SCW NEWSWATCH: “Mueller clears Trump: No Russia collusion, no obstruction of justice” – Washington Examiner
“Special counsel Robert Mueller concluded there was no conspiracy between the Trump campaign and Russia, but did not make a determination on whether … Trump obstructed justice, Attorney General William Barr wrote in letter to lawmakers …. ‘The Special Counsel’s investigation did not find that the Trump campaign or anyone associated with it conspired or coordinated with Russia in its efforts to influence the 2016 U.S. Presidential election,’ Barr said …. The Trump campaign did not conspire or knowingly coordinate with the Internet Research Agency to conduct disinformation and social media campaigns to sow discord and interfere in the election nor did it conspire or coordinate with the Russian government during efforts to hack Democrats, despite offers from the Russians to assist the campaign …. Mueller did not issue a conclusion on whether Trump obstructed justice during the investigation, leaving it to the attorney general to decide whether the president obstructed justice. The special counsel said that ‘while this report does not conclude that the President committed a crime, it also does not exonerate him.’ …”
Click here for: “Mueller clears Trump: No Russia collusion, no obstruction of justice” – Washington Examiner
SCW RUSSIAWIRE TRANSCRIPT, LINKS, WANTED POSTER: “U.S. Charges Russian GRU Officers with International Hacking and Related Influence and Disinformation Operations” – DOJ
FBI wanted poster and DOJ news release follow further below
Click here for:
- PDF of the 41-page indictment
- DOJ links hub for related materials
- DOJ news release
- FBI Wanted Poster
In the latest round of U.S. indictments of Russian figures in connection with espionage, hacking, or other covert activities, the U.S. Department of Justice, on Thursday, Oct. 4, 2018, announced an indictment, in the U.S. District Court for the Western District of Pennsylvania, of Russian GRU military intelligence officers Leksei Sergeyevich Morenets, Evgenii Mikhaylovich Serebriakov, Ivan Sergeyevich Yermakov, Artem Andreyevich Malyshev, Dmitriy Sergeyevich Badin, Oleg Mikhaylovich Sotnikov and Alexey Valerevich Minin, for conspiracy, wire fraud, conspiracy to commit wire fraud, aggravated identity theft and conspiracy to launder money.
The Russian hacking and other covert activities were alleged to included activities targeting: international efforts against Russia’s state-sponsored program athletic doping; international efforts to enforce international norms regarding chemical weapons; and Westinghouse in western Pennsylvania.
[TRANSCRIPT OF DOJ NEWS RELEASE FOLLOWS]
Department of Justice
Office of Public Affairs
FOR IMMEDIATE RELEASE
Thursday, October 4, 2018
U.S. Charges Russian GRU Officers with International Hacking and Related Influence and Disinformation Operations
Conspirators Included a Russian Intelligence “Close Access” Hacking Team that Traveled Abroad to Compromise Computer Networks Used by Anti-Doping and Sporting Officials and Organizations Investigating Russia’s Use of Chemical Weapons
A grand jury in the Western District of Pennsylvania has indicted seven defendants, all officers in the Russian Main Intelligence Directorate (GRU), a military intelligence agency of the General Staff of the Armed Forces of the Russian Federation, for computer hacking, wire fraud, aggravated identity theft, and money laundering.
According to the indictment, beginning in or around December 2014 and continuing until at least May 2018, the conspiracy conducted persistent and sophisticated computer intrusions affecting U.S. persons, corporate entities, international organizations, and their respective employees located around the world, based on their strategic interest to the Russian government.
Among the goals of the conspiracy was to publicize stolen information as part of an influence and disinformation campaign designed to undermine, retaliate against, and otherwise delegitimize the efforts of international anti-doping organizations and officials who had publicly exposed a Russian state-sponsored athlete doping program and to damage the reputations of athletes around the world by falsely claiming that such athletes were using banned or performance-enhancing drugs.
The charges were announced at a press conference by Assistant Attorney General for National Security John C. Demers, United States Attorney for the Western District of Pennsylvania Scott W. Brady, FBI Deputy Assistant Director for Cyber Division, Eric Welling, and Director General Mark Flynn for the Royal Canadian Mounted Police.
“State-sponsored hacking and disinformation campaigns pose serious threats to our security and to our open society, but the Department of Justice is defending against them,” Attorney General Jeff Sessions said. “Today we are indicting seven GRU officers for multiple felonies each, including the use of hacking to spread the personal information of hundreds of anti-doping officials and athletes as part of an effort to distract from Russia’s state-sponsored doping program. The defendants in this case allegedly targeted multiple Americans and American entities for hacking, from our national anti-doping agency to the Westinghouse Electric Company near Pittsburgh. We are determined to achieve justice in these cases and we will continue to protect the American people from hackers and disinformation.”
