The first global cyber war has begun

Moderators: Elvis, DrVolin, Jeff

Re: The first global cyber war has begun

Postby seemslikeadream » Fri Jul 21, 2017 10:14 am

WORLD WAR 3.0 — THE FIGHT OVER CYBERSPACE

Russian interference in the US presidential election is barely the tip of the cyberwarfare iceberg. American cyber-sabotage of North Korean missiles, North Korea’s attacks on Sony Corporation, Israeli attacks on Iran’s nuclear program — these are all indications that the breadth and depth of cyber threats are far greater than we realize.

Alexander Klimburg, program director of the Hague Center for Strategic Studies and a former fellow of the Belfer Center at Harvard’s Kennedy School, talks to WhoWhatWhy’s Jeff Schechtman about the mounting competition among nations to dominate cyberspace.

Klimburg says that while governments themselves engage in — and are victims of — hacking and other forms of cyberwarfare, they also use such actions to justify their reach for more state control of the Internet. The US, China and Russia may pursue different objectives in their cyber operations, but they seem to agree on one goal: weaponizing information technology in the service of national interest.

Klimburg explains why defenses against hacking have proved so inadequate, the importance of maintaining bottom-up as opposed to top-down, control of the Internet and why we should look at the world’s financial system as a model for how to exercise such control.

In his book, THE DARKENING WEB: The War for Cyberspace, Klimburg reminds us that unless we resist attempts by national governments to take it over, the Internet, rather than bringing us together, may become a dark place that changes the world for the worse.


download rss-35468_640

Click HERE to Download Mp3

.
Full Text Transcript:



As a service to our readers, we provide transcripts with our podcasts. We try to ensure that these transcripts do not include errors. However, due to resource constraints, we are not always able to proofread them as closely as we would like, and we hope that you will excuse any errors that slipped through.

Jeff Schechtman: Welcome to radio WhoWhatWhy. I’m Jeff Schechtman. Companies being hacked, nations and democracies being hacked, privacy under siege. The internet was supposed to change the world, create more freedom, and break down traditional barriers between nations and people. The irony is that it may be having the opposite effect as individuals, nations, and corporations seek to protect themselves and exploit the internet for greater profit. We could easily lose the very things it created. After all, with all due respects to Amazon, it was meant for more than just shopping.
So where are we in this battle to protect the internet and what are the real dangers that we face? We’re going to talk about this today with my guest Alexander Klimburg. He’s the program director at The Hague Center for Strategic Studies, he’s a nonresident senior fellow at the Atlantic Council, and an associate and former fellow at the Belfer Center at the Harvard Kennedy School. He’s been an advisor to a number of governments and international organizations on cybersecurity strategy and internet governance and it is my pleasure to welcome Alexander Klimburg here to talk about the war for cyberspace. Alexander Klimburg, thanks so much for joining us.
Alexander Klimburg: Thanks for having me.

Jeff

Schechtman:


As we look out today at the battles, the challenges that the internet faces, talk a little bit about what you see as the thing that we need to most focus on right now.

Alexander
Klimburg:

My main concern is that we don’t absolutely appreciate the internet that we have today and that it is actually a great invention, maybe on the level of the invention of the wheel, that has basically empowered our societies in new ways, given us new freedoms and new productivity. But that is only possible if the internet, effectively, remains free, free from the control of special interest. The internet is effectively managed by a galaxy of different actors, by civil society, the private sector, and government.
And government is, by far, the least important actor. It can blow things up, it can also spy on things, so it can’t really build stuff in cyberspace. But they do want to get involved in this debate and they want to get involved in it strongly. Most importantly, governments outside of the US and the western block of like-minded democracies think that the internet should be run by states rather than as it is currently, which is by this galaxy of different actors with civil society in the lead. They want states to be the final decider on information in the internet, and we have to understand what that means. The final decider of information would mean the final word on everything regarding our lives, from the way we educate our children, to the media we consume, to the way we vote.
So, we have to be aware that the internet that we have right now, which is effectively free internet that just facilitates our daily lives and doesn’t try to direct in a specific direction, could be changed. It’s not something that is likely to happen, but it’s possible to happen and since we were concerned with nuclear holocaust for decades on end, I think it’s also valid to be concerned of the internet becoming a much darker place as well.
Jeff Schechtman: There’s also an irony in all of this that’s a little like the fireman who’s also an arsonist. The idea that it is these governments, the US government, the Russian government, the Chinese government, that are creating such havoc within the framework of the internet, that it also becomes the reason why they want to do things to limit its freedom.
Alexander Klimburg: Absolutely. I think the example of the fireman and the arsonist is a very good one. Effectively, I am concerned that we sometimes look at cyber attacks in the West as being only technical while in the East, and actually also about hackers, cyber attacks are usually viewed as being primarily a human issue. So, when we think about cyber attacks, we think what kind of data do they want to steal, what kind of data do they want to destroy, what kind of data do they want to simply spy on. And, in point of fact, many other governments might not be interested in the data that they are stealing or destroying, but they’re more interested in the narrative they’re trying to influence.
And if you even look at the recent ransomware attacks that we’ve seen, for instance, WannaCry and NotPetya, there wasn’t really an attempt to monetize the data they were stealing, well, basically encrypting. The real intent, especially as far as the most recent cyber attack NotPetya is concerned, was simply destruction and it wasn’t destruction simply to play havoc for the fun of it, it was, I think, to influence the narrative. The narrative is to get governments to do something in cyberspace and we have to be aware that doing something in cyberspace may well involve effectively weakening the current model of the internet that we cherish today, which is led not by governments, but by the civil society in the private sector.
Jeff Schechtman: Is there a fundamental difference in the kind of things that the US, and the Russians, and the Chinese principally are doing with respect to these areas in cyberspace?
Alexander Klimburg: Well, it depends whom you ask. Normally one would say that, particularly the US, have a very technical view of cyber operations. They were developed primarily to support, for instance, military operations to help penetrate an air defense system, for instance, and then drop bombs in a conventional way. But also more other similar missions like taking down a critical infrastructure grid. The way the Russians and the Chinese have always viewed cyber operations is that it’s all about information, information control, information dominance, and they accuse the US of using the internet, for instance, to undermine their rule by supporting dissent, by supporting opposition to their governments, and being involved in their internal affairs.
Now, this is their view that they’ve stipulated very often on the base of no evidence other than they think civil society organizations are always paid foreign agents, but effectively this has led them, justified or not, down a similar path where they engage in information warfare attacks. Their concept is simply that information should be treated as a weapon. And that is something we should be deeply concerned with because information being treated as a weapon means that effectively the New York Times, Washington Post, NPR, there are also social media posts on Facebook and everywhere else starts being treated as a weapon of war. That’s a dialogue we can’t possibly get involved in under any circumstances.
The US approach to viewing cyber operations as a technical issue is correct and a valid one. We have to, however, at the same time, be aware that the other side is consistently playing a different game. And that game is to further the narrative of information warfare to get us talking about information per se. The bottom line is that western governments, foremost US, have decided a long time ago the internet was too important and too big to simply be controlled by governments. They have to be controlled by everyone, like the global seas are not controlled by any government in particular. That’s the way we have to keep it, otherwise it might end up going in a very dark direction.
Jeff Schechtman: Do we need to take a giant leap forward in that we need to look for a different kind of structure for the internet as opposed to the one that exists now from a technological perspective?
Alexander Klimburg: I don’t think great leaps forward are the way to go because, in particular, it always depends on what direction that great leap is happening and it is very often that one special interest is going to define that direction. I think that the current way the internet works is fundamentally the way it should continue to work, but what we need to do is work and tinker at the edges. We need to effectively fix a lot of the things that are clearly broken like, for instance, not mandating better security in government agencies, but also in the private sector. It’s completely crazy how easy it is to conduct hacks. If a 10 year old or a 12 year old can do these hacks, then it’s not really the hacker that’s at fault, it’s quite clearly the sender. That has to also be taken into consideration.
But we have to keep in mind that defense is done incredibly poorly everywhere. And that there are many things that can be done fairly easily to improve one’s defense not every 10, 12, 13 year old hacker can get in. I think that should be our first step. When we get that far, then we can start talking about how do we agree on rules of the road for states to conduct cyber operations. What is legitimate to blow up and what’s not legitimate to blow up? That’s a discussion that we need to have, but that needs to happen in the context of international law and the normal conduct of warfare and interstate diplomacy.
What it can’t involve is how the internet is run as an infrastructure. As internet being run as infrastructure is independent of the content on the internet. The people who run the infrastructure don’t worry if something is good or not, they worry about the pipes, they worry about the roads. What the roads are used for is a different issue. We can’t put those things all in the same bucket. If we allow that to all fall in the same bucket, we’re allowing one single group of actors, in this case government, to control the entire narrative. It’s not something I think the US government wants, or in particular any western government wants, but it’s being pushed there slowly by constant revelations of cyber attacks against which it seems to be completely powerless in which the public is increasingly demanding a response to.
That response, however, is going to be simply one issue, take more responsibility for your own defense. And force legislation where necessary to force companies to take care of their data better. That’s the steps we have to take. Looking at restructuring the internet is not, in my mind, the right way to go.
Jeff Schechtman: Why have the defenses been so bad, so weak, historically?
Alexander Klimburg: Historically, it’s one of the arguments that are often advanced is that the internet was not intended to be what it is right now. I think that’s a fair argument, but it’s not necessarily that important because a lot of things that can be done to make the internet safer, simply requires us taking a little bit of effort. We have not taken that effort. When I mean ‘us’, I mean absolutely everyone from the home user who should simply be clear on the fact that we need a little bit better password than like your first name or password or something similar, but all the way up through the highest levels of government that have been, also in the US, incredibly negligent in setting standards for cyber security.
I think in part it’s because we were driven very often by this narrative of like, “Well, what does it cost? It only costs us money, it doesn’t bring us any money. Therefore, why should we do it?” They haven’t appreciated the dangers of what happens when things go wrong. This is part of the issue. The technical community of which I am at least nominally part of, the technical community has spent a lot of time not talking about the dangers of cyberspace because they don’t like to talk about threats, they don’t talk about fear, they don’t want to talk about uncertainty, and they don’t want to talk about doubt. They want to talk about hard data. But we don’t have hard data in cyberspace. That’s why I think it’s important that we talk about the worst possible outcomes, the nightmares, the things that can go wrong.
Because when talking about what really can go wrong in cyberspace, we can motivate not only the C-level of corporations, but also our political decision makers to help us formulate the response mechanisms that we need. And that is really fundamentally just taking basic security seriously at the most fundamental level and then at interstate level having an honest and open discussion about military capabilities in cyberspace.
Jeff Schechtman: Coming back to our point before though, part of the problem with that, though, in creating those defenses and addressing those issues is that there are too many stakeholders that seem to have an interest in corrupting the idea of a free internet.
Alexander Klimburg: Absolutely. The internet as it is right now is a bottom up construct. It was financed by the US government, but it was built by academics, hobbyists, and later, the private sector. However, other internets were attempted, the French built an internet called Minitel, around for many years, and only recently closed down completely. Russia was trying to build an internet from early as 1950s even before the US started. Their versions were top down. Their idea was to have a centralized control network, to have all the power in the center. Internet we have right now has all the power at the edges of the user. This is why, for instance, net neutrality is such a hot topic issue. And the internet grows this way, bottom up.
That’s why it’s so important to understand that it has to be run by this galaxy of different actors. There is, just like the world’s financial system, not one single actor that can actually control it. We wouldn’t want that to be the case anyway. But similarly, just like not everybody needs to know everything about the world financial system, you don’t need to know everything about international bond markets as an average user. You do want to know what your interest rate on your mortgage is going to be and if your economy’s going to collapse. This is why I think everybody needs to be a little bit more aware of what’s happening in cyberspace and how some governments simply have a very different internet in mind than the internet we have today.
Jeff Schechtman: Where are the resistance points today to this multi stakeholder approach? Where is the pushback to that coming from today?
Alexander Klimburg: In the last 18, 20 years, it’s been fairly consistently from Russia and China in the lead with a bunch of other countries that sometimes support it more openly or not. These countries I call the cyber sovereignty countries because they are interested in establishing national sovereignty over what they call their cyberspace, their internet. They want to be able to control everything that happens in it. When I mean control, they mean to really control all information that’s consumed by their citizens. That, of course, is a pretty frightening prospect for western democracies. Since we don’t want to have that not only in our own countries, but globally, we have generally speaking pushed back with support for the multi stakeholder model.
The problem is, the multi stakeholder model is built around the civil society, and the private sector, and the government all working together to basically manage different parts of the internet. But government has always had the weakest role. They can blow things up, they can listen in on things, but they can’t really build very much in cyberspace. Now that’s why cyberspace today is run primarily by the civil society and the private sector and governments only have a very small role. Countries like Russia and China have been pushing back on that. They want to have a multi-lateral rather than a multi stakeholder solution to the issue and preferably have critical parts of the internet such as like the domain name service, the telephone book of the internet, under some type of centralized governmental control.
If that happens, then we’re potentially entering a very dangerous area where information effectively can be, the information networks themselves, the roads if you will, the c- lanes of cyberspace, can be also connected to law enforcement query. So that a government can demand, for instance, a translated, Chinese translated version, of the New York Times be taken down because they don’t want deal with it or that a political dissident website be taken down because they don’t want to hear it. And that can be taken down globally.
This is the image of internet that these parties been pushing for now 15 to 20 years and their target has been the current civil society body, in this case, ICANN who manages this part of the internet. The US government has consistently supported the approach that governments, no government, should control the internet and therefore has been slowly reducing its involvement in the running of the internet, which was always fairly small and now is nonexistent. That was a very important step to take because it basically is a firewall from the claims of other governments such as Russia and China that there should be intergovernmental controlled internet rather than a multi stakeholder and non-stakeholder run internet as it is today.
Jeff Schechtman: What is the model for that? If we were to look at nongovernmental institutions that might be the model for this multi stakeholder intergovernmental approach, where should we look?
Alexander Klimburg: Well, the CNN reporter once said is that your favorite cybernology will always tell you something about yourself. So you can talk about cyber as, for instance, being like environmental change for instance or be like public health. The different models that you can positively choose, I prefer to think of the positive model, Sir Joseph Nye, an international relations scholar at Harvard, for instance, talks about cyberspace as being run by a so-called regime complex of many different types of regimes, institutions, actors that work loosely together. They work loosely together in a way that, for instance, the financial system does. The financial system globally isn’t controlled by a single actor, it’s controlled by a multitude of actors that balance each other out in various ways.
There’s no single point of failure also if something goes wrong. There are critical points of failure that can cause a lot of damage, but not one. This is one of the reasons why the internet is so resilient. You can talk, for instance, one of the things that Chancellor Merkel of Germany brought into play only three weeks ago was to see cyberspace as being akin to the world financial system. I think that’s one good analogy we might want to explore further.
Jeff Schechtman: Why is it that some nations as state actors seem to be so much better at hacking at this point?
Alexander Klimburg: It’s very hard to say because if you’re relying on public information, you won’t really know about the most proficient actors. You obviously won’t see what they’re doing. That’s part of the problem is that we have very little insight to what the Chinese and Russian cyber defenders are seeing on their end, what kind of US cyber attacks that they’re experiencing because what we do know for sure is the US cyber attacks are a totally different magnitude than Russian, in particular Chinese cyber attacks, China being a much less proficient actor than Russia here.
All we know is that there are maybe three dozen countries out there that are actively trying to acquire offensive cyber capabilities and those capabilities are massively different amongst each other. So there are a couple of countries at the top that are very, very, very proficient and there’s a whole bunch of countries that still can cause significant damage if it came down to it. The question is what those capabilities are used for. In the US case, we can presume that most of these capabilities were used for intelligence gathering purposes. Now potentially, those could be used in a war fighting purpose, we haven’t seen those employed yet, although we have indications of what it would look like, in particular, there was a leaked war plan for what would be done to Iran in case of conflict, for instance.
However, the way Russia, for instance, approaches cyber operations, and to lesser extent China, is clearly different. They put the onus of cyber operations not only on the ability to damage, destroy, or spy on data, but also simply to control or influence narratives. So you can have a situation where a hack occurs, for instance, in 2015 against a French TV channel that turns out to be about something else entirely. In the case of the 2015 hack against the French TV channel, that TV station, which actually ran five or six channels, went down completely, was effectively an attack on a critical infrastructure. The perpetrators were supposedly ISIS. So ISIS, the Islamic state, basically put up a claim, or people who claimed to be ISIS, put up a claim saying it was them.
The French government later determined that it was actually parts of the Russian government that were behind the attack and their concern was, it was done particularly for one purpose and that was to introduce the narrative of cyber terrorism. Because we were talking about cyber terrorism for months afterwards, right? Wow, we finally saw a cyber terrorist attack. Little did we know, it was not a cyber terrorist attack, it was a government induced attempt to make us talk about terrorism. This is the thing that we have to be aware of is that when we see a cyber attack, it might have a completely different purpose than we actually thought it was. That purpose might be to influence our decision making, our thinking, in a certain direction.
Jeff Schechtman: Alexander Klimburg, his book is The Darkening Web: The War for Cyberspace. Alexander, I thank you so much for spending time with us today.
Alexander Klimburg: Thanks for your time.
Jeff Schechtman: Thank you.
Thank you for listening and joining us here on radio WhoWhatWhy. I hope you join us next week for another radio WhoWhatWhy podcast. I’m Jeff Schechtman. If you like this podcast, please feel free to share and help others find it by rating and reviewing it on iTunes. You can also support this podcast and all the work we do by going to WhoWhatWhy.org/donate.
https://whowhatwhy.org/2017/07/21/world ... yberspace/





