28 (Fancy Bear) and APT29 (Cozy Bear). They represented competing Russian hacker groups seeking access and compromising information from democratically elected officials adversarial to Russia, media personalities (particularly reporters who interfaced with anonymous sources), military leaders, academic researches, and policy think tanks studying Russia. In other words, anyone and everyone opposing Russia was targeted in hopes that their private communications, if revealed, would undermine the credibility of a Russian adversary and/or sow divisions and mistrust between the targeted individuala and those they maligned in private.

“Spearphishing” is the most useful and common technique for gaining access to users’ accounts. Messages made to appear legitimate would tell them they needed to sign in to change their username, and users often complied.

In the fall of 2015 the Kremlin election hacking wave began. In September 2015, the Democratic National Committee (DNC) was breached. Both Fancy Bear and Cozy Bear breached the DNC in separate attacks. Separately, hackers penetrated the Democratic Congressional Campaign sometime around March or April 2016.

By 2016, Russia had advanced from spearphising of political parties to “whalephishing” of key political operatives and government officials. Whalephishing targets prominent individuals within organizations or governments whose private communications likely provide a wealth of insight and troves of secrets to propel conspiracies. The campaign manager of Hillary Clinton, John Podesta, proved to be the biggest whale hacked in 2016.

The troll army’s interest in the U.S. presidential collection gained steam toward the end of 2015. The following article in Sputnik caught Watt’s eye, “Is Donald Trump a Man to Mend US Relations with Russia?” At the time Trump’s campaign seemed more a celebrity stunt than a deliberate effort to lead the nation, but the post was curious, given that Russian disdain for both parties and their leaders had historically been a constant.

Watts writes, “From then on, the social media war in America surrounding the election prove unprecedented, and the Russians were there laying the groundwork for their information nuclear strike. Russian state-sponsored media, the English-speaking type, was quite clear: Putin did not want Hillary Clinton to become president. Aggressive anti-Clinton rhetoric from state-sponsored outlets, amplified by their social media trolls, framed Clinton as a globalist, pushing democratic agendas against Russia—an aggressor who could possibly bring about war between the two countries. The trolls anti-Clinton drumbeat increased each month toward the end of 2015 and going into 2016.”

Continuing, “Trump’s brash barbs against his opponents were working unexpectedly well. Kicking off 2016, the troll army began promoting candidate Donald Trump with increasing intensity, so much so that their computational propaganda began to distort organic support for Trump, making his social media appeal appear larger than it truly was.”

Wikileaks released Clinton’s emails. Five days after the WikiLeaks’ dump of DNC emails, Trump announced, “Russia, if you’re listening, I hope you’re able to find the thirty thousand emails that are missing…I think you will probably be rewarded mightily by our press.” Watts writes, “I watched the clip several times, and a sick feeling settled in my stomach. I’d watched the Russian system push for Trump and tear down Clinton, but up to that point, I hadn’t believed the Trump campaign might be working with the Russians to win the presidency. I’d given briefs on the Russian active measure system in many government briefings, academic conferences and think tank sessions for more than a year. But nothing seemed to register. Americans just weren’t interested; all national security discussions focused narrowly on the Islamic State’s recent wave of terrorism in Europe. I did what most Americans do when frustrated by politics. I suffered a Facebook meltdown, noting my disbelief that a U.S. presidential candidate would call on a foreign country one already pushing for his victory, to target and discredit a former first lady, U.S. senator, and secretary of state.”

Watts writes, “By Election Day, allegations of voter fraud and the election being rigged created such anxiety that I worried that some antigovernment and domestic extremists might undertake violence.” But there was no need to worry. Putin’s candidate had won.

Fascism

October 28, 2018

This post is based on Timothy Snyder’s book, “The Road to Unfreedom: Russia, Europe, America.” When the Soviet Union existed it was a Communist nation and was regarded as being on the extreme liberal left. Under Putin, Russia has become a Fascist nation on the extreme right. So it is ironic that the Republican Party that once was strongly anti-communist, has nominated a presidential candidate who was chosen by Putin as the best person to lead the United States. Now this presidential candidate, who was clearly aided by Russia in his campaign, is joined in a mutual admiration union with Putin. And many Republicans are trying to frustrate, if not end, the investigation into Trump and Russia. This is an age of toxic irony.

