MCViewPoint

Opinion from a Libertarian ViewPoint

Posts Tagged ‘FireEye’

Another Mega Group Spy Scandal? Samanage, Sabotage, and the SolarWinds Hack

Posted by M. C. on January 23, 2021

FireEye’s account can be taken with a grain of salt, however, as the CIA is one of FireEye’s clients, and FireEye was launched with funding from the CIA’s venture capital arm In-Q-tel. It is also worth being skeptical of the “free tool” FireEye has made available in the hack’s aftermath for “spotting and keeping suspected Russians out of systems.” 

Microsoft, like some of Samanage’s main backers, is part of the World Economic Forum and is an enthusiastic supporter of and participant in the Great Reset agenda, so much so that Microsoft CEO Satya Nadella wrote the foreword to Klaus Schwab’s book “Shaping the Fourth Industrial Revolution.” With the WEF simulating a cyber “pandemic” and both the WEF and Israel’s head of Israel’s National Cyber Directorate warning of an imminent “cyber winter”, SolarWinds does indeed appear to be just the beginning, though perhaps a scripted one to create the foundation for something much more severe. A cyberattack on Microsoft products globally would certainly upend most of the global economy and likely have economic effects more severe than the COVID-19 crisis, just as the WEF has been warning. Yet, if such a hack does occur, it will inevitably serve the aims of the Great Reset to “reset” and then rebuild electronic infrastructure. 

https://www.thelastamericanvagabond.com/another-mega-group-spy-scandal-samanage-sabotage-and-the-solarwinds-hack/

Whitney Webb

The devastating hack on SolarWinds was quickly pinned on Russia by US intelligence. A more likely culprit, Samanage, a company whose software was integrated into SolarWinds’ software just as the “back door” was inserted, is deeply tied to Israeli intelligence and intelligence-linked families such as the Maxwells.

In mid-December of 2020, a massive hack compromised the networks of numerous US federal agencies, major corporations, the top five accounting firms in the country, and the military, among others. Despite most US media attention now focusing on election-related chaos, the fallout from the hack continues to make headlines day after day.

The hack, which affected Texas-based software provider SolarWinds, was blamed on Russia on January 5 by the US government’s Cyber Unified Coordination Group. Their statement asserted that the attackers were “likely Russian in origin,” but they failed to provide evidence to back up that claim.

Since then, numerous developments in the official investigation have been reported, but no actual evidence pointing to Russia has yet to be released. Rather, mainstream media outlets began reporting the intelligence community’s “likely” conclusion as fact right away, with the New York Times subsequently reporting that US investigators were examining a product used by SolarWinds that was sold by a Czech Republic–based company, as the possible entry point for the “Russian hackers.” Interest in that company, however, comes from the fact that the attackers most likely had access to the systems of a contractor or subsidiary of SolarWinds. This, combined with the evidence-free report from US intelligence on “likely” Russian involvement, is said to be the reason investigators are focusing on the Czech company, though any of SolarWinds’ contractors/subsidiaries could have been the entry point.

Such narratives clearly echo those that became prominent in the wake of the 2016 election, when now-debunked claims were made that Russian hackers were responsible for leaked emails published by WikiLeaks. Parallels are obvious when one considers that SolarWinds quickly brought on the discredited firm CrowdStrike to aid them in securing their networks and investigating the hack. CrowdStrike had also been brought on by the DNC after the 2016 WikiLeaks publication, and subsequently it was central in developing the false declarations regarding the involvement of “Russian hackers” in that event.

There are also other parallels. As Russiagate played out, it became apparent that there was collusion between the Trump campaign and a foreign power, but the nation was Israel, not Russia. Indeed, many of the reports that came out of Russiagate revealed collusion with Israel, yet those instances received little coverage and generated little media outrage. This has led some to suggest that Russiagate may have been a cover for what was in fact Israelgate.

Similarly, in the case of the SolarWinds hack, there is the odd case and timing of SolarWinds’ acquisition of a company called Samanage in 2019. As this report will explore, Samanage’s deep ties to Israeli intelligence, venture-capital firms connected to both intelligence and Isabel Maxwell, as well as Samange’s integration with the Orion software at the time of the back door’s insertion warrant investigation every bit as much as SolarWinds’ Czech-based contractor. 

Orion’s Fall

In the month since the hack, evidence has emerged detailing the extent of the damage, with the Justice Department quietly announcing, the same day as the Capitol riots (January 6), that their email system had been breached in the hack—a “major incident” according to the department. This terminology means that the attack “is likely to result in demonstrable harm to the national security interests, foreign relations, or the economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people,” per NextGov.

The Justice Department was the fourth US government agency to publicly acknowledge a breach in connection to the hack, with the others being the Departments of Commerce and Energy and the Treasury. Yet, while only four agencies have publicly acknowledged fallout from the hack, SolarWinds software is also used by the Department of Defense, the State Department, NASA, the NSA, and the Executive Office. Given that the Cyber Unified Coordination Group stated that “fewer than ten” US government agencies had been affected, it’s likely that some of these agencies were compromised, and some press reports have asserted that the State Department and Pentagon were affected.

