Does the Kremlin Have a New Way of Hacking the West?

A highly-capable Russian hacker group with links to Russian intelligence and that is known for going after high-profile foreign and corporate targets is deploying a powerful new data theft tool against Western systems, according to a new report by a prominent American cybersecurity firm.

The technical report by California-based FireEye Inc. analyzes the advanced piece of malware, called HAMMERTOSS, and connects the tool to a cyber-espionage gang known as APT29. Cybersecurity experts say the group is unusually well-disciplined and sophisticated, and the new malware — uncovered during a FireEye investigation at an unnamed organization targeted by the hackers — is said by the firm to be reserved for covertly stealing information from high-value targets.

“This tool is not widely deployed, so we believe that it’s used when other tactics won’t work,” Jen Weedon, manager of threat intelligence at FireEye, told Foreign Policy. “But we’ve found it in areas of critical intelligence value.” FireEye declined to name the specific targets of the Russian hackers, but said that the innovative data-theft tactic has hit Western governments, think tanks, defense contractors, and media organizations.

Believed to be operating in its current form since 2014, APT29 has set itself apart from other Russian hacking groups by repeatedly demonstrating the capability to adapt and evade detection, a skill level that FireEye researchers believe links the outfit to the Russian government. “Very few groups show the same discipline and consistency,” noted the report.

The Russian embassy in Washington did not respond to a request for comment. A senior administration official, while declining to comment on the FireEye report, said that President Barack Obama “has repeatedly made clear that cyber threats pose one of the gravest national security dangers that the United States faces.”

“These threats emanate from states, such as China, Russia, and North Korea, as well as from non-state actors, and we constantly track and defend against them,” the official added.

Defending against cyber attacks is sometimes easier than figuring out who launched them in the first place, and why. Russia is known for having sophisticated criminal hackers, as well as ones at least nominally controlled by Moscow. Though it could find no direct link to the Kremlin, FireEye said the intelligence sought by APT29 was consistent with Russian government interests rather than those of a typical criminal enterprise. “For a long time, this group has been stealing information that can’t be monetized. They go after this data because of its intelligence value,” Weedon said.

In tracking APT29’s activities, FireEye researchers found many data points that indicate the hacking group is state-run, not criminal. For instance, the group’s activities align with the work hours in the UTC +3 time zone, which contains cities such as Moscow and St. Petersburg, and the hackers appeared to stop working on Russian holidays. “If these are criminals, they are criminals behaving like how a government would act,” said Weedon.

Last week, top FBI counterintelligence official William Evanina told reporters that his office plans to update a 2011 report that labelled Russia, along with China, as the top offenders in the theft of U.S. economic and technology information. Evanina said that both China and Russia continue to be cyber-espionage leaders, although Iran has stepped up its activities against U.S. targets.

While the HAMMERTOSS malware is an example of the new innovation and ability being deployed by Russian hackers for espionage purposes, it is not an isolated instance. In November 2014, the State Department shut down its email system for a full weekend to try after discovering that its servers had been steadily dogged by cyberattacks all year. Similarly, Russian hackers have managed to sneak into “sensitive but unclassified” White House networks, CNN reported on April 7. Moreover, the Russian security firm Kaspersky Lab said that the campaign that targeted the White House appears to have similar code, infrastructure, and political interests as past attacks that were linked to hackers believed to be working for the Russian government.

Moscow-linked attacks have also hit Russia’s former Soviet neighbors. In 2014, a hacker group believed to be sponsored by the Kremlin attackedgovernments in Georgia, as well as NATO and defense contractors throughout Western Europe. Similarly, cyberattacks on Estonia in 2007 were widely believed to be the work of Russian cybercriminals working either with or for the Russian state.


Russians hackers used Twitter, photos to reach U.S. computers – report

Wed Jul 29, 2015 1:26pm BST

Russian government-backed hackers who penetrated high-profile U.S. government and defence industry computers this year used a method combining Twitter with data hidden in seemingly benign photographs, according to experts studying the campaign.

In a public report Wednesday, researchers at security company FireEye Inc (FEYE.O) said the group used the unusual tandem as a means of communicating with previously infected computers. FireEye has briefed law enforcement on what it found.

The technique, uncovered during a FireEye investigation at an unnamed victim organization, shows how government-backed hackers can shift tactics on the fly after they are discovered.

“It’s striking how many layers of obfuscation that the group adopts,” said FireEye Strategic Analysis Manager Jennifer Weedon. “These groups are innovating and becoming more creative.”