Hybrid Threats And The Live Russian Hybrid Conflict
viewtopic.php?f=33&t=40604
Mazars and Deutsche Bank could have ended this nightmare before it started.
They could still get him out of office.
But instead, they want mass death.
Don’t forget that.
User avatar
seemslikeadream
 
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: The first global cyber war has begun

Postby seemslikeadream » Thu Jul 27, 2017 9:41 am

Google May Have Just Uncovered An Israeli Surveillance Start-Up Spying On Androids
Thomas Fox-Brewster, FORBES STAFF
Jul 26, 2017 8:40 PM 2,398

Google thinks Android users are being targeted with malware [+]
Google has found another malware targeting Android that it believes may be the product of the bustling Israeli surveillance scene. Whereas it previously found Android devices infected with malware it claimed came from NSO Group, it’s now detailed a spy tool it says is linked to a start-up called Equus Technologies.

Google found the malware, which it dubbed Lipizzan, sitting on fewer than 100 phones after one of them was already infected with the Pegasus malware associated with the NSO Group. “Lipizzan was a sophisticated two stage spyware tool,” its Android security team wrote in a blog post today.

Of the 20 different forms in which the spyware was delivered, Google found a handful on its Play store. Typically, Lipizzan would appear as a legitimate tool, such as a backup or sound recorder app. It rooted, monitored and stole user email, SMS messages, location and voice calls. The tool also sought to gather data from specific apps, undermining their encryption, including WhatsApp, Viber and Telegram, while LinkedIn, Gmail and Skype were also on its target list.

Google has now thrown the app developers off Play, while the offending apps have been removed from infected devices.

Forbes attempted to contact Equus employees over LinkedIn and email, but had not received a response at the time of publication. It does not have a website or any publicly available contact details.

Google said there were references to the firm in the code itself. Megan Ruthven, from Google’s Android security team told Forbes during the Black Hat conference in Las Vegas that a config file within the app mentioned the Equus name. She said that was an indicator, but not guaranteed attribution.

Lookout Mobile Security researcher Andrew Blaich, who presented on the malware alongside Ruthven, said there was likely attribution to Equus. NSO Group also left references to its Pegasus spyware in its code, he noted, while saying that they hadn’t yet gone down the “rabbit hole” of Equus. Despite the indicators, neither Ruthven or Blaich could say with certainty Equus was the true owner of the malware.

Who are Equus?

And mystery surrounds Equus.

Currently, it’s unclear if Google’s suggestion that Equus is a cyber arms company is accurate. From the limited information available online, Equus appears to be based just down the road from NSO Group in the Herzliya district of Tel Aviv. According to LinkedIn, at least one engineer moved from NSO to Equus this year. And the description of the company on LinkedIn reads: “Equus Technologies is a privately held company specializing in the development of tailor made innovative active cyber solutions for law enforcement, intelligence agencies, and national security organizations.”

The co-founders are listed on the networking site as former Israel Defense Forces researcher Matan Markovics and Tel Aviv University graduate Daniel Hanga. Markovics also used to ply his trade at another notable Israeli arms company, Rafael.

The company has given talks at ISS World Training, previously referred to as the Wiretappers’ Ball, where all manor of surveillance companies flog their gear. In 2015, it spoke on ‘Addressing the Growing Challenges of Cyber Intelligence’ during an ISS event in Prague, Czech Republic.

According to previous reports, earlier this year the company’s head of research, Amihai Neiderman, found an astonishing 40 zero-day vulnerabilities in Samsung’s Tizen operating system. They could have been exploited on Samsung smart TVs as well as cellphones. Neiderman also registered the site tizenhacker.com. It’s yet to have hosted any content, however.

Regardless of who Equus are and what link they have to the Lipizzan software, John Scott-Railton, a surveillance software researcher with Citizen Lab at the University of Toronto, said Google was doing fine work in providing a window into the “secretive but growing industry developing private malware.”

“A commercial spyware firm was trying to run below Google’s radar and deliver spyware across their platform. With this post, Google has said very publicly, ‘no you don’t.’” Pointing to recent reports of a proposed $400 million acquisition of 40% of NSO by Blackstone, Scott-Railton added: “This case highlights the risks that companies making commercial spyware may pose as investment opportunities as they run up against major companies’ commitments to protect their users.”

He’s been tracking NSO Group’s spread across Mexico, where it was recently seen targeting independent investigators looking into the mass disappearance of students in 2014. NSO didn’t deny it had sold to Mexico, but did express concern about any illegal use of its Pegasus software.
https://www.forbes.com/sites/thomasbrew ... lware/amp/
Mazars and Deutsche Bank could have ended this nightmare before it started.
They could still get him out of office.
But instead, they want mass death.
Don’t forget that.
User avatar
seemslikeadream
 
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: The first global cyber war has begun

Postby seemslikeadream » Sat Nov 18, 2017 10:05 am

Suddenly, America found itself at the edge of a precipice: a war over a complex sectarian conflict in a remote part of the world. American policymakers wanted a simple explanation, and conveniently, they were offered one: cyber-aggression.

The Sites Go Out in Georgia

When war broke out, a slew of Georgian websites came under attack. The Central Bank of Georgia was hacked, according to Russian reports. Its internal networks were not penetrated, but the hackers tinkered with the homepage to give the Georgian unit of currency, the lari, a less than favorable exchange rate, forcing the government to issue an order that suspended all electronic banking services. Georgia’s Ministry of Foreign Affairs was hacked, its homepage replaced with a slideshow depicting Mikhail Saakashvili as Hitler. “And he will suffer the same fate,” read an ominous message beside it.


.......

“For a small country like ours, information is the most powerful tool with which you can protect yourself. The Russians knew this,” Security Council director Alexander Lomaia told me. “One day, we find out that we are cut off from the world. All major websites—including government and media—were attacked. Their aim was to limit our ability to electronically communicate, and they succeeded.”





From Russia, with Panic


| Yasha Levine


The Russians hacked America.

After Donald Trump’s surprise victory in November, these four words reverberated across the nation. Democratic Party insiders, liberal pundits, economists, members of Congress, spies, Hollywood celebrities, and neocons of every stripe and classification level—all these worthy souls reeled in horror at the horribly compromised new American electoral order. In unison, the centers of responsible opinion concurred that Vladimir Putin carried off a brazen and successful plan to throw the most important election in the most powerful democracy in the world to a candidate of his choosing.

It seemed like a plotline from a vintage James Bond film. From his Moscow lair, Vladimir Putin struck up an alliance with Julian Assange to mount a massive cyber-offensive to discredit Hillary Clinton and her retinue of loyal Democratic Party operatives in the eyes of the American public.

The plot was full of twists and turns and hair-raising tangents, including tales of Russian-American retiree-agents sunning in Miami while collecting payoffs from Russia’s impoverished pension system. But the central ruse, it appears, was to enter the email server of the Democratic National Committee and then tap into the Gmail account belonging to John Podesta, founder of the Center for American Progress and premier D.C. Democratic insider.

As the long 2016 general election campaign unwound, WikiLeaks released a steady stream of embarrassing revelations from the DNC—though the disclosures were no more compromising than what you’d find in the correspondence of any mid-sized private-sector company: dumb boardroom gossip, petty press intrigues, and sleazy attempts to undermine a well-placed executive rival (namely Bernie Sanders). Truly, it would have been astonishing to learn that the DNC went about its business in any other way. But the sheer fact of the data breach was dispositive in the eyes of Democratic operatives and their many defenders in the liberal press. After all, WikiLeaks also reportedly collected data from the Republican National Committee, and did nothing with it. Clearly this was cyber-espionage of the most sophisticated variety.

On the Trump side of the ledger, things were murkier. Trump’s political advisers indeed had ties to Russia and Ukraine—but this was hardly surprising given the authoritarian-friendly lobbying climate within Washington. During the campaign the GOP nominee was disinclined to say anything critical about Putin. Indeed, breaking with decades of Republican tradition, Trump openly praised the Russian leader as a powerful, charismatic figure who got things done. But since the candidate also refused to disclose his tax returns, a commercial alliance with the Russian autocrat was necessarily a matter of conjecture. That didn’t stop theories from running wild, culminating in January with the titillating report from BuzzFeed that U.S. intelligence agencies believed that Putin had compromising footage of Trump cavorting with prostitutes at a Moscow hotel previously patronized by Barack and Michelle Obama. Not only was the Yank stooge defiling the very room where the first couple had stayed, but he allegedly had his rented amorous companions urinate in the bed. Behold, virtuous American republic, the degradation Vladimir Putin has in store for you!

Taking the Piss

The dossier published by BuzzFeed had been circulating for a while; on closer inspection, it appeared to be repurposed opposition research from the doomed Jeb Bush campaign. Its author was a former British intelligence operative apparently overeager to market salacious speculation. By the end of this latest lurid installment of the Russian hacking saga, no one knew anything more than they had when the heavy-breathing allegations first began to make their way through the political press. Nevertheless, the Obama White House had expelled Russian diplomats and expanded sanctions against Putin’s regime, while the FBI continued to investigate reported contacts between Trump campaign officials and Russian intelligence operatives during the campaign.

This latter development doesn’t exactly inspire confidence. As allegations of Russian responsibility for the DNC hack flew fast and furious, we learned that the FBI never actually carried out an independent investigation of the claims. Instead, agency officials carelessly signed off on the findings of CrowdStrike, a private cybersecurity firm retained by the Democratic National Committee. Far from establishing an airtight case for Russian espionage, CrowdStrike made a point of telling its DNC clients what it already knew they wanted to hear: after a cursory probe, it pronounced the Russians the culprits. Mainstream press outlets, primed for any faint whiff of great-power scandal and poorly versed in online threat detection, likewise treated the CrowdStrike report as all but incontrovertible.

Other intelligence players haven’t fared much better. The Director of National Intelligence produced a risible account of an alleged Russian disinformation campaign to disrupt the 2016 presidential process, which hinged on such revelations as the state-sponsored TV news outlet Russia Today airing uncomplimentary reports on the Clinton campaign and reporting critically on the controversial U.S. oil-industry practice of fracking as a diabolical plot to expand the market for Russian natural gas exports. In a frustratingly vague statement to Congress on the report, then-DNI director James Clapper hinted at deeper and more definitive findings that proved serious and rampant Russian interference in America’s presidential balloting—but insisted that all this underlying proof must remain classified. For observers of the D.C. intelligence scene, Clapper’s performance harkened back to his role in touting definitive proof of the imminent threat of Saddam Hussein’s WMD arsenal in the run-up to the U.S. invasion of Iraq.

That’s right: defacing a government website is the twenty-first-century equivalent of a nuclear first strike.
It’s been easy, amid the accusations and counteraccusations, to lose sight of the underlying seriousness of the charges. If the hacking claims are true, we are looking at a truly dangerous crisis that puts America’s democratic system at risk.

The gravity of the allegation calls for a calm, measured, meticulously documented inquiry—pretty much the opposite of what we’ve seen so far. The level of wild assertion has gotten to the point that some of the most respected pro-Western voices in Russia’s opposition have expressed alarm. As much as they despise Putin, they don’t buy the bungled investigations. “In the real world outside of soap operas and spy novels . . . any conclusions concerning the hackers’ identity, motives and goals need to be based on solid, demonstrable evidence,” wrote Leonid Bershidsky. “At this point, it’s inadequate. This is particularly unfortunate given that the DNC hacks were among the defining events of the raging propaganda wars of 2016.”

The lack of credible evidence, the opaque nature of cyber attacks, the partisan squabbles and smears, and the national-security fearmongering have all made this particular scandal very difficult to navigate. It may be years before we find out what really happened. Meanwhile, I’d like to tell a cautionary tale. It’s a story about the last time American and European cyber experts accused Russia of launching an attack against another country—and nearly provoked a war with a nuclear power. The moral of the tale is that cyberwarfare is a fraught and high-stakes theater of conflict, in which the uncertain nature of cyber-attack attribution can be exploited to support any politicized version of events that one chooses.

All Georgians Now

On August 8, 2008, war broke out between Georgia and Russia. Backed up by heavy artillery, truck-mounted Grad rockets, and tanks, Georgia launched a surprise invasion of South Ossetia, a tiny mountainous breakaway republic on its northern flank that had been at the center of a long-simmering regional territorial dispute. A prolonged artillery barrage reduced parts of Tskhinvali, South Ossetia’s capital, to rubble. Civilians were given no warning—those not killed in the initial assault hid in basements or fled on foot. A Russian peacekeeping force, which had been stationed in South Ossetia under an Organization for Security and Cooperation in Europe agreement since 1992, was targeted in the attack. By the end of the first day, Georgian troops were on the verge of taking the whole city.

Mikheil Saakashvili, Georgia’s charismatic nationalist president, had campaigned on a nationalistic platform, promising to reabsorb the country’s breakaway regions. His initial success did not last long. Russian jets pounded Georgian military command posts and communications, while Russian troops streamed into South Ossetia. By the end of day two, the tide had turned: Georgian forces began retreating. By day five, Russian forces had control over South Ossetia and huge swaths of northern Georgia. Tanks and infantry entered several northern towns and moved around unimpeded just an hour away from Tbilisi, Georgia’s capital, where euphoria and jubilation turned to sickly fear. News footage showed Saakashvili cowering as Russian jets flew overhead. He appeared on television nervously chewing his tie, prompting the BBC to ask wryly: “The Georgian president chews over his next move. Is he weaker or stronger than before?”

