“Russian investigators … opened a criminal probe into a failed rocket launch that caused a two-man crew to make an emergency landing shortly after blast-off to the [International Space Station] …. U.S. astronaut Nick Hague and Russian cosmonaut Aleksey Ovchinin were rescued without injuries …. An ‘anomaly’ with the booster led to the voyage … being aborted two minutes in, NASA said. The Russian space industry has suffered a series of problems in recent years, including the loss of a number of satellites and cargo spacecraft. [Roscosmo is headed by] Dmitry Rogozin … appointed by … Putin ….”
“… Accused by a number of Western nations and their Middle Eastern allies of war crimes, Assad has managed to largely overcome a 2011 rebel and jihadi uprising with the support of Russia and Iran. * * * The United States, Israel, Qatar, Saudi Arabia and Turkey were among the countries to fund efforts to overthrow the Syrian leader. The rise of ultraconservative Sunni Muslim organizations such as the Islamic State … and a sweeping Syrian military comeback … have changed the dynamics ….Defense Secretary James Mattis [said] in August that the U.S. goal was to ‘move the Syria civil war into the Geneva process so the Syrian people can establish a new government … not led by Assad and give them a chance for a future that Assad has denied them, with overt Russian and Iranian support.’ A document submitted by Secretary of State Mike Pompeo and other top diplomats … stressed that their countries would not support Syrian reconstruction efforts ‘before the beginning of political process led by the United Nations to achieve a comprehensive, honest and true political transition that cannot be reversed,’ according to Saudi Arabia’s Asharq Al-Awsat newspaper. …”
SCW RUSSIAWIRE TRANSCRIPT, LINKS, WANTED POSTER: “U.S. Charges Russian GRU Officers with International Hacking and Related Influence and Disinformation Operations” – DOJ
FBI wanted poster and DOJ news release follow further below
Click here for:
- PDF of the 41-page indictment
- DOJ links hub for related materials
- DOJ news release
- FBI Wanted Poster
In the latest round of U.S. indictments of Russian figures in connection with espionage, hacking, or other covert activities, the U.S. Department of Justice, on Thursday, Oct. 4, 2018, announced an indictment, in the U.S. District Court for the Western District of Pennsylvania, of Russian GRU military intelligence officers Leksei Sergeyevich Morenets, Evgenii Mikhaylovich Serebriakov, Ivan Sergeyevich Yermakov, Artem Andreyevich Malyshev, Dmitriy Sergeyevich Badin, Oleg Mikhaylovich Sotnikov and Alexey Valerevich Minin, for conspiracy, wire fraud, conspiracy to commit wire fraud, aggravated identity theft and conspiracy to launder money.
The Russian hacking and other covert activities were alleged to included activities targeting: international efforts against Russia’s state-sponsored program athletic doping; international efforts to enforce international norms regarding chemical weapons; and Westinghouse in western Pennsylvania.
[TRANSCRIPT OF DOJ NEWS RELEASE FOLLOWS]
Department of Justice
Office of Public Affairs
FOR IMMEDIATE RELEASE
Thursday, October 4, 2018
U.S. Charges Russian GRU Officers with International Hacking and Related Influence and Disinformation Operations
Conspirators Included a Russian Intelligence “Close Access” Hacking Team that Traveled Abroad to Compromise Computer Networks Used by Anti-Doping and Sporting Officials and Organizations Investigating Russia’s Use of Chemical Weapons
A grand jury in the Western District of Pennsylvania has indicted seven defendants, all officers in the Russian Main Intelligence Directorate (GRU), a military intelligence agency of the General Staff of the Armed Forces of the Russian Federation, for computer hacking, wire fraud, aggravated identity theft, and money laundering.
According to the indictment, beginning in or around December 2014 and continuing until at least May 2018, the conspiracy conducted persistent and sophisticated computer intrusions affecting U.S. persons, corporate entities, international organizations, and their respective employees located around the world, based on their strategic interest to the Russian government.
Among the goals of the conspiracy was to publicize stolen information as part of an influence and disinformation campaign designed to undermine, retaliate against, and otherwise delegitimize the efforts of international anti-doping organizations and officials who had publicly exposed a Russian state-sponsored athlete doping program and to damage the reputations of athletes around the world by falsely claiming that such athletes were using banned or performance-enhancing drugs.
The charges were announced at a press conference by Assistant Attorney General for National Security John C. Demers, United States Attorney for the Western District of Pennsylvania Scott W. Brady, FBI Deputy Assistant Director for Cyber Division, Eric Welling, and Director General Mark Flynn for the Royal Canadian Mounted Police.
“State-sponsored hacking and disinformation campaigns pose serious threats to our security and to our open society, but the Department of Justice is defending against them,” Attorney General Jeff Sessions said. “Today we are indicting seven GRU officers for multiple felonies each, including the use of hacking to spread the personal information of hundreds of anti-doping officials and athletes as part of an effort to distract from Russia’s state-sponsored doping program. The defendants in this case allegedly targeted multiple Americans and American entities for hacking, from our national anti-doping agency to the Westinghouse Electric Company near Pittsburgh. We are determined to achieve justice in these cases and we will continue to protect the American people from hackers and disinformation.”
“The investigation leading to the indictments announced t (link is external)oday is the FBI at its best,” said FBI Director Christopher Wray. “The actions of these seven hackers, all working as officials for the Russian government, were criminal, retaliatory, and damaging to innocent victims and the United States’ economy, as well as to world organizations. Their actions extended beyond borders, but so did the FBI’s investigation. We worked closely with our international partners to identify the actors and disrupt their criminal campaign – and today, we are sending this message: The FBI will not permit any government, group, or individual to threaten our people, our country, or our partners. We will work tirelessly to find them, stop them, and bring them to justice.”
“We want the hundreds of victims of these Russian hackers to know that we will do everything we can to hold these criminals accountable for their crimes,” said U.S. Attorney Brady. State actors who target U.S. citizens and companies are no different than any other common criminal: they will be investigated and prosecuted to the fullest extent of the law.”
