Europe Intelwars Russia

US Continues Crusade Against Nord Stream 2

March 6, 2021 (Brian Berletic – NEO) – Despite the partisan political theater taking place in Washington – in terms of foreign policy – virtually nothing has changed with a new US president taking office. Even the rhetoric of the new administration is hardly discernible from that of its predecessor. 

From US tensions with China and Iran to continued pressure on Russia – the US continues to pursue a singularly belligerent foreign policy as part of a continued effort to maintain a US-led “international order” and to reassert US hegemony everywhere on Earth it is challenged. 

This includes in Western Europe where circles of political and economic interests have begun to stray from and even run contra to US interests. 

The best example of this is Germany’s participation in the Nord Stream 2 pipeline project – a joint effort between Russia and Germany to expand the flow of hydrocarbons directly into Western Europe – bypassing potential regions of instability in Eastern Europe targeted by the US specifically to impede Russian-European cooperation. 

Bliken Echos Mike Pompeo 

The new US Secretary of State Antony Blinken during his confirmation hearing before the US Senate found himself in almost unanimous agreement with US Senators – Republican or Democrat – on the necessity to maintain or even expand US belligerence worldwide.  

Regarding Nord Stream 2 in particular, when asked by US Senator Ted Cruz about the new administration’s commitment to blocking the Russian-German pipeline, Blinken would respond:  

[The] president-elect strongly agrees with you that Nord Stream 2 is a bad idea. He’s been very clear about that. 

I’m determined to do whatever we can  to prevent that completion the last hundred yards [of the pipeline]. I very much agree. 

When asked if the new administration would “stand up to German pressure” against stopping the project, Blinken would respond: 

I can tell you I know that [Biden] would have us use  every persuasive tool that we have to convince our friends and partners including Germany not to move forward with it.

According to Senator Cruz’ own official US Senate website he would describe Nord Stream 2 as:  

…a project that if completed would reward Russia’s aggressive expansionism and economic blackmail, hold our European allies’ energy security hostage to Russia, and undermine America’s national security interests.

Yet, if any of that was actually true, why would Germany agree to participate in the project in the first place? Why would Germany voluntarily sign up for “economic blackmail” by Russia or deliberately endanger its own “energy security?”

How is the US in a better position to assess and respond to threats to European energy security better than Europe itself can? And is the fact that the US seeks to sell Europe its own “freedom gas” not an immense, glaring conflict of interests?

US Freeing Europe From Freedom to Choose

As the US regularly does – it creates a rhetorical smokescreen behind which it advances its agenda – oftentimes an agenda that stands in direct contradiction to its rhetorical arguments – with its policy toward blocking Nord Stream 2 no exception. 

The US is itself endangering European energy security by cutting off cheap and readily available hydrocarbons from Russia and forcing Europe to buy more expensive hydrocarbons from the US – mainly derived from the politically and environmentally controversial process of fracking. Because the process of extracting and transporting hydrocarbons from the US to Europe through this process is more elaborate it is also more expensive than Russian hydrocarbons.  

Thus the “energy security” offered to Europe by the US as an alternative to well-established flow of Russian hydrocarbons faces opposition politically, environmentally, and even economically. 

It is the threat of sanctions and pressure from the US that forms a very real example of “economic blackmail.”    

In fact – the only truthful component of Washington’s objections to Nord Stream 2’s completion is that it threatens “America’s national security interests.” But these are not to be confused with the actual defense of the United States – but rather the defense of America’s power and influence abroad – power and influence that is both unwarranted and increasingly unwelcome. 

Germany’s Move 

German state media – Deutsche Welle (DW) – in an article titled, “Nord Stream 2: German foundation fights possible US sanctions,” would describe Germany’s efforts to blunt the impact of US sanctions. 

The article would note: 

Earlier this month, the state government of Mecklenburg-Western Pomerania established a public foundation that could take over potentially sanctionable activity because the foundation “does not have to fear sanctions,” a spokesperson for the state’s Energy Ministry told DW.

“The foundation could offer the possibility of acquiring necessary parts and machinery for pipeline construction and, as necessary, make them available to the participating companies,” the spokesperson, Renate Gundlach, said in a statement. “The goal is to secure these highly specialized items, which only a few companies in the world produce before they would be potentially no longer available to acquire because of sanctions.”

Because US sanctions are only – at the moment – targeting German companies and not the German government itself – the creation of a foundation to protect private companies targeted by sanctions would allow companies to side-step US sanctions. 

In order to counter this, the US would be forced to target the German government directly – a move that would reek of desperation, weakness, and likely prompt a continued, irreversible deterioration in ties between the US and Europe. And while we were told that previously strained US-European ties were the result of the “Trump administration,” this escalation would need to take place under the newly inaugurated Biden administration.

This would finally lay to rest the notions of agency in Washington and fully reveal US foreign policy as driven by large corporate-financier interests – including those seeking to cash in on selling Europe American-made “freedom gas.” 

The US has for years portrayed nations like Russia, China, Iran, and others as rogue nations – justifying everything from economic sanctions and political pressure, to proxy warfare and threats of total war. However, it seems that now even Europe is finding itself on the receiving end of US “soft” and now “hard” power – revealing the US and its exceptionalism as the problem – not the growing list of nations refusing to submit to its agenda and “follow” as it “leads.” 

Ironically, in addition to the Nord Stream 2 pipeline itself – America’s increased belligerence against both Russia and Germany has provided Moscow and its Western European neighbors more common ground to work on – circumventing US sanctions. 

Brian Berletic is a Bangkok-based geopolitical researcher and writer, especially for the online magazine New Eastern Outlook”.  

China Cybersecurity essays hacking Intelwars national security policy Russia

National Security Risks of Late-Stage Capitalism

Early in 2020, cyberspace attackers apparently working for the Russian government compromised a piece of widely used network management software made by a company called SolarWinds. The hack gave the attackers access to the computer networks of some 18,000 of SolarWinds’s customers, including US government agencies such as the Homeland Security Department and State Department, American nuclear research labs, government contractors, IT companies and nongovernmental agencies around the world.

