PDA

View Full Version : Russian Info, Cyber and Disinformation (Catch all till 2017)



Pages : 1 [2]

OUTLAW 09
07-29-2016, 10:38 AM
Inside the Red #Web:#Russia's back door onto the #internet – extract:
http://gu.com/p/4c3qm/stw

What spawned #Russia's'#troll #army'?Experts on the red web share their views:
http://gu.com/p/4c6mn/stw

Russian radio with innuendo name promotes Russian politics in Finland.
https://twitter.com/AndriiOlefirov/status/758934298757963776 …

FBI investigates new case of suspected Russian hacking, on Democrat congressional group:
http://www.reuters.com/article/us-usa-cyber-democrats-exclusive-idUSKCN1082Y7 …
Same exact two Russian security services hard at work.....FSB and SVR......

OUTLAW 09
08-11-2016, 07:58 AM
Russian hackers are believed to have accessed the accounts of more than 100 Democratic groups and officials http://mobile.nytimes.com/2016/08/11/us/politics/democratic-party-russia-hack-cyberattack.html …

OUTLAW 09
08-12-2016, 07:07 PM
This is big: DCLeaks is almost certainly a Russian gov't influence op, linked to Guccifer 2 & more @ThreatConnect
https://www.threatconnect.com/does-a-bear-leak-in-the-woods/

August 12, 2016
Does a BEAR Leak in the Woods?

in Blog, Featured Article, Research by ThreatConnect Research Team


ThreatConnect Identifies DCLeaks As Another Russian-backed Influence Outlet

Read the full series of ThreatConnect posts following the DNC Breach: “Rebooting Watergate: Tapping into the Democratic National Committee”, “Shiny Object? Guccifer 2.0 and the DNC Breach“, “What’s in a Name Server?“, “Guccifer 2.0: the Man, the Myth, the Legend?“, “Guccifer 2.0: All Roads Lead to Russia“, and “FANCY BEAR Has an (IT) Itch that They Can’t Scratch“.

Over the last month and a half, ThreatConnect has authored a number of blog posts pulling at strands of a nebulous Russian spiderweb of malicious infrastructure – one data point at a time. Along the way, we’ve built off of the work other researchers have done and have engaged with a handful of journalists who are eager to get to the bottom of the story. We assess the Guccifer 2.0 persona that surfaced after the DNC breach was announced in June is a Russian creation to maximize the impact of strategic leaks.

But it looks like we missed something called DCLeaks, another outlet for leaked material. We believe DCLeaks is another Russian-backed influence outlet based on the following:
Guccifer 2.0’s use of DCLeaks to share purloined emails from a Hillary Clinton campaign staffer with journalists
DCLeaks hosting a portfolio of leaked emails belonging to Billy Rinehart Jr. — a former development manager at the United Nations Foundation and regional field director for the DNC — whose email account was breached in the same manner as a known FANCY BEAR attack method
DCLeaks’ registration and hosting information aligns with other FANCY BEAR activities and known tactics, techniques, and procedures

For more on this, see today’s article from The Smoking Gun detailing DC Leaks.

DCLeaks Background

DCLeaks was established in mid-2016 and initially garnered some publicity for releasing a series of emails from retired Air Force General Philip Breedlove, who in his last position was the commander of U.S. European Command and NATO forces. In this role as the most senior U.S. military official responsible for Russia, General Breedlove advocated for a more muscular response to Russian aggression in Ukraine and the leaked emails detail internal lobbying pertaining to the Obama Administration’s policy.

The About page for DCLeaks claims “the American hacktivists” initiated the “new level project”:

DCLeaks is a new level project aimed to analyze and publish a large amount of emails from top-ranking officials and their influence agents all over the world. The project was launched by the American hacktivists who respect and appreciate freedom of speech, human rights and government of the people. We believe that our politicians have forgotten that in a democracy the people are the highest form of political authority so our citizens have the right to participate in governing our nation.

The website has grouped its leaks into portfolios that include General Breedlove, Bill and Hillary Clinton, the Republican party, George Soros, and William “Billy” Rinehart, among others. Each of these portfolios has a description of the individual or organization, but most of the language that DCLeaks uses is either borrowed from Wikipedia or very simplistic in nature. This limits our ability to use language on the site to support an attribution assessment in a meaningful way.

Guccifer 2.0: Using DCLeaks, but Quietly

On June 27, 2016, The Smoking Gun (TSG) received a series of emails from Guccifer 2.0 (guccifer20@aol[.]fr) with the subject “leaked emails”. Most of the messages were sent from the Russia-based Elite VPN IP address 95.130.15[.]34 (located in France) as previously highlighted in our blog post. Some of the emails were sent from another probable Elite VPN IP address 208.76.52[.]163 (Miami, FL). The messages were not spoofed as they passed Sender Policy Framework (SPF) and Domain Key Identified Mail (DKIM) checks.
Within the message thread the Guccifer 2.0 persona offered exclusive access to private Clinton campaign emails.

Continued......


For those that work in the realm of IT security...read this article as well as anything else they have published concerning the DNC hack.....

This is the world of my company and I deal with this on a daily basis for my customers....

Those that do not quite yet want to believe that the Russians, Chinese, and Iranian are not good at this and or MAYBE it was not a Russian cyber war op directed clearly at the US...seriously need to rethink their views.

It is about time to wake up and smell the coffee as the Russians are really, really good.

Just a side comment.....all it takes is a single infected computer out of say a 25,000 end user network and I can control your entire network. One single wrong click by an enduser on a phishing email and it is over.

Now envision the coming Internet of Things (IOT) ...I have seen a massive bot network built on the backs of internet savvy refrigerators....

Also important: the detailed backstory of how @tsgnews received the login for DCLeaks from Guccifer & follow-up http://www.thesmokinggun.com/documents/investigation/tracking-russian-hackers-638295 …

.It gets better (& more confusing): @tsgnews claim Russian hackers also breached major Republican figures & orgs

Thomas Rid ‏@RidT · Aug 2  City of London, London
"MOONLIGHT MAZE. Anatomy of an Attack" Anatomy Lecture Theatre, 29 Sept
http://bit.ly/ridt-MM
< with vintage items

OUTLAW 09
08-12-2016, 07:28 PM
Important new revelations on how GRU + FSB hackers e-pillaged much more than DNC, even SACEUR. Big CI story here.

Russian Hackers of DNC Said to Nab Secrets From NATO, Soros

http://www.bloomberg.com/news/articles/2016-08-11/russian-hackers-of-dnc-said-to-scoop-up-secrets-from-nato-soros

OUTLAW 09
08-13-2016, 06:45 AM
(((CatherineFitz))) @catfitz
"Made a great noise" is a Russianism, i.e. how Russians would say something in Eng similar to RU
http://www.motherjones.com/politics/2016/08/dnc-hacker-dumps-dccc-documents-answers-limited-questions …
Also "go this way"

OUTLAW 09
08-13-2016, 04:41 PM
"Guccifer 2.0" in message to @WSJ “I won’t disclose my whereabouts for the safety reasons."
http://on.wsj.com/2aOc94O

Guccifer releases more hacked info.....Hacker posts cell phone numbers of congressional Democrats

Hacker reveals personal info for 193 Democrats. Hoyer, reached on cell posted on site, says breach is alarming.

Guccifer 2.0 Twitter account has been suspended. That's the account alleging to have breached The Democratic Party's computer networks.

OUTLAW 09
08-13-2016, 04:48 PM
"Guccifer 2.0" in message to @WSJ “I won’t disclose my whereabouts for the safety reasons."
http://on.wsj.com/2aOc94O

Guccifer releases more hacked info.....Hacker posts cell phone numbers of congressional Democrats

Hacker reveals personal info for 193 Democrats. Hoyer, reached on cell posted on site, says breach is alarming.

Guccifer 2.0 Twitter account has been suspended. That's the account alleging to have breached The Democratic Party's computer networks.

US officials have mulled hitting Russians with sanctions over DNC hack, but so far they are treading carefully.

OUTLAW 09
08-13-2016, 07:00 PM
Russian state hackers release small number of GOP emails to show 'no bias'. Mostly from Lindsay Graham (200% anti-Putin-Assad Senator)

OUTLAW 09
08-15-2016, 07:19 AM
Appears that the second email data dump of the AKP emails by WikiLeaks contained an unusual amount of malware...

https://github.com/bontchev/wlscrape/blob/master/malware.md

Malware hosted by Wikileaks

The following table contains the confirmed malware residing on the Wikileaks site. The list is by no means exhaustive; I am just starting with the analysis. But what is listed below is definitely malware; no doubts about it.


The first column contains a link to the e-mail on the Wikileaks site that contains the malicious attachment. The e-mail itself is safe to view (although the text is usually spam/scam/phish/whatever).

The second column contains the URL on the Wikileaks site where the malicious attachment to this e-mail message resides. Since this is a direct link (i.e., clicking it would result in the malware being directly downloaded to your PC), I have obfuscated the link by replacing "https" with "hxxxx" and putting square brackets around the dot in ".org", in order to make the link non-clickable. If you desire to download the malware and check for yourself that it is, indeed, malware, you can trivially deobfuscate the link - just, please, do be careful.

The third column contains links leading to a VirusTotal page, showing how the different scanners are reporting the malware. Those are safe to click.

Qudos to Hasherazade for making her tool VTScan for batch querying VirusTotal publicly available.

Wikileaks e-mail

Wikileaks URL to the malicious attachment

VirusTotal analysis

36138 hxxxx://wikileaks[.]org/akp-emails/fileid/36138/20098 F36CB35F410AB65958A6CCA846737A9C

Continued as the list is long.....


Apparently the hacker was not that well versed in not pulling the junk mail account or simply in a hurry OR Wikileaks was well aware of the malware and wanted to spread them.......

OUTLAW 09
08-15-2016, 01:10 PM
Mysterious entity claims it hacked Equation Group (likely NSA), dumps files, goes into rant. Potentially interesting
https://twitter.com/shadowbrokerss

Significant if true: Wikipedia referencing Kaspersky ties this APT group to the NSA/USG
https://twitter.com/pwnallthethings/status/765160042790281216 …

OUTLAW 09
08-15-2016, 04:58 PM
Russian antivirus firm faked malware to harm rivals

http://www.reuters.com/article/us-kaspersky-rivals-idUSKCN0QJ1CR20150814

By Joseph Menn | SAN FRANCISCO


Beginning more than a decade ago, one of the largest security companies in the world, Moscow-based Kaspersky Lab, tried to damage rivals in the marketplace by tricking their antivirus software programs into classifying benign files as malicious, according to two former employees.

They said the secret campaign targeted Microsoft Corp (MSFT.O), AVG Technologies NV (AVG.N), Avast Software and other rivals, fooling some of them into deleting or disabling important files on their customers' PCs.

Some of the attacks were ordered by Kaspersky Lab's co-founder, Eugene Kaspersky, in part to retaliate against smaller rivals that he felt were aping his software instead of developing their own technology, they said.

"Eugene considered this stealing," said one of the former employees. Both sources requested anonymity and said they were among a small group of people who knew about the operation.

Kaspersky Lab strongly denied that it had tricked competitors into categorizing clean files as malicious, so-called false positives.

"Our company has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing," Kaspersky said in a statement to Reuters. "Such actions are unethical, dishonest and their legality is at least questionable."

Executives at Microsoft, AVG and Avast previously told Reuters that unknown parties had tried to induce false positives in recent years. When contacted this week, they had no comment on the allegation that Kaspersky Lab had targeted them.

The Russian company is one of the most popular antivirus software makers, boasting 400 million users and 270,000 corporate clients. Kaspersky has won wide respect in the industry for its research on sophisticated Western spying programs and the Stuxnet computer worm that sabotaged Iran's nuclear program in 2009 and 2010.

The two former Kaspersky Lab employees said the desire to build market share also factored into Kaspersky's selection of competitors to sabotage.

"It was decided to provide some problems" for rivals, said one ex-employee. "It is not only damaging for a competing company but also damaging for users' computers."

The former Kaspersky employees said company researchers were assigned to work for weeks or months at a time on the sabotage projects.

Their chief task was to reverse-engineer competitors' virus detection software to figure out how to fool them into flagging good files as malicious, the former employees said.

The opportunity for such trickery has increased over the past decade and a half as the soaring number of harmful computer programs have prompted security companies to share more information with each other, industry experts said. They licensed each other's virus-detection engines, swapped samples of malware, and sent suspicious files to third-party aggregators such as Google Inc's (GOOGL.O) VirusTotal.

By sharing all this data, security companies could more quickly identify new viruses and other malicious content. But the collaboration also allowed companies to borrow heavily from each other's work instead of finding bad files on their own.

Lab in 2010 complained openly about copycats, calling for greater respect for intellectual property as data-sharing became more prevalent.

In an effort to prove that other companies were ripping off its work, Kaspersky said it ran an experiment: It created 10 harmless files and told VirusTotal that it regarded them as malicious. VirusTotal aggregates information on suspicious files and shares them with security companies.

Within a week and a half, all 10 files were declared dangerous by as many as 14 security companies that had blindly followed Kaspersky's lead, according to a media presentation given by senior Kaspersky analyst Magnus Kalkuhl in Moscow in January 2010.

When Kaspersky's complaints did not lead to significant change, the former employees said, it stepped up the sabotage.

INJECTING BAD CODE

In one technique, Kaspersky's engineers would take an important piece of software commonly found in PCs and inject bad code into it so that the file looked like it was infected, the ex-employees said. They would send the doctored file anonymously to VirusTotal.

Then, when competitors ran this doctored file through their virus detection engines, the file would be flagged as potentially malicious. If the doctored file looked close enough to the original, Kaspersky could fool rival companies into thinking the clean file was problematic as well.

VirusTotal had no immediate comment.

In its response to written questions from Reuters, Kaspersky denied using this technique. It said it too had been a victim of such an attack in November 2012, when an "unknown third party" manipulated Kaspersky into misclassifying files from Tencent (0700.HK), Mail.ru (MAILRq.L) and the Steam gaming platform as malicious.

