Where’s the Russia-Ukraine Cyberwar?

It has been interesting to notice how unimportant and ineffective cyber operations have been in the Russia-Ukraine war. Russia launched a wiper against Ukraine at the beginning, but it was found and neutered. Near as I can tell, the only thing that worked was the disabling of regional KA-SAT SATCOM terminals.

It’s probably too early to reach any conclusions, but people are starting to write about this, with varying theories.

I want to write about this, too, but I’m waiting for things to progress more.

EDITED TO ADD (3/12): Two additional takes.

EDITED TO ADD (3/22): Thomas Rid comments

Tags: , ,

Posted on March 10, 2022 at 6:06 AM143 Comments

Comments

Joe Somethingorother March 10, 2022 7:33 AM

I’ve heard rumors that Russia is preparing to cut itself off from the wider internet. If so, they would probably burn down everything that they could outside their boundaries afterwards. Given their treatment of hospitals and refugees, it would not be out of character for them.

dvv March 10, 2022 7:51 AM

Cutting Russian users (both end users and ISPs) from payment systems (pretty much done), blocking Russian traffic on the backbone level (work in progress), eventually cutting fiber coming in from Russia are far more devastating measures than any of these childish games.

Ted March 10, 2022 8:09 AM

Yeah, it seems like info ops have been more notable than cyberwar so far. There were some early intelligence revelations from the West to debunk Putin’s reasons for war. We’ve had reports of more severe Russian internal info restrictions. And for what may be a first for many, we’ve seen lots of real-time, and often on-the-scene, updates on the war on social media and in the news elsewhere.

Jacob Oakley March 10, 2022 8:44 AM

Maybe it is because the ‘cyber warfighting domain’ isn’t available to enable effects to / from the attackers and targets. Especially once a conflict goes hot and the targeted side knows it should probably air-gap anything needed for warfighting where possible.

Despite sensationalism of terms like cyber war and cyber weapons, those things are not as realistic or strategically dependable as their names would entail when it comes to actual warfare.

Peter A. March 10, 2022 8:48 AM

I run my own private[1] “cloud” servers on rented virtual machines in a few distinct places for diversity. The Moscow one is still up and running, so I can report that Russia has not cut the fibers yet (and OpenVPN traffic is not being filtered out).

@Everyone: do you have any ideas for somewhat safe harbors for data and services? Low grade VPS up to $10/mo. I may need to reconsider my choices, at least partially.

[1] As in “paid and controlled by me”. I do not expect much privacy for the data I store there (unless encrypted). At least it is some hope I don’t get routinely data-raped by G….e at al.

Winter March 10, 2022 9:02 AM

As our host already wrote in 2010:

The Threat of Cyberwar Has Been Grossly Exaggerated
ht-tps://www.schneier.com/blog/archives/2010/07/the_threat_of_c.html

I remember earlier contributions about all kinds of movie-plot threats with biological or chemical weapons that concluded that artillery still trumps any such fancy movie-plot weapons.

&ers🇺🇦 March 10, 2022 9:20 AM

@Peter A

Even if you are Russian citizen, there are a lot of options.
For example – in Baltics hosters accept cryptocurrency.
As long as you are not doing anything criminal, you have
a safe harbor there.

I know for a fact that several Russian programmers moved
their VPS’s to Baltics and they pay in BTC. But i won’t give
you any specific company, do your research.

Davo March 10, 2022 9:34 AM

Read yesterday that some Ukrainian border control computers were hacked and wiped. Something about the Hungarian and Romanian border areas. Think the source was reputable. Ars something.

dvv March 10, 2022 9:34 AM

@&ers🇺🇦 It’s kinda hard to use BTC when you have to buy it first with your bank card.

ATN March 10, 2022 9:38 AM

Not much move on the cryptocurrency market either, no big buy or sell.
Either Bitcoin or “anonymous” coins like Monero / Dash / Zec are approx at the same value.

Winter March 10, 2022 9:38 AM

Or maybe, it is like Y2k, where there was no disaster, because people had cleaned up all the code in time?

The secret US mission to bolster Ukraine’s cyber defenses ahead of Russia’s invasion
Throughout 2021, US soldiers, experts worked to thwart an expected Russian cyber attack.
ht-tps://arstechnica.com/information-technology/2022/03/the-secret-us-mission-to-bolster-ukraines-cyber-defences-ahead-of-russias-invasion/

In the Ukrainian Railways, the team of American soldiers and civilians found and cleaned up one particularly pernicious type of malware, which cyber security experts dub “wiperware”—disabling entire computer networks simply by deleting crucial files on command.

A similar malware went undetected within the border police, and last week, as hundreds of thousands of Ukrainian women and children tried to leave the country, computers at the crossing to Romania were disabled, adding to the chaos, according to people familiar with the matter.

On the last weekend in February, the Ukrainian national police, alongside other Ukrainian government arms, were facing a massive onslaught of “distributed denial-of-service attacks” (DDoS), which are relatively unsophisticated attacks that take down networks by flooding them with demands for small amounts of data from a large number of computers.

Within hours, the Americans had contacted Fortinet, a California cyber security group that sells a “virtual machine” designed to counter just such an attack.

&ers🇺🇦 March 10, 2022 9:45 AM

@dvv

“It’s kinda hard to use BTC when you have to buy it first with your bank card.”

What?

You can freely buy BTC in Rubles. Domestic bank cards work
in Russia and there’s a lot of sellers that DO sell in Rubles.

It is clear that you do not have any information about Russia.

dvv March 10, 2022 9:52 AM

@&ers🇺🇦 Care to share any of those BTC sellers who accept Sberbank cards? Thanks!

PalDubee March 10, 2022 10:18 AM

From “threat post”:

Russian APTs Furiously Phish Ukraine – Google

“While Russia is fighting a physical war on the ground against Ukraine, advanced persistent threat (APT) groups affiliated with or backing Vladimir Putin’s government are ramping up phishing and other attacks against Ukrainian and European targets in cyberspace, Google is warning.”

More here: https://threatpost.com/russian-apts-phishing-ukraine-google/178819/

JonKnowsNothing March 10, 2022 10:50 AM

@ Winter

re: Or maybe, it is like Y2k, where there was no disaster, because people had cleaned up all the code in time?

There are always zero-days available, no shortages on that point.

It’s possible that people haven’t really identified what would be the target of “cyber warfare”.

  • Social Media? Streaming Movies? Round-the-Clock-Circular-News?

These items might be of interest to civilians but are not really useful military targets other than as propaganda drivers. Pre-Tech propaganda wars went along just fine with pen and paper, so I would think, it would be the same Tech wise.

Military targets are divided into 2 categories:

  • Military Infrastructure
  • Civilian Support Systems

The only recent news headline on the military front was “power being cut to Chernobyl but it was All OK”.

The Civilian Support Systems (this is both the means of production and the labor to produce it) is sustaining significant damage as is. Reports that 50% of Kyiv have evacuated means that 50% of the potential labor force is gone. If people are not in the factories and offices and running things at pre-Conflict levels then the whole chain slows down. It may not be necessary to inflict more than physical damage.

This is not to trivialize or minimize what’s happening in UKR but to highlight that “cyber warfare” isn’t very well defined.

fwiw: A few days ago one of those auto-ai/ml images popped up on my page showing significant damage to parts of a city. In the background the BIG POWER LINES are still standing….

  “You might very well think that; I couldn’t possibly comment”.

DK March 10, 2022 10:53 AM

Once they’re off our internet and supposedly out of the computer, what’s keeping them from using their submarines to cut other countries’ undersea cables? I’m all for excluding them from everything modern for now, but once we do they’re just further in the “nothing to lose” corner.

So I’m also for welcoming Russia back if they ever manage to jail their kleptocrats and hold free and fair elections. I hope someday UN Security Council membership will be periodic renewal based and legitimate regular and peaceful transfer of power is one of the criteria for renewal.

JonKnowsNothing March 10, 2022 11:16 AM

@DK

re: Once they’re off our internet and supposedly out of the computer, what’s keeping them from using their submarines to cut other countries’ undersea cables

There’s nothing stopping any one from doing that now and it’s quite likely those periodic “cable snaps” have some human intervention aspects and are not just wave action.

Any country with remote/robotic/unmanned subs can tap the cables. It’s much more useful to mine the cables for data than to snap them.

A point to consider:

Not that many years ago, the USA had an “ignore mainland China” policy. 20% of the global population and enormous land mass was “non-existent”.

Running the same policy over 12 time zones isn’t going to be any better.

Clive Robinson March 10, 2022 11:20 AM

@ Bruce, ALL,

It has been interesting to notice how unimportant and ineffective cyber operations have been in the Russia-Ukraine war.

Because people do not understand warfare.

For thousands of years warfare for the agressor has been about the taking, subduing and subjugation of foreign territory.

Put simply in modern parlance it’s about “Boots on the ground”.

All of this naval-warfare, air-warfare, space-warfare, information-warfare and cyber-warfare, is not “boots on the ground”. Though they may well have an effect.

It’s said that “An army marches on it’s stomach” and whilst not strictly true, an army is dead in the water without resupply and rearmament. Which is what logistics are all about. Disrupt those and no matter how big and well trained and motivated an army is, it is going to rapidly become ineffective.

But also a large army generally needs significant intelligence as to the activities of the opposing forces are.

So cyber-attacks and similar whilst not changing body count as such does effect an armies effectiveness. So the primary targets for cyber-weapons should be,

1, Military Logistics and Support.
2, Military Intelligence gathering.

What you should not be bothering with is attacking Civilian cyber targets as that will have little or no effect once hostilities have started (plain warfare will produce much more disruption to the civillian populous).

The other issue is that the agressor is very much at a disadvantage where cyber-warfare is concerned as they are the ones with the greatest need for logistics and intelligence. They are also due to large force size and not being on home ground at the greatest disadvantage of disruption by any kind of cyber-warfare.

The home defending forces get maximum benifit by deploying for maximal asymetric warfare. That is many small fleet of foot forces that take out targets of opportunity such as senior field and staff officers of the aggressor forces. Likewise their supply chains and inteligence gathering. They “hit and run” even if one group is lost there are many others doing similar activities.

As the defending forces have very short supply lines and their troups will get civilian support by word of mouth or even hand carried messages the agressor forces can easily be denied both intelligence and logistics with their long supply lines getting disrupted significantly.

So whilst I would not expect Russia’s cyber attacks to be effective, I would expect the right types of cyber-attacks against Russia and more importantly it’s citizens to work. Even if it is just “white propaganda” and disruption of civilian infrastructure, finance and importantly food etc supply lines.

So if you want to see the effectiveness of cyber-warfare, look at what effect it has on the agressor –Russia– not the defender (Ukraine).

Denton Scratch March 10, 2022 11:55 AM

1, Military Logistics and Support.

Agree.

There’s a pyramid:

  • Strategy: Why are we fighting in the first place?
  • Operations: How do I move and supply my forces, and concentrate them for battle?
  • Tactics: How do I fight a battle?

Operations (including logistics) is the step that seems susceptible to electronic interference. It seems to me that the aggressor is the force that is more dependent on logistics.

This blog is a rabbit-hole, down which I seem to have disappeared:

https://acoup.blog/2022/03/03/collections-how-the-weak-can-win-a-primer-on-protracted-war/

Winter March 10, 2022 12:16 PM

What if, the Russian cyber threat is like their glorious army in this war? A 900,000 strong fully armed force is held back by a 200,000 standing army with much less armour and firepower. All due to bad tactics, bad morale, bad execution, and bad maintenance.

Also, remember that Russia is a “superpower” with a total economy smaller than that of Canada or South Korea. Russia does not have a thriving economy and it’s industrial base is small, as most of the GDP is earned from selling raw materials and energy to foreigners.

Russia is a badly organized and corrupt society. Why should their cyber threat be any different? It is an effective criminal organization, but that does not mean it is also an effective force of war.

Case in point: Their inability to learn from past mistakes in propaganda.

The Internet Is Debunking Russian War Propaganda in Real Time
ht-tps://www.vice.com/en/article/7kb75e/the-internet-is-debunking-russian-war-propaganda-in-real-time

He said it’s been odd to watch Russia’s narratives be so thoroughly destroyed so quickly. “Somehow, even though they’ve been doing this for years and they’ve seen how open-source investigators pick apart this kind of evidence, they’ve learned no lessons from it. In fact, they’ve even become worse,” he said. “I’m triple checking, just because it’s so ridiculous. It’s like they’re creating forgeries and then giving away the blueprint of the forgery along with the forgery itself.”

Tatütata March 10, 2022 1:01 PM

[For some unfathomable reason my post got flushed out. WHY? I’m trying again, with the URL prefixes deleted]

The GPS spoofing incidents over the Black Sea discussed here around 2017 take a whole new complexion now.

I have been on the lookout for reports of electronic warfare on that theatre, but haven’t seen yet anything amounting to anything more than speculation.

GPS World, 17 February: “Russian military doctrine assumes GLONASS and other GNSS will not be available once a battle begins, so will instead turn to Loran-C for navigation”

gpsworld.com/russia-expected-to-ditch-glonass-for-loran-in-ukraine-invasion/

(Do they have that many Loran-C receivers lying around? From the pictures of captured equipment, the general quality of the military electronics doesn’t seem that impressive, with the probable exception of radar. Will this conflict revive western Loran-E projects?)

GPS World, 24 February: “In mid-November, Russia destroyed a retired satellite with a ground-based anti-satellite (ASAT) weapon. […] Two weeks later, Russia followed up the ASAT demonstration with the boast that they could destroy all 32 Global Positioning System satellites at once, blinding the U.S. and NATO.”
gpsworld.com/when-will-russia-attack-gps-interview-with-former-cia-analyst-george-bebee/

The claim is made that Russians possess a ground-based weapon capable of destroying orbiting satellites. That would be a huge feat, as this was precisely the SDI “Star Wars” fantasy peddled under the Raygun administration. IIRC, at least some of the mildly successful ICBM destruction tests (stationary and incoming) had been faked.

I wouldn’t exclude that a firecracker placed on some old bird was triggered, in order to support the claim to the existence of alleged new secret weapons. The date of the test isn’t that long before the war, er, invasion, er, police action, er special whatever. OTOH, GPS satellites literally broadcast their position, so setting aside the question of atmospheric turbulence, the pointing is partially solved.

Ted March 10, 2022 1:02 PM

Had you all mentioned this before?

Russian soldiers in Kharkiv can’t use their expensive Era cryptophones because their own forces destroyed many 3G towers. The Era phones need 3G/4G. Some towers were replaced with stingrays. They resorted to using normal phones with local SIM cards.

Surprise, surprise… calls were supposedly intercepted. As of the writing of this article, these claims had yet to be verified. But war is ugly and messy. So certainly plans can crumble in unexpected ways.

The article also says that many telecommunications networks are being left intact so Russia can listen in or use the networks themselves. The civilian and hospital bombings must just be for gratuitous terror. What a hellscape fit for a Russian tragedy.

https://uk.news.yahoo.com/russian-military-being-hacked-after-its-own-soldiers-destroy-3-g-internet-towers-104303881.html

Brad Templeton March 10, 2022 1:52 PM

To use a cyber-weapon is to reveal it and neuter it for future use. It could be they don’t wish to use their good stuff on Ukraine in case this escalates into something worse, which certainly is in their minds.

Dovydas March 10, 2022 1:58 PM

Is there anything to hack when all Russian communications is done on open channels?

