Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Active Measures’ Category

USA Really: New IRA Troll Farm Site and Twitter Account

leave a comment »

So this morning I saw a tweet come across the feed by RVAWonk that was proclaiming that the IRA was back with a new site and the fuckery was pretty much just naked on their part. In the article she goes over the salient technical details of the site and the accounts. It also has another nice linked post that does a bit more in that area as well and I recommend you all read that too. However, I took a bit of a deeper dive looking at the site itself and it’s coding as well as did some Maltego mapping of it and the Twitter account. My overall take on all of that is pretty much “meh” … What really intrigues me and has been bothering me for some time now is that everyone is busy mapping all this shit but the fact of the matter is that mapping does not stop the cognitive dissonance that the Russians are playing on to win this game.

The Russians here are basically at a point where they aren’t even trying to hide the fact that the site is a Russian propaganda/disinformation effort and this is the important fact we all seem to be missing in this community. This shit works and even though most people do not have the technical abilities to look deeper into the code and the domains, it is pretty plain when you look at the site itself where they use Cyrillic and Russian in their image names and such that it is in fact a Russian operation.

We will all likely go down the rabbit hole on the how many followers they have on Twitter and who they follow. We will collate all the data and sift it and parse it all to put out reports on how they did this. My problem though is that we can investigate the shit out of this all we want but unless we come up with strategies to deny, degrade, or destroy the content, it will reach those tribalists out there who want it and the damage of 2016 will continue on unabated. What’s even more galling here is that the Russians have basically pulled a Babe Ruth by announcing this site and putting it out there so flagrantly with cyrillic in it and on domains owned by a russian domain hosting service. In reality they just gave us the bird and we are now going to just have to sit by and watch as they inflame the Trumpists to hopefully affect the mid terms with this crap.

 

Of course maybe Twitter will catch on here and swat this account offline? You hear me Jack? … *tap tap* this thing on?

 

Oh well, so there’s a new site and it seems they have also employed an SEO in there as well. The site has a lot of means to track posts, likes, geolocations etc as well. I have mirrored the whole site and am still poking through the code. The SEO is a new old site too with an anonymous domain resister back in April of this year that likely is also the Russian’s doing as well. I am sure many of the community will keep an eye on it as we go along so someone will eventually write about this as well with rapt verbiage not really doing anything about the problem as well.

 

So here’s my thing, we are all spending all this time nattering on about it but what can we do to stop such propaganda sites and Twitter accounts from spreading the mind virus? If we cannot stop them, how can we innoculate the general public from the effects of such mental plagues? These are the questions we should be asking and I just don’t hear it happening. I know that it is a rich and difficult problem dealing with the psyche and cognitive dissonance but we really need to lay off all the techno babble and focus on real solutions. Solutions that conern the human animal, not the technology kids. The Russians already know this and they are leveraging it. I mean, how much more blatant do they have to be? How about they just post billboards now in Cyrillic for Trump in all those Trump states?

Focus people.

K.

Written by Krypt3ia

2018/06/06 at 13:38

Russia Insider: How A Connecticut Gold Coast Boy Grows Up To Be A Russian Troll

leave a comment »

I was recently looking at some stuff online about the Skripal case and came across this guy and his site through a link from an article. The article was on a guy who also has been evidently poisoned by Russia (biotoxin this time) in France but they make reference to Inside-Russia as they wrote about the case evidently. Anyway, the Inside Russia thing intrigued me because the guy who started the site and still runs it is from my neck of the woods (Greenwich Connecticut) on the gold coast as we call it here. Evidently Charles J. Bausman, a 53 year old American (ex… Patriot?) who now evidently lives in Russia, runs the propaganda site known as “Inside-Russia” and works in finance, or agro-business finance. At any rate, the site is quite the nest of pro Putin propagandist and antisemitism. In looking around I had to wonder just how a kid from Connecticut who went to a swank prep school here and Wesleyan University (somewhere I went for a summer) ended up a Russian propagandist front and allied with a couple oligarchs close to the Kremlin?

Bausman’s Resume in Cyrillic sent to an Oligarch in hopes of getting financing

Bausman say’s he was born in Germany in 64 and travelled a lot including a long stint in Russia (Moscow) when his father was on a “long business trip” which is to say that his father was bureau chief for the AP back in the old Sov days. John Bausman III was all over the place as an AP reporter but that time in Russia seems to have affected Charles quite a bit. I am not sure just when and how Charles became a Putin propagandist but the site he set up started in August 2014 and has been gaining momentum ever since. In doing all the background on Charles I had to wonder about his father, which, I could not find too much on other than his obit’s online.

