Category Archives: Russia

National Security issues pertaining to Russia including espionage and intellectual property protection

Prevendra - Dmitry Dokuchaev

Dmitry Dokuchaev – Playing Both Sides?

Dmitry Dokuchaev, Major in the Russian Federal Security Service of the Russian Federation (FSB; Russian: Федеральная служба безопасности Российской Федерации (ФСБ)), was arrested by the Russian FSB and charged with treason in December 2016 (see: Russian FSB cybersecurity implosion continues with more arrests). On 28 February 2017, Dokuchaev is indicted by the United States on charges of Espionage, Computer Fraud and a host of others charges for activities during the time period of 2014 through December 2016.  Note the dates. He is arrested by the FSB in December 2016 – the activities identified within the indictment ended December 2016.  Dokuchaev is both a busy and popular gent.

Who is Dmitry Dokuchaev?

Prevendra - Dmitry DokuchaevDmitry Dokuchaev’s (дмитрий докучаев) relationship with the FSB began when he was given the choice between jail or cooperation, as Dokuchaev, is the Russian hacker known by his street name “FORB.”  In a 2004 interview with Vedmosti, the then 20-year old Dokuchaev claimed to have successfully penetrated the US government (not further identified) while a university student in Yekaterinburg (his home town). Dokuchaev, continued how he met his expenses by “stealing money from credit cards” earning for himself $5-30,000 per month. This latter activity came to the attention of the FSB, and they made him an offer he could not refuse.

Dokuchaev, now a Major within the FSB’s cybersecurity CDC, and deputy to Mikhailov, was identified by the FSB as sharing both personal data and FSB data to both companies and the government representatives of the United States.

The DOJ indictment identifies Dokuchaev as:  Dmitry Alexsandrovich Dokuchaev, also known as “Patrick Nagel,” was a Russian national and resident. Dokuchaev was an FSB officer assigned to the Second Division of the FSB Center 18, also known as the FSB Center for Information Security.

Now Dokuchaev is charged with directing the effort to compromise the Yahoo email system and systematically obtain email information on targets of interest to the FSB. The indictment, 39 pages in length, goes into great detail on the depth of Dokuchaev and the FSB interest in monitoring the private email of Russian nationals, as well as international personas.  Dokuchaev and his co-conspirators harvested the content of individual’s private email accounts, and made every effort to monetize this unique and illegal access.

The Russian’s are charging him with similar activity.  There is little likelihood that Dokuchaev will be extradited to the US, though he no doubt would prefer that to his current residence, Lefortovo prison.

Is Dmitry Dokuchaev a pawn in the grand game of realpolitik chess, or was he simply too greedy and played all the angles at once and has been discovered by both the United States, Federal Bureau of Investigations (FBI) and the Russian FSB?

We’ll keep our eye on this, as the Russian FSB cybersecurity team implosion continues.


Additional reading:

Dmitry Dokuchaev Indictment
Russia’s FSB Cybersecurity Team Implodes
Russian FSB cybersecurity implosion continues with more arrests

Prevendra's Email Updates
Get the latest content first.
100% Privacy. We don't spam.
Prevendra - FSB cybersecurity in handcuffs

Russian FSB cybersecurity implosion continues with more arrests

As we discussed in our recent piece, “Russia’s FSB Cybersecurity Team Implodes” the number of individuals who are in shackles from within the FSB cybersecurity entities continues to increase, and the timeline of the Russian security service, Federal Security Service of the Russian Federation (FSB; Russian: Федеральная служба безопасности Российской Федерации (ФСБ)), investigation continues to expand.

Over the course of the past two day, we have seen Russian media, digging deep into their sources within the FSB on the powerplay going on between two FSB elements, and the arrest of four individuals associated with Humpty Dumpty (hacker group) and having shared information with US entities.

US Election – Russian shenanigans

Prevendar - US ElectionWhat is clear now, is the existence of a United States angle in the longer tale, which is tied to the FBI’s August 2016 alert to Russian activity targeting individuals associated with the Arizona and Illinois voting systems. See Washington Post: Russian hackers targeted Arizona election system, for how the activity was described in 2016.  And, the New York Times September 2016 report, that the King Servers company’s servers were also used for the attack on the Democratic National Committee (DNC).

