Проклятая неизвестность

[tijd]

“Under President Biden, America will not turn a blind eye to Russian bounties on the heads of American soldiers” говорил Байден, получая номинацию кандидата в президенты.

Но, как выяснилось, доклады разведки о том, что ГРУ выплачивает награды Талибану за убийство американских солдат в Афганистане, не дотягивали до уровня стопроцентного доказательства. В администрации Байдена было решено ограничиться дипломатическими каналами и не доводить дело до новых санкций.

In early 2020, members of a Taliban-linked criminal network in Afghanistan detained in raids told interrogators that they had heard that Russians were offering money to reward killings of American and coalition troops.
The claim, that Russia was trying to pay to generate more frequent attacks on Western forces, was stunning, particularly because the United States was trying at the same time to negotiate a deal with the Taliban to end the long-running war in Afghanistan. C.I.A. analysts set out to see whether they could corroborate or debunk the detainees’ accounts.
Ultimately, newly declassified information shows, those analysts discovered a significant reason to believe the claim was accurate: Other members of the same Taliban-linked network had been working closely with operatives from a notorious unit of the G.R.U., the Russian military intelligence service, known for assassination operations.
“The involvement of this G.R.U. unit is consistent with Russia encouraging attacks against U.S. and coalition personnel in Afghanistan given its leading role in such lethal and destabilizing operations abroad,” the National Security Council said in a statement provided to The New York Times.
The statement was originally drafted and declassified to serve as talking points for officials to use in briefing reporters last month about U.S. sanctions and other punishments against Russia. The White House took diplomatic action - delivering a warning and demanding an explanation for suspicious activities - about the bounty issue, but did not base sanctions on it. <...>
The government apparently did not declassify everything. The White House statement described but did not detail certain evidence, keeping its sources and methods of information-gathering secret. It did not specify the G.R.U. unit’s number, but officials have said it was Unit 29155, and the two prior operations the statement mentioned have been attributed to it elsewhere.
The White House also did not identify the members of the Afghan network it accused of direct interactions with Unit 29155. Three officials have previously named them as Rahmatullah Azizi, a onetime drug smuggler who grew wealthy as a middleman for the Russian spies, and Habib Muradi. Both escaped capture and are said to have fled to Russia.
And it made no mention of other circumstantial evidence officials have previously described, like the discovery that money was transferred from a G.R.U. account to the Afghan network.
https://www.nytimes.com/2021/05/07/us/politics/russian-bounties-nsc.html



Уши ГРУ торчат и за «гаванским синдромом» - загадочных атаках на американцев в дипломатических представительствах в разных странах, а также в самих США. Уровень доказательности имеющихся свидетельств пока что неопределён.

U.S. officials suspect that a notorious Russian spy agency may be behind alleged attacks that are causing mysterious health issues among U.S. government personnel across the world, according to three current and former officials with direct knowledge of the discussions.
Officials do not have a smoking gun linking Russia’s military intelligence unit, the GRU, to the suspected directed-energy incidents, said the people, who were not authorized to speak publicly. The intelligence community has not reached a consensus or made a formal determination. However, officials have told lawmakers that they have intensified their investigation in recent weeks to include all 18 federal intelligence agencies, and that it is focused on the GRU’s potential involvement, according to a congressional official briefed on the matter.
A White House spokesperson, who requested anonymity to discuss a sensitive issue, emphasized that investigators do not yet know the cause of these incidents or whether they constitute an attack by foreign actors. However, the spokesperson said, these are areas of “active inquiry,” and the National Security Council is working with other agencies to address the “unexplained health incidents.”
“The health and well-being of American public servants is a paramount priority to the Administration and we take extremely seriously reports by our personnel of anomalous health incidents,” the spokesperson said.
Victims of the suspected attacks report symptoms consistent with the “Havana syndrome” incidents of 2016, in which a number of American spies and diplomats experienced residual headaches, loss of balance and hearing, ringing and pressure in the ears, and sometimes long-term brain damage.
https://www.politico.com/amp/news/2021/05/10/russia-gru-directed-energy-486640

Убийцы ГРУ прославились террористическими атаками в разных странах, но прямые атаки на американцев, да ещё и на американской территории были бы прямым актом необъявленной войны.

