Softpanorama

Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
May the source be with you, but remember the KISS principle ;-)

Cyberwarfare

News Computer Security Recommended Links Cold War II Privacy is Dead – Get Over It Cyberstalking Total control: keywords in your posts that might trigger surveillance Spyware defence strategy
Anti-Russian hysteria in connection emailgate and DNC leak DNC emails leak Hillary Clinton email scandal          
Facebook as Giant Database about Users Blocking Facebook Cookie Cutting Phishing Malware Spyware Humor Etc

There is a tendency to exaggerate attacks, although genuine cyberwarfare attacks do exist starting from Stuxnet.

The term “war” could be applied to “cyber” activity only if there is a deliberate attempt to destroy some kind of infrastructure of foreign state like was the case of Stuxnet. 

(Re: It does not take a village — or a country; http://tinyurl.com/yguw93g  ).

If country A blocks country B’s intelligence from transmitting; if country B “blocks” country A’s battlefield communications capability during a military skirmish — that is  a clear “cyber warfare”.

Criminal hacking, Web site defacement, denial-of-service attacks — especially those directed against non-military and non-infrastructure targets — aren't “war” of any kind. It's more like (possibly a state-sponsored terrorism): attempt to get attention to specific group or goals. Not that different from, for example, support of jihadists bythe USA during Soviet Afgan war,  

Let’s be very clear; "real" war results in people being killed, in property being destroyed, in infrastructure and logistical capabilities being crippled. So for Internet attack to be called cyberwarfare it should meet at least one of this criteria; if not in effect, then in intention. And by “infrastructure” I mean real infrastructure— factories, hospitals, water treatment plants, power-generation facilities, roads and bridges. At least web sites that provide some kind of essential services like financial websites, not the Internet web site with general public information. 

Anything short of this is merely criminality, propaganda war, or "cold war" if you wish.

Hacking high officials email is more like a color revolution inspired trick, then anything else. 


Top Visited
Switchboard
Latest
Past week
Past month

NEWS CONTENTS

Old News ;-)

[Feb 19, 2018] What the Arrest of the Russian Intel top Cyber-Crime Expert Has to Do With American elections

Feb 19, 2018 | thebell.io

Sergei Mikhailov was arrested one year ago, on Dec. 5, 2016. Officers of the agency's internal security division seized him at his office and led him away with a sack over his head. Mikhailov is a black belt in karate and the officers feared that he might resist, explained one of the colonel's acquaintances.

Prior to his arrest, Mikhailov was head of the 2nd Directorate of the FSB's Information Security Center (TsIB) and within Russian intelligence circles he was considered the main authority on cybercrime.

Now he and three other men -- Dmitry Dokuchayev , an FSB major and former criminal hacker, accused in the U.S. of hacking 500 million Yahoo! accounts in 2014; Ruslan Stoyanov , a former Kaspersky Lab employee; and Georgy Fomchenkov , a little-known internet entrepreneur -- are suspected of state treason. The four are being held in Moscow's high-security Lefortovo Prison

[Feb 19, 2018] The FSB breaks up Russia's most notorious hacker group

Notable quotes:
"... Rosbalt said that when Anikeyev's business reached national levels, he started using new techniques. For example, Anikeyev would go to restaurants and cafes popular among officials, and with the help of sophisticated equipment he created fake Wi-Fi and mobile phone connections. ..."
"... Unsuspecting officials would connect to the network through the channel created by the hacker and he would have access to the information on their devices. ..."
"... Through the Looking Glass, ..."
"... The Anonymous International website was opened in 2013 and content stolen from the phones and emails of Russian politicians immediately started appearing on it. According to Life News , only the correspondence of the public officials and businessmen who refused to pay was published. At the same time members of Shaltai-Boltai positioned themselves as people with an active civil stance. ..."
"... Mikhailov tracked down Anonymous International at the beginning of 2016 and decided to take it under his control, as well as make some money from blackmail along the way. According to Life News , there is another theory - that Mikhailov had been managing the Shaltai-Boltai business from the start. ..."
"... Whatever the truth, Mikhailov and Dokuchayev have now been charged with treason. Anikeyev and Stoyanov will be prosecuted under a different charge - "unauthorized access to computer information." According to Rosbalt , the treason charges against Mikhailov and Dokuchayev are to do with Anonymous International's involvement in leaking to Ukraine the private correspondence of presidential aide Vladislav Surkov. ..."
"... Shaltai-Boltai's website has not been updated since Nov. 26 and its Twitter account since Dec. 12. The group's remaining members, who are believed to live in Thailand and the Baltic States, have been put on an FSB wanted list. ..."
Feb 19, 2018 | www.rbth.com

The alleged leader of the Anonymous International hacker group, also known as Shaltai-Boltai, has been arrested along with important officials in the security services who collaborated with the group. For several years Shaltai-Boltai terrorized state officials, businessmen and media figures by hacking their emails and telephones, and threatening to post their private information online unless blackmail payments were made. "The price tag for our work starts at several tens of thousands of dollars, and I am not going to talk about the upper limit," said a man who calls himself Lewis during an interview with the news website, Meduza , in January 2015.

Lewis, whose name pays hommage to the author Lewis Carroll, is the leader of Anonymous International, the hacker group specializing in hacking the accounts of officials and businessmen. Another name for Anonymous International is Shaltai-Boltai, Russian for "Humpty-Dumpty."

Several years ago Lewis and his colleagues prospered thanks to extortion. They offered their victims the chance to pay a handsome price to buy back their personal information that had been stolen. Otherwise their information would be sold to third persons and even posted online. In the end, Russian law-enforcement tracked down Lewis, and in November he was arrested and now awaits trial . His real name is Vladimir Anikeyev.

Shaltai-Boltai's founding father

"One's own success is good but other people's failure is not bad either," said the profile quote on Vladimir Anikeyev's page on VKontakte , Russia's most popular social network.

Vladimir Anikeyev / Photo: anikeevv/vk.com

Rosbalt news website said that in the 1990s Lewis worked as a journalist in St. Petersburg and specialized in collecting information through various methods, including dubious ones. "He could go for a drink with someone or have an affair with someone's secretary or bribe people," Rosbalt's source said.

In the 2000s Anikeyev switched to collecting kompromat (compromising material). Using his connections, he would find the personal email addresses of officials and entrepreneurs and break into them using hackers in St. Petersburg, and then blackmail the victims. They had to pay to prevent their personal information from ending up on the Internet.

Fake Wi-Fi

Rosbalt said that when Anikeyev's business reached national levels, he started using new techniques. For example, Anikeyev would go to restaurants and cafes popular among officials, and with the help of sophisticated equipment he created fake Wi-Fi and mobile phone connections.

Unsuspecting officials would connect to the network through the channel created by the hacker and he would have access to the information on their devices.

In the beginning Anikeyev was personally involved in the theft of information but later he created a network of agents.

The business grew quickly; enormous amounts of information were at Anikeyev's disposal that had to be sorted and selected for suitability as material for blackmail. In the end, according to Rosbalt, Anonymous International arose as a handy tool for downloading the obtained information.

Trying to change the world

The second name of the group refers to the works of Lewis Carroll, according to Shaltai-Boltai members. The crazy world of Through the Looking Glass, with its inverted logic, is the most apt metaphor for Russian political life. Apart from Lewis Anikeyev, the team has several other members: Alice; Shaltai, Boltai (these two acted as press secretaries, and as a result of a mix-up, the media started calling the whole project, Shaltai-Boltai); and several others, including "technicians," or specialist hackers.

The Anonymous International website was opened in 2013 and content stolen from the phones and emails of Russian politicians immediately started appearing on it. According to Life News , only the correspondence of the public officials and businessmen who refused to pay was published. At the same time members of Shaltai-Boltai positioned themselves as people with an active civil stance.

"We can be called campaigners. We are trying to change the world. To change it for the better," Shaltai told the Apparat website. In interviews members of the group repeatedly complained about Russian officials who restricted Internet freedom, the country's foreign policy and barriers to participation in elections.

Hacker exploits

Shaltai-Boltai's most notorious hack was of an explicitly political nature and not about making money. It hacked Russian Prime Minister Dmitry Medvedev's Twitter account. On Aug. 14, 2014 tweets were posted on the account saying that Medvedev was resigning because he was ashamed of the government's actions. The `prime minister' also had time to write that Putin was wrong, that the government had problems with common sense, and that the authorities were taking the country back to the past.

The scourge of banks and politicians: 4 famous Russian hackers

On the same day Anonymous International posted part of the prime minister's stolen archive, admitting that, "there is nothing particularly interesting in it."

"The posted material was provided by a certain highly-placed reptilian of our acquaintance," the hackers joked .

Medvedev is far from being Shaltai-Boltai's only victim. The hackers published the private correspondence of officials in the presidential administration: Yevgeny Prigozhin, a businessman close to Vladimir Putin; Aram Gabrelyanov, head of the pro-Kremlin News Media holding company; and of Igor Strelkov, one of the leaders of the uprising in east Ukraine. Lewis, however, insisted that only material that had failed to sell ended up on the Internet.

Law-enforcement links

Anikeyev was detained in November, and the following month Sergei Mikhailov, head of the 2nd operations directorate of the FSB Information Security Center, was also arrested. According to Kommersant , Mikhailov was a major figure in the security services who, "was essentially overseeing the country's entire internet business."

Mikhailov's aide, FSB Major Dmitry Dokuchayev, and a former hacker known as Forb, was also arrested. Shortly after, Ruslan Stoyanov, head of the department for investigating cybercrime at the antivirus software company Kaspersky Lab, was also detained. Stoyanov also worked closely with the secret services.

According to Rosbalt , Anikeyev revealed information about the FSB officers and the Kaspersky Lab computer expert and their close involvement with Shaltai-Boltai.

Mikhailov tracked down Anonymous International at the beginning of 2016 and decided to take it under his control, as well as make some money from blackmail along the way. According to Life News , there is another theory - that Mikhailov had been managing the Shaltai-Boltai business from the start.

Shaltai-Boltai had a big fall

Whatever the truth, Mikhailov and Dokuchayev have now been charged with treason. Anikeyev and Stoyanov will be prosecuted under a different charge - "unauthorized access to computer information." According to Rosbalt , the treason charges against Mikhailov and Dokuchayev are to do with Anonymous International's involvement in leaking to Ukraine the private correspondence of presidential aide Vladislav Surkov.

Shaltai-Boltai's website has not been updated since Nov. 26 and its Twitter account since Dec. 12. The group's remaining members, who are believed to live in Thailand and the Baltic States, have been put on an FSB wanted list.

Anyway, Shaltai-Boltai anticipated this outcome. "What awaits us if we are uncovered? Criminal charges and most likely a prison sentence. Each member of the team is aware of the risks," they said dispassionately in the interview with Apparat in 2015.

[Feb 19, 2018] Shaltai-Boltai's leader arrested by the FSB Crime

Notable quotes:
"... Anikeev immediately began to cooperate with the investigation and provide detailed evidence, which repeatedly mentioned Mikhailov as being associated with the Shaltai-Boltai's team," said the source of Rosbalt. And in December 2016, Mikhailov and his "right hand," another official of the Information Security Center, Dmitry Dokuchaev, were arrested. The Court took a decision on their arrest. Another ISC official was also detained, but after questioning, no preventive measures involving deprivation of liberty were applied to him. ..."
"... After the summer, Shaltai-Boltai began to work exclusively with the content given to it by the curator. ..."
"... later it switched to civil servants' email that contained information that could bring serious trouble. When it became known that Surkov's correspondence "leaked" to Ukraine, it broke the camel's back. "Mikhailov's a magnificent expert. Best in his business. One can say that the ISC is Mikhailov.. But he crossed all possible borders," told a source of Rosbalt. ..."
Feb 19, 2018 | rusletter.com

RusLetter

The story around the arrest of a high-ranking ISC official, Sergey Mikhailov, is becoming an actual thriller.

The creator of Shaltai-Boltai (Humpty Dumpty) website, which containted the correspondence of officials, journalist Vladimir Anikeev, better known in some circles as Lewis, was arrested on arrival from Ukraine, where he is supposed to have been involved in the publishing on a local site of presidential aide Vladislav Surkov's correspondence. In his testimony, Lewis said about the employee of the Information Security Center, Mikhailov.

As a source familiar with the situation told Rosbalt, Vladimir Anikeev was detained by the FSB officers at the end of October 2016, when he arrived in St. Petersburg from Ukraine. "The operation was the result of a long work. There was a complicated operative combination with the aim to lure Lewis from Ukraine, which he didn't indend to leave," said the source to the news agency. Anikeev was taken to Moscow, where the Investigation department of the FSB charged him under Article 272 of the Criminal Code (Illegal access to computer information).

First and foremost the counterintelligence was interested in the situation with the "leakage" of Vladislav Surkov's correspondence: by the time it was known that it was in the hands of the Shaltai-Boltai's team. Since it was e-mail with from the .gov domain, the situation caused great concern in theFSO. As a result of this, the correspondence was published on the website of a Ukrainian association of hackers called Cyber-Junta. In reality, it is suspected that Anikeev was involved in that affair. He'd been constantly visiting this country, his girlfriend lived there, and, according to available data, he was not going to return to Russia. Lewis was also asked about other officials' correspondence, which already appeared on the Shaltai-Boltai website.

" Anikeev immediately began to cooperate with the investigation and provide detailed evidence, which repeatedly mentioned Mikhailov as being associated with the Shaltai-Boltai's team," said the source of Rosbalt. And in December 2016, Mikhailov and his "right hand," another official of the Information Security Center, Dmitry Dokuchaev, were arrested. The Court took a decision on their arrest. Another ISC official was also detained, but after questioning, no preventive measures involving deprivation of liberty were applied to him.

According to the version of the agency's source, the situation developed as follows. At the beginning of 2016, the department headed by Mikhailov received an order to "work" with Shaltai-Boltai's website, which published the correspondence of civil servants. The immediate executor was Dokuchaev. Officers of the ISC were able to find out the team of Shaltai-Boltai, which participants nicknamed themselves after Lewis Carroll's "Alice in Wonderland": Alice, the March Hare, etc. The website creator and organizer, Anikeev, was nicknamed Lewis. In the summer there were searching raids in St. Petersburg, although formally for other reasons.

According to the Rosbalt's source, just after the summer attack the team of Shaltai-Boltai appeared to have the owner, or, to be exact, the curator. According to the source, it could be Sergey Mikhailov. As the result, the working methods of the Lewis's team also changed, just as the objects whose correspondence was being published for public access. Previously, Lewis's people figured out objects in places where mobile phone was used. They were given access to the phone contents by means of a false cell (when it came to mobile internet) or using a false-Wi-FI (if the person was connected to Wi-FI). Then the downloaded content was sent to member of the Lewis's team, residing in Estonia. He analyzed to to select what's to be put in the open access and what's to be sold for Bitcoins. The whole financial part of the Shaltai-Boltai involved a few people living in Thailand. These Bitcoins were cashed in Ukraine. Occasionally the Lewis published emails previously stolen by other hackers.

After the summer, Shaltai-Boltai began to work exclusively with the content given to it by the curator. Earlier, it published correspondence of rather an "entertaining" character, as well as officials whose "secrets" would do no special harm; but later it switched to civil servants' email that contained information that could bring serious trouble. When it became known that Surkov's correspondence "leaked" to Ukraine, it broke the camel's back. "Mikhailov's a magnificent expert. Best in his business. One can say that the ISC is Mikhailov.. But he crossed all possible borders," told a source of Rosbalt.

[Feb 19, 2018] Russian Lawyer Says FSB Officers, Kaspersky Manager Charged With Treason

Feb 19, 2018 | www.rferl.org

At the time of their arrests in December, Sergei Mikhailov and Dmitry Dokuchayev were officers with the FSB's Center for Information Security, a leading unit within the FSB involved in cyberactivities.

Pavlov confirmed to RFE/RL the arrest of Mikhailov and Dokuchayev, along with Ruslan Stoyanov, a former employee of the Interior Ministry who had worked for Kaspersky Labs, a well-known private cyber-research company, which announced Stoyanov's arrest last month.

The newspaper Kommersant reported that Mikhailov was arrested at a meeting of FSB officers and was taken from the meeting after a sack was put on his head.

The independent newspaper Novaya Gazeta, meanwhile, said that a total of six suspects -- including Mikhailov, Dokuchayev, and Stoyanov -- had been arrested. The state news agency TASS reported on February 1 that two men associated with a well-known hacking group had also been arrested in November, but it wasn't immediately clear if those arrests were related to the FSB case.

There has been no public detail as to the nature of the treason charges against Mikhailov, Dokuchayev, and Stoyanov. The Interfax news agency on January 31 quoted "sources familiar with the situation" as saying that Mikhailov and Dokuchayev were suspected of relaying confidential information to the U.S. Central Intelligence Agency (CIA).

Pavlov told RFE/RL the individuals were suspected of passing on classified information to U.S. intelligence, but not necessarily the CIA.

[Feb 18, 2018] The FSB breaks up Russia's most notorious hacker group - Russia Beyond

Notable quotes:
"... Through the Looking Glass, ..."
"... Mikhailov tracked down Anonymous International at the beginning of 2016 and decided to take it under his control, as well as make some money from blackmail along the way. According to Life News , there is another theory - that Mikhailov had been managing the Shaltai-Boltai business from the start. ..."
"... Whatever the truth, Mikhailov and Dokuchayev have now been charged with treason. Anikeyev and Stoyanov will be prosecuted under a different charge - "unauthorized access to computer information." According to Rosbalt , the treason charges against Mikhailov and Dokuchayev are to do with Anonymous International's involvement in leaking to Ukraine the private correspondence of presidential aide Vladislav Surkov. ..."
"... Shaltai-Boltai's website has not been updated since Nov. 26 and its Twitter account since Dec. 12. The group's remaining members, who are believed to live in Thailand and the Baltic States, have been put on an FSB wanted list. ..."
Feb 18, 2018 | www.rbth.com

The alleged leader of the Anonymous International hacker group, also known as Shaltai-Boltai, has been arrested along with important officials in the security services who collaborated with the group. For several years Shaltai-Boltai terrorized state officials, businessmen and media figures by hacking their emails and telephones, and threatening to post their private information online unless blackmail payments were made. "The price tag for our work starts at several tens of thousands of dollars, and I am not going to talk about the upper limit," said a man who calls himself Lewis during an interview with the news website, Meduza , in January 2015.

Lewis, whose name pays hommage to the author Lewis Carroll, is the leader of Anonymous International, the hacker group specializing in hacking the accounts of officials and businessmen. Another name for Anonymous International is Shaltai-Boltai, Russian for "Humpty-Dumpty."

Several years ago Lewis and his colleagues prospered thanks to extortion. They offered their victims the chance to pay a handsome price to buy back their personal information that had been stolen. Otherwise their information would be sold to third persons and even posted online. In the end, Russian law-enforcement tracked down Lewis, and in November he was arrested and now awaits trial . His real name is Vladimir Anikeyev.

Shaltai-Boltai's founding father

"One's own success is good but other people's failure is not bad either," said the profile quote on Vladimir Anikeyev's page on VKontakte , Russia's most popular social network.

Vladimir Anikeyev / Photo: anikeevv/vk.com Vladimir Anikeyev / Photo: anikeevv/vk.com

Rosbalt news website said that in the 1990s Lewis worked as a journalist in St. Petersburg and specialized in collecting information through various methods, including dubious ones. "He could go for a drink with someone or have an affair with someone's secretary or bribe people," Rosbalt's source said.

In the 2000s Anikeyev switched to collecting kompromat (compromising material). Using his connections, he would find the personal email addresses of officials and entrepreneurs and break into them using hackers in St. Petersburg, and then blackmail the victims. They had to pay to prevent their personal information from ending up on the Internet.

Fake Wi-Fi

Rosbalt said that when Anikeyev's business reached national levels, he started using new techniques. For example, Anikeyev would go to restaurants and cafes popular among officials, and with the help of sophisticated equipment he created fake Wi-Fi and mobile phone connections.

Unsuspecting officials would connect to the network through the channel created by the hacker and he would have access to the information on their devices.

In the beginning Anikeyev was personally involved in the theft of information but later he created a network of agents.

The business grew quickly; enormous amounts of information were at Anikeyev's disposal that had to be sorted and selected for suitability as material for blackmail. In the end, according to Rosbalt, Anonymous International arose as a handy tool for downloading the obtained information.

Trying to change the world

The second name of the group refers to the works of Lewis Carroll, according to Shaltai-Boltai members. The crazy world of Through the Looking Glass, with its inverted logic, is the most apt metaphor for Russian political life. Apart from Lewis Anikeyev, the team has several other members: Alice; Shaltai, Boltai (these two acted as press secretaries, and as a result of a mix-up, the media started calling the whole project, Shaltai-Boltai); and several others, including "technicians," or specialist hackers.

The Anonymous International website was opened in 2013 and content stolen from the phones and emails of Russian politicians immediately started appearing on it. According to Life News , only the correspondence of the public officials and businessmen who refused to pay was published. At the same time members of Shaltai-Boltai positioned themselves as people with an active civil stance.

"We can be called campaigners. We are trying to change the world. To change it for the better," Shaltai told the Apparat website. In interviews members of the group repeatedly complained about Russian officials who restricted Internet freedom, the country's foreign policy and barriers to participation in elections.

Hacker exploits

Shaltai-Boltai's most notorious hack was of an explicitly political nature and not about making money. It hacked Russian Prime Minister Dmitry Medvedev's Twitter account. On Aug. 14, 2014 tweets were posted on the account saying that Medvedev was resigning because he was ashamed of the government's actions. The `prime minister' also had time to write that Putin was wrong, that the government had problems with common sense, and that the authorities were taking the country back to the past.

The scourge of banks and politicians: 4 famous Russian hackers The scourge of banks and politicians: 4 famous Russian hackers

On the same day Anonymous International posted part of the prime minister's stolen archive, admitting that, "there is nothing particularly interesting in it."

"The posted material was provided by a certain highly-placed reptilian of our acquaintance," the hackers joked .

Medvedev is far from being Shaltai-Boltai's only victim. The hackers published the private correspondence of officials in the presidential administration: Yevgeny Prigozhin, a businessman close to Vladimir Putin; Aram Gabrelyanov, head of the pro-Kremlin News Media holding company; and of Igor Strelkov, one of the leaders of the uprising in east Ukraine. Lewis, however, insisted that only material that had failed to sell ended up on the Internet.

Law-enforcement links

Anikeyev was detained in November, and the following month Sergei Mikhailov, head of the 2nd operations directorate of the FSB Information Security Center, was also arrested. According to Kommersant , Mikhailov was a major figure in the security services who, "was essentially overseeing the country's entire internet business."

Mikhailov's aide, FSB Major Dmitry Dokuchayev, and a former hacker known as Forb, was also arrested. Shortly after, Ruslan Stoyanov, head of the department for investigating cybercrime at the antivirus software company Kaspersky Lab, was also detained. Stoyanov also worked closely with the secret services.

According to Rosbalt , Anikeyev revealed information about the FSB officers and the Kaspersky Lab computer expert and their close involvement with Shaltai-Boltai.

Mikhailov tracked down Anonymous International at the beginning of 2016 and decided to take it under his control, as well as make some money from blackmail along the way. According to Life News , there is another theory - that Mikhailov had been managing the Shaltai-Boltai business from the start.

Shaltai-Boltai had a big fall

Whatever the truth, Mikhailov and Dokuchayev have now been charged with treason. Anikeyev and Stoyanov will be prosecuted under a different charge - "unauthorized access to computer information." According to Rosbalt , the treason charges against Mikhailov and Dokuchayev are to do with Anonymous International's involvement in leaking to Ukraine the private correspondence of presidential aide Vladislav Surkov.

Shaltai-Boltai's website has not been updated since Nov. 26 and its Twitter account since Dec. 12. The group's remaining members, who are believed to live in Thailand and the Baltic States, have been put on an FSB wanted list.

Anyway, Shaltai-Boltai anticipated this outcome. "What awaits us if we are uncovered? Criminal charges and most likely a prison sentence. Each member of the team is aware of the risks," they said dispassionately in the interview with Apparat in 2015.

[Feb 18, 2018] What the Arrest of the Russian Intel top Cyber-Crime Expert Has to Do With American elections -- The Bell

Feb 18, 2018 | thebell.io

Sergei Mikhailov was arrested one year ago, on Dec. 5, 2016. Officers of the agency's internal security division seized him at his office and led him away with a sack over his head. Mikhailov is a black belt in karate and the officers feared that he might resist, explained one of the colonel's acquaintances.

Prior to his arrest, Mikhailov was head of the 2nd Directorate of the FSB's Information Security Center (TsIB) and within Russian intelligence circles he was considered the main authority on cybercrime.

Now he and three other men -- Dmitry Dokuchayev , an FSB major and former criminal hacker, accused in the U.S. of hacking 500 million Yahoo! accounts in 2014; Ruslan Stoyanov , a former Kaspersky Lab employee; and Georgy Fomchenkov , a little-known internet entrepreneur -- are suspected of state treason. The four are being held in Moscow's high-security Lefortovo Prison

[Feb 18, 2018] Moscow Court Sentences 'Shaltai-Boltai' Hackers To Prison

Notable quotes:
"... A Moscow court has sentenced two Russian hackers to three years in prison each for breaking into the e-mail accounts of top Russian officials and leaking them. ..."
"... The 2016 arrests of the Shaltai-Boltai hackers became known only after Russian media reported that two officials of the Federal Security Service's cybercrime unit had been arrested on treason charges. ..."
Feb 18, 2018 | www.rferl.org

A Moscow court has sentenced two Russian hackers to three years in prison each for breaking into the e-mail accounts of top Russian officials and leaking them.

Konstantin Teplyakov and Aleksandr Filinov were members of the Shaltai-Boltai (Humpty Dumpty in Russian) collective believed to be behind the hacking of high-profile accounts, including the Twitter account of Prime Minister Dmitry Medvedev.

The two were found guilty of illegally accessing computer data in collusion with a criminal group.

Earlier in July, Shaltai-Boltai leader Vladimir Anikeyev was handed a two-year sentence after striking a plea bargain and agreeing to cooperate with the authorities.

The 2016 arrests of the Shaltai-Boltai hackers became known only after Russian media reported that two officials of the Federal Security Service's cybercrime unit had been arrested on treason charges.

Russian media reports suggested the officials had connections to the hacker group or had tried to control it.

[Feb 18, 2018] Notorious Russian Hacker With Links To FSB Scandal Sentenced To Prison

Feb 18, 2018 | www.rferl.org

A notorious Russian hacker whose exploits and later arrest gave glimpses into the intersection of computer crime and Russian law enforcement has been sentenced to two years in prison.

The Moscow City Court issued its ruling July 6 against Vladimir Anikeyev in a decision made behind closed doors, one indication of the sensitivity of his case.

[Feb 18, 2018] Making Sense of Russia's Cyber Treason Scandal

Notable quotes:
"... The stories implicating Mikhailov gained credence when Russian businessman Pavel Vrublevsky made similar accusations. He asserted that Mikhailov leaked details of Russian hacking capabilities to U.S. intelligence agencies. ..."
Feb 18, 2018 | worldview.stratfor.com

In January, the Kremlin-linked media outlet Kommersant suggested that the heads of Russia's Information Security Center (TsIB) were under investigation and would soon leave their posts. The TsIB is a shadowy unit that manages computer security investigations for the Interior Ministry and the FSB. It is thought to be Russia's largest inspectorate when it comes to domestic and foreign cyber capabilities, including hacking. It oversees security matters related to credit theft, financial information, personal data, social networks and reportedly election data -- or as some have claimed in the Russian media, "election rigging." Beyond its investigative role, it is presumed that the TsIB is fully capable of planning and directing cyber operations. A week after the initial Kommersant report surfaced, Andrei Gerasimov, the longtime TsIB director, resigned. Not long after Gerasimov's resignation at the end of January, reports emerged from numerous Kremlin-linked media outlets in what appeared to be a coordinated flood of information and disinformation about the arrests of senior TsIB officers. One of the cyber unit's operational directors, Sergei Mikhailov, was arrested toward the end of last year along with his deputy, Dmitri Dokuchaev, and charged with treason. Also arrested around the same time was Ruslan Stoyanov, the chief investigator for Kaspersky Lab, which is the primary cybersecurity contractor for the TsIB. There is much conjecture, but Mikhailov was apparently forcibly removed from a meeting with fellow FSB officers -- escorted out with a bag over his head, so the story goes -- and arrested. This is thought to have taken place some time around Dec. 5. His deputy, a well-respected computer hacker recruited by the FSB, was reportedly last seen in November. Kaspersky Lab's Stoyanov was a career cybersecurity professional, previously working for the Indrik computer crime investigation firm and the Interior Ministry's computer crime unit. Novaya Gazeta, a Kremlin-linked media outlet, reported that two other unnamed FSB computer security officers were also detained. Theories, Accusations and Rumors

Since the initial reports surfaced, Russian media have been flooded with conflicting theories about the arrests; about Mikhailov, Dokuchaev and Stoyanov; and about the accusations levied against them. Because the charges are treason, the case is considered "classified" by the state, meaning no official explanation or evidence will be released. An ultranationalist news network called Tsargrad TV reported that Mikhailov had tipped U.S. intelligence to the King Servers firm, which the FBI has accused of being the nexus of FSB hacking and intelligence operations in the United States. (It should be noted that Tsargrad TV tends toward sensationalism and has been used as a conduit for propaganda in the past.) The media outlet also claimed that the Russian officer's cooperation is what enabled the United States to publicly accuse Moscow of sponsoring election-related hacking with "high confidence."

The stories implicating Mikhailov gained credence when Russian businessman Pavel Vrublevsky made similar accusations. He asserted that Mikhailov leaked details of Russian hacking capabilities to U.S. intelligence agencies. Vrublevsky, however, had previously been the target of hacking accusations leveled by Mikhailov and his team, so it is possible that he has a personal ax to grind. To further complicate matters, a business partner of Vrublevsky, Vladimir Fomenko, runs King Servers, which the United States shut down in the wake of the hacking scandal.

[Feb 18, 2018] The FBI just indicted a Russian official for hacking. But why did Russia charge him with treason?

This article is almost a year old but contains interesting information about possible involvement of Shaltai Boltai in framing Russia in interference in the USA elections.
Notable quotes:
"... Also called Anonymous International, Shaltai-Boltai was responsible for leaking early copies of Putin's New Year speech and for selling off "lots" of emails stolen from Russian officials such as Prime Minister Dmitry Medvedev ..."
"... Later media reports said that the group's leader, Vladimir Anikeyev, had recently been arrested by the FSB and had informed on Mikhailov, Dokuchaev and Stoyanov. ..."
Mar 17, 2017 | www.washingtonpost.com

The FBI just indicted a Russian official for hacking. But why did Russia charge him with treason? - The Washington Post But what is less clear is why one of the men has been arrested and charged with treason in Russia. Dmitry Dokuchaev, an agent for the cyberinvestigative arm of the FSB, was arrested in Moscow in December. He's accused by the FBI of "handling" the hackers, paying "bounties" for breaking into email accounts held by Russian officials, opposition politicians and journalists, as well as foreign officials and business executives. The Russian targets included an Interior Ministry officer and physical trainer in a regional Ministry of Sports. (The full text of the indictment, which has a full list of the targets and some curious typos, is here .)

Reading this hackers indictment. I'm pretty sure there is no such position as the "deputy chairman of the Russian Federation" pic.twitter.com/DOWXYNoWjZ

-- Shaun Walker (@shaunwalker7) March 15, 2017

Dokuchaev's case is part of a larger and mysterious spate of arrests of Russian cyber officials and experts. His superior, Sergei Mikhailov, deputy chief of the FSB's Center for Information Security, was also arrested in December and charged with treason. According to Russian reports, the arrest came during a plenum of FSB officers, where Mikhailov had a bag placed over his head and was taken in handcuffs from the room. Ruslan Stoyanov, a manager at the Russian cybersecurity company Kaspersky Lab, was also arrested that month. Stoyanov helped coordinate investigations between the company and law enforcement, a person who used to work at the company said.

Below are some of the theories behind the Russian arrests. Lawyers for some of the accused have told The Washington Post that they can't reveal details of the case and, because of the secrecy afforded to treason cases, they don't have access to all the documents.

None of the theories below has been confirmed, nor are they mutually exclusive.

1. Links to U.S. election hacking : With attention focused on the hacking attacks against the U.S. Democratic National Committee allegedly ordered by Russian President Vladimir Putin, some Russian and U.S. media suggested that Dokuchaev and Mikhailov leaked information implicating Russia in the hack to the United States. The Russian Interfax news agency, which regularly cites government officials as sources, reported that "Sergei Mikhailov and his deputy, Dmitry Dokuchaev, are accused of betraying their oath and working with the CIA." Novaya Gazeta, a liberal, respected Russian publication, citing sources, wrote that Mikhailov had tipped off U.S. intelligence about King Servers, the hosting service used to support hacking attacks on targeted voter registration systems in Illinois and Arizona in June. That had followed reports in the New York Times, citing one current and one former government official, that "human sources in Russia did play a crucial role in proving who was responsible for the hacking."

Nakashima wrote yesterday that "the [FBI] charges are unrelated to the hacking of the Democratic National Committee and the FBI's investigation of Russian interference in the 2016 presidential campaign. But the move reflects the U.S. government's increasing desire to hold foreign governments accountable for malicious acts in cyberspace."

2. A shadowy hacking collective called Shaltai-Boltai (Humpty-Dumpty) : Also called Anonymous International, Shaltai-Boltai was responsible for leaking early copies of Putin's New Year speech and for selling off "lots" of emails stolen from Russian officials such as Prime Minister Dmitry Medvedev. In a theory first reported by the pro-Kremlin, conservative Orthodox media company Tsargrad, Mikhailov had taken control of Shaltai-Boltai, "curating and supervising" the group in selecting hacking targets. Later media reports said that the group's leader, Vladimir Anikeyev, had recently been arrested by the FSB and had informed on Mikhailov, Dokuchaev and Stoyanov. A member of the group who fled to Estonia told the Russian media agency Fontanka that they had recently acquired an FSB "coordinator," although he could not say whether it was Mikhailov. None of the hacks mentioned in the FBI indictment could immediately be confirmed as those carried out by Shaltai-Boltai.

Lawyers contacted by The Post said that in documents they had seen, there was no link to Shaltai-Boltai in the case.

3. A grudge with a cybercriminal : A Russian businessman who had specialized in spam and malware had claimed for years that Mikhailov was trading information on cybercriminals with the West. Mikhailov had reportedly testified in the case of Pavel Vrublevsky, the former head of the payment services company Chronopay, who was imprisoned in 2013 for ordering a denial of service attack on the website of Aeroflot, the Russian national airline. Vrublevsky claimed then that Mikhailov began exchanging information about Russian cybercriminals with Western intelligence agencies, including documents about Chronopay. Brian Krebs, an American journalist who investigates cybercrime and received access to Vrublevsky's emails, wrote in January : "Based on how long Vrublevsky has been trying to sell this narrative , it seems he may have finally found a buyer ."

4. Infighting at the FSB: The Russian government is not monolithic, and infighting between and within the powerful law enforcement agencies is common. The Russian business publication RBC had written that Mikhailov and Dokuchaev's Center for Information Security had been in conflict with another department with similar responsibilities, the FSB's Center for Information Protection and Special Communications. The conflict may have led to the initiation of a criminal case, the paper's sources said.

[Feb 18, 2018] Yahoo hack and Russia's cyber hacking

Feb 18, 2018 | www.businessinsider.com

As Leonid Bershidsky, founding editor of the Russian business daily publication Vedomosti, wrote in January, the dramatic arrests of two high-level FSB officers -- Sergei Mikhailov , the deputy head of the FSB's Information Security Center, and Major Dmitry Dokuchaev , a highly skilled hacker who had been recruited by the FSB -- on treason charges in December offers a glimpse into "how security agencies generally operate in Putin's Russia."

At the time of their arrest, Dokuchaev (who was one of the Russian officials indicted for the Yahoo breach) and Mikhailov had been trying to cultivate a Russian hacking group known as "Shaltai Boltai" -- or "Humpty Dumpty" -- that had been publishing stolen emails from Russian officials' inboxes, according to Russian media reports.

"The FSB team reportedly uncovered the identities of the group's members -- but, instead of arresting and indicting them, Mikhailov's team tried to run the group, apparently for profit or political gain," Bershidsky wrote. Shaltai Boltai complied, Bershidsky wrote, because it wanted to stay afloat, and didn't mind taking orders from "government structures."

"We get orders from government structures and from private individuals," Shaltai Boltai's alleged leader said in a 2015 interview. "But we say we are an independent team. It's just that often it's impossible to tell who the client is. Sometimes we get information for intermediaries, without knowing who the end client is."

It appears that Dokuchaev and Mikhailov got caught running this side project with Shaltai Boltai -- which was still targeting high-level Russian officials -- when the FSB began surveilling Mikhailov. Officials targeted Mikhailov after receiving a tip that he might have been leaking information about Russian cyber activities to the FBI, according to the Novaya Gazeta.

Short of working against Russian interests, hackers "can pursue whatever projects they want, as long as their targets are outside of Russia and they follow orders from the top when needed," said Bremmer, of Eurasia Group. The same goes for FSB officers, who are tactically allowed to "run private security operations involving blackmail and protection," according to Bershidsky.

US intelligence agencies have concluded that the hack on the Democratic National Committee during the 2016 election was likely one such "order from the top" -- a directive issued by Russian President Vladimir Putin and carried out by hackers hired by the GRU and the FSB.

It is still unclear if the Yahoo breach was directed by FSB officials at the instruction of the Kremlin, like the DNC hack, or if it was one of those "private security operations" Bershidsky alluded to that some Russian intelligence officers do on the side.

Bremmer said that it's possible the Yahoo breach was not done for state ends, especially given the involvement of Dokuchaev, who was already caught up in Shaltai Baltai's operations to steal and sell information for personal financial gain.

[Feb 17, 2018] A Brief History of the Kremlin Trolls by Scott Humor

Notable quotes:
"... Perhaps more significantly, it has more recently been claimed that members of Shaltay-Boltay have admitted to forging some parts of the correspondence that they hacked. The putative aim was to boost the profile of their group. ..."
"... Reading between the lines of this, I find more support for Scott's angle on this story. Shaltay-Boltay were indeed not hackers in a conventional sense. They were traders in an illicit information economy, and apparently weren't above fabricating that information if it would raise their profile. For the extent and nature of that fabrication, i look forward to Scott's next report! ..."
"... Out of nowhere, my gentleman acquaintance brought up the topic of the day: Russia hacking the elections. The more things change, the more they are not the same anymore. ..."
Feb 17, 2018 | thesaker.is

Scott on October 17, 2017 · at 3:03 pm UTC

to Mujo

That's what my research is about, despite Ivan Pavlov's defense denying the connection between the Shaltay-Boltay group and former FSB officers convicted for treason. https://en.crimerussia.com/gromkie-dela/defendant-in-high-treason-case-personally-detained-shaltay-boltay-s-leader-/

But that's what a good defense is for, to deny.

Treason is very serious charge that includes working for foreign governments intelligence services. I believe I have enough to prove my point, using, of course, only information openly available on the internet. However, if these people worked for SBU or Mossad, I will write about this, also.

See also, Arrested Russian FSB Agents Allegedly Passed Information to CIA

http://foreignpolicy.com/2017/01/31/arrested-russian-fsb-agents-allegedly-passed-information-to-cia-trump-putin/ https://www.cbsnews.com/news/russia-treason-fsb-spies-kaspersky-labs-us-intelligence-denies-cia-hacking/ https://www.theguardian.com/world/2017/jan/31/russian-cybersecurity-experts-face-treason-charges-cia https://www.usatoday.com/story/news/2017/01/26/report-arrested-russian-intel-officer-allegedly-spied-us/97094696/ https://www.rbth.com/politics_and_society/2017/02/02/fsb-officers-charged-with-treason-media-claim-cia-ties_693641

You wrote "(2) Why did they defect from the FSB to join the CIA? Do we have any insight on this?"