The defendants, all Russian nationals and residents, are Aleksei Sergeyevich Morenets, 41, Evgenii Mikhaylovich, Serebriakov, 37, Ivan Sergeyevich Yermakov, 32, Artem Andreyevich Malyshev, 30, and Dmitriy Sergeyevich Badin, 27, who were each assigned to Military Unit 26165, and Oleg Mikhaylovich Sotnikov, 46, and Alexey Valerevich Minin, 46, who were also GRU officers.
The indictment alleges that defendants Yermakov, Malyshev, Badin, and unidentified conspirators, often using fictitious personas and proxy servers, researched victims, sent spearphishing emails, and compiled, used, and monitored malware command and control servers.
When the conspirators’ remote hacking efforts failed to capture log-in credentials, or if the accounts that were successfully compromised did not have the necessary access privileges for the sought-after information, teams of GRU technical intelligence officers, including Morenets, Serebriakov, Sotnikov, and Minin, traveled to locations around the world where targets were physically located. Using specialized equipment, and with the remote support of conspirators in Russia, including Yermakov, these close access teams hacked computer networks used by victim organizations or their personnel through Wi-Fi connections, including hotel Wi-Fi networks. After a successful hacking operation, the close access team transferred such access to conspirators in Russia for exploitation.
Among other instances, the indictment alleges that following a series of high-profile independent investigations starting in 2015, which publicly exposed Russia’s systematic state-sponsored subversion of the drug testing processes prior to, during, and subsequent to the 2014 Sochi Winter Olympics (according to one report, known as the “McLaren Report”), the conspirators began targeting systems used by international anti-doping organizations and officials. After compromising those systems, the defendants stole credentials, medical records, and other data, including information regarding therapeutic use exemptions (TUEs), which allow athletes to use otherwise prohibited substances.
Using social media accounts and other infrastructure acquired and maintained by GRU Unit 74455 in Russia, the conspiracy thereafter publicly released selected items of stolen information, in many cases in a manner that did not accurately reflect their original form, under the false auspices of a hacktivist group calling itself the “Fancy Bears’ Hack Team.” As part of its influence and disinformation efforts, the Fancy Bears’ Hack Team engaged in a concerted effort to draw media attention to the leaks through a proactive outreach campaign. The conspirators exchanged e-mails and private messages with approximately 186 reporters in an apparent attempt to amplify the exposure and effect of their message.
Each defendant is charged with one count of conspiracy to commit computer fraud and abuse, which carries a maximum sentence of five years in prison, one count each of conspiracy to commit wire fraud and conspiracy to commit money laundering, both of which carry a maximum sentence of 20 years. Defendants Morenets, Serebriakov, Yermakov, Malyshev, and Badin are each also charged with two counts of aggravated identity theft, which carries a consecutive sentence of two years in prison. Defendant Yermakov is also charged with five counts of wire fraud, which carries a maximum sentence of 20 years.
Defendants Yermakov, Malyshev, and Badin are also charged defendants in federal indictment number CR 18-215 in the District of Columbia, and accused of conspiring to gain unauthorized access into the computers of U.S. persons and entities involved in the 2016 U.S. presidential election, steal documents from those computers, and stage releases of the stolen documents to interfere with the 2016 U.S. presidential election.
According to the indictment:
Context of the Hacking and Related Influence and Disinformation Efforts
In July 2016, the World Anti-Doping Agency’s (WADA) Independent Person Report (the “First McLaren Report”) was released, describing Russia’s systematic state-sponsored subversion of the drug testing process prior to, during, and subsequent to the 2014 Sochi Winter Olympics. This investigation had the support of advocates for clean sports, including the United States Anti-Doping Agency (USADA), the Canadian Centre for Ethics in Sport (CCES, Canada’s anti-doping agency). Eventually, in some instances only after arbitration rulings by the International Court of Arbitration for Sport (TAS/CAS), approximately 111 Russian athletes were excluded from the 2016 Summer Olympic Games, in Rio de Janeiro, Brazil, by a number of international athletics federations, including track-and-field’s International Association of Athletics Federations (IAAF). The International Paralympic Committee (IPC) further imposed a blanket ban of Russian athletes from the 2016 Paralympic Games, which were also held in Rio.
Intrusion Activities in Rio de Janeiro, Brazil
Days after the release of the First McLaren Report and the International Olympic Committee’s and IPC’s subsequent decisions regarding the exclusion of Russian athletes, the conspirators prepared to hack into the networks of WADA, the United States Anti-Doping Agency (USADA), and TAS/CAS. The conspirators, including specifically defendants Yermakov and Malyshev, procured spoofed domains (which mimicked legitimate WADA and TAS/CAS domains) and other infrastructure, probed such entities’ networks, and spearphished WADA and USADA employees. Although Yermakov and Malyshev are both alleged to have prepared to send spearphishing e-mails to TAS/CAS, the indictment does not allege that organization was compromised.
Likely as a result of the conspirators’ failure to capture necessary log-in credentials, or because those victim accounts that were successfully compromised did not have the necessary access privileges for the sought-after information, defendants Morenets and Serebriakov, in at least one instance with the remote support of Yermakov, deployed to Rio to conduct hacking operations targeting and maintaining persistent access to Wi-Fi networks used by anti-doping officials. As a result of these efforts, in August 2016, the conspirators captured that IOC official’s credentials and thereafter used them, and another set of credentials belonging to the same official to gain unauthorized access to an account in WADA’s ADAMS database and medical and anti-doping related information contained therein. (The broader ADAMS database was not compromised in the intrusion.)
Also in 2016, a senior USADA anti-doping official traveled to Rio de Janeiro for the Olympics and Paralympic games. While there, the USADA official used Wi-Fi at the hotel and other Wi-Fi access points in Rio to remotely access USADA’s computer systems and conduct official business. While the USADA official was in Rio, conspirators successfully compromised the credentials for his or her USADA email account, which included summaries of athlete test results and prescribed medications.
