Page 5 of 6

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

PostPosted: Tue Mar 06, 2018 2:24 pm
by seemslikeadream
Polly Sigh

Sources familiar with the suspects: The Russian treason case was launched because FSB colonel Sergey Mikhailov & his subordinate Dmitry Dokuchaev helped US intel agencies identify the hackers who stole data from the Democratic Party.


‘The Defense Ministry hacks servers blatantly and clumsily’ An investigative report by The Bell shows how an institutional rivalry in Russian policing may tie Moscow to the cyber-attack on the U.S. Democratic Party
The Bell10:21, 5 december 2017
Image
An employee at Secureworks, which investigated the Fancy Bear cyber-attack on the Democratic Party. October 4, 2017
Marina Hutchinson / AP / Scanpix / LETA
According to a new investigative report by Svetlana Reiter, published by The Bell, an unnamed source claims that former Russian Federal Security Service colonel Sergey Mikhailov, who’s now on trial in Russia for treason, may have provided U.S. officials with information about the hacker attacks on the Democratic Party. Meduza summarizes Reiter’s article.
Sergey Mikhailov was arrested a year ago today, on December 5, 2016, but almost nothing is known about the charges against him, though we do know that the treason case names four defendants from the Federal Security Service (FSB). Ivan Pavlov, a lawyer for one of these suspects, says he believes the case was classified so the defendants “wouldn’t be able to say anything more.” Three sources familiar with the suspects told The Bell that the case was launched because Mikhailov and his accomplices helped American intelligence agencies identify the hackers who stole data from the Democratic Party. The Bell was unable, however, to verify this information independently.

According to the U.S. intelligence community, the Russian Defense Ministry’s Main Intelligence Directorate (GRU) is responsible for the hacker attacks on the Democratic Party. Sources told The Bell that the institutional competition for budget resources has driven both the GRU and FSB to launch cyber-attacks. Researchers from the company Crowdstrike indirectly confirmed this rivalry in a 2016 report on the hacker groups “Cozy Bear” and “Fancy Bear.” In January 2017, the newspaper Novaya Gazeta reported that Mikhailov and the others were arrested on charges related to the hacking of the Democratic Party.

America's hunt for Russian hackers How FBI agents tracked down four of the world's biggest cyber-criminals and brought them to trial in the U.S.
Moscow's cyber-defense How the Russian government plans to protect the country from the coming cyberwar
The Bell’s sources say the formal charges against Mikhailov and the other defendants do not address the cyber-attack on the Democratic Party, and deal instead with intelligence he allegedly sold to American officials in 2007 about Pavel Vrublevsky, the owner of Chronopay, a transaction security company.

In retaliation, Vrublevsky apparently informed the FSB that Mikhailov was collecting data about the hacker attacks and passing it to the Americans. In August, the independent television station Dozhd reported that Mikhailov could have supplied the FBI with information that led to the July 2014 arrest of Russian hacker Roman Seleznev in the Maldives. Ivan Pavlov, who represents one of the defendants in Mikhailov’s treason case, categorically denies these allegations. In March 2017, the FBI charged Dmitry Dokuchaev, one of Mikhailov’s subordinates in the FSB’s cyber-investigative department, with hacking and stealing 500 million Yahoo user accounts.

A source who knows Mikhailov says his main motivation for helping the Americans was his commitment to fighting crime. It’s possible, however, that Mikhailov was also receiving money from the U.S. government, though his lawyers deny this. Multiple sources also told The Bell that Mikhailov held a position at the media holding company RBC from 1999 to 2009, where he apparently earned “an unusual supplement” to his salary as an FSB officer. The Bell was unable to find out how much money RBC may have paid him.
https://meduza.io/en/feature/2017/12/05 ... aign=share


English translation of the in-depth reporting quoted above: "...former Russian FSB colonel Sergey Mikhailov, now on trial in Russia for treason, may have provided US officials w/ information about the hacker attacks on the Democratic Party"
#Maddow https://translate.google.com/translate? ... rev=search



"FSB + Kaspersky employees arrested for treason had tipped off CIA criminal hackers"


Image
Image

Russian treason arrests stemmed from intel official helping US catch criminal hackers

Joe Uchill08/24/17 10:08 AM EDT
Russian treason arrests stemmed from intel official helping US catch criminal hackers
Three current and former Russian intelligence agents and a Russian cybersecurity firm employee arrested on charges of treason had been feeding the U.S. information on criminal hackers, a Russian news station reported Wednesday.

Sergei Mikhailov and Dmitry Dokuchaev, who at the time were employed by Russia's intelligence service, the FSB, were arrested along with former FSB agent George Fomchenkov and Kaspersky Lab employee Ruslan Stoyanov in connection with data they passed along to the CIA, according to Rain TV.

The arrests, which were made public in late January, caused speculation that the four had been informants for the investigation into Russian hacking in the 2016 U.S. elections.
According to the Rain report, they had actually been tipping off the CIA about Russian criminal hackers, including accused credit card thief Roman Seleznev and alleged LinkedIn hacker Yevgeniy Nikulin.

Seleznev, the son of a Russian legislator, was arrested on vacation in the Maldives in 2014. According to the Rain report, aiding in his capture forced the hand of Russian authorities to arrest Mikhailov, Dokuchaev, Fomchenkov and Stoyanov.

At the time of the announcement of Stoyanov's arrest, Kaspersky Lab said in a statement: "The case against this employee does not involve Kaspersky Lab," noting that the arrest concerned a time period "predating his employment at Kaspersky Lab."
http://thehill.com/policy/cybersecurity ... g-us-catch



Russian FSB agents Mikhailov & Dokuchaev [YAHOO hack] and Stoyanov of Kaspersky Lab [who paid Mike Flynn] were charged w/ treason for passing US officials IP-addresses of devices involved in hacking IL & AZ election database.

Mike Flynn was paid by a Russian cybersecurity firm that is connected to Russian FSB officer indicted for Yahoo hack.
"FSB keeps RU’s top cybersecurity experts under arrest so nobody can interview them, use them – or harm them"
Are FSB agents Mikhailov, Dokuchaev [YAHOO hack] and Stoyanov [Kaspersky employee] treasonists or the actual DNC hackers?


Image

NEW: Jailed Russian hacker Kozlovsky: I hacked the DNC 'under command of the FSB.' He also named his FSB handler Dokuchayev & Kaspersky employee Stoyanov. This undermines repeated Kremlin claims that they had nothing to do w/the DNC hack ...

Image
Image
Image


NEW Russian hacker contradicts Kremlin: "I hacked the DNC for the FSB"

The jailed Russian hacker named at least 2 others who helped w/ the DNC hack: his FSB handler Dokuchaev [indicted for the YAHOO hack] and Ruslan Stoyanov, a cybersecurity expert w/ Kaspersky Lab [who paid Mike Flynn]


Kaspersky was an intermediary btwn “international organizations” Flynn

Image

Court document in jailed Russian hacker [Kozlovskiy] case points to Kaspersky Lab’s cooperation with Russian security service FSB: "The FSB agent worked side-by-side with the Kaspersky technician in the 'information retrieval' operation."


Early reporting was that Mikhailov/Dokuchayev accepted bribes from a "foreign organization" – not USIC. They weren't arrested for treason until the dossier became public. Might the Dec '16 treason arrest be CYA because FSB was paid by Trump campaign ["foreign org"] to hack DNC?

Jailed Russian hacker Kozlovsky says he can prove he hacked the DNC on Kremlin’s orders and that his relationship with his FSB handler Dokuchayev [indicted for Yahoo hack] preceeded the latter’s rise to prominence in the FSB.

Jailed Russian says he hacked DNC on Kremlin’s orders and can prove it

By Kevin G. Hall khall@mcclatchydc.comWASHINGTON
In this June 14, 2016 file photo, people stand outside the Democratic National Committee (DNC) headquarters in Washington. (AP Photo/Paul Holston, File)
A jailed Russian who says he hacked into the Democratic National Committee computers on the Kremlin’s orders to steal emails released during the 2016 U.S. presidential election campaign now claims he left behind a data signature to prove his assertion.

In an interview with Russia’s RAIN television channel made public Wednesday, Konstantin Kozlovsky provided further details about what he said was a hacking operation led by the Russian intelligence agency known by its initials FSB. Among them, Kozlovsky said he worked with the FSB to develop computer viruses that were first tested on large, unsuspecting Russian companies, such as the oil giant Rosneft, later turning them loose on multinational corporations.

Kozlovsky first came to public attention in early December when word spread about his confession last Aug. 15 in a Russian courtroom that he was the person who hacked into DNC computers on behalf of Russian intelligence. The Russian was jailed earlier this year, alleged to have been part of a hacking group there that stole more than $50 million from Russian bank accounts through what’s called the Lurk computer virus.

The alleged hacker posted to his Facebook page in December a transcript and an audio recording of his confession during a pre-trial court hearing. He also confessed online to having hacked investigators looking into the crash of Malaysia Airlines Flight 17, brought down in July 2014 by a missile near the disputed Ukrainian border with Russia.

In written answers from jail made public Wednesday by RAIN TV, a Moscow-based independent TV station that has repeatedly run afoul of the Kremlin, Kozlovsky said he feared his minders might turn on him and planted a “poison pill” during the DNC hack. He placed a string of numbers that are his Russian passport number and the number of his visa to visit the Caribbean island of St. Martin in a hidden .dat file, which is a generic data file.

That allegation is difficult to prove, partly because of the limited universe of people who have seen the details of the hack. The DNC initially did not share information with the FBI, instead hiring a tech firm called CrowdStrike, run by a former FBI cyber leader. That company has said it discovered the Russian hand in the hacking, but had no immediate comment on the claim by Kozlovsky that he planted an identifier. Salon reported in September that the DNC had shared with the FBI complete digital copies of its servers.

There was no immediate way to reach Kozlovsky, who is believed to have been detained in the infamous Matrosskaya Tishina (Sailor’s Silence) jail in Moscow awaiting trial for an unrelated hacking case.

Bots make up more than half of all internet traffic and are seamlessly integrated into our everyday lives, here's how they work. Maureen Chowdhury and Patrick GleasonMcClatchy

The newest allegations are potentially significant. If the FSB did in fact direct Kozlovsky, then it debunks Russian President Vladimir Putin’s assertion that his government had nothing to do with hacking that all major U.S. intelligence agencies put at his feet. It also calls into question the view of a hack that was conducted as a closely held, organized FSB campaign directed from central offices. Kozlovsky says he worked largely from home, with limited knowledge of others and that the political hack was just part of larger relationship with the FSB’s top cyber officials on viruses directed at other countries and the private sector.

“Based on my experience and understanding of professional intelligence operations, the blending of criminal activity with sanctioned intelligence operations is an old page out of the Russian intelligence-services playbook,” said Leo Taddeo, chief information security officer for Cyxtera Technologies and a former head of cyber operations in the FBI’s New York office. “What the defendant (in Russia) is describing would not be inconsistent with past Russian intelligence operations.”

Kozlovsky’s claims include an assertion that for the past seven years he was under the control of Major Gen. Dmitry Dokuchayev, who he said gave him orders to breach the DNC servers to interfere in the U.S. election process. A federal court in San Francisco in February issued an arrest warrant for Dokuchayev for his alleged role in a hack of Yahoo accounts. A month later the FBI put the former hacker-turned-spy on a Wanted poster for his alleged role in directing hackers. He was arrested in Russia in late 2016 on treason charges in a high-profile incident that included the arrest of another FSB cyber leader.

The jailed Kozlovsky told RAIN TV that he had a relationship with Dokuchayev that preceeded the latter’s rise to a prominent post in the FSB.
http://www.mcclatchydc.com/news/nation- ... 57354.html


From a high-security Russian prison, Konstantin Kozlovsky provides details to FastCompany about how his software was used to hack the DNC & disrupt the 2016 election under FSB's direction: "I’m ready to collaborate with the US."

Image
Image
Image

Jailed Russian: Here’s How I Hacked The U.S. Election

From a cell in a high-security prison outside Moscow, Konstantin Kozlovsky reveals more about the software he claims disrupted the 2016 election.

Jailed Russian: Here’s How I Hacked The U.S. Election
MOSCOW–Konstantin Kozlovsky is ready to talk. The 29-year-old blonde-haired Russian hacker at the center of the intrigue surrounding the Kremlin’s cyberattacks on the 2016 U.S. presidential election currently sits in a high-security prison with the forbidding name of Matrosskaya Tishina (Sailor’s Silence) in northeastern Moscow. Kozlovsky is officially charged with stealing millions from Russian banks, but he’d prefer to brag about how he built the software used to hack the Democratic National Committee (DNC) and other U.S. targets.

At a small hearing in a Moscow court earlier this month, with only a handful of media outlets present, Kozlovsky said he was ready to present detailed evidence that the Kremlin was directly involved in a series of high-profile attacks, including compromising the DNC’s computer systems in 2016, as well as those of the U.S. government, military, social media companies, and leading U.S. publishers.

In an interview with Fast Company conducted over the last two weeks via a verified representative, Kozlovsky was able to provide more details for his claims about the role of the Russian government, and how the program he developed was designed to wreak havoc.

“I’m ready to collaborate with the U.S. specialists, to show evidence and to confirm information,” he said in response to questions. Kozlovsky claims the program he developed, the so-called LDCS, was able to “replace information on Twitter, Facebook, Google and leading U.S. media outlets.” But he didn’t go into more details, so it remains unclear how the program really works and how extensively it was used during and after the 2016 election. It appears similar to trojans, a type of malware disguised as legitimate software that enables hackers to get full access to your computer, allowing them to change and delete files, monitor your computer activities, or steal your confidential information.

Kozlovsky noted that the Russians’ use of social media for propaganda purposes, as described by the defendants named in the indictment recently handed down by special prosecutor Robert Mueller, actually played a less significant role in achieving Russia’s objectives than hacking.

Since Kozlovsky’s been in jail since late 2016, he doesn’t know the current activities of Russian hackers, but said it’s likely they are using his software to manipulate news reports. “The FSB could easily continue to develop and add other information resources.”

On February 13, Kozlovsky asked the court for an IT specialist to prove his claims, a request he tells Fast Company was never granted. He also says that his detainment at Matrosskaya Tishina has been extended through May 18.