The CEO of the company, when interviewed in September 2016, noted that when he learned his company’s servers were showing up in FBI reports, he immediately blocked those servers. The worldwide media carried Vladimir Fomenko’s comments about being shock and outrage that a criminal might have leased his servers for such nefarious activity.

Additionally, the previously mentioned Wroblewski and his Chronopay investigation and conviction is connected to King Servers — yes, Chronopay was hosted by King Servers.

January 2017 – FSB cybersecurity investigation

Prevendra - FSB Emblem

FSB

Fast forward to 26 January 2017, and we learned of the December 2016 arrest of yet another member of the FSB cybersecurity, Information Security Centre (CDC), Dmitry Dokuchaev. Dokuchaev, a Major within the FSB, served as deputy to Sergei Mikhailov. Dokuchaev, is also being charged with treason (Article 275 of the Russian Criminal Code).

Four arrested in Russian security services implosion #FSB cybersecurity in upheaval #Russia Click To Tweet

Dmitry Dokuchaev’s (дмитрий докучаев) relationship with the FSB began when he was given the choice between jail or cooperation, as Dokuchaev, is the Russian hacker known by his street name “FORB.”  In a 2004 interview with Vedmosti, the then 20-year old Dokuchaev claimed to have successfully penetrated the US government (not further identified) while a university student in Yekaterinburg (his home town). Dokuchaev, continued how he met his expenses by “stealing money from credit cards” earning for himself $5-30,000 per month. This latter activity came to the attention of the FSB, and they made him an offer he could not refuse.

Dokuchaev, now a Major within the FSB’s cybersecurity CDC, and deputy to Mikhailov, was identified by the FSB as sharing both personal data and FSB data to both companies and the government representatives of the United States. (Perhaps they are one of the many sources used in the creation of the DNI’s “Assessing Russian Activities in Recent US Elections“)

Uncovering Mikhailov, Dokuchaev and Stoyanov

No one will ever claim the FSB counterintelligence – counterespionage teams are not thorough, patient and persuasive.

Prevendra - Interrogation

Interrogation Room

The uncovering of the activities by personnel with the FSB CDC and the greater Russian cybersecurity community, came as a result of the apprehension and subsequent interview and confession of Vladimir Anikeeva (Владимир Аникеева), a journalist, who is also believed to be the head of, Humpty Dumpty (see our prior piece). Anikeeva’s online handle, is “Alice.”  Anikeeva, was lured from the Ukriane, to St. Petersburg where he was arrested and charged with “illegal access to computer information” (Article 272 of the Russian criminal code).

The arrest of Anikeeva (October 2016), had to do with the emails from Vladislav Surkov (aka Kremlin’s puppet master), which the group had published on the site “Kiberhunta” (Cyber Hunter).  It was during the interview/interrogation of Anikeeva, which resulted in his identification of the activities of Mikhailov. Indeed, the media reports how Anikeeva volunteered the information on the complicity of Mikhailov, Dokuchaev and Stoyanov.

So, while the initial investigation was focused on who dox’d Surkov and his emails; and the take down of Humpty Dumpty, the resultant multi-month investigation uncovered elements within the FSB CDC, engaging in a bit of moonlight shenanigans.

Russian media has reported a fourth individual has been arrested, with much of the media speculating it is Anikeeva.

FSB cybersecurity cat-fight

Once the FSB compartmented the counterintelligence investigation, the table was set for the imploding of the FSB CDC.

Prevenda - FSB Special Communications ServiceThe cat fight between the two elements within the FSB began. These elements being, the FSB CDC and the FSB Special Communications Group (FSB SCG) (previously known to the western intelligence services as FAPSI). The latter group is responsible for all Russian cryptographic standards, security the Russian elections, and a multitude of other activities to include signals intelligence (SIGINT).

The FSB SCG wasted no time in positioning itself to catch the pieces as the FSB CDC was systematically dismantled with the forced retirement of the head of the CDC, Andrei Gerasimov; the arrest of his deputy Sergei Mikhailov and Dmitry Dokuchaev and their good friend and the member of the troika with industry and international government contacts, Stoyanov.

Putin gets to look good to Trump

Prevendra - Putin-TrumpWhile the internal gyrations are taking place, we can expect Putin to play the internal housecleaning to his advantage when engaging with the new administration within the US. He is now able to say, “we did not interfere or try to influence the US election; but some rogue members of the FSB were associated with a criminal element and we have brought them to justice.”   He is also able to commensurate, with the new US president, Trump, “we too have our issues with the security services.”

