@seansrussiablog podcast with @Alexey__Kovalev on the evolution of Russian media & propaganda.
http://seansrussiablog.org/2017/04/1...da-machine-2/#
US ultra rightists actively supporting Assad and Putin....
How a pair of self-publicists wound up as apologists for Assad
Mod adds: Link is behind a pay wall
http://www.economist.com/news/united...lf-publicists#
Last edited by davidbfpo; 04-13-2017 at 09:45 AM. Reason: Add note
@seansrussiablog podcast with @Alexey__Kovalev on the evolution of Russian media & propaganda.
http://seansrussiablog.org/2017/04/1...da-machine-2/#
MIT Tech Review
✔
@techreview
Russia gets “the true nature of the battlefield” in a way the West does not. The power lies in information.
http://trib.al/7ibtNhY
Well worth reading.....
PENQUIN’S MOONLIT MAZE
The Dawn of Nation-State Digital Espionage
Juan Andres Guerrero-Saade, Costin Raiu (GReAT)
Daniel Moore, Thomas Rid (King’s College London
https://securelist.com/files/2017/04...ze_PDF_eng.pdf
The origins of digital espionage remain hidden in the dark. In most cases, codenames and fragments of stories are all that remains of the ‘prehistoric’ actors that pioneered the nowubiquitous practice of computer network exploitation. The origins of early operations, tools, and tradecraft are largely unknown: official documents will remain classified for years and decades to come; memories of investigators are eroding as time passes; and often precious forensic evidence is discarded, destroyed, or simply lost as storage devices age. Even ‘Moonlight Maze,’ perhaps the oldest publicly acknowledged state actor, has evaded open forensic analysis.
Intrusions began as early as 1996. The early targets: a vast number of US military and government networks, including Wright Patterson and Kelly Air Force Bases, the Army Research Lab, the Naval Sea Systems Command in Indian Head, Maryland, NASA, and the Department of Energy labs. By mid-1998 the FBI and Department of Defense investigators had forensic evidence pointing to Russian ISPs. After a Congressional hearing in late February
1999, news of the FBI’s vast investigation leaked to the public.1 However, little detail ever surfaced regarding the actual means and procedures of this threat actor. Eventually the code name was replaced (with the attackers’ improved intrusion set dubbed Storm Cloud’, and later ‘Makers Mark’) and the original ‘MM’ faded into obscurity without proper technical forensic artefacts to tie these cyberespionage pioneers to the modern menagerie of APT actors we are now all too familiar with.
Russian Hackers Have Used the Same Backdoor for Two Decades
https://www.wired.com/2017/04/russia...r-two-decades/
“We can see an evolution of tradecraft,” says Rid, who teaches at King’s College Department of War Studies, and last week testified at#a Senate hearing on Russian hackers meddling in the 2016 election. “They’ve been doing this for 20 years or even more.”
Justice Dept finds 90 pages of Voting Machines Malfunctions in Swing States. PA, FL, NC, WI and MI.
Russia proposes new UN convention on coop vs #cybercrime - framed so can still protect own state-linked hackers
http://www.kommersant.ru/doc/3270121
Sorry in Russian but Google translate is not bad with Russian...
BREAKING: DOJ traces millions from $230m crime that Sergei Magnitsky exposed to UK account of Renaissance Capital
http://www.telegraph.co.uk/news/2017...s-uk-account/#
Appears that right now DoJ is massively involved in a money laundering hunt of gigantic size never seen before.....but recently outlined in the articles I have posted on the Russian washing machine for black monies....
Russian hacking even state sponsored and Russian cybercrime go hand in hand as well as money laundering activities.....black money is Russia's "soft power"....in the West....
Last edited by OUTLAW 09; 04-14-2017 at 07:52 AM.
Russia may have been involved in the collapse of a voter registration website leading up to Brexit vote
https://www.theguardian.com/politics...=share_btn_tw#
Analysts identify #SyriaHoax as Russian-fueled propaganda designed to undermine credibility of U.S. government.
http://abcn.ws/2of25YQ
“The Kremlin’s Audience in France” by @DFRLab
https://medium.com/dfrlab/the-kremli...-884a80515f8b#
The US guys who have been disseminating Russia fake news from day 1 are @Cernovich and @JackPosobiec
A day in the life of the darknet.....
https://krebsonsecurity.com/2017/04/...st/#more-38975
11Apr 17
Fake News at Work in Spam Kingpin’s Arrest?
