The Cyber Attacks on America — Today, Identifying Russian Civilian and Military Intelligence Players as the Culprits

December 29 2016

FBI, Homeland Security, the Director of National Intelligence, the White House — speaking out today on the issues.  The pros and cons are vigorously debated!

by Hank Boerner

The headlines roared forth today:  President Barack Obama’s Administration announcing sanctions on Russian interests — President-Elect Donald Trump saying he’s not so sure the Russians were involved.  Prominent Republican U.S. Senators (John McCain and Lindsay Graham) demanding action against Russia.  Back and forth it went all day and on into the nightly news and the chattering cable class.  Russian leadership immediately chimed in promising retribution for any U.S. action taken against their country.

So what is going on?  We’ll see a flood of comments here in the U.S. (pro and con, certain and questioning) on this and that and whatever, about the Russians hacking, whether that affected the recent election outcome, who thinks they did and who thinks they did not…and on and on.

Take a deep breath.  For context, let’s begin with the official announcements from the U.S. government agencies on the front lines of the attack/defense/retribution. (I know, I know — not everyone will trust the official government explanations!)  To the extent that you trust government agencies and leaders of those entities, at least understand what it is that they are saying on the record.  And what information they put forth to support their opinions.

The President today authorized actions in response to the Russian government’s “…aggressive harassment of U.S. officials and cyber operations aimed at the U.S. election in 2016…”

The President-elect has been communicating (in various ways as is his style) that he is not so sure that it was the Russian government.

Some people are not getting past these conflicting views to get to the rest of the story. (We do know that President-elect Donald Trump apparently bristles at any mention of less-than-a-triumph-for-him-at-the-ballot-box — just watch the tweeting. So the idea that there was outside influence could undermine the confidence in his win – not good.

The White House today emphatically said the cyber intrusions — yes, attacks — were intended to attempt to influence the 2016 election (the main story the media picks up on).  AND they were intended to erode faith in U.S. democratic institutions; and, undermine confidence in the institutions of the U.S. government.  That part should make every American anxious — and angry — and give pause to think about the consequences of this, if true — no matter their political and personal beliefs (left/right, liberal/conservative, Democrat/Republican, etc.)

The Obama Administration is taking action in response, and what we know at least publicly tonight is:

  • Nine Russian entities and individuals are now officially sanctioned. These are the two Russian intelligence services (GRU and FSB); four officers of the GRU; and three “companies” providing support to the GRU.
  • The U.S. Treasury Department identified two Russians who used cyber-enabled means to steal funds and personal identifications.
  • The U.S. State Department designated two Russian compounds (in New York and Maryland) used by Russian intelligence agencies, ordering them shut overnight and entrance barred to Russians.
  • 35 individuals identified as Russian intelligence operatives are declared persona non grata – they are accused of violating their diplomatic duties and must leave the U.S. (and cannot enter if they are out of the country).  The individuals are in the Washington, D.C. Russian embassy and the San Francisco Consulate.  They have to be out of the U.S. (with their families) in 72 hours.
  • The U.S. Department of Homeland Security and the Federal Bureau of Investigation released de-classified technical information on Russia’s civil and military intelligence services cyber activity to help American network managers identify, detect and disrupt Russia’s global campaign of malicious cyber attacks.
  • The Obama Administration will deliver a report to the U.S. Congress soon detailing the Russian efforts to interfere in the November presidential election and what the Russians have done in past elections.  This should create more headlines (and cable chatter) as it lands on Capitol Hill.
  • The White House pointedly reminded us today that President Obama, back in April 2015 — long before the 2016 election — signed an Executive Order (#13964) creating a new authority for the U.S. government to more effectively respond to Russian (and others’) cyber threats.  This enabled the U.S. government to harm or compromise the abilities of “entities” attacking the U.S. — this could be via a distributed-denial-of-service (“DDOS”), for example.
  • And, the U.S. government could cause a significant misappropriation of funds or economic resources, trade secrets, personal identifiers, or financial information for commercial or competitive advantage or private financial gain.  Watch this!  There’s three weeks to go in the tenure of President Obama.The FBI and the Department of Homeland Security today issued a “white bulletin” (publicly available information) on “Grizzly Steppe” (Russian Malicious Cyber Activity).  The 13-page document is a “Joint Analysis Report” (JAR) that says this:  Russian civilian and military intelligence services (“RIS”) have been attacking the U.S. government, private sector entities, political entities (the Democratic Party), and attempted to interfere with the presidential election.

