Voices from Russia

Sunday, 19 March 2017

FBI and FSB May Be Chasing Same Gang of Cyber-Crooks

__________________________________

Editor:

Some made much of “Russians hacking Yahoo”. Now, you don’t hear as much about it. I’d say it’s because the Russian hackers ran a “roll-your-own” criminal enterprise… it wasn’t an official act by the FSB, after all. It just goes to show you that peevishly cutting contacts with someone for no good reason always ends badly. Both the USA and Russia have a common interest in catching cyber-crooks. Perhaps, we can return to sanity, God willing…

BMD

******

The naming of Dmitri Dokuchaev in both the Moscow cyber-arrests and the Yahoo suggests the USA and Russia may unwittingly be on the track of the same criminal gang. Earlier this year, reports appeared in the Russian media of a series of arrests of FSB officers and cyber-specialists, including Ruslan Stoyanov, an employee of Russia’s top cybersecurity company, Kaspersky Lab. Subsequently, it came out that some of them (at least) faced treason charges, for the case supposedly involved the USA, with Stoyanov supposedly charged with passing on Russian state secrets to Verigin, a US company. Following the arrests, numerous reports circulated speculating that these arrests were somehow connected to the hacking of John Podesta’s and the DNC’s computers. Some sections of the Western media made claims… strongly denied the Russia… that the individuals arrested were the ones who had carried out the hacking of John Podesta’s and the DNC’s computers. Others, rather more plausibly, speculated that those arrested were some of the informers who provided information to the USA that the US intelligence community used to support its claims of Russian responsibility for the Podesta and DNC hacks.

The case of the arrested FSB officers in Moscow has taken an extraordinary new twist with the US Department of Justice bringing charges against a group of four Russian cyber-criminals, who according to the US Department of Justice’s report, are being charged with:

the 2014 hack into the network of email provider Yahoo, the theft of information about at least 500 million Yahoo accounts and the use of that information to get the contents of accounts at Yahoo and other email providers.

What makes the Yahoo case interesting is that the Department of Justice is saying that two of the individuals charged are FSB officers. The Department of Justice identifies them as follows:

The defendants include two officers of the Russian Federal Security Service (FSB), an intelligence and law enforcement agency of the Russian Federation and two criminal hackers with whom they conspired to accomplish these intrusions. Dmitri Dokuchaev and Igor Sushchin, both FSB officers, protected, directed, facilitated, and paid criminal hackers to collect information through computer intrusions in the USA and elsewhere. They worked with co-conspirators Aleksei Belan and Karim Baratov to hack into computers of American companies providing email and internet-related services, to maintain unauthorised access to those computers, and to steal information, including information about users and the private contents of their accounts. The defendants targeted Yahoo accounts of Russian and US government officials, including cybersecurity, diplomatic, and military personnel. They also targeted Russian journalists; numerous employees of other providers whose networks the conspirators sought to exploit; and employees of financial services and other commercial entities.

Dmitri Dokuchaev, one of the FSB officers charged by the US Justice Department in the Yahoo hack, appears to be the same Dmitri Dokuchaev arrested in Moscow in the treason case, and whom the London Times described… obviously based on information obtained from British intelligence sources… as “a cyber-spy and former hacker”. The fact that the same man… Dmitri Dokuchaev… faces charges simultaneously in both cases, the one in Washington and the one in Moscow makes it at least possible that the two cases… the Yahoo case in Washington and the treason case in Moscow… are in some way connected, and may involve the same group of cyber-criminals. Importantly, the Department of Justice’s and the FBI’s claims about Dokuchaev and Sushchin, the two FSB officers charged in the Yahoo case, don’t necessarily point to them undertaking an intelligence operation on behalf of the Russian government. Though the wording isn’t completely clear, it isn’t inconsistent with Dokuchaev and Sushchin running a rogue operation for the purpose of self-enrichment. Here is what the Department of Justice report has to say about them:

Belan’s notorious criminal conduct and a pending Interpol Red Notice didn’t stop the FSB officers who, instead of detaining him, used him to break into Yahoo’s networks. Meanwhile, Belan used his relationship with the two FSB officers and his access to Yahoo to commit additional crimes to line his own pockets with money. For those not familiar with the FSB, it’s an intelligence and law enforcement agency and a successor to the USSR’s KGB. The FSB unit that the defendants worked for, the Centre for Information Security, AKA Center 18, is also the FBI’s point of contact in Moscow for cybercrime matters. The involvement and direction of FSB officers with law enforcement responsibilities makes this conduct that much more egregious. There are no free passes for foreign state-sponsored criminal behaviour.

