‘Full-scale offensive against Ukraine’s government and critical infrastructure’

Some of the first evidence of the scale of the cyber conflict going on over Ukraine appears in this release from Microsoft. The key lines are:

“Before the Russian invasion, our teams began working around the clock to help organizations in Ukraine, including government agencies, defend against an onslaught of cyberwarfare that has escalated since the invasion began and has continued relentlessly.”

“Since then, we have observed nearly all of Russia’s nation-state actors engaged in the ongoing full-scale offensive against Ukraine’s government and critical infrastructure, and we continue to work closely with government and organizations of all kinds in Ukraine to help them defend against this onslaught. “

Full statement here:


REviLives! A ransomware gang’s views on US ‘impunity’

This notice from the newly emergent Conti ransomware group has been posted in response to a US (and allies) operation to to take ransomware gang REvil offline.

Now, all is justified

What strikes me is how it echoes the general themes of the Russia’s propaganda: the US government is hypocritical, so ransomware gang behaviour is legitimate. The US invasion of Iraq in 2003 was wrong. So today, we hold sensitive medical data from American hospitals for ransom – and that’s ok. It’s whataboutism as a business plan. The best part of the statement is the last line, which discusses Americans being “free.” Who gets to define when America is free? Russian ransomware operators, naturally. Again, like propaganda.

CONTI Team (Conti ransomware group) statement on REvil: 

Title: Announcement. ReviLives.

Subject: Own opinion.

As a team, we always look at the work of our colleagues in the art of pen-testing, corporate data security, information systems, and network security. We rejoice at their successes and support them in their hardships.

Therefore, we would like to comment on yesterday’s important announcement by the US law enforcement about the attack on the REvil group.

We want to remark the following:

First, an attack against some servers, which the US security attributes to REvil, is another reminder of what we all know: the unilateral, extraterritorial, and bandit-mugging behavior of the United States in world affairs.

However, the fact that it became a norm does not presume that it should be treated like one. Unlike our dearest journalist friends from the Twitter brothel, who will sell their own mother for a bone from bankers or politicians, we have the guts to name things as they are. We have a conscience, as well as anonymity, while our skills allow us to say something that many “allied” governments are afraid of saying:

With all the endless talks in your media about “ransomware-is-bad,” we would like to point out the biggest ransomware group of all time: your Federal Government. There is no glory in this REvil attack. First, because REvil has been dead in any case, but secondly, because the United States government acted as a simple street mugger while kicking a dead body.

Let’s break it down point by point. There was an extraterritorial attack against some infrastructure in some countries.

  1. Is there a law, even an American one, even a local one in any county of any of the 50 states, that legitimize such indiscriminate offensive action? Is server hacking suddenly legal in the United States or in any of the US jurisdictions? If yes, please provide us with a link.
  2. Suppose there is such an outrageous law that allows you to hack servers in a foreign country. How legal is this from the point of view of the country whose servers were attacked? Infrastructure is not flying there in space or floating in neutral waters. It is a part of someone’s sovereignty.
  3. The statement mentions a multinational operation but does not name specific countries that participated in the cyber strike. We seem to know why; see next point.
  4. Most countries, the US included, perceive critical cyber strikes against their territory as a casus belli. You think anybody will be fine if Taliban conducts a misfile strike against a place in Texas to “disrupt an operation” of what Afghanistan considered a “criminal” group?
  5. When the special forces arrive at a hostage scene, they at least make sure that there are hostages there (at least, this is how it used to be). How did you know who you were attacking? It could just be a reverse proxy on an unsuspecting host. How did you know who ELSE these servers are serving? How was the safety of other people’s businesses, possibly people’s lives, ensured?

Just to be clear: these are all rhetorical questions. Of course.

What happened with this attack is way more than REvil or information security. This attack is just an another drop in the ocean of blood, which started because of NSA, CIA, FBI, and another two hundred three-letter security institutions (because, you know, true democracy and liberty requires millions of people in uniform) never had to answer these questions.