 

 

 

 

 

 

Lubyanka FSB Headquarters

Russia’s FSB Cybersecurity Team Implodes

While the world was watching the United State’s election and the debate over whether or not the Russian’s hacked the DNC and influenced the election, the Russian Federation was engaged in some of their own housecleaning.


A followup report to this post has been filed 28 January 2017:   Russian FSB Cybersecurity Implosion Continues With More Arrests

The Federal Security Service of the Russian Federation (FSB; Russian: Федеральная служба безопасности Российской Федерации (ФСБ)) was cleaning house within their Information Security Centre (CDC)  – their cybersecurity team.  Western media, drawing predominantly from a Kommersant article of 25 January, “Lubyanka Consultant floating in Lefortovo” learned that two individuals, one who was the deputy director of the the FSB cybersecurity team, and another a senior manager within Kaspersky Labs, had been arrested. While the FSB has not released the charge sheet, they have noted that the two are being held on “suspicion of violation of Art. 275 of the Criminal Code ( “treason”)” and unidentified non-official sources of Kommersant, framed the investigation is looking into the allegation that the individuals received money from foreign companies.  There is more to the story.

Prevendra - Humpty DumptyIt is alleged, deputy director of the FSB CDC, Sergey Yuryevich Mikhailov, is associated with the Russian hacking group Humpty Dumpty (Шалтай-Болтай) which over the course of the past few years has been doxing (sharing personal data) of members of the Putin administration, to include Prime Minister Medvedev and Deputy Prime Minister Dvorkovich.  It is further alleged Mikhailov and a professional colleague of his Ruslan Stoyanov, a senior Kaspersky Labs employee, with whom Mikhailov regularly collaborated, feathered their nest by sharing data, which they harvested with western companies.

The FSB CDC’s director, Andrei Gerasimov, who was eligible to retire, is believed to have done so in mid-January 2017. The assumption within Russian media being, the accelerated retirement was directly related to his deputy, Mikhailov having been arrested.

Always one for drama, the FSB did not disappoint. Multiple media outlets are reporting that the arrest of Mikhailov was taken straight out of the pages of the USSR era. Mikhailov was in a staff meeting, when he was bagged (bag over his head) and dragged unceremoniously from the building.

So what’s really going on?  Whether or not the relationship to Humpty Dumpty is confirmed, Russia media is associating Humpty Dumpty with the CIA (Central Intelligence Agency), based on nothing more than, “because, who else?”

FSB's cybersecurity team upheaval - they secure #Russia elections Click To Tweet

The FSB’s Paul Wroblewski Investigation

What is clear, is that the linchpin between Stoyanov and Mikhailov is the on-again off-again investigation into ChronoPay owner, Paul Wroblewski. And during this investigation the turf war between the FSB CDC and the special communications group within the FSB (aka Military unit No. 43753). The latter group’s remit covers use of cryptographic equipment and securing Russia’s electronic voting (the irony for a reader in the US is off-the-charts).

Mikhailov is quoted as saying turf wars are handled surgically – he might be right.

[x_pullquote cite=”Sergei Mikahilov” type=”left”]“The FSB has never existed internal squabbles that would lead to criminal prosecution. There is always the possibility of elementary by change leaders, layoffs, changes in the structure of these conflicts to solve. I do not see any intrigue. When two units are unable to find a common language, it is resolved surgically and without the use of procedural measures. The FSB — the powerful power structure, where the creation of precise vertical. Inclusion of third party tools is stupid”[/x_pullquote]

Sberbank’s desire to build an all-inclusive national database of personal data and to have interviewed Mikhailov for this role, may have been a red herring, designed to elicit information from Mikhailov on the means to acquire that information which may not be readily available within the already impressive Russian government databases. One can only speculate, until the charge sheets are released, on whether or not the Sberbank discussions provided grist for this fire. 

We’ll keep an eye out for the FSB updates. We expect to see the musical chairs within the FSB’s Information Security Center to continue and additional information which may confirm or refute the existence of a “very special relationship” with Kaspersky Labs to be leaked, as the Russian media is spinning up like sharks who taste blood in the water.