This appears to suggest that the Department of Justice believes that Dokuchaev and Sushchin recruited Belan to carry out illegal hacks of US companies on behalf of the FSB and that Belan used the protection this gave him to carry out more illegal hacks to enrich himself and them. However, it’s equally or perhaps more likely that Dokuchaev and Sushchin were Belan’s accomplices in a series of crimes carried out on their own initiative. After all, it’s hardly unusual for criminals to enlist the services of corrupt law enforcement officers to help them carry out their crimes. Such a thing undoubtedly happens in Russia, just as it happens in most other places. What the FBI itself says about him strongly suggests that Dokuchaev (at least) was a corrupt FSB officer involved in a rogue operation. Here’s the information the FBI provided about his activities, which appeared in the Most Wanted Notice the FBI issued about him:

• Conspiring to Commit Computer Fraud and Abuse
• Accessing a Computer Without Authorisation for the Purpose of Commercial Advantage and Private Financial Gain
• Damaging a Computer Through the Transmission of Code and Commands
• Economic Espionage
• Theft of Trade Secrets
• Access Device Fraud
• Aggravated Identity Theft
• Wire Fraud

The words “purpose of commercial advantage and private financial gain” point clearly to a rogue criminal operation and not an official state-sponsored one. What the FBI has to say about Dokuchaev’s alleged accomplice Igor Sushchin in its Most Wanted Notice about him strongly suggests that the FBI’s knowledge of the case still has gaps:

Sushchin has Russian citizenship and is known to hold a Russian passport. Sushchin is alleged to be a Russian Federal Security Service (FSB) Officer of unknown rank. In addition to working for the FSB, he is alleged to have served as Head of Information Security for a Russian company, providing information about employees of that company to the FSB. He was last known to be in Moscow, Russia.

These comments about Sushchin cast doubt on whether Sushchin really is an FSB officer. The FBI says that Sushchin is simultaneously an officer of the FSB and the head of information security at a Russian company. Moonlighting in the private sector was a common practice for FSB officers in the chaotic 1990s. It’s hardly conceivable today. It seems more likely that Sushchin is head of information security for a Russian company, but that because of his relationship with Dokuchaev, the FBI supposes him to be an FSB officer. Its Most Wanted Notice about Sushchin shows that the FBI doesn’t know that Sushchin actually is an FSB officer. It merely guesses he is, and on the facts that the FBI itself provides, it’s probably wrong. To add to the uncertainty there is a question mark about Dokuchaev’s own role within the FSB. According to reports in Russia, Dokuchaev isn’t a conventional FSB officer at all, but he’s rather a notorious former hacker and cyber-criminal blackmailed by the FSB into working for them. Here is what the Moscow-based Moscow Times has to say about him:

Major Dmitri Dokuchaev, one of four cyber-security experts arrested by the Kremlin on charges of treason, has allegedly been revealed as an infamous Russian hacker. Dokuchaev worked as a hacker under the alias “Forb” until Russia’s Federal Security Service (FSB) threatened to jail him, an unverified source told the RBC newspaper. “Forb” gave an interview to the Russian newspaper Vedomosti in 2004, revealing that he specialised in “hacking on request” and stealing money from bank cards… an occupation which he said could earn him anywhere between 5,000 to 30,000 USD (286,100 to 1.717 million Roubles. 34,540 to 207,250 Renminbi. 327,390 to 1.965 million INR. 6,669 to 40,010 CAD. 6,502 to 39,010 AUD. 4,650 to 27,900 Euros. 4,033 to 24,200 UK Pounds) a month. He also claimed that he had carried out a successful attack on US government infrastructure. The FSB ultimately traced Dokuchaev to the card thefts, and threatened to prosecute the hacker unless he agreed to work for the agency, the source alleged.

If what the Moscow Times article says is true (and the story looks well-sourced) then Dokuchaev’s criminal past makes it even more plausible that what he engaged in was a rogue criminal operation not officially sanctioned by the FSB. Recruiting a notorious cyber-criminal to track down other cyber-criminals is a strange idea, but hardly unique in the world of law-enforcement. Possibly the FSB, lacking its own trained cyber-specialists as a result of the crisis of the 1990s, looked to people like Dokuchaev to fill its ranks quickly. If so, then, this has now come back to bite it, with another FSB officer… Sergei Mikhailov, the deputy head of the FSB’s security information centre (the FSB department for which the US Justice Department says Dokuchaev worked), who may have been Dokuchaev’s superior and line manager… seemingly also implicated in Dokuchaev’s activities.

