Cyber Warfare.

[TsarSamuil]

Foreign Policy Diary - Global Cyber Standoff.

South Front
May 31, 2016

[TsarSamuil]

Medvedev orders state agencies to switch to Russian-made software in 3 years.

RT.com
27 Jul, 2016 09:54

Russian Prime Minister Dmitry Medvedev has approved a plan under which local software companies receive strong preferences in tenders announced by federal ministries and other bodies of state power.

“I have approved the plan of transition to the Russian-made software for federal bodies of executive power as well as state-owned non-budget funds. The plan takes three years, including the current year,” the PM said at the session of the government commission for information technology.

Over this period of time, the government must prepare all necessary legal acts and requirements for the various software needed for operations of state bodies, including the standards for cloud technology.

The federal law and government order banning the use of all foreign-produced software in state and municipal agencies came into force in Russia on January 1 this year. According to these documents, state bodies and organizations that purchase software necessary for their work will have to choose from programs included in a special register of Russian software.

The register includes software copyrighted by the Russian government, state agencies, municipal bodies and Russia-registered non-profit groups or commercial companies - of which at least 50 percent is owned by Russians.

The software must be available all over the country and the share of license fees paid to foreign legal entities must not exceed 30 percent of overall proceeds. Currently there are about 1,000 software products in the register, but industry experts earlier told reporters that this number could rise to several thousand before the end of the year.

Exceptions are allowed in cases when the register lacks any programs with the necessary technical or operating features, but agencies intending to purchase foreign-made software would have to back their bid with a review from a group of independent experts.

The law setting preferences for Russian software producers is a part of a larger import-replacing plan that was presented to Medvedev by the Communications Ministry in early 2015. Apart from the foreign-made software ban, the document provides for government support to Russian software firms and measures to promote the development of the nation’s own operating systems.

Russian politicians and officials have repeatedly warned against the use foreign-made software in state bodies and government-owned companies due to the threats of surveillance and data leaks.

In October 2015, a group of leftist and nationalist MPs promised to draft a bill that would ban any use of products by Google, Yahoo and WhatsApp for government workers, under threat of fines or even dismissal. In 2014, members of the center-left party Fair Russia proposed officially recommending that all parliamentarians to stop using iPhones and iPads – also over fears of eavesdropping by foreign special services.

In mid-2013, MPs from the parliamentary majority United Russia party asked the Defense Ministry, Federal Security Service and the Communications Ministry immediately to limit civil servants’ access to the US internet services and social networks such as Gmail and Facebook. They also suggested that violators of the ban should be tried for high treason, which in Russia carries punishment of up to 20 years behind bars. This proposal has not inspired any legislative movements so far.

[TsarSamuil]

Communications Ministry mulls total control over Russian sector of the web - reports.

RT.com
19 Aug, 2016 10:52

The Communications Ministry has prepared a bill that formally defines critical digital infrastructure and allows only Russian companies to own the hardware and databases that control the .ru and .рф domains of the internet, mass media report.

Russian business newspaper Vedomosti reported on Friday that the Communications Ministry was proposing to change the Russian Law on Communications, with a separate article detailing the measures aimed at regulating the internet in the .ru domain and in the Cyrillic .рф domain.

Such measures would include defining critical internet structures consisting of the national domain zone as well as the infrastructure required for its operation, and the state system that would back up the information about internet exchange points, IP addresses and autonomous networks.

The law would also order that internet exchange points in the Russian sector of the web could only be owned by Russian companies. However, the current edition of the bill allows for foreign ownership of up to 20 percent of these points in future – a system similar to the one used in the current Russian Law on Mass Media. The rules are even stricter for national domain registers – the owners of such companies can be only Russian entities founded by the Communications Ministry and financed from a special “Universal Service Reserve” fund which, in turn, will be formed with a 1.2 percent income excise levied on all telecom corporations operating in the country.

Reports that the coordination of the Russian national domain in the internet could be put under the control of state structures had earlier been circulated by business daily Kommersant, but Vedomosti has now provided more details on the bill.

In March this year Russian Communications Minister Nikolay Nikiforov said in an interview with RT that the US government and certain US-registered corporations had a disproportionately strong influence on the internet, and the minister allowed for measures to establish Russia’s independence in this sphere.