In addition to government agencies, SolarWinds Orion software was in use by the top ten US telecommunications corporations, the top five US accounting firms, the New York Power Authority, and numerous US government contractors such as Booz Allen Hamilton, General Dynamics, and the Federal Reserve. Other notable SolarWinds clients include the Bill & Melinda Gates Foundation, Microsoft, Credit Suisse, and several mainstream news outlets including the Economist and the New York Times

Based on what is officially known so far, the hackers appeared to have been highly sophisticated, with FireEye, the cybersecurity company that first discovered the implanted code used to conduct the hack, stating that the hackers “routinely removed their tools, including the backdoors, once legitimate remote access was achieved—implying a high degree of technical sophistication and attention to operational security.” In addition, top security experts have noted that the hack was “very very carefully orchestrated,” leading to a consensus that the hack was state sponsored.

FireEye stated that they first identified the compromise of SolarWinds after the version of the Orion software they were using contained a back door that was used to gain access to its “red team” suite of hacking tools. Not long after the disclosure of the SolarWinds hack, on December 31, the hackers were able to partially access Microsoft’s source code, raising concerns that the act was preparation for future and equally devastating attacks. 

FireEye’s account can be taken with a grain of salt, however, as the CIA is one of FireEye’s clients, and FireEye was launched with funding from the CIA’s venture capital arm In-Q-tel. It is also worth being skeptical of the “free tool” FireEye has made available in the hack’s aftermath for “spotting and keeping suspected Russians out of systems.” 

In addition, Microsoft, another key source in the SolarWinds story, is a military contractor with close ties to Israel’s intelligence apparatus, especially Unit 8200, and their reports of events also deserve scrutiny. Notably, it was Unit 8200 alumnus and executive at Israeli cybersecurity firm Cycode, Ronen Slavin, who told Reuters in a widely quoted article that he “was worried by the possibility that the SolarWinds hackers were poring over Microsoft’s source code as prelude to a much more ambitious offensive.” “To me the biggest question is, ‘Was this recon for the next big operation?’” Slavin stated.

Also odd about the actors involved in the response to the hack is the decision to bring on not only the discredited firm CrowdStrike but also the new consultancy firm of Chris Krebs and Alex Stamos, former chief information security officer of Facebook and Yahoo, to investigate the hack. Chris Krebs is the former head of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and was previously a top Microsoft executive. Krebs was fired by Donald Trump after repeatedly and publicly challenging Trump on the issue of election fraud in the 2020 election. 

As head of CISA, Krebs gave access to networks of critical infrastructure throughout the US, with a focus on the health-care industry, to the CTI League, a suspicious outfit of anonymous volunteers working “for free” and led by a former Unit 8200 officer. “We have brought in the expertise of Chris Krebs and Alex Stamos to assist in this review and provide best-in-class guidance on our journey to evolve into an industry leading secure software development company,” a SolarWinds spokesperson said in an email cited by Reuters.

It is also worth noting that the SolarWinds hack did benefit a few actors aside from the attackers themselves. For instance, Israeli cybersecurity firms CheckPoint and CyberArk, which have close ties to Israeli intelligence Unit 8200, have seen their stocks soar in the weeks since the SolarWinds compromise was announced. Notably, in 2017, CyberArk was the company that “discovered” one of the main tactics used in an attack, a form of SAML token manipulation called GoldenSAML. CyberArk does not specify how they discovered this method of attack and, at the time they announced the tactic’s existence, released a free tool to identify systems vulnerable to GoldenSAML manipulation. 

In addition, the other main mode of attack, a back door program nicknamed Sunburst, was found by Kaspersky researchers to be similar to a piece of malware called Kazuar that was also first discovered by another Unit 8200-linked company, Palo Alto Networks, also in 2017. The similarities only suggest that those who developed the Sunburst backdoor may have been inspired by Kazuar and “they may have common members between them or a shared software developer building their malware.” Kaspersky stressed that Sunburst and Kazuar are not likely to be one and the same. It is worth noting, as an aside, that Unit 8200 is known to have previously hacked Kaspersky and attempted to insert a back door into their products, per Kaspersky employees.

Crowdstrike claimed that this finding confirmed “the attribution at least to Russian intelligence,” only because an allegedly Russian hacking group is believed to have used Kazuar before. No technical evidence linking Russia to the SolarWinds hacking has yet been presented.

Samanage and Sabotage

The implanted code used to execute the hack was directly injected into the source code of SolarWinds Orion. Then, the modified and bugged version of the software was “compiled, signed and delivered through the existing software patch release management system,” per reports. This has led US investigators and observers to conclude that the perpetrators had direct access to SolarWinds code as they had “a high degree of familiarity with the software.” While the way the attackers gained access to Orion’s code base has yet to be determined, one possibility being pursued by investigators is that the attackers were working with employee(s) of a SolarWinds contractor or subsidiary. 

US investigators have been focusing on offices of SolarWinds that are based abroad, suggesting that—in addition to the above—the attackers were likely working for SolarWinds or were given access by someone working for the company. That investigation has focused on offices in eastern Europe, allegedly because “Russian intelligence operatives are deeply rooted” in those countries.