The extent of the damage from such attacks is hard to assess because antivirus software can throw off false positives for a variety of reasons, and many incidents get caught after a small number of customers are affected, security executives said.

The former Kaspersky employees said Microsoft was one of the rivals that were targeted because many smaller security companies followed the Redmond, Washington-based company's lead in detecting malicious files. They declined to give a detailed account of any specific attack.

Microsoft's antimalware research director, Dennis Batchelder, told Reuters in April that he recalled a time in March 2013 when many customers called to complain that a printer code had been deemed dangerous by its antivirus program and placed in "quarantine."

Batchelder said it took him roughly six hours to figure out that the printer code looked a lot like another piece of code that Microsoft had previously ruled malicious. Someone had taken a legitimate file and jammed a wad of bad code into it, he said. Because the normal printer code looked so much like the altered code, the antivirus program quarantined that as well.

Over the next few months, Batchelder's team found hundreds, and eventually thousands, of good files that had been altered to look bad. Batchelder told his staff not to try to identify the culprit.

"It doesn't really matter who it was," he said. "All of us in the industry had a vulnerability, in that our systems were based on trust. We wanted to get that fixed."
Continued.......


There has been and it was confirmed by their CEO that Kaspersky has close ties to the FSB at the CEO Level...BUT that is all....they claim they never share with the FSB....oh really......especailly when now the FSB has unlimited abilities to monitor all Russian Internet movement......

OUTLAW 09
08-15-2016, 05:32 PM
Suit warns of Russian ‘back door’ into U.S. fingerprint systems
http://www.sfgate.com/nation/article/Suit-warns-of-Russian-back-door-into-U-S-9140446.php?cmpid=twitter-desktop …

Former execs of French firm that developed FBI fingerprint tech say it was made by the Russians & could be sabotaged
http://www.sfgate.com/nation/article/Suit-warns-of-Russian-back-door-into-U-S-9140446.php …

BUT WAIT so do the Chinese when they hacked the entire OMB Security Clearance database complete with fingerprints......they stole the data of over 20M US citizens

OUTLAW 09
08-15-2016, 05:50 PM
Hackers could acquire sensitive data through hard drive noises — via @TimesofIsrael
http://read.bi/2aWkM06

OUTLAW 09
08-15-2016, 07:33 PM
Appears that the second email data dump of the AKP emails by WikiLeaks contained an unusual amount of malware...

https://github.com/bontchev/wlscrape/blob/master/malware.md

Malware hosted by Wikileaks

The following table contains the confirmed malware residing on the Wikileaks site. The list is by no means exhaustive; I am just starting with the analysis. But what is listed below is definitely malware; no doubts about it.

Apparently the hacker was not that well versed in not pulling the junk mail account or simply in a hurry OR Wikileaks was well aware of the malware and wanted to spread them.......


Wikileaks Published Dozens of Malware Links in Email Dump
http://gizmodo.com/wikileaks-publ

OUTLAW 09
08-16-2016, 06:42 PM
Mysterious entity claims it hacked Equation Group (likely NSA), dumps files, goes into rant. Potentially interesting
https://twitter.com/shadowbrokerss

Significant if true: Wikipedia referencing Kaspersky ties this APT group to the NSA/USG
https://twitter.com/pwnallthethings/status/765160042790281216 …

If this was Russia, it signals an unprecedented public escalation of the US-Russian cyber cold war.

http://motherboard.vice.com/read/hac...cyber-cold-war

Hack of NSA-Linked Group Signals a Cyber Cold War

Written by
Lorenzo Franceschi-Bicchierai
August 16, 2016 // 01:52 PM EST

REMEMBER the two core key cornerstones of Russian non linear warfare is information warfare and cyber warfare....

Taken from the active site
https://twitter.com/shadowbrokerss



10.Equation Group Cyber Weapons Auction - Invitation


11.- ------------------------------------------------


12.


13.!!! Attention government sponsors of cyber warfare and those who profit from it !!!!


14.


15.How much you pay for enemies cyber weapons? Not malware you find in networks. Both sides, RAT + LP, full state sponsor tool set? We find cyber weapons made by creators of stuxnet, duqu, flame. Kaspersky calls Equation Group. We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files.


16.


17.Picture Urls


18.- ------------


19.http://imgur.com/a/sYpyn


20.https://theshadowbrokers.tumblr.com/


21.https://github.com/theshadowbrokers/EQGRP-AUCTION

OUTLAW 09
08-17-2016, 11:51 AM
The main twitter page link for theshadowsbrokers has been disabled and removed.

https://www.washingtonpost.com/world...mepage%2Fstory

Powerful NSA hacking tools mysteriously surface online


The release of the cache of files could pose severe consequences for the National Security Agency’s operations and the security of government and corporate computers. “Without a doubt, they’re the keys to the kingdom,” said a former employee who worked in the agency’s hacking division.

Serious question now becomes for the ever reluctant Obama WH to confront Russia...WHEN will they have to actually push back with a very well thought through cyber attack to signal to Putin to "stand down"....

We are now in a full scale cyber war that the Obama WH does not quite want to believe it possible....THAT happens when your opponent views you as a weak leader for never pushing back in eastern Ukraine and or in Syria and or in their constant INF nuclear violations...

OUTLAW 09
08-18-2016, 06:43 PM
These are the hacking techniques used in suspected Clinton Foundation attack:
http://reut.rs/2bpnKfR

OUTLAW 09
08-19-2016, 08:14 AM
Great read by @HowellONeill — now that it's all but proven that hackers stole NSA cyberweapons —now what?
http://bit.ly/2bhLBLX

Experts have 2 theories for how top secret NSA data was stolen — both are equally disturbing
http://read.bi/2bAXah2

OUTLAW 09
08-20-2016, 03:47 PM
ThreatConnect, Inc. @ThreatConnect
From the start...read it all! Guccifer 2.0, the #DNCHack, and FANCY BEARS, Oh My!
http://hubs.ly/H042YHT0

OUTLAW 09
08-20-2016, 04:32 PM
Cyber espionage: A new cold war?
An online ‘auction’ signals a build-up of tension between Russia and America
http://on.ft.com/2ba2uaA

OUTLAW 09
08-22-2016, 07:42 AM
Commentary: Evidence points to another Snowden at the NSA
http://reut.rs/2bzmk1d

Just a side note....when the US "acquired" a bulk of the MfS/Stasi files just after the Wall collapsed....an analysis of these files indicated at least 100 US citizens had been/still were active in spying for the GDR/DDR either for the Stasi, GRU or KGB.....

BUT although the indications of 100 or more were there.... it was virtually impossible to identify them.....

My experience in doing security clearance reviews for the Army Security Agency in Berlin during the Cold War days reinforces the simple fact..the NSA has always been either lax and or not diligent enough in protecting themselves from outside spies....so this does not surprise me in the least....then we pulled the clearances from two US Army COLs and over 30 Army enlisted and NCOs....due to serious questions.....and we pointed initially the finger at the US Army/Stasi Spy CWO Hall but no one wanted to pay attention to the hints until 1988....

In those days new US laws virtually tied our hands to investigate unless the individual walked around with a sign around his neck stating "I am a spy".....was frustrating in those days....

ESPECIALLY now that the Chinese have the complete security clearance records of ALL US government employees former and present (20M plus or minus) and their finger prints and will in the end share them with the Russian SVR.......

OUTLAW 09
08-22-2016, 11:39 AM
https://www.yahoo.com/tech/nsa-leak-rattles-cybersecurity-industry-121630860.html

NSA leak rattles cybersecurity industry

Jaikumar Vijayan

Christian Science Monitor Sat,


Aug 20 5:16 AM PDT .


After an unknown group released a cache of hacking tools from the National Security Agency earlier this week, some of the biggest tech companies in the world are scrambling to patch their systems and software to protect themselves and customers from attacks.

The leak came from the anonymous group calling itself the Shadow Brokers. While the group's origin and motivations remain unknown, cybersecurity experts and former agency employees have authenticated the cache of NSA hacking tools.

By exposing the custom-made malware online, the Shadow Brokers have suddenly made many of the systems American corporations rely on for cybersecurity more vulnerable to digital attacks from criminals and spies.

Now, many cybersecurity experts are asking why the NSA would stockpile so many of these kinds of security vulnerabilities without telling the affected companies such as networking giants Cisco and digital security firm Fortinet.

"The policy question we have to ask ourselves is what's an acceptable amount of time for the NSA to keep these exploits exclusively, before being legally compelled to disclose them," says Jeremiah Grossman, head of security strategy at cybersecurity firm SentinelOne.

While he says that the NSA needs some of the software exploits to spy on its adversaries and carry out digital missions, holding onto those flaws too long can be detrimental to American security.

Cisco said it inspected the NSA cache and discovered at least two hacking tools targeting security flaws in its products. The company said it did not know about the existence of one of the flaws until this week’s leak.

Beyond Cisco and Fortinet, which discovered firewall vulnerabilities among the digital weapons, many other companies could be at risk.

So far, the Shadow Brokers have released about 300 megabytes of data comprising a total of over 50 attack tools that would let attackers bypass firewalls that organizations rely on to defend against external attacks.

The leak also raises questions about the nature of nation-state hacking, and how much spy agencies know about flaws in software that they aren't revealing to tech companies and the public.

"How many of these are the Russians and the Chinese sitting on?" asked Jason Healey, senior research scholar at Columbia University’s School of International and Public Affairs.

The US does have a process that requires the NSA to disclose its bug discoveries to the White House National Security Council. The idea is to ensure that security flaws with especially broad impact are disclosed to the relevant companies so they can fix them, said Mr. Healey.

While that process may need to be updated in light of the NSA leaks, it is likely that other countries don’t have even this level of transparency.

"It is quite possible that their arsenals are even more significant than the US arsenal, which means there are a bunch more vulnerabilities we don't know about," he said. "It means the overall security of US infrastructure could be even worse than we thought."

OUTLAW 09
08-22-2016, 05:52 PM
http://www.businessinsider.de/nsa-cyberweapon-auction-shadow-brokers-2016-8?r=US&IR=T

The NSA cyber-weapon auction is a total smokescreen — here's what's really going on
Paul Szoldra

17.08.2016


A group calling itself the "Shadow Brokers" claimed earlier this week that it hacked into the US National Security Agency and stole an apparent treasure trove of exploits and hacking tools that it is now trying to auction off.

But experts say that this is all a smokescreen for a not-so-subtle message from Moscow to Washington: Don't mess with us.

"It's a smokescreen, there's nothing real about this," John Schindler, a former NSA analyst and counterintelligence officer, told Business Insider. "This is Moscow's way of upping the ante in the spy war, and sending a message no one can miss [which is] 'we have you penetrated, we've got you by the balls, don't push us.'"

He added: "The Russians are making a power play because they think they can right now."

The previously-unknown Shadow Brokers created a number of social-media accounts earlier this month on Reddit, Github, Twitter, and Imgur, before announcing on August 13 its "cyber weapon auction," which promised bidders a "full state sponsor tool set" from a hacking unit believed to be within the NSA known only as "The Equation Group."

It released a 234-megabyte archive on various file-sharing sites with one-half being free to view and use — which numerous experts say is legitimate — while the other half was encrypted. The winner of the auction, the group said, would get the decryption key.

But an auction for hacking tools and exploits is not something that ever happens, experts say. Instead, exploits are bought and sold on the black market for hundreds of thousands and sometimes millions of dollars, in private.

There's something else going on here, and it seems like it has nothing to do with a hacking group looking for cash.

Auction files 'better than Stuxnet'

In the announcement of its auction, Shadow Brokers seemed to ensure that no one would seriously consider bidding on the other half of its treasure trove, which it claims has within it software that is better than "Stuxnet" — the US-Israeli malware that destroyed Iranian nuclear centrifuges.

Its FAQ tells bidders that they are going to lose their Bitcoin, no matter what they do. If you win the auction, you'll get the files, but if you lose the auction, you don't get the files — and you don't get your Bitcoin back.

"Sorry lose bidding war lose bitcoin and files," the group wrote.

That's probably why the so-called auction hasn't moved anywhere close to the group's goal of 1 million Bitcoin, or roughly $575 million. The high bid is currently 1.629 Bitcoin, a surprisingly low figure for a software package that, if it were "better than Stuxnet," would contain a number of unknown software exploits called "zero days," each of which can be sold for $100,000 or more on the black market.

"This auction is one of the more bizarre things that I've ever seen in this space. People who buy and sell exploits would not just dump money into an auction," a source who used to work for the NSA's elite hacker unit, Tailored Access Operations, told Business Insider on condition of anonymity in order to discuss sensitive matters. "It kind of makes no sense."

"The low Bitcoin offers are pretty amusing though," Dr. Peter Singer, a strategist at the think tank New America and coauthor of "Ghost Fleet," told Business Insider in an email.

Further, the website WikiLeaks apparently has the full archive and says that it will release its own "pristine copy in due course." WikiLeaks did not respond to an email from Business Insider asking when that release would be.

This just "shows the fraud of the whole Bitcoin angle," Schindler said.

'Conventional wisdom indicates Russian responsibility'

Former NSA contractor Edward Snowden offered his opinion on the underlying message behind the "auction" in a series of tweets on Tuesday, notably pointing the finger at Russia as being behind it.

After cybersecurity firm CrowdStrike said that it uncovered two different state-sponsored Russian hacking groups inside the servers of the Democratic National Committee in June, Snowden wrote that "if Russia hacked the DNC, they should be condemned for it," and then chided the US for not releasing evidence that he believed the NSA had that would prove it.

That "smoking gun" evidence never came, though a number of US political and intelligence officials have said that the DNC hack was at the Kremlin's direction.

"Circumstantial evidence and conventional wisdom indicates Russian responsibility," wrote Snowden of this latest breach, adding, "This leak looks like somebody sending a message that an escalation in the attribution game could get messy fast."