Fascism is a troubling phenomenon. Germany and Italy were Fascist countries the allies fought and defeated during WW2. Fascism is a strongly authoritarian ideology. As a result of the Nazis an F (for Fascism) Scale was developed, that essentially measured the strength of an authoritarian personality. Two characteristics of Fascism are anti-semitism and a hatred of homosexuality. HM has difficulty understanding the basis of anti-semitism. The justifications for it are clearly fabricated done just to provide the basis for hatred. Actually, HM is grateful to Jews for their many contributions to the arts, science, and humor, just to mention a few. However, HM does think he understands, at least partly, the basis for the hatred of homosexuals. This hatred is found in both the religious right and Fascists. Being a cynical psychologist, who is not a clinician, HM suspects that latent homosexuality is the basis for most of this hatred. Unknowingly, they fear their latent homosexuality and project this on others. The stronger the fear, the greater the hatred. This conjecture occurs to HM whenever he sees Putin without his shirt.

Readers are encouraged to read Snyder’s “The Road to Unfreedom: Russian, Europe, and America. It outlines Putin’s goals to break up Europe into a Russian state Europa. Brexit was a successful effort to this end. He is encouraging right wing parties in the Europe and these parties are gaining increasing strength. Similarly, he is trying to break up the United States into vassal states that will support Russia. He does this by sowing dissension in these countries by various means, but primarily by social media.

Putin was extremely upset when the Ukraine, that was part of the Soviet Union, wanted to join the European Union. He invaded militarily the eastern part of the Ukraine that was largely Russian. However, the remainder of the Ukraine resisted his military efforts so that roughly two-thirds of the Ukraine remained free. During this time HM was able to view RT and saw the splendid propaganda Russian produced. It is so slick that it appears to be news, although the central message was propaganda. At the point of this writing, the situation remains a stalemate. So it appears that Putin can be contained, but Putin’s motives and means must clearly be recognized. All of this is described in Snyder’s book as well as Putin’s other efforts in Europe.

Even Putin’s efforts in the United States can only be touched on in the future posts. Much more of the text of “The Road to Unfreedom: will be copied directly. These portions will be indicated in quotes. Trying to paraphrase would only dilute the message Snyder is excellently communicating.

WannaCry & NotPetya

July 19, 2018

This post is based on “THE PERFECT WEAPON: War, Sabotage, & Fear in the Cyber Age,” by David E. Sanger. The North Koreans got software stolen from the NSA by the Shadow Brokers group. So, the NSA lost its weapons and the North Koreans shot them back.

The North Korean hackers married NSA’s tool to a new form of ransomware, which locks computers and makes their data inaccessible—unless the user pays for an electronic key. The attack was spread via a phishing email similar to the one used by Russian hackers in the attacks on the Democratic National Committee and other targets in 2016. It contained an encrypted, compressed file that evaded most virus-detection software. Once it burst alive inside a computer or network, users received a demand for $300 to unlock their data. It is not known how many paid, but those who did never got the key, if there ever was one—to unlock their documents and databases.

WannaCry, like the Russian attackers on the Ukraine power grid, was among a new generation of attacks that put civilians in the crosshairs. Jared Cohen, a former State Department official said, “If you’re wondering why you’re getting hacked—or attempted hacked—with greater frequency, it is because you are getting hit with the digital equivalent of shrapnel in an escalating state-against-state war, way out there in cyberspace.”

WannaCry shut down the computer systems of several major British hospital systems, diverting ambulances and delaying non-emergency surgeries. Banks and transportation systems across dozens of counties were affected. WannaCry hit seventy-four countries. After Britain, the hardest hit was Russia (Russia’s Interior Ministry was among the most prominent victims). The Ukraine and Taiwan were also hit.

It was not until December 2017, three years to the day after Obama accused North Korea of the Sony attacks, for the United States and Britain to formally declare that Kim Jong-un’s government was responsible for WannaCry. President Trump’s homeland security adviser Thomas Bossert said he was “comfortable” asserting that the hackers were “directed by the government of North Korea,” but said that conclusion came from looking at “not only the operational infrastructure, but also the tradecraft and the routine and the behaviors that we’ve seen demonstrated in past attacks. And so you have to apply some gumshoe work here, and not just some code analysis.”