Victims Ranged From Oligarchs To The Olympic Committee

Born in the Russian city of Sverdlovsk (now Yekaterinburg), Kozlovsky rose to prominence primarily by hacking Russia’s financial institutions. He is one of 50 members of a hacker group called Lurk, which successfully hacked “all of Russia’s banks,” according to Group-IB, a cybersecurity company based in Moscow. Kozlovsky was been in prison for almost a year and eight months.

The tale of how someone like Kozlovsky found himself in prison, caught up in the middle of a high-stakes international drama involving Russia’s counterintelligence agencies, rogue hackers turned government agents, and allegations of Russia’s multilayered plot to interfere in the U.S. elections reveals much about Russia’s cybersecurity landscape and the murky relationship between the country’s counterintelligence operations and criminal hacking groups.

The cyberfraud charges against Kozlovsky include “organization of criminal community,” as well as the creation and distribution of harmful software programs. Lurk, the group he belonged to, reportedly stole more than $50 million (3 billion rubles) over a period of five years, according to Group-IB’s data.

Back in December, Kozlovsky first claimed his role in hacking the DNC amid the heated U.S. primary season in 2016, saying he was acting on the orders of Russia’s Federal Security Service (FSB), the country’s counterintelligence agency that has retained the ethos and global ambitions of the Soviet era.

Outside of court hearings every few months, Kozlovsky has relied on his Facebook page to fill in the blanks.

In a recent post, Kozlovsky confirmed his involvement in the attacks on the U.S. Democratic Party, the World Anti-Doping Agency, the Olympics Committee, and FIFA on the orders of FSB Major Dmitry Dokuchaev, who worked at the agency’s Center for Information Security. He was one of four intelligence officials arrested a year ago and accused of treason by Russia, a move that rattled the cybersecurity community in Russia and beyond.

Dokuchaev began to communicate with Kozlovsky in 2005, collecting compromising material to recruit him and become his handler, according to Kozlovsky’s version of events. Kozlovsky says his testimony detailing his connection to Dokuchaev and his work for the FSB was omitted from the official record by Russian authorities.

Prominent cybersecurity experts in the country tend to find Kozlovsky’s account convincing. “I believe this is really true,” says Pavel Vrublevsky, a cybersecurity expert and founder of CronoPay, a payments operator with offices in Moscow and Amsterdam, of Kozlovsky’s recruitment account. Vrublevsky has had his own run-in with FSB, serving one and a half years in prison after being found guilty of hiring bot makers to attack a rival company. He is an official witness in the Dokuchaev case.

“If Kozlovsky was an informant of Dokuchaev, and therefore was the organizer of Lurk, then Dokuchaev was the true organizer of Lurk,” Vrublevsky says, noting the Russian government “is not ready” to investigate the Lurk story fully. “This may lead to even more questions about how that department of FSB actually operated,” he says.

Dokuchaev has disputed this version of events and denies knowing Kozlovsky, reports RBK, a Russian business publication.

According to the FBI, Dokuchaev is responsible for a range of cybercrimes, including “gaining unauthorized access to the computer networks of and user accounts hosted at major companies providing worldwide webmail and internet-related services in the Northern District of California and elsewhere.”

Does His Software Really Work On Such A Scale?

Still, Kozlovsky’s claims have not been independently verified, especially when it comes to the software capabilities he describes.

“The technology described, LDCS, it’s quite a typical code called podmena or substitute in Russian slang, mainly used for changing real advertising links for someone else’s illegal promotion or for illegal bank fraud operations,” Vrublevsky says. “In reality, however, it likely can’t be done–because if a fraud like this occurs on a massive scale, the antivirus software blocks it almost immediately.”

Russian officials have repeatedly denied any involvement in the U.S. electoral process.

In the United States, for more than a year, high-level officials have acknowledged “the Russian intelligence services hacked into a number of enterprises in the United States, including the Democratic National Committee.”

But few answers have been provided in terms of characterizing the scope of Russia’s cyber attack and measures taken to prevent future operations.

In the U.S., while the major intelligence agencies have presented evidence of Kremlin-linked hacking, President Donald Trump remains unconvinced, tweeting his skepticism and expressing doubts in public. Last week, U.S. Cyber Command and Director Admiral Mike Rogers told lawmakers that Trump hasn’t told him to confront the Russian cyber threat. Indeed, the U.S. seems unprepared for the strong likelihood of cyberattacks in this year’s midterm elections, though intel chiefs are convinced they’re on the way.

“There should be no doubt that Russia perceives that its past efforts have been successful and views the 2018 midterm U.S. elections as a potential target for Russian influence operations,” Dan Coats, the director of national intelligence, recently said. “Frankly, the United States is under attack.”

When it comes to the voter registration systems, Jeanette Manfra, the head of cybersecurity at the Department of Homeland Security, downplayed the effectiveness of Russia’s attack.

“We saw a targeting of 21 states, and an exceptionally small number of them were actually successfully penetrated,” she told NBC News earlier this month.

A recent report from the Center for American Progress evaluating election security in 50 states found no state receive an “A” grade in terms of their cybersecurity standards and voting requirements. Forty states received a “C” grade or below.

The FBI and the Department of Homeland Security’s cybersecurity division could not be reached for comment by phone or email.

The White House has not responded to or acknowledged all the findings from different government agencies on Russia-related cybercrimes.

In the latest round of indictments in Mueller’s wide-ranging investigation, Deputy Attorney General Rod Rosenstein said that 13 Russian nationals and three Russian entities used social media posts, online ads, and rallies to disseminate propaganda “primarily intended to communicate derogatory information about Hillary Clinton, to denigrate other candidates such as Ted Cruz and Marco Rubio, and to support Bernie Sanders and then candidate Donald Trump.”

A day before the Mueller indictments, the White House took an unusual step and accused the Russian military of “the most destructive and costly cyberattack in history”, the so-called Not Petya attack across Europe, Asia, and the Americas in June 2017. The White House characterized the attack as a part of the Kremlin’s “effort to destabilize Ukraine,” vowing to retaliate with “international consequences.”

When it comes to Russia’s efforts to destabilize the U.S. and its electoral process, as highlighted in the Mueller indictments, the Trump administration had a much more muted and vague response.

“It is more important than ever before to come together as Americans,” President Trump said in a statement in response to the indictments. “It’s time we stop the outlandish partisan attacks, wild and false allegations, and far-fetched theories, which only serve to further the agendas of bad actors, like Russia, and do nothing to protect the principles of our institutions.”

If he is ever allowed the opportunity to prove his claims via an independent IT specialist, and if his claims can be independently verified, this testimony alone will not reveal the extent of Russia’s operations or leave any of the U.S. government entities, private companies, or media organizations any less exposed in the upcoming midterm elections.

But it will be a step toward understanding Russia’s cyberwarfare landscape, the extent of Moscow’s interference, and what the U.S. is up against.
https://www.fastcompany.com/40538571/ja ... s-election

Konstantin also said he left his *fingerprints*

Russian Hacker Says He Left Fingerprints on His DNC Hack in Bid to Bolster His Story That Putin Ordered It

By Zachary Fryer-Biggs On 12/28/17 at 12:09 PM
A Russian hacker who defied Vladimir Putin by claiming he hacked the Democratic National Committee on orders from a high-level Russian security official now says he planted personal details in DNC servers that can prove he was behind the break-in—a detail that, if true, strengthens his claim about the Russians' meddling in the 2016 election.

Konstantin Kozlovsky, a cyber attacker who had previously claimed he was ordered by a Russian security official to crack the DNC server, told RAIN television that he hid his passport number and visa number for a visit to St. Martin in a data file on the DNC systems so that he could prove his story later, according to McClatchy.

The new detail bolsters Kozlovsky's credibility as he awaits trial in an unrelated bank hacking case. Previously, the Russian security official has denied Kozlovsky's claims—but that official, Dmitry Dokuchaev, is himself being held on secret charges of treason that may be about his alleged role in confirming the DNC break-in to U.S. intelligence officials.

Only the DNC or the cybersecurity companies it used to combat the Russian hacks can confirm Kozlovsky’s claims about the data signature he says he left behind. Federal authorities say they have never had access to the DNC’s servers.

The 2016 DNC hack gave Russian intelligence access to a trove of emails from the Hillary Clinton campaign, emails that were then passed on to WikiLeaks to try to harm Clinton and help Trump, according to U.S. intelligence agencies.

Kozlovsky had previously claimed in the Facebook posts that he had been instructed by Dokuchaev, a senior official with the Russia’s Federal Security Service, to hack the DNC system. The Facebook posts included a handwritten note, as well as audio recordings, but experts doubted that Kozlovsky could have made the social media post because he's being held in a high-security prison where inmates don't typically get internet access.

The interview with RAIN was apparently conducted over email, raising more questions for doubters.

Dokuchaev has denied knowing Kozlovsky, though the description of his handling Kozlovsky matches the approach of Russian intelligence, whose officials often manage hackers not directly employed by the government to provide plausible deniability down the road.

GettyImages-895407106 Trump administration officials at a December press conference claiming North Korea was behind a massive attack using the WannaCry bug. Mark Wilson/Getty Images

In the interview with RAIN, Kozlovsky claims credit for helping to develop both the Lurk and WannaCry viruses. Earlier this month Trump administration officials accused North Korea of having used the WannaCry virus to infect millions of systems demanding ransoms from computer users in exchange for unlocking their computers. The officials said that the same group behind the Sony Pictures attack, the Lazarus Group, was also behind the use of WannaCry, though they did not claim that North Korea created the original virus.

http://www.newsweek.com/russian-hacker- ... dnc-761727

https://twitter.com/dcpoll/status/971065769596522497

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

PostPosted: Tue Mar 20, 2018 8:23 pm
by seemslikeadream
Kaspersky's 'Slingshot' report burned an ISIS-focused intelligence operation

WRITTEN BY

Chris Bing and Patrick Howell O'Neill
MAR 20, 2018 | CYBERSCOOP

The U.S. government and Russian cybersecurity giant Kaspersky Lab are currently in the throes of a nasty legal fight that comes on top of a long-running feud over how the company has conducted itself with regard to U.S. intelligence-gathering operations.

A recent Kaspersky discovery may keep the feud alive for years to come.

CyberScoop has learned that Kaspersky research recently exposed an active, U.S.-led counterterrorism cyber-espionage operation. According to current and former U.S. intelligence officials, the operation was used to target ISIS and al-Qaeda members.

On March 9, Kaspersky publicly announced a malware campaign dubbed “Slingshot.” According to the company’s researchers, the campaign compromised thousands of devices through breached routers in various African and Middle Eastern countries, including Afghanistan, Iraq, Kenya, Sudan, Somalia, Turkey and Yemen.

Kaspersky did not attribute Slingshot to any single country or government in its public report, describing it only as an advanced persistent threat (APT). But current and former U.S. intelligence officials tell CyberScoop that Slingshot represents a U.S. military program run out of Joint Special Operations Command (JSOC), a component of Special Operations Command (SOCOM).

The complex campaign, which researchers say was active for at least six years, allowed for the spread of highly intrusive malware that could siphon large amounts of data from infected devices.

Slingshot helped the military and intelligence community collect information about terrorists by infecting computers they commonly used, sources told CyberScoop. Often times, these targeted computers would be located within internet cafés in developing countries. ISIS and al-Qaeda targets would use internet cafés to send and receive messages, the sources said.

These officials, all of whom spoke on condition of anonymity to discuss a classified program, fear the exposure may cause the U.S. to lose access to a valuable, long-running surveillance program and put soldiers’ lives at risk.

The disclosure comes at a difficult time for Kaspersky. The company is currently fighting the U.S. government in court after the government claimed that the Moscow-based company’s software poses a national security risk due to the company’s Russian government ties. Kaspersky has consistently denied any wrongdoing.

CyberScoop’s reporting of JSOC’s role in Slingshot provides the first known case of a SOCOM-led cyber-espionage operation. The command is better known for leading physical missions that place elite soldiers on the ground in hostile territories. Over the last decade, SOCOM has been instrumental in the Global War on Terror, having conducted many sensitive missions, including the one that killed former al-Qaeda leader Osama bin Laden.

Slingshot, CyberScoop has learned, is a complement to JSOC’s physical missions.

A former intelligence official told CyberScoop that Kaspersky’s findings had likely already caused the U.S. to abandon and “burn” some of the digital infrastructure that JSOC was using to manage the surveillance program.

“SOP [standard operating procedure] is to kill it all with fire once you get caught,” said the former intelligence official. “It happens sometimes and we’re accustomed to dealing with it. But it still sucks … I can tell you this didn’t help anyone.”

SOCOM has hackers?

While not an intelligence agency by nature, SOCOM has dabbled in cyber-operations — known inside the unit as “special reconnaissance” — for some time, according to multiple academics who have examined the use of offensive cyber tools within special operations units. Most of these operations would usually combine elements of human (HUMINT) and signals intelligence (SIGINT) in order to catch terrorists.

As the Global War on Terror grew, most combatant commands took visible steps and received considerable funding to build out their own espionage capabilities. One of the military organizations which benefited most from this explosive growth in resources was SOCOM, a unit that many describe as the “tip of the spear” when it comes to military operations.

“Many units within SOCOM possess independent cyber capabilities,” a senior U.S. intelligence official told CyberScoop.

Throughout the past decade, SOCOM has used cyber operations in a very ad hoc manner. If cyberwarfare was used in an operation, SOCOM has either been given support from U.S. Cyber Command or reliant on smaller squadrons within various units.

For instance, a group of hackers organized under the name “Computer Network Operations Squadron” (CNOS), were known to operate within JSOC command circa 2007. Though headquartered in Northern Virginia, CNOS helped coordinate missions where on-the-ground agents in the Middle East — and sometimes undercover operatives — would infiltrate internet cafés and local telecommunications firms. The squadron was first written about in “Relentless Strike: The Secret History of Joint Special Operations Command,” a book by Canadian journalist Sean Naylor.

Naylor wrote that CNOS staff could be stationed around the world, including at Fort Meade in Maryland and CIA’s Langley, Virginia, headquarters. CNOS had close connections to CIA, blurring the already fuzzy line between U.S. intel and military organizations.