I have to wonder just how his father felt about his son’s Soviet/Putin leanings after he started the site, which by the way, was registered with the house in Greenwich where they Bausman’s lived in Greenwich CT. As John was older, perhaps he did not really get to see the site or know much about it. Maybe he did and approved of his son’s leanings? I am not sure, but suffice to say that it may be their travels in the Baltics during the old days might have affected his young son profoundly. I can imagine that if he wasn’t home schooled, he may have been indoctrinated by the Soviet state in some way in his youth. I just don’t really know, but, the other thing that kinda crossed my mind again and again was what were John’s leanings on all this? Like father like son?

At any rate, the son is an out and out Putin “Praetorian” as the book “Putin’s Praetorians” claims and evidently Charles could not resist writing a review of it on Amazon. In fact Charles enjoys his titles as even on his Twitter feed, he boasts of being one of Louise Mensch’s “Russian Trolls” which is I have to say Amusing as I myself am blocked by her because she is an idiot hanger on of the jester. Anyway, if not a troll, what Charles is is, a propagandist tool. Or, I should really say a “would be” tool because he is not trying to hide his identity and is fairly open with his propaganda claptrap he is trying to sell the the conspiracy masses. His site is a “collective” of writers he says, but in looking at them only a few are named and one of them, Anatoly Karlin, is a straight out conspiracy Nazi connected apparatchik for Putin.

Now, on the account of this site being akin to the IRA, well, no that is not the case. However, the Twitter feed and the content is pretty popular and has been rising over the last couple years, peaking in January this year as everything went to hell concerning the RussiaGate story. I would not be surprised if anyone were to do some more mining and find that accounts proximal to the IRA Twitter accounts might have this on their feeds as well. While all of this spin and energy has been building though, Charles has been hungry for funds to continue his work, even though he is some kind of finance wizard according to all his degree work and jobs over the years with Russian banks and the like.

 

You can donate to Russia-Insider on their site and they take bitcoin and paypal as well as a couple other more obscure payment schemes. Evidently “citizen journalism” costs the big bucks! While his bitcoin wallet has had no transactions at all, I have to wonder just who is paying for his site and activities. In 2014, just after launching the site he exhorted Alexey Komov and Konstantin Malofeev that “I still need money!” which can be seen in the screen shots above from emails that I got from Shaltai Boltai’s dump of Malofeev’s email spool. I went through all seven hundred plus emails and found no more than those you see above. So it is unclear whether or not the Kremlin connected Komov and Malofeev ponied up money but they seemed amenable to it in the emails that I saw. I am going to assume that since the site is still up and that Bausman has added a slew of other domains, he has more plans and that he also got the funding to start. Only time will tell if he moves further and activates the other sites that he owns.

As you can see, if he had it his way, perhaps Russia-Insider would not be the only “insider” site that he could be spreading propaganda with. It is interesting to note that the countries he has chosen to create domains for are all ones that the Russian state would be interested in targeting propaganda at. I am not really sure what the “Cadmus” site would be all about but if you know your history, Cadmus was a slayer of monsters in the Greek pantheon. So far none of these sites has ever had content on them so there is nothing to see.. yet. Maybe if Charles gets his money he will someday have a media empire eh?

Overall, this guy is no clear and present danger but he is one of the lights in the constellation that is RU apologist propaganda. He isn’t RT or Sputnik just yet but he has ambitions to be I think. What really just makes me wonder is, as I said at the top, how does this kid go from US citizen to Russian propagandist? So many unanswered questions on this one for me. Was his father enamored with the Soviet state in the 60’s and 70’s? I mean it was no pleasure dome out there at that time no matter what the Soviet state would like you to think. Of course some might see Wesleyan and think that the left leaning’s of the school would only entice a youth to become more liberal, but jeez, I mean this guy is full on nutbaggy! Also, this guy still has everything listed in America as ownership goes! The Russia-Insider site before being set to privacy still has his parents place listed as the address! Choose a country dude.

Well, that’s about it on this one. Just a little heads up on this guy and a bit of background. I kind of have a yen to drive down to Greenwich and visit the Russia-Insider HQ just for shits and giggles. If anyone else has any tidbits they care to drop on me use the Protonmail acct. Until next time, keep watching these whacknuts.

Dos vidanya,

K.

Written by Krypt3ia

2018/03/19 at 18:46

Why I don’t Allow Reporters On My Feed

leave a comment »

Recently I posted about the Russian Troll Farm’s data being on sale for more than a year on joker.buzz, an auction site for RU hackers most likely to be affiliated with Shaltai Boltai (humpy dumpty). I went through the dump looking for metadata and to backstop the screen shots that were on the site as part of the proofs that the data was legit. In doing so I managed to find out quite a bit more on the infrastructure, players, and accounts that the SVR had set up to carry out the active measures campaign against the US election in 2016. Now having been a security researcher blogger all these years I certainly expect that others may see a story and write their own and often times this happens with a link back to my post if it is germane. However, in this case it kinda seems like Beast and the reporters who wrote the two pieces on their site saw my post and decided that they would just say they had “discovered” the joker.buzz site and the data for their own clickbait desires.

