False Flags: The Kremlin’s Hidden Hand

Uploaded on 2016-06-28 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW

The notorious hacking gang calling itself the Cyber Caliphate might not be what it claims to be.

For two years the so-called Cyber Caliphate has been the online weapon brandished by the Islamic State against its enemies. Its hacking offensive, including aggressive use of social media, made front-page news around the world, heralding a new front in that murderous group’s worldwide jihad against “infidels.”

Pledging support to ISIS, the Cyber Caliphate hacked and defaced U.S. Government websites and social media feeds, including those of Central Command, the Pentagon’s Middle East headquarters. Numerous smaller cyber-attacks followed. They also hacked into Department of Defense databases and posted the personal information of 1,400 American military affiliates online.

The Cyber Caliphate has attacked targets in many countries, including allegedly accessing top secret emails belonging to senior British government officials. The most public of their attacks was the April 2015 hijacking of several feeds belonging to the French channel TV5Monde, which included defacing its website with the slogan “Je suis ISIS.” This assault, seen by millions of people worldwide, gave the group the notoriety it craved.

The American-led coalition against ISIS has taken the Cyber Caliphate threat seriously, devoting significant intelligence resources to tracking and studying the group. Western fears increased this April with the announcement that disparate ISIS hackers were merging, creating a new United Cyber Caliphate, designed to be a major expansion of the existing Cyber Caliphate. Drawing together jihadist hackers from many countries, this would constitute a major online threat.

In response, the Pentagon in late February announced the unleashing of real cyber-war against ISIS, including attacks by U.S. Cyber Command against the Islamic state’s communications, in an effort to disrupt their activities both kinetic and online. Neither are the Pentagon’s efforts to shut down the Islamic State’s online antics limited to the Internet. In August 2015, a drone-strike at Raqqa, ISIS’s Syrian stronghold, killed Junaid Hussain, a 21-year-old British jihadist of Pakistani origin who was the group’s best-known hacker.

However, there have long been whispers that the Cyber Caliphate is not what it claims to be. French intelligence examined the group closely after the TV5Monde attack and concluded that the hackers involved actually had nothing to do with the Islamic State. Rather, they were affiliates of a hacking collective known to be affiliated with the Kremlin, in particular APT 28, a notorious group that’s a secret arm of Moscow, according to Western security experts.  In other words, the Cyber Caliphate is a Russian intelligence operation working through what spies term a cut-out.

Cyber Caliphate is a Russian false-flag operation—nastier intelligence services will masquerade as terrorists to further their agenda.

US secret agencies, including the National Security Agency, which controls American cyber-espionage and works closely with CYBERCOM, came to similar conclusions. “APT 28 is Russian intelligence, it’s that simple,” explained an NSA expert to me recently. Hence the mid-2015 State Department security report that, while assessing the jihadist hackers as a formidable threat, nevertheless concluded, “Although Cyber Caliphate declares to support [the Islamic State], there are no indications—technical or otherwise—that the groups are tied.”

This has become the consensus view among Western intelligence services that have closely examined ISIS hacking efforts. From the newsmagazine Der Spiegel we now learn that German spy services too have concluded that the Cyber Caliphate is really a secret Russian operation. German intelligence assesses that the Kremlin has some 4,000 hackers on the payroll of its security agencies, including the General Staff’s Main Intelligence Directorate or GRU, the Foreign Intelligence Service or SVR, and the Federal Security Service or FSB. Together, this is a formidable offensive cyber force that operates through fronts and cut-outs to attack Western interests.

In other words, the Cyber Caliphate is a Russian false-flag operation. Although that loaded term has been hijacked by tinfoil-hat wearers and fringe websites, including lunatics who think horrific school shootings didn’t actually happen, it’s a perfectly legitimate espionage method of venerable vintage. Spy agencies routinely pose as third parties for operational purposes such as agent recruitment and covert action. The nastier intelligence services will even masquerade as terrorists to further their agenda.

Nobody is more adept at this dodgy practice than the Russians, who have been using false-flags in their spy work for more than a century. Indeed, for the Kremlin, this commonplace practice constitutes a key element of what they term provocation (provokatsiya in Russian), meaning the use of spies and their agents to cause secret political effects that are helpful to Moscow and hurtful to Moscow’s enemies.