In one case mentioned by Naylor’s book, CNOS infected a terrorist’s computer with “keystroke recognition [software], at other times it would covertly activate a webcam if the computer had one, allowing the task force to positively identify a target.”

The Slingshot program found by Kaspersky had similar capabilities.

SOCOM’s exclusive structure provides an easy way to leverage long-standing intelligence programs, since it is permitted to quickly organize and deploy forces globally wherever defined rules of engagement exist. Teams like CNOS, as described by Naylor, are able to work closely with intelligence agencies and after receiving approval from regional combatant commands.

JSOC and CIA have a history of working together and when combined, meet a similar profile to to how Slingshot would be utilized.

“The military kept CNOS in JSOC ‘because we want it to operate in areas that are not necessarily … where we’re currently at war’ … we want it to operate around the globe [pursuing] national objectives,” a passage in Naylor’s book, citing an unnamed military intelligence officer, reads. “[CNOS] was how the pesky networks were broken in Iraq.”

Slingshot’s ties to spies

One Kaspersky researcher involved with the Slingshot report said the malware campaign illustrated one of the most skilled and sophisticated hacking operations ever to be publicly documented. Its creators took numerous steps to hide their identity and purpose, making Slingshot extremely difficult to study, explained Kurt Baumgartner, a principal security researcher with Kaspersky.

Baumgartner, a U.S. citizen, did not author the Slingshot report. Instead, a team of four researchers based overseas, largely in Russia, are credited with writing it.

“It is one of the most technically sophisticated groups we’ve ever seen,” said Baumgartner. “Most of the code is entirely unique, meaning that no one has ever seen it before … the only overlap we’ve seen, and I think there are people already discussing it, is there’s some limited similarities maybe to Equation Grayfish and White Lambert.”

“Grayfish” is a software implant associated with the “Equation Group,” an entity that is widely attributed to the National Security Agency. The “Lamberts,” another group identified and first catalogued by Kaspersky, has been separately linked to the CIA.

Hacking tools tied to past Equation Group and Lambert-inspired operations were written in English, just like Slingshot. Like Grayfish and Lamberts, Slingshot used a distinct software driver abuse technique to install malicious code onto targeted systems. They are the only three documented APTs to use this exact driver abuse method.

Kaspersky’s ability to identify even the most advanced malware variants is well-documented, especially within the highly competitive cybersecurity community. Most of these cases are handled by Kaspersky’s heralded Global Research & Analysis Team (GReAT) team. The Russian company is known for employing some of the best reverse malware engineers and analysts in the entire industry.

The company also has a vast business presence in the Middle East. Slingshot was discovered through the company’s work in that region.

A source close to Kaspersky Lab told CyberScoop that while some researchers may have thought Slingshot was the work of a “Five Eyes” nation — a term used to describe an intelligence alliance between Australia, Canada, New Zealand, the United Kingdom and the U.S. — they couldn’t have known for sure. This source told CyberScoop that the Kaspersky researchers lacked context because there’s “only so much that can be gleaned from technical evidence.”

Questions sent to the Russian company regarding if they knew about Slingshot’s U.S. military origin went unanswered.

Even so, a cursory review provides some tips that Slingshot be linked to U.S. spies.

The malware is comprised of individual modules, each carrying a different title, like “Gollum,” “Cahnadr” or “NeedleWatch,” according to Kaspersky. A leaked NSA memo released in 2015 describes Gollum as a “partner implant” used by another agency aside from NSA. The memo, circulated between Five Eyes nations, talks about the need to create an accessible data pipeline that pulls information from infected computers where an active implant is hidden.

In addition to “Gollum,” the way Slingshot exploits routers made by Latvian company Mikrotik could perhaps be traced back to another spy agency: the CIA. Classified documents published by WikiLeaks as part of the so-called “Vault 7” dump show that the CIA has been interested in compromising Mikrotik equipment since at least 2015. Mikrotik products are popular in the Middle East and Southeast Asia.

Spokespeople for the Office of the Director of National Intelligence, NSA and Special Operations Command (SOCOM) all declined to comment.

Adding fuel to the fire

CyberScoop spoke with several U.S. cybersecurity researchers who said they weren’t surprised or angered by the fact that Kaspersky had potentially publicized a U.S. cyber-espionage operation.

These experts, who asked for anonymity because they feared blowback for speaking publicly, said that it’s only natural for Kaspersky to attempt to stop cyberattacks aimed at its clients. Others who spoke to CyberScoop, however, including current U.S. officials, said they were angry because publicly disclosing Slingshot may put lives in danger.

Complicating the matter is the lawsuit Kaspersky has filed against the U.S. government. The 2018 National Defense Authorization Act banned the use of Kaspersky products across the federal government. Kaspersky charges that ban is unconstitutional.

The ban comes after numerous reports that the company’s anti-virus engine was leveraged by Russian spies to remotely pilfer secret U.S. documents on systems where the software was installed. In response, Kaspersky launched a transparency effort in October 2017, which it says proves its products are not malicious.

At the moment, it’s not clear if the Russian company expected that its focus on Slingshot would eventually expose a sensitive U.S. counterterrorism initiative.

A senior U.S. intelligence official claimed that it would be hard to believe that Kaspersky was totally unaware of what it was handling.

“It’s clear by the way they wrote about this that they knew what it was being used for,” said the senior official. “GReAT is extremely adept at understanding the information needs of different actors out there on the internet. They take into considering the geopolitical circumstances, they’ve shown that time and time again. It would be a stretch for me to believe they didn’t know what they’re dealing with here.”

Greg Otto contributed to this report.
https://www.cyberscoop.com/kaspersky-sl ... five-eyes/

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

PostPosted: Fri Mar 30, 2018 9:40 am
by seemslikeadream

Czech Justice Ministry confirms to Reuters that alleged Russian hacker Yevgeny Nikulin extradited to United States. "We confirm extradition to the United States," a spokeswoman said in a text message.
https://twitter.com/RFERL/status/979671253278699520



Czechs Extradite Alleged Russian Hacker Nikulin To U.S.

RFE/RL
The Czech Justice Ministry has announced that an alleged Russian hacker wanted by both Washington and Moscow has been extradited to the United States.

Yevgeny Nikulin is accused of hacking big Internet companies including LinkedIn and Dropbox in 2012 and 2013. In the United States, he faces up to 30 years in prison if convicted on charges that include computer intrusion and identity theft.

But his case became an international tug-of-war when Russia made a rival extradition request shortly after the United States put forward its request. In Russia, Nikulin is wanted for alleged involvement in an online theft of about $2,000 in 2009.

"We confirm extradition to the United States," a spokeswoman said in a text message sent to the Reuters news agency. "He has already flown out."

Justice Minister Robert Pelikan made the decision after the country's top court said it rejected a last-minute appeal from the Russian.

During a visit to the Czech Republic, U.S. House Speaker Paul Ryan said on March 27 in Prague that "we have every reason to believe and expect that Mr. Nikulin will be extradited to America."

In an interview with RFE/RL in Prague on March 26, Ryan said that the "case for extraditing [Nikulin] to America versus Russia is extremely clear."

Ryan, who met with Prime Minister Andrej Babis and other Czech officials during his visit, told RFE/RL that he would raise the issue in those talks.

"He did violate our laws, he did hack these companies.... So the extradition claim is very legitimate," he said. "And I just expect that the Czech system will go through its process, and at the end of that process, I am hopeful and expecting that he'll be extradited."

The tug-of-war over Nikulin had led to some friction in the Czech government.

Babis has said Nikulin should be extradited to the United States. But Pelikan had said that President Milos Zeman -- known for his relatively pro-Kremlin views -- has advocated handing the suspected hacker over to Russia.

Nikulin's lawyer said his client claimed the FBI is trying to link him to the hacking of the Democratic Party's servers during the 2016 U.S. presidential election campaign.

With reporting by Aktualne.cz, CTK, and Respekt.cz
https://www.rferl.org/a/russia-us-czech ... 35397.html

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

PostPosted: Fri Mar 30, 2018 9:46 pm
by seemslikeadream
The big questions on the minds of prosecutors, intelligence officials and cyber security experts are just what Nikulin knows and who he might have worked with. The indictment mentions a co-conspirator but no one else has yet been named or charged.


Alleged Russian hacker extradited. Will he help Mueller probe?
BY KEVIN G. HALL, GREG GORDON AND PETER STONE

March 30, 2018 05:18 PM
Updated 4 hours 16 minutes ago
WASHINGTON
The Czech Republic’s long-sought decision to surrender custody to the FBI of an alleged Russian hacker signals a potential break in the investigation of Kremlin meddling in the 2016 U.S. elections.

The Justice Department announced Friday afternoon Yevgeniy Nikulin’s sudden appearance in a San Francisco federal courtroom after an 18-month legal tug-of-war with the Russian government, which made a competing claim to extradite Nikulin.

Nikulin, 30, was arrested in a Prague restaurant on Oct. 5, 2016 and three days later, then-President Barack Obama made his first accusation of Russian meddling in the U.S. election. On Oct. 20, Nikulin was indicted on federal charges of hacking the private user databases of three U.S. internet giants, LinkedIn, Dropbox and Formspring, and mail accounts tied to Google. The indictment alleges Nikulin used several aliases, including Chinabig01 and itBlackHat.

Nikulin’s extradition is expected to lead to intense pressure from U.S. prosecutors for him to agree to a plea deal so that investigators can learn what he knows about the Kremlin’s cyber operations. Still to be learned is whether Nikulin has information that could assist Special Counsel Robert Mueller’s inquiry into whether Donald Trump’s presidential campaign colluded in Russia’s cyber attacks during the election.


“The FBI will not allow international cyber criminals to operate with impunity,” John Bennett, special agent in charge of the FBI’s San Francisco office, said in a statement. “Nikulin allegedly targeted three Bay Area companies through cyber-attacks and will now face prosecution in the United States.”

Nikulin’s extradition happened days after a visit to Prague by House Speaker Paul Ryan, R-Wis., who called for his extradition during his stay. Ryan and Czech Prime Minister Andrej Babis discussed the case during a meeting Tuesday. Ryan tweeted out thanks late Friday for the action.


Russia and the United States both sought his extradition. Russia’s request sought to bring Nikulin back to that country to face minor internet theft charges that many observers felt were cobbled together in order to keep Nikulin from falling into American hands and divulging potentially embarrassing information about Kremlin intelligence operations. Radio Praha reported Friday that the Russian ambassador was not informed of Nikulin’s extradition and that the Czech court would explain the basis for its decision on April 3.

The world of cybercrime is a murky one, and experts have long contended that Russia’s FSB tolerates it because it is able, when needed, to call in chits and have criminal organizations do its bidding.

"The red flag for me is why the Russians fought so hard to keep him from being extradited," said Nick Akerman, a former Watergate prosecutor. "Why would they care about some low-level hacker?"

Akerman added that Nikulin was "in the right place, at the right time in terms of what the Mueller probe is interested in …The fact that the Russians fought so hard makes you wonder (what he knows). You'd certainly expect the Mueller team would want to talk to him."


One of Nikulin’s alleged targets was Formspring, a social media site, drew national attention because it was used by disgraced former Rep. Anthony Weiner, D-N.Y., who employed the now infamous alias Carlos Danger on that network. Weiner, then the husband of Hillary Clinton’s top aide Huma Abedin, has admitted to having sexually explicit online chats on Formspring with a young woman. The revelation became an ongoing embarrassment for the Clinton campaign.

Weiner admitted sexting and online chats that happened in 2012 and into 2013. The indictment against Nikulin alleges his hack of Formspring occurred between June 13 and June 19, 2012. It also alleges that he downloaded to a computer outside the United States the platform’s user database — complete with email addresses, names and encrypted passwords.


Since his arrest in the Czech capital, Nikulin appealed his extradition. His appeals reportedly reached their endpoint this week. Nikulin’s extradition notches another victory for the FBI, which has managed to nab alleged hackers in cities across the globe.

The FBI office that investigated Nikulin also, last March, built the first-ever criminal cyber case against a Russian state actor. That case involved the hack of Yahoo’s network and 500 million of its subscribers. Two of the four defendants were officers of Russia’s Federal Security Service, a Russian spy agency known by the letters FSB.

Those defendants are still in Russia, out of the reach of U.S. authorities.

The sudden extradition followed a week of tit-for-tat expulsions of Russian diplomats by the United States and its allies, and Russian retaliation. The expulsions were a response to the nerve-agent poisoning in Great Britain of former Russian spy Sergei Skripal and his daughter Yulia, which Prime Minister Theresa May put at the feet of the Russian government.

Attorney General Jeff Sessions hinted at that in a statement Friday about the allegations against Nikulin.

“This is deeply troubling behavior once again emanating from Russia,” he said. “We will not tolerate criminal cyber-attacks and will make it a priority to investigate and prosecute these crimes, regardless of the country where they originate.”

The big questions on the minds of prosecutors, intelligence officials and cyber security experts are just what Nikulin knows and who he might have worked with. The indictment mentions a co-conspirator but no one else has yet been named or charged.

Another looming question is whether Nikulin worked with the Internet Research Agency, a St. Petersburg-based troll farm tied to Russian intelligence. In February, Mueller brought an indictment accusing 13 Russians, including several intelligence officials, and three companies of roles in sowing chaos and aiding Trump in 2016 election. These Russians sought to spread distrust among voters and in the election results, and they were bankrolled, according to the Mueller indictment, by a businessman friend of Russian leader Vladimir Putin named Yevgeniy Viktorovich Prigozhin.
http://www.mcclatchydc.com/news/politic ... rylink=cpy

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

PostPosted: Sat Mar 31, 2018 7:43 am
by Elvis
NPR seems to have dropped Kaspersky Labs as a sponsor. :lol:

This week it was revealed that the Russians took advantage of Kaspersky Lab anti-malware software on an NSA contractor’s home computer in order to hack into sensitive data (New York Times). This has been just the latest blow to the reputation of Kaspersky Lab, which is headquartered in Moscow


I would not trust Kaspersky products; pretty much all new Internet security software companies are infiltrated when they start showing signs of success, I'm certain of that, so I don't think there's any question that Kaspersky has some spooks in the right places, and most likely Russian.