Post 1

Post 2

The fact of the matter is that Beast didn’t discover anything, if anyone discovered the story it was insider.ru who posted the story in Russia on the 21st of February. I cited them in my post as well as the joker.buzz url that the Insider piece had linked in the article February 21st. So no Daily Beast and “reporters” thereof, you did not discover this nor did you even have the decency to link back to either pieces in your story. I find it funny how I post on February 26th and four days later the Beast is claiming to have “found” this site and the juicy data. What’s even worse is that Beast just goes on about accounts and tracking them back to people while the real story should be that the data is genuine, it shows more of the inner workings of the troll farm aside from the accounts on Reddit and other places, and that either an insider had been selling the data or they had been hacked for over a year and we all missed it.

At first I griped a bit on Twitter about this but I was willing to let it go until one of the editors at Beast wanted in on my Twitter feed all of a sudden. I allowed it and watched for a couple days. They did not attempt to reach out at all so now I am pretty sure they were fishing for more to rip off of my site or my feed and possibly claim it as their own “investigative journalism” cum click bait. This was the last straw, and with a word from another reporter who exhorted me to do a write up about this.. Well here I am writing this piece that I am kind of ambivalent about. I don’t want to come off as just some asshole saying “I DID IT FIRST!” but the fact of the matter is that this has happened on more than one occasion and of late more so (looking at you Franklin Foer on that Atlantic article on Manafort)

So, Beast, at least credit the Russian’s (insider.ru) for seeing this first and reporting on it even if you can’t bring yourselves to link back to my post which I am pretty sure was the tip off to what you claimed you “discovered” In fact, you should really do your own research and stop leeching off of others you yellow journalism hacks. Shit, you even really didn’t do a good job at parsing all the data in those screen shots! You really have not added to the knowledge base here on the Russia investigation.. But you sure did re-create the “Penny Dreadfuls” of the 19th century!

K.

Written by Krypt3ia

2018/03/05 at 17:43

The Insider and The IRA Data That’s Been On Auction For Over A Year

leave a comment »

Today a tweet was directed at me concerning some new information posted on a Russian news site back on February 21st that no one in the US media seems to have noticed nor the NATSEC community. In fact, I had not seen this and I kinda have chided myself for not paying better attention to the Joker Buzz site that the data was for sale on, for a year! I had actually been on their site(s) in the clearnet and darknet and thought I had posted a blog about the notion of the site and what they sell but I can’t seem to locate it. I guess maybe I just tweeted about it and moved on …My bad.

Anyway, the post on The Insider has the skinny on how a user there named “AlexDA” had ALL of the IRA’s internal documents on the active measures campaign for sale for over a year and no one really took notice. This means that we could have bought the data and had all of the actors, their data, and their METADATA if we had only seen or purchased them back in January/February 2017. What’s more is that had we had this intelligence in the open much more could have been easily available for the general public to be aware of how this was all working and what to look for. Of course now after the Indictment by Mueller of the 13 entities the op has been completely blown and the infrastructure is likely not to be operational, but, we could see operational details and OPSEC mistakes that the players made and extend that to the upcoming years election cycle and Russian influence and active measures campaigns to come right?

Even so, big things are in the small details even within the offering itself that AlexDA is making on JokerBuzz. I have been going through the images from the auction site that Alex put up to entice and prove that they are legit and here is what I have found by doing my thing as usual mining:

Proxy IP Space Used:

In the offering images you can see that AlexDA tried to obfuscate the last couple octets but if you look real hard you can see the numbers pop up. Of course if you just take the first two or three octets and you put that into Google you can see what pops right up. So, the first thing to see is that the service mentioned in the indictment is actually Total Server Solutions LLC out of Plano Texas. I would like to call your attention to how much “Texas” was involved in many of the Twitter and facebook accounts that were super patriotic. It was mentioned in the indictment that they rented the server space to appear that they were in the US. Well, there you have it kids. The data fits and it makes sense that they would try to do this to appear as if they were in the US to fool first pass looking right? I ran an Nmap of the /24 and as you can see if you look, there are some proxies, port 80 and 22 open but none are available to access at this time, so maybe they went back to being just space owned by Total server… I would hope though that those there servers had been, ya know, collected on by subpoena by the FBI right?

Wink wink nudge nudge.