It was a huge attack, with major implications for US national security. The Senate Intelligence Committee is scheduled to hold a hearing on the breach on Tuesday. Who is at fault?

The US government deserves considerable blame, of course, for its inadequate cyberdefense. But to see the problem only as a technical shortcoming is to miss the bigger picture. The modern market economy, which aggressively rewards corporations for short-term profits and aggressive cost-cutting, is also part of the problem: Its incentive structure all but ensures that successful tech companies will end up selling insecure products and services.

Like all for-profit corporations, SolarWinds aims to increase shareholder value by minimizing costs and maximizing profit. The company is owned in large part by Silver Lake and Thoma Bravo, private-equity firms known for extreme cost-cutting.

SolarWinds certainly seems to have underspent on security. The company outsourced much of its software engineering to cheaper programmers overseas, even though that typically increases the risk of security vulnerabilities. For a while, in 2019, the update server’s password for SolarWinds’s network management software was reported to be “solarwinds123.” Russian hackers were able to breach SolarWinds’s own email system and lurk there for months. Chinese hackers appear to have exploited a separate vulnerability in the company’s products to break into US government computers. A cybersecurity adviser for the company said that he quit after his recommendations to strengthen security were ignored.

There is no good reason to underspend on security other than to save money — especially when your clients include government agencies around the world and when the technology experts that you pay to advise you are telling you to do more.

As the economics writer Matt Stoller has suggested, cybersecurity is a natural area for a technology company to cut costs because its customers won’t notice unless they are hacked ­– and if they are, they will have already paid for the product. In other words, the risk of a cyberattack can be transferred to the customers. Doesn’t this strategy jeopardize the possibility of long-term, repeat customers? Sure, there’s a danger there –­ but investors are so focused on short-term gains that they’re too often willing to take that risk.

The market loves to reward corporations for risk-taking when those risks are largely borne by other parties, like taxpayers. This is known as “privatizing profits and socializing losses.” Standard examples include companies that are deemed “too big to fail,” which means that society as a whole pays for their bad luck or poor business decisions. When national security is compromised by high-flying technology companies that fob off cybersecurity risks onto their customers, something similar is at work.

Similar misaligned incentives affect your everyday cybersecurity, too. Your smartphone is vulnerable to something called SIM-swap fraud because phone companies want to make it easy for you to frequently get a new phone — and they know that the cost of fraud is largely borne by customers. Data brokers and credit bureaus that collect, use, and sell your personal data don’t spend a lot of money securing it because it’s your problem if someone hacks them and steals it. Social media companies too easily let hate speech and misinformation flourish on their platforms because it’s expensive and complicated to remove it, and they don’t suffer the immediate costs ­– indeed, they tend to profit from user engagement regardless of its nature.

There are two problems to solve. The first is information asymmetry: buyers can’t adequately judge the security of software products or company practices. The second is a perverse incentive structure: the market encourages companies to make decisions in their private interest, even if that imperils the broader interests of society. Together these two problems result in companies that save money by taking on greater risk and then pass off that risk to the rest of us, as individuals and as a nation.

The only way to force companies to provide safety and security features for customers and users is with government intervention. Companies need to pay the true costs of their insecurities, through a combination of laws, regulations, and legal liability. Governments routinely legislate safety — pollution standards, automobile seat belts, lead-free gasoline, food service regulations. We need to do the same with cybersecurity: the federal government should set minimum security standards for software and software development.

In today’s underregulated markets, it’s just too easy for software companies like SolarWinds to save money by skimping on security and to hope for the best. That’s a rational decision in today’s free-market world, and the only way to change that is to change the economic incentives.

This essay previously appeared in the New York Times.

backdoors China cyberespionage FBI hacking Intelwars Russia Supply chain

Another SolarWinds Orion Hack

At the same time the Russians were using a backdoored SolarWinds update to attack networks worldwide, another threat actor — believed to be Chinese in origin — was using an already existing vulnerability in Orion to penetrate networks:

Two people briefed on the case said FBI investigators recently found that the National Finance Center, a federal payroll agency inside the U.S. Department of Agriculture, was among the affected organizations, raising fears that data on thousands of government employees may have been compromised.


Reuters was not able to establish how many organizations were compromised by the suspected Chinese operation. The sources, who spoke on condition of anonymity to discuss ongoing investigations, said the attackers used computer infrastructure and hacking tools previously deployed by state-backed Chinese cyberspies.


While the alleged Russian hackers penetrated deep into SolarWinds network and hid a “back door” in Orion software updates which were then sent to customers, the suspected Chinese group exploited a separate bug in Orion’s code to help spread across networks they had already compromised, the sources said.

Two takeaways: One, we are learning about a lot of supply-chain attacks right now. Two, SolarWinds’ terrible security is the result of a conscious business decision to reduce costs in the name of short-term profits. Economist Matt Stoller writes about this:

These private equity-owned software firms torture professionals with bad user experiences and shitty customer support in everything from yoga studio software to car dealer IT to the nightmarish ‘core’ software that runs small banks and credit unions, as close as one gets to automating Office Space. But they also degrade product quality by firing or disrespecting good workers, under-investing in good security practices, or sending work abroad and paying badly, meaning their products are more prone to espionage. In other words, the same sloppy and corrupt practices that allowed this massive cybersecurity hack made Bravo a billionaire. In a sense, this hack, and many more like it, will continue to happen, as long as men like Bravo get rich creating security vulnerabilities for bad actors to exploit.

SolarWinds increased its profits by increasing its cybersecurity risk, and then transferred that risk to its customers without their knowledge or consent.

attribution forensics hacking Intelwars Malware Russia tamper detection

More SolarWinds News

Microsoft analyzed details of the SolarWinds attack:

Microsoft and FireEye only detected the Sunburst or Solorigate malware in December, but Crowdstrike reported this month that another related piece of malware, Sunspot, was deployed in September 2019, at the time hackers breached SolarWinds’ internal network. Other related malware includes Teardrop aka Raindrop.