Weaker, definitely. But in the war’s aftermath, Russia and Georgia were each determined to claim victim status. Russia pointed out that Georgia had started the war; Georgia blamed Russia for launching a full-scale invasion. President Saakashvili appealed to the United States, hoping it would intervene militarily on Georgia’s behalf.

The Bush White House was firmly aligned with Georgia. For years, Georgia had been an important neocon project in a grander scheme to peel away former Soviet Republics from Moscow’s influence. American NGOs and soft-power outfits like USAID backed Saakashvili’s rise to power during the country’s “Rose Revolution.” Since 2004, the Bush administration had lavished military aid on Saakashvili’s government, outfitted its army, and trained its soldiers. John McCain and Hillary Clinton jointly nominated Saakashvili for the Nobel Peace Prize in 2005. Support for Georgia was bipartisan and continued right up to Georgia’s attack on South Ossetia; more than a thousand American troops held a joint exercise with Georgia near the South Ossetian border in July.

As a complement to the Georgia PR offensive, the Bush White House continued to hammer away at its stable of anti-Putin talking points. For years, the United States had portrayed Vladimir Putin as a strongman leader bent on world domination. The invasion of Georgia seemed to confirm the official narrative: Russia would stop at nothing to crush the democratic aspirations of its neighbors.

It was a dangerous moment. Vice president Dick Cheney pushed for directly engaging the Russians in “limited military options”—including aerial bombardment to seal the Roki Tunnel linking North Ossetia and South Ossetia that was being used to transport reinforcements. Luckily, president George W. Bush, who had a street in Tbilisi named after him, wavered, sensibly fearing a real war with Russia.

The episode occurred during a U.S. presidential election. Senator John McCain used the conflict to showcase his hawkish foreign policy bona fides, arguing that America needed to intervene to protect Georgia’s budding democratic society from the authoritarian Putin. Claiming that “today, we are all Georgians,” McCain called for NATO forces to be deployed against Russia, which would have triggered a war with a nuclear power.

I was in Moscow at the time, reporting on the war. Those who had covered the region understood that Georgia was no innocent. The ethnic conflict between Ossetians and Georgians has old, festering roots—indeed, Georgia’s invasion of South Ossetia was centuries in the making. The Ossetians consider the territory of South Ossetia to be native lands they have occupied for centuries, while Georgians view Ossetians as relatively recent interlopers. When South Ossetia declared its independence after the breakup of the Soviet Union, Georgia’s ultra-nationalistic first president attempted to quash the independence movement by force. After a short war, South Ossetia stood its ground—and Georgia and South Ossetia squared off in an uneasy peace administered by Russian, Georgian, and South Ossetian peacekeepers. Two-thirds of the breakaway republic were ethnic Ossetians. They feared Georgia and favored Russia as a military bulwark. Russia handed out Russian passports to South Ossetians and provided military protection, making the territory a de facto member of the Russian Federation.

Seasoned observers of the region’s tangled geopolitics understood that Russia shared amply in the blame but that the fault lay primarily with President Saakashvili. When he came to power, he took on the mantle of a medieval Georgian king who had unified the country. “Today Georgia is split and humiliated. We should unite to restore Georgia’s territorial integrity. Georgia has existed and will exist. Georgia will become a united strong country,” he declared in 2004. With deteriorating political support at home, Saakashvili was itching for a popular war. Skirmishes increased along Georgia’s border with Abkhazia and South Ossetia; finally, Georgia fired the first shot.

Suddenly, America found itself at the edge of a precipice: a war over a complex sectarian conflict in a remote part of the world. American policymakers wanted a simple explanation, and conveniently, they were offered one: cyber-aggression.

The Sites Go Out in Georgia

When war broke out, a slew of Georgian websites came under attack. The Central Bank of Georgia was hacked, according to Russian reports. Its internal networks were not penetrated, but the hackers tinkered with the homepage to give the Georgian unit of currency, the lari, a less than favorable exchange rate, forcing the government to issue an order that suspended all electronic banking services. Georgia’s Ministry of Foreign Affairs was hacked, its homepage replaced with a slideshow depicting Mikhail Saakashvili as Hitler. “And he will suffer the same fate,” read an ominous message beside it.

A Russian-language forum called “Stop Georgia” suddenly came online, hosted in, of all places, the United States. Against a green camouflage-inspired background, its creators decried Georgia’s propaganda war against Russia. “We, as representatives of the Russian hacker-underground, will not tolerate provocations from Georgia.” The forum was crude and looked like it had been put together in a few hours. Its primary function was to distribute a simple, easily available program permitting anyone with a computer and an internet connection to become part of a denial-of-service attack swarm. The forum conveniently provided a list of Georgian target websites and helped organize and direct the cyber-mob action.

Georgian officials proclaimed these cyber attacks a strategic maneuver by the Russian military designed to take out the country’s communication system, facilitating the Russians’ armed invasion. The coordinated nature of the attacks, they insisted, showed that Russia had planned the invasion long in advance. “The opening shots of the Russian invasion of Georgia were fired over the Internet, proving Russian online aggression predated Georgian actions,” declared an official report by the Georgian government. The government called the people behind the attack “cyber terrorists.”

The more I’ve looked at the hysteria surrounding Russia’s supposed hacking of our elections, the more I’ve come to see it as a case study of everything wrong and dangerous about the cyber-attribution business.
Cybersecurity experts came out of the woodwork to confirm and expand on Georgia’s allegations. Some implicated a shadowy cybercrime group from St. Petersburg that analysts had dubbed the “Russian Business Network” and linked it to the FSB, Russia’s secret police. Others claimed that Nashi, a Kremlin-backed young nationalist group, was involved. American military officials weighed in, agreeing that Russia had used cyber attacks to confuse and disorient the Georgian government. “The Russians just shot down the government command nets so they could cover their incursion,” Michael Wynne, former U.S. Air Force Secretary, told the AP on August 13.

One hack in particular became a sort of poster action for the sinister Russian cyber-offensive and conveniently doubled as a warning signal for greater Russian-authored threats ahead. In July, just after secretary of state Condoleezza Rice had visited Georgia and reaffirmed America’s support for the country’s desire to exit Russia’s sphere of influence, President Saakashvili’s site had been taken down by a stream of junk requests with a string of text that read: “win+love+in+Rusia.”

What did it all mean? The war had barely ended, but John Markoff, longtime technology reporter for the New York Times, offered an answer: “As it turns out, the July attack may have been a dress rehearsal for an all-out cyberwar once the shooting started between Georgia and Russia. According to Internet technical experts, it was the first time a known cyber attack had coincided with a shooting war.” Other journalists chimed in as well: the Wall Street Journal, CNN, the Washington Post. The consensus, according to cyber experts, was that Russia was indeed behind the attacks—and the rhetoric was getting more and more belligerent.

And so, within the space of a news cycle or two, internet analysts turned into warmongers and cyber-hawks, comparing rudimentary internet attacks to atomic weapons. “These attacks in effect had the same effect that a military attack would have. That suddenly means that in cyberspace anyone can build an A-bomb,” Rafal Rohozinski, a respected cyber analyst with Citizen Lab, told the Washington Post. The Financial Times concurred: “The crisis in Georgia has not only stoked fears of a belligerent Russia. It has also served as a reminder that a new style of warfare—potentially as devastating as those that terrified previous generations—is almost upon us: cyberwar.”

That’s right: defacing a government website with a repetitive string of crude slogans was now the twenty-first-century equivalent of a nuclear first strike. The hysteria sloshed around and spilled over into fears that America was defenseless against similar attacks from Russia. “It’s a grave concern be the same thing could happen here in America,” CNN host John Roberts exclaimed.

Point, Click, Panic

I began investigating the cyberwar as soon as it erupted. I knew something about the way computers, websites, and the internet worked, having spent two years studying computer science at UC Berkeley, and I had serious doubts about the cyber dimension of the Russia-Georgia War. The hacks and attacks all seemed rather crude and for the most part targeted non-critical cyber portals: ceremonial government websites, several news sites, the public-facing website of a central bank. This was hardly the ruinous infrastructure offensive that cybersecurity experts were warning people about. As I got deeper into the story—interrogating my contacts in Moscow, traveling to Georgia, interviewing hackers, politicians, and cyber experts in Europe, Russia, and the United States—the cyberwar battle cries sounded more and more like ideologically manufactured hysteria.

To be sure, the assaults were troubling. Hacks against Georgian websites took place, they were in some way connected to the war, and Russia’s cyber criminal world had ties to the country’s security establishment. But it was an enormous—and dangerous—leap to interpret these attacks as a pre-planned Russian intelligence operation, possibly justifying an American military response. What’s more, it seemed clear that most of the people doing the investigating were working backward. They started from the premise that Russia started the war and then proceeded to show that the cyber attacks were an element of this premeditated invasion.

Living in Moscow, I saw a striking split-screen effect taking hold around the Georgia crisis. America was freaking out about the danger of Russian cyber attacks, while people I talked to in Russia mocked the hysteria. Looking at my reporting notes from that time, I can’t find a single Russian source who took it seriously. Nikita Kislitsin, former editor of Russia’s Hacker magazine, laughed at Western cybersecurity experts who suggested that the Georgian attacks were the entering wedge of a sophisticated plan for complete Russian takeover, explaining that hackers can have all sorts of unconventional motives for taking part in a political web war. One regular contributor to his magazine’s how-to break-in section, for example, had hacked into a few Georgian sites just so he had something to write—and brag—about. Kris Kaspersky, a well-known Russian hacker and security expert, also ridiculed the notion that the Georgia hacks were hatched as part of a military intelligence campaign. “A prepubescent kid could have carried out the attacks,” Kaspersky told me. “A well-funded organization like the FSB can pull off much more effective Web site attacks.” Bringing down a few rinky-dink government and newspaper websites is a far cry from network warfare, Kaspersky argued. Indeed, it was at least as plausible that the hacks could have been self-inflicted: “In these kinds of conflicts, you have to look at who benefits,” he said. “If I was Georgia, I would attack myself.”

The Fog of the Data Log

There was a second, underreported side to the conflict: the cyber attacks went in both directions.

Even before the war broke out in August, South Ossetian websites came under attack. A few days before the shelling of South Ossetia began, someone skillfully broke into the website of the Republic’s television station, replacing news items on the number of Georgian troops killed in a shootout with South Ossetian troops with ones that claimed Russian mercenary fighters were among the casualties. As Georgian tanks rolled across the border, other South Ossetian news sites—some of which were hosted in Moscow—came under cyber attack. The website of South Ossetia’s Ministry of Information, a clearinghouse for South Ossetian news, buckled under a denial-of-service attack. At the same time, Russian news sites—including the Kremlin-funded Russia Today—were hit and suffered downtime during the war.

The cybersecurity industry is a multibillion-dollar boondoggle, employing shoddy forensic techniques and politicized investigations.
If you squinted at the conflict and looked at it from Russia’s and South Ossetia’s perspective, you could use the cyber attacks to prove the opposite of what Georgia and Western cyber experts were claiming: the cyber attacks proved that Georgia had planned its military invasion. And that was exactly what the South Ossetians were telling me. “They hoped that a media blackout of the atrocities they were committing against a civilian population would reduce resistance to the invasion, both locally and globally,” Yuri Beteyev, the founder and editor in chief of OsInform, South Ossetia’s only news agency, told me. He had been in Tskhinvali when Georgia’s heavy artillery rolled into town.

I traveled to Tbilisi, looking for evidence of the alleged Russian attack. I had scheduled interviews with newspapers, government agencies, and internet service providers. They all made grand claims about Russian cyber attacks, all of them short on specific evidence. Caucasus Online, one of Georgia’s largest ISPs, claimed the attacks started the day before the military action—which served in the company’s view as undeniable proof that the Russian government was coordinating them. But ISP officials could not provide any supporting data, and when I requested a sample of their logs from that day, company spokesmen claimed the data had been deleted.

I was shown a former Soviet government compound in the center of Tbilisi. The building was a modernist fortress: a slab of granite and concrete perched at the top of a steep hill. The seventh floor housed Georgia’s National Security Council, the coordinating body for the country’s military and intelligence agencies. In this ultrasecure location, Georgian officials spun a series of talking points about how the cyberwar proved Russian aggression. “For a small country like ours, information is the most powerful tool with which you can protect yourself. The Russians knew this,” Security Council director Alexander Lomaia told me. “One day, we find out that we are cut off from the world. All major websites—including government and media—were attacked. Their aim was to limit our ability to electronically communicate, and they succeeded.”

But Georgia is a poor, largely rural country with low internet connectivity outside the capital. Its level of cyber-activity ranked below that of countries like Nigeria, Bangladesh, Bolivia, and El Salvador. You could hardly launch a real cyber attack if you wanted too, since few Georgians outside Tbilisi used the internet at all, let alone for anything important. It was all hype and bluster—and very superficial.

Indeed, as in Moscow, critical journalists and techies in Georgia dismissed much of the hype. Yes, there were cyber attacks. Yes, they could have been directed by the Russian government. But they were so amateur and inconsequential that they had little effect. Their biggest contribution, in fact, was to bolster Georgian counter-propaganda claims, as each little hack was taken up by the Georgian government and broadcast as proof of Russian aggression. One journalist told me his colleagues had cheered news of Georgia-based cyber attacks against Russia. “A wave of jubilation spread through the forum when they managed to take down Russia Today for a few hours.” Patriotic hackers doing their part to fight Russia? This is exactly what cyber experts accused Russian security services of orchestrating against Georgia as part of the military invasion.

Following the Money

By the time I left Georgia in October, the cyberwar story was no longer obsessing political leaders and media producers in the West. Congress had voted to bail out Wall Street. The Georgia-Russia War dropped out of America’s collective memory almost as quickly as it had appeared, eclipsed by a scarier and much more direct threat to America: the meltdown of our financial system and the threat of a new Great Depression.

A year later, a European Union commission issued a detailed report that showed just how empty all the talk about cyber attacks and premeditated Russian war really was. The report put the blame for starting the war squarely on Georgia. But by then the Georgia-Russia War was ancient news. No one cared, and the report barely got a mention in the press. But Silicon Valley noticed.

While the financial industry was teetering on the brink of oblivion, another industry was being born: the cybersecurity complex. By now it is a multibillion-dollar boondoggle, employing shoddy forensic techniques and politicized investigations. But it is highly profitable. The boom has been driven by the grim leaky reality of our digital world. Not a month goes by without some huge corporation or government agency getting hacked, its data splattered across the internet or siphoned off for the exclusive use of scammers, corporate spies, and intelligence agencies.

Cybersecurity firms have stepped up to the challenge. They’ve attracted funding from the biggest and most powerful venture capital houses: Sequoia, Google Capital, and the like. Not surprisingly, the CIA’s in-house VC outfit, In-Q-Tel, has been a leading investor in this space. All these firms position themselves as objective forensic investigators, patiently sifting through the evidence to find the guilty party and then figuring out how to defend against it. They have been involved with diagnosing and attributing big hacks for shamefaced clients like Target, J.P. Morgan, and Sony Pictures. Investors and intelligence agencies sing the praises of the critical services these outfits offer in an online environment teeming with hostile threats.

But in private conversations, as well as little-noticed public discussions, security professionals take a dimmer view of the cybersecurity complex. And the more I’ve looked at the hysteria surrounding Russia’s supposed hacking of our elections, the more I’ve come to see it as a case study of everything wrong and dangerous about the cyber-attribution business.

