Sunday, December 31, 2017

a bumper year in cyberwar

-Gen. Valery V. Gerasimov, the first deputy defense minister of Russia, with Foreign Minister Sergey V. Lavrov, right, in October. Mr. Gerasimov published the Gerasimov Doctrine,
12-29-16    Mr. Vyarya, 33, a bearded, bespectacled computer programmer who thwarted hackers, said he was suddenly being asked to join a sweeping overhaul of the Russian military last year.  Under a new doctrine, the nation’s generals were redefining war as more than a contest of steel and gunpowder, making cyberwarfare a central tenet in expanding the Kremlin’s interests....
  “Sorry, I can’t,” Mr. Vyarya said he told an executive at a Russian military contracting firm who had offered him the hacking job. ...Mr. Vyarya said his problems began when he turned down the offer:  he was surveilled, and an acquaintance in law enforcement advised him to flee the country.  He left in August 2015 for Finland to seek asylum, he and his former employer said.  The Finnish government, citing safety and privacy concerns, would not comment on the asylum application....
  The military’s push into cyberwarfare had intensified in 2012, with the appointment of a new minister of defense, Mr. Shoigu. The next year a senior defense official, Gen. Valery V. Gerasimov, published what became known as the Gerasimov Doctrine.  It posited that in the world today the lines between war and peace had blurred and that covert tactics, such as working through proxies or otherwise in the shadows, would rise in importance.  He called it “nonlinear war.”  His critics called it “guerrilla geopolitics.”  But Russia is certainly not alone.   “Almost all developed countries in the world, unfortunately, are creating offensive capabilities, and many have confirmed this,” said Anton M. Shingarev, a vice president at Kaspersky, a Russian antivirus company.   https://www.nytimes.com/2016/12/29/world/europe/how-russia-recruited-elite-hackers-for-its-cyberwar.html?_r=0
..................................................................................................................................
Jan. 2017
-ChronoPay founder and owner Pavel Vrublevsky
  According to information obtained by KrebsOnSecurity, the arrests (in Russia of several FSB cyber officers) may very well be tied to a long-running grudge held by Pavel Vrublevsky, a Russian businessman who for years paid most of the world’s top spammers and virus writers to pump malware and hundreds of billions of junk emails into U.S. inboxes....
  I mentioned Vrublevsky in that story because I knew Fomenko (a.k.a. “Die$el“) and he were longtime associates; both were prominent members of Crutop[dot]nu, a cybercrime forum that Vrublevsky (a.k.a. “Redeye“) owned and operated for years. In addition, I recognized Vrublevsky’s voice and dark humor in the statement, and thought it was interesting that Vrublevsky was inserting himself into all the alleged election-hacking drama.
  That story also noted how common it was for Russian intelligence services to recruit Russian hackers who were already in prison — by commuting their sentences in exchange for helping the government hack foreign adversaries.  In 2013, Vrublevsky was convicted of hiring his most-trusted spammer and malware writer to attack one of ChronoPay’s chief competitors, but he was inexplicably released a year earlier than his two-and-a-half year sentence required.
  Meanwhile, the malware author that Vrublevsky hired to launch the attack which later landed them both in jail told The New York Times last month that he’d also been approached while in prison by someone offering to commute his sentence if he agreed to hack for the Russian government, but that he’d refused and was forced to serve out his entire sentence.
  My book Spam Nation identified most of the world’s top spammers and virus writers by name, and I couldn’t have done that had someone in Russian law enforcement not leaked to me and to the FBI tens of thousands of email messages and documents stolen from ChronoPay’s offices. 
  To this day I don’t know the source of those stolen documents and emails.  They included spreadsheets chock full of bank account details tied to some of the world’s most active cybercriminals, and to a vast network of shell corporations created by Vrublevsky and ChronoPay to help launder the proceeds from his pharmacy, spam and fake antivirus operations.   -Brian Krebs of VA   https://krebsonsecurity.com/2017/01/a-shakeup-in-russias-top-cybercrime-unit/