Over the past several days, many Western news media outlets have predictably devoured thinly-sourced reporting from a Russian publication that the arrest last week of a Russian spam kingpin in Spain was related to#hacking attacks linked to last year’s U.S. election. While there is scant evidence that the spammer’s arrest had anything to do with the election, the success of that narrative is a sterling example of how the Kremlin’s propaganda machine is adept at manufacturing fake news, undermining public trust in the media, and distracting attention away from the real story.
Russian President Vladimir Putin tours RT facilities. Image: DNI
On Saturday, news broke from RT.com (formerly Russia Today) that authorities in Spain had arrested 36-year-old Peter “Severa” Levashov, one of the most-wanted spammers on the planet and the alleged creator of some of the nastiest cybercrime#engines in history — including the Storm worm, and the#Waledac and Kelihos spam botnets.
But the RT story didn’t lead with Levashov’s alleged misdeeds or his primacy among junk emailers#and virus writers. Rather, the publication said it interviewed Levashov’s wife Maria, who claimed that Spanish authorities said her husband was detained because#he was suspected of being involved in hacking attacks aimed at influencing#the 2016 U.S. election.
The RT piece is fairly typical of one that covers the arrest of Russian hackers in that the story quickly becomes not about the criminal charges but about how the accused is being unfairly treated or maligned by overzealous or misguided Western law enforcement agencies.
The RT story about Levashov, for example, seems engineered to leave readers#with the impression that some bumbling cops rudely disturbed the springtime vacation of a nice Russian family, stole their belongings, and left a dazed and confused young mother alone to fend for herself and her child.
This should not be shocking to any journalist or reader who has paid attention to U.S. intelligence agency reports on Russia’s efforts to influence the outcome of last year’s election. A#25-page dossier released in January by the Office of the Director of National Intelligence#describes RT as a U.S.-based but Kremlin-financed media outlet that is little more than an engine of anti-Western propaganda controlled by Russian intelligence agencies.
Somehow, this small detail was lost on countless Western media outlets, who seemed all too willing to parrot the narrative constructed by RT regarding Levashov’s arrest.#With a brief nod#to RT’s “scoop,” these publications back-benched#the real story (the long-sought capture of one of the world’s most wanted spammers) and led#with an angle supported by the flimsiest of sourcing.
On Monday, the U.S. Justice Department released a bevy of documents detailing Levashov’s alleged history as a spammer, and many of the sordid details in the allegations laid out in the government’s case echoed those in a story I published early Monday. Investigators said they had dismantled the Kelihos botnet that Severa allegedly built and used to distribute junk email, but they also emphasized that Levashov’s arrest had nothing to do with hacking efforts tied to last year’s election.
“Despite Russian news media reports to the contrary, American officials said Mr. Levashov played no role in attempts by Russian government hackers to meddle in the 2016 presidential election and support the candidacy of Donald J. Trump,” The New York Times reported.
Nevertheless, from the Kremlin’s perspective, the RT story is almost certainly being viewed as an unqualified success: It distracted attention away from the real scoop#(a major Russian spammer was apprehended); it made much of the news media appear unreliable and foolish by regurgitating#fake news; and it continued to sow doubt in the minds of the Western public about the legitimacy of democratic process.
Levashov’s wife may well have been told her husband was wanted for political hacking. Likewise, Levashov could have played a part in Russian hacking efforts aimed at influencing last year’s election. As noted here and in The New York Times earlier this week, the Kelihos botnet does have a historic association with election meddling: It was#used during the Russian election in 2012 to send political messages to email accounts on computers with Russian Internet addresses.
According to The Times, those emails linked to fake news stories saying that Mikhail D. Prokhorov, a businessman who was running for president against Vladimir V. Putin, had come out as gay.#It’s also well established that the#Kremlin has a history of recruiting successful criminal hackers#for political and espionage purposes.
But the less glamorous truth in this case is that the facts as we know them so far do not support the narrative that Levashov was involved in hacking activities related to last year’s election. To insist otherwise absent any facts to support such a conclusion only encourages the spread of more fake news.
http://thehackernews.com/2017/04/cia...cw0ao0651a.vgy
Symantec Connects 40 Cyber Attacks to CIA Hacking Tools Exposed by Wikileaks
Security researchers have confirmed that the alleged CIA hacking tools recently exposed by WikiLeaks have been used against at least 40 governments and private organizations across 16 countries.
Since March, as part of its "Vault 7" series, Wikileaks has published over 8,761 documents and other confidential information that the whistleblower group claims came from the US Central Intelligence Agency (CIA).