It is worth pointing out, however, that Israeli intelligence is similarly “deeply rooted” in eastern European states both before and after the fall of the Soviet Union, ties well illustrated by Israeli superspy and media tycoon Robert Maxwell’s frequent and close associations with Eastern European and Russian intelligence agencies as well as the leaders of many of those countries. Israeli intelligence operatives like Maxwell also had cozy ties with Russian organized crime. For instance, Maxwell enabled the access of the Russian organized crime network headed by Semion Mogilevich into the US financial system and was also Mogilevich’s business partner. In addition, the cross-pollination between Israeli and Russian organized crime networks (networks which also share ties to their respective intelligence agencies) and such links should be considered if the cybercriminals due prove to be Russian in origin, as US intelligence has claimed.

Though some contractors and subsidiaries of SolarWinds are now being investigated, one that has yet to be investigated, but should be, is Samanage. Samanage, acquired by SolarWinds in 2019, not only gained automatic access to Orion just as the malicious code was first inserted, but it has deep ties to Israeli intelligence and a web of venture-capital firms associated with numerous Israeli espionage scandals that have targeted the US government. Israel is deemed by the NSA to be one of the top spy threats facing US government agencies and Israel’s list of espionage scandals in the US is arguably the longest, and includes the Jonathan Pollard and PROMIS software scandals of the 1980s to the Larry Franklin/AIPAC espionage scandal in 2009. 

Though much reporting has since been done on the recent compromise of SolarWinds Orion software, little attention has been paid to Samanage. Samanage offers what it describes as “an IT Service Desk solution.” It was acquired by SolarWinds so Samanage’s products could be added to SolarWinds’ IT Operations Management portfolio. Though US reporting and SolarWinds press releases state that Samanage is based in Cary, North Carolina, implying that it is an American company, Samanage is actually an Israeli firm. It was founded in 2007 by Doron Gordon, who previously worked for several years at MAMRAM, the Israeli military’s central computing unit.

Samanage was SolarWinds’ first acquisition of an Israeli company, and, at the time, Israeli media reported that SolarWinds was expected to set up its first development center in Israel. It appears, however, that SolarWinds, rather than setting up a new center, merely began using Samanage’s research and development center located in Netanya, Israel.

Several months after the acquisition was announced, in November 2019, Samanage, renamed SolarWinds Service Desk, became listed as a standard feature of SolarWinds Orion software, whereas the integration of Samanage and Orion had previously been optional since the acquisition’s announcement in April of that year. This means that complete integration was likely made standard in either October or November. It has since been reported that the perpetrators of the recent hack gained access to the networks of US federal agencies and major corporations at around the same time. Samanage’s automatic integration into Orion was a major modification made to the now-compromised software during that period. 

Samanage appears to have had access to Orion following the announcement of the acquisition in April 2019. Integration first began with Orion version 2019.4, the earliest version believed to contain the malicious code that enabled the hack. In addition, the integrated Samanage component of Orion was responsible for “ensuring the appropriate teams are quickly notified when critical events or performance issues [with Orion] are detected,” which was meant to allow “service agents to react faster and resolve issues before . . . employees are impacted.” 

In other words, the Samanage component that was integrated into Orion at the same time the compromise took place was also responsible for Orion’s alert system for critical events or performance issues. The code that was inserted into Orion by hackers in late 2019 nevertheless went undetected by this Samanage-made component for over a year, giving the “hackers” access to millions of devices critical to both US government and corporate networks. Furthermore, it is this Samanage-produced component of the affected Orion software that advises end users to exempt the software from antivirus scans and group policy object (GPO) restrictions by providing a warning that Orion may not work properly unless those exemptions are granted.

Samanage, Salesforce, and the World Economic Forum

Around the time of Samange’s acquisition by SolarWinds, it was reported that one of Samanage’s top backers was the company Salesforce, with Salesforce being both a major investor in Samanage as well as a partner of the company.

Salesforce is run by Marc Benioff, a billionaire who got his start at the tech giant Oracle. Oracle was originally created as a CIA spin-off and has deep ties to Israel’s government and the outgoing Trump administration. Salesforce also has a large presence in Israel, with much of its global research and development based there. Salesforce also recently partnered with the Unit 8200-linked Israeli firm Diagnostic Robotics to “predictively” diagnose COVID-19 cases using Artificial Intelligence.

Aside from leading Salesforce, Benioff is a member of the Vatican’s Council for Inclusive Capitalism alongside Lynn Forester de Rothschild, a close associate of Jeffrey Epstein and the Clintons, and members of the Lauder family, who have deep ties to the Mega Group and Israeli politics. 

Benioff is also a prominent member of the board of trustees of the World Economic Forum and the inaugural chair of the WEF’s Centre for the Fourth Industrial Revolution (C4IR), making him one of the most critical players in the unfolding of the WEF-backed Great Reset. Other WEF leaders, including the organization’s founder Klaus Schwab, have openly discussed how massive cyberattacks such as befell SolarWinds will soon result in “even more significant economic and social implications than COVID-19.”