Think about this:  Attacked / hacked in the USA:  critical infrastructure entities; think tanks; universities; political organizations; corporations in the private sector.

Today’s document provides detailed information for American network security managers to protect their systems. Watch out for “Energetic Bear,” “Fancy Bear,” “Grey Cloud,” “HammerDuke,” “Tiny Baron,” “SEADADDY,” “WaterBug” — and many more Russian operators in your IT systems!

As for the election season attacks, the U.S. government officially confirms that two different “RIS” actors penetrated the Democratic National Committee systems.  They were identified as “APT 29” and “APT 28” — Advanced Persistent Threats.  The successful attacks started in summer 2015 and continued into spring 2016. The attacks are detailed in the JAR — you can read it (it’s publicly available) here: https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296.pdf

And to make sure the American public understands the Federal government’s position on the Russian attacks, the FBI, Homeland Security (DHS) and the Office of Director of National Intelligence (ODNI) said the following:  The intelligence community is confident that the Russian Government directed the recent compromises of e-mails from U.S. persons and institutions, and that the disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks are consistent with the Russian-directed efforts.

Government officials said this activity by Russian intelligence services is part of a decade-long campaign of cyber-enabled operations directed at the U.S. government and its citizens.

As we know, a great deal of information — such as analysis and forensics — related to Russian government activity has been published by private sector security companies.  The U.S. government today confirms that the Russian Government conducted many of these activities as reported by the private sector firms over the recent months. (The U.S. government says the attacks have been going on for a decade or more.)

And so, the U.S. government is now arming computer network defenders with tools to identify, detect and disrupt Russian cyber activities that can do harm.

Over the coming days there will be lots of back and forth on who did what / or didn’t / or who should be tracked down and punished / or “we should move on and forget all this talk about the election, etc. 

Remember that Executive Order 13694: It was issued in April 2015 and updated (amended) today by the President.  This is an Executive Order Taking Additional Steps to Address The National Emergency With Respect to Malicious Cyber-Enabled Activities.

The update adds entities and individuals to the “Specially Designated Nationals and Blocked Persons (SDN List). Russian individuals are named as well as these Russian entities:

  • The FSB / Federal Security Service of Russia
  • The Main Intelligence Directorate
  • Special Technology Center/St. Petersburg
  • Zorsecurity / Esage Lab / Tsor Security
  • ANO PO KSI — The Autonomous Noncommercial Organization of Professional Association of Designers of Data Processing Systems

Stay Tuned:  Watch the rollout of the activities authorized by the Executive Order — including naming names and related personal financial information that could roil Moscow, depending on the details to be released.

There’s still more than 20 days to go for President Barack Obama to order action. Silent or announced.

You can read the Executive Order update here at the U.S. Department of the Treasury: https://www.treasury.gov/resource-center/sanctions/OFAC-Enforcement/Pages/20161229.aspx

 

 

 

 

Think of the U.S. Navy’s Aircraft Carriers – Protecting the Peace

by Hank Boerner

Originally posted:   December 27, 2016…75 Years On…Ceremonies at Pearl Harbor, Hawaii

See updates at the end of the text — the text gives you the needed context for understanding the role of the aircraft carrier fleet of the United States of America.

Yesterday, December 27th, the President of the United States and the Prime Minister of Japan met at Pearl Harbor, Hawaii to deliver messages of condolence and remembrance of the 2,400 U.S. service members lost in the attack on the U.S. Naval base in that long ago December morning (it’s 75 years on since the Empire of Japan launched an attack on the United States of America at Hawaii, then a U.S. territory).

The important lessons learned in the attacks on the U.S. Navy at Pearl Harbor, during WW II, and in all the years since: it is clear to policy makers and should be clear to all of us that the U.S. aircraft carriers are key to our nation’s safety and well-being. As well as the safety of many of our allies around the world.

On that December 7th morning 75 years ago, a Japanese naval strike force sailed close to Pearl Harbor, Hawaii, our major U.S. Navy facility at midpoint in the Pacific between the U.S. coastline and the Japan home islands. The attacking force consisted of six aircraft carriers with 400-plus aircraft (attack and defense); two battleships; three cruisers; nine destroyers; eight fuel tankers; two dozen submarines; and a handful of “midget” subs.