Let’s meet the individuals:

Sergei Mikhailov

Prevendra - Sergei Mikhailov

Sergei Mikhailov

Sergey Yuryevich Mikhailov (Сергей Юрьевич Михайлов) the deputy head of the FSB’s CDC. The CDC oversees all of the official Russian efforts against cybercrime in Russia. This includes theft of credit and financial information, personal data leakage, and monitoring of social networks.

It is reported (Constantinople Network) that Mikhailov had been meeting with the leadership of Sberbank, to take a role reporting to Sberbank’s Herman Gref. The role at Sberbank was to create a new online service, and to build the national database of personal data. It should be noted, that Gref is considered to be a moderate within Putin’s circle.

Ruslan Stoyanov

Prevendra: Ruslan Stoyanov

Ruslan Stoyanov

Ruslan Stoyanov (Руслан Стоянов) a senior manager within Russian based “Kaspersky Lab” leads one of the departments within Kaspersky. Prior to his joining Kaspersky, Stoyanov worked as a manager within Moscow police’s cybersecurity “K-control” team. He managed the “special” technical capability of  he worked in the management of special technical activities of the Moscow police. In his role, he worked closely with the FSB and other Russian security elements.

Kaspersky Labs has emphatically distanced themselves from Ruslan Stoyanov and his arrest, Kaspersky’s PR representative, Maria Shirokov, notes the activities about which he is charged, pre-date his being hired by Kaspersky Labs; that Stoyanov is not part of the company’s leadership team, but is a department head. Russian media notes that Stoyanov worked closely with the FSB’s CDC and enjoyed the trust of the Russian Federation, having been made privy to a great many state secrets.

Stoyanov held the rank of Major within the special technical activities group of the Moscow police ( “K” control) prior to joining Kaspersky.

Andrei Gerasimov

Andrei Gerasimov, director of the FSB CDC is believed to have submitted a mid-January resignation/retirement (some call ejection) as a result of his deputy, Mikhailov’s early-December arrest.


Lubyanka and Lefortovo Prison

Prevendra: Mosco Lefortovo Prison

Moscow Lefortovo Prison

Prevendra - Lubyanka - FSB Headquarters

Lubyanka – FSB Headquarters

For now, the two are being shuttled between FSB headquarters at Lubyanka and Lefortovo Prison.

Lefortovo Prison is etched in the minds of every Russian as perhaps the most frightening locale in Russia, given its association with Stalin’s NKVD and the FSB’s predecessor, the KGB. Lefortovo Prison, was built in 1881, and is best known for its history as being the place of bloody and brutal interrogations and executions during Stalin’s Great Purge is well known. During the final years of the Soviet Union, the KGB used Lefortovo as an investigative isolator center where they detained political prisoners. The bottom line, there is no worse place to sit in Russia, than an interrogation room within Lefortovo Prison.


A followup report to this post has been filed 28 January 2017:   Russian FSB Cybersecurity Implosion Continues With More Arrests


Russian media is spinning up like sharks who taste blood in the water - FSB Cybersecurity shakeup Click To Tweet

Prevendra - Putin's gambit fails

Kremlin’s Clinton Gambit Fails With Trump’s Election

A little over a month ago I wrote of the Russian gambit to influence the US national elections by seemingly backing the Republican party candidate Donald J. Trump in hopes that the US electorate would swing in mass to back Democratic party candidate Hillary R. Clinton. In my piece, US Presidential Election 2016: The Kremlin Prefers??? I made the argument that the Kremlin’s book on Clinton far exceed the quality of the information on Trump, and how they very much looked forward to another four years of being able to act with a great deal of prescience, given the treasure trove of materials in their possession.  Like any chess match, sometimes the gambit ensnares the opponent and sometimes the opponent doesn’t rise to the bait and the gambit failes. Putin’s gambit, his big gamble failed.

[x_pullquote cite=”Office of the President of the Russian Republic, Vladimir Putin” type=”left”] Mr Putin said he hopes to work together to lift Russian-US relations out of the current crisis, resolve issues on the international agenda, look for effective responses to global security challenges. The President said he is confident that Moscow and Washington can establish a constructive dialogue based on the principles of equality, mutual respect, and genuine consideration for each other’s positions. This would be in the interests of both peoples and of the entire international community. Mr Putin wished Mr Trump success in his important work as head of state.[/x_pullquote]This outreach was viewed with much speculation and ridicule by the media, the same media that grabbed hold of the Kremlin’s gambit.