Last year, the WEF’s Centre for Cybersecurity, of which Salesforce is part, simulated a “digital pandemic” cyberattack in an exercise entitled Cyber Polygon. Cyber Polygon’s speakers in 2020 included former UK Prime Minister Tony Blair, the Prime Minister of Russia Mikhail Mishustin, WEF founder Klaus Schwab, and IBM executive Wendi Whitmore, who previously held top posts at both Crowdstrike and a FireEye subsidiary. Notably, just months before the COVID-19 crisis, the WEF had held Event 201, which simulated a global coronavirus pandemic that crippled the world’s economy.

In addition to Samanage’s ties to WEF big shots such as Marc Benioff, the other main investors behind Samanage’s rise have ties to major Israeli espionage scandals, including the Jonathan Pollard affair and the PROMIS software scandal. There are also ties to one of the WEF’s founding “technology pioneers,” Isabel Maxwell (the daughter of Robert Maxwell and sister of Ghislaine), who has long-standing ties to Israel’s intelligence apparatus and the country’s hi-tech sector.

The Bronfmans, the Maxwells, and Viola Ventures

See the rest here

Whitney Webb Whitney Webb is a staff writer for The Last American Vagabond. She has previously written for Mintpress News, Ben Swann’s Truth In Media. Her work has appeared on Global Research, the Ron Paul Institute and 21st Century Wire, among others. She currently lives with her family in southern Chile.

Be seeing you

Posted in Uncategorized | Tagged: , , , , , , , , , | Leave a Comment »

Secret, Invisible Evidence Of Russian Hacking Is Not Actually Evidence – Caitlin Johnstone

Posted by M. C. on December 21, 2020

Blaming Russia is safer than blaming say…the CIA or Middle Eastern “friends”.

As Moon of Alabama explains, the only technical analysis we’ve seen of the alleged hack (courtesy of cybersecurity firm FireEye) makes no claim that Russia was responsible for it,

Government contractor FireEye, they can’t even protect themselves. Remember that next time you file taxes.

https://caitlinjohnstone.com/2020/12/18/secret-invisible-evidence-of-russian-hacking-is-not-actually-evidence/

author: Caitlin Johnstone

The Communist Party of China has been covertly sending arms to extremist Antifa militants in the United States in preparation for the civil war which is expected to take place after Joe Biden declares himself President for Life and institutes a Marxist dictatorship. The weapons shipments include rocket launchers, directed energy weapons, nunchucks and ninja throwing stars.

Unfortunately I cannot provide evidence for this shocking revelation as doing so would compromise my sources and methods, but trust me it’s definitely true and must be acted upon immediately. I recommend President Trump declare martial law without a moment’s hesitation and begin planning a military response to these Chinese aggressions.

How does this make you feel? Was your first impulse to begin scanning for evidence of the incendiary claim I made in my opening paragraph?

It would be perfectly reasonable if it was. I am after all some random person on the internet whom you have probably never met, and you’ve no reason to accept any bold claim I might make on blind faith. It would make sense for you to want to see some verification of my claim, and then dismiss my claim as baseless hogwash when I failed to provide that verification.

If you’re a more regular reader, it would have also been reasonable for you to guess that I was doing a bit. But imagine if I wasn’t? Imagine if I really was claiming that the Chinese government is arming Antifa ninja warriors to kill patriotic Americans in the coming Biden Wars. How crazy would you have to be to believe what I was saying without my providing hard, verifiable evidence for my claims?

Now imagine further that this is something I’ve made false claims about many times in the past. If every few years I make a new claim about some naughty government arming Antifa super soldiers in a great communist uprising, which turns out later to have been bogus.

Well you’d dismiss me as a crackpot, wouldn’t you? I wouldn’t blame you. That would be the only reasonable response to such a ridiculous spectacle.

And yet if I were an employee of a US government agency making unproven incendiary claims about a government that isn’t aligned with the US-centralized power alliance, the entire political/media class would be parroting what I said as though it’s an established fact. Even though US government agencies have an extensive and well-documented history of lying about such things.

Trump’s former homeland security adviser: “The magnitude of this ongoing attack is hard to overstate…The Russians have had access to a number of important networks for 6 to 9 months…The access they now enjoy could be used for far more than spying.” https://t.co/ACCPVvCNZ7

— Kaitlan Collins (@kaitlancollins) December 17, 2020

Today we’re all expected to be freaking out about Russia again because Russia hacked the United States again right before a new president took office again, so now it’s very important that we support new cold war escalations from both the outgoing president and the incoming president again. We’re not allowed to see the evidence that this actually happened again, but it’s of utmost importance that we trust and support new aggressions against Russia anyway. Again.

The New York Times has a viral op-ed going around titled “I Was the Homeland Security Adviser to Trump. We’re Being Hacked.” The article’s author Thomas P Bossert warns ominously that “the networks of the federal government and much of corporate America are compromised by a foreign nation” perpetrated by “the Russian intelligence agency known as the S.V.R., whose tradecraft is among the most advanced in the world.”

Rather than using its supreme tradecraft to interfere in the November election ensuring the victory of the president we’ve been told for years is a Russian asset by outlets like The New York Times, Bossert informs us that the SVR instead opted to hack a private American IT company called SolarWinds whose software is widely used by the US government.