Maybe they defected, or maybe they started working there after being recruited by the foreign intelligence services. We will find out. ­

Mujo on October 18, 2017 , · at 5:58 am UTC

Scott,

Thanks for these follow-up links -- very helpful.

I also found this interview with Alexander Glazastikov (Humpty), which you have probably read:

The only member of Shaltay-Boltay left on the loose reveals details on their work

As described by various media sources, the basic story about Shaltay-Boltay is that they formed in mid-2013 to hack e-mail, social media, and data of officials and businessmen in Russia, and then sold this data for large amounts of money through the digital underground. In particular, this happened through a portal called "Exchange of Information", a kind of anonymous auction site for stolen data. Glazastikov says Shaltay-Boltay "was supposed to be a spokesman for the Anonymous International", and was created by himself, Vladimir Anikeev, and Konstantin Teplyakov.

Although most all of the Western media sources insinuate some connection between Shaltay-Boltay, the FSB officers who were arrested, and the putative "hacking" of the 2016 U.S. election, Glazastikov denies any interest in targets outside Russia.

There is also disagreement around the connection between Shaltay-Boltay and the FSB. Glazastikov says that the FSB contacted him, saying they were aware of Shaltay-Boltay's activity, and wanted to assert "control" and veto power in exchange for not arresting them. Russia Beyond claims that it was Sergei Mikhailov (FSB) who took control of Shaltay-Boltay and "received kickbacks from its founder, Vladimir Anikeyev". However, Glazastikov's testimony contradicts that of Anikeev, his lawyer (Ruslan Koblev), and Ivan Pavlov, lawyer for one of the FSB defendants, all of whom deny any working relationship between Shaltay-Boltay and the FSB.

Interestingly, Glazastikov notes that neither Anikeev nor Teplyakov had technical expertise. Moreover, Glazastikov makes it sound like even he was not primarily involved in hacking, and the "Exchange of Information" admins claim no connection with Shaltay-Boltay. For the heavy lifting, Shaltay-Boltay would use "specialized hacking sites" where they outsourced pay-to-order hacks with IT mercenaries. A target e-mail address could be hacked for a few thousand rubles. And even this, Glazastikov states, wasn't really the original idea for Shaltay-Boltay. Instead, he imagined they would be doing "advertising or administration fee".

Perhaps more significantly, it has more recently been claimed that members of Shaltay-Boltay have admitted to forging some parts of the correspondence that they hacked. The putative aim was to boost the profile of their group.

Reading between the lines of this, I find more support for Scott's angle on this story. Shaltay-Boltay were indeed not hackers in a conventional sense. They were traders in an illicit information economy, and apparently weren't above fabricating that information if it would raise their profile. For the extent and nature of that fabrication, i look forward to Scott's next report!

Internal Exile USA on October 17, 2017 , · at 4:29 pm UTC
This is incredible research, you put most YTube new journalists to shame. I hope this material makes its way into your next book. "Enemy of the State" is an instant classic full of insights on how to live life that are a soothing balm to children of the Sick West with senses of humor somewhat intact.

On the east coast of the U.S., the mundane worlds of the Masters of (their imagined) Universe can be seen fairly easily, especially if you wander into places and act like you belong there.

Regarding the kinds of people that instigate the madness you describe above: I recently had the opportunity to visit a very interesting social club that was opened to the public for one day only. Three Ivy league schools I'm sure you've heard of. On the walls upstairs were listed all the latest presidents in different colors, like red for an "H" school: Obama, Clinton, Bush II, Bush I . Kennedy John Quincy Adams, etc. I can't remember Nixon or Carter being there, but I talked to someone who's name is on another wall, and it struck me that members of this club did not hate Trump because of his manners, parents, background, politics, or alleged business acumen. Instead, they hated the fact that his name couldn't be written on their wall. It's really only acceptable to be President if you've been BMOC at Harvard.

Out of nowhere, my gentleman acquaintance brought up the topic of the day: Russia hacking the elections. The more things change, the more they are not the same anymore.

There were pictures of famous football teams from years gone by, the place had a charm but it was shabby, and the ceiling looked like sprayed styrafoam, an aesthetic disgrace that these imaginary jocks failed to appreciate. The drinks, by the way, were terrible. They must make their highballs with Minute Maid. The creativity and intelligence, not to mention taste of the West are surely at a low ebb.

[Feb 17, 2018] Empire actually don t know what Russia don t know or do know. It has to be noted that the Kremlin is very silent on this subject. May be becuase speaking of paranoiacs with mania of world domination is not such a good idea

Russia became a standard punch ball in the US political games. As in "Russia dog eat my homework."
Notable quotes:
"... This article is very important and outlines the destructive effort being done to Russia by the USA. It should be noted and clearly displayed by the psychopathic nature of USA meddling in Russian affairs. ..."
"... "With the current uproar about Russia interfering in the USA elections. It has to be noted that the Kremlin is very silent on this subject." ..."
"... It is extremely difficult and time consuming for an ordinary person to find the truth in the millions of pages on the Internet, the ordinary mushroom knowing that the MSM only serves you sh't and keeps you in the dark. ..."
"... Yea, just a common internet malpractice called spoofing, that any IT professional, especially one working in IT security, knows about. I suspected all along that most or all of this "Russian Hacking" and "Russians did it" was exactly that. ..."
Feb 17, 2018 | thesaker.is

Nick on October 16, 2017 , · at 1:06 am UTC

With the current uproar about Russia interfering in the USA elections. It has to be noted that the Kremlin is very silent on this subject. It is more important now than ever to bring forth information from Russia in exposing how serious the problem is from the USA interfering in not only Russian affairs but how the intelligence community continues unabated in interfering in most countries.

This article is very important and outlines the destructive effort being done to Russia by the USA. It should be noted and clearly displayed by the psychopathic nature of USA meddling in Russian affairs.

One has to wonder why people cannot see how the current government of the USA is totally out of control around the world.

Everything has its cycle of life and the USA is no exception to this theory. When humanity is controlled in such a fashion, by that I mean that the USA is supported by the four pillars consisting of GREED, CORRUPTION, POWER and CONTROL. They are sitting on the top of these structures and are desperately trying to maintain their grip over the world.

smr on October 16, 2017 , · at 3:01 am UTC
"With the current uproar about Russia interfering in the USA elections. It has to be noted that the Kremlin is very silent on this subject."

thank goodness! Trying to reason with drunken punks is hopeless and makes you look like a fool yourself.

Anonymous on October 16, 2017 , · at 11:02 am UTC
Perhaps the purpose is to "open Russia" to debunk those silly "Kremlin hacking" claims and give Empire more important information inside Russia. E.g how to go deep through military security defense line.

Empire actually don't know what Russia don't know or do know. Is this chess where you have to sacrifice pawn or two or even knight to secure queen and king? Or why to shoot fly with cannon?

Den Lille Abe on October 16, 2017 , · at 7:47 pm UTC
"One has to wonder why people cannot see how the current government of the USA is totally out of control around the world." end quote.

It is extremely difficult and time consuming for an ordinary person to find the truth in the millions of pages on the Internet, the ordinary mushroom knowing that the MSM only serves you sh't and keeps you in the dark. The most reliable method (not 100 % though) is the "Follow the money" method, who has to gain by this or that development, but even that can lead to false conclusions. Always count on that everyone has a hidden agenda, but watch out you are not gripped by paranoia.

MarkinPNW on October 16, 2017 , · at 2:27 am UTC
Yea, just a common internet malpractice called spoofing, that any IT professional, especially one working in IT security, knows about. I suspected all along that most or all of this "Russian Hacking" and "Russians did it" was exactly that.
Tom Welsh on October 16, 2017 , · at 4:55 am UTC
What a pathetic waste of time. American society and government are really getting very low.

And, of course, reality is actually defined as "what you cannot change by speaking about it". You can change reality, a very little bit at a time, by doing honest physical work.

[Feb 17, 2018] The only member of Shaltay-Boltay left on the loose reveals details on their work

Notable quotes:
"... Much later, in mid-2013, the idea of Shaltay-Boltay appeared. ..."
"... Anikeev had sources of information, the information itself, important and interesting one. Anikeev decided to leave the information and analytical structure for which he had been working, and start his own project. ..."
"... His role has been greatly exaggerated. He's just our mutual old friend. When we were getting significant numbers of files that had to be processed, we would ask Teplyakov to help, for a fee. We knew him and trusted him. ..."
"... Just then, I was beginning to get annoyed with the country, I decided to go to Thailand. When I started discussing this project with Anikeev, it seemed okay: you could engage in an interesting and promising business from home. What did I expect in financial terms? Definitely not the sale of arrays of information. I was rather thinking about advertising or administration fee. Lite-version. ..."
"... All the information came from Anikeev. I published the received information, perhaps, by illegal means, but I have nothing to do with how it was obtained. Yesterday, I sent a letter to the former President of Estonia Toomas Hendrik Ilves. I think by our actions, especially in 2014, when we were working on the idea, I deserved asylum in Estonia. So far no response was received. ..."
"... The Anonymous International published a lot of information from the correspondence of officials and businessmen between 2014 and 2016. Among the disclosed information was Dmitry Medvedev's hacked Twitter, and e-mail, Facebook, iPhone and iPad of owner of NewsMedia Holding Aram Gabrellyanov; e-mail and WhatsApp of TV host Dmitry Kiselev, official correspondence between the employees of "Prosecutor's Office" and the "Ministry of State Security" of the self-proclaimed Donetsk People's Republic, and a lot of other, equally interesting information. ..."
"... Before Anikeev's detention, Shaltay-Boltay also obtained the correspondence of the presidential assistant Vladislav Surkov. ..."
Feb 17, 2018 | en.crimerussia.com

St. Petersburg programmer Alexander Glazastikov, who was hiding under the mask of Shaltay-Boltay (Humpty Dumpty), hoping for a political asylum reached out to the former President of Estonia. He is the only member of Anonymous International who remains at large.

Fontanka has been chasing the last Shaltay-Boltay member for a week. One member of the mysterious hacker group, which has been leaking e-mails of businessmen and officials for three years was found in Estonia, but shied away from a direct talk.

After the news came that Anonymous International members Vladimir Anikeev, Konstantin Teplyakov, and Filinov were arrested, it was not difficult to single out their colleague Alexander Glazastikov. The 'scary hackers' themselves, as it turned out, were quite unrestrained on social networks and left striking marks on the Internet.

Five days ago, Alexander Glazastikov gave an evasive answer to the straight question sent by Fontanka via e-mail. Three days ago, he admitted to being one of the Anonymous International on condition of anonymity. Then, he agreed to an interview saying "Come to Estonia".

When, on the arranged day, a Fontanka reporter arrived to Tartu, Alexander dropped a bombshell: "I'm on my way to Tallinn: already twenty kilometers away from Tartu." He suggested: "I can wait at the gas station Valmaotsa. Drive up, let's go together." It was the offer, from which one cannot refuse. A taxi was found quickly.

When the meeting took place, the Shaltay-Boltay member, who was easily recognizable due to the photos from the web, surprised the journalist once again: he silently passed him the ignition keys from the SUV. After a question, he explained: "You will have to drive, I was drinking beer while waiting." There wasn't much of a choice, and the correspondent of Fontanka drove the hackers group member to Tallinn to meet with the crew of Dozhd TV-channel and Ksenia Sobchak. 180 kilometers and two hours of time was enough to have a decent conversation.

- Alexander, you are probably the only member of the Anonymous International who managed to remain at large. You're in Estonia, the Russian justice is far away, can I call you by your name and surname?

- Perhaps, you can. Anyway, tomorrow or the day after, I will officially reach out to the authorities for a political asylum. The FSB already knows my name.

- They know the surname. And who are you in the Anonymous International: Shaltay or Boltay?

- Shaltay, Boltay ... what a mess. Initially, when starting this project, Shaltay-Boltay was supposed to be a spokesman for the Anonymous International. Mainly, I was doing this job. Then, Anikeev started introducing himself to the reporters as Lewis and got everyone confused.

- How many people initiated the Anonymous International?

- Me, Anikeev. Teplyakov helped with some things, but purely technical aspects.

- Who is Filinov, whose arrest was reported in connection with Shaltay-Boltay?

- I don't know the man. He was not involved in the creation of the Anonymous International. I think this is Anikeev's acquaintance, who accidentally got under the press. I've heard his name for the first time, when the media wrote about his arrest.

- Have you known Anikeev and Teplyakov for a long time?

- For a long time... There was a resource called Damochka.ru. When basically no social networks existed, and VKontakte only began to emerge, everyone was on this website, it was one of the most fun projects. In the real world, meetings of the website users were held, some users just organized those parties – Dima Gryzlov, Nikolai Bondarik, and Anikeev. That's how we met. Much later, in mid-2013, the idea of Shaltay-Boltay appeared.

- How? Did you just decide that you would steal e-mails of bad people?

- Anikeev had sources of information, the information itself, important and interesting one. Anikeev decided to leave the information and analytical structure for which he had been working, and start his own project.

- Could this project be called a business?

- It depends It was assumed that the project will bring substantial financial result, but initially it was made partly out of ideological considerations.

- But Anikeev is not a hacker at all, judging by the stories of his former colleagues.

- True. If he needed to install any software on the computer, he would usually ask me to do it.

- But Teplyakov is a programmer.

- His role has been greatly exaggerated. He's just our mutual old friend. When we were getting significant numbers of files that had to be processed, we would ask Teplyakov to help, for a fee. We knew him and trusted him.

- And why did you join this project?

- Just then, I was beginning to get annoyed with the country, I decided to go to Thailand. When I started discussing this project with Anikeev, it seemed okay: you could engage in an interesting and promising business from home. What did I expect in financial terms? Definitely not the sale of arrays of information. I was rather thinking about advertising or administration fee. Lite-version.

- With a reference to the investigation, there was information that Shaltay-Boltay has a whole network of agents with special equipment, who, at places popular among local officials, steal information by creating fake Wi-Fi connections. Do you have a network?

- Complete nonsense. There were discussions about getting to know technical possibilities like this. As far as I know, and I know a lot, in fact, we didn't have it.

- Where did you get the information from, then?

- From specialized hacking sites, one can order hacking someone else's e-mail box for a few thousand rubles.

- It worked successfully. If you remember 2014 was the most fruitful year. Serious stories, serious figures, and no commerce. Strelkov, Prigozhin...

- Out of the three years that the project existed, 2014 was the most significant. I am proud of that year.

- But, from 2015, the Anonymous International has become almost a purely commercial project. How much money did you manage to earn?

- Only one or two million dollars.

- So, you are now a rich man?

- No. Most of the money was spent on operating expenses, so to speak. There were about fifty boxes in the work. Plus, there were variants in which a transaction was made not via bitcoins, but with the help of Anikeev's friends; these intermediaries could ask for two thirds of the whole amount.

- Was there anyone above you and Anikeev? For several years, people have been wondering who Shaltay-Boltay works for?

- Funny. Everyone is looking for conspiracy, but, in fact, it was a 'quick and dirty' project made by me and Anikeev. However, at some point, in the summer or in the spring of 2016, Anikeev said that some person from the FSB found us, he knew our names. Allegedly, military counterintelligence was looking for us, but the FSB found our meadow attractive and decided to take control of our petty pranks. They, supposedly, were uninterested in the commercial part of the project: the scale was much bigger, but they wanted to supervise the project and to have the veto right. Mikhailov's name was not voiced, in fact, no one's was. Nothing, actually, happened: no one used the veto right and no one leaked any information. If these mysterious people existed at all. And who turned whom in: they – Anikeev or Anikeev – them, or even third force got them all, I do not know.

- How quickly did you find out about Anikeev's arrest?

- The next morning. He sent me a selfie from Pulkovo Airport, wrote that he checked in and flies to Minsk. The next morning, it was reported that he was arrested and transported to Moscow. Given the subsequent events, it could be the game of the FSB. Then, he contacted me, convinced that he solved all the issues and now works under the control of the FSB, called in me to Russia, but I didn't believe him for some reason.

- Did Teplyakov believe?

- Teplyakov, in the summer of 2016, moved from Thailand to Kiev. He had no permanent earnings, he depended on Anikeev. When the game was on, and it was claimed that the project would continue, but he needs to come to Russia and work there under supervision, for safety reasons, as well, Teplyakov didn't have much of a choice. He went to Russia.

- Is there somewhere a chest with Shaltay-Boltay's information?

- Good question. I need to think how to respond. Well no, not really. What was sold and purchased by the clients was deleted. What was sold was fairly deleted and this information doesn't exist anymore. Perhaps, some of our customers are now concerned about this question, but what was declared, was implemented. Some operative material that we had been working on, I also deleted. Maybe a couple of screenshots were left in the trash bin, but nothing more.

- Alexander, you're going to submit a request for a political asylum. Aren't you afraid that Estonians will simply put you in a cell? In this country, they are very sensitive to computer security, and the specificity of computer crimes lies in the fact that, for committing them, one can be prosecuted in almost any country?

- My position is that I was not personally involved in the cracking of passwords and sending malicious links. To me all that information was already delivered in an open form. Yes, it was, probably, stolen...

- So were you ordering its thefts or not?

- No.

- Who did, then?

- All the information came from Anikeev. I published the received information, perhaps, by illegal means, but I have nothing to do with how it was obtained. Yesterday, I sent a letter to the former President of Estonia Toomas Hendrik Ilves. I think by our actions, especially in 2014, when we were working on the idea, I deserved asylum in Estonia. So far no response was received.

We drove to Tallinn. More and more texts came to Alexander's telephone from Dozhd TV journalists, who were preparing to shoot with Ksenia Sobchak. After leaving the car in the parking lot, we said goodbye. Alexander Glazastikov promised to inform when he receives a reply from the Estonian government.

It is to be recalled that Glazastikov's colleagues from the Anonymous International are awaiting trial in a predetention center. The law enforcement agencies arrested Vladimir Anikeev and his two probable accomplices: Konstantin Teplyakov and Alexander Filinov. The latter two were arrested as early as November 2016, and, on February 1, the judge of the Lefortovo District Court of Moscow extended their detention until April. The alleged leader of the Anonymous International, who was acting under the nickname Lewis, was arrested on January 28 after a short time spent in the company of police officers; he confessed.

All three are charged with the crimes stipulated under part 3 of Art. 272 of the Russian Criminal Code (Illegal access to legally-protected computer information, which caused a major damage or has been committed because of vested interest or committed by a group of persons by previous concert through his/her official position).

Initially, the media associated their criminal case with the investigation on the FSB staff and the manager of the Kaspersky Lab, who were accused of treason, but later, the lawyer of one of the defendants denied this information.

The Anonymous International published a lot of information from the correspondence of officials and businessmen between 2014 and 2016. Among the disclosed information was Dmitry Medvedev's hacked Twitter, and e-mail, Facebook, iPhone and iPad of owner of NewsMedia Holding Aram Gabrellyanov; e-mail and WhatsApp of TV host Dmitry Kiselev, official correspondence between the employees of "Prosecutor's Office" and the "Ministry of State Security" of the self-proclaimed Donetsk People's Republic, and a lot of other, equally interesting information.

Before Anikeev's detention, Shaltay-Boltay also obtained the correspondence of the presidential assistant Vladislav Surkov.

[Feb 17, 2018] A Brief History of the Kremlin Trolls The Vineyard of the Saker

Notable quotes:
"... Out of nowhere, my gentleman acquaintance brought up the topic of the day: Russia hacking the elections. The more things change, the more they are not the same anymore. ..."
Feb 17, 2018 | thesaker.is

Scott on October 17, 2017 · at 3:03 pm UTC

to Mujo

That's what my research is about, despite Ivan Pavlov's defense denying the connection between the Shaltay-Boltay group and former FSB officers convicted for treason. https://en.crimerussia.com/gromkie-dela/defendant-in-high-treason-case-personally-detained-shaltay-boltay-s-leader-/

But that's what a good defense is for, to deny.

Treason is very serious charge that includes working for foreign governments intelligence services. I believe I have enough to prove my point, using, of course, only information openly available on the internet. However, if these people worked for SBU or Mossad, I will write about this, also.

See also, Arrested Russian FSB Agents Allegedly Passed Information to CIA

http://foreignpolicy.com/2017/01/31/arrested-russian-fsb-agents-allegedly-passed-information-to-cia-trump-putin/ https://www.cbsnews.com/news/russia-treason-fsb-spies-kaspersky-labs-us-intelligence-denies-cia-hacking/ https://www.theguardian.com/world/2017/jan/31/russian-cybersecurity-experts-face-treason-charges-cia https://www.usatoday.com/story/news/2017/01/26/report-arrested-russian-intel-officer-allegedly-spied-us/97094696/ https://www.rbth.com/politics_and_society/2017/02/02/fsb-officers-charged-with-treason-media-claim-cia-ties_693641

You wrote "(2) Why did they defect from the FSB to join the CIA? Do we have any insight on this?"

Maybe they defected, or maybe they started working there after being recruited by the foreign intelligence services. We will find out. ­

Mujo on October 18, 2017 , · at 5:58 am UTC

Scott,

Thanks for these follow-up links -- very helpful.

I also found this interview with Alexander Glazastikov (Humpty), which you have probably read:

The only member of Shaltay-Boltay left on the loose reveals details on their work

As described by various media sources, the basic story about Shaltay-Boltay is that they formed in mid-2013 to hack e-mail, social media, and data of officials and businessmen in Russia, and then sold this data for large amounts of money through the digital underground. In particular, this happened through a portal called "Exchange of Information", a kind of anonymous auction site for stolen data. Glazastikov says Shaltay-Boltay "was supposed to be a spokesman for the Anonymous International", and was created by himself, Vladimir Anikeev, and Konstantin Teplyakov.

Although most all of the Western media sources insinuate some connection between Shaltay-Boltay, the FSB officers who were arrested, and the putative "hacking" of the 2016 U.S. election, Glazastikov denies any interest in targets outside Russia.

There is also disagreement around the connection between Shaltay-Boltay and the FSB. Glazastikov says that the FSB contacted him, saying they were aware of Shaltay-Boltay's activity, and wanted to assert "control" and veto power in exchange for not arresting them. Russia Beyond claims that it was Sergei Mikhailov (FSB) who took control of Shaltay-Boltay and "received kickbacks from its founder, Vladimir Anikeyev". However, Glazastikov's testimony contradicts that of Anikeev, his lawyer (Ruslan Koblev), and Ivan Pavlov, lawyer for one of the FSB defendants, all of whom deny any working relationship between Shaltay-Boltay and the FSB.

Interestingly, Glazastikov notes that neither Anikeev nor Teplyakov had technical expertise. Moreover, Glazastikov makes it sound like even he was not primarily involved in hacking, and the "Exchange of Information" admins claim no connection with Shaltay-Boltay. For the heavy lifting, Shaltay-Boltay would use "specialized hacking sites" where they outsourced pay-to-order hacks with IT mercenaries. A target e-mail address could be hacked for a few thousand rubles. And even this, Glazastikov states, wasn't really the original idea for Shaltay-Boltay. Instead, he imagined they would be doing "advertising or administration fee".

Perhaps more significantly, it has more recently been claimed that members of Shaltay-Boltay have admitted to forging some parts of the correspondence that they hacked. The putative aim was to boost the profile of their group.

Reading between the lines of this, I find more support for Scott's angle on this story. Shaltay-Boltay were indeed not hackers in a conventional sense. They were traders in an illicit information economy, and apparently weren't above fabricating that information if it would raise their profile. For the extent and nature of that fabrication, i look forward to Scott's next report!

Internal Exile USA on October 17, 2017 , · at 4:29 pm UTC
This is incredible research, you put most YTube new journalists to shame. I hope this material makes its way into your next book. "Enemy of the State" is an instant classic full of insights on how to live life that are a soothing balm to children of the Sick West with senses of humor somewhat intact.

On the east coast of the U.S., the mundane worlds of the Masters of (their imagined) Universe can be seen fairly easily, especially if you wander into places and act like you belong there.

Regarding the kinds of people that instigate the madness you describe above: I recently had the opportunity to visit a very interesting social club that was opened to the public for one day only. Three Ivy league schools I'm sure you've heard of. On the walls upstairs were listed all the latest presidents in different colors, like red for an "H" school: Obama, Clinton, Bush II, Bush I . Kennedy John Quincy Adams, etc. I can't remember Nixon or Carter being there, but I talked to someone who's name is on another wall, and it struck me that members of this club did not hate Trump because of his manners, parents, background, politics, or alleged business acumen. Instead, they hated the fact that his name couldn't be written on their wall. It's really only acceptable to be President if you've been BMOC at Harvard.

Out of nowhere, my gentleman acquaintance brought up the topic of the day: Russia hacking the elections. The more things change, the more they are not the same anymore.

There were pictures of famous football teams from years gone by, the place had a charm but it was shabby, and the ceiling looked like sprayed styrafoam, an aesthetic disgrace that these imaginary jocks failed to appreciate. The drinks, by the way, were terrible. They must make their highballs with Minute Maid. The creativity and intelligence, not to mention taste of the West are surely at a low ebb.

[Feb 16, 2018] A Brief History of the "Kremlin Trolls" by Scott Humor

Notable quotes:
"... Everything what we know now about the so-called "Kremlin trolls from the Internet Research Agency paid by Putin's favorite chef," came from one source, a group of CIA spies that used the mascot of Shaltay-Boltay, or Humpty-Dumpty, for their collective online persona. ..."
"... Bazzfeed also said back in 2014, that " The leak from the Internet Research Agency is the first time specific comments under news articles can be directly traced to a Russian campaign." Now, this is a very important grave mark. ..."
"... Just think about this working scheme: Shaltay-Boltay with a group of anti-government "activists" created the "Internet Research Agency," they and some "activists" created 470 FaceBook accounts used to post comments that looked unmistakably "trollish." ..."
"... After that other, CIA affiliated entities, like the entire Western Media, claimed the "Russian interference in the US election." Finally, the ODNI published a report lacking any evidence in it. ..."
"... https://www.dni.gov/files/documents/ICA_2017_01.pdf ..."
"... People from the Shaltay-Boltay group weren't hackers in the proper terms because they worked with and for the CIA. Middle-of the-road and run-of-the-mill intelligence agencies would collect and analyze information for their governments. The CIA invents information, then goes on to manufacture and forge documents in support of their invented information; they then recruit people inside other countries and other governments to claim that they "obtained" this explosive evidence. Being the dirty cops that they are, the CIA doesn't obtain and secure evidence, but instead they plant fake evidence on their victims. ..."
"... Knowing full well that the hackers who "leaked" the information about this "Agency" were arrested and successfully charged for treason because they worked for the CIA should prevent the CIA to run fake news about the entities and people they themselves made up. You would think that the matter of the "Kremlin trolls from Saint Petersburg" should be dead and buried after the arrest. The CIA and other 16 intelligence agencies should know better than to use information that is being known now as "discovered' with their "help." ..."
"... We also know everything that the CIA touches is fake. Speaking in layman's term, it's as if all those middle aged bald guys would start licking their balls while claiming to be in fulfilling relations. If it's just you, guys, there is no relations. It's just you. Deal with it! ..."
"... The United Business Registry database in Russia works according to the Federal laws, so after twelve months of inactivity a business is simply liquidated. The Internet Research Agency was liquidated in December 2016 by the government system after it been inactive for twelve month. It's inactivity implied that the company had no employees, no office, and no bank transactions for at least twelve months! ..."
"... The US is now perceived as an imperial power which has lost all sense of reality, thinking it can do anything it wants and having the rest of the world agree with it. That is simply not the case. All the anti-Russian rhetoric has done is to make Russia more popular and more mature in the eyes of the world, which now sees Vladimir Putin as a factor of stability. ..."
Oct 15, 2017 | thesaker.is

Saint Petersburg, Savushkina, 55 is the most famous office building in the world, thanks to the relentless promotion of the United States government, the CIA, FBI, and by the powers of the entire Western media, financed by Western governments. VOA, NPR, and Svoboda, by the government of the US; the BBC by the government of the UK; CNN by the governments of Saudi Arabia; the DW, by the government of Germany; and so on and so forth. You name it, they all punched time to promote this office building.

To be specific, it's not even a building, but several adjoined buildings that cover an entire city block, an urban development plan common for Saint Pete's. That's why every business here has the address of Savushkina, 55 followed by a building number. You can take a virtual tour around it, to see for yourself. The buildings are shared by several dozens of private businesses, by the local Police department, and by the newsrooms of half a dozen Russia Media sources like the FAN (Federal News Agency), the Neva News (Nevskie Novosti), Political Russia, Kharkov News Agency, publishing Ukrainian news, and others. They all are privately owned and operated and generate over 55 million unique visitors per month. Overall, several thousand people come to this building to work every morning. But you wouldn't know this by account of Western media. For over two years now, these people are being harassed and collectively branded as "THE KREMLIN TROLLS."

The building is very popular because it's located in a quiet historical neighborhood and is in walking distance from a suburban train station. It's newly renovated offices offer open floor plans with Scandinavian fleur so very appreciated by the news people. In addition, the rent for this building is less than in center city. Which is why Evgeny Zubarev, a former top editor for the RIA NEWS, choose it for his media startup. He took several offices allowing him to manage his growing media giant without wasting time to commute. Now, the FAN newsroom alone employs about 300 journalists.

This wasn't always the case.

At the beginning of 2014, the building was still under construction and renovation, when an anti-Russian government group of hackers called first "The Anonymous International" and latter "Shaltay-B0ltay" fingered it as the "Kremlin trolls' layer."

Their wordpress blog is still here. It was last updated on November 2016. Its title states: "Anonymous International. Shaltay Boltay/Press Secretary of the group. Creating reality and giving meaning to words."

November 7, 2014, Khodorkovsky, who acted as an integral part of the CIA "Kremlin trolls" Project, tweeted the picture of one of the entrances to one of the buildings saying: "Savuchkina 55. New home for bots. ID check system. Not a sign there. I won't say who took the photo."

... ... ...

The phone number on the picture 324-56-06 belongs to the commercial real estate company Praktis Consulting & Brokerage that managed the rent of offices.

Midsummer 2014, Evgeny Zubarev with his start up and several hundred journalists moved in, along with the Police department, and a slew of other businesses people. Little did they know what was to come.

The best way to get information is to make it up.

Everything what we know now about the so-called "Kremlin trolls from the Internet Research Agency paid by Putin's favorite chef," came from one source, a group of CIA spies that used the mascot of Shaltay-Boltay, or Humpty-Dumpty, for their collective online persona.

They were arrested in November 2016 and revealed as the FSB and former FSB officers . One of them even managed a security department for the Kaspersky Lab. They all were people highly skilled and educated in manipulating and creating large online databases, in any online research imagined, and the knowledge of hacking and altering databases, including those that were run by the Russian government. They weren't poor people. They weren't there for the money. They were ideologically driven. Their hatred towards Russia and its people was the motive for their actions.

At some point, Gazeta.ru, an online Russophobic publication, suggested that " Shaltai-Boltai was just a distraction meant to confuse everybody." They themselves were more concise by stating that they were working to change the reality.

Russian authorities, the courts, and the lawyers, refused to call these men hackers. There was a reason for this. They weren't so much hackers in a classic sense, as in when someone gains access to real information and copies it. This group wasn't necessarily hacking existing information, but planting information. They were creating files about fake nonexistent companies and employees, files with blurry fake paystubs, memos, emails, phone messages and so on. The fakes looked convincing, but they still were forgeries that could be easy disproved for someone who had access to the real information.

That's when the hacking took place, when the FSB agents went into government databases and created records of people and companies that didn't exist.

I think that part of the reasons why some of them got the mild sentences of three years in general security prison, and some were left free, wasn't just the fact that they agreed to collaborate with the Russian government, but also the fact that they didn't actually steal information from government officials like Medvedev and his press secretary, Nataliya Timakova, or the owner of the largest in Europe catering business, Evgeny Prigozhin. They made information up and claimed that it was real.

These guys gave a bad name to all hackers, whistleblowers, leakers and spies. Now, journalists presented with some "hacked" and leaked secrets has to think it over, less they end up with an egg on their face like journos from the Fontanka, Vedomosti and Novaya Gazeta in case of the "Kremlin's trolls."

If we accept that the Shaltay-Boltay group was working to create and distribute documents they forged, claiming that those files were "hacked," we would also understand a mysterious statement made by them to BuzzFeed.

"In email correspondence with BuzzFeed , a representative of the group claimed they were "not hackers in the classical sense."

"We are trying to change reality. Reality has indeed begun to change as a result of the appearance of our information in public ," wrote the representative, whose email account is named Shaltai Boltai, which is the Russian for tragic nursery rhyme hero Humpty Dumpty."

Bazzfeed also said back in 2014, that " The leak from the Internet Research Agency is the first time specific comments under news articles can be directly traced to a Russian campaign." Now, this is a very important grave mark.

Just think about this working scheme: Shaltay-Boltay with a group of anti-government "activists" created the "Internet Research Agency," they and some "activists" created 470 FaceBook accounts used to post comments that looked unmistakably "trollish."

After that other, CIA affiliated entities, like the entire Western Media, claimed the "Russian interference in the US election." Finally, the ODNI published a report lacking any evidence in it.

The link to their report is here, but I don't recommend you to read it. You will gain as much information by reading this report as you would by chewing on some wet newspaper. Ask my dog for details.

Assessing Russian Activities and Intentions in Recent US Elections

https://www.dni.gov/files/documents/ICA_2017_01.pdf

Only three paragraphs is interesting on the page 4:

"Russia used trolls as well as RT as part of its influence efforts to denigrate Secretary Clinton. This effort amplified stories on scandals about Secretary Clinton and the role of WikiLeaks in the election campaign.

The likely financier of the so-called Internet Research Agency of professional trolls located in Saint Petersburg is a close Putin ally with ties to Russian intelligence.

A journalist who is a leading expert on the Internet Research Agency claimed that some social media accounts that appear to be tied to Russia's professional trolls -- because they previously were devoted to supporting Russian actions in Ukraine -- started to advocate for President-elect Trump as early as December 2015."

In other words, in its report with a subtitle: "Background to "Assessing Russian Activities and Intentions in Recent US Elections": The Analytic Process and Cyber Incident Attribution" the Office of the Director of National Intelligence ODNI, is quoting the Shaltay-Boltay, a group that had been proved to work for the CIA by "creating reality."

The only reason why they don't provide us with evidence, with at least one lousy IP address with the Russian trace roots that would convincingly point at the company named the Internet Research Agency, is because this company never existed, it never had any IP addresses assigned to it that would be verifiable via third parties like RIPE network coordination and via online domain tools.

We understand that having hundreds of people working ten to twelve hours a day, as they claimed, posting hundreds messages hourly, would use huge amount of bandwidth. They would need a very fast internet connection with unlimited bandwidth that only a business can get. Inevitably, this internet connection would come with the assigned IP addresses. No internet provider would let this kind of bandwidth hog to create this kind traffic without being forced to separate them from other customers.

One example, a woman with the last name Malcheva filed a lawsuit in court against the companies "Internet Research, LLC" and "TEKA, LLC," claiming unpaid wages.

The court asked her to produce evidence of her work, and then denied her claim after she produced a photo of a computer with an IP address on its screen as evidence of her employment.

An IP address that was assigned to a luxury hotel in Saint-Petersburg. A hotel that was awarded multiple international awards for excellence. An immensely popular hotel among discriminating travelers. A very expensive hotel located in the center of a historic city. The woman claimed that she was an "online troll' working from this location ten hours a day with hundreds of other virtual trolls. The judge didn't believe her. Would you?

People from the Shaltay-Boltay group weren't hackers in the proper terms because they worked with and for the CIA. Middle-of the-road and run-of-the-mill intelligence agencies would collect and analyze information for their governments. The CIA invents information, then goes on to manufacture and forge documents in support of their invented information; they then recruit people inside other countries and other governments to claim that they "obtained" this explosive evidence. Being the dirty cops that they are, the CIA doesn't obtain and secure evidence, but instead they plant fake evidence on their victims.

By this act alone they change our current and past reality, and they change our future. They change our history by forging never existing "proof" of invented myths. They hire and train groups of military men to act as "protesters" around government buildings, while other military men from other countries shoot at unsuspected bystanders whose death allows Washington to claim the sovereign governments' wrongdoing.

CIA-operated groups arrest and kill government officials or force them to flee, like in Ukraine. They take over a couple of government buildings and declare their victory over a huge country, just like it happened in Russia in 1991 and 1993 and in Ukraine in 2005 and 2014. For some reason, they claim that governments are those people who take over a couple of buildings in one city. When in fact, our countries' governments are those people whose names we wrote on ballots, regardless of where these people are located. We don't run around like chickens with our heads cut off electing a new president every time our current president leaves the country.

Going back to the CIA's Humpty-Dumpty project that came online sometime in 2013. Why would anyone name their enterprise after such predictable failure, you might ask. Because, in the Russian alliteration, Shalti-Boltai means "shake up and brag about it" and not as in its original Carroll's version of "humping and dumping."

I went ballistic after someone retweeted me this CNN clip titled "Russia used Pokemon Go to interfere with the US elections."

I actually listened to the clip itself, in which they brought up the Internet Research Agency" from SP. Knowing full well that the hackers who "leaked" the information about this "Agency" were arrested and successfully charged for treason because they worked for the CIA should prevent the CIA to run fake news about the entities and people they themselves made up. You would think that the matter of the "Kremlin trolls from Saint Petersburg" should be dead and buried after the arrest. The CIA and other 16 intelligence agencies should know better than to use information that is being known now as "discovered' with their "help."

Because it's all fake and we know it.

We also know everything that the CIA touches is fake. Speaking in layman's term, it's as if all those middle aged bald guys would start licking their balls while claiming to be in fulfilling relations. If it's just you, guys, there is no relations. It's just you. Deal with it!

The American intelligence community cannot claim an existence of threats against America if all fingers in those "threats" are pointing back at the American intelligence community.

By stating that someone interfered with the US election using the Internet Research Agency in SP, is plainly to state that it's CIA that interfered in the American elections.

--

Let's just briefly run over the matter, before I tell you what exactly took place.

--

On September 6, 2017, Alex Stamos, a Chief Security Officer, posted a statement titled "An Update On Information Operations On Facebook":

"In reviewing the ads buys, we have found approximately $100,000 in ad spending from June of 2015 to May of 2017 -- associated with roughly 3,000 ads -- that was connected to about 470 inauthentic accounts and Pages in violation of our policies. Our analysis suggests these accounts and Pages were affiliated with one another and likely operated out of Russia."

To make sure that people including myself won't find those accounts, the FB deleted them.

"We don't allow inauthentic accounts on Facebook, and as a result, we have since shut down the accounts and Pages we identified that were still active."

That's how it's done in the US. They destroy all potential evidence while laying heavy blame on Russia. Facebook destroys evidence of "Russians crimes" while public ask them to show those evidences. This means only one thing: the pieces of evidence are pointing at something Facebook wants to protect, which is the CIA.

You see, I am not suggesting that they are lying about those accounts being real or that they "affiliated with Russia," because, if the Shaltay-Boltay group worked with people from the Soros and Khodorkovky-backed group of human rights lawyers " Team 29, " created in February 2015, then their only task, it seems, was to service the psyop of the "Internet Trolls." It looks to me like they could also coordinated the work done by those 470 FaceBook accounts while being on the territory of Russia. Considering that, it's not a complete lie for the FB to say that those accounts were "Russia affiliated" and that they were "likely operated from Russia."

Facebook also can claim with plausible deniability that they are ignorant of the fact that people behind the Internet Research Agency troll hoax are proved by the Russian court to be affiliated with the CIA, while people who have been acting as the "witnesses" to this Project are lawyers from Team 29, "human rights activists and also journalists from the Norwegian Bonnier AB owned Fontanka, Taiwan-based Novaya Gazeta, and the Latvia-based Meduza; these people are factually proven to be backed by Soros, a CIA financial branch, like a journalist who has received an award from Khodorkovsky.