Federal agencies are investigating at least two possible incidents on US soil, including one near the White House in November of last year, that appear similar to mysterious, invisible attacks that have led to debilitating symptoms for dozens of US personnel abroad.
Multiple sources familiar with the matter tell CNN that while the Pentagon and other agencies probing the matter have reached no clear conclusions on what happened, the fact that such an attack might have taken place so close to the White House is particularly alarming.
Defense officials briefed lawmakers on the Senate and House Armed Services Committees on the matter earlier this month, including on the incident near the White House. That incident, which occurred near the Ellipse, the large oval lawn on the south side of the White House, sickened one National Security Council official, according to multiple current and former US officials and sources familiar with the matter.
In a separate 2019 episode, a White House official reported a similar attack while walking her dog in a Virginia suburb just outside Washington, GQ reported last year.
Those sickened reported similar symptoms to CIA and State Department personnel impacted overseas, and officials quickly began to investigate the incident as a possible "Havana syndrome" attack. That name refers to unexplained symptoms that US personnel in Cuba began experiencing in late 2016 -- a varying set of complaints that includes ear popping, vertigo, pounding headaches and nausea, sometimes accompanied by an unidentified "piercing directional noise."
https://www.cnn.com/2021/04/29/politics/us-investigating-mysterious-directed-energy-attack-white-house/index.html



Расследование поставлено под контроль в Сенате.

Today, Senate Select Committee on Intelligence Chairman Mark R. Warner (D-VA) and Vice Chairman Marco Rubio (R-FL) released a statement regarding the investigation into attacks on U.S. personnel in Havana and elsewhere:
“For nearly five years, we have been aware of reports of mysterious attacks on United States Government personnel in Havana, Cuba and around the world. This pattern of attacking our fellow citizens serving our government appears to be increasing. The Senate Intelligence Committee intends to get to the bottom of this. We have already held fact finding hearings on these debilitating attacks, many of which result in medically confirmed cases of Traumatic Brain Injury, and will do more.
“As the Chairman and Vice Chairman of the Senate Select Committee on Intelligence, we welcome CIA Director Burns’ renewed focus on these attacks. Our committee will continue to work with him, and the rest of the Intelligence Community, to better understand the technology behind the weapon responsible for these attacks. We will focus on ensuring we protect our personnel and provide the medical and financial support the victims deserve. Ultimately we will identify those responsible for these attacks on American personnel and will hold them accountable.”
https://www.warner.senate.gov/public/index.cfm/2021/4/statement-of-sen-warner-on-cosponsoring-bipartisan-bill-to-reduce-sexual-assault-in-the-military



Вслед за идентификацией группы хакеров Francy Bear как сотрудников ГРУ, предыдущий круг санкций однозначно идентифицировал группу Cozy Bear, как отдел СВР.

Today the United States is formally naming the Russian Foreign Intelligence Service (SVR), also known as APT 29, Cozy Bear, and The Dukes, as the perpetrator of the broad-scope cyber espionage campaign that exploited the SolarWinds Orion platform and other information technology infrastructures. The U.S. Intelligence Community has high confidence in its assessment of attribution to the SVR.
The SVR’s compromise of the SolarWinds software supply chain gave it the ability to spy on or potentially disrupt more than 16,000 computer systems worldwide. The scope of this compromise is a national security and public safety concern. Moreover, it places an undue burden on the mostly private sector victims who must bear the unusually high cost of mitigating this incident.
Today, the National Security Agency, the Cybersecurity & Infrastructure Security Agency, and the Federal Bureau of Investigation are jointly issuing a cybersecurity advisory, “Russian SVR Targets U.S. and Allied Networks,” that provides specific details on software vulnerabilities that the SVR uses to gain access to victim devices and networks. The advisory also provides specific steps that network defenders can take to identify and defend against the SVR’s malicious cyber activity.
https://www.whitehouse.gov/briefing-room/statements-releases/2021/04/15/fact-sheet-imposing-costs-for-harmful-foreign-activities-by-the-russian-government/

Russian Foreign Intelligence Service (SVR) actors (also known as APT29, Cozy Bear, and The Dukes) frequently use publicly known vulnerabilities to conduct widespread scanning and exploitation against vulnerable systems in an effort to obtain authentication credentials to allow further access. This targeting and exploitation encompasses U.S. and allied networks, including national security and government-related systems.
Recent Russian SVR activities include compromising SolarWinds® Orion® software updates,targeting COVID-19 research facilities through deploying WellMess malware, and leveraging a VMware® vulnerability that was a zero-day at the time for follow-on Security Assertion Markup Language (SAML) authentication abuse. SVR cyber actors also used
authentication abuse tactics following SolarWinds-based breaches.
https://media.defense.gov/2021/Apr/15/2002621240/-1/-1/0/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF



В Заявлении МИД России "об ответных мерах в связи с враждебными действиями США" намекалось на меры по нанесению Америке экономического ущерба.