“The gumshoe work stopped short of reporting about how Shadow Brokers allowed the North Koreans to get their hands on tools developed for the American cyber arsenal. Describing how the NSA enabled North Korean hackers was either too sensitive, too embarrassing or both. Bossert was honest about the fact that having identified the North Koreans, he couldn’t do much else to them. “President Trump has used just about every level you can use, short of starving the people of North Korea to death, to change their behavior,” Bossert acknowledged. “And so we don’t have a lot of room left here.”
The Ukraine was victim to multiple cyberattacks. One of the worst was NotPetya. NotPetya was nicknamed by the Kaspersky Lab, which is itself suspected by the US government of providing back doors to the Russian government via its profitable security products. This cyberattack on the Ukrainians seemed targeted at virtually every business in the country, both large and small—from the television stations to the software houses to any mom-and-pop shops that used credit cards. Throughout the country computer users saw the same broken-English message pop onto their screens. It announced that everything on the hard drives of their computers had been encrypted: “Oops, your important files have been encrypted…Perhaps you are busy looking to recover your files, but don’t waste your time.” Then the false claim was made that if $300 was paid in bitcoin the files would be restored.

NotPetya was similar to WannaCry. In early 2017 the Trump administration said that NotPetya was the work of the Russians. It was clear that the Russians had learned from the North Koreans. They made sure that no patch of Microsoft software would slow the spread of their code, and no “kill switch’ could be activated. NotPetya struck two thousand targets around the world, in more than 65 countries. Maersk, the Danish shipping company, was among the worst hit. They reported losing $300 million in revenues and had to replace four thousand servers and thousands of computers.

From Russia, With Love

July 17, 2018

The title of this post is identical to the title of the Prologue from “The Perfect Weapon: War, Sabotage, & Fear in the Cyber Age.” Andy Ozment was in charge of the National Cybersecurity & Communications Integration Center, located in Arlington, VA. He had a queasy feeling as the lights went out the day before Christmas Eve, 2015. The screens at his center indicated that something more nefarious than a winter storm or a blown-up substation had triggered the sudden darkness across a remote corner of the embattled former Soviet republic. The event had the marking of a sophisticated cyberattack, remote-controlled from someplace far from Ukraine.

This was less than two years since Putin had annexed Crimea and declared it would once again be part of Mother Russia. Putin had his troops trade in their uniforms for civilian clothing and became known as the “little green men.” These men with their tanks were sowing chaos in the Russian-speaking southeast of Ukraine and doing what they could to destabilize a new, pro-Western government in Kiev, the capital.

Ozment realized that this was the ideal time for a Russian cyberattack against the Ukrainians in the middle of the holidays. The electric utility providers were operating with skeleton crews. To Putin’s patriotic hackers, Ukraine was a playground and testing ground. Ozment told his staff that this was a prelude to what might well happen in the United States. He regularly reminded his staff, that the world of cyber conflict, attackers came in five distinct varieties: “vandals, burglars, thugs, spies, and saboteurs. He said he was not worried about the thugs, vandals, and burglars. It was the spies, and particularly the saboteurs who keep him up at night.

In the old days, they could know who launched the missiles, where they came from and how to retaliate. This clarity created a framework for deterrence. Unfortunately, in the digital age, deterrence stops at the keyboard. The chaos of the modern Internet plays out in an incomprehensible jumble. There are innocent service outages and outrageous attacks, but it is almost impossible to see where any given attack came from. Spoofing the system comes naturally to hackers, and masking their location was pretty simple. Even in the case of a big attack, it would take weeks, or months, before a formal intelligence “attribution” would emerge from American intelligence agencies and even then there might be no certainty about who instigated the attack. So this is nothing like the nuclear age. Analysts can warn the president about what was happening, but they could not specify, in real time and with certainty, where an attack was coming from or against whom to retaliate.

In the Ukraine the attackers systematically disconnected circuits, deleted backup systems, and shut down substations, all by remote control. The hackers planted a cheap program—malware named “KillDisk”—to wipe out the systems that would otherwise allow the operators to regain control. Then the hackers delivered the finishing touch: they disconnected the backup electrical system in the control room, so that not only were the operators now helpless, but they were sitting in darkness.