He pointed out that in 2014 the US authorities promised to hand over control of one of the most critical parts of internet infrastructure – the Internet Corporation for Assigned Names and Numbers (ICANN) – from the US Department of Communications to a multi-stakeholder collective, but this move was later postponed. “With this prolonged monopolization, many countries in the world are working on technical solutions that would protect national segments of the internet from a possible external destructive action. They are creating backup infrastructures, which respond to a disruption – intentional or accidental – and prevent national segments from being blocked,” Nikiforov said.

The minister also added that the Russian government and private companies were heavily investing in the internet, and that the desire to protect these investments was only natural.

In 2014 the Russian president’s press secretary, Dmitry Peskov, commented on media reports claiming that the authorities allegedly had plans to “disconnect Russia from the global internet.” Peskov dismissed the reports as false, but noted that Russian special services and IT corporations were working to improve cyber security due to the unpredictable behavior of the West.

“We all know who the chief administrator of the global internet is. And due to its volatility, we have to think about how to ensure our national security,” the official stated. It’s not about disconnecting Russia from the worldwide web, but about “protecting it from possible external influence.”

[TsarSamuil]

CIA working on ‘clandestine’ cyberattack against Russia – report.

RT.com
15 Oct, 2016 04:09

The CIA is reportedly planning a “clandestine” cyberattack on Russia, in retaliation for its alleged efforts to influence the US elections against Hillary Clinton. The “wide-ranging operation” is meant to “embarrass” Russia’s leadership, NBC News reported.

“Current and former officials,” who the report claims have direct knowledge of the situation, say the CIA has been tasked with providing options to the White House.

Sources tell the channel that US intelligence has started preparations for the operation and has even obtained “reams of documents” to target Russian President Vladimir Putin and his “unsavory tactics.”

Earlier this week, the White House said President Barack Obama was weighing a “proportional response” to Moscow. Spokesman John Earnest told reporters that the president was still deciding on “response options” that would probably not be announced in advance and may never be disclosed.

As sources have told NBC News, there is “a division” at the Obama administration on whether or not Capitol Hill should retaliate.

"If someone has decided, ‘we've had enough of the Russians,’ there is a lot we can do. Step one is to remind them that two can play at this game and we have a lot of stuff. Step two, if you are looking to mess with their networks, we can do that, but then the issue becomes, they can do worse things to us in other places,” a former CIA officer, who worked on Russia, said.

The same source has also revealed that it was not an unusual practice for the White House to ask the CIA to pitch options for anti-Russia measures, including cyberattacks. However, it never went further than just requests.

"We've always hesitated to use a lot of stuff we've had, but that's a political decision," the former CIA officer said.

Another former officer confirmed the words of his colleague to NBC News. As the one who helped run intelligence operations against Russia, he said that over the years he was asked several times to work on action plans, but "none of the options were particularly good, nor did we think that any of them would be particularly effective."

He believes that embarrassing Putin was a particularly tough case, because there is not anything the US can do to which Russia would not be able to respond. Of a hypothetical example being made of Russian bank accounts, he said: "Do you want to have Barack Obama bouncing checks?"

The CIA's cyber operation is being prepared by a team within, the documents indicate.

According to officials, the CIA's Center for Cyber Intelligence has a team of “hundreds and a budget in the hundreds of millions.”

On Friday, Vice President Joe Biden told NBC’s "Meet the Press" that the US is “sending a message" to Putin and that "it will be at the time of our choosing, and under the circumstances that will have the greatest impact."

When asked if Americans would know a message was sent, Biden replied, "hope not,” essentially echoing the White House.

WikiLeaks, however, expressed doubt over the seriousness of the report about the “clandestine” cyberwar on Russia.

Accusations against Russia have been louder in recent days with WikiLeaks releasing thousands of dubbed “Podesta emails” exposing Hillary Clinton’s connections to Wall Street, views on Syria and details of her presidential campaign. In much of the US media reporting, the perception is that the Kremlin works along with WikiLeaks, providing it with materials to post. The allegations have been denied both in Moscow and by WikiLeaks.

Responding to Washington’s official accusations on October 7, Russian presidential press secretary Dmitry Peskov said it was “yet another fit of nonsense,” stating that “tens of thousands of hackers” try to break into the sites of Russian officials. However, he stressed, Moscow never pointed a finger at the US.