The machines were given an algorithm for checking a different Twitter account every day. If a human agent registered that account and tweeted a certain message, instructions for a series of actions by the computer would be activated.

The tweeted information included a website address, a number and a handful of letters. The computer would go to the website and look for a photo of at least the size indicated by the number, while the letters were part of a key for decoding the instructions in a message hidden within the data used to display the picture on the website.

Weedon said the communication method might have been a failsafe in case other channels were discovered and cut. Vikram Thakur, a senior manager at Symantec Corp (SYMC.O), said his team had also found Twitter controls combined with hidden data in photos, a technique known as steganography.

FireEye identified the campaign as the work of a group it has been internally calling APT29, for advanced persistent threat. In April, it said another Russian-government supported group, APT28, had used a previously unknown flaws in Adobe Systems Inc.’s Flash software to infect high-value targets.

Other security firms use different names for the same or allied groups. Symantec recently reported another data-stealing tool used in tandem with the steganography, which it calls Seaduke. Thakur said both tools were employed by the group it knows as the Duke family.

Thakur said another tool in that kit is CozyDuke, which Russian firm Kaspersky Lab says is associated with recent breaches at the State Department and the White House.

(Reporting by Joseph Menn; Editing by Cynthia Osterman)

Russia’s propaganda machine revs up ahead of UN’s MH17 vote

Rescue workers carry a stretcher with a body past debris from the Boeing 777-200 Malaysia Airlines flight MH17 that is presumed to have been shot down in eastern Ukraine on July 19, killing all 298 passengers. © Anastasia Vlasova

In the best exposé written about Russian Information Warfare using the media, Allison Quinn, at the KyivPost, exposes the soft underbelly of the Russian propaganda mechanism.

Russia is desperately trying to smear the one and only theory that the West seems to be offering: MH17 was shot down by a Russian Buk (SA-21) in rebel held territory in Ukraine.  It really doesn’t matter very much if Russian soldiers fired the missile or separatists.

Russia has looked disjointed, dysfunctional, inept and almost stupid in all the differing theories, often by the same people, through the past year.

Now Russia is doing everything possible to confuse the Russian public as to what really happened to MH17, publishing widely varying stories, overwhelming other theories, and generally appearing foolish to anyone who reads anything but Russian state-sponsored media.

For those of you trying to categorize, this blog is called counter-propaganda.  By writing this, by reading this, we are attempting to expose the truth, and expose Russian lies.

Now I leave you to read a masterpiece of clarity.

by Allison Quinn, Kyiv Post

Russia’s state media machine appears to have gone into conspiracy theory overdrive.

A well-coordinated campaign appeared to be underway ahead of the July 29 U.N. Security Council vote on whether to form a tribunal to investigate the downing of Malaysian Airlines flight MH17. Its goal seems to be aimed at discrediting the widely accepted version that Russian-separatists were to blame for the crash that killed all 298 people on board using a surface-to-air missile system supplied by Russia.

But the campaign, complete with misinformation, half-truths and obfuscation, was frantic, sloppy and full of holes.

One narrative added to the media campaign’s repertoire is a story that claims a bomb had been on board flight MH17. Another is that a CIA operative posing as a BBC reporter brought down the plane, according to the media arm of Russia’s Defense Ministry. A third version, citing anonymous sources, says Ukrainian soldiers mistakenly shot down the plane during training.

They all are buttressed by a whole slew of “expert commentaries” that claim the international investigation and calls for a tribunal are part of a Western-backed conspiracy.

These theories follow the version put forward by Russia’s Defense Ministry last year that a Ukrainian SU-25 jet shot down the plane, as well as the more far-fetched explanation that all 298 passengers on board the plane had actually been dead well in advance, their corpses used by some Illuminati-esque international syndicate to stage the entire tragedy and pin the blame on Russia.

Indeed, Moscow-based polling firm Levada Center told the Kyiv Post earlier this month that a majority of Russians believe Ukraine shot down the civilian plane, while 10 percent think that the West is responsible.

The surge of fresh conspiracy theories – which, incidentally, contradict all the earlier ones – came as the U.N. Security Council was due to meet and vote on a resolution establishing an international criminal court to prosecute those responsible for the catastrophe.

Russia is firmly against the measure and has indicated it will veto the measure as a permanent member of the council.

Two Dutch-led investigations into the downing of flight MH17 have yet to be released to the public.

Italy, Malaysia, the Netherlands, Australia, Belgium and Ukraine have all spoken in favor of a tribunal. Russia has reacted to the proposal with indignation, with Russian U.N. Ambassador Vitaly Churkin saying it is “not a proper thing to do” before the results of the investigation have been released.