SpaceLifeForm March 10, 2022 4:23 PM

@ Ted

You just need to think outside the box a bit and realize that you have answered your own question.

Research how stingray really works.

What is it’s most important feature besides intercept?

When you figure that out, then you will understand what is really going on.

Clive Robinson March 10, 2022 4:26 PM

@ Dovydas

Is there anything to hack when all Russian communications is done on open channels?

Yes “Russian minds” thus Moral.

As I keep pointing out, Russia’s forces could only take the Ukraine in an initial effectively surprise attack, but they certainly do not have the forces or economy to hold the Ukraine against those Ukranians determined not to come under the Russian thumb.

Long slow asymetric war is a killer for an invading force, they have no idea when and where they will be attacked, only that it is going to do significant damage, both physically and morally compared to the defenders input which is usually fairly minimal.

As an invading force, their only option geberally is to attack / terrorise the civilian population. As a general rule of thumb this does not work.

It’s clear Russia does not have the economic ability to,

1, Fight a protracted war.
2, Invest in a “hearts and minds” type action to get the civilians on their side.

To be blunt the average Ukranian family standard of living is well above that of a Russian family. So the Russian’s have nothing to offer Ukranians except oppression and early deaths (as is happening in Belarus).

Thus Putin is destined to fail.

Part of the issue, is the asymetric warfare that the Ukraine is using against the Russian’s is causing Russian commanders to behave irrationally. This gets seen by the world and attirudes against Russia harden and sanctions will be pushed harder, and the Russian civilians will suffer badly for “Putin’s Folly”.

Contrary to the “70% Support” figure banded about for the level of support Putin allegedly gets, that is the result of crooked elections.

His popularity such as it is is predicated on two things he has to deliver,

1, A “Strong Russia”.
2, A functioning Russian economy.

Putin has failed to deliver on either, but also they are in the near future of the next three decades or so effectively mutually exclusive.

So the question arises as to how Putin can stay in power untill he dies. Because if he falls from power he will almost certainly be dead shortly there after.

In practice Russia has a small industrial base, thus making weapons of war will to wage an extended war will have a crippling effect on Russia and it’s citizens. At some point something will have to give.

The problem for the West is how to not just get rid of Putin and his crooked cronies, but to stop the power vaccume draging in another set of crooks. This means the West has to start comming up with an “aid package” to get the Russian economy not just kick-started but ramped up to the point where the average Russian family has a standard of living with a 5-15% disposable income to start and keep going the “economic churn” that will make the Russian economy atleast as viable as those that can be found in other parts of Europe.

Clive Robinson March 10, 2022 4:58 PM

@ Tatütata, SpaceLifeForm, ALL,

Do they have that many Loran-C receivers lying around?

The simple answer is “not man-portable” ones like pocket Satellite navigation systems or mobile phones. They are all “vehicle mount”. Also whilst Loran style systems look good on maritime charts, they don’t look as good on land based maps… I won’t go into the rather dull and protracted details, but all Loran systems are effected by the conductivity of the ground under your feet and several wavelengths away. Water especially such as rivers and lakes effect the accuracy of Loran systems. And your “effective position” will change depending on the amount of water in a river… Which means you need well tested maps for Loran navigation. Whilst you can “computerise it” having an accurately surveyed map will at a glance give an experienced radio navigator a considerable amount of extra information.

As I’ve already mentioned in a reply to @SpaceLifeForm a week or so ago, the Russian system in that area is dependent on three fairly major transmitting stations in,

1, Belarus
2, Crimea
3, Russia.

All within range of Ukranian systems.

Now attacking either the Belarus or Russian transmitter stations would be taking hostile action in a foregin nation. Which could be argued as “a primary act of war”. However as far as the international community is concerned Crimea is Ukranian territory, thus attacking a Rusdian military site there would be part of a legitimate defensive action.

But “why bother?” back during WWII the British had an issue with German jamming signals. With a little sideways thinking it was realised that the German jammers, actually provided effective “Radio Navigation Aids”… Thus the decision was made that rather than attack them for minimal benifit, leave them alone and gain a major benifit…

As you note,

OTOH, GPS satellites literally broadcast their position, so setting aside the question of atmospheric turbulence, the pointing is partially solved.

The same logic applies to all emmissive radio navigation aids… So they actually work for both sides of a conflict…

Oh the Russian Global Navigation Satellites come equiped with “tri-corner reflectors” that you can shine a laser into. Thus as long as you know their orbital parameters they do not need to actively emit signals. But even so that still works for both sides.

JonKnowsNothing March 10, 2022 4:59 PM

@ Ted • March 10, 2022 1:02 PM

re: Had you all mentioned this before?
… soldiers … can’t use their expensive … because…

Happens quite often. Systems set to the wrong frequency, incompatible tech, broken gear, non-functioning gear.

iirc(badly) After the US War in Iraq the disaster capitalists descended as rebuilding the infrastructure was highly lucrative: all the oil money Iraq could generate. There was a problem with the “new” cellular towers the US wanted to build to replace the destroyed infrastructure.

There are different telecom systems in Europe, US and Japan (E1). There were 2 different signaling systems in use in the region: one compatible with Europe and the US version not compatible with anything outside the USA. The resulting USA structure was incompatible with nearly everything: phone calls to nowhere.

I don’t recall which protocols were involved and several years later these were all integrated into a single handset you could carry internationally and use if you could afford the international roaming charges.

Before the integration you needed 3 handsets to travel: USA, EU, Japan.

===

Search Terms

United States invasion of Grenada

  • Maps provided to soldiers on the ground were tourist maps on which military grid reference lines were drawn by hand to report locations of units and request artillery and aircraft fire support. They also did not show topography and were not marked with crucial positions. Navy ships providing naval gunfire and Marine, Air Force, and Navy fighter-bomber support aircraft providing close air support mistakenly killed American ground forces due to differences in charts and location coordinates, data, and methods of calling for fire support. Communications between services were also not compatible and hindered the coordination of operations. The landing strip was drawn by hand on the map given to some members of the invasion force.

T-carrier and E-carrier systems

SpaceLifeForm March 10, 2022 5:41 PM

@ &ers, MarkH, Winter, Clive, ALL

Scrap metal remains RU biggest export

Maybe Ukraine may need some tractor parts in a couple of months, because towing heavy stuff does put wear and tear on the tractor.

hx tps://nitter[.] net/Osinttechnical/status/1501993648141000705#m

Also for conversion purposes, 1 metric crap ton= 1.10231 US crap tons.

JonKnowsNothing March 10, 2022 5:45 PM

@Clive

re: the West has to start coming up with an “aid package” to get the Russian economy not just kick-started but ramped [to a sustainable level]

I am not sure that that the general population in any country is going to want to send an Eco-Aid Package to RU or BLR.

I am not sure how much the EU is going to want to fund the rebuilding of UKR either.

The only groups interested will be the disaster capitalists, world bank and IMF with the same sort of loan packages Greece got: enough to reduce the higher income levels of professional classes to base line and hold it there.

The “you don’t need to chain them if you can reduce them to periodic insolvency”.

There are a couple of caveats:

a) The cities are not the entire population. The villages have been dealing with the vagaries of modern times for oh, since modern times, previous modern times and legacy times.

b) The cities will demand the same levels of support they see in EU or as they had before. The USA method of rebuilding is to bulldoze-raze anything left standing and rebuild from scratch. It’s not compatible with “saving historical places or important monuments”.

I have no idea what P intends but it does not look like there is any intention at all to “occupy” much (except maybe the Eastern areas). It’s appears to be more economic damage. Wreck as much as you can, as fast as you can, then make the EU pay to rebuild it.

Winning Wars and Losing Wars can happen post violence: treaties, reparations, sanctions (time table for lifting), trade, labor, material, political changes and restitution of confiscated property. (1)

===

1) There are existing remedies in the UN, World Courts about seizure of property, goods and money. These are common targets in periods of conflict or on substantial political changes.

The USA has a long standing complaint against Cuba over the seizure of US company owned property & factories (among other complaints). It’s one of the basis for the US continued embargo against Cuba.

Even events from long ago can still rise to these claims.

There is a current case in the US+SCOTUS over the ownership of a painting taken during WW2. The issue is the painting is held by a museum in Spain. Spanish laws on this painting are that if items taken in WW2 are not claimed in 6 years, the owner gets “clean title”. So the painting belongs to the museum as the owner+survivors+descendants did not file a claim in time, even though they did not know that the paint was held by the museum until recently (there are another ~40 missing paintings).

The descendants have filed a claim in the US California. In the USA there is no method to obtain clear title for a stolen-fenced item.

SCOTUS will determine if US Law will prevail or Spanish law.

Either way, don’t expect the painting to leave Spain any time soon, unless the parties agree on a financial exchange.

There are still open claims on seized property in EU from WW2. Some EU countries are moving to end the potential claims. Some countries will move to a financial compensation plan instead of physical restoration.

JonKnowsNothing March 10, 2022 5:53 PM

@ SpaceLifeForm, @ &ers, MarkH, Winter, Clive, ALL

re: Scrap metal remains RU biggest export

Maybe Ukraine may need some tractor parts in a couple of month

There are probably a good number of US Farmers who would take it in a flash. The US Tractor industry is full of “computer automated gear” that breaks faster than Pacman Eats Dots. (1)

The US Tractor Industry has stopped providing much for older tractors that still actually work. A fair few farmers are handy with welding torches and can get that stuff working on their old gear PDQ.

===

1) no right to repair the mechanical parts and no way to fix the buggy code either

Ted March 10, 2022 10:16 PM

@SpaceLifeForm

What is it’s most important feature besides intercept?

You got me. What’s the answer?

FYI… the US Intelligence Directors, including Cyber Command’s Paul Nakasone, testified at a Senate hearing today. It was an annual threat assessment that included Russia and Ukraine.

Gen. Nakasone said they’ve only seen 3 or 4 cyberattacks so far, but we’re only 15 days in. He said they had done a lot of prep work to harden Ukraine’s infrastructure before the invasion. They are of course staying vigilant.

Also, Russia is being hit harder with sanctions than it expected, but the IC isn’t worried about cryptocurrencies being used to avoid sanctions. Even China is hesitant to support Russia. China and tech competitiveness are still top priorities.

Clive Robinson March 11, 2022 12:32 AM

@ Ted, SpaceLifeForm,

You got me. What’s the answer?

Stingrays can be used in two ways, firstly “passively” or surveillance mode to just record “signals heard” which makes it little more than a very expensive “radio test set and computer”[1]. The problem is that anything above 2G was beyond the original Stingrays capabilities, which ment it’s mostly not used in the surveillance mode.

The second way is in “active” mode where it acts like a small cell tower system. Basically where the Stingray puts out a sufficiently strong enough “control channel” that the mobile phone will disconnect from the current cell site it is connected to and jump to the Stingray. The stingray then forced the mobile phone to “fall back” to 2G mode…

Well, to “intercept a call” the Stingray needs to be in “active” mode, and importantly be able to “route the call” which means “it needs a backhaul” for starters.

Which also means the stingray also needs to be a part of the “telephone network” which in turn means it’s traceable.

Which is maybe what @SpaceLifeForm is ginting at.

Anyway have a read of,

https://en.m.wikipedia.org/wiki/Stingray_phone_tracker

Or if you can find them, the PDF’s of the “Oh so super secret” Harris Corp manuals that have appeared online from time to time.

[1] Stingrays can actually be used as Radio Test Sets in passive mode, to provide semi “accurate mapping” of cell signal strengths and similar, though I’m not aware of any “non-surveillance entity” doing so. When I’ve had to do that sort of “survey” in the past I simply rented appropriate test equipment including radio test sets cables and antennas all calibrated to “national standards”. These days, you can download an app onto your “smart phone” and in some models of phones, disconnect the internal antenna and replace it with a calibrated test antenna.

SpaceLifeForm March 11, 2022 1:11 AM

hxtps://www.bleepingcomputer.com/news/security/russia-creates-its-own-tls-certificate-authority-to-bypass-sanctions/

SpaceLifeForm March 11, 2022 2:14 AM

@ Clive, Ted

re: ginting

Close enough for now. There is more to the story, but I am certain it is classified, so, if you figure it out, just keep it on the lowdown for now. No reason to provide more clues to the attacker. It may be revealed later this year. Maybe not. There is a lot of stuff that is classified, but in reality, it is just common sense technical stuff that actually is public knowledge.

Though, to be fair, I guess ‘common sense technical stuff’ could be considered an oxymoron.

Sun Tzu had some good thoughts.

Sumadelet March 11, 2022 3:43 AM

Re: ownership of items in different legal jurisdictions.

Until 1995, in England & Wales, there existed ‘markets overt’, where items bought on ‘market days’ between sunrise and sunset had, by definition, good title. Obviously used for disposing of stolen goods.

h++ps://en.wikipedia.org/wiki/Market_overt

Ownership of goods transported between different legal jurisdictions can become undefined, paradoxical, murky, and complicated.

Clive Robinson March 11, 2022 4:31 AM

@ SpaceLifeForm, Ted, ALL,

There is a lot of stuff that is classified, but in reality, it is just common sense technical stuff that actually is public knowledge.

As I have a habit of saying about much that is supposadly secret technology your first touchstone should be,

If the laws of physics alow.

But everyone should remember that much that is supposadly secret and classified, is that way because,

Embarrassment arises from stupidity that becomes known.

Oh and the higher up the hierarchy you go the the more strongly you should,

“Follow the money”

As Douglas Adams who’s 70th birthday it would have been today, once famously observed,

“This planet has — or rather had — a problem, which was this: most of the people living on it were unhappy for pretty much all of the time. Many solutions were suggested for this problem, but most of these were largely concerned with the movement of small green pieces of paper, which was odd because on the whole it wasn’t the small green pieces of paper that were unhappy.”

Winter March 11, 2022 5:46 AM

@Clive
“Long slow asymetric war is a killer for an invading force, they have no idea when and where they will be attacked, only that it is going to do significant damage, both physically and morally compared to the defenders input which is usually fairly minimal.”

How did Stalin and Assad solve this problem?

  • Genocide against Ukrainians
  • Killing as many as possible (Cheznya)
  • Drive out as many as possible (Syria)
  • Deport and forcibly move all who remain

Putin is already hauling in Syrian and other ME fighters to do the dirty work. He is also preparing the use of chemical weapons.

Clive Robinson March 11, 2022 6:33 AM

@ Winter, ALL,

How did Stalin and Assad solve this problem?

You need to look a little deeper.

Those techniques are not very effective, and actually go back to the Boer War and the formation of concentration camps.

To be effective they need high pipulation concentration. So they work against Cities and surrounding suburbs.

As history has shown they do not work very well against rural and wild areas. It’s why Afghanistan is where it is today, in the hands of the Terrorist despite the West spending decades and trillions of dollars and having the worlds most advanced technology at their finger tips trying to stop them.

I do not like mentioning Mao Tse-Tung for many reasons. However he did assemble the thinking of many people into his thinking and stratagy which gave him China and later many other territories.

John March 11, 2022 6:35 AM

hmm….

‘He is also preparing the use of chemical weapons.’

Big deal.

Why not just use ‘covid’ like everyone else? To convince his enemies to get the ‘vaccine’!

Maybe his brain was fried by his ‘vaccine’ like so many others of us!

Farm fresh alive food cures sick people!

I grow my own!!