This week, Russian Foreign Minister Sergey Lavrov dismissed the claims of Russia trying interfere in the US presidential election as "ridiculous.”

"It's flattering, of course, to get this kind of attention – for a regional power, as President Obama called us some time ago," Lavrov said in an interview with CNN. "Now everybody in the United States is saying that it is Russia which is running the [US] presidential debate," he said, adding, "we have not seen a single fact, a single proof."

[TsarSamuil]

Vid,
www.rt.com/news/362936-putin-brics-press-conference/

Putin on Biden cyberthreat: First time US admits such thing on highest level.

RT.com
16 Oct, 2016 11:33

Commenting on US Vice President Joe Biden’s statement on the possibility of cyberattacks against Russia, Vladimir Putin said it’s the first time that Washington has admitted involvement in such actions.

Putin noted that US threats of hack attacks do not correspond to the norms of international relations.

"The only novelty is that for the first time, on the highest level, the United States has admitted involvement in these activities, and to some extent threatened [us] – which of course does not meet the standards of international communication,” the Russian leader said.

“Apparently, they are nervous,” he added.

US Vice President Joe Biden said on Friday that Washington is ready to respond to hack attacks it claims were conducted by Russia and designed to interfere with the upcoming US election. “We are sending a message [to Putin],” Biden told NBC. “He’ll know it. It will be at the time of our choosing, and under the circumstances that will have the greatest impact,” the US vice president said.

Biden’s threats coincided with reports that the CIA is planning a “clandestine” cyberattack on Russia, in retaliation for its alleged efforts to influence the US election against Hillary Clinton.

“One can expect just about anything from our American friends. After all, what did he (Biden) say that we didn’t already know? Didn’t we know that US authorities are spying and eavesdropping on everyone?”

These activities are “well known to everyone, it’s no secret,” Putin added.

In portraying Russia as an enemy, the United States wants to divert attention from its own domestic problems. “There are many problems [in the US], and in these circumstances, many choose to resort to the tried and tested system of diverting voters’ attention from their own problems. That’s what we are currently witnessing, I think.”

One can distract attention from domestic problems by creating an enemy, in order “to unite the nation in the fight against this enemy.”

“Portraying Iran and the Iranian nuclear threat as an enemy didn’t work. [Portraying] Russia [as an enemy] seems more interesting. In my opinion, this particular card is now being actively played,” Putin said.

“Too bad that based on the current [US] internal political problems, Russia-US relations are being sacrificed. This actually destroys international relations in general,” Putin noted.

Russia does not want confrontation with the US, but it is up to our partners to decide, he said.

“We do not know what will happen after the US elections, but welcome everyone who wants to work with us,” he said.

Speaking about the US election campaign, Putin noted that it is “harmful and counterproductive” to “sacrifice US-Russian relations in the course of internal political events in America.” This has all happened before, Putin noted.

“Analyze all previous election campaigns [in the US] – it all repeats over and over again, like I’ve said. And then we have people whispering to us, ‘Oh, wait, wait, it’ll be over soon, things will go back to normal,’” Putin said.

“It’s not even funny anymore. But if someone wants a confrontation – this is not our choice, and it means that there will be some problems. We don’t want that. We would like, on the contrary, to seek common ground and work together to solve global problems faced by both Russia and the United States, along with the whole world,” Putin concluded.

Russia is not going to influence the election campaign in the United States, because it does not know what will happen after the elections.

“I hope that after the election period in the US, there will be a chance to restore relations between Moscow and Washington,” Putin said.

US-Russia relations didn’t deteriorate because of Syria, Putin said.

“You think our relations with the United States changed because of Syria? No, not because of Syria, but because of attempts of one side to impose its decisions on the whole world.”

Moscow is permanently in touch with the Obama administration, though all contacts continue in all directions, he added.

[TsarSamuil]

Russian military launches own ‘closed internet’ for classified data exchange – report.

RT.com
19 Oct, 2016 10:06

Russian military forces have completed the creation of own electronic communication system that is completely independent from the internet and protected from unlicensed connections, allowing for fast and safe transfer of classified information.