The entire campaign of blaming Russia in "meddling" is being reported without ANY tangible proof that could be verified by at least two independently existing sources, that's why we should grab ANY grains of information. That's why Facebook's statement that " About one-quarter of these ads were geographically targeted, and of those, more ran in 2015 than 2016″ is very important.

Why?

Because, fake business entities known as " the Internet Research Agency ," and " the Internet Research" in the government electronic business registry, they were treated as real companies by the system . Because of their inactivity on all of their bank accounts and because no one ever filed required forms, they were automatically liquidated by the electronic system.

The United Business Registry database in Russia works according to the Federal laws, so after twelve months of inactivity a business is simply liquidated. The Internet Research Agency was liquidated in December 2016 by the government system after it been inactive for twelve month. It's inactivity implied that the company had no employees, no office, and no bank transactions for at least twelve months! The Internet Research company was liquidated on September 2, 2015 by merging with TEKA company. According to the federal business Registry TEKA was a construction retailer. I wasn't able to find any indication, like an office, phone number, names of the managers or employees, anything at all that would indicate that this company existed. Just like the Internet Research Agency and the Internet Research, TEKA existed only in the federal registry and nowhere else.

The automatic liquidation in the federal registry for inactivity explains the drop in activity on the accounts run by the Shaltay-Boltay and the others. Oh, yes, they were also hunted and on the run, out of the country. It's hard to use bank accounts to simulate activities after you have fled the country.

The Team 29, of the human rights lawyers and activists, was created in February 2015. To give to this new company some proof of reality and instant notoriety they immediately filed a lawsuit against the Internet Research company using an activist woman with a Ukrainian last name Ludmila Savchuk (Людмила Савчук) who went and filed a lawsuit against the company, claiming some unpaid wages. Her first lawsuit the judge threw out. Only after the local general prosecutor's office pressed the judge to take the case, the district court took the case and partially granted the Claimant her claim, but not the "moral damages." She wanted the money for working for the "troll factory." In essence, they wanted an official court paper that would say black on white, that there is a "troll factory" that this poor woman worked for. Without reading the file, I don't know what the judge was thinking, but she might have smelled a rat among those virtual "trolls."

This took place in August 2015, and by September 2 2015, a fake company named the "Internet Research" was liquidated by merging it, in the Business registry, with another fake entity, TEKA, that was created in spring 2015 as the construction materials retailer.

"Facebook disclosed on Wednesday that it had identified more than $100,000 worth of divisive ads on hot-button issues purchased by a shadowy Russian company linked to the Kremlin."

"Most of the 3,000 ads did not refer to particular candidates but instead focused on divisive social issues such as race, gay rights, gun control and immigration, according to a post on Facebook by Alex Stamos, the company's chief security officer. The ads, which ran between June 2015 and May 2017, were linked to some 470 fake accounts and pages the company said it had shut down."

"Facebook officials said the fake accounts were created by a Russian company called the Internet Research Agency , which is known for using "troll" accounts to post on social media and comment on news websites."

"The January intelligence report said the "likely financier" of the Internet Research Agency was "a close Putin ally with ties to Russian intelligence." The company, profiled by The New York Times Magazine in 2015, is in St. Petersburg and uses its small army of trolls to put out messages supportive of Russian government policy."

"To date, while news reports have uncovered many meetings and contacts between Trump associates and Russians, there has been no evidence proving collusion in the hacking or other Russian activities."

"While there is no direct link between the Kremlin and any of these projects -- both Surkov and Zubarev say their projects are privately funded -- the timing, scale, and coordination of these efforts are suspicious. BuzzFeed was not able to find evidence of direct government funding to the "Internet Research Agency ," the pro-Kremlin troll outlet operating out of 55 Savushkina , but they did reference a number of sources that revealed some level of involvement."

-- -

In my next study, I will provide you with more links, screenshots and translations. I will demonstrate to you how this story connects to the war on the Middle East and the international war on the Russian population of Ukraine.

--

In conclusion I just want to say that everything the United State touches turns into a warzone. The building on Savushkina, 55 in Saint Petersburg is no exception.

Multiple death threats are being directed at people who work there. Popular and excellent in their quality media outlets operating there have to hide their true location and rent a separate office across the city for their visitors, because people are simply afraid to come in.

Journalists and multiple business employees are threatened online with rape.

Threats to hang the journalists during a "protest meeting" on Oct 1, 2017

At least one case of terror attack on the office building that resulted in arson on October 26, 2016.

On Oct 26, 2016, several men threw bottles of Molotov cocktail in the windows of the Nevskie Novosti (Neva News). Luckily, no one was there but the owner of the Media conglomerate, Evgeny Zubarev, who put out the fire.

https://www.youtube.com/embed/hO02D2hOsrg

All of these, every threat, every simple lie is all on the United State government, its intelligence community, on those traitors, who are in prison now, and those who are still at large. ­


jfb on October 15, 2017 , · at 11:45 pm UTC

Finally a detailed article on this. Anyone who has read sputnik or RT during the years 2015-2016 can figure that something is wrong with those claims.

We have two media outlets truelly affiliated with the Russian government (although not completely) and they didnt produce any pro-Trump article during that period. They interviewd Jill Stein and Ron Paul several times however

Nick on October 16, 2017 , · at 1:06 am UTC
With the current uproar about Russia interfering in the USA elections. It has to be noted that the Kremlin is very silent on this subject. It is more important now than ever to bring forth information from Russia in exposing how serious the problem is from the USA interfering in not only Russian affairs but how the intelligence community continues unabated in interfering in most countries.

This article is very important and outlines the destructive effort being done to Russia by the USA. It should be noted and clearly displayed by the psychopathic nature of USA meddling in Russian affairs. One has to wonder why people cannot see how the current government of the USA is totally out of control around the world. Everything has its cycle of life and the USA is no exception to this theory.

When humanity is controlled in such a fashion, by that I mean that the USA is supported by the four pillars consisting of GREED, CORRUPTION, POWER and CONTROL. They are sitting on the top of these structures and are desperately trying to maintain their grip over the world.

_smr on October 16, 2017 , · at 3:01 am UTC
"With the current uproar about Russia interfering in the USA elections. It has to be noted that the Kremlin is very silent on this subject."

thank goodness! Trying to reason with drunken punks is hopeless and makes you look like a fool yourself.

Anonymous on October 16, 2017 , · at 11:02 am UTC
Perhaps the purpose is to "open Russia" to debunk those silly "Kreml hacking" claims and give Empire more important information inside Russia. E.g how to go deep through military security defense line.

Empire actually don't know what Russia don't know or do know. Is this chess where you have to sacrifice pawn or two or even knight to secure queen and king? Or why to shoot fly with cannon?

Den Lille Abe on October 16, 2017 , · at 7:47 pm UTC
"One has to wonder why people cannot see how the current government of the USA is totally out of control around the world." end quote.

It is extremely difficult and time consuming for an ordinary person to find the truth in the millions of pages on the Internet, the ordinary mushroom knowing that the MSM only serves you sh't and keeps you in the dark. The most reliable method (not 100 % though) is the "Follow the money" method, who has to gain by this or that development, but even that can lead to false conclusions. Always count on that everyone has a hidden agenda, but watch out you are not gripped by paranoia.

MarkinPNW on October 16, 2017 , · at 2:27 am UTC
Yea, just a common internet malpractice called spoofing, that any IT professional, especially one working in IT security, knows about. I suspected all along that most or all of this "Russian Hacking" and "Russians did it" was exactly that.
Tom Welsh on October 16, 2017 , · at 4:55 am UTC
What a pathetic waste of time. American society and government are really getting very low.

And, of course, reality is actually defined as "what you cannot change by speaking about it". You can change reality, a very little bit at a time, by doing honest physical work.

Nussiminen on October 16, 2017 , · at 2:29 pm UTC
Agreed, well put.

At the same time, it's strange they don't follow up by more imbecilic slander against Russia for Charlottesville and Las Vegas. I mean, the attention span of Ziomedia consumers is parlously narrow. The US Presidential Election should have all but faded as an event in the distant past.

B.F. on October 16, 2017 , · at 6:50 am UTC
I wonder if the US Government and Washington political establishment are aware that the rest of the world is watching them and drawing appropriate conclusions. Probably not.

What has been happening in the US during Trumps election campaign, and in the period after he became President, has left a very poor impression of the US in the eyes of the international community.

The US is now perceived as an imperial power which has lost all sense of reality, thinking it can do anything it wants and having the rest of the world agree with it. That is simply not the case. All the anti-Russian rhetoric has done is to make Russia more popular and more mature in the eyes of the world, which now sees Vladimir Putin as a factor of stability.

CrazySerb on October 16, 2017 , · at 9:15 am UTC
Scott can you elaborate , what is the cause of that hate towards Russian people?

What are the reasons to hate your own nation and the people who live there , after all you were born there and lived your whole life?
If you do not like to live there you can simply leave , Soviet Union is no more.

B.F. on October 16, 2017 , · at 3:51 pm UTC
Russia is multi ethnic. I don't think those were Russians.
Guru on November 20, 2017 , · at 8:09 am UTC
It goes back to the Bible and Tree of Knowledge. Read Ishmael by Daniel Quinn. Explains it all.
jo6pac on October 16, 2017 , · at 9:21 am UTC
Thanks Scott.
twilight on October 16, 2017 , · at 10:04 am UTC
There's only one thing you need to know about the recent election cycle in the USA- the organised force that operated on behalf of Hillary Clinton was unprecented in Human History and spent more money to get her elected than in any previous campaign- and they ***failed***.

Was there pro-Trump activity, including by soft 'unofficial' foreign sources? For sure, but it measured less than 1% of 1% of 1% of the size of the official state sanctioned efforts made by every regime of the West to get Clinton elected. The Deep State Demons, led by Tony Blair, are not angry cos Trump won, they are angry because their effort proved so impotent. After all within days of Trump winning, they got Putin to back off and thus were able to 'turn' Trump. So Trump ain't the issue- but having such 'PR' resources fail is.

We, the people, are the living 'batteries' that power the Demon's greater plans. Without our assent- even passively given- the Demons can achieve nothing major on this Planet. So the Demons battle for hearts and minds. And our support doesn't not have to be 'active' so Brits protesting against Blair's Iraq invasion in record numbers isn't a issue if the same Brits support their 'troops' after the fact and then vote Blair back into power.

Americans can think they hate Trump and Clinton- but this doesn't trouble the Deep State one whit so long as the same fools support everything Trump or Clinton do- passively or not.

Does Russia 'troll' the West officially and unofficially? Of course it does. Russia is obliged, as a major power, to do to the West what the West does to Russia. Do Russia's tiny efforts 'weigh' as much as a far far greater chunk of the efforts of the West? Of course- Russia has to be super efficient, lacking the resources of the West. Does this mean Russia was responsible for Clinton's defeat? Obviously not!

Russia reached a tiny section of self-aware US voters who already would never vote for Clinton. The vast majority of US sheeple are still fodder for the zionist press machine. They voted against Clinton because they could not stand her perfume of sulpher- they perceived correctly her rotted soul- and her "all about me" attitude. And the Clinton 'dynasty' thing was the final straw. For the 'left' to push the idea of 'royal' families was stupid beyond belief.

So why is Russia still based over its non-relevant activities at that time? Because it is always about ***now*** and not ***then***. Attacking Putin in the aftermath of Trump's election successfully got Putin to run backward, leaving Trump exposed and without powerful allies. And the Deep State just had to walk thru that open door, and 'take' Trump. So Russia showed itself very weak to name-calling. And our people show themselves likewise weak, hence this article. When you spend your time apologising and denying the 'truth' of vindictive attacks on your reputation, you look weak and start to feel weak and always on the defensive.

Want to see how this plays out- look at the RT news service. Constant attacks on RT have RT bending over backward to present a pro-Israeli narrative. The language of RT's news reports are the same language used by the BBC. The people running RT are constantly looking over their shoulder and asking themselves the question "are we fair and unbiased". Let me ask you all a question. When does the zionist press of the West ever ask itself that question?

You see the Deep State, via the racist zionists, controls 99.99% of the planet's mainstream media and 95% of the so-called indy-media (mostly via real life nazi jew Soros). It is the duty of our tiny fraction of news outlets to counter this monolith, ***not*** to worry about 'bias'.

In Britain, the jewish run government press censorship bodies that masquerade as 'independent'- the same ones that ***banned*** PressTV- constantly attack RT for not presenting 'both' sides of the story. This is the same Britain that when the jews of Israel use WW3 class weapons to holocaust the people of Gaza, insist that the BBC and ITN ***never*** interview members of the Gaza government- and give exclusive airtime to the jewish butchers so they can explain why 'sub-Human' non-jews must be slaughtered.

RT tries to mock these requirements by giving airtime to self-destruction rabid zionists whose very mouth-frothing evil helps ruin the arguments of the Deep State. It does not matter. RT is on 'borrowed time' and when things get darker in the near future, will be banned anyway.

Anyway my greater point is I don't care about the zionist press demonising of counter propaganda using false lying examples. It is their job to make our side look bad any way they can. I car about the effectiveness of our real counter propaganda- and that we engage in it powerfully, loudly and without apology. We don't have to present the arguements of the other side for 'fairness'. The other side is represented by a press machine of unprecedented size, power and reach. 100% of our efforts have to be in exposing the work and agenda of the Deep State Demons, and those that willingly ally with them, like the Friends of Israel.

bernie on October 17, 2017 , · at 3:03 am UTC
twilight is half half neither full light nor darkness. so are your writings. I admit you write very well very cunningly instilling confusion, the devil could not do it better. You may upset a few newcomers on this blog but that s' it. In fact your writings have a particular air .. . Go on until nobody takes you serious anymore.
Anonymous on October 17, 2017 , · at 4:29 am UTC
Well said.

Verbosity, generally, equates to obfuscation -- especially when implemented in a turgid, pompous style of vacuous content.

Nikkobaud on October 16, 2017 , · at 10:47 am UTC
Thanks for the detailed puncturing of this mainstream fake news balloon. But, as fake as all of the "Russian interference, Putin done it, et al" memes are, and therefore seemingly jejune and transparent propaganda psy-ops, I think their real purpose is to create a false climate, a public justification for the eventual hard censorship of internet alt-news sites for Western users. And in that they seem to be succeeding, if only, for the moment, in skewing the results of internet searches away from what are claimed to be "fake news" sites, but are, in fact, usually the real news sources, if often contradicting the mainstream party line. A fake threat is being created that will be answered by a real throttling of internet access.
Nussiminen on October 16, 2017 , · at 1:24 pm UTC
Russia shouldn't waste precious time and resources on retarded, despicable Westerners forever high on their vile, corporate mindrot. Well, I take back what I just said -- it would actually be hilarious to the n :th degree if Russia dismissed the slander on pure Western supremacist grounds:

"How the hell would a nation of backward, imbecilic, Asiatic savages like us ever be able to master anything coming out of the West (except, perhaps, pornography) ?!?"

Supreme contempt accompanied by refined amusement is unbeatable when you're dealing with Western supremacists, believe me.

oldnik007 on October 16, 2017 , · at 1:36 pm UTC
"Ask my dog for details "hilarious. well researched scott and very clear explanation.
Richard Steven Hack on October 16, 2017 , · at 3:03 pm UTC
Very nice detective work, Scott! Well done.

Rather than Putin being a mastermind controlling the world from Moscow, it seems that most bad things happening in the world are in fact being controlled out of Langley, Virginia. Which pretty much agrees with everything I've ever read about the CIA going back decades.

The US needs to disband the CIA entirely, investigate their operations and put most of the heads in jail.

Larchmonter445 on October 16, 2017 , · at 3:08 pm UTC
Scott,

Good work on this article.

Very important resource piece. Illuminating.

Thanks.

vot tak on October 16, 2017 , · at 4:27 pm UTC
With soros and khodorkovsky being israelis, this covert op involved a lot more than just some trouser droppers at the cia. It is part of a much wider israeloamerican series of covert ops against Russia. I suspect there is a whole lot more of this govno and this is just one individual op being described here.
Den Lille Abe on October 16, 2017 , · at 7:39 pm UTC
This is very disappointing to read. I have now been in sharp training , to hopefully be employed by one of these nebulous actor as a bona fide troll, posting comments with a satirical edge but always advocating this or that point of view. It is most distressing to say the least.
End of satirical part.
If this article is true, i have no choice, but to post what is my current opinion, which of course is formed by the current MSM tagline Confused ? Dont be!
The recent years have seen the rise of three letter agencies use of the internet in in their paid for masters agenda, and the truth has in fact never been further out of reach for a ordinary person.
Ohh sweet irony, 30 years ago it took searching libraries, news clippings to find the truth, but it could be done, as the smoke and diversion was only a single or few layers thick.
Not so today, with all information at hand within microseconds, the truth has never been buried deeper, the public never been more "propagandised than ever.
Anonymous on October 17, 2017 , · at 7:53 am UTC
Scott, you were right in your intuition that the Catalonia "revolution" was remindful of Maidan. Remember that Maidan video "I am Ucrainian"?
https://www.youtube.com/watch?v=Hvds2AIiWLA

Well, there is this one about Catalonia that looks and sounds very very very similar. Clearly copied from the Maidan model

Help Catalonia
https://www.youtube.com/watch?v=wouNL14tAks

Mujo on October 17, 2017 , · at 9:22 am UTC
Thanks for this article.

Perhaps somebody could help me to understand this story better.

It seems that the so-called "Kremlin trolls" were current and former FSB officers who went to work for the CIA.

Questions

(1) How do we know they worked for the CIA? Reading this article, I find numerous claims to this effect but no evidence. Did I miss something? Is there a smoking gun?

(2) Why did they defect from the FSB to join the CIA? Do we have any insight on this?

Scott on October 17, 2017 , · at 3:03 pm UTC
to Mujo

That's what my research is about, despite Ivan Pavlov's defense denying the connection between the Shaltay-Boltay group and former FSB officers convicted for treason. https://en.crimerussia.com/gromkie-dela/defendant-in-high-treason-case-personally-detained-shaltay-boltay-s-leader-/

But that's what a good defense is for, to deny.
Treason is very serious charge that includes working for foreign governments intelligence services.
I believe I have enough to prove my point, using, of course, only information openly available on the internet.
However, if these people worked for SBU or Mossad, I will write about this, also.

See also,
Arrested Russian FSB Agents Allegedly Passed Information to CIA
http://foreignpolicy.com/2017/01/31/arrested-russian-fsb-agents-allegedly-passed-information-to-cia-trump-putin/
https://www.cbsnews.com/news/russia-treason-fsb-spies-kaspersky-labs-us-intelligence-denies-cia-hacking/
https://www.theguardian.com/world/2017/jan/31/russian-cybersecurity-experts-face-treason-charges-cia
https://www.usatoday.com/story/news/2017/01/26/report-arrested-russian-intel-officer-allegedly-spied-us/97094696/
https://www.rbth.com/politics_and_society/2017/02/02/fsb-officers-charged-with-treason-media-claim-cia-ties_693641

You wrote "(2) Why did they defect from the FSB to join the CIA? Do we have any insight on this?"
Maybe they defected, or maybe they started working there after being recruited by the foreign intelligence services. We will find out.

Mujo on October 18, 2017 , · at 5:58 am UTC
Scott,

Thanks for these follow-up links -- very helpful.

I also found this interview with Alexander Glazastikov (Humpty), which you have probably read:

The only member of Shaltay-Boltay left on the loose reveals details on their work

As described by various media sources, the basic story about Shaltay-Boltay is that they formed in mid-2013 to hack e-mail, social media, and data of officials and businessmen in Russia, and then sold this data for large amounts of money through the digital underground. In particular, this happened through a portal called "Exchange of Information", a kind of anonymous auction site for stolen data. Glazastikov says Shaltay-Boltay "was supposed to be a spokesman for the Anonymous International", and was created by himself, Vladimir Anikeev, and Konstantin Teplyakov.

Although most all of the Western media sources insinuate some connection between Shaltay-Boltay, the FSB officers who were arrested, and the putative "hacking" of the 2016 U.S. election, Glazastikov denies any interest in targets outside Russia.

There is also disagreement around the connection between Shaltay-Boltay and the FSB. Glazastikov says that the FSB contacted him, saying they were aware of Shaltay-Boltay's activity, and wanted to assert "control" and veto power in exchange for not arresting them. Russia Beyond claims that it was Sergei Mikhailov (FSB) who took control of Shaltay-Boltay and "received kickbacks from its founder, Vladimir Anikeyev". However, Glazastikov's testimony contradicts that of Anikeev, his lawyer (Ruslan Koblev), and Ivan Pavlov, lawyer for one of the FSB defendants, all of whom deny any working relationship between Shaltay-Boltay and the FSB.

Interestingly, Glazastikov notes that neither Anikeev nor Teplyakov had technical expertise. Moreover, Glazastikov makes it sound like even he was not primarily involved in hacking, and the "Exchange of Information" admins claim no connection with Shaltay-Boltay. For the heavy lifting, Shaltay-Boltay would use "specialized hacking sites" where they outsourced pay-to-order hacks with IT mercenaries. A target e-mail address could be hacked for a few thousand rubles. And even this, Glazastikov states, wasn't really the original idea for Shaltay-Boltay. Instead, he imagined they would be doing "advertising or administration fee".

Perhaps more significantly, it has more recently been claimed that members of Shaltay-Boltay have admitted to forging some parts of the correspondence that they hacked. The putative aim was to boost the profile of their group.

Reading between the lines of this, I find more support for Scott's angle on this story. Shaltay-Boltay were indeed not hackers in a conventional sense. They were traders in an illicit information economy, and apparently weren't above fabricating that information if it would raise their profile. For the extent and nature of that fabrication, i look forward to Scott's next report!

Internal Exile USA on October 17, 2017 , · at 4:29 pm UTC
This is incredible research, you put most YTube new journalists to shame. I hope this material makes its way into your next book. "Enemy of the State" is an instant classic full of insights on how to live life that are a soothing balm to children of the Sick West with senses of humor somewhat intact.

On the east coast of the U.S., the mundane worlds of the Masters of (their imagined) Universe can be seen fairly easily, especially if you wander into places and act like you belong there.

Regarding the kinds of people that instigate the madness you describe above: I recently had the opportunity to visit a very interesting social club that was opened to the public for one day only. Three Ivy league schools I'm sure you've heard of. On the walls upstairs were listed all the latest presidents in different colors, like red for an "H" school: Obama, Clinton, Bush II, Bush I . Kennedy John Quincy Adams, etc. I can't remember Nixon or Carter being there, but I talked to someone who's name is on another wall, and it struck me that members of this club did not hate Trump because of his manners, parents, background, politics, or alleged business acumen. Instead, they hated the fact that his name couldn't be written on their wall. It's really only acceptable to be President if you've been BMOC at Harvard.

Out of nowhere, my gentleman acquaintance brought up the topic of the day: Russia hacking the elections. The more things change, the more they are not the same anymore.

There were pictures of famous football teams from years gone by, the place had a charm but it was shabby, and the ceiling looked like sprayed styrafoam, an aesthetic disgrace that these imaginary jocks failed to appreciate. The drinks, by the way, were terrible. They must make their highballs with Minute Maid. The creativity and intelligence, not to mention taste of the West are surely at a low ebb.

TIJAT on October 18, 2017 , · at 10:20 am UTC
Excellent article. In depth and well reported. Blows away the MSM!
Nussiminen on October 18, 2017 , · at 3:20 pm UTC
Frankly, I don't really see too big a problem with people swallowing the hogwash about "Kremlin disinformation trolls" working to undermine the West's irrepressible belief in itself. As usual, the most appropriate response amounts to contemptuous, refined amusement:

"They seem to know indeed what they are talking about -- well worth their salary for doing honest work."

If you cannot change the Weltanschau of Ziomedia addicts, then at least you're fully entitled to have some fun at the slobs' expense.

Internal Exile USA on October 19, 2017 , · at 9:20 pm UTC
Absolutely, humor is one of the best weapons around. The more pompous a person is, the more they hate being dropped down to size. Pop goes the balloon of hot air. Humor has probably woken more people up than any other method. It's not as though we have a lack of ludicrous, ridiculous material. As the inventor of this site once described, how did the people in the late-era Soviet Union fight their declining regime? Jokes.
TIAJAT on October 19, 2017 , · at 8:08 pm UTC
Awesome work, and no one has been able to post any rebuttals. Probably because they don't have any?
Colin on October 21, 2017 , · at 11:54 pm UTC
Interesting how the incorrect information masqueraded as first hand eyewitness reports by boots on the ground in St.Petersburg -- in effect 'doxxing' the Kremin's Troll Factory.
It's as though someone misinterpreted (or merely read in school misrepresentations of) Asch's conformity test results.
This was obviously aimed at those old enough to remember the Lubyanka building; fighting ghosts of the cold war in old peoples' minds, eh?

It'll probably work on political fools like Kelly (chief of staff)

yet, once wonders if the yet to be released JFK files will point directly at Russia (assuming the old intelligence communities planted evidence against russia long ago and sealed it among the other documents) and if Clinton on her book tour spreading total BS about russia and wikileaks is laying the groundwork for Trump to resurrect his mentor's McCarthyism skeletons?

I don't think they really give a rat's arse about Russia. Just read Bush's speech he gave (that the MSM blatantly lies calling it anti-racist only) about the 'cyber revolution' coming. Who the hell do you think is the second highest paid lobbyist group besides the military industrial complex? That's right, the USA's ISP companies.

Aaron Swartz must be rolling in his grave. poor guy. no way he hung himself.

Matt on October 28, 2017 , · at 12:38 pm UTC
First, I will address the author's attempted discrediting of the Shaltai Boltai hacking group, which included someone from the FSB. They released the internal communications of the St. Petersburg troll factory. Now, the author tries painting them as traitors working for the CIA, who planted fake information. This is entirely untrue. The group became infamous for its initial release of information in late 2013, and the subsequent hacks of various Kremlin insiders. Here are the other leaks they released:

Mandatory Questions for Putin's Press-conference in Austria

An internal Kremlin index of the relevant bloggers: divided into "Guards" (either official Kremlin
accounts or trusted trolls), highlighted in red or "Opposition", in yellow, or "Neutrals" in green.

Mailbox of Vera Kerova, a Kremlin PR adviser who worked closely on ensuring the Crimean referendum was a predetermined success.

Emails of Timur Prokopenko, head of the "Internal Politics" department at President Putin's administration, de facto spin-master of the Kremlin.

Emails of Kremlin employee Alexey Anisimov, one of the assistants to the Kremlin's chief of Domestic Politics Vyacheslav Volodin.

Emails of Georgi Gavrish, a former officer of the Russian embassy in Athens, and, like Dugin, at one point employed by oligarch Malofeev.

As you can see, their hacks were deep and numerous. Not once has any information they released been deemed fake. Further, the amount of information released is staggering. They could not forge the thousands of emails messages from the troll factory, or the tens of thousands of messages from the above personalities. Some emails contained entire drafts of unpublished books. And the information has indeed been corroborated. Shaltai Boltai also blackmailed some people for money, but despite this, none of their released have been proven to be fakes. Nor do they have a connection to the CIA. The FSB is known to hire former cybercriminals. That one of its employees ran such a hacking group is not surprising.

Now, here is some information on the hacked files:

https://www.buzzfeed.com/maxseddon/documents-show-how-russias-troll-army-hit-america?utm_term=.sn2B3bYRLe#.pgpO98mAj0

https://globalvoices.org/2015/03/14/russia-kremlin-troll-army-examples/

Further, the author tries claiming that the building was "for rent" in 2014 and that this means there could not have been a troll factory there. This is entirely false. The "for rent" sign was placed in some time 2013 and the troll factory moved in in 2013. By the summer of 2014, Shaltai Boltai had hacked the factory. The author also tries making some incorrect technical claims, that posting so many comments would require a huge amount of bandwith and that no ISP would allow this. This is another false argument, considering it is very easy and cheap to get high bandwith internet for businesses, which the troll factory technically is. Posting comments is not some bandwith-intensive task at all, nor is general browsing. The author also gets confused and claims that Shaltai Boltai and the CIA created those >400 troll accounts, as revealed by FB. Shaltai Boltai actually released the internal communications years before any "Russiagate" hysteria. Lastly, the author points out that there are many companies registered from the address, not just the troll factory. He then lists some of these companies and fails to note the irony of mentioning FAN. We will get to FAN news network later.

The author then states:

"This took place in August 2015, and by September 2 2015, a fake company named the "Internet Research" was liquidated by merging it, in the Business registry, with another fake entity, TEKA, that was created in spring 2015 as the construction materials retailer."

The lawyer who won Savchuk's case, Ivan Pavlov, who heads Team 29, says:

"Meanwhile, the company has changed its name to Teka, Pavlov said. It also has moved its legal headquarters, although the trolling operation remains in a large gray building north of the St. Petersburg city center, near the head of the Gulf of Finland."

This is what investigative journalist Andrei Zakharov, who works for the business media group RBC, says (he has written numerous articles investigating the finances of the troll factory):

"They have a lot of legal entities, and they still, I think, change it every year or every two years."

Another company at 55 Savushkina Street is Glavset, whose director general has the same name as the boss of IRA. Glavset lists the "creation and use of databases and information resources" as well as the "development of computer software, advertising services and information placement services" among its activities. It was listed as a company in the Russian legal entities registry in February 2015. A short time later, it began advertising for staff on a headhunting site (hh.ru). One post looking for a copywriter says the job involves "writing diverse texts for the Internet and content for social networks." The posting offered a salary of 30,000 rubles a month (then a little over $500) and said experience was unnecessary. Recruits would work with a team of "young and enthusiastic colleagues" in "a comfortable and stylish office," according to the posting. Source: https://www.washingtonpost.com/world/asia_pacific/the-notorious-kremlin-linked-troll-farm-and-the-russians-trying-to-take-it-down/2017/10/06/c8c4b160-a919-11e7-9a98-07140d2eed02_story.html

As you can see, the fact that the company continually changes names and merges is to obscure its existence and make it difficult to find out more information about it.
After the troll factory's emails were hacked, various journalists contacted the trolls using their leaked email addresses, to get interviews. One such journalist was the NYT's Adrian Chen:

http://www.nytimes.com/2015/06/07/magazine/the-agency.html

It's a lengthy piece, but I suggest everyone read it. It also mentions the "FAN news network", mentioned by the author. This is another entity created to obscure the existence of the troll factory. Several other interviews were published, by Western and Russian sources:

http://www.telegraph.co.uk/news/worldnews/europe/russia/11656043/My-life-as-a-pro-Putin-propagandist-in-Russias-secret-troll-factory.html

http://www.theguardian.com/world/2015/apr/02/putin-kremlin-inside-russian-troll-house

https://www.rferl.org/a/russia-trolls-headquarters-media-internet-insider-account/26904157.html

Let's assume that all this is fake, including all the troll factory emails and that the interviews were conducted by the biased Western media outlets, using CIA actors or something. What about the Russian media? Did they report on this too? Indeed, they did:

http://mr7.ru/articles/112478/

The above is a local, St. Petersburg-based media outlet and they released several documents from the troll factory, given to them by a former employee. Are they lying too?

RBC, one of Russia's most respected business news outlets, ran a story about the troll factory and its funders, this April. The story focused on restaurateur Evgeny Prigozhin, a close friend of Putin, responsible for the financing of the St. Petersburg troll factory:

http://www.rbc.ru/magazine/2017/04/58d106b09a794710fa8934ac?from=subject

Just today, they released this:

https://meduza.io/en/news/2017/10/17/russian-journalists-publish-massive-investigation-into-st-petersburg-troll-factory-s-u-s-operations

They also revealed the names of two highly popular troll accounts: an anti-Clinton FaceBook group with 140,000 subscribers, called "Secure Borders", and a right-wing Twitter account called Tea Party News, with 22,000 followers. It's my hypothesis that FaceBook used these accounts to find other accounts, as there were some of the first accounts suspended. This wasn't the only Russian media article about the troll factory or its wealthy funder. One of the very first articles about the troll factory was published in 2013, by Novaya Gazeta, one of Russia's oldest opposition papers:

https://globalvoices.org/2013/06/21/the-kremlins-kitchen-serves-up-russias-free-press/

TV Rain also recently interviewed a former troll:

https://tvrain.ru/teleshow/reportazh/oni_sdelali_video_kak_negr_zanimaetsja-448671/

Is it likely that RBC, NG, MR7, and TV Rain are also lying?

Lastly, there are several examples of the troll factory getting caught red-handed:

http://www.theepochtimes.com/n3/2002774-fake-video-of-american-shooting-a-quran-traced-to-russian-propaganda-agency/

https://globalvoices.org/2015/07/13/open-source-information-reveals-pro-kremlin-web-campaign/

https://globalvoices.org/2014/11/19/fake-ukrainian-news-websites-run-by-russian-troll-army-offshoots/

https://globalvoices.org/2015/12/22/massive-livejournal-troll-network-pushes-pro-kremlin-narratives/

In conclusion, the author was unable to prove that the leaked correspondence is fake, ignores the mountain of evidence proving the existence of the troll factory, blames, without evidence, the CIA for being behind all this, and tries using faulty logic to disprove the existence of the troll factory. He also is confused about the troll factory's continuous morphing. Lastly, he tries linking the drop in leaking activity by Shaltai Boltai with the troll factory's merging into other entities. The two things are completely unrelated, since the troll factory changes its name every year or so, and has gone by many names. I find it hard to believe that a Russian speaker like the author could make so many mistakes and leave out the above information. I don't even understand Russian, yet, even I addressed the mountain of evidence from the RuNet regarding the troll factory. We have thousands of messages from the factory, leaked not just by Shaltai Boltai, but local news outlets from St. Petersburg, who received the documents from a former employee. We have numerous interviews from the American, Russian, British, and German media of not just one person (which the author tries smearing due to her Ukrainian last name), but countless other former employees. Conveniently, the author ignores them.

Matt on November 17, 2017 , · at 12:15 pm UTC
It's been a few weeks, but no response to my post. I would very much appreciate one. Thank you.
David on January 09, 2018 , · at 3:42 pm UTC
You say that an alleged Russian troll farm moved into that building in 2014?

Hmm. The USA had a $200 million troll farm program already in 2010. And the difference between the existence of the US' far larger troll farm program than anything that has been alleged of Russia, is that the US troll farm program is confirmed to exist, and was confirmed, in comprehensive detail, to exist by the US government years before any allegations that Russia might be doing something similar existed.

In fact, I suppose that you could be one of the US' paid social media propaganda trolls, Matt. After all, they are everywhere, these days -- and have been for getting close to a decade, now.

http://www.nbcnews.com/id/29040299/ns/us_news-military/
http://russia-insider.com/en/ny-times-frets-about-russian-propaganda-ignores-massive-troll-farms-run-america-and-its-allies
https://www.cbsnews.com/news/so-why-does-the-air-force-want-hundreds-of-fake-online-identities-on-social-media-update/
http://www.businessinsider.com/ndaa-legalizes-propaganda-2012-5
http://russia-insider.com/en/us-prepares-lavishly-funded-anti-russia-propaganda-and-troll-army/ri21805
http://russia-insider.com/en/yet-another-us-govt-agency-spending-big-spread-foreign-policy-lies-gec/ri22087

And here is a particularly good article that details the US' social media troll farm program, as it was already in 2010.

https://www.theguardian.com/technology/2011/mar/17/us-spy-operation-social-networks

" According to publicized 2011 USA Central Command documents and contracts which detailed the program, the USA has by far the world's largest cyber-army, and contracts companies to set up and pay people to post in social media "around the world," "using fake online personas to influence internet conversations and spread pro-American propaganda "the software could allow US service personnel, working around the clock in one location, to respond to emerging online conversations with any number of co-ordinated messages, blogposts, chatroom posts and other interventions .The discovery that the US military is developing false online personalities -- known to users of social media as "sock puppets" -- could also encourage other governments, private companies and non-government organisations to do the same."

Basically, if the Russian government is paying posters to post in social media, they got the idea from the USA government (and Israel, which admitted paying social media trolls during their 2008 -- 2009 war against Gaza), which was publicly broadcasting that it was doing the same thing years earlier, and with a budget in the hundreds of millions of dollars.

Since then, a lot of countries have copies the US and Israel's pioneering of social media troll farms, and today Israel, the US, the UK, Ukraine, Poland etc.

http://www.newsweek.com/35000-volunteers-sign-ukraines-information-army-first-day-310121
https://sputniknews.com/analysis/201710111058132063-poland-cyber-army-analysis/

Matt on January 09, 2018 , · at 6:59 pm UTC
Hello David,

I already know about those links. First, none of them prove the U.S. has troll farms to target countries. Those links only discuss writing in foreign languages to fight Jihadist propaganda online. But no evidence of the U.S. hiring people to post messages on Russian forums, for example.

"In fact, I suppose that you could be one of the US' paid social media propaganda trolls, Matt."

Hmm, strange ad hominem. I never insulted you, so I don't understand.

David on January 09, 2018 , · at 9:43 pm UTC
Hello again Matt,

"Those links only discuss writing in foreign languages to fight Jihadist propaganda online"

With the USA having the largest known troll farm budget and operation in the world, and using the phrase "around the world" to describe the scope of its social media propaganda, it is simple logic that the US is targeting everybody with their propaganda. But, the links I gave are certainly not exclusive to countering jihadist propaganda, with the US government's own description of its social media propaganda program being focused on social media "around the world", and with some of the links I gave explicitly focus on Russia-targeting efforts, while others involve targeting US citizens with domestic propaganda.

http://russia-insider.com/en/us-prepares-lavishly-funded-anti-russia-propaganda-and-troll-army/ri21805
http://russia-insider.com/en/politics/meet-brig-gen-joel-harding-natos-ziggy-stardust-and-his-spiders-mars/ri16367
http://russia-insider.com/en/politics/brig-gen-joel-harding-natos-teen-porn-addict-and-troll-king-extraordinaire-part-ii/ri16368

Also, the US spends $50 -- $100 million a year just targeting Russia with propaganda in general. And that's only what's on the public books (the real figure could be much higher):

http://freewestmedia.com/2017/09/23/foreign-governments-spend-millions-to-influence-russian-elections/

The USAF probably is not involved in countering pro-jihad propaganda:

https://www.cbsnews.com/news/so-why-does-the-air-force-want-hundreds-of-fake-online-identities-on-social-media-update/

One of the US' social media troll farms is operated by Ntrepid, near L.A. ( https://ntrepidcorp.com/ ). Do you expect they're working on countering jihad propaganda? Personally, I doubt that.

Another US security company that was seeking a troll farm contract from the US government was HBGary ( https://en.wikipedia.org/wiki/HBGary ) -- a company that had a record of conducting social media disinformation campaigns and cyber attack on behalf of US corporations and in support of US government interests.

Now, why would the US government have made propaganda directed against US citizens legal ( http://www.businessinsider.com/ndaa-legalizes-propaganda-2012-5 ), if the US government's only purpose was to counter pro-jihad messages, notably those in countries in the Middle East? Obviously, the US government's propaganda programs are not only, or even mostly about countering pro-jihad messaging, but feature comprehensive social media propagandizing against many targets.

Proving this, the purpose stated in the National Defense Authorization Act for Fiscal Year 2017, for the US' Global Engagement Center, says:

http://russia-insider.com/en/yet-another-us-govt-agency-spending-big-spread-foreign-policy-lies-gec/ri22087

"The purpose of the Center shall be to lead, synchronize, and coordinate efforts of the Federal Government to recognize, understand, expose, and counter foreign state and non-state propaganda and disinformation efforts aimed at undermining United States national security interests."

That does not limit the US' social media propaganda to countering jihadist, but specifically includes propaganda against states.

Also, the phrasing of the US government, calling its own propaganda 'countering propaganda', is itself propaganda, and trying to white-wash the US' hefty international offensive propaganda programs as something noble and just, and the targets of those programs as being deserving of being propagandized against. That rationalizing is by no means an honest description, being just hubris and arrogance.

