Posts

Three Things: Russia and China Spying, Kavanope

/241 Comments/in , , , /by

[NB: Yes, it’s Rayne, not Marcy. Check the byline.]

Huge news earlier today related to spying. Really big. MASSIVE.

And a MASSIVE cover-up pawned off on the feeble-minded as a ‘complete investigation‘ into Dr. Ford’s and Deborah Ramirez’s accusations against Brett Kavanaugh.

~ 3 ~

Bloomberg published an epic piece of investigative journalism this morning about China’s spying on U.S. businesses by way of tiny chips embedded in server motherboards. The photos in the story are just as important as the must-read story itself as they crystallize a challenge for U.S. intelligence and tech communities. Like this pic:

That tiny pale obelisk to the right of the penny represents one of the malicious chips found in affected Supermicro brand motherboards shipped to the U.S. market — nearly as small as the numbers in the date on the coin. Imagine looking for something this puny before a machine is turned on and begins to launch its operating system. Imagine trying to find it when it is sandwiched inside the board itself, embedded in the fiberglass on top of which components are cemented.

The chip could undermine encryption and passwords, making any system open to those who know about its presence. According to Bloomberg reporters  Jordan Robertson and Michael Riley, the chips found their way into motherboards used by Apple and Amazon.

Information security folks are scrambling right now because this report rocks their assumptions about the supply chain and their overall infosec worldview. Quite a few doubt this Bloomberg report, their skepticism heightened by the carefully worded denials offered by affected and relevant parties Apple, Amazon, Supermicro, and China. Apple provided an itemization of what it believed Bloomberg Businessweek got wrong along with its denial.

I’ll have more on this in a future post. Yes, indeedy.

~ 2 ~

A cooperative, organized response by Britain, The Netherlands, U.S., and Canada today included the indictment of seven Russians by the U.S. for conspiracy, conspiracy to commit wire fraud, wire fraud, aggravated identity theft, and conspiracy to launder money. The Russians have been identified as members of a GRU team organized out of a facility in Moscow, working on hacking and a disinformation influence campaign focused on anti-doping entities and non-Russian Olympic athletic competitors.

Note the underlined bit in this excerpt from the indictment (pdf) — the last indictment I copied with similar wording was that of Evgeny Buryakov and his two comrades, the three spies based in New York City who worked with “Male-1”, now known to be Carter Page. Who are the known and unknown? Persons who have flipped or co-conspirators yet to be named?

The UK released a statement as did the Canadians, and Netherlands issued a joint statement with the UK about the entirety of spying for which this GRU team is believed to be responsible, including an attempt to breach the Organisation for the Prohibition of Chemical Weapons’ (OPCW) facility analyzing the Novichok nerve agent used to poison the Skripals in the UK as well as chemicals used against Syrians.

Cryptocurrency news outlets report concerns that this indictment reveals the extent of USDOJ’s ability to trace cryptocurrency.

An interesting coincidence took place overnight as well — Russian Deputy Attorney General Saak Karapetyan died last night when an unauthorized helicopter flight crashed northeast of Moscow. Karapetyan had been linked this past January to Natalia Veselnitskaya and an attempt to recruit Switzerland’s top investigator as double-agents. But Karapetyan had also been involved in Russia’s response to the poisoning of Alexander Litvinenko and the aftermath of the Skripals’ poisoning in the UK.

What remarkable timing.

One might wonder if this accident had anything to do with the unusual release of GRU personnel details by the Dutch Military Intelligence and Security Service (MIVD) and the United Kingdom’s Ministry of Justice during their joint statement today.

By comparing the released identity documents, passports, automobile registrations and the address provided when cars were rented, the identities of a total 305 GRU agents may have been identified by bellingcat and The Insider including the four out of the seven men wanted by the U.S. for the anti-doping hackingas well as attempted breach of OPCW.

The identity of the four GRU agents accused of targeting the OPCW was cinched by a taxi receipt in one agent’s pocket from a location on the road next to the GRU’s facility in Russia. Four agents also had consecutive passport numbers.

What remarkably bad opsec.