“The investigation leading to the indictments announced t (link is external)oday is the FBI at its best,” said FBI Director Christopher Wray. “The actions of these seven hackers, all working as officials for the Russian government, were criminal, retaliatory, and damaging to innocent victims and the United States’ economy, as well as to world organizations. Their actions extended beyond borders, but so did the FBI’s investigation. We worked closely with our international partners to identify the actors and disrupt their criminal campaign – and today, we are sending this message: The FBI will not permit any government, group, or individual to threaten our people, our country, or our partners. We will work tirelessly to find them, stop them, and bring them to justice.”
“We want the hundreds of victims of these Russian hackers to know that we will do everything we can to hold these criminals accountable for their crimes,” said U.S. Attorney Brady. State actors who target U.S. citizens and companies are no different than any other common criminal: they will be investigated and prosecuted to the fullest extent of the law.”
The defendants, all Russian nationals and residents, are Aleksei Sergeyevich Morenets, 41, Evgenii Mikhaylovich, Serebriakov, 37, Ivan Sergeyevich Yermakov, 32, Artem Andreyevich Malyshev, 30, and Dmitriy Sergeyevich Badin, 27, who were each assigned to Military Unit 26165, and Oleg Mikhaylovich Sotnikov, 46, and Alexey Valerevich Minin, 46, who were also GRU officers.
The indictment alleges that defendants Yermakov, Malyshev, Badin, and unidentified conspirators, often using fictitious personas and proxy servers, researched victims, sent spearphishing emails, and compiled, used, and monitored malware command and control servers.
When the conspirators’ remote hacking efforts failed to capture log-in credentials, or if the accounts that were successfully compromised did not have the necessary access privileges for the sought-after information, teams of GRU technical intelligence officers, including Morenets, Serebriakov, Sotnikov, and Minin, traveled to locations around the world where targets were physically located. Using specialized equipment, and with the remote support of conspirators in Russia, including Yermakov, these close access teams hacked computer networks used by victim organizations or their personnel through Wi-Fi connections, including hotel Wi-Fi networks. After a successful hacking operation, the close access team transferred such access to conspirators in Russia for exploitation.
Among other instances, the indictment alleges that following a series of high-profile independent investigations starting in 2015, which publicly exposed Russia’s systematic state-sponsored subversion of the drug testing processes prior to, during, and subsequent to the 2014 Sochi Winter Olympics (according to one report, known as the “McLaren Report”), the conspirators began targeting systems used by international anti-doping organizations and officials. After compromising those systems, the defendants stole credentials, medical records, and other data, including information regarding therapeutic use exemptions (TUEs), which allow athletes to use otherwise prohibited substances.
Using social media accounts and other infrastructure acquired and maintained by GRU Unit 74455 in Russia, the conspiracy thereafter publicly released selected items of stolen information, in many cases in a manner that did not accurately reflect their original form, under the false auspices of a hacktivist group calling itself the “Fancy Bears’ Hack Team.” As part of its influence and disinformation efforts, the Fancy Bears’ Hack Team engaged in a concerted effort to draw media attention to the leaks through a proactive outreach campaign. The conspirators exchanged e-mails and private messages with approximately 186 reporters in an apparent attempt to amplify the exposure and effect of their message.
Each defendant is charged with one count of conspiracy to commit computer fraud and abuse, which carries a maximum sentence of five years in prison, one count each of conspiracy to commit wire fraud and conspiracy to commit money laundering, both of which carry a maximum sentence of 20 years. Defendants Morenets, Serebriakov, Yermakov, Malyshev, and Badin are each also charged with two counts of aggravated identity theft, which carries a consecutive sentence of two years in prison. Defendant Yermakov is also charged with five counts of wire fraud, which carries a maximum sentence of 20 years.
Defendants Yermakov, Malyshev, and Badin are also charged defendants in federal indictment number CR 18-215 in the District of Columbia, and accused of conspiring to gain unauthorized access into the computers of U.S. persons and entities involved in the 2016 U.S. presidential election, steal documents from those computers, and stage releases of the stolen documents to interfere with the 2016 U.S. presidential election.