“Unsuspecting customers then downloaded a corrupted version of the software, which included a hidden back door that gave hackers access to the victim’s network,” Bossert explains, saying that “The magnitude of this ongoing attack is hard to overstate.” Its magnitude is so great that Bossert says Trump must “severely punish the Russians” for perpetrating it, and cooperate with the incoming Biden team in helping to ensure that that punishment continues seamlessly between administrations.

New on MoA:
Media Blame Russia For Cyber Intrusions Without Providing Evidencehttps://t.co/LBKNDiOywm pic.twitter.com/mhvmtIqGb9

— Moon of Alabama (@MoonofA) December 16, 2020

The problem is that, as usual, we’ve been given exactly zero evidence for any of this. As Moon of Alabama explains, the only technical analysis we’ve seen of the alleged hack (courtesy of cybersecurity firm FireEye) makes no claim that Russia was responsible for it, yet the mass media are flagrantly asserting as objective, verified fact that Russia is behind this far-reaching intrusion into US government networks, citing only anonymous sources if they cite anything at all.

And of course where the media class goes so too does the barely-separate political class. Democratic Senator Dick Durbin told CNN in a recent interview that this invisible, completely unproven cyberattack constitutes “virtually a declaration of war by Russia on the United States.” Which is always soothing language to hear as the Russian government announces the development of new hypersonic missiles as part of a new nuclear arms race it attributes to US cold war escalations.

Journalist Glenn Greenwald is one of the few high-profile voices who’ve had the temerity to stick his head above the parapet and point out the fact that we have seen exactly zero evidence for these incendiary claims, for which he is of course currently being raked over the coals on Twitter.

“I know it doesn’t matter. I know it’s wrong to ask the question. I know asking the question raises grave doubts about one’s loyalties and patriotism,” Greenwald sarcastically tweeted. “But has there been any evidence publicly presented, let alone dispositive proof, that Russia is responsible for this hack?”

Perhaps they have information sources they can’t describe without compromising sources and methods?

— Timothy B. Lee (@binarybits) December 17, 2020

“Perhaps they have information sources they can’t describe without compromising sources and methods?” chimed in Ars Technica‘s Timothy B Lee in response to Greenwald’s query, a textbook reply from establishment narrative managers whenever anyone questions where the evidence is for any of these invisible attacks on US sovereignty.

“Of course they can’t show us the evidence!” proponents of establishment Russia hysteria always say. “They’d compromise their sources and methods if they did!”

US spook agencies always say this about evidence for US spook agency claims about governments long targeted for destruction by US spook agencies. We can’t share the evidence with you because the evidence is classified. It’s secret evidence. The evidence is invisible.

Which always works out very nicely for the US spook agencies, I must say.

Hmm… America Keeps Getting Attacked By Nations It Hates In Ways Only The CIA Can See

I’d like to tell you a folktale. It’s called “The Emperor’s New 9/11”.https://t.co/uduUCajFUx

— Caitlin Johnstone ⏳ (@caitoz) October 24, 2020

Secret, invisible evidence is not evidence. If the public cannot see the evidence behind the claims being made by the powerful, then those claims are unproven. It would never be acceptable for anyone in power to say “This important thing with potentially world-altering consequences definitely happened, but you’ll just have to trust us because the evidence is secret.” In a post-Iraq invasion world it is orders of magnitude more unacceptable, and should therefore be dismissed until hard, verifiable evidence is provided.

Isn’t it interesting how all the Pearl Harbors and 9/11s of our day are completely invisible to the public? We can’t see cyber-intrusions for ourselves like we could see fallen buildings and smoking naval bases; they’re entirely hidden from our view. Not only are they entirely hidden from our view, the evidence that they happened is kept secret from us as well. And the mass media just treat this as normal and fine. Government agencies with an extensive history of lying are allowed to make completely unsubstantiated and unverifiable claims about governments long targeted by those same government agencies, and the institutions responsible for informing the public about what’s going on in the world simply repeat it as fact.

Sure it’s possible that Russia hacked the US. It’s possible that the US government has been in contact with extraterrestrials, too. It’s possible that the Chinese government is covertly arming Antifa samurai in preparation for a civil war. But we do not imbue these things with the power of belief until we are provided with an amount of evidence that rises to the level required in a post-Iraq invasion world.

These people have not earned our trust, they have earned our pointed and aggressive skepticism. We must act accordingly.

_____________________________________

Image via Pixabay

Thanks for reading! The best way to get around the internet censors and make sure you see the stuff I publish is to subscribe to the mailing list for at my website or on Substack, which will get you an email notification for everything I publish. My work is entirely reader-supported, so if you enjoyed this piece please consider sharing it around, liking me on Facebook, following my antics on Twitter, throwing some money into my tip jar on Patreon or Paypal, purchasing some of my sweet merchandise, buying my new book Poems For Rebels or my old bookWoke: A Field Guide for Utopia Preppers. For more info on who I am, where I stand, and what I’m trying to do with this platform, click here. Everyone, racist platforms excluded, has my permission to republish, use or translate any part of this work (or anything else I’ve written) in any way they like free of charge.