A source in the Defense Ministry has told popular Russian daily Izvestia that the official name of the network is the ‘Closed Data Transfer Segment’ and that the facilities it’s based on are partially owned by the military and partially rented from the state communications agency Rostelecom. Servers of the network will be located in every Russian military unit, but access to them will be heavily restricted.

The source also said that the Closed Data Transfer Segment was completed already in late summer and is now in fully functioning state, but works are under way to expand it with additional terminals in every military unit.

The structure of the Russian ‘military internet’ is similar to the one of the conventional World Wide Web, but it is accessible only on computers that use the dedicated operating system developed by the Russian Military Forces. The hardware also has to be certified by the General Staff’s directorate for protection of state secrets to ensure that it is impossible to even plug in an uncertified device, including printers, scanners and flash drives.

The military internet also has its own mail service that allows for strictly internal exchange of messages.

Russian presidential adviser for internet issues, German Klimenko, said in comments that he considered it correct that the Closed Data Transfer Segment has absolutely no connection to the internet.

“Anything that is connected can be broken into and therefore is not safe,” he said.

The head of the Russian Foundation for Development of Internet Technology and Infrastructure, Dmitry Burkov, said that it was appropriate that Russian military forces employed a unified approach to the problem, unlike their US colleagues.

“Americans have had quite a lot of holes in their network. They were changing network protocols on-the-go and besides, they had a lot of separate networks for every branch of forces and lastly – their system has too many connection points with the internet, which raises the danger of unsecure access,” he said.

“As far as I understand, Edward Snowden has been working for one of the NSA’s subcontractors and had access to this network which allowed him to gain access to the data that he made public. I hope our people have not made similar mistakes when they planned the network and that they have taken additional security measures.”

[TsarSamuil]

Russia launches dedicated anti-hacking center for defense industry.

RT.com
7 Nov, 2016 11:15

Russian state-run weapons corporation Rostec has set up a special center for countering cyber-attacks on all Russian defense enterprises and companies, a popular daily reports.

Rostec’s director for data security, Aleksandr Yevteyev, told Izvestia that the new structure will be called the ‘Corporate Center for Detection, Prevention and Liquidation of Consequences of Computer Attacks’.

The main purpose of the center is to detect attempts to break into data networks of Russian defense enterprises and cut off data arrays in order to prevent information leaks. After this, the data security specialists would pass all information on the attempted hacking to Russia’s Federal Security Service (FSB).

Yevteyev also said that the new system will start working with purely defense enterprises, such as the Unified Instrument-Building Corporation, Helicopters of Russia, High-Precision Complexes and the Unified Engine Building Corporation. The first stage of the system will be completed before the end of 2017.

Over the past few years, Russian authorities have taken considerate measures to protect the nation’s data facilities and networks from leaks and attacks. In mid-2014 Russian introduced the federal law that obliges all internet companies collecting personal information from Russian citizens to store that data inside the country. The sponsors of the bill reason that it will prevent foreign states from misusing Russian citizens’ personal data and strengthen Russia’s national security. They also said the new law accords with the current European policy of legally protecting online personal data.

In July this year, President Vladimir Putin signed into law a set of anti-terrorist amendments that contained the obligation for communication companies, including internet providers, to retain information about their clients’ data traffic for three years (one year for messengers and social networks) and also to keep actual records of phone calls, messages and transferred files for six months.

Despite these steps, attempts to disrupt important Russian data networks continue. Also in July, the FSB reported that computer systems in about 20 Russian state defense, scientific and other high-profile organizations had been infected with malware used for cyberespionage.

The agency said that all the cases are linked and appear to be part of a well-coordinated attack requiring considerable expertise. The coding of the malware and vectors of attack are similar to those used in previous cyber-offensive operations against targets in Russia and other nations, the report stated.

The agency did not specify which party it suspects to be behind the reported cyber espionage or whether it was sponsored by any foreign government.

[TsarSamuil]

70mn cyberattacks, mostly foreign, targeted Russia’s critical infrastructure in 2016 – FSB.

RT.com
25 Jan, 2017 01:22

Over the past year, Russia had to repel a whopping 70 million cyberattacks endangering its critical information infrastructure, Federal Security Service (FSB) communications and security spokesman Nikolay Murashov revealed on Tuesday.