The original plan as tensions between the U.S. and Japan escalated was for the Empire of Japan to lure the powerful U.S. fleet into Pacific waters accessible from the Japanese homeland, to be attacked and defeated. This would enable the Japanese military to attack and conquer Pacific nations and territories (which they did as the Pearl Harbor attack was underway and in the days after).

The bombs began to fall from enemy aircraft overhead at 07:48 a.m. on Sunday morning, December 7th, 1941. It was 75 years ago this month that America thus entered World War II after the attack that President Franklin Roosevelt described as on a date “…that will live in infamy…”

Beneath the shiny metal wings of the Japanese attack planes lay the bulk of the U.S. Navy’s Pacific fleet — battleships, cruisers, light cruisers, destroyers, and more. The military forces of the Empire of Japan launched this stealth attack on the fleet, launching planes from heaving carrier decks in the rough seas of the North Pacific Ocean…in minutes they were overhead thus shattering the “isolationist” mood of the United States of America that had prevailed since the late-1920s and into the 1930s.

At anchor that quiet Sunday morning lay the Navy’s capital ships (battleships) USS Arizona; USS Pennsylvania; USS Nevada; USS Oklahoma; USS Tennessee; USS California; USS Maryland; USS West Virginia. Heavy cruisers USS New Orleans and USS San Francisco. And on and on: light cruisers; destroyers; submarines; coastal minesweepers; gunboats; support craft; ammunition ships; hospital ship USS Solace; ocean-going tugs; PT boats.

But — most important — not at the harbor that day were these important vessels with squadrons of aircraft on board and their accompanying support task force vessels: America’s relatively small but powerful fleet of aircraft carriers (designated “CVs” then). The targeted U.S. carriers were not to be found by searching attack aircraft.

The USS Lexington (CV-2), newly commissioned, was on a cruise to Midway Island (leaving Pearl Harbor on 28 November) to deliver Grumman F4F “Wildcat” aircraft to the U.S. Marines. (Sister ship USS Saratoga was at home port, San Diego, California harbor, picking up more aircraft for Pacific service and due to head into the Pacific.) The USS Enterprise had delivered fighter aircraft to the U.S. Marines at Wake Island and was en route back to Pearl but was delayed one day by bad weather.

Of other carriers, USS Ranger was in the British West Indies. USS Yorktown (CV-5) was at Norfolk, Virginia. USS Wasp was at Bermuda. USS Hornet was on training exercises in the Atlantic Ocean.

And one more: a source of pride here in our home region, the USS Long Island — a smaller “jeep” carrier — was in Norfolk, Virginia.

These capital ships — plus five more “Essex” class carriers then under construction — would carry the war to Japan in the Pacific. The five new ships were: USS Essex – CV-9; USS Yorktown, the second to carry the name, renamed Bon Homme Richard ; USS Lexington/Cabot; USS Bunker Hill; and, USS Intrepid, now a major tourist attraction in New York City. The USS Lexington/Cabot is now a floating museum in Corpus Christi, Texas. USS Yorktown (II) is a museum at Patriots Point, South Carolina.

The Japanese carrier-based aircraft in attacking Pearl Harbor and not finding the carrier task force groups at anchor was important: only a few months later (May 1942), in the Battle of the Coral Sea, the U.S. carriers would help send portions of the Japanese Empire’s fleet to the bottom of the sea. That set up the bigger victory for the U.S. Navy shortly after in the Battle of Midway. These were the first battles between aircraft carriers and their respective aircraft — where the combatant ships involved could not see each other.

While not in action on December 7 at Pearl, the USS Yorktown and USS Lexington aircraft squadrons began repaying the Japanese Imperial Navy for their deeds on December 7th, 1941 — that is, in only a few months’ time. And the damage done to Japan’s fleet was significant.

The point of all this is that aircraft carriers have been the main method of projecting U.S. military, diplomatic and other “power” in American waters, and in far-flung nations in situations that are of “strategic interest” to the United States of America for most of the 20th Century and into this volatile 21st Century. The U.S. Navy aircraft carriers are among the most potent weapons of war ever to be deployed, in both offense and defense.

During the many years of the Cold War, the U.S. Navy deployed carrier task forces to the important maritime “choke points” to assure freedom of the seas and peaceful trade, the movement of fuel, for protecting waterways needed for military protection, and more. These included the Caribbean Basin and the Panama Canal; the Mediterranean Sea; the coastal waters around Japan; the North Sea passages; the Persian Gulf regional waters; and the U.S. coastlines (the carrier bases are along Atlantic and Pacific harbors).