(A funny farce might have CIA and FSB both covertly trying to take over a software company..."The Office" with spies?)

Products from Kaspersky Lab are widely used in homes and businesses throughout the U.S. But ABC News found, largely through outside vendors, that Kaspersky Lab software has also been procured by such federal agencies as the U.S. Bureau of Prisons, the Consumer Product Safety Commission and even some segments of the Defense Department.


A list of Kaspersky's DOD contracts would be mighty interesting.

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

PostPosted: Sat Mar 31, 2018 10:44 am
by seemslikeadream
‘Red Warrant’ for Nikulin

Image

Image


names mentioned in the article above that I posted


Yevgeniy Nikulin
Barack Obama
Paul Ryan
Czech Prime Minister Andrej Babis
Mueller
Anthony Weiner
Carlos Danger Weiner
Hillary Clinton
Huma Abedin
Yahoo
FSB.
Sergei Skripal
Yulia
Prime Minister Theresa
Jeff Sessions
Vladimir Putin
Yevgeniy Viktorovich Prigozhin


One of Nikulin’s alleged targets was Formspring, a social media site, drew national attention because it was used by disgraced former Rep. Anthony Weiner, D-N.Y., who employed the now infamous alias Carlos Danger on that network.


Giulani should be very worried and also his FBI friends

How did the FBI know to look Mr. Giulani? Did your FBI friends give you a heads up?


“Does Donald Trump plan anything except a series of inspiring rallies?” Mr. Kilmeade asked.

“Yes,” Mr. Giuliani replied.

Another host, Ainsley Earhardt, jumped in.

“What?” she asked.

“Ha-ha-ha,” Mr. Giuliani laughed. “You’ll see.”

Appearing to enjoy his own coy reply, Mr. Giuliani resumed chuckling: “Ha-ha-ha.”

“When will this happen?” Ms. Earhardt asked.

“We got a couple of surprises left,” Mr. Giuliani said, smiling.

This enigmatic reply roused the show’s third host, Steve Doocy.

“October surprises?” he asked.

Mr. Giuliani expanded a bit.

“Well,” he said, “I call them early surprises in the way we’re going to campaign to get our message out, maybe in a little bit of a different way. You’ll see. And I think it’ll be enormously effective. And I do think that all of these revelations about Hillary Clinton finally are beginning to have an impact.”


INDICTED Turkish Minister Former General Manager...GIULIANI?
viewtopic.php?f=8&t=40682&p=650476&hilit=Giuliani#p650476



why was Paul Ryan involved in getting Nikulin extradited here......seems to be counterproductive for him...maybe you had a talk with Mr. Mueller? Rumors are that you are retiring or planning to quit before the mid terms? INTERESTING!

Two days before FBI director James Comey rocked the world last week, [b]Rudy Giuliani was on Fox, where he volunteered, un-prodded by any question: “I think he’s [Donald Trump] got a surprise or two that you’re going to hear about in the next few days. I mean, I’m talking about some pretty big surprises.”[/b]
Pressed for specifics, he said: “We’ve got a couple of things up our sleeve that should turn this thing around.”
The man who now leads “lock-her-up” chants at Trump rallies spent decades of his life as a federal prosecutor and then mayor working closely with the FBI, and especially its New York office. One of Giuliani’s security firms employed a former head of the New York FBI office, and other alumni of it. It was agents of that office, probing Anthony Weiner’s alleged sexting of a minor, who pressed Comey to authorize the review of possible Hillary Clinton-related emails on a Weiner device that led to the explosive letter the director wrote Congress.
Hours after Comey’s letter about the renewed probe was leaked on Friday, Giuliani went on a radio show and attributed the director’s surprise action to “the pressure of a group of FBI agents who don’t look at it politically.”
“The other rumor that I get is that there’s a kind of revolution going on inside the FBI about the original conclusion [not to charge Clinton] being completely unjustified and almost a slap in the face to the FBI’s integrity,” said Giuliani. “I know that from former agents. I know that even from a few active agents.”
Along with Giuliani’s other connections to New York FBI agents, his former law firm, then called Bracewell Giuliani, has long been general counsel to the FBI Agents Association (FBIAA), which represents 13,000 former and current agents. The group, born in the New York office in the early ’80s, was headed until Monday by Rey Tariche, an agent still working in that office. Tariche’s resignation letter from the bureau mentioned the Clinton probe, noting that “we find our work—our integrity questioned” because of it, adding “we will not be used for political gains.”
When the FBIAA threw its first G-Man Honors Gala in 2014 in Washington, Giuliani was the keynote speaker and was given a distinguished service award named after him. Giuliani left Bracewell this January and joined Greenberg Traurig, the only other law firm listed as a sponsor of the FBIAA gala. He spoke again at the 2015 gala. The Bracewell firm also acts as the association’s Washington lobbyist and the FBIAA endorsed Republican Congressman Mike Rodgers, rather than Comey, for the FBI post in 2013. Giuliani did not return a Daily Beast message left with his assistant.
Back in August, during a contentious CNN interview about Comey’s July announcement clearing Hillary Clinton of criminal charges, Giuliani advertised his illicit FBI sources, who circumvented bureau guidelines to discuss a case with a public partisan. “The decision perplexes me. It perplexes Jim Kallstrom, who worked for him. It perplexes numerous FBI agents who talk to me all the time. And it embarrasses some FBI agents.”
Kallstrom is the former head of the New York FBI office, installed in that post in the ’90s by then-FBI director Louis Freeh, one of Giuliani’s longtime friends. Kallstrom has, like Giuliani, been on an anti-Comey romp for months, most often on Fox, where he’s called the Clintons as a “crime family.” He has been invoking unnamed FBI agents who contact him to complain about Comey’s exoneration of Clinton in one interview after another, positioning himself as an apolitical champion of FBI values.
Last October, after President Obama told 60 Minutes that the Clinton emails weren’t a national security issue, Megyn Kelly interviewed Kallstrom on Fox. “You know a lot of the agents involved in this investigation,” she said. “How angry must they be tonight?”
“I know some of the agents,” said Kallstrom. “I know some of the supervisors and I know the senior staff. And they’re P.O.’d, I mean no question. This is like someone driving another nail in the coffin of the criminal justice system.”
Kallstrom declared that “if it’s pushed under the rug,” the agents “won’t take that sitting down.” Kelly confirmed: “That’s going to get leaked.”
When Comey cleared Clinton this July, Kallstrom was on Fox again, declaring: “I’ve talked to about 15 different agents today—both on the job and off the job—who are basically worried about the reputation of the agency they love.” The number grew dramatically by Labor Day weekend when Comey released Clinton’s FBI interview and other documents, and Kallstrom told Kelly he was talking to “50 different people in and out of the agency, retired agents,” all of whom he said were “basically disgusted” by Comey’s latest release.
By Sept. 28, Kallstrom said he’d been contacted by hundreds of people, including “a lot of retired agents and a few on the job,” declaring the agents “involved in this thing feel like they’ve been stabbed in the back.” So, he said, “I think we’re going to see a lot more of the facts come out in the course of the next few months. That’s my prediction.”
Kallstrom, whose exchanges with active agents about particular cases are as contrary to FBI policy as Giuliani’s, formally and passionately endorsed Trump this week on Stuart Varney’s Fox Business show, adding that Clinton is a “pathological liar.”

Kallstrom, who served as a Marine before becoming an agent, didn’t mention that a charity he’d founded decades ago and that’s now called the Marine Corps Law Enforcement Foundation, was the single biggest beneficiary of Trump’s promise to raise millions for veterans when he boycotted the Iowa primary debate. A foundation official said that Trump’s million-dollar donation this May, atop $100,000 that he’d given in March, were the biggest individual grants it had ever received. The Trump Foundation had contributed another $230,000 in prior years and Trump won the organization’s top honor at its annual Waldorf Astoria gala in 2015.
The charity, which Kallstrom has chaired without pay since its founding, says it has given away $64 million in scholarships and other aid to veteran families. Rush Limbaugh is a director and has given it enormous exposure on his show and helped it fundraise. Its executive director also worked at the highest levels of New York Governor George Pataki’s Republican administration, and its vice president is also the regional vice president for Trump Hotels in the New York area. The FBI New York office, the charity’s 2015 newsletter noted, then employed 100 former Marines.
Kallstrom, who first worked with Giuliani when the future mayor was a young assistant prosecutor in the early ’70s, was Pataki’s public safety director for five years after the 9/11 attacks and claims he was the one who recommended Comey to Pataki, who got the Bush White House to name him to Giuliani’s old job, U.S. attorney for the Southern District in 2001. Comey had worked in the Southern District for years, hired as a young assistant in 1987 by Freeh, then a top Giuliani deputy.
Kallstrom’s victory tour this weekend also included an appearance on Fox with former Westchester District Attorney Jeanine Pirro, another close associate of Pataki’s, who complained on air that she’d been the victim in 2006 when word emerged that the U.S attorney and FBI were probing her in the midst of a race she eventually lost to Andrew Cuomo to become New York Attorney General.
Her concern about the political impact of law enforcement leaks, though, didn’t extend to Democrat Hillary Clinton. “He couldn’t hold on to this any longer,” Kallstrom said of Comey. “Who knows, maybe the locals would’ve done it,” he added, a reference to leaks that elicited glee from Pirro, who echoed: “New York City, that’s my thing!”
In a wide-ranging phone interview on Tuesday with The Daily Beast, Kallstrom first repeated his claim that he gets hundreds and hundreds of calls and emails but stressed they all came from retired agents, adding that he didn’t “want to talk about agents on the job.” Then he acknowledged that he did interact with “active agents.” The agents mostly contacted him before the recent Comey letter because “in all but two cases,” they agreed with what he was saying in his TV appearances, noting that those two exceptions both thought “I should be more supportive of Comey.”
Kallstrom adamantly denied he’d ever said he was in contact with agents “involved” in the Clinton case, insisting that he didn’t even know “the agents’ names.” He asked if this story was “a hit piece,” and contended that it was “offensive” to even suggest that he’d communicated with those agents. When I emailed him two quotes where he made that claim, he responded: “I know agents in the building who used to work for me. I don’t know any agents in the Washington field office involved directly in the investigation.”
Later, though he acknowledged that “the bulk” of the agents on the Weiner case are “in the New York office,” even as he insisted that the “locals” he told Pirro would’ve leaked the renewed probe had not Comey revealed it were not necessarily agents.
He declined to explain why Megyn Kelly stated as a fact that he was in contact with agents “involved” in the case. Asked in a follow up email if he suggested or encouraged any particular actions in his exchanges with active agents, Kallstrom replied: “No.”
“Now, I’m supporting Comey,” Kallstrom told me on the phone, adding that he can’t do or say anything else before election day. “He can’t characterize” what the bureau has from the Weiner emails. “The FBI can’t say anything without having all the information,” Kallstrom contends, just after telling me he supports the FBI director who’s under fire for having done just that.
And, though he predicted in September that more facts about the Clinton case would soon come out, he told me he was “surprised” by the Comey letter. Calling Giuliani a “very good friend,” who he’s seen in TV studios a couple of times recently when they were both doing appearances, Kallstrom said he thought Giuliani was more likely referring to WikiLeaks revelations or videotapes from Project Veritas when he teased big surprises to come.
Kallstrom said he hasn’t spoken to Trump for months, though he did email Trump’s office the day he endorsed him and got a thank you response from an aide. He says he first met Trump when he solicited a donation from him for a Vietnam Vet memorial and that they’d see each other—usually at public events and dinners—over the years, sometimes as often as two or three times a year. Kallstrom said he’d have breakfast at the Plaza with his wife and visit with Trump and his kids, who he got to know at an early age.
When Trump owned casinos in Atlantic City, he allowed Kallstrom’s organization to hold fundraisers “pro bono” there. Trump became a major supporter of New York’s Police Athletic League, run for decades by Manhattan District Attorney Robert Morgenthau, all moves that endeared him to law enforcement officials in jurisdictions where he did business.
Despite his ties to Pataki, Limbaugh, and Trump, Kallstrom says he’s apolitical and has never been involved in a campaign, including Trump’s now. He says he’s a registered independent, and that the people he’s known in the FBI over all his years are as nonpartisan as he is.
But, as quiet as it’s kept, no Democrat has ever been appointed FBI director. Four Democratic presidents, starting with FDR’s selection of J. Edgar Hoover in 1935, have instead picked Republicans, including Obama’s 2013 nomination of Comey, who was confirmed 93 to 1. This tally does not include the seven acting directors, who were named for brief periods over the last 81 years. For the first time in FBI history, the agency is now run by a director who isn’t a Republican, since Comey announced in a congressional hearing this year that though a lifelong Republican, having donated to John McCain and Mitt Romney, he had recently changed his registration (he did not say how he is currently registered).
Six months into his first term in 1993, President Bill Clinton tapped Freeh, a onetime FBI agent who’d worked under Kallstrom, and Freeh spent much of his eight years at the bureau’s helm trying to put Clinton in jail, even dispatching agents to a White House side room to get the president’s DNA during a formal dinner. When Freeh stepped down in 2001, shortly after George Bush replaced Clinton, he went to work for credit-card company MBNA, a giant Republican donor where Kallstrom and another top Freeh FBI appointee were already working. He’s still hunting for the Clintons, though—delivering a speech assailing them at an annual FBI office event in New York last year.
It’s not just the man at the top who’s invariably a Republican. Like most law enforcement agencies, the FBI hierarchy and line staff has a Republican bent—it’s a white, male, usually Catholic, and conservative culture.
Giuliani and Kallstrom claim that the agents revolting against Comey’s handling of Hillary Clinton were doing it because they want apoltical investigations, with all targets treated the same. But neither of them, much less FBI brass or agents, were publicly upset when the worst Justice Department scandal in modern history exploded in 2007, with Karl Rove, Attorney General Alberto Gonzales, and the Bush White House swamped by allegations that they’d tried to force out nine U.S. attorneys and replace them with “loyal Bushies,” as Gonzales’s chief of staff put it. Democratic officials, candidates and fundraisers were five times as likely to be prosecuted by Bush’s justice than Republicans.
Then at the top of the polls in the 2008 presidential race, Giuliani had to answer questions about it and said that he thought Gonzales should get “the benefit of the doubt,” calling him “a decent man” a few months before he resigned. “We should try to remove on both sides as much of the partisanship as possible,” lectured Giuliani. He recalled that strict rules were put into place while he was at the top levels of justice in the aftermath of Watergate limiting contact between law enforcement and political figures, a particular irony in view of the fact that he talks freely today about engaging in just such conversations on national television, oblivious to the fact that he is now a “political figure.”
Giuliani’s mentor, Michael Mukasey, who succeeded Gonzales as attorney general, appointed a special investigator to examine the U.S. attorney scandal and she concluded that no laws had been broken. It was later reported that four days before Mukasey named this special prosecutor, a federal appeals court vacated seven of eight convictions in a case she supervised in Connecticut, ruling that the team suppressed exculpatory evidence, including the notes of an FBI agent. Kallstrom contends he didn’t say anything about the blatant partisan interference then because he was “never asked to comment,” though he had been a law enforcement consultant for CBS News in about the same time frame. How he became a frequent Fox commentator now is unclear.
It’s clear enough, though, why when Comey sent a note to FBI staff on Friday explaining his decision to inform Congress about the renewed Clinton probe, the scoop about that internal memo went to Fox News. Why Kallstrom gets booked to talked about the Clintons a “crime family.” Why Clinton Cash author Peter Schweitzer, caught in a web of Breitbart and Trump conflicts, would announce on Fox that he was asked in August to sit down with New York office FBI agents investigating the Clinton Foundation (with The New York Times reporting this week that the agents were relying largely on his discredited work when they pitched a fullscale probe).
Fox is the pipeline for the fifth column inside the bureau, a battalion that says it’s doing God’s work, chasing justice against those who are obstructing it, while, in fact, it’s doing GOP work, even on the eve of a presidential election.

