And Now a Word from the Professionals

I give you the USMC Small War’s Manual. You want to fight a rebellion? Lead a revolution? Overthrow tyranny? Counter an insurgency? Get to reading!

I’m personally going to the gym…








Self Inflicted Wounds: Blind, Deaf, and Maybe Dumb

In the street of the blind, the one eyed man is the guiding light

Genesis Rabbah (300-500 CE)

Last week Yediot Ahronot reported, now confirmed by Haaretz and The Jerusalem Post, that Israel’s Intelligence Community has itself been warned to be careful sharing and transferring information and intelligence with the White House during the next Administration.  Now the Sunday Times of London and The Guardian are reporting that our British allies are very, very concerned:

A British intelligence source with extensive transatlantic experience said US spies had labelled Trump and his advisers’ links to the Kremlin problematic. “Until we have established whe­ther Trump and senior mem­­bers of his team can be trusted, we’re going to hold back,” the source told the Times. “Putting­ it bluntly, we can’t risk betraying sources and methods to the Russians.”

The concern is that any information and intelligence shared after the transition  will wind up with the Russians and the Russians would likely provide it to the Iranians (and the unspoken bit here for the Israelis is the Iranians would share it with the Syrians and Hezbullah). That this information quickly leaked from the Israelis is not an accident or a coincidence. It was intended to leak in order to provide the same message to our other allies and partners: that anything shared with the incoming Administration’s White House team may wind up with Russia. Through the Israeli leak the US’s other allies, partners, and clients have now been warned. This includes the other four members of the Five Eyes Intelligence alliance, the rest of our NATO allies, and other allies and partners. They have all been put on notice that the US Intelligence Community thinks that the incoming President, Vice President, their strategy, policy, and communication advisors, the incoming National Security Advisor and his deputies, and the rest of the incoming White House team cannot be trusted with classified information.

This means that the US will have its ability to see and hear seriously restricted starting next Friday. We won’t be blind, as we’ll still have our own capability, but our vision will be significantly dimmed and our hearing significantly dulled. This will make managing and mitigating the foreign, defense, and national security problem sets that we are currently facing, let alone the ability to anticipate future ones, much more difficult. And this includes the ongoing Russian active measures, influence, and cyber operations directed at us, at our allies, and at our partners.

We are off the looking glass and through the map.



The Maskirovka Slips IX: KOMPROMAT!!!! (Updated)

CNN has reported that a two page synopsis was appended to the classified briefing given to the President, the President-elect, and the Gang of Eight (The Speaker of the House, the House Minority Leader, Senate Majority and Minority Leaders, and the chairs and ranking members of the House and Senate Intelligence Committees) stating that a retired MI6 officer had reported to the FBI in Rome that the Russians had been trying to and had compromised the President-elect. CNN’s reporting confirms and advances David Corn’s, which I first highlighted in an earlier Maskirovka post.

Classified documents presented last week to President Obama and President-elect Trump included allegations that Russian operatives claim to have compromising personal and financial information about Mr. Trump, multiple US officials with direct knowledge of the briefings tell CNN.

The allegations were presented in a two-page synopsis that was appended to a report on Russian interference in the 2016 election. The allegations came, in part, from memos compiled by a former British intelligence operative, whose past work US intelligence officials consider credible. The FBI is investigating the credibility and accuracy of these allegations, which are based primarily on information from Russian sources, but has not confirmed many essential details in the memos about Mr. Trump.

There is video of Jake Tapper covering the story at the link.