“Seventy million cyberattacks [targeted] relevant facilities of the Russian Federation during this year,” the official told a State Duma committee for Information Policy, adding that the bulk of the attacks originated from abroad.

Touching on Russia’s readiness to ward off the mounting number of cyber threats, Murashov insisted that “at present, Russia has sufficient potential in the development of means of information security.”

However, while many major Russian companies, such as state-controlled energy giant Gazprom and those in charge of critical railway infrastructure, are considered well-protected, there are enterprises that remain particularly vulnerable to such attacks.

“There are companies, where, from our point of view, there is not enough attention being paid to this issue,” Murashev said.

The committee’s meeting was centered on debate over a new bill titled “On the Security of Critical Infrastructure of the Russian Federation,” that is designed to ensure that all companies deemed to be a part of Russia’s critical infrastructure are equipped with effective means to fight off the cyberattacks.

The draft bill envisions that a special register of all companies and agencies that control objects of critical infrastructure be drawn up. Once the entity is in the list, it will be obliged to purchase means for detection and countering cyberwarfare, as well as to report all attempts to disrupt their information security to the relevant state bodies and provide assistance in the investigations that follow. The companies will be divided into three groups, gauging the degree to which their infrastructure is critical.

The bill, which is still in the works, was reportedly backed by State Duma’s Committees for Security and Information Policy on Tuesday, paving the way for its final passage by lawmakers, Russia’s Izvestia daily reported, citing State Duma sources.

So far, it is unclear what state agency will be entrusted with the right to choose the companies for the list, although the FSB has been touted as the most likely pick.

Apart from measures to enhance the protection of critical infrastructure objects, the bill aims to deter potential cyberattacks with heavier punishments. Perpetrators who are writing and spreading malicious computer programs with a purpose of attacking Russia’s critical information infrastructure would face up to 10 years in jail.

This comes after a number of Russia’s security bodes spoke of a heightened threat to Russia’s cybersecurity, citing an increased rate of hacking attacks.

Earlier in January, the head of Russia’s Security Council, Nikolay Patrushev, told Rossiyskaya Gazeta daily that Russia has witnessed “a growing number of attempts to inflict damage to Russian information systems from abroad,” by means of hacking attacks and unlawful collection of personal data. Patrushev noted that while Washington under Barack Obama’s administration was constantly accusing Russia of hacking, “all major internet servers are located on US territory and are used by Washington for intelligence and other purposes aimed at retaining [US] dominance in the world.”

In December, the FSB issued an alert, warning of an imminent cyberattack that it said was about to target Russia’s financial system. The FSB traced the planned large-scale attack to servers and command centers in the Netherlands belonging to a Ukrainian hosting company. Russia’s Communications Ministry has worked out potential counter-measures in connection with the threat.

[TsarSamuil]

#Vault7: How CIA steals hacking fingerprints from Russia & others to cover its tracks.

RT.com
7 Mar, 2017 20:44

The CIA can hide its own fingerprints from its hacking exploits and attribute blame to others, such as Russia and China, according to WikiLeaks’ Year Zero confidential data release.

Every hacking technique leaves a “fingerprint” which, when collated, can be used to connect different attacks and tie them to the same culprit.

The CIA’s Remote Development Branch (RDB)’s Umbrage sub-group collects an archive of hacking exploits created by other actors, like Russia and other hackers, and leaves this false trace for others to detect.

Umbrage captures and collects keyloggers, passwords, webcam captures, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques.

This allows the CIA to not only steal other’s hack techniques, but falsely apportion blame to those actors.

Hacking Team

An Umbrage document shows how the agency mined information from a breach of Italian “offensive security” vendor Hacking Team, that boasts governmental and law enforcement clients.

Some 400GB of data including “browser credential stealing” and “six different zero-day exploits” was released in the breach, which Umbrage studied and added to its repository.

DNC hack

In the case of the Democratic National Committee (DNC) hack, which reports have connected to Russia, the fingerprints used to link blame to Russian hackers may have been manipulated.

Binoy Kampmark, legal and social sciences academic, told RT the technique is widely used not just by the CIA, but by other agencies worldwide, and had recently been used for tapping into the US elections.

“That’s one of the classic aspects of it which is done of course not just by the CIA, but by other agencies – that is to give the impression that the attack is coming from another source, and that’s one of the state-of-the-art ways of doing it,” Kampmark said.