Be seeing you

Posted in Uncategorized | Tagged: , , , , | Leave a Comment »

Erie Times E-Edition Article-US government agencies hacked

Posted by M. C. on December 14, 2020

It is pretty bad when the “cyber security” firm the government decides to use is itself hacked.

Where is the FIB, CIA and government accountability office in all of this? The blame is going to Russia without presenting proof as usual.

I suspect the reason Ruskys are blamed is the real culprit is too embarrassing to admit. A certain small Middle Eastern “friend” perhaps?

https://erietimes-pa-app.newsmemory.com/?publink=0ba3cc297

WASHINGTON — Hackers broke into the networks of federal agencies including the Treasury and Commerce departments in attacks revealed just days after U.S. officials warned that cyber actors linked to the Russian government were exploiting vulnerabilities to target sensitive data.

The FBI and the Department of Homeland Security’s cybersecurity arm are investigating what experts and former officials said appeared to be a largescale penetration of U.S. government agencies.

“This can turn into one of the most impactful espionage campaigns on record,” said cybersecurity expert Dmitri Alperovitch.

The hacks were revealed just days after a major cybersecurity firm disclosed that foreign government hackers had broken into its network and stolen the company’s own hacking tools. Many experts suspect Russia is responsible for the attack against FireEye, a major cybersecurity player whose customers include federal, state and local governments and top global corporations.

The apparent conduit for the Treasury and Commerce Department hacks — and the FireEye compromise — is a hugely popular piece of server software called SolarWinds. It is used by hundreds of thousands of organizations globally, including most Fortune 500 companies and multiple U.S. government agencies who will now be scrambling to patch up their networks, said Alperovitch, the former chief technical officer of the cybersecurity firm CrowdStrike.

The attacks were disclosed less than a week after a National Security Agency advisory warned that Russian government hackers were exploiting vulnerabilities in a system used by the federal government, “allowing the actors access to protected data.”

The U.S. government did not publicly identify Russia as the culprit behind the hacks, first reported by Reuters, and said little about who might be responsible.

National Security Council spokesperson John Ullyot said in a statement that the government was “taking all necessary steps to identify and remedy any possible issues related to this situation.”

The government’s Cybersecurity and Infrastructure Security Agency said separately that it has been working with other agencies “regarding recently discovered activity on government networks. CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises.”

President Donald Trump last month fired the director of CISA, Chris Krebs, after Krebs vouched for the integrity of the presidential election and disputed Trump’s claims of widespread electoral fraud.

In a tweet Sunday, Krebs said “hacks of this type take exceptional tradecraft and time” and raised the possibility that it had been underway for months.

“This thing is still early, I suspect,” Krebs wrote.

Federal government agencies have long been attractive targets for foreign hackers.

Hackers linked to Russia were able to break into the State Department’s email system in 2014, infecting it so thoroughly that it had to be cut off from the internet while experts worked to eliminate the infestation.

Reuters earlier reported that a group backed by a foreign government stole information from Treasury and a Commerce Department agency responsible for deciding internet and telecommunications policy.

The Treasury Department deferred comment to the National Security Council. A Commerce Department spokesperson confirmed a “breach in one of our bureaus” and said “we have asked CISA and the FBI to investigate.” The FBI had no immediate comment.

The Washington Post reported Sunday, citing three unnamed sources, that the two federal agencies and FireEye were all breached through the SolarWinds network management system.

Austin, Texas-based SolarWinds confirmed Sunday in an email to The Associated Press that it has a “potential vulnerability” related to updates released earlier this year to its Orion products, which help organizations monitor their online networks for problems or outages.

“We believe that this vulnerability is the result of a highly-sophisticated, targeted and manual supply chain attack by a nation state,” said SolarWinds CEO Kevin Thompson in a statement.

The comprise is critical because SolarWinds would give a hacker “God-mode” access to the network, making everything visible, said Alperovitch.

Last Tuesday, FireEye said that foreign government hackers with “world-class capabilities” broke into its network and stole offensive tools it uses to probe the defenses of its thousands of customers. Those customers include federal, state and local governments and top global corporations.

The hackers “primarily sought information related to certain government customers,” FireEye CEO Kevin Mandia said in a statement, without naming them. He said there was no indication they got customer information from the company’s consulting or breach-response businesses or threat-intelligence data it collects.

Former NSA hacker Jake Williams said it seemed clear that both the Treasury Department and FireEye were hacked using the same vulnerability.

“The timing of the release here is, I think, not at all a coincidence,” said Williams, the president of the cybersecurity firm Rendition Infosec.

He said FireEye surely told the FBI and other federal partners how it had been hacked and they determined that Treasury had been similarly compromised.

“I suspect that there’s a number of other (federal) agencies we’re going to hear from this week that have also been hit,” Williams added.

FireEye responded to the Sony and Equifax data breaches and helped Saudi Arabia thwart an oil industry cyberattack — and has played a key role in identifying Russia as the protagonist in numerous aggressions in the burgeoning netherworld of global digital conflict.

Neither Mandia nor a FireEye spokesperson said when the company detected the hack or who might be responsible. But many in the cybersecurity community suspect Russia.