http://www.thedailybeast.com/articles/2 ... anboy.html
[/quote]

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

PostPosted: Mon Apr 02, 2018 1:41 pm
by stillrobertpaulsen
seemslikeadream » Sat Mar 31, 2018 9:44 am wrote:why was Paul Ryan involved in getting Nikulin extradited here......seems to be counterproductive for him...maybe you had a talk with Mr. Mueller? Rumors are that you are retiring or planning to quit before the mid terms? INTERESTING!


This was one of the most interesting parts of that article for me as well. Nikulin was arrested October of 2016 ... but isn't extradited to the US until last Friday??? Which just happens to coincide with Ryan's visit to the Czech Republic???

Image

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

PostPosted: Tue Apr 03, 2018 4:46 am
by seemslikeadream
[quote="seemslikeadream » Thu Jan 26, 2017 10:09 pm"
Report: Russian arrests allegedly tied to passing hacking information to U.S.

Patrick O'Neill
JAN 26, 2017 | CYBERSCOOP
A day after it was revealed that two Russian cybersecurity experts had been arrested on treason charges, Russian media is reporting that the total number of arrests is four: including Sergei Mikhailov, the top cybersecurity officer in Russia’s Federal Security Service.

The arrests include Mikhailov, Dmitry Dokuchaev, who was in Mikhailov’s FSB unit; Ruslan Stoyanov, the lead cybercrime investigator at Kaspersky Labs; and an unidentified fourth suspect.

The independent newspaper Novaya Gazeta (New Gazette) reported that the FSB thinks Mikhailov gave information to Americans about Vladimir Fomenko, who owns a server rental company known as King Servers. The company was identified in September by Arlington, Va.-based ThreatConnect as the manager of an “information nexus” used by hackers attacking institutions across the western world, including election systems in Arizona and Illinois in 2016.

The Russian government is still staying silent on the issue, so it’s extremely difficult to parse the exact details and timeline beyond anonymously-sourced media reports. The Moscow Times — an English-language weekly newspaper based in Moscow — suggests the arrests took place this week, while previous reports said the arrests took place in December.

Fomenko spoke to the New York Times last year, denying knowledge of hackers using his servers:

On Sept. 15, Mr. Fomenko issued a statement saying that he had learned belatedly from news reports of the accusation that the hacking of the Arizona and Illinois voting systems were staged from two of his servers, and that he had shut them down. Mr. Fomenko does not deny that hackers used his servers, but does deny knowing that they did until Sept. 15. He says he does not know who they are, but that they are certainly not the Russian security agencies.

“The analysis of the internal data allows King Services to confidently refute any conclusions about the involvement of the Russian special services in this attack,” he said in his statement. But then, apparently striking a sarcastic tone, he said he would send a bill to Mr. Trump and Mr. Putin for server rent left unpaid by the hackers.

New reports from Kommersant, the Russian daily newspaper that originally broke the arrest news, assert that Ruslan Stoyanov is now being represented by Ivan Pavlov and Evgeny Smirnov of Team 29, a group of human rights attorneys with a history of winning treason cases in Russia. The report also confirms that the arrests did indeed take place in December, despite the Moscow Times’ report.

ThreatConnect and King Servers have not yet responded to a request for comment.
https://www.cyberscoop.com/russia-fsb-a ... atconnect/
[/quote]

Image

Wendy Siegelman


A senior leader in Russia’s spy agency, Dmitry Dokuchaev, wanted by FBI and suspected to be linked to Russian meddling in 2016 US election, has agreed to plead partially guilty to sharing information with foreign intelligence,


“one of the individuals about whom Dokuchaev shared information was alleged Russian hacker Yevgeniy Nikulin” who was extradited to California on Friday and has pleaded not guilty

Image

Report: Russian cyber spy wanted by FBI admits intel sharing

By Kevin G. Hall khall@mcclatchydc.comWASHINGTON

Dmitry Dokuchaev in an FBI “Wanted” poster. The Russian cyber spy is under arrest in Moscow and sought in San Francisco in connection with alleged hacking of the databases of U.S. tech firms.
Dmitry Dokuchaev in an FBI “Wanted” poster. The Russian cyber spy is under arrest in Moscow and sought in San Francisco in connection with alleged hacking of the databases of U.S. tech firms. FBI Handout
A senior leader in Russia’s spy agency, wanted by the FBI and suspected to be linked to Russian meddling in the 2016 U.S. election, has agreed to plead partially guilty to sharing information with foreign intelligence, according to a Russian media report.

The Russian news site RBC reported Monday that Dmitry Dokuchaev, a major in the FSB intelligence service, has admitted that he indirectly transferred information to foreign intelligence, presumably the United States. RBC, citing two anonymous sources, said that Dokuchaev insisted it amounted to informal information-sharing about activities of cybercriminals who did not work for Russia.

That’s at odds with a report from another Russian news outlet last year, which said that one of the individuals about whom Dokuchaev shared information was alleged Russian hacker Yevgeniy Nikulin. On Friday, it became public that the United States had succeeded in its attempt to extradite Nikulin from the Czech Republic – an effort bitterly fought by Moscow. Nikulin faces charges in California for allegedly hacking the databases of LinkedIn, Dropbox and Formspring in 2012.

Dokuchaev, 34, once a high-ranking official in the FSB’s unit that investigates cybercrime, is also the target of an arrest warrant in the U.S. The FBI accused him in February 2017 of directing and facilitating criminal hackers who stole user information on 500 million Yahoo accounts.

How exactly Nikulin and Dokuchaev fit into Russia’s efforts to interfere in the U.S. presidential election is not completely clear. The FSB is known to tolerate cybercriminals because it can piggyback off their illicit behaviors. U.S. intelligence believes the high-profile hacks of U.S. tech-firm databases allowed Russia to mine hundreds of millions of user accounts for personal information on election officials and U.S. political activists. This data could be used to try to enter secure websites or hypothetically to gather compromising information.

Importantly, Dokuchaev’s signed pre-trial agreement reported by RBC means evidence collected against him might not be made public and he could receive a lighter sentence if convicted. The Kremlin has said little publicly about Dokuchaev, and his alleged ties to accused hackers has provoked speculation of involvement in U.S. election meddling.

Dokuchaev and his boss, the cybercrime unit’s deputy director Sergey Mikhailov, were arrested on treason charges and reportedly led out of FSB headquarters with sacks over their heads in December 2016 — but that wasn’t revealed until shortly after the release of the so-called Trump dossier, a collection of business-intelligence memos compiled by former British spy Christopher Steele that alleged collusion between Russia and members of the Trump campaign team.

That explosive document, published in full on Jan. 10, 2017, by the news site BuzzFeed, led to congressional investigations and was in part the basis for the appointment of former FBI Director Robert Mueller III as special counsel to investigate possible collusion. Earlier this year, Mueller brought charges against 13 alleged Russian intelligence officials, accusing them of attempting to undermine confidence in U.S. election results.

Adding to the intrigue of that period, Gen. Oleg Erovinkin, a former FSB leader, was found dead in the back seat of his car on Dec. 26, 2016. His death later sparked speculation that he might have been somehow involved in sharing information that made it into the dossier.

The next public hearing in Dokuchaev’s case is expected on Wednesday, RBC reported. A lawyer for Mikhailov, also facing treason charges, told RBC his client was not admitting guilt.
http://www.mcclatchydc.com/news/nation- ... 23644.html

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

PostPosted: Mon Apr 16, 2018 12:34 pm
by seemslikeadream
well now maybe there is an explanation for Paul Ryan hand in Mr. Nikulin will be extradited to America

something did not smell right about his place in this story

HOW YEVGENIY NIKULIN MIGHT PLAY INTO THE MUELLER INVESTIGATION


April 14, 2018/2 Comments/in 2016 Presidential Election, Cybersecurity, emptywheel, Mueller Probe /by empty wheel

For three reasons, Yevgeniy Nikulin, the Russian hacker alleged to be behind massive breaches of the LinkedIn and MySpace hacks, is in the news of late.

The report that Michael Cohen was tracked traveling from Germany to Czech Republic in 2016 has raised questions about whether both Cohen and Nikulin were in Prague at the same time, Mohammed Atta-like
Nikulin was suddenly extradited from Prague some weeks ago
His (Russian-provided) lawyer says he’ll entertain a plea deal
All of which provides a good opportunity to lay out what role he may have (or may be said to have) played in the DNC hack-and-leak.

THE MICHAEL COHEN IN PRAGUE STORY

The McClatchy report describing Robert Mueller receiving evidence of Cohen traveling from Germany to Czech Republic and some unknown date in 2016 seems to derive from outside investigators who have shared information with Mueller, not from Mueller’s team itself (which is consistent with his locked down shop). As such, it falls far short of being a confirmation of a meeting, or even validation that Mueller has confirmed any intelligence shared with his investigators. Moreover, the report has little detail as to timing.

And while it took a bit of time (Cohen can be forgiven for the delay because he apparently has very urgent business hanging with his homies smoking cigars), he did deny this report, offering the same partial story he offered last year.

Image

That said, given the claimed timing, any coincidental presence in Prague by both Cohen and Nikulin is unlikely. Cohen’s presence in Prague is said to have roughly aligned with that reported in the dossier, so August or September. According to the FBI’s arrest affidavit for Nikulin he passed from Belarus into Poland on October 1, 2016, and probably was still there when posting from Warsaw on October 3; Nikulin was arrested in Prague on October 5. So unless Cohen went to Prague during his known October 2016 trip to England (definitely a possibility, but inconsistent with the dossier reporting), then they would no more have met in Prague (or planned to) than Mohammed Atta and Iraq’s Ahmad Samir al-Ani did.

THE SUDDEN NIKULIN EXTRADITION

That said, I do think the sudden Nikulin extradition, even as pro-Russian Czech President Milos Zeman fought with Czech Justice Minister Robert Pelikan over it — even to the point of threatening to replace him — is worth noting. That’s true, first of all, because it appears Paul Ryan — purportedly on vacation with his family, but making appearances with everyone but Zeman — had a hand in it.

During a visit to the Czech Republic, U.S. House Speaker Paul Ryan said on March 27 that “we have every reason to believe and expect that Mr. Nikulin will be extradited to America.”

“The United States has the case to prevail on having him extradited, whether it’s the severity of the crime, which is clearly on the side of U.S., or the timing of the request for the extradition,” he told reporters.

In an interview with RFE/RL in Prague on March 26, Ryan said that the “case for extraditing [Nikulin] to America versus Russia is extremely clear.”

Ryan, who met with Prime Minister Andrej Babis and other Czech officials during his visit, told RFE/RL that he would raise the issue in those talks.

“He did violate our laws, he did hack these companies…. So the extradition claim is very legitimate,” he said. “And I just expect that the Czech system will go through its process, and at the end of that process, I am hopeful and expecting that he’ll be extradited.”


Nikulin was extradited just days later, even as the decision looked like it would be reviewed.

Zeman has since made very bizarre comments criticizing Ryan for his involvement.

Zeman said he had a different view of the Nikulin case than Justice Minister Robert Pelikan (ANO), who had given consent to the extradition of this Russian citizen to the USA, but that he fully respected the minister’s right to decide on this matter.

Apart from the United States, Russia was seeking Nikulin’s extradition, too, based on a suspected online theft.

“When Donald Trump was elected American president, (U.S. House of Representatives Speaker Paul) Ryan wore a black tie. The same Mr Ryan arrived in the Czech Republic (last week). He publicly stated that he had arrived basically in order to get Mr Nikulin to the United States, in which he succeeded. Well, one of the versions is that Mr Nikulin may in some way serve as a tool of the internal American political fight – to which the black tie served as well,” Zeman said.

“I do not consider this a very good solution if Czechs were to meddle in the American political situation,” Zeman added.

Ryan, who appreciated the Czech government for the extradition of Nikulin, did not meet Zeman during his recent visit to Prague without citing the reasons.


It may be that Ryan was doing the bidding of Trump. Or, more likely, Ryan may have made the move in what appears to be fairly unified NATO response to the attempted Sergei Skripal assassination.

NIKULIN’S RUSSIAN-PROVIDED LAWYER MAKES IT CLEAR THEY WILL NEGOTIATE

That said, I find it very interesting that Nikulin’s lawyer, whom the Russians asked to get involved, is explicitly already talking about a plea deal.

The legal team for Yevgeniy Nikulin, the Russian hacker accused of stealing data from LinkedIn and other American tech firms, will explore a plea deal with the U.S. government, according to Nikulin’s lawyer, Arkady Bukh.