Intrusion Activities in Lausanne, Switzerland
In mid-September 2016, WADA hosted an anti-doping conference in Lausanne, Switzerland. On September 18, 2016, defendants Morenets and Serebriakov traveled to Lausanne with equipment used in close access Wi-Fi compromises. On or about September 19, 2016, Morenets and Serebriakov compromised the Wi-Fi network of a hotel hosting the conference and leveraged that access to compromise the laptop and credentials of a senior CCES official staying at the hotel. Other conspirators thereafter used the stolen credentials to compromise CCES’s networks in Canada, using a tool used to extract hashed passwords, the metadata of which indicated it was compiled by Badin.
Intrusion Targeting Anti-Doping Officials at Sporting Federations
In December 2016 and January 2017, conspirators successfully compromised the networks of IAAF and the Fédération Internationale de Football Association (“FIFA”) and targeted computers and accounts used by each organization’s top anti-doping official. Among the data stolen from such officials were keylogs, file directories, anti-doping policies and strategies, lab results, medical reports, contracts with doctors and medical testing labs, information about medical testing procedures, and TUEs.
Related GRU Influence and Disinformation Operations
On September 12, 2016, shortly after the compromise of the IOC official’s ADAMS credentials, but before the compromise of USADA’s and CCES’s networks, conspirators claiming to be the hacktivist group Fancy Bears’ Hack Team used online accounts and other infrastructure procured and managed by Unit 74455, as well as the website fancybears.net, to publicly release TUEs, other medical information, and emails stolen from anti-doping officials at WADA, USADA, CCES, IAAF, FIFA, and approximately 35 other anti-doping agencies or sporting organizations. In some instances, the WADA documents were modified from their original form. Ultimately, the Fancy Bears’ Hack Team released stolen information that included private or medical information of approximately 250 athletes from almost 30 countries.
The conspirators’ release of the stolen information was, in some instances, accompanied by posts and other communications that parroted or supported themes that the Russian government had used in its official narrative regarding the anti-doping agencies’ investigative findings. From 2016 through 2018, the conspirators engaged in a proactive outreach campaign, using Twitter and e-mail to communicate with approximately 186 reporters about the stolen information. After articles were published, conspirators used the Fancy Bears’ Hack Team social media accounts to draw attention to the articles in an attempt to amplify the exposure and effect of their message.
Other Targets of the Conspiracy
The conspiracy is also alleged to have targeted other entities in the Western District of Pennsylvania and abroad that were of interest to the Russian government. For example, as early as November 20, 2014, Yermakov performed reconnaissance of Westinghouse Electric Company’s (WEC) networks and personnel. In the following months, Yermakov and conspirators created a fake WEC domain and sent spearphishing emails to WEC employees’ work and personal email accounts, which were designed to harvest the employees’ log-in credentials.
More recently, in April 2018, Morenets, Serebriakov, Sotnikov, and Minin, all using diplomatic passports, traveled to The Hague in the Netherlands in furtherance of another close access operation targeting the Organisation for the Prohibition of Chemical Weapons (OPCW) computer networks through Wi-Fi connections. All four GRU officers intended to travel thereafter to Spiez, Switzerland, to target the Spiez Swiss Chemical Laboratory, an accredited laboratory of the OPCW which was analyzing military chemical agents, including the chemical agent that the United Kingdom authorities connected to the poisoning of a former GRU officer in that country. However, Morenets, Serebriakov, Sotnikov, and Minin were disrupted during their OPCW hacking operation by the Militaire Inlichtingen- en Veiligheidsdienst (MIVD), the Dutch defense intelligence service. As part of this disruption, Morenet’s and Serebriakov’s abandoned the Wi-Fi compromise equipment, which they had placed in the trunk of a rental car parked adjacent to the OPCW property. Data obtained from at least one item of this equipment confirmed its operational use at multiple locations around the world, including connections to the Wi-Fi network of the CCES official’s hotel in Switzerland (the dates the conspirators conducted the Wi-Fi compromise of the senior CCES official’s laptop at the same hotel), and at another hotel in Kuala Lumpur, Malaysia in December 2017.
In connection with the unsealing of the indictment, and in an effort to limit further exposure of the private lives of victim athletes, the FBI seized the fancybears.net and fancybears.org domains pursuant to court orders issued on October 3, 2018, in the Western District of Pennsylvania.
The charges contained in the indictment are merely accusations, and the defendants are presumed innocent unless and until proven guilty. Moreover, the maximum potential sentences in this case are prescribed by Congress and are provided here for informational purposes only, as any sentence of a defendant will be determined by the assigned judge.
The FBI, led by the Pittsburgh and Philadelphia Field Offices, conducted the investigation that resulted in charges announced today. The FBI’s investigation was assisted by a parallel, independent Royal Canadian Mounted Police investigation. This case is being prosecuted by the U.S. Attorney’s Office for the Western District of Pennsylvania and the National Security Division’s Counterintelligence and Export Control Section. The Criminal Division’s Office of International Affairs provided assistance throughout this investigation, as did the MIVD, the Government of the Netherlands, Switzerland’s Office of the Attorney General, the U.K.’s National Security and Intelligence Agencies, and many of the FBI’s Legal Attachés and other foreign authorities around the world.