According to the indictment:
Context of the Hacking and Related Influence and Disinformation Efforts
In July 2016, the World Anti-Doping Agency’s (WADA) Independent Person Report (the “First McLaren Report”) was released, describing Russia’s systematic state-sponsored subversion of the drug testing process prior to, during, and subsequent to the 2014 Sochi Winter Olympics. This investigation had the support of advocates for clean sports, including the United States Anti-Doping Agency (USADA), the Canadian Centre for Ethics in Sport (CCES, Canada’s anti-doping agency). Eventually, in some instances only after arbitration rulings by the International Court of Arbitration for Sport (TAS/CAS), approximately 111 Russian athletes were excluded from the 2016 Summer Olympic Games, in Rio de Janeiro, Brazil, by a number of international athletics federations, including track-and-field’s International Association of Athletics Federations (IAAF). The International Paralympic Committee (IPC) further imposed a blanket ban of Russian athletes from the 2016 Paralympic Games, which were also held in Rio.
Intrusion Activities in Rio de Janeiro, Brazil
Days after the release of the First McLaren Report and the International Olympic Committee’s and IPC’s subsequent decisions regarding the exclusion of Russian athletes, the conspirators prepared to hack into the networks of WADA, the United States Anti-Doping Agency (USADA), and TAS/CAS. The conspirators, including specifically defendants Yermakov and Malyshev, procured spoofed domains (which mimicked legitimate WADA and TAS/CAS domains) and other infrastructure, probed such entities’ networks, and spearphished WADA and USADA employees. Although Yermakov and Malyshev are both alleged to have prepared to send spearphishing e-mails to TAS/CAS, the indictment does not allege that organization was compromised.
Likely as a result of the conspirators’ failure to capture necessary log-in credentials, or because those victim accounts that were successfully compromised did not have the necessary access privileges for the sought-after information, defendants Morenets and Serebriakov, in at least one instance with the remote support of Yermakov, deployed to Rio to conduct hacking operations targeting and maintaining persistent access to Wi-Fi networks used by anti-doping officials. As a result of these efforts, in August 2016, the conspirators captured that IOC official’s credentials and thereafter used them, and another set of credentials belonging to the same official to gain unauthorized access to an account in WADA’s ADAMS database and medical and anti-doping related information contained therein. (The broader ADAMS database was not compromised in the intrusion.)
Also in 2016, a senior USADA anti-doping official traveled to Rio de Janeiro for the Olympics and Paralympic games. While there, the USADA official used Wi-Fi at the hotel and other Wi-Fi access points in Rio to remotely access USADA’s computer systems and conduct official business. While the USADA official was in Rio, conspirators successfully compromised the credentials for his or her USADA email account, which included summaries of athlete test results and prescribed medications.
Intrusion Activities in Lausanne, Switzerland
In mid-September 2016, WADA hosted an anti-doping conference in Lausanne, Switzerland. On September 18, 2016, defendants Morenets and Serebriakov traveled to Lausanne with equipment used in close access Wi-Fi compromises. On or about September 19, 2016, Morenets and Serebriakov compromised the Wi-Fi network of a hotel hosting the conference and leveraged that access to compromise the laptop and credentials of a senior CCES official staying at the hotel. Other conspirators thereafter used the stolen credentials to compromise CCES’s networks in Canada, using a tool used to extract hashed passwords, the metadata of which indicated it was compiled by Badin.
Intrusion Targeting Anti-Doping Officials at Sporting Federations
In December 2016 and January 2017, conspirators successfully compromised the networks of IAAF and the Fédération Internationale de Football Association (“FIFA”) and targeted computers and accounts used by each organization’s top anti-doping official. Among the data stolen from such officials were keylogs, file directories, anti-doping policies and strategies, lab results, medical reports, contracts with doctors and medical testing labs, information about medical testing procedures, and TUEs.
Related GRU Influence and Disinformation Operations
On September 12, 2016, shortly after the compromise of the IOC official’s ADAMS credentials, but before the compromise of USADA’s and CCES’s networks, conspirators claiming to be the hacktivist group Fancy Bears’ Hack Team used online accounts and other infrastructure procured and managed by Unit 74455, as well as the website fancybears.net, to publicly release TUEs, other medical information, and emails stolen from anti-doping officials at WADA, USADA, CCES, IAAF, FIFA, and approximately 35 other anti-doping agencies or sporting organizations. In some instances, the WADA documents were modified from their original form. Ultimately, the Fancy Bears’ Hack Team released stolen information that included private or medical information of approximately 250 athletes from almost 30 countries.