At any rate, all the details make it clear that the US is committing social media propaganda not just against jihad groups, but also against its own citizens, against Russia, and against the world, in general.

And if there was still any doubt about this (though I think there shouldn't be), then look at the US' own description of its goals in conducting social media propaganda:

https://www.theguardian.com/technology/2011/mar/17/us-spy-operation-social-networks

"using fake online personas to influence internet conversations and spread pro-American propaganda."

Pro-USA propaganda is not countering-jihad propaganda. Those are completely different subjects, and the stated goal of the social media propaganda program that the US government detailed on a US government jobs site in 2010 was to bias internet conversation by spreading pro-USA propaganda. I imagine that a lot of that work is done in Western news sites, and on Facebook targeting English audiences. Maybe some of that work involves targeting Russian audiences, too. It probably does.

Countering jihadist propaganda is only one facet of the US' comprehensive social media propaganda programs.

The Washington Post also explains some Russia-targeting propaganda efforts by the US government:

https://www.washingtonpost.com/business/economy/effort-to-combat-foreign-propaganda-advances-in-congress/2016/11/30/9147e1ac-e221-47be-ab92-9f2f7e69d452_story.html

"The initiative grows out of a bill authored in March by Portman and Sen. Chris Murphy (D-Conn.) called the "Countering Foreign Propaganda and Disinformation Act." It initially sprang from a desire to help independent journalists and nongovernmental organizations in European nations such as Ukraine, Moldova and Serbia, which face a heavy tide of Russian propaganda."

Once again, calling setting up a propaganda program a propaganda-countering program is white-washing what it is. Propaganda is propaganda. And the US had Russia-targeting propaganda long before this 2016 initiative, and that initiative is just one more Russia-targeting propaganda endeavour of the US.

"Hmm, strange ad hominem. I never insulted you, so I don't understand."

Is it necessarily ad hominem? My point is that I think it's fact that people playing the apologist for US social media propaganda, or insisting that a geopolitical rival of the US is conducting this type of propaganda, could be a US paid propaganda troll. I think that the US pays propaganda trolls to do. That's how the same messaging that many like yourself constantly push sounds when the roles are reversed -- and if the public were more informed, they'd know the roles actually are reversed since before any of the Russophobic hysteria was even gestating.

David on January 11, 2018 , · at 8:16 pm UTC
Hi again, Matt,

A new article from today shows that the US' Pentagon is seeking social media bot AI to monitor and post US propaganda in social media discussions.

https://www.rt.com/usa/415609-us-army-ai-language-bot/

I believe I've shown in the information that I posted above that the US is running large-scale troll farms to spam pro-US propaganda in social media around the world. But a statement made in the RT article by former Mi-5 agent, Annie Machon, parallels my own thinking when I read the article's title:

" the timing to me is interesting, because for sure the West has been running these so-called troll farms against other countries as well for a long time, so are they just trying to expand their operations by developing this new software? Or are they trying to disingenuously suggest to people that actually they haven't done it before and only the Big Bad Russians, or the Big Bad Chinese, have run troll farms."

I think that the US government is trying to retro-actively legitimatize their social media bots and paid propaganda trolls, but that this stuff that the US government is now publicly broadcasting has been happening for a very long time.

And there is evidence of it in the 2011 Guardian article, which details US social media propaganda software from 2010:

https://www.theguardian.com/technology/2011/mar/17/us-spy-operation-social-networks

" the software could allow US service personnel, working around the clock in one location, to respond to emerging online conversations with any number of co-ordinated messages, blogposts, chatroom posts and other interventions. Details of the contract suggest this location would be MacDill air force base near Tampa, Florida, home of US Special Operations Command."

So, the US government's troll farms have been, for many years, attacking social media with specialized software enabling them to facilitate tag-teaming comments sections, to make it appear as though multiple people agree with the pro-US propaganda, when in-fact it could be just 5 puppet account belonging to one paid US propaganda troll, or, it could be multiple paid US propaganda trolls, using their special software to tag-team one comments section.

We do know that the US is targeting US media with its troll farm program, as the US government did specifically change US laws in 2011 to make propagandizing against US citizens legal. And I strongly suspect that I have personally encountered US paid propaganda trolls multiple times when posting at US news sites.

I suspect that Ars Technica is one particular target that paid US propaganda trolls have been targeting and staking out over the past few years. There has been definite tag-teaming of BS US propaganda there whenever there's an attack article about Russia -- and Ars has run many, many fanatical, hysterical, and conspiracy attack pieces against Russia in the previous few years (most relying on now heavily-debunked information, and wild hypothesis, while pushing it as though fact).

Other details of the US' social media troll farm program reveal that the US goes to great lengths to disguise its paid trolls, and to provide "powerful deniability".

"It also calls for "traffic mixing", blending the persona controllers' internet usage with the usage of people outside Centcom in a manner that must offer "excellent cover and powerful deniability"."

" US-based controllers should be able to operate false identities from their workstations "without fear of being discovered by sophisticated adversaries"."

So, paid US propaganda trolls are not going to admit to what they're doing, and they're rather going to point to their identity as having robust background "evidence" that they're normal people, that they're IP is located somewhere else, that there are multiple people saying the same thing as they are when it's just one, or a few paid US propaganda trolls tag-teaming a comments section, using multiple puppet accounts each, and with VPNs to make their puppet accounts appear as though they're posting from various different places in the US, and around the world.

I would also like to bring attention to this part of the 2011 The Guardian article:

"Centcom said it was not targeting any US-based web sites, in English or any other language, and specifically said it was not targeting Facebook or Twitter."

That article was made regarding information on the US' social media propaganda program as it was in 2010.

But the US government changed its law to make using the same propaganda against US citizens legal, in 2011 -- 2012: http://www.businessinsider.com/ndaa-legalizes-propaganda-2012-5

So, if the US troll farm programs weren't targeting US citizens at the time those initial details were uncovered, it was only because it was, at the time, illegal for the US government to target the citizens of the US with propaganda. But that was changed around 2012, and so comments that the US government is not targeting US citizens no longer apply, as they're out-dated.

[Feb 16, 2018] Moscow charges ex-FSB Kaspersky staff with treason 'in interests of US' lawyer

Notable quotes:
"... "treason in favor of the US," ..."
"... "There is no mention of the CIA at all. [The entity] in question is the US, not the CIA," ..."
"... 'Shaltai Boltai' ..."
"... "no personnel changes" ..."
Feb 01, 2017 | www.rt.com

Two senior FSB officers and a high-level manager of Russia's leading cybersecurity firm Kaspersky Lab are facing official charges of treason in the interests of the US, a lawyer representing one of the defendants has confirmed to Interfax. Ruslan Stoyanov, head of Kaspersky Lab's computer incidents investigations unit, Sergey Mikhailov, a senior Russian FSB officer, and his deputy Dmitry Dokuchayev are accused of "treason in favor of the US," lawyer Ivan Pavlov said on Wednesday, as cited by Interfax. Read more © Michael Weber / Global Look Press 70mn cyberattacks, mostly foreign, targeted Russia's critical infrastructure in 2016 – FSB

Pavlov chose not to disclose which of the defendants he represents, adding, however, that his client denies all charges.

The charges against the defendants do not imply they were cooperating with the CIA, Pavlov added. "There is no mention of the CIA at all. [The entity] in question is the US, not the CIA," he stressed, according to TASS.

The lawyer maintained the court files included no mention of Vladimir Anikeev, an alleged leader of 'Shaltai Boltai', a hacking group that previously leaked emails from top Russian officials, including Prime Minister Dmitry Medvedev.

The hacking group's name was in the news earlier in January, when Russian media reports linked Mikhailov and Dokuchayev to 'Shaltai Boltai' . In an unsourced article last Wednesday, Rosbalt newspaper claimed Mikhailov's unit was ordered in 2016 to work with the group.

Kremlin spokesman Dmitry Peskov told RIA Novosti on Wednesday the treason charges do not relate to the US suspicions of Russia being behind the alleged cyberattacks on the 2016 presidential elections. He added that President Vladimir Putin is receiving regular updates on the current investigation.

Russian media reports said Mikhailov was arrested during a conference of top FSB leadership. He was reportedly escorted out of the room with a bag placed over his head. His deputy, Dokuchayev, is said to be a well-known hacker who allegedly began cooperating with the FSB several years ago. Kaspersky Lab manager Stoyanov was also placed under arrest several weeks ago.

Stoyanov is still employed by Kaspersky Lab, the company told RIA Novosti later on Wednesday, adding there were "no personnel changes" at this point.

Treason charges mean that the defendants could be handed a sentence of up to 20 years in prison. The treason charges also mean any trial will not be public due to its sensitive nature.

[Dec 28, 2017] How CrowdStrike placed malware in DNC hacked servers by Alex Christoforou

Highly recommended!
If this is true, then this is definitely a sophisticated false flag operation. Was malware Alperovich people injected specifically designed to implicate Russians? In other words Crowdstrike=Fancy Bear
Images removed. For full content please thee the original source
One interesting corollary of this analysis is that installing Crowdstrike software is like inviting a wolf to guard your chicken. If they are so dishonest you take enormous risks. That might be true for some other heavily advertized "intrusion prevention" toolkits. So those criminals who use mistyped popular addresses or buy Google searches to drive lemmings to their site and then flash the screen that they detected a virus on your computer a, please call provided number and for a small amount of money your virus will be removed get a new more sinister life.
I suspected many of such firms (for example ISS which was bought by IBM in 2006) to be scams long ago.
Notable quotes:
"... They found that generally, in a lot of cases, malware developers didn't care to hide the compile times and that while implausible timestamps are used, it's rare that these use dates in the future. It's possible, but unlikely that one sample would have a postdated timestamp to coincide with their visit by mere chance but seems extremely unlikely to happen with two or more samples. Considering the dates of CrowdStrike's activities at the DNC coincide with the compile dates of two out of the three pieces of malware discovered and attributed to APT-28 (the other compiled approximately 2 weeks prior to their visit), the big question is: Did CrowdStrike plant some (or all) of the APT-28 malware? ..."
"... The IP address, according to those articles, was disabled in June 2015, eleven months before the DNC emails were acquired – meaning those IP addresses, in reality, had no involvement in the alleged hacking of the DNC. ..."
"... The fact that two out of three of the Fancy Bear malware samples identified were compiled on dates within the apparent five day period CrowdStrike were apparently at the DNC seems incredibly unlikely to have occurred by mere chance. ..."
"... That all three malware samples were compiled within ten days either side of their visit – makes it clear just how questionable the Fancy Bear malware discoveries were. ..."
Dec 28, 2017 | theduran.com

Of course the DNC did not want to the FBI to investigate its "hacked servers". The plan was well underway to excuse Hillary's pathetic election defeat to Trump, and CrowdStrike would help out by planting evidence to pin on those evil "Russian hackers." Some would call this entire DNC server hack an "insurance policy."

... ... ...

[Oct 09, 2017] Masquerading Hackers Are Forcing a Rethink of How Attacks Are Traced

Oct 09, 2017 | theintercept.com

The growing propensity of government hackers to reuse code and computers from rival nations is undermining the integrity of hacking investigations and calling into question how online attacks are attributed, according to researchers from Kaspersky Lab.

In a paper set for release today at the Virus Bulletin digital security conference in Madrid , the researchers highlight cases in which they've seen hackers acting on behalf of nation-states stealing tools and hijacking infrastructure previously used by hackers of other nation-states. Investigators need to watch out for signs of this or risk tracing attacks to the wrong perpetrators, the researchers said.

Threat researchers have built an industry on identifying and profiling hacking groups in order to understand their methods, anticipate future moves, and develop methods for battling them. They often attribute attacks by "clustering" malicious files, IP addresses, and servers that get reused across hacking operations, knowing that threat actors use the same code and infrastructure repeatedly to save time and effort. So when researchers see the same encryption algorithms and digital certificates reused in various attacks, for example, they tend to assume the attacks were perpetrated by the same group. But that's not necessarily the case.

... ... ...

Intelligence agencies and military hackers are uniquely positioned to trick researchers through code and tool reuse because of something they do called fourth-party collection. Fourth-party collection can encompass a number of activities, including hacking the machine of a victim that other hackers have already breached and collecting intelligence about the hackers on that machine by stealing their tools. It can also involve hacking the servers the hackers use to launch their assaults. These machines sometimes store the arsenal of malicious tools and even source code that the attackers use for their attacks. Once the other group's tools and source code are stolen, it's easy to go a step further and reuse them.

"Agency A could steal another agency's source code and leverage it as their own. Clustering and attribution in this case begin to fray," wrote Juan Andrés Guerrero-Saade, principal security researcher with Kaspersky, and his colleague, Costin Raiu, who leads Kaspersky's global research and analysis team.

"[O]ur point in the paper was: This is what it would look like [if someone were to do a false-flag operation] and these are the cases where we've seen people trying and failing," said Guerrero-Saade.

The recent WannaCry ransomware outbreak is an obvious example of malware theft and reuse. Last year, a mysterious group known as the Shadow Brokers stole a cache of hacking tools that belonged to the National Security Agency and posted them online months later. One of the tools -- a so-called zero-day exploit, targeting a previously unknown vulnerability -- was repurposed by the hackers behind WannaCry to spread their attack. In this case, it was easy to make a connection between the theft of the NSA code and its reuse with WannaCry, because the original theft was well-publicized. But other cases of theft and reuse won't likely be so obvious, leaving researchers in the dark about who is really conducting an attack.

"[I]f a superpower were to break fully into, let's say, the DarkHotel group tomorrow and steal all of their code and have access to all of their [command-and-control infrastructure], we're not going to find out about that monumental event," Guerrero-Saade told The Intercept, referring to a hacker group that has conducted a series of sophisticated attacks against guests in luxury hotels . "At that point, they're in a position to mimic those operations to a T without anyone knowing."

[Jul 04, 2017] Foisting Blame for Cyber-Hacking on Russia by Gareth Porter

Notable quotes:
"... Recent hearings by the Senate and House Intelligence Committees reflected the rising tide of Russian-election-hacking hysteria and contributed further to it. Both Democrats and Republicans on the two committees appeared to share the alarmist assumptions about Russian hacking, and the officials who testified did nothing to discourage the politicians. ..."
"... The Department of Homeland Security (DHS) has a record of spreading false stories about alleged Russian hacking into US infrastructure , such as the tale of a Russian intrusion into the Burlington, Vermont electrical utility in December 2016 that DHS later admitted was untrue. There was another bogus DHS story about Russia hacking into a Springfield, Illinois water pump in November 2011. ..."
"... So, there's a pattern here. Plus, investigators, assessing the notion that Russia hacked into state electoral databases, rejected that suspicion as false months ago. Last September, Assistant Secretary of DHS for Cybersecurity Andy Ozment and state officials explained that the intrusions were not carried out by Russian intelligence but by criminal hackers seeking personal information to sell on the Internet. ..."
"... Illinois is the one state where hackers succeeded in breaking into a voter registration database last summer. The crucial fact about the Illinois hacking, however, was that the hackers extracted personal information on roughly 90,000 registered voters, and that none of the information was expunged or altered. ..."
"... "Any time you more carefully monitor a system you're going to see more bad guys poking and prodding at it," he observed, " because they're always poking and prodding." [Emphasis added] ..."
"... Reagan further revealed that she had learned from the FBI that hackers had gotten a user name and password for their electoral database, and that it was being sold on the "dark web" – an encrypted network used by cyber criminals to buy and sell their wares. In fact, she said, the FBI told her that the probe of Arizona's database was the work of a "known hacker" who had been closely monitored "frequently." ..."
"... The sequence of events indicates that the main person behind the narrative of Russian hacking state election databases from the beginning was former FBI Director James Comey. In testimony to the House Judiciary Committee on Sept. 28, Comey suggested that the Russian government was behind efforts to penetrate voter databases, but never said so directly. ..."
"... The media then suddenly found unnamed sources ready to accuse Russia of hacking election data even while admitting that they lacked evidence. The day after Comey's testimony ABC headlined , "Russia Hacking Targeted Nearly Half of States' Voter Registration Systems, Successfully Infiltrating 4." The story itself revealed, however, that it was merely a suspicion held by "knowledgeable" sources. ..."
"... But that claim of a "likely" link between the hackers and Russia was not only speculative but highly suspect. The authors of the DHS-ODNI report claimed the link was "supported by technical indicators from the US intelligence community, DHS, FBI, the private sector and other entities." They cited a list of hundreds of I.P. addresses and other such "indicators" used by hackers they called "Grizzly Steppe" who were supposedly linked to Russian intelligence. ..."
"... But the highly classified NSA report made no reference to any evidence supporting such an attribution. The absence of any hint of signals intelligence supporting its conclusion makes it clear that the NSA report was based on nothing more than the same kind of inconclusive "indicators" that had been used to establish the original narrative of Russians hacking electoral databases. ..."
"... Russian intelligence certainly has an interest in acquiring intelligence related to the likely outcome of American elections, but it would make no sense for Russia's spies to acquire personal voting information about 90,000 registered voters in Illinois. ..."
Jul 04, 2017 | original.antiwar.com
Cyber-criminal efforts to hack into U.S. government databases are epidemic, but this ugly reality is now being exploited to foist blame on Russia and fuel the New Cold War hysteria

Recent hearings by the Senate and House Intelligence Committees reflected the rising tide of Russian-election-hacking hysteria and contributed further to it. Both Democrats and Republicans on the two committees appeared to share the alarmist assumptions about Russian hacking, and the officials who testified did nothing to discourage the politicians.

On June 21, Samuel Liles, acting director of the Intelligence and Analysis Office's Cyber Division at the Department of Homeland Security, and Jeanette Manfra, acting deputy under secretary for cyber-security and communications, provided the main story line for the day in testimony before the Senate committee - that efforts to hack into election databases had been found in 21 states.

Former DHS Secretary Jeh Johnson and FBI counterintelligence chief Bill Priestap also endorsed the narrative of Russian government responsibility for the intrusions on voter registration databases.

But none of those who testified offered any evidence to support this suspicion nor were they pushed to do so. And beneath the seemingly unanimous embrace of that narrative lies a very different story.

The Department of Homeland Security (DHS) has a record of spreading false stories about alleged Russian hacking into US infrastructure , such as the tale of a Russian intrusion into the Burlington, Vermont electrical utility in December 2016 that DHS later admitted was untrue. There was another bogus DHS story about Russia hacking into a Springfield, Illinois water pump in November 2011.

So, there's a pattern here. Plus, investigators, assessing the notion that Russia hacked into state electoral databases, rejected that suspicion as false months ago. Last September, Assistant Secretary of DHS for Cybersecurity Andy Ozment and state officials explained that the intrusions were not carried out by Russian intelligence but by criminal hackers seeking personal information to sell on the Internet.

Both Ozment and state officials responsible for the state databases revealed that those databases have been the object of attempted intrusions for years. The FBI provided information to at least one state official indicating that the culprits in the hacking of the state's voter registration database were cyber-criminals.

Illinois is the one state where hackers succeeded in breaking into a voter registration database last summer. The crucial fact about the Illinois hacking, however, was that the hackers extracted personal information on roughly 90,000 registered voters, and that none of the information was expunged or altered.

The Actions of Cybercriminals

That was an obvious clue to the motive behind the hack. Assistant DHS Secretary Ozment testified before the House Subcommittee on Information Technology on Sept. 28 ( at 01:02.30 of the video ) that the apparent interest of the hackers in copying the data suggested that the hacking was "possibly for the purpose of selling personal information."

Ozment 's testimony provides the only credible motive for the large number of states found to have experienced what the intelligence community has called "scanning and probing" of computers to gain access to their electoral databases: the personal information involved – even e-mail addresses – is commercially valuable to the cybercriminal underworld.

That same testimony also explains why so many more states reported evidence of attempts to hack their electoral databases last summer and fall. After hackers had gone after the Illinois and Arizona databases, Ozment said, DHS had provided assistance to many states in detecting attempts to hack their voter registration and other databases.

"Any time you more carefully monitor a system you're going to see more bad guys poking and prodding at it," he observed, " because they're always poking and prodding." [Emphasis added]

State election officials have confirmed Ozment's observation. Ken Menzel, the general counsel for the Illinois Secretary of State, told this writer, "What's new about what happened last year is not that someone tried to get into our system but that they finally succeeded in getting in." Menzel said hackers "have been trying constantly to get into it since 2006."

And it's not just state voter registration databases that cybercriminals are after, according to Menzel. "Every governmental data base – driver's licenses, health care, you name it – has people trying to get into it," he said.

Arizona Secretary of State Michele Reagan told Mother Jones that her I.T. specialists had detected 193,000 distinct attempts to get into the state's website in September 2016 alone and 11,000 appeared to be trying to "do harm."

Reagan further revealed that she had learned from the FBI that hackers had gotten a user name and password for their electoral database, and that it was being sold on the "dark web" – an encrypted network used by cyber criminals to buy and sell their wares. In fact, she said, the FBI told her that the probe of Arizona's database was the work of a "known hacker" who had been closely monitored "frequently."

James Comey's Role

The sequence of events indicates that the main person behind the narrative of Russian hacking state election databases from the beginning was former FBI Director James Comey. In testimony to the House Judiciary Committee on Sept. 28, Comey suggested that the Russian government was behind efforts to penetrate voter databases, but never said so directly.

Comey told the committee that FBI Counterintelligence was working to "understand just what mischief Russia is up to with regard to our elections." Then he referred to "a variety of scanning activities" and "attempted intrusions" into election-related computers "beyond what we knew about in July and August," encouraging the inference that it had been done by Russian agents.

The media then suddenly found unnamed sources ready to accuse Russia of hacking election data even while admitting that they lacked evidence. The day after Comey's testimony ABC headlined , "Russia Hacking Targeted Nearly Half of States' Voter Registration Systems, Successfully Infiltrating 4." The story itself revealed, however, that it was merely a suspicion held by "knowledgeable" sources.

Similarly, NBC News headline announced, "Russians Hacked Two US Voter Databases, Officials Say." But those who actually read the story closely learned that in fact none of the unnamed sources it cited were actually attributing the hacking to the Russians.

It didn't take long for Democrats to turn the Comey teaser - and these anonymously sourced stories with misleading headlines about Russian database hacking - into an established fact. A few days later, the ranking Democrat on the House Intelligence Committee, Rep. Adam Schiff declared that there was "no doubt" Russia was behind the hacks on state electoral databases.

On Oct. 7, DHS and the Office of the Director of National Intelligence issued a joint statement that they were "not in a position to attribute this activity to the Russian government." But only a few weeks later, DHS participated with FBI in issuing a "Joint Analysis Report" on "Russian malicious cyber activity" that did not refer directly to scanning and spearphishing aimed of state electoral databases but attributed all hacks related to the election to "actors likely associated with RIS [Russian Intelligence Services]."

Suspect Claims

But that claim of a "likely" link between the hackers and Russia was not only speculative but highly suspect. The authors of the DHS-ODNI report claimed the link was "supported by technical indicators from the US intelligence community, DHS, FBI, the private sector and other entities." They cited a list of hundreds of I.P. addresses and other such "indicators" used by hackers they called "Grizzly Steppe" who were supposedly linked to Russian intelligence.

But as I reported last January, the staff of Dragos Security, whose CEO Rob Lee, had been the architect of a US government system for defense against cyber attack, pointed out that the vast majority of those indicators would certainly have produced "false positives."

Then, on Jan. 6 came the "intelligence community assessment" – produced by selected analysts from CIA, FBI and National Security Agency and devoted almost entirely to the hacking of e-mail of the Democratic National Committee and Hillary Clinton's campaign chairman John Podesta. But it included a statement that "Russian intelligence obtained and maintained access to elements of multiple state or local election boards." Still, no evidence was evinced on this alleged link between the hackers and Russian intelligence.

Over the following months, the narrative of hacked voter registration databases receded into the background as the drumbeat of media accounts about contacts between figures associated with the Trump campaign and Russians built to a crescendo, albeit without any actual evidence of collusion regarding the e-mail disclosures.

But a June 5 story brought the voter-data story back into the headlines. The story, published by The Intercept, accepted at face value an NSA report dated May 5, 2017 , that asserted Russia's military intelligence agency, the GRU, had carried out a spear-phishing attack on a US company providing election-related software and had sent e-mails with a malware-carrying word document to 122 addresses believed to be local government organizations.

But the highly classified NSA report made no reference to any evidence supporting such an attribution. The absence of any hint of signals intelligence supporting its conclusion makes it clear that the NSA report was based on nothing more than the same kind of inconclusive "indicators" that had been used to establish the original narrative of Russians hacking electoral databases.

A Checkered History

So, the history of the US government's claim that Russian intelligence hacked into election databases reveals it to be a clear case of politically motivated analysis by the DHS and the Intelligence Community. Not only was the claim based on nothing more than inherently inconclusive technical indicators but no credible motive for Russian intelligence wanting personal information on registered voters was ever suggested.

Russian intelligence certainly has an interest in acquiring intelligence related to the likely outcome of American elections, but it would make no sense for Russia's spies to acquire personal voting information about 90,000 registered voters in Illinois.

When FBI Counterintelligence chief Priestap was asked at the June 21 hearing how Moscow might use such personal data, his tortured effort at an explanation clearly indicated that he was totally unprepared to answer the question.

"They took the data to understand what it consisted of," said Priestap, "so they can affect better understanding and plan accordingly in regards to possibly impacting future election by knowing what is there and studying it."

In contrast to that befuddled non-explanation, there is highly credible evidence that the FBI was well aware that the actual hackers in the cases of both Illinois and Arizona were motivated by the hope of personal gain.

Gareth Porter, an investigative historian and journalist specializing in US national security policy, received the UK-based Gellhorn Prize for journalism for 2011 for articles on the U.S. war in Afghanistan. His new book is Manufactured Crisis: the Untold Story of the Iran Nuclear Scare . He can be contacted at porter.gareth50@gmail.com . Reprinted from Consortium News with the author's permission.

Read more by Gareth Porter Why Afghanistan? Fighting a War for the War System Itself – June 13th, 2017 The Kissinger Backchannel to Moscow – June 4th, 2017 Will Trump Agree to the Pentagon's Permanent War in Iraq, Afghanistan and Syria? – May 14th, 2017 US 'Deep State' Sold Out Counter-Terrorism To Keep Itself in Business – April 23rd, 2017 New Revelations Belie Trump Claims on Syria Chemical Attack – April 14th, 2017

View all posts by Gareth Porter

[Jun 24, 2017] Obama Ordered Cyberweapons Implanted Into Russias Infrastructure by Jason Ditz

Jun 23, 2017 | news.antiwar.com

Former Official: Implants Designed to 'Cause Them Pain and Discomfort'

A new report from the Washington Post today quoted a series of Obama Administration officials reiterating their official narrative on Russia's accused hacking of the 2016 election. While most of the article is simply rehashes and calls for sanctions, they also revealed a secret order by President Obama in the course of "retaliation" for the alleged hacking.

This previously secret order involved having US intelligence design and implant a series of cyberweapons into Russia's infrastructure systems, with officials saying they are meant to be activated remotely to hit the most important networks in Russia and are designed to " cause them pain and discomfort ."

The US has, of course, repeatedly threatened "retaliatory" cyberattacks against Russia, and promised to knock out broad parts of their economy in doing so. These appear to be the first specific plans to have actually infiltrate Russian networks and plant such weapons to do so.

Despite the long-standing nature of the threats, by the end of Obama's last term in office this was all still in the "planning" phases. It's not totally clear where this effort has gone from there, but officials say that the intelligence community, once given Obama's permission, did not need further approval from Trump to continue on with it, and he'd have actually had to issue a countermanding order, something they say he hasn't.

The details are actually pretty scant on how far along the effort is, but the goal is said to be for the US to have the ability to retaliate at a moment's notice the next time they have a cyberattack they intend to blame on Russia.

Unspoken in this lengthy report, which quotes unnamed former Obama Administration officials substantially, advocating the effort, is that in having reported that such a program exists, they've tipped off Russia about the threat.

This is, however, reflective of the priority of the former administration, which is to continuing hyping allegations that Russia got President Trump elected, a priority that's high enough to sacrifice what was supposed to be a highly secretive cyberattack operation.

[Jun 03, 2017] Putin hits on false flag operation to implicate Russians

Notable quotes:
"... "The most important this is that we don't do that on government level," he said. "Secondly, I can imagine that some purposefully does that, building the chain of these attacks in a way to make it seem that Russia is the source of these attacks. Modern technology allows to do that quite easily." ..."
"... On high level like in case of Iranian hacks only state actors can operate. But they are not needed with such suckers like completely incompetent and arrogant Hillary. Here anybody suffice and that can be "lesser states" hostile to Russia (such as Ukraine, or Estonia) or even the USA agencies themselves (false flag operation) ..."
"... The level of incompetence demonstrated by "bathroom server" saga is simply staggering, to say the least: State Department essentially is as close to a security agency as one could get: they took over some former CIA functions ("color revolutions" is one such function) and generally they work in close cooperation. And this close cooperation is typical not only for the USA. But here we have a server in comparison with which many colleges email server installations are paragons of security. ..."
Jun 02, 2017 |

http://www.cnn.com/2017/06/01/politics/russia-putin-hackers-election/index.html

It contain even more important quote about how Russia can be intentionally framed:

While he maintained Thursday that the Russian government wasn't behind the attacks, he said hackers anywhere could make their efforts appear like they came from the state.

"The most important this is that we don't do that on government level," he said. "Secondly, I can imagine that some purposefully does that, building the chain of these attacks in a way to make it seem that Russia is the source of these attacks. Modern technology allows to do that quite easily."

And there is some evidence in favor of his hypothesis

1. On high level like in case of Iranian hacks only state actors can operate. But they are not needed with such suckers like completely incompetent and arrogant Hillary. Here anybody suffice and that can be "lesser states" hostile to Russia (such as Ukraine, or Estonia) or even the USA agencies themselves (false flag operation)

The level of incompetence demonstrated by "bathroom server" saga is simply staggering, to say the least: State Department essentially is as close to a security agency as one could get: they took over some former CIA functions ("color revolutions" is one such function) and generally they work in close cooperation. And this close cooperation is typical not only for the USA. But here we have a server in comparison with which many colleges email server installations are paragons of security.

And her staff incompetence was also simply amazing. IMHO they all were criminally incompetent.

To hack such idiots for state actors is highly unusual -- they instantly suspect that this is a mousetrap, so called honeypot.

2. As for "gullible Podesta" he was such a joke that it hurts; this idiot (with very strange inclinations) did not even managed to buy a $15 USB security key that Google provides for two factor authentication.

https://arstechnica.com/security/2014/10/google-offers-usb-security-key-to-make-bad-passwords-moot/

Here too "state actor" would think that this is a trap. To give up password for nothing. For the "grey cardinal" of DNC ? You are kidding.

2. Doublethink demonstrated in this case suggest nefarious goals. Of course, Hillary bathroom server hacks are disputed. Both by Hillary and MSM :-). Who simultaneously are convinced about DNC hacks ;-).

This is really from 1984: "Doublethink is the act of simultaneously accepting two mutually contradictory beliefs as correct, often in distinct social contexts." (Wikipedia)

3. There is a more plausible version about DNC "hack", which is swiped under the rag. That it was actually a leak, not hack and it involves Seth Rich. Here it is even more probably that Russian are framed. Nobody in MSM wants to touch this theme. How one would explain such a lack interest to what is really sensational material? By the State Department talking points?

4. Also now we know that CIA can imitate attack of any state actor including Russia, China or North Korea. They have special tools for this. So if one puts such a name as "Felix Edmundovich Dzerzhinsky" ( https://en.wikipedia.org/wiki/Felix_Dzerzhinsky ) into malware this is clearly not a Russian. Can be Polish hacker. Can well be some guy from Langley with perverse sense of humor ;-). BTW Alperovitch, the head of the company CrowdStrike, to which investigation of DNC hack was mysteriously outsourced (see below) never asked himself this simple question.

5. Another interesting fact is that investigation of "DNC hack" was outsourced by FBI to a shady company run by Dmitry Alperovitch ( https://en.wikipedia.org/wiki/Dmitri_Alperovitch )

Can you imagine that ? We need to assume that FBI does not have specialists, so FBI decided to use a "headlines grabber" type of security company to perform this important for national security investigation:

https://www.linkedin.com/pulse/crowdstrike-needs-address-harm-causedukraine-jeffrey-carr

Cue bono from such a decision? That is the question :-)

IMHO this action alone raises serious questions both about Comey and the whole DNC hack story (I like the term "Fancy Bear" that Alperovitch used; this bear might reside well outside of Russia and in reality be a panda or even a skunk :-)

6. Hacking is a simply perfect ground for false flag operations. So in any objective investigation this hypothesis needs to be investigated. Nobody even tried to raise this question. Even once. Including honchos in Congress. Which for an independent observer increases probability that this might well be a false flag operation with a specific purpose.

All-in-all we have more questions then answers here. So jumping to conclusions and resulting witch hunt of the US media and the behavior of some US officials is really suspicious.

[Jun 03, 2017] Putin Hackers may be 'patriots' but not working for Russian government

Jun 03, 2017 | www.cnn.com
In comments to reporters at the St. Petersburg Economic Forum, Putin likened hackers to "artists," who could act on behalf of Russia if they felt its interests were being threatened. "(Artists) may act on behalf of their country, they wake up in good mood and paint things. Same with hackers, they woke up today, read something about the state-to-state relations. "If they are patriotic, they contribute in a way they think is right, to fight against those who say bad things about Russia," Putin said. Putin: We didn't hack US election Russia has repeatedly denied involvement in any attempts to influence November's US Presidential election. When asked directly whether Russia interfered in the election, Putin said in March: "Read my lips: No." He also described the allegations as "fictional, illusory, provocations and lies." Derek Chollet, senior adviser of the German Marshall Fund of the US, told CNN's Brian Todd that's not true. "The US intelligence community in January concluded with high confidence that Vladimir Putin ordered an influence campaign to try to shape the US election. And part of that influence campaign were hackers. This is Putin trying to obfuscate and blur what is the reality." US-Russia investigation

While he maintained Thursday that the Russian government wasn't behind the attacks, he said hackers anywhere could make their efforts appear like they came from the state. "The most important this is that we don't do that on government level," he said. "Secondly, I can imagine that some purposefully does that, building the chain of these attacks in a way to make it seem that Russia is the source of these attacks. Modern technology allows to do that quite easily." However, he said that even if hackers did intervene it's unlikely they could swing a foreign election. "No hacker can affect an electoral campaign in any country, be it Europe, Asia or America." "I'm certain that no hackers can influence an electoral campaign in another country. It's just not going to settle on the voter's mind, on the nation's mind," he added. CNN's Fareed Zakaria said Putin's remarks on the hacking mirror what Putin said when Russia seized Ukraine's Crimea region. "If you remember, when the invasion of Crimea and the destabilization of eastern Ukraine took place, Vladimir Putin said, 'I don't know who these people are ... it seems there are patriotically minded Ukrainians and Russians who want the Crimea to be part of Russia," Zakaria said.

[Jun 03, 2017] Putins remark looks like a valid observation about a very dangerous phenomena -- State actors can provoke non-state actors in cyberspace and vice versa, non-state actors can provoke state actors. As a result the spiral of confrontation can start unwinding uncontrollably.

Jun 03, 2017 | economistsview.typepad.com

EMichael -

, June 02, 2017 at 08:28 AM
"(Artists) may act on behalf of their country, they wake up in good mood and paint things. Same with hackers, they woke up today, read something about the state-to-state relations.
"If they are patriotic, they contribute in a way they think is right, to fight against those who say bad things about Russia," Putin said.
libezkova - , June 02, 2017 at 09:24 PM
This is a complex issues and some considerations below are gross simplifications and should be viewed as such. But the key question is: can "hacking wars" eventually lead to the nuclear war due to interplay between state and non-state actors?

As Paul Craig Roberts recently observed "The most important truth of our time is that the world lives on the knife-edge of the American military/security complex's need for an enemy in order to keep profits flowing."

So the main danger here is that cyber attacks which were made "to keep profits flowing" (including false flag operating; hacking a perfect field for false flag operations) can provoke a real war, which can escalate into nuclear exchange. Especially if one side thinks that it can intercept the missiles from the other.

So Putin's remark looks like a valid observation about a very dangerous phenomena -- State actors can provoke non-state actors in cyberspace and vice versa, non-state actors can provoke state actors. As a result the spiral of confrontation can start unwinding uncontrollably.

Hostile action like the current McCarthyism witch hunt against Russia provokes reaction, including unanticipated from non-state actors. Some now really inclined to hack the US servers.

Similarly US hackers now are more inclined to hack Russian servers.

Which provokes another reaction, but now from the state actors. As a result money are flowing into appropriate coffers, which was the key idea from the start.

[May 08, 2017] Another Leaks about emails, this time about Macron

Notable quotes:
"... to be fair though, those emails leaks seem totally dull. I browsed what I could, it's just generic staff chat, campaign bills to pay, bills to make, yadda yadda Whoever got the mail passwords few months ago must have waited for something juicy to land and since nothing really interesting came up, they're just posting the whole stock as is. Won't make the slightest difference on sunday. ..."
"... Exactly. I wouldnt be surprised if its Macron team itself that leaked this dull, uninportant stuff to show that "russians have interfered". ..."
"... Macron won 1st step with the intense fear campaign spammed on our heads during 6 months. I know plenty reasonable people who voted Macron while they hardly can stand his program, because they were told hundreds times he was the "best choice" to beat Le Pen. ..."
"... That's so absurd Macron got the most votes last sunday AND at the same time got the LOWEST "adhesion" (adherence ? not sure in english) rate of all 11 candidates, basically nearly half of "his" voters put the bulletin with his name for reasons that have nothing to do with him. ..."
"... Macron's dirty secrets according to The Duran: http://theduran.com/breaking-macron-emails-lead-to-allegations-of-drug-use-homosexual-adventurism-and-rothschild-money/ ..."
"... That all the evils in western society are the fault of the external bogeyman. Putin, ISIS Refugees, Asian footwear makers, whatever. ..."
"... Is that your services & politicians Would never pull a false leak or a controlled leak or a limited hangout. That they are angels that sit on their hands. ..."
"... These two underpin the absolute lunacy we have seen unfold before our eyes. An extraordinarily dangerous situation to be in which is getting worse fast. ..."
May 08, 2017 | www.moonofalabama.org
Jean | May 6, 2017 8:32:33 AM | 10
Another Leaks about emails, this time about Macron. The difference is that nobody is allowed to publish any part of it by the electoral commission (15,000 euros fine). No doubt there will be a huge crackdown on alt media once he gets elected.

France is an occupied country, much more than the US

http://theduran.com/breaking-macron-email-hacking-shows-that-free-speech-is-dead-in-france/

roflmaousse | May 6, 2017 8:43:48 AM | 12
to be fair though, those emails leaks seem totally dull. I browsed what I could, it's just generic staff chat, campaign bills to pay, bills to make, yadda yadda Whoever got the mail passwords few months ago must have waited for something juicy to land and since nothing really interesting came up, they're just posting the whole stock as is. Won't make the slightest difference on sunday.
Anon | May 6, 2017 8:52:27 AM | 13
roflmaousse

Exactly. I wouldnt be surprised if its Macron team itself that leaked this dull, uninportant stuff to show that "russians have interfered".

roflmaousse | May 6, 2017 9:04:11 AM | 14
@jen : what possibility ? none
Macron won 1st step with the intense fear campaign spammed on our heads during 6 months. I know plenty reasonable people who voted Macron while they hardly can stand his program, because they were told hundreds times he was the "best choice" to beat Le Pen. And that's it. They probably don't fully believe it, but the doubt was hammered deep in their mind, and they won't take the (imaginary) risk to appear the on "wrong" side of history and be shamed for years... And the same thing will obviously happen tomorrow.

That's so absurd Macron got the most votes last sunday AND at the same time got the LOWEST "adhesion" (adherence ? not sure in english) rate of all 11 candidates, basically nearly half of "his" voters put the bulletin with his name for reasons that have nothing to do with him.