Note: More information can be found at [justice.gov/opa/documents-and-resources-october-4-2018-press-conference]
National Security Division (NSD)
Press Release Number:
18 – 1296
SCW RUSSIAWIRE: “Russian spies accused of targeting watchdog investigating UK chemical attacks, probe into MH17 crash[; U.S. indicts Russian military intelligence figures” – Fox News
“Russia’s military spy service has been behind a wave of massive cyber attacks … with targets ranging from the international chemical weapons watchdog group to the probe into the downing of a Malaysian Airlines plane over Ukraine, officials said Thursday. … the [UK] National Cyber Security Centre … [indicated] that Russia’s GRU has engaged in ‘indiscriminate and reckless’ cyber attacks … target[ing] ‘political institutions, businesses, media, and sport.’ * * * ‘… demonstrat[ing] their desire to operate without regard to international law or established norms … with a feeling of impunity and without consequences,’ U.K. Foreign Secretary Jeremy Hunt said. … [T]he cyber attacks … [are said to] include the 2016 hack of the [DNC] … published … by WikiLeaks, and the leaking of top athletes’ medical records. Also on Thursday, the U.S. Justice Department charged seven Russian military intelligence officers with hacking anti-doping agencies and other organizations either remotely or … ‘on-site’ ….
[The] indictment … said that the GRU targeted … hacking victims … [for] support[ing] a ban on Russian athletes … and … condemn[ing] Russia’s state-sponsored … doping …. Prosecutors said the Russian spies also targeted a Pennsylvania-based nuclear energy company and an international organization … investigating chemical weapons in Syria and the poisoning of a former GRU officer.”
Click here for: “Russian spies accused of targeting watchdog investigating UK chemical attacks, probe into MH17 crash” – Fox News
SCW NEWSWATCH & VIDEO: “Saudis and Russia Open the Oil Taps While the Market Shrugs” – Bloomberg/ Elena Mazneva/ Annmarie Hordern/ Dina Khrennikova/ Grant Smith/ Jack Farchy
“Russia and Saudi Arabia are pumping an extra 1 million barrels a day of oil and could do even more. Yet the market [has had only a muted price reaction]. After their September meeting … spurred prices to a four-year high, the world’s two largest oil exporters sought … to ease … price worries of consumers, and the U.S. president. Russia is pumping record volumes of crude … Saudi Arabia is almost there ….… Trump has been blaming [OPEC] for rising crude prices ever since he [ended] the [Iran] nuclear agreement … and reimpose[d] sanctions. Last month, the group appeared to rebuff his calls for a rapid production increase to offset the drop in Iranian shipments, prompting a surge in prices and even harsher rhetoric. … Russia … already broke its post-Soviet production record last month [and] could add another 200,000 to 300,000 barrels a day of supply within a ‘few months,’ according to Energy Minister Alexander Novak. The oil price is … probably ‘a bit too high,’ he said ….”
Click here for: “Saudis and Russia Open the Oil Taps While the Market Shrugs” – Bloomberg/ Elena Mazneva/ Annmarie Hordern/ Dina Khrennikova/ Grant Smith/ Jack Farchy
SCW RUSSIAWIRE: “Russia Inc. Isn’t Waiting for Central Bank to Brave a Rate Hike” – Bloomberg/Anna Andrianova
“The cost of money is rising for Russians well ahead of any potential central bank move to lift interest rates for the first time in almost four years amid concern the U.S. may impose fresh sanctions. State-run Sberbank PJSC, which holds almost half of all Russian savings, is increasing rates for ruble accounts for the first time since 2014. … [and] pay[ing] consumers more to keep dollars on deposit to stanch an outflow …. One of the country’s five largest mortgage lenders, Raiffeisenbank JSC, is charging more for home loans …. From sausages to gasoline, inflation is on the march …. with the central bank’s benchmark on hold at 7.25 percent since a quarter-point cut in March, rates adjusted for inflation remain among Europe’s highest …. “
Click here for: “Russia Inc. Isn’t Waiting for Central Bank to Brave a Rate Hike” – Bloomberg/Anna Andrianova
SCW RUSSIAWIRE VIDEO: “U.S.-Russian Relations – State and Treasury Department Officials Testimony Before Senate Foreign Relations Committee 7.21.18” – C-SPAN
“[July 21, 2018, Senate Foreign Relations Committee Hearing]… Topics included new reports of Russian interference in American democracy, the current state of sanctions against Russian government officials and companies, and clarifying details into the July 2018 Helsinki meeting between … Trump and … Putin. Several members referenced a recent Microsoft claim alleging a Russian plot targeting conservative think tanks and institutions.
… the second in a [series] of Senate Foreign Relations Committee hearings on … the Trump administration’s ‘overall posture on Russia.’ ….”
“Russian Defence Minister Sergei Shoigu said on Tuesday Moscow would respond if Sweden and Finland were drawn into the NATO alliance and that such expansion would undermine global security, the Interfax news agency reported. …”
[featured image is file photo from another occasion]
NEWSWATCH: “Putin’s Success Masks Russian Weakness; Things are breaking his way. But if China is a tiger, Russia is a pussycat on stilts” – Wall Street Journal/Walter Russell Mead
“Despite … Putin’s successes, Russia remains weak, and its leverage over other nations is limited. China can woo its neighbors with multibillion-dollar projects like its ‘One Belt, One Road’ trade initiative. Russia has much less to offer: If China is a tiger, Russia is a pussycat on stilts. … Putin can obstruct Germany’s faltering European project, but he lacks the resources to offer an alternative. In the Middle East, the Kremlin’s position depends on American forbearance. If … Trump decides to make opposing the Assad regime a crucial part of his anti-Iran strategy, … Putin may have to stand by and watch his client fall. … developments at home counsel restraint as well. … Putin’s string of dramatic foreign-policy successes has shored up his domestic popularity, [but] Russia’s sclerotic economy and corrupt social order ensure that the foundations of his power remain weak. … Putin has made Russia great again on the international stage, but the Russian people would rather see him use that daring and finesse to improve the situation at home.”
Click here for: “Putin’s Success Masks Russian Weakness; Things are breaking his way. But if China is a tiger, Russia is a pussycat on stilts” – Wall Street Journal/Walter Russell Mead
NEWSWATCH: “U.S. judge says Mueller should not have ‘unfettered power’ in Russia probe” – Reuters/Sarah N. Lynch
“A federal judge said Special Counsel Robert Mueller should not have ‘unfettered power’ in probing ties between … Trump’s campaign and Russia … accus[ing] Mueller of using criminal cases to pressure Trump’s allies to turn against him. At a tense hearing in a federal court in Virginia … U.S. District Judge T.S. Ellis III sharply questioned whether Mueller exceeded his authority in filing tax and bank fraud charges against Trump’s former campaign manager, Paul Manafort. … ‘I’ve been saying that for a long time. It’s a witch hunt,’ [Trump] said of Mueller’s probe ….”