"Мы, конечно, понимаем ограниченность наших возможностей зеркально «ущемить» американцев экономически. Но определенный ресурс в этом плане присутствует, и он тоже будет задействован, если в Вашингтоне предпочтут двигаться по санкционной спирали."
https://www.mid.ru/ru/foreign_policy/news/-/asset_publisher/cKNonkJE02Bw/content/id/4689067

Сергей Лавров: "Были объявлены секторальные санкции в отношении российского государственного долга и обращения с ним. По понятным причинам у нас нет сопоставимых рычагов влияния на США такого масштаба. Хотя нашими специалистами этот масштаб оценивается как абсолютно «по плечу» российской экономике. Думаю, так оно и будет. Всегда из любых ситуаций мы находили и будем находить выход. У нас тоже есть возможности принять болезненные меры для американского бизнеса. Держим их «про запас»."
https://www.mid.ru/ru/foreign_policy/news/-/asset_publisher/cKNonkJE02Bw/content/id/4689215



Атака на американский трубопровод осуществлялась хакерами из неправительственной преступной группы DarkSide. Неизвестно, насколько эти хакеры находятся под колпаком у путинских спецслужб.

A small group of private-sector companies, with help from several U.S. agencies, disrupted ongoing cyber-attacks against Colonial Pipeline Co. and more than two dozen other victims, according to people with knowledge of the matter.
Colonial was able to recover some stolen data because of the intervention, which stopped the flow of stolen data headed to Russia -- believed to be the ultimate destination, according to three people involved with or briefed about the investigation into the breach.
The takedown, which occurred on May 8, was enacted by companies that included operators of U.S.-based servers used by the hackers, the people said. The intervention involved the White House, Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency and National Security Agency, and shut off key servers used by the hackers, said the people, who requested anonymity because they weren’t authorized to discuss the ongoing investigation.
Colonial was the victim of a ransomware attack last week in which the hackers stole nearly 100 gigabytes of data, a breach that caused the company to shut down operations of the biggest fuel pipeline in the U.S. The hackers were using the servers that were disabled as a repository for storing information before relaying it to computers in Russia, the people said.
But Colonial’s data hadn’t yet been sent, which allowed investigators to retrieve it, the people said.
On Monday, President Joe Biden stopped short of blaming the Kremlin but said “there’s evidence” the hackers or the software they used are “in Russia.”
“They have some responsibility to deal with this,” he told reporters at the White House, after announcing that “my administration will be pursuing a global effort of ransomware attacks.”
https://www.warner.senate.gov/public/index.cfm/2021/4/statement-of-sen-warner-on-cosponsoring-bipartisan-bill-to-reduce-sexual-assault-in-the-military

Former US counterintelligence director weighs in on the degree of Moscow’s responsibility for the Colonial Pipeline cyber incident…… https://t.co/HJPFiZsAnq
- Gordon Corera (@gordoncorera) May 10, 2021

DarkSide is not a unit of Russia’s intelligence services, and there’s no evidence that it is funded or directed by the Kremlin. Instead, DarkSide is a private, for-profit criminal organization that operates under the benign neglect of Russian authorities. DarkSide reserves its mischief for Russia’s geopolitical rivals-companies based in the US and western Europe-and Russian authorities don’t interfere with its work.
In many ways, DarkSide resembles the privateers that terrorized the seas during the golden age of piracy in the 17th and 18th centuries. In that era, a captain could obtain a letter of marque from a colonial government officially authorizing him to pillage and plunder merchant ships belonging to rival nations-so long as he left his own country’s ships alone. Unlike pirates, who were “enemies of all mankind” and liable to be captured and killed wherever they went, privateers could safely use one of the major powers’ ports as their base of operations.
Hackers get a similar deal. DarkSide is one of the many for-profit ransomware groups that have proliferated and thrived in Russia. These cyber-gangs steal companies’ data and hold it hostage in exchange for ransoms ranging from $200,000 to $20 million. Many of these groups, including DarkSide, slip lines of code into their hacking software that check to see if a victim’s computer uses Russian as its default language; if so, the software automatically stops the attack. Features like this help hackers avoid the ire of their host governments, and ensure that they don’t wear out their welcome in their safe harbor.
https://qz.com/2007399/the-darkside-hackers-are-state-sanctioned-pirates/

Гибридная война продолжается.