How messy? According to Snowden, the fully-leaked toolkit — from 2013 — could offer insight into previous hacks carried out by the NSA, or it could be reverse-engineered to help adversaries detect them in the future. Even Schindler, the former NSA analyst who's an outspoken critic of Snowden, agrees with Snowden's finding on the overt message, though he doesn't think that leaked tools will have any significant effect on future NSA operations.

"This stuff has all been changed," Schindler said. "Three years is a long time in cyber ops, because that's not the point. The point is to show NSA that we've got you by the balls."

OUTLAW 09
08-22-2016, 05:59 PM
More network analysis of the current Russian informational warfare/disinformation networks that should be thoroughly understood as one of the core legs of Russian "soft power"......

Kremlin-linked Estonian disinfo op and the surrounding social network
http://aktivnyye.com/t/20160821-kornilov_network.html …

Modus Operandi: NGO <-> Alternative News <-> Money Laundering
http://aktivnyye.com/t/20160821-kornilov_network.html … <- children of the night:

I don’t always put the network entities into a table for ease of identification.
http://aktivnyye.com/t/20160821-korn...ork_table.html …
http://aktivnyye.com/i/20160821/KornilovNet2

The connection to the Rodina Party was an unexpected gift.

AND another form of info warfare (soft power) hard at work.....

Finnish pro- #Kremlin figure registers another web domain to start up a new fake embassy for #Luhansk

OUTLAW 09
08-22-2016, 06:00 PM
Network Analysis on Internet "Russian trolls".......

EU Mythbusters
✔ @EUvsDisinfo Another summer #longread: @STRATCOMCOE report on social media as a tool of hybrid warfare:
http://goo.gl/n7fa2U

Russian info warfare...troll networks

"The #Year Of The #Troll":
http://www.rferl.org/content/the-yea.../27419384.html …

Geolocating #KremlinTrolls and Their Followers.by @webradius:
http://kremlintrolls.com/t/20150622-

Follow great works @webradius:
http://aktivnyye.com/t/20160418-dff.html …& More:
http://aktivnyye.com/index.html
KremlinTrolls are afraid this↑↓

Referrer #Networks":@webradius:
http://aktivnyye.com/t/20160215-fringenet3.html …

"#Disinformation Flows":@webradius:
http://aktivnyye.com/t/20160212-fringenet2.html …

"#Disinformation Flows"@webradius:
http://aktivnyye.com/t/20160212-fringenet2.html …

The Fringes of #Disinfo:A #Network Based on Referrers:@webradius:
http://aktivnyye.com/t/20160207-fringenet1.html …

KremlinTrolls:#Russia|ns & their British Reds:by @webradius:
http://kremlintrolls.com/t/20151003-

KremlinTrolls Blog/Another Look at #Russia|n"diplomat"#Nalobin's #Network:@webradius:
http://kremlintrolls.com/t/20150810-...in_reflux.html …

UK #KremlinTrolls&"#STWC-activists'#StoptheWar'"coop.#Russia|n #intel #Nalobin:by @webradius:
http://kremlintrolls.com/t/20150927-nalobinXstwc.html …

Watch analysis by @webradius:#KremlinTrolls& Other Acquaintances of #Russia|n EMB #Canada:
http://kremlintrolls.com/t/20150907-canada_plus.html …

“#Russia|n #KremlinTrolls >>>
by @webradius >
http://kremlintrolls.com/t/20150616-ri3m.html …
pic.twitter.com/ezDqScQTST

#Russia|n #KremlinTrolls #Putin's.by @webradius:
http://kremlintrolls.com/t/20150616-ri3m.html …

KremlinTrolls are engaged in massive anti-UA #propaganda in #Poland:
http://www.stopfake.org/en/kremlin-t...nda-in-poland/ …

See if you know someone& add to list #KremlinTrolls& other #Kremlin's #UsefuIIdiots of #Russia|n Embassy in #Canada

Do not forget to add #Kremlintrolls& #Kremlin's #UsefulIdiots to list☭&alert about them to followers

OUTLAW 09
08-22-2016, 06:01 PM
Network Analysis on Internet "Russian trolls".......

EU Mythbusters
✔ @EUvsDisinfo Another summer #longread: @STRATCOMCOE report on social media as a tool of hybrid warfare:
http://goo.gl/n7fa2U

Russian info warfare...troll networks

"The #Year Of The #Troll":
http://www.rferl.org/content/the-yea.../27419384.html …

Geolocating #KremlinTrolls and Their Followers.by @webradius:
http://kremlintrolls.com/t/20150622-

Follow great works @webradius:
http://aktivnyye.com/t/20160418-dff.html …& More:
http://aktivnyye.com/index.html
KremlinTrolls are afraid this↑↓

Referrer #Networks":@webradius:
http://aktivnyye.com/t/20160215-fringenet3.html …

"#Disinformation Flows":@webradius:
http://aktivnyye.com/t/20160212-fringenet2.html …

"#Disinformation Flows"@webradius:
http://aktivnyye.com/t/20160212-fringenet2.html …

The Fringes of #Disinfo:A #Network Based on Referrers:@webradius:
http://aktivnyye.com/t/20160207-fringenet1.html …

KremlinTrolls:#Russia|ns & their British Reds:by @webradius:
http://kremlintrolls.com/t/20151003-

KremlinTrolls Blog/Another Look at #Russia|n"diplomat"#Nalobin's #Network:@webradius:
http://kremlintrolls.com/t/20150810-...in_reflux.html …

UK #KremlinTrolls&"#STWC-activists'#StoptheWar'"coop.#Russia|n #intel #Nalobin:by @webradius:
http://kremlintrolls.com/t/20150927-nalobinXstwc.html …

Watch analysis by @webradius:#KremlinTrolls& Other Acquaintances of #Russia|n EMB #Canada:
http://kremlintrolls.com/t/20150907-canada_plus.html …

“#Russia|n #KremlinTrolls >>>
by @webradius >
http://kremlintrolls.com/t/20150616-ri3m.html …
pic.twitter.com/ezDqScQTST

#Russia|n #KremlinTrolls #Putin's.by @webradius:
http://kremlintrolls.com/t/20150616-ri3m.html …

KremlinTrolls are engaged in massive anti-UA #propaganda in #Poland:
http://www.stopfake.org/en/kremlin-t...nda-in-poland/ …

See if you know someone& add to list #KremlinTrolls& other #Kremlin's #UsefuIIdiots of #Russia|n Embassy in #Canada

Do not forget to add #Kremlintrolls& #Kremlin's #UsefulIdiots to list☭&alert about them to followers

'Troll hunting' algorithm could make web a better place
http://www.wired.co.uk/article/googl...cial-behaviour …

OUTLAW 09
08-22-2016, 06:02 PM
Same Russian hackers likely breached Olympic drug-testing agency and DNC http://trib.al/qCmylR3

Azor
08-22-2016, 06:18 PM
http://www.reuters.com/article/us-intelligence-nsa-commentary-idUSKCN10X01P

Selected Excepts:

"...In addition, if Russia had stolen the hacking tools, it would be senseless to publicize the theft, let alone put them up for sale. It would be like a safecracker stealing the combination to a bank vault and putting it on Facebook. Once revealed, companies and governments would patch their firewalls, just as the bank would change its combination.

A more logical explanation could also be insider theft. If that’s the case, it’s one more reason to question the usefulness of an agency that secretly collects private information on millions of Americans but can’t keep its most valuable data from being stolen, or as it appears in this case, being used against us.

In what appeared more like a Saturday Night Live skit than an act of cybercrime, a group calling itself the Shadow Brokers put up for bid on the Internet what it called a “full state-sponsored toolset” of “cyberweapons.” “!!! Attention government sponsors of cyberwarfare and those who profit from it !!!! How much would you pay for enemies cyberweapons?” said the announcement.

While the “auction” seemed tongue in cheek, more like hacktivists than Russian high command, the sample documents were almost certainly real. The draft of a top-secret NSA manual for implanting offensive malware, released by Edward Snowden, contains code for a program codenamed SECONDDATE. That same 16-character string of numbers and characters is in the code released by the Shadow Brokers. The details from the manual were first released by The Intercept last Friday.

The reasons given for laying the blame on Russia appear less convincing, however. “This is probably some Russian mind game, down to the bogus accent,” James A. Lewis, a computer expert at the Center for Strategic and International Studies, a Washington think tank, told the New York Times. Why the Russians would engage in such a mind game, he never explained.

...Rather than the NSA hacking tools being snatched as a result of a sophisticated cyber operation by Russia or some other nation, it seems more likely that an employee stole them. Experts who have analyzed the files suspect that they date to October 2013, five months after Edward Snowden left his contractor position with the NSA and fled to Hong Kong carrying flash drives containing hundreds of thousands of pages of NSA documents."

OUTLAW 09
08-22-2016, 07:30 PM
Russian state company says "let’s store all the Internet correspondence in a single data center"
https://meduza.io/en/news/2016/08/22/russian-state-company-says-hey-let-s-store-all-the-internet-correspondence-in-a-single-data-center?utm_source=t.co&utm_medium=share_twitter&utm_campaign=share …

OUTLAW 09
08-23-2016, 11:53 AM
Aug 16
Massive Email Bombs Target .Gov Addresses



Over the weekend, unknown assailants launched a massive cyber attack aimed at flooding targeted dot-gov (.gov) email inboxes with subscription requests to thousands of email lists. According to experts, the attack — designed to render the targeted inboxes useless for a period of time — was successful largely thanks to the staggering number of email newsletters that don’t take the basic step of validating new signup requests.

These attacks apparently have been going on at a low level for weeks, but they intensified tremendously over this past weekend. This most recent assault reportedly involved more than 100 government email addresses belonging to various countries that were subscribed to large numbers of lists in a short space of time by the attacker(s). That’s according to Spamhaus, an entity that keeps a running list of known spamming operations to which many of the world’s largest Internet service providers (ISPs) subscribe.

When Spamhaus lists a swath of Internet address space as a source of junk email, ISPs usually stop routing email for organizations within those chunks of addresses. On Sunday, Spamhaus started telling ISPs to block email coming from some of the largest email service providers (ESPs) — companies that help some of the world’s biggest brands reach customers via email. On Monday, those ESPs soon began hearing from their clients who were having trouble getting their marketing emails delivered.

In two different posts published at wordtothewise.com, Spamhaus explained its reasoning for the listings, noting that a great many of the organizations operating the lists that were spammed in the attack did not bother to validate new signups by asking recipients to click a confirmation link in an email. In effect, Spamhaus reasoned, their lack of email validation caused them to behave in a spammy fashion.

“The issue is the badly-run ‘open’ lists which happily subscribed every address without any consent verification and which now continue as participants in the list-bombing of government addresses,” wrote Spamhaus CEO Steve Linford. It remains unclear whether hacked accounts at ESPs also played a role.

Also writing for wordtothewise.com, Laura Atkins likened email subscription bombs like this to “distributed denial of service” (DDoS) attacks on individuals.

OUTLAW 09
08-23-2016, 12:06 PM
While this article is from 2015....it concerns the activities of a Russian criminal gang involved in heavy hacking and fraud of banks and lately even the main Oracle MICROS database that handles hundreds of Point of Sales devices....WHICH Oracle has been extremely slow to react to........

http://www.welivesecurity.com/2015/09/08/carbanak-gang-is-back-and-packing-new-guns/

Amazingly "spearphishing" is the key in many hacking attempts and was the one used to gain entrance into the DNC network....and actually is easy to avoid if the endusers are well trained in spotting the attempts....


The Russian Carbanak gang is back and packing new guns

By Anton Cherepanov posted 8 Sep 2015 - 10:49AM

Cybercrime


The Carbanak financial APT group made the headlines when Group-IB and Fox-IT broke the news in December 2014, followed by the Kaspersky report in February 2015. The two reports describe the same cybercriminal gang which stole up to several hundreds of millions of dollars from various financial institutions.

However, the story is interesting not only because of the large amount of money stolen but also from a technical point of view. The Carbanak team does not just blindly compromise large numbers of computers and try to ‘milk the cow’ as other actors do, instead they act like a mature APT-group. They only compromise specific high-value targets and once inside the company networks, move laterally to hosts that can be monetized.

A few days ago CSIS published details about new Carbanak samples found in the wild.

In this blog we will describe the latest developments in the Carbanak story.

Casino hotel hack

At the end of August, we detected an attempt to compromise the network of a casino hotel in the USA. The infection vector used in this attack may have been a spearphishing e-mail with a malicious attachment using an RTF-exploit or .SCR file. The attackers’ aim was to compromise PoS servers used in payment processing.

The main backdoor used by attackers was the open-source Tiny Meterpreter. In this case, however, the source was modified – the process injection to svchost.exe was added to its functionality.

This Tiny Meterpreter backdoor dropped two different malware families:
•Win32/Spy.Sekur – well known malware used by the Carbanak gang
•Win32/Wemosis – a PoS RAM Scraper backdoor

As mentioned here by our colleagues from TrendMicro, Carbanak malware is capable of targeting Epicor/NSB PoS systems, while Win32/Wemosis is a general-purpose PoS RAM Scraper which targets any PoS that stores card data in the memory. The Wemosis backdoor is written in Delphi and allows the attacker to control an infected computer remotely.

Both executables were digitally signed with the same certificate:

image1

The certificate details:

Company name: Blik
Validity: from 02 October 2014 to 03 October 2015
Thumbprint: ‎0d0971b6735265b28f39c1f015518768e375e2a3
Serial number: ‎00d95d2caa093bf43a029f7e2916eae7fb
Subject: CN = Blik
O = Blik
STREET = Berzarina, 7, 1
L = Moscow
S = Moscow
PostalCode = 123298
C = RU

This certificate was also used in the digital signature of a third malware family used by the same gang: Win32/Spy.Agent.ORM.

Win32/Spy.Agent.ORM – overview

Win32/Spy.Agent.ORM (also known as Win32/Toshliph) is a trojan used as one of their first-stage payloads by the Carbanak gang. The binary of the testing version was signed with a Blik certificate: moreover, Spy.Agent.ORM shares some similarities in the code with “the regular” Carbanak malware.