Rick Wilson, a GOP communications and campaign strategist who ran former CIA officer Evan McMullin’s independent campaign for President, and who tried to get this information out during the primaries, believes the personal kompromat has to do with:

CNN’s reporting includes:

One reason the nation’s intelligence chiefs took the extraordinary step of including the synopsis in the briefing documents was to make the President-elect aware that such allegations involving him are circulating among intelligence agencies, senior members of Congress and other government officials in Washington, multiple sources tell CNN.
These senior intelligence officials also included the synopsis to demonstrate that Russia had compiled information potentially harmful to both political parties, but only released information damaging to Hillary Clinton and Democrats. This synopsis was not an official part of the report from the intelligence community case about Russian hacks, but some officials said it augmented the evidence that Moscow intended to harm Clinton’s candidacy and help Trump’s, several officials with knowledge of the briefings tell CNN.
The two-page synopsis also included allegations that there was a continuing exchange of information during the campaign between Trump surrogates and intermediaries for the Russian government, according to two national security officials.
And:
CNN has confirmed that the synopsis was included in the documents that were presented to Mr. Trump but cannot confirm if it was discussed in his meeting with the intelligence chiefs.
The Trump transition team declined repeated requests for comment.
CNN has reviewed a 35-page compilation of the memos, from which the two-page synopsis was drawn. The memos originated as opposition research, first commissioned by anti-Trump Republicans, and later by Democrats. At this point, CNN is not reporting on details of the memos, as it has not independently corroborated the specific allegations. But, in preparing this story, CNN has spoken to multiple high ranking intelligence, administration, congressional and law enforcement officials, as well as foreign officials and others in the private sector with direct knowledge of the memos.
Some of the memos were circulating as far back as last summer. What has changed since then is that US intelligence agencies have now checked out the former British intelligence operative and his vast network throughout Europe and find him and his sources to be credible enough to include some of the information in the presentations to the President and President-elect a few days ago.
And:
The two-page summary was written without the detailed specifics and information about sources and methods included in the memos by the former British intelligence official. That said, the synopsis was considered so sensitive it was not included in the classified report about Russian hacking that was more widely distributed, but rather in an annex only shared at the most senior levels of the government: President Obama, the President-elect, and the eight Congressional leaders.
CNN has also learned that on December 9, Senator John McCain gave a full copy of the memos — dated from June through December, 2016 — to FBI Director James Comey. McCain became aware of the memos from a former British diplomat who had been posted in Moscow. But the FBI had already been given a set of the memos compiled up to August 2016, when the former MI6 agent presented them to an FBI official in Rome, according to national security officials.
The raw memos on which the synopsis is based were prepared by the former MI6 agent, who was posted in Russia in the 1990s and now runs a private intelligence gathering firm. His investigations related to Mr. Trump were initially funded by groups and donors supporting Republican opponents of Mr. Trump during the GOP primaries, multiple sources confirmed to CNN. Those sources also said that once Mr. Trump became the nominee, further investigation was funded by groups and donors supporting Hillary Clinton.
Spokespeople for the FBI and the Director of National Intelligence declined to comment. Officials who spoke to CNN declined to do so on the record given the classified nature of the material.
Some of the allegations were first reported publicly in Mother Jones one week before the election.
One high level administration official told CNN, “I have a sense the outgoing administration and intelligence community is setting down the pieces so this must be investigated seriously and run down. I think [the] concern was to be sure that whatever information was out there is put into the system so it is evaluated as it should be and acted upon as necessary.”
The story has some additional corroboration from British Foreign Minister Boris Johnson:

Vladimir Putin was behind the hacks of the Democratic National Committee during the US presidential election campaign, Boris Johnson has said, accusing Putin’s Moscow of being “up to all sorts of tricks”.

It is the first time the UK has confirmed US intelligence reports linking the hacks to Russia, although UK intelligence agencies are understood to have been the first to alert their US counterparts to the evidence.

Speaking in the Commons, the UK’s foreign secretary told MPs it was “pretty clear” the hacking attack had come from Russia. He said he had told the incoming US administration “we do think the Russian state – the Putin Kremlin – is up to all sorts of very dirty tricks, but it would be folly further to demonise Russia or to push Russia into a corner.”

NPR’s Russia Correspondent is reporting:

At this point I am not sure what this means. I know what it should mean politically and criminally and in terms of counterintelligence. But given what we’ve seen so far, I’m not sure what it should mean. I suppose we should start with the traditional questions: what did the President-elect, his campaign leadership and senior staff, the Vice President-elect, and the senior GOP leadership in Congress and at the RNC know and when did they know it?

