New clues emerge about targeted efforts by Russia to hack US elections

GRUNew information about carefully targeted attempts by Russian operatives to compromise the November 2016 presidential elections in the United States have emerged in a newly published intelligence document. The document, which dates from May of this year, was produced by the US National Security Agency and published on June 5 by The Intercept. The web-based outlet published the leaked document on the same day that Reality Leigh Winner, a US federal contractor with a top-security clearance, was charged with espionage for leaking classified documents to the media. This has led to speculation that Winner may be the source of the leak.

The NSA document details attempts by hackers to compromise the online accounts of over 100 election officials, as well as employees of private contractors involved in administering the election process. The attempts reportedly took place during the period leading up to November 8, 2016. To do that, hackers resorted to a technique commonly known as ‘spear-fishing’. They sent carefully crafted emails, claiming to be from Google, to specifically targeted individuals. The goal was to trick the email recipients into downloading and opening Microsoft Word attachments, which were infected with malware. The infected software would then allow the hackers to remotely access the compromised computers. The NSA document states that at least one targeted person had his or her computer compromised though the ‘spear-fishing’ technique. Importantly, the leaked document appears unequivocal in its assessment that the hackers behind the ‘spear-fishing’ attacks worked for the General Staff Main Intelligence Directorate (GRU) of the Russian armed forces. The document also states that the main goal of the attacks was to compromise the software used to manage voter registration lists, and that the attackers were operating under a “cyber espionage mandate specifically directed at US and foreign elections”.

American intelligence officials have previously said that Russian spies launched in a complex and prolonged campaign to undermine public faith in the US electoral process. It is also known that the Russian campaign targeted election officials in the months leading up to the November 2016 elections. But the NSA report is the first publicly available description of some of the specific techniques employed by the alleged Russian hackers as part of their campaign. The leaked document does not provide technical details about the ‘spear-phishing’ campaign. Nor does it discuss whether the attacks were successful, whether vote tallies were actually compromised, or whether the election process itself was sabotaged by the hackers. The Intercept said it contacted the NSA and the Office of the Director of National Intelligence, who refused to publicly comment on the content of the NSA report.

Author: Joseph Fitsanakis | Date: 09 June 2017 | Permalink

Advertisements

Russian espionage in US increasingly sophisticated and brazen, say sources

Russian embassy in WashingtonRussian espionage in the United States has become increasingly sophisticated and brazen, and American counterintelligence professionals are finding it difficult to contain it “after years’ worth of inattention” according to sources. According to Politico, Washington ignored Russian intelligence operations in the 1990s, believing that Moscow’s numerous domestic problems kept its attention away from America. But under Vladimir Putin, Russia rebuilt its espionage network in the US, to the point that now “Moscow’s espionage ground game [on American soil] is growing stronger and more brazen than ever”.

The news outlet cited “half a dozen current and former US intelligence officials”, who said that America has been “ignoring Russia for the last 15 years”. During that time, Washington focused much of its intelligence-related attention to the Middle East and Central Asia. But Russia used that opportunity to rebuild its espionage network on American soil. Currently, the Federal Bureau of Investigation —the US agency that is in charge of counterintelligence work— is finding it difficult to keep an eye on Russian espionage operations, partly because of the size of Russian operations. One US intelligence official told Politico that the Russians “have just got so many bodies” and are able to evade FBI surveillance.

It is now commonplace, say sources, for Russian “diplomats” to be found wandering around the US without permission from American authorities. Foreign diplomats are required to notify the US Department of State in advance each time they intend to travel more than 50 miles from their consular base, and the FBI must consent before permission to do so is granted. But the Russians are now routinely breaking this requirement; what is more, “half the time they’re never confronted” by the FBI, allegedly because Washington is does not wish to antagonize Moscow in light of the fragile state of affairs in Syria. One US intelligence official told Politico that the Russian “diplomats” appear to be secretly visiting locations across America “where underground fiber-optic cables tend to run”. They appear to be mapping the US telecommunications infrastructure, “perhaps preparing for an opportunity to disrupt it”, said the source.

Author: Joseph Fitsanakis | Date: 02 June 2017 | Permalink

Ukraine raids Russian internet search engine company as part of ‘treason’ probe

YandexUkrainian security service personnel raided the offices of a Russia-based internet search engine firm in two cities on Tuesday, as part of a treason investigation. The probe is reportedly related to the ongoing dispute between Kiev and Moscow, which intensified after 2014, when Russia unilaterally annexed the Russian district of Crimea. The Ukrainian government also accuses the Kremlin of clandestinely supporting pro-Russian insurgents in southeastern Ukraine, something that Moscow denies.

Earlier this month, Kiev announced that it would be blocking its citizens from using social media networks that are popular in Russia, including Yandex, a search engine that holds the lion’s share of the Russian internet usage market. The Ukrainian government argued that Russian social are were being used by Moscow to stir up pro-Russian sentiment and organize pro-Russian insurgents and activists inside Ukraine.