Fancy Bears, Cozy Bears—Oh My!

Take CrowdStrike, the hottest cybersecurity firm operating today. Based in Irvine, California, CrowdStrike was launched in 2012 by two veterans of the cyber-attribution business: George Kurtz and Dmitri Alperovitch. Both previously worked for McAfee, an antivirus-turned-massive-cybersecurity firm now partially owned by Intel. But Kurtz and Alperovitch saw a market opportunity for a new boutique type of cyber-defense outfit and decided to strike out on their own. They also brought on board Shawn Henry, a top FBI official who had been in charge of running the agency’s worldwide cyber investigations.

CrowdStrike positioned itself as a next-generation full-service cybersecurity firm. Company officials argued that cybersecurity was no longer just about defense—there was too much data and too many ways of getting at it to protect everything all the time. You had to know your attacker. “Knowing their capabilities, objectives, and the way they go about executing on them is the missing piece of the puzzle in today’s defensive security technologies,” wrote CrowdStrike cofounder George Kurtz. “By identifying the adversary . . . we can hit them where it counts.”

CrowdStrike hit the big time in 2015 with a $100 million infusion from Google Capital (now Capital G), Google’s first-ever investment in a cybersecurity company. It was good timing, because CrowdStrike was about to be catapulted into the front ranks of cyber-threat assessors. Sometime in April or May, CrowdStrike got a call from the Democratic National Committee to investigate a possible intrusion into their servers. The company’s investigators worked with surprising efficiency. As one DNC insider explained to the New York Times, the company was able to make a definite attribution within a day. There was no doubt, CrowdStrike told its DNC clients—the Russian government did it.

Behold, virtuous American republic, the degradation Vladimir Putin has in store for you!
The results of CrowdStrike’s investigation were first broken by the Washington Post and then followed up in greater detail by CrowdStrike itself. In a post entitled “Bears in the Midst,” Dmitri Alperovitch attributed the hack to two distinct and very nefarious “Russian espionage” groups: Cozy Bear and Fancy Bear, among the most sophisticated cyber-operators CrowdStrike had ever come across. “In fact, our team considers them some of the best adversaries out of all the numerous nation-state, criminal and hacktivist/terrorist groups we encounter on a daily basis,” he wrote. “Their tradecraft is superb, operational security second to none and the extensive usage of ‘living-off-the-land’ techniques enables them to easily bypass many security solutions they encounter.”

These cyberspooks were allegedly behind a string of recent attacks on American corporations and think tanks, as well as recent penetrations of the unclassified networks of the State Department, the White House, and the U.S. Joint Chiefs of Staff. According to CrowdStrike, Cozy Bear was most likely the FSB, while Fancy Bear was linked to the “GRU, Russia’s premier military intelligence service.”

Here, the cyber experts were telling us, was conclusive evidence that both the FSB and the GRU targeted the central apparatus of the Democratic Party. CrowdStrike’s findings didn’t just cause a sensation; they carpet-bombed the news cycle. Reports that Vladimir Putin had tried to hack America’s democratic process raced around the world, making newspaper front pages and setting off nonstop cable news chatter.

The story got even hotter after a hacker who called himself Guccifer 2.0 suddenly appeared. He took credit for the DNC hack, called CrowdStrike’s investigation a fraud, and began leaking select documents pilfered from the DNC—including a spreadsheet containing names and addresses of the DNC’s biggest donors. The story finally started going nuclear when WikiLeaks somehow got hold of the entire DNC email archive and began dribbling the data out to the public.

A Terrible System

CrowdStrike stuck to its guns, and other cybersecurity firms and experts likewise clamored to confirm its findings: Russia was behind the attack. Most journalists took these security savants at their word, not bothering to investigate or vet their forensic methods or look at the way CrowdStrike arrived at its conclusions. And how could they? They were the experts. If you couldn’t trust CrowdStrike and company, who could you trust?

Unfortunately, there were big problems with CrowdStrike’s account. For one thing, the names of the two Russian espionage groups that CrowdStrike supposedly caught, Cozy Bear and Fancy Bear, were a fiction. Cozy Bear and Fancy Bear are what cyber monitors call “Advanced Persistent Threats,” or APTs. When investigators analyze an intrusion, they look at the tools and methods that the hackers used to get inside: source code, language settings, compiler times, time zones, IP settings, and so on. They then compare all these things against a database of previously recorded hacks that is shared among cyber professionals. If the attack fits an old profile, they assign it to an existing APT. If they find something new, they create a group and give it an official name (say, APT911) and then a cooler moniker they can throw around in their reports (say, TrumpDump).

CrowdStrike followed the protocols for existing APTs. Its investigation of DNC servers turned up two known threat actor groups: APT28 and APT29. Depending on the cybersecurity firm doing the analysis, these two APTs have been called by all sorts of names: Pawn Storm, Sofacy, Sednit, CozyCar, The Dukes, CozyDuke, Office Monkeys. Neither of them has ever been linked by any cybersecurity firm to the Russian government with certainty. Some firms have tried—most notably FireEye, CrowdStrike’s bigger and wealthier competitor. But FireEye’s evidence was ridiculously thin and inferential—in nearly any other industry, it would have been an embarrassment. Consider, for example, FireEye’s report on APT29:

We suspect the Russian government sponsors the group because of the organizations it targets and the data it steals. Additionally, APT29 appeared to cease operations on Russian holidays, and their work hours seem to align with the UTC +3 time zone, which contains cities such as Moscow and St. Petersburg.

Or consider FireEye’s report on APT28—which, among other things, attributes this attack group to a Russian intelligence unit active in Russia’s “invasion of Georgia,” an invasion that we know never took place.

They compile malware samples with Russian language settings during working hours consistent with the time zone of Russia’s major cities, including Moscow and St. Petersburg.While we don’t have pictures of a building, personas to reveal, or a government agency to name, what we do have is evidence of long-standing, focused operations that indicate a government sponsor—specifically, a government based in Moscow.

So, FireEye knows that these two APTs are run by the Russian government because a few language settings are in Russian and because of the telltale timestamps on the hackers’ activity? First off, what kind of hacker—especially a sophisticated Russian spy hacker—keeps to standard 9-to-5 working hours and observes official state holidays? Second, just what other locations are in Moscow’s time zone and full of Russians? Let’s see: Israel, Belarus, Estonia, Latvia, Moldova, Romania, Lithuania, Ukraine. If non-Russian-speaking countries are included (after all, language settings could easily be switched as a decoy tactic), that list grows longer still: Greece, Finland, Turkey, Jordan, Lebanon, Syria, Iraq, Saudi Arabia, Somalia, Yemen, Ethiopia, Kenya—the countries go on and on.

The flimsiness of this evidence didn’t stop CrowdStrike. Its analysts matched some of the tools and methods used in the DNC hack to APT28 and APT29, slapped a couple of Russian-sounding names with “bear” in them on their report, and claimed that the FSB and GRU did it. And most journalists covering this beat ate it all up without gagging.

“You don’t know there is anybody there. It’s not like it’s a club and everyone has a membership card that says Fancy Bear on it. It’s just a made-up name for a group of attacks and techniques and technical indicators associated with these attacks,” author and cybersecurity expert Jeffrey Carr told me. “There is rarely if ever any confirmation that these groups even exist or that the claim was proven as correct.”

Carr has been in the industry a long time. During the Russia-Georgia war, he led an open-source intelligence effort—backed by Palantir—in an attempt to attribute and understand the actors behind the cyberwar. I read his reports on the conflict back then and, even though I disagreed with some of his conclusions, I found his analysis nuanced and informative. His findings at the time tracked with those of the general cybersecurity industry and bent toward implicating the Russian government in the cyber attacks on Georgia. But these days Carr has broken with the cyberworld consensus:

Any time a cyber attack occurs nowadays you have cybersecurity companies looking back and seeing a historical record and seeing assignments on responsibility and attribution and they just keep plowing ahead. Whether they are right or wrong, nobody knows, and probably will never know. That’s how it works. It’s a terrible system.

This is forensic science in reverse: first you decide on the guilty party, then you find the evidence that confirms your belief.

Not for Attribution

Over time, bad evidence was piled on top of unsubstantiated claims and giant inductive leaps of logic to the point that, if you tried to figure out what was actually happening, you’d lose all sense of direction.

Matt Tait, a former GCHQ analyst and founder of Capital Alpha Security who blogs under the influential Twitter handle @pwnallthethings, found a Word document pilfered from the DNC and leaked by Guccifer 2.0. As he examined its data signatures, he discovered that it had been edited by Felix Edmundovich—a.k.a. Felix Dzerzhinsky, founder of the Cheka. To him, it was proof that Guccifer 2.0 was part of the same Russian intelligence operation. He really believed that the super sophisticated spy group trying to hide its Russian ties would register its Microsoft Word processor in the name of the leader of the infamously brutal Soviet security service.

CrowdStrike stuck to its guns: Russia was behind the attack. Most journalists took these security savants at their word, not bothering to vet their methods.
Meanwhile, Thomas Rid, a cyber expert based in London, drew a straight line from the DNC hacks to the attempted hacking of the Germans and TV5 to attacks on Georgia and Baltic States—even though on closer inspection none of those efforts had been linked to the Russian government.

John Podesta’s Gmail account was hacked with a rudimentary spear-phishing attack that tricked him into entering his password with a fake Google login page. His emails ended up on WikiLeaks, too. All sorts of people linked this to Russian military intelligence, with no concrete evidence to speak of.

Sensing its moment had arrived, CrowdStrike went into frenetic PR mode. The company released a series of cyber-attribution reports illustrated with sexy communist robots wearing fur hats, using visual marketing techniques in lieu of solid evidence.

After Donald Trump won the presidency, all these outlandish claims were accepted as unassailable truth. The “hacking” of the 2016 presidential election was the ultimate damning conclusion that cybersecurity experts were now working backward from. Just as Georgia’s compromised net infrastructure provided conclusive proof of Russia’s concerted plan to invade Georgia, Trump’s improbably successful presidential run demonstrated that Russian subterfuge, rather than the collapse of American political institutions, had elected a dangerous outsider president.

Watching this new round of cyber-attribution hysteria, I got a queasy feeling. Even Dmitri Alperovitch’s name sounded familiar. I looked through my notes and remembered why: he was one of the minor online voices supporting the idea that the cyber attacks against Georgia were some kind of Russian plot. Back then, he was in charge of intelligence analysis at Secure Computing Corporation, a cybersecurity company that also made censorship tools used by countries like Saudi Arabia. He was now not only running his own big shop, but also playing a central role in a dangerous geopolitical game.

In other words, the election-hacking panic was a stateside extension of the battle first joined on the ISP frontiers of the Georgia-Russia war. Impressionable journalists and Democratic party hacks who ignore this background do so at their peril—and ours.
https://thebaffler.com/salvos/from-russ ... nic-levine
Mazars and Deutsche Bank could have ended this nightmare before it started.
They could still get him out of office.
But instead, they want mass death.
Don’t forget that.
User avatar
seemslikeadream
 
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: The first global cyber war has begun

Postby seemslikeadream » Sun Nov 19, 2017 11:18 am

Image

URGENT call to action to protect #NetNeutrality. The FCC is about to announce a vote to slash net neutrality rules, allowing ISPs like Verizon to block apps, slow websites, and charge fees to control what you see & do online. Here's how to help stop it:

https://www.battleforthenet.com/
Mazars and Deutsche Bank could have ended this nightmare before it started.
They could still get him out of office.
But instead, they want mass death.
Don’t forget that.
User avatar
seemslikeadream
 
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: The first global cyber war has begun

Postby seemslikeadream » Fri Feb 02, 2018 8:50 am

Monkey Cage Analysis
Interpretation of the news based on evidence, including data, as well as anticipating how events might unfold based on past events

Here’s how hostile states are hiding behind ‘independent’ hackers

Image
By Tim Maurer February 1 at 9:20 AM

(Oxford University Press)
More and more states are using supposedly independent hackers as proxies to project power both at home and abroad. According to James R. Clapper Jr., former director of national intelligence, more than 30 countries are now pursuing offensive cyber capabilities. Some of them rely on hackers who are not part of the government. In the past, there has been more rumor than fact about how these proxy relationships are organized and structured. However, the veil of secrecy is beginning to lift.

For example, in November, a 22-year-old Canadian hacker pleaded guilty to having worked with two officers of the Russian intelligence agency FSB. A year earlier, Germany extradited a member of the Syrian Electronic Army to the United States. Meanwhile, the seven Iranian hackers accused of being responsible for the massive distributed denial of service DDoS attacks against financial institutions in the United States in 2012 remain at large. These and other cases provide new information about these proxy relationships and their consequences.

Malicious nonstate hackers are a real threat

Policymakers and academics have had a hard time keeping up with how cybersecurity is changing on the ground. Alarmist debates about whether “cyberwar” would take place did get senior policymakers and the public to care about cybersecurity, but at the expense of making them focus on the threat from other states and interstate conflict. This means that they have systematically neglected the role that hackers detached from the state play as proxies and how they facilitate state actors to develop and quickly deploy offensive cyber capabilities.

It is now clear that actors other than states can cause significant harm through hacking. In fact, less sophisticated actors can potentially pose a greater risk than sophisticated actors because they often lack the skills to develop more precise code that would limit the effect of the malware. The WannaCry ransomware that hit computer systems worldwide last year, and forced hospitals in the United Kingdom to turn patients away, demonstrates what can happen if a less sophisticated actor uses malware with the intent to cause harm.

3:37
What we know about Russia's cyber tactics

Here's what we know about the Kremlin's playbook for creating division in the U.S. (Jenny Starrs/The Washington Post)
It is possible to identify hackers

One of the big problems in cybersecurity is identifying attackers. This is referred to as the “attribution problem.” However, attributing malicious activity online has become easier in recent years. The Russian, Syrian and Iranian attacks mentioned above led to detailed indictments, which the U.S. government decided to unseal over the past two years. These indictments illustrate that, while attribution remains difficult, for the U.S. government it has become less a question whether it is possible but how long it will take and whether it is willing to disclose what it knows to the public.


Of course, part of the reason is that attackers make mistakes and can afford to be sloppy because they have to fear few consequences (if they remain beyond reach of U.S. agencies). That is why some governments, including the United States, and some specialized private threat intelligence companies, are able to successfully identify the source of an attack with sufficient confidence and evidence to make the case stick in court.

What hackers do tells us how states think

What proxies do helps tell us how their state sponsors think about cyberthreats and how they try to project power online. Tehran, for example, cares at least as much about hacking the accounts of dissidents and potential challengers to the regime as about espionage against other countries. Moscow, Beijing, Tehran and other governments don’t think in terms of cybersecurity but information security — a more expansive concept including content and the control of information. High-profile incidents during the past five years reflect this worldview; the attacks include the Sony cyberattack, the combination of information and cyberoperations in Ukraine and the GitHub incident. These differences among states explain why the international cybersecurity debate cannot be separated from discussions about human rights, at least not as long as some governments care more about regime stability and the perceived threat of information than about technical vulnerabilities and improving the resilience of computer systems.


Hacking is changing international relations

A decade ago, very few policymakers and media outlets paid serious attention to cybersecurity. After the Sept. 11, 2001, terrorist attacks and the Iraq War, they focused on terrorism and conventional war. Many were skeptical that hacking would have a systematic impact on international affairs. Today, it is clear that this hacking wasn’t just hype. It has given actors the ability to cause harmful effects around the globe — assuming there is Internet access — far more cheaply than through conventional means.