Update at 6:50 PM

Buzzfeed (h/t: lamh in comments) is reporting that it has the dossier and it has published it.

A dossier making explosive — but unverified — allegations that the Russian government has been “cultivating, supporting and assisting” President-elect Donald Trump for years and gained compromising information about him has been circulating among elected officials, intelligence agents, and journalists for weeks.

The dossier, which is a collection of memos written over a period of months, includes specific, unverified and potentially unverifiable allegations of contact between Trump aides and Russian operatives, and graphic claims of sexual acts documented by the Russians. CNN reported Tuesday that a two-page synopsis of the report was given to President Barack Obama and Trump.

Now BuzzFeed News is publishing the full document so that Americans can make up their own minds about allegations about the president-elect that have circulated at the highest levels of the US government.

The link to the dossier can be found at Buzzfeed.



Senate Armed Services Committee on Cyber Security Threats/Russian Hacking of the US During the 2016 Election

Sorry for delay on this, but the Senate Armed Services Committee has just concluded its hearing on cyber security threats, including the Russian influence, desinformatziya, and kompromat operations during the 2016 US elections. Here’s the link to C-SPAN’s video where you can watch the whole thing. And here’s a video embed:

And yes, I know this is the Fox News Youtube feed/embeddable feed. It’s the only one I could find.



Saudi Cleric Abd al Azziz Moussa on Jihad & Shahadat

MEMRI (h/t: Malcolm Nance) has posted an interview, with close caption translation into English, with Saudi Arabian cleric Sheikh Abd al Azziz Moussa. He definitively declares the use of suicide attacks (shahadat) as forbidden actions (haram) and makes it clear that attacks on peaceful non-Muslims are also forbidden.

ETA: In comments, Cervantes asked an important question: why is this noteworthy? Especially as other Muslim clerics and authorities have often and repeatedly made similar points. Its noteworthy because we’ve got a Saudi cleric doing it definitively. Given that ISIL’s doctrine of radical tawheed (the unitary understanding of the Deity) is a violent, extremist offshoot of Saudi theology rooted in Wahhabist doctrinal concepts, its important. Its one thing for a non-muwaheedun* (adherent of the radical unity of the Deity) cleric, such as the head of al Azhar to declare these things haram. That’s important for a lot of non-Muwaheedum Muslims (the vast majority of Sunni Muslims), but its not important for those who have accepted/adopted the radicalized notions of tawheed promoted by ISIL. Having a Saudi cleric do condemn these actions is important. Especially as he would not do so unless he had the approval of the Saudi religious authorities.

* All Muslims accept the concept of tawheed/the unity of the Deity, however, this concept was elevated by Sheikh Abd al Wahhab and holds a central place within the theology and doctrine that he taught and that his descendants and their followers espouse. In and of itself this elevation of tawheed does not have to be a negative or destructive thing. However, it forms the basis for part of Bin Laden’s theology/doctrine and is the central underlying theological/doctrinal concept for ISIL.



Issuance of Amended Executive Order 13694; Cyber-Related Sanctions Designations

Here’s the text of today’s sanctions’ Executive Order:
Issuance of Amended Executive Order 13694; Cyber-Related Sanctions Designations

Today, the President issued an Executive Order Taking Additional Steps To Address The National Emergency With Respect To Significant Malicious Cyber-Enabled Activities.  This amends Executive Order 13694, “Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities.”  E.O. 13694 authorized the imposition of sanctions on individuals and entities determined to be responsible for or complicit in malicious cyber-enabled activities that result in enumerated harms that are reasonably likely to result in, or have materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States.  The authority has been amended to also allow for the imposition of sanctions on individuals and entities determined to be responsible for tampering, altering, or causing the misappropriation of information with the purpose or effect of interfering with or undermining election processes or institutions.  Five entities and four individuals are identified in the Annex of the amended Executive Order and will be added to OFAC’s list of Specially Designated Nationals and Blocked Persons (SDN List).  OFAC today is designating an additional two individuals who also will be added to the SDN List.