For two decades experts had warned the hackers might switch off a nation’s power grid, the first step in taking down an entire country.

Sanger writes, “while Ozment struggled to understand the implications of the cyber attack unfolding half a world away in Ukraine, the Russians were already deep into a three-pronged cyberattack on the very ground beneath his feet. The first phase had targeted American nuclear power plants as well as water and electric systems, with the insertion of malicious code that would give Russia the opportunity to sabotage the plants or shut them off at will. The second was focused on the Democratic National Committee, an early victim of a series of escalating attacks ordered, American intelligence agencies later concluded, by Vladimir V. Putin himself. And the third was aimed at the heart of American innovation, Silicon Valley. For a decade the executives of Facebook, Apple and Google were convinced that the technology that made them billions of dollars would hasten the spread of democracy around the world. Putin was out to disprove that thesis and show that he could use the same tools to break democracy and enhance his own power.”

THE PERFECT WEAPON

July 15, 2018

The title of this post is identical to the title of a book by David E. Sanger. The subtitle is “War, Sabotage, & Fear in the Cyber Age.” The following is from the Preface:

“Cyberweapons are so cheap to develop and so easy to hide that they have proven irresistible. And American officials are discovering that in a world in which almost everything is connected—phones, cars, electrical grids, and satellites—everything can be disrupted, if not destroyed. For seventy years, the thinking inside the Pentagon was that only nations with nuclear weapons could threaten America’s existence. Now that assumptions is in doubt.

In almost every classified Pentagon scenario for how a future confrontation with Russia and China, even Iran and North Korea, might play out, the adversary’s first strike against the United States would include a cyber barrage aimed at civilians. It would fry power grids, stop trains, silence cell phones, and overwhelm the Internet. In the worst case scenarios, food and water would begin to run out; hospitals would turn people away. Separated from their electronics, and thus their connections, Americans would panic, or turn against one another.

General Valery Gerasimov, an armor officer who after combat in the Second Chechen War, served as the commander of the Leningrad and then Moscow military districts. Writing in 2013 Gerasimov pointed to the “blurring [of] the lines between the state of war and the state of peace” and—after noting the Arab Awakening—observed that “a perfectly thriving state can, in a matter of months and even days, be transformed into an arena of fierce armed conflict…and sink into a web of chaos.” Gerasimov continued, “The role of nonmilitary means of achieving political and strategic goals has grown,” and the trend now was “the broad use of political, economic, informational humanitarian, and other nonmilitary measures—applied in coordination with the protest potential of the population.” He said seeing large clashes of men and metal as a “thing” of the past.” He called for “long distance, contactless actions against the enemy” and included in his arsenal “informational actions, devices, and means.” He concluded, “The information space opens wide asymmetrical possibilities for reducing the fighting potential of the enemy,” and so new “models of operations and military conduct” were needed.

Putin appointed Gerasimov chief of the general staff in late 2012. Fifteen months later there was evidence of his doctrine in action with the Russian annexation of Crimea and occupation of parts of the Donbas in eastern Ukraine. It should be clear from General Gerasimov and Putin appointing him as chief of the general staff, that the nature of warfare has radically

changed. This needs to be kept in mind when there is talk of modernizing our strategic nuclear weapons. Mutual Assured Destruction, with the appropriate acronym MAD, was never a viable means of traditional warfare. It was and still is a viable means of psychological warfare, but it needs to remain at the psychological level.

Returning to the preface, “After a decade of hearings in Congress, there is still little agreement on whether and when cyberstrikes constitute an act of war, an act of terrorism, mere espionage, or cyber-enabled vandalism.” Here HM recommends adopting Gerasimov and Putin’s new definition of warfare.

Returning to the preface, “But figuring out a proportionate yet effective response has now stymied three American presidents. The problem is made harder by the fact that America’s offensive cyber prowess has so outpaced our defense that officials hesitate to strike back.”

James A. Clapper, a former director of national intelligence said that was our problem with the Russians. There were plenty of ideas about how to get back at Putin: unplug Russia from the world’s financial system; reveal Putin’s links to the oligarchs; make some of his own money—and there was plenty hidden around the world—disappear. The question Clapper was asking was, “What happens next (after a cyber attack)? And the United States can’t figure out how to counter Russian attacks without incurring a great risk of escalation.