This is a tangled web. However, if we put together what is known about the case in Moscow with what is now known about the case in Washington, then, it’s at least possible that this is a case of two parallel investigations into the activities of the same gang.  Belan and Dokuchaev would presumably be the ringleaders, but it seems that Dokuchaev succeeded in involving at least one other person (Mikhailov) within the FSB as well. Supporting the theory that the treason case in Moscow and the Yahoo case in Washington are the products of two parallel investigations into the activities of the same gang, is a report carried by TASS of the comments of a lawyer familiar with the Moscow case.  The lawyer reportedly said the following:

The CIA isn’t mentioned in the case. Only the country is mentioned. Yes, the talk is about America, not about the CIA.

When I previously discussed this comment in an article written on 2 February 2017, I assumed it referred to the passing of classified information to the US intelligence community, if not to the CIA itself. I overlooked the fact that the lawyer’s comment has no hint of this. Instead, the lawyer merely said, “the talk is about America”. His words are equally consistent with data theft from the USA as with information transfer to the USA. It’s likely that both took place. If the cases in Moscow and Washington involve the activities of the same gang of cyber-criminals, then, it seems that they were equally happy to steal information from the USA and to steal information from Russia and sell it to the USA. That would explain the claim about the passing of classified information to Verigin, with which Stoyanov is charged, which is presumably what lies behind the treason charges. However, in any case, the motive for the gang’s activities would have been the same… the classic criminal one… to make money. As it happens, the US Justice Department confirmed in its report the fact that the gang was targeting Russians as well as Americans:

The defendants targeted Yahoo accounts of Russian and US government officials, including cybersecurity, diplomatic, and military personnel. They also targeted Russian journalists; numerous employees of other providers whose networks the conspirators sought to exploit; and employees of financial services and other commercial entities.

Much is murky about this affair. Although the known facts do suggest that the arrests in Moscow and the charges in Washington concern the same gang or at least the same people, that isn’t yet absolutely certain, and it could be that Dokuchaev, who figures so prominently in both cases, spread his net wide and involved more than one gang in his activities. However, if the two cases do involve the same gang, then, unfortunately, it’s all too clear from the information trickling out of both Washington and Moscow that the relevant law enforcement agencies of the USA and Russia aren’t cooperating with each other and are completely uninformed and possibly even unaware of each other’s investigations. If so, then, that’s regrettable, since it can only increase the chance that the two investigations would work against each other and at cross-purposes, as in fact actually seems to be the case.

At this point, however, one can make a few points with confidence. Firstly, it’s clear that the Moscow arrests have absolutely nothing to do with the hacking of the computers of John Podesta and the DNC. The case in Moscow is a criminal investigation into the activities of a gang of cyber-criminals, who practised criminal activity for financial gain. They may be and probably are the same gang the US Justice Department and the FBI say is behind the Yahoo hack. Regardless, all the stories claiming that the Moscow case somehow has connections to the DNC and Podesta leaks are wrong. Secondly, the claims in the Russian media that the arrests in Moscow had something to do with the Shaltay Boltai hacking group are also clearly wrong. In that case, the confusion is understandable. It seems there’s a wholly separate investigation into the Shaltay Boltai group going on as well. Unsurprisingly, some journalists in Moscow have confused the two, failing to realise that they are two wholly distinct investigations into two different groups of people. Thirdly, if the investigations in Washington and Moscow are, indeed, parallel investigations into the activities of the same gang, then, this shows the huge damage done by the severing of contacts between the US and Russian law enforcement agencies carried out by the Obama administration.

Instead of pooling information to track down and prosecute the same gang of cyber-criminals, they’re conducting two wholly separate and rival investigations in two different countries, which quite possibly involve the same gang. The result is that neither investigation is getting all the facts. Worse, the potential for conflict and misunderstanding between Washington and Moscow increased. Both Washington and Moscow seem to be convinced that what looks to be the same gang was working for the intelligence agencies of the other side. The result is that the USA and Russia are blaming each other for the gang’s activities whilst protesting… correctly… their own innocence.

Perhaps, one day, if Trump finally comes through with his proposed détente with Russia, we’d avoid this sort of muddle and recrimination. If so, then, coöperation between the law enforcement agencies of the two countries would be a further important step in reducing misunderstandings and improving relations. However, until that happens, the sort of confusion, misunderstanding, and exchange of blame and recriminations we’re now seeing will continue unabated.