John

Clive Robinson March 11, 2022 6:45 AM

@ Moderator,

I’ve tried to post a reply to @SpaceLifeForm three times now…

And for some reason it’s not getting to post…

There is no obvious reason for it to be held.

Peter A. March 11, 2022 8:19 AM

@Clive Robinson: I also observe my posts not going through now and then, even if the page shown after clicking Submit says it’s OK. Also a post that I was trying to respond to have disappeared. I got a bit disappointed lately and post less often than before.

@Bruce: Something is obviously wrong with the comment system for unclear reasons, posts do not get through or disappear apparently randomly. I think you should have it reviewed by someone, maybe there are some technical issues.

ATN March 11, 2022 8:21 AM

@Denton Scratch, “Why are we fighting in the first place?”

Maybe, following COP26, where a lot of countries want to phase out petrol and gas soon, it doesn’t sound good for the prospects of Russia commercial balance sheet?

Solution may be [Russian population] replace Putin with Alexei Navalny and get Europe to help rebuilding Russia?

PalDubee March 11, 2022 11:04 AM

Here is another aspect of how the war can affect software development, and consequently, security.

Article title: One of the top contributors to coding language Python lives in Ukraine. Fellow developers are helping his family escape the war and communicating via Google Translate.

Excerpt: “Ukraine has one of the largest populations of computer programmers in the world. ”

Link: https://www.businessinsider.com/developers-help-ukrainian-family-of-key-python-contributor-escape-war-2022-3

JonKnowsNothing March 11, 2022 11:08 AM

@Winter, @Clive, @All

re: Foreign fighters of any nationality

Folks traveling from other countries to UKR for purposes of “joining up”, are facing some serious consequences that their “patriotic passion” hasn’t counted on.

Post 9-11, much of the world passed laws with serious consequences for people traveling to “join up” in other conflict areas. The laws are draconian, they are not in any way “moderate” and they carry burdens of permanent banishment, exile, and citizenship revocation (without notice).

The applications of these laws has left a lot of “camps” in various locations where the persons living in the tents cannot leave. A moderate form of concentration camp. Such camps can be mixed with refugee camps but there are status differences between them.

  • People who are refugees can apply for and seek shelter in another country.
  • People who are banished and/or exiled cannot return to their country of citizenship and may no longer have any status to apply to other countries (stateless persons).

The UK has announced that anyone holding UK citizenship or UK residency will face these laws should they leave for UKR and attempt to return.

Australia has issued the same warning.

There is no indication that countries will be willing to change these specific laws as they gives the governments a tremendous weapon to use against their citizenry.

The UK has been pushing for even more powers to impose the penalties, with no legal recourse.

The USA can revoke the citizenship of anyone who became a “naturalized citizen”. Often done if the person has committed any infraction, even decades earlier. This is done under the “good citizenship” clause. Some US Military Veterans of recent US wars, have been banished and had their citizenship revoked due infractions done as a teenagers. (The US answer to Windrush)

===

def: Banish means to send someone away and forbid that person from returning. Exile is the status after penal expulsion from one’s native country. Banishment is the punishment, being exiled is the status.

The person is legally banished and then becomes an exile in status.

eg: I have been banished from my country and now live as an exile elsewhere.
eg: I live in voluntary exile. (self imposed but not banished)

AL March 11, 2022 11:42 AM

It may be that Putin thought this invasion of Ukraine would be a cakewalk war, taking only a few days. That’s what it’s looking like to me. So, it may be that substantial cyber war wasn’t part of the plan.

Well, plans evolve. If this war starts carrying on for weeks or months, then I expect to see some cyber issues develop. I have to imagine that Putin is fit to be tied by now.

Clive Robinson March 11, 2022 4:53 PM

@ Bruce, Tatütata, SpaceLifeForm, ALL,

Something to “add to the files”.

With regards the security of radio based navigation systems such as Global Positioning Systems etc.

You might find this of very timely interest,

“MAPPING GPS/GNSS INTERFERENCE THROUGH ADS-B DATA”

https://www.rtl-sdr.com/mapping-gps-gnss-interference-through-ads-b-data/

Put simply all commercial aircraft have active ADS-B transponders that transmit the position the aircraft thinks it is in, it’s heading and what air and ground speeds etc. In effect they are mobile instrumentation heads.

Aircraft have several ways to decide where they are based not just on various radio navigation systems but inertial ones as well. Which means they can calculate an “accuracy figure” which they transmit via ADS-B.

Well there are an awful lot of amature ADS-B receivers dotted around all over the world and quite a few link back to central data aggregators. Which means all those aircraft acting as “instrument heads” reporting back on GNS and it’s jamming / spoofing do it in near real time.

Which makes it difficult for an entiry like Russia that is known to jam and spoof to keep it’s activities covert even when done intermittently.

SpaceLifeForm March 11, 2022 9:41 PM

This may be one of the last accurate reports you may see for some time from ru

hxtps://nitter.net/i/status/1502075252989382664

hxtps://threadreaderapp.com/thread/1502075252989382664.html

SpaceLifeForm March 11, 2022 10:20 PM

Some Light Trolling

Yes, you can send a signal via visible light.

hxtps://nitter.net/IsPutinDeadYet/status/1500990941276119040#m

SpaceLifeForm March 12, 2022 12:37 AM

They can not bail fast enough

hxtps://www.reuters.com/business/exclusive-russians-liquidating-crypto-uae-seek-safe-havens-2022-03-11/

One crypto firm has received lots of queries in the past 10 days from Swiss brokers asking to liquidate billions of dollars of bitcoin because their clients are afraid Switzerland will freeze their assets, one executive said, adding that none of the requests had been for less than $2 billion.

Clive Robinson March 12, 2022 1:16 AM

Part 2,

The “official” comment from the “Russian Digital Development Ministry” denying that Russia plans to disconnect Russia from the Internet,

“There are nonstop cyberattacks on Russian sites from abroad. We are getting prepared for various scenarios in order to ensure the accessibility of Russian resources. There are no plans to switch off the internet from inside”

Strikes me as an at best “half truth”. I suspect that by the end of this year the Russian internal network will be effectively issolated in reality if not name.

Because it’s been happening for quite some time, in fact well over a decade or two. It first came to a “make or break” crisis back in the 2014 Doha meeting of the ITU. As I indicated at the time it was serious though most of the world MSM appeared to be in total ignorance of it. Put simply Russia and a number of other totalitarian nations had made it fairly clear they did not want the West and in particular the US controling the Internet in the many hundred if not thousands of ways it does[1]. They wanted autonomy of their national networks, any way they could get it.

Clive Robinson March 12, 2022 1:19 AM

Part 3,

Most who actually thought about it envisioned “National Firewalls”, others thought it would go deeper than that, and that is the way Russia appears to be going. Brcsuse since then Russia has clearly made step after step to take control of it’s internal Internet not just at the physical level but at the user service level as well. This latest “Russian Cert Authority” will act to force Russian users off of the standard web browsers and services. Especially as anyone stupid enough to actively load the Russian Root Cert into their systems will leave themselves wide open to many many attacks from Russia they wound not otherwise be vulnerable to.

I suspect Russia will start to do a “Microsoft” style “Embrace and extend” of protocols and standards. In a way where “compatability” will increasingly require a “translation agent”. Think of it as “US-HTML” and “RUS-HTML” the Russian state will add minor “improvements” that will appear on mandatory to use Russian State services. Russian made browsers will support these, whilst non Russian ones will probably not (pretty much the same as Microsoft did with Explorer, and Google is doing with Chrome). This will push many Russian users over to RUS-HTML compliant browsers. Over time the RUS-HTML “improvments” will start to include “incompatabilities” with say US-HTML that will stop browsers working without some kind of translation layer in between. Think of it like the early days of firewalls where you had the two basic types, those that worked at network level protocols and those that worked at application level protocols.

Clive Robinson March 12, 2022 1:24 AM

Part 4,

That way Russian’s have to go through “Russian State Gateways” and those outside of Russia will either have to install Russian Applications with all that implies, or go through Russian State Gateways…

The thing is, back in the days of analog communications such as letters and pre 1970’s telephone service, it was very very labour intensive to “monitor” communications. Now in the Digital era things we have not yet imagined are being stored away in “Collect it all archives” just waiting to be thought up and exploited…

Take for instance user tracking by bio-metrics. I’ve noted that the likes of the Google search box and online spell checkers put the user typing cadence into the timing of packets sent across the Internet. The resolution of timing information that is used to record those packets is many orders of magnitude more than is required to get your typing cadence which is as far as we can tell unique to each person, not just via muscle memory but by the way they think and speak as well by their stylistic choicrs of words and phrases. That is you are trackable without the need to break encryption across any low latency network.

Clive Robinson March 12, 2022 1:26 AM

Part 5,

I’ve yet to see any academic papers on this, but I rather suspect that certain SigInt agencies do it almost routienly.

Why? Because back in WWII the UK used to “recognise the fist” or cadence of morse sending and be able to identify operators, and to a certain degree their stress levels. Thus spot “deception operations” by the Germsns and other Axis forces as well as SOE operators under duress. Similarly whilst voice encryption was in it’s infancy then, the use of sonograms and spectrograms –layer “watetfall displays”– were being used to detect who was speaking and their stress levels, as well as many of the words due to envelope energy/signiture (think about the reverse, that is the use of vocoders in the 1970/80’s to make musical instruments sound like they were talking, the classic example being ELO’s “Mr Blue Sky” that was the last track on the vinyl LP and at the end you heard “now please turn me over”.)

Oh and those “codecs” used with VoIP etc, quite a few of those push voice statistics through encryption etc as I’ve mentioned before. In fact the more effective the codec is at reducing the bit rate, the more susceptable it is to hemorrhaging such information via various side channels (back to the “Efficiency-v-Security” issue).

Clive Robinson March 12, 2022 1:29 AM

Part 6, last…

As new “methods” of bio-metrics are thought up, those “collect it all repositories” will be available to be not just “analyzed” but “Mined” for new intelligence. As these will “Identify the user” not “Identify the device” the “kill by meta-data” focus will change. Also in time these methods will work there way down into Law Enforcment… Some of us are old enough to remember what DNA Analysis did for the clear up rate of quite old “Cold Cases”, you can expect a similar sort of effect with those “collect it all repositories”.

It’s one of the reasons I keep telling people “turn off javascript” as “HTTPS is not enough by a very very long way”.

And yes I’ve not said very much about this for the past decade or so, because people already had me down as “paranoid” over the then obvious issues of javascript. Now people are starting to take that on board, they are kind of ready to take the next bit onboard…

Just remember “Efficiency-v-Security” also means “Convenience-v-Security” which kind of brings you back full circle to “Usability-v-Security”.

[1] Most of these ways of control of the Internet have not arisen by a deliberate desire or policy to control the Internet by the US. But by the simple historical point that the Internet started in the US and it made sense technically to expand rather than federate these infrastructure systems.

Clive Robinson March 12, 2022 1:39 AM

@ All,

My appologies for using six parts to post my response to @SpaceLifeForm et al.

But as my message to the Moderator at 6:45 AM,

https://www.schneier.com/blog/archives/2022/03/wheres-the-russia-ukraine-cyberwar.html/#comment-401579

Indicates I did try three times to post it originally.

Hopefully quite a few people will get something from it for different reasons.

As always if you’ve any questions pop them in below and if I can I will try to answer them a little more succinctly 😉

Winter March 12, 2022 2:58 AM

@Clive
“Hopefully quite a few people will get something from it for different reasons.”

I get the way Putin tries to go down the North Korea route.

A misinformed population is just as bad as a misinformed dictator. There is speculation that the reason Russia is in its current dire state, in a disasterous lose – lose war, because Putin silenced all opposition. With only yes men around him, he started to believe his own propaganda. With known outcomes.

A misinformed and ignorant population will never be able to run a modern economy. If Russia goes the route of North Korea, the will be the same.

Clive Robinson March 12, 2022 3:16 AM

@ SpaceLifeForm, ALL,

It appears Putin is trying to ban “fair comment” on international social media networks made by Ukranian’s about the Russian and Belarusian invaders who are murdering Ukranian citizens of all ages men and women alike…

https://www.reuters.com/world/kremlin-says-meta-would-have-cease-work-russia-if-reuters-report-is-true-2022-03-11/

Note the use of legislation that can be “presented as reasonable” it’s a tactic from nearly a century ago in Germany under the National Socialist Party, that led to what at the time were unimaginable horrors for ordinary people in the US, UK, Canada and other places. The fact such tactics carried on in the CCCP untill it’s collapse, should be a bit of a “wakeup call”.

I think any fines levied by Putin’s cronies should be paid in “script-rubles” that is a currancy that Russia can use to buy commodities that the UN does not say are “essential” medicines etc abroad. But such script-rubles should be pegged at the lowest percentage or lower below the the exchange rate that Putin is forcing on Russians who hold USD and EUR etc.

Something like say 1/200th of what the Ruble is lowest pegged at by the international markets, or 1/200,000th of the price of a barrel of crude oil etc.

Also as the “blockchain” is public, time to blacklist all crypto coin ever held in likely Russian owned wallets etc back dated to oh, lets say 2014. Anyone who holds such coins or parts there of, can make legal representation and provide proof of how they came to own the crypto coins and that it was by legal behaviour and all taxes etc due in all jurisdictions have been paid.

Yes life in Russia is tough but it appears that over 50% of Russians think what Putin is doing is “right” and that the disposal etc of Ukranians is justified for the sake of “Mother Russia”…

So if Putin wants to punish Ukranian’s why should Russian’s not be treated with the same punishments?

The Russians need to learn that “Actions have Consequences” even if their actions have just been to look the other way or believe the nonsense of past glories that never were, nor ever can be, pushed out by Putin with his faux “Strong Russia” idiocy. If they want to live in a “Nouvelle DPRK” that Putin obviously wants to saddle them with for his and his cronies bebifit, then perhaps we should let them live it for the next half century or so?

As history shows, for way more than half a millennium Russia has in one way or another been a parasite on other nations and peoples. The usual method of dealing with parasites in the modern world is two fold,

1, Remove them from any hosts they feed on.
2, Prevent them getting access to other hosts.

Is this what we should do with Russia?

I hope not, but then the future of the Russian People is in their own hands, and they realy need to take responsability.

Clive Robinson March 12, 2022 5:39 AM

@ Winter,

A misinformed and ignorant population will never be able to run a modern economy.

History suggests that even upto the begining of the 20th Century, the Russian’s be they the self selected in highest office, or any where in the peseant classes were incapable of running the equivalent of a Western European medieval agrarian economy.

As others have pointed out earlier this year, for something that was supppsably baned for near on a life time, religion now has a major grip on the population.

Russia is almost back to the “Estates of realm” societal model and we unfortunately know where that leads to,

https://en.m.wikipedia.org/wiki/Ancien_Régime

Even the “English system” which got exported to much of the world and the US system was closely based on, even with lots of checks and balances within the system can be seen to reverting to authoritarianism and tyranny. Also unfortunately the rise of the less plesant forms of alleged Christianity infiltrating the political system with adverse effects on the general civilian population.

You can not be free, if your mind is chained before you were old enough to see the chains for what they are. It’s why cults can gain such power over people.

Who? March 12, 2022 7:06 AM

Remember how NSA tried hard not using its cyber-weapons in the past. The problem with cyber-war is that it uses one-shot bullets. Once fired, a bullet cannot be used again or—to be more precise—it can, but only for a limited amount of time, until discovered and fixed.