Details are in the Microsoft blog:

We have published our in-depth analysis of the Solorigate backdoor malware (also referred to as SUNBURST by FireEye), the compromised DLL that was deployed on networks as part of SolarWinds products, that allowed attackers to gain backdoor access to affected devices. We have also detailed the hands-on-keyboard techniques that attackers employed on compromised endpoints using a powerful second-stage payload, one of several custom Cobalt Strike loaders, including the loader dubbed TEARDROP by FireEye and a variant named Raindrop by Symantec.

One missing link in the complex Solorigate attack chain is the handover from the Solorigate DLL backdoor to the Cobalt Strike loader. Our investigations show that the attackers went out of their way to ensure that these two components are separated as much as possible to evade detection. This blog provides details about this handover based on a limited number of cases where this process occurred. To uncover these cases, we used the powerful, cross-domain optics of Microsoft 365 Defender to gain visibility across the entire attack chain in one complete and consolidated view.

This is all important, because MalwareBytes was penetrated through Office 365, and not SolarWinds. New estimates are that 30% of the SolarWinds victims didn’t use SolarWinds:

Many of the attacks gained initial footholds by password spraying to compromise individual email accounts at targeted organizations. Once the attackers had that initial foothold, they used a variety of complex privilege escalation and authentication attacks to exploit flaws in Microsoft’s cloud services. Another of the Advanced Persistent Threat (APT)’s targets, security firm CrowdStrike, said the attacker tried unsuccessfully to read its email by leveraging a compromised account of a Microsoft reseller the firm had worked with.

On attribution: Earlier this month, the US government has stated the attack is “likely Russian in origin.” This echos what then Secretary of State Mike Pompeo said in December, and the Washington Post‘s reporting (both from December). (The New York Times has repeated this attribution — a good article that also discusses the magnitude of the attack.) More evidence comes from code forensics, which links it to Turla, another Russian threat actor.

And lastly, a long ProPublica story on an unused piece of government-developed tech that might have caught the supply-chain attack much earlier:

The in-toto system requires software vendors to map out their process for assembling computer code that will be sent to customers, and it records what’s done at each step along the way. It then verifies electronically that no hacker has inserted something in between steps. Immediately before installation, a pre-installed tool automatically runs a final check to make sure that what the customer received matches the final product the software vendor generated for delivery, confirming that it wasn’t tampered with in transit.

I don’t want to hype this defense too much without knowing a lot more, but I like the approach of verifying the software build process.

Balance sheet Bitcoin central banking Chinese yuan create money Dollar Federal Reserve Fiat Gold Headline News inflation Intelwars Masters no value own it all owners Reserve Currency Russia Scam Silver slaves United States

The Dollar’s Reserve Currency Status Won’t Last Forever

This article was originally published by Doug French at The Mises Institute. 

The Federal Reserve and the confederation of central banks that follow Chair Powell and his lieutenants at the Eccles Building have flooded the world with fiat script which is only limited by Keynesians’ and modern monetary theorists’ imaginations. In this flurry of metaphorical printing, one country, Russia, has loaded its central bank balance sheet not with the speculation de jour, bitcoin, but instead with the barbaric relic gold.

Tellingly, Russia’s stockpiling began in 2016, and on the eve of the president’s departure from the White House, Vladamir Putin and Elvira Nabiullina, President of Russia’s central bank, had more gold than US dollars stockpiled.

Bloomberg reports, “A multi-year drive to reduce exposure to US assets has pushed the share of gold in Russia’s $583 billion international reserves above dollars for the first time on record.”

It’s no secret Mr. Putin initiated the strategy to “de-dollarize” Russia’s economy. The yellow metal is now the second-largest component of the central bank’s reserves after euros, which make up a third of its reserves. Chinese yuan reserves make up 12 percent.

Over two years ago Forbes compared the oil-producing state Texas to the oil-producing country. “Even though Russia has nearly five times as many residents as Texas, the Lone Star State’s economy is more than $400 billion larger. Texans, therefore, enjoy a gross domestic product (GDP) per capita of around $58,000, whereas Russians have one closer to $8,700,” wrote Frank Holmes.

In the same article, Holmes pointed out, “The Russian Federation is the largest single producer of crude in the world, pumping out 10.95 million barrels per day (bpd) in January, according to the country’s energy minister.” Until there is an EV (electric vehicle) in every American garage, Russia is not to be taken lightly.

Americans have benefited mightily by holding and trading with the world’s reserve currency, though most people haven’t given it a thought. No one remembers when the pound sterling held this distinction a hundred years ago.

“Reserve currencies are typically issued by developed, stable countries,” Developed? If you insist. Stable? Not so much.

“Reserve currency-issuing countries are not exposed to the same level of exchange rate risk, especially when it comes to commodities, which are often quoted and settled in dollars,” Investopedia explains. “Issuing countries are also able to borrow in their home currencies and are less worried about propping up their currencies to avoid default.”

Investopedia laughingly cites what it calls a drawback to the reserve currency, “Low borrowing costs stemming from issuing a reserve currency may prompt loose spending by both the public and private sectors, which may result in asset bubbles and ballooning government debt.” Sounds familiar.

In 2015, Patrick Barron wrote on,

Because of this money-printing philosophy, the dollar is very susceptible to losing its vaunted reserve currency position to the first major trading country that stops inflating its currency. There is evidence that China understands what is at stake; it has increased its gold holdings and has instituted controls to prevent gold from leaving China.

Russia has joined China.

Barron concluded, “If we abolish, or even lessen, legal tender laws and allow the process of price discovery to reveal the best sound money if we allow our US dollar to become the best money it can—a truly sound money—then the chances of our personal and collective prosperity are greatly enhanced.”

The Fed fiddles while the dollar burns.

The post The Dollar’s Reserve Currency Status Won’t Last Forever first appeared on SHTF Plan – When It Hits The Fan, Don’t Say We Didn’t Warn You.