Sanger writes, “As of this writing, in early 2018, the best estimates suggest there have been upward of two hundred known state-on-state cyber atacks—a figure that describes only those made public.”

This is the first of many posts on this book.

Trump, Russia, and Truth

May 20, 2018

The title of this post is identical to the title of a chapter in “The Assault on Intelligence: American Security in an Age of Lies.” This book is by Michael V. Hayden who has served as the directors of both the National Security Agency (NSA) and the Central Intelligence Agency (CIA). This is the second post in the series.

in 2017 a detailed story in “Wired” magazine revealed how Russia was subverting U.S. democracy cited a European study that found that rather than trying to change minds, the Russian goal was simply “to destroy and undermine confidence in Western media.” The Russians found a powerful ally in Trump, who attacked American institutions with as much ferocity as did Russian propaganda, as when he identified the press as the “enemy of the American people.” The attack on the media rarely argued facts. James Poniewozik of the New York Times wrote in a 2017 tweet that Trump didn’t try to argue the facts of a case—“just that there is no truth, so you should just follow your gut & your tribe.”

Wired also pointed out the convergence between the themes of Russian media/web blitz and the Trump campaign: Clinton’s emails, Clinton’s health, rigged elections, Bernie Sanders, and so forth. And then there was an echo chamber between Russian news and American right-wing outlets, epitomized by Clinton staffer Seth Rich was somehow related to the theft of DNC emails, and the dumping of them on Wikileaks—that it was an inside job and not connected to Russia at all.

Hayden writes, “Trump seemed the perfect candidate for the Russians’ purpose, and that was ultimately our choice not theirs. But the central fact to be faced and understood here is that Russians have gotten very good indeed at invading and often dominating the American information space. For me, that story goes back twenty years. I arrived in San Antonia, TX, in January 1996 to take command of what was then called the Air Intelligence Agency. As I’ve written elsewhere, Air Force Intelligence was on the cutting edge of thinking about the new cyber warfare, and I owed special thanks to my staff there for teaching me so much about this new battle space.”

“The initial question they asked was whether we were in the cyber business or the information dominance business? Did we want to master cyber networks as a tool of war or influence or were we more ambitious, with an intent to shape how adversaries or even societies received and processed all information? As we now have a Cyber Command and not an information dominance command, you can figure how all this turned out. We opted for cyber; Russia opted for information dominance.”

The Russian most interested in that capacity was General Valery Gerasimov, an armor officer who after combat in the Second Chechen War, served as the commander of the Leningrad and then Moscow military districts. Writing in 2013 Gerasimov pointed to the “blurring [of] the lines between the state of war and the state of peace” and—after noting the Arab Awakening—observed that “a perfectly thriving state can, in a matter of months and even days, be transformed into an arena of fierce armed conflict…and sink into a web of chaos.”

Gerasimov continued, “The role of nonmilitary means of achieving political and strategic goals has grown,” and the trend now was “the broad use of political, economic, informational humanitarian, and other nonmilitary measures—applied in coordination with the protest potential of the population.” He said seeing large clashes of men and metal as a “thing” of the past.” He called for “long distance, contactless actions against the enemy” and included in his arsenal “informational actions, devices, and means.” He concluded, “The information space opens wide asymmetrical possibilities for reducing the fighting potential of the enemy,” and so new “models of operations and military conduct” were needed.

Putin appointed Gerasimov chief of the general staff in late 2012. Fifteen months later there was evidence of his doctrine in action with the Russian annexation of Crimea and occupation of parts of the Donbas in eastern Ukraine.

Hayden writes, “In eastern Ukraine, Russia promoted the fiction of a spontaneous rebellion by local Russian speakers against a neofascist regime in Kiev, aided only by Russian volunteers, a story line played out in clever high quality broadcasts from news services like RT and Sputnik coupled with relentless trolling on social media. [At this time HM was able to view these RT telecasts at work. They were the best done propaganda pieces he’s ever seen, because they did not appear to be propaganda, but rather, high quality, objective newscasts.]

Hayden concludes, “With no bands, banners, or insignia, Russia had altered borders within Europe—by force—but with an informational canopy so dense as to make the aggression opaque.”