Click here for: “U.S. judge says Mueller should not have ‘unfettered power’ in Russia probe” – Reuters/Sarah N. Lynch
NEWSWATCH [Symantec 10.20.17]: “Dragonfly: Western energy sector targeted by sophisticated attack group; Resurgence in energy sector attacks, with the potential for sabotage, linked to re-emergence of Dragonfly cyber espionage group.” – SCW RUSSIA WIRE
“The energy sector in Europe and North America is being targeted by a … wave of cyber attacks that could provide attackers with the means to severely disrupt affected operations. The group behind these attacks is known as Dragonfly. … in operation since at least 2011 … [they have] re-emerged over the past two years from a quiet period following exposure by Symantec and a number of other researchers in 2014. … ‘Dragonfly 2.0’ campaign … appears to have begun in late 2015 [and] shares tactics and tools used in earlier campaigns …. disruptions to Ukraine’s power system in 2015 and 2016 were attributed to a cyber attack …. there have also been media reports of attempted attacks on the electricity grids in some European countries, as well as reports of companies that manage nuclear facilities in the U.S. being compromised by hackers. The Dragonfly group appears to be interested in … learning how energy facilities operate and … gaining access to operational systems themselves … the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so. …”
Click here for: “Dragonfly: Western energy sector targeted by sophisticated attack group Resurgence in energy sector attacks, with the potential for sabotage, linked to re-emergence of Dragonfly cyber espionage group.” – Symantec 10.20.17
NEWSWATCH: “In a first, U.S. blames Russia for cyber attacks on energy grid” – Reuters – SCW RUSSIA WIRE
“The Trump administration … blamed the Russian government for … cyber attacks stretching back at least two years that targeted the U.S. power grid … the first time the United States has publicly accused Moscow of hacking into American energy infrastructure. … Russian government hackers sought to penetrate multiple U.S. critical infrastructure sectors, including energy, nuclear, commercial facilities, water, aviation and manufacturing …. a ‘multi-stage intrusion campaign by Russian government cyber actors’ had targeted the networks of small commercial facilities ‘where they staged malware, conducted spear phishing, and gained remote access into energy sector networks.’ * * * … Thursday’s alert provided a link to an analysis by … Symantec last fall that said a group it had dubbed Dragonfly had targeted energy companies in the United States and Europe and in some cases broke into the core systems that control the companies’ operations. …”
House Permanent Select Committee on #Intelligence
Following a more than yearlong, bipartisan investigation into Russia active measures targeting the 2016 U.S. #election, the House Intelligence Committee has completed a draft report of 150+ pages, with 600+ citations. The draft report addresses, in detail, each of the questions within the agreed parameters of the investigation, as announced in March 2017. It analyzes:
- Russian active measures directed against the 2016 U.S. election and against our European allies;
- The U.S. government response to that attack;
- Links between Russians and the Trump and Clinton campaigns; and
- Purported leaks of classified information. Initial Findings
The draft report contains 40+ initial findings that describe:
- A pattern of Russian attacks on America’s European allies;
- Russian cyberattacks on U.S. political institutions in 2015-2016 and their use of social media to sow discord;
- A lackluster pre-election response to Russian active measures;
- Concurrence with the Intelligence Community Assessment’s judgments, except with respect to Putin’s supposed preference for candidate Trump;
- We have found no evidence of collusion, coordination, or conspiracy between the Trump campaign and the Russians;
- How anti-Trump research made its way from Russian sources to the Clinton campaign; and
- Problematic contacts between senior Intelligence Community officials and the media.
The draft report includes 25+ proposed recommendations for Congress and the executive branch to improve:
- Election security, including protecting vote tallies;
- Support to European allies;
- The U.S. government response to cyber-attacks;
- Campaign finance transparency; and
- Counterintelligence practices related to political campaigns and unauthorized disclosures.
The draft report will be provided to the Committee minority on March 13 for review and comment. After adoption it will be submitted for a declassification review, and a declassified version will be made public. The report’s completion will signify the closure of one chapter in the Committee’s robust oversight of the threat posed by Moscow—which began well before the investigation and will continue thereafter.
Additional follow-on efforts arising from the investigation include oversight of the unmasking of Americans’ names in intelligence reports, FISA abuse, and other matters.
SCW RUSSIA WIRE NEWSWATCH: “Strategic Warning on NATO’s Eastern Flank Pitfalls, Prospects, and Limits” – RAND/Mark R. Cozad
“Since 2008, Russia’s military has embarked on an extensive modernization program designed to overcome shortfalls in readiness, competence, sustainability, and deployability. These and changes in logistics and operational capability have raised concerns about the Intelligence Community’s (IC’s) ability to warn of future Russian aggression. Achieving timely warning has proven extremely difficult, for a variety of reasons, in large part because of a lack of insight into Russian leadership intentions.”
Click here for Introductory Summary: “Strategic Warning on NATO’s Eastern Flank Pitfalls, Prospects, and Limits” – RAND/Mark R. Cozad
Click here for Full PDF of Report: “Strategic Warning on NATO’s Eastern Flank Pitfalls, Prospects, and Limits” – RAND/Mark R. Cozad
NEWSWATCH: “Uber, Yandex combine ridesharing and UberEATS in Russian markets in a $3.72B JV” – TechCrunch
“As Uber continues to work through a huge amount of internal management turmoil, the company is also consolidating and rationalising more of its international business. Today, the company announced that it will be combining its rides-on-demand business and UberEATS, its food ordering and delivery business, in Russia and neighboring markets with Yandex.Taxi, the ridesharing business built up by the Russian search giant over several years and the current leader in the market, in what will be a separate, joint venture valued at $3.72 billion.
