"...And then they accused me of hacking Ukrainian artillery units."
Posted on 12/22/2016 4:54:44 AM PST by Freelance Warrior
A hacking group linked to the Russian government and high-profile cyber attacks against Democrats likely used a malware implant on Android devices to track and target Ukrainian artillery units from late 2014 through 2016.
The malware was able to retrieve communications and some locational data from infected devices, intelligence that would have likely been used to strike against the artillery in support of pro-Russian separatists fighting in eastern Ukraine.
The malware used to track Ukrainian artillery units was a variant of the kind used to hack into the Democratic National Committee. [a nice multi-use malware, almost like the Swiss knife]
The implant leveraged a legitimate Android application developed by a Ukrainian artillery officer to process targeting data more quickly.
Downloads of the legitimate app were promoted on pages used by Ukrainian artillery on vKontakte, a Russian social media website.
(Excerpt) Read more at reuters.com ...
I think military persons will find much fun in this story.
Ping.
I am not a military person, but I do work in IT. Malware tends to travels once it is created. It is sometimes even in the interest of the original malware creator for it to do so.
Of course, we know that all the powers with international interests, both military ad trade, deploy malware all over the place, and that certainly includes the U.S.
There is no sure-fire way of determining the origin of any particular attack, as spoofing and multiple layers of proxies can muddy any waters.
We certainly cannot determine if an attack was likely from the Russian government, a private entity working for the government, or a private entity hired from somebody from anywhere.
It would take less than 90 seconds to find Russian, Chinese or Eastern European black hats to take your money to make mischief.
Think of the other side of the story - about the one, who developed a military-purpose app for commercial cell phones (!) and uploaded it on a enemy’s (!) social network. Also about his superiors, especially those responsible for security. The Reuters story reads that the Ukrainian artillery promoted it (!) The ‘artillery’ seems to mean the commanding officers up to the top brass here.
Maybe they planted one of the devices in Hillary’s cell-phone during one of the meetings when she was selling them our uranium...
Pardon me - “Maybe they planted the malware...”
I’m not sure why I concluded there was a ‘device’ the first time I read the article.
“The malware used to track Ukrainian artillery units was a variant of the kind used to hack into the Democratic National Committee.”
The DNC wasn’t hacked so this story is probably nonsense.
"according to some calculations, the Uranium One deal, involving top Clinton donors Frank Guistra and Ian Telfer, has transferred as much as 50 percent of projected American uranium production to Kremlin control."
***********************************************
RUSSIAGATE
Who paid Bill Clinton's $2.5 million commission and $500k speaking fee for brokering the sale of 20% of America's uranium deposits to Russia?
You are speaking about a really interesting deal that ended up giving Vladimir Putin and the Russians control of one-fifth of all uranium production capacity in the United States.
Since uranium is considered a strategic asset, with implications for national security, the deal had to be approved by a committee composed of representatives from a number of United States government agencies. ..."
"...And then they accused me of hacking Ukrainian artillery units."
Well I guess that settles that.
For all we know they may have purposely infected themselves to support their Russia hacking narrative they are selling.
Funny how the Russians somehow missed hacking the Clinton private email server containing sensitive foreign policy information to focus on the more important domestic political gossip on the DNC server, isn't it?
Prove it.
The good idea fairy (easy to use military app!) didn’t talk to the operational security fairy (great! post it to a site owned by an enemy!)
Nobody thought this one through. You have to think security, there are real world lethal consequences to a military force using open source apps.
Judy Wooddruff of the PBS New Hour this evening totally missed that line of thinking. she did ask dmitri Alperovitch of Crowdstrike what would prevent a skeptic from thinking that his company was influenced by having the DNC as a client. Dmitri responded that the logic was that the new Russian Fancy Bear malware that showed up in Ukraine was very similar to the malware that Dmitri’s company found attacking the DNC. That was the totality of his argument, and Wooddruff seemed to accept it.