Russia (or, for the case, any country that wants to run a cyber-war) does better not using their cyber-weapons until required and, when done, trying to maximize the damage done in the shortest amount of time.

Same happened to regional KA-SAT SATCOM terminals. As outlined by NSA at

hxxps://media.defense.gov/2022/Jan/25/2002927101/-1/-1/0/CSA_PROTECTING_VSAT_COMMUNICATIONS_01252022.PDF

VSAT networks have multiple weaknesses, from default credentials to bugs in firmware. I suspect an attack like the one seen a week ago, will not be possible again.

Briefly, cyber-weapons are powerful until used; then they becomes useless.

JonKnowsNothing March 12, 2022 2:17 PM

@Clive, @All

re: Winners are Losers and Back Again

When considering the economic fallout from UKR-RU-BLR(if) consider looking at other countries where conflicts have happened in recent times.

Certainly much is lost but also a leap-frog effect happens. The rebuild brings newer things (maybe not better but newer) into play, unless the areas are under a recurring periodic destruction program. Even with periodic destruction, the rebuild moves around the imposed bottlenecks.

Siege warfare as practiced in the ME doesn’t work because even with all the bottlenecks and periodic infrastructure destruction, the rebuild moves to a different layer of resilience.

Siege warfare as practiced against RU isn’t likely to have any long term results because 12 time zones make a difference. McDs moving out of RU as a “punishment” may turn out to be a windfall for RU. Thousands of now abandoned restaurants, factories, stores are available to others to claim, whether they be RU or CH or anyone else. A ready-made-to-order upgrade. One of the biggest barriers to entry of any market place is Methods of Production.

  note: Abandoned is not the same as Confiscated.

A flaw in the thinking of BigTech is that everyone NEEDS big tech. RU has the ability to do tech on its own, perhaps not what is available outside of the RU but they will manage, same as countries in AF and ME do.

Western Capitalists are watching their huge portfolios declining not only in the loss of the Ruble but also the loss of All Those Consumers.

As I’ve previously mentioned UKR is about to face an enormous food problem and it will reverberate in global market places.

  • IF UKR does not START to PLANT their SPRING CROPS soon, they will lose an entire season. A farmer doesn’t just throw out a few seeds and hope for Jack N the Bean Stalk to Happen.

Global inflation, climate change, reliance on petroleum and other products for fertilizer, mechanized farming, access to the proper seeds for the climate and soil are already playing havoc with the global food supply.

Losing an entire crop from the UKR will affect many. Crops are planted, harvested, processed, shipped, combined to produce all the food stuffs humans eat. It’s a long supply chain for plants with 2 or 3 traditional planting periods.

The previous discussions of meat production losses are still happening. The reasons for culling remain unchanged. The abattoirs have the same problems as before or worse. BigAg+BigChem still push laws that permit the Worst Ag Practices to continue unabated. The protein shortages are more noticeable.

Even Roman Emperors knew they better provide daily bread to the population.

===

Search Terms

Cura Annonae

  • Rome imported most of the grain consumed by its population, estimated to number one million people by the second century AD. An important part of this was the grain dole or corn dole,[corn==wheat] a government program which gave out free or subsidized grain, and later bread, to the poorest residents of the city of Rome. The dole was given to about 200,000 people, and is an early and long-lasting example of a social safety net.

MarkH March 12, 2022 2:20 PM

@Clive:

I’m intrigued by your suggestion to look at the reverse direction, in order to understand the effectiveness of cyber attacks. When I first read it a couple of days ago, it inspired me to see something which (to my embarrassment) I hadn’t thought of previously.

Since the 2014 Russian invasions into Ukraine, I’ve had a nagging dread of traitors within Ukraine (of whom there were examples at that time) and planted Russian spies.

It came to me that (a) Ukraine has had abundant opportunity to implant spies in Russia’s military, and (b) Ukraine is likely to have many sympathizers throughout Russia’s institutions.

Given the great asymmetries between the countries in this war, I suppose that such assets could be much more valuable to Ukraine than their mirror image could be valuable to Russia.

lurker March 12, 2022 4:04 PM

@JonKnowsNothing
Rome imported most of the grain

One of the reasons Caesar sent Marc Anthony to negotiate a deal with Egypt. Another being Egypt’s industrial base using production line techniques later copied by Henry Ford.

ResearcherZero March 13, 2022 12:43 AM

@Clive Robinson

The tactic of sanctions help ‘the west’ too seize more of the laundered money that was looted from the Russian economy. The old guard from the KGB reckoned they were going to use that loot to infiltrate all levels of our governments, by targeting officials and businessmen. It worked to an extent. Many western governments have been quite happy to maintain the status quo and leave Ukraine dangling in the wind.

The old KGB hardliners are still living in the past, they never moved on. There are articles about how Putin invented “Hybrid Warfare”, which is exactly the same kind of tactics the KGB have always used. The only thing that has changed about the KGB is the terminology, and the name.
Plenty of the old guard in the west never moved on either, they like the idea of Winners and Losers. That same old guard dismissed all the reports coming out of the Russia desk that didn’t suit their own personal goals of being some of the ‘Winners’.

The Troika Laundromat is more than 20 years old and, “is a systemic weakness in the global financial system that has been exploited primarily across the former soviet states.”

“Starting in 2006, Troika employees began putting together the pieces of the Troika Laundromat.”
https://www.occrp.org/en/troikalaundromat/vast-offshore-network-moved-billions-with-help-from-major-russian-bank#occrp-inset-multi-box-the-troika-laundromat-s-role-in-previous-scandals

Putin’s displeasure with the Panama Papers contributed to Russian efforts to discredit the United States.
https://www.dni.gov/files/documents/ICA_2017_01.pdf

Australia did not pass the ‘Autonomous Sanctions Amendment’ until the 2nd of December 2021 (a Magnitsky style Act). However without further legislation and improvements to Australia’s very lax money laundering laws, it’s largely useless.

Oh well, as long as the ‘Winners’ can keep their ill-gotten gains.

“by failing to guard against foreseeable harm flowing from a contravention by the company, the directors and officers failed to discharge their duty of care and diligence required of them by section 180(1) of the Corporations Act 2001 (Cth). This could result in a director or officer being disqualified from involvement in the management of a corporation

ResearcherZero March 13, 2022 12:50 AM

@Who?

The same social engineering techniques and vulnerabilities can be targeted over and over again. Cyber weapons should not be thought of as bullets, but rather as packages. Nation states often host the payload externally from the initial package.

ResearcherZero March 13, 2022 1:44 AM

There is some electronic warfare… but they are being tight lipped about Ukraine.

10 March 2022

The Finnish Transport and Communications Agency Traficom has received numerous occurrence reports regarding GPS signal interference observed by aircraft. The interference began during the weekend and is still continuing. On Tuesday, several aircraft reported GPS signal interference in the region around Mikkeli, Jyväskylä and Kuopio. An aircraft operated by the Lithuanian carrier Transaviabaltika has been unable to fly from Tallinn to Savonlinna for three days.

GPS interference can be momentary and local, which makes it difficult to verify afterwards.
It is easier on board aircraft, and in the air interference may be detected far from the source. (As the distance from a transmitter increases, the energy a receiver has to deal with decreases proportional to the square of the distance.)
https://www.traficom.fi/en/news/unusual-amount-reports-about-gps-interference-near-eastern-border-finland

“3 days ago suddenly the Baltic (Poland, Lithuania, Latvia, Kaliningrad) started having some of the most significant interference on the planet, after weeks of nothing unusual.”
https://twitter.com/lemonodor/status/1500719113185816577

Back in 20 September 2017

Russia is suspected of interrupting the mobile network along Latvia’s western coast for seven hours on Aug. 30, NATO diplomats and Latvian security officials said. A communications jammer aimed towards Sweden from Russia’s Baltic outpost Kaliningrad may have been used.

Latvian officials suspect Moscow targeted Latvia’s emergency services’ 112 hotline, which failed for the first time on Sept. 13

“Russia appears to have switched on a mobile communications jammer in Kaliningrad, a very powerful one that wasn’t aimed at Latvia, but towards Gotland, the Aland Islands,”

“One of the edges (of the beam) affected Latvia too,”
https://www.reuters.com/article/us-russia-nato/russia-may-have-tested-cyber-warfare-on-latvia-western-officials-say-idUSKBN1CA142

but as far as cyber warfare …

It will probably take a while to study all the information flowing in from the battle zone, including the leaked files from Roskomnadzor, and personal data of 120,000 Russian soldiers allegedly fighting in Ukraine.

We will probably read about significant operations some years from now, because the politicians go all Sun Tzu and s**t.

Clive Robinson March 13, 2022 6:48 AM

@ ResearcherZero, ALL,

Cyber weapons should not be thought of as bullets, but rather as packages.

Actually as “packages of instructions”

I’ve been pointing out for years that for those being cyber-attacked it is very much their own fault.

Because,

1, “They accept” the malware at their front door.
2, “They open” the malware inside their place of work.
3, “They follow” the malware instructions without question.

And quite a few more “They do’s” as well.

Which kind of tells you there is a very predictable chain of events that have to happen, break any one of them and the malware / cyber-weapon fails.

It’s why the first question I ask is,

“What is the business rational for this computer to have access to external communications?”

Mostly the answer boils down to some MBA Mantra, that actually has no tested reality behind it.

In fact you can eith care piece it back to the very disastrous neo-con mantra of “never leave money on the table” that makes every system highly brittle and lacking any kind of resiliance.

Just one visable effect of this is globe spanning supply chains that when they break they may never recover (look back on how many businesses failed during Covid).

I’m known to say that “economics is not valid science, or mathmatics, and it’s not testable but it does have all the signs of fads and cults”.

But worse it’s supposed underpinings have so many hidden assumptions that effectively economics does not have solid foundations on which the rest of it’s house of cards sits.

One aspect of this is the assumption of “Distance Costs”… The Internet business model however is “connection costs” and “Distance is irrelevant”.

One of the primary assumptions built on the notion of “distance costs” is that of local -v- distant production of goods and services. That is “local has a cost advantage over distant production” therefore local has space to absorbe startup costs thus develop competition to distant.

Well it does not work that way on the Internet hence the Silicon Valley Mega Coporates.

Ask yourself the question “what happens when the cable is cut, or data movment across borders is taxed?”…

Now follow the thought on to cyber-crime, and cyber-weapons.

The US is the nation that is most likely to suffer real economic harm if the Internet changes. Then quite a few other First World nations. As for for other nations, how much change is going to happen to the economics of a 50 person village in the mountains of say Afghanistan?

Despite all the early claims of the Intetnet can “route around XXX” it’s actually realy quite fragile. There is a joke about “More harm has been done to the Internet by rodents than man” only it’s not realy that much of a joke.

We hear talk about “asymetric warfare” but few think it through to,

Asymetric warfare is only possible because we have made ourselves vulnerable in some way, that the enemy has not.

In the case of malware / cyber-weapons, it’s because we have chosen to be entirely promiscuous with regards communications and all that follows on in the chain. Worse for studid short term reasons we have made all the supply chains etc very long, very fragile, and without resilience of any kind.

JonKnowsNothing March 13, 2022 7:20 AM

@Clive, @ResearcherZero, @All

re: “They follow” the malware instructions without question.

This isn’t limited to malware, it’s pretty much universal for humans. Anyone with enough “command voice” can get others to do “as ordered”.

There are several power structures in play. Depending on the perception of “hierarchy” the command-voice can gain more influence.

  • I was following orders…
  • I did what they told me to do…
  • They said everyone does it ….
  • They said if I did X I’d be accepted in the group…

Humans will follow the leader and if, as in this case, the leader says:

  • For more information: CLICK HERE

people will do exactly that.

It maybe too late to remove external internet access, even if you don’t allow it on internal company PCs, WFHome will have it, and if they don’t, their Handy-Smartphone will happily connect them up, to gobble them up.

It might be a lot faster if the LINK format was altered but that’s not likely either. If there are No Links, there’s less risk. There’s still risk. If you consider that before PCs, confidence-tricksters-scammers-grifters-spys still plied their trades.

JonKnowsNothing March 13, 2022 7:53 AM

@Clive @All

re: “What is the business rational for this computer to have access to external communications?”

There was a time, after BigBlue but before too many Apples, that businesses ran on Interdepartmental Memos: aka paper. Lots of it.

When copiers were first sold as businesses machines, it was sold on the idea of “less paper”, because only a small subset of people really needed the paper. It turned out that paper use increased as many more people wanted copies of what previously had be gated by manual copy methods (stencil, carbon paper etc).

Companies have jettisoned not only the old employee structure but also the concept of restricted access, meaning “necessary restricted access”, not Pentagon Secret AutoStamping.

So, considering how companies have removed the coat racks, in exchange for data racks, a good many would and will fail if computer systems are newly restricted.

So the question comes down to: Who will be restricted?

  • Bank tellers?
    If you want your balance or to do a complex transfer they need access to their remote data center.
  • Gasoline Stations?
    We used to have people come out and “pump gas”, now we “pump our own”. We stuff in the CC and out pours petrol (not as much per monetary unit these days). This connects to a complex system of reporting both accounting and mandatory, refueling-restocking order points.

The person in the kiosk has access to the POS system, and email or paging system for corporate support plus repair-requests for malfunctioning pumps.

  • Restaurants?
    A very large number of restaurants are parts of chains. Not all as big as McD. Even Michelin Star restaurants can be chain owned by celebrity chefs. These all have POS up front registers and systems on the back end with auto-order restocking programs. It used to be you had to count stuff by hand (foot and tick) but now you wave a RFID reader to get the count and some places use a room-size RFID reader system to count (aka Amazon’s Grab N Go style markets).

Hardly a restaurant doesn’t connect to some delivery services now. Same as grocery stores and merchandise stores. They even put scanners in the stores so you can check the barcodes-QR codes yourself. They even put a DIY checkout scanner+CC in stores.

  • Farmers?
    Even farmers are using remote systems to manage their livestock. Lots of auctions are On-Line now. You want to buy new bull or calves or sheep? Log in to the Online Livestock-Bloodstock Auction.

  • Push notifications / Pull notifications
    Maybe folks don’t need as many, however, there is a “failure to send” problem where the electronic bits hit the bucket. Even in areas with “officially good 5 bar connections”, often people have 1 bar and the send fails. There’s a whole routine about “Did you get it?” which rivals “Whos on First”.

These also act as page-systems: “I’ll send a msg you are here” has replaced “I’ll go tell The-VIP you are waiting”.

I’m not sure which parts of business can be disconnected now.

Curious March 13, 2022 8:02 AM

I vaguely remember reading about norway’s military opinion about cyber war many years ago, and from reading this simple news article, I sort of got the idea that, the military would re-structure the internet in a way by white listing entities, and if one read beteween the lines, one might get the idea that they would maybe attack anything else.

I wonder how much of the internet these days are altered. I know too little about these things, but I think I’ve learned that, there is this idea that an internet connection isn’t set up for creating the shortest path, but any other path around I guess, making me wonder just how mallable the internet might be, in the hands of whoever is in power of the infrastructure re. ISP’s and military.

John Carter March 13, 2022 2:57 PM

This is not a comment for or against any side, it’s a comment on use of social media for propaganda purposes.

Remember all the news stories prior to the war about “Russia Troll Farms” spreading disinformation?

You would have thought they would have been busy 24/7 amp’ing the Russia’s propaganda prior to the war.

My social media feed should have been swamped.

It wasn’t.