The conspirators’ release of the stolen information was, in some instances, accompanied by posts and other communications that parroted or supported themes that the Russian government had used in its official narrative regarding the anti-doping agencies’ investigative findings. From 2016 through 2018, the conspirators engaged in a proactive outreach campaign, using Twitter and e-mail to communicate with approximately 186 reporters about the stolen information. After articles were published, conspirators used the Fancy Bears’ Hack Team social media accounts to draw attention to the articles in an attempt to amplify the exposure and effect of their message.
Other Targets of the Conspiracy
The conspiracy is also alleged to have targeted other entities in the Western District of Pennsylvania and abroad that were of interest to the Russian government. For example, as early as November 20, 2014, Yermakov performed reconnaissance of Westinghouse Electric Company’s (WEC) networks and personnel. In the following months, Yermakov and conspirators created a fake WEC domain and sent spearphishing emails to WEC employees’ work and personal email accounts, which were designed to harvest the employees’ log-in credentials.
More recently, in April 2018, Morenets, Serebriakov, Sotnikov, and Minin, all using diplomatic passports, traveled to The Hague in the Netherlands in furtherance of another close access operation targeting the Organisation for the Prohibition of Chemical Weapons (OPCW) computer networks through Wi-Fi connections. All four GRU officers intended to travel thereafter to Spiez, Switzerland, to target the Spiez Swiss Chemical Laboratory, an accredited laboratory of the OPCW which was analyzing military chemical agents, including the chemical agent that the United Kingdom authorities connected to the poisoning of a former GRU officer in that country. However, Morenets, Serebriakov, Sotnikov, and Minin were disrupted during their OPCW hacking operation by the Militaire Inlichtingen- en Veiligheidsdienst (MIVD), the Dutch defense intelligence service. As part of this disruption, Morenet’s and Serebriakov’s abandoned the Wi-Fi compromise equipment, which they had placed in the trunk of a rental car parked adjacent to the OPCW property. Data obtained from at least one item of this equipment confirmed its operational use at multiple locations around the world, including connections to the Wi-Fi network of the CCES official’s hotel in Switzerland (the dates the conspirators conducted the Wi-Fi compromise of the senior CCES official’s laptop at the same hotel), and at another hotel in Kuala Lumpur, Malaysia in December 2017.
In connection with the unsealing of the indictment, and in an effort to limit further exposure of the private lives of victim athletes, the FBI seized the fancybears.net and fancybears.org domains pursuant to court orders issued on October 3, 2018, in the Western District of Pennsylvania.
The charges contained in the indictment are merely accusations, and the defendants are presumed innocent unless and until proven guilty. Moreover, the maximum potential sentences in this case are prescribed by Congress and are provided here for informational purposes only, as any sentence of a defendant will be determined by the assigned judge.
The FBI, led by the Pittsburgh and Philadelphia Field Offices, conducted the investigation that resulted in charges announced today. The FBI’s investigation was assisted by a parallel, independent Royal Canadian Mounted Police investigation. This case is being prosecuted by the U.S. Attorney’s Office for the Western District of Pennsylvania and the National Security Division’s Counterintelligence and Export Control Section. The Criminal Division’s Office of International Affairs provided assistance throughout this investigation, as did the MIVD, the Government of the Netherlands, Switzerland’s Office of the Attorney General, the U.K.’s National Security and Intelligence Agencies, and many of the FBI’s Legal Attachés and other foreign authorities around the world.
Note: More information can be found at [justice.gov/opa/documents-and-resources-october-4-2018-press-conference]
National Security Division (NSD)
Press Release Number:
18 – 1296
SCW RUSSIAWIRE: “Russian spies accused of targeting watchdog investigating UK chemical attacks, probe into MH17 crash[; U.S. indicts Russian military intelligence figures” – Fox News
“Russia’s military spy service has been behind a wave of massive cyber attacks … with targets ranging from the international chemical weapons watchdog group to the probe into the downing of a Malaysian Airlines plane over Ukraine, officials said Thursday. … the [UK] National Cyber Security Centre … [indicated] that Russia’s GRU has engaged in ‘indiscriminate and reckless’ cyber attacks … target[ing] ‘political institutions, businesses, media, and sport.’ * * * ‘… demonstrat[ing] their desire to operate without regard to international law or established norms … with a feeling of impunity and without consequences,’ U.K. Foreign Secretary Jeremy Hunt said. … [T]he cyber attacks … [are said to] include the 2016 hack of the [DNC] … published … by WikiLeaks, and the leaking of top athletes’ medical records. Also on Thursday, the U.S. Justice Department charged seven Russian military intelligence officers with hacking anti-doping agencies and other organizations either remotely or … ‘on-site’ ….