Capitol riots Carolyn Maloney FBI House Oversight Committee Intelwars Parler Parler shutdown Russia Social Media

Democratic House Oversight Committee chair asks FBI to investigate Parler for role in Capitol riot and ties to Russia

The top Democrat on the House Committee on Oversight and Reform has asked the FBI to investigate social media company Parler for its purported role in the Jan. 6 riot at the United States Capitol and alleged ties to Russia.

Committee Chairwoman Carolyn B. Maloney (D-N.Y.) on Thursday sent a letter to FBI Director Christopher Wray requesting a “comprehensive investigation” of the “assault on the Capitol” and specifically the “role the social media site Parler played in the assault.”

“I am writing to request that as part of its comprehensive investigation of the January 6 assault on the Capitol, the Federal Bureau of Investigation (FBI) conduct a robust examination of the role that the social media site Parler played in the assault, including as a potential facilitator of planning and incitement related to the violence, as a repository of key evidence posted by users on its site, and as a potential conduit for foreign governments who may be financing civil unrest in the United States,” Maloney wrote.

Following the events of Jan. 6, Parler became the focus of media reports alleging that the platform was used to coordinate the violent activity that took place. Amazon Web Services booted the website from its web hosting service, citing “a steady increase in violent content,” and Google and Apple removed the Parler app from their respective app stores.

The press statement from Maloney notes that some Parler users have been arrested on charges related to the Capitol riot. For example, Troy Anthony Smocks, 58, of Dallas, Texas, was charged for allegedly making violent threats against “RINOS, Dems, and Tech Execs” on his Parler account.

Additionally, Maloney wants the FBI to review Parler’s finances and alleged ties to Russia after the website partially re-launched, hiring DDoS-Guard — a Russian digital infrastructure company — to defend against denial of service attacks.

“Given these concerns, we ask that the FBI undertake a robust review of the role played by Parler in the January 6 attacks, including (1) as a potential facilitator of planning and incitement related to the attacks, (2) as a repository of key evidence posted by users on its site, and (3) as potential conduit for foreign governments who may be financing civil unrest in the United States,” Maloney wrote.

“In addition, as the Committee conducts its own investigation of these matters to inform its oversight and legislative efforts, I request a meeting with appropriate FBI officials on the status and scope of its review, consistent with protecting the integrity of law enforcement efforts on this front,” she continued.

Reports have indicated that violent rhetoric and threats against public officials were made on numerous social media platforms, including Facebook and Twitter. So far there is no Democratic-led effort to have the FBI investigate those websites.

hacking Intelwars microsoft Russia

SVR Attacks on Microsoft 365

FireEye is reporting the current known tactics that the SVR used to compromise Microsoft 365 cloud data as part of its SolarWinds operation:


blockquote>Mandiant has observed UNC2452 and other threat actors moving laterally to the Microsoft 365 cloud using a combination of four primary techniques:



  • Steal the Active Directory Federation Services (AD FS) token-signing certificate and use it to forge tokens for arbitrary users (sometimes described as Golden SAML). This would allow the attacker to authenticate into a federated resource provider (such as Microsoft 365) as any user, without the need for that user’s password or their corresponding multi-factor authentication (MFA) mechanism.
  • Modify or add trusted domains in Azure AD to add a new federated Identity Provider (IdP) that the attacker controls. This would allow the attacker to forge tokens for arbitrary users and has been described as an <a href=” AD backdoor.
  • Compromise the credentials of on-premises user accounts that are synchronized to Microsoft 365 that have high privileged directory roles, such as Global Administrator or Application Administrator.
  • Backdoor an existing Microsoft 365 application by adding a new application or service principal credential in order to use the legitimate permissions assigned to the application, such as the ability to read email, send email as an arbitrary user, access user calendars, etc.

    Lots of details here, including information on remediation and hardening.

    The more we learn about the this operation, the more sophisticated it becomes.

    In related news, MalwareBytes was also targeted.

  • Categories
    cyberattack cyberespionage essays hacking Intelwars national security policy Russia

    Russia’s SolarWinds Attack and Software Security

    The information that is emerging about Russia’s extensive cyberintelligence operation against the United States and other countries should be increasingly alarming to the public. The magnitude of the hacking, now believed to have affected more than 250 federal agencies and businesses — ­primarily through a malicious update of the SolarWinds network management software — ­may have slipped under most people’s radar during the holiday season, but its implications are stunning.

    According to a Washington Post report, this is a massive intelligence coup by Russia’s foreign intelligence service (SVR). And a massive security failure on the part of the United States is also to blame. Our insecure Internet infrastructure has become a critical national security risk­ — one that we need to take seriously and spend money to reduce.

    President-elect Joe Biden’s initial response spoke of retaliation, but there really isn’t much the United States can do beyond what it already does. Cyberespionage is business as usual among countries and governments, and the United States is aggressively offensive in this regard. We benefit from the lack of norms in this area and are unlikely to push back too hard because we don’t want to limit our own offensive actions.

    Biden took a more realistic tone last week when he spoke of the need to improve US defenses. The initial focus will likely be on how to clean the hackers out of our networks, why the National Security Agency and US Cyber Command failed to detect this intrusion and whether the 2-year-old Cybersecurity and Infrastructure Security Agency has the resources necessary to defend the United States against attacks of this caliber. These are important discussions to have, but we also need to address the economic incentives that led to SolarWinds being breached and how that insecure software ended up in so many critical US government networks.

    Software has become incredibly complicated. Most of us almost don’t know all of the software running on our laptops and what it’s doing. We don’t know where it’s connecting to on the Internet­ — not even which countries it’s connecting to­ — and what data it’s sending. We typically don’t know what third party libraries are in the software we install. We don’t know what software any of our cloud services are running. And we’re rarely alone in our ignorance. Finding all of this out is incredibly difficult.