 

Meanwhile, there’s a bunch of servers/IP’s listed in the images as well that are in Russia using port 8888. I haven’t looked at those with Nmap but they are VPS as well so maybe they are still in play. Suffice to say though, it is interesting data and could lead to more things coming to light if you look into them a little further. If you want to play the home game please feel free. I will be circling back over this stuff in the near future and enlightenment will be posted here when I have it for you all.

Alias and Users To Search:

Gee, look at all those aliases man! I have yet to dig into these and I am sure some are already known but you now too can play the home game! Take a look and see what histories you can find on these accounts/nicks. I am willing to bet we can put together quite the timeline and then use that as data to look at future attacks as well. All those Blacktivist accounts though were the appetizer to what I saw next in the screen shots. Alex gives us a whole thing to work with in the image below and if you start digging on that you can get some good stuff.

 

http://aktivnyye.com/t/20171013-blackmattersus.html

Nolan Hack, a name that I believe others have seen in the press accounts, has a Facebook page, a phone number, and a site blackmattersus.com that is in fact still live but not updated since 2017 it seems. His Facebook is live still as well (Why no take down Facecult?) I looked up his details on there and the blackmatersus site and what I came back with was a cell phone out of california marked as a bad number and a site that has been around since 2015 that was registered anonymously and kept so throughout the time it has been up.

http://aktivnyye.com/t/20171013-blackmattersus.html

I am sure with more digging on the name (Nolan Hack *amusing*) I can put together more of the breadcrumb trail to show the cutout’s actions. Maybe in a post to come, but suffice to say that this data also is legit and tracks with everything we have been told by the IC and the news up to today on the active measures by the IRA.

Passwords:

Amazingly enough in the screen shots given on the jokerbuzz site you can also see where Alex tried to remove at least half the passwords in a couple posts. I immediately knew what the password was because, I mean, come on! The phrase “Greed is good” is a classic line from Wall Street and Gordon Gekko. If you look close enough at these images though you can make out the lower part of the G so you know it is that. Now we have to work backwords on those accounts and get the full data in order to attempt top maybe log into them and see what intel we can gather from them (see below for lower part of the g) It also amusing to see that these guys were sloppy and re-using passwords in various accounts. If we get the accounts right I am betting we could own them all and gather much more insight.

Greedisgood…. You guys amuse me.

Illegals Names and drop sites:

In amongst all the stuff is also an address and name where drops were made in NV used by the IRA and more likely the illegals who were in country. The address comes back to a known bad drop/company in NV that has a history of being used for Ebay scams. The cutout name of Gneeda Harris has zero history on first pass but I will look again and dig a little more. Maybe I can turn up something more on this ID but at the very least we have something more to work with than what the special counsel decided to drop on us.

Maybe the FBI can check this place out and see if they have had DVR’d video surveillance? Maybe this dead drop is still live? Are there still illegals in country that have been told to sleep? I wonder…

Metadata:

Lastly, or near the last thing I will cover here on this is the metadata. I used wget to pull down the jokerbuzz site and in the folder for the page of the auction are the screen caps used. Pulling those down and then running them through the old EXIF scan you can see that these captures were done September 28th and 29th 2016. The time stamp says +3hrs and that as of today they were done 1 year 4 months 28 days ago. So, back in September 2016, this data was in the hands of AlexDA and ostensibly about to be put up on Jokerbuzz. This means that either someone on the INSIDE decided to sell out the operation because they knew they were blown and wanted some cash, OR, someone hacked them and downloaded all this shit making the screen shots in September for the jokerbuzz auction. This in tandem with all the backstopping I just did shows that this data is legit and it has been on sale for at least a year and no one knew or was clued in enough to say anything about it.

Who is AlexDA?

Lastly, who is AlexDA? How did they get this data and what is the motive here other than money? Money mind you that they did not get in over a year as the auction timed out and NO ONE bought it. Now, I have been looking at who this may be and there is a case to be made that this dump came from Shaltai Boltai (humpty dumpty) a group that is now broken up due to arrests but has one last player on the loose. That player is in fact a guy named Alexander Glazastikov who has not been caught and may in fact be AlexDA. I will also point to the fact that if you look at the Jokerbuzz auctions there are a number of them from Shaltai Boltai offering all kinds of interesting data leaked from Russian operations. So, it is my guess that this is the case but just an educated one. I for one would like to have a conversation with AlexDA and see just how much he wants for the dump now that it has not sold in over a year. Maybe we all can crowdsource it?

Summing Up:

Anywho, this is what I found just by looking at the details here in the auction post. Imagine what we could have if we actually had all the documents? Hell, I would love to get my hands on them, prize out all the details and then pass it along to the feds. The data is legit, it has been around for a year online, and we all missed it man!

Hey AlexDA, you wanna just gimme that data for free feel free to reach out to my protonmail acct!