[The] indictment … said that the GRU targeted … hacking victims … [for] support[ing] a ban on Russian athletes … and … condemn[ing] Russia’s state-sponsored … doping …. Prosecutors said the Russian spies also targeted a Pennsylvania-based nuclear energy company and an international organization … investigating chemical weapons in Syria and the poisoning of a former GRU officer.”
Click here for: “Russian spies accused of targeting watchdog investigating UK chemical attacks, probe into MH17 crash” – Fox News
NEWSWATCH: House Intelligence Committee Report on Russia Investigation; Excerpt: Introduction and Overview
The U.S. House of Representatives Permanent Select Committee on Intelligence has issued a redacted version of a March 22, 2018, report on its investigation of Russia’s activities surrounding the 2016 U.S. election. PDF versions are available at intelligence.house.gov/UploadedFiles/HPSCI_-_Declassified_Committee_Report_Redacted_FINAL_Redacted.pdf and docs.house.gov/meetings/IG/IG00/20180322/108023/HRPT-115-1.pdf.
“While the Committee found no evidence that the Trump campaign colluded, coordinated, or conspired with the Russian government, the investigation did find poor judgment and ill-considered actions by the Trump and Clinton campaigns. …”
An excerpt follows:
House Permanent Select Committee on Intelligence
Report on Russian Active Measures
March 22, 2018
* * *
Introduction and Overview
(U) Russia’s interference in the 2016 U.S. presidential election was nothing novel for the Kremlin. The Kremlin aspires to sow chaos and discord and advance its agenda in targeted nations, particularly in Europe and former Soviet republics such as the Baltics and Ukraine. To do this, Russia effectively combines decades of experience in propaganda and psychological warfare techniques with its vast media apparatus, a strata of well-educated and proficient technicians, and a robust intelligence and security corps.
(U} In the United States, Russian cyberattacks related to the 2016 elections starkly highlighted technical vulnerabilities in U.S. digital infrastructure and bureaucratic shortcomings that were exploited by the Kremlin. Russia’s active measures campaign achieved its primary goal of inciting division and discord among Americans. For more than a year, U.S. politics have been consumed by bitter recriminations, charges, and counter-charges about the attacks. The reliability of the democratic vote-the bedrock of the U.S. republic-was widely and repeatedly questioned.
(U) At the time of the 2016 U.S. presidential election cycle, the Committee was already concerned with Russian malfeasance and aggression in levels that had not been seen since the Cold War. In fact, the IAA for fiscal years 2016 and 2017 included multiple provisions to improve the United States’ ability to counter Russian aggression. However, the Kremlin’s malicious activities during the 2016 U.S. presidential election triggered the Committee to announce a specific inquiry into Russia’s campaign (see Appendix B). The bipartisan parameters focused the investigation and this report-this Committee examined:
(1) Russian cyber activity and other active measures that were directed against the United States and its allies;
(2) whether the Russian active measures include links between Russia and individuals associated with presidential campaigns;
(3) the U.S. government response to these Russian active measures and what we need to do to protect ourselves and our allies in the future; and
(4) what possible leaks of classified information took place related to the Intelligence Community’s assessment of these matters.1 The Committee interviewed 73 witnesses, conducted 9 hearings and briefings, reviewed approximately 307,900 documents, and issued 20 subpoenas. This allowed the Committee to find answers crucial for identifying and addressing institutional weaknesses to assist the United States with identifying and
responding to inevitable hostile acts in the future.
(U) While the 2016 U.S. presidential election helped focus American attention on Russian cyber and information operations, the Russian government has conducted active measure campaigns in Europe for years. Believing it is engaged in an information war with the West, Russia’s influence activities employ an array of tactics-usually tailored to the target country’s population and environment-in an effort to accomplish the Kremlin’s goals. These goals generally include influencing an opponent’s leadership and population, advancing a narrative, or inducing a behavior change. The factors that make these campaigns successful also make them hard to counter. However, governments, non-governmental organizations, and media organizations in Europe have begun taking actions to address and mitigate the threat that Russian influence campaigns pose.
(U) The Russian active measures campaign against the United States was multifaceted. It leveraged cyberattacks, covert platforms, social media, third-party intermediaries, and state-run media. Hacked material was disseminated through this myriad network of actors with the objective of undermining the effectiveness of the future administration. This dissemination worked in conjunction with derisive messages posted on social media to undermine confidence in the election and sow fear and division in American society.