    This is even more true for software that runs our large government networks, or even the Internet backbone. Government software comes from large companies, small suppliers, open source projects and everything in between. Obscure software packages can have hidden vulnerabilities that affect the security of these networks, and sometimes the entire Internet. Russia’s SVR leveraged one of those vulnerabilities when it gained access to SolarWinds’ update server, tricking thousands of customers into downloading a malicious software update that gave the Russians access to those networks.

    The fundamental problem is one of economic incentives. The market rewards quick development of products. It rewards new features. It rewards spying on customers and users: collecting and selling individual data. The market does not reward security, safety or transparency. It doesn’t reward reliability past a bare minimum, and it doesn’t reward resilience at all.

    This is what happened at SolarWinds. A New York Times report noted the company ignored basic security practices. It moved software development to Eastern Europe, where Russia has more influence and could potentially subvert programmers, because it’s cheaper.

    Short-term profit was seemingly prioritized over product security.

    Companies have the right to make decisions like this. The real question is why the US government bought such shoddy software for its critical networks. This is a problem that Biden can fix, and he needs to do so immediately.

    The United States needs to improve government software procurement. Software is now critical to national security. Any system for acquiring software needs to evaluate the security of the software and the security practices of the company, in detail, to ensure they are sufficient to meet the security needs of the network they’re being installed in. Procurement contracts need to include security controls of the software development process. They need security attestations on the part of the vendors, with substantial penalties for misrepresentation or failure to comply. The government needs detailed best practices for government and other companies.

    Some of the groundwork for an approach like this has already been laid by the federal government, which has sponsored the development of a “Software Bill of Materials” that would set out a process for software makers to identify the components used to assemble their software.

    This scrutiny can’t end with purchase. These security requirements need to be monitored throughout the software’s life cycle, along with what software is being used in government networks.

    None of this is cheap, and we should be prepared to pay substantially more for secure software. But there’s a benefit to these practices. If the government evaluations are public, along with the list of companies that meet them, all network buyers can benefit from them. The US government acting purely in the realm of procurement can improve the security of nongovernmental networks worldwide.

    This is important, but it isn’t enough. We need to set minimum safety and security standards for all software: from the code in that Internet of Things appliance you just bought to the code running our critical national infrastructure. It’s all one network, and a vulnerability in your refrigerator’s software can be used to attack the national power grid.

    The IOT Cybersecurity Improvement Act, signed into law last month, is a start in this direction.

    The Biden administration should prioritize minimum security standards for all software sold in the United States, not just to the government but to everyone. Long gone are the days when we can let the software industry decide how much emphasis to place on security. Software security is now a matter of personal safety: whether it’s ensuring your car isn’t hacked over the Internet or that the national power grid isn’t hacked by the Russians.

    This regulation is the only way to force companies to provide safety and security features for customers — just as legislation was necessary to mandate food safety measures and require auto manufacturers to install life-saving features such as seat belts and air bags. Smart regulations that incentivize innovation create a market for security features. And they improve security for everyone.

    It’s true that creating software in this sort of regulatory environment is more expensive. But if we truly value our personal and national security, we need to be prepared to pay for it.

    The truth is that we’re already paying for it. Today, software companies increase their profits by secretly pushing risk onto their customers. We pay the cost of insecure personal computers, just as the government is now paying the cost to clean up after the SolarWinds hack. Fixing this requires both transparency and regulation. And while the industry will resist both, they are essential for national security in our increasingly computer-dependent worlds.

    This essay previously appeared on

    cyber attack Cyber Security Department of Justice Intelligence Community Intelwars Russia Russian hackers Solarwinds orion cyber attack

    DOJ email accounts compromised in SolarWinds hack attributed to Russians

    The Department of Justice on Wednesday disclosed that its computer systems were among those compromised by a massive cybersecurity breach of government networks that U.S. officials attribute to Russia.

    According to the Associated Press, the DOJ said that 3% of its Microsoft Office 365 email accounts were potentially hacked. The DOJ does not believe that classified systems were breached but would not say to whom the email accounts belonged.

    “On Dec. 24, 2020, the Department of Justice’s Office of the Chief Information Officer (OCIO) learned of previously unknown malicious activity linked to the global SolarWinds incident that has affected multiple federal agencies and technology contractors, among others. This activity involved access to the Department’s Microsoft O365 email environment,” the DOJ said in a statement.

    “After learning of the malicious activity, the OCIO eliminated the identified method by which the actor was accessing the O365 email environment. At this point, the number of potentially accessed O365 mailboxes appears limited to around 3-percent and we have no indication that any classified systems were impacted,” the statement continued.

    “As part of the ongoing technical analysis, the Department has determined that the activity constitutes a major incident under the Federal Information Security Modernization Act, and is taking the steps consistent with that determination. The Department will continue to notify the appropriate federal agencies, Congress, and the public as warranted,” the DOJ said.

    On Tuesday, United States intelligence agencies formally accused the Russian government of orchestrating the cyberattack on software manufactured by IT company SolarWinds. The massive breach of government networks was discovered by the company last month and is estimated to have affected some 18,000 SolarWinds customers and an as yet unknown number of federal government agencies, including the DOJ, U.S. Treasury, and the Department of Commerce. Other agencies including the Department of Homeland Security, the Department of Defense, and the Energy Department’s National Nuclear Security Administration have also confirmed they were affected by the attack.

    A joint statement from the FBI, the Office of the Director of National Intelligence (ODNI), the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) blamed Russia for the attack. The Hill reported these agencies had set up a cyber unified coordination group in December to investigate the extent of the SolarWinds hack.

    “This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks,” the agencies said.

    EU Europe Germany Intelwars Russia

    Nord Stream 2: Potential Flashpoint as Pipeline Nears Completion

    January 6, 2021 (Brian Berletic – LD) – Nord Stream 2 is a pipeline project extending from Russia to Germany that – when completed – will provide a secure means of exporting Russian natural gas to Western Europe – circumventing a now volatile Ukraine and other potential conflict zones, all while tying Russia and Europe together further through mutually beneficial economic activity.

