Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Active Measures’ Category

Russian Active Measures: Propaganda, Targeted Ad’s, and The Mob

leave a comment »

Handbook of Russian Information Warfare 2016

 

With all the talking heads on CNN expounding on the ad buy’s in Rubles and the oblique presentments by the senators yesterday on the Russia collusion investigation on C-Span, I felt the needs to drop some knowledge. All of these measures are not new but it seems like the general populace, the government, and the media all cannot comprehend that fact. Propaganda has been around since the dawn of civitas and today it is just more able to be used more nimbly in our hyper-connected society. With the advent of social media, the use of propaganda has been been turned into a more precision tool using demographics, analytics, and a medium that engenders itself as a new asymmetric warfare tool and this should be no surprise to anyone.

Propaganda has long been a tool for the radio, print, and television media to be paid and or tricked into releasing content that serves one of the political masters out there. However, the new wrinkle is the heuristics of computing and social dynamics data thereof of all the data points that we now collect on everyone who is using the internet or sites like Facebook, Google, or Twitter. So much information is collected today that it is possible to accurately determine how a person thinks and acts given their preferences and their secret activities that are seen by the algorithms inside these systems. Unless someone today takes greater pains to obfuscate their activities, companies, and governments can easily mine that data for ammunition to create such things as the black propaganda we saw used in the 2016 election cycle here. Since people really don’t pay attention to the other countries out there, they too would have seen the same measures used in places like Ukraine if they had been paying attention.

Previously I had posted about such measures in Ukraine that included the whole cloth creation of a media company to manipulate the populace there with propaganda as well as the use of malware to spy on the populace. Today I am covering the precepts of the use of our own systems of social media as well as our collective group psychologies to sow chaos. Given the outcomes in the 2016 elections and the continued attacks on our psyche’s by Russia post election we now have a pretty good idea of how the dynamic works. One must though take into account that human nature plays the largest roll in this type of warfare for it is the base of the equation that the Russians are trying to manipulate. The targeting of ads to key states and cities was just a targeting mechanism to the overall more targeted PSYOPS operation that was at play. The Russians parlayed the divisions within the US by creating echoes within already nascent echo chambers for those who are of like minds on social media systems. Once the psychology was worked out it was just a matter of locating those pockets of people and then creating the media (e.g. fake news) to feed into those systems and agitate those people into a frenzy.

Once again, human nature was keenly leveraged to sow chaos as well as being a vehicle for those noise to signal messages (dog whistles) for the believers and I can appreciate that. Frankly I am in awe of the techniques used while at the same time I am concerned that there are no real ways to mitigate these kinds of attacks due to that said same human nature. We all have our bias’ and we all ascribe to our own echo chambers whether we do so consciously or not. Social media in itself is the perfect medium for this and we just fall into place as the lizard brain takes over. So when people today ask the questions around how to combat this type of thing I often say that there is no real way to stop it. We can of course use people to look at ads like Facebook is doing now, having hired or in the process of hiring thousands to do so. Or we could just look at the ad buys and insure that they are not being paid for in Rubles… But these means are clunky and the adversary has many other options so in the end it will not work.

The ongoing Senate investigation into collusion and the Russian active measures campaign in 2016 has many people also asking specifically about the targeting data. Did the targeting data come from the Trump organization? Well, yeah, it may well have come from them or it could have just been collated from online searches and a working knowledge of the electoral system. You see, this attack was simple enough to calculate if you wanted to attempt to win the electoral college. One can Google the states that are key to winning the electoral vote but it is the fact that it seems the targeting went down to actual names and addresses that matters. I for one would be asking Cambridge Analytica about that data and how it may have come into the possession of the Russians. Now it is possible that the Russians had their own parallel program for this, or it is also possible they hacked into Analytica for it, and as far as I am aware of no one has asked for a forensic analysis of CA’s security there. Of course the data could have been handed off by someone like Paul Manafort as a quid pro quo (black caviar) right? Or perhaps it was Jared as a means of paying off his Russian friends in hopes of a loan to cover his bad real estate debts? I also think that it is possible that the rolls hacking that happened in the same time frame could also be the answer to this. It is possible that all those rolls were copied, sifted, and used for targeting of propaganda at the final stage of the race to the White House.

At the end of the day though, the problems of social media, cognitive biases within the populace and the mob mentality that humans tend to fall into (Republican/Democrat/TeaParty) will not be going away. We are creatures of habit and limited by our own brain biology. Do not expect that knowing that there is a propaganda campaign will stop those willing to receive it from buying into it whole heartedly. Social media isn’t going away anytime soon and the idea of algorithms being the key to stopping this is a falsehood. It all really just matters how you consume this media and how you react to it. If you fall into the echo chamber of cognitive bias or bent, then you will likely become a part of that machine and not be able to separate the truths from the bias truths that you personally ascribe to. So when you all ask how this happened remember that we are the culprits, the people.