With the failure of the Kremlin’s Clinton gambit, the Kremlin’s Foreign Ministry, Intelligence and Security Services are scrambling. On 09 November, like much of the world, it was an eye-opening, “OMG” moment. No doubt new directives and requirements were being created. The Trump transition team, squirreled away in Washington DC was and is a primary target.

We see Vladimir Putin, President of Russia, among the first to offer his congratulations, reaching out and playing to Trump’s significant ego, buying time.

This is quickly followed, five days later, with a one-on-one Putin-Trump phone conversation. Which the Kremlin described the Putin-Trump call as follows: “During the conversation Mr Putin and Mr Trump not only agreed on the absolutely unsatisfactory state of bilateral relations but also expressed support for active joint efforts to normalise relations and pursue constructive cooperation on the broadest possible range of issues. They emphasised the importance of establishing a reliable foundation for bilateral ties by developing the trade and economic component.” The Kremlin went on to say the two agreed to stay in touch and to arrange a face-to-face meeting to be arranged by their staffs (that’s diplomatic speak for, let’s see how this dance goes, before we commit).

The New York Times reports how Dmitry Kiselyov, anchor on Russia’s state run television said, “the American government would finally drop what the Russian anchor called its annoying slogans about human rights and democracy.”

Prevendra - Is Trump the Mule from Asimov's Foundation and the Empire?

Is Trump the Mule?

The Kremlin must be channeling Asimov right now, and opening the dog-eared copies to soak up all they can about the “Mule.”

The Mule has been described as, “one of the greatest conquerors the galaxy has ever seen, he is a mentalic who has the ability to reach into the minds of others and “adjust” their emotions, individually or en masse, using this capability to conscript individuals to his cause. Not direct mind-control per se, it is a subtle influence of the subconscious; individuals under the Mule’s influence behave otherwise normally – logic, memories, and personality intact.” (Source: Wikipedia)

Trump is a wildcard. The Trump transition team may have been fully engaged and targeted, but that target just blew up, as the new leader of the team, Vice President-elect Pence took over the transition and threw out the lobbyists and reshuffled the deck. The RNC, just like the DNC was warned back in January 2016, that they were being targeted, so they had ample time to harden their infrastructure. Just imagine the shredding of the files going on in the Kremlin as they, like all of us, try to keep up with the Trump transition team’s movements.

Let there be no doubt, there are going to be interesting times, ahead. What we can be guaranteed, the Kremlin may have lost this chess match, but they are back at the board immediately.

Their choice, Clinton did not win the general election of the United States. They are now in double-down mode working overtime to try and replace the treasure trove Prevendra - Donald Trump dossier from DNCof materials they had in acquired in anticipation of a Clinton transition.  Trump’s son-in-law, Jared Kushner currently occupies the position at the tip of the needle, and thus all who surround him have moved in the targeteers sights. A request to provide Kushner with a security clearance, has been made, and as an integral part of his Trump’s transition team, one should be expected it to be granted, albeit in an interim clearance status. 

Meanwhile, the Kremlin may wish to start their efforts, to understand the United State’s wildcard President-Elect Trump, by reviewing the piece they stole back in June 2016, and already have in their possession: The dossier on Donald J. Trump prepared by the Democratic National Committee … you can read it here:   Trump DNC Dossier (200+ pages pdf)


Additional reading:

President Putin’s congratulatory telegram to President-elect Trump

President Putin’s version of the telephone conversation with President-elect Trump

 

 

Prevendra - Gregory Allen Justice - arrest

Selling secrets to Russia? It’s a bad idea

The headline read:  Selling Secrets to the Russians? Jason Bourne Fan arrested in spy drama of his own.  Thus implying the motivation for Gregory Allen Justice was his sick wife, a job at which he felt unappreciated and a fascination with cinematic secret operatives such as Jason Bourne and James Bond. There’s more to the story.

When he was arrested for what the Federal Bureau of Investigation called in their filed criminal complaint: probable cause of Economic Espionage, violation of the Arms Export Control Act, and violation of the International Trafficking in Arms Regulations (ITAR),  Justice found out just how adroit the FBI, working with the Air Force Office of Special Investigations (AFOSI), can be when working an espionage case.