Russia’s media machine was rabid in backing the Russian government’s official stance on the issue, so much so that they seemed unable to keep their story straight.

Analysts said the bombardment of narratives on MH17 are part of an ongoing campaign to supplant the very idea of truth – to create so much doubt among a domestic audience that Russians give up on looking for it.

The latest report by Life News, a pro-Kremlin outlet, claiming a bomb had been on board the plane cites an independent expert called Yury Antipov, who is said to be conducting his own investigation into the tragedy. Antipov has repeatedly been cited by Russian media to challenge the West’s version of events on MH17.

But he can’t seem to stay consistent.

Last summer, he pushed the theory that the plane brought down over Donetsk Oblast “was not the same plane that departed from Holland” in comments to Russian newspaper Komsomolskaya Pravda. Antipov said he believed the plane that crashed was actually a Malaysian airliner that disappeared months earlier.

Thus, the MH17 crash was all staged by President Petro Poroshenko as a “back-up plan” in case Ukrainian forces lose ground to Russian-backed separatists in the east, he posited.

Now, the crash was real but caused by a bomb on board, Antipov insists.

To critical observers, such bizarre narratives may reek of desperation. But in the larger information war, they serve a much more insidious purpose.

Peter Pomerantsev, a London-based expert on Russia’s use of information as a weapon, has previously described such tactics as part of a “linguistic sabotage of the infrastructure of reason” meant to “spread confusion about the status of truth.”

The idea is that if the audience begins to doubt the very existence of truth in the first place, it ceases to matter at all. The same tactic can be seen in the Russian media’s handling of the MH17 coverage now.

The focus is mostly on Russia’s domestic audience, Pomerantsev said, “to make sure Russians are left befuddled” about the truth.

It does sound desperate, but I don’t know their overall media strategy on MH17. Often the individual lies are silly (crucified kids, etc.), but they actually fit a fairly well worked out meta narrative (chaos in Ukraine – stability in Russia),” he told the Kyiv Post. (more…) #UKR Update – 291520UTC July 2015

Revenge on a Scammer

Oh goodness.

The accent this guy puts on is so politically incorrect, but it is hilarious.

I got this from a hacker group, so please, enjoy Jose Barrientos taking Suraj, the Scammer, AKA Marshall, to the woodshed.

Isil’s propaganda machine has to be destroyed

Shortly after the successful military campaign to overthrow Iraqi dictator Saddam Hussein in 2003, US General David Petraeus posed this not unreasonable question to his political masters: “So tell me how does this end?” No one quite knew, and the country was rapidly consumed by violent sectarian conflict.

I’ve seen action in Iraq and Afghanistan, and have worked closely with Gen Petraeus. And today, more than a decade later, it strikes me that his question might be asked again of our own political leadership about Islamic State (Isil). For in the absence of an effective Western response, we can expect a war without end until Isil achieves its ultimate objective of the global imposition of Islamic law, culture and religion. As things stand, however, I fear our political position is to manage this distant irritationas best we can afford while seeking to avoid a deeper military involvement.

Doing nothing is not an option. You only have to look at Isil’s intelligent use of propaganda to see what happens when your adversary is crippled by silence, dithering and inaction. Isil has created a “Caliphate” the size of Italy, which allows it to indulge in genocide, murder, sectarian violence and slavery. The West needs to realise that, if it is to be stopped, someone’s boots need to be on the ground. They could be Western boots; there should be Arab boots. In Syria they should be trained and equipped fighters with the Free Syrian Army (FSA), as well as local tribal forces. But, irrespective of their national origin, they need to be boots that are prepared to fight against this theocratic fanaticism and reclaim the land that has been taken.

It is important that we do not under-estimate the enormity of the challenge we face. In 2006, when the US-led coalition in Iraq had assembled the most advanced and technically equipped military force it could muster, it still found itself unable to defeat the determined insurgency orchestrated by al-Qaeda. It was only in 2007-08, when Gen Petraeus persuaded local tribal elders to align themselves with the coalition’s “surge” strategy, that we finally prevailed and destroyed al-Qaeda’s base in Iraq.

Eight years on, the problem might appear more multifaceted, but a similar type of approach is required if the West is to mount a charge on all fronts and without respite. The first priority must be to counter Isil’s highly effective propaganda machine. We need to find a compelling and regionally driven counter narrative of our own that disrupts Isil’s “virtual Caliphate” – far greater in scope than its land-based conquests – which persuades many susceptible young Muslims to join its ranks, whether as foot soldiers, suicide bombers, financiers or just supporters.