Anon | May 6, 2017 4:10:36 PM | 46
Lol the french regime now warn people not to spread the leak... apparently that is a "criminal offense"!

https://tinyurl.com/m7a37ew

You cant make this stuff up! Censorship is here and accepted, scary.

Mina | May 6, 2017 6:55:59 PM | 57
Californian leak? Who cares, the msm have already blamed the ruskies all day
james | May 6, 2017 7:02:12 PM | 58
@46 anon.. that macron leak story has legs! i like what some guy on twitter said - "Amazing that the French government and media now stand as enemies of freedom of speech." who whudda thunk it? lol... remind anyone of any other countries?
Mina | May 6, 2017 7:06:12 PM | 59
So cute from the bbc that he doesnt want to reveal the contents of the leak although nothing obliges it to

http://www.bbc.com/news/world-europe-39830379

Anon | May 7, 2017 3:09:11 AM | 63
Indeed, Macron is basically married to his mother already in a way: Macron married to a 24 year older wife
https://www.thestar.com/life/2017/04/27/french-presidential-candidates-older-wife-only-scandalous-to-the-rest-of-the-world-timson.html
Shakesvshav | May 7, 2017 4:02:44 AM | 64
Macron's dirty secrets according to The Duran: http://theduran.com/breaking-macron-emails-lead-to-allegations-of-drug-use-homosexual-adventurism-and-rothschild-money/
Mina | May 7, 2017 4:16:59 AM | 65
Well well well... you know... its France... le pen's mother made nacked pictures for french playboy when she divorced the father... another one is on x... just pawns.
Mina | May 7, 2017 5:07:56 AM | 66
The MSM are going to be embarassed with the leaks. On one side they keep referring to the Ruskies and Trump, and on the other no one among the Western politicians has a B plan in case Trump continues to wreck havoc (and he will).

Next week, he goes to KSA before Israel and since the Saudi prince said it would be 'historical' we can bet KSA will announce the recognizance of Israel
Then step 2 will be to say Syria and Iran: you recognize or we turn you to Somalia.
And where will Junker, Hollande, Macron and co go then?

(as for Le Pen she's not a suggestion; she's been changing her views almost every week except on the fate she reserves to gypsies, latest she went to explain the Zionist lobby that she supports the colonies)
http://www.lexpress.fr/actualite/politique/fn/comment-marine-le-pen-cherche-a-seduire-la-communaute-juive_1777887.html
http://www.alterinfo.net/LE-PEN-DRAGUE-LES-ELECTEURS-JUIFS-JUSQU-EN-ISRAEL_a129982.html

Mina | May 7, 2017 5:29:38 AM | 67
even Wikileaks says the metadata is full of cyrillic. clumsiness or the will to point towards the usual culprits?
not sure if Hollande has really turned into a Machiavel but that sounds like him
b | May 7, 2017 1:07:26 PM | 93

Sài Gòn Séamus @SaiGonSeamus on the Macron "leaks":

None of it makes sense, yet everyone laps it up like mother's milk. This is the 1st of these leaks to have obvious forgeries in it.

The release date makes no sense, there appears to be nothing damaging in it, the speed at which the trusties found the Cyrillic metadata says they were looking for it / told where to look / not looking for damaging material.

The sheer scale of the breach from what must be the closely monitored mail server in political history.

None of it adds up if you look at it with an open mind. This is dangerous slavish behavior from infosec, the media and public. If you will swallow this hook, line & sinker then your parliaments need more fire extinguishers

Everything is based on two enormous falacies.

1. That all the evils in western society are the fault of the external bogeyman. Putin, ISIS Refugees, Asian footwear makers, whatever. That the Trumps, Le Pens, Farages are not a native virus.

2. Is that your services & politicians Would never pull a false leak or a controlled leak or a limited hangout. That they are angels that sit on their hands.

These two underpin the absolute lunacy we have seen unfold before our eyes. An extraordinarily dangerous situation to be in which is getting worse fast.

Mina | May 7, 2017 1:13:27 PM | 94
mediapart commenting the macronleaks: no ref to the contents or to wikileaks has having decided to host the files.
b | May 7, 2017 1:17:29 PM | 95
Did Macron Outsmart Campaign Hackers? - While it's still too early to tell, so far the big document dump by hackers of the Macron campaign has not been damaging.
"You can flood these [phishing] addresses with multiple passwords and log-ins, true ones, false ones, so the people behind them use up a lot of time trying to figure them out," Mounir Mahjoubi, the head of Macron's digital team, told The Daily Beast for its earlier article on this subject.

In the end, whoever made the dump may not have known what is real and what is false, which would explain in part the odd timing. After the disruptive revelations of the Democratic National Committee hacks in the United States, the public is conditioned to think that if there's a document dump like this, it has to be incriminating. By putting it out just before the news blackout, when Macron cannot respond in detail, the dump becomes both the medium and the message.
...

[Apr 21, 2017] Americas Cyberwar Hypocrisy

Apr 21, 2017 | www.foreignaffairs.com

Today's cyberbattles could almost make one nostalgic for the Cold War . The nuclear arms race created a sense of existential threat, but at least it was clear who had the weapons. In contrast, a cyberattack could be the work of almost anyone. After hackers broke into the U.S. Democratic National Committee's servers in 2016 and released e-mails embarrassing to the DNC's leadership, the Republican presidential candidate Donald Trump said the attacker could be China, Russia, or "somebody sitting on their bed that weighs 400 pounds."

U.S. intelligence officials have said that the attack did indeed come from Russia , which Trump later acknowledged . But Trump's comment underscored a larger problem with cyberwarfare: uncertainty. How does a government respond to an invisible attacker, especially without clear rules of engagement? How can officials convince other governments and the public that they have fingered the right suspects? How can a state prevent cyberattacks when without attribution, the logic of deterrence-if you hit me, I'll hit you back-no longer applies? Two recent books delve into these questions. Dark Territory , by Fred Kaplan, and The Hacked World Order , by Adam Segal, lay out the history of cybersecurity in the United States and explain the dangers that future digital conflicts might pose. Both authors also make clear that although Americans and U.S. institutions increasingly feel themselves to be in the cross hairs of hackers and other cybercriminals, the United States is itself a powerful aggressor in cyberspace.

In 2014 alone, the United States suffered more than 80,000 cybersecurity breaches.

In the future, the United States must use its cyberpower judiciously. Every conflict poses the risk that one party will make a mistake or overreact, causing things to veer out of control. When it comes to cyberwar, however, the stakes are particularly high for the United States, as the country's technological sophistication makes it uniquely vulnerable to attack.

Iranian President Mahmoud Ahmadinejad visits the Natanz nuclear enrichment facility, April 2008.

Iranian President Mahmoud Ahmadinejad visits the Natanz nuclear enrichment facility, April 2008.

CYBER-SUPERPOWER

The dramatic headlines surrounding Russia's alleged hacking of the DNC and attempts to spread misinformation online during the U.S. election may have reinforced the perception among Americans that the United States is primarily a victim of cyber-intrusions. It's not. In Dark Territory , Kaplan details the United States' long history of aggression in cyberspace. It's not easy to write an engaging book on cyberwar, and Kaplan, a national security columnist at Slate , has done an admirable job. He presents a clear account of the United States' evolution into a formidable cyberpower, guiding the reader through a thicket of technical details and government acronyms.

It turns out that the U.S. govern ment has been an aggressor for over a quarter century. Kaplan describes "counter command-control warfare"-attempts to disrupt an enemy's ability to control its forces-that goes back to the Gulf War in 1990–91. At a time when U.S. President George H. W. Bush had never used a computer, the National Security Agency (NSA) was employing a secret satellite to monitor the conversations of Iraqi President Saddam Hussein and his generals, which sometimes revealed the positions of Iraqi soldiers.

The United States flexed its digital muscles again in the late 1990s, when Serbs in Bosnia and Herzegovina were protesting the presence of NATO soldiers enforcing the 1995 Dayton peace agreement, which had ended the Bosnian war. U.S. officials learned that local newscasters were telling protesters when and where to gather and even instructing them to throw rocks at NATO soldiers. It turned out that 85 percent of Serbs got their television broadcasts from just five transmission towers. U.S. officials, working with the NATO-led stabilization force, or SFOR, installed devices on those five transmitters that allowed SFOR engineers to turn them on and off remotely. Whenever a newscaster began urging people to protest, the engineers shut off the transmitters.

American officials also enlisted the help of Hollywood producers, persuading them to supply programming to a U.S. -aligned Serbian station. During major anti-NATO protests, Serbians would turn on the television to find the channel playing episodes of Baywatch . Kaplan asserts, "Many Serbs, who might otherwise have hit the streets to make trouble , stayed in to watch young women cavorting in bikinis."

Around a decade later, the United States set up what Kaplan calls a "mini -NSA" in Iraq. Kaplan describes how NSA teams in the Middle East intercepted insurgents' e-mails and shut down many of their servers with malware. In other cases, they sent insurgents deceptive e-mails directing them to places where U.S. Special Forces would be waiting to kill them. "In 2007 alone, these sorts of operations . . . killed nearly four thousand Iraqi insurgents," Kaplan writes.

The United States will likely not win social media wars against countries such as China or Russia.

The United States' most ambitious cyberattack began in 2006, when it teamed up with Israel to sabotage the Iranian nuclear program. The collab oration, dubbed Operation Olympic Games, targeted Iran's Natanz reactor, which relied on remote computer controls . Malware designed by American pro grammers took over the reactor's valve pumps, allowing NSA operatives to remotely increase the flow of uranium gas into the centrifuges, which eventually burst. By early 2010, the operation had destroyed almost a quarter of Iran's 8,700 centrifuges.

For years, the Iranians failed to detect the intrusion and must have wondered if the malfunctions were their own fault. In that sense, Kaplan writes, "Operation Olympic Games was a classic campaign of information warfare : the target wasn't just the Iranians' nuclear program but also the Iranians' confidence-in their sensors, their equipment, and themselves." The Iranians and the wider public might never have learned about the virus, now widely known as Stuxnet, if it had not accidentally spread from the computers in Natanz to machines in other parts of the world, where private-sector security researchers ultimately discovered it.

With Olympic Games, the United States "crossed the Rubicon," in the words of the former CIA director Michael Hayden. Stuxnet was the first major piece of malware to do more than harm other computers and actually cause physical destruction. The irony was rich, as Kaplan notes: "For more than a decade, dozens of panels and commissions had warned that America's critical infrastructure was vulnerable to a cyber attack-and now America was launching the first cyber attack on another nation's critical infrastructure."

Of course, cyberattackers have often targeted the United States. In 2014 alone, Kaplan reports, the country suffered more than 80,000 cybersecurity breaches, more than 2,000 of which led to data losses. He also points out that until recently, U.S. policymakers worried less about Russia than China, which was "engaging not just in espionage and battlefield preparation, but also in the theft of trade secrets, intellectual property, and cash."

China and Russia are not the only players. Iran and North Korea have also attacked the United States. In 2014, the businessman Sheldon Adelson criticized Iran, which responded by hacking into the servers of Adelson's Las Vegas Sands Corporation, doing $40 million worth of damage. That same year, hackers calling themselves the Guardians of Peace broke into Sony's network. They destroyed thousands of computers and hundreds of servers, exposed tens of thousands of Social Security numbers, and released embarrassing personal e-mails pilfered from the accounts of Sony executives. U.S. government officials blamed the North Korean government for the attack . Sony Pictures was about to release The Interview , a silly comedy about a plot to assassinate the North Korean ruler Kim Jong Un. As opening day neared, the hackers threatened theaters with retaliation if they screened the movie. When Sony canceled the release, the threats stopped.

EVERYBODY HACKS

The Hacked World Order covers some of the same ground as Dark Territory , although with a slightly wider lens. In addition to discussing cyberattacks and surveillance, Segal, a fellow at the Council on Foreign Relations, details how the United States and other countries use social media for political ends. Russia, for example, tries to shape online discourse by spreading false news and deploying trolls to post offensive or distracting comments. The Russian government has reportedly hired English speakers to praise President Vladimir Putin on the websites of foreign news outlets. The goal is not necessarily to endear Americans to Putin, Segal explains . Rather, it sows confusion online to "make reasonable, rational conversation impossible." Chinese Internet commenters also try to muddy the waters of online discussion. Segal claims that the Chinese government pays an estimated 250,000–300,000 people to support the official Communist Party agenda online.

The public understands cyberthreats far less well than it does the threat of nuclear weapons.

Segal suggests that the United States will likely not win social media wars against countries such as China or Russia . U.S. State Department officials identify themselves on Facebook and Twitter, react slowly to news, and offer factual, rule-based commentary. Unfortunately, as Segal notes, "content that is shocking , conspiratorial, or false often crowds out the reasonable, rational, and measured."

Social media battles also play out in the Middle East. In 2012, the Israel Defense Forces and Hamas fought a war for public opinion using Facebook, Twitter, Google, Pinterest, and Tumblr at the same time as the two were exchanging physical fire. The Islamic State (also known as ISIS) has launched digital campaigns that incorporate, in Segal's words, "brutality and barbarism, packaged with sophisticated production techniques ." The United States has tried to fight back by sharing negative stories about ISIS and, in 2014, even created a video, using footage released by the group , that featured severed heads and cruci fixions. The video went viral, but analysts inside and outside the U.S. government criticized it for embracing extremist tactics similar to ISIS' own. Moreover, as Segal notes, it seems to have failed to deter ISIS' supporters.

Part of what makes the cyber-era so challenging for governments is that conflict isn't limited to states. Many actors, including individuals and small groups, can carry out attacks. In 2011, for example, the hacker collective Anon ymous took down Sony's PlayStation Network, costing the company $171 million in repairs. Individuals can also disrupt traditional diplomacy, as when WikiLeaks released thousands of State Department cables in 2010, revealing U.S. diplomats' candid and sometimes embarrassing assessments of their foreign counterparts.

Segal is at his best in his discussion of China's cyberstrategy, on which he has considerable expertise. Americans tend to see themselves as a target of Chinese hackers-and indeed they are. The problem is that China also sees itself as a victim and the United States as hypocritical. In June 2013, U.S. President Barack Obama warned Chinese President Xi Jinping that Chinese hacking could damage the U.S.-Chinese relationship. Later that month, journalists published documents provided by Edward Snowden, an NSA contractor, showing that the NSA had hacked Chinese universities and telecommunications companies. It didn't take long for Chinese state media to brand the United States as "the real hacking empire."

The U.S.-Chinese relationship also suffers from a more fundamental disagreement. U.S. policymakers seem to believe that it's acceptable to spy for political and military purposes but that China's theft of intellectual property crosses a line. The United States might spy on companies and trade negotiators all over the world, but it does so to protect its national interests, not to benefit specific U.S. companies. The Chinese don't see this distinction. As Segal explains:

Many states, especially those like China that have developed a form of state capitalism at home, do not see a difference between public and private actors. Chinese firms are part of an effort to modernize the country and build comprehensive power, no matter whether they are private or state owned. Stealing for their benefit is for the benefit of the nation.

The intense secrecy surrounding cyberwarfare makes deciding what kinds of hacking are acceptable and what behavior crosses the line even harder. The Snowden revelations may have alerted Americans to the extent of U.S. government surveillance, but the public still remains largely in the dark about digital conflict. Yet Americans have a lot at stake. The United States may be the world's strongest cyberpower, but it is also the most vulnerable. Segal writes:

The United States is . . . more exposed than any other country. Smart cities, the Internet of Things, and self-driving cars may open up vast new economic opportunities as well as new targets for destructive attacks. Cyberattacks could disrupt and degrade the American way of war, heavily dependent as it is on sensors, computers, command and control, and information dominance.

Putin and Defence Minister Sergei Ivanov visit the new GRU military intelligence headquarters building in Moscow, November 2006.

Putin and Defence Minister Sergei Ivanov visit the new GRU military intelligence headquarters building in Moscow, November 2006.

FOREWARNED IS FOREARMED

Neither Kaplan nor Segal offers easy solutions to these challenges. Kaplan argues that the cyber-era is much murkier than the era of the Cold War. Officials find it difficult to trace attack ers quickly and reliably, increasing the chances that the targeted country will make an error. The U.S. government and U.S. firms face cyberattacks every day, and there is no clear line between those that are merely a nuisance and those that pose a serious threat. The public also understands cyberthreats far less well than it does the threat of nuclear weapons. Much of the informa tion is classified, inhibiting public discus sion, Kaplan notes. He concludes that "we are all wandering in dark territory."

The public understands cyberthreats far less well than it does the threat of nuclear weapons.

Segal's conclusions are somewhat more prescriptive. The United States must support research and technological innovation, for example, and not just by providing more federal funding. Segal recommends that the United States replace its federal research plan with a public-private partnership to bring in academic and commercial expertise. Government and private companies need to share more information, and companies need to talk more openly with one another about digital threats. The United States should also "develop a code of conduct that draws a clear line between its friends and allies and its potential adversaries." This would include limiting cyberattacks to military actions and narrowly targeted covert operations, following international law, rarely spying on friends, and working to strengthen international norms against economic espionage. If the United States is attacked, it should not necessarily launch a counterattack, Segal argues; rather, it should explore using sanctions or other tools. This was apparently the path that Obama took after the attack on the DNC, when the United States punished Moscow by imposing fresh sanctions and expelling 35 suspected Russian spies.

It's likely only a matter of time before the Trump administration faces a major cyberattack. When that happens, the government will need to react calmly, without jumping to conclusions. Failure to do so could have dire consequences. "The United States, Russia, and China are unlikely to launch destructive attacks against each other unless they are already engaged in military conflict or perceive core interests as being threatened," Segal writes. "The greatest risks are misperception, miscalculation, and escalation."

Those risks now seem greater than ever. Some experts have argued that Obama's response to the Russian cyberattacks in 2016 did not do enough to deter future attackers. But if Obama underreacted, the United States may now face the opposite problem. Trump has proved willing to make bold, some times unsubstantiated accusations. This behavior is dangerous in any conflict, but in the fog of cyberwar, it could spell catastrophe.

Is there anything the American public can do to prevent this? All over the country, people have been trying to check Trump's worst impulses by protesting, appealing to members of Congress, or simply demanding more information. Policy about cyberspace generally doesn't draw the same level of public engagement, in part due to a lack of knowledge. Cyberbattles can seem confusing, technical, and shrouded in secrecy, perhaps better left to the experts. But cybersecurity is everyone's problem now. The American public should inform itself, and these two books are a good place to start. If Washington inadvertently led the United States into a major cyberwar, Americans would have the most to lose.

[Jan 18, 2017] Mainstream Media's Russian Bogeymen

Jan 18, 2017 | original.antiwar.com

The mainstream hysteria over Russia has led to dubious or downright false stories that have deepened the New Cold War

by Gareth Porter , January 16, 2017 Print This | Share This In the middle of a major domestic crisis over the U.S. charge that Russia had interfered with the US election, the Department of Homeland Security (DHS) triggered a brief national media hysteria by creating and spreading a bogus story of Russian hacking into US power infrastructure.

DHS had initiated the now-discredited tale of a hacked computer at the Burlington, Vermont Electricity Department by sending the utility's managers misleading and alarming information, then leaked a story they certainly knew to be false and continued to put out a misleading line to the media.

Even more shocking, however, DHS had previously circulated a similar bogus story of Russian hacking of a Springfield, Illinois water pump in November 2011.

The story of how DHS twice circulated false stories of Russian efforts to sabotage US "critical infrastructure" is a cautionary tale of how senior leaders in a bureaucracy-on-the-make take advantage of every major political development to advance its own interests, with scant regard for the truth.

The DHS had carried out a major public campaign to focus on an alleged Russian threat to US power infrastructure in early 2016. The campaign took advantage of a US accusation of a Russian cyber-attack against the Ukrainian power infrastructure in December 2015 to promote one of the agency's major functions - guarding against cyber-attacks on America's infrastructure.

Beginning in late March 2016, DHS and FBI conducted a series of 12 unclassified briefings for electric power infrastructure companies in eight cities titled, "Ukraine Cyber Attack: implications for US stakeholders." The DHS declared publicly, "These events represent one of the first known physical impacts to critical infrastructure which resulted from cyber-attack."

That statement conveniently avoided mentioning that the first cases of such destruction of national infrastructure from cyber-attacks were not against the United States, but were inflicted on Iran by the Obama administration and Israel in 2009 and 2012.

Beginning in October 2016, the DHS emerged as one of the two most important players – along with the CIA-in the political drama over the alleged Russian effort to tilt the 2016 election toward Donald Trump. Then on Dec. 29, DHS and FBI distributed a "Joint Analysis Report" to US power utilities across the country with what it claimed were "indicators" of a Russian intelligence effort to penetrate and compromise US computer networks, including networks related to the presidential election, that it called "GRIZZLY STEPPE."

The report clearly conveyed to the utilities that the "tools and infrastructure" it said had been used by Russian intelligence agencies to affect the election were a direct threat to them as well. However, according to Robert M. Lee, the founder and CEO of the cyber-security company Dragos, who had developed one of the earliest US government programs for defense against cyber-attacks on US infrastructure systems, the report was certain to mislead the recipients.

"Anyone who uses it would think they were being impacted by Russian operations," said Lee. "We ran through the indicators in the report and found that a high percentage were false positives."

Lee and his staff found only two of a long list of malware files that could be linked to Russian hackers without more specific data about timing. Similarly a large proportion of IP addresses listed could be linked to "GRIZZLY STEPPE" only for certain specific dates, which were not provided.

The Intercept discovered, in fact, that 42 percent of the 876 IP addresses listed in the report as having been used by Russian hackers were exit nodes for the Tor Project, a system that allows bloggers, journalists and others – including some military entities – to keep their Internet communications private.

Lee said the DHS staff that worked on the technical information in the report is highly competent, but the document was rendered useless when officials classified and deleted some key parts of the report and added other material that shouldn't have been in it. He believes the DHS issued the report "for a political purpose," which was to "show that the DHS is protecting you."

Planting the Story, Keeping it Alive

Upon receiving the DHS-FBI report the Burlington Electric Company network security team immediately ran searches of its computer logs using the lists of IP addresses it had been provided. When one of IP addresses cited in the report as an indicator of Russian hacking was found on the logs, the utility immediately called DHS to inform it as it had been instructed to do by DHS.

In fact, the IP address on the Burlington Electric Company's computer was simply the Yahoo e-mail server, according to Lee, so it could not have been a legitimate indicator of an attempted cyber-intrusion. That should have been the end of the story. But the utility did not track down the IP address before reporting it to DHS. It did, however, expect DHS to treat the matter confidentially until it had thoroughly investigated and resolved the issue.

"DHS wasn't supposed to release the details," said Lee. "Everybody was supposed to keep their mouth shut."

Instead, a DHS official called The Washington Post and passed on word that one of the indicators of Russian hacking of the DNC had been found on the Burlington utility's computer network. The Post failed to follow the most basic rule of journalism, relying on its DHS source instead of checking with the Burlington Electric Department first. The result was the Post's sensational Dec. 30 story under the headline "Russian hackers penetrated US electricity grid through a utility in Vermont, US officials say."

DHS official evidently had allowed the Post to infer that the Russians hack had penetrated the grid without actually saying so. The Post story said the Russians "had not actively used the code to disrupt operations of the utility, according to officials who spoke on condition of anonymity in order to discuss a security matter," but then added, and that "the penetration of the nation's electrical grid is significant because it represents a potentially serious vulnerability."

The electric company quickly issued a firm denial that the computer in question was connected to the power grid. The Post was forced to retract, in effect, its claim that the electricity grid had been hacked by the Russians. But it stuck by its story that the utility had been the victim of a Russian hack for another three days before admitting that no such evidence of a hack existed.

The day after the story was published, the DHS leadership continued to imply, without saying so explicitly, that the Burlington utility had been hacked by Russians. Assistant Secretary for Pubic Affairs J. Todd Breasseale gave CNN a statement that the "indicators" from the malicious software found on the computer at Burlington Electric were a "match" for those on the DNC computers.

As soon as DHS checked the IP address, however, it knew that it was a Yahoo cloud server and therefore not an indicator that the same team that allegedly hacked the DNC had gotten into the Burlington utility's laptop. DHS also learned from the utility that the laptop in question had been infected by malware called "neutrino," which had never been used in "GRIZZLY STEPPE."

Only days later did the DHS reveal those crucial facts to the Post. And the DHS was still defending its joint report to the Post, according to Lee, who got part of the story from Post sources. The DHS official was arguing that it had "led to a discovery," he said. "The second is, 'See, this is encouraging people to run indicators.'"

Original DHS False Hacking Story

The false Burlington Electric hack scare is reminiscent of an earlier story of Russian hacking of a utility for which the DHS was responsible as well. In November 2011, it reported an "intrusion" into a Springfield, Illinois water district computer that similarly turned out to be a fabrication.

Like the Burlington fiasco, the false report was preceded by a DHS claim that US infrastructure systems were already under attack. In October 2011, acting DHS deputy undersecretary Greg Schaffer was quoted by The Washington Post as warning that "our adversaries" are "knocking on the doors of these systems." And Schaffer added, "In some cases, there have been intrusions." He did not specify when, where or by whom, and no such prior intrusions have ever been documented.

On Nov. 8, 2011, a water pump belonging to the Curran-Gardner township water district near Springfield, Illinois, burned out after sputtering several times in previous months. The repair team brought in to fix it found a Russian IP address on its log from five months earlier. That IP address was actually from a cell phone call from the contractor who had set up the control system for the pump and who was vacationing in Russia with his family, so his name was in the log by the address.

Without investigating the IP address itself, the utility reported the IP address and the breakdown of the water pump to the Environmental Protection Agency, which in turn passed it on to the Illinois Statewide Terrorism and Intelligence Center, also called a fusion center composed of Illinois State Police and representatives from the FBI, DHS and other government agencies.

On Nov. 10 – just two days after the initial report to EPA – the fusion center produced a report titled "Public Water District Cyber Intrusion" suggesting a Russian hacker had stolen the identity of someone authorized to use the computer and had hacked into the control system causing the water pump to fail.

The contractor whose name was on the log next to the IP address later told Wired magazine that one phone call to him would have laid the matter to rest. But the DHS, which was the lead in putting the report out, had not bothered to make even that one obvious phone call before opining that it must have been a Russian hack.

The fusion center "intelligence report," circulated by DHS Office of Intelligence and Research, was picked up by a cyber-security blogger, who called The Washington Post and read the item to a reporter. Thus the Post published the first sensational story of a Russian hack into a US infrastructure on Nov. 18, 2011.

After the real story came out, DHS disclaimed responsibility for the report, saying that it was the fusion center's responsibility. But a Senate subcommittee investigation revealed in a report a year later that even after the initial report had been discredited, DHS had not issued any retraction or correction to the report, nor had it notified the recipients about the truth.

DHS officials responsible for the false report told Senate investigators such reports weren't intended to be "finished intelligence," implying that the bar for accuracy of the information didn't have to be very high. They even claimed that report was a "success" because it had done what "what it's supposed to do – generate interest."

Both the Burlington and Curran-Gardner episodes underline a central reality of the political game of national security in the New Cold War era: major bureaucratic players like DHS have a huge political stake in public perceptions of a Russian threat, and whenever the opportunity arises to do so, they will exploit it.

Gareth Porter, an investigative historian and journalist specializing in US national security policy, received the UK-based Gellhorn Prize for journalism for 2011 for articles on the U.S. war in Afghanistan. His new book is Manufactured Crisis: the Untold Story of the Iran Nuclear Scare . He can be contacted at porter.gareth50@gmail.com .

Reprinted from Consortium News with the author's permission.

Read more by Gareth Porter

[Jan 16, 2017] Mainstream Medias Russian Bogeymen by Gareth Porter

DHS security honchos want to justify their existence. There is not greater danger to national security then careerists in position of security professionals. Lying and exaggerating the treats to get this dollars is is what many security professionals do for living. They are essentially charlatans.
Notable quotes:
"... In the middle of a major domestic crisis over the U.S. charge that Russia had interfered with the US election, the Department of Homeland Security (DHS) triggered a brief national media hysteria by creating and spreading a bogus story of Russian hacking into US power infrastructure. ..."
"... Even more shocking, however, DHS had previously circulated a similar bogus story of Russian hacking of a Springfield, Illinois water pump in November 2011. ..."
"... Beginning in late March 2016, DHS and FBI conducted a series of 12 unclassified briefings for electric power infrastructure companies in eight cities titled, "Ukraine Cyber Attack: implications for US stakeholders." The DHS declared publicly, "These events represent one of the first known physical impacts to critical infrastructure which resulted from cyber-attack." ..."
"... That statement conveniently avoided mentioning that the first cases of such destruction of national infrastructure from cyber-attacks were not against the United States, but were inflicted on Iran by the Obama administration and Israel in 2009 and 2012. ..."
"... Beginning in October 2016, the DHS emerged as one of the two most important players – along with the CIA-in the political drama over the alleged Russian effort to tilt the 2016 election toward Donald Trump. Then on Dec. 29, DHS and FBI distributed a "Joint Analysis Report" to US power utilities across the country with what it claimed were "indicators" of a Russian intelligence effort to penetrate and compromise US computer networks, including networks related to the presidential election, that it called "GRIZZLY STEPPE." ..."
"... according to Robert M. Lee, the founder and CEO of the cyber-security company Dragos, who had developed one of the earliest US government programs for defense against cyber-attacks on US infrastructure systems, the report was certain to mislead the recipients. ..."
"... "Anyone who uses it would think they were being impacted by Russian operations," said Lee. "We ran through the indicators in the report and found that a high percentage were false positives." ..."
"... The Intercept discovered, in fact, that 42 percent of the 876 IP addresses listed in the report as having been used by Russian hackers were exit nodes for the Tor Project, a system that allows bloggers, journalists and others – including some military entities – to keep their Internet communications private. ..."
"... Instead, a DHS official called The Washington Post and passed on word that one of the indicators of Russian hacking of the DNC had been found on the Burlington utility's computer network. The Post failed to follow the most basic rule of journalism, relying on its DHS source instead of checking with the Burlington Electric Department first. The result was the Post's sensational Dec. 30 story under the headline "Russian hackers penetrated US electricity grid through a utility in Vermont, US officials say." ..."
"... DHS official evidently had allowed the Post to infer that the Russians hack had penetrated the grid without actually saying so. The Post story said the Russians "had not actively used the code to disrupt operations of the utility, according to officials who spoke on condition of anonymity in order to discuss a security matter," but then added, and that "the penetration of the nation's electrical grid is significant because it represents a potentially serious vulnerability." ..."
"... The electric company quickly issued a firm denial that the computer in question was connected to the power grid. The Post was forced to retract, in effect, its claim that the electricity grid had been hacked by the Russians. But it stuck by its story that the utility had been the victim of a Russian hack for another three days before admitting that no such evidence of a hack existed. ..."
"... Only days later did the DHS reveal those crucial facts to the Post. And the DHS was still defending its joint report to the Post, according to Lee, who got part of the story from Post sources. The DHS official was arguing that it had "led to a discovery," he said. "The second is, 'See, this is encouraging people to run indicators.'" ..."
"... The false Burlington Electric hack scare is reminiscent of an earlier story of Russian hacking of a utility for which the DHS was responsible as well. In November 2011, it reported an "intrusion" into a Springfield, Illinois water district computer that similarly turned out to be a fabrication. ..."
"... The contractor whose name was on the log next to the IP address later told Wired magazine that one phone call to him would have laid the matter to rest. But the DHS, which was the lead in putting the report out, had not bothered to make even that one obvious phone call before opining that it must have been a Russian hack. ..."
Jan 16, 2017 | original.antiwar.com

The mainstream hysteria over Russia has led to dubious or downright false stories that have deepened the New Cold War

In the middle of a major domestic crisis over the U.S. charge that Russia had interfered with the US election, the Department of Homeland Security (DHS) triggered a brief national media hysteria by creating and spreading a bogus story of Russian hacking into US power infrastructure.

DHS had initiated the now-discredited tale of a hacked computer at the Burlington, Vermont Electricity Department by sending the utility's managers misleading and alarming information, then leaked a story they certainly knew to be false and continued to put out a misleading line to the media.

Even more shocking, however, DHS had previously circulated a similar bogus story of Russian hacking of a Springfield, Illinois water pump in November 2011.

The story of how DHS twice circulated false stories of Russian efforts to sabotage US "critical infrastructure" is a cautionary tale of how senior leaders in a bureaucracy-on-the-make take advantage of every major political development to advance its own interests, with scant regard for the truth.

The DHS had carried out a major public campaign to focus on an alleged Russian threat to US power infrastructure in early 2016. The campaign took advantage of a US accusation of a Russian cyber-attack against the Ukrainian power infrastructure in December 2015 to promote one of the agency's major functions - guarding against cyber-attacks on America's infrastructure.

Beginning in late March 2016, DHS and FBI conducted a series of 12 unclassified briefings for electric power infrastructure companies in eight cities titled, "Ukraine Cyber Attack: implications for US stakeholders." The DHS declared publicly, "These events represent one of the first known physical impacts to critical infrastructure which resulted from cyber-attack."

That statement conveniently avoided mentioning that the first cases of such destruction of national infrastructure from cyber-attacks were not against the United States, but were inflicted on Iran by the Obama administration and Israel in 2009 and 2012.

Beginning in October 2016, the DHS emerged as one of the two most important players – along with the CIA-in the political drama over the alleged Russian effort to tilt the 2016 election toward Donald Trump. Then on Dec. 29, DHS and FBI distributed a "Joint Analysis Report" to US power utilities across the country with what it claimed were "indicators" of a Russian intelligence effort to penetrate and compromise US computer networks, including networks related to the presidential election, that it called "GRIZZLY STEPPE."

The report clearly conveyed to the utilities that the "tools and infrastructure" it said had been used by Russian intelligence agencies to affect the election were a direct threat to them as well. However, according to Robert M. Lee, the founder and CEO of the cyber-security company Dragos, who had developed one of the earliest US government programs for defense against cyber-attacks on US infrastructure systems, the report was certain to mislead the recipients.

"Anyone who uses it would think they were being impacted by Russian operations," said Lee. "We ran through the indicators in the report and found that a high percentage were false positives."

Lee and his staff found only two of a long list of malware files that could be linked to Russian hackers without more specific data about timing. Similarly a large proportion of IP addresses listed could be linked to "GRIZZLY STEPPE" only for certain specific dates, which were not provided.

The Intercept discovered, in fact, that 42 percent of the 876 IP addresses listed in the report as having been used by Russian hackers were exit nodes for the Tor Project, a system that allows bloggers, journalists and others – including some military entities – to keep their Internet communications private.

Lee said the DHS staff that worked on the technical information in the report is highly competent, but the document was rendered useless when officials classified and deleted some key parts of the report and added other material that shouldn't have been in it. He believes the DHS issued the report "for a political purpose," which was to "show that the DHS is protecting you."

Planting the Story, Keeping it Alive

Upon receiving the DHS-FBI report the Burlington Electric Company network security team immediately ran searches of its computer logs using the lists of IP addresses it had been provided. When one of IP addresses cited in the report as an indicator of Russian hacking was found on the logs, the utility immediately called DHS to inform it as it had been instructed to do by DHS.

In fact, the IP address on the Burlington Electric Company's computer was simply the Yahoo e-mail server, according to Lee, so it could not have been a legitimate indicator of an attempted cyber-intrusion. That should have been the end of the story. But the utility did not track down the IP address before reporting it to DHS. It did, however, expect DHS to treat the matter confidentially until it had thoroughly investigated and resolved the issue.

"DHS wasn't supposed to release the details," said Lee. "Everybody was supposed to keep their mouth shut."

Instead, a DHS official called The Washington Post and passed on word that one of the indicators of Russian hacking of the DNC had been found on the Burlington utility's computer network. The Post failed to follow the most basic rule of journalism, relying on its DHS source instead of checking with the Burlington Electric Department first. The result was the Post's sensational Dec. 30 story under the headline "Russian hackers penetrated US electricity grid through a utility in Vermont, US officials say."

DHS official evidently had allowed the Post to infer that the Russians hack had penetrated the grid without actually saying so. The Post story said the Russians "had not actively used the code to disrupt operations of the utility, according to officials who spoke on condition of anonymity in order to discuss a security matter," but then added, and that "the penetration of the nation's electrical grid is significant because it represents a potentially serious vulnerability."

The electric company quickly issued a firm denial that the computer in question was connected to the power grid. The Post was forced to retract, in effect, its claim that the electricity grid had been hacked by the Russians. But it stuck by its story that the utility had been the victim of a Russian hack for another three days before admitting that no such evidence of a hack existed.

The day after the story was published, the DHS leadership continued to imply, without saying so explicitly, that the Burlington utility had been hacked by Russians. Assistant Secretary for Pubic Affairs J. Todd Breasseale gave CNN a statement that the "indicators" from the malicious software found on the computer at Burlington Electric were a "match" for those on the DNC computers.

As soon as DHS checked the IP address, however, it knew that it was a Yahoo cloud server and therefore not an indicator that the same team that allegedly hacked the DNC had gotten into the Burlington utility's laptop. DHS also learned from the utility that the laptop in question had been infected by malware called "neutrino," which had never been used in "GRIZZLY STEPPE."

Only days later did the DHS reveal those crucial facts to the Post. And the DHS was still defending its joint report to the Post, according to Lee, who got part of the story from Post sources. The DHS official was arguing that it had "led to a discovery," he said. "The second is, 'See, this is encouraging people to run indicators.'"

Original DHS False Hacking Story

The false Burlington Electric hack scare is reminiscent of an earlier story of Russian hacking of a utility for which the DHS was responsible as well. In November 2011, it reported an "intrusion" into a Springfield, Illinois water district computer that similarly turned out to be a fabrication.

Like the Burlington fiasco, the false report was preceded by a DHS claim that US infrastructure systems were already under attack. In October 2011, acting DHS deputy undersecretary Greg Schaffer was quoted by The Washington Post as warning that "our adversaries" are "knocking on the doors of these systems." And Schaffer added, "In some cases, there have been intrusions." He did not specify when, where or by whom, and no such prior intrusions have ever been documented.

On Nov. 8, 2011, a water pump belonging to the Curran-Gardner township water district near Springfield, Illinois, burned out after sputtering several times in previous months. The repair team brought in to fix it found a Russian IP address on its log from five months earlier. That IP address was actually from a cell phone call from the contractor who had set up the control system for the pump and who was vacationing in Russia with his family, so his name was in the log by the address.

Without investigating the IP address itself, the utility reported the IP address and the breakdown of the water pump to the Environmental Protection Agency, which in turn passed it on to the Illinois Statewide Terrorism and Intelligence Center, also called a fusion center composed of Illinois State Police and representatives from the FBI, DHS and other government agencies.

On Nov. 10 – just two days after the initial report to EPA – the fusion center produced a report titled "Public Water District Cyber Intrusion" suggesting a Russian hacker had stolen the identity of someone authorized to use the computer and had hacked into the control system causing the water pump to fail.

The contractor whose name was on the log next to the IP address later told Wired magazine that one phone call to him would have laid the matter to rest. But the DHS, which was the lead in putting the report out, had not bothered to make even that one obvious phone call before opining that it must have been a Russian hack.

The fusion center "intelligence report," circulated by DHS Office of Intelligence and Research, was picked up by a cyber-security blogger, who called The Washington Post and read the item to a reporter. Thus the Post published the first sensational story of a Russian hack into a US infrastructure on Nov. 18, 2011.

After the real story came out, DHS disclaimed responsibility for the report, saying that it was the fusion center's responsibility. But a Senate subcommittee investigation revealed in a report a year later that even after the initial report had been discredited, DHS had not issued any retraction or correction to the report, nor had it notified the recipients about the truth.

DHS officials responsible for the false report told Senate investigators such reports weren't intended to be "finished intelligence," implying that the bar for accuracy of the information didn't have to be very high. They even claimed that report was a "success" because it had done what "what it's supposed to do – generate interest."

