Putin and the BLM verses the Power of the Internet

Vladimir Putin has been trying very hard to convince the world that he needs to intervene in Ukraine to “protect” Pro-Russian citizens. Half way around the world, the Bureau of Land Management has tried to convince the US that it is protecting endangered turtles from trespassing cattle in Nevada. Both causes have been undermined by the power of the internet.

Reports have been flooding out of Ukraine of captured Russian intelligence officers, troops operating inside Ukrainian borders with identifying unit patches and tags removed, and even of a Russian bank making $200 and $500 daily payments to Russian “terrorists” working to destabilize the Eastern region of Ukraine.

This video allegedly shows a Russian Army Lieutenant Colonel giving orders to police officers in the Ukrainian town of Horlivka:

Pro-Russian forces have stirred up riots, taken over police and government buildings and have even attacked an airport. All the while about 40,000 Russian combat troops are hanging near Ukraine’s border. This has put Ukraine in a catch-22, either they let the unrest continue and risk civil war, or move against the trouble areas with force risking an invasion by Putin to “protect” Russian citizens like he did in Crimea.

Other than what some call Putin’s propaganda machine, the Russian Times (RT.com), no one is really falling for Putin’s cause. The internet has been saturated with anti-Russian social media posts, revealing pictures of what appear to be Russian troops in Ukraine, and reports of captured Russian operatives.

The outcome has been dramatic. Tens of thousands are protesting in Moscow and the UN even released a report claiming ethnic Russians in eastern Ukraine falsely claimed assault.

Closer to home, the US Bureau of Land Management (BLM) sent a mini-army of a couple hundred enforcement agents, contract workers, K-9 units and snipers into Nevada to “protect” endangered desert turtles. BLM claimed trespassing free roaming cattle from Clive Bundy’s ranch was putting endangered animals at risk. So they sent a large force in to confiscate the cattle.

Within days the internet was filled with images like this:

 bundy ranch 1st amendment

Apparently the BLM set up fenced in areas for reporters. Well this didn’t go over very well – no one used them and pictures again flooded the internet of the “First Amendment Area” signs with another sign added underneath saying, “The First Amendment is not an Area”. The fenced in areas were removed shortly thereafter.

Report of abuse by Federal officers also flooded the internet. One scuffle ensued between BLM officers and Bundy family members & supporters. A statement to the press by the BLM stated that the scuffle started when a K-9 dog was kicked. But again, this video flooded the interwebs showing that the real story might be different:

You can see from the video that at 23 seconds, a federal agent tackles a 50 year old lady from behind and seems to throw her to the ground. At 1:04 a K-9 officer appears to give both verbal and visual command for his dog to bite, and then again at 1:06.

The protestor seems to kick the dog after he tried to bite him.

Social Media exploded comparing the events in Nevada with Waco Texas and Ruby Ridge. The effect was immediate. People from as far away as New Hampshire began flocking to Nevada to stand in the gap with Clive and his family. This included armed members of several state militia and veteran groups.

The BLM has since stood down and has decided to fight the battle out in court. But again more reports have surfaced via the internet that the BLM wants to remove the cattle so that a Solar Power plant can be installed by a Chinese company, and that it has nothing whatsoever to do with trying to save turtles.

Some websites are claiming that the solar power plant report isn’t true, but it is very odd that the Federal Government would send in such a strong force to protect some turtles from cows. Especially when our southern border which needs additional help seems to get none.

But the truth is that in both cases presented here, the conflict in Ukraine and the BLM’s actions in Nevada, social media has had a huge impact of both public opinion and public action.

Advertisements

Pro-Russian Forces Break into Ukraine Govt Buildings – Steal Servers

Donetsk Pro-Russian Intruders

Cyber attacks can be a troublesome thing, there are firewalls to ease past and layers of defense to bypass. And then if you do find a way through, your exploit is not always guaranteed to work. But there is another option… You could just break into the target building and steal the servers.

With Russian troops massed on Ukraine’s border many analysts are saying that they could attack at any moment. But it would seem Russia might be content at the moment to foment unrest in Ukraine’s Eastern areas where there is a strong pro-Russia sentiment.

As Russia sent troops with no unit insignias visible into the Crimean Peninsula to confiscate warships and surround bases, they are now sending security forces into border providences to seed unrest from the inside.

Organized groups of several hundred people representing Russian security agencies have arrived in eastern Ukraine from neighboring Russia,” said Yulia Tymoshenko, former Ukrainian prime minister

On Monday night masked pro-Russian protesters looted the Donetsk Province government administration building and were seen removing servers from the building.

But why would they take file servers?

With Government servers in hand, it would not take long to recover all the information from them. It would be much quicker than trying to siphon the data over long distance network lines.

In most cases, physical access equals total access. And once the data is obtained, the attackers would then have a plethora of personal information, account information and important data including sensitive Government documents and communications.