The Win32/Spy.Agent.ORM malware family is already known in the industry because of two blogposts. In July 2015 security company Cyphort reported the compromise of a news portal and a banking site – rbc.ua and unicredit.ua. It turns out that the compromised sites served Win32/Spy.Agent.ORM. After that, Blue Coat reported a spearphishing attempt targeting Central Bank of Armenia employees, the payload being the same.

This malware appeared on our radar at the beginning of summer 2015, and afterwards we started to track it.

We have seen attempts to attack various companies in Russia and Ukraine using spearphishing e-mails that have malicious attachments consisting of .SCR files or .RTF exploits.

Here is an example of a spearphishing email sent to one of the biggest Forex-trading companies:

image2

Roughly translated from Russian to English, it says:

“Due to the high volatility of the ruble exchange rate the Bank of Russia sends rules of trading on the currency market. Password the attached document: cbr”

Here is another example of a spear phishing attempt. Email with this text was sent to the largest electronic payment service in Russia:

Постановлением Роскомнадзора от 04.08.2015г. Вам необходимо заблокировать материалы попадающие под Федеральный закон от 27.07.2006 N 152-ФЗ (ред. от 21.07.2014) “О персональных данных”. Перечень материалов в документе.

Пароль roscomnadzor

Another rough translation from Russian to English:

“According to Roscomnadzor prescript you should block the materials, which you can find in the attachment. Password is roscomnadzor”

We have seen similar .SCR files with following filenames:
•АО «АЛЬФА-БАНК» ДОГОВОР.scr (Alfabank contract)
•Перечень материалов для блокировки от 04.08.2015г.scr (List to block)
•Postanovlene_ob_ustranenii_18.08.2015.pdf %LOTS_OF_SPACES% ..scr
•Правила Банка России от 06.08.2015.pdf %LOTS_OF_SPACES% .scr (Rules of Bank of Russia)

All these attachments contained a password protected archive with .SCR file. The files had Adobe Acrobat reader icon or MS Word icons.

In other cases attackers used RTF files with different exploits, including an exploit for one of the latest Microsoft Office vulnerabilities, CVE-2015-1770, which was patched by Microsoft in June 2015 in MS15-059.

We have seen RTF files with the following names used in attacks:
•prikaz-451.doc
•REMITTANCE ADVICE ON REJECTION.doc
•PROOF OF REMITTANCE ADVICE .doc
•HDHS739_230715_010711_A17C7148_INTERNAL.doc
•Բանկերի և բանկային գործունեության մասին ՀՀ օրենք 27.07.2015.doc (Armenian: The Law on Banks and Banking 27.07.2015)
•PAYMENT DETAILS.doc
•АО «АЛЬФА-БАНК» ДОГОВОР.doc (Russian: Alpha-bank contract)
•AML REPORTS_20082015_APPLICATION FORM-USD-MR VYDIAR.doc
•Anti-Money Laudering & Suspicious cases.doc
•ApplicationXformXUSDXduplicateXpayment.doc
•AML USD & Suspicious cases.doc
•Amendment inquiry ( reference TF1518869100.doc
•Information 2.doc

Here is example of a spearphishing message that was sent to a bank in the United Arab Emirates:

Continued.....



Why post an article about Russian criminal hacking...this group has made over 1B USDs by hacking banks and now Oracle.....in Russia a gang that makes over 1B USDs and is highly professional will not go unnoticed by the Russian FSB/SVR security services.

The lines between state sponsored hacking and professional criminal hacking are largely fluid in Russia and they share a lot of the more common hacking methods and tools.....

This gang is extremely close to the FSB/SVR and they can provide every effective cover for hacks that might be attributed to them but are really state sponsored hacks.....

OUTLAW 09
08-23-2016, 02:02 PM
In April 2016, security firm Trend Micro published a damning report about a Web hosting provider referred to only as a “cyber-attack facilitator in the Netherlands.” If the Trend analysis lacked any real punch that might have been because — shortly after the report was published — names were redacted so that it was no longer immediately clear who the bad hosting provider was. This post aims to shine a bit more light on the individuals apparently behind this mysterious rogue hosting firm — a company called HostSailor[dot]com.

The Trend report observes that the unnamed, Netherlands-based virtual private sever (VPS) hosting provider appears to have few legitimate customers, and that the amount of abuse emanating from it “is so staggering that this company will remain on our watchlist in the next few months.”

What exactly is the awfulness spewing from the company that Trend takes great pains not to name as HostSailor.com? For starters, according to Trend’s data (PDF) HostSailor has long been a home for attacks tied to a Russian cyber espionage campaign dubbed “Pawn Storm.” From the report:

“Apart from Pawn Storm, a less sophisticated group of threat actors called “Pawn Storm seems to feel quite at home. They used the VPS hosting company for at least 80 attacks since May 2015. Their attacks utilized C&C servers, exploit sites, spear-phishing campaigns, free Webmail phishing sites targeting high profile users, and very specific credential phishing sites against Government agencies of countries like Bulgaria, Greece, Malaysia, Montenegro, Poland, Qatar, Romania, Saudi Arabia, Turkey, Ukraine, and United Arab Emirates. Pawn Storm also uses the VPS provider in the Netherlands for domestic espionage in Russia regularly.”

DustySky (PDF link added) is using the VPS provider. These actors target Israel, companies who do business in Israel, Egypt and some other Middle Eastern governments.”

WHO IS HOSTSAILOR?

Trend’s report on HostSailor points to a LinkedIn profile for an Alexander Freeman at HostSailor who lists his location as Dubai. HostSailor’s Web site says the company has servers in The Netherlands and in Romania, and that it is based in Dubai. The company first came online in early 2013.


Related PDFs at these links.......
http://documents.trendmicro.com/assets/appendix_looking-into-a-cyber-attack-facilitator-in-the-netherlands.pdf

http://www.clearskysec.com/wp-content/uploads/2016/01/Operation%20DustySky_TLP_WHITE.pdf

OUTLAW 09
08-23-2016, 02:12 PM
Carbanak Gang Tied to Russian Security Firm?




The Carbanak gang derives its name from the banking malware used in countless high-dollar cyberheists. The gang is perhaps best known for hacking directly into bank networks using poisoned Microsoft Office files, and then using that access to force bank ATMs into dispensing cash. Russian security firm Kaspersky Lab estimates that the Carbanak Gang has likely stolen upwards of USD $1 billion — but mostly from Russian banks.

Carbanak is allegedly tied to a Russian security firm that claims to work with some of the world’s largest brands in cybersecurity.

This company's CEO is....a Mr. Tveritinov is quoted as “the CEO of InfoKub” in a press release from FalconGaze, a Moscow-based data security firm that partnered with the InfoKube to implement “data protection and employee monitoring” at a Russian commercial research institute. InfoKube’s own press releases say the company also has been hired to develop “a system to protect information from unauthorized access” undertaken for the City of Perm, Russia, and for consulting projects relating to “information security” undertaken for and with the State Ministry of Interior of Russia.

The company’s Web site claims that InfoKube partners with a variety of established security firms — including Symantec and Kaspersky. The latter confirmed InfoKube was “a very minor partner” of Kaspersky’s, mostly involved in systems integration. Zyxel, another partner listed on InfoKube’s partners page, said it had no partners named InfoKube. Slovakia-based security firm ESET said “Infokube is not and has never been a partner of ESET in Russia.”

If Mr. Tveritinov, has either knowledge of, or direct involvement in even a fraction of the criminal goings-on within his address block, then the possibility that he may perhaps also have a role in other and additional criminal enterprises… including perhaps even the Carbanak cyber banking heists… becomes all the more plausible and probable,” Guilmette said.

It remains unclear to what extent the Carbanak gang is still active. Last month, authorities in Russia arrested 50 people allegedly tied to the organized cybercrime group, whose members reportedly hail from Russia, China, Ukraine and other parts of Europe. The action was billed as the biggest ever crackdown on financial hackers in Russia.



BUT WAIT there is no history of any Russian court convictions after these arrests and behold they are back in business.....

BTW.......that CEO.....

Cubehost also was the hoster responsible for cryptolocker infrastructure which is the same group as zeusp2p/gameover.

Mr. Tveritinov has been very busy and now is a wealthy ‘business’ man.

OUTLAW 09
08-23-2016, 02:46 PM
I will be posting more on the issue of Zero Day Vulnerabliities the key source of virtually all the best hacking going on right now and how that ties back into the latest NSA breach......and the release of their hacking tools into the "wild".....

Got $90,000? A Windows 0-Day Could Be Yours


How much would a cybercriminal, nation state or organized crime group pay for blueprints on how to exploit a serious, currently undocumented, unpatched vulnerability in all versions of Microsoft Windows? That price probably depends on the power of the exploit and what the market will bear at the time, but here’s a look at one convincing recent exploit sales thread from the cybercrime underworld where the current asking price for a Windows-wide bug that allegedly defeats all of Microsoft’s current security defenses is USD $90,000.

So-called “zero-day” vulnerabilities are flaws in software and hardware that even the makers of the product in question do not know about. Zero-days can be used by attackers to remotely and completely compromise a target — such as with a zero-day vulnerability in a browser plugin component like Adobe Flash or Oracle’s Java. These flaws are coveted, prized, and in some cases stockpiled by cybercriminals and nation states alike because they enable very stealthy and targeted attacks.

The $90,000 Windows bug that went on sale at the semi-exclusive Russian language cybercrime forum exploit[dot]in earlier this month is in a slightly less serious class of software vulnerability called a “local privilege escalation” (LPE) bug. This type of flaw is always going to be used in tandem with another vulnerability to successfully deliver and run the attacker’s malicious code.

LPE bugs can help amplify the impact of other exploits. One core tenet of security is limiting the rights or privileges of certain programs so that they run with the rights of a normal user — and not under the all-powerful administrator or “system” user accounts that can delete, modify or read any file on the computer. That way, if a security hole is found in one of these programs, that hole can’t be exploited to worm into files and folders that belong only to the administrator of the system.

This is where a privilege escalation bug can come in handy. An attacker may already have a reliable exploit that works remotely — but the trouble is his exploit only succeeds if the current user is running Windows as an administrator. No problem: Chain that remote exploit with a local privilege escalation bug that can bump up the target’s account privileges to that of an admin, and your remote exploit can work its magic without hindrance.

The seller of this supposed zero-day — someone using the nickname “BuggiCorp” — claims his exploit works on every version of Windows from Windows 2000 on up to Microsoft’s flagship Windows 10 operating system. To support his claims, the seller includes two videos of the exploit in action on what appears to be a system that was patched all the way up through this month’s (May 2016) batch of patches from Microsoft (it’s probably no accident that the video was created on May 10, the same day as Patch Tuesday this month).

A second video appears to show the exploit working even though the test machine in the video is running Microsoft’s Enhanced Mitigation Experience Toolkit (EMET), a free software framework designed to help block or blunt exploits against known and unknown Windows vulnerabilities and flaws in third-party applications that run on top of Windows.

OUTLAW 09
08-23-2016, 06:39 PM
Write-up of earlier attacks on Finnish media by Russian hackers. @ShimonPro @evanperez
http://yle.fi/uutiset/russian_cyber-espionage_group_hits_sanoma/8919118 …

BREAKING @FBI investigating #Russia's intelligence service hack of @nytimes, other papers
http://www.cnn.com/2016/08/23/politics/russia-hack-new-york-times-fbi/index.html …

There'a clear evidence Russian intel has hacked into the most sensitive communications of the US+our closest Allies. http://observer.com/2016/08/the-real-russian-mole-inside-nsa/ …

OUTLAW 09
08-23-2016, 08:09 PM
Write-up of earlier attacks on Finnish media by Russian hackers. @ShimonPro @evanperez
http://yle.fi/uutiset/russian_cyber-espionage_group_hits_sanoma/8919118 …

BREAKING @FBI investigating #Russia's intelligence service hack of @nytimes, other papers
http://www.cnn.com/2016/08/23/politics/russia-hack-new-york-times-fbi/index.html …

There'a clear evidence Russian intel has hacked into the most sensitive communications of the US+our closest Allies. http://observer.com/2016/08/the-real-russian-mole-inside-nsa/ …

"Most of what Delisle gave Moscow wasn’t Canadian information but belonged 2 Five Eyes, much of which came from NSA"

OUTLAW 09
08-24-2016, 06:47 AM
New York Times’s Moscow Bureau Was Targeted by Hackers
http://mobile.nytimes.com/2016/08/24/technology/new-york-timess-moscow-bureau-was-targeted-by-hackers.html?_r=0&referer= …

OUTLAW 09
08-25-2016, 09:20 AM
Clear evidence on just how Russia blends info/disinfo warfare together with cyber warfare.......

Whoops...got caught..... Russian hackers post same document twice, but with glaring differences
http://www.ottawacitizen.com/News/12147705/story.html …

So with the WikiLeaks announced data dump of Clinton DNC emails....how many are real and how many are "fake"....

OUTLAW 09
08-25-2016, 12:08 PM
"NSA Targeted Chinese Firewall Maker Huawei, Leaked Documents Suggest"
http://bit.ly/2bRyWzd
One good turn deserves another

OUTLAW 09
08-25-2016, 12:09 PM
Clear evidence on just how Russia blends info/disinfo warfare together with cyber warfare.......

Whoops...got caught..... Russian hackers post same document twice, but with glaring differences
http://www.ottawacitizen.com/News/12147705/story.html …

So with the WikiLeaks announced data dump of Clinton DNC emails....how many are real and how many are "fake"....

Two different versions of hacked documents show up online, suggesting Russians are altering docs

OUTLAW 09
08-26-2016, 08:36 AM
BET the NSA and Russians knew about this iPhone hack....they did....

UAE activist @Ahmed_Mansoor discovers iPhone spyware, prompting Apple to release a security update to iOS

The spyware was developed by an Israeli firm that apparently sold the spyware to the Emirati regime

There are deep ties between Russian coders in Israel and Russia.....