“The likelihood of a trial is not very high,” Bukh said. The U.S. District Court for the Northern District of California, where Nikulin’s trial would occur, “has over a 99 percent conviction rate. We are not throwing clients under the bus,” Bukh said.

[snip]

Bukh was first contacted by the Russian consulate and asked to help on the case. He was approved on Wednesday to act as a lawyer for Nikulin by the court. Although Bukh has been in regular and sustained contact with both Nikulin’s family and the Russian consulate, he had yet to speak with his client as of Wednesday night.

The Russian consulate has expressed concerns about Nikulin’s mental condition, and Bukh said he “appears to be depressed.”


Perhaps Bukh is taking this route because the Feds have Nikulin dead to rights and a plea is the most logical approach. Perhaps Russia has learned its lesson from Roman Selznev, the son of a prominent Duma member, who has been shipped around to different jurisdictions to have addition onerous sentences added to his prison term; I’m fairly certain there are other sealed indictments against Nikulin besides the one he was charged under that DOJ could use similarly.

Or perhaps Russia has reason to want to bury any public airing of evidence regarding what Nikulin has done or could be said to have done.

HOW NIKULIN MIGHT BE INVOLVED IN THE 2016 OPERATION

I’ve long suggested that Nikulin may have had a facilitating role in the 2016 operation. That’s because credentials from his LinkedIn hack were publicly sold for a ridiculously small amount just before May 18, 2016, rather inexplicably made available outside the tight-knit group of Russians who had been using the stolen credentials up to that point.

Almost all of the people whose email boxes were sent to Wikileaks had were affected by the LinkedIn (and/or MySpace) breach, meaning passwords and emails they had used became publicly available in the middle of the Russian operation. And those emails were exfiltrated in the days immediately following, probably May 19-25, the public release of those credentials.

In other words, it is possible that stolen credentials, and not GRU hacks, obtained the emails that were shared with WikiLeaks.

None of that is to say that Russia didn’t steal the emails shared with Wikileaks or arrange that handoff.

Rather, it’s to say that there is a counter-narrative that would provide convenient plausible deniability to both the Russians and Wikileaks that may or may not actually be how those emails were obtained, but also may be all wrapped up ready to offer as a narrative to undercut the claim that GRU itself handed off the emails.

Note, too, how that timing coincides with the public claims Konstantin Kozlovsky made last year, which I laid out here.

April 28, 2015: FSB accesses Lurk servers with Kaspersky’s help.

May 18, 2016: LinkedIn credentials allegedly stolen by Yevgeniy Nikulin made widely available.

May 18, 2016: Kozlovsky arrest.

May 19-25, 2016: DNC emails shared with WikiLeaks likely exfiltrated.

October 5, 2016: Yevgeniy Nikulin arrest in Prague.

October 20, 2016: Nikulin indictment.

November 1, 2016: Date of Kozlovsky confession.

December 5, 2016: Arrest, for treason, of FSB officers Dmitry Dokuchaev and Sergey Mikhailov.

February 28, 2017: Indictment (under seal) of FSB officers, including Dmitry Dokuchaev, Alexey Belan, and Karim Bartov for Yahoo hack.

March 15, 2017: Yahoo indictment unsealed.

August 14, 2017: Kozlovsky posts November 1 confession of hacking DNC on Facebook.

November 28, 2017: Karim Baratov (co-defendant of FSB handlers) plea agreement.

December 2, 2017: Kozlovsky’s claims posted on his Facebook page.

March 30, 2018: Extradition of Nikulin.

April 2, 2018: Report that Dokuchaev accepted a plea deal.

April 17, 2018: Scheduled court appearance for Nikulin.


And consider that in the wake of Nikulin’s extradition, Dmitry Dokuchaev and another of the people accused of treason in Russia have made a partial confession that will, like any Nikulin plea, serve to bury much of the claimed evidence against them.

Two of the four suspects in a Russian treason case, including a former agent in the FSB’s Information Security Center, have reportedly signed plea bargains where they confess to transferring data to foreign intelligence agencies. Three sources have confirmed to the magazine RBC that former FSB agent Dmitry Dokuchaev and entrepreneur Georgy Fomchenkov reached deals with prosecutors.

One of RBC’s sources says the two suspects claim to have shared information with foreign intelligence agencies “informally,” denying that there was anything criminal about the exchange. Dokuchaev and Fomchenkov say they were only trying to help punish cyber-criminals operating outside Russia and therefore outside their jurisdiction. Lawyers for the two suspects refused to comment on the story.

As a result of the plea bargains, the two men’s trials will be fast-tracked in a special procedure where the evidence collected against them isn’t reviewed. Dokuchaev and Fomchenkov will also face lighter sentences — no more than two-thirds of Russia’s maximum 20-year sentence for treason, says one of RBC’s sources.

The other two suspects in the treason case, former FSB Information Security Center agent Sergey Mikhailov and former Kaspersky Lab computer incidents investigations head Ruslan Stoyanov, have reportedly turned down plea bargains, insisting on their innocence.


All of which is to say that Nikulin offers at least a plausible counter-explanation for the DNC hack-and-leak, one that might shift blame for the operation to non-state actors rather than GRU, which is something Vladimir Putin has been doing since Nikulin’s extradition first became likely, even if he has changed his mind about whether such non-state Russians will be celebrated or demonized upon their roll-out.

Rolling out plea deals here and in Russia may be an effort to try to sell that counter-narrative, before Robert Mueller rolls out whatever he will about the hack-and-leak in coming days.

https://www.emptywheel.net/2018/04/14/h ... stigation/

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

PostPosted: Tue May 01, 2018 5:54 pm
by seemslikeadream
RE-ROUTED
Russia Spy Hack Case Rocked as Judge Stiff-Arms Feds

Hacker-for-hire Karim Baratov was supposed to be sentenced to years behind bars, in part for his work for Russian intelligence. Then a judge stepped in at the very last minute.

KEVIN POULSEN
04.24.18 4:09 PM ET
SAN FRANCISCO—Sentencing for a man who hacked into Gmail accounts on behalf of Russian intelligence was unexpectedly postponed Tuesday, with a federal judge voicing skepticism over the Justice Department’s request that the hacker spend nearly eight years in prison.

Karim Baratov, a 23-year-old Canadian citizen born in Kazakhstan, pleaded guilty to federal conspiracy and identity theft charges last November in connection with a mercenary hacking service he operated from 2010 until his arrest in March 2017. Baratov charged customers about $100 to obtain another person’s webmail password, using phishing attacks that tricked users into entering their credentials into a fake password reset page. He cracked more than 11,000 accounts in Russia and the U.S. before he was caught.

But in what was supposed to be Baratov’s sentencing hearing, U.S. District Judge Vince Chhabria said he was worried that the government was asking for an unusually long sentence because one of Baratov’s many clients turned out to be a Russian intelligence officer accused in a massive 2014 data breach at Yahoo that impacted 500 million users.

“One concern I have is that the sentence the government is requesting for Mr. Baratov relates to the fact that he’s been caught up with a co-defendant who apparently was the Yahoo mega hacker,” said Chhabria. “Mr. Baratov did not have any involvement in the conspiracy to conduct the Yahoo mega hack.”

“I’m not comfortable with the government’s proposed term of custody without getting more information,” the judge added later, repeating his worries that the government was asking for a sentence disproportionate to Baratov’s own actions because the case is tied up with “the Yahoo mega hack and about Russians.”

“One of the hacker’s customers was someone who claimed to be in the business of killing people for money—the customer even sent Baratov a price list. Baratov did business with the ersatz hit-man anyway.”
The government sought a sentence of seven years, 10 months in prison, while the defense asked for about half that. Instead Chhabria moved the sentencing to May 29 to allow the judge to examine sentences in other hacking cases, and allow time for both sides to file additional briefs.


Federal officials treated Baratov’s case as a national security matter because one of Baratov’s clients worked for Russia’s Federal Security Service, or FSB. Using the alias “Patrick Nag,” the FSB officer allegedly commissioned hacks on 80 people, including victims within other Russian agencies, and government officials in neighboring Eastern European nations.
https://www.thedailybeast.com/russia-sp ... -arms-feds

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

PostPosted: Mon May 07, 2018 6:51 pm
by seemslikeadream
Update: The Russian Cybersecurity Company Kaspersky Lab
May 7, 2018 — 5:25 PM CDT

In July, we brought you an investigation of the Moscow-based antivirus software maker Kaspersky Lab and its connections with the Russian government. A lot has happened since then. This week on Decrypted, you’ll hear a shortened version of that original episode, as well as an update to catch you up on the latest developments.
https://www.bloomberg.com/news/audio/20 ... persky-lab


U.S. Seeks Long Jail Term For Yahoo Hacker, Sending ‘Message Of Deterrence' To FSB
April 23, 2018 17:46 GMT
Mike Eckel

U.S. authorities have demanded a nearly eight-year prison sentence for a Kazakh-born computer hacker, asserting that a harsh term would send a message to Russia's main intelligence agency about hacking and espionage.

Federal prosecutors made the arguments in court filings in San Francisco ahead of the next hearing for Karim Baratov, who is scheduled to be sentenced on April 24.

The U.S. prosecution against Baratov has yielded glimpses into how Russian intelligence agencies -- the Federal Security Service (FSB), first and foremost -- may use computer hackers in the theft of passwords, e-mails, and espionage.

Baratov, who was born in Kazakhstan and was living in Canada at the time of his arrest, pleaded guilty to charges that he helped hack into Yahoo, affecting hundreds of millions of accounts in what has turned into the largest data breach in history.

As part of his plea deal, Baratov agreed to cooperate with U.S. prosecutors in their investigation of the Yahoo hack. Two officers from the FSB have also been charged, along with another Russian hacker on the FBI's most wanted list.

In the filings in San Francisco's U.S. federal court, prosecutors argued that Baratov had agreed to hack into Yahoo's servers sometime between January 2014 and December 2016 as part of a conspiracy overseen by FSB officers.

Baratov, for his part, said he did not know the identities of the people who hired him to hack.

One of the two FSB officers identified in court papers is Dmitry Dokuchayev, who worked in the FSB's Center for Information Security, the agency's lead cyberunit.

In December 2016, four months before the U.S. indictments were released, Dokuchayev and his superior, Sergei Mikhailov, were arrested in Moscow and charged with treason along with a researcher for the private computer company Kaspersky Lab.

The head of the Center for Information Security -- a senior veteran FSB officer -- was later reportedly forced into retirement.

The timing of the arrests, along with the seriousness of the charges, has fueled intense speculation among cyberresearchers and experts on Russian intelligence agencies.

The FSB, along with Russia's military intelligence agency, the GRU, have both been blamed for hacking campaigns that targeted U.S. political operatives, including the Democratic National Committee.

In their San Francisco court filings, prosecutors asserted that a long prison sentence for Baratov would serve as a message to the FSB.

"The fact that Defendant Baratov was hired and agreed to hack webmail accounts for an officer of the Russian FSB...underscores the need for a significant and strong message of deterrence," they wrote.

"For cybercriminals like the defendant, there must be a significant sentence of imprisonment that accounts for hacking in such a prolific and indifferent manner that one is hired as a proxy for the Russian FSB," U.S. authorities said.

Since the arrest in Moscow, little has been made public about the progress of the treason case against Dokuchayev, Mikhailov, and the others that have been charged. Defense lawyers involved in the case have also complained about a lack of information.

But leaks to Russian newspapers have pointed to the possibility that the FSB officers were being targeted due to earlier cooperation with U.S. and other intelligence and law enforcement agencies in pursuing Russian hackers.

Earlier this month, the Russian newspaper RBC quoted an unnamed security source as saying that Dokuchayev and another man, Georgy Fomchenkov, had entered a partial guilty plea to "passing evidence to foreign security services in an informal manner."

Mikhailov, the newspaper said, was maintaining his innocence, as was Kaspersky Lab researcher Ruslan Stoyanov.
https://www.rferl.org/a/russia-us-seeks ... 87824.html

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

PostPosted: Thu May 24, 2018 8:43 am
by seemslikeadream
FSB officers’ high treason case gets only one count

FSB officers’ high treason case gets only one count

Image
Dmitry Dokuchaev and Sergey Mikhailov


23.05.2018 Bastrykin’s assistant to visit Psebay where mother of many children was brutally murdered
23.05.2018 Road inspector engages in deadly DUI hit-and-run, Crimea
23.05.2018 Local mob Krab might travel with deceased FSB General on the board of burned helicopter
22.05.2018 Fatal car accident: two died, two injured
All materials
Related news:
Persons of interest in case of treason from FSB’s Information Security Center plead partially guilty
FSB Colonel, arrested for treason, facilitates catching Russian hackers abroad


The investigation is completed, and soon the defendants will go on trial.

The Investigative Directorate of the FSB completed the investigation of a high-profile criminal case on the high treason, which main characters are former high-ranking officers of the Information Security Center (ISC) of the Federal Security Service Sergey Mikhailov and Dmitry Dokuchaev. In the near future, they will get acquainted with the materials of the investigation and go on trial.

The criminal case under Art. 275 of the Criminal Code of the Russian Federation (High Treason) consists of more than 20 volumes, and it took about a year and a half to investigate it. The other day, the four figurants began to review the materials of the investigation, in which, as Kommersant writes, there is only one criminal episode.

The Moscow District Military Court will hold the trial in closed session. In cases involving espionage, only the operative part of the judgment can be announced.

Recall that former chief of the 2nd department of the ISC FSB Sergey Mikhailov and his deputy Dmitry Dokuchaev, as well as head of the computer incidents investigation department of Kaspersky Lab Ruslan Stoyanov and businessman Georgy Fomchenkov, were detained in early December 2016 of the year. At the request of the investigation, they were arrested by the Moscow Garrison Military Court in custody. The lawyers of all the defendants have repeatedly appealed the measure of restraint, insisting on their detention under house arrest, but they are still being kept in the Lefortovo detention center.

According to some information, the FSB spied upon CIB employees for six months before their detention. Then the United States told about "attacks by Russian hackers" on state, defense and political resources. At least two of them were related to the election campaign in the United States.