(U) The U.S. government’s subsequent response to the Russian active measures campaign during the 2016 election was slow [REDACTED] As that picture evolved, the FBl’s notification to victims and oversight committees was inconsistent in timeliness and quality, which contributed to the victims’ failure to both recognize the threat and defend their systems. State and local governments were slow to grasp the seriousness of the threat and when notified of breaches continued to resist any action that implied federal direction or control. Some states opted not to cooperate with important defensive measures offered by the DHS. While no tabulation systems, or systems that count votes, were impacted, the overall security posture of the U.S. federal, state, and local governments was demonstrated to be inadequate and vulnerable.
(U) The Committee’s investigation also reviewed the opening, in summer 2016, of a FBI enterprise counterintelligence investigation into [REDACTED] Trump campaign associates:
[REDACTED] Carter Page [REDACTED] Because of “the sensitivity of the matter,” the FBI did not notify congressional leadership about this investigation during the FBl’s regular counterintelligence briefings.
Three of [REDACTED] original subjects of the FBI investigation have been charged with crimes and the Committee’s review of these cases covers the period prior to the appointment of Special Counsel in May 2017.
(U) While the Committee found no evidence that the Trump campaign colluded, coordinated, or conspired with the Russian government, the investigation did find poor judgment and ill-considered actions by the Trump and Clinton campaigns. For example, the June 2016 meeting at Trump Tower between members of the Trump campaign and a Russian lawyer who falsely purported to have damaging information on the Clinton campaign demonstrated poor judgement. The Committee also found the Trump campaign’s periodic praise for and communications with Wikileaks – a hostile foreign organization-to be highly objectionable and inconsistent with U.S. national security interests. The Committee also found that the Clinton campaign and the DNC, using a series of cutouts and intermediaries to obscure their roles, paid for opposition research on Trump obtained from Russian sources, including a litany of claims by high-ranking current and former Russian government officials. Some of this opposition research was used to produce sixteen memos, which comprise what has become known as the Steele dossier.
(U) The effectiveness and relatively low cost of information operations, such as the dissemination of propaganda, make it an attractive tool for foreign adversaries. Unless the cost-benefit equation of such operations changes significantly, the Putin regime and other hostile governments will continue to pursue these attacks against the United States and its allies. Based on the investigation, the Committee recommends several solutions to help safeguard U.S. and allies’ political processes from nefarious actors, such as the Russians. …
NEWSWATCH [Symantec 10.20.17]: “Dragonfly: Western energy sector targeted by sophisticated attack group; Resurgence in energy sector attacks, with the potential for sabotage, linked to re-emergence of Dragonfly cyber espionage group.” – SCW RUSSIA WIRE
“The energy sector in Europe and North America is being targeted by a … wave of cyber attacks that could provide attackers with the means to severely disrupt affected operations. The group behind these attacks is known as Dragonfly. … in operation since at least 2011 … [they have] re-emerged over the past two years from a quiet period following exposure by Symantec and a number of other researchers in 2014. … ‘Dragonfly 2.0’ campaign … appears to have begun in late 2015 [and] shares tactics and tools used in earlier campaigns …. disruptions to Ukraine’s power system in 2015 and 2016 were attributed to a cyber attack …. there have also been media reports of attempted attacks on the electricity grids in some European countries, as well as reports of companies that manage nuclear facilities in the U.S. being compromised by hackers. The Dragonfly group appears to be interested in … learning how energy facilities operate and … gaining access to operational systems themselves … the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so. …”
Click here for: “Dragonfly: Western energy sector targeted by sophisticated attack group Resurgence in energy sector attacks, with the potential for sabotage, linked to re-emergence of Dragonfly cyber espionage group.” – Symantec 10.20.17
NEWSWATCH: “In a first, U.S. blames Russia for cyber attacks on energy grid” – Reuters – SCW RUSSIA WIRE
“The Trump administration … blamed the Russian government for … cyber attacks stretching back at least two years that targeted the U.S. power grid … the first time the United States has publicly accused Moscow of hacking into American energy infrastructure. … Russian government hackers sought to penetrate multiple U.S. critical infrastructure sectors, including energy, nuclear, commercial facilities, water, aviation and manufacturing …. a ‘multi-stage intrusion campaign by Russian government cyber actors’ had targeted the networks of small commercial facilities ‘where they staged malware, conducted spear phishing, and gained remote access into energy sector networks.’ * * * … Thursday’s alert provided a link to an analysis by … Symantec last fall that said a group it had dubbed Dragonfly had targeted energy companies in the United States and Europe and in some cases broke into the core systems that control the companies’ operations. …”
House Permanent Select Committee on #Intelligence
Following a more than yearlong, bipartisan investigation into Russia active measures targeting the 2016 U.S. #election, the House Intelligence Committee has completed a draft report of 150+ pages, with 600+ citations. The draft report addresses, in detail, each of the questions within the agreed parameters of the investigation, as announced in March 2017. It analyzes:
- Russian active measures directed against the 2016 U.S. election and against our European allies;
- The U.S. government response to that attack;
- Links between Russians and the Trump and Clinton campaigns; and
- Purported leaks of classified information. Initial Findings
The draft report contains 40+ initial findings that describe:
- A pattern of Russian attacks on America’s European allies;
- Russian cyberattacks on U.S. political institutions in 2015-2016 and their use of social media to sow discord;
- A lackluster pre-election response to Russian active measures;
- Concurrence with the Intelligence Community Assessment’s judgments, except with respect to Putin’s supposed preference for candidate Trump;
- We have found no evidence of collusion, coordination, or conspiracy between the Trump campaign and the Russians;
- How anti-Trump research made its way from Russian sources to the Clinton campaign; and
- Problematic contacts between senior Intelligence Community officials and the media.