In the world of propaganda, it is actions that outweigh words and promises. That is why I believe Isil’s appalling treatment of those under its control will ultimately result in the caliphate breaking up with widespread dissent and resentment spreading within its ranks. This is the foundation on which a counter narrative must be built. We must exploit the growing vocal outrage in the Muslim world against Isil’s heinous exploits, as well as expose the plethora of half-truths and falsehoods promoted by Isil’s propaganda machine, such as their appalling treatment of women, who are regarded as no more than common commodities.

We must make clear that Isil’s dominance has been achieved through the intimidation of local tribes, who are too afraid to challenge the Islamists’ brutal regime, and that Isil’s military prowess is bogus, while their actual field losses are significant. By exposing Isil’s lies, we can encourage the moderate Arab voice of reason to prevail. Above all the message needs to be got across to young Muslim men and women in Britain and elsewhere that, contrary to Isil’s propaganda, it is far from being an attractive proposition for them to invest their lives and wellbeing with those running the so-called caliphate in Syria or Iraq.

We also need to target the organisation’s funding stream by freezing banking and capital assets. Then, by providing high quality training and the expert use of our own precision munitions, we need to help the Iraqi army to drive out Isil from its strongholds in the north and west of the country. Diplomatic and economic support may also be needed, but the main focus for the West should be to assist with providing accurate intelligence and far larger numbers of specialist advisers.

<script height=”349px” width=”620px” src=””></script&gt;

We also need to have a serious think about how we are going to deal with the region once Isil has been defeated.

One idea might be to have a Marshall Plan for the Arab world largely funded by them to help the area rebuild and recover. For it is vital that we give hope to the millions of refugees who have been made homeless by this brutal conflict. This could be achieved through charitable work in education, by offering improved health facilities, the development of apprentice skills, housing and other essential services. Restoring some semblance of dignity to the dispossessed will be a critical element in the region’s future stability.

Lt Gen Sir Graeme Lamb is a former Director, Special Forces


Anti-Iran agreement ad uses fake image of Obama/Rouhani meeting, uses ISIS produced photo

I am often asked about domestic “propaganda”, I usually disagree with the word usage, but in this case it seems appropriate.

This article raises an important ethical image question, what are legitimate sources for pictures?  Because the images ussed in this political ad originates from ISIS propaganda, should it be forbidden?

by Ilan Ben-Meir (source: Buzzfeed)

Saturday, July 25, 2015

A new ad touting Wisconsin Sen. Ron Johnson’s opposition to President Obama’s nuclear deal with Iran features a photoshopped image of President Obama shaking hands with Iranian President Hassan Rouhani, as well as a still from a propaganda video produced by ISIS.

The ad, which is running in the Madison, Milwaukee, and Green Bay markets, was created by Restoration PAC, a group based in Oak Brook, Illinois.

“Some of our leaders, like Ron Johnson, understand that preventing Iran from getting the bomb is essential to our safety,” warns the ad. “Others, like President Obama, insist on signing a toothless agreement that makes us less safe.”

The ad’s background images include a shot from an ISIS-produced video, footage of a smoldering World Trade Center, and an image of the president shaking hands with Iranian President Hassan Rouhani.

Obama and Rouhani have never met, however. The photograph was created from a image of Obama meeting with Indian Prime Minister Manmohan in 2011.

When asked for comment, Restoration PAC spokesman Dan Curry told BuzzFeed News, “I don’t know what you’re talking about. You’re saying that’s a photoshop — can you explain what you’re talking about?”

When Curry was told that Obama and Rouhani have never met, Curry said he would “take a look at that.”

Asked about the ad’s use of ISIS-related imagery, however, Curry said it was “nonsensical” that media companies can use the propaganda videos but not political campaigns.

“So you’re saying that media companies can use ISIS, what you call propaganda imagery, but political campaigns can’t use ISIS imagery, no matter what the message they’re trying to portray?” asked Curry. “That just doesn’t make sense to me, it’s just nonsensical.”

“The point is to show ISIS as bad people,” Curry said. “It certainly isn’t being used as propaganda for them, it’s being used as propaganda against them.”

In a press release, Restoration PAC said that that ad was produced by “award-winning ad-maker Rick Reed, who specializes in national security issues and whose Swift Boat Veterans for Truth ad campaign was pivotal in re-electing George W. Bush President in 2004.” The release also claims that “noted message expert Frank Luntz” also participated in the project.

Here’s the ad:

Ilan Ben-Meir is a political reporter for BuzzFeed News and is based in New York. Contact Ilan Ben-Meir at