OUTLAW 09
08-26-2016, 07:23 PM
BET the NSA and Russians knew about this iPhone hack....they did....

UAE activist @Ahmed_Mansoor discovers iPhone spyware, prompting Apple to release a security update to iOS

The spyware was developed by an Israeli firm that apparently sold the spyware to the Emirati regime

There are deep ties between Russian coders in Israel and Russia.....

This company was a recent startup started by former Russian citizens.....

OUTLAW 09
08-26-2016, 07:25 PM
AT LAST u can now read @danya_turovsky’s deep dive into the RuNet Deep Web, translated into Eng by @seansrussiablog. https://meduza.io/en/feature/2016/08...ed-underground …

OUTLAW 09
08-27-2016, 07:06 PM
Amazing coincidence: After being accused of DNC hack, Russia says spyware found in state computers.

http://reut.rs/2ajZbS2

SWJ Blog
08-28-2016, 01:14 PM
A Powerful Russian Weapon: The Spread of False Stories (http://smallwarsjournal.com/blog/a-powerful-russian-weapon-the-spread-of-false-stories)

Entry Excerpt:



--------
Read the full post (http://smallwarsjournal.com/blog/a-powerful-russian-weapon-the-spread-of-false-stories) and make any comments at the SWJ Blog (http://smallwarsjournal.com/blog).
This forum is a feed only and is closed to user comments.

OUTLAW 09
08-28-2016, 05:20 PM
Reference Russian cyber warfare attacks directed against now Germany.....

Kudos to Germany agency for #attribution work and naming names! Example for US admin, who more often stays quiet.

Germany's BfV again warns against incoming APT28 attacks from "Russian government agencies" via @egflo

German federal police BKA hacked terror suspects' Telegram accounts by intercepting SMS code
http://genius.com/10291651/motherboard.vice.com/de/read/exklusiv-wie-das-bka-telegram-accounts-von-terrorverdaechtigen-knackt …

OUTLAW 09
08-28-2016, 05:26 PM
Researchers on Twitter got to the heart of the NSA dump, not cybersecurity corporates
https://motherboard.vice.com/read/why-twitter-was-the-platform-of-choice-for-ripping-apart-the-nsa-dump …

Superb story on Shadowbrokers—with much-needed political & historical context, noteworthy anon sources @samgadjones https://www.ft.com/content/d63c5b3a-65ff-11e6-a08a-c7ac04ef00aa#axzz4Hsd6VtuL …

AdamG
08-28-2016, 07:13 PM
A Powerful Russian Weapon: The Spread of False Stories


STOCKHOLM — With a vigorous national debate underway on whether Sweden should enter a military partnership with NATO, officials in Stockholm suddenly encountered an unsettling problem: a flood of distorted and outright false information on social media, confusing public perceptions of the issue.

The claims were alarming: If Sweden, a non-NATO member, signed the deal, the alliance would stockpile secret nuclear weapons on Swedish soil; NATO could attack Russia from Sweden without government approval; NATO soldiers, immune from prosecution, could rape Swedish women without fear of criminal charges.

They were all false, but the disinformation had begun spilling into the traditional news media, and as the defense minister, Peter Hultqvist, traveled the country to promote the pact in speeches and town hall meetings, he was repeatedly grilled about the bogus stories.

“People were not used to it, and they got scared, asking what can be believed, what should be believed?” said Marinette Nyh Radebo, Mr. Hultqvist’s spokeswoman.

As often happens in such cases, Swedish officials were never able to pin down the source of the false reports. But they, numerous analysts and experts in American and European intelligence point to Russia as the prime suspect, noting that preventing NATO expansion is a centerpiece of the foreign policy of President Vladimir V. Putin, who invaded Georgia in 2008 largely to forestall that possibility.


http://www.nytimes.com/2016/08/29/world/europe/russia-sweden-disinformation.html

AdamG
08-28-2016, 07:15 PM
Maskirovka’ Is Russian Secret War

Sneaky tactics are an old Russian tradition


The term is maskirovka, which in Russian literally means “something masked.” Maskirovka has its roots in the word “masquerade,” a synonym for “disguise.” It is a tactic as old as the Trojan horse … and a favorite of the Russian military.

“The Russians embrace maskirovka because it works,” said James Miller, managing editor of The Interpreter, a daily online journal that translates media from the Russian press and blogosphere into English for use by analysts and policymakers.

The staff at The Interpreter has tracked numerous examples of what they say are maskirovka tactics, Miller told War is Boring. What’s more, what they have found aligns with intelligence reports that NATO has released.

https://warisboring.com/maskirovka-is-russian-secret-war-7d6a304d5fb6#.da36b23oo

AdamG
08-28-2016, 07:21 PM
For those of you that don't remember the Cold War, have a flashback from 1981
http://www.dtic.mil/dtic/tr/fulltext/u2/a112903.pdf

AdamG
08-29-2016, 05:37 PM
Threat migration.


The FBI has uncovered evidence that foreign hackers penetrated two state election databases in recent weeks, prompting the bureau to warn election officials across the country to take new steps to enhance the security of their computer systems, according to federal and state law enforcement officials.

The FBI warning, contained in a “flash” alert from the FBI’s Cyber Division, a copy of which was obtained by Yahoo News, comes amid heightened concerns among U.S. intelligence officials about the possibility of cyberintrusions, potentially by Russian state-sponsored hackers, aimed at disrupting the November elections.

Those concerns prompted Homeland Security Secretary Jeh Johnson to convene a conference call with state election officials on Aug. 15, in which he offered his department’s help to make state voting systems more secure, including providing federal cybersecurity experts to scan for vulnerabilities, according to a “readout” of the call released by the department.


https://www.yahoo.com/news/fbi-says-foreign-hackers-penetrated-000000175.html

OUTLAW 09
08-29-2016, 05:47 PM
Threat migration.

https://www.yahoo.com/news/fbi-says-foreign-hackers-penetrated-000000175.html

Prior to the last election ethnical hackers demoed just how easy it was to hack both the voting machines as well as the counting process and change the election results...not much has been done since then about this somewhat serious problem when facing now a very aggressive state sponsored set of hackers......

Voter database hack may be 'precursor' to larger attack. Find out more:
http://reut.rs/2c0mJsd

OUTLAW 09
08-29-2016, 06:40 PM
Hackers can take over an entire network with this tiny $35 box
http://read.bi/2bUXB7X

Russia-Backed DNC Hackers Strike Washington Think Tanks
http://www.defenseone.com/threats/2016/08/exclusive-russia-backed-dnc-hackers-strike-washington-think-tanks/131104/ …

OUTLAW 09
08-30-2016, 08:15 AM
Prior to the last election ethnical hackers demoed just how easy it was to hack both the voting machines as well as the counting process and change the election results...not much has been done since then about this somewhat serious problem when facing now a very aggressive state sponsored set of hackers......

Voter database hack may be 'precursor' to larger attack. Find out more:
http://reut.rs/2c0mJsd

This problem is not so new as some of us old guard types have been pointing out recently that voting machines are no different from what is now being called by the consumer industry "the internet of things" (IOT)....and as the industry pushes this concept into ever more consumer daily products THIS problem of the voting machines is just getting worse by the day...

We detected yesterday a massive Russian botnet pushing spam from a network of "connected smart refrigerators"...ALL "unprotected"...

So exactly how does one now "protect your refrigerator"...how do you install anti viral software onto it, how do you build a firewall around it and how do you upgrade it....to match the new APT threats that are forever evolving faster than we can keep up.....

Let's not even get into the "smart" abilities of new cars these days....imagine a constantly moving botnet pushing a DDoS attack...using VOIP bouncing off every cell tower it passes....now track that botnet???

It is possible and it is now easy to do.....

OUTLAW 09
08-30-2016, 09:30 AM
http://krebsonsecurity.com/2016/08/inside-the-attack-that-almost-broke-the-internet/#more-35925

Inside ‘The Attack That Almost Broke the Internet’



In March 2013, a coalition of spammers and spam-friendly hosting firms pooled their resources to launch what would become the largest distributed denial-of-service (DDoS) attack the Internet had ever witnessed. The assault briefly knocked offline the world’s largest anti-spam organization, and caused a great deal of collateral damage to innocent bystanders in the process. Here’s a never-before-seen look at how that attack unfolded, and a rare glimpse into the shadowy cybercrime forces that orchestrated it.

The following are excerpts taken verbatim from a series of Skype and IRC chat room logs generated by a group of “bullet-proof cybercrime hosts” — so called because they specialized in providing online hosting to a variety of clientele involved in spammy and scammy activities.

Gathered under the banner ‘STOPhaus,’ the group included a ragtag collection of hackers who got together on the 17th of March 2013 to launch what would quickly grow to a 300+Gigabits per second (Gbps) attack on Spamhaus.org, an anti-spam organization that they perceived as a clear and present danger to their spamming operations.

The attack –a stream of some 300 billion bits of data per second — was so large that it briefly knocked offline Cloudflare, a company that specializes in helping organizations stay online in the face of such assaults. Cloudflare dubbed it “The Attack that Almost Broke the Internet.”

Continued...

th article is good in that it indicates a number of Russian criminal hosting sites and there has been often in the past cooperation between Russian state sponsors and the Russian criminal side to cover their tracks....and or use the criminal side with state sponsor inputs/tools...for the same benefit...hiding the origin of the hacks...

OUTLAW 09
08-30-2016, 09:59 AM
This problem is not so new as some of us old guard types have been pointing out recently that voting machines are no different from what is now being called by the consumer industry "the internet of things" (IOT)....and as the industry pushes this concept into ever more consumer daily products THIS problem of the voting machines is just getting worse by the day...

We detected yesterday a massive Russian botnet pushing spam from a network of "connected smart refrigerators"...ALL "unprotected"...

So exactly how does one now "protect your refrigerator"...how do you install anti viral software onto it, how do you build a firewall around it and how do you upgrade it....to match the new APT threats that are forever evolving faster than we can keep up.....

Let's not even get into the "smart" abilities of new cars these days....imagine a constantly moving botnet pushing a DDoS attack...using VOIP bouncing off every cell tower it passes....now track that botnet???

It is possible and it is now easy to do.....


Understanding the complexity of IoT vulnerabilities

Last year, an unknown attacker used a known vulnerability in a popular Web-connected baby monitor to spy on a two-year-old. This eye-opening incident goes to show what a high risk the IoT poses to enterprises and consumers alike. In a more dramatic example, imagine using an IoT device like a simple thermostat to manipulate temperature readings at a nuclear power plant. If attackers compromise the device, the consequences could be devastating. Understanding where vulnerabilities fall on the complexity meter -- and how serious of a threat they pose -- is going to become a huge dilemma. To mitigate the risk, any project involving IoT devices must be designed with security in mind, and incorporate security controls, leveraging a pre-built role-based security model. Because these devices will have hardware, platforms and software that enterprises may never have seen before, the types of vulnerabilities may be unlike anything organizations have dealt with previously. It's critical not to underestimate the elevated risk many IoT devices may pose.



Security should be considered and implemented in every aspect of IoT to better control the parts and modules of Internet-connected devices. Unfortunately it should be expected that attackers will seek to compromise the supply chain of IoT devices, implanting malicious code and other vulnerabilities to exploit only after the devices have been implemented in an enterprise environment. It may prove necessary to adopt a security paradigm like the Forrester Zero Trust model for IoT devices.

Where possible, enterprises should proactively set the stage by isolating these devices to their own network segment or vLAN. Additionally, technologies such as microkernels or hypervisors can be used with embedded systems to isolate the systems in the event of a security breach.

This is just the tip of the massive underwater iceberg that is about to hit our standard network security models in the coming years......

And believe the Dark Net is full of individuals who are working on this exact same problem...just from the "other side"....

AdamG
09-14-2016, 12:31 PM
Welcome to the Party, RAND.


As Washington investigates alleged Russian hacking of U.S. political systems, Russian propagandists are also at work across a wide front, aiming a firehose of falsehoods at ill-informed audiences, foreign and domestic. A recent RAND study reveals how this disinformation — intentionally false — leverages psychological vulnerabilities to sway audiences. U.S. leaders should raise public consciousness about its nature and dangers.
http://www.rand.org/blog/2016/09/russian-propaganda-is-pervasive-and-america-is-behind.html

AdamG
10-16-2016, 07:38 PM
"Top Recipes from the Pro-Kremlin Media

https://www.facebook.com/EUvsDisinfo/videos/1187776884601954/ (Interesting video from the DISINFO REVIEW social media page)

OUTLAW 09
11-07-2016, 08:30 AM
Would love to see some US Ph.D candidate do a thesis study on the similarities between Russian info warfare propaganda tactics and the tactics used by the Republican Party against anyone whom they perceive is against their agenda...

The similarities are not to be overlooked on exactly how close they are to each other.....

Chaffetz was the one leading the charge of "charging Clinton with crimes committed in Benghazi"..and who has been leading the recent charge on the last so called "FBI email scandal"....

Remember when GOP Rep. Jason Chaffetz cut embassy security before Benghazi and then bragged about it. Good times.
http://www.youtube.com/watch?v=XB4duL1xMmY&sns=tw#

IN a total of EIGHT separate Republican led Congressional investigations COSTING the US taxpayer millions of dollars....not a single violation was every proven.....

AT least the Moscow Courts under Putin leadership get a far higher conviction rate for their opponents....

IMHO I really do not believe Americans truly understand Russian info warfare and the use of propaganda...aimed directly at them.....

Russian propaganda functions using the 6D model ....Distort...Deflect....Dismay....Distract.....al l designed to create Doubt and Distrust

And the Republican narrative against Clinton.....recognize any of the 6Ds?????

WHO would have thought for a single moment Russian trolls would be working for the Trump campaign...BUT they are...an estimated 35% of all proTrump tweets are coming from Russian trolls and that "ain't chump change"...