............................................................................................................................
2-7-17   
https://gosint.wordpress.com/2017/02/07/who-is-shaltay-boltay-fsb-colonel-sergey-mikhailov/
....................................................................................................................................................
2-17-17    According to a Reuters source, the treason charges are related to accusations made by a Russian businessman named Pavel Vrublevsky seven years ago.  In 2010, Vrublevsky, founder of internet payment firm ChronoPay, reported the suspects to authorities.  He claimed that they had passed state secrets to American firms including  Verisign, a company that specializes in domain name services and internet security, which then turned them over to US intelligence. Reuters reports the accusations were never investigated.
  A spokesperson from Verisign, the only American firm identified, denied that it had been given any secret information.  The company does have an iDefenseunit that gathers information on cybercrime and supplies dossiers to US intelligence, but the spokesperson insisted that it does not deal in classified information.  “Nothing like the arrangement as described by Pavel Vrublevsky ever took place,” said Kimberly Zenz, a former analyst at Verisign’s iDefense unit.  https://gizmodo.com/russias-mysterious-cyber-treason-case-just-got-even-ske-1792786218
.................................................................................................................
3-18-17   The U.S. indictment paints a picture of the FSB officers overseeing or being directly involved in computer hacking, including stolen e-mail accounts, and other secret programs designed to manipulate a user’s account.  Yahoo said the 2014 breach affected 500 million user accounts.
The indictment identified Sushchin as the “head of information security at the Russian financial firm, where he monitored the communications of Russian financial firm employees."
Russian billionaire Mikhail Prokhorov
Russian billionaire Mikhail Prokhorov
Renaissance Capital is a major Moscow investment bank owned by Onexim group, a holding company that manages the assets of Prokhorov.  A billionaire who made his wealth investing in Russia’s nickel industry, Prokhorov challenged Vladimir Putin for the presidency in 2011 running as a liberal, pro-business opposition candidate.  https://www.rferl.org/a/russia-fsb-officer-indicted-worked-moscow-investment-bank/28377570.html
......................................................................
4-6-17   FSB Col. Mihailov was arrested in December during a meeting of senior officers at the agency's Lubyanka HQ,and could face 20 years in jail....
  A media attack on Mikhailov by Tsargrad TV, controlled by a Putin friend, reported that Mikhailov passed to US agents the information that allowed Washington to issue the intelligence report blaming Moscow for election-related hacking....
  There are also claims - not confirmed - that the FSB detainees are linked to a trio arrested from the Shaltai-Boltai - Humpty Dumpty - hacking group.
  This outfit has caused embarrassment in the Kremlin, for example by hacking prime minister and ex-president Dmitry Medvedev, and releasing documents on propaganda initiatives.
  The leader of the group Vladimir Anikeyev, aka 'Lewis', has done a pre-trial deal with Russian prosecutors under which he admits his guilt in exchange for a lighter sentence.
  One version suggests he has given compromising evidence against Mikhailov.
'My client has made a pre-trial agreement with the investigation, but we are not commenting on its terms,'said Anikeyev's lawyer Ruslan Koblev.
  If the courts accept the deal, Anikeyev cannot be given a sentence exceeding two-thirds of the maximum five-year term for which he is accused.
http://www.dailymail.co.uk/news/article-4376566/Was-Russian-spy-CIA-hacking-mole-years.html#ixzz52sa9SsrH 
....................................................................................................................................
Vladimir Anikeyev, leader of the Shaltai Boltai hacking collective, in an enclosure in a Moscow courtroom on Thursday. CreditIvan Sekretarev/Associated Press 
7-6-17  MOSCOW — After a two-day trial conducted behind closed doors, the Moscow City Court on Thursday sentenced Vladimir Anikeyev, the head of a hacking group that the authorities cracked down on last winter, to two years in a penal colony....
  The security service detained Mr. Anikeyev after luring him to Russia from Ukraine, where he had lived for several years, with the promise of payment for a hacking operation....
  Like other cybercriminals-turned-government hackers, Shaltai Boltai’s members are believed to have collaborated with Russian intelligence personnel, namely, those from the Federal Security Service.
  That led to the arrest of Sergei Mikhailov, the deputy director of the service’s cybersecurity organ, and one of several individuals arrested around the same time as the members of Shaltai Boltai and charged with treason, though the authorities never publicly linked the two cases.    https://www.nytimes.com/2017/07/06/world/europe/vladimir-anikeyev-russia-hacking.html
...........................................................................................................................
   Dec. 2017     Relations between intelligence agencies working on the cyber front were strained, one of Mikhailov’s acquaintances said.  The FSB and GRU compete for funding and Mikhailov felt the FSB carried out cyber tasks more professionally than the GRU, according to one of his acquaintances.
  He used to say that “the GRU breaks into servers in a brazen, clumsy, and brutish manner and it interfered with his own work”, the acquaintance said.   Moreover “the GRU’s hackers didn’t even try to cover their tracks”....
  The most surprising conclusion in Crowdstrike’s report was that the DNC was broken into by hackers not once, but twice.  The first breach occurred in summer 2015, and, according to Crowdstrike, was carried out by hackers with links to the FSB.   That attack was so meticulously carried out that almost a full year passed without anyone in the DNC suspecting anything.   The next attack took place in spring 2016 on the orders of the GRU, the Crowdstrike report claims.   It was spotted by U.S. intelligence agencies, which warned the DNC.  https://thebell.io/en/arrest-russian-intel-top-cyber-crime-expert-american-elections/
............................................................................................................
12-15-17  
https://intelnews.org/tag/konstantin-kozlovsky/
  Hacker KK (shown above) of Lurk testified in Russian court that he was key in WannaCry attack and in DNC hack, that he worked on WannaCry at SamoletGroup in Kutuzoff Tower, Moscow (below), that he was connected to FSB....