The deal — which will cover operations in Russia, Kazakhstan, Azerbaijan, Armenia, Belarus and Georgia — is expected to close in Q4 of this year and has already been approved by the boards of both companies. It’s a substantial operation. Currently it covers 35 million trips each month across 127 cities, with the bulk of those coming from the Yandex.Taxi part of the JV; Uber was only in 21 cities. …”
Click here for: “Uber, Yandex combine ridesharing and UberEATS in Russian markets in a $3.72B JV” – TechCrunch/ Ingrid Lunden
“President Vladimir #Putin is pushing a plan with U.S. President Donald #Trump to create security zones and deploy peacekeepers in #Syria — possibly including #Russian forces — to enforce a faltering cease-fire as he tries to find a resolution to the more than six-year conflict. …”
NEWSLINK: “#Russian Military Planes Crowd the U.S. for a Fourth Day; U.S., Canadian fighters intercept long-range bombers” – Wall Street Journal 4.21.17
“#Russia flew long-range combat aircraft near American airspace for the fourth consecutive day, the Pentagon said Friday, marking the first such string of incursions since 2014, but prompting little concern from the White House. American and Canadian jet fighters intercepted a pair of Russian “Bear” long-range bombers in international airspace near #Alaska on Thursday, said … a spokesman for North American Aerospace Defense Command, or #Norad. …”
“#Russia has protested the U.S.’ refusal to allow its inspectors to participate in a formal investigation into a chemical weapons attack that struck the rebel-held town of Khan Sheikhan in northern Idlib, #Syria, earlier this month.”
The Senate Intelligence Committee hears testimony from witnesses on cybersecurity, #Russian hacking capabilities and U.S. and European elections, in two sessions on March 30, 2017.
NEWSLINK: “U.S. Demands Russia Observe Cease-Fire; Says Combined Russian-Separatist Forces Attack Monitors” – RFE/RL
“The United States has called on #Russia to ‘immediately’ observe a cease-fire deal in eastern Ukraine — saying that a combined force from Russia’s military and pro-Russia separatists in eastern Ukraine had been targeting international monitors. In a February 26 statement, the U.S. State Department called on “Russia and the separatist forces it backs to immediately observe the cease-fire, withdraw all heavy weapons, and allow full and unfettered access” to the region for monitors from the Organization for Security and Cooperation in Europe (OSCE). In a February 26 statement, the U.S. State Department called on “Russia and the separatist forces it backs to immediately observe the cease-fire, withdraw all heavy weapons, and allow full and unfettered access” to the region for monitors from the Organization for Security and Cooperation in Europe (OSCE). Washington’s call came a day after the OSCE monitoring mission said armed men in separatist-controlled territory to the north of Donetsk had seized one of the unarmed drones that the monitors use to assess cease-fire violations. …”
NEWSLINK: “Russian-Backed Militants Open Fire On Civilian Ceasefire Monitors In Ukraine” – Daily Caller/Heritage Foundation
Russian separatist militants opened fire Friday on a group of civilian peace monitors from the Organization for Security and Co-operation in Europe in eastern Ukraine, sparking condemnation from the group’s chief monitor and the U.S. Militants from the Russian-backed Donetsk People’s Republic (DPR) fired on the OSCE monitors as they were attempting to launch a drone in order to investigate the alleged shelling of the Donetsk water filtration station. After seizing the drone, one of the militants opened fire near the monitors. …
NEWSLINK: “House Intel Chair: Calls For Trump-Russia Special Prosecutor ‘Almost Like McCarthyism’” – Daily Caller/Heritage Foundation
The chairman of the House Intelligence Committee said on Saturday that calls for a special prosecutor to investigate possible ties between Donald #Trump advisers and the #Russian government amount to a ‘witch hunt’ and resemble the #McCarthyism of the 1950s. ‘At this point we can’t go on a witch hunt against any American people … just because they appeared in a news story,’ California Rep. Devin Nunes told reporters at California Republican convention in Sacramento on Saturday, according to the San Francisco Gate.
NEWSLINK: “Republicans divided on Russia probe, calls for special prosecutor over AG Sessions” – Fox News
“#Republicans are increasingly divided over the issue of whether members of Donald #Trump’s presidential campaign made illegal contact with #Russia and if a special prosecutor should be appointed over Attorney General Jeff Sessions to investigate such allegations. Former Trump campaign manager Corey Lewandowski told “Fox News Sunday” that he has confidence in Sessions, a Trump campaign supporter and former AlabamPolia senator, and his judgment.”
“… What is illegal is leaking highly sensitive classified information about signals intelligence from spying on the Russian ambassador. And what also is illegal is the CIA spying, even incidentally, on Americans. This is not a maybe, or an if, or a sorta. It is ILLEGAL. The aforementioned nine officials should be found, prosecuted, and, if found guilty, imprisoned for leaking classified information. That they did so for political reasons is all the more despicable. …”
NEWSLINK: “#Kasparov: Comparing USA to #Russia like comparing surgeon to Jack the Ripper” – The Hill/Garry Kasparov
“The chairman of the Human Rights Foundation, Russian chess master Garry #Kasparov, criticized President Donald #Trump Sunday for implying this weekend that the United States isn’t so pure when it comes to condemning #Russia’s human rights record. ‘Comparing the USA to Putin’s Russia is like comparing a surgeon to Jack the Ripper because they both cut people with knives,’ Kasparov tweeted, referencing Russian President Vladimir Putin and the 19th century London serial killer who slashed his victims.”
“… #Trump pledged to work with both #Russia and #Ukraine to restore peace on the border, in a Saturday interview with Fox News. Trump’s comments come amid intense fighting in eastern Ukraine between the military and Russian-backed separatists. Russia illegally annexed Crimea in 2014, and is under international sanction by the U.S. and European Union. Russian President Vladimir Putin traveled to Crimea in August to reportedly ‘mull anti-terror measures.’ The uptick in violence may be Putin’s first test of Trump. Trump told Fox News, ‘we will work with Ukraine, Russia and all other parties involved to help them restore peace along the border.'”