The idea that Vladimir Putin authorized his intelligence agencies to go to cyber war against the West under an ISIS cloak is anything but shocking to anybody informed about longstanding Russian espionage tradecraft, what they tellingly refer to as konspiratsiya (yes, “conspiracy”). The only innovation here is the online aspect. Everything else reflects a century of “lessons learned” in Kremlin spy work. These are the sorts of clandestine things Putin was trained in and actually did as a KGB officer. And “there are no ‘former’ intelligence officers,” as the Russian president has stated.

This has implications far beyond the Islamic State. News this week that Russian-affiliated hackers have pillaged Washington, DC, including raiding the Democratic National Committee and Hillary Clinton’s campaign, ought not surprise. Among the items pilfered from the DNC include opposition research on Donald Trump, the presumptive Republican presidential nominee.

America has neglected counterintelligence for so long that we have allowed Russian intelligence into the heart of not just our security services but of our democracy itself.

Now we learn that these Kremlin hacking efforts extend far beyond the DNC. Targets in recent Russian cyber-attacks include numerous think-tanks, law firms, lobbyists, and consultants. There were also almost 4,000 Google accounts targeted in a “spear-phishing” campaign to steal personal and privileged information. It’s clear that this coordinated offensive aimed at the heart of our nation’s capital stole a great deal of inside knowledge about America’s political elite that would be of high value to any foreign intelligence service.

Inside information about how American politics actually works—including secret deals between politicians, lobbyists, lawyers, and consultants—would definitely be something Putin would want to know as his government seeks to understand and influence our political elite, including whoever is elected our next president.

America has neglected counterintelligence for so long that we have allowed Russian intelligence into the heart of not just our security services but of our democracy itself. Aided by top secret information stolen by their guest Edward Snowden from NSA about how US cybersecurity works, Kremlin spies are now feasting on whatever they like in Washington.

Whoever moves into the White House in January will face digging out from a security debacle of unprecedented proportions, with the Kremlin holding the upper hand across the board.

Observer:  

« Charge Companies for Cyber Security Failures
The Future Of Policing In The Digital Age »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Magnet Forensics

Magnet Forensics

Magnet Forensics' family of digital forensics products are used globally by thousands of law enforcement, military, government and corporate customers.

Stormshield

Stormshield

Stormshield is a European leader in digital infrastructure security. We offer smart, connected solutions in order to anticipate attacks and protect digital infrastructures.

AET Europe

AET Europe

AET Europe is specialised in creating technological solutions for user identification and authentication.

InnoSec

InnoSec

InnoSec is a software manufacturer of cyber risk management technology.

Cybersixgill

Cybersixgill

Cybersixgill was founded with a single mission: to protect organizations against malicious cyber attacks that come from the deep and dark web, before they materialize.

Cyberra Legal Services (CLS)

Cyberra Legal Services (CLS)

Cyberra Legal Services provides cyber law advisory, cyber crime consultancy, cyber law compliance audit, cyber security, cyber forensics and cyber training services.

Cryptosense

Cryptosense

Cryptosense provides the first application security software dedicated to the detection and remediation of crypto vulnerabilities.

Sysdig

Sysdig

With Sysdig teams find and prioritize software vulnerabilities, detect and respond to threats, and manage cloud configurations, permissions and compliance.

iTechArt Group

iTechArt Group

iTechArt is a top-tier custom software development company offering Cybersecurity Consulting, Application Security Testing, Risk Management and Compliance, and Infrastructure Security services.

Etonwood

Etonwood

Etonwood specialises in infrastructure and vendor technology recruitment in areas including cloud platforms, cyber security and service management.

Upfront Security

Upfront Security

Upfront Security helps companies with innovative products & services to prevent, recognise and recover from (identity) fraud.

Global Cybersecurity Association (GCA)

Global Cybersecurity Association (GCA)

GCA’s Symposium and conferences featuring global thought leaders and CISOs provide a global best practice perspective on cybersecurity.

Quantum Star Technologies

Quantum Star Technologies

Quantum Star Technologies has developed Starpoint to be a next-next-generation solution to cyber security threats. Our mission is to secure the online world through our patented technology.

Verica

Verica

Verica uses chaos engineering to make systems more secure and less vulnerable to costly incidents.

Skyhawk Security

Skyhawk Security

Skyhawk Security is the originator of Cloud threat Detection and Response (CDR), helping hundreds of users map and remediate sophisticated threats to cloud infrastructure in minutes.

SektorCERT

SektorCERT

SektorCERT is the cybersecurity center for the critical infrastructure sectors in Denmark. We help detect and handle when critical infrastructure is exposed to cyber attacks.