More stuff when I have it kids.

K.

Written by Krypt3ia

2018/02/26 at 22:55

Russian Active Measures: Propaganda, Targeted Ad’s, and The Mob

leave a comment »

Handbook of Russian Information Warfare 2016

 

With all the talking heads on CNN expounding on the ad buy’s in Rubles and the oblique presentments by the senators yesterday on the Russia collusion investigation on C-Span, I felt the needs to drop some knowledge. All of these measures are not new but it seems like the general populace, the government, and the media all cannot comprehend that fact. Propaganda has been around since the dawn of civitas and today it is just more able to be used more nimbly in our hyper-connected society. With the advent of social media, the use of propaganda has been been turned into a more precision tool using demographics, analytics, and a medium that engenders itself as a new asymmetric warfare tool and this should be no surprise to anyone.

Propaganda has long been a tool for the radio, print, and television media to be paid and or tricked into releasing content that serves one of the political masters out there. However, the new wrinkle is the heuristics of computing and social dynamics data thereof of all the data points that we now collect on everyone who is using the internet or sites like Facebook, Google, or Twitter. So much information is collected today that it is possible to accurately determine how a person thinks and acts given their preferences and their secret activities that are seen by the algorithms inside these systems. Unless someone today takes greater pains to obfuscate their activities, companies, and governments can easily mine that data for ammunition to create such things as the black propaganda we saw used in the 2016 election cycle here. Since people really don’t pay attention to the other countries out there, they too would have seen the same measures used in places like Ukraine if they had been paying attention.

Previously I had posted about such measures in Ukraine that included the whole cloth creation of a media company to manipulate the populace there with propaganda as well as the use of malware to spy on the populace. Today I am covering the precepts of the use of our own systems of social media as well as our collective group psychologies to sow chaos. Given the outcomes in the 2016 elections and the continued attacks on our psyche’s by Russia post election we now have a pretty good idea of how the dynamic works. One must though take into account that human nature plays the largest roll in this type of warfare for it is the base of the equation that the Russians are trying to manipulate. The targeting of ads to key states and cities was just a targeting mechanism to the overall more targeted PSYOPS operation that was at play. The Russians parlayed the divisions within the US by creating echoes within already nascent echo chambers for those who are of like minds on social media systems. Once the psychology was worked out it was just a matter of locating those pockets of people and then creating the media (e.g. fake news) to feed into those systems and agitate those people into a frenzy.

Once again, human nature was keenly leveraged to sow chaos as well as being a vehicle for those noise to signal messages (dog whistles) for the believers and I can appreciate that. Frankly I am in awe of the techniques used while at the same time I am concerned that there are no real ways to mitigate these kinds of attacks due to that said same human nature. We all have our bias’ and we all ascribe to our own echo chambers whether we do so consciously or not. Social media in itself is the perfect medium for this and we just fall into place as the lizard brain takes over. So when people today ask the questions around how to combat this type of thing I often say that there is no real way to stop it. We can of course use people to look at ads like Facebook is doing now, having hired or in the process of hiring thousands to do so. Or we could just look at the ad buys and insure that they are not being paid for in Rubles… But these means are clunky and the adversary has many other options so in the end it will not work.

The ongoing Senate investigation into collusion and the Russian active measures campaign in 2016 has many people also asking specifically about the targeting data. Did the targeting data come from the Trump organization? Well, yeah, it may well have come from them or it could have just been collated from online searches and a working knowledge of the electoral system. You see, this attack was simple enough to calculate if you wanted to attempt to win the electoral college. One can Google the states that are key to winning the electoral vote but it is the fact that it seems the targeting went down to actual names and addresses that matters. I for one would be asking Cambridge Analytica about that data and how it may have come into the possession of the Russians. Now it is possible that the Russians had their own parallel program for this, or it is also possible they hacked into Analytica for it, and as far as I am aware of no one has asked for a forensic analysis of CA’s security there. Of course the data could have been handed off by someone like Paul Manafort as a quid pro quo (black caviar) right? Or perhaps it was Jared as a means of paying off his Russian friends in hopes of a loan to cover his bad real estate debts? I also think that it is possible that the rolls hacking that happened in the same time frame could also be the answer to this. It is possible that all those rolls were copied, sifted, and used for targeting of propaganda at the final stage of the race to the White House.

At the end of the day though, the problems of social media, cognitive biases within the populace and the mob mentality that humans tend to fall into (Republican/Democrat/TeaParty) will not be going away. We are creatures of habit and limited by our own brain biology. Do not expect that knowing that there is a propaganda campaign will stop those willing to receive it from buying into it whole heartedly. Social media isn’t going away anytime soon and the idea of algorithms being the key to stopping this is a falsehood. It all really just matters how you consume this media and how you react to it. If you fall into the echo chamber of cognitive bias or bent, then you will likely become a part of that machine and not be able to separate the truths from the bias truths that you personally ascribe to. So when you all ask how this happened remember that we are the culprits, the people.