17 March 2017

Alexander Mercouris

The Duran

http://theduran.com/moscow-cyber-arrests-yahoo-hack/

Saturday, 15 October 2016

Ambassador to the USA Kislyak sez Moscow has no Legal or Moral Grounds for Snowden’s Extradition

00 Edward Snowden. 26.10.13

____________________________________

Ambassador to the USA Sergei Kislyak said that Edward Snowden’s extradition to the USA is impossible on “legal and moral” grounds. Speaking in the wake of the WikiLeaks ‘Podesta emails’ revelations, he also denied Russian interference in US internal affairs:

When Mr Snowden got stuck at a Russian airport, we didn’t have any legal or moral reasons to give him to the government of the United States, for the very simple reason that we don’t have an agreement for mutual extradition, because the USA refused to have one with us.

On Tuesday, Kislyak was at Johns Hopkins University to talk about “what Russia is and what it’s not”… he also acknowledged the “very unfortunate” relations between Moscow and Washington. Snowden’s asylum in Russia, where he arrived in 2013 after leaking documents related to the NSA’s foreign and domestic surveillance operations, hit Russian-American relations, signalling a major setback. Followed by the conflict in the Ukraine and the continuing disagreement over Syria, bilateral ties reached new lows. Most recently, during the US election campaign, voices in Washington blamed Russia for hacking attacks on its computer systems. On Friday, the Obama administration officially accused Russia of directing the hacks of emails and documents and their posting on WikiLeaks and DCLeaks. On Sunday, Hillary Clinton blamed Moscow for trying to interfere in the US election process. In his opening remarks, Kislyak said:

I’d also like to say that we are watching very carefully the election campaign in this country. Yes, we do and no, I’m not going to comment on this, because we don’t interfere into internal affairs of the United States, neither by my statement nor by electronic and other means.

Referring to hacking accusations, he said:

It’s not correct. We’ve seen a number of statements by our colleagues in American intelligence on a number of issues that weren’t exactly proved by the history. I won’t speculate further.

White House spokesman John Earnest told reporters that regardless of Russia’s denial and lack of factual evidence, the Obama Administration is weighing a “proportional response”. He added that whatever Barack Obama decides on, they wouldn’t announce it in advance and might never disclose it. Earnest said:

It’s certainly possible that the president can choose response options that we never announce.

12 October 2016

RT

https://www.rt.com/news/362449-russia-extradite-snowden-hacking/

Editor:

The arrogance and vacuity of the Duopoly now regnant in Washington is apparent to all comers. “Whatever Barack Obama decides on, they wouldn’t announce it in advance and might never disclose it”. Well… dog my cat, as the great philosopher Jed Clampett said. Everyone has to kiss America’s ass, eat its shit, and like it. There was a short window in the nineties when that was true… it isn’t true today. Clinton, Johnson, and Trump are all sleepwalking in the 90s Bizarro World… only Jill Stein isn’t.

Vote for the only sane candidate. The other three are puppets of the oligarchs… furthermore, they’re stuck in a timewarp… America the Great… America the Great… they believe their own mantra. God have mercy on us all.

BMD

Saturday, 20 August 2016

“Weapons Better Than Stuxnet”: NSA Spies Get Hacked

00 computer keyboard 200816

______________________________

Someone hacked the US National Security Agency, considered the world’s most advanced electronic espionage and surveillance group. An anonymous group of hackers calling itself the Shadow Brokers said that it breached the networks of the world’s most advanced spying agency, the NSA. On Monday, the hacker group claimed that it extracted software used by the NSA to hack computers and networks belonging to governments and corporations, including Cisco Systems and Fortinet Inc. The Shadow Brokers released a bit of the captured data (some 300 MB) on the web to prove their claim. Security experts analysed the files and agreed that the software is authentic. Curiously, the hackers put the rest of the software on an online auction, aiming to collect 1 billion USD (63.9 billion Roubles. 6.62 billion Renminbi. 67.14 billion INR. 1.286 billion CAD. 1.312 billion AUD. 883 million Euros. 765 million UK Pounds) in bitcoins. They claim that the package has software “weapons better than Stuxnet”, a malicious worm that caused significant damage to computer networks serving the Iranian nuclear programme. When the online auction raises one million bitcoins (some 568 million USD (36.3 billion Roubles. 3.76 billion Renminbi. 38.14 billion INR. 730 million CAD. 745 million AUD. 502 million Euros. 435 million UK Pounds)), the group says that it’d release another chunk of software to the public free of charge. The group claims that it successfully hacked the NSA’s Equation Group division. Moscow-based software security group Kaspersky Lab first announced the Equation Group’s existence in 2015. Kaspersky called the Equation Group the most sophisticated cyber-attack group in the world, and “the most advanced… we have seen”. Whistleblower Edward Snowden provided documents that allowed the Intercept to confirm that the Equation Group has connections with the NSA.