K.

Written by Krypt3ia

2017/10/05 at 14:51

Nyetya, Being Downrange, and Active Measure Campaigns in Ukraine

with 2 comments

 

While all the AV/TI/INFOSEC firms have been masturbating to the latest outbreak of systems degrading malware, I have been sitting back after insuring that my environment has not been hit nor anyone connected to it. Since the reversal’s and the inevitable attribution fuckery cycle has spun up I have been pondering things outside the usual whodunnit. Lesley Carhart had a good post on why one should worry about such attacks and this kind of malware that people should read, I want to go a different route. What I want to talk about is motivation and with that motivation, yes, who is more likely to have carried out the attack. In this case we have yet another piece of malware that was either well coded or poorly coded depending on who you talk to. It was targeted or not targeted depending on who wants to sell you a service too. Well, I have nothing to sell you all, I just want to point out some interesting things regarding the whole mess.

The one simple fact that the malware used a Ukrainian tax software (MEDoc) as the means of initial attack is telling. The time-line on this also pretty much shows (and I experienced this from messages to me the day of the incident) that Ukraine was patient zero. By looking at the image below from the linked page you can see that a great swath of Ukrainian infrastructure was hit on the 27th. Coinciding with this malware attack later in the day several military and government individuals were assassinated in Ukraine as well. Are you starting to see a pattern here?

Recently Wired had a big article on how some in the security community had been feeling that Ukraine was the testbed for Russian active measures in the cyber warfare battle space and this is something I agree with. They have been using active measures of this nature for some time. In fact I actually located some malware in dumps of the Russian media company created by Putin to be a propaganda and intelligence wing for Russia in the region last year. The attacks on the Ukrainian elections as well as the electrical grid now twice by “unknown actors” (Russia) (insert stupid code name from TI firm HERE) have shown just how willing the Russians are to use such technologies in the region. Understanding what they are doing though needs more than the myopia of reverse engineers and sales people in the security space to impart that to you so I will put it plainly here for you;

  • Russia is carrying out an all out war against Ukraine and they are now using the means to an end of malware to deny, degrade, and deter the Ukrainian people and their government from being their own.
  • Russia’s use of these malware attacks have a secondary but important function psychologically to bolster the idea that the Ukrainian government cannot protect itself nor its people
  • Russia’s use of these kinds of measures is just another part of the playbook to add to the battle-space

The Russians get the advantage of using these techniques on Ukraine and no one is stopping them. They get  the advantage of a smaller state infrastructure to attack which means more amplification of the effects on the populace as well. In larger states it is harder to carry these out and obviously would take much more effort. In fact, in the case of the Russian meddling in the US elections last year, one can see how much effort it took on the Russians part to carry out the attacks but as well, how a larger and diffused infrastructure gives varying levels of returns. Alas, for poor Ukraine you can see just how effective at degrading and perhaps disenfranchising the general populace can be with such attacks on their infrastructure. I heard one comment from a Ukrainian that just bespoke their resignation to the interruptions as they happen so much. All of this though, demoralizes the population and in the case of Ukraine, since the Maidan event, they have fought hard to stay free and that is why Russia is ramping up their attacks.

So yeah, my money is on Russia and I will stick with Occam’s razor on that one. Now, on other thoughts about this malware and Wannacry I just have to once again muse about how we have now reached a place where malware is reaching parity with bio weapons. I say this in the sense that malware like Nyetya and Wannacry both had unintended consequences once released either willfully for by accident. They broke out of their cages, their battle-spaces, and began to infect the populace globally. Instead of having some poor shmuck getting on a plane and infecting the world, we now have malware that is either scanning the net for clients to attack or being sent out and then forwarded by accident (or on purpose) by actors. Could some of the infection vectors and trajectories be chaff to obscure the real targets? Sure, but I think in these last two cases the attackers perhaps did not take into account the interconnectedness of the world today.

….Or that’s exactly what the counted on…

Anyway, those are my thoughts on the subject. We are at a crossroads where malware like this can cause headaches but in the end, the world did not end did it?

Did I miss it?

Damn.

EDIT: I also failed to mention that this attack took place one day before their Consitution Day, ya know that thing where they proclaim they are not a part of Russia. Mmmmmyeah…

Wednesday June 28 Constitution Day Marks the signing of the Constitution of Ukraine in 1996

K.