Both the Burlington and Curran-Gardner episodes underline a central reality of the political game of national security in the New Cold War era: major bureaucratic players like DHS have a huge political stake in public perceptions of a Russian threat, and whenever the opportunity arises to do so, they will exploit it.

Gareth Porter, an investigative historian and journalist specializing in US national security policy, received the UK-based Gellhorn Prize for journalism for 2011 for articles on the U.S. war in Afghanistan. His new book is Manufactured Crisis: the Untold Story of the Iran Nuclear Scare . He can be contacted at porter.gareth50@gmail.com .

Reprinted from Consortium News with the author's permission.

[Jan 13, 2017] Mystery Hackers Blow Up Secret NSA Hacking Tools in 'Final F--k You'

Notable quotes:
"... The message was accompanied by a parting gift...an apparently complete NSA backdoor kit targeting the Windows operating system. The kit is comprised of 61 malicious Windows executables, only one of which was previously known to antivirus vendors... ..."
Jan 13, 2017 | www.thedailybeast.com
by Kevin Poulsen

"A mysterious hacking group has been bedeviling the U.S. intelligence community for months, releasing a tranche of secret National Security Agency hacking tools to the public while offering to sell even more for the right price. Now with barely a week to go before Donald Trump's inauguration, the self-styled "Shadow Brokers" on Thursday announced that they were packing it in.

"So long, farewell peoples. TheShadowBrokers is going dark, making exit," the group wrote on its darknet site... The message was accompanied by a parting gift...an apparently complete NSA backdoor kit targeting the Windows operating system. The kit is comprised of 61 malicious Windows executables, only one of which was previously known to antivirus vendors...

... ... ...

The Shadow Brokers emerged in August with the announcement that they'd stolen the hacking tools used by a sophisticated computer-intrusion operation known as the Equation Group, and were putting them up for sale to the highest bidder. It was a remarkable claim, because the Equation Group is generally understood to be part of the NSA's elite Tailored Access Operations program and is virtually never detected, much less penetrated.

... ... ...

Released along with the announcement was a huge cache of specialized malware, including dozens of backdoor programs and 10 exploits, two of them targeting previously unknown security holes in Cisco routers-a basic building block of the internet. While Cisco and other companies scrambled for a fix, security experts pored over the Shadow Brokers tranche like it was the Rosetta Stone. "It was the first time, as threat-intelligence professionals, that we've had access to what appears to be a relatively complete toolkit of a nation-state attacker," says Jake Williams, founder of Rendition Infosec. "It was excitement in some circles, dismay in other circles, and panic and a rush to patch if you're running vulnerable hardware."

[Dec 26, 2016] HP Shutting Down Default FTP, Telnet Access To Network Printers

Dec 26, 2016 | hardware.slashdot.org
(pcworld.com) 83 Posted by msmash on Tuesday December 06, 2016 @11:00AM from the business-as-usual dept. Security experts consider the aging FTP and Telnet protocols unsafe, and HP has decided to clamp down on access to networked printers through the remote-access tools . From a report on PCWorld: Some of HP's new business printers will, by default, be closed to remote access via protocols like FTP and Telnet. However, customers can activate remote printing access through those protocols if needed. "HP has started the process of closing older, less-maintained interfaces including ports, protocols and cipher suites" identified by the U.S. National Institute of Standards and Technology as less than secure, the company said in a statement. In addition, HP also announced firmware updates to existing business printers with improved password and encryption settings, so hackers can't easily break into the devices.

[Dec 26, 2016] New Stegano Exploit Kit Hides Malvertising Code In Banner Pixels

Dec 26, 2016 | it.slashdot.org
(bleepingcomputer.com) 207 Posted by BeauHD on Tuesday December 06, 2016 @08:25PM from the hidden-in-plain-sight dept. An anonymous reader quotes a report from BleepingComputer: For the past two months, a new exploit kit has been serving malicious code hidden in the pixels of banner ads via a malvertising campaign that has been active on several high profile websites. Discovered by security researchers from ESET , this new exploit kit is named Stegano, from the word steganography , which is a technique of hiding content inside other files. In this particular scenario, malvertising campaign operators hid malicious code inside PNG images used for banner ads. The crooks took a PNG image and altered the transparency value of several pixels. They then packed the modified image as an ad, for which they bought ad displays on several high-profile websites. Since a large number of advertising networks allow advertisers to deliver JavaScript code with their ads, the crooks also included JS code that would parse the image, extract the pixel transparency values, and using a mathematical formula, convert those values into a character. Since images have millions of pixels, crooks had all the space they needed to pack malicious code inside a PNG photo. When extracted, this malicious code would redirect the user to an intermediary ULR, called gate, where the host server would filter users. This server would only accept connections from Internet Explorer users. The reason is that the gate would exploit the CVE-2016-0162 vulnerability that allowed the crooks to determine if the connection came from a real user or a reverse analysis system employed by security researchers. Additionally, this IE exploit also allowed the gate server to detect the presence of antivirus software. In this case, the server would drop the connection just to avoid exposing its infrastructure and trigger a warning that would alert both the user and the security firm. If the gate server deemed the target valuable, then it would redirect the user to the final stage, which was the exploit kit itself, hosted on another URL. The Stegano exploit kit would use three Adobe Flash vulnerabilities (CVE-2015-8651, CVE-2016-1019 or CVE-2016-4117) to attack the user's PC, and forcibly download and launch into execution various strains of malware.

[Dec 26, 2016] Backdoor Accounts Found in 80 Sony IP Security Camera Models

Dec 26, 2016 | yro.slashdot.org
(pcworld.com) 55 Posted by msmash on Wednesday December 07, 2016 @12:20PM from the security-woes dept. Many network security cameras made by Sony could be taken over by hackers and infected with botnet malware if their firmware is not updated to the latest version. Researchers from SEC Consult have found two backdoor accounts that exist in 80 models of professional Sony security cameras , mainly used by companies and government agencies given their high price, PCWorld reports. From the article: One set of hard-coded credentials is in the Web interface and allows a remote attacker to send requests that would enable the Telnet service on the camera, the SEC Consult researchers said in an advisory Tuesday. The second hard-coded password is for the root account that could be used to take full control of the camera over Telnet. The researchers established that the password is static based on its cryptographic hash and, while they haven't actually cracked it, they believe it's only a matter of time until someone does. Sony released a patch to the affected camera models last week.

[Dec 26, 2016] Yahoo Fixes Flaw Allowing an Attacker To Read Any User's Emails

Dec 26, 2016 | tech.slashdot.org
(zdnet.com) 30 Posted by msmash on Thursday December 08, 2016 @11:45AM from the security-woes-and-fixes dept. Yahoo says it has fixed a severe security vulnerability in its email service that allowed an attacker to read a victim's email inbox . From a report on ZDNet: The cross-site scripting (XSS) attack only required a victim to view an email in Yahoo Mail. The internet giant paid out $10,000 to security researcher Jouko Pynnonen for privately disclosing the flaw through the HackerOne bug bounty, In a write-up, Pynnonen said that the flaw was similar to last year's Yahoo Mail bug, which similarly let an attacker compromise a user's account. Yahoo filters HTML messages to ensure that malicious code won't make it through into the user's browser, but the researcher found that the filters didn't catch all of the malicious data attributes.

[Dec 26, 2016] Zeus Variant 'Floki Bot' Targets PoS Data

Dec 26, 2016 | it.slashdot.org
(onthewire.io) 25 Posted by BeauHD on Friday December 09, 2016 @05:00AM from the out-of-the-woodwork dept. Trailrunner7 quotes a report from On the Wire: Malware gangs, like sad wedding bands bands, love to play the hits. And one of the hits they keep running back over and over is the Zeus banking Trojan, which has been in use for many years in a number of different forms. Researchers have unearthed a new piece of malware called Floki Bot that is based on the venerable Zeus source code and is being used to infect point-of-sale systems, among other targets. Flashpoint conducted the analysis of Floki Bot with Cisco's Talos research team, and the two organizations said that the author behind the bot maintains a presence on a number of different underground forums, some of which are in Russian or other non-native languages for him. Kremez said that attackers sometimes will participate in foreign language forums as a way to expand their knowledge. Along with its PoS infection capability, Floki Bot also has a feature that allows it to use the Tor network to communicate. "During our analysis of Floki Bot, Talos identified modifications that had been made to the dropper mechanism present in the leaked Zeus source code in an attempt to make Floki Bot more difficult to detect. Talos also observed the introduction of new code that allows Floki Bot to make use of the Tor network. However, this functionality does not appear to be active for the time being," Cisco's Talos team said in its analysis .

[Dec 26, 2016] 5-Year-Old Critical Linux Vulnerability Patched

Dec 26, 2016 | linux.slashdot.org
(threatpost.com) 68 Posted by EditorDavid on Saturday December 10, 2016 @12:34PM from the local-Linux-attacks dept. msm1267 quotes Kaspersky Lab's ThreatPost: A critical, local code-execution vulnerability in the Linux kernel was patched more than a week ago, continuing a run of serious security issues in the operating system, most of which have been hiding in the code for years. Details on the vulnerability were published Tuesday by researcher Philip Pettersson , who said the vulnerable code was introd in August 2011.

A patch was pushed to the mainline Linux kernel December 2, four days after it was privately disclosed. Pettersson has developed a proof-of-concept exploit specifically for Ubuntu distributions, but told Threatpost his attack could be ported to other distros with some changes. The vulnerability is a race condition that was discovered in the af_packet implementation in the Linux kernel, and Pettersson said that a local attacker could exploit the bug to gain kernel code execution from unprivileged processes. He said the bug cannot be exploited remotely.
"Basically it's a bait-and-switch," the researcher told Threatpost. "The bug allows you to trick the kernel into thinking it is working with one kind of object, while you actually switched it to another kind of object before it could react."

[Dec 26, 2016] Vulnerability Prompts Warning: Stop Using Netgear WiFi Routers

Dec 26, 2016 | mobile.slashdot.org
(securityledger.com) 147 Posted by EditorDavid on Sunday December 11, 2016 @01:34PM from the nixing-the-network dept. "By convincing a user to visit a specially crafted web site, a remote attacker may execute arbitrary commands with root privileges on affected routers," warns a new vulnerability notice from Carnegie Mellon University's CERT. Slashdot reader chicksdaddy quotes Security Ledger's story about certain models of Netgear's routers: Firmware version 1.0.7.2_1.1.93 (and possibly earlier) for the R7000 and version 1.0.1.6_1.0.4 (and possibly earlier) for the R6400 are known to contain the arbitrary command injection vulnerability . CERT cited "community reports" that indicate the R8000, firmware version 1.0.3.4_1.1.2, is also vulnerable... The flaw was found in new firmware that runs the Netgear R7000 and R6400 routers. Other models and firmware versions may also be affected, including the R8000 router, CMU CERT warned.

With no work around to the flaw, CERT recommended that Netgear customers disable their wifi router until a software patch from the company that addressed the hole was available... A search of the public internet using the Shodan search engine finds around 8,000 R6450 and R7000 devices that can be reached directly from the Internet and that would be vulnerable to takeover attacks. The vast majority of those are located in the United States.
Proof-of-concept exploit code was released by a Twitter user who, according to the article, said "he informed Netgear of the flaw more than four months ago, but did not hear back from the company since then."

[Dec 26, 2016] Malvertising Campaign Infects Your Router Instead of Your Browser

Dec 26, 2016 | it.slashdot.org
(bleepingcomputer.com) 137 Posted by BeauHD on Wednesday December 14, 2016 @07:45PM from the connected-devices dept. An anonymous reader quotes a report from BleepingComputer: Malicious ads are serving exploit code to infect routers , instead of browsers, in order to insert ads in every site users are visiting. Unlike previous malvertising campaigns that targeted users of old Flash or Internet Explorer versions, this campaign focused on Chrome users, on both desktop and mobile devices. The malicious ads included in this malvertising campaign contain exploit code for 166 router models, which allow attackers to take over the device and insert ads on websites that didn't feature ads, or replace original ads with the attackers' own. Researchers haven't yet managed to determine an exact list of affected router models , but some of the brands targeted by the attackers include Linksys, Netgear, D-Link, Comtrend, Pirelli, and Zyxel. Because the attack is carried out via the user's browser, using strong router passwords or disabling the administration interface is not enough. The only way users can stay safe is if they update their router's firmware to the most recent versions, which most likely includes protection against the vulnerabilities used by this campaign. The "campaign" is called DNSChanger EK and works when attackers buy ads on legitimate websites and insert malicious JavaScript in these ads, "which use a WebRTC request to a Mozilla STUN server to determine the user's local IP address," according to BleepingComputer. "Based on this local IP address, the malicious code can determine if the user is on a local network managed by a small home router, and continue the attack. If this check fails, the attackers just show a random legitimate ad and move on. For the victims the crooks deem valuable, the attack chain continues. These users receive a tainted ad which redirects them to the DNSChanger EK home, where the actual exploitation begins. The next step is for the attackers to send an image file to the user's browser, which contains an AES (encryption algorithm) key embedded inside the photo using the technique of steganography. The malicious ad uses this AES key to decrypt further traffic it receives from the DNSChanger exploit kit. Crooks encrypt their operations to avoid the prying eyes of security researchers."

[Dec 26, 2016] Newly Uncovered Site Suggests NSA Exploits For Direct Sale

Dec 26, 2016 | news.slashdot.org
(vice.com) 33 Posted by BeauHD on Wednesday December 14, 2016 @08:25PM from the buy-one-get-one dept. An anonymous reader quotes a report from Motherboard: The Shadow Brokers -- a hacker or group of hackers that stole computer exploits from the National Security Agency -- has been quiet for some time. After their auction and crowd-funded approach for selling the exploits met a lukewarm reception, the group seemingly stopped posting new messages in October. But a newly uncovered website, which includes a file apparently signed with The Shadow Brokers' cryptographic key, suggests the group is trying to sell hacking tools directly to buyers one by one , and a cache of files appears to include more information on specific exploits. On Wednesday, someone calling themselves Boceffus Cleetus published a Medium post called "Are the Shadow Brokers selling NSA tools on ZeroNet?" Cleetus, who has an American flag with swastikas as their profile picture, also tweeted the post from a Twitter account created this month. The site includes a long list of supposed items for sale, with names like ENVOYTOMATO, EGGBASKET, and YELLOWSPIRIT. Each is sorted into a type, such as "implant," "trojan," and "exploit," and comes with a price tag between 1 and 100 bitcoins ($780 -- $78,000). Customers can purchase the whole lot for 1000 bitcoins ($780,000). The site also lets visitors download a selection of screenshots and files related to each item. Along with those is a file signed with a PGP key with an identical fingerprint to that linked to the original Shadow Brokers dump of exploits from August. This newly uncovered file was apparently signed on 1 September; a different date to any of The Shadow Brokers' previously signed messages .

[Dec 26, 2016] Netgear Releases 'Beta' Patches For Additional Routers Found With Root Vulnerability

Dec 26, 2016 | it.slashdot.org
(netgear.com) 26 Posted by EditorDavid on Saturday December 17, 2016 @10:34AM from the but-they-might-not-work dept. The Department of Homeland Security's CERT issued a warning last week that users should "strongly consider" not using some models of NetGear routers, and the list expanded this week to include 11 different models. Netgear's now updated their web page, announcing eight "beta" fixes, along with three more "production" fixes. chicksdaddy writes: The company said the new [beta] firmware has not been fully tested and " might not work for all users ." The company offered it as a "temporary solution" to address the security hole. "Netgear is working on a production firmware version that fixes this command injection vulnerability and will release it as quickly as possible," the company said in a post to its online knowledgebase early Tuesday.

The move follows publication of a warning from experts at Carnegie Mellon on December 9 detailing a serious "arbitrary command injection" vulnerability in the latest version of firmware used by a number of Netgear wireless routers. The security hole could allow a remote attacker to take control of the router by convincing a user to visit a malicious web site... The vulnerability was discovered by an individual...who says he contacted Netgear about the flaw four months ago , and went public with information on it after the company failed to address the issue on its own.

[Dec 26, 2016] McAfee Takes Six Months To Patch Remote Code Exploit In Linux VirusScan Enterprise

Dec 26, 2016 | linux.slashdot.org
Posted by EditorDavid on Saturday December 17, 2016 @05:34PM from the jeopardized-in-June dept. mask.of.sanity writes: A researcher has reported 10 vulnerabilities in McAfee's VirusScan Enterprise for Linux that when chained together result in root remote code execution. McAfee took six months to fix the bugs issuing a patch December 9th.
Citing the security note , CSO adds that "one of the issues affects Virus Scan Enterprise for Windows version 8.7i through at least 8.8 ." The vulnerability was reported by Andrew Fasano at MIT's federally-funded security lab, who said he targeted McAfee's client because "it runs as root, it claims to make your machine more secure, it's not particularly popular, and it looks like it hasn't been updated in a long time."

[Dec 26, 2016] Massive Mirai Botnet Hides Its Control Servers On Tor

Dec 26, 2016 | it.slashdot.org
Posted by EditorDavid on Saturday December 17, 2016 @06:34PM from the catch-me-if-you-can dept. "Following a failed takedown attempt, changes made to the Mirai malware variant responsible for building one of today's biggest botnets of IoT devices will make it incredibly harder for authorities and security firms to shut it down," reports Bleeping Computer. An anonymous reader writes: Level3 and others" have been very close to taking down one of the biggest Mirai botnets around, the same one that attempted to knock the Internet offline in Liberia , and also hijacked 900,000 routers from German ISP Deutsche Telekom .The botnet narrowly escaped due to the fact that its maintainer, a hacker known as BestBuy, had implemented a domain-generation algorithm to generate random domain names where he hosted his servers.

Currently, to avoid further takedown attempts from similar security firms, BestBuy has started moving the botnet's command and control servers to Tor . "It's all good now. We don't need to pay thousands to ISPs and hosting. All we need is one strong server," the hacker said. "Try to shut down .onion 'domains' over Tor," he boasted, knowing that nobody can.

[Dec 26, 2016] LinkedIn Warns 9.5 Million Lynda Users About Database Breach

Dec 26, 2016 | yro.slashdot.org
(neowin.net) 35 Posted by EditorDavid on Sunday December 18, 2016 @02:34PM from the profile-views dept. Less than four weeks after Microsoft formally acquired LinkedIn for $26 billion , there's been a database breach. An anonymous reader writes: LinkedIn is sending emails to 9.5 million users of Lynda.com, its online learning subsidiary, warning the users of a database breach by "an unauthorized third party" . The affected database included contact information for at least some of the users. An email to customers says "while we have no evidence that your specific account was accessed or that any data has been made publicly available, we wanted to notify you as a precautionary measure." Ironically, the breach comes less than a month after Russia blocked access to LinkedIn over privacy concerns .
LinkedIn has also reset the passwords for 55,000 Lynda.com accounts (though apparently many of its users don't have accounts with passwords).

[Dec 26, 2016] The FBI Is Arresting People Who Rent DDoS Botnets

Dec 26, 2016 | yro.slashdot.org
(bleepingcomputer.com) 211 Posted by EditorDavid on Sunday December 18, 2016 @04:44PM from the denial-of-liberty-counterattack dept. This week the FBI arrested a 26-year-old southern California man for launching a DDoS attack against online chat service Chatango at the end of 2014 and in early 2015 -- part of a new crackdown on the customers of "DDoS-for-hire" services. An anonymous reader writes: Sean Krishanmakoto Sharma, a computer science graduate student at USC, is now facing up to 10 years in prison and/or a fine of up to $250,000. Court documents describe a service called Xtreme Stresser as "basically a Linux botnet DDoS tool," and allege that Sharma rented it for an attack on Chatango, an online chat service. "Sharma is now free on a $100,000 bail," reports Bleeping Computer, adding "As part of his bail release agreement, Sharma is banned from accessing certain sites such as HackForums and tools such as VPNs..."

"Sharma's arrest is part of a bigger operation against DDoS-for-Hire services, called Operation Tarpit ," the article points out. "Coordinated by Europol, Operation Tarpit took place between December 5 and December 9, and concluded with the arrest of 34 users of DDoS-for-hire services across the globe, in countries such as Australia, Belgium, France, Hungary, Lithuania, the Netherlands, Norway, Portugal, Romania, Spain, Sweden, the United Kingdom and the United States." It grew out of an earlier investigation into a U.K.-based DDoS-for-hire service which had 400 customers who ultimately launched 603,499 DDoS attacks on 224,548 targets.
Most of the other suspects arrested were under the age of 20.

[Dec 26, 2016] Russians Used Malware On Android Devices To Track and Target Ukraine Artillery, Says Report

Dec 26, 2016 | yro.slashdot.org
(reuters.com) 101 Posted by BeauHD on Thursday December 22, 2016 @06:25PM from the come-out-come-out-wherever-you-are dept. schwit1 quotes a report from Reuters: A hacking group linked to the Russian government and high-profile cyber attacks against Democrats during the U.S. presidential election likely used a malware implant on Android devices to track and target Ukrainian artillery units from late 2014 through 2016, according to a new report released Thursday. The malware was able to retrieve communications and some locational data from infected devices, intelligence that would have likely been used to strike against the artillery in support of pro-Russian separatists fighting in eastern Ukraine, the report from cyber security firm CrowdStrike found. The hacking group, known commonly as Fancy Bear or APT 28, is believed by U.S. intelligence officials to work primarily on behalf of the GRU, Russia's military intelligence agency. The implant leveraged a legitimate Android application developed by a Ukrainian artillery officer to process targeting data more quickly, CrowdStrike said. Its deployment "extends Russian cyber capabilities to the front lines of the battlefield," the report said, and "could have facilitated anticipatory awareness of Ukrainian artillery force troop movement, thus providing Russian forces with useful strategic planning information."

[Dec 26, 2016] Security Researchers Can Turn Headphones Into Microphones

Dec 26, 2016 | news.slashdot.org
(techcrunch.com) 122 Posted by BeauHD on Thursday November 24, 2016 @08:00AM from the proof-of-concept dept. As if we don't already have enough devices that can listen in on our conversations, security researchers at Israel's Ben Gurion University have created malware that will turn your headphones into microphones that can slyly record your conversations. TechCrunch reports: The proof-of-concept, called " Speake(a)r ," first turned headphones connected to a PC into microphones and then tested the quality of sound recorded by a microphone vs. headphones on a target PC. In short, the headphones were nearly as good as an unpowered microphone at picking up audio in a room. It essentially "retasks" the RealTek audio codec chip output found in many desktop computers into an input channel. This means you can plug your headphones into a seemingly output-only jack and hackers can still listen in. This isn't a driver fix, either. The embedded chip does not allow users to properly prevent this hack which means your earbuds or nice cans could start picking up conversations instantly. In fact, even if you disable your microphone, a computer with a RealTek chip could still be hacked and exploited without your knowledge. The sound quality, as shown by this chart, is pretty much the same for a dedicated microphone and headphones. The researchers have published a video on YouTube demonstrating how this malware works.

[Dec 26, 2016] Personal Data For More Than 130,000 Sailors Hacked: U.S. Navy

Dec 26, 2016 | news.slashdot.org
(reuters.com) 57 Posted by msmash on Thursday November 24, 2016 @10:04AM from the security-woes dept. Hackers gained access to sensitive information, including Social Security numbers, for 134,386 current and former U.S. sailors, the U.S. Navy has said . According to Reuters: It said a laptop used by a Hewlett Packard Enterprise Services employee working on a U.S. Navy contract was hacked. Hewlett Packard informed the Navy of the breach on Oct. 27 and the affected sailors will be notified in the coming weeks, the Navy said. "The Navy takes this incident extremely seriously - this is a matter of trust for our sailors," Chief of Naval Personnel Vice Admiral Robert Burke said in a statement.

[Dec 26, 2016] Muni System Hacker Hit Others By Scanning For Year-Old Java Vulnerability

Dec 26, 2016 | developers.slashdot.org
(arstechnica.com) 30 Posted by BeauHD on Tuesday November 29, 2016 @09:05PM from the thank-God-for-backups dept. An anonymous reader quotes a report from Ars Technica: The attacker who infected servers and desktop computers at the San Francisco Metropolitan Transit Agency (SFMTA) with ransomware on November 25 apparently gained access to the agency's network by way of a known vulnerability in an Oracle WebLogic server . That vulnerability is similar to the one used to hack a Maryland hospital network's systems in April and infect multiple hospitals with crypto-ransomware. And evidence suggests that SFMTA wasn't specifically targeted by the attackers; the agency just came up as a target of opportunity through a vulnerability scan. In an e-mail to Ars, SFMTA spokesperson Paul Rose said that on November 25, "we became aware of a potential security issue with our computer systems, including e-mail." The ransomware "encrypted some systems mainly affecting computer workstations," he said, "as well as access to various systems. However, the SFMTA network was not breached from the outside, nor did hackers gain entry through our firewalls. Muni operations and safety were not affected. Our customer payment systems were not hacked. Also, despite media reports, no data was accessed from any of our servers." That description of the ransomware attack is not consistent with some of the evidence of previous ransomware attacks by those behind the SFMTA incident -- which Rose said primarily affected about 900 desktop computers throughout the agency. Based on communications uncovered from the ransomware operator behind the Muni attack published by security reporter Brian Krebs , an SFMTA Web-facing server was likely compromised by what is referred to as a "deserialization" attack after it was identified by a vulnerability scan. A security researcher told Krebs that he had been able to gain access to the mailbox used in the malware attack on the Russian e-mail and search provider Yandex by guessing its owner's security question, and he provided details from the mailbox and another linked mailbox on Yandex. Based on details found in e-mails for the accounts, the attacker ran a server loaded with open source vulnerability scanning tools to identify and compromise servers to use in spreading the ransomware, known as HDDCryptor and Mamba , within multiple organizations' networks.

[Dec 26, 2016] Russia Says Foreign Spies Plan Cyber Attack On Banking System

Dec 26, 2016 | it.slashdot.org
(reuters.com) 88 Posted by msmash on Friday December 02, 2016 @12:20PM from the hmmm dept. Russia said on Friday it had uncovered a plot by foreign spy agencies to sow chaos in Russia's banking system via a coordinated wave of cyber attacks and fake social media reports about banks going bust . From a report on Reuters: Russia's domestic intelligence agency, the Federal Security Service (FSB), said that the servers to be used in the alleged cyber attack were located in the Netherlands and registered to a Ukrainian web hosting company called BlazingFast. The attack, which was to target major national and provincial banks in several Russian cities, was meant to start on Dec. 5, the FSB said in a statement. "It was planned that the cyber attack would be accompanied by a mass send-out of SMS messages and publications in social media of a provocative nature regarding a crisis in the Russian banking system, bankruptcies and license withdrawals," it said. "The FSB is carrying out the necessary measures to neutralize threats to Russia's economic and information security."

[Dec 17, 2016] Yahoo's Hack Could Force Paying $145 Million Verizon Break-up Fee - Breitbart

Notable quotes:
"... potential material adverse event ..."
"... exploring a price cut or possible exit ..."
"... Net Neutrality . ..."
"... These enforceable, bright-line rules will ban paid prioritization, and the blocking and throttling of lawful content and services ..."
"... communicated with a total of 51 parties to evaluate their interest in a potential transaction ..."
"... 32 parties signed confidentiality agreements with Yahoo ..."
"... Payment card data and bank account information are not stored in the system the company believes was affected ..."
Dec 17, 2016 | www.breitbart.com
Given that the Donald Trump victory already made Yahoo less attractive for Verizon, the latest billion-account-hack at Yahoo could let Verizon dump their buy-out and still collect a $145 million break-up fee .

Yahoo's stock plunged over 6 percent after the company admitted its customer data had been hacked again, with at least 1 billion accounts exposed in 2014. The horribly bad news for Yahoo followed an equally bad news report in September that 500 million e-mail account were hacked in 2013. Yahoo unfortunately now has the distinction of suffering both of the history's largest client hacks.

SIGN UP FOR OUR NEWSLETTER

Verizon's top lawyer told reporters after the first Yahoo hack that the disclosure constituted a " potential material adverse event " that would allow for the mobile powerhouse to pull out of the $4.83 billion deal they announced on July 25, 2016.

Less than 24 hours after Yahoo disclosed the even larger hack of client accounts by a "state-sponsored actor," Bloomberg reported that Verizon is " exploring a price cut or possible exit " from its proposed Yahoo acquisition.

Breitbart reported that Google and other Silicon Valley companies were huge corporate winners when Chairman Tom Wheeler and the other two Democrat political appointees on the FCC voted on a party-line vote in mid-February 2015 for a new regulatory structure called ' Net Neutrality . ' Although Wheeler claimed, " These enforceable, bright-line rules will ban paid prioritization, and the blocking and throttling of lawful content and services ," they were a huge economic disaster for Verizon's high-speed broadband business model.

Verizon responded last year by paying $4.4 billion to buy AOL in order to pick up popular news sites, large advertising business, and more than 2 million Internet dial-up subscribers. Buying Yahoo was expected to give the former telephone company to achieve "scale" by controlling a second web content pioneer.

After President and CEO Marissa Mayer began organizing an auction in March, Yahoo stock doubled from $26 a share to $51 by September. But she announced on Wednesday the new hack, Yahoo's stock has been plunging to $38.40 in after-market trading.

The buyer normally has to pay a break-up fee if an acquisition fails. But Yahoo chose to run its own auction that " communicated with a total of 51 parties to evaluate their interest in a potential transaction ." Then between February and April 2016, a "short list" of " 32 parties signed confidentiality agreements with Yahoo ," including 10 strategic parties and 22 financial sponsors.

Yahoo's 13D proxy statement filed with the SEC was mostly boilerplate disclosure, but it seemed that something must have been a potential problem at Yahoo for the company to offer a $145 million termination fee to Verizon if the deal did not close.

Yahoo on Wednesday issued a statement saying personal information from more than a billion user accounts was stolen in 2014. The news followed the company's announcement in September that hackers had stolen personal data from at least half a billion accounts in 2013. Yahoo said it believes the two thefts were by different parties.

Yahoo admitted that both hacks were so extensive that they included users' names, email addresses, phone numbers, dates of birth, scrambled passwords and security questions and answers. But Yahoo stated, " Payment card data and bank account information are not stored in the system the company believes was affected ."

Yahoo said they have invalidated unencrypted security questions and answers in user accounts. They are in the process of notifying potentially affected users and is requiring them to change their passwords.

Yahoo was already facing nearly two dozen class-action lawsuits over the first breach and the company's failure to report it on a timely basis. A federal 3 judge panel last week consolidated 5 of the suits into a mass tort in the San Jose U.S. District Court.

Undoubtedly, there will be a huge number of user lawsuits filed against Yahoo in the next few weeks.

[Dec 15, 2016] Georgia asks Trump to investigate DHS cyberattacks

Dec 15, 2016 | marknesop.wordpress.com
Pavlo Svolochenko , December 14, 2016 at 2:43 pm
Georgia asks Trump to investigate DHS 'cyberattacks'

If you want to know what Washington is doing at any given time, just look at what they're accusing the competition of.

yalensis , December 14, 2016 at 5:05 pm
As the Worm Turns!
For all those Amurican rubes out there who beleived that Homeland Security was protecting them against foreign terrorists – ha hahahahahaha!

[Dec 14, 2016] Yahoo discovers hack affecting 1 billion users, breaking its own world record

www.dailynews.com
Yahoo has discovered a 3-year-old security breach that enabled a hacker to compromise more than 1 billion user accounts, breaking the company's own humiliating record for the biggest security breach in history.

The digital heist disclosed Wednesday occurred in August 2013, more than a year before a separate hack that Yahoo announced nearly three months ago . That breach affected at least 500 million users, which had been the most far-reaching hack until the latest revelation.

Yahoo has more than a billion monthly active users, although some have multiple accounts and others have none at all. An unknown number of accounts were affected by both hacks.

In both attacks, the stolen information included names, email addresses, phone numbers, birthdates and security questions and answers. The company says it believes bank-account information and payment-card data were not affected.

[Nov 18, 2016] Physical access is not equal to game over

Notable quotes:
"... What if the disk is passworded? What about that not all systems are exclusively for business/corporate use (see also BYOD) and therefore may be tuned to varying security postures owing to other factors? ..."
"... Physical access ≠ game over. Physical access + unguarded time + experience + tooling = game over. One used to could safely leave someone alone with their computer while one went to the kitchen for a glass of water. Now this tooling has made the time and experience components a bit less relevant to successful, quick pwnage with few or no tracks. Neato! ..."
www.nakedcapitalism.com
LarryB November 17, 2016 at 2:59 pm

The "Poison Tap" is not really that big of deal. It's usually trivially easy to break into any computer that you can physically access. You can boot from a CD or USB drive, for instance, or even just steal the hard drive. Security on USB needs to be improved, but this is not even close to being the end of the world.

Knifecatcher November 17, 2016 at 4:07 pm

+1. If someone has direct physical access to your device – PC or smartphone – you're pretty much hosed.

Daryl November 17, 2016 at 6:30 pm

Yep. Physical access is root access.

River November 17, 2016 at 7:35 pm

If you have the time with the physical machine anyway.

I could see kids having fun with this though. Going into a box store that has computers on display, getting access (even better if they have a web cam on it). Upload porn or shocking material and showing the customers and watching/recording the reactions and putting it on youtube.

Or more nefarious, the same thing but for casing a store (limited vantage from the web cam .but may better than nothing).

Etc. lots you could do and more importantly not a lot of skill required. Lower bar for entry for hacking mischief and a low cost.

hunkerdown November 17, 2016 at 7:51 pm

LarryB, and how long will that take you? And will you have the computer back together by the time they see you? And will logs suggest anything funny happened around that time? What if the disk is passworded? What about that not all systems are exclusively for business/corporate use (see also BYOD) and therefore may be tuned to varying security postures owing to other factors?

Physical access ≠ game over. Physical access + unguarded time + experience + tooling = game over. One used to could safely leave someone alone with their computer while one went to the kitchen for a glass of water. Now this tooling has made the time and experience components a bit less relevant to successful, quick pwnage with few or no tracks. Neato!

[Nov 06, 2016] Russia expects Washington to provide an explanation after a report claimed that Pentagon cyber-offensive specialists have hacked into Russias power grids, telecommunications networks, and the Kremlins command systems for a possible sabotage

Nov 06, 2016 | www.moonofalabama.org

Molin | Nov 5, 2016 7:21:49 AM | 52

Obama hack Russia openly,

"Russia expects Washington to provide an explanation after a report claimed that Pentagon cyber-offensive specialists have hacked into Russia's power grids, telecommunications networks, and the Kremlin's command systems for a possible sabotage."

https://www.rt.com/news/365423-russia-us-hacker-grid/

[Oct 30, 2016] Speaking also of Pedesta email it is interesting that it was Podesta who make mistake of assessing phishing email link, probably accidentally

turcopolier.typepad.com

mistah charley, ph.d. said... 30 October 2016 at 09:13 AM

Speaking also of Podesta's email, not Huma's, the following is interesting:

http://www.cnn.com/2016/10/28/politics/phishing-email-hack-john-podesta-hillary-clinton-wikileaks/index.html

Briefly, it seems Podesta received an email "You need to change your password", asked for professional advice from his staff if it was legit, was told "Yes, you DO need to change your password", but then clicked on the link in the original email, which was sent him with malicious intent, as he suspected at first and then was inappropriately reassured about - rather than on the link sent him by the IT staffer.

Result - the "phishing" email got his password info, and the world now gets to see all his emails.

Personally, my hope is that Huma and HRC will be pardoned for all their crimes, by Obama, before he leaves office.

Then I hope that Huma's divorce will go through, and that once Hillary is sworn in she will at last be courageous enough to divorce Bill (who actually performed the Huma-Anthony Weiner nuptials - you don't have to make these things up).

Then it could happen that the first same-sex marriage will be performed in the White House, probably by the minister of DC's Foundry United Methodist Church, which has a policy of LBGQT equality. Or maybe Hillary, cautious and middle-of-the-road as usual, will go to Foundry UMC sanctuary for the ceremony, recognizing that some Americans' sensibilities would be offended by having the rite in the White House.

As Nobel Laureate Bob Dylan wrote, "Love is all there is, it makes the world go round, love and only love, it can't be denied. No matter what you think about it, you just can't live without it, take a tip from one who's tried."

[Oct 29, 2016] A recent linguistic analysis cited in the New York Times speculates without any real trace of evidence that the hackers language in threats against Sony was written by a native Russian speaker and not a native Korean speaker

Notable quotes:
"... An important thing about that Time article regarding the Sony Hack is that it is almost two years old. Important because I'm still having to tell people that despite what the President and the government said North Korea didn't hack Sony because of a really bad movie, but that insiders did it for reasons that were never part of the media blitz about it. And believe me, considering that Clinton is lying through her teeth beyond even the government about this, I point this out a lot. ..."
"... Something that jumped out at me in December 2014 was a blog post by David E Martin. His blog post more or less laid out the whole game plan–and in so doing, I suspect he thwarted the planned story line. It was amazing to read that the whole plot had actually been presented to Congress years before. ..."
"... I'm inferring his intention in writing the post was to spill enough beans to prevent a catastrophic false flag event, as that is why he wrote his book "Coup d'Twelve" . (He spoke about this on numerous radio interviews at the time, and as also discussed it in person.) ..."
"... Never let an opportunity for a bit of Russian bashing go to waste it seems. Is there anything at all in the history of the entire world that the Russians aren't responsible for? ..."
www.nakedcapitalism.com
Pat October 26, 2016 at 2:21 pm

An important thing about that Time article regarding the Sony Hack is that it is almost two years old. Important because I'm still having to tell people that despite what the President and the government said North Korea didn't hack Sony because of a really bad movie, but that insiders did it for reasons that were never part of the media blitz about it. And believe me, considering that Clinton is lying through her teeth beyond even the government about this, I point this out a lot.

TheCatSaid October 26, 2016 at 8:32 pm

Something that jumped out at me in December 2014 was a blog post by David E Martin. His blog post more or less laid out the whole game plan–and in so doing, I suspect he thwarted the planned story line. It was amazing to read that the whole plot had actually been presented to Congress years before.

I'm inferring his intention in writing the post was to spill enough beans to prevent a catastrophic false flag event, as that is why he wrote his book "Coup d'Twelve" . (He spoke about this on numerous radio interviews at the time, and as also discussed it in person.)

Foy October 26, 2016 at 9:09 pm

I had to laugh when I read this in the article though:

"A recent linguistic analysis cited in the New York Times found that the hackers' language in threats against Sony was written by a native Russian speaker and not a native Korean speaker."

Never let an opportunity for a bit of Russian bashing go to waste it seems. Is there anything at all in the history of the entire world that the Russians aren't responsible for?

[Oct 29, 2016] Phishing for Fools, Hipster Edition

Oct 29, 2016 | www.nakedcapitalism.com
allan October 28, 2016 at 10:19 pm

Phishing for Fools, Hipster Edition:

Emails show how Clinton campaign chairman apparently hacked [AP]

New evidence appears to show how hackers earlier this year stole more than 50,000 emails of Hillary Clinton's campaign chairman, an audacious electronic attack blamed on Russia's government and one that has resulted in embarrassing political disclosures about Democrats in the final weeks before the U.S. presidential election.

The hackers sent John Podesta an official-looking email on Saturday, March 19, that appeared to come from Google. It warned that someone in Ukraine had obtained Podesta's personal Gmail password and tried unsuccessfully to log in, and it directed him to a website where he should "change your password immediately."

Podesta's chief of staff, Sara Latham, forwarded the email to the operations help desk of Clinton's campaign, where staffer Charles Delavan in Brooklyn, New York, wrote back 25 minutes later, "This is a legitimate email. John needs to change his password immediately."

But the email was not authentic. …

Lambert Strether Post author October 29, 2016 at 12:49 am

And if the ploy was that low-grade, that means that the Russki superbrains in the KGB didn't have to be behind it. Dear Lord.