On Tuesday, members of Ukraine’s Security Service (SBU) raided the offices of Yandex in the Ukrainian capital Kiev and in the city of Odessa, Ukraine’s third largest city, located on the Black Sea coast. The two locations that were raided by the SBU are registered as subsidiaries of Yandex, which is based in the Russian capital Moscow. In a statement issued on the same day, the SBU said that the simultaneous raids were part of a wider “treason probe”. The security service argues in the statement that Yandex had been found to be sharing the personal information of Ukrainian Internet users with the Russian intelligence services. The illegally shared information included the details of Ukrainian military personnel, said the SBU statement. In turn, Moscow used the data provided by Yandex to plan, organize and carry out “espionage, sabotage and subversive operations” in Ukraine, said the SBU.

Late on Tuesday, a statement issued by Yandex in Moscow confirmed the SBU raids and said it would cooperate with the investigation by the Ukrainian authorities. Meanwhile, Kiev has said that the ban on Russian social media and Internet search engines will remain active for at least three years.

Author: Joseph Fitsanakis | Date: 31 May 2017 | Permalink

Israel revises intel-sharing rules with US, after alleged disclosure to Russians

Donald Trump and Benjamin NetanyahuAuthorities in Israel have revised their intelligence-sharing protocols with the American government after it became known that United States President Donald Trump inadvertently exposed Israeli secrets to Russia. The alleged exposure of Israeli secrets came earlier this month, during a meeting between Mr. Trump and a delegation of Russian government officials, which included Foreign Minister Sergey Lavrov and Sergey Kislyak, Moscow’s Ambassador to Washington.

During the meeting, the US President allegedly gave the two Russians details about plans by the Islamic State to smuggle explosives onboard airplanes, by hiding them inside laptop computers. However, according to reports in the American press, the information shared by Mr. Trump originated from Israel, which had voluntarily shared it with US intelligence. What is more, Tel Aviv had not authorized Washington to share the precise details behind this intelligence with other countries. Some reports in the US media suggest that Mr. Trump shared the Israeli-derived intelligence with the Russians in such a way as to expose ‘sources and methods’ —that is, the most sensitive aspects of the intelligence business, which intelligence agencies typically never disclose to adversaries. Additionally, even though the US president claims he never disclosed the source of the information, American media reports suggest that the Russians could easily determine that it came from Israel.

Israeli sources allegedly complained strongly to Washington, claiming that the intelligence shared by the US president “had put an [Israeli] agent’s life in peril”. Tel Aviv’s reaction appears to have been swift. On Wednesday, Israel’s Defense Minister Avigdor Liberman said in an interview that Tel Aviv promptly “did our checks” and “clarified [things] with our friends in the United States”. Speaking to Israel Army Radio, the official radio station of the Israel Defense Forces, Mr. Liberman said that Israel had done “a spot repair”, prompting the Voice of America to claim that the Jewish state had altered its intelligence-sharing methods with the US. Liberman was asked by the Israel Army Radio to clarify, but refused to specify what changes had been made in the Israel-US intelligence-sharing arrangements. He only added that “there is [now] unprecedented intelligence cooperation with the United States”.

Author: Joseph Fitsanakis | Date: 25 May 2017 | Permalink

Same hacker group is targeting French and German elections, says report

Konrad Adenauer FoundationThe same group cyber-spies that attacked the campaign of French presidential candidate Emmanuel Macron is now attacking German institutions that are connected to the country’s ruling coalition parties, according to a report by a leading cyber-security firm. The Tokyo-based security software company Trend Micro published a 41-page report on Tuesday, in which it tracks and traces the attacks against French and German political targets over the past two years. The report, entitled From Espionage to Cyber Propaganda: Pawn Storm’s Activities over the Past Two Years, concludes that the hackers are seeking to influence the results of the national elections in the European Union’s two most powerful nations, France and Germany.

The Trend Micro report focuses on a mysterious group that cyber-security experts have dubbed Pawn Storm —otherwise known as Sednit, Fancy Bear, APT28, Sofacy, and STRONTIUM. It says that the group has launched an aggressive phishing campaign against German political institutions, which has intensified in the past two months. The group allegedly set up fake computer servers in Germany and the Ukraine, and used them to try to infiltrate the computer networks of two elite German think-tanks, the Konrad Adenauer Foundation (KAF) and the Friedrich Ebert Foundation (FEF). The KAF is connected with the Christian Democratic Union party, which is led by Germany’s Chancellor, Angela Merkel. The FEF has strong ties with the centrist Social Democratic Party, which is part of Germany’s governing alliance.

The report’s leading author, cyber-security expert Feike Hacquebord, told the Reuters news agency that the hackers were possibly seeking to infiltrate the two think-tanks as a means of gaining access to the two political parties that are connected with them. Some cyber-security experts in Europe and the United States have said that the Russian Main Intelligence Directorate, the country’s military intelligence agency, known as GRU, is behind the cyber-attacks on France, Germany and the United States. But the Trend Micro report did not attempt to place blame on Moscow or any other country for the cyber-attacks. The Kremlin has denied involvement with the alleged hacking operations.