This increase in reach is the single most important reason why hacking poses new risks to international peace and security. For example, the tensions between the United States and North Korea did not first change from a regional to a global conflict because of the development of an intercontinental ballistic missile but because of North Korea’s ability to hack systems such as Sony’s. More recent incidents targeting SWIFT, the central nervous system of global finance, highlight how vulnerable even major financial institutions remain to third tier cyber-powers like North Korea.


More states are using proxies

More states have gotten a taste for exploiting the Internet for their purposes. Mercenaries like the 22-year old in Canada, who was paid by the Russian FSB, or politically driven hacktivists like the four Iranians in their mid-20s are helping countries to develop and deploy offensive cyber tools. Ensuring that proxy hackers do not escape their masters and countering their malicious behavior poses major policy challenges. Over the next few years, we will find out whether the new administration’s focus on trying to impose greater consequences in order to deter attacks will work. If successful, it will nudge other countries to tighten the leash on their proxies. If it raises the costs of malicious hackers only a little, it will likely just make them invest a little more time and money to become stealthier and better at hiding their tracks.

Tim Maurer is co-director of the Cyber Policy Initiative at the Carnegie Endowment for International Peace. In January 2018, Cambridge University Press published his “Cyber Mercenaries — The State, Hackers, and Power,” a comprehensive study of proxy relationships between states and hackers. You can follow him on Twitter @maurertim
https://www.washingtonpost.com/news/mon ... 78bffa4619
Mazars and Deutsche Bank could have ended this nightmare before it started.
They could still get him out of office.
But instead, they want mass death.
Don’t forget that.
User avatar
seemslikeadream
 
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: The first global cyber war has begun

Postby seemslikeadream » Thu Mar 08, 2018 3:32 pm

'Darknet' market spokesman pleads guilty to federal charge

By KATE BRUMBACK, Associated PressATLANTA
Posted 11:47 a.m. today

— An Illinois man who worked as a spokesman for a leading "darknet" marketplace that users accessed anonymously to buy and sell illicit goods pleaded guilty Thursday to a federal conspiracy charge in Atlanta.

Ronald L. Wheeler III of Streamwood, Illinois, worked for about two years as a public relations specialist for AlphaBay, which authorities have said was the world's leading darknet marketplace until it was taken down through an international law enforcement effort in July. People used it to trade in illegal drugs, guns, counterfeit goods and hacking tools, among other things.

Wheeler worked with others to steal personal information - including passwords, email addresses and bank account numbers - to obtain money, goods and services, prosecutors said in a court filing.

Wheeler, known online as Trappy and Trappy_Pandora, began working as AlphaBay's public relations specialist in May 2015. His duties included moderating the AlphaBay forum on Reddit and posting information about AlphaBay in other Reddit forums, mediating sales disputes among the marketplace's users, providing nontechnical assistance to users and promoting AlphaBay online, Assistant U.S. Attorney Samir Kaushal told the judge.

"Wheeler spent hours on the Dark Web and general Internet providing AlphaBay users tips for attempting to avoid detection by law enforcement," U.S. Attorney Byung J. "BJay" Pak said in a news release.

One of Wheeler's duties was to let AlphaBay users know when the site would be down for maintenance. That was important, Kaushal said, because it was necessary to reassure users that the site hadn't been taken down by law enforcement or otherwise compromised.

Wheeler was paid a salary in bitcoin, a digital currency, by Alexandre Cazes, the 25-year-old Canadian owner of AlphaBay who was known online as Alpha02 and Admin, the court filing says.

AlphaBay used Tor, a network of thousands of computers run by volunteers, to hide its tracks. With Tor, traffic gets relayed through multiple computers, with identifying information stripped at each stop so no single computer knows the full chain.

"If people think the Dark Web gives them autonomy to operate illegally behind a cyber-curtain without the scrutiny of law enforcement, then Mr. Wheeler's plea is a stark reminder that we won't let that happen," Special Agent David J. LeValley, who heads the FBI's Atlanta office, said in the release.

The court filing says Wheeler's work with AlphaBay ended July 3, 2017. Two days later, Cazes was arrested in Thailand with DEA and FBI assistance, with AlphaBay going offline. Cazes died in Thai police custody on July 12. The country's narcotics police chief told reporters at the time that Cazes hanged himself in jail just prior to a scheduled court hearing.

The police agency Europol estimates AlphaBay had done $1 billion in business since its 2014 creation. Cazes had amassed a $23 million fortune as the site's creator and administrator, according to court documents.

As part of a plea deal reached with prosecutors, Wheeler agreed to forfeit $27,562 in cash found in his home and 13.97 bitcoins, Kaushal said. Wheeler has also been cooperating with investigators.

U.S. District Judge Leigh Martin May accepted the 24-year-old Wheeler's guilty plea and set sentencing for May 24. Wheeler faces up to five years in prison and a fine of up to $250,000.
http://www.wral.com/-darknet-market-spo ... /17402036/



U.S. Attorneys » Northern District of Georgia » News

Department of Justice
U.S. Attorney’s Office
Northern District of Georgia
FOR IMMEDIATE RELEASE
Thursday, March 8, 2018
AlphaBay spokesperson Ronald L. Wheeler III a/k/a “Trappy” pleads guilty to conspiracy

ATLANTA - Ronald L. Wheeler, III, a/k/a Trappy, has pleaded guilty to conspiracy to commit access device fraud for working as a public relations specialist for the Dark Web Marketplace AlphaBay.

“Wheeler spent hours on the Dark Web and general Internet providing AlphaBay users tips for attempting to avoid detection by law enforcement,” said U.S. Attorney Byung J. “BJay” Pak. “His plea is the end of his nefarious career as an AlphaBay promoter.”

“If people think the Dark Web gives them autonomy to operate illegally behind a cyber-curtain without the scrutiny of law enforcement, then Mr. Wheeler’s plea is a stark reminder that we won’t let that happen,” said David J. LeValley, Special Agent in Charge, FBI Atlanta. “We will not stop diligently prosecuting those who choose to disobey our laws and threaten our communities.”

“In pleading guilty, Ronald Wheeler has become another example that you cannot hide behind the anonymity created by the Darkweb,” said Thomas J. Holloman, Special Agent in Charge, IRS Criminal Investigation. “IRS-CI, with its law enforcement partners, will continue to take every step in taking down those who create and facilitate Dark Web sites while attempting to hide their illegal profits by seeking payment in digital currencies such as Bitcoin.”

According to U.S. Attorney Pak, the charges, and other information presented in court: Ronald L. Wheeler III a/k/a Trappy conspired with Alexandre Cazes a/k/a Alpha02 a/k/a Admin, and others to commit access device fraud through the operation of The Onion Routing (“TOR”) Dark Web marketplace AlphaBay. AlphaBay was an international criminal marketplace that enabled users to purchase and sell stolen and fraudulently obtained access devices, illegal drugs, firearms, hacking tools, and other illicit goods and services. Sales listings on the website were organized into categories, including “Fraud,” “Drugs & Chemicals,” “Counterfeit Items,” “Weapons,” and “Carded Items.”

Shortly before AlphaBay was shut down by law enforcement, the website contained thousands of sales listings for illegal products, including approximately 4,488 sales listings for stolen personally identifying information; 28,800 sales listings for stolen online account information; 6,008 sales listings for stolen credit card information; 3,586 sales listings for computer hacking tools, such as botnets and exploit kits; and 257,533 sales listings for illegal drugs, including cocaine, heroin, and a variety of opioids. The sales of stolen personally identifying information, online account information, and credit card information all provided fertile grounds for access device fraud to flourish on the Dark Web. Aside from product listings, AlphaBay provided message board forums where users could securely discuss their criminal activities and receive support from AlphaBay staffers.

On or about May 25, 2015, Wheeler began working as a public relations specialist for AlphaBay. Wheeler’s duties included moderating the AlphaBay subreddit on the internet website reddit.com; moderating the AlphaBay message board forums; mediating sales disputes among AlphaBay users; promoting AlphaBay on the internet; and providing non-technical assistance to AlphaBay users. In return for his work, Wheeler received a salary in Bitcoin. Throughout his participation in the conspiracy, Wheeler advised the public on how to access AlphaBay and encouraged the public to use the website. Wheeler’s work with AlphaBay continued until early July 2017, when the FBI and its international law enforcement partners shut down the website.

Sentencing for Ronald Wheeler, III, a/k/a Trappy, 24, of Streamwood, Illinois has been scheduled for May 24, 2018 at 2:00 p.m., before U.S. District Judge Leigh M. May.

This case is being investigated by the FBI and Internal Revenue Service Criminal Investigation.

Assistant U.S. Attorney Samir Kaushal is prosecuting the case. Substantial assistance was provided by the U.S. Attorney’s Office for the Northern District of Illinois.

For further information please contact the U.S. Attorney’s Public Affairs Office at USAGAN.PressEmails@usdoj.gov (link sends e-mail) or (404) 581-6016. The Internet address for the U.S. Attorney’s Office for the Northern District of Georgia is http://www.justice.gov/usao-ndga.
https://www.justice.gov/usao-ndga/pr/al ... conspiracy
Mazars and Deutsche Bank could have ended this nightmare before it started.
They could still get him out of office.
But instead, they want mass death.
Don’t forget that.
User avatar
seemslikeadream
 
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Dutch took pictures of Russian hackers of US Democrats

Postby seemslikeadream » Mon Apr 01, 2019 3:12 pm

US intelligence able to claim high confidence intel assessments that Russia interfered

AIVD didn't just hack the servers - they hacked cameras WHERE THE HACKERS WERE SITTING

They know exactly who did what to hack US political targets.

Image
JANUARY 26 2018 - 11:07AM

Dutch took pictures of Russian hackers of US Democrats: local media

Amsterdam: The Dutch intelligence agency AIVD had access to the Russian group believed to be behind the hack of the Democratic Party years ahead of US elections, local media reported.

The Dutch intelligence group also hacked a security camera near the office entrance gaining images of the Russians involved, according to Dutch newspaper de Volkskrant.

AIVD managed to track down the physical location of a hacking group known as APT29, or Cozy Bear, to a university building near the Red Square, de Volkskrant reported.

The Moscow-based group is widely suspected of hacking the Democratic Party and is believed to be linked to the Russian government.

Current affairs program Nieuwsuur and newspaper de Volkskrant based the story on several anonymous intelligence sources in the Netherlands and the United States.

American intelligence agencies' 'high confidence' in attributing a Russian hand in the hacking of the Democratic Party comes from the AIVD hackers having "had access to the office-like space in the center of Moscow for years", the Dutch report says.



The Dutch intelligence professionals also gained access to security cameras which revealed who entered and exited the facility.

"Not only can the intelligence service now see what the Russians are doing, they can also see who's doing it," Volkskrant reported.

AIVD took pictures of every visitor which were then compared with known Russian spies.

For months rumours have circulated online about the role non-US intelligence agencies have played in tracking Russian efforts to hack US political figures and subvert the 2016 election.

The Volkskrant provides the clearest picture yet of the help received by US agencies.

One US official, former State Department official overseeing cyber issues, is quoted in the report saying: 'We'd never expected that the Russians would do this, attacking our vital infrastructure and undermining our democracy.'

Agents with the AIVD maintained access to the group's headquarters and between 2014 and 2017 and passed along information to the US Central Intelligence Agency and National Security Agency, the report said.

The Dutch intelligence may have contributed to the Federal Bureau of Investigation inquiry into alleged Russian interference in the 2016 election race, the report said.
http://www.theage.com.au/world/dutch-sp ... 125-p4yywo


Not only did the Dutch hack into Cozy Bear’s network, they also hacked the security cameras outside the building the Russian hackers worked in— allowing them to be identified and compared to known Russian spies.

Image
Image
Image
Image
Image
Image
Image

Dutch intelligence first to alert U.S. about Russian hack of Democratic Party
GISTEREN, 21:35 AANGEPAST GISTEREN, 21:44BUITENLAND
NIEUWSUUR
GESCHREVEN DOOR
Eelco Bosch van Rosenthal
verslaggever
In the Summer of 2015, Dutch intelligence services were the first to alert their American counterparts about the cyberintrusion of the Democratic National Committee by Cozy Bear, a hacking group believed to be tied to the Russian government. Intelligence hackers from Dutch AIVD (General Intelligence and Security Service) had penetrated the Cozy Bear computer servers as well as a security camera at the entrance of their working space, located in a university building adjacent to the Red Square in Moscow.

Over the course of a few months, they saw how the Russians penetrated several U.S. institutions, including the State Department, the White House, and the DNC. On all these occasions, the Dutch alerted the U.S. intelligence services, Dutch tv programme Nieuwsuur and de Volkskrant, a prominent newspaper in The Netherlands, jointly report on Thursday. This account is based on interviews with a dozen political, diplomatic and intelligence sources in The Netherlands and the U.S. with direct knowledge of the matter. None of them wanted to speak on the record, given the classified details of the matter.

Not only had Dutch intelligence penetrated the computer network of the hackers, they also managed to hack a security camera in the corridor. This allowed them to see exactly who entered the hacking room. Information about these individuals was shared with the US intelligence services. Dutch intelligence services consider Cozy Bear an extension of the SVR, the Russian foreign intelligence service, which is firmly controlled by President Putin.

The information shared by The Netherlands about the hacks at the DNC ended up on the desk of Robert Mueller, the Special Prosecutor leading the FBI investigation into possible Russian interference in the American elections. As early as December, the New York Times reported that information from, among others, Australia, the United Kingdom and The Netherlands had propelled the FBI investigation.

Gaining access to the network

In the summer of 2014, the Joint Sigint Cyber Unit (JSCU) was launched, a joint unit of AIVD and MIVD, the Dutch Military Intelligence and Security Service. Based in the Dutch city of Zoetermeer, it focuses on, among other things, obtaining intelligence through cyber operations. That same summer, the unit received a tip about a group of Russian hackers based at a university complex in Moscow. An AIVD hacking team, operating under the JSCU flag, subsequently succeeded in penetrating the internal Russian computer network. Not only did the AIVD gain access the computer network, it also hacked the security camera in the corridor.

After a few months, in November 2014, the Dutch watched as the Russian hackers penetrated the computer network of the State Department. After being alerted to this by the Dutch intelligence chiefs, it took the Americans over 24 hours to avert the Russian attack, after a digital clash which, years later, at a discussion forum in Aspen, the Deputy Director of the NSA would refer to as hand-to-hand combat . Basing itself on intelligence sources, the Washington Post wrote that a Western ally had been of assistance.

In the autumn of 2014, the Russians also gained access to the non-classified computer network of the White House. This allowed them to see confidential memos and non-public information about the itinerary of President Obama, and to at least part of President Obama's email correspondence. These hacks, too, were exposed by the Dutch intelligence services, which subsequently notified the Americans.

Cozy bear

The Russian hackers belong to a group that, over the years, the intelligence services and cyber security companies had referred to alternatively as The Dukes and APT29, but that for several years now has mostly been known as Cozy Bear. Most Western intelligence services assume that the group is controlled by foreign intelligence service SVR. For years, Western intelligence services and cyber security companies have been hunting the group, which has attacked government agencies and businesses around the globe, including in The Netherlands.

Together with another group of Russian hackers (Fancy Bear, also known as APT28), Cozy Bear is also held responsible for the cyberintrusion of the DNC. In April 2016, Fancy Bear accessed the Washington servers of the Democrats; Cozy Bear had done so as early as the summer of 2015. Once more, the group was caught red-handed by the Dutch, who again alerted their U.S. counterparts.