    The project has faced significant hurdles – mainly in the form of US sanctions aimed at pressuring Russia’s European partners into backing out of the deal. The recent alleged “poisoning” of Alexei Navalny also appears to be an engineered provocation aimed at driving a wedge between Russia and Germany as the project nears completion. 

    I explain the most recent developments regarding the Nord Stream 2 pipeline and why this project is critical to keep an eye on. 

    RELATED: Nord Stream 2: Washington to “Free” Europe From Freedom to Decide for Itself

    Its completion will be a victory for multipolarism and help draw Western Europe further out of Washington’s orbit. It will also be severe blow to Washington’s and Wall Street’s unipolar international order – a prospect it appears the US is willing to anything to avoid. 

    Brian Berletic, formally known under the pen name “Tony Cartalucci” is a geopolitical researcher, writer, and video producer (YouTube here and BitChute here) based in Bangkok, Thailand. He is a regular contributor to New Eastern Outlook and more recently, 21st Century Wire. You can support his work via Patreon here.

    hacking intelligence Intelwars Russia Supply chain

    Latest on the SVR’s SolarWinds Hack

    The New York Times has an in-depth article on the latest information about the SolarWinds hack (not a great name, since it’s much more far-reaching than that).

    Interviews with key players investigating what intelligence agencies believe to be an operation by Russia’s S.V.R. intelligence service revealed these points:

    • The breach is far broader than first believed. Initial estimates were that Russia sent its probes only into a few dozen of the 18,000 government and private networks they gained access to when they inserted code into network management software made by a Texas company named SolarWinds. But as businesses like Amazon and Microsoft that provide cloud services dig deeper for evidence, it now appears Russia exploited multiple layers of the supply chain to gain access to as many as 250 networks.
    • The hackers managed their intrusion from servers inside the United States, exploiting legal prohibitions on the National Security Agency from engaging in domestic surveillance and eluding cyberdefenses deployed by the Department of Homeland Security.
    • “Early warning” sensors placed by Cyber Command and the National Security Agency deep inside foreign networks to detect brewing attacks clearly failed. There is also no indication yet that any human intelligence alerted the United States to the hacking.
    • The government’s emphasis on election defense, while critical in 2020, may have diverted resources and attention from long-brewing problems like protecting the “supply chain” of software. In the private sector, too, companies that were focused on election security, like FireEye and Microsoft, are now revealing that they were breached as part of the larger supply chain attack.
    • SolarWinds, the company that the hackers used as a conduit for their attacks, had a history of lackluster security for its products, making it an easy target, according to current and former employees and government investigators. Its chief executive, Kevin B. Thompson, who is leaving his job after 11 years, has sidestepped the question of whether his company should have detected the intrusion.
    • Some of the compromised SolarWinds software was engineered in Eastern Europe, and American investigators are now examining whether the incursion originated there, where Russian intelligence operatives are deeply rooted.

    Separately, it seems that the SVR conducted a dry run of the attack five months before the actual attack:

    The hackers distributed malicious files from the SolarWinds network in October 2019, five months before previously reported files were sent to victims through the company’s software update servers. The October files, distributed to customers on Oct. 10, did not have a backdoor embedded in them, however, in the way that subsequent malicious files that victims downloaded in the spring of 2020 did, and these files went undetected until this month.


    “This tells us the actor had access to SolarWinds’ environment much earlier than this year. We know at minimum they had access Oct. 10, 2019. But they would certainly have had to have access longer than that,” says the source. “So that intrusion [into SolarWinds] has to originate probably at least a couple of months before that ­- probably at least mid-2019 [if not earlier].”

    The files distributed to victims in October 2019 were signed with a legitimate SolarWinds certificate to make them appear to be authentic code for the company’s Orion Platform software, a tool used by system administrators to monitor and configure servers and other computer hardware on their network.

    China economics Intelwars Russia

    Russian-Chinese Civilian Aviation Challenges Western Duopoly

    December 30, 2020 (Gunnar Ulson – NEO) – For decades US-based Boeing and European aerospace giant, Airbus, have dominated global civilian aviation in what many in the industry describe as a duopoly. But as is the case in so many other industries as of late, China’s economic and technological rise has raised questions about the future of this duopoly. 

    China’s Commercial Aircraft Corporation of China (COMAC), founded as recently as 2008 is developing a range of commercial airliners for use domestically and is attempting to promote its products abroad. While the latter is an intermediate to long-term prospect, domestically China already has the largest aviation market in the world with a growing demand for airliners projected well into the future. 

    COMAC is working to position itself to meet this demand and in the process eventually establishing itself as a reliable aerospace company capable of manufacturing and maintaining civilian airliners around the globe on par with Boeing and Airbus. 

    Russia’s United Aircraft Corporation (UAC) is similarly expanding its operations and already enjoys a share of foreign civilian aviation markets, however small in comparison with Boeing and Airbus. 

    Together, COMAC and UAC through the China-Russia Commercial Aircraft International Corporation  (CRAIC), are developing a long-range wide-body twinjet airliner that would further enhance the competitiveness of both companies. 

    Designated the CR929, the new aircraft is expected to make its first flight by 2025, before being introduced to the market in following years. 

    The ability for the CR929 to compete head-to-head with Boeing and Airbus at the moment seems unlikely. What is more likely is that it, along with other offerings from both COMAC and UAC, will prove themselves first in the Russian and Chinese civilian aviation markets, before future developments are more widely accepted by others internationally. 

    It is a long-term plan that takes into account not only the current geopolitical climate, but one that takes into consideration a future international order that has tilted considerably more toward the multipolar and away from the West’s current unipolar order, and an order that has produced and still jealously protects the Boeing-Airbus duopoly.  

    In fact, among the growing list of US sanctions against both China and Russia, several are designed specifically to target the civilian aviation industries of both nations. 

    These include sanctions that will prohibit Western corporations from providing systems and components to either country that would eventually make their way into the CR929 and future aircraft designs. 