Specially Designated Nationals List Update

The following individual has been added to OFAC’s SDN List:  
ALEXSEYEV, Vladimir Stepanovich; DOB 24 Apr 1961; Passport 100115154 (Russia); First Deputy Chief of GRU (individual) [CYBER2] (Linked To: MAIN INTELLIGENCE DIRECTORATE).
 
BELAN, Aleksey Alekseyevich (a.k.a. Abyr Valgov; a.k.a. BELAN, Aleksei; a.k.a. BELAN, Aleksey Alexseyevich; a.k.a. BELAN, Alexsei; a.k.a. BELAN, Alexsey; a.k.a. “Abyrvaig”; a.k.a. “Abyrvalg”; a.k.a. “Anthony Anthony”; a.k.a. “Fedyunya”; a.k.a. “M4G”; a.k.a. “Mag”; a.k.a. “Mage”; a.k.a. “Magg”; a.k.a. “Moy.Yawik”; a.k.a. “Mrmagister”), 21 Karyakina St., Apartment 205, Krasnodar, Russia; DOB 27 Jun 1987; POB Riga, Latvia; nationality Latvia; Passport RU0313455106 (Russia); alt. Passport 0307609477 (Russia) (individual) [CYBER2].
 
BOGACHEV, Evgeniy Mikhaylovich (a.k.a. BOGACHEV, Evgeniy Mikhailovich; a.k.a. “Lastik”; a.k.a. “lucky12345”; a.k.a. “Monstr”; a.k.a. “Pollingsoon”; a.k.a. “Slavik”), Lermontova Str., 120-101, Anapa, Russia; DOB 28 Oct 1983 (individual) [CYBER2].
 
GIZUNOV, Sergey (a.k.a. GIZUNOV, Sergey Aleksandrovich); DOB 18 Oct 1956; Passport 4501712967 (Russia); Deputy Chief of GRU (individual) [CYBER2] (Linked To: MAIN INTELLIGENCE DIRECTORATE).
 
KOROBOV, Igor (a.k.a. KOROBOV, Igor Valentinovich); DOB 03 Aug 1956; nationality Russia; Passport 100119726 (Russia); alt. Passport 100115101 (Russia); Chief of GRU (individual) [CYBER2] (Linked To: MAIN INTELLIGENCE DIRECTORATE).
 
KOSTYUKOV, Igor (a.k.a. KOSTYUKOV, Igor Olegovich); DOB 21 Feb 1961; Passport 100130896 (Russia); alt. Passport 100132253 (Russia); First Deputy Chief of GRU (individual) [CYBER2] (Linked To: MAIN INTELLIGENCE DIRECTORATE).
 
The following entities have been added to OFAC’s SDN List:
 
AUTONOMOUS NONCOMMERCIAL ORGANIZATION PROFESSIONAL ASSOCIATION OF DESIGNERS OF DATA PROCESSING SYSTEMS (a.k.a. ANO PO KSI), Prospekt Mira D 68, Str 1A, Moscow 129110, Russia; Dom 3, Lazurnaya Ulitsa, Solnechnogorskiy Raion, Andreyevka, Moscow Region 141551, Russia; Registration ID 1027739734098 (Russia); Tax ID No. 7702285945 (Russia) [CYBER2].
 
FEDERAL SECURITY SERVICE (a.k.a. FEDERALNAYA SLUZHBA BEZOPASNOSTI; a.k.a. FSB), Ulitsa Kuznetskiy Most, Dom 22, Moscow 107031, Russia; Lubyanskaya Ploschad, Dom 2, Moscow 107031, Russia [CYBER2].
 
MAIN INTELLIGENCE DIRECTORATE (a.k.a. GLAVNOE RAZVEDYVATEL’NOE UPRAVLENIE (Cyrillic: ГЛАВНОЕ РАЗВЕДЫВАТЕЛЬНОЕ УПРАВЛЕНИЕ); a.k.a. GRU; a.k.a. MAIN INTELLIGENCE DEPARTMENT), Khoroshevskoye Shosse 76, Khodinka, Moscow, Russia; Ministry of Defence of the Russian Federation, Frunzenskaya nab., 22/2, Moscow 119160, Russia [CYBER2].
 