Written by Krypt3ia

2017/06/30 at 14:13

Active Measures

with 2 comments

191

I have been in a funk of late. Since the election I have been less and less inclined to write anything and when I have of late I have only seen it stolen by politico hacks and taken in directions that lean to the more salacious. Now as I sit here this last week seeing the headlines as leaks keep dripping out from the IC and elsewhere on the Putin/Money/Russia connections for several of Trumps inner circle I feel some perspective is in order. Many of the pundits and journalists are holding court on TV and on radio asking why Putin may have done all this and the answers have been been interesting and somewhat consistent. Those in the know, those who have lived in Russia or have studied the country and the leader have given a pretty good assessment of his mindset and his brand of nationalism. One of them today actually called Putin’s Russia “Neo Soviet” which I would agree with very much. He of course was relating that comment to the state media there and the propaganda control that Putin has over it as well as the methodology updates given to it.

I myself was there in Germany when the wall fell (got a piece here somewhere in the bat cave) and I had been to Russia briefly so I have a taste of what it was like then. I have also spent a lot of time reading the history of the era as well as having lived through it so all of this new “Cold War” talk makes me feel at home again and at the same time rather twitchy about the whole deal. Suffice to say though, the cold war never really ended with Putin’s ascension to power after Yeltsin, perestroika,  and Glastnost. Those who have not been paying attention, and those who fail to read about history need to open a book now and get a sense of what is playing out here today on the geopolitical sphere. This is an incredibly scary time with Trump in the White House and Bannon working the levers of power behind him. With that admonishment, I will ponder the angles here and maybe you all might get something out of it.

Assets and Useful Idiots

As the leaks keep coming out we are seeing more accusations of players within the Trump team of their having meetings with certain “intelligence” officials from Russia. That we have not heard names is vexing but here is another fun fact that will make it even more problematic. The salient fact is that many within the halls of power in the Putin kleptocracy also have intelligence backgrounds and this is something that Putin put into play himself by hiring on people that he could notionally trust or, more to the point, control. So when someone from Trumps team met with a Russian that they “thought” was just a business man or woman, may have in fact not only been a business person but also an asset for Putin and his services (GRU/SVR/FSB) So some of these people might be classified as “useful idiots” and by the vary nature of their so called communications or meetings, might have been unwitting assets for Putin’s Russia.

On the flip side of this there may be room for some of these players to have had “kompromat” used against them to make them more pliant to become an asset. This type of allegation has been made at least on Trump from the notes put together by Christopher Steele, the former MI6 case officer who has since gone underground after his notes were printed by Buzzfeed. Currently though, no one has come forth with a leak of intelligence saying that any of the six or so people around Trump (as of today) had been compromised by Russia. That is not to say that they haven’t been and one has to take this into account in trying to understand what may have played out with these contacts and meetings alleged to have been carried out as a means to an end.

Money: If these meetings took place the likely aegis behind this for many seems to be money in some way. Better relations with Russia, being in the inner circle of Trump should he win, would grant much more opportunity to make money right?

Access: Access to anyone within the inner circle of Trump would be something any country, person, or business would seek to curry right? In the case of the Russians desiring this access would be on the face of it the same. Additionally the access would also perhaps allow for chances of further access and kompromat too. This all would lead to the last point.

Control: Whether or not you have kompromat on the players and ultimately access to Trump (if there is no direct kompromat on him to start) then you are in a position to control your asset that is close to the president. Perhaps with this control you could seek means to affect policy, certainly with that conduit you would have a window into the inner workings of the highest office in the US so that is not bad too.

In all, these contacts with Russian case agents or assets of the Putin regime constitute a real problem for the US and as such they should be looked into fully to determine if there has been compromise to anyone near the president if not the president himself as some are claiming. Even had we not had all the hacking and active measures that we know happened in the run up to the election, I for one would be asking questions if my IC had information they were willing to commit to paper about connections between senior people in the campaign and Russian’s period. Now that all of this is coming out, it is kind of hard for me to countenance the Republicans resistance so far in calling for a fuller investigation of these reports. It seems partisan politics outweighs good conscience these days.

My final thoughts on the likelihood that there are Russian assets within the ranks of the inner circle at the White House is that on some levels these people, if they have been meeting with the Russians all this time, were talking about the campaign as well as what future state there would be regarding Russia and the US in a Trump administration. Whether or not there was kompromat or not, even at the lowest level the consciences of these people must have had the moral compass working enough to know that they were being used and or were part and party to manipulation. In as much as the players so far have been fired from the campaign before the election as well as lied to the VP and then tossed out (Flynn) concerning their connections to Russia and Russian assets of the intelligence community to me, kind of says a lot.

They know they were wrong. Enough to lie about it in order to hope to skate on this.

Were they plotting a soft coup of the US?

No. I don’t believe that really.