It is not clear why the hacks at the DNC could continue for so long despite the Dutch warnings. Last year, The New York Times reported that for months, the DNC had not taken the FBI warnings seriously. Eventually, cybersecurity company Crowdstrike, which was investigating the matter on behalf of the Democratic Party, also concluded that Cozy Bear and Fancy Bear were jointly responsible for the hacks. According to the US intelligence services, Russian officials eventually passed on the emails hacked by Fancy Bear to Wikileaks, which published them. The published emails caused a huge scandal in the American election campaign.

College Tour

Last Sunday on Dutch television programme College Tour, Rob Bertholee, head of AIVD, said that he had no doubt that the Kremlin was directly responsible for the Russian cyber campaign against U.S. government agencies. Bertholee as well as Pieter Bindt, who was heading MIVD at the time, personally discussed the DNC matter with James Clapper, at the time overall head of the US intelligence services, and Michael Rogers, who is soon to retire as the head of the NSA.

As of now, the AIVD hackers do not seem to have access to Cozy Bear any longer. Sources suggest that the openness of US intelligence sources, who in 2017 praised the help of a Western ally in news stories, may have ruined their operation. The openness caused great anger in The Hague and Zoetermeer. In the television programme College Tour, this month, AIVD director Bertholee stated that he is extra careful when it comes to sharing intelligence with the U.S., now that Donald Trump is President.
https://nos.nl/nieuwsuur/artikel/221376 ... party.html



from Bloomberg

Dutch Spied on Russian Group Linked to 2016 U.S. Election Hacks
By Wout Vergauwen
January 26, 2018, 3:38 AM CST Updated on January 26, 2018, 5:32 AM CST
Dutch agency hacked ‘Cozy Bear’ network in summer of 2014
Newspaper investigation cites six people with direct knowledge
The Dutch intelligence service passed on “crucial evidence” to the FBI about Russian interference in the 2016 U.S. presidential election, Dutch newspaper de Volkskrant reported Friday, citing the results of an investigation.

Hackers from the Dutch intelligence service known as the AIVD gained access to the network of Russian hacking group “Cozy Bear” in the summer of 2014. While monitoring the group’s activities, the AIVD learned of attacks launched on the Democratic Party, according to six unidentified American and Dutch sources cited by the investigation.


The information provided by the Dutch gave grounds for the FBI to start an investigation into the influence of Russian interference on the election race between Hillary Clinton and Donald Trump, according to the newspaper report based on a collaborative investigation with Eelco Bosch van Rosenthal, a journalist at Dutch news program Nieuwsuur. A spokeswoman for the AIVD declined to comment on the report when contacted by phone on Friday.

Russia didn’t hear any statement from Dutch special services in this case, Dmitry Peskov, spokesman for Russian president Vladimir Putin, told reporters on a conference call.

A Jan. 6, 2017 report issued by the Office of the Director of National Intelligence, based on an assessment by the CIA, FBI and NSA, said that the U.S. had “high confidence” that Putin had ordered “an influence campaign in 2016 aimed at the U.S. presidential election.” The Kremlin “aspired to help President-elect Trump’s election chances when possible by discrediting” Clinton, the report said.

Moscow Access

Volkskrant cited sources as saying this certainty was derived from “AIVD hackers having had access to the office-like space in the center of Moscow for years.”


Follow the Trump Administration’s Every Move
Based on pictures taken of visitors to the Moscow-based hacking center, the AIVD managed to deduce that the hacker group was led by Russia’s external intelligence agency, the SVR.

The AIVD and its military counterpart, MIVD, informed the NSA liaison at the U.S. embassy in The Hague in November 2014 of Russian preparations to attack the State Department, enabling the NSA and FBI to counter Russian attempts. The information was found important enough for the NSA to open a direct line with the AIVD headquarters in Zoetermeer, Netherlands.

Trump Won’t Admit Russian Meddling, Strengthening Putin’s Hand

The Americans were taken completely by surprise by the Russian aggression, the U.S.’s former top cyber diplomat, Chris Painter, told Volkskrant, adding that unpreparedness by the U.S. intelligence services was “one of the reasons the Dutch access was so appreciated.”

Volkskrant said it spoke with 15 people over the course of the seven-month investigation. Six of those had direct knowledge of the Dutch access while the other nine are familiar with the intelligence community, the working methods of Russian hacking groups or the U.S.-Dutch international relationship, it said.

“Throwing coal into the furnace of anti-Russian hysteria that’s going on in America is not the most noble task,” Russia’s Peskov commented on the Dutch newspaper reports.

— With assistance by Stepan Kravchenko
https://www.bloomberg.com/news/articles ... tion-hacks


from ZNET

Dutch spies tipped off NSA that Russia was hacking the Democrats, new reports claim

Netherlands intelligence penetrated Russia's US election hackers and alerted US counterparts, sources say.

By David Meyer for Benelux | January 26, 2018 -- 11:09 GMT (03:09 PST) | Topic: Security

The Netherlands AIVD's access to the Russian hackers' networks yielded "crucial evidence" of Russian involvement in the Democratic leaks.

Netherlands newspaper de Volkskrant and the public broadcaster NOS reported on Thursday evening that AIVD hackers had penetrated the Russian operation back in the summer of 2014.

The Russian operation was what security researchers at CrowdStrike would later dub Cozy Bear, which, along with a separate group called Fancy Bear, emerged as the prime suspects for the hacking of the Democratic National Committee (DNC) during the 2016 presidential election campaign.

The emails covered communications spanning 2015 and the early months of 2016 and -- when they appeared on a site called DCLeaks and on Julian Assange's WikiLeaks in mid-2016 -- they greatly embarrassed the Democrats at a crucial time in the campaign.

Apart from reams of sensitive personal information, the emails demonstrated that the DNC had clearly favored the candidacy of Hillary Clinton during the Democratic primaries, and had undermined Bernie Sanders' bid to take on the Republicans from the left.

According to the new reports, the AIVD's access to the Russian hackers' networks yielded "crucial evidence" of Russian involvement in the DNC leaks, a matter that is now a key focus of special prosecutor Robert Mueller's investigation into possible collusion between Donald Trump's campaign and the Kremlin.

What exactly did the Dutch spies learn about Cozy Bear, also known as APT29? The precise details remain a mystery for now, but Thursday's reports draw on six US and Netherlands sources to argue that the Russian operation was responsible for attacks around the world since 2010.

Targets included "governments, energy corporations and telecom companies", some of them in the Netherlands.

Cozy Bear apparently comprised around 10 active agents at most times. The AIVD managed to hack into the security camera watching those entering and leaving the hackers' room in a university building, which allowed the Dutch to figure out that Russia's Foreign Intelligence Service (SVR) was running the operation.

After the Dutch intelligence agency spotted the Russians hacking the US State Department and warned the NSA, a 24-hour-long battle between attackers and defenders reportedly ensued.

Before being booted out of the State Department's systems, the Russians managed to send a plausible-looking email to the White House, which in turn gave them access to servers holding some of then-president Barack Obama's emails.

In return for all this intelligence, the Americans reportedly sent some back to their Dutch counterparts, along with cake and flowers. However, the story has a sour ending.

With Trump denying any Russian support in his victory, US intelligence has been leaking like a sieve to prove the contrary. According to de Volkskrant, these leaks angered the Dutch, who didn't want their access -- now lost -- to be revealed, even if they were not specifically identified to the media as the source of all this crucial information.

As is the case with Israel and the UK, both of which have been burned by Trump himself after divulging intelligence to the US, the Dutch are now warier about sharing the secrets they find with the Americans.

http://www.zdnet.com/article/dutch-spie ... rts-claim/


from Reuters

Dutch intelligence agency spied on Russian hacking group: media

AMSTERDAM (Reuters) - The Dutch intelligence agency AIVD spied on the Russian group believed to be behind the hack of the Democratic Party ahead of U.S. elections, local media reported on Thursday.

Current affairs program Nieuwsuur and newspaper de Volkskrant based the story on several anonymous intelligence sources in the Netherlands and the United States.

The Moscow-based group known as Cozy Bear is widely suspected of hacking the Democratic Party and is believed to be linked to the Russian government.

Agents with the AIVD gained access to the group’s headquarters and between 2014 and 2017 passed along information to the U.S. Central Intelligence Agency and National Security Agency, the report said.

The Dutch intelligence may have contributed to the Federal Bureau of Investigation inquiry into alleged Russian interference in the 2016 election race, the report said.

The FBI and the AIVD were not immediately available for comment.

Reporting by Anthony Deutsch and Dustin Volz; Editing by James Dalgleish
https://www.reuters.com/article/us-neth ... SKBN1FE34W
Mazars and Deutsche Bank could have ended this nightmare before it started.
They could still get him out of office.
But instead, they want mass death.
Don’t forget that.
User avatar
seemslikeadream
 
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Dutch took pictures of Russian hackers of US Democrats

Postby MacCruiskeen » Mon Apr 01, 2019 3:22 pm

The Art of Collaborative Discussion
"Ich kann gar nicht so viel fressen, wie ich kotzen möchte." - Max Liebermann,, Berlin, 1933

"Science is the belief in the ignorance of experts." - Richard Feynman, NYC, 1966

TESTDEMIC ➝ "CASE"DEMIC
User avatar
MacCruiskeen
 
Posts: 10558
Joined: Thu Nov 16, 2006 6:47 pm
Blog: View Blog (0)

Re: Dutch took pictures of Russian hackers of US Democrats

Postby Belligerent Savant » Mon Apr 01, 2019 4:01 pm

.

Current affairs program Nieuwsuur and newspaper de Volkskrant based the story on several anonymous intelligence sources in the Netherlands and the United States.


I'd ask y'all to wake me when the FARCE finally subsides, but then I'd never wake up.

The FARCE will continue -- in myriad forms -- in perpetuity, so long as there are dupes to be fooled.

And there are plenty of dupes out there. Their numbers are increasing, in fact.


Enjoy the show.
User avatar
Belligerent Savant
 
Posts: 5217
Joined: Mon Oct 05, 2009 11:58 pm
Location: North Atlantic.
Blog: View Blog (0)

Re: Dutch took pictures of Russian hackers of US Democrats

Postby seemslikeadream » Mon Apr 01, 2019 4:09 pm

Visual guide: how Dutch intelligence thwarted a Russian hacking operation
Jon HenleyThu 4 Oct 2018 10.55 EDT
Four agents were caught trying to hack into the international chemical weapons watchdog’s headquarters in The Hague, according to Dutch authorities

Image
Four Russian GRU arrive in the Netherlands.
Four Russian GRU arrive in the Netherlands. Photograph: AP

The four men, named as IT experts Aleksei Morenets and Evgenii Serebriakov, and support agents Oleg Sotnikov and Alexey Minin, travelled on diplomatic passports to Amsterdam’s Schiphol airport on 10 April, and were met there by a Russian embassy official.

Image
The four GRU officers.
The four GRU officers. Photograph: Dutch Defence Ministry

All from the GRU’s unit 26165, their journey had begun at the Russian military intelligence agency’s headquarters; a mobile phone carried by one of the men had been activated just outside the building, while another had a taxi receipt for a journey from nearby to Moscow Sheremetyevo airport.

Image
A taxi receipt from near GRU headquarters.
A taxi receipt from near GRU headquarters. Photograph: Ministerie van Defensie/Dutch Ministry of Defence

On 11 April the four hired a car and spent the next two days on reconnaissance near the Organisation for the Prohibition of Chemical Weapons (OPCW) headquarters in The Hague on Johan de Witlaan, barely two minutes’ drive from the Russian embassy, their movements closely followed by the Dutch intelligence service MIVD.

On 13 April the four men parked their hire car, a Citroën C3, in the car park of the Marriott hotel next to the OPCW building, the headquarters of the organisation investigating both the use of chemical weapons in Syria and the previous month’s nerve agent attack in Salisbury. The men spent some time taking photographs. At this point the Dutch security agents intervened.

The Dutch agents apprehended the Russians.
Image

GRU officers being apprehended by Dutch intelligence. Photograph: Dutch Ministry of Defence/PA
In the boot of their car was uncovered an arsenal of specialist electronic wifi hacking equipment.

Image
The inside of the car
The inside of the car. Photograph: Ministerie van Defensie/Dutch Ministry of Defence

Among the equipment the Dutch seized were a computer, battery, transformer, a hacker’s so-called “wifi pineapple” and an antenna covered by a coat in the back of the car.

Specialist equipment intended for the alleged hacking of Wifi networks.
Image
Equipment for hacking wifi networks. Photograph: Dutch Ministry of Defence/PA
The Russians also had numerous mobile phones of different sizes and makes, the access codes for the OPCW network, and cash: €20,000 and $20,000.

Image
US dollars recovered by Dutch intelligence
US dollars recovered by Dutch intelligence. Photograph: Ministerie van Defensie/Dutch Ministry of Defence

The Dutch agents also recovered evidence the Russians were planning to target a Swiss OPCW lab, including train tickets from Utrecht to Basel on 17 April. The men were also travelling with Google Maps printouts of Russian consulates in the Swiss cities of Berne and Geneva.

Image
GRU close access cyber operation against OPCW Train tickets to Switzerland
Train tickets to Switzerland. Photograph: Ministerie van Defensie/Dutch Ministry of Defence
Image
GRU close access cyber operation against OPCW Google Maps print-outs
Google Maps printouts of Russian diplomatic residences. Photograph: Ministerie van Defensie/Dutch Ministry of Defence
On further investigation, agents said the Russians’ laptops also contained material related to the Dutch investigation into the 2014 downing of Malaysian Airlines flight MH17 over Ukraine and photos of one of the men at the Rio Olympics.
Image

Photo on Serebriakov’s laptop
Photo on Serebriakov’s laptop. Photograph: Ministerie van Defensie/Dutch Ministry of Defence

https://www.theguardian.com/world/2018/ ... -operation
Mazars and Deutsche Bank could have ended this nightmare before it started.
They could still get him out of office.
But instead, they want mass death.
Don’t forget that.
User avatar
seemslikeadream
 
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Dutch took pictures of Russian hackers of US Democrats

Postby seemslikeadream » Mon Apr 01, 2019 5:14 pm

How Russian Spies Infiltrated Hotel Wi-Fi to Hack Victims

Image
For years, the Kremlin's increasingly aggressive hackers have reached across the globe to hit targets with everything from simple phishing schemes to worms built from leaked NSA zero day vulnerabilities. Now, law enforcement agencies in the US and Europe have detailed another, far more hands-on tactic: Snooping on Wi-Fi from a vehicle parked a few feet away from a target office—or even from a laptop inside their hotel.

On Thursday, the US Department of Justice charged seven hackers working for the Russian military agency GRU with carrying out a vast intrusion campaign against a wide range of organizations. The targets include anti-doping agencies in Colorado, Brazil, Canada, Monaco and Switzerland, part of a retaliatory leaking campaign after Russia was accused of doping ahead of the 2016 and 2018 Olympics; the Westinghouse Electric Company's nuclear power operations, which supplies nuclear fuel to Ukraine; and the Spiez chemical testing laboratory in Switzerland and the Organization for the Prohibition of Chemical Weapons in the Netherlands, likely due to their investigations into the Novichok gas attack on a Russian intelligence defector in the UK earlier this year.
Image
Image

But some of the most surprising elements of those intrusion operations are the ones that got the Russian hackers caught red-handed: Parking vehicles outside of target buildings, and infiltrating Wi-Fi networks to hack victims.