WMD in Iraq, which was “certainly there.”

Drone strikes on weddings because “these were terrorists.”

Airstrikes on hospitals and Red Cross convoys because “we thought these are hostile.”

Military raids within the foreign borders ended up with massacring allied soldiers.

The list is endless because those who are now enjoying the media fame from the REvil attack are vampires drunken and intoxicated by impunity and blood.

And this is not the story about REvil, Afghanistan, or any other subject in the world because impunity does not know borders.

No wonder, each day, we read in the news that the American police once again shot some unarmed African American, or a housewife, or a disabled person, or somebody brave enough to dared to protect their home and their family. This is your state, and it will treat you the way it drones unfortunate child-shepherd in the sands of the Maghreb or Arabia to ensure “the national security of America,” so far from its shores.

And we will be reminding you of this constantly. And yes, despites the popular opinion of the social media hobos, we can and WILL talk ethically as any other people. (Somebody, please put an Obama meme here).

We wish the people of America to resume control over your country as soon as possible and expel these fat, degraded bankers and become again the great FREE nation that we remember and love. We wish our retired colleagues from REvil have a lot of fun with their honestly earned money.

Sincerely yours,

Conti’s team

Isn’t Russia’s meddling in the US election a ‘Cyber Pearl Harbor’?

For years, politicians and the public have spoken in ominous terms about a so-called “Cyber Pearl Harbor“, an event in which a foreign power or terrorist group stages a crippling attack on US infrastructure that renders the country incapable of functioning.

In 1996, when Deputy Attorney General Jamie Gorelick began assessing the risks posed by hacking to infrastructure she used the term.

“We have not yet had a terrorist cyber attack on the infrastructure. But I think that that is just a matter of time. We do not want to wait for the cyber equivalent of Pearl Harbor,” she said, as quoted in Fred Kaplan’s new book .

Pearl Harbor attack, 1941

Since 1996 the notion of a Cyber Pearl Harbor has become a political talking point in the US.

I can’t think of a more core piece of infrastructure in the United States of America than its constitutional democracy and the integrity of free and fair elections.

What’s happening in the US election is so surprising – the subversion, the manipulation of perceptions online – that US democracy can’t adequately respond. Even the intelligence community is struggling to wake up to it, after years of focusing on China’s economic cyber hacking. Just recognizing the new battlefield of social cyber space is largely uncontested by the US is a challenge.

So in my opinion, this qualifies as the Cyber Pearl Harbor that was first mentioned 20 years ago by policy analysts in Washington.

And the thing about Pearl Harbor attacks is that you just don’t know where they’re coming from. So while US utilities and airline operators are creating redundancies and more resilient defense against hackers, Guccifer 2.0 has stolen information from the DNC and the US political establishment. That information is passed along to a place like WikiLeaks which can repackage them for an audience on the lookout for the perfidy of power.

That message can be mainlined back to mid-America through syndicated radio (thanks to Sean Hannity) and the next thing you know, you have a data stream of misinformation pumping right into the US electoral progress.

The thing about Pearl Harbors, they tend to come out of nowhere.

The foreign government seeking to do the US harm today has correctly identified the leadership and credibility vacuum on the right side of the US political spectrum. It is skillfully exploiting that reality and the post-financial crisis disenchantment more broadly.

If the information war effort against the US election is like the attack on Pearl Harbor, today would be equivalent to the early hours of December 7th, 1941. The sailors and servicemen at Pearl Harbor are rushing out of their quarters and only struggling to understand who is attacking them and the nature of the hostilities.

The nature of the information war against the US is so radically different from old style war, though, it’s as if the pilots flying the zeros are in many cases Americans themselves, duped into an activity that damages and undermines their own country and interests.

But this, too, is a big part of the new game the American people find themselves forced to play. Will they wake up soon enough to fight back?  The presidential election is on November 8.

Follow Chris on Facebook