.....................................................................................................................................
    Baratov, 22, is a Canadian and Kazakh national who lived in Canada (he’s now being held in California).  He was charged with being hired by two Russian FSB officer defendants in this case — Dmitry Dokuchaev, 33, and 
-I. S.
Igor Sushchin, 43 — to hack into the email accounts of thousands of individuals. According to prosecutors, Baratov’s role in the charged conspiracy was to hack webmail accounts of individuals of interest to the FSB and send those accounts’ passwords to Dokuchaev in exchange for money.
Karim Baratov, a.k.a. “Karim Taloverov,” as pictured in 2014 on his own site, mr-karim.com.
Baratov’s co-defendant Dokuchaev is embroiled in his own legal worries in Russia, charges that could carry a death sentence.  He and his former boss Sergei Mikhailov — once deputy chief of the FSB’s Center for Information Security — were arrested in December 2016 by Russian authorities and charged with treason.  https://krebsonsecurity.com/2017/12/carding-kingpin-sentenced-again-yahoo-hacker-pleads-guilty/
..........................................................................................................................
  Even though ChronoPay was headquartered in Amsterdam, the company developed into a true leader for processing credit card payments in Russia – controlling roughly 25% of the market share.  The company’s client roster boasted several Russian companies as well as larger multinational corporations including Sony and Microsoft. Most Russian charitable foundations and non-profit organizations also use ChronoPay, including Greenpeace and the Red Cross. Additional clients included Russia’s second largest airline, Transaero, and the country’s largest cellphone operator, MTS.  In 2011 ChronoPay had five worldwide offices; Moscow, Amsterdam, Barcelona, and Florida in USA and Riga in Latvia. There were two franchises in China and an active business in Brazil.  In 2011, the company had more than two hundred employees....
  In 2009, Pavel Vrublevsky, part of the working group on combating spam under the Ministry of Communications,[24] initiated a campaign against his former partner Igor Gusev (according to Spamhaus rating of the world's main spammer[25]), the owner of the largest partner spam network for sale Viagra Glavmed.[26]
  Experts agree that after the commencement of the criminal prosecution of Gusev and the closure of Spamit's spam in 2010, the global level of spam fell by half.[27]
  ...In 2007, Pavel Vrublevsky first came under the pressure of the Central of Information Security of the Federal Security Service of the Russian Federation,[34][35] in 2010 he accused the CIS of the FSB of Russia of treason and the promotion of the myth of the Russian cyberthreat, and in 2011 was arrested several times by officers of the FSB in the case Aeroflot.[36]  In 2016, on the basis of materials from Vrublevsky, officers of the CIS FSB were arrested[37][38] because of high treason,[39][40][41] which led to the termination of cooperation between the US and Russia on cybercrime [40].               https://en.wikipedia.org/wiki/Pavel_Vrublevsky
........................................................................................................................................




No comments:

Post a Comment