“When the conspirators’ remote hacking efforts failed to capture log-in credentials, or if those accounts that were successfully compromised did not have the necessary access privileges for the sought-after information, teams of GRU intelligence officers traveled to locations around the world where targets were physically located,” the Justice Department’s indictment reads. "Using specialized equipment, and with the remote support of conspirators in Russia, these on-site teams hacked into Wi-Fi networks used by victim organizations or their personnel, including hotel Wi-Fi networks."

The new details on those in-person hacking operations illustrate just how brash the GRU's hackers have become, says John Hultquist, the director of research at security intelligence firm FireEye, who has closely tracked GRU operations for years. "If they're willing to play like this, they are extremely aggressive," Hultquist says. "It’s risky and brazen that they’re doing this physically. Obviously your chance of getting caught and exposed in person are higher, but it gives them a whole new avenue to get into networks that might have otherwise been a challenge."

Pineapple Express

In multiple cases, from Rio de Janeiro to Lausanne to Monaco, the Dutch intelligence agency MIVD and US Department of Justice describe how the Russian agents—usually two men named Evgenii Mikhaylovich Serebriakov and Aleksei Sergeyevich Morenets—worked in vehicles outside of hotels or offices, or in the buildings themselves, to compromise Wi-Fi networks and hack their targets in close proximity. In some cases, they'd use that access to steal victims' credentials. In others they'd attempt to plant espionage-oriented malware.

Image
Dutch Military Intelligence and Security Service
Finally, in one incident in the Hague last April, the indictment details how Dutch intelligence agents discovered four men—including Serebriakov, Morenet, and two others—in the middle of spying on the Wi-Fi network of the Organization for the Prohibition of Chemical Weapons. The Russian agents had set up a rental car with a large antenna in its trunk, hidden under a black jacket, facing the OPCW building and connected to a laptop and an external power supply. When the Russian team activated that equipment, Dutch agents somehow detected and disrupted the operation. They declined to say exactly how, and the MIVD declined WIRED's request for comment.

The four Russians were deported back to Moscow. But the equipment and evidence the Dutch agents seized told a detailed story of their work. Despite the Russians' attempt to destroy at least one phone after being outed, the Dutch investigators found signs that their laptops and phones had connected to Wi-Fi networks at several of their earlier hacking destinations. One even contained a photo of Serebriakov at the Rio Olympics.

"This is not spy versus spy. These were not passive intelligence gathering operations."
Scott Brady, DoJ
Serebriakov's backpack, in particular, included "additional technical equipment that the team could also use to surreptitiously intercept Wi-Fi signals and traffic," the indictment reads. Though it doesn't spell out how that equipment could penetrate password-protected Wifi networks, it does mention that Serebriakov carried a Wi-Fi Pineapple. Those book-sized devices are designed to spoof Wi-Fi networks so that victims connect to them rather than the intended, legitimate one, acting as a "man-in-the-middle" capable of spying on or altering their subsequent internet traffic.

The Dutch investigators also found additional clues, including a receipt for a taxi from a GRU facility to the Moscow airport, $20,000 in cash and another 20,000 Euros, as well as printouts of information that seemed to focus on the group's next target, the Spiez chemical testing facility in Switzerland. The printouts included maps of Russian diplomatic facilities in Bern and Geneva, from which the traveling GRU agents might might work, as well train tickets for Bern scheduled three days later.

Crossing the Line

Given that the US has now indicted those Russian hackers, exactly why the Dutch government deported them rather than extraditing them to the US or keeping them in the Netherlands to face charges remains a puzzling detail of the case, which the Dutch government declined to explain to WIRED. In a press conference Thursday, US Attorney Scott Brady nonetheless maintained that the "name and shame" tactic of indicting the hackers sends a signal to the Russian government that it will face consequences for its hyper-aggressive hacking. "There is deterrent value even if we can’t put our hands on the defendants at this time," Brady said, noting that if they travel outside of Russia they may still be vulnerable to arrest and extradition.

Criminal charges aren't the usual response to spying operations, given that the US usually seeks to avoid prosecuting foreign hackers for activities its own agencies carry out, too. But Brady emphasized that when the hackers leak the medical information of 250 athletes as part of their campaign to discredit global anti-doping agencies, they crossed a line.

US Attorney Scott Brady speaking at a press conference to announce the indictment of seven Russian intelligence hackers.
Alex Wong/Getty Images

"They cheated, they got caught, they were banned from the Olympics, they retaliated, and in retaliating, they broke the law, so they are criminals," Brady said. "This is not spy versus spy. These were not passive intelligence gathering operations. This is a criminal conspiracy which caused real harm to real victims."

Regardless of whether the criminal charges now levied against those hackers send the intended message to the Kremlin, they at least serve as a warning to the wary: Keep an eye on which Wi-Fi network you're connect to at your hotel—and also the rental car full of military-looking men sitting parked outside of it.
https://www.wired.com/story/russian-spi ... i-hacking/
Mazars and Deutsche Bank could have ended this nightmare before it started.
They could still get him out of office.
But instead, they want mass death.
Don’t forget that.
User avatar
seemslikeadream
 
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Dutch took pictures of Russian hackers of US Democrats

Postby Belligerent Savant » Mon Apr 01, 2019 6:10 pm

.

So is this a thread about hackers -- who happen to be Russian -- hacking things in the general sense?

Whats the point? I mean, there are hackers all over the world hacking every day, just like these Russian hackers.

I'm sure we can all benefit from yet ANOTHER thread related to THAT ONE NAME THAT SHALL NOT BE TYPED. That NAME has already infiltrated many of the threads and sub-forums in this space, due in large part to your tireless efforts.

And it shall continue. SLAD called it right: it won't stop with the Mueller charade. Perpetual charades to follow, and we all know we'll be kept UP TO SPEED RIGHT HERE. No need to refer to your Google News feed. It'll all be RIGHT HERE. And it'll continue well after Trump's elected again in 2020.

We'll have to light a fire to our RI page prior to that point, however -- our last hope to salvage what remains of our bearings.
User avatar
Belligerent Savant
 
Posts: 5217
Joined: Mon Oct 05, 2009 11:58 pm
Location: North Atlantic.
Blog: View Blog (0)

Re: Dutch took pictures of Russian hackers of US Democrats

Postby seemslikeadream » Mon Apr 01, 2019 6:25 pm

you are so much fun I am really glad you changed your mind and decided to keep reading instead of ignoring me.....I knew you were just kidding....I mean that commitment honestly is wearing pretty thin after a year...in your free time I am sure you could find something else to post about ...looking forward to it....maybe I'll even post something in your hacking thread

we......do you have a mouse in your pocket?

slow your roll BS or start a thread about something ...anything instead of constantly complaining about me or playing jokes on me in my threads ....that was really cute



just who did that April fools joke to whom?
Mazars and Deutsche Bank could have ended this nightmare before it started.
They could still get him out of office.
But instead, they want mass death.
Don’t forget that.
User avatar
seemslikeadream
 
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Dutch took pictures of Russian hackers of US Democrats

Postby alloneword » Mon Apr 01, 2019 6:42 pm

Belligerent Savant » Mon Apr 01, 2019 8:01 pm wrote:.

Current affairs program Nieuwsuur and newspaper de Volkskrant based the story on several anonymous intelligence sources in the Netherlands and the United States.


I'd ask y'all to wake me when the FARCE finally subsides, but then I'd never wake up.

The FARCE will continue -- in myriad forms -- in perpetuity, so long as there are dupes to be fooled.

And there are plenty of dupes out there. Their numbers are increasing, in fact.


Enjoy the show.


Rather a stale story, this one. A good reality check from Suzie Dawson a few months back:

10 reasons why the Dutch-Russia hacking story is fake news -- Puppet Masters -- Sott.net


Suzie Dawson
Tue, 30 Jan 2018 15:47 UTC

It was breathlessly announced today by that pillar of independent news sources, US intelligence contractor Eric Garland, that the Dutch possess incontrovertible proof that Russia indeed hacked the US election.

Citing an article in a Dutch publication, Garland let fly with a series of narrative tweets with screenshots of a translation of the article, to make his case.

His original tweet had already clocked over 1800 retweets by the time I happened across it.

Image

A quick Twitter search on "Dutch Russia election" returned hundreds of results, showing that indeed the story was being seeded across social media and replicated thousands of times by both sock puppets and well-meaning believers alike.


By the time I started writing this response, none other than MotherJones had published a craft-less regurgitation that barely scratched a few hundred words, citing only the Dutch article as the basis for the claims.

Image

I am still nostalgic for the pre-Clara Jeffery days when MotherJones could be relied on for cutting edge investigative journalism that didn't simply push intelligence community talking points and false flags, however they appear to be long gone.

But back to the specifics of this particular con-job, let's dissect the story itself, and see why it is completely ludicrous for anyone to take what is being claimed at face value.


1. The Russian Hackers were hacking from a university building when they were identified by the Dutch.

The Dutch article states:

"*It is the summer of 2014. A hacker from the Dutch intelligence agency AIVD has penetrated the computer network of a university building next to the Red Square in Moscow, oblivious to the implications. But one year later, from the AIVD headquarters in Zoetermeer, he and his colleagues are witness to Russian hackers launching an attack on the Democratic Party in the United States. The AIVD hackers had not infiltrated just any building; they were in the computer network of the infamous Russian hacker group Cozy Bear. And unbeknownst to the Russians, they could see everything*."

It never ceases to amaze me how intelligence agency narratives never fail to trip over their own shoelaces. How soon they forget, that one of their biggest attempts to discredit NSA whistleblower Edward Snowden, was over revelations he made about the USA hacking a major Chinese university, that were published by the South China Morning Post in June, 2013.

Image

Yes, that's right, one of the first major scoops of the Snowden files was that the NSA was targeting the computer networks of major universities in enemy nations.

The US was so up in arms about the revelation that they tried to claim it was proof that Snowden was aiding and abetting China by releasing that information. I addressed this in my 2015 article titled "Debunking The Dinosaurs; Dismantling Snowden's Detractors".

Another US deep state apologist, Michael Cohen, had demanded to know why Snowden "leaked operational info to [a] Chinese newspaper" and suggested that Snowden may have directly leaked them docs that might have ended up in the hands of the Chinese government (an abject falsehood).

Quoting my article:

As with much of Cohen's commentary, he fails to back up his accusations with references so this point has been particularly difficult to research. Many hours of reading South China Morning Post's Snowden archive later, and the only 'operational info' I've been able to establish that Snowden discussed with them, was wholesale spying on Chinese university students and on the SMS messages of the general population. Unless he is referring to the mention of mass surveillance being undertaken at-cable, which is a worldwide phenomenon that has been reported consistently around the globe, in many regions..

Indeed, the SCMP revelations fit perfectly with the ongoing theme of Snowden's leaks; where the public of various countries (most of the countries in the world in fact) are spied on by the U.S. in a wholesale fashion, without warrants or individual suspicion to justify the targeting.

Snowden's releases have not been about military versus military - but military versus civilians: mass surveillance. To expect him to exclude Chinese civilians, or Russian civilians, or any other, just because the names of those countries are incendiary to the U.S. political mainstream, would be to expect him to discriminate on the basis of nationality, the way his government does. Yet Snowden has very much proved to be a global citizen, and clearly does not adhere to the inherently unjust principle of 'American exceptionalism'. This does not detract from, but enhances his efficacy in the eyes of the global public.

So to put any credence in this Dutch-Russia-hacking story, you would have to believe that a year after the above Snowden revelations, the Russian government decided to run an elite hacking operation to compromise a foreign election out of a major university in the centre of Moscow, when it was already an established fact that the NSA targeted university networks.

Ridiculous.


2. The Dutch repeatedly notified the US about it.

The Dutch article continues:

"*That's how the AIVD becomes witness to the Russian hackers harassing and penetrating the leaders of the Democratic Party, transferring thousands of emails and documents. It won't be the last time they alert their American counterparts. And yet, it will be months before the United States realise what this warning means: that with this hacking the Russians have interfered with the American elections. And the AIVD hackers see it all happen*."

The idea that the US wasn't already monitoring the network traffic of a major Russian university smack in the middle of the capital Moscow, is unlikely enough but the idea that they didn't work out that Russia stealing emails and files from political leaders could amount to tampering in the US political process is even more far-fetched.

Them ignoring repeated warnings by an ally in and of itself would be entirely in character with their general ineptitude however Russia has been at the top tier of their target list in particular since Snowden was given asylum if not already prior. Such messages would not have been neglected given their level of interest in any activity of Russian origin post 2013.

This notion of the Dutch repeatedly alerting the Americans and the Americans doing nothing appears to be an attempt to explain the timeline of the leaks without overtly addressing it. The DNC emails span January 2015 until May 25th 2016. Therefore, to sell this nonsense story, they have to pretend the US ignored Dutch warnings, in order to explain how data could be allowed to be exfiltrated over such a long period of time.


3. Mueller's prime objective isn't Trump collusion, it's Russian hacking

Eric Garland's Twitter diatribe jumps from the above suppositions straight into the Mueller probe. His second screenshot of the article's translation begins: "After Trump's election in May 2017, this investigation was taken over by special prosecutor Robert Mueller. It also aims to uncover contacts between Trump's presidential campaign and the Russian government, but the prime objective is bringing to light the Russian interference with the elections."

Just as the news cycle has finally gotten to grips with the fact that even FBI agents working on the Mueller probe who hated Trump thought that there probably wasn't any evidence of Trump colluding with Russia, we are now to believe that the notion of Trump collusion, which was promised would bring down the President, was actually only ever secondary to establishing that Russian hacking occurred at all.

We are supposed to conveniently forget that the very first stipulation in the official terms for Mueller's probe was to establish if there were "any links and/or coordination between the Russian government and individuals associated with the campaign of President Donald Trump".

It's a classic bait and switch. Having failed at the 'collusion' narrative, they now wish us to believe it was always about Russian hacking, mmkay? Except that if it were, the FBI would have examined the DNC's servers immediately, which it famously did not.

Depending on who you believe, either the FBI didn't ask to examine the DNC servers, or the DNC didn't let the FBI examine the servers, or the DNC hired Crowdstrike to do it or the FBI hired Crowdstrike to do it:

Image

The utter confusion in the headlines of the mainstream media is indicative of the giant clusterfuck this Russian hacking story has been all along. No wonder people are bewildered by it all and so easily misled.


4. Anonymous sources, amnesiac author.

Glenn Greenwald has brilliantly demonstrated on more occasions than I can count, why claims such as those made in the Dutch story should never be taken at face value, especially when they come from anonymous sources at pivotal moments in time and just happen to serve the interests of the intelligence agencies.

As if the total lack of sourcing doesn't make this example dubious enough, the author of the article appears to be an amnesiac. Having claimed that repeated messages from the Dutch had been ignored by the Americans, the article soon does an about face:

"*Three American intelligence services state with 'high confidence' that the Kremlin was behind the attack on the Democratic Party. That certainty, sources say, is derived from the AIVD hackers having had access to the office-like space in the centre of Moscow for years. This is so exceptional that the directors of the foremost US intelligence services are all too happy to receive the Dutchmen, because not only do they provide technical evidence for the attack on the Democratic Party, it becomes apparent that they know a lot more*."

Perhaps this is a slip; one of the most notable architectural flaws of the article is its inability to articulate and stick to a cohesive timeline. But the further we get into it, the more and more inaccurate, disjointed and farfetched it becomes. Eventually it devolves into outright, easily disprovable disinformation.