SPECIAL TECHNOLOGY CENTER (a.k.a. STC, LTD), Gzhatskaya 21 k2, St. Petersburg, Russia; 21-2 Gzhatskaya Street, St. Petersburg, Russia; Website stc-spb.ru; Email Address stcspb1@mail.ru; Tax ID No. 7802170553 (Russia) [CYBER2].
 
ZORSECURITY (f.k.a. ESAGE LAB; a.k.a. TSOR SECURITY), Luzhnetskaya Embankment 2/4, Building 17, Office 444, Moscow 119270, Russia; Registration ID 1127746601817 (Russia); Tax ID No. 7704813260 (Russia); alt. Tax ID No. 7704010041 (Russia) [CYBER2].
Last Updated: 12/29/2016 1:48 PM
Here’s the link to the original executive order that the President amended today.
And here’s the link to the technical report on the Russian hacking operation.


The Maskirovka Slips VIII: My Real Fear (Updated)

intel-cognitive-maskirovka-doctrine

(Updated below)

I wasn’t going to do my next Maskirovka post until Sunday night, dealing with the NY Times article about Russian cyber operatives placing evidence of child pornography on their targets computers as part of kompromat operations. But the news that broke earlier this evening, as well as the previous posts and comments, have made me decide to put one up. Specifically my real fear of the true scope of the Russian cyber influence operations. I cannot prove what I’m going to write, it is simply speculation, but it is informed speculation.

My real fear of the Russian cyber kompromat and influence operations is not just that they hacked the DNC, the DSCC, the DCCC and John Podesta’s emails. Nor is it that they then, as Malcolm Nance has stated, modified some of those emails before using Wikileaks to distribute them in pursuit of compromising the Clinton campaign to both sow chaos and make American democracy look chaotic and unappealing and, as has now been reported, install Donald Trump as the President. Rather it is that the Russians used their cyber operatives to hack both the Democratic and Republican parties, including the RNC, Republican Senatorial Committee, Republican Congressional Committee, and various elite and notable GOP members. Both David Corn and Kurt Eichenwald have reported evidence that the President-elect himself was the subject of a kompromat operation, though it is unclear if it was successful.

While it is now well documented that the Russians publicly compromised the Democrats, my real fear is that they’ve privately compromised the Republicans. By doing so they not only make America look bad, and the idea of liberal democracy, both of which are among Putin’s strategic objectives. But they also have leverage and influence over the GOP – the party that now controls both chambers of Congress, the Presidency, and a majority of state legislatures and state houses. Russia has believed that it is in a new Cold War with the US for well over a year. What better way to get an advantage by publicly compromising one political party in the US and privately compromising the other? And this is my biggest fear over the Russian cyber based influence operations in the 2016 Presidential election.

Based on what the Washington Post reported this evening, we are in a cyber war, if not an outright one. And while there has been much discussion as to what war in cyberspace looks like, we had better get in gear and get real serious about moving from concept to doctrine to reality very quickly. All that remains to be seen now is what, if anything, is done in response.

Update at 12:40 AM EST

The New York Times has now reported that Russia did indeed hack the GOP, they just did not release the information. So we do appear to have a public Russian kompromat of the Democrats and a private Russian kompromat of the Republicans. The only question that remains to be seen is what the Russians are leveraging their private kompromat of the Republicans for.

WASHINGTON — American intelligence agencies have concluded with “high confidence” that Russia acted covertly in the latter stages of the presidential campaign to harm Hillary Clinton’s chances and promote Donald J. Trump, according to senior administration officials.

They based that conclusion, in part, on another finding — which they say was also reached with high confidence — that the Russians hacked the Republican National Committee’s computer systems in addition to their attacks on Democratic organizations, but did not release whatever information they gleaned from the Republican networks.