Now, researchers at cybersecurity company Symantec reportedly managed to link those CIA hacking tools to numerous real cyber attacks in recent years that have been carried out against the government and private sectors across the world.
Those 40 cyber attacks were conducted by Longhorn — a North American hacking group that has been active since at least 2011 and has used backdoor trojans and zero-day attacks to target government, financial, energy, telecommunications, education, aerospace, and natural resources sectors.
Although the group's targets were all in the Middle East, Europe, Asia, and Africa, researchers said the group once infected a computer in the United States, but an uninstaller was launched within an hour, which indicates the "victim was infected unintentionally."
What's interesting is that Symantec linked some of CIA hacking tools and malware variants disclosed by Wikileaks in the Vault 7 files to Longhorn cyber espionage operations.
Fluxwire (Created by CIA) ≅ Corentry (Created by Longhorn)
Fluxwire, a cyber espionage malware allegedly created by the CIA and mentioned in the Vault 7 documents, contains a changelog of dates for when new features were added, which according to Symantec, closely resemble with the development cycle of "Corentry," a malware created by Longhorn hacking group.
"Early versions of Corentry seen by Symantec contained a reference to the file path for the Fluxwire program database (PDB) file," Symantec explains. "The Vault 7 document lists removal of the full path for the PDB as one of the changes implemented in Version 3.5.0."
"Up until 2014, versions of Corentry were compiled using GCC [GNU Compiler Collection]. According to the Vault 7 document, Fluxwire switched to an MSVC compiler for version 3.3.0 on February 25, 2015. This was reflected in samples of Corentry, where a version compiled on February 25, 2015, had used MSVC as a compiler."
Similar Malware Modules
Another Vault 7 document details 'Fire and Forget' specification of the payload and a malware module loader called Archangel, which Symantec claims, match almost perfectly with a Longhorn backdoor called Plexor.
"The specification of the payload and the interface used to load it was closely matched in another Longhorn tool called Backdoor.Plexor," says Symantec.
Use of Similar Cryptographic Protocol Practices
Another leaked CIA document outlined cryptographic protocols that should be used within malware tools, such as using AES encryption with a 32-bit key, inner cryptography within SSL to prevent man-in-the-middle attacks, and key exchanges once per connection.
One leaked CIA document also recommends using of in-memory string de-obfuscation and Real-time Transport Protocol (RTP) for communicating with the command and control (C&C) servers.
According to Symantec, these cryptographic protocol and communication practices were also used by Longhorn group in all of its hacking tools.
More About LongHorn Hacking Group
Longhorn has been described as a well-resourced hacking group that works on a standard Monday to Friday working week — likely a behavior of a state-sponsored group — and operates in an American time zone.
Longhorn's advanced malware tools are specially designed for cyber espionage with detailed system fingerprinting, discovery, and exfiltration capabilities. The group uses extremely stealthy capabilities in its malware to avoid detection.
Symantec analysis of the group's activities also shows that Longhorn is from an English speaking North American country with code words used by it referring, the band The Police with code words REDLIGHT and ROXANNE, and colloquial terms like "scoobysnack."
Overall, the functionality described in the CIA documents and its links to the group activities leave "little doubt that Longhorn's activities and the Vault 7 documents are the work of the same group."
How @TheArabSource began a “#Russia influence campaign” to spin conspiracy/disinformation around #Syria CW attack:
http://abcn.ws/2oabGkQ
Interesting report from Poland of #fakenews targeting NATO deployment. Accusation vs "dark-skinned" US troops:
http://nowe.kresy.pl/wydarzenia/pija...ber-wlamanie/#
Fakenews alleging @3ABCT4ID troops beat young Pole in #Zagan released on local media, #cyberattack suspected.
http://bit.ly/2pB1O3F
Last edited by OUTLAW 09; 04-14-2017 at 06:17 PM.
Perfect example of MSM....large headlines this morning....question is though who is the hacking group releasing these files for????
Hackers release files indicating NSA monitored global bank transfers
http://reut.rs/2pl1A1a
Well is that not interesting...truly really absolutely not...if they had not been doing this then they are negligent in their Mission Set Taskings...
BTW....this is a true non news item...why ..standard internal banking regulations since 9/11 practiced by all Western banks under SWIFT foresees all money transfers of over 5K USDs being monitored to begin with...and when coming into the US or out of the US an individual must declared any money amount over 10K USDs...
So again just what is the massive "new news" that this article is trying to convey????
Interested in your take on claims of Russian aid to the Taliban. See my post here:
http://council.smallwarsjournal.com/...7&postcount=20
Bookmarks