    Such sanctions will  undoubtedly delay the development of CR929 and setback the Chinese and Russian civilian aviation industries, but just as is the case with sanctions aimed at Chinese telecom giant Huawei, these sanctions are unlikely to entirely stop either nation’s civilian aviation industries. 

    Additionally, such sanctions invite the possibility of retaliatory sanctions which might include the exclusion of companies like Boeing from China’s massive and still growing civilian aviation market.  

    This would help compensate for the technical setbacks COMAC, its products and those it is jointly developing with Russia’s UAC face from US sanctions and give it the time and space it needs to mature its technology within China’s domestic market, to eventually, directly compete with Boeing and Airbus internationally. 

    Thus, while the threat by COMAC and UAC to the West’s civilian aviation duopoly is not immediate, it is present and growing. Because of the West’s inability or lack of confidence to compete fairly in open markets with China and Russia, it is creating the conditions COMAC and UAC need to develop their aircraft in a market protected by retaliatory sanctions and in a market more than large enough to sustain both companies. 

    The saying, “what doesn’t kill you only makes you stronger” appears to be apt here. If COMAC and UAC can continue developing world class airliners despite current pressure from the US, developing the systems domestically that the US seeks to deny the companies from Western suppliers, both companies will come out stronger because of it. 

    At the same time, it isn’t difficult to imagine China’s partners across Asia, particularly in Southeast Asia adopting COMAC aircraft some time in the near future, with many already having bought UAC’s Sukhoi Superjets. 

    Constructive competition and a balance between great powers is a key feature of multipolarism. The deconstruction of the West’s civilian aviation duopoly will be a key metric to measure multipolarism’s success in the coming years as COMAC, UAC and their joint venture, the CR929 take shape and hopefully soon, take flight.  

    Gunnar Ulson, a New York-based geopolitical analyst and writer especially for the online magazine “New Eastern Outlook”. 

    covid Covid deaths Covid vaccine COVID-19 Intelwars Russia

    Russian official reveals Russia’s COVID death toll is likely 3 times higher than what Moscow has reported

    Russia has reported millions of COVID cases but has maintained a low mortality rate that has caused international observers to raise questions about the nation’s official pandemic reporting.

    This week, new data from Moscow revealed that the country’s COVID death count is actually three times higher than previously reported, Sky News said Tuesday.

    What is Russia’s real death figure?

    Before Monday, Russia had reported slightly more than 3 million confirmed COVID cases and approximately 55,000 deaths.

    But new data reported Monday from Moscow’s government statistics agency, Rosstat, revealed that the COVID death count is actually more than 186,000, according to Sky News. This would move Russia from being the country with the eighth-highest number of total deaths to the third-highest — ranking behind the U.S. (335,000) and Brazil (191,000).

    Russian President Vladimir Putin had previously claimed that his country’s low number of deaths was because of his people’s effective handling of the pandemic.

    However, analysts said the surprisingly small fatality rate was due to the fact that the government had required that, in order for a death to be counted as an official COVID fatality, COVID had to be listed on an autopsy as the main cause of death.

    Rosstat revealed Monday that the number of total deaths from all causes in 2020 (from January through November) was up 229,700 compared to the same time last year. According to Russian Deputy Prime Minister Tatiana Golikova, “more than 81%” of those extra deaths were due to COVID,” Sky News said, which means more than 186,000 Russians died from the virus over that 11-month period.

    Golikova’s take on the data has yet to be reflected in any of Russia’s official COVID reports.

    Russia is hoping its Sputnik V coronavirus vaccine, which the government claims is 95% effective, will have a serious impact on its growing COVID numbers.

    But there’s a catch with the vaccine that is bad news for a lot of Russians: Patients need to abstain from alcohol for about two months during the inoculation process.

    Golikova warned would-be vaccine patients that they must not only continue virus mitigation efforts — wearing face masks, socially distancing, using sanitizers — but also “refrain from drinking alcohol or taking immunosuppressant drugs.”

    backdoors cyberattack Cybercrime cyberespionage Espionage essays hacking Intelwars Russia vulnerabilities

    Russia’s SolarWinds Attack

    Recent news articles have all been talking about the massive Russian cyberattack against the United States, but that’s wrong on two accounts. It wasn’t a cyberattack in international relations terms, it was espionage. And the victim wasn’t just the US, it was the entire world. But it was massive, and it is dangerous.

    Espionage is internationally allowed in peacetime. The problem is that both espionage and cyberattacks require the same computer and network intrusions, and the difference is only a few keystrokes. And since this Russian operation isn’t at all targeted, the entire world is at risk — and not just from Russia. Many countries carry out these sorts of operations, none more extensively than the US. The solution is to prioritize security and defense over espionage and attack.

    Here’s what we know: Orion is a network management product from a company named SolarWinds, with over 300,000 customers worldwide. Sometime before March, hackers working for the Russian SVR — previously known as the KGB — hacked into SolarWinds and slipped a backdoor into an Orion software update. (We don’t know how, but last year the company’s update server was protected by the password “solarwinds123” — something that speaks to a lack of security culture.) Users who downloaded and installed that corrupted update between March and June unwittingly gave SVR hackers access to their networks.

    This is called a supply-chain attack, because it targets a supplier to an organization rather than an organization itself — and can affect all of a supplier’s customers. It’s an increasingly common way to attack networks. Other examples of this sort of attack include fake apps in the Google Play store, and hacked replacement screens for your smartphone.

    SolarWinds has removed its customer list from its website, but the Internet Archive saved it: all five branches of the US military, the state department, the White House, the NSA, 425 of the Fortune 500 companies, all five of the top five accounting firms, and hundreds of universities and colleges. In an SEC filing, SolarWinds said that it believes “fewer than 18,000” of those customers installed this malicious update, another way of saying that more than 17,000 did.

    That’s a lot of vulnerable networks, and it’s inconceivable that the SVR penetrated them all. Instead, it chose carefully from its cornucopia of targets. Microsoft’s analysis identified 40 customers who were infiltrated using this vulnerability. The great majority of those were in the US, but networks in Canada, Mexico, Belgium, Spain, the UK, Israel and the UAE were also targeted. This list includes governments, government contractors, IT companies, thinktanks, and NGOs — and it will certainly grow.