BREAKING TRUST

Justice allegedly broke trust with his employer, a cleared defense contractor (who, according to his father is Boeing Satellite Systems). He is alleged to have reached out to the Russian Embassy in Washington, DC to volunteer his services in late 2015.

His first attempt at contact involved sending a letter, followed by a brief phone call to the Russian Naval Attaché within the Russian Embassy (Military attaches in embassies, are on occasion associated with military intelligence). This letter, according to the criminal complaint filed in the United States District Court, Central District of California, contained a “technical schematic.”

On February 10, 2016, Justice again called the Russian Naval Attache’s office at the Russian Embassy and asked if there was interest in maintaining contact and obtaining similar things. At that point, the FBI does what the FBI does … then stepped in and provided Justice with all the rope he needed to hang himself.

FBI COVERTLY ENGAGES  GREGORY ALLEN JUSTICE

Justice was contacted two days later by an undercover FBI special agent (S/A) who posed as a member of the Russian external intelligence service, the SVR. The S/A picked up the conversation and arranged to meet with Justice.  Over the course of the next few months (February – May 2016), Justice would meet the S/A face-to-face on five occasions. On each of the last four occasions, Justice brought information which was either proprietary or in violation of US export regulations, signed a receipt for cash received from the S/A and volunteer to expand his collection efforts in support of what he believed to the Russian SVR.  (NB: It is not revealed if the Russian intelligence apparatus acted upon Justice’s attempt to volunteer, or if they took a pass.)

Justice explained how all of the information he was providing was “ITAR.” And went on to compare his collaboration with the S/A as just like the “spy movies” of Jason Bourne, James Bond and “The Americans.”  Furthermore, Justice claimed to need money to fund his wife’s medical bills. Readers of the entire criminal complaint will see, while his motivation was financial, it was to fund his relationship with a woman other than his wife, and narcotics distribution. Furthermore, he provided information to the S/A on 16-gigabyte USB thumb drives.

INSIDER THREAT PROGRAM

The cleared defense contractor had in place a robust insider threat program. The program detected in November 2015, Justice coping a number of files to an external device, and then provided confirmatory information to the FBI/AFOSI on the information which Justice would purloin prior to each meeting with the S/A.

WHAT WAS AT RISK

While Justice did not have access to classified programs, he did have access to the following satellite system programs:

  • Wideband Global Satellite Communication (WGS)
  • Global Positioning System (GPS)
  • Geostationary Operational Environmental Satellites (GOES)
  • Tracking and Data Relay Satellite (TDRS)
  • Milstar Communications Satellite (MILSTAR)
  • Tangential access to additional programs
    • INMARSAT
    • MEXSAT
    • GPS IIF

INFOSEC TRAINING

Furthermore, as a cleared defense contractor, one would expect there to be a comprehensive cyber and counterintelligence briefing and training program, and there was.  Justice’s training folio showed he had taken a variety of courses.

  • Information Security 2015 (July 10, 2015)
  • Intellectual Property for Engineers and Technologists (July 10, 2015)
  • Threat Management Training for Employees (July 9, 2015)
  • Trade Secrets and Proprietary Information (July 9, 2015)
  • Enterprise US Export Awareness Overview (July 9, 2015)
  • Information Security 2014 (June 25, 2014)
  • 2014 Ethics Recommitment Training (May 6, 2014)
  • Enterprise US Export Awareness Overview (November 27, 2013)

CONTROLS TO PREVENT A LEAK

The cleared defense contractor had in place a data loss prevention (DLP) monitoring program and as noted above, found Justice downloading data to a USB device. In addition, the resident DLP monitoring program captures screenshots of Justice’s computer, at a cadence of approximately every six seconds. In addition, when an external medium, such as an USB drive is inserted into a laptop/desktop, the system prompts to encrypt the data.

Physical access procedures were also in place at the cleared defense contractor’s facility.  To enter the building, Justice is required to display a badge to a guard or enter through a badge-controlled gate. In addition, access controls exist at Justice’s specific work area, via a badge swipe.  In order to access his work station, Justice was required to insert his badge and enter a pin (description fits that of a Common Access Card functionality). Access controls on specific data sets required a re-authentication by Justice in order to garner access. Furthermore, within the contractor’s IT system, when entering the collaborative data sets environment, all data is clearly marked and delineated as proprietary and/or requiring compliance with export controls.