“It throws the investigators off the scent by giving the impression [the attack] comes from multiple targets and sources and that’s what’s what happened in one of the cases that has been made in recent time – the allegations of hacking and interference in electoral system.”

Crowdstrike, a private security firm linked to the Atlantic Council, found the hackers who accessed the DNC emails (and those of Clinton campaign chair John Podesta) left “clues,” which Crowdstrike attributed to Russian hackers.

Malware dug into the DNC computers was found to be programmed to communicate with IP addresses associated with Fancy Bear and Cozy Bear - hacking groups that Crowdstrike says are controlled by Russian intelligence.

Metadata found in a file contained modifications by a user using Cyrillic text and a codename Felix Edmundovich.

While the documents released don’t tie Crowdstrike to the CIA’s Umbrage program, the data demonstrates how easily fingerprints can be manipulated, and how the CIA’s vast collection of existing malware can be employed to disguise its own actions.

Former Pentagon official Michael Maloof says that by using Russian “fingerprints” the CIA may have deliberately put the blame for hacking on the Russians.

“Apparently they were able to obtain Russian malware and then they can turn that around and make it look like [attacks] were coming from Russia. And that gets into a political narrative that we’re hearing these days of hacking and what have you, blaming it all on the Russians.

“But was it something that earlier hackers obtained from the release of this information and then turned it around in order to put the blame on the Russians – big question,” he told RT.



---------------

Malware expert says ‘fingerprint’ switch shows past attacks blamed on Russia, China are work of CIA.

RT.com
9 Mar, 2017 19:33

Following revelations that the CIA can reportedly attribute its hacking activity to others, an anti-virus expert has said that attacks previously blamed on others are now attributable to the CIA, according to WikiLeaks founder Julian Assange.

News that the CIA could make its malware look as if it derived from Russia, China or other actors emerged as part of WikiLeaks’ ‘Year Zero’ data release on Tuesday.

According to the leaked information, the CIA’s malware allows the intelligence agency to not only steal hacking techniques, but also to leave false “fingerprints” to make it appear as if others were responsible for the attack.

Speaking in a livestream on Thursday, Assange announced that WikiLeaks will give tech companies access to the methods used by the CIA in its hacking operations. Assange then said that after the revelation, an anti-virus expert approached WikiLeaks to say that attacks previously blamed on Russia, China and Iran have now been pinned on the CIA.

“The technology is designed to be unaccountable, it’s designed to be untraceable, it’s designed to hide itself. It’s designed to throw off people looking to see where there are fingerprints that might demonstrate who authored that technology," Assange explained.

“We have quite a lot more material that talks about these attempts to throw off attribution to discover who is actually behind a particular cyberattack,” the Australian said, hinting at further revelations to come in future ‘Vault 7’ WikiLeaks releases.

“Already an anti-virus expert has come forward to say that sophisticated malware that he had attributed to a state, either Iran, China or Russia, now he believes is from the CIA because the type of attack system it uses corresponds directly to a description we published of that attack system.”

“And it’s rare enough that it seems unlikely that it would be independently discovered, unless of course China has already gotten hold of these parts of the CIA arsenal and that China is using them to pretend to be the CIA.”

The WikiLeaks founder also warned that because the technology hides its origin its completely open to being abused without consequences.

“There’s absolutely nothing to stop a random CIA officer, or contractor, or liaison agent working for the British, using that technology against whoever they like for whatever reasons they like,” he warned.

[TsarSamuil]

Kaspersky Lab under attack as it found something the US didn't like – company head.

RT.com
17 Nov, 2017 01:46

Russian cybersecurity company Kaspersky Lab has fallen victim to a witch hunt in the US just because it did its job too well, the company’s CEO, Eugene Kaspersky, said. He added that his firm might have stumbled upon some secret US business.

The whole situation around the US ban on the use of Kaspersky Lab antivirus products by federal agencies “looks very strange,” Kaspersky told Germany’s Die Zeit daily, adding that the whole issue in fact lacks substance. “It was much more hype and noise than real action,” he said.

Kaspersky then explained that the US authorities ordered all governmental agencies to remove all the company’s software from their computers, even though “we had almost zero installations there.” With little real need for such measures, they were apparently aimed at damaging the company’s reputation.