K.

Written by Krypt3ia

2017/10/05 at 14:51

Nyetya, Being Downrange, and Active Measure Campaigns in Ukraine

with 2 comments

 

While all the AV/TI/INFOSEC firms have been masturbating to the latest outbreak of systems degrading malware, I have been sitting back after insuring that my environment has not been hit nor anyone connected to it. Since the reversal’s and the inevitable attribution fuckery cycle has spun up I have been pondering things outside the usual whodunnit. Lesley Carhart had a good post on why one should worry about such attacks and this kind of malware that people should read, I want to go a different route. What I want to talk about is motivation and with that motivation, yes, who is more likely to have carried out the attack. In this case we have yet another piece of malware that was either well coded or poorly coded depending on who you talk to. It was targeted or not targeted depending on who wants to sell you a service too. Well, I have nothing to sell you all, I just want to point out some interesting things regarding the whole mess.

The one simple fact that the malware used a Ukrainian tax software (MEDoc) as the means of initial attack is telling. The time-line on this also pretty much shows (and I experienced this from messages to me the day of the incident) that Ukraine was patient zero. By looking at the image below from the linked page you can see that a great swath of Ukrainian infrastructure was hit on the 27th. Coinciding with this malware attack later in the day several military and government individuals were assassinated in Ukraine as well. Are you starting to see a pattern here?

Recently Wired had a big article on how some in the security community had been feeling that Ukraine was the testbed for Russian active measures in the cyber warfare battle space and this is something I agree with. They have been using active measures of this nature for some time. In fact I actually located some malware in dumps of the Russian media company created by Putin to be a propaganda and intelligence wing for Russia in the region last year. The attacks on the Ukrainian elections as well as the electrical grid now twice by “unknown actors” (Russia) (insert stupid code name from TI firm HERE) have shown just how willing the Russians are to use such technologies in the region. Understanding what they are doing though needs more than the myopia of reverse engineers and sales people in the security space to impart that to you so I will put it plainly here for you;

  • Russia is carrying out an all out war against Ukraine and they are now using the means to an end of malware to deny, degrade, and deter the Ukrainian people and their government from being their own.
  • Russia’s use of these malware attacks have a secondary but important function psychologically to bolster the idea that the Ukrainian government cannot protect itself nor its people
  • Russia’s use of these kinds of measures is just another part of the playbook to add to the battle-space

The Russians get the advantage of using these techniques on Ukraine and no one is stopping them. They get  the advantage of a smaller state infrastructure to attack which means more amplification of the effects on the populace as well. In larger states it is harder to carry these out and obviously would take much more effort. In fact, in the case of the Russian meddling in the US elections last year, one can see how much effort it took on the Russians part to carry out the attacks but as well, how a larger and diffused infrastructure gives varying levels of returns. Alas, for poor Ukraine you can see just how effective at degrading and perhaps disenfranchising the general populace can be with such attacks on their infrastructure. I heard one comment from a Ukrainian that just bespoke their resignation to the interruptions as they happen so much. All of this though, demoralizes the population and in the case of Ukraine, since the Maidan event, they have fought hard to stay free and that is why Russia is ramping up their attacks.

So yeah, my money is on Russia and I will stick with Occam’s razor on that one. Now, on other thoughts about this malware and Wannacry I just have to once again muse about how we have now reached a place where malware is reaching parity with bio weapons. I say this in the sense that malware like Nyetya and Wannacry both had unintended consequences once released either willfully for by accident. They broke out of their cages, their battle-spaces, and began to infect the populace globally. Instead of having some poor shmuck getting on a plane and infecting the world, we now have malware that is either scanning the net for clients to attack or being sent out and then forwarded by accident (or on purpose) by actors. Could some of the infection vectors and trajectories be chaff to obscure the real targets? Sure, but I think in these last two cases the attackers perhaps did not take into account the interconnectedness of the world today.

….Or that’s exactly what the counted on…

Anyway, those are my thoughts on the subject. We are at a crossroads where malware like this can cause headaches but in the end, the world did not end did it?

Did I miss it?

Damn.

EDIT: I also failed to mention that this attack took place one day before their Consitution Day, ya know that thing where they proclaim they are not a part of Russia. Mmmmmyeah…

Wednesday June 28 Constitution Day Marks the signing of the Constitution of Ukraine in 1996

K.