In particular, it was a cyberattack on the servers of the Democratic National Committee and the hacking of electoral systems in Illinois and Arizona. The US intelligence services then claimed that it was carried out by hackers under the control of the FSB. The Russian investigation into the former officers and businessmen is classified, but, according to one version, they could receive a reward from the US intelligence services just for giving them information about hacker attacks. And the accusation is only about the transfer of official information of the company, which turned out to be connected with the special services.

The defense of the defendants refrained from commenting, referring to its secrecy.
https://en.crimerussia.com/gromkie-dela ... one-count/



Exclusive: U.S. Government Can’t Get Controversial Kaspersky Lab Software Off Its Networks

The law says American agencies must eliminate the use of Kaspersky Lab software by October. U.S. officials say that’s impossible—it’s embedded too deep in our infrastructure.

Federal agencies are so far unable to comply with a law banning Kaspersky Lab software from U.S. government networks by October, The Daily Beast has learned. Multiple divisions of the U.S. government are confronting the reality that code written by the Moscow-based security company is embedded deep within American infrastructure, in routers, firewalls, and other hardware—and nobody is certain how to get rid of it.

“It’s messy, and it’s going to take way longer than a year,” said one U.S. official. “Congress didn’t give anyone money to replace these devices, and the budget had no wiggle-room to begin with.”

At issue is a provision of the National Defense Authorization Act (NDAA) enacted last December that requires the government to fully purge itself of “any hardware, software, or services developed or provided, in whole or in part,” by Kaspersky Lab. The law was a dramatic expansion of an earlier DHS directive that only outlawed “Kaspersky-branded” products. Both measures came after months of saber rattling by the U.S., which has grown increasingly anxious about Kaspersky’s presence in federal networks in the wake of Russia’s 2016 election interference campaign.

America’s intelligence chiefs have, too, issued public warnings about Kaspersky software. When asked by Sen. Marco Rubio (R-FL) at an intelligence committee hearing last year whether they would be comfortable using Kaspersky software on their computers, all six of the top intelligence leaders—from the Central Intelligence Agency chief to the director of National Intelligence—had the same answer: No.

“On May 8, DHS chief Kirstjen Nielsen promised to provide senators with data on the Kaspersky purge ‘later today.’ Two weeks later: nothing.”

While Kaspersky Lab is well respected in security circles, in some quarters of the U.S. national security community the company has long been tainted by perceived ties to Russian intelligence and the Kremlin—charges that the company denies.

Even less hawkish U.S. officials worry that the company could be compelled under Russian law to weaponize their code to spy on U.S. government networks. The company works so closely with Russia’s Federal Security Service, or FSB, that agents are sometimes embedded in the firm’s Moscow headquarters. And like virtually all anti-virus products, Kaspersky’s has complete access to any computer on which it’s running, including the ability to riffle through files and, depending on the configuration, upload them to Kaspersky’s servers in Russia. It can also execute arbitrary instructions transmitted from the company’s headquarters.

But despite company founder Eugene Kaspersky’s training at a KGB-sponsored institute, despite his close parroting of Kremlin rhetoric, and despite his team’s habit of exposing the most sensitive of U.S. cyber-espionage operations, there’s no public, conclusive evidence that these capabilities have ever been co-opted by Moscow. (Eugene Kaspersky frequently points out, accurately, that the company has revealed cyber-espionage campaigns originating from a multitude of countries, including some linked to the Russian government.)

However, the anti-Kaspersky train picked up steam following revelations last year of a bizarre incident in which the company slurped up classified documents and source code from the home computer of a National Security Agency contractor running Kaspersky Internet Security software. That contractor, Nghia Hoang Pho, pleaded guilty last year to willfully mishandling classified material by taking it home.

Kaspersky claimed the incident was an unintended byproduct of its routine malware scanning. The source code was for an NSA hacking tool, which Kaspersky’s product properly flagged for analysis by malware researchers. But because the code was bundled in a ZIP archive with the classified documents, Kaspersky’s software uploaded the entire thing. When Eugene Kaspersky realized what had happened, he ordered his researchers to immediately delete their copy of the documents and code, the company asserted in a blog post last year. “The archive was not shared with any third parties,” the company wrote.

“The anti-Kaspersky train picked up steam following revelations that the company slurped up classified documents from the home computer of a National Security Agency contractor.”

In September, the brewing controversy came to a head when then-acting Homeland Security chief Elaine Duke issued a formal “binding operational directive” (BOD) requiring agencies to remove Kaspersky-branded software from their networks. The BOD followed a legislative push by Sen. Jeanne Shaheen (D-NH) to codify a more extensive Kaspersky ban into law.

The senator’s effort culminated in section 1634 of the NDAA, mandating a full government purge of Kaspersky code by Oct. 1 of this year. Unlike the BOD, this ban is not limited to software bearing the Kaspersky name, which was relatively easy to find and remove. It also extends to any Kaspersky code embedded in third-party products, and specifically includes hardware. Kaspersky filed a lawsuit to try and overturn the ban.

Kaspersky’s website showcases scores of technology partners who’ve used the company’s software development kits to bake Kaspersky code into their own products. That includes big names in services or software like Amazon and Microsoft, and networking hardware firms like D-Link, Check Point, and Allied Telesis—a major government supplier—that have baked Kaspersky’s code into firewall appliances. The networking giant Juniper Networks offered Kaspersky a full range of routers, gateways, and firewalls. Broadcom, which makes everything from Wi-Fi chips to fiber optic components, is listed as a technology partner, though it’s not clear for what product, and Broadcom declined comment.

It’s unclear if the list on Kaspersky’s website is comprehensive—the company isn’t saying—and at press time Kaspersky was redirecting U.S. visitors to an identical webpage without the list of partners.

With a dearth of good information, the picture painted by sources in the executive branch and on Capitol Hill is of an IT directive transformed by uncertainty into a sprawling cyber snipe hunt, with officials looking for Russian code in unlikely places like smartphone chipsets.

Five congressional sources charged with overseeing the government’s compliance with section 1634 told The Daily Beast that they’ve grown concerned in recent weeks that the Department of Homeland Security has not raised red flags about these known hardware issues preventing the department from fully implementing the NDAA provision—leading many of them to doubt whether the government will be able to meet the Oct. 1 deadline.

DHS is responsible for overseeing the ban’s implementation for all agencies except the Pentagon. Homeland Security Secretary Kirstjen Nielsen acknowledged the difficulty of the job during a Senate appropriations subcommittee hearing earlier this month.

“Unfortunately for many of the third-party providers, they weren’t even aware they had Kaspersky on their systems and within their products,” Nielsen said. “It’s very important for us to understand not only who our contractors are contracting with, but when they provide a service or software, what’s embedded there within.”

Nielsen added that the department has conducted “assessments and modeling” to try and pinpoint Kaspersky code. When Shaheen pressed Nielsen for a progress report on the purge, the director replied that she wasn’t prepared with specifics. “I can’t get you the exact figures, which I’m happy to do later today,” she answered in the May 8 hearing.

Two weeks later, Shaheen’s office has not received that information, and the silence is raising alarm among staffers and lawmakers who worry that the U.S. may be incapable of even discovering whose code is running the government’s infrastructure. Two congressional sources who deal with the Kaspersky issue told The Daily Beast that they were uncertain if DHS even maintains data on third-party software and hardware with Kaspersky under the hood.

The Department of Homeland Security declined to comment for this story, citing the pending legal actions by Kaspersky. The Pentagon, which heads the military portion of the Kaspersky ban, was unable to comment before press time.

Kaspersky has filed a separate lawsuit seeking to overturn the NDAA ban. “Kaspersky Lab maintains that these provisions are unconstitutional and unfairly target the company for legislative punishment, without any meaningful fact-finding or evidence,” a company spokesperson said in a statement.

“A U.S. official with direct knowledge of the ban’s implementation says there’s plenty of blame to go around in the debacle.”

A U.S. official with direct knowledge of the ban’s implementation says there’s plenty of blame to go around in the debacle. The law ordering the full ban didn’t come with an appropriation to replace any products found inexorably entwined with the outlawed code. Moreover, confusion reigns over the entire matter of government cybersecurity.

“There are so many subcommittees claiming jurisdiction over cybersecurity issues that there are different panels of oversight, different pots of money,” said the official. “The executive branch is being torn in different directions… The legislative branch, in their refusal to effectively organize on this issue, shares equal responsibility with the executive for failures in U.S. government cybersecurity.”

In the end, the official said, the U.S. can’t police its infrastructure without more transparency from its vendors about the code they’re selling. “This is not about one particular company… Industry should be leading the way on supply-chain risk management, and if they don’t the government is going to step up to fill that role, and it won’t be elegant.”


Tom Williams/Getty


Rep. Ed Royce (R-CA).
Lawmakers have pushed for transparency from third-party vendors, but to no avail. In 2014, Rep. Ed Royce (R-CA) introduced the Cyber Supply Chain Management and Transparency Act, which would have required third-party contractors to disclose “each binary component that is used in the software, firmware, or product.” That legislation never went anywhere and, in the meantime, lawmakers have been exploring other reforms to supplement last year’s NDAA provision.

“Implementation challenges should lead the U.S. government to increase vigilance on supply chain vulnerabilities and cybersecurity,” Shaheen told The Daily Beast. “Similar to the productive cooperation to ban Kaspersky Lab products across the federal government, Congress and this administration should continue to work together to harden federal cyber defenses, and look at reforms to the acquisition process so that we’re not unintentionally inviting adversaries into our most sensitive systems.”

In the wake of the twin bans, some vendors are distancing themselves from Kaspersky, dropping the company from new products and posting instructions on uninstalling the Russian firm’s code.

“Juniper is no longer providing Kaspersky in our active products,” said Juniper spokesperson Leslie Moore in an email. “In older products that may have utilized Kaspersky, it was not shipped nor turned on by default—the user had to choose to activate it, and we always provided clear instructions on how to remove it.”
https://www.thedailybeast.com/exclusive ... s-networks

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

PostPosted: Tue May 29, 2018 8:29 pm
by seemslikeadream
Russian Hackers’ Helper in Yahoo Attack Gets 5 Years' Prison

Joel RosenblattMay 29, 2018, 4:08 PM CDT
A Canadian accused of hacking Yahoo! Inc. email accounts on behalf of the Russian government was sentenced to five years in a U.S. prison for computer fraud.

Karim Baratov, 23, was one of four people charged by the U.S. last year in a hacking plot allegedly tied to Russia’s FSB security service. He was extradited to San Francisco federal court. In November, he pleaded guilty to conspiracy to commit computer fraud and identity theft.

Justice Department officials have previously said there was no link between the Yahoo case and a national security probe into Russian interference in the U.S. presidential election, though the list of hacking victims in the U.S. was diverse, including the White House and its military and diplomatic corps.

Conspirators also reaped information on a swath of global companies and their executives, including a U.S. financial-services company, an airline and a private equity firm, the U.S. said, without identifying them.

Not a Ringleader

Prosecutors sought a 94-month prison sentence, while Baratov requested 45 months. U.S. District Judge Vince Chhabria voiced concern at a hearing last month that Baratov might be unfairly tainted by “headlines about the Yahoo hack and Russians” even though he wasn’t one of the ringleaders.

At Tuesday’s sentencing hearing, the judge said the need for deterrence calls for a stiff sentence, while the defendant’s personal history and circumstances point toward leniency.

“Obviously this is a difficult case,” Chhabria said. “It’s unusual.”

The judge imposed a $250,000 fine. Chhabria said that might make up for a shorter prison term than prosecutors wanted, and that Baratov “appears to be able to make money.”

Luxury Car Buff ‘Mr. Karim’ at Center of Russia Yahoo Hack

Baratov apologized to everyone he hurt and promised to put his skills to good use.

“The last 14 months have been a very humbling and eye-opening experience,” he told the judge. “There is no excuse for my actions,” he said, adding that “all I can do is promise to be a better man.”

While the U.S. government has little chance of getting the others extradited from Russia, it used the announcement of the indictment to make a public and detailed case that Moscow is orchestrating criminal hacks and shielding those who commit them.

Verizon Acquisition

Disclosures about the depth of the 2014 Yahoo hack, and another breach in 2013, threatened to derail its acquisition by Verizon Communications Inc. and lowered the purchase price.

Federal prosecutors claim Kazakhstan-born Baratov was paid to gain access to 80 email accounts, including 50 Google accounts. He mounted spear-phishing attacks, used fake emails to compel targets to provide sensitive information and sold passwords he obtained to Dmitry Dokuchaev, a notorious cybercriminal, according to the indictment.

When Baratov received hacking requests, he had no idea at the time that they came from Dokuchaev, according to his lawyer, Robert M. Fantone.

"He was trying to hack Russians on behalf of Russians," Fantone said. "In instances where he thought someone was a government official or worked for a financial regulator, he tried to not do those, he tried to stay away from government officials. He tried to stick to the petty stuff."

The case is U.S. v. Dokuchaev, 17-cr-00103, U.S. District Court, Northern District of California (San Francisco).

(Updates with Baratov’s lawyer in 14th paragraph.)

https://www.bloomberg.com/news/articles ... -in-prison



500M Yahoo accounts hacked US just blamed 2 Russian Spies
viewtopic.php?f=8&t=40416&p=647825&hilit=yahoo#p647825

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

PostPosted: Wed May 30, 2018 2:14 pm
by seemslikeadream
Breaking: both of @kaspersky's lawsuits against the USG have been dismissed


US Ban on Russian Anti-Virus Firm's Software Survives Court Challenge
“These defensive actions may very well have adverse consequences for some third parties. But that does not make them unconstitutional,” U.S. District Judge Colleen Kollar-Kotelly in Washington said in her ruling Wednesday against Kaspersky Lab Inc.

https://www.law.com/nationallawjournal/ ... 0430142510

Re: Russia Biggest Cybersecurity Firm Head Arrested For Trea

PostPosted: Thu Aug 16, 2018 3:55 pm
by seemslikeadream
Back in December 2016, by which time the GRU had been exposed, some high-level FSB officers in the FSB’s cybersecurity unit were arrested and charged with treason. (One, Sergei Mikhailov, was physically removed from a meeting with a black sack over his head.) The treason case has been kept a closely guarded secret, but Russian insiders suggest that Mikhailov and his colleagues were motivated by the long-standing rivalry between the FSB and the GRU to betray the GRU. According to some sources, money was also a motive.