This really is a hubris followed by nemesis thing, isn't it? And how sad it is, how tragic, that it was Brooklyn that brought Podesta down. Somehow I think Delavan is going to have a hard time getting a job in politics again, but he did the country a great service.

TheCatSaid October 29, 2016 at 1:17 pm

Social engineering wins again. This was something I learned about long ago when Black Box Voting.org started (approx. 2004). It was one of the many vulnerabilities in various points of election systems, both with paper and paperless. Very easy to get officials to reveal passwords that allowed access–that's in addition to the corruption situations. (Or rather, the social engineering angle would be just one of the tools used by insiders.)

[Oct 28, 2016] Note on propagandists masquerading as security experts

All their arguments does not stand even entry level programmer scrutiny. Especially silly are "Russian keyboard and timestamps" argument. As if, say Israelis or, say, Estonians, or any other country with sizable Russian speaking population can't use those to direct investigation at the wrong track ;-).
If I were a Russian hacker trying to penetrate into DNC servers I would use only NSA toolkit and libraries that I can find on black market. First on all they are reasonably good. the second that help to direct people to in a wrong direction. and if knew Spanish or English or French reasonably well I would use them exclusively. If not I would pay for translation of set of variables into those languages and "forget" to delete symbol table in one of the module giving raw meat to idiots like those.
Actually you can find a lot of such people even in London, Paris, Madrid and NYC, and some of them really do not like the US neoliberal administration with its unending wars of expansion of neoliberal empire :-) But still they are considered to be "security expert". When you hear now the word "security expert", please substitute it for "security charlatan" for better comprehensions -- that's almost always the case about people posing as security experts for MSM. The only reliable exception are whistleblowers -- those people sacrifices their lucrative carriers for telling the truth, so they can usually be trusted. They might exaggerate things on the negative side, though. I personally highly respect William Binney.
The "regular" security expects especially from tiny, struggling security companies in reality they are low paid propagandists amplifying the set of prepared talking point. The arguments are usually pretty childish. BTW, after the USA/Israeli operation against Iran using Stixnet and Flame in Middle East, complex Trojans are just commonplace and are actually available to more or less qualified hacker, or even a unqualified person with some money and desire to take risks.
I especially like the phrase "beyond a reasonable doubt that the hack was in fact an operation of the Russian state." Is not this a slander, or what ? Only two cagagiry of peopel: impetcils and paid presstitutes has think about complex hacking operation origin "beyond reasonable doubt")
observer.com

Oct 28, 2016 | observer.com

Original title: 7 Reasons Security Firms Believe the Russian State Hacked the DNC

Originally from: Bloomberg

• 10/26/16 1:02pm

How do we really know that the breaches of the Democratic National Committee were conducted by organizations working on behalf of the Russian state? With the CIA considering a major counterstrike against the superpower, as NBC has reported , it's worthwhile for the public to measure how confident we can be that Putin's government actually deserves retribution.

"When you're investigating a cybersecurity breach, no one knows whether you're a Russian hacker or a Chinese hacker pretending to be a Russian hacker or even a U.S. hacker pretending to be a Chinese hacker pretending to be a Russian hacker," reporter Jordan Robertson says during the third episode of a solid new podcast from Bloomberg, called "Decrypted." In the new episode, he and fellow reporter Aki Ito break down the facts that put security experts beyond a reasonable doubt that the hack was in fact an operation of the Russian state.

Here are the key points:

  • Familiar techniques. Crowdstrike came in first, once DNC IT teams suspected breaches and recognized the techniques of the two groups it calls Cozy Bear and Fancy Bear. Others refer to them as APT 28 and 29, where APT stands for " Advanced Persistent Threat ." Crowdstrike's co-founder Dmitri Alperovitch broke down his reasoning on its blog , writing, "We've had lots of experience with both of these actors attempting to target our customers in the past and know them well. In fact, our team considers them some of the best adversaries out of all the numerous nation-state, criminal and hacktivist/terrorist groups we encounter on a daily basis."
  • Redundancy is Russian. The Crowdstrike post explains that the fact that two organizations were inside and apparently not working together is consistent with Russian operations. " While you would virtually never see Western intelligence agencies going after the same target without de-confliction for fear of compromising each other's operations, in Russia this is not an uncommon scenario," Alperovitch writes.
  • Such nice code. Bloomberg turns to an ex-cop at one of the companies that Crowdstrike recruited to check its work, Mike Buratowski at Fidelis . His company put the code discovered on DNC servers into a virtual environment to test it. "You look at the complexity of what the malware was able to do. The fact that it had the ability to, basically, terminate itself and wipe its tracks, hide its tracks. You know, that's not stuff you see in commoditized malware, really," Buratowski said. In other words, this wasn't the kind of malware a cybercriminal could buy on the black market. It was bespoke stuff made by teams of pros. Buratowski later calls the code "elegant." Motherboard gives examples of phishing emails used , which showed careful attention to detail. Too good, he contends, for one person or a small team to build.
  • Russian keyboards and timestamps. Investigators found evidence in the code that it had been written on a Russian style keyboard and found timestamps across multiple pieces of code consistent with the Russian workday.
  • Motive. This was an extremely complex hack that took a lot of time and effort. Again, the Crowdstrike post helps here. It discusses evidence that the spies returned to the scene of the crime repeatedly to change out code to avoid detection. Buratowski refers to it as an entity with more operational discipline than an individual or a loose group could sustain. Which begs the question: who but a nation-state would have sufficient motive to work that hard? Further, the same groups were linked both to the hacks on John Podesta and Colin Powell , which suggests a multi-front initiative. That goes beyond what a hacker collective might do for bragging rights or lulz.
  • Information war. The DNC emails dropped the day before the party's national convention. "Releasing the emails the evening before the convention started? Now you're looking at it like: that really smacks of an information operation," Buratowski says.
  • Official attribution from the US government . Washington sees evidence of breaches all the time. It seldom points the finger at specific states, the Decrypted team argues. The fact that it has is powerful. "There are ways the government can really know what's going on," Robertson said, "in a way that no private cybersecurity could ever match."

From there, the podcast asks: what does this hack mean for the U.S. election. They come to basically the same conclusions that the Observer did in September : voting systems are very safe-voter rolls are less so, but nation-states probably want to discredit our system more than they want to change outcomes.

How sure can we be? Buratowski says, "Barring seeing someone at a keyboard or a confession, you're relying on that circumstantial evidence." So, we can never really know for sure. In fact, even Crowdstrike's attribution is based on prior experience, which assumes that they have attributed other hacks correctly in the past. Former congressional staffer Richard Diamond in USA Today argues that the hacks can be explained by bad passwords, but he also neglects to counter Crowdstrike's descriptions of the sophisticated code placed inside the servers. From Bloomberg's version of events, how the hackers got in was really the least interesting part of their investigation.

So what does it all mean? It's natural for political junkies to wonder if there might be further disclosures coming before Election Day, but - if this is an information operation-it might be even more disruptive to hold documents until after the election in order to throw doubt on our final choice. Either way, further disclosures will probably come.

[Oct 28, 2016] I find the whole hysteria over Russian hacking very one-sided.

Notable quotes:
"... I find the whole hysteria over Russian hacking very one-sided. If the US takes it upon itself, out of sincere concern, to help out "moderates" in overthrowing a repressive, evil government in Syria, Libya and Iraq, maybe the same thing happening to the US itself is not that weird? Here is a tyrannical government with little regard for its demotivated and demoralized citizens who can not on their own displace it. This government threatens nuclear war and kills an unjustified number of its own citizens. Its public infrastructure is in ruins and oligarchy is everywhere. In the past the US has set the example for dealing with such troubled states; its time the doctor took his own medicine. ..."
"... Ahhhh, but that exactly where the "exceptional" clause kicks in. You see, America is justified in intervening in other countries' business because we see further, with a clearer gaze and a purer heart, than any other country in the world. Mired as they are in ignorance or inertia, no other country is qualified to judge us, and any mistakes that we make only occur because of the depths of our love for others and our passion for freedom. ..."
"... America has entered one of its periods of historical madness, but this the worst I can remember: worse than McCarthyism, worse that the Bay of Pigs and in the long term potentially more disastrous than the Vietnam War. ~John le Carre ..."
"... It is terrifying to watch Clinton rave about adopting a more "muscular, aggressive" approach to foreign affairs - with little or no push back from the national media, either party or even many citizens. Hell, they are applause lines at her rallies. ..."
"... If 15 years of endless wars, trillions of dollars of wasted money, hundreds of thousands of casualties on all sides and metastasizing terrorist threat with no end in sight doesn't give one a little pause before advocating more of the same, then we might have a problem. ..."
"... Hillary said twice during the debates that "America is great because America is good." Translation: We can do whatever we damn well please because we can. Lord, help us all. I'm so sick of hearing this and our endless criminal wars. ..."
www.nakedcapitalism.com

Bjornasson October 26, 2016 at 3:20 pm

I find the whole hysteria over Russian hacking very one-sided. If the US takes it upon itself, out of sincere concern, to help out "moderates" in overthrowing a repressive, evil government in Syria, Libya and Iraq, maybe the same thing happening to the US itself is not that weird? Here is a tyrannical government with little regard for its demotivated and demoralized citizens who can not on their own displace it. This government threatens nuclear war and kills an unjustified number of its own citizens. Its public infrastructure is in ruins and oligarchy is everywhere. In the past the US has set the example for dealing with such troubled states; its time the doctor took his own medicine.

reslez October 26, 2016 at 5:07 pm

The "evidence" for Russian hacking is so suspect that anyone who repeats the story instantly stamps themselves as either a con or a mark. It's depressing to see media corruption so blatantly displayed. Now I know what 2003 must have felt like (I was too young to have much of an opinion back then).

Gareth October 26, 2016 at 6:21 pm

The "17 intelligence agencies" claim is complete Clinton bullshit. I'm kind of amazed that journalists are now stating this as fact. I could say I'm shocked but nothing the presstitutes do surprises me anymore. They are busy preening for their future White House access. It kind of makes me want to get drunk and vote for the orange haired guy.

Kokuanani October 26, 2016 at 6:57 pm

Just finished trying to "re-educate" my husband after he listened to [and apparently believed] a report in the CBS Evening News on the "Russian hacking of Clinton's e-mails." They reported it as complete "fact," without even a perfunctory "alleged."

Too difficult to do this correction one person at a time, while the networks have such massive reach.

Kurt Sperry October 26, 2016 at 9:42 pm

It *is* highly asymmetric warfare. And as is normal when working the insurgent side, the trick isn't to try to win by a large number of winning individual engagements, but rather of delegitimatizing the side with the resource advantage in a broader, cultural way. Delegitimize the mainstream media actively. If you win the culture war, you win the political war too just as a bonus. Tell the truth, unapologetically. That's as bad-ass as it gets.

WJ October 26, 2016 at 10:30 pm

This is sound advice. Problem is, how to delegitimate media generally? Actual insurgents avoid direct confrontations with superior occupying power and opt for a variety of other strategies of attack, including: IED's, flash attacks, suicide bombings, disruption of civilian life, etc. What are some equivalent, concrete (and legal) strategies for disrupting the order of imposed media? The use of social media seems to be one option, and maybe the most successful. Yet this tends to reach only certain segments of population who are unlikely to watch CNN or read the Post in any case. How can one harm the media powers where it hurts them most, by reaching and disrupting their actual consumers, who tend to be older, establishment-minded, white, etc…?

Kurt Sperry October 26, 2016 at 11:36 pm

How to delegitimize the media? They are doing that themselves. In spades. Listen to the people around you, they are getting wise to it. Just point it out to anyone who'll listen. It isn't the bombs and attacks that win an insurgency, none of that stuff works if the cause isn't widely understood and shared. The victory is won–to recycle a cliché–in the hearts and minds of the ordinary people. Naked Capitalism is a big ammo depot and we are the grunts and the munitions are ideas. And as I alluded to above, the power of truth. Truth will kick ass and take names if you let it.

Ulysses October 27, 2016 at 10:30 am

"Truth will kick ass and take names if you let it."

Thanks for the spirit-raising exhortation Kurt!! Many Americans are walking around with heads like over-inflated cognitive dissonance balloons. If you listen closely, you can hear these balloons popping off all the time, resulting in yet another person able to confront reality.

Massinissa October 26, 2016 at 7:26 pm

What other intelligence agencies are there than the CIA and NSA? Does anyone know the other 15, and why are these intelligence agencies never spoken of in the media except when its useful for Clinton?

xformbykr October 26, 2016 at 7:33 pm

see http://www.businessinsider.com/17-agencies-of-the-us-intelligence-community-2013-5#

JTMcPhee October 27, 2016 at 3:14 pm

Why is it called a "community?" Cabal? Coven? Hey, isn't the proper collective noun for lawyers (Clintons, Yoo, Meese, Obama, etc.) a "conspiracy?"

Bjornasson October 26, 2016 at 6:09 pm

The idea is essentially that even if the evidence did exist, it should be welcomed with the same enthusiasm that US interventions have in Syria and Libya.

dennison p nyberg October 27, 2016 at 11:24 am

truth

Tom October 26, 2016 at 5:23 pm

Ahhhh, but that exactly where the "exceptional" clause kicks in. You see, America is justified in intervening in other countries' business because we see further, with a clearer gaze and a purer heart, than any other country in the world. Mired as they are in ignorance or inertia, no other country is qualified to judge us, and any mistakes that we make only occur because of the depths of our love for others and our passion for freedom.

abynormal October 26, 2016 at 6:26 pm

America has entered one of its periods of historical madness, but this the worst I can remember: worse than McCarthyism, worse that the Bay of Pigs and in the long term potentially more disastrous than the Vietnam War. ~John le Carre

KILLING MACHINES AND THE MADNESS OF MILITARISM
http://www.artsandopinion.com/2014_v13_n5/giroux-6.htm
by Henry Giroux

Tom October 26, 2016 at 6:48 pm

historical madness/hysterical madness … take your pick.

It is terrifying to watch Clinton rave about adopting a more "muscular, aggressive" approach to foreign affairs - with little or no push back from the national media, either party or even many citizens. Hell, they are applause lines at her rallies.

If 15 years of endless wars, trillions of dollars of wasted money, hundreds of thousands of casualties on all sides and metastasizing terrorist threat with no end in sight doesn't give one a little pause before advocating more of the same, then we might have a problem.

abynormal October 26, 2016 at 7:12 pm

she's a scorned woman beginning with her father. she's passive-aggressive with women…projects her never ending insecurities. SO she has something to prove…vengeance is mine.

First, she'll drone Mercy Street(s)…

Elizabeth October 26, 2016 at 7:58 pm

Hillary said twice during the debates that "America is great because America is good." Translation: We can do whatever we damn well please because we can. Lord, help us all. I'm so sick of hearing this and our endless criminal wars.

Expanding Combat Zone The Dangerous New Rules of Cyberwar

NATO hot-heads are playing with fire. What if other nations attack members for Stuxnet and Flame ?..."James Lewis of the Washington-based Center for Strategic and International Studies (CSIS), one of the country's top cyberwar experts, is somewhat skeptical about the new manual. He sees it as "a push to lower the threshold for military action." For Lewis, responding to a "denial of service" attack with military means is "really crazy." He says the Tallinn manual "shows is that you should never let lawyers go off by themselves."
SPIEGEL ONLINE

Arming for Virtual Battle: The Dangerous New Rules of Cyberwar

By Thomas Darnstaedt, Marcel Rosenbach and Gregor Peter Schmitz

Capt. Carrie Kessler/ U.S. Air Force

Now that wars are also being fought on digital battlefields, experts in international law have established rules for cyberwar. But many questions remain unanswered. Will it be appropriate to respond to a cyber attack with military means in the future?

The attack came via ordinary email, when selected South Korean companies received messages supposedly containing credit card information in the middle of the week before last.

Recipients who opened the emails also opened the door to the enemy, because it was in fact an attack from the Internet. Instead of the expected credit card information, the recipients actually downloaded a time bomb onto their computers, which was programmed to ignite on Wednesday at 2 p.m. Korean time.

At that moment, chaos erupted on more than 30,000 computers in South Korean television stations and banks. The message "Please install an operating system on your hard disk" appeared on the screens of affected computers, and cash machines ceased to operate. The malware, which experts have now dubbed "DarkSeoul," deleted data from the hard disks, making it impossible to reboot the infected computers.

DarkSeoul was one of the most serious digital attacks in the world this year, but cyber defense centers in Western capitals receive alerts almost weekly. The most serious attack to date originated in the United States. In 2010, high-tech warriors, acting on orders from the US president, smuggled the destructive "Stuxnet" computer worm into Iranian nuclear facilities.

The volume of cyber attacks is only likely to grow. Military leaders in the US and its European NATO partners are outfitting new battalions for the impending data war. Meanwhile, international law experts worldwide are arguing with politicians over the nature of the new threat. Is this already war? Or are the attacks acts of sabotage and terrorism? And if a new type of war is indeed brewing, can military means be used to respond to cyber attacks?

The War of the Future

A few days before the computer disaster in Seoul, a group led by NATO published a thin, blue booklet. It provides dangerous responses to all of these questions. The "Tallinn Manual on the International Law Applicable to Cyber Warfare" is probably no thicker than the American president's thumb. It is not an official NATO document, and yet in the hands of President Barack Obama it has the potential to change the world.

The rules that influential international law experts have compiled in the handbook could blur the lines between war and peace and allow a serious data attack to rapidly escalate into a real war with bombs and missiles. Military leaders could also interpret it as an invitation to launch a preventive first strike in a cyberwar.

At the invitation of a NATO think tank in the Estonian capital Tallinn, and at a meeting presided over by a US military lawyer with ties to the Pentagon, leading international law experts had discussed the rules of the war of the future. International law is, for the most part, customary law. Experts determine what is and can be considered customary law.

The resulting document, the "Tallinn Manual," is the first informal rulebook for the war of the future. But it has no reassuring effect. On the contrary, it permits nations to respond to data attacks with the weapons of real war.

Two years ago, the Pentagon clarified where this could lead, when it stated that anyone who attempted to shut down the electric grid in the world's most powerful nation with a computer worm could expect to see a missile in response.

A Private Digital Infrastructure

The risks of a cyberwar were invoked more clearly than ever in Washington in recent weeks. In mid-March, Obama assembled 13 top US business leaders in the Situation Room in the White House basement, the most secret of all secret conference rooms. The group included the heads of UPS, JPMorgan Chase and ExxonMobil. There was only one topic: How can America win the war on the Internet?

The day before, Director of National Intelligence James Clapper had characterized the cyber threat as the "biggest peril currently facing the United States."

The White House was unwilling to reveal what exactly the business leaders and the president discussed in the Situation Room. But it was mostly about making it clear to the companies how threatened they are and strengthening their willingness to cooperate, says Rice University IT expert Christopher Bronk.

The president urgently needs their cooperation, because the US has allowed the laws of the market to govern its digital infrastructure. All networks are operated by private companies. If there is a war on the Internet, both the battlefields and the weapons will be in private hands.

This is why the White House is spending so much time and effort to prepare for possible counterattacks. The aim is to scare the country's enemies, says retired General James Cartwright, author of the Pentagon's current cyber strategy.

Responsible for that strategy is the 900-employee Cyber Command at the Pentagon, established three years ago and located in Fort Meade near the National Security Agency, the country's largest intelligence agency. General Keith Alexander heads both organizations. The Cyber Command, which is expected to have about 4,900 employees within a few years, will be divided into various defensive and offensive "Cyber Mission Forces" in the future.

Wild West Online

It's probably no coincidence that the Tallinn manual is being published now. Developed under the leadership of US military lawyer Michael Schmitt, NATO representatives describe the manual as the "most important legal document of the cyber era."

In the past, Schmitt has examined the legality of the use of top-secret nuclear weapons systems and the pros and cons of US drone attacks. Visitors to his office at the Naval War College in Rhode Island, the world's oldest naval academy, must first pass through several security checkpoints.

"Let's be honest," says Schmitt. "Everyone has treated the Internet as a sort of Wild West, a lawless zone. But international law has to be just as applicable to online weapons as conventional weapons."

It's easier said than done, though. When does malware become a weapon? When does a hacker become a warrior, and when does horseplay or espionage qualify as an "armed attack," as defined under international law? The answers to such detailed questions can spell the difference between war and peace.

James Lewis of the Washington-based Center for Strategic and International Studies (CSIS), one of the country's top cyberwar experts, is somewhat skeptical about the new manual. He sees it as "a push to lower the threshold for military action." For Lewis, responding to a "denial of service" attack with military means is "really crazy." He says the Tallinn manual "shows is that you should never let lawyers go off by themselves."

Claus Kress, an international law expert and the director of the Institute for International Peace and Security Law at the University of Cologne, sees the manual as "setting the course," with "consequences for the entire law of the use of force." Important "legal thresholds," which in the past were intended to protect the world against the military escalation of political conflicts or acts of terror, are becoming "subject to renegotiation," he says.

According to Kress, the most critical issue is the "recognition of a national right of self-defense against certain cyber attacks." This corresponds to a state of defense, as defined under Article 51 of the Charter of the United Nations, which grants any nation that becomes the victim of an "armed attack" the right to defend itself by force of arms. The article gained new importance after Sept. 11, 2001, when the US declared the invasion of Afghanistan an act of self-defense against al-Qaida and NATO proclaimed the application of its mutual defense clause to come to the aid of the superpower.

The question of how malicious malware must be to justify a counterattack can be critical when it comes to preserving peace. Under the new doctrine, only those attacks that cause physical or personal damage, but not virtual damage, are relevant in terms of international law. The malfunction of a computer or the loss of data alone is not sufficient justification for an "armed attack."

But what if, as is often the case, computer breakdowns do not result in physical damage but lead to substantial financial losses? A cyber attack on Wall Street, shutting down the market for several days, was the casus belli among the experts in Tallinn. The US representatives wanted to recognize it as a state of defense, while the Europeans preferred not to do so. But the US military lawyers were adamant, arguing that economic damage establishes the right to launch a counterattack if it is deemed "catastrophic."

Ultimately, it is left to each country to decide what amount of economic damage it considers sufficient to venture into war. German expert Kress fears that such an approach could lead to a "dam failure" for the prohibition of the use of force under international law.

So was it an armed attack that struck South Korea on March 20? The financial losses caused by the failure of bank computers haven't been fully calculated yet. It will be up to politicians, not lawyers, to decide whether they are "catastrophic."

Just how quickly the Internet can become a scene of massive conflicts became evident this month, when suddenly two large providers came under constant digital attack that seemed to appear out of nowhere.

The main target of the attack was the website Spamhaus.org, a project that has been hunting down the largest distributors of spam on the Web since 1998. Its blacklists of known spammers enable other providers to filter out junk email. By providing this service, the organization has made powerful enemies and has been targeted in attacks several times. But the current wave of attacks overshadows everything else. In addition to shutting down Spamhaus, it even temporarily affected the US company CloudFlare, which was helping fend off the attack. Analysts estimate the strength of the attack at 300 gigabits per second, which is several times as high as the level at which the Estonian authorities were "fired upon" in 2007. The attack even affected data traffic in the entire Internet. A group called "Stophaus" claimed responsibility and justified its actions as retribution for the fact that Spamhaus had meddled in the affairs of powerful Russian and Chinese Internet companies.

Civilian forces, motivated by economic interests, are playing cyberwar, and in doing so they are upending all previous war logic.

A Question of When, Not If

A field experiment in the US shows how real the threat is. To flush out potential attackers, IT firm Trend Micro built a virtual pumping station in a small American city, or at least it was supposed to look like one to "visitors" from the Internet. They called it a "honeypot," designed to attract potential attackers on the Web.

The trappers installed servers and industrial control systems used by public utilities of that size. To make the experiment setup seem realistic, they even placed deceptively real-looking city administration documents on the computers.

After only 18 hours, the analysts registered the first attempted attack. In the next four weeks, there were 38 attacks from 14 countries. Most came from computers in China (35 percent), followed by the US (19 percent) and Laos (12 percent).

Many attackers tried to insert espionage tools into the supposed water pumping station to probe the facility for weaknesses. International law does not prohibit espionage. But some hackers went further than that, trying to manipulate or even destroy the control devices.

"Some tried to increase the rotation speed of the water pumps to such a degree that they wouldn't have survived in the real world," says Trend Micro employee Udo Schneider, who categorizes these cases as "classic espionage."

"There is no question as to whether there will be a catastrophic cyber attack against America. The only question is when," says Terry Benzel, the woman who is supposed to protect the country from such an attack and make its computer networks safer. The computer specialist is the head of DeterLab in California, a project that was established in 2003, partly with funding from the US Department of Homeland Security, and offers a simulation platform for reactions to cyber attacks.

Benzel's voice doesn't falter when she describes a war scenario she calls "Cyber Pearl Harbor." This is what it could look like: "Prolonged power outages, a collapse of the power grid and irreparable disruptions in the Internet." Suddenly, food would not reach stores in time and cash machines would stop dispensing money. "Everything depends on computers nowadays, even the delivery of rolls to the baker around the corner," she says.

Benzel also describes other crisis scenarios. For example, she says, there are programs that open and close gates on American dams that are potentially vulnerable. Benzel is worried that a clever hacker could open America's dams at will.

Should Preemptive Strikes Be Allowed?

These and other cases are currently being tested in Cyber City, a virtual city US experts have built on their computers in New Jersey to simulate the consequences of data attacks. Cyber City has a water tower, a train station and 15,000 residents. Everything is connected in realistic ways, enabling the experts to study the potentially devastating effects cyber attacks could have on residents.

In Europe, it is primarily intelligence agencies that are simulating digital war games. Germany's foreign intelligence service, the Bundesnachrichtendienst (BND), also has a unit that studies the details of future wars. It is telling that the BND team doesn't just simulate defensive situations but increasingly looks at offensive scenarios, as well, so as to be prepared for a sort of digital second strike.

"Offensive Cyber Operations," or OCOs, are part of the strategy for future cyberwars in several NATO countries. The Tallinn manual now establishes the legal basis for possible preemptive strikes, which have been an issue in international law since former US President George W. Bush launched a preemptive strike against Iraq in March 2003.

The most contentious issue during the meetings in Tallinn was the question of when an offensive strike is permissible as an act of preventive self-defense against cyber attacks. According to the current doctrine, an attack must be imminent to trigger the right to preventive self-defense. The Tallinn manual is more generous in this respect, stating that even if a digital weapon is only likely to unfold its sinister effects at a later date, a first strike can already be justified if it is the last window of opportunity to meet the threat.

The danger inherent in the application of that standard becomes clear in the way that the international law experts at Tallinn treated Stuxnet, the most devastating malware to date, which was apparently smuggled into Iranian nuclear facilities on Obama's command. The data attack destroyed large numbers of centrifuges used for uranium enrichment in the Natanz reprocessing plant. Under the criteria of the Tallinn manual, this would be an act of war.

Could the US be the perpetrator in a war of aggression in violation of international law? Cologne international law expert Kress believes that what the Tallinn manual says parenthetically about the Stuxnet case amounts to a "handout for the Pentagon," namely that Obama's digital attack might be seen as an "act of preventive self-defense" against the nuclear program of Iran's ayatollahs.

The Fog of Cyber War

According to the Tallinn interpretation, countless virtual espionage incidents of the sort that affect all industrialized nations almost daily could act as accelerants. Pure cyber espionage, which American politicians also define as an attack, is not seen an act of war, according to the Tallinn rules. Nevertheless, the international law experts argue that such espionage attacks can be seen as preparations for destructive attacks, so that it can be legitimate to launch a preventive attack against the spy as a means of self-defense.

Some are especially concerned that the Tallinn proposals could also make it possible to expand the rules of the "war on terror." The authors have incorporated the call of US geostrategic expert Joseph Nye to take precautions against a "cyber 9/11" into their manual. This would mean that the superpower could even declare war on organized hacker groups. Combat drones against hackers? Cologne expert Kress cautions that the expansion of the combat zone to the laptops of an only loosely organized group of individuals would constitute a "threat to human rights."

Germany's military, the Bundeswehr, is also voicing concerns over the expansion of digital warfare. Karl Schreiner, a brigadier general with the Bundeswehr's leadership academy in Hamburg, is among those who see the need for "ethical rules" for the Internet battlefield and believe that an international canon for the use of digital weapons is required.

Military leaders must rethink the most important question relating to defense in cyberspace: Who is the attacker? "In most cases," the Tallinn manual reads optimistically, it is possible to identify the source of data attacks. But that doesn't coincide with the experiences of many IT security experts.

The typical fog of cyberwar was evident most recently in the example of South Korea. At first, officials said that DarkSeoul was clearly an attack from the north, but then it was allegedly traced to China, Europe and the United States. Some analysts now suspect patriotically motivated hackers in North Korea, because of the relatively uncomplicated malware. That leaves the question of just who South Korea should launch a counterattack against.

The South Korean case prompts Cologne international law expert Kress to conclude that lawyers will soon have a "new unsolved problem" on their hands -- a "war on the basis of suspicion."

[Jun 23, 2013] Meet The Man In Charge Of America's Secret Cyber Army (In Which Bonesaw Makes A Mockery Of PRISM)

06/22/2013 | Zero Hedge

With his revelations exposing the extent of potential, and actual, pervasive NSA surveillance over the American population, Edward Snowden has done a great service for the public by finally forcing it to answer the question: is having Big Brother peek at every private communication and electronic information, a fair exchange for the alleged benefit of the state's security. Alas, without further action form a population that appears largely numb and apathetic to disclosures that until recently would have sparked mass protests and toppled presidents, the best we can hope for within a political regime that has hijacked the democratic process, is some intense introspection as to what the concept of "America" truly means.

However, and more importantly, what Snowden's revelations have confirmed, is that behind the scenes, America is now actively engaged in a new kind of war: an unprecedented cyber war, where collecting, deciphering, intercepting, and abusing information is the only thing that matters and leads to unprecedented power, and where enemies both foreign and domestic may be targeted without due process based on a lowly analyst's "whim."

It has also put spotlight on the man, who until recently deep in the shadows, has been responsible for building America's secret, absolutely massive cyber army, and which according to a just released Wired profile is "capable of launching devastating cyberattacks. Now it's ready to unleash hell."

Meet General Keith Alexander, "a man few even in Washington would likely recognize", which is troubling because Alexander is now quite possibly the most powerful person in the world, that nobody talks about. Which is just the way he likes it.

This is the partial and incomplete story of the man who may now be empowered with more unchecked power than any person in the history of the US, or for that matter, the world. It comes once again, courtesy of the man who over a year before the Guardian's Snowden bombshell broke the story about the NSA's secret Utah data storage facility, James Bamford, and whose intimate knowledge of the NSA's secrets comes by way of being a consultant for the defense team of one Thomas Drake, one of the original NSA whistleblowers (as we learn from the full Wired article).

But first, by way of background, here is a glimpse of Alexander's ultra-secretive kingdom. From Wired:

Inside Fort Meade, Maryland, a top-secret city bustles. Tens of thousands of people move through more than 50 buildings-the city has its own post office, fire department, and police force. But as if designed by Kafka, it sits among a forest of trees, surrounded by electrified fences and heavily armed guards, protected by antitank barriers, monitored by sensitive motion detectors, and watched by rotating cameras. To block any telltale electromagnetic signals from escaping, the inner walls of the buildings are wrapped in protective copper shielding and the one-way windows are embedded with a fine copper mesh.

This is the undisputed domain of General Keith Alexander, a man few even in Washington would likely recognize. Never before has anyone in America's intelligence sphere come close to his degree of power, the number of people under his command, the expanse of his rule, the length of his reign, or the depth of his secrecy. A four-star Army general, his authority extends across three domains: He is director of the world's largest intelligence service, the National Security Agency; chief of the Central Security Service; and commander of the US Cyber Command. As such, he has his own secret military, presiding over the Navy's 10th Fleet, the 24th Air Force, and the Second Army.

Schematically, Alexander's empire consists of the following: virtually every piece in America's information intelligence arsenal.

As the Snowden scandal has unfurled, some glimpses into the "introspective" capabilities of the NSA, and its sister organizations, have demonstrated just how powerful the full "intelligence" arsenal of the US can be.

However, it is when it is facing outward - as it normally does - that things get really scary. Because contrary to prevailing conventional wisdom, Alexander's intelligence and information-derived power is far from simply defensive. In fact, it is when its offensive potential is exposed that the full destructive power in Alexander's grasp is revealed:

In its tightly controlled public relations, the NSA has focused attention on the threat of cyberattack against the US-the vulnerability of critical infrastructure like power plants and water systems, the susceptibility of the military's command and control structure, the dependence of the economy on the Internet's smooth functioning. Defense against these threats was the paramount mission trumpeted by NSA brass at congressional hearings and hashed over at security conferences.

But there is a flip side to this equation that is rarely mentioned: The military has for years been developing offensive capabilities, giving it the power not just to defend the US but to assail its foes. Using so-called cyber-kinetic attacks, Alexander and his forces now have the capability to physically destroy an adversary's equipment and infrastructure, and potentially even to kill. Alexander-who declined to be interviewed for this article-has concluded that such cyberweapons are as crucial to 21st-century warfare as nuclear arms were in the 20th.

And he and his cyberwarriors have already launched their first attack. The cyberweapon that came to be known as Stuxnet was created and built by the NSA in partnership with the CIA and Israeli intelligence in the mid-2000s. The first known piece of malware designed to destroy physical equipment, Stuxnet was aimed at Iran's nuclear facility in Natanz. By surreptitiously taking control of an industrial control link known as a Scada (Supervisory Control and Data Acquisition) system, the sophisticated worm was able to damage about a thousand centrifuges used to enrich nuclear material.

The success of this sabotage came to light only in June 2010, when the malware spread to outside computers. It was spotted by independent security researchers, who identified telltale signs that the worm was the work of thousands of hours of professional development. Despite headlines around the globe, officials in Washington have never openly acknowledged that the US was behind the attack. It wasn't until 2012 that anonymous sources within the Obama administration took credit for it in interviews with The New York Times.

But Stuxnet is only the beginning. Alexander's agency has recruited thousands of computer experts, hackers, and engineering PhDs to expand US offensive capabilities in the digital realm. The Pentagon has requested $4.7 billion for "cyberspace operations," even as the budget of the CIA and other intelligence agencies could fall by $4.4 billion. It is pouring millions into cyberdefense contractors. And more attacks may be planned.

Alexander's background is equally impressive: a classmate of Petraeus and Dempsey, a favorite of Rumsfeld, the General had supreme power written all over his career progression. If reaching the top at all costs meant crushing the fourth amendment and lying to Congress in the process, so be it:

Born in 1951, the third of five children, Alexander was raised in the small upstate New York hamlet of Onondaga Hill, a suburb of Syracuse. He tossed papers for the Syracuse Post-Standard and ran track at Westhill High School while his father, a former Marine private, was involved in local Republican politics. It was 1970, Richard Nixon was president, and most of the country had by then begun to see the war in Vietnam as a disaster. But Alexander had been accepted at West Point, joining a class that included two other future four-star generals, David Petraeus and Martin Dempsey. Alexander would never get the chance to serve in Vietnam. Just as he stepped off the bus at West Point, the ground war finally began winding down.

In April 1974, just before graduation, he married his high school classmate Deborah Lynn Douglas, who grew up two doors away in Onondaga Hill. The fighting in Vietnam was over, but the Cold War was still bubbling, and Alexander focused his career on the solitary, rarefied world of signals intelligence, bouncing from secret NSA base to secret NSA base, mostly in the US and Germany. He proved a competent administrator, carrying out assignments and adapting to the rapidly changing high tech environment. Along the way he picked up masters degrees in electronic warfare, physics, national security strategy, and business administration. As a result, he quickly rose up the military intelligence ranks, where expertise in advanced technology was at a premium.

In 2001, Alexander was a one-star general in charge of the Army Intelligence and Security Command, the military's worldwide network of 10,700 spies and eavesdroppers. In March of that year he told his hometown Syracuse newspaper that his job was to discover threats to the country. "We have to stay out in front of our adversary," Alexander said. "It's a chess game, and you don't want to lose this one." But just six months later, Alexander and the rest of the American intelligence community suffered a devastating defeat when they were surprised by the attacks on 9/11. Following the assault, he ordered his Army intercept operators to begin illegally monitoring the phone calls and email of American citizens who had nothing to do with terrorism, including intimate calls between journalists and their spouses. Congress later gave retroactive immunity to the telecoms that assisted the government.

In 2003, Alexander, a favorite of defense secretary Donald Rumsfeld, was named the Army's deputy chief of staff for intelligence, the service's most senior intelligence position. Among the units under his command were the military intelligence teams involved in the human rights abuses at Baghdad's Abu Ghraib prison. Two years later, Rumsfeld appointed Alexander-now a three-star general-director of the NSA, where he oversaw the illegal, warrantless wiretapping program while deceiving members of the House Intelligence Committee. In a publicly released letter to Alexander shortly after The New York Times exposed the program, US representative Rush Holt, a member of the committee, angrily took him to task for not being forthcoming about the wiretapping: "Your responses make a mockery of congressional oversight."

In short: Emperor Alexander.

Inside the government, the general is regarded with a mixture of respect and fear, not unlike J. Edgar Hoover, another security figure whose tenure spanned multiple presidencies. "We jokingly referred to him as Emperor Alexander-with good cause, because whatever Keith wants, Keith gets," says one former senior CIA official who agreed to speak on condition of anonymity. "We would sit back literally in awe of what he was able to get from Congress, from the White House, and at the expense of everybody else."

What happened next in Alexander's career some time in the mid 2000's, was Stuxnet: the story of the crushing virus that nearly destroyed the Iranian nuclear program has been widely documented on these pages and elsewhere, so we won't recount the Wired article's details. However, what was very odd about the Stuxnet attack is that such a brilliantly conceived and delivered virus could ultimately be uncovered and traced back to the NSA and Israel. It was almost too good. Still, what happened after the revelation that Stuxnet could be traced to Fort Meade, is that the middle-east, supposedly, promptly retaliated:

Sure enough, in August 2012 a devastating virus was unleashed on Saudi Aramco, the giant Saudi state-owned energy company. The malware infected 30,000 computers, erasing three-quarters of the company's stored data, destroying everything from documents to email to spreadsheets and leaving in their place an image of a burning American flag, according to The New York Times. Just days later, another large cyberattack hit RasGas, the giant Qatari natural gas company. Then a series of denial-of-service attacks took America's largest financial institutions offline. Experts blamed all of this activity on Iran, which had created its own cyber command in the wake of the US-led attacks. James Clapper, US director of national intelligence, for the first time declared cyberthreats the greatest danger facing the nation, bumping terrorism down to second place. In May, the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team issued a vague warning that US energy and infrastructure companies should be on the alert for cyberattacks. It was widely reported that this warning came in response to Iranian cyberprobes of industrial control systems. An Iranian diplomat denied any involvement.

The cat-and-mouse game could escalate. "It's a trajectory," says James Lewis, a cyber­security expert at the Center for Strategic and International Studies. "The general consensus is that a cyber response alone is pretty worthless. And nobody wants a real war." Under international law, Iran may have the right to self-defense when hit with destructive cyberattacks. William Lynn, deputy secretary of defense, laid claim to the prerogative of self-defense when he outlined the Pentagon's cyber operations strategy. "The United States reserves the right," he said, "under the laws of armed conflict, to respond to serious cyberattacks with a proportional and justified military response at the time and place of our choosing." Leon Panetta, the former CIA chief who had helped launch the Stuxnet offensive, would later point to Iran's retaliation as a troubling harbinger. "The collective result of these kinds of attacks could be a cyber Pearl Harbor," he warned in October 2012, toward the end of his tenure as defense secretary, "an attack that would cause physical destruction and the loss of life."

Almost too good... Because what the so-called hacker "retaliations" originating from Iran, China, Russia, etc, led to such laughable outcomes as DDOS attacks against - to unprecedented media fanfare - the portals of such firms as JPMorgan and Wells Fargo, and as Wired adds, "if Stuxnet was the proof of concept, it also proved that one successful cyberattack begets another. For Alexander, this offered the perfect justification for expanding his empire."