The U.S. Treasury Department building viewed from the Washington Monument, Sept. 18, 2019, in Washington.

Be seeing you

Posted in Uncategorized | Tagged: , , , | Leave a Comment »

FBI launches open attack on ‘foreign’ alternative media outlets challenging US foreign policy | The Grayzone

Posted by M. C. on June 9, 2020

Thus the takedown of the publication by Facebook, with FBI and FireEye encouragement represents a disturbing precedent for future actions against individuals who criticize US foreign policy and outlets that attack corporate media narratives.

Not exactly new news.

https://thegrayzone.com/2020/06/05/the-fbi-launches-open-attack-on-foreign-alternative-media-outlets-challenging-u-s-foreign-policy/

Under FBI orders, Facebook and Google removed American Herald Tribune, an alternative site that publishes US and European writers critical of US foreign policy. The bureau’s justification for the removal was dubious, and it sets a troubling precedent for other critical outlets.

By Gareth Porter

The FBI has publicly justified its suppression of dissenting online views about US foreign policy if a media outlet can be somehow linked to one of its adversaries. The Bureau’s justification followed a series of instances in which Silicon Valley social media platforms banned accounts following consultations with the FBI.

In a particularly notable case in 2018, the FBI encouraged Facebook, Instagram and Google to remove or restrict ads on the American Herald Tribune (AHT), an online journal that published critical opinion articles on US policy toward Iran and the Middle East. The bureau has never offered a clear rationale, however, despite its private discussions with Facebook on the ban.

The FBI’s first step toward intervening against dissenting views on social media took place in October 2017 with the creation of a Foreign Influence Task Force (FTIF) in the bureau’s Counterintelligence Division. Next, the FBI defined any effort by states designated by the Department of Defense as major adversaries (Russia, China, Iran and North Korea) to influence American public opinion as a threat to US national security.

In February 2020, the FBI defined that threat in much more specific terms and implied that it would act against any online media outlet that was found to fall within its ambit. At a conference on election security on February 24, David K. Porter, who identified himself as Assistant Section Chief of the Foreign Influence Task Force, defined what the FBI described as “malign foreign influence activity” as “actions by a foreign power to influence U.S. policy, distort political sentiment and public discourse.” 

Porter described “information confrontation” as a force “designed to undermine public confidence in the credibility of free and independent news media.” Those who practice this dark craft, he said, seek to “push consumers to alternative news sources,” where “it’s much easier to introduce false narratives” and thus “sow doubt and confusion about the true narratives by exploiting the media landscape to introduce conflicting story lines.”

“Information confrontation”, however, is simply the literal Russian translation of the term “information warfare.” Its use by the FTIF appears to be aimed merely at justifying an FBI role in seeking to suppress what it calls “alternative news sources” under any set of circumstances it can justify.

While expressing his intention to target alternative media, Porter simultaneously denied that the FBI was concerned about censoring media. The FITF, he said “doesn’t go around chasing content. We don’t focus on what the actors say.” Instead, he insisted that “attribution is key,” suggesting that the FTIF was only interested in finding hidden foreign government actors at work.

Thus the question of “attribution” has become the FBI’s key lever for censoring alternative media that publishes critical content on U.S. foreign policy, or which attacks mainstream and corporate media narratives. If an outlet can be somehow linked to a foreign adversary, removing it from online platforms is fair game for the feds. 

The strange disappearance of American Herald Tribune

In 2018, Facebook deleted the Facebook page of the American Herald Tribune (AHT), a website that publishes commentary from an array of notable authors who are harshly critical of U.S. foreign policy. Gmail, which is run by Google, quickly followed suit by removing ads linked to the outlet, while the Facebook-owned Instagram scrubbed AHT’s account altogether.

Tribune editor Anthony Hall reported at the time that the removals occurred at the end of August 2018, but there was no announcement of the move by Facebook. Nor was it reported by the corporate news media until January 2020, when CNN elicited a confirmation from a Facebook spokesman that it had indeed done so in 2018.  Furthermore, the FBI was advising Facebook on both Iranian and Russian sites that were banned during that same period of a few days.  As Facebook’s chief security officer Alex Stamos noted on July 21, 2018, “We have proactively reported our technical findings to US law enforcement, because they have much more information than we do, and may in time be in a position to provide public attribution.”

On August 2, a few days following the removal of AHT and two weeks after hundreds of Russian and Iranian Pages had been removed by Facebook, FBI Director Christopher Wray told reporters at a White House briefing that FBI officials had “met with top social media and technology companies several times” during the year, “providing actionable intelligence to better enable them to address abuse of their platforms by foreign actors.”  He remarked that FBI officials had “shared specific threat indicators and account information so they can better monitor their own platforms.”

Cybersecurity firm FireEye, which boasts that it has contracts to support “nearly every department in the United States government,” and which has been used by Department of Homeland Security as a primary source of “threat intelligence,” also influenced Facebook’s crackdown on the Tribune. CNN cited an unnamed official of FireEye stating that the company had “assessed” with “moderate confidence” that the AHT’s website was founded in Iran and was “part of a larger influence operation.”