The #Trump administration on Thursday altered #sanctions against companies doing business with #Russia’s domestic intelligence agency. The Treasury Department said it will allow American companies to make limited transactions with the #FSB, the successor to the #KGB, if it needs them to get approval to import or distribute technology products in Russia. The exception will also apply to situations in which companies need to comply with rules administered by the FSB. The implications of the move were not immediately clear, but the U.S. has taken similar steps in the past to help businesses avoid unintended consequences on cross-border transactions.
NEWSLINK: “Team #Trump: Flynn called #Russia ambassador, no sanction talk ‘plain and simple'” – Fox News
“The Donald #Trump transition team has acknowledged that its incoming national security adviser has been in contact with #Russia’s ambassador but denies reports they were plotting over recently imposed #sanctions on Moscow. … a call on Dec. 29, the day President #Obama hit Russia for election-related #hacking … was about ‘logistics’ for a call between … #Putin and #Trump, who on Friday is sworn-in as president. …”
Russia is preparing to carry out a new round of strikes targeting Syria from a group of warships … in the eastern Mediterranean … two U.S. defense officials [said] …. The Russian armada is centered around a Soviet-era aircraft carrier and includes three destroyers capable of launching cruise [missiles] …. Russian jets were seen taking off with weapons visible under their wings from Russia’s only aircraft carrier, the Admiral Kuznetsov, part of the flotilla located near Syria …. It marked the first time Russia had conducted armed flight operations from the aircraft carrier since leaving port ….
Click here for Fox News: “Russia poised to unleash new Syria strikes from the sea, US officials say”
… In a telegram sent to Trump on Wednesday, Putin expressed hope that the incoming U.S. president would prove a constructive partner in pulling U.S.-Russia relations back from the brink. Trump’s election, the telegram read, should ‘lead to constructive dialogue between Moscow and Washington based on equality and respect.’ … at a ceremony at the Kremlin for foreign ambassadors, Putin spoke of Trump’s promises on the campaign trail to restore relations with Russia.
Click here for Defense News: “From Moscow: Russian Politicians and Pundits Shocked by Trump Election”
The Australian, in an editorial, addresses Russia’s reaction to a U.S.-led airstrike that apparently hit some Syrian forces, including accusations that the United States is in league with the so-called Islamic State. Doubts are raised about the sincerity of Russia’s involvement with a would-be ceasefire.
… precise circumstances surrounding the botched U.S.-led coalition airstrike that killed and wounded Syrian soldiers in the mistaken belief they were Islamic State fighters have yet to be established. … we must not lose sight of the gross hypocrisy being exhibited by … Putin’s Russia as it seeks to exploit the tragedy …. posturing and finger-pointing … that contrasts with its callous belligerence and indolence after Malaysia Airlines flight MH17 was shot down over Ukraine two years ago with the loss of 298 lives. … the Kremlin is all action on behalf of its surrogate, the murderous Assad regime. Preposterously, Moscow claims the misdirected airstrike shows ‘direct connivance’ by the coalition with Islamic State. ‘We are reaching a really terrifying conclusion for the whole world … that the White House (and, presumably, its allies) is defending Islamic State … there can be no doubt about that,’ Russian Foreign Ministry spokeswoman Maria Zakharova said in a statement that beggars belief given Moscow last week signed a ceasefire agreement, along with the US. … Moscow has vetoed or undermined every proposed UN Security Council resolution that might have helped end the horrifying civil war and … appalling atrocities ….
NEWSWATCH: “Russian Propaganda Is Pervasive, and America Is Behind the Power Curve in Countering It” – RAND
RAND reports on Russian propaganda efforts utilizing the newest technologies, including RT and a host of others. One key tactic is to repeat false and manipulative messages across multiple tracks:
… Russian propagandists are … at work across a wide front, aiming a firehose of falsehoods at ill-informed audiences, foreign and domestic. … this disinformation — intentionally false — leverages psychological vulnerabilities to sway audiences. U.S. leaders should raise public consciousness about its nature and dangers. … The explosion of new media is a boon for propagandists. RT, formerly Russia Today, spends over $300 million per year purveying a toxic mixture of entertainment, real news and disinformation across cable, satellite and online media. Dozens of Kremlin-backed proxy news sites blast propaganda while hiding or downplaying their affiliation. Russian trolls and hackers manipulate thousands of fake accounts on Twitter, Facebook and other social media. This volume and multiplicity of media and modes has an effect; research in psychology shows that multiple sources are more persuasive than a single source.
Russian propaganda also employs the tactics of first impressions and repetition, including the malign Ukrainian political transformation and concoct revisionist history seeking to mute awareness of Russian government culpability in international athletic doping:
Russia’s approach to propaganda emphasizes creating first impressions, which tend to be resilient, and then reinforcing them through repetition. In this way Kremlin propagandists have persuaded some of the less informed that Ukraine’s post-Maidan government is fascist. Contrary to credible findings of pervasive state-sponsored Russian doping at the 2014 Winter Olympics in Sochi, Moscow’s early and repeated denials have confused some audiences.
Much of Russian propaganda is wholly false, yet can build a false “credibility” based upon repeated manipulation of an audience with limited information access, such as the Russian people. The U.S. government has not responded robustly enough to Russian propaganda efforts.
While some Russian propaganda stories build around a kernel of truth, others are wholly manufactured and spun. … People are often poor judges of the credibility of both information and its sources, psychology research has found, and over time familiar messages or those previously identified as false can become more persuasive. … some audiences are not turned off by inconsistent or implausible expectations. … Polls last year found that about half of Russians believed they received ‘objective information’ from television, their main source of news. … America is behind the power curve in countering Russian disinformation. … Russian disinformation is a global threat, much of it targeted against democracies. … The Kremlin’s obsession with propaganda and disinformation persists ….