5. Techno-babble

It's always a sure sign of B.S. when an article fails to competently describe the basics of the technologies and tactics they are claiming have been utilised.

The article states:

"*It's somewhat of a 'fluke' that the AIVD hackers were able to acquire such useful information in 2014. The team uses CNA, which stands for Computer Network Attack. These hackers are permitted to perform offensive operations: to penetrate and attack hostile networks*."

As SchnierBlog aptly describes, a Computer Network Attack is a debilitating act of sabotage undertaken to damage or destroy an adversary's network or hardware. A famous example of this would be the Stuxnet virus used to cripple Iran's centrifuges. Computer Network Exploitation, however, such as that which Edward Snowden undertook on behalf of the NSA, is where a network or machine is exploited for the purpose of spying on.

In order for the Dutch to have lurked "for years" as earlier claimed, they would have had to employ the latter, rather than the former approach. The article has misrepresented what they actually did, either because the source for their article is somewhat clueless, or the author is.

But that's not all.

The article says:

"*[The Dutch] team is part of the Joint SIGINT Cyber Unit, a collaborative unit of the AIVD and the Dutch Military Intelligence and Security Service MIVD, of about 300 people. It is unknown exactly what information the hackers acquire about the Russians, but it is clear that it contains a clue as to the whereabouts of one of the most well-known hacker groups in the world: Cozy Bear, also referred to as APT29*."

For those who don't know me, after spending years writing about Snowden, WikiLeaks, Greenwald and associated topics, I finally decided to study all of the Snowden documents myself, eventually teaming up with Elizabeth Lea Vos from Disobedient Media and launching the #DecipherYou series to see what the files contain that no one had previously reported on. The answer was, a lot.

(Studying the files has completely changed my view of the leaks, the intelligence agencies, the United Nations, and in fact the entire world around us and how it really works behind the facade of politics and media. But it has also made me quite adept at being able to "read between the lies" as one of my friends would say.)

So when I see a new term I don't recognise, such as "Joint SIGINT Cyber Unit" my reflex action is to go to EdwardSnowden.com and do a document search on the term. I didn't find anything. So I typed in "Netherlands" instead and read all the returned results. Bingo.

Image

Image

Significance:

a) A full year prior to supposedly penetrating the Russian network, the Dutch were creating a "Single Point of Contact" for all their domestic and military cyber agencies

b) They were already engaged in Cyberanalytic exchanges with the NSA

c) They had site visits at NSA headquarters

d) They were not yet mass surveilling their own population through cable-taps (where the entire net traffic of the country is bulk collected, a practice that has been pioneered in the West and turned against their own populations and the data funnelled back to NSA through 'partnership' agreements) but had plans to do so, which would have been of extreme interest to NSA, whose goal is to literally collect the entire world's internet traffic wholesale (known as the "collect it all" strategy)

e) The document lists no less than six direct NSA contacts at AIVD as of 2013, probably more (due to the redactions it is unclear which names are duplicated or not later in the document)

f) The document indicates several reasons to believe that the capabilities of the NSA significantly outstrip that of the Dutch

The above points indicate a level of closeness and accessibility that is in stark contrast to that described by the Dutch-Russia-hacking article, which attempts to depict the Dutch hacking team as independent and at arm's length from NSA, rather than the reality: AIVD is a full-fledged NSA second-tier Third Party partner, who divulges every detail of its organisational structure, capabilities, networks, systems and personnel to the NSA in return for advanced analytical capabilities, enhancements and technological support.


6. It is all based on alleged evidence that we will never get to see

Just as with the infamous, debunked Steele dossier, we are once again sold lies on the promise of the existence of video footage that we will never see.

But we have to believe it exists. Just like we have to take an anonymous source's word for it, even though they won't provide any of the evidence they claim to have seen.

Image

Contrary to the erroneous claim in the above tweet of the hackers being filmed where they were sitting, caught in the act, which had led me in turn to respond with this, the article doesn't actually state that the hackers were filmed where they were sitting, but instead that they were filmed passing in and out of a "curved hallway".

While Garland boisterously expounds "They know exactly who did what.." and the article states that the supposed images from the camera were "analyzed and compared to known Russian spies", in a country of 145 million people, they simply do not. Which is why the article tries to clean this discrepancy up with a promise of future value: "Again, they've acquired information that will later prove to be vital."


7. The Dog Whistle

This is the screenshot from Garland's tweet:

Image

The strange reference to MH17 sticks out like a sore thumb. Nowhere else is there any mention of the incident whatsoever, or any qualifier for the out-of-the-blue assertion that the hack must have occurred before MH17 was downed.

This singular, bizarre reference screams dog whistle.

By invoking this previous bone of Dutch-Russia contention, they are surreptitiously transmitting to both their allies and their competitors, the rationale for the Dutch involvement in this media psy-op. It is a calling card.


8. Star Wars and Further Timeline Violations

After a grand, epic battle between the foes, the good guys were victorious. Or so goes the fairy tale being painted for us by the Dutch.

Despite having tried to explain away the years of US inaction by them having missed messages from the Dutch, somehow the NSA are back in the picture in 2014 fighting a real-time cyberwar alongside the Dutch against these nefarious Russian hackers.

There are so many lies in this one screenshot it is almost worth an article in and of itself:

Image

Let's take the four feel-good paragraphs one by one. Firstly, they claim that the Russian hackers only ever got into "the non-classified part of the network." In other words, nothing to fear, dear public, our secrets were safe all along.

Except meanwhile back in reality, the USA is so lax with its data handling practices that even communications between Hillary Clinton when Secretary of State and the DIRECTOR OF THE CIA were caught up in forwarded and re-fowarded email chains on unclassified servers. How do I know this? Hilariously, from the DNC Leaks!

Image

The second paragraph assures us of the timely relaying of messages from the Dutch to the Americans, and the Americans leaping to action stations to notify their counterparts and neutralise the foreign threat.

The third paragraph oddly cites "American media" as the source for the information about this "rare battle" between the agencies, despite the fact that this is supposed to be a giddy exclusive of new information provided by the all-knowing Dutch source.

The fourth paragraph is difficult not to splutter one's coffee over. The Russians are oblivious to the counteraction - the FBI, NSA and the "crucial" Dutch move with "enormous speed". The Dutch and the Americans established a "direct line... to get the information to the United States as soon as possible", according to the article, even though in actuality the NSA has a multitude of direct real-time communications mechanisms with all of its partners, 24/7. So yup, they made a conference call. Gripping stuff.

Could it get any more overblown and dramatic? It's as good as reality TV, folks. Starring Louise Mensch.

But they aren't done yet. First we must literally extoll the historical alliances of global warfare, in order to drum up sufficient levels of emotion to render the cognitive abilities of the reader moot.

Image

Funnily enough, you'd think the "worst cyberattack in history" would have been when the Russians attacked the US energy grid. Except, whoops, it turns out that never happened.

Or maybe it was that time they hacked the German elections. Except, whoops, that never happened either.

How many Russian hacks have to turn out to have not happened before we stop listening to the idiots who keep telling us they did?


9. They lie about the methods of both attack and defence

The situation was so dire, the article claims, that "the Department had to cut off access to the e-mail system for a whole weekend in order to upgrade the security."

OK, let's get something straight. We know from the Snowden documents that the War on Terror was literally fought on Dell workstations with Oracle Databases and Microsoft Exchange Server. The Snowden document discussed earlier, about the Netherlands Cryptanalytic Partnership with the NSA? Read the small print and you see this:

"*80 percent of NSA tools used to find malware are commercial, while 100 percent of Dutch tools are*."

The idea that upgrading the State Department mail server would keep out a team of supposed elite Russian hackers acting on the order of or with the resources of a President is laughable.

But we knew this in June 2017, when the last ridiculous NSA report came out. Elite hackers simply don't behave the way that these foolish media psy-ops keep trying to portray them as.

Image

Image

But then, the NSA doesn't want us to know how elite hackers really behave. The only people giving us information about that have been Edward Snowden (TAO, JTRIG) and WikiLeaks (Vault 7, Vault 8). Both of whom, the NSA subsequently despise with a passion.


10. They avoid the obvious credible narrative like the plague

The only credible narrative in this whole shit-show is that every intelligence agency tries to undermine every other intelligence agency, whenever or however they can, during elections and not during them. The U.S., for example, deployed teams of spies from partner countries to infiltrate all the political parties in the French election. They literally wielded teams of human intelligence assets, on the ground in France, to their own ends. This is established fact, with ACTUAL EVIDENCE: the dispatch orders from the CIA.

That is what evidence of election meddling looks like, and it wasn't even against a supposed adversary - it was against an ally, and they used other allies to do it. But in this backwards, Orwellian world, we aren't allowed to tell the true story.

Instead we are spoon-fed nonsense like this Dutch tripe by comfortable pseudo-journalists and wealthy spin doctors dressed up as "security experts", while the few remaining truth tellers are screaming warnings to their dying breaths.

Then of course, there's these small (sarcasm) factors, supplied to me by a conscientious reader:

Image

Changes the picture just a little, huh?


In Conclusion

The saddest part of all is that I could change the title of this piece to "20 Reasons The Dutch-Russia Hacking Story Is Fake News" and continue with ease. There are another three screens in Garland's original diatribe, all chock full of Christopher Steele/GCHQ-grade nonsense and each one is even more fanciful than the last.

His story would have been as credible if his first tweet started with "Once upon a time" and his last tweet finished with "and they all lived happily ever after."

So instead, I'm going to do something different. I'm going to finish by telling you some truths about these agencies, and about the world and how it really works. Truths from the Snowden documents, that you haven't heard about yet, because the mainstream media would probably be fired if they reported on findings from #DecipherYou.

So here's my top 10 findings from that series, in no particular order:
  1. Internal NSA resistance to 9/11 Commission and Senate Intelligence Committees oversight
  2. All Osama bin Laden had to do to be undetectable by the NSA was use .PDF
  3. "It takes a village to spy on the UN" - State Department, NSA and CIA to name a few
  4. The US considers the UN to be an arm of US foreign policy
  5. NSA literally planning a system of global control - want their spying network to cover the entire globe
  6. Proof that NSA started handing over entire databases of data to their "customers" - not just reports
  7. Internally, NSA claimed credit for both Bush and Powell's bullshit Iraq War speeches at the UN
  8. NSA wants to take its battlefield targeting alert system used to kill people in Iraq and in war zones, and implement it globally
  9. NSA has access to and control over the satellites/hardware of partner nations
  10. It is a total myth that the CIA and NSA are in competition with each other, or that Snowden didn't leak info about the CIA/DIA etc. The documents paint the true picture.
Now, given all the above. The weight of which sits on my shoulders daily.

Tell me again how the biggest story in the world is whether Russia hacked the Democrats.


By Suzie Dawson

Twitter: @Suzi3D
Official Website: Suzi3d.com



The difference between Suzie Dawson and the hacks/idiots pushing this crapola is that Suzie Dawson actually knows what she's talking about.
User avatar
alloneword
 
Posts: 902
Joined: Mon Jan 22, 2007 9:19 am
Location: UK
Blog: View Blog (0)

Re: Dutch took pictures of Russian hackers of US Democrats

Postby seemslikeadream » Mon Apr 01, 2019 6:48 pm

I know trump says that all the time


https://www.youtube.com/watch?v=7BY8Qaj22Jg


https://www.youtube.com/watch?v=-b71f2eYdTc

NOTHING TO DO WITH RUSSIA :lol: :lol: :lol: :lol:

https://www.youtube.com/watch?v=923SiDdLSic

Suzie Dawson - Citizen Journalist | Kiwi Reporter, Blogger, Activist ... :P


continuing in the humor vein..yea it is still April fools day


Caitlin and Susie what a pair


seemslikeadream » Fri Jan 26, 2018 11:06 am wrote:Suzie needs to stick to the facts of the story instead of going after a guy on twitter....why would she do that?

cause facts are not fun


from Bloomberg

Dutch Spied on Russian Group Linked to 2016 U.S. Election Hacks
https://www.bloomberg.com/news/articles ... tion-hacks


from ZNET

Dutch spies tipped off NSA that Russia was hacking the Democrats, new reports claim
http://www.zdnet.com/article/dutch-spie ... rts-claim/


from Reuters

Dutch intelligence agency spied on Russian hacking group: media
https://www.reuters.com/article/us-neth ... SKBN1FE34W




oh btw Kim Dotcom is a massive fraud

---Barrett Brown


https://www.youtube.com/watch?v=deZfsFw4NoU

Pursuance Project
Published on Dec 10, 2017

The Pursuance Project severed ties to Suzie Dawson, head of the New Zealand Internet Party, and removed her from our private development server on Friday evening after she publicly accused our lead developer of "menacing" her via a sarcastic tweet asking her whether it was ever okay to criticize Julian Assange. After consulting with our other core contributors, I had her immediately removed from the chat server, a move that she's characterized as putting her in danger for reasons that are unclear. Here's an explanation of the circumstances for those who care.



Why Suzie Dawson was removed from Pursuance

When passionate people work on important projects, tempers can flare. Unfortunately, this can lead to organizational problems which are insurmountable, and action must be taken in order for the project as a whole to proceed. On Friday, things spun out of control between Suzie Dawson, head of the Internet Party of New Zealand, and our own chief developer, Steve Phillips. As a result of the escalation, Ms. Dawson has been removed from Pursuance-related chats and groups. She has requested that her PMs be sent to her, and we are contacting the various people she messaged and suggesting they comply (since we don’t have those messages).
Here’s Barrett discussing the issue on Sunday.

In addition, he remarks:
We obviously don’t usually kick people off, but I have a responsibility to those who are volunteering heavily on the project not to put them in a position where they can be subjected to that sort of allegation, which can obviously damage a person’s ability to work.
Those tweets are all public so anyone can see and decide for themselves what to make of them.
One of the good things about the actual platform of Pursuance is that people can self-segregate into groups of people they’re entirely comfortable with while still reaching out to other groups that may have different values and collaborating on limited aims, without having a bunch of people with fundamental disagreements being placed into a position where they’re going to fruitlessly argue.
We wish Suzie and the Internet Party of New Zealand well, and are continuing to work to bring Pursuance to fruition one safe, encrypted step at a time.
UPDATE: Oh, Julian, put the phone down. Assange has accused us of having removed Ms. Dawson because she supports Julian Assange, which is untrue. No one has ever been removed from Pursuance for supporting anyone at WikiLeaks.
https://pursuanceproject.wordpress.com/ ... pursuance/


please get a grip Suzie about the Clinton uranium thing ..in the words of Rory

Christ. Fakenewz


Suzie Dawson: Campaigning from Moscow
https://www.radionz.co.nz/national/prog ... rom-moscow


MacCruiskeen » Thu Jul 06, 2017 9:39 am wrote:Mr Brown is a damn good writer.




https://www.youtube.com/watch?v=Ksq6eNBO5v0




Barret Brown Sentenced to 63 Months In Prison For a Link
viewtopic.php?f=8&t=38734


I'll go with Barrett Brown


WikiLeaks' Julian Assange Is Accused of Endangering Whistleblowers
viewtopic.php?f=8&t=29320&start=390


WikiLeaks: Why is the Freedom of the Press Foundation cutting ties with Julian Assange?
viewtopic.php?f=8&t=29320&start=390
Mazars and Deutsche Bank could have ended this nightmare before it started.
They could still get him out of office.
But instead, they want mass death.
Don’t forget that.
User avatar
seemslikeadream
 
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

PreviousNext

Return to General Discussion

Who is online

Users browsing this forum: No registered users and 53 guests