My social media feed is now more than swamped with pro Ukrainian content. While I can accept Ukraine is the viral “social justice” cause of the day… something beyond that is going on.

My point is the so called “Russian Troll Farms” weren’t Russian.

Putin is guilty of many things… but clearly he isn’t the master social media manipulator the news media was claiming.

That title clearly belongs elsewhere.

MarkH March 13, 2022 7:07 PM

@John Carter:

I spend almost no time on social media, but I do participate in comment threads of newspaper and journal websites.

In the run-up to the invasion, I saw a fairly typical number of pro-Kremlin comments, including the usual proportion of those with the distinctive character I associate with paid trolling.

The existence of a government-funded Russian commenting industry on Western media has been well studied, and I think amply documented as well. It’s no secret! In addition to what is already known, whoever proposes a non-Russian source (whom I’ll call Q) for the enormous volume of pro-Kremlin troll comments since 2014 must shoulder the burden of explaining what has motivated Q to do Putin’s work for him.

One hypothesis to explain your noticing fewer troll comments than you expected, is that on moderated comment threads (the only kind I look at), the moderation process has improved over the years.

MarkH March 13, 2022 7:08 PM

@John Carter, continued:

A rather more complex hypothesis is that the decision to initiate war was made in extreme isolation (with very few persons “in the know”), and was effectively secret. Published accounts by authors claiming contacts near Putin, and the public expressions from a few highly placed Russians seem to be consistent with the secrecy of the decision.

I suggest that it might have been difficult to task troll farms to prepare the ground for actions of which they had no advance knowledge.

PS The people of Barsoom are eternally indebted for your repair of the oxygen factory.

JonKnowsNothing March 13, 2022 9:21 PM

@MarkH

re: Secret Wars with Social Media Burnout

The US MSM often has drums beating for a number of “unpopular” regimes, countries. It’s such a constant dummmm-de-dum-dummm it all fades into the background of “who cares”.

For many of the public, the lead in to UKR-RU may have appeared to be Just More Of The Same Ol’ War Games.

If the intention was to raise indignation in advance, it didn’t appear to work. If the intention was for everyone to doom scroll over to the sporting news, it probably worked well.

Secret Wars and Covert Wars are thought of as “no one knew” but of course, there had to be a lot of people in the know. Except the definition of “a lot” might have been a one or two dozen high ranked officers and a good cover line (war games).

The US and everyone+dog play war games on a regular basis. It’s all designed to wind up the other side (whichever side that is at the time). It’s a spit-in-your-face deal, I dare you! and all the other bravado the governments can dig up for the daily news cycle.

It certainly appeared to work very well as a cover. And that’s always the risk of war games.

While folks are watching the results in UKR, the one over by Taiwan is ramping up to be an even bigger shock.

Perhaps there’s something between the two? One a prelude to the other?

One of the more comedic aspects of “Fast War Response” by the US Pentagon, could be seen in the Irag Wars and Somalia War. There was nothing “lightening fast” about any of it. One might think the US could respond with their advance forces faster than “months” but the only ones that seem to do that regularly are the CIA.

John Carter March 13, 2022 9:36 PM

@MarkH

My point is not “Russian Troll Farms don’t exist”…. but more “Other players are way more active and advanced in the realm of social media manipulation than the Russian State”.

Which is not in the least bit surprising, when you consider who owns the platforms and where they are hosted .

Who those players are is the really interesting question.

ps: While I appreciate Barsoom’s gratitude, but I must speed off to rescue scantily clad maidens threatened by slimy tentacled aliens.

ResearcherZero March 13, 2022 11:24 PM

@Clive Robinson

Asleep at the wheel you could say.

Back in the 1990’s when the Australian political establishment was being briefed on these very same threats, many turned their backs on the military chiefs, joking about the presentation, behaving much like small children. They asked to see some of the raw intelligence, and after a special viewing was organised, they responded, “How do we know those translations are actually what those documents say?”

The government had it’s security access downgraded after that. But that same kind of disinterest was often pretty universal. Intelligence partners from Eastern Europe took matters seriously, and there were a few individuals here and there in The West, but the majority were more interested in school yard popularity.

They have increasingly employed divisive politics, to distract from decades of ineptitude. Public Relations always at the ready.

March 2, 2022

“The legislation, which still has to pass in the House, would require critical infrastructure owners and civilian federal agencies to report to the Cybersecurity and Infrastructure Security Agency within 72 hours if they experience a substantial cyberattack.”

“It would also require critical infrastructure companies to report ransomware payments to the federal government within 24 hours.”
https://edition.cnn.com/2022/03/02/politics/senate-passes-major-cybersecurity-legislation/index.html

This kind of lack of preparedness is across the board!

“Managing crises and keeping people safe is, in fact, the most important job of government.”
https://www.news.com.au/national/politics/again-in-a-crisis-scott-morrison-seeks-to-avoid-responsibility/news-story/6f1ba1e693063a46f386fdfa1139e438

…the federal government has yet to touch a $4.8 billion fund that was set up three disaster seasons ago.

“It’s gained $800 million as it’s been sitting there untouched and unused when we could’ve been building flood levees, building culverts, building better drainage,”
https://www.skynews.com.au/australia-news/people-feel-like-theyve-been-let-down-government-criticised-for-floods-response-as-national-emergency-is-set-to-be-declared/news-story/d7befb198adf911b81d06bcbf032a17d

Clive Robinson March 13, 2022 11:55 PM

@ JonKnowsNothing, MarkH,

While folks are watching the results in UKR, the one over by Taiwan is ramping up to be an even bigger shock.

Perhaps there’s something between the two? One a prelude to the other?

This has happened before, often it appears to be planned but in reality not so much, it’s more a case of “opportunity knocks” or “the pot boils over”.

In the US for a while the unelected “Dulles Brothers” held court running the CIA and State Dept policy that set the US on it’s petpetual “War On XXX” path[1]. Which the world and especially the US citizens suffer from immensely still today with trillions “disapeared” into favoured back pockets, and the continual beat of the war drums around the world, to distract from such corruption. Enabled by a list of interchangable Orwellian Enemies such as China, Iran, North Korea, Russia to “frighten the children with” called the “Axis of Evil”. It was originally myth more than reality, but had the distinction of forcing them together on the “Enemy of my Enemy is my friend” at least for now principle.

That is US Foreign Policy put overly simply is “To polarise the world into ‘them and us’, thereby creating as many enemies as possible to drive wealth into the US MIC”.

The Dulles Brothers were deluded and Allen Dulles was without doubt a psychopath and his brother John probably as well. One delusion was the “single bullet theory” that arose from the Dulles Brother’s long long before the JFK assasination.

Put simply the argument was, with one bullet you could change world history. With Whataboutism questions about those who assassinated Arch Duke Ferdinand (that is still incorrectly taught started “The Great War” that later just became WWI).

The argument was at best superficialy glib and facile, almost vacuous cocktail party cynicism. But it held a drum that the Dulles Brothers beat.

The reality is that political tensions had been building for years and various people plotting for a “Decisive Conflict”. Many thought it had occured with Russia, but although it involved the then “Secret Services” of most European Nations, it failed to “ignite” the wars that certain people behind the thrones and seats of power in Europe thought would be so benificial.

The tensions were hightened and people poured oil on the situation. War was inevitable, all it needed was a spark… Any spark that could be used as an excuse, to make it look like the wanted conflict was necessary and just to those selected as cannon fodder to forfill by the million others deranged imaginings of destiny…

The same happened again within two decades and WWII happened. Whilst WWI was the war that initiated mechanized war, it also started to drag science in with the mass use of Chemical Weapons. WWII was the war of science against science that culminated in the near total devistation and bancruptcy of Europe and a weapon of mass destruction so terrible that most considered only a madman would use.

Europe would almost certainly have fallen into a third world war of conflict if not for two things,

1, The fear of nuclear annihilation.
2, The Marshal Plan.

Of the two it is probably the Marshal Plan that kept peace in Europe long enough for the realisation that armed conflict rarely achieves anything other than death and wanton destruction.

But the Dulles Brothers were not to be denied their machinations. Though the fear of nuclear weapons and their use quelled elected representatives, the Dulles Brothers fostered numerous “proxie wars” one of which “Vietnam” still lives in the “American Psyche”. If Vietnam should be remembered for one thing, it was the first war of “Stratigic and tactical Computer use” and it was a complete failure, in almost every way. Arguably it paved the way for the recognition of Asymetrical Warfare as a workable strategy against a Technological Advanced and Industrialy Powerful Attacker engaging in Global Warfare by proxie. Where you as a defender can not take the war to the attacking nations citizens directly.

What we have seen this century is the build up of hostilities, that was highly predictable. Whilst the “Cold War” might not have effected Nations in Europe, the lesson of post WWII was lost on many politicians, there was no “Marshal Plan for Russia” with the inevitable results that two World Wars in Europe have given lessons for and taught us the likely result.

What we have seen is that three of the nations on the US “Axis of Evil” list have been forced together something that almost certainly would not have happened under other circumstances. The fourth to the surprise of many out thought the US State Dept and it’s plans for starting yet another Middle East War, to try and force neutral European Nations into the US “them or us” game.

If you look back on this blog you will see I’ve been predicting for some time an outbreak of hostilities between the US and,

1, China
2, Iran

Both of whom have avoided the issue fairly astutely. However they are still highly volatile areas where tensions have been repeatedly raised over and over by the US.

Thus if the US commits to a new European War, it is highly likely that the resulting polarisation will force war in the areas around China, Iran and North Korea, which will then further escalate, with India and Pakistan being dragged in.

Oh and don’t think that the fear of nuclear war will stop it happening. Both Russia and China have been building up IRBM abd hypersonic systems that they considered necessary against each other. It is likely Russia has developed it’s own “Pluto” system to get around “balistic trajectory” failings of late 20th Century nuclear missiles and China has demonstrated not just hypersonic missiles but the high power EM weaponry by which they can be partially combated. Whilst Russia and North Korea have shown themselves to be adept at spoofing global positioning systems that many US and NATO “Smart Weapons” are dependent upon for their accuracy.

Whilst the curse may not be Chinese in origin, we certainly are starting to live in “Interesting times”.

We know the pyres have been piled high all over the globe, and recently liberally doused in oil and other accelerants, thus the question is,

Where will the spark be struck, or has the slow match already been lit?

[1] https://medium.com/dan-sanchez/the-dulles-brothers-and-their-legacy-of-perpetual-war-94191c41a653

ResearcherZero March 14, 2022 12:10 AM

That same Australian disaster relief fund that was set up in 2019, was established through a $4 billion cut in research funding.

Perhaps they are a bunch of fools? At least the defense budget has been well spent on systems plagued with problems once again, otherwise people might unreasonably raise their expectations for some level of competence from government in the future.

ResearcherZero March 14, 2022 1:35 AM

Viasat said in a statement that the disruption for customers in Ukraine and elsewhere was triggered by a “deliberate, isolated and external cyber event” but has yet to provide a detailed, public explanation of what happened.

The Viasat official said a misconfiguration in the “management section” of the satellite network had allowed the hackers remote access into the modems, knocking them offline.
He said most of the affected devices would need to be reprogrammed either by a technician on site or at a repair depot and that some would have to be swapped out.
The Viasat official wasn’t explicit about what the “management section” of the network referred to and declined to provide further details.

The KA-SAT network is operated, however, by a third party, which in turn farms out service through various distributors.

Over the past several years Ukraine’s military and security services have purchased several different communications systems that run over Viasat’s network, according to contracts posted on ProZorro, a Ukrainian transparency platform.

Stritecky, the Czech telecom executive, said he did not blame Viasat.

He recalled coming into work on the morning of the invasion and seeing a monitor showing regional satellite coverage in the Czech Republic, neighboring Slovakia, and Ukraine all in red.

“It was immediately clear what happened,” he said.
https://www.itnews.com.au/news/us-spy-agency-probes-sabotage-of-satellite-internet-577288

‘Wake Up call for SATCOM security’
https://ioactive.com/pdfs/IOActive_SATCOM_Presentation_Black_Hat_2014.pdf

https://media.defense.gov/2022/Jan/25/2002927101/-1/-1/0/CSA_PROTECTING_VSAT_COMMUNICATIONS_01252022.PDF

Ted March 14, 2022 5:07 PM

Alex Stamos was on the Lawfare podcast for the episode “How Tech Platforms are Navigating the War in Ukraine.”

@MarkH, to your point of platforms being better at moderating content, Stamos also reaffirmed that point. On top of that, he said there isn’t a great deal of demand for content produced by Russia at this time.

Pro-invasion propaganda has to some extent flown over the cuckoo’s nest. There’s not a lot of resonance regarding the push to de-nazify a country led by a Jewish president.

Winter March 14, 2022 5:32 PM

@Ted
“Pro-invasion propaganda has to some extent flown over the cuckoo’s nest.”

It has. Russian content has gone over the cliff into la-la land.

Russian “content” actually denies there is an invasion. They claim it is Ukrainian nazi/nationalist groups that are bombing their own cities to blaim the Russians. Oh, and these Ukrainian nationalist are accused of using civilians, eg, hospitals, as human shields. (not sure how this connects to the fact there are supposed to be no invaders to shield against).

This was literally (word for word) claimed by the Russian ambassador on Dutch TV.

Dutch TV also interviewed an Ukrainian girl who told about her Russian father in Moscow who insisted to her that there was no war, it was all propaganda, even though she recorded herself walking through the city with artillery shelling going on in the background.

All that and a continuous stream of fugitives entering the country, as well as masses of Russians and Ukrainians together protesting against the war has pushed Russian “news” in the same class as UFO sightings, crop circles, and Chemtrails.

Ted March 14, 2022 6:03 PM

@Winter

… has pushed Russian “news” in the same class as UFO sightings, crop circles, and Chemtrails.

True. Russia is probably waiting to reopen the stock market until its capacity at “relocation centers” has been increased. Everyone but Russia will have a lot of explaining to do.

SpaceLifeForm March 14, 2022 7:48 PM

@ Ted, Winter, &ers, MarkH, Clive, ALL

Where is the Cyberwar?

hxtps://www.bleepingcomputer.com/news/security/fake-antivirus-updates-used-to-deploy-cobalt-strike-in-ukraine/

The phishing emails impersonate Ukrainian government agencies offering ways to increase network security and advise recipients to download “critical security updates,” which come in the form of a 60 MB file named “BitdefenderWindowsUpdatePackage.exe.”

If you don’t check your email, you won’t get phished.

Clive Robinson March 14, 2022 8:04 PM

@ Winter, Ted, All,

It has. Russian content has gone over the cliff into la-la land.

Unfortunately that is not the problem,

Ukrainian girl who told about her Russian father in Moscow who insisted to her that there was no war, it was all propaganda, even though she recorded herself walking through the city with artillery shelling going on in the background.

That tells you the problem.

When a father does not believe his daughter with regards to the danger she is in, you have to ask questions about the relationship or the father.

The fact they talked suggests that the relationship has been fairly normal until recently. The fact it is nolonger normal, that is he disbelieves his daughter is a very serious problem.

It means that he now does not believe his daughter for some reason …

Thus the question that arises is “Why does he not believe his daughter?”

Especially when you consider that the little Russian propaganda we here from Putin and cronies is not just inconsistant it’s actually self contradictory.

Generally such behaviour the father is showing is a very deep cognative dissonance that has caused a schism with his daughter, to the point he is prepared to believe she is involved in a massive plot against him.

There are a bunch of technical terms to describe this, but using them would not convey much in the way of meaning.