Author: Ian Allen | Date: 26 April 2017 | Permalink

EU Council president grilled in closed-door probe of Polish-Russian spy deal

Donald TuskSenior European Union official Donald Tusk was grilled for several hours on Wednesday, in the context of a Polish government probe into an intelligence agreement between Warsaw and Moscow. But Tusk, who is the current president of the European Council, and served as Poland’s prime minister from 2007 to 2014, dismissed the probe as politicized and said it was deliberately designed to harm his political career. The investigation was launched by the government of Poland earlier this year. Its stated goal is to investigate an agreement that was struck in late 2013 between Poland’s Military Counterintelligence Service (MCS) and the Federal Security Service (FSB) of the Russian Federation. The agreement allegedly took place in secret, but was never implemented. The government of Poland canceled it in 2014, after accusing Moscow of illegally annexing the Ukrainian region of Crimea.

On Wednesday, Tusk spent nearly three hours at the office of the prosecutor in Warsaw, in a question-and-answer session that was held entirely behind closed doors. As he was leaving the building, the former Polish prime minister said he could not comment on the content of his testimony. But he used strong words to dismiss the entire investigation as “extremely political”, while accusing those behind it as holding a vendetta against him. Tusk and his supporters believe that the probe was primarily initiated by Jarosław Kaczyński, leader of the conservative Law and Justice party. They also claim that Kaczyński, who is Tusk’s political arch-foe in Poland, is spearheading a campaign of personal vindictiveness against him.

The rivalry between the two men began in 2010, when an airplane carrying a Polish government delegation to a World War II commemoration event in Russia crashed near the Russian city of Smolensk, killing everyone onboard. Among the dead was Polish President Lech Kaczyński, Jarosław Kaczyński’s brother. Since the air disaster, the leader of the Law and Justice party has maintained that the Russian government deliberately brought down the plane. He also accuses Tusk, who was Poland’s prime minister at the time, of colluding with Moscow to eliminate his brother. These allegations remain unsubstantiated, but they have contributed to the emergence of a venomous political climate in Poland that has dominated national politics for years.

On Wednesday, during Tusk’s three-hour testimony, several thousands of his supporters demonstrated outside the office of the prosecutor, urging Tusk to run for president in a few years. It is a common expectation in Poland that Tusk will soon turn his attention to domestic Polish politics and run for the highest office in the land in 2020.

Author: Joseph Fitsanakis | Date: 21 April 2017 | Permalink

Mystery compound in Nicaragua shows Russia’s resurgence in Americas, say experts

GLONASS ManaguaA Russian facility built on a hillside facing the United States embassy in the Nicaraguan capital Managua is seen by some experts as symptomatic of Russia’s renewed presence in the Americas. The official Russian explanation for the heavily protected facility, which is surrounded by high walls, is that it is meant to operate as a tracking station for GLONASS, Russia’s version of the global positioning system (GPS). The Russians do not use GPS, because it is owned by the US government and operated by the US Air Force. But some believe that only part of the compound is dedicated to GLONASS activities, and that a major portion is a Russian listening base that sweeps US communications from throughout the region.

Nicaragua has a long Cold War legacy that culminated in the 1980s. In 1979, a leftist insurgency toppled the country’s longtime dictator, Anastazio Somoza. The rebels, who called themselves the Sandinista National Liberation Front (known widely as the Sandinistas), alarmed the government of US President Ronald Reagan. Consequently, the White House authorized a series of covert operations against Nicaragua’s leftist government. They centered on the Contras, an anti-communist counter-insurgency that was largely funded by Washington throughout the so-called Contra war that dominated the country’s politics in the 1980s. But the war also affected politics in the US, and almost toppled the Reagan administration when the Iran-Contra affair (illegal arms sales to Iran by the US government, which then used the proceeds to secretly fund the Contras) was revealed in the media.

In an article published last week, The Washington Post reported that, under the Presidency of Vladimir Putin, Russia has reemerged as a force in Latin American politics. Moscow now regularly supplies weapons to several countries in the hemisphere, including Ecuador, Peru, Argentina and Venezuela. It has also expanded its influence through the banking sector and via government loans in countries such as Brazil and Mexico. But Nicaragua, says The Post, has emerged as Russia’s closest ally in the region. For over a decade, the country’s political landscape has been dominated by the Sandinistas, who returned to power in 2006 and continue to govern the country today. The party was supported by the Soviet Union during the Cold War and thus retains strong historical links with Moscow. The Post reports that, according to some analysts, Russia seeks to cement its presence in America’s traditional backyard as a form of response to the eastward expansion of the US-led North Atlantic Treaty Organization.

Author: Joseph Fitsanakis | Date: 10 April 2017 | Permalink