Click here for RAND: “Russian Propaganda Is Pervasive, and America Is Behind the Power Curve in Countering It”
… Justice Department officials dropped hints … they plan to hold Russia accountable for what is suspected to be a broad hacking campaign targeting U.S. political organizations and election databases. … Assistant Attorney General John Carlin, who leads the National Security Division * * * listed Russia as one of the ‘four main actors’ involved in supporting hackers targeting the U.S., alongside North Korea, Iran and China. The U.S. has taken action against hackers from the other three states, he noted, over hacks against Sony Pictures, financial institutions and U.S. companies. … ‘The message is clear: You are not safe because you are doing it under another nation’s flag. We can figure out who did it … and when we do, we’re committed to holding people accountable.’
(VOA – voanews.com – article also appeared at voanews.com/a/us-russia-yet-to-reach-syria-cease-fire-deal/3494498.html – Sept. 5, 2016)
Secretary of State John Kerry has returned home empty handed, failing to have reached an accord with his Russian counterpart on a cease-fire in Syria after an intensive period of diplomacy.
The two countries still need to resolve what are described as “technical issues,” and discussions between American and Russian negotiators are set to continue this week, State Department officials said Monday.
Off to the side of the G-20 Summit in Hangzhou, China, the U.S. and Russian presidents held talks about Syria that Barack Obama described as “businesslike” and “constructive, but not conclusive.”
“Given the gaps of trust that exist, that’s a tough negotiation and we haven’t yet closed the gaps in a way where we think it would actually work,” the U.S. president told reporters at the conclusion of the G-20 summit.
Obama added he had instructed Kerry, while Russian President Vladimir Putin had told his foreign minister, Sergey Lavrov, “to keep working at it over the next several days” in hopes an agreement could lead “to a serious conversation about a political solution to this problem” with all parties directly or indirectly involved in the Syrian conflict.
Putin told reporters at a separate news conference that talks with the United States and Turkey were continuing concerning Syria and negotiators had made a step forward.
During the past 10 days, a peripatetic secretary of state kept in touch with Russian Foreign Minister Lavrov through face-to-face meetings in Geneva and Hangzhou and telephone conversations in between, while the American senior envoy made stops in Bangladesh and India.
Kerry and senior aides have reiterated they do not want to make a tenuous deal for the sake of an announcement, but rather want Washington and Moscow to agree upon something realistic to achieve a sustainable nationwide cessation of hostilities in Syria.
There is a growing perception among some senior U.S. officials, however, that the Russians are gaming the Americans in the talks.
In private, U.S. diplomats have characterized the negotiations with their Russian counterparts as a litmus test on whether there is a seriousness by Moscow to reach an accord, or if the Russians are buying time that results in Obama and Kerry being portrayed as hapless negotiators.
“The Russians walked back on some of the areas we thought we were agreed on,” a senior State Department official said Saturday, revealing the level of frustration.
Russia is a long-time backer of Syria, and is seen as desiring President Bashar al-Assad remain in power in Damascus to maintain Moscow’s influence in the region.
Diplomats have no illusion that bringing an end to five years of intense misery for the Syrian people will be easy. They describe the battlefield as complex, with shifting alliances among the many militias involved.
“There are five different wars being waged” in Syria is a characterization expressed by more than one person involved in the cease-fire talks.
President Tayyip Erdogan of Turkey, which hosts 3 million Syrian refugees, said he had reiterated to Obama and Putin at the G-20 talks in China the need for a “no-fly zone” over Syria and a “safe zone” where there would be no fighting, in hopes of stemming the human migration.
A half decade of war has fractured Syria. More than 250,000 people are believed to have died from shootings, mortar fire and air strikes. Millions have fled the country. And 18 million more people remain to face an uncertain fate, most of them in need of humanitarian assistance, according to UN relief agencies.
In the latest disturbing account of Russian hacking, the #FBI is reportedly investigating a series of #cyber-attacks targeted at journalists from the New York Times and other U.S. media outlets. … [that] could allow hackers to obtain confidential communications between reporters and …sources in the government. It could also potentially allow Russia to release information, which would embarrass key political leaders as well as obtain insight into U.S. diplomatic or military strategies. … Russia is also the mostly likely suspect behind last week’s ‘Shadow Brokers’ incident … [exposing] a top-secret set of cyber-weapons developed by the #NSA.
Russia is reportedly building several nuclear command bunkers … Construction has been under way for several years on dozens … the emergence of the bunkers come just days after US European Command warned … Moscow has adopted an ‘alarming’ nuclear doctrine. … U.S. European Command Army General Curtis Scaparrotti said it was clear Russia was modernising its strategic forces.
‘Russian doctrine states that tactical nuclear weapons may be used in a conventional response scenario’ he reportedly said. * * * Scaparrotti … assumed command of NATO’s Allied Command Operations in May … earlier warned of increasing Russian aggression in Europe. * * * … warnings of Russian aggression in Europe and increasing nuclear threat also follow reports of the former Soviet giant building new bombers, submarines and missiles. … it [also] emerged the country was refurbishing Cold War ships known as battlecruisers to carry high powered, long range missiles.
NEWSWATCH: “How to Counter Russia’s Subversive War on the West” – RAND/William Courtney, Martin C. Libicki
Russia’s apparent cyberespionage against the Democratic Party … and its state-sponsored doping of Olympic athletes show an obsession with disruptive behavior as a tool of statecraft. … Cyberwar and sports doping are among the arrows in Moscow’s quiver of “active measures,” a triple threat of propaganda, deception and subversion that dates to the Soviet era.
Russia’s subversive and corrupt behavior should have a negative impact on its international stature and perceived suitability for investment.
Moscow’s provocative active measures cause foreign investors and international lenders to see higher risks in doing business with Russia. … it should not be surprised if disregard for others’ interests diminishes the international regard it seeks as an influential great power.