Written by Krypt3ia

2017/06/30 at 14:13

Active Measures

with 2 comments

191

I have been in a funk of late. Since the election I have been less and less inclined to write anything and when I have of late I have only seen it stolen by politico hacks and taken in directions that lean to the more salacious. Now as I sit here this last week seeing the headlines as leaks keep dripping out from the IC and elsewhere on the Putin/Money/Russia connections for several of Trumps inner circle I feel some perspective is in order. Many of the pundits and journalists are holding court on TV and on radio asking why Putin may have done all this and the answers have been been interesting and somewhat consistent. Those in the know, those who have lived in Russia or have studied the country and the leader have given a pretty good assessment of his mindset and his brand of nationalism. One of them today actually called Putin’s Russia “Neo Soviet” which I would agree with very much. He of course was relating that comment to the state media there and the propaganda control that Putin has over it as well as the methodology updates given to it.

I myself was there in Germany when the wall fell (got a piece here somewhere in the bat cave) and I had been to Russia briefly so I have a taste of what it was like then. I have also spent a lot of time reading the history of the era as well as having lived through it so all of this new “Cold War” talk makes me feel at home again and at the same time rather twitchy about the whole deal. Suffice to say though, the cold war never really ended with Putin’s ascension to power after Yeltsin, perestroika,  and Glastnost. Those who have not been paying attention, and those who fail to read about history need to open a book now and get a sense of what is playing out here today on the geopolitical sphere. This is an incredibly scary time with Trump in the White House and Bannon working the levers of power behind him. With that admonishment, I will ponder the angles here and maybe you all might get something out of it.

Assets and Useful Idiots

As the leaks keep coming out we are seeing more accusations of players within the Trump team of their having meetings with certain “intelligence” officials from Russia. That we have not heard names is vexing but here is another fun fact that will make it even more problematic. The salient fact is that many within the halls of power in the Putin kleptocracy also have intelligence backgrounds and this is something that Putin put into play himself by hiring on people that he could notionally trust or, more to the point, control. So when someone from Trumps team met with a Russian that they “thought” was just a business man or woman, may have in fact not only been a business person but also an asset for Putin and his services (GRU/SVR/FSB) So some of these people might be classified as “useful idiots” and by the vary nature of their so called communications or meetings, might have been unwitting assets for Putin’s Russia.

On the flip side of this there may be room for some of these players to have had “kompromat” used against them to make them more pliant to become an asset. This type of allegation has been made at least on Trump from the notes put together by Christopher Steele, the former MI6 case officer who has since gone underground after his notes were printed by Buzzfeed. Currently though, no one has come forth with a leak of intelligence saying that any of the six or so people around Trump (as of today) had been compromised by Russia. That is not to say that they haven’t been and one has to take this into account in trying to understand what may have played out with these contacts and meetings alleged to have been carried out as a means to an end.

Money: If these meetings took place the likely aegis behind this for many seems to be money in some way. Better relations with Russia, being in the inner circle of Trump should he win, would grant much more opportunity to make money right?

Access: Access to anyone within the inner circle of Trump would be something any country, person, or business would seek to curry right? In the case of the Russians desiring this access would be on the face of it the same. Additionally the access would also perhaps allow for chances of further access and kompromat too. This all would lead to the last point.

Control: Whether or not you have kompromat on the players and ultimately access to Trump (if there is no direct kompromat on him to start) then you are in a position to control your asset that is close to the president. Perhaps with this control you could seek means to affect policy, certainly with that conduit you would have a window into the inner workings of the highest office in the US so that is not bad too.

In all, these contacts with Russian case agents or assets of the Putin regime constitute a real problem for the US and as such they should be looked into fully to determine if there has been compromise to anyone near the president if not the president himself as some are claiming. Even had we not had all the hacking and active measures that we know happened in the run up to the election, I for one would be asking questions if my IC had information they were willing to commit to paper about connections between senior people in the campaign and Russian’s period. Now that all of this is coming out, it is kind of hard for me to countenance the Republicans resistance so far in calling for a fuller investigation of these reports. It seems partisan politics outweighs good conscience these days.

My final thoughts on the likelihood that there are Russian assets within the ranks of the inner circle at the White House is that on some levels these people, if they have been meeting with the Russians all this time, were talking about the campaign as well as what future state there would be regarding Russia and the US in a Trump administration. Whether or not there was kompromat or not, even at the lowest level the consciences of these people must have had the moral compass working enough to know that they were being used and or were part and party to manipulation. In as much as the players so far have been fired from the campaign before the election as well as lied to the VP and then tossed out (Flynn) concerning their connections to Russia and Russian assets of the intelligence community to me, kind of says a lot.

They know they were wrong. Enough to lie about it in order to hope to skate on this.

Were they plotting a soft coup of the US?

No. I don’t believe that really.