SUMMATION – TRUST BUT VERIFY

Justice broke trust. The contractor’s DLP system identified his accessing and copying files to external devices. It is unclear from the criminal complaint if this actionable information was of sufficient caliber to warrant action or if the action occurred only after the FBI/AFOSI arrived on the scene post-Justice’s volunteering his services to the Russian intelligence apparatus.

Entities with insider threat programs are challenged with both the potential for a mountain of false-positives, as well as determination of what level of activity warrants action.  Each program will be different, but having access to the data, for archival review should be mandatory. The rationale, today’s actions may appear mundane and low-risk, but when added to additional pieces of data, which may also appear to be innocuous and of low-risk, creates a more complete picture of the mosaic of the risk being presented by the employee breaking trust.

 

 


A version of the above, written by Christopher Burgess, was original posted in Clearance Jobs in July 2016: Profile in Espionage – Curtailing a Satellite Spy with an Insider Threat Program

Prevendra - Kremlin

US Presidential Election 2016: The Kremlin Prefers???

[text_output]The US presidential election of 2016 is entertaining the world and Russia’s Kremlin. The sad reality is one of the two major party candidates, Donald Trump (R) or Hillary Clinton (D) will be the next president of the United States come Friday, January 20, 2017.

The US electorate dislikes them both.

Global leaders and their intelligence and foreign policy apparatus are burning the midnight oils as they try and put their arms around what is coming to the global stage come 2017. If it wasn’t scaring the shit out of me, and so many others, then it would actually be humorous.

While the decision day of November 8, 2016 is fast approaching the US electorate, it is regrettable many will find themselves voting for the presidential candidate they think sucks less.

putin_clinton_trumpThe Kremlin, led by Vladimir Putin, has made their choice early on.

A powerful statement. One may argue, countries don’t attempt to influence the affairs or elections of another country? To that I say, open your history books.The Russian Federation uses their intelligence community to achieve their goals, their “active measures” (активные мероприятия) capabilities are fully operational.They are not alone, the United States has used their intelligence community and covert action capability in a similar manner (Iran, Chile, Cuba), often times directed by Presidential findings and directives and congressional oversight. Every country takes steps to protect their national interests, to influencing the actions within another country. Scan the headlines you will see examples such as the one in the Indian Express, “Everywhere the foreign hand.”

Those familiar with the ways of the former Soviet Union, will recognize the Soviet Realpolitik toy box was never thrown out, it was simply repainted and refreshed by the Russian Federation, moreso under Putin than others. Their adroitness at chess (шахматы), a national pastime in Russia, is demonstrated as they move their pieces across the global landscape, reflecting their mastery of the gambit.

The US government is not naive as to the role of Russian active measures, and in fact, Section 501 of the Intelligence Authorization Act for Fiscal Year 2017 (which started 01 October) includes specific verbiage directing the President to  “establish an interagency committee to counter active measures by the Russian Federation that constitute Russian actions to exert covert influence over peoples and governments.”

Prevendra - clinton putinClinton
The Kremlin knows Clinton, they have danced with Clinton for more than 16 years, most intensively and directly during her term as Secretary of State. They respect her for her connectedness, both domestically and abroad, and marvel at 112 countries visited and the 956,733 miles she traveled as Secretary of State.

 

Prevendra - Putin-TrumpTrump
The Kremlin knows Trump, and the Russian oligarchs know him better than the politicos. They know his money, and he knows theirs. They respect the bazzari manner he displays, negotiate agree and negotiate some more. It is not alien in the Russian markets.

 

[icon_list_item type=”bullhorn”]Russian active measures[/icon_list_item]

The Democratic National Committee (DNC) hack has been well documented and discussed ad nauseum. I crafted a piece in June, Hacking Politics – Political Security in an Election Year, which discussed why Russia would be interested in the content of the DNC servers. I said then, “political parties plan to win, so lists and analysis on best candidates for key administration posts (cabinet and select appointees) will always be of interest to an adversary, as will the national security transition. Once the national primaries are concluded and the candidates for president solidified, these individuals will begin receiving national security briefings.”  Then on 09 October, President Obama points the finger at Russia, and accuses them of meddling in the US election … about time.

With the DNC hack, the Russian’s have Clinton’s transition game plan.

Are we tired of hearing about Hillary’s email server? Absolutely. Let’s step over the discussion on whether or not classified correspondence was kept on these servers kept in her personal residence. Indeed, let’s assume, all the content was considered only sensitive and intra-office discussions.