“It seems that we just do our job better than others and that made someone very disappointed,” Kaspersky said of the motives behind the US government’s move. “It seems that we detected some unknown or probably very well-known malware that made someone in the US very disappointed.”

At the same time, he stressed that his company does not collect “any sensitive personal data,” not to mention any classified documents, adding that the only data Kaspersky Lab is hunting for is “new types of malware, unknown or suspicious apps.”

The Russian cybersecurity company was indeed accused by the US media of using its software to collect the NSA technology for the Russian government – something that Kaspersky Lab vehemently denied.

According to US media reports in October 2017, an employee from the National Security Agency (NSA) elite hacking unit lost some of the agency's espionage tools after storing them on his home computer in 2015. The media jumped to blame Kaspersky Lab and the Kremlin.

Following the reports, the company conducted an internal investigation and stumbled upon an incident dating back to 2014. At the time, Kaspersky Lab was investigating the activities of the Equation Group – a powerful group of hackers that later was identified as an arm of the NSA.

As part of Kaspersky’s investigation, it analyzed information received from a computer of an unidentified user, who is alleged to be the security service employee in question. It turned out that the user installed pirated software containing Equation malware, then “scanned the computer multiple times,” which resulted in antivirus software detecting suspicious files, including a 7z archive.

“The archive itself was detected as malicious and submitted to Kaspersky Lab for analysis, where it was processed by one of the analysts. Upon processing, the archive was found to contain multiple malware samples and source code for what appeared to be Equation malware,” the company’s October statement explained.

The analyst then reported the matter directly to Eugene Kaspersky, who ordered the company’s copy of the code to be destroyed.

On Thursday, Kaspersky Lab issued another statement concerning this incident following a more extensive investigation. The results of the investigation showed that the computer in question was infected with several types of malware in addition to the one created by Equation. Some of this malware provided access to the data on this computer to an “unknown number of third parties.”

In particular, the computer was infected with backdoor malware called Mokes, which is also known as Smoke Bot and Smoke Loader. It is operated by an organization called Zhou Lou, based in China.

Kaspersky Lab, a world leader in cybersecurity founded in Moscow in 1997, has been under pressure in the US for years. It repeatedly faced allegations of ties to the Kremlin, though no smoking gun has ever been produced.

In July, Kaspersky offered to hand over source code for his software to the US government, but wasn't taken up on the offer. In October, the cybersecurity company pledged to reveal its code to independent experts as part of an unprecedented Global Transparency Initiative aimed at staving off US accusations.

Kaspersky has been swept up in the ongoing anti-Russian hysteria in the US, which centers on the unproven allegations of Russian meddling in the 2016 presidential elections. In September, the US government banned federal agencies from using Kaspersky Lab antivirus products, citing concerns that it could jeopardize national security and claiming the company might have links to the Kremlin. Eugene Kaspersky denounced the move as “baseless paranoia at best.”

Even as Kaspersky Lab is offering its cooperation to US authorities, on Thursday, WikiLeaks published source code for the CIA hacking tool “Hive,” which was used by US intelligence agencies to imitate the Kaspersky Lab code and leave behind false digital fingerprints.

The US might be targeting Kaspersky Lab in its witch hunt because the company might be able to disprove American allegations against Russia, experts told RT. “We have Kaspersky saying, 'We can do this. We can prove some of these hacks are not Russian, they are American,’ when it comes to the presidential elections. And so they needed to discredit them,” former MI5 analyst Annie Machon said.

The campaign against the Russian cybersecurity firm could go back as early as to 2010, when Kaspersky Lab revealed the origin of the Stuxnet virus that hit Iran's nuclear centrifuges, she told RT. Back then, Kaspersky Lab stated that “this type of attack could only be conducted with nation-state support and backing.” Nobody claimed responsibility for the creation of the malware that targeted Iran. However, it is widely believed that the US and Israeli intelligence agencies were behind Stuxnet.

[TsarSamuil]

Russia to launch ‘independent internet’ for BRICS nations - report.

RT.com
28 Nov, 2017 10:00

The Russian Security Council has asked the country’s government to develop an independent internet infrastructure for BRICS nations, which would continue to work in the event of global internet malfunctions.