Wooddruff also interviewed some guy, Thomas Rid, in the UK who wrote a book about hacking, but his arguments seemed equally weak.
http://www.pbs.org/newshour/bb/security-company-releases-new-evidence-russian-role-dnc-hack/
Wooddruff did note that the US intelligence agencies have not yet released their reports. Wooddruff and PBS seem to regard Crowdstrike and Thomas rid as the next best thing to an official report.
I got the impression that the entire interview was a setup designed to attempt to continue the legitimazation of the Russian meme and also to encourage the CIA or whoever to release an official report.
What do these people really want? What is their end goal?? Martial law prior to the inauguration and a cancellation of the inauguration? A civil war??
or maybe the goal is to attempt to delegitimize Trump enough to put him within serious danger of impeachment...
http://www.pbs.org/newshour/bb/security-company-releases-new-evidence-russian-role-dnc-hack/
Security company releases new evidence of Russian role in DNC hack
December 22, 2016 at 6:45 PM EST
JUDY WOODRUFF: The CIA and other U.S. intelligence agencies have concluded the Russian government was behind the email hack into the Democratic National Committee and other political organizations, but have yet to produce their evidence publicly. President-elect Trump has questioned that conclusion.
Today, the private cyber security company that first uncovered the DNC hack unveiled new details they claim confirm Russian military intelligence service was behind the computer breach.
Here to explain all of this is Dmitri Alperovitch. He’s the co- founder of CrowdStrike, the company that did the investigating. And Thomas Rid, he’s a professor at King’s College London. His latest book is “Rise of the Machines: A Cybernetic History.”
And we welcome both of you to the “NewsHour”.
Dmitri Alperovitch, let me start with you. What is this new information?
DMITRI ALPEROVITCH, CrowdStrike: Well, this is an interesting case we’ve uncovered actually all the way in Ukraine where Ukraine artillerymen were targeted by the same hackers who were called Fancy Bear, that targeted the DNC, but this time, they were targeting their cell phones to understand their location so that the Russian military and Russian artillery forces can actually target them in the open battle.
JUDY WOODRUFF: So, this is Russian military intelligence who got hold of information about the weapons, in essence, that the Ukrainian military was using, and was able to change it through malware?
DMITRI ALPEROVITCH: Yes, essentially, one Ukraine officer built this app for his Android phone that he gave out to his fellow officers to control the settings for the artillery pieces that they were using, and the Russians actually hacked that application, put their malware in it and that malware reported back the location of the person using the phone.
JUDY WOODRUFF: And so, what’s the connection between that and what happened to the Democratic National Committee?
DMITRI ALPEROVITCH: Well, the interesting is that it was the same variant of the same malicious code that we have seen at the DNC. This was a phone version. What we saw at the DNC was personal computers, but essentially, it was the same source used by this actor that we call Fancy Bear.
And when you think about, well, who would be interested in targeting Ukraine artillerymen in eastern Ukraine who has interest in hacking the Democratic Party, Russia government comes to find, but specifically, Russian military that would have operational over forces in the Ukraine and would target these artillerymen.
JUDY WOODRUFF: So, just quickly, in the sense, these are like cyber fingerprints? Is that what we’re talking about?
DMITRI ALPEROVITCH: Essentially the DNA of this malicious code that matches to the DNA that we saw at the DNC.
JUDY WOODRUFF: Thomas Rid, to you in London, as you read about this, understand this new information, what do you make of it? How do you see it?
THOMAS RID, King’s College, London: Well, the important piece, I think, is that we’re looking at only one piece in a larger puzzle which CrowdStrike has discovered is one piece of a larger picture. And the picture is already rich. We know how they choose their targets. We know thousands of their targets even by individual names. We know how they get in, how they move around, how they take information out, we know the infrastructure, the flight card they used to take the information out.
And I think we’re approaching the point where the evidence is so rich that there are only two reasons not to accept it — one, because you don’t understand the technical details because you don’t have to skills, or because you don’t want to understand it for political reasons.