The draft report includes 25+ proposed recommendations for Congress and the executive branch to improve:
- Election security, including protecting vote tallies;
- Support to European allies;
- The U.S. government response to cyber-attacks;
- Campaign finance transparency; and
- Counterintelligence practices related to political campaigns and unauthorized disclosures.
The draft report will be provided to the Committee minority on March 13 for review and comment. After adoption it will be submitted for a declassification review, and a declassified version will be made public. The report’s completion will signify the closure of one chapter in the Committee’s robust oversight of the threat posed by Moscow—which began well before the investigation and will continue thereafter.
Additional follow-on efforts arising from the investigation include oversight of the unmasking of Americans’ names in intelligence reports, FISA abuse, and other matters.
SCW RUSSIA WIRE NEWSWATCH: “Britain says former Russian spy poisoned with nerve agent” – Reuters/Toby Melville, Estelle Shirbon, Kate Kelland, Guy Faulconbridge, Michael Holden, Gareth Jones
“A nerve agent was used to deliberately poison a former Russian double agent and his daughter, Britain’s top counter-terrorism officer said …. Sergei Skripal, once a colonel in Russia’s GRU military intelligence service, and his 33-year-old daughter, Yulia, were found slumped unconscious on a bench … in the southern English city of Salisbury … Both remain critically ill and a police officer who attended the scene is also in a serious condition in hospital. * * * … a U.S. security source, speaking on condition of anonymity, said the main line of police inquiry was that Russians may have used the substance against Skripal in revenge …. Skripal betrayed dozens of Russian agents to British intelligence before his arrest by Russian authorities in 2004. … given refuge in Britain after being exchanged for Russian spies caught in the West as part of a Cold War-style spy swap ….”
Click here for: “Britain says former Russian spy poisoned with nerve agent” – Reuters/Toby Melville, Estelle Shirbon, Kate Kelland, Guy Faulconbridge, Michael Holden, Gareth Jones
“… On Tuesday, WikiLeaks dumped a trove of 8,700 documents that allegedly detail the CIA’s secret hacking operations, including spying tools designed for mobile phones, PCs and smart TVs. …”
“Emmanuel #Macron’s campaign said its staff received phishing emails meant to steal their passwords. …”
The Senate Intelligence Committee hears testimony from witnesses on cybersecurity, #Russian hacking capabilities and U.S. and European elections, in two sessions on March 30, 2017.