In times of war, the carriers have been on station offshore projecting power into the theater of war — both recent wars in Iraq; in the Viet Nam conflict; off the Korean Peninsula in the 1950s war; in the Caribbean Sea.

The carrier fleet (the “Carrier Strike Group“) today could consist of the huge carrier and its aircraft; a guided missile cruiser; accompanying guided missile destroyers; an attack submarine; a replenishment/support ship with combined ammunition, oil and supplies. Other ships could be added as needed — cruisers, destroyers, frigates, and so on.

The modern air wing consists of four strike group squadrons (up to 40 fighters each); an electronic attack squadron (five aircraft); an early warning squadron (four aircraft); a helicopter sea combat squadron (eight a/c); a helicopter maritime strike squadron (up to a dozen a/c); and other support aircraft. The Navy’s air wings are made up of 1,500 personnel and just shy of 80 aircraft; there are nine of these stationed at key locations (NAS Jacksonville, NAS Cherry Point, in Japan, etc.) and the crews and aircraft rotate on carrier duty.

Today, there are 10 U.S. aircraft carriers in active service. They are:

• CVN-68 – USS Nimitz: Now at home port, Bremerton, Washington State.
• CVN-69 – USS Dwight D. Eisenhower: operating in the Atlantic Ocean waters (having recently left station in the Persian Gulf).
• CVN-70 – USS Carl Vinson: Now at home port, San Diego.
• CVN-71 – USS Theodore Roosevelt: Now at home port, San Diego.
• CVN-72 – USS Abraham Lincoln: ship is being completed at Newport News, Virginia
• CVN-73 – USS George Washington: being qualified in the Atlantic; home port, Norfolk.
• CVN-74 – USS John C. Stennis; was at Pearl Harbor for National Pearl Harbor Remembrance Day events in December; at home base, Bremerton, WA.
• CVN-75 – USS Harry S Truman: at Norfolk for servicing until 2017.
• CVN-76 – USS Ronald Reagan: based at home port of Yokosuka, Japan; has been operating off the Korean Peninsula coast line, with a stop in South Korea.
• CVN-77 – USS George H.W. Bush: home port Norfolk; has been on training exercises in the Atlantic.

These advanced design carriers are under construction:

• CVN-78 – USS Gerald R. Ford: due for initial operational test in 2017 to enter service (a $14 billion investment for our defense).
• CVN-79 – USS John F. Kennedy: scheduled for launch in 2018-19.
• CVN-80 – USS Enterprise: construction underway for launch in 2023, to replace the USS Nimitz (CVN-68).

And there our “retired” carriers still afloat:

• CV-63 – USS Kitty Hawk: stored at facility in Bremerton, WA.
• CV-64 – USS Constellation: “mothballed” at Bremerton, WA.
• CVN-65 – USS Enterprise: stored at Newport News, Virginia.
• CV-67 – USS John F. Kennedy: based at the “inactive ships maintenance facility” in Philadelphia.

So as we hear about a carrier task force entering the very narrow Straight of Hormuz to patrol the Persian Gulf waters (the vital waterway between Saudi Arabia and Iran), or entering the South China Sea to project power and protect shipping lanes, or off the coast of Korea as the madman ruler in the North escalates his threats against other nations, we should keep in mind the lessons learned over the past 75 years. The carriers are our sovereign territories afloat, guarding the nation, protecting allies, projecting American power.

I was reminded of all this as I watched President Barack Obama and Japanese Prime Minister Shinzo Abe yesterday paying their respects to the 2,400 U.S. military personnel who lost their lives in the 1941 Pearl Harbor attack.

Irony: Seventy-five years on, it is an American carrier task force now protecting Japan operating out of its home port of Yokosuka. This is the largest U.S. naval base in the Pacific region located at the entrance to Tokyo Bay. The USS Ronald Reagan and Carrier Strike Group Five (12 ships and submarines/up to 75 aircraft ) are regularly there as part of the mighty Seventh Fleet, which is commanded from Singapore, with a total force of 50-to-70 ships; 140 aircraft; 20,000 sailors, notes the U.S. Navy.

I am tuning in to the events in the South China Sea, and the expansion of China’s military forces there, keeping the power of the U.S. Seventh Fleet in mind. You see, this forward-deployed force operates in 120 million square kilometers, stretching from the International Date Line to the India / Pakistan border, from the Kuril Islands in the North to the Antarctic in the South, with 36 maritime countries and half of the world’s population in the operation territory. Having the fleet there saves more than two weeks’ sailing time from the U.S. mainland.