The CNN author was evidently unaware that in U.S. intelligence parlance “moderate confidence” suggests a near-total absence of genuine conviction. As the 2011 official “consumer’s guide” to US intelligence explained, the term “moderate confidence” generally indicates that either there are still differences of view in the intelligence community on the issue or that the judgment ”is credible and plausible but not sufficiently corroborated to warrant higher level of confidence.” 

CNN also quoted FireEye official Lee Foster’s claim that “indicators, both technical and behavioral” showed that American Herald Tribune was part of the larger influence operation. The CNN story linked to a study published by FireEye featuring a “map” showing how Iranian-related media were allegedly linked to one another, primarily by similarities in content.  But CNN apparently hadn’t bothered to read the study, which did not once mention the American Herald Tribune.

Finally, the CNN piece cited a 2018 tweet by Daily Beast contributor Josh Russell which it said provided “further evidence supporting American Herald Tribune’s alleged links to Iran.” In fact, his tweet merely documented the AHT’s sharing of an internet hosting service with another pro-Iran site “at some point in time.”  Investigators familiar with the problem know that two websites using the same hosting service, especially over a period of years, is not a reliable indicator of a coherent organizational connection.

CNN did find evidence of deception over the registration of the AHT. The outlet’s editor, Anthony Hall, continues to give the false impression that a large number of journalists and others (including this writer), are contributors, despite the fact that their articles have been republished from other sources without permission.

However, AHT has one characteristic that differentiates it from the others that have been kicked off Facebook: The American and European authors who have appeared in its pages are all real and are advancing their own authentic views. Some are sympathetic to the Islamic Republic, but others are simply angry about U.S. policies: Some are Libertarian anti-interventionists; others are supporters of the 9/11 Truth movement or other conspiracy theories.

One notable independent contributor to AHT is Philip Giraldi, an 18-year veteran of the CIA’s Clandestine Service and and an articulate critic of US wars in the Middle East and of Israeli influence on American policy and politics. From its inception in 2015, the AHT has been edited by Anthony Hall, Professor Emeritus at University of Lethbridge in Alberta, Canada.

In announcing yet another takedown of Iranian Pages in October 2018, Facebook’s Gleicher declared that “coordinated inauthentic behavior” occurs when “people or organizations create networks of accounts to mislead others about who they are what they’re doing.” That certainly doesn’t apply to those who provided the content for the American Herald Tribune.

Thus the takedown of the publication by Facebook, with FBI and FireEye encouragement represents a disturbing precedent for future actions against individuals who criticize US foreign policy and outlets that attack corporate media narratives.

Shelby Pierson, the CIA official appointed by then director of national intelligence in July 2019 to chair the inter-agency “Election Executive and Leadership Board,” appeared to hint at differences in the criteria employed by his agency and the FBI on foreign and alternative media.

In an interview with former acting CIA Director Michael Morrell in February, Pierson said, “[P]articularly on the [foreign] influence side of the house, when you’re talking about blended content with First Amendment-protected speech…against the backdrop of a political paradigm and you’re involving yourself in those activities, I think that makes it more complicated” (emphasis added).

Further emphasizing the uncertainty surrounding the FBI’s methods of online media suppression, she added that the position in question “doesn’t have the same unanimity that we have in the counterterrorism context.”

Be seeing you

Posted in Uncategorized | Tagged: , , , , , | Leave a Comment »

MoA – Facebook Kills “Inauthentic” Foreign News Accounts – U.S. Propaganda Stays Alive

Posted by M. C. on August 23, 2018

In FY 2018, OCB is establishing on island digital teams to create non-branded local Facebook accounts to disseminate informationNative pages increase the chances of appearing on Cuban Facebook users newsfeeds. The same strategy will be replicated on other preferred social media networks.

http://www.moonofalabama.org/2018/08/facebook-kills-inauthentic-foreign-news-accounts-us-propaganda-stays-alive.html

Facebook Kills “Inauthentic” Foreign News Accounts – U.S. Propaganda Stays Alive

The creation of digital content led to the re-establishment of claqueurs:

By 1830 the claque had become an institution. The manager of a theatre or opera house was able to send an order for any number of claqueurs. These were usually under a chef de claque (leader of applause), who judged where the efforts of the claqueurs were needed and to initiate the demonstration of approval. This could take several forms. There would be commissaires (“officers/commissioner”) who learned the piece by heart and called the attention of their neighbors to its good points between the acts. Rieurs (laughers) laughed loudly at the jokes. Pleureurs (criers), generally women, feigned tears, by holding their handkerchiefs to their eyes. Chatouilleurs (ticklers) kept the audience in a good humor, while bisseurs (encore-ers) simply clapped and cried “Bis! Bis!” to request encores.

Today anyone can create content and rent or buy virtual claqueurs in from of  “likes” on Facebook or “followers” on Twitter to increase its distribution.

An alternative is to create artificial social media personas who then promote ones content. That is what the Internet Research Agency, the Russian “troll factory” from St. Petersburg, did. The fake personas it established on Facebook promoted IRA created clickbait content like puppy picture pages that was then marketed to sell advertisements. Read the rest of this entry »

Posted in Uncategorized | Tagged: , , , | Leave a Comment »