How Macedonia Became A Global Hub For Pro-Trump Misinformation
https://www.buzzfeed.com/craigsilverman
/how-macedonia-became-a-global-hub-for-pro-trump-misinfo?utm_term=.iua7Q4JEd#
… via @CraigSilverman @buzzfeednews

HOW many Americans would even think that eastern Ukraine..Syria...and the US elections are even remotely intertwined??????

AND that time honored US democracy concept called "freedom of the press" is again under Russian propaganda.......seen as something "bad"......

IHMO this individual has never served a single day in the US military which serves to protect his right to wear that T-Shirt....under the concept of "freedom of speech" where now over 500,000 alone in Syria have died for that right that was being denied them.....Americans sometimes forget there is another world outside of the US....

OUTLAW 09
11-07-2016, 09:54 AM
Invasion of the troll armies: ‘Social media where the non linear war goes on’
https://www.theguardian.com/media/2016/nov/06/troll-armies-social-media-trump-russian?CMP=share_btn_tw#

AdamG
11-07-2016, 01:59 PM
Oops. When your OPSEC fails.


A Russian sailor’s online selfie may have just given away the position of one of the world’s most powerful battlecruisers, according to journalist#Hans de Vreij’s analysis.


http://dailycaller.com/2016/11/06/sailors-selfie-gives-away-position-of-one-of-russias-best-ships/#ixzz4PKasnAiY

OUTLAW 09
11-07-2016, 06:17 PM
New Report from @meduzaproject Lifts Curtain On Russia’s Construction Of Powerful “Cyberarmy”
https://www.buzzfeed.com/sheerafrenkel/new-report-lifts-curtain-on-russias-construction-of-powerful?utm_term=.ylEreGg62#.rcw4RknPq …

Russian state defence contractor announces new cyber center
http://dlvr.it/McR0M6

davidbfpo
11-08-2016, 12:29 PM
Hat tip to WoTR, thanks to a pointer from Clint Watts - one of three authors:
Today, two colleagues and I finished more than 30 months of monitoring and research on thousands of social media accounts. We didn’t go looking for Russia online, we were looking at the Islamic State and the Syrian civil war when trolls began attacking us. We watched these attacking accounts and noticed strange use of automation and propaganda linked back to Russia. These armies of social media accounts changed direction through 2014 until roughly one year ago, this social media army took a decisive turn and began promoting Donald Trump.

Our research has led to mapping how Russia is deploying “Active Measures” through social media to divide and conquer the American populace from the inside out. In our article, “Trolling for Trump: How Russia Is Trying To Destroy Our Democracy”, we explain how their influence of Americans works and why this is only the beginning, rather than the end of their campaign. Trump is a tool, not the objective.
Link:http://warontherocks.com/2016/11/trolling-for-trump-how-russia-is-trying-to-destroy-our-democracy/

OUTLAW 09
11-08-2016, 12:31 PM
WHO controls Twitter?????

Wow, superb parody ac @Sputnik_intl is suspended by @support while 'verified' Russia propaganda ac @SputnikInt cont's to tweet Moscow's lies

OUTLAW 09
11-08-2016, 12:41 PM
Sputnik International still does not have full control over their hacked Twitter account......

Russian propaganda @SputnikInt slowly regains its @twitter account.
Logo back to normal, still no tweets since 48 hours.

OUTLAW 09
11-08-2016, 02:44 PM
From a cold, grey, overcast.. rainy/snowy/slush weather day in Berlin/Brandenburg.....TO ALL US readers....GET OUT AND VOTE.......THIS IS AN IMPORTANT ELECTION not only for the US...... BUT for Europe as well....WHO BTW are better informed about the importance of this election than some Americans......I see being quoted in MSM these days.....

I did even from Berlin/Brandenburg...AND I do not even have a House Representive or Senator to represent me.....


WHO let the Russians vote BTW.......???????

From @GazetaRu live feed. Trump's voting violation hotline. Dial 1 if you're calling from Russia.

OUTLAW 09
11-08-2016, 07:35 PM
How Macedonian Pro-Trump Spammers Are Using Facebook Groups To Feed You Fake News
https://www.buzzfeed.com/craigsilverman/how-macedonian-spammers-are-using-facebook-groups-to-feed-yo?utm_term=.ikwLD9gZm#

OUTLAW 09
11-14-2016, 04:47 PM
RFE/RL & VOA launched an exciting new project: Polygraph. Some serious (and fair) fact checking of the Kremlin
http://bit.ly/2f9d8PX

OUTLAW 09
11-15-2016, 05:36 PM
Seems the US now has a hard time pushing back on fakes news and lies via social media.....

SiliconValley partly resp for #extremism: #Facebook's Fake #News Fight Undercut by Fear of Conservatives
http://gizmodo.com/facebooks-figh

OUTLAW 09
11-16-2016, 11:01 AM
For those SWJ readers that do not fully believe the Russian non linear warfare being directed at the West and especially the US and do not believe that Crimea...eastern Ukraine...Syria and the Us elections are not all intertwined....

Russian non linear warfare has TWO key cornerstones....

1. cyper warfare which we have massively seen in the last year clearly directed at the US and the elections

2. informational warfare with a 1/3rd of all proTrump tweets being generated by a Russian owned Macedonian company

3. and hundreds of fake news sites via Twitter and FB many posted from outside the US.....

Kremlin's #propaganda outlet @RT_com boasts about #Russia's involvement in #USElection2016:

RT headlines....."Hackers and Whistleblowers kill Clinton Campaign...."

OUTLAW 09
11-16-2016, 03:35 PM
NSA chief essentially says @wikileaks is a vehicle of the Russian State that helped #Putin install the next US president.

Russian info and cyber warfare directed straight at the US and the Obama WH blinked and let it go by....

OUTLAW 09
11-16-2016, 03:37 PM
Former jornalist"RT"@lizwahl:Discrediting the West – an insider’s view on #Russia’s RT:
http://www.stopfake.org/en/discrediting-the-west-an-insider-s-view-on-russia-s-rt/#

OUTLAW 09
11-16-2016, 04:18 PM
Twitter has blocked @moonnor27, who reports about war crimes against Sunnis in #Iraq, for the second time in 2 weeks.

OUTLAW 09
11-17-2016, 04:47 PM
Russian State Propaganda keeps showing the destruction, caused earlier by #Assad, in western #Aleppo..
https://www.youtube.com/watch?v=nw3Tbznqi4g …
BUT CLAIMS damage is from rebels of regime areas….BUT is really eastern Aleppo…..

MSF International
Verified account
‏@MSF
#Syria: "A human tragedy is unfolding while the world watches and does nothing"
http://bit.ly/2fSmGP0

OUTLAW 09
11-17-2016, 04:52 PM
Russian info warfare directed first at Ukraine....then Syria ...then the Us elections and now Germany.....

NOTICE a trend here?????

Merkel: #Germany already dealing "with internet attacks that are of #Russia origin or w/ news which sow false info" http://www.atlanticcouncil.org/blogs/natosource/head-of-german-intelligence-agency-we-re-alarmed-about-russia-intervening-in-2017-federal-election

Russia meddling #Germany politics: Part of a "hybrid threat, public opinion & decision-making are being influenced"

OUTLAW 09
11-17-2016, 05:08 PM
The supply side of the fake news phenomenon.https://www.washingtonpost.com/news/the-inter
sect/wp/2016/11/17/facebook-fake-news-writer-i-think-donald-trump-is-in-the-white-house-because-of-me/?tid=sm_tw#

A publicist is trying to float positive stories to journalists about Steve Bannon, won't say who she's working for:http://www.thewrap.com/steve-bannon-image-rehab-campaign-trump-adviser/#

OUTLAW 09
11-17-2016, 05:33 PM
The king of fake news on Facebook thinks it's scary how dumb people are.

State Dept dismisses question from RT, says won’t treat it like other media -
https://www.rt.com/document/582ccd2ac46188eb518b45f8/amp?client=safari#

Social Media as a warfare armament and advanced influence tool
http://buff.ly/2fGnjMz

OUTLAW 09
11-18-2016, 06:24 AM
Wikipedia


An agent of influence is an agent of some stature who uses his or her position to influence public opinion or decision making to produce results beneficial to the country whose intelligence service operates the agent. Agents of influence are often the most difficult agents to detect, as there is seldom material evidence that connects them with a foreign power, but they can be among the most effective means of influencing foreign opinion and actions as they hold considerable credibility among the target audience.

Most commonly they serve the interests of a foreign power in one of three ways: either as a controlled agent directly recruited and controlled by a foreign power; as a "trusted contact" that consciously collaborates to advance foreign interests but are not directly recruited or controlled by a foreign power; or as a "useful idiot" that is completely unaware of how their actions further the interests of a foreign power.

NOTE: Based on Flynn's military education...we can safely exclude him as an "useful idiot"...so does money and playing to his ego talk?????

The term "agent of influence" is often used to describe both individuals and organizations engaged in influence operations. Individuals engaged in this type of influence operation may serve in the fields of journalism, government, art, labor, academia, or a number of other professional fields.

Cultural opinion makers, nationalists, and religious leaders have also been targeted to serve as individual agents of influence.

In addition to individual agents of influence, front organizations can serve the interests of a foreign power in this capacity. Some Cold War examples of front organizations serving as agents of influence included: the Christian Peace Conference, the International Organization of Journalists, the World Federation of Scientific Workers, the World Federation of Trade Unions, the International Institute for Peace, and the World Peace Council.

When individuals join such organizations in good faith but are in fact serving the interests of a foreign elite, their affiliation becomes infiltration, and cumulatively the organization serves as an agent of influence.Barack #Obama has taken aim at "fake news" and disinformation. His words are pithy, as usual.
http://tinyurl.com/hk79e8g

OUTLAW 09
11-18-2016, 07:09 AM
US has done "nothing against Russian propaganda" in recent years, dividing the West, ex-Belarus President Shushkevich says

Obama admin justified inaction on Syria for years by saying Russia 1) didn't want to get entangled in Syria 2) had always been there anyway.

In 2014 was downplaying to justify inaction on Syria: "they can't do anything"

Now overstating to justify inaction: "we can't do anything"

OUTLAW 09
11-18-2016, 08:10 AM
Pretty astonishing list of suggestions to help solve the fake news problem.Hope it's the start of something concrete
https://docs.google.com/document/d/1OP
ghC4ra6QLhaHhW8QvPJRMKGEXT7KaZtG_7s5-UQrw/mobilebasic#

OUTLAW 09
11-19-2016, 10:40 AM
Watch my two favorite anti-propaganda fighters @peterpomeranzev & @lizwahl briefing @HouseForeign
https://youtu.be/p2Wouz3ddMM

Pomeranzev is probably one of the best on Russian info warfare....

Liz Wahl

This weaponization of disinformation should have been the focus before the election. We've been sounding the alarm for months
BUT WAIT...MSM never felt it was a problem.......only social media and that social media associated to Ukraine and Syria...

Fake news spread on Facebook and social media is poison to the mind and dividing the country.

Liz Wahl

@lizwahl
Russia's working to elect populist leaders worldwide. I write about Kremlin disinformation on Syria here. More than ever, critical to grasp

Russian propaganda entering mainstream news: disinformation experts
http://www.thenews.pl/1/10/Artykul/280476,Russian-propaganda-entering-mainstream-news-disinformation-experts#…

OUTLAW 09
11-19-2016, 11:32 AM
Middle East Eye

@MiddleEastEye
'Go ask your own government': US spokesperson blasts Russia Today journalist over Syria bombings

BUT WAIT...WHILE RT tires to question DoD they have never questioned a single time their own Russian air strikes on civilians..hospitals...food storage..bakeries and SCHOOLs....NOT A SINGLE TIME....

Finally DoD and DoS are pushing back on Russian info warfare....BUT WAY TO LATE....

davidbfpo
11-19-2016, 06:43 PM
I have just moved approx. twenty-one posts on suspected Russian information operations and the recent US elections to here - they came from the Syria thread, where they did not belong.

OUTLAW 09
11-21-2016, 08:36 AM
Thomas Rid: How Russia Pulled Off the Biggest Election Hack in U.S. History
http://www.esquire.com/news-politics/a49791/russian-dnc-emails-hacked/#


THIS story does not cover though the massive Russian intrusion into three US State election databases over a period of several weeks....and the amount of personal ID data that has been compromised is not being identified by those States....

OUTLAW 09
11-23-2016, 11:52 AM
Even in the face of the immigrant wave into Germany and the Greek debt bailout Merkel has never fallen below 45% in popularity........

Even she fully recognizes Russian info warfare....

OUTLAW 09
11-23-2016, 02:45 PM
Even in the face of the immigrant wave into Germany and the Greek debt bailout Merkel has never fallen below 45% in popularity........

Even she fully recognizes Russian info warfare....

If you don't like the lies with which #Putin's agitprop tries to manipulate the electorates in the EU, you are not a democrat!

Secessionists formally launch quest for California's independence - LA Times
The leader of this group splits his time between Moscow and San Diego. I'm not joking.

OUTLAW 09
11-24-2016, 08:56 AM
WHY is Russian info warfare and US neo right wing info warfare so successful in the US????

Students Have 'Dismaying' Inability To Tell Fake News From Real, Stanford Study Finds
https://n.pr/2gfH9gQ

OUTLAW 09
11-24-2016, 09:24 AM
Twitter suspended semi-official turkish gov account @EuphratesShield
Oh the irony.

ProAssad and ProRussian trolls hammering again Twitter Support with complaints....

Indicates that now of the US social media outlets have anything under control when it comes to proAssad and proPutin trolling....

OUTLAW 09
11-24-2016, 11:35 AM
Stop Fake @StopFakingNews
All across Europe more independent fact-checking sites are launched to counter the move towards post-truth society:
http://www.stopfake.org/en/rise-of-the-fact-checker-a-new-democratic-institution/#

OUTLAW 09
11-24-2016, 04:51 PM
Kremlin Trolls CI @KremlinTrolls
Evidently @AndreaChalupa's huge 300% increase in followers, from 4 - 12k in just 3wks, is not organic.