So in short the father is in effect living in an alternative reality, where it is easier for him to believe a load of inconsistant insane ramblings from Government, than it is to believe his daughter who is or has been in very real mortal danger.

But he is not the only one. The Ukrain Ambasador to the UN produced a phone and screen shots of the messages on it. He said the phone was recovered off of the body of a Russian soldier, the messages were very sad, especially as he could not get across to his mother and father what was happening[1].

I have no practical idea how you would go about reliably causing such an extensive level of faux reality in a nation. But a part of it would be effectively issolation from reality from multiple sources from multiple places in the world in multiple message channels. Another part would be that this would have had to have been carried out over quite a period of time.

Back nearly a hundred years ago the world was a far less connected place and communications channels very few. Which made controling information from outside a bubble very much easier, but even then it was very far from perfect.

As Dr Joseph Goebbels commented towards the end of 1943 on the use of Aspidistra as a “black propaganda” station,

“In the evening the so-called “Soldatensender Calais” which evidently originates in England and uses the same wavelengths at Radio Deutschland – when the latter is out during air raids – gave us something to worry about. The station does a very good job of propaganda, and from what is put on the air one can gather that the English know exactly what they have destroyed in Berlin and what they have not.”

The problems the Germans had, is that they knew that British bombers used radio navigation to find their way across europe to Berlin. Specifically if the Germans left Radio Deutschland on the air then the bombers had a very easy radio navigation fix that like a light house or beacon in the darkness very accurately located Berlin even if it was blacked out.

So when British bombers were tracked comming across the channel Radio Deutschland was turned off. The transmitter in South East England was not just powerfull but could be very very rapidly switched. So the listeners in Germany would hear little more than a click…

The secret that the British used was even though it was “Black Propaganda” they never ever told a factual lie, or any lie at all.

It was the way they told the truth, in a highly negative manner. For instance from “army lists” they had access too they knew where many German soldiers families lived. Nearly unchalenged photo reconosence allowed the British to know were just about every new bomb crater was the morning after a raid. By linking the two together they could give out a soldiers name and serial number and tell him to speak to his old neighbours where he had lived. It gave the station an air of certainty that was not just easy to verify but made it so highly authorative, much much more so than Germany’s own media outlets, that it was given more credence than anything Radio Deutschland or the German newspapers put out.

Some have wondered why the BBC main transmitters in Europe have started broadcasting Shortwave into the Ukraine Belarus and Russia. It’s very probably for “White Propaganda” reasons.

So will be entirely truthful about it’s origins and the news etc that it carries.

https://en.m.wikipedia.org/wiki/White_propaganda

It’s presentation may not even by one-sided just impartial thus building trust in it’s audiance on both sides.

[1] I previously posted a link to the UN’s own Web TV channel of the Ambassador’s presentation but it got taken down within a couple of hours.

JonKnowsNothing March 14, 2022 9:14 PM

@ Clive, @ Winter, @Ted, @All

re: Who do you believe or what can you believe?

This is nothing new in situations were there are differing versions of events. It goes back eons to the beginning of “getting people to do what YOU want, even if it is not Good for the person”.

  “working against your own self interest”.

It’s all around us, and not just linked to war. We see in COVID responses, general attitudes towards policies and groups of people, it pervades all aspects of society. Religions are solidly founded on these conditioned responses. Events are re-imaged by different groups.

The USA had a common phrase:

  • My Country Right or Wrong

It is applied to everything, including outrage at kneeling during ceremonies or raising a fist on the victors stand but only if the fist is wearing a black glove.

It’s nearly impossible to move some views, a personal investment of self makes shifting such views nearly impossible. It can be done but only if the person themselves decides to challenge their personal narrative.

Modern documentaries featuring “live interviews” with persons who lived through historical events can demonstrate that even decades later the entrenched view is still active and dominant.

There will likely be a significant group of the USA who will never shift their views of Dec37, no matter what information is provided.

There are Vietnam/Iraq/Afghanistan Vets who will never shift their views that they did the right thing all along. Nothing wrong happened ever.

Australia is struggling with a court case over possible actions by Ben Roberts-Smith who was awarded the Victoria Cross (VC) in 2011, and the Medal for Gallantry (MG) in 2006.

  • Australian special forces soldiers drank beer out of the prosthetic leg of a dead Taliban soldier at an unauthorized bar in Afghanistan
  • Victoria Cross recipient Ben Roberts-Smith was photographed cheering on an American soldier drinking from the prosthetic leg of a suspected Afghan militant whose death is now the subject of a war crimes investigation into the war hero.

It is easy to form opinions, it’s much harder to shift them. Shifting them requires a person to “admit” they had “incorrect views”. To admit you have been deceived by someone in a position of trust.

China is attempting to do this with their “re-education camps”. It doesn’t work. It causes great hardship and enmity. If the view has a formative basis there is little that will shift it.

People will tell you want you want to hear to avoid harsh conditions or punishments but the foundation remains the same. Views submerge and re-emerge later.

History is littered with the bodies of Saints and Sinners, Kings, Queens, Princes and Politicians, Human Rights Advocates and Humanitarians who refused to change their view points.

  • 300 years later… 1 view changed
  • 70 years later … 1 view changed

===

Search Terms

  • shaman’s precious rune drum returned
    On 7 December 1691, a precious rune drum, created to help a noaidi, or shaman, to enter a trance and walk among spirits, was confiscated by the authorities [in Denmark]. The owner, Anders Poulsson – or Poala-Ánde in the name’s Sámi form – was tried for witchcraft the following year.
  • Denmark PM says sorry to Greenland Inuits taken for ‘heartless’ social experiment
    There are only 6 surviving Greenlandic Inuit who were snatched from families as children more than 70 years ago. In 1951, 22 Inuit children between the ages of five and eight were taken from their families and sent to Denmark.

Ted March 14, 2022 9:41 PM

@Clive, Winter, SpaceLifeForm, JohnKnowsNothing, ALL

You can take this with a grain of salt, but it seems believable under the circumstances. Russians are increasingly wary of answering survey questions. Here were supposedly some of their responses:

  • “You know my phone number, won’t be a problem to find my name & you want to know my opinion? Why do you do this?”
  • “Of course I won’t answer. Otherwise someone will come knocking at my door for sure. No thanks, burn in hell.”

https://twitter.com/ilyamatveev_/status/1503150440048992263

I think this is what might be called situational awareness.

SpaceLifeForm March 14, 2022 9:49 PM

@ Clive, Ted, Winter, ALL

re: https://www.schneier.com/blog/archives/2022/03/wheres-the-russia-ukraine-cyberwar.html/#comment-401726

When a father does not believe his daughter with regards to the danger she is in, you have to ask questions about the relationship or the father.

This is totally a valid point. However, you need to think outside the box here.

They were probably using Telegram.

Maybe the father was trying to hint to his daughter: Do not communicate with me. Because his life is in danger. Her life is also in danger, but the point is, he may have have been trying to convey to his daughter, to not communicate.

Ted March 14, 2022 10:03 PM

@SpaceLifeForm, Clive, Winter, ALL

…he may have have been trying to convey to his daughter, to not communicate.

That’s very, very possible. Alex Stamos says Telegram is very popular in Ukraine, but it isn’t secure and suffers from a lack of transparency. Also people have been sharing videos on TikTok. But TikTok can collect sensitive user data including location. Stamos said he wouldn’t rule out that Beijing could share TikTok data with Russia.

SpaceLifeForm March 14, 2022 11:02 PM

@ Ted, Clive, Winter, ALL

re: https://www.schneier.com/blog/archives/2022/03/wheres-the-russia-ukraine-cyberwar.html/#comment-401733

Telegram is popular in Russia too.

hxtps://nitter.net/JKCTech/status/1489712467248926728

Just because Telegram says that they fixed this problem, well, you know that they have the raw data, even if now obfuscated via the API.

https://www.eff.org/deeplinks/2022/03/telegram-harm-reduction-users-russia-and-ukraine

Bottom line: Stick to text, turn off location.

Basic OPSEC.

SpaceLifeForm March 14, 2022 11:41 PM

@ Clive, ALL

Besides Goldman Sachs and Duetsche Bank bailing from Russia, now even Rupert Murdoch is trying to distance himself.

It’s too late for them, but they do not know that yet.

Trying to throw Rudy under the bus, with his slip showing, not nice.

A week ago, this article would never have appeared on ny post.

It’s all about distraction and deflection now.

hx x ps://nypost [.] com/2022/03/14/russian-oligarch-paid-giuliani-associates-1m-to-make-straw-donations-prosecutors/amp/

MarkH March 15, 2022 1:50 AM

Re: Denying your own child in favor of Kremlin TV

I read a newspaper article a few days ago, reporting that this is a frequent experience for Ukrainians.

This is no surprise to me, because when I spent time in Ukraine shortly after the 2014 revolution, I heard stories like this:

Friend calling from Russia: “Oh my God Marina, they’re killing JEWS!!!” [“they” being the Euromaidan protestors, or those they represent]

Marina patiently explained that no, nobody was killing Jews … to no avail.

At that time, I also heard such stories about family members in Russia.

MarkH March 15, 2022 1:52 AM

continued:

The first man I became acquainted with in Russia (almost 18 years ago) now lives in Kyiv, the besieged capitol city. After a few days of war, it seemed more and more strange to him that nobody from Russia had called to ask whether he, his wife, and their children are ok.

When he took the initiative of calling, each of his Russian contacts told him that he was mistaken: there’s no big war, Kyiv is not under attack, etc. etc.

Those responding in this way included his closest friend from his life in Russia, and his mom. In the midst of all the losses and stress of war, he must also bear the confusion and sense of loss of these betrayals.

Winter March 15, 2022 2:20 AM

@SLF
“Trying to throw Rudy under the bus, with his slip showing, not nice.”

Trump er al. are just the latest victims. Putin has cratered most candidates in the coming French presidentialelections. Mariee Le Pen had to destroy over a million campaign leaflets showing her shaking hands with Putin.
ht-tps://www.independent.co.uk/news/world/europe/france-elections-le-pen-putin-b2025791.html

The far right in Europe is panicking.

JonKnowsNothing March 15, 2022 10:06 AM

@ MarkH

Re: Denying your own family in favor of Official Views

Every government has “Official Views” and their citizens are all expected to follow them. Different types of governmental systems have ways to specify what those rules are.

There are written rules and unwritten rules.

Societies toe the lines in accordance to their perception of what the unwritten rules are and what happens if the person breaks an unwritten rule.

examples:

  • Dec37, a close family member recognized a person videoed inside the building, participating in property destruction and reported the name to the FBI. The Patriarch was arrested. The family claimed the reporting person was a “family traitor” and “disloyal to the family”.
  • The Satanic panic of over 12,000 unsubstantiated cases of Satanic ritual abuse in the United States in the 1980s. People questioning the allegations were ostracized and reviled.
  • Denunciation is part of the Unofficial Rules (I already mentioned to expect this some posts back). Denunciation goes both directions on Official Views. One way is “in favor of” and the other is a more dangerous path “against the view”. Being against the view can lead to disappearances. Historically this resulted in the entire family and related blood lines being killed.

Anything that paints a different picture than the Official View can generate push back.

RL anecdote tl;dr

Weather apps and reporting is quite sophisticated. Lots of radar patterns, graphs, wind direction etc.

Sometimes there are reports of large scale weather events like hurricanes and tornadoes.

When I contact friends in such areas and I ask them their status they often answer: Everything is fine here. Sky’s blue. No rain. No Problem.

The reverse is true too. I get contacted about fires and floods and all sorts of weather issues that they see on their local reporting. Everything is fine here. Sky’s blue. No fires. No Problem.

It isn’t that the reports are wrong. It’s often the wrong context.

Winter March 15, 2022 10:32 AM

@JonKnowsNothing
“Societies toe the lines in accordance to their perception of what the unwritten rules are and what happens if the person breaks an unwritten rule.”

What you describe is “Social Control”. That is how communities (society) keeps their members in check. The stronger a community in knitted together, the stronger the control mechanisms. In all, the medieval proverb holds “City Air Makes Free”. Loose social ties make for less social control. They tend to be stronger in rural areas, and stronger still in religious communities.

Note that “Government” is not needed, nor always involved.

Winter March 15, 2022 11:25 AM

Russia’s disinformation machinery breaks down in wake of Ukraine invasion
A few critical errors have cost Russia dearly when it comes to disinformation.
ht-tps://arstechnica.com/tech-policy/2022/03/russias-disinformation-machinery-breaks-down-in-wake-of-ukraine-invasion/

The first is that arrogance is the death of a disinformation campaign. In the past, the Kremlin has spent months or even years testing messaging to make sure it would land with its various audiences, whereas this time they seem to have assumed success based on previous claims about Ukraine; but those earlier campaigns were not launched during a full invasion of the country. Whatever dissenting voices exist in Moscow—and there must have been some that knew disinformation would have its limits in a time like this—were drowned out by the ever-expanding ego of an autocrat buoyed by no one reacting to his crimes for 20 years.

Russia has also broken another disinformation rule in Ukraine: lie to others, but not to yourselves. Stories from the frontlines say it all. Russian soldiers were told they were going into Ukraine on training exercises and did not expect actual resistance. Others were told that they were going to be saving Ukraine from Nazis and would be welcomed with open arms, not Molotov cocktails. Still others were told to be on the lookout for followers of Ukrainian nationalist Stepan Bandera, who died 63 years ago.

MarkH March 15, 2022 2:46 PM

@Winter:

That’s a thoughtful analysis on arstechnica (republished from wired).

I would add that the Kremlin created a new stressor, beyond the capacity of its disinformation and manipulation campaign to withstand.

Until now, the Kremlin’s domestic and international lies have — insofar as the content concerned Russia’s foreign relations, and especially Ukraine — agreed pretty nearly. This was necessary, because communication channels were still open, and enough influential Russians had access to the Lies for Foreign Consumption; a major divergence would have been troublesome.

The need to “keep the stories straight” may have been a factor in the bizarre (and perhaps ultimately self-defeating) tactic of insisting that Russia had no plans to invade while comprehensively (and at great expense) making every detailed preparation to invade: to satisfy the domestic audience, Putin had to pose as a buffoon on the world stage.

MarkH March 15, 2022 2:47 PM

continued:

Now Russians are largely isolated from foreign information sources; the Russian internet is progressively shuttered, and what is available is nearly drowned under the tsunami of Kremlin disinformation.

In Russia, there is no war … only a humanitarian mission into Donbas.

The foreign disinformation operation is effectively cut off, crushed by crimes so offensive that even the most nauseating lickspittles can hardly defend them, and grotesquely absurd justifications (like “denazification”).

SpaceLifeForm March 15, 2022 6:44 PM

@ MarkH, JonNowsNothing, Ted, Clive, Winter, Freezing_in_Brazil, ALL

re: https://www.schneier.com/blog/archives/2022/03/wheres-the-russia-ukraine-cyberwar.html/#comment-401743

Those responding in this way included his closest friend from his life in Russia, and his mom. In the midst of all the losses and stress of war, he must also bear the confusion and sense of loss of these betrayals.

It is not betrayal. It is OPSEC.

When someone you previously communicated with demonstrates lack of OPSEC, you MUST cut them off. You MUST. The other party may inadvertantly be making a mistake, and leaking.

If they are not intelligent enough to understand this basic OPSEC, then you MUST cease communications with them.