This information would be invaluable to an occupying force as it would most likely reveal which individuals in the government are for your cause and which ones are against it. They could also recover credentials from the servers that could be used to attack other government systems.

It would seem that the server hard drives will end up in Russian intelligence hands very soon, if they are not already.

Russian “Cyber” Snake attacking Ukrainian Systems

Snake BAE

Everyone is expecting Russia to attack Ukrainian computer systems, but the truth may be that they have been doing so right along. One alleged Russian based cyber espionage tool named “Snake” has been active in the Ukraine and other places (even the US) since 2005.

Snake is named after Ouroboros in Ancient Greek mythology, and it was usually displayed as a snake or a dragon eating its own tail. The inference is that of something that is constantly re-creating itself.

Snake infections have been located in several countries – the US Department of Defense have been breached by an earlier version of the program. But as of 2013, the espionage tool usage seems to be aggressively targeting systems in the Ukraine:

Snake samples

BAE systems have recently released a report on Snake. According to the report, the tool seems to have originated from a nation that could fund sophisticated and expensive attack tools.

Martin Sutherland, Managing Director, BAE Systems Applied Intelligence said, “What this research once more demonstrates, is how organised and well-funded adversaries are using highly sophisticated tools and techniques to target legitimate organisations on a massive scale.”

And, “Although there has been some awareness of the Snake malware for some years, until now the full scale of its capabilities could not be revealed, and the threat it presents is clearly something that needs to be taken much more seriously.”

Snake allows remote access to an infected system, can hide and ex-filtrate pilfered data, seeks to infect other systems, uses stealthy communication techniques, has a rootkit section and can even bypass security features of 64 bit Windows systems.

A couple tell tail clues found during analysis, including time zone information and the language used in some lines of code seem to point to Russia as the tool creator. And with he increased attacks on the Ukraine within the last year makes Russia look even more the culprit.

BAE System’s report covers:

  • How the malware communicates,
  • The distinctive architectures which have evolved over the years,
  • The use of novel tricks to by-pass Windows security,
  • How it hides from traditional defensive tools.

Check out the full report on BAE’s website.

Cyber Conflict in the Crimea – Russia already on the Offensive

updated 3/4/2014 -As Russian troops surround military bases in Ukraine, the attacks in the cyber realm have already begun. Ukraine lawmakers are reporting that Russians are attacking their mobile phones.

I confirm that an IP-telephonic attack is under way on mobile phones of members of Ukrainian parliament for the second day in row,” said Valentyn Nalivaichenko, head of Ukraine’s SBU security service.

At the entrance to (telecoms firm) Ukrtelecom in Crimea, illegally and in violation of all commercial contracts, was installed equipment that blocks my phone as well as the phones of other deputies, regardless of their political affiliation.

Russia, looking more and more like Cold War Soviet Union under Putin, has moved combat troops across the Crimean Peninsula. The move is very reminiscent of the Russian invasion of Georgia in 2008.

And as Russian troops attacked Georgia on the ground, they also flooded them with cyber attacks. This has led many wondering when Russia’s very capable cyber forces would begin attacking the Ukraine’s Infrastructure.

Well, it would seem the moves have already begun.

On Friday, Ukraine’s largest telecom company announced that voice and data connectivity between Crimea and the rest of Ukraine had been interrupted. Remember that this also happened in Georgia when Russian troops invaded.

Though it would seem from reports that instead of using cyber attacks to accomplish this, Russian troops physically cut and sabotaged power and communication lines.

Also, the propaganda machine seems to be in full swing as Pro-Ukraine messages and sites have been blocked on Russian social media sites. News media has been involved too.

There seems to be a marked difference between the English and Russian version of news site RT.com, with the English version being very critical of US and Ukraine, while the Russian version is very different. This hasn’t seemed to escape the attention of pro-Ukraine hackers, as RT.com was apparently hacked on Sunday.

The word “Nazi” was inserted in several places on the English version of the main page:

RT.com acknowledged that they had been hacked, and the page was restored within a short amount of time.

But will Ukraine be as susceptible to Russian cyber attacks as Georgia was? It would appear that though not a member of NATO, Ukraine has recently worked with them to address security issues.

In November NATO and partner members examined cyber security strategies in Ukraine. Volodymyr Porodko, Deputy Chairman of the Security Service of Ukraine stressed its importance, “The relevance of cyber security as a component of national security is driven by the global tendency of unlawful activity being transferred into the virtual realm. This problem does not concern only the interests of the state and society as a whole, but has a direct bearing on every individual.”

But has enough been done to protect Ukrainian infrastructure from Russian hackers?

According to reports, Ukraine does have a capable cyber force and will likely pull a lot of support from western hacktivists. And Russia does have more critical online systems than Ukraine.

Only time will tell how this will play out, but for now, all eyes are on the Crimea.