The world’s largest navies operate in this region: China, Russia, India, North Korea, South Korea. And the Seventh Fleet protects our mutual defense allies: the Philippines, Australia, Republic of Korea, Thailand, and of course Japan’s home islands.

Best wishes to the U.S. Navy and its carrier strike forces for 2017 — the men and the women of the carriers, accompanying vessels and the many aircraft are helping to keep us safe. “CAVU” to you in the coming days.

naval ships

Update:  April 9, 2017 – via The Washington Post

The U.S. Navy has a carrier strike group moving toward the Western Pacific water near the Korean coastline to “provide a physical presence near the Korean Peninsula.”  The carrier group includes the USS Carl Vinson (CVN-70) and a number of missile launch destroyer and missile cruiser escorts.

The ships are deployed from home port San Diego to the western Pacific Ocean water since January 5th, and has been maneuvering with the Japan Maritime Self Defense Force and the Republic Korea Navy, in the South China Sea, say the Associated Press report.

This as the North Korean government continues to rattle swords, in testing ballistic missile launches and developing nuclear weapons.  The USS Carl Vinson in the American show of force and projection of considerable power through its air fleet and shipboard missiles.

UPDATE:  July 11, 2017 — Where Are The U.S. Carriers Today?

On station:

The USS Nimitz:  Off coast of India, for exercises with the Indian Navy and the Japan Maritime Self-Defense Force; was in the South China Sea, enforcing open navigation of the region’s waters.

The USS Ronald Reagan:  off coast of Australia, Coral Sea; exercises (Talisman Saber 2017). Earlier, participated with Japan’s Maritime Self-Defense Force. Home port:  Yokosuka, Japan.

The USS George H.W. Bush:  with the Sixth Fleet in the Mediterranean Sea, was off coast of Israel a week ago.

Source:  www.gonavy.jp/CVLocation.html

Update:  September 8, 2017 — Tensions rising in Asia and Persian Gulf regions.

The USS Nimitz — In the Persian Gulf.

The USS Ronald Reagan – was near Australia, then off coast of Japan; now in home port of Yokosuka, Japan.

Update February 16, 2018

There are rising tensions in the Pacific Basin, with North Korea developing long-range missiles and nuclear warheads; with China building military bases in the South China Sea; with Iran and Saudi Arabia making threatening noises across the Persian/Arabian Gulf waters.  Where are the carriers?  Here’s today’s placements, per the US Navy.

USS Nimitz:  now in Washington State home base – was one of the three carriers in the Sea of Japan on joint exercises November 11-14, 2017.

USS Ronald Reagan:  strategically placed in home port of Yokosuka, Japan; one of the three carriers in exercise.

USS Theodore Roosevelt:  in the Persian Gulf/Bahrain port. One of the three carriers in exercise.

Notes:  The Nimitz operated in South China Sea, off coast of India exercising with the Indian Navy and Japanese Maritime Self-Defense Force. Then on to the Persian Gulf to protect shipping lanes.

The Roosevelt exercised in the South China Sea, deployed to the Middle East, operated off cost of the Philippines, patrolled in the Persian Gulf and Arabian Sea, operated with the US Fifth Fleet and the US Seventh Fleet.

USS George H.W. Bush:  operating in the Atlantic out of the home port of Norfolk.

USS Gerald R. Ford:  operating in the Atlantic out of the home port of Norfolk.

USS Dwight D. Eisenhower: now in Portsmouth, NH shipyard for six-month period.

USS Carl Vinson: operating in the western regions of the Pacific Ocean, as part of US 7th Fleet.

USS Abraham Lincoln:  in home port of Norfolk, VA. Was operating in Atlantic Ocean.

USS George Washington:  in home port of Norfolk since August 2017 for four year (nuclear) refueling and complex overhaul.

USS John C. Stennis: in home port of Bremerton, State of Washington.

USS Harry S. Truman:  training exercises off the coast of North Carolina (home port Norfolk).

and…

USS John F. Kennedy:  Under construction in Newport News, VA for launch in FY 2018 and commissioning in FY 2022.  First USS John F. Kennedy was stored in the Port of Philadelphia in March 2008.

USS Enterprise:  Construction underway for launch in FY 2023, commissioning in FY 2025, and replacement of the USS Nimitz in FY 2027.  Former USS Enterprise at Norfolk, decommissioned in February 2017.