This Russian Spy Agency Is in the Middle of Everything

Only a few years ago, the GRU looked like it might be dissolved. But Putin found new uses for it: covert war in Ukraine and ‘active measures’ that helped Trump get elected.

Russia’s military intelligence agency, known as the GRU‍, is getting blamed for all sorts of things these days. Robert Mueller indicted 12 GRU officers for hacking into computers of the Clinton campaign and the Democratic National Committee. The GRU allegedly was behind the recent poisonings of four people in Britain, including former GRU officer Sergei Skripal, who survived, and a woman accidentally exposed to the powerful nerve agent used, who died.

The 2014 downing of Malaysia Airlines Flight 17 over Ukraine has been laid at the door of the GRU. And recently there were reports that GRU hackers are directing their efforts at the U.S. power grid. Russian mercenaries serving in Syria and in Africa are largely drawn from GRU ranks. Three Russian journalists investigating their activities were murdered last month.

Igor Korobov, the head of the GRU, was singled out personally for U.S. Treasury sanctions in March, along with his organization, even though he had already been sanctioned by the Obama administration in late 2016 for interference in our elections.

Maybe Trump’s people felt they had to make the point after Korobov was invited, along with chiefs of other Russian secret services, to Washington, D.C., in late January—just weeks before the new sanctions were announced. The visit was supposed to be a secret, but the Russians leaked it. The others in attendance were Sergei Naryshkin, the head of the Foreign Intelligence Service (SVR), and Aleksandr Bortnikov, director of the Federal Security Service (FSB).

“It was necessary to look each other in the eye and talk about issues that threaten us and the Americans.”

— Russian intelligence veteran commenting on secret visit of Russian spy chiefs to Washington.


Steven Hall, a former CIA station chief in Moscow, told Radio Free Europe it is always considered a “big political win” when a Russian spy chief meets one-on-one with his U.S. counterpart, because it puts them on equal footing.

The intelligence chiefs reportedly discussed with the Americans their mutual struggle against global terrorism, but it would be remarkable if the talks were limited to that subject. As a veteran of the FSB explained to a TV audience in Russia, “Many questions cannot be discussed by phone. It was necessary to look each other in the eye and talk about issues that threaten us and the Americans.”

Hall had a different take: “Given the political conditions in the United States now, it’s flabbergasting, to be honest. I can’t imagine who would have signed off on that.”

At home in Russia meanwhile, Korobov is riding high. In 2017, conceivably for his work helping to get Trump elected, Korobov was promoted to colonel-general, and Putin bestowed on him the highest state honor—Hero of the Russian Federation.

It is hard to believe that just a few years ago there was widespread talk in the Russian media about the GRU being on its last legs, perhaps even about to be disbanded. In November 2010, at a celebration of the anniversary of the founding of the GRU in 1918, GRU officers one after another toasted mournfully “to the bright memory” of their agency. The new 70,000-square-meter GRU headquarters, built in 2006 on Khoroshevskoye Shosse, was emptying out, they said.

By one estimate, of the 7,000 GRU officers working in the Soviet era, only 2,000 remained. This included a 40-percent reduction among GRU staff at foreign embassies. The GRU’s famed special combat brigades, the so-called Spetsnaz units, supposedly were going to be transferred to the regular army.

Lt. Gen. Dmitry Gerasimov, who had directed the GRU’s special-purpose brigades, told The New Times: “I am deeply convinced that the GRU special forces are completely devastated. Of the 14 brigades and two GRU training regiments, at best there are not more than four brigades left.” There was also talk of placing GRU signals intelligence systems under the command of the SVR, the foreign intelligence service.

“The chaos in Ukraine was a boon for the GRU.”

— Mark Galeotti, War on the Rocks


There were several reasons for the GRU’s decline. In the 2008 conflict with the Republic of Georgia, it failed to alert the Russian military that Georgia had received anti-aircraft missiles from Ukraine. Moreover, in Moscow’s intramural spy-vs.-spy rivalries, the GRU had its own channel of information on corruption and money-laundering by the Russian elite that represented a threat to the interests of the FSB and SVR.

According to this analysis, there was a shadow intelligence network, consisting of a clan close to Putin from the FSB, the SVR, and the regular police that was running the country. And this group did not like having a competitor agency capable of independent comparative analysis. Significantly, the chiefs of both the FSB and the SVR sit on Putin’s National Security Council, but not the GRU head, who reports only to the armed forces general staff.

Miraculously, however, the GRU bounced back after Igor Sergun became chief of the agency in 2011. According to security expert Mark Galeotti, writing in War on the Rocks, Sergun was “an able, articulate, and effective champion of his agency’s interests… He was particularly good at managing relations with Putin and those to whom the president listens.”

Sergun managed to have several Spetsnaz units transferred back to the GRU. These troops are roughly comparable to U.S. special operations forces. They perform reconnaissance, diversion, and combat operations in various hot spots where there is ethnic strife, such as Chechnya, where they were widely deployed.

Then came the Crimean invasion and the Ukrainian conflict.

As Galeotti pointed out: “The chaos in Ukraine was a boon for the GRU, which was one of the lead agencies both in the seizure of the Crimea in 2014 and the subsequent destabilization of the Donbas [Eastern Ukraine]. If the future means more ‘hybrid war’ operations, more interactions with warlords, gangsters, and insurgents, then this is much more the forte of the GRU than the SVR.”

Some members of GRU units became mercenaries in private military companies like the Wagner Group, under the command of reserve GRU Lt. Col. Dmitry Utkin. In 2014-15 Wagner was one of the main forces in battles fought on the territories of Donetsk and Lugansk in eastern Ukraine. Subsequently Wagner moved to Syria, where it has played a vital role as the Kremlin’s proxy force supporting Syrian government military offensives.

When some of its operatives were involved in an attack on oil installations controlled by U.S. allies on the ground, the Americans counterattacked from the air, allegedly killing several Wagner personnel. In April, a Russian reporter writing about Wagner operations and casualties died under mysterious circumstances, supposedly falling accidentally from the balcony of his fifth floor apartment.

“The order to fire the missile was approved by GRU Gen. Oleg Vladimirovich Ivannikov.”


Wagner also runs significant operations as far afield as the Central African Republic, where it bolsters government forces, negotiates with rebels, and guards valuable diamond, gold, and other mineral deposits—activities being investigated by the Russian journalists murdered there.

These ad hoc GRU operations have had some negative repercussions for Moscow. A joint Australian and Dutch investigation determined that the missile used to down Malaysia Airlines Flight 17 in July 2014 originated from the 53rd Anti-Aircraft Missile brigade, a unit of the Russian army from Kursk in the Russian Federation. The respected Bellingcat group has now found that the order to fire the missile was approved by GRU Gen. Oleg Vladimirovich Ivannikov, who supervised several divisions of fighters in Donetsk, including those of Ukrainian separatists and the Wagner Group.

Korobov got off to a rocky start when he assumed the post of GRU chief in early 2016. For starters, there were questions raised about the sudden death in January that year of his predecessor, Sergun.

Officially, Sergun died of natural causes in Moscow, but there were reports that he perished in Lebanon. The decision to appoint Korobov took an entire month, reportedly because of a conflict within the Kremlin elite over who should get the job from a choice of four candidates. A group that was allied with the FSB and the SVR, led by Sergei Ivanov (then head of the presidential administration and an old KGB colleague of Putin), wanted one of their own to head the GRU, while those representing Minister of Defense Sergei Shoigu were pushing for Korobov.

The army clan, proponents of an aggressive, confrontational approach toward the West in Ukraine and elsewhere, won out, and within several months Ivanov would lose his Kremlin job.

It is said that Korobov, who specialized in strategic military intelligence, is a pragmatist who is not interested in Kremlin politics and just wants to get the job done, whatever that might be. So it must be unsettling for Korobov to be the only high-level Russian official with staff members under indictment in the United States.

In fact, back in 2006, at the opening of the new GRU headquarters, a journalist asked a GRU general whether U.S. elections were a topic that was followed by their intelligence analysts. The general responded, “That is primarily a task for the SVR. We follow [the elections] but to a much lesser extent than the SVR."”

So how to explain that 12 years later the GRU is in the forefront of election meddling in the U.S.?

According to Vadim Birstein, an authority on the Russian security services, “In the past, the ‘active measures’ deployed for decades by the KGB/SVR against the West referred mainly to HUMINT (human intelligence) and disinformation campaigns in the media, rather than cyber warfare operations which are a new level in intelligence wars.”

Although the SVR has cyber weapons—and in fact was reported to be behind the initial 2015 attack on the DNC under the guise of “Cozy Bear”—the GRU, Birstein says, “has more technical resources to conduct operations like those described in the Mueller indictment.”

A persistent question is how Mueller’s team got the information detailed in the indictment. As Alexei Venediktov, editor of Ekho Moskvy (Echo of Moscow) radio, noted: “When you read parts of the indictment you just freak out. Because they [Mueller’s team] know everything—time, place, login, password, career. And this supposedly just by remote methods.” As Venediktov and others say, the FBI must have had insider information.

Where did the leak come from? Putin obviously wants to know. When he spoke at a news conference with Trump in Helsinki on July 16, he suggested that Russia and the U.S. cooperate in the investigation by having members of Mueller’s team come to Russia and take part in questioning the GRU officers. (As The Daily Beast reported, this is not nearly as generous as it sounds. When British investigators looking into the murder of former Russian agent Alexander Litvinenko went to Moscow, they found themselves thwarted and put under surveillance.)

“With Putin everything is personal.”

— Marina Litvinenko, widow of murdered Alexander Litvinenko

Although it is the job of the FSB, as a counterintelligence agency, to find spies and potential traitors within the military, there is some speculation that FSB officers passed information about the GRU’s hacking operations to American intelligence.

Back in December 2016, by which time the GRU had been exposed, some high-level FSB officers in the FSB’s cybersecurity unit were arrested and charged with treason. (One, Sergei Mikhailov, was physically removed from a meeting with a black sack over his head.) The treason case has been kept a closely guarded secret, but Russian insiders suggest that Mikhailov and his colleagues were motivated by the long-standing rivalry between the FSB and the GRU to betray the GRU. According to some sources, money was also a motive.

Of course, the GRU is no stranger to defections and international scandal. The first major spy case to erupt after World War II, igniting the Cold War, occurred in 1945 when a GRU cipher clerk from the Soviet Embassy in Ottawa defected, taking with him reams of secret documents that showed the Soviets had an atomic spy ring in North America.

Then there was the infamous GRU Gen. Oleg Penkovsky, who tipped off Britain that the Soviets had missiles in Cuba—and was executed for treason in 1963. Much later, Sergei Skripal, who for several years cooperated with MI6, provided hundreds of names of his fellow GRU agents before he was caught in 2006 and charged with treason. In 2010 he was handed over to Britain as part of a spy swap, and earlier this year he was poisoned.

British authorities are now saying that the GRU carried out the U.K. murder attempt on Skripal, apparently because Skripal betrayed the agency. Investigators reportedly have evidence that the GRU hacked into the email of Skripal’s daughter, Yulia. But revenge against traitors is traditionally up to the FSB. Recall that the 2006 poisoning of Litvinenko in London, shown by the British High Court Inquiry to be the work of the FSB, was preceded by the July 2006 enactment of a new Russian law that specifically authorized the FSB to carry out assassinations abroad.

But maybe we in the West should stop trying to figure out which Russian security service has been doing what to us. After all, the buck stops in the Kremlin. Putin is a hands-on leader—a KGB veteran himself—who calls the shots on just about everything from assassinations of alleged traitors to revenge against Western politicians he resents, like Hillary Clinton. As the widow of Alexander Litvinenko told me once, “with Putin everything is personal.”

https://www.thedailybeast.com/this-russ ... everything



Businessman Mikhailov demands that Insider remove two articles about his membership in Solntsevskaya gang


Sergey Mikhailov
MAIN

12:39 Dmitry Mikhalchenko charged with being OCC leader, its members – with final indictment
15.08.2018 Policemen seize arms cache of local shot caller
12.08.2018 Russia calls Turkey for explanation over detention of ex-Chechen Federal Migration Service head’s daughter
11.08.2018 Hotel in Abkhazia gets caught in center of gang fight


In 2016, Mikhailov took advantage of the right to be forgotten, demanding that Yandex and Google delete the hits on requests "Sergey Mikhailov Mikhas," "Sergey Mikhailov Mikhas Solntsevo," "Sergey Mikhailov Solntsevo" and other similar wording.

Businessman Sergey Mikhailov demanded that Insider to remove articles about his membership in the Solntsevskaya gang, the edition says.

Mikhailov is called a gang member in two articles: "The Spanish investigation: head coach of Lokomotiv Semin and deputy Shamanov have ties with Solntsevskaya gang" and "Gangster Party candidate: Trump’s ties to Russian organized crime." The businessman said that he "did not permit to use his photos."

Insider stressed that Mikhailov's permission to publish his photos is not required since he is a public figure. Also, a photo taken from the materials of Spanish law enforcement agencies "is demonstrated in the context of a journalistic investigation of policy relevance."

"As for the membership of Sergey Mikhailov (Mikhas) in Solntsevskaya gang, the Insider quotes the data of the Spanish investigation, the FBI, and Russian Wikipedia, so the editorial board offered him to address these people," the newspaper writes.

Sergey Mikhailov repeatedly appealed to the courts out of his ties with Solntsevskaya gang. So, in the fall of 2017, the court ordered oppositionist Alexey Navalny to remove the article, in which Mikhailov is called "the leader of the Solntsevskaya gang." Mikhailov's suit against RBC was not granted. The businessman insists that the Solntsevskaya gang does not exist since it is not registered anywhere.
In 2016, Mikhailov took advantage of the right to be forgotten, demanding Yandex and Google delete the hits on requests "Sergey Mikhailov Mikhas," "Sergey Mikhailov Mikhas Solntsevo," "Sergey Mikhailov Solntsevo" and other similar wording.
https://en.crimerussia.com/organizedcri ... n-solntse/