Where does that lead me? Well, that leads me to believe that there is room for investigation into this as well as room to question just how much connection Trump has to Russia as well. This plays to the whole money angle too. I am willing to bet he has a lot of Russian money and monies that came from intricate shell corporations that bespeak international players in the intelligence and crime worlds. Does this mean though that I think trump was a cutout Russian asset set to run for the White House?

No.

I just think that he was the quintessential “useful idiot” who had needs that Russia was willing to fill because they could use him. It was just added bonus that he had said he would run for office so many times over the years. This was a bid to hedge the Russian intelligence communities and Putin’s bets …And boy did it pay off. Though now that chicken is coming home to roost and Putin ain’t so happy anymore.

Goals

Right, so what were the goals with the active measures that Russia took against the election? Well, for that you have to look into how Putin thinks and boiled down, what Putin wants is to put Russia back into the seat of power it had both pre and during (a hybrid) the Soviet era. At the core Putin is a control freak and likes an ordered universe that he can control. So, when the Clinton’s were pissing him off by pushing the boundaries of Russia with NATO as well as what Putin saw as provocateur-ism in the Arab Spring and Maidan, well, he got pissed off. Ultimately then Putin sought to stop the momentum that the US may have fomented elsewhere in the world and would have continued doing had it not been for the new autocratic and nationalist notions that Trump has for the US in his administration. Though it is thought that Putin did not think Trump had a chance to win (someday we will have the conversation again about hacking the vote, but not now) it would have served Putin’s raison d’être to cause as much static and instability as he could in our system to benefit him.

The hacks on the DNC were just one level of play that we saw because it was blasted out by Wikileaks. The successions of leaks, trolls, fake news, and the like caused a firestorm within the political system and the country. It exacerbated the problems already in situ with Tea Parties and the like and opened it all up to a coup of a sort for the Alex Jones’ of the world. If Putin had had a real sense of the outcome I think he may have peddled back a bit on the active measures because now in Russia no one talks about Trump anymore… Per order of Putin. You see, Trump is no longer an asset anymore …He has become an unstable liability. This is what happens when you elect someone like Trump and now we have to live with it for at least 4 years barring some spectacular flame out and impeachment.

Anyway, back to the goals here. I personally agree with the sowing of doubt and static to cause malaise theory that has been put forth. I also think that Putin is shrewd enough to have contingencies in mind. So if Trump had won he would have someone in office that he knew he could easily goad and or control with social engineering. By this I mean that there may in fact be kompromat on Trump and both these guys know it. Trump, may have money deals in Russia he would like to hide (those pesky IRS files) as well as having some low level compromising video of golden showers. Maybe there is just video of him (real or maybe edited) to make it look like Trump had a good time with the worlds best low class hookers in St. Petersburg! I guess time will tell but all of these things together and or apart could make Trump more maleable to sway from Russia right? All in all, this was well played by Russia and worked I think beyond their expectations. Frankly I think it is now bordering on complete blowback because Trump is so inconsistent and reactive that were he cornered he might become a little too random for the order loving Putin.

There is a win though for Putin that he will continue to play out in other elections. All of the movements toward nationalism in the US and other countries will free him up to act and attempt to get his Tsarist/Soviet greatness back. He will continue to push the borders in Ukraine and other places until he has more control over them and in the end, expands Russia back to what it was. This is his aegis, his love, and his end all be all.

Control.

Money.

Lands.

Greatness in the eyes of his people.

Future State

So where is all this heading? Well, I think that Putin will continue his conquest and games unfettered while the US is in the hands of Trump. The inward looking nature of what Trump seems to be putting out there will allow for Putin to do his thing and if there is compromise on the part of this administration it will be used to profit Putin. If the IC and Justice cannot make a solid case that there was collusion on the part of Trumps minions, then the balls are all in Putin’s favor and he will use them to the max …Provided he can actually control Trump with some modicum. If however, the IC and Justice come up with the goods though, we are about to be in the middle of an ever bigger shit storm than Watergate and Nixon frankly.

Imagine the fallout should the goods be presented that Trump in fact did have kompromat on him and acted as an agent of Russia? Imagine if he is just found to have been played by Russia and his people around him were tools of that manipulation? Both scenarios lead to a Putin win in that Trump and the US will be in turmoil and encased in political amber. All of this bodes ill for the country and our politics. It really was just a matter of time though in my opinion, after all, we did have the notion back in the day with the Manchurian Candidate but this …Wow. My only hope is that the partisanship can be breached long enough to get at the truth … But I don’t have too much hope on that unless it is forced on them by the FBI.

in the meantime… smoke em if you got em kids. It’s gonna be a bad time.

K.

Written by Krypt3ia

2017/03/02 at 19:03