JUDY WOODRUFF: Well, you do have the technical expertise. Does it hold up for you?
THOMAS RID: Yes. You know, what I do is I look at specific cases and I drill down and I zoom into the details of the picture and look at that detail. So, we can often link specific cases like the one that Dmitri was just describing to another case because the tool set that they’re using is the same, really like the tool of the burglar that breaks into one building and uses the same or a comparable tool in another building.
So, one thing that I’m, for instance, interested in and that I focused on is how they broke into the German parliament and that we can link that to the DNC and, indeed, we can also link those two cases. So, the evidence is really strong that we have at this point.
JUDY WOODRUFF: So, the evidence is really strong. Are you saying there is just no doubt about it, at this point?
THOMAS RID: Among people who studied the true forensic evidence, among people who do incident response, the vast majority of this community — and, you know, bear in mind this is an entire profession trained to do digital investigations — most people in that profession accept the evidence that we have. It’s really not controversial anymore that we’re looking at a major Russian campaign.
You know, keep in mind: this has been going on for many years. This particular act, that we watched them for eight years, and over the past year, they made quite a lot of mistakes which revealed themselves.
JUDY WOODRUFF: Now, Dmitri Alperovitch, we want to point out and we said earlier, you were — your company was the one that uncovered this in the first place. You were working for the Democratic National Committee. Are you still working — doing work for them?
DMITRI ALPEROVITCH: We’re protecting them going forward. The investigation is closed in terms of what happened there. But certainly, we’ve seen the campaigns, political organizations are continued to be targeted, and they continue to hire us and use our technology to protect themselves.
JUDY WOODRUFF: I ask you that because if there’s a question of conflict of interest, how do you answer that?
DMITRI ALPEROVITCH: Well, this report was not about the DNC. This report was about information we uncovered about what these Russian actors were doing in eastern Ukraine in terms of locating these artillery units of the Ukrainian army and then targeting them. So, what we just did is said that it looks exactly as the same to the evidence we’ve already uncovered from the DNC, linking the two together.
JUDY WOODRUFF: So, if there’s still someone out there like the president-elect or others who support him who say, we just don’t believe this, we don’t think it’s been proven, we haven’t seen the CIA and the FBI’s information, what’s your response to that?
DMITRI ALPEROVITCH: Well, I think it’s legitimate to ask questions and this is why we wanted to produce more evidence that raises the level of confidence that we have, even internally, that this is Russian intelligence agency called the GRU. I think it’s also important for the government to release their own evidence. And I’m encouraged that President Obama ordered this review. I hope the report that comes out will be made public so that everyone can look at it and make their own judgments.
JUDY WOODRUFF: Thomas Rid, what more would you need to see, what more a skeptic need to see in order to erase all doubt?
THOMAS RID: Of course, we can always see more evidence and look for more details, for instance on specific names of operators, and we know that, you know, some intelligence agencies in the United States seem to have that information.
But let’s keep something in mind. What they want to achieve — what this Russian operation is trying to achieve at this point is to drive a wedge between the president-elect, between the next administration and the intelligence community. And so far, if you see that as part of the operation, they have been spectacularly successful. So, releasing more evidence and then having critics possibly even the president-elect say, well, that’s not good enough, that is exactly the outcome that they want because it introduces friction inside the security establishment in Washington.
JUDY WOODRUFF: Just quickly. Dmitri, is that what you see as well?
DMITRI ALPEROVITCH: I think it’s important to bring out the evidence. Some people legitimately have questions about this. It’s important for the U.S. government to tell us what they know because they have access to classified intelligence and sourcing methods that we are not privy to as a private security company. So, I think it’s important to know what happened in the most consequential hack we’ve ever seen.
JUDY WOODRUFF: And, of course, we have no way of knowing if that’s what they will do — what they will do. But, of course, we will continue to watch it very closely, as well you Dmitri Alperovitch, Professor Thomas Rid. We thank you both.
DMITRI ALPEROVITCH: Thank you.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.