Trolls driving up the "followers" to get the account noticed by fake news and real twitter users...

Did she buy fake followers?

OUTLAW 09
11-24-2016, 05:36 PM
And this is how fake news is made and spread in Russia:
https://globalvoices.org/2016/09/12/how-fake-stories-reported-in-russias-news-media-regularly-fool-everyone/#
… (kudos to @KevinRothrock for translating it)

OUTLAW 09
11-24-2016, 06:47 PM
RT, Sputnik and the other Kremlin outlets should be considered parts of the Russian Armed Forces.


If Russia tries to crush another state by means of information then it's weapon of war and should be treated as such
http://www.zerohedge.com/news/2016-11-23/merkel-declares-war-fake-news-europe-brands-russias-rt-sputnik-dangerous-propaganda#

OUTLAW 09
11-25-2016, 08:09 AM
"The flood of 'fake news' this election season got support from a sophisticated Russian propaganda campaign..."
https://www.washingtonpost.com/business/economy/russian-propaganda-effort-helped-spread-fake-news-during-election-experts-say/2016/11/24/793903b6-8a40-4ca9-b712-716af66098fe_story.html#

OUTLAW 09
11-25-2016, 08:22 AM
By this morning #FSB sweepers have erased not just this #GRU op profile but all other ones where's he featured in VK
https://www.facebook.com/irakli.komaxidze/posts/1159870680792843#

OUTLAW 09
11-25-2016, 08:35 AM
EU Mythbusters

@EUvsDisinfo
ProKremlin media claim that RU pursues good neighbourly relations. What do facts say? (see the image)
http://eepurl.com/cpQaGL

A really great EU/NATO site for reports on Russian propaganda....
An excellent report that helps visualize Russia's often cloudy #propaganda & influence network in Europe. @STRATCOMCOE #subversion #NATO

OUTLAW 09
11-25-2016, 09:48 AM
After EU Commission passed restrictions this week on the various Russian propaganda media outlets and openly declares war for fake news sites and Russian disinformation......

THIS happens.....coincidence..????

EU Commission was a target for a DDOS #attack last night:
http://www.itpro.co.uk/security/27652/european-commission-suffers-cyber-attack#

Interestingly Russia declares disinformation and propaganda to be "democracy"...in their rants and media rages against this decisions of the EUC......

OUTLAW 09
11-25-2016, 11:51 AM
Another form of Russian disinformation/informational warfare....

Kremlin uses US law firm to write opinions for Armenian judges so they can influence anti-Russia court battles in EU
Rigged law, globalized

OUTLAW 09
11-25-2016, 12:02 PM
Russia is "brainwashing" Europeans, Lithuania foreign minister Linas Linkevicius tells @BBCHARDtalk
http://bbc.in/2fLNIrD

OUTLAW 09
11-25-2016, 12:35 PM
"Win without engaging in battle"- Some of theory #informationwar -from a #Russia|n perspective.
http://bit.ly/152tvrY

"The #future war will be an #invisible war.Only when a #country sees that(...)participated in the war and this #war loses."—F.#Jolot-#Curie

Winning all your battles is not of supreme importance; breaking the enemy's resistance without fighting is most important." - #SunTzu

OUTLAW 09
11-25-2016, 01:44 PM
EU Mythbusters

@EUvsDisinfo
Racist propaganda on Russian state TV. See Digest:
http://eepurl.com/cp306n

OUTLAW 09
11-25-2016, 01:51 PM
http://mobile.nytimes.com/2016/11/18/technology/automated-pro-trump-bots-overwhelmed-pro-clinton-messages-researchers-say.html?smid=fb-nytimes&smtyp=cur&_r=1&referer=https://m.facebook.com/


By JOHN MARKOFF
November 17, 2016



SAN FRANCISCO — An automated army of pro-Donald J. Trump chatbots overwhelmed similar programs supporting Hillary Clinton five to one in the days leading up to the presidential election, according to a report published Thursday by researchers at Oxford University.

The chatbots — basic software programs with a bit of artificial intelligence and rudimentary communication skills — would send messages on Twitter based on a topic, usually defined on the social network by a word preceded by a hashtag symbol, like #Clinton.

Their purpose: to rant, confuse people on facts, or simply muddy discussions, said Philip N. Howard, a sociologist at the Oxford Internet Institute and one of the authors of the report. If you were looking for a real debate of the issues, you weren’t going to find it with a chatbot.

“They’re yelling fools,” Dr. Howard said. “And a lot of what they pass around is false news.”

The role fake news played in the presidential election has become a sore point for the technology industry, particularly Google, Twitter and Facebook. On Monday, Google said it would ban websites that peddle fake news from using its online advertising service. Facebook also updated the language in its Facebook Audience Network policy, which already says it will not display ads in sites that show misleading or illegal content, to include fake news sites.

In some cases, the bots would post embarrassing photos, make references to the Federal Bureau of Investigation inquiry into Mrs. Clinton’s private email server, or produce false statements, for instance, that Mrs. Clinton was about to go to jail or was already in jail.

“The use of automated accounts was deliberate and strategic throughout the election,” the researchers wrote in the report, published by the Project on Algorithms, Computational Propaganda and Digital Politics at Oxford.
Because the chatbots were almost entirely anonymous and were frequently bought in secret from companies or individual programmers, it was not possible to directly link the activity to either campaign, except for a handful of “joke” bots created by Mrs. Clinton’s campaign, they noted.

However, there was evidence that the mystery chatbots were part of an organized effort.

“There does seem to be strategy behind the bots,” Dr. Howard said. “By the third debate, Trump bots were launching into their activity early and we noticed that automated accounts were actually colonizing Clinton hashtags.”
A hashtag is used to indicate a Twitter post’s topic. By adopting hashtags relating to Mrs. Clinton, the opposition bots were most likely able to wiggle their way into an online conversation among Clinton supporters.

After the election, the bot traffic declined rapidly, with the exception of some pro-Trump programs that gloated, “We won and you lost,” Dr. Howard said.
Trump campaign officials did not respond to requests for comment. Twitter executives argued that more people would not follow the programs and so they would be picked up only by those who looked for particular hashtags.

“Anyone who claims that automated spam accounts that tweeted about the U.S. election had an effect on voters’ opinions or influenced the national Twitter conversation clearly underestimates voters and fails to understand how Twitter works,” said Nick Pacilio, a Twitter spokesman.

The researchers based their study on a collection of about 19.4 million Twitter posts gathered in the first nine days of November. They selected tweets based on hashtags identifying certain subjects and identified automated posting by finding accounts that post at least 50 times a day.

“For example, the top 20 accounts, which were mostly bots and highly automated accounts, averaged over 1,300 tweets a day and they generated more than 234,000 tweets,” the researchers noted. “The top 100 accounts, which still used high levels of automation, generated around 450,000 tweets at an average rate of 500 tweets per day.”

The Oxford researchers had previously reported that political chatbots had played a role in shaping the political landscape that led to Britain’s “Brexit” vote.

The researchers have coined the term “computational propaganda” to describe the explosion of deceptive social media campaigns on services like Facebook and Twitter.

In a previous research paper, Dr. Howard and Bence Kollanyi, a researcher at Corvinus University of Budapest, described how political chatbots had a “small but strategic role” in shaping the online conversation during the run-up to the Brexit referendum.

The bot managers seem to repurpose the programs as well. During the British campaign, they discovered that a family of bots that had been tweeting around Israeli-Palestinian issues for three or four years had suddenly become pro-Brexit. After the vote, the bots returned to their original issue.

In the case of the American election, the researchers noted that “highly automated accounts — the accounts that tweeted 450 or more times with a related hashtag and user mention during the data collection period — generated close to 18 percent of all Twitter traffic about the presidential election.”

They also noted that bots tend to circulate negative news much more effectively than positive reports.

One of the consequences of the intense social media campaigns will be a rise in what social scientists call “selective affinity.”

“Clinton supporters will cut the Trump supporters out of their network, and Trump supporters will do the same,” Dr. Howard said. “The polarization of the election is going to make this stuff worse as we self-groom our news networks.”

OUTLAW 09
11-25-2016, 01:54 PM
Here's the list of websites it says is spreading Russian propaganda
http://www.propornot.com/p/the-list.html?m=1#

Solid website on Russian propaganda sites....


For a less alarmist and more evidence-based approach to Russian fake news, check out @Alexey__Kovalev.
Recent piece:
https://globalvoices.org/2016/09/12/how-fake-stories-reported-in-russias-news-media-regularly-fool-everyone/#

SWJ Blog
11-25-2016, 03:04 PM
The Russian "Firehose of Falsehood" Propaganda Model: Why It Might Work and Options to Counter It (http://smallwarsjournal.com/blog/the-russian-firehose-of-falsehood-propaganda-model-why-it-might-work-and-options-to-counter-it)

Entry Excerpt:



--------
Read the full post (http://smallwarsjournal.com/blog/the-russian-firehose-of-falsehood-propaganda-model-why-it-might-work-and-options-to-counter-it) and make any comments at the SWJ Blog (http://smallwarsjournal.com/blog).
This forum is a feed only and is closed to user comments.

OUTLAW 09
11-25-2016, 08:05 PM
Well spent time reading this Rand report on the propaganda of our time.
http://www.rand.org/pubs/perspectives/PE198.html#

OUTLAW 09
11-26-2016, 11:01 AM
A Powerful Russian Weapon: The Spread of False Stories
http://www.nytimes.com/2016/08/29/world/europe/russia-sweden-disinformation.html

A student in Tbilisi, Georgia, offers a window into how fake news gets made
http://nyti.ms/2g0tIoo

OUTLAW 09
11-26-2016, 11:08 AM
Neo-Nazi/white supremacist Richard Spencer’s wife is a Russian propagandist with allegiance to Putin
http://ow.ly/HkUK306wrBf

She is an active Russian social media troll.

BTW...she is directly related to the ultra Russian nationalist ideologue Dugin an closedvisor to Putin....

OUTLAW 09
11-26-2016, 11:46 AM
There is an old Stasi term that Americans investigating the fake news phenomenon may want to Google:
"Zersetzung"

OUTLAW 09
11-26-2016, 01:07 PM
EU Mythbusters

@EUvsDisinfo
What can you do to counter fake news stories on social media? Read Digest:
http://eepurl.com/cp306n

OUTLAW 09
11-26-2016, 04:52 PM
Neo-Nazi/white supremacist Richard Spencer’s wife is a Russian propagandist with allegiance to Putin
http://ow.ly/HkUK306wrBf

She is an active Russian social media troll.

BTW...she is directly related to the ultra Russian nationalist ideologue Dugin an close advisor to Putin....

USA Nazi wunderkind Richard Spencer admits he was married /w Nina Kouprianova aka Nina Byzantina, now separated.
https://www.washingtonpost.com/local/lets-party-like-its-1933-inside-the-disturbing-alt-right-world-of-richard-spencer/2016/11/22/cf81dc74-aff7-11e6-840f-e3ebab6bcdd3_story.html#

THIS is interesting as it gives this Russian troll a US Green Card...there was an interesting twitter posting recently where one Russian ultra nationalist troller ie neo Nazi was boasting to his counterparts back in Moscow about his ability to get a Green Card...

OUTLAW 09
11-27-2016, 08:24 AM
https://storify.com/jayrosen_nyu/evidence-based-vs-accusation-driven-reporting

Evidence-based vs. accusation-driven reporting

My exchange with a journalist at USA Today illustrates what a struggle it is going to be to get this distinction established in news coverage after the 2016 election.

byJay Rosen


This article in USA Today came across my social feed a few days ago: Trump supporters target George Soros over protests. It's about the accusation in some quarters on the right that Soros is behind the protests that sprang up after the election that made Donald Trump president-elect. On Apple News the headline was: George Soros blamed for secretly funding Trump protests.

None of the 1,300 words in the article presents any evidence that this charge is true. (Seriously: none.) The entire "plot" of the piece is that accusations have been made, the people accused say the charges are baseless, and USA today found zero evidence to undermine their defense. The accusers include some of the least reliable people on the internet, including the notorious fantasist, Alex Jones of the Infowars site.

If you are evidence-based you lead with the lack of evidence for explosive or insidious charges. That becomes the news. If you are accusation-driven, the news is that certain people are making charges. With the details we may learn that there's no evidence, but the frame in which that discovery is made remains "he said, she said." (See my 2009 post about that.)

After the 2016 campaign, in which the winner routinely floated baseless charges — including many about the press — the unsuitability of accusation-driven news coverage should be obvious to mainstream journalists. It should be, but it is not. Watch as a USA Today tech editor responds:

This is just one exchange with one editor, so I don't want to make too much of it. But I don't want to underplay it either. The takeaway is that some journalists may be completely unprepared for what's coming, even after Donald Trump used "people are saying" to such insidious effect.

Instead of defining public service as the battle against evidence-free claims, they will settle for presenting the charge, presenting the defense, and leaving it there, justifying this timid and outworn practice with a "both sides" logic that has nothing to do with truth telling and everything to do with protecting yourselves against criticism in Trump's America. +

OUTLAW 09
11-27-2016, 08:32 AM
Regardless of what many think....there is in fact a true war being fought on social media....a non linear warfare that involves not a single round being fired or a single solider killed but nevertheless a war....


Number of criminal cases brought in Russia for likes and shares on Facebook doubled in 2015, to 203.
https://republic.ru/posts/76452

Like, share, become a prisoner:
Oh, US, welcome to the club!