The expansion that took place next for Alexander and his men, all of it under the Obama regime, was simply unprecedented (and that it steamrolled right through the "sequester" was perfectly expected):

[D]ominance has long been their watchword. Alexander's Navy calls itself the Information Dominance Corps. In 2007, the then secretary of the Air Force pledged to "dominate cyberspace" just as "today, we dominate air and space." And Alexander's Army warned, "It is in cyberspace that we must use our strategic vision to dominate the information environment." The Army is reportedly treating digital weapons as another form of offensive capability, providing frontline troops with the option of requesting "cyber fire support" from Cyber Command in the same way they request air and artillery support.

All these capabilities require a giant expansion of secret facilities. Thousands of hard-hatted construction workers will soon begin erecting cranes, driving backhoes, and emptying cement trucks as they expand the boundaries of NSA's secret city eastward, increasing its already enormous size by a third. "You could tell that some of the seniors at NSA were truly concerned that cyber was going to engulf them," says a former senior Cyber Command official, "and I think rightfully so."

In May, work began on a $3.2 billion facility housed at Fort Meade in Maryland. Known as Site M, the 227-acre complex includes its own 150-megawatt power substation, 14 administrative buildings, 10 parking garages, and chiller and boiler plants. The server building will have 90,000 square feet of raised floor-handy for supercomputers-yet hold only 50 people. Meanwhile, the 531,000-square-foot operations center will house more than 1,300 people. In all, the buildings will have a footprint of 1.8 million square feet. Even more ambitious plans, known as Phase II and III, are on the drawing board. Stretching over the next 16 years, they would quadruple the footprint to 5.8 million square feet, enough for nearly 60 buildings and 40 parking garages, costing $5.2 billion and accommodating 11,000 more cyberwarriors.

In short, despite the sequestration, layoffs, and furloughs in the federal government, it's a boom time for Alexander. In April, as part of its 2014 budget request, the Pentagon asked Congress for $4.7 billion for increased "cyberspace operations," nearly $1 billion more than the 2013 allocation. At the same time, budgets for the CIA and other intelligence agencies were cut by almost the same amount, $4.4 billion. A portion of the money going to Alexander will be used to create 13 cyberattack teams.

In the New Normal, the CIA is no longer relevant: all that matters are Alexanders' armies of hackers and computer geeks.

But not only has the public espionage sector been unleashed: the private sector is poised to reap a killing (pardon the pun) too...

What's good for Alexander is good for the fortunes of the cyber-industrial complex, a burgeoning sector made up of many of the same defense contractors who grew rich supplying the wars in Iraq and Afghanistan. With those conflicts now mostly in the rearview mirror, they are looking to Alexander as a kind of savior. After all, the US spends about $30 billion annually on cybersecurity goods and services.

In the past few years, the contractors have embarked on their own cyber building binge parallel to the construction boom at Fort Meade: General Dynamics opened a 28,000-square-foot facility near the NSA; SAIC cut the ribbon on its new seven-story Cyber Innovation Center; the giant CSC unveiled its Virtual Cyber Security Center. And at consulting firm Booz Allen Hamilton, where former NSA director Mike McConnell was hired to lead the cyber effort, the company announced a "cyber-solutions network" that linked together nine cyber-focused facilities. Not to be outdone, Boeing built a new Cyber Engagement Center. Leaving nothing to chance, it also hired retired Army major general Barbara Fast, an old friend of Alexander's, to run the operation. (She has since moved on.)

Defense contractors have been eager to prove that they understand Alexander's worldview. "Our Raytheon cyberwarriors play offense and defense," says one help-wanted site. Consulting and engineering firms such as Invertix and Parsons are among dozens posting online want ads for "computer network exploitation specialists." And many other companies, some unidentified, are seeking computer and network attackers. "Firm is seeking computer network attack specialists for long-term government contract in King George County, VA," one recent ad read. Another, from Sunera, a Tampa, Florida, company, said it was hunting for "attack and penetration consultants."

It gets better: all those anti-virus programs you have on computer to "make it safe" from backdoors and trojans? Guess what - they are the backdoors and trojans!

One of the most secretive of these contractors is Endgame Systems, a startup backed by VCs including Kleiner Perkins Caufield & Byers, Bessemer Venture Partners, and Paladin Capital Group. Established in Atlanta in 2008, Endgame is transparently antitransparent. "We've been very careful not to have a public face on our company," former vice president John M. Farrell wrote to a business associate in an email that appeared in a WikiLeaks dump. "We don't ever want to see our name in a press release," added founder Christopher Rouland. True to form, the company declined Wired's interview requests.

Perhaps for good reason: According to news reports, Endgame is developing ways to break into Internet-connected devices through chinks in their antivirus armor. Like safecrackers listening to the click of tumblers through a stethoscope, the "vulnerability researchers" use an extensive array of digital tools to search for hidden weaknesses in commonly used programs and systems, such as Windows and Internet Explorer. And since no one else has ever discovered these unseen cracks, the manufacturers have never developed patches for them.

Thus, in the parlance of the trade, these vulnerabilities are known as "zero-day exploits," because it has been zero days since they have been uncovered and fixed. They are the Achilles' heel of the security business, says a former senior intelligence official involved with cyberwarfare. Those seeking to break into networks and computers are willing to pay millions of dollars to obtain them.

Such as the US government. But if you thought PRISM was bad you ain't seen nuthin' yet. Because tying it all together is Endgame's appropriately named "Bonesaw" - what it is is practically The Matrix transplanted into the real cyber world.

According to Defense News' C4ISR Journal and Bloomberg Businessweek, Endgame also offers its intelligence clients-agencies like Cyber Command, the NSA, the CIA, and British intelligence-a unique map showing them exactly where their targets are located. Dubbed Bonesaw, the map displays the geolocation and digital address of basically every device connected to the Internet around the world, providing what's called network situational awareness. The client locates a region on the password-protected web-based map, then picks a country and city- say, Beijing, China. Next the client types in the name of the target organization, such as the Ministry of Public Security's No. 3 Research Institute, which is responsible for computer security-or simply enters its address, 6 Zhengyi Road. The map will then display what software is running on the computers inside the facility, what types of malware some may contain, and a menu of custom-designed exploits that can be used to secretly gain entry. It can also pinpoint those devices infected with malware, such as the Conficker worm, as well as networks turned into botnets and zombies- the equivalent of a back door left open.

Bonesaw also contains targeting data on US allies, and it is soon to be upgraded with a new version codenamed Velocity, according to C4ISR Journal. It will allow Endgame's clients to observe in real time as hardware and software connected to the Internet around the world is added, removed, or changed.

More on Bonesaw:

Marketing documents say "the Bonesaw platform provides a complete environment for intelligence analysts and mission planners to take a holistic approach to target discovery, reducing the time to create actionable intelligence and operational plans from days to minutes."

"Bonesaw is the ability to map, basically every device connected to the Internet and what hardware and software it is," says a company official who requested anonymity. The official points out that the firm doesn't launch offensive cyber ops, it just helps.

Back to Wired:

[S]uch access doesn't come cheap. One leaked report indicated that annual subscriptions could run as high as $2.5 million for 25 zero-day exploits.

That's ok though, the US government is happy to collect taxpayer money so it can pay these venture capital-backed private firms for the best in espionage technology, allowing it to reach, hack and manipulate every computer system foreign. And domestic.

How ironic: US citizens are funding Big Brother's own unprecedented spying program against themselves!

Not only that, but by allowing the NSA to develop and utilize technology that is leaps ahead of everyone else - utilize it against the US citizens themselves - America is now effectively war against itself... Not to mention every other foreign country that is a intelligence interest:

The buying and using of such a subscription by nation-states could be seen as an act of war. "If you are engaged in reconnaissance on an adversary's systems, you are laying the electronic battlefield and preparing to use it," wrote Mike Jacobs, a former NSA director for information assurance, in a McAfee report on cyberwarfare. "In my opinion, these activities constitute acts of war, or at least a prelude to future acts of war." The question is, who else is on the secretive company's client list? Because there is as of yet no oversight or regulation of the cyberweapons trade, companies in the cyber-industrial complex are free to sell to whomever they wish. "It should be illegal," says the former senior intelligence official involved in cyber­warfare. "I knew about Endgame when I was in intelligence. The intelligence community didn't like it, but they're the largest consumer of that business."

And there you have it: US corporations happily cooperating with the US government's own espionage services, however since the only thing that matters in the private sector is the bottom line, the Endgames of the world will gladly sell the same ultra-secret services to everyone else who is willing to pay top dollar: China, Russia, Iran...

in their willingness to pay top dollar for more and better zero-day exploits, the spy agencies are helping drive a lucrative, dangerous, and unregulated cyber arms race, one that has developed its own gray and black markets. The companies trading in this arena can sell their wares to the highest bidder-be they frontmen for criminal hacking groups or terrorist organizations or countries that bankroll terrorists, such as Iran. Ironically, having helped create the market in zero-day exploits and then having launched the world into the era of cyberwar, Alexander now says the possibility of zero-day exploits falling into the wrong hands is his "greatest worry."

Does Alexander have reason to be worried? Oh yes.

In May, Alexander discovered that four months earlier someone, or some group or nation, had secretly hacked into a restricted US government database known as the National Inventory of Dams. Maintained by the Army Corps of Engineers, it lists the vulnerabilities for the nation's dams, including an estimate of the number of people who might be killed should one of them fail. Meanwhile, the 2013 "Report Card for America's Infrastructure" gave the US a D on its maintenance of dams. There are 13,991 dams in the US that are classified as high-hazard, the report said. A high-hazard dam is defined as one whose failure would cause loss of life. "That's our concern about what's coming in cyberspace-a destructive element. It is a question of time," Alexander said in a talk to a group involved in information operations and cyberwarfare, noting that estimates put the time frame of an attack within two to five years. He made his comments in September 2011.

In other words, this massive cyberattack against the US predicted by "Emperor" Alexander, an attack in which as Alexander himself has said cyberweapons represent the 21st century equivalent of nuclear arms (and require in kind retaliation) whether false flag or real, is due... some time right around now.

[Mar 22, 2013] Decade-old espionage malware found targeting government computers

Mar 20 2013 | Ars Technica

"TeamSpy" used digitally signed TeamViewer remote access tool to spy on victims.

Researchers have unearthed a decade-long espionage operation that used the popular TeamViewer remote-access program and proprietary malware to target high-level political and industrial figures in Eastern Europe.

TeamSpy, as the shadow group has been dubbed, collected encryption keys and documents marked as "secret" from a variety of high-level targets, according to a report published Wednesday by Hungary-based CrySyS Lab.

Targets included a Russia-based Embassy for an undisclosed country belonging to both NATO and the European Union, an industrial manufacturer also located in Russia, multiple research and educational organizations in France and Belgium, and an electronics company located in Iran. CrySyS learned of the attacks after Hungary's National Security Authority disclosed intelligence that TeamSpy had hit an unnamed "Hungarian high-profile governmental victim."

Malware used in the attacks indicates that those responsible may have operated for years and may have also targeted figures in a variety of countries throughout the world. Adding intrigue to the discovery, techniques used in the attacks bear a striking resemblance to an online banking fraud ring known as Sheldon, and a separate analysis from researchers at Kaspersky Lab found similarities to the Red October espionage campaign that the Russia-based security firm discovered earlier this year.

"Most likely the same attackers are behind the attacks that span for the last 10 years, as there are clear connections between samples used in different years and campaigns," CrySyS researchers wrote in their report. "Interestingly, the attacks began to gain new momentum in the second half of 2012."

They added: "The attackers surely aim for important targets. This conclusion comes from a number of different facts, including victim IPs, known activities on some targets, traceroute for probably high-profile targets, file names used in information stealing activities, strange paramilitary language of some structures, etc."

The attackers relied on a variety of methods, including the use of a digitally signed version of TeamViewer that has been modified through a technique known as "DLL hijacking" to spy on targets in real-time. Installation of the compromised program also provides attackers with a backdoor to install updates and additional malware. Both the TeamViewer technique and command servers used in the attack harken back to Sheldon. The TeamSpy operation also relies on more traditional malware tools that were custom-built for the purpose of espionage or bank fraud.

According to Kaspersky, the operators infected their victims through a series of "watering hole" attacks that plant malware on websites frequented by the intended victims. When the targets visit the booby-trapped sites, they also become infected. The attackers also injected malware into advertising networks to blanket entire regions. In many cases, much of that attack code used to infect victims was spawned from the Eleonore exploit kit. Domains used to host command and control servers that communicated with infected machines included politnews.org, bannetwork.org, planetanews.org, bulbanews.org, and r2bnetwork.org.

The discovery of TeamSpy is only the latest to reveal an international operation that uses malware to siphon sensitive data from high-profile targets. The most well-known campaign was dubbed Flame. Other surveillance campaigns include Gauss and Duqu, all three of which are believed to have been supported by a well-resourced nation-state. Last year, researchers also uncovered an espionage campaign dubbed Mahdi.

Decade-Old Espionage Malware Found Targeting Government Computers

Slashdot

Researchers have unearthed a decade-long espionage operation that used the popular TeamViewer remote-access program and proprietary malware to target high-level political and industrial figures in Eastern Europe. TeamSpy, as the shadow group has been dubbed, collected encryption keys and documents marked as 'secret' from a variety of high-level targets, according to a report published Wednesday by Hungary-based CrySyS Lab. Targets included a Russia-based Embassy for an undisclosed country belonging to both NATO and the European Union, an industrial manufacturer also located in Russia, multiple research and educational organizations in France and Belgium, and an electronics company located in Iran. CrySyS learned of the attacks after Hungary's National Security Authority disclosed intelligence that TeamSpy had hit an unnamed 'Hungarian high-profile governmental victim.'

erroneus

Suspiscious based on what criteria?

  1. We aren't allowed to use open source and so we have to "trust" every 'signed binary' which executives and leaders want to use. If we could use open source, we could at least read the source and even compile it to ensure the source we read was the binary which was compiled.

  2. When the malware doesn't do "harm" to anything, the sympoms of malware are non-existant. No pop-up ads, no unusual crashing (see note about being unable to use open source... the 'other' operaitng system crashes often enough for inexplicable reasons that no one suspects malware as the cause any longer) and when a commonly used utility program which performs remote access is used, how can it be detected as malware?

Arguably, that it was proprietary and commercial software which was exploited is pretty disturbing. But at the same time, that software makers (and other device and product makers, and service providers too) frequently enter into deals with government to spy on people is unfortunately very common. That the "white-hat" (heh, I accidentally typed "white-hate"... apropos?) nation called the USA has compromised global communications with Echelon and more recently with the much celebrated NSA wiretapping, does not help matters.

I think no one appreciates the value of trust. Once it's lost, it's lost. What amount of trust in government... any government... may have existed, it is gone for most of us.

The unenlightened? Well... they still watch MSM (mainstream media, I have come to know these initials). What hope have they against that?

Anonymous Coward

Re:A strong push for open source in government (Score:1)

I suspect that as more malware and backdoors are discovered in systems used by government, the penny will begin to drop more frequently. Closed source is incompatible with security, by definition, since you cannot validly trust what you cannot see

Bullshit. Open or closed source has no direct bearing on the ability of an attacker to infect a binary. Open source provides more eyes on a given bug or problem, but once compiled and running its the exact same problem.

The article mentions use of a modified signed binary. So tell me how open source is going to remedy that? Unless you're recompiling from scratch (your entire tool chain, plus dependencies) on each launch, you're just as fucked as the next guy. Are you going to checksum the binary in memory each time a method is called? Are you going to encrypt/decrypt on each call? What's to stop an attacker from modifying your checksum code in the same manner as CD checks on games are trivially broken?

The only thing open source is really going to do for you is ensure that if you compile from source, the attack didn't originate from that source. So what?

Anonymous Coward

The fact it's open source IS (or can be) the pathway. If it's a small piece of software that does a specific function that's not of use to many people, your million eyeballs shrink rapidly. And what you're left with (IMO) is a handful of eyeballs thinking "I don't have the time/skills for this, it's open source, I'm sure someone will have looked over it" while no one actually does.

Or someone auditing the code but not the stuff around it, or maybe the code as distributed is clean and will compile into a clean and functioning binary, but the scripts around it actually add some malicious steps if certain criteria are met.

Open source isn't a magic bullet.

[Feb 13, 2013] Welcome to the Malware-Industrial Complex By Tom Simonite

February 13, 2013 | MIT Technology Review

The U.S. government is developing new computer weapons and driving a black market in "zero-day" bugs. The result could be a more dangerous Web for everyone.

Every summer, computer security experts get together in Las Vegas for Black Hat and DEFCON, conferences that have earned notoriety for presentations demonstrating critical security holes discovered in widely used software. But while the conferences continue to draw big crowds, regular attendees say the bugs unveiled haven't been quite so dramatic in recent years.

One reason is that a freshly discovered weakness in a popular piece of software, known in the trade as a "zero-day" vulnerability, can be cashed in for much more than a reputation boost and some free drinks at the bar. Information about such flaws can command prices in the hundreds of thousands of dollars from defense contractors, security agencies and governments.

This trade in zero-day exploits is poorly documented, but it is perhaps the most visible part of a new industry that in the years to come is likely to swallow growing portions of the U.S. national defense budget, reshape international relations, and perhaps make the Web less safe for everyone.

Zero-day exploits are valuable because they can be used to sneak software onto a computer system without detection by conventional computer security measures, such as antivirus packages or firewalls. Criminals might do that to intercept credit card numbers. An intelligence agency or military force might steal diplomatic communications or even shut down a power plant.

It became clear that this type of assault would define a new era in warfare in 2010, when security researchers discovered a piece of malicious software, or malware, known as Stuxnet. Now widely believed to have been a project of U.S. and Israeli intelligence (U.S. officials have yet to publicly acknowledge a role but have done so anonymously to the New York Times and NPR), Stuxnet was carefully designed to infect multiple systems needed to access and control industrial equipment used in Iran's nuclear program. The payload was clearly the work of a group with access to government-scale resources and intelligence, but it was made possible by four zero-day exploits for Windows that allowed it to silently infect target computers. That so many precious zero-days were used at once was just one of Stuxnet's many striking features.

Since then, more Stuxnet-like malware has been uncovered, and it's involved even more complex techniques (see "The Antivirus Era Is Over"). It is likely that even more have been deployed but escaped public notice. Meanwhile, governments and companies in the United States and around the world have begun paying more and more for the exploits needed to make such weapons work, says Christopher Soghoian, a principal technologist at the American Civil Liberties Union.

"On the one hand the government is freaking out about cyber-security, and on the other the U.S. is participating in a global market in vulnerabilities and pushing up the prices," says Soghoian, who says he has spoken with people involved in the trade and that prices range from the thousands to the hundreds of thousands. Even civilian law-enforcement agencies pay for zero-days, Soghoian says, in order to sneak spy software onto suspects' computers or mobile phones.

Exploits for mobile operating systems are particularly valued, says Soghoian, because unlike desktop computers, mobile systems are rarely updated. Apple sends updates to iPhone software a few times a year, meaning that a given flaw could be exploited for a long time. Sometimes the discoverer of a zero day vulnerability receives a monthly payment as long as a flaw remains undiscovered. "As long as Apple or Microsoft has not fixed it you get paid," says Soghioan.

No law directly regulates the sale of zero-days in the United States or elsewhere, so some traders pursue it quite openly. A Bangkok-based security researcher who goes by the name The Grugq tweets about acting as a middleman and has spoken to the press about negotiating deals worth hundreds of thousands of dollars with government buyers from the United States and western Europe. In an argument on Twitter last month, he denied that his business is equivalent to arms dealing, as critics within and outside the computer security community have charged. "An exploit is a component of a toolchain," he tweeted. "The team that produces & maintains the toolchain is the weapon."

Some small companies are similarly up-front about their involvement in the trade. The French security company VUPEN states on its website that it

"provides government-grade exploits specifically designed for the Intelligence community and national security agencies to help them achieve their offensive cyber security and lawful intercept missions."

Last year, employees of the company publicly demonstrated a zero-day flaw that compromised Google's Chrome browser, but they turned down Google's offer of a $60,000 reward if they would share how it worked. What happened to the exploit is unknown.

No U.S. government agency has gone on the record as saying that it buys zero-days. But U.S. defense agencies and companies have begun to publicly acknowledge that they intend to launch as well as defend against cyberattacks, a stance that will require new ways to penetrate enemy computers.

General Keith Alexander, director of the National Security Agency and commander of the U.S. Cyber Command, told a symposium in Washington last October that the United States is prepared to do more than just block computer attacks. "Part of our defense has to consider offensive measures," he said, making him one of the most senior officials to admit that the government will make use of malware. Earlier in 2012 the U.S. Air Force invited proposals for developing "Cyberspace Warfare Attack capabilities" that could "destroy, deny, degrade, disrupt, deceive, corrupt, or usurp the adversaries [sic] ability to use the cyberspace domain for his advantage." And in November, Regina Dugan, the head of the Defense Advanced Research Projects Agency, delivered another clear signal about the direction U.S. defense technology is heading. "In the coming years we will focus an increasing portion of our cyber research on the investigation of offensive capabilities to address military-specific needs," she said, announcing that the agency expected to expand cyber-security research from 8 percent of its budget to 12 percent.

Defense analysts say one reason for the shift is that talking about offense introduces an element of deterrence, an established strategy for nuclear and conventional conflicts. Up to now, U.S. politicians and defense chiefs have talked mostly about the country's vulnerability to digital attacks. Last fall, for example, Defense Secretary Leon Panetta warned frankly that U.S. infrastructure was being targeted by overseas attackers and that a "digital Pearl Harbor" could result (see "U.S. Power Grids, Water Plants a Hacking Target").

Major defense contractors are less forthcoming about their role in making software to attack enemies of the U.S. government, but they are evidently rushing to embrace the opportunity. "It's a growing area of the defense business at the same time that the rest of the defense business is shrinking," says Peter Singer, director of the 21st Century Defense Initiative at the Brookings Institution, a Washington think tank. "They've identified two growth areas: drones and cyber."

Large contractors are hiring many people with computer security skills, and some job openings make it clear there are opportunities to play more than just defense. Last year, Northrop Grumman posted ads seeking people to "plan, execute and assess an Offensive Cyberspace Operation (OCO) mission," and many current positions at Northrop ask for "hands-on experience of offensive cyber operations." Raytheon prefaces its ads for security-related jobs with language designed to appeal to stereotypical computer hackers: "Surfboards, pirate flags, and DEFCON black badges decorate our offices, and our Nerf collection dwarfs that of most toy stores. Our research and development projects cover the spectrum of offensive and defensive security technologies."

The new focus of America's military and defense contractors may concern some taxpayers. As more public dollars are spent researching new ways to attack computer systems, some of that money will go to people like The Grugq to discover fresh zero-day vulnerabilities. And an escalating cycle of competition between U.S and overseas government agencies and contractors could make the world more dangerous for computer users everywhere.

"Every country makes weapons: unfortunately, cyberspace is like that too," says Sujeet Shenoi, who leads the U.S.-government-sponsored Cyber Corps Program at the University of Tulsa. His program trains students for government jobs defending against attacks, but he fears that defense contractors, also eager to recruit these students, are pushing the idea of offense too hard. Developing powerful malware introduces the dangerous temptation to use it, says Shenoi, who fears the consequences of active strikes against infrastructure. "I think maybe the civilian courts ought to get together and bar these kinds of attacks," he says.

The ease with which perpetrators of a computer attack can hide their tracks also raises the risk that such weapons will be used, Shenoi points out. Worse, even if an attack using malware is unsuccessful, there's a strong chance that a copy will remain somewhere on the victim's system-by accident or design-or accidentally find its way onto computer systems not targeted at all, as Stuxnet did. Some security firms have already identified criminal malware that uses methods first seen in Stuxnet (see "Stuxnet Tricks Copied by Criminals").

"The parallel is dropping the atomic bomb but also leaflets with the design of it," says Singer. He estimates that around 100 countries already have cyber-war units of some kind, and around 20 have formidable capabilities: "There's a lot of people playing this game."

[Nov 12, 2012] After Stuxnet The new rules of cyberwar

Stuxnet is definitely a source of a large blowback. It also make the US or Israle or both the first nations which deployed cyber weapon against other nation, without any declaration of war. "In taking this step, the perpetrator not only demonstrated that control systems are vulnerable, but also legitimized this kind of activity by a nation-state, he says."
Computerworld

Three years ago, when electric grid operators were starting to talk about the need to protect critical infrastructure from cyberattacks, few utilities had even hired a chief information security officer.

Then came Stuxnet.

In 2010, that malware, widely reported to have been created by the U.S. and Israel, reportedly destroyed 1,000 centrifuges that Iran was using to enrich uranium after taking over the computerized systems that operated the centrifuges.

Gen. Michael Hayden, principal at security consultancy The Chertoff Group, was director of the National Security Agency, and then the CIA, during the years leading up to the event. "I have to be careful about this," he says,

"but in a time of peace, someone deployed a cyberweapon to destroy what another nation would describe as its critical infrastructure."

In taking this step, the perpetrator not only demonstrated that control systems are vulnerable, but also legitimized this kind of activity by a nation-state, he says.

The attack rattled the industry. "Stuxnet was a game-changer because it opened people's eyes to the fact that a cyber event can actually result in physical damage," says Mark Weatherford, deputy undersecretary for cybersecurity in the National Protection Programs Directorate at the U.S. Department of Homeland Security.

In another development that raised awareness of the threat of cyberwar, the U.S. government in October accused Iran of launching distributed denial-of-service (DDoS) attacks against U.S. financial institutions. In a speech intended to build support for stalled legislation known as the Cybersecurity Act that would enable greater information sharing and improved cybersecurity standards, Defense Secretary Leon Panetta warned that the nation faced the possibility of a "cyber Pearl Harbor" unless action was taken to better protect critical infrastructure.

"Awareness of the problem has been the biggest change" since the release of Stuxnet, says Tim Roxey, chief cybersecurity officer for the North American Electric Reliability Corp. (NERC), a trade group serving electrical grid operators. He noted that job titles such as CISO and cybersecurity officer are much more common than they once were, new cybersecurity standards are now under development, and there's a greater emphasis on information sharing, both within the industry and with the DHS through sector-specific Information Sharing and Analysis Centers. (Read our timeline of critical infrastructure attacks over the years.)

On the other hand, cybersecurity is still not among the top five reliability concerns for most utilities, according to John Pescatore, an analyst at Gartner. Says Roxey: "It's clearly in the top 10." But then, so is vegetation management.

Compounding the challenge is the fact that regulated utilities tend to have tight budgets. That's a big problem, says Paul Kurtz, managing director of international practice at security engineering company CyberPoint International and former senior director for critical infrastructure protection at the White House's Homeland Security Council. "We're not offering cost-effective, measurable solutions," he says. "How do you do this without hemorrhaging cash?"

Should the U.S. Strike Back?

Most best practices on dealing with cyberattacks on critical infrastructure focus on defense: patching vulnerabilities and managing risk. But should the U.S. conduct preemptive strikes against suspected attackers -- or at least hit back?

Gen. Michael Hayden, principal at security consultancy The Chertoff Group, and former director of the NSA and the CIA, says the cybersecurity problem can be understood through the classic risk equation: Risk (R) = threat (T) x vulnerability (V) x consequences (C). "If I can drive any factor down to zero, the risk goes down to zero," he says. So far, most efforts have focused on reducing V, and there's been a shift toward C, with the goal of determining how to rapidly detect an attack, contain the damage and stay online. "But we are only now beginning to wonder, how do I push T down? How do I reduce the threat?" Hayden says. "Do I shoot back?"

The DOD is contemplating the merits of "cross-domain" responses, says James Lewis, senior fellow at the Center for Strategic and International Studies. "We might respond with a missile. That increases the uncertainty for opponents."

Ultimately, countries that launch such attacks will pay a price, says Howard Schmidt, former cybersecurity coordinator and special assistant to the president. --[Does this possibility includes the USA and Israel? -- NNB] The U.S. response could involve economic sanctions -- or it could involve the use of military power.

- Robert L. Mitchell

Falling Behind

Most experts agree that critical infrastructure providers have a long way to go. Melissa Hathaway, president of Hathaway Global Strategies, was the Obama administration's acting senior director for cyberspace in 2009. That year, she issued a Cyberspace Policy Review report that included recommendations for better protecting critical infrastructure, but there hasn't been much movement toward implementing those recommendations, she says. A draft National Cyber Incident Response plan has been published, but a national-level exercise, conducted in June, showed that the plan was insufficient to protect critical infrastructure.

"A lot of critical infrastructure is not even protected from basic hacking. I don't think the industry has done enough to address the risk, and they're looking for the government to somehow offset their costs," Hathaway says. There is, however, a broad recognition that critical infrastructure is vulnerable and that something needs to be done about it.

The Department of Defense has a direct stake in the security of the country's critical infrastructure because the military depends on it. "The Defense Science Board Task Force did a review of DOD reliance on critical infrastructure and found that an astute opponent could attack and harm the DOD's capabilities," says James Lewis, a senior fellow specializing in cybersecurity at the Center for Strategic and International Studies.

At a forum in July, NSA Director Gen. Keith Alexander was asked to rate the state of U.S. preparedness for an attack on critical infrastructure on a scale of 1 to 10. He responded, "I would say around a 3." The reasons include the inability to rapidly detect and respond to attacks, a lack of cybersecurity standards and a general unwillingness by both private companies and government agencies to share detailed information about threats and attacks. The DOD and intelligence agencies don't share information because they tend to overclassify it, says Hayden. And critical infrastructure providers prefer to keep things to themselves because they don't want to expose customer data and they're concerned about the liability issues that could arise and the damage their reputations could suffer if news of an attack were widely reported.

"The rules of the game are a little fuzzy on what you can and cannot share," says Edward Amoroso, chief security officer and a senior vice president at AT&T, noting that his biggest concern is the threat of a large-scale DDoS attack that could take down the Internet's backbone. "I need attorneys, and I need to exercise real care when interacting with the government," he says.

In some cases, critical infrastructure providers are damned if they do share information and damned if they don't. "If the government provides a signature to us, some policy observers would say that we're operating on behalf of that government agency," he says. All parties agree that, in a crisis, everyone should be able to share information in real time. "But talk to five different people and you'll get five different opinions about what is OK," says Amoroso. Unfortunately, government policy initiatives intended to resolve the issue, such as the Cybersecurity Act, have failed to move forward.

"It was disappointing for us that this nonpartisan issue became so contentious," says Weatherford. The lack of progress by policymakers is a problem for the DHS and the effectiveness of its National Cybersecurity and Communications Integration Center (NCCIC). The center, which is open around the clock, was designed to be the nexus for information sharing between private-sector critical infrastructure providers -- and the one place to call when there's a problem. "I want NCCIC to be the '911' of cybersecurity," he says. "We may not have all the answers or all the right people, but we know where they are."

Meanwhile, both the number of attacks and their level of sophistication have been on the rise. Richard Bejtlich, chief security officer at security consultancy Mandiant, says electric utilities and other businesses are under constant assault by foreign governments. "We estimate that 30% to 40% of the Fortune 500 have an active Chinese or Russian intrusion problem right now," he says. However, he adds, "I think the threat in that area is exaggerated," because the goal of such attacks is to steal intellectual property, not destroy infrastructure. (Read our timeline of critical infrastructure attacks over the years.)

Others disagree. "We've seen a new expertise developing around industrial control systems. We're seeing a ton of people and groups committed to the very technical aspects of these systems," says Howard Schmidt, who served as cybersecurity coordinator and special assistant to the president until last May and is now an independent consultant.

"People are too quick to dismiss the link between intellectual property loss through cyber intrusions and attacks against infrastructure," says Kurtz. "Spear phishing events can lead to the exfiltration of intellectual property, and that can have a spillover effect into critical infrastructure control system environments."

Hacking on the Rise

Cyberattackers fall into three primary categories: criminal organizations interested in stealing for monetary gain, hacktivists bent on furthering their own agendas, and foreign governments, or their agents, aiming to steal information or lay the groundwork for later attacks.

The Chinese are the most persistent, with several tiers of groups participating, says Richard Bejtlich, chief security officer at security consultancy Mandiant. Below official state-sponsored attacks are breaches by state militias, quasi-military and quasi-government organizations, and what he calls "patriotic hackers."

"It's almost a career path," says Bejtlich.

There's disagreement on which groups are the most sophisticated or dangerous, but that's not what matters. What matters is that the universe of attackers is expanding and they have ready access to an ever-growing wealth of knowledge about hacking, along with black hat tools helpful in launching attacks. "Over the next five years, low-level actors will get more sophisticated and the Internet [will expand] into areas of the Third World where the rule of law is weaker," says Gen. Michael Hayden, principal at security consultancy The Chertoff Group. "The part of the world responsible for criminal groups such as the Somali pirates is going to get wired."

- Robert L. Mitchell

Spear phishing attacks, sometimes called advanced targeted threats or advanced persistent threats, are efforts to break into an organization's systems by targeting specific people and trying, for example, to get them to open infected email messages that look like they were sent by friends. Such attacks have been particularly difficult to defend against.

Then there's the issue of zero-day attacks. While software and systems vendors have released thousands of vulnerability patches over the past 10 years, Amoroso says, "I wouldn't be surprised if there are thousands of zero-day vulnerabilities that go unreported." And while hacktivists may brag about uncovering vulnerabilities, criminal organizations and foreign governments prefer to keep that information to themselves. "The nation-state-sponsored attack includes not only the intellectual property piece but the ability to pre-position something when you want to be disruptive during a conflict," Schmidt says.

Usually in espionage it's much easier to steal intelligence than it is to do physical harm. That's not true in the cyber domain, says Hayden. "If you penetrate a network for espionage purposes, you've already got everything you'll want for destruction," he says.

On the other hand, while it's impossible for a private company to defend itself from physical warfare, that's not true when it comes to cyberattacks. Every attack exploits a weakness. "By closing that vulnerability, you stop the teenage kid, the criminal and the cyberwarrior," says Pescatore.

Control Anxiety

Computerized control systems are a potential problem area because the same systems are in use across many different types of critical infrastructure. "Where you used to turn dials or throw a switch, all of that is done electronically now," Schmidt says.

In addition, many industrial control systems that used to be "air-gapped" from the Internet are now connected to corporate networks for business reasons. "We've seen spreadsheets with thousands of control system components that are directly connected to the Internet. Some of those components contain known vulnerabilities that are readily exploitable without much sophistication," says Marty Edwards, director of control systems security at the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) at the DHS. The organization, with a staff that's grown tenfold to 400 in the past four years, offers control system security standards, shares threat data with critical infrastructure providers and has a rapid response team of "cyberninjas," high-level control systems engineers and cybersecurity analysts who can be deployed at a moment's notice.

Last year, ICS-CERT issued 5,200 alerts and advisories to private industry and government. "[Edwards] had teams fly out seven times last year to help businesses respond to events that either took them offline or severely impacted operations," says Weatherford, who declined to provide details on the nature of those events.

Control systems also suffer from another major weakness: They're usually relatively old and can't easily be patched. "A lot of them were never designed to operate in a network environment, and they aren't designed to take upgrades," Schmidt says. "Its firmware is soldered onto the device, and the only way to fix it is to replace it." Since the systems were designed to last 10 to 20 years, organizations need to build protections around them until they can be replaced. In other cases, updates can be made, but operators have to wait for the service providers who maintain the equipment to do the patching.

So where should the industry go from here?

The place to start is with better standards and best practices, real-time detection and containment, and faster and more detailed information sharing both among critical infrastructure providers and with all branches of government.

Telecoms Deal With Escalating DDoS Threat

Electric grid operators worry about compromised computerized industrial control systems taking them offline. Telecommunications companies worry that a large-scale distributed denial-of-service (DDoS) attack will take out another type of critical infrastructure: the Internet.

Until 2009 or so, AT&T might have seen one major DDoS attack a year, says Edward Amoroso, chief security officer and a senior vice president at the telecommunications giant. Today, Tier 1 Internet service providers find themselves fending off a few dozen attacks at any given moment. "It used to be two guys bailing out the ship. Now we have 40, 50 or 60 people dumping the water out all the time," he says. In fact, attacks have been scaling up to the point where Amoroso says he worries they could potentially flood backbone networks, taking portions of the Internet offline.

It would take just 64,000 PCs infected with a virus similar to Conficker to spew out about 10Gbps of traffic, he says. "Multiply that by four, and you've got 40Gbps, which is the size of most backbones," says Amoroso.

AT&T hasn't yet seen an attack generate enough traffic to flood a backbone, but it may just be a matter of time. "So far no one has pushed that button," he says. "But we need to be prepared."

Telecommunications providers must constantly scramble and innovate to keep ahead. They devise new defense techniques, then those techniques become popular and adversaries figure out new ways to defeat them. "We're going to have to change the mechanisms we now use to stop DDoS [attacks]," he says.

While some progress has been made with standards at both the DHS and industry groups such as the NERC, some argue that government procurement policy could be used to drive higher security standards from manufacturers of hardware and software used to operate critical infrastructure. Today, no such policy exists across all government agencies.

"Government would be better off using its buying power to drive higher levels of security than trying to legislate higher levels of security," argues Pescatore. But the federal government doesn't require suppliers to meet a consistent set of security standards across all agencies.

Even basic changes in contract terms would help, says Schmidt. "There's a belief held by me and others in the West Wing that there's nothing to preclude one from writing a contract today that says if you are providing IT services to the government you must have state-of-the-art cybersecurity protections in place. You must have mechanisms in place to notify the government of any intrusions, and you must have the ability to disconnect networks," he says.

But government procurement policy's influence on standards can go only so far. "The government isn't buying turbines" and control systems for critical infrastructure, says Lewis.

When it comes to shutting down attacks, faster reaction times are key, says Bejtlich. "Attackers are always going to find a way in, so you need to have skilled people who can conduct rapid and accurate detection and containment," he says. For high-end threats, he adds, that's the only effective countermeasure. Analysts need high visibility into the host systems, Bejtlich says, and the network and containment should be achieved within one hour of intrusion.

Opening the Kimono

Perhaps the toughest challenge will be creating the policies and fostering the trust required to encourage government and private industry to share what they know more openly. The government not only needs to pass legislation that provides the incentives and protections that critical infrastructure businesses need to share information on cyberthreats, but it also needs to push the law enforcement, military and intelligence communities to open up. For example, if the DOD is planning a cyberattack abroad against a type of critical infrastructure that's also used in the U.S., should information on the weakness being exploited be shared with U.S. companies so they can defend against counterattacks?

"There is a need for American industry to be plugged into some of the most secretive elements of the U.S. government -- people who can advise them in a realistic way of what it is that they need to be concerned about," says Hayden. Risks must be taken on both sides so everyone has a consistent view of the threats and what's going on out there.

One way to do that is to share some classified information with selected representatives from private industry. The House of Representatives recently passed an intelligence bill, the Cyber Intelligence Sharing and Protection Act, which would give security clearance to officials of critical industry operators. But the bill has been widely criticized by privacy groups, which say it's too broad. Given the current political climate, Hayden says he expects the bill to die in the Senate.

Information sharing helps, and standards form a baseline for protection, but ultimately, every critical infrastructure provider must customize and differentiate its security strategy, Amoroso says. "Right now, every business has exactly the same cybersecurity defense, usually dictated by some auditor," he says. But as in football, you can't win using just the standard defense. A good offense will find a way around it. "You've got to mix it up," Amoroso says. "You don't tell the other guys what you're doing."

Next: Timeline: Critical infrastructure under attack

Recommended Links

Google matched content

Softpanorama Recommended

Top articles

Sites



Etc

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit exclusivly for research and educational purposes.   If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner. 

ABUSE: IPs or network segments from which we detect a stream of probes might be blocked for no less then 90 days. Multiple types of probes increase this period.  

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least


Copyright © 1996-2016 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License.

The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

Last modified: April, 02, 2018