They do not need to be compromised. But if they do not understand basic OPSEC, then they will probably leak intel.

Stick to text, no Location. Not perfect by any measure, but reduces the attack surface. Cut off contacts that can not follow this simple rule.

Do not transmit graphics. No Weather apps.

You do not need GPS. You know where you are. You can check your WX forecast via web, or maybe just go outside, look around, and smell the air.

SpaceLifeForm March 15, 2022 7:20 PM

@ Clive

SIP and VOIP is secure (sarcasm)

Probably forward deployment.

hxtps://nitter.net/mcdaidc/status/1503697427550908420#m

Reported discovery today of a #SIMBox being used to relay Voice calls & SMS and other info to Russian forces (including top leadership of Russian army) & other individuals in #Ukraine.

See Viasat.

JonKnowsNothing March 15, 2022 8:51 PM

@ SpaceLifeForm, MarkH, Ted, Clive, Winter, Freezing_in_Brazil, ALL

re: Do not transmit graphics. No Weather apps. You do not need GPS. You know where you are.

A recent MSM Tech reporting on the corporation (as in paid business) that is doing immigrant and refugee, asylum applicant monitoring for ICE ( US Immigration and Custom Enforcement (Ice) via the Department of Homeland Security (DHS).

Some eye watering details about what awaits anyone attempting to apply for entry to the USA.

Summary: iirc(badly)

  • a GPS tracker leg bracelet and a smart phone with a customized tracking app (available in AnAppStore) is mandatory
  • Repeated logins and Proof of Location is mandatory. GPS must be enabled. A selfie photo must be uploaded with Full GeoTag Location Coordinates.
  • Selfie must be accepted by the FACEID program.
  • If the battery dies, or the upload fails they are SOL and subject to arrest and deportation
  • Full access to contact lists, messages
  • Full access to all information entered in the smartphone+app
  • Full access to all telecom, routing, IP and site visits.

Imagine the UKR refugees and RU refugees attempting to enter the USA. They’ve already gotten “The Treatment” from the UK. The US always goes One Better.

===

search terms

  • A US surveillance program tracks nearly 200,000 immigrants
  • BI Inc, a private company running the immigration surveillance program for US Immigration and Custom Enforcement (Ice)

SpaceLifeForm March 15, 2022 10:21 PM

@ Ted, Clive, Winter, ALL

I am not recalling which usual suspect brought this up, but the M-427 DERVISH dots are interesting.

How is that HSM working for you today?

hxtps://www.cryptomuseum.com/crypto/ru/m427/

ResearcherZero March 23, 2022 2:03 PM

Russia has been using phone data captured by its spies operating in the UK to target British former special forces teams in Ukraine.

The Kremlin has compiled a database of mobile phone numbers in a top secret operation – and this information is being used to decide where to launch missile attacks.

The numbers and accompanying personal data were gathered by spies near some of the UK’s most sensitive military sites, including the headquarters of the Special Boat Service (SBS) and Special Air Service (SAS). GRU officers – Russia’s equivalent of MI6 – used the latest scanning technology to detect the smartphones, such as iPhones, which soldiers typically turn on after leaving their bases.

The moment a mobile phone joins a local network – known as ‘the handshake’ – their numbers are revealed to the Russian agents.

former UK intelligence officer Philip Ingram said: “Russia will have intelligence capabilities in Ukraine monitoring the mobile phone networks for foreign registered devices and will compare data with records held centrally.”

“Modern mobile devices are perfect target locating beacons for an enemy, even if you think you have turned off all location trackers. Awareness of this threat among UK military personnel is poor”

“Harvesting of phone data could easily have been done by covert visits by Russian intelligence officers to the vicinity of bases. Gaining access is easy using inexpensive hacking equipment”

The Mail has also obtained an urgent security notice shared among former military personnel with close links to the SBS and SAS. Officially, they no longer belong to these Special Forces units.

The notice said: “If a single phone hits the network in Ukraine that has just once been seen before in the vicinity of Hamworthy, Credenhill (and any number of other establishments), this is instantly visible to Russia.”

“If two or more appear, that is an IMMEDIATE missile target. It does not matter if this is an aid camp, it will not appear that way to Russian forces.’ Hamworthy in Poole, Dorset, is where the SBS is based, while the SAS is at Credenhill, Herefordshire.”

The notice added: “The informality of this deployment means that operational security is out of the window.’ It concludes by urging officers not to use a phone that has been used near a UK military or government establishment.”

“The informality of this deployment means that operational security is out of the window.” It concludes by urging officers not to use a phone that has been used near a UK military or government establishment.
https://www.dailymail.co.uk/news/article-10629125/Russian-spies-tracking-British-former-special-forces-teams-mobile-numbers.html

piglet March 30, 2022 8:34 AM

“Until now, the Kremlin’s domestic and international lies have — insofar as the content concerned Russia’s foreign relations, and especially Ukraine — agreed pretty nearly.”

This reminds me of Russia’s bizarre anti-vaxx propaganda. It has had some success in depressign vaccination rates in the West but its effect on Russia itself has been disastrous. The official domestic position was of course to urge vaccination with the Russian vaccine while warning against Western vaccines. The result was that Russia has one of the lowest Covid vaccination rates in Europe (sadly Ukraine’s is even lower).

Doesn’t look like a succesful information war to me – unless Putin does look at his own population as expendable. The Russian government doesn’t seem to have learned from this debacle.

Winter March 30, 2022 8:50 AM

@piglet
“The official domestic position was of course to urge vaccination with the Russian vaccine while warning against Western vaccines.”

The Russian nickname of Vladimir the Poisoner will not have helped.
ht-tps://www.forumfreerussia.org/en/articles-en/2021-02-03/vladimir-the-poisoner

ResearcherZero April 12, 2022 11:23 PM

“Sandworm attackers made an attempt to deploy the Industroyer2 malware against high-voltage electrical substations in Ukraine.”

In addition to Industroyer2, Sandworm used several destructive malware families including CaddyWiper, ORCSHRED, SOLOSHRED and AWFULSHRED.
At this point, we don’t know how attackers compromised the initial victim nor how they moved from the IT network to the Industrial Control System (ICS) network.

given that the Industroyer malware family was only deployed twice, with a five year gap between each version, this is probably not a limitation for Sandworm operators.
https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/

We first discovered CaddyWiper on 2022-03-14 when it was used against a Ukrainian bank
https://twitter.com/ESETresearch/status/1503436420886712321

Denton Scratch April 13, 2022 8:11 AM

@ATN

Solution may be [Russian population] replace Putin with Alexei Navalny and get Europe to help rebuilding Russia?

Replacing Putin is a fantasy. Especially if the [Russian population] is supposed to do it.

Europe rebuilding Russia is also extremely far-fetched. Russia has been threatening Europe with nuclear weapons for 70 years; I can’t imagine any European politician (outside Germany or Poland) getting re-elected after providing any kind of taxpayer-funded aid to an unstable, nuclear-armed Russia. And to be clear, even if some kind of coup got Navalny out of prison and into power, Russia would still be unstable.

I’m afraid Russia is in deep doo-doo. They can’t back out of Ukraine (political cost), they have to stay and fight – but that will incur attrition and financial cost. Just two months of war has severely depleted their carefully-built war-chest, as well as their armoured forces.

Winter April 13, 2022 10:04 AM

@Denton Scratch
“Replacing Putin is a fantasy. Especially if the [Russian population] is supposed to do it.”

I have always seen Russian intervention in Syria as a warning to the Russian people about what would happen if they ever tried to get rid of him. Ukraine shows that Syria is indeed a realistic scenario for Putin in Russia.

@Denton Scratch
“Europe rebuilding Russia is also extremely far-fetched.”

It isn’t far-fetched. For one thing, the effects of the Marshall aid packet after WWII are deeply entrenched in European political memory.

Also, all Europeans know that if they let Russia fall after they “surrender”, it will not take long before they will be our enemy again. UK after Brexit is a case in point. During the Brexit negotiations, a collapse of the UK economy was a nightmare scenario that had to be prevented at all costs.

Denton Scratch April 13, 2022 10:26 AM

before they will be our enemy again

Steppe nomads and Mongolians have been attacking Europe and the Middle East for 1,500 years. That is entrenched in European cultural memory; the Marshall Plan, maybe not so much. I agree that it would be a mistake to leave Russia to stew; but I can’t see European taxpayers coughing up. Perhaps, if Russia gave up nuclear weapons; but no nouclear power has ever done that.

During the Brexit negotiations, a collapse of the UK economy was a nightmare scenario that had to be prevented at all costs.

You’d think so; but in practice, that doesn’t seem to have been the focus of the UK negotiators. They appear to have been more interested in political hot-buttons, like the European Court of Justice, borders, and fishing rights (fishing makes up a tiny proportion of UK GDP). Most people, including Brexiters, were surprised that an economic catastrophe didn’t happen immediately.

Winter April 13, 2022 10:57 AM

@Denton
“but I can’t see European taxpayers coughing up”

I can. The EU did cough up quite a lot of money to help the former Warsaw Pact countries after 1990.

@Denton
“You’d think so; but in practice, that doesn’t seem to have been the focus of the UK negotiators.”

I think the EU view of the UK negotiators was of a bunch of morons who would sell their mothers for a minor benefit.

The EU side was concerned with the long view: Keeping the UK from collapse while teaching other would-be exiteers the price of leaving.

I think events did show that few if any of the Brexit promises have been honored, while most, if not all, of the predicted disadvantages did materialize.

Clive Robinson April 13, 2022 12:11 PM

@ Denton Scratch,

but no nouclear power has ever done that.

Err not true.

South Africa had not just a nuclear weapons program, but actual nuclear bombs.

The voluntarily gave them up.

The Ukraine likewise had a nuclear weapons program and a lot of nuclear weapons.

They gave them up, in return for the UK and US promises to protect them from Russia.

I think we all can work out where that went wrong for the Ukraine.

The UK and US are realy quite stupid on this, but hey we’ve had a succession of political leaders who could not find their backsides even in the middle of an a55 kicking contest they were badly loosing.

Why are the particularly stupid over this?

Well because other nations can see that the only way to keep an agressor nation at bay is by nuclear wepons and a delivery system. India, Pakistan and North Korea prove that every day…

Iran does not have a delivery system, and as far as we can tell their nuclear program is to replace oil as an energy source. So the US attacks them one way or another every day. So a nuclear program is insufficient.

Thus the moral for any nation state is,

1, Develop a delivery system whilst developing a “civilian space system”.

2, Then develop your nuclear devices.

3, Every time the US or similar get upperty launch a “space system” test across another nations boarders.

North Korea knows full well it can not win a nuclear war with any of the other nuclear states. Does that matter, actually no it realy does not. Because what it does know is it does not have to, as even four or five missiles will do a lot of damage “somewhere”…

So what do the US know? Well four things of interest are,

1, They can not stop NK missiles being launched.
2, They can not shoot down NK missiles that do not go in the direction of any US defence systems.
3, The US do not want to sell missile defence systems to other states.
4, The US&UK now know the world knows their promises of protection from an agressor to another state are compleatly worthless.

So unlike the US the hand NK is playing out is actually that of a rational actor… I suspect quite a few others state leaders realise that as well now.

Which is why any other small nation that can develop a viable delivery system is almost certainly going to start in on a nuclear defence capability it is now very incetivised to do so for it’s own protection.

Winter April 13, 2022 12:27 PM

@Clive
“The UK and US are realy quite stupid on this, but hey we’ve had a succession of political leaders who could not find their backsides even in the middle of an a55 kicking contest they were badly loosing.”

That is no exaggeration. Their stupidity knows no bounds (as Einstein is rumored to have said).

NK and Iran obtained their nuclear bomb technology from Pakistan who learned it from the Dutch through a spy,the venerable late Dr. Khan. The Spy was outed in the Netherlands before he got his hands on the plans. But the CIA made the Dutch cover it up and let Khan leave with the plans and details for reasons rational minds cannot phantom.

So, in the end, the NK and Iranian nuclear bombs are courtesy the CIA.

Note that the CIA have trained and armed most of the USA’s mortal enemies. History books might conclude that the CIA could have been the worst enemy of the USA.

Clive Robinson April 13, 2022 10:20 PM

@ Winter,

History books might conclude that the CIA could have been the worst enemy of the USA.

That’s because history books “take the long term view” whilst politicians and others “take a very short term view”.

I think you might be aware of my thoughts on “short term” thinking/views, whilst I can not lay all of lifes ills at their doorstep… I find it difficult to think of any I can not, show they atleast were a major participent in.

JonKnowsNothing April 13, 2022 11:32 PM

@Clive, @ Winter, @All

re: History Books: The Long View

There are at least 2 views of history: Current Events and Historical Analysis.

Every organized group had some method of gathering “current event data”. It is later that historians rumble over these reports and connect different dots together.

But history is malleable and changeable. Not that the events change, but that views of those events change. When the views change, so does the way the history is reported or recorded or thought about.

Our “Current Events” show how history changes. There are statues in the river, spears returned and Aboriginal Flags raised.

The neocon-neoliberal-libertarian controls last only as long as the doors on the vault or the bow of the boat.

And then: The Front Falls Off…

===

Search Terms

Kirki (tanker)

Clarke & Dawe sketch, “The Front Fell Off”

the video:
ht tps://www.you tube .com/watch?v=3m5qxZm_JqM

(url slightly fractured)

Clive Robinson April 14, 2022 5:32 AM

@ JonKnowsNothing, ALL,

Re : “The Front Fell Off” sketch

Is actually very good.

Especially the very end where he asks for a cab.

A long time ago now getting on for forty years I was in Australia, on oil business. When I arived I caught a pre-ordered taxi to my first hotel, and the driver was quite chatty, especially about the local mangos, how juicy they were, and if you decided to eat them in the bath not to drop the juice on your…

The following day after a long sleep, I was due to be met by a company representative and be driven “up state” only it did not quite happen according to plan.

A message was left at the front desk for me to take a taxi to the commercial district so off I went. Where I met the company rep who was as large as me but managed to fill atleat twice the volume by shear boundless movment if not agitation.

When we shook hands I noticed he had fresh motor oil on them. I asked him if everything was alright, and he said that unfortunatly there had been a change of plans. The company vehicle we were going to go up in was apparently nolonger servicable[1]. By way of idle talk to fill an awkward pause I asked if it was serious.

Apparently he had stopped in the car near the gates of the vehicle pound and was waiting to get in, when a large lorry driven by a “Dozzy B45tard” had reversed out and “swiped the front of the car”. So I asked how bad it was, and he replied that he had looked at it and that there was no way to get it fixed. So I said he was lucky as it sounded serious, he replied that yes it was serious as when he lifted the hood to look “The whole bl@@dy Front Fell Off”… After that little ice breaker we got on quite well.

It was an interesting visit, and has given me more fun stories to dine out on than any other place in the world I’ve been to. I even got to change local culture a little bit, but that as they say is a story for another day.

[1] Which sounded odd, Australian vehicles tend to be made tough, very tough, as there were some strange roads back then and it was not only trees and rocks that were hazards. Some roads were made of corrugated iron sheets just laid down on the ground. I was driven along one at speed, and was told that as you got faster the journy was less bumpy… And yes it is true, you kind of skip along the top with the vehicle shock absorbers acting like the tendons of a kangaroo’s legs storing energy and giving it back to smooth it out. But speed means increased collision energy if you should come up against an unexpected tree, so you make the vehicles tough.