NEWSWATCH: “Potential ‘smoking gun’ showing Obama administration spied on Trump team, source says” – Fox News
“Republican congressional investigators expect a potential ‘smoking gun’ establishing that the #Obama administration spied on the #Trump transition team, and possibly the president-elect himself, will be produced to the House #Intelligence Committee this week …. Classified intelligence showing incidental collection of Trump team communications, purportedly seen by committee Chairman Devin Nunes, R-Calif., and described by him in vague terms … came from multiple sources …. The intelligence corroborated information about surveillance of the Trump team that was known to Nunes, sources said, even before President Trump accused his predecessor of having wiretapped him …. The intelligence is said to leave no doubt the Obama administration, in its closing days, was using the cover of legitimate surveillance on foreign targets to spy on President-elect Trump, according to sources. The key to that conclusion is the unmasking of selected U.S. persons whose names appeared in the intelligence, … the paper trail leaves no other plausible purpose for the unmasking other than to damage the incoming Trump administration. …”
Click here for: “Potential ‘smoking gun’ showing Obama administration spied on Trump team, source says” – Fox News
“#Montenegro is reportedly preparing to indict the #Russian #intelligence officer it accuses of masterminding a bloody coup plot to stop the Balkan nation joining #Nato. …”
… discussing investigations into Russia’s hacking during last year’s presidential election and disputed contacts between the Trump campaign and Russia, White House deputy press secretary Sarah Huckabee Sanders said, ‘the FBI has already said this story is BS.’ … “
NEWSLINK: “Russia and China bombard Blighty with 188 cyberattacks in 3 months; Security secrets and private businesses are all fair game” – Register (UK)
“Britain has been hit by 188 “high-level attacks” in the last three months. Some of these attempts include Russian state-sponsored hackers trying to steal defence and foreign policy secrets, according to the UK’s newly appointed National Cyber Security Centre chief Ciaran Martin. Russian and Chinese attacks on defence and foreign policy servers are among those being investigated by the organisation. Security vendors said that high-level malfeasance by foreign espionage agencies is an issue for Western businesses as well as governments. …”
NEWSLINK: “Emmanuel Macron aide blames #Russia for #hacking attempts; Russia watchers say Moscow is deploying considerable resources to swing the French election.” – Politico.EU
“A top aide to French presidential candidate Emmanuel Macron accused #Russia on Monday of trying to hack into his campaign’s computer systems and spreading disinformation about him via Kremlin-backed news media.”
“#GOP leaders reject suggestion of a moral equivalence between U.S., #Putin; #Pence sees path to end #sanctions”
NEWSLINK: “#Kasparov: Comparing USA to #Russia like comparing surgeon to Jack the Ripper” – The Hill/Garry Kasparov
“The chairman of the Human Rights Foundation, Russian chess master Garry #Kasparov, criticized President Donald #Trump Sunday for implying this weekend that the United States isn’t so pure when it comes to condemning #Russia’s human rights record. ‘Comparing the USA to Putin’s Russia is like comparing a surgeon to Jack the Ripper because they both cut people with knives,’ Kasparov tweeted, referencing Russian President Vladimir Putin and the 19th century London serial killer who slashed his victims.”
The #Trump administration on Thursday altered #sanctions against companies doing business with #Russia’s domestic intelligence agency. The Treasury Department said it will allow American companies to make limited transactions with the #FSB, the successor to the #KGB, if it needs them to get approval to import or distribute technology products in Russia. The exception will also apply to situations in which companies need to comply with rules administered by the FSB. The implications of the move were not immediately clear, but the U.S. has taken similar steps in the past to help businesses avoid unintended consequences on cross-border transactions.
In the latest disturbing account of Russian hacking, the #FBI is reportedly investigating a series of #cyber-attacks targeted at journalists from the New York Times and other U.S. media outlets. … [that] could allow hackers to obtain confidential communications between reporters and …sources in the government. It could also potentially allow Russia to release information, which would embarrass key political leaders as well as obtain insight into U.S. diplomatic or military strategies. … Russia is also the mostly likely suspect behind last week’s ‘Shadow Brokers’ incident … [exposing] a top-secret set of cyber-weapons developed by the #NSA.
NEWSWATCH: “Exclusive: Congressional leaders were briefed a year ago on hacking of Democrats – sources” – Reuters
U.S. intelligence officials told top congressional leaders a year ago that Russian hackers were attacking the Democratic Party, three sources familiar with the matter said … but the lawmakers were unable to tell the targets … because the information was so secret. … disclosure … would have revealed that U.S. intelligence agencies were continuing to monitor the hacking, as well as … sources and … methods …. The congressional briefing was given … in a secure room called a Sensitive Compartmented Information Facility, or SCIF, to … four Republicans: Senate Majority leader Mitch McConnell … Speaker John Boehner … Senator Richard Burr and Representative Devin Nunes, the House and Senate intelligence committee chairs. Their Democratic counterparts were: Senator Harry Reid and Representative Nancy Pelosi … Senator Dianne Feinstein and Representative Adam Schiff of the intelligence committees. * * * One of the sources said the Clinton campaign first detected attacks on its data system in early March, and was given what the source described as a “general briefing” about it by the FBI later that month. The source said the FBI made no mention of a Russian connection in that briefing and did not say when the penetration first took place.
Click here for Reuters: “Exclusive: Congressional leaders were briefed a year ago on hacking of Democrats – sources”