AdamG
11-27-2016, 06:00 PM
Washington Post Disgracefully Promotes a McCarthyite Blacklist From a New, Hidden, and Very Shady Group
Ben Norton, Glenn Greenwald

November 26 2016, 1:17#p.m.
https://theintercept.com/2016/11/26/washington-post-disgracefully-promotes-a-mccarthyite-blacklist-from-a-new-hidden-and-very-shady-group/



The Washington Post on Thursday night#promoted the claims of a new, shadowy organization that smears dozens of#U.S.#news sites that are critical of U.S. foreign policy as being “routine peddlers of Russian propaganda.” The article#by reporter Craig Timberg – headlined “Russian propaganda effort helped spread ‘fake news’ during election, experts say” – cites a report by a new, anonymous#website calling itself “PropOrNot,” which claims that millions of Americans have been deceived this year in a massive Russian “misinformation campaign.”
The group’s list of Russian disinformation outlets#includes WikiLeaks and the Drudge Report, as well as Clinton-critical left-wing#websites such as Truthout, Black Agenda Report, Truthdig and Naked Capitalism, as well as libertarian venues#such as Antiwar.com and the Ron Paul Institute.
This Post report#was one of the most widely circulated political news articles on social media over the last 48 hours, with dozens, perhaps hundreds, of U.S. journalists and pundits with large platforms hailing it as an#earth-shattering exposé. It was the most-read piece on the entire Post website after it was published on Friday.
Yet the article is rife with obviously reckless and unproven allegations, and fundamentally shaped by shoddy, slothful journalistic tactics. It was not surprising to learn that, as BuzzFeed’s Sheera Frenkel noted,#“a lot of reporters passed on this story.” Its huge flaws are self-evident. But the Post gleefully ran with it and then promoted it aggressively, led by its Executive Editor Marty Baron

OUTLAW 09
11-28-2016, 12:30 PM
Washington Post Disgracefully Promotes a McCarthyite Blacklist From a New, Hidden, and Very Shady Group
Ben Norton, Glenn Greenwald

November 26 2016, 1:17#p.m.
https://theintercept.com/2016/11/26/washington-post-disgracefully-promotes-a-mccarthyite-blacklist-from-a-new-hidden-and-very-shady-group/

Interesting the same Greenwald associated directly with WikiLeaks and the Snowdon releases who we now fully understand has worked with the Russian FSB/SVR.....

Of the long list of links/accounts associated with this list there has been an interesting debate between social media open source analysts and the group that released the article....

NOT an actual debate on the accounts which in 99% of the cases...ACTUALLY did actively push "fake news" but a debate over methodology on how they decided an account drove "fake news".........

So when we discuss articles like this one needs to fully understand the background chatter and the players like Greenwood and where he sits in relationship to both WikiLeaks and Snowdon.....and the Russian SVR/FSB....

IF you had been tracking the Ukrainian thread you would have seen twitter network link diagrams done by Global Voices on how the proRussian twitter bots and accounts were chatting with each other and how they were driven...a total of over six very interesting charts if one took the time to read them...

The exact same concept seen by US IT types when dealing with the proTrump bot network being driven out of Macedonia which accounted for ONE THIRD of all proTrump social media comments...paid for by a Russian company.....

AND that is not chump change in the social media world.....ONE THIRD....of the total volume

AdamG
11-28-2016, 12:53 PM
IF you had been tracking the Ukrainian thread...

I gotta ask, is your tone argumentative?

This onion is even beginning to unpeel and quite frankly, given the revelations of the LA Times/UCLA 2016 polls I'm thinking all the social media hubaloo had little effect on those who voted for Trump/against Clinton. *Shrug*

AdamG
11-28-2016, 01:40 PM
Notable in that the source is the WaPo, see bold

Considering that the American mainstream media generated most of the Fear, Uncertainty & Doubt in this situation the Russians seem to have effectively gotten their target to do the heavy lifting.


Recently, New York magazine#set the Internet on fire with a piece speculating that hacked voting machines may have tipped November’s presidential election.
This is dangerous, and not just because there’s no evidence that Russia “stole the election.” Talking about these voting machines distracts us from what such speculation represents: the success of a broader Russian strategy to weaken Americans’ trust in democracy.

https://www.washingtonpost.com/posteverything/wp/2016/11/28/whether-or-not-russians-hacked-the-election-they-messed-with-our-democracy/?utm_term=.86ef5a18fcf6

OUTLAW 09
11-28-2016, 03:46 PM
I gotta ask, is your tone argumentative?

This onion is even beginning to unpeel and quite frankly, given the revelations of the LA Times/UCLA 2016 polls I'm thinking all the social media hubaloo had little effect on those who voted for Trump/against Clinton. *Shrug*

Argumentative...question mark...maybe but I am one after two long years of Russian info warfare and hacking of US groups and federal government ....that does believe in the power of social media to mobilize voters.....when I see the millions of followers of the alt right social media sites...and their comments on B in the millions and when I hear in direct MSM interviews that many Trump voters get their information from social media and trump's on use of twitter....

REMEMBERING that a 1/3rd of all proTrump Twitter and FB comments came from Macedonia and that 70% of all anti Ukraine/proSyrian comments come right now from a single Russian troll company in St. Petersburg.....

Draw your own conclusions.....

But if I was you I would give it some serious thought....

I could take the time do a single link analysis of one single fake story and how it worked it's way from St. Petersburg...through four right wing US sites..then onto Brietbart.com and then to Fox and then to CNN....

Eye opener....

BUT one must thoroughly understand the 6Ds of propaganda....and or disinformation driven by all these days....and disinformation driven by the US WH as well....

Distort....Distract....Dismay...Dismiss ALL designed to create Doubt and Distrust......

If everyone took the time to view and read articles using the above 6Ds ...we would be a lot better off these days....and after reading ask the question...WHAT is the underlying narrative and WHY....

OUTLAW 09
11-29-2016, 10:07 AM
I just keep pounding away on this theme....all Russian and Iranian non linear warfare is all intertwined now.....whether in eastern Ukraine....the US elections....Syria....the EU and coming German elections...ALL intertwined when Russian info warfare and Russian cyber warfare are involved.....

Cyber warfare and info warfare are the two key cornerstones to a successful Russian non linear war....regardless where it is....

We now see the Russian cyber attacks across Europe picking up and directly striking say German infrastructure ..ie yesterday which kept my company and others jumping through hoops to backtrack the Russian activities which was in fact determined much to the surprise of the Russian hackers...we in the West now fully understand just how to track them.....we tracked down to the malware they inserted...where...when and how...the question becomes at some point if a nation state does not retaliate in kind the other side Russia feels totally free to continue as they seem no pushback...that was the inherent failure by the Obama WH when the US IC definitely identified Russian hacking in the US election process.

Proud to say Brandenburg was defended well if one looks at the outage map..Berlin took a hit..but that was it even though DT controls the vast network infrastructure around Berlin.

AND do not think the Iranians do not work with a non linear concept....


Deutsche Telekom confirmed that more than 900,000 routers began to have serious problems connectivity problems due to a cyber attack.
More than 900,000 routers belonging to Deutsche Telekom users in Germany were not able to connect to the Internet due to an alleged cyber-attack.
The affected routers were used by the Deutsche Telekom customers also for fixed telephony and TV services.
The problems lasted at least two days, the outage began on Sunday, November 27, at around 17:00, local time.
Deutsche Telekom users all over the country were not able to connect online using the routers provided by the company.

Deutsche Telekom didn’t provide further technical details about the alleged cyber attack either the affected router models.
It is not clear which is the threat that compromised the#Deutsche Telekom routers, experts speculated the involvement of a malware that could have#prevented equipment from connecting to the company’s network.

'Security experts from#ISC Sans#published an interesting report that revealed a significant#increase in scans and exploitation attempts for a SOAP Remote Code Execution (RCE) vulnerability via port 7547 against Speedport routers.

This specific model of routers is widely used by Deutsche Telekom for German users.
“For the last couple days,#attack#against#port 7547#have increased substantially. These scans appear to exploit a vulnerability in popular DSL routers.

This issue may already have caused severe issues for German ISP Deutsche Telekom and may affect others as well (given that the US is just “waking up” from a long weekend). For Deutsche Telekom, Speedport routers appeared to be the main issue.”#added#the ICS SANS.#
“According to Shodan, #about 41 Million devices have port 7547 open. The code appears to be derived from Mirai with the additional scan for the SOAP vulnerability. Currently, honeypots see about one request every 5-10 minutes for each target IP.”

According to the ICS SANS report, it seems that attackers tried to exploit a common vulnerability in the TR-069 configuration protocol. Experts highlighted the availability of a#Metasploit module#implementing the exploit for this vulnerability.
An unconfirmed List of vulnerable routers includes the Eir D1000 Wireless Router (rebranded Zyxel Modem used by Irish ISP Eir) and the Speedport Router (Deutsche Telekom).

Of course. when dealing with#IoT devices#and cyber threats, the most dreaded malware is the#Mirai bot#that was recently involved in several massive#DDoS attacks.

According to#BadCyber, the responsible is the Mirai botnet that was designed to#exploit Eir D100 (Zyxel Modems) via port 7547.
“TR-064 protocol is based on HTTP and SOAP and its default port is TCP 7547. Commands are sent as POST requests to this port.”#states#the BadCyber.#

!The malware itself is really friendly as it closes the vulnerability once the router is infected. It performs the following command:
busybox iptables -A INPUT -p tcp –destination-port 7547 -j DROP
busybox killall -9 telnetd
which should make the device “secure”, unless until next reboot. The first one closes port 7547 and the second one kills the telnet service, making it really hard for the ISP to update the device remotely.”






SO what was the cost of the outage to the sales of CyberMonday companies....MILLIONS of Euros in lost sales....

Included also is the US outage map from the last Russian cyber attack which was a massive DDoS attack...to remind us that we tend to have a very short memory.

OUTLAW 09
11-29-2016, 10:55 AM
Old and new US Syrian FP....

when facts don't matter...

OUTLAW 09
11-29-2016, 11:37 AM
AND information warfare marches on.....whether in the US or driven by Russia itself....

“Fake News Is Not the Only Problem” by @gilgul
https://points.datasociety.net/fake-news-is-not-the-problem-f00ec8cdfcb#.48aafeppl#

This article is well worth reading and then rereading one more time as it is the basis for the new "Post Truth era" we are currently in where truth no longer matters....that is just how successful propaganda and disinformation has become....in Europe as well as in the US.....

It actually has become quite difficult to counter Russian info warfare simply by using "the truth" backed up by facts...as we have seen especially lately in the US....facts no longer matter...it is the person with the loudest voice throwing the challenge I am going to lie...SO disprove I am lying that has taken hold in the US and especially even more so in Europe....

We saw this yesterday and today with a series of Trump twitter rants....blatantly all lies but his challenge to MSM was "prove me wrong'.....very typical from virtually all statements coming lately from the Russian FM on say eastern Ukraine or Syria or on the US elections.....or even from Putin himself.....

With Russian statements it is now common to treat them as a lie ONLY when they deny something..THEN what they deny as a lie is in fact "the truth"....

OUTLAW 09
11-29-2016, 06:33 PM
I just keep pounding away on this theme....all Russian and Iranian non linear warfare is all intertwined now.....whether in eastern Ukraine....the US elections....Syria....the EU and coming German elections...ALL intertwined when Russian info warfare and Russian cyber warfare are involved.....

Cyber warfare and info warfare are the two key cornerstones to a successful Russian non linear war....regardless where it is....

We now see the Russian cyber attacks across Europe picking up and directly striking say German infrastructure ..ie yesterday which kept my company and others jumping through hoops to backtrack the Russian activities which was in fact determined much to the surprise of the Russian hackers...we in the West now fully understand just how to track them.....we tracked down to the malware they inserted...where...when and how...the question becomes at some point if a nation state does not retaliate in kind the other side Russia feels totally free to continue as they seem no pushback...that was the inherent failure by the Obama WH when the US IC definitely identified Russian hacking in the US election process.

Proud to say Brandenburg was defended well if one looks at the outage map..Berlin took a hit..but that was it even though DT controls the vast network infrastructure around Berlin.

AND do not think the Iranians do not work with a non linear concept....



SO what was the cost of the outage to the sales of CyberMonday companies....MILLIONS of Euros in lost sales....

Included also is the US outage map from the last Russian cyber attack which was a massive DDoS attack...to remind us that we tend to have a very short memory.


NCSC-FI @CERTFI
Alert 04/2016: Thousands of Finnish modems attacked - reboot removes the malware
https://www.viestintavirasto.fi/en/2016/varoitus-2016-04#

OUTLAW 09
12-29-2016, 04:27 PM
NSA doc in Snowden leak shows Russian intel hacked into email of Anna Politkovskaya a year before she was killed
https://theintercept.com/2016/12/29/top-secret-snowden-document-reveals-what-the-nsa-knew-about-previous-russian-hacking/#

Anna Politkovskaya was gunned down in 2006 to stop reporting a truth on Chechnya massacre and Putin's role.

OUTLAW 09
12-30-2016, 06:43 PM
Russian Hackers Began Honing Their Election-Tampering Skills in 2010
https://medium.com/defiant/russian-hackers-began-honing-their-election-tampering-skills-in-2010-25887aee60c5#.aa8xht9d5#

OUTLAW 09
12-30-2016, 09:04 PM
Russian Hackers Began Honing Their Election-Tampering Skills in 2010
https://medium.com/defiant/russian-hackers-began-honing-their-election-tampering-skills-in-2010-25887aee60c5#.aa8xht9d5#

"He's not afraid to use this stuff": Michael McFaul explains the persistence of Putin's cyber power
https://www.theatlantic.com/international/archive/2016/12/mcfaul-russia-sanctions-hack/511886/?utm_source=twb#

Meet The Russian Hacker Claiming She's A Scapegoat In The U.S. Election Spy Storm
http://www.forbes.com/sites/thomasbrewster/2016/12/30/alisa-esage-shevchenko-us-election-hack-russia-sanctions/#

davidbfpo
02-14-2017, 11:30 AM
I have merged several small threads into this one, plus a larger thread which was in the Europe arena.

One thread remains as a 'stand alone' a failed Russian info operation in Germany, Operation Liza:http://council.smallwarsjournal.com/showthread.php?t=23567

This thread has been renamed as Russian Info, Cyber and Disinformation (Catch all till 2017).

A new thread will appear, with the same title, but 2017 onwards.