~ 1 ~

As for the impending vote on Brett Kavanaugh:

– Senator Heidi Heitkamp is voting her conscience — NO on Kavanaugh.
– Senator Joe Manchin is now the lone Dem holdout; he says he’s still listening but hasn’t seen anything incriminating from Kavanaugh’s adulthood. (Gee, I wonder why.)
– Senator Bob Menendez didn’t mince words. He said “It’s a bullshit investigation.” (He should know what a thorough investigation looks like).

And the beer-loving former Yale frat boy had an op-ed published in the Wall Street Journal which pleads with us to lose all intelligence and believe that he is really very neutral. I am not even going to link to that POS which has re-enraged women all over the country.

GTFO.

Continue calling your senators to thank them for a NO vote on Kavanaugh so that they aren’t hearing right-wing demands alone. Congressional switchboard: (202) 224-3121

~ 0 ~

This is an open thread. Sic ’em.

Monday: Build That Wall

/4 Comments/in , /by

Poor Ireland. Poor Inishturk. To be forced to consider the onslaught of refugees fleeing political upheaval should one loud-mouthed, bigoted, multi-bankrupt idiot with bad hair win the U.S. presidency. I’m amused at how the Irish in this short film mirror the U.S. albeit in a more placid way. There are some who are ardently against him, some who’d welcome the business, and the rest cover the spread between the extremes though they lean more to the left than the right.

I find it appalling, though, that Trump would install a sea wall *now* after the golf course development has already been established, rather than do his homework upfront before investing in real estate which relies on natural dune formation. This kind of thoughtlessness is completely absurd, and the disgust evident in this film is well merited.

Keep your volume control handy; hearing Trump blathering may set your teeth on edge. Mute for a moment and continue.

Schtuff happens
I couldn’t pull a cogent theme out of the stuff crossing my desk today. I’m just laying it down — you see if you can make any sense out of it.

  • Ramen can get you killed in private prisons (Guardian) — The federal government may have to do more than simply stop using private prisons for federal criminal incarceration. This report by a doctoral candidate in the University of Arizona’s school of sociology suggests states’ prisons operated by private industry may be violating prisoners’ civil rights by starving them. Ramen noodles have become a hot commodity for this reason. Not exactly a beacon of morality to the rest of the free world when incarcerated citizens must scrap for ramen noodles to make up for caloric shortfalls.
  • World Anti-Doping Agency may have been attacked by same hackers who poked holes in the DNC (Guardian) — “Fancy Bear” allegedly had a fit of pique and defaced Wada after Russian athletes were banned at Rio. This stuff just doesn’t sound the same as the hacking of NSA-front Equation Group.
  • New Mexico nuclear waste accident among most costly to date (Los Angeles Times) — Substitution of an organic kitty litter product for a mineral product two years ago set off a chemical reaction un an underground waste storage area, contaminating 35% of the surrounding space. Projected clean-up costs are $2 billion — roughly the amount spent on Three Mile Island’s meltdown.
  • Build that wall! Americans blown ashore in Canada by high winds (CBC) — Participants riding flotation devices on the St. Clair River in the annual Port Huron Float Down were pushed by high winds into Sarnia, Ontario. About 1,500 Americans had to be rescued and returned to the U.S. by Canadian police, Coast Guard, and Border Service. Just a test to see if Canada’s ready for the influx of refugees should Trump win in November, right?
  • Paternity test reveals a father’s sperm actually made him an uncle (Independent) — Upon discovering a father’s DNA only matched 10% of his child’s DNA, further genetic ancestry revealed the ‘father’ had an unborn twin whose DNA he had absorbed in the womb. His twin’s DNA matched his child’s. This is not the first time paternity testing has revealed chimerism in humans.

Commute-or-lunch-length reads

  • Walmart is a crime magnet (Bloomberg) — Holy crap. Communities should just plain refuse to permit any more Walmarts until they clean up their act. Bloomberg’s piece is a virtual how-to-fix-your-bullshit task list; Walmart has zero excuses.
  • It’s in your body, what version is it running? (Backchannel) — Before the public adopts anymore wearable or implantable medical devices, they should demand open access to the code running inside them. It’s absurd a patient can’t tell if their pacemaker’s code is jacked up.
  • Dirty laundry at Deutsche Bank (The New Yorker) — This you need to read. Parasitic banking behavior comes in many forms — in this case, Deutsche Bank laundered billions.

There, we’re well on our way this week. Catch you tomorrow!