The initiative was discussed at the October meeting of the Security Council, which is Russia’s top consultative body on national security. President Vladimir Putin personally set a deadline of August 1, 2018 for the completion of the task, the RBC news agency reported.

While discussing the issue, members of the council noted that “the increased capabilities of western nations to conduct offensive operations in the informational space as well as the increased readiness to exercise these capabilities pose a serious threat to Russia’s security.”

They decided that the problem should be addressed by creating a separate backup system of Domain Name Servers (DNS), which would not be subject to control by international organizations. This system would be used by countries of the BRICS bloc – Brazil, Russia, India, China and South Africa.

The issue of excessive dependency on global DNS has previously been addressed by Russia. In 2014, the Russian Communications Ministry conducted a major exercise in which it simulated the “switching off” of global internet services and used a Russian backup system to successfully support web operations inside the country.

However, when reporters asked Vladimir Putin’s Press Secretary Dmitry Peskov if the country’s authorities had been considering disconnecting from the global internet in 2014, Peskov dismissed these allegations as false.

“Russia’s disconnection from the global internet is of course out of the question,” Peskov told the Interfax news agency. However, the official also emphasized that “recently, a fair share of unpredictability is present in the actions of our partners both in the US and the EU, and we [Russia] must be prepared for any turn of events.”

“We all know who the chief administrator of the global internet is. And due to its volatility, we have to think about how to ensure our national security,” said Peskov. It’s not about disconnecting Russia from the World Wide Web, he added, but about “protecting it from possible external influence.”

[TsarSamuil]

Russia Moves Toward Creation Of An Independent Internet.

Russia Insight
Feb 10, 2018



58 percent said yes. These are the results of a survey by the Russian Public Opinion Research Center about whether Russia needs its own Internet. Or rather not only Russia. It’s about creating an isolated network for the BRICS countries.

[TsarSamuil]

Telegram not ready to assist Russian security services in tackling terrorist threat – FSB head.

RT.com
8 Nov, 2018 15:29

The Telegram messaging app acknowledges that thousands of its users are involved in terrorist activities, but still refuses to assist security services, Aleksandr Bortnikov, FSB head, said, calling the situation “paradoxical.”

The owners of Telegram have “difficulties” understanding the need to facilitate the work of Russian government agencies, fighting against terrorism, Bortnikov said.

He reminded that the company refused to provide the Federal Security Service (FSB) with access to its encryption keys, saying that it would violate the rights of its clients and promising to delete illegal communications itself.

Telegram acknowledges that around 5,000 of its Russian users have acted in a way that revealed their affiliation to terrorist groups, Bortnikov said.

In view of this fact, we asked the messaging service’s administration to "please, give us this information so that we can take it into account.’ But they don’t give it to us all the same, paradoxically,” he said.

However, the FSB head pointed out that the work to “find consensus and understanding” with Telegram on the issue must continue.

Bortnikov said that the use of encrypted messaging apps, like Telegram, by terrorists is a pressing issue, which has been among those discussed at the meeting of Russian security chiefs in Moscow.

Russia’s consumer rights watchdog Rospotrebnadzor, has been blocking Telegram in the country since April in accordance with a court order, which followed the messenger’s refusal to cooperate with the FSB.

The watchdog’s head, Aleksandr Zharov, had dismissed the company’s claims that passing encryption keys to the law enforcers was technically impossible as “slyness.”

[TsarSamuil]

Russia’s Cybershield: Billions of Hacking Attacks on Critical Infrastructure Repelled Every Year.

Vesti News
Dec 12, 2018



Russian cyber security specialists had to repel billions of cyber attacks this year alone. Today, one of the officials of the center established specifically to repel virtual attacks told how they try to hack our systems from abroad. It's not individuals who act against us, but well-organized squads which have tens of thousands of computers in almost half of the world's countries. There's a political implication in the dates which they choose for their attacks.

[TsarSamuil]

#1 on Trending

Joe Rogan Experience #1368 - Edward Snowden.

PowerfulJRE
Oct 23, 2019



Edward Snowden is an American whistleblower who copied and leaked highly classified information from the National Security Agency in 2013 when he was a Central Intelligence Agency employee and subcontractor. His new book "Permanent Record" is now available.