ResearcherZero April 27, 2022 11:33 PM

direct link between cyberattacks and military operations, with the timing between hacking attempts and breaches closely matching that of missile strikes and sieges coordinated by the Russian military

“Russia-aligned nation-state actors launch more than 237 operations against Ukraine – including destructive attacks that are ongoing and threaten civilian welfare. The destructive attacks have also been accompanied by broad espionage and intelligence activities. The attacks have not only degraded the systems of institutions in Ukraine but have also sought to disrupt people’s access to reliable information and critical life services on which civilians depend, and have attempted to shake confidence in the country’s leadership. We have also observed limited espionage attack activity involving other NATO member states, and some disinformation activity.”

https://blogs.microsoft.com/on-the-issues/2022/04/27/hybrid-war-ukraine-russia-cyberattacks/

a detailed timeline of the Russian cyber-operations
https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Vwwd

MSTIC is attributing FoxBlade (HermeticWiper), CaddyWiper/ArugePatch, and Industroyer2 to Sandworm – Unit 74455 of the GRU Main Center for Special Technologies (GTsST)
https://twitter.com/sixdub/status/1519367580913332224

The U.S. is offering up to $10 million to identify or locate six Russian GRU hackers who are part of the notorious Sandworm hacking group.

Yuriy Sergeyevich Andrienko (Юрий Сергеевич Андриенко), Sergey Vladimirovich Detistov (Сергей Владимирович Детистов), Pavel Valeryevich Frolov (Павел Валерьевич Фролов), Anatoliy Sergeyevich Kovalev (Анатолий Сергеевич Ковалев), Artem Valeryevich Ochichenko (Артем Валерьевич Очиченко), and Petr Nikolayevich Pliskin (Петр Николаевич Плискин)
https://www.state.gov/rewards-for-justice-reward-offer-for-information-on-russian-military-intelligence-officers-conducting-malicious-activity-against-u-s-critical-infrastructure/

tips onion link
http://he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion/

Clive Robinson April 28, 2022 3:14 AM

@ ResearcherZero,

So six “Wanted Dead or Alive” rewards issued…

Colour me totally unsurprised, in fact you could say I said it would happen.

Personally I think the rewards are too small and for the wrong people.

Start issuing them for seniors close to and including Putin and his family…

It’s not as though the US has not done so before with Iran, Iraq, Lybia…

In each case it was not US money used, but the target nations own money the US had aquired.

JonKnowsNothing April 28, 2022 10:34 AM

@Clive

re: Wanted DOA = Start issuing them for seniors close to and including Putin and his family

I think this is already the order of the day. Asset forfeiture is in full panoply and bans of all sorts have been issued and enforced. Confiscated goods, material, funds, housing, yachts (1), airplanes and anything not nailed down or out of extended jurisdiction reach (2).

===

1) For anyone who hasn’t had the experience of owning a boat of significant size, the costs of maintenance will make a pauper out of most in quick time. Barnacles just don’t care about which hulls they latch on to nor does water respect the “marine grade paint” used to prevent the entire structure from collapsing from rust.

With funding frozen and not having the ability to pay their crews, maintenance, dock fees, permits or replacing the brass cleats making things untidy, probably a good number of boat-savvy folks are going WHAT?? WHY??

Maybe Boris will option one for his Britannia Yacht.

2) Jurisdiction reach in this case goes as far as they can grab and then some. Historical seizures have netted perpetual assets lasting decades or centuries. The legal views of Asset Seizures depends on which end of the seizure you are looking at. A cop getting a nifty fast and noticeable car for “undercover” work or the person losing their house, property and money to pay some legal pipering. Getting anything back is still not easy.

Search Terms

Recover Nazi-stolen art

Camille Pissarro

Spain

ht tps://www.scotus blog. com/2022/04/family-seeking-to-recover-nazi-stolen-art-notches-small-victory-but-still-might-not-get-the-painting-back/

(url fractured)

Winter April 28, 2022 11:08 AM

@ResearcherZero

The U.S. is offering up to $10 million to identify or locate six Russian GRU hackers who are part of the notorious Sandworm hacking group.

I remember a story that has been told from almost every zoo, where a man jumped into the local zoo (Amsterdam) to taunt a tiger. The zoo did everything they could to stop him, but he always managed to find a way in to taunt, or bully, the tiger in his cage. One day, the tiger ripped off his arm. He sued the zoo, and duly lost.

He was lucky, many who did this did not live to tell it.

Taunting a powerful state, be it the USA, or China, or Russia for that matter, is like these people taunting wild animals. The risk of getting mauled is considerable, and few people will feel any pity for you and even less will help you.

ResearcherZero May 24, 2022 3:25 AM

@Winter

They began when I was 5 years old. Kidnapping, torture, poisoning, then shooting at me, and others. Obviously they never learned that lesson about the tiger.

ResearcherZero May 24, 2022 3:34 AM

“a reconnaissance and espionage campaign from the Turla intrusion set against the Baltic Defense College, the Austrian Economic Chamber which has a role in government decision-making such as economic sanctions and NATO’s eLearning platform JDAL (Joint Advanced Distributed Learning) pointing Russian Intelligence interest for defense sector in Eastern Europe and for topics related to the economic sanctions against the Russian Federation.”
https://blog.sekoia.io/turla-new-phishing-campaign-eastern-europe/

“Turla, a group TAG attributes to Russia FSB, continues to run campaigns against the Baltics, targeting defense and cybersecurity organizations in the region. Similar to recently observed activity, these campaigns were sent via email and contained a unique link per target that led to a DOCX file hosted on attacker controlled infrastructure. When opened, the DOCX file would attempt to download a unique PNG file from the same attacker controlled domain”
https://blog.google/threat-analysis-group/update-on-cyber-activity-in-eastern-europe/

ResearcherZero October 27, 2022 7:12 AM

Propaganda Manual intercepted from Fifth Service of the FSB

Since at least May 2022, Russian influence networks have almost certainly been conducting several multifaceted information operations to undermine and divide the Western coalition supporting Ukraine in its defense against Russia, while shifting attitudes of European populations favorably toward Russia and Russia’s war against Ukraine.

It advises targeting the “European Community” with information about the “deterioration of living standards” in the EU as a result of their support for Ukraine, proposing specific narratives such as “arming Ukraine at the expense of European taxpayers”, “emphasizing economic hardship”, “forecasts about the number of Ukrainian refugees and the created burden on the budget and socio-economic infrastructure”, and more. The analytical note states that the intention of the “massive” information operation is to “provoke internal public pressure on the governments and political elites of Western countries”.
https://go.recordedfuture.com/hubfs/reports/ta-2022-0707.pdf

David Dzidzikashvili November 13, 2022 8:07 AM

The Ukrainian military and political leadership had been able turn the tide around and inflict devastating strategic losses on the Russian military. The capture of Kherson has been the biggest setback for Putin and the Russian Army, this was the greatest strategic loss.
Within weeks and months, the Ukrainians will be able to liberate more of its occupied territories across Donbass and Crimea. At this point it does not looks like Putin will be able to use tactical nuke or even a dirty bomb, since he risks losing the support of China and India. China feels very worries with prolonged Ukraine war and at some point will have start forcing Putin to end this losing game. The mobilized Russians only added more closed caskets and Russia has already lost around 80K troops + more then 100K wounded with some of its best, elite units entirely destroyed by the Ukrainian armed forces ZSU.
The only gameplan Putin now has is civilian terror and attacking the civilian infrastructure to starve them and leave the Ukrainians without electricity or water supply. It feels like Putin is utilizing the usual Russian military playbook he used in Georgia, Chechnya, Crimea and Syria: win the war by spilling more civilian blood, inflict more civilian terror and keep committing more war crimes to further inflict more fear and terror.
At this point the NATO and the US should throw in more weaponry to the conflict especially the 300km-500km range MGM-140 ATACMS rockets, counter rocket C-RAM weapons system to better fight the Iranian drones and more for air defenses to counter the Iranian drones and ballistic missiles.
With such phase this war will most likely end within few months to a year at maximum. The Russian forces will be also forced to leave Moldova, Georgian regions of Abkhazia and Samachablo (so called South Ossetia), Nagorno-Karabakh and Syria. Ukraine will be victorious and the Russians should be very concerned about the fate that awaits for them afterwards. With the Ukrainian victory the world will forever destroy Russia’s imperialistic ambitions, this will save future generations from war and peace will definitely follow.

ResearcherZero November 22, 2022 3:37 AM

Russian intelligence agency seems to have settled into a new set of cyberwarfare tactics: ones that allow for quicker intrusions, often breaching the same target multiple times within just months, and sometimes even maintaining stealthy access to Ukrainian networks while destroying as many as possible of the computers within them.

“Strategically, the GRU needs to balance disruptive events and espionage. They want to continue imposing pain in every single domain, but they are also a military intelligence apparatus and have to keep collecting more real-time intelligence. So they’ve started ‘living on the edge’ of target networks to have this constant ready-made access and enable these fast-paced operations, both for disruption and spying.”
https://www.wired.com/story/russia-ukraine-cyberattacks-mandiant/

ResearcherZero January 5, 2023 1:20 AM

“More and more often cyberattacks are used in order to spread Russian disinformation and serve Russian special services to gather data and vulnerable information. The operation that is carried out using simultaneously both of these methods is the “GhostWriter” campaign. It consists in attacking email addresses and accounts in social media of public figures in the CEE countries, mainly in Poland. The authors of this campaign are trying to seize information resources for the purposes of the Russian disinformation. In recent months this operation has been focused on actions against Poland.”

“Hacker groups linked to the Kremlin use ransomware, dDos and phishing attacks, and the goal of hostile actions coincides with the goals of a hybrid attack: destabilization, intimidation and sowing chaos. False structures are also used for aggressive actions, such as websites impersonating real websites.”
https://www.gov.pl/web/special-services/russian-cyberattacks

ResearcherZero January 6, 2023 1:22 AM

This is Mandiant’s first observation of suspected Turla targeting Ukrainian entities since the onset of the invasion. The campaign’s operational tactics appear consistent with Turla’s considerations for planning and advantageous positioning to achieve initial access into victim systems, as the group has leveraged USBs and conducted extensive victim profiling in the past.

In this case, the extensive profiling achieved since January possibly allowed the group to select specific victim systems and tailor their follow-on exploitation efforts to gather and exfiltrate information of strategic importance to inform Russian priorities.
https://www.mandiant.com/resources/blog/turla-galaxy-opportunity

ResearcherZero January 29, 2023 2:56 AM

https://www.welivesecurity.com/2023/01/27/swiftslicer-new-destructive-wiper-malware-ukraine/

“The CaddyWiper malicious program was launched centrally in order to violate the integrity and availability of information using GPO.”

two versions of the malware – the first to slow attempts to regain control to the industrial control system consoles and second, which was deployed via Group Policy Object indicating that the attackers had prior control of the target’s network

All online broadcasts were interrupted for 15 minutes as a result of this but the SSSCIP team was able to promptly restore connections after which the media center continued its scheduled operations.
https://www.bankinfosecurity.com/ukraine-links-media-center-attack-to-russian-intelligence-a-21043

Clive Robinson January 29, 2023 8:54 AM

@ ResercherZero, ALL,

Re : Wipers and Encryptors etc.

These are all “new code” sent by “adversaries” to the target computers “to be executed”.

Whilst adversaries are a result of the human condition thus a sociological rather than technical issie. Two things that are technically resolvable should be immediately clear,

1, The attackers have an access path.
2, The computer lacks sufficient authentication (AuthN) and authorisation(AuthZ).

The first is the fault of the computer systems operator, the second is in the case of adversaries most often the fault of the supplier of the OS and other code which gets privilege.

The first can be solved with regards external attackers by technology going back to the 1960’s if not earlier and we call it “gapping” or more correctly “segregation” or “issolation” “by design”. I’ve discussed this and the soultions ad nauseam on this blog in the past along with why “convenience and mantra” etc always trump sensible practice.

The second is an “attitude problem” especialy by code developers and their seniors that make the bulk of the consumer / commerial focused “Software Industry”. It manifests in several ways but at root is a variation of the “kitchen sink” problem.

The idea being the more things their software can do the greater it’s market coverage, thus sales figures and profit. All via a very very skewed view on ROI which gave rise to the philosophy gone mad of “code reuse”. [Consider sales has linear returns, dealing with complexity thus cost of actuall testing is a power function of code size rising above N^2, thus optimally small low complexity code is actually better from the security asspect which gives rise to that reusing of “tested code”. However as we all know testing is mostly perfunctory[1] thus insufficient even at the best of times.]

Thus consumer and commercial use code becomes an “all things to all men” “everything including the Kitchen sink” solution. Unfortunatly a side effect of this is that it demands over privilege to function, is bloated at best, and usually so full of poorly tested code it’s actually “broken by design”. This is because it is also so over complex trying to be “everything to everybody”, nobody can hold all the execution path details in their head, nor can they even see many that exist unintentionaly from the complexity.

Again back in the 1960’s the solution to these problems were known…

So why more than half a century of this,

Or in computing terms after 35 to 45 generations, “Why are we still making the same mistakes?”

Or three or four human generations, “Why are we still trapped in failed methodology?”

And perhaps most painfully obvious “Why are we not learning?”

To say “We are human and we err” is an understatment of monumental proportions.

But there is another point to consider with consumer / commercial software, that people don’t like to talk about. Various studies carried out into worker efficiency and productivity, do not get published, because of their mainly negative results. Put simply in work practices that have not realy fundementally changed since the 1960’s or earlier, our “usefull productivity” peaked in the 1970’s when computers first started appearing in the work place. By the end of the 1970’s Personal Computers had made a significant impact and “real productivity” was very obviously in decline.

In essence the computer, be it big iron in the data center or Personal Computer on the desk, were coincident in a continuous decrease in worker productivity. Yet people are working harder and harder with computers… How do we account for this difference?

Well the answer nobody realy wants to talk about is what has become known as “Make Work” generating reports and meta-information the purpose of which is at best dubious, and it’s value effectively worthless.

Oh and the generation, transportation and storage of such information is a security nightmare at best. Because to try and make those processess efficient means making security weaker and weaker, and the attackers opportunities that much the greater. Especially to the developers and deployers of infomation warfare weapons of “Wipers and Encryptors”.

Hopefully what is arguably this first “Cyber Augmented Warfare”(CAW) at the east of Europe, and the C19 “lockdown” preceding it giving a rise to “distance working” and all the Infomation Security issues they both have brought, will start people thinking more. Not just about “information security” but the actual “make work” value/utility which is the major product of computing in the work place. Both in terms of risk (high) and reward (low).

Our host @Bruce has alluded to this issue in the past in various ways, but the “subtle approach” does not appear to have “got through” or as I suspect it has been quite deliberately ignored.

The primary reason for this make work appears to be to find data that looks like a justification for “a decision already made”. That is to hide the true often descriminatory prejudiced, or personal benifit reasons for the decision. All to often what appears as good justification is at best a very short term view based on a low between adverse events. That is probability in the short term is a very poor if dangerous indicator for the long term, especially when “actors with agency” are involved.

[1] Perfunctory from French “par fonction” means “to function” in a degenerate way. Thus “if the wheel turns” not how well it turns thus does or does not cause other damage in the process. This is a very major problem in testing of anything that is above minimall almost rudimentary complexity. Further as we know there are people who have a mindset such that they will drive with a squeaky wheel or flat tire for various reasons that boil down to what they peceive is “short term” “convenience”.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.