From a foreign intelligence perspective, the content may not be platinum, due to lack of classified information, but it sure as hell is a treasure trove of gold. Containing the thoughts, methodologies, connections, interconnections and other jewels to assist an adversary in determining the plans and intentions of a leader.

The FBI Director James Comey, concludes that it is possible that hostile actors gained access to the email servers. Comey’s statement on the topic in July 2016, “With respect to potential computer intrusion by hostile actors, we did not find direct evidence that Secretary Clinton’s personal e-mail domain, in its various configurations since 2009, was successfully hacked. But, given the nature of the system and of the actors potentially involved, we assess that we would be unlikely to see such direct evidence. We do assess that hostile actors gained access to the private commercial e-mail accounts of people with whom Secretary Clinton was in regular contact from her personal account. We also assess that Secretary Clinton’s use of a personal e-mail domain was both known by a large number of people and readily apparent. She also used her personal e-mail extensively while outside the United States, including sending and receiving work-related e-mails in the territory of sophisticated adversaries. Given that combination of factors, we assess it is possible that hostile actors gained access to Secretary Clinton’s personal e-mail account.

In summary, the Russian active measures produced reams of information from the DNC to include folio’s on every individual being considered for any number of the 100s of political appointee positions (to include intimate personal details). Coupled with correspondence on how Clinton engages her internal team, to include providing direction, redirection and decision making.  Who would not want this level of detail going into any negotiation with an adversary.  

The NSA tools go missing
In August 2016 the world realized that the National Security Agency’s offensive operations group lost their tool box. Indeed, the toolbox was splayed out for all to see by Shadow Brokers. In my piece, NSA’s Tools Go Missing to Shadow Brokers, I commented how this theft and subsequent exposure, was “a signal to the United States from Russia, let the cyber-espionage games begin, we have your toys.”  The aforementioned reaction of President Obama re Russia’s technological shenanigans within the US electoral process provides credence – let the cyber-espionage games begin.

[icon_list_item type=”bullhorn”]The Kremlin’s Preference: A Russian Gambit [/icon_list_item]

The Russian playbook when it comes to Hillary Clinton is robust, complex and complete. Trump is a wildcard. They know him only in the context of his business acumen. The current residents in the Kremlin view Trump in the same way they viewed Ronald Reagan, an unpredictable gadfly. But Trump isn’t Reagan. Say what you will about Reagan and his Hollywood roots, he surrounded himself with subject matter experts who were on point. Trump has no plan, they know he will wing-it, and that is not in their interests.

Thus Putin continues to snub and embarrass the US in the diplomatic scrums at the G20, Syria, Ukraine, Crimea, NATO, etc. They feed their propaganda machines, RT, Pravda and others with global opinion on how Trump’s isolationist policy is in their interests. They create opportunity for the US media to grab soundbites and relish when Trump provides his own, leaving the public without comment on the “bromance” between Trump and Putin.

They smiled when Clinton said, on many occasions during the second debate (09 October) how the Russians don’t want her in the White House.

Others agree with Clinton’s observation that the Russian activity is in support of Donald Trump, and there can be a cogent argument made which arrives at this conclusion.

I submit, this is a Russian gambit, a beautifully mastered piece of reverse psychology which is being consumed by the US media, like a child consumes cotton candy. Indeed, the US media is not only buying it, they are serving it up to the US electorate in an unending narrative, that a vote for Trump is a vote for Russia.

But the reality is, they prefer the devil they know. The Kremlin prefers Hillary Clinton


[/text_output][text_output]

Note: A version of this article was published by Huffington Post on 12 October 2016

[/text_output]

[callout type=”left” button_icon=”check-circle” circle=”true” title=”Vote” message=”I am apolitical, revolted by both candidates, Clinton and Trump. But I will vote, and I encourage every eligible US citizen both at home and abroad to exercise their vote for this election. And whether or not the Kremlin get’s who they wish in the White House, we the electorate aren’t embracing the behavior of the emu. We will be able to marshall our national resources and be both “stronger together“ and “a greater america“ at the same time, regardless of who is President of the United States on January 21, 2017.
Thank you for your time,
Christopher Burgess” button_text=”Don’t Forget To Vote” href=”” id=”” class=”” style=””]