Where does that lead me? Well, that leads me to believe that there is room for investigation into this as well as room to question just how much connection Trump has to Russia as well. This plays to the whole money angle too. I am willing to bet he has a lot of Russian money and monies that came from intricate shell corporations that bespeak international players in the intelligence and crime worlds. Does this mean though that I think trump was a cutout Russian asset set to run for the White House?

No.

I just think that he was the quintessential “useful idiot” who had needs that Russia was willing to fill because they could use him. It was just added bonus that he had said he would run for office so many times over the years. This was a bid to hedge the Russian intelligence communities and Putin’s bets …And boy did it pay off. Though now that chicken is coming home to roost and Putin ain’t so happy anymore.

Goals

Right, so what were the goals with the active measures that Russia took against the election? Well, for that you have to look into how Putin thinks and boiled down, what Putin wants is to put Russia back into the seat of power it had both pre and during (a hybrid) the Soviet era. At the core Putin is a control freak and likes an ordered universe that he can control. So, when the Clinton’s were pissing him off by pushing the boundaries of Russia with NATO as well as what Putin saw as provocateur-ism in the Arab Spring and Maidan, well, he got pissed off. Ultimately then Putin sought to stop the momentum that the US may have fomented elsewhere in the world and would have continued doing had it not been for the new autocratic and nationalist notions that Trump has for the US in his administration. Though it is thought that Putin did not think Trump had a chance to win (someday we will have the conversation again about hacking the vote, but not now) it would have served Putin’s raison d’être to cause as much static and instability as he could in our system to benefit him.

The hacks on the DNC were just one level of play that we saw because it was blasted out by Wikileaks. The successions of leaks, trolls, fake news, and the like caused a firestorm within the political system and the country. It exacerbated the problems already in situ with Tea Parties and the like and opened it all up to a coup of a sort for the Alex Jones’ of the world. If Putin had had a real sense of the outcome I think he may have peddled back a bit on the active measures because now in Russia no one talks about Trump anymore… Per order of Putin. You see, Trump is no longer an asset anymore …He has become an unstable liability. This is what happens when you elect someone like Trump and now we have to live with it for at least 4 years barring some spectacular flame out and impeachment.

Anyway, back to the goals here. I personally agree with the sowing of doubt and static to cause malaise theory that has been put forth. I also think that Putin is shrewd enough to have contingencies in mind. So if Trump had won he would have someone in office that he knew he could easily goad and or control with social engineering. By this I mean that there may in fact be kompromat on Trump and both these guys know it. Trump, may have money deals in Russia he would like to hide (those pesky IRS files) as well as having some low level compromising video of golden showers. Maybe there is just video of him (real or maybe edited) to make it look like Trump had a good time with the worlds best low class hookers in St. Petersburg! I guess time will tell but all of these things together and or apart could make Trump more maleable to sway from Russia right? All in all, this was well played by Russia and worked I think beyond their expectations. Frankly I think it is now bordering on complete blowback because Trump is so inconsistent and reactive that were he cornered he might become a little too random for the order loving Putin.

There is a win though for Putin that he will continue to play out in other elections. All of the movements toward nationalism in the US and other countries will free him up to act and attempt to get his Tsarist/Soviet greatness back. He will continue to push the borders in Ukraine and other places until he has more control over them and in the end, expands Russia back to what it was. This is his aegis, his love, and his end all be all.

Control.

Money.

Lands.

Greatness in the eyes of his people.

Future State

So where is all this heading? Well, I think that Putin will continue his conquest and games unfettered while the US is in the hands of Trump. The inward looking nature of what Trump seems to be putting out there will allow for Putin to do his thing and if there is compromise on the part of this administration it will be used to profit Putin. If the IC and Justice cannot make a solid case that there was collusion on the part of Trumps minions, then the balls are all in Putin’s favor and he will use them to the max …Provided he can actually control Trump with some modicum. If however, the IC and Justice come up with the goods though, we are about to be in the middle of an ever bigger shit storm than Watergate and Nixon frankly.

Imagine the fallout should the goods be presented that Trump in fact did have kompromat on him and acted as an agent of Russia? Imagine if he is just found to have been played by Russia and his people around him were tools of that manipulation? Both scenarios lead to a Putin win in that Trump and the US will be in turmoil and encased in political amber. All of this bodes ill for the country and our politics. It really was just a matter of time though in my opinion, after all, we did have the notion back in the day with the Manchurian Candidate but this …Wow. My only hope is that the partisanship can be breached long enough to get at the truth … But I don’t have too much hope on that unless it is forced on them by the FBI.

in the meantime… smoke em if you got em kids. It’s gonna be a bad time.

K.

Written by Krypt3ia

2017/03/02 at 19:03