The malware package is part of the NSA’s involvement in violating vulnerabilities in computer systems, which first became public in 2014, when President Barack Obama signed an order that government agencies must disclose discovered vulnerabilities to developers. However, according to Wired, this order had a major loophole, in that one can keep secret and exploit vulnerabilities that have “a clear national security or law enforcement” significance. This led to creating a massive arsenal of attack software, now in hands of unknown hackers. NSA-veteran-turned-whistleblower William Binney told Sputnik’s Loud & Clear that the Agency “has a tendency not to fix things”, as once they report a vulnerability, “this window is closed for them and they can’t see through it”. Binney thought that this particular attack was likely an inside job. He stated that the NSA network isn’t physically part of the internet, so someone inside the NSA, “another Snowden-type person”, must have compromised the software and handled it over to the Shadow Brokers. If that isn’t the case, and if the internal network was, in fact, breached from the outside, “the implications are much, much greater in terms of compromising information and data than simply [someone] draining their exploitation software”. Binney also underscored the clear and present danger that, should the offensive software fall into hands of foreign specialists, it could be reverse-engineered, updated, and used for attacks even after they patch the exposed vulnerabilities. Binney believes that Iran is already studying Stuxnet, seeking to reverse engineer and upgrade it, to use it in its own interests.

Edward Snowden suggested that Russia is behind Shadow Brokers, tweeting, “Circumstantial evidence and conventional wisdom indicates Russian responsibility”. James A Lewis, of the Center for Strategic and International Studies, added to his comments, suggesting that the NSA dump is “some Russian mind game”. Snowden observed:

The NSA leak is likely a warning that someone can prove US responsibility for any attacks that originated from this [NSA] malware server. That could have significant foreign policy consequences. Particularly, if any of those operations targeted US allies.

Thus, a simple hack balloons from being a cyber-security issue to, possibly, becoming a full-scale foreign policy crisis.

20 August 2016

Sputnik International

http://sputniknews.com/us/20160820/1044450599/nsa-hacked-shadow-brokers-malware.html

Wednesday, 17 August 2016

Snowden Believes that Russian Hackers Could be Behind Cyberattack on NSA Website

00 edward snowden 170816

______________________________

A statement on his official Twitter page stated that former US intelligence agent Edward Snowden said that Russian hackers could be behind the cyberattack on the US National Security Agency (NSA) website. Earlier reports said that the NSA website was down for almost a day after a hacker attack, but it was back up and running by Tuesday evening. Media sources noted that the DDOS attack occurred “a few hours after the mysterious Shadow Brokers Group announced the theft of cyberweapons from Equation Group… an extensive group of hackers, presumably related to the NSA”. Stolen Shadow Brokers data already is appearing on the internet. Snowden tweeted:

Why did they do it? No one knows, but I suspect this is more diplomacy than intelligence, related to the escalation around the DNC hack. Circumstantial evidence and conventional wisdom indicates Russian responsibility.

Snowden thinks that the hackers went to an unusual step to demonstrate that they have at their disposal tools and programs used by NSA employees to break into computers. This may be a signal that they’re ready to prove American responsibility for a series of cyberattacks. The consequences of such applications will be particularly noticeable if they can show American involvement in cyberactions against their own allies and cyberactions connected with the current election. Snowden believes that the hackers acted for diplomatic purposes and not for intelligence, and that the attack could have links to the scandal over the leak of US Democratic Party emails.

17 August 2016

RIA Novosti

http://ria.ru/world/20160817/1474539463.html

Editor:

The meaning of this is clear. “We know what you’re doing, how you’re doing it, and why you’re doing it”. In short, if Washington doesn’t fly right, Moscow will expose how the Yanks are messing with their own allies and how certain elements in the USA are messing with the election. Common wisdom has it that there’s a cyberwar going on now… the Russian geeks are winning it. For the Yanks, it’s just a game… for the Russians, it’s sheer survival… such tends to concentrate the mind wonderfully and buck up one’s motivation and resolve.

By the way, as a condition of his staying in Russia, Snowden has to promise to do nothing to harm the USA… the Corporate Media didn’t tell you that, did they? My sources tell me that he’s hanging out with Russian geeks and doing all sorts of neat cyberstuff. In short, he’s in Geek Heaven…

BMD

Next Page »

Blog at WordPress.com.