    Once inside a network, SVR hackers followed a standard playbook: establish persistent access that will remain even if the initial vulnerability is fixed; move laterally around the network by compromising additional systems and accounts; and then exfiltrate data. Not being a SolarWinds customer is no guarantee of security; this SVR operation used other initial infection vectors and techniques as well. These are sophisticated and patient hackers, and we’re only just learning some of the techniques involved here.

    Recovering from this attack isn’t easy. Because any SVR hackers would establish persistent access, the only way to ensure that your network isn’t compromised is to burn it to the ground and rebuild it, similar to reinstalling your computer’s operating system to recover from a bad hack. This is how a lot of sysadmins are going to spend their Christmas holiday, and even then they can&;t be sure. There are many ways to establish persistent access that survive rebuilding individual computers and networks. We know, for example, of an NSA exploit that remains on a hard drive even after it is reformatted. Code for that exploit was part of the Equation Group tools that the Shadow Brokers — again believed to be Russia — stole from the NSA and published in 2016. The SVR probably has the same kinds of tools.

    Even without that caveat, many network administrators won’t go through the long, painful, and potentially expensive rebuilding process. They’ll just hope for the best.

    It’s hard to overstate how bad this is. We are still learning about US government organizations breached: the state department, the treasury department, homeland security, the Los Alamos and Sandia National Laboratories (where nuclear weapons are developed), the National Nuclear Security Administration, the National Institutes of Health, and many more. At this point, there’s no indication that any classified networks were penetrated, although that could change easily. It will take years to learn which networks the SVR has penetrated, and where it still has access. Much of that will probably be classified, which means that we, the public, will never know.

    And now that the Orion vulnerability is public, other governments and cybercriminals will use it to penetrate vulnerable networks. I can guarantee you that the NSA is using the SVR’s hack to infiltrate other networks; why would they not? (Do any Russian organizations use Orion? Probably.)

    While this is a security failure of enormous proportions, it is not, as Senator Richard Durban said, “virtually a declaration of war by Russia on the United States.” While President-elect Biden said he will make this a top priority, it’s unlikely that he will do much to retaliate.

    The reason is that, by international norms, Russia did nothing wrong. This is the normal state of affairs. Countries spy on each other all the time. There are no rules or even norms, and it’s basically “buyer beware.” The US regularly fails to retaliate against espionage operations — such as China’s hack of the Office of Personal Management (OPM) and previous Russian hacks — because we do it, too. Speaking of the OPM hack, the then director of national intelligence, James Clapper, said: “You have to kind of salute the Chinese for what they did. If we had the opportunity to do that, I don’t think we’d hesitate for a minute.”

    We don’t, and I’m sure NSA employees are grudgingly impressed with the SVR. The US has by far the most extensive and aggressive intelligence operation in the world. The NSA’s budget is the largest of any intelligence agency. It aggressively leverages the US’s position controlling most of the internet backbone and most of the major internet companies. Edward Snowden disclosed many targets of its efforts around 2014, which then included 193 countries, the World Bank, the IMF and the International Atomic Energy Agency. We are undoubtedly running an offensive operation on the scale of this SVR operation right now, and it’ll probably never be made public. In 2016, President Obama boasted that we have “more capacity than anybody both offensively and defensively.”

    He may have been too optimistic about our defensive capability. The US prioritizes and spends many times more on offense than on defensive cybersecurity. In recent years, the NSA has adopted a strategy of “persistent engagement,” sometimes called “defending forward.” The idea is that instead of passively waiting for the enemy to attack our networks and infrastructure, we go on the offensive and disrupt attacks before they get to us. This strategy was credited with foiling a plot by the Russian Internet Research Agency to disrupt the 2018 elections.

    But if persistent engagement is so effective, how could it have missed this massive SVR operation? It seems that pretty much the entire US government was unknowingly sending information back to Moscow. If we had been watching everything the Russians were doing, we would have seen some evidence of this. The Russians’ success under the watchful eye of the NSA and US Cyber Command shows that this is a failed approach.

    And how did US defensive capability miss this? The only reason we know about this breach is because, earlier this month, the security company FireEye discovered that it had been hacked. During its own audit of its network, it uncovered the Orion vulnerability and alerted the US government. Why don’t organizations like the Departments of State, Treasury and Homeland Wecurity regularly conduct that level of audit on their own systems? The government’s intrusion detection system, Einstein 3, failed here because it doesn’t detect new sophisticated attacks — a deficiency pointed out in 2018 but never fixed. We shouldn’t have to rely on a private cybersecurity company to alert us of a major nation-state attack.

    If anything, the US’s prioritization of offense over defense makes us less safe. In the interests of surveillance, the NSA has pushed for an insecure cell phone encryption standard and a backdoor in random number generators (important for secure encryption). The DoJ has never relented in its insistence that the world’s popular encryption systems be made insecure through back doors — another hot point where attack and defense are in conflict. In other words, we allow for insecure standards and systems, because we can use them to spy on others.

    We need to adopt a defense-dominant strategy. As computers and the internet become increasingly essential to society, cyberattacks are likely to be the precursor to actual war. We are simply too vulnerable when we prioritize offense, even if we have to give up the advantage of using those insecurities to spy on others.

    Our vulnerability is magnified as eavesdropping may bleed into a direct attack. The SVR’s access allows them not only to eavesdrop, but also to modify data, degrade network performance, or erase entire networks. The first might be normal spying, but the second certainly could be considered an act of war. Russia is almost certainly laying the groundwork for future attack.

    This preparation would not be unprecedented. There’s a lot of attack going on in the world. In 2010, the US and Israel attacked the Iranian nuclear program. In 2012, Iran attacked the Saudi national oil company. North Korea attacked Sony in 2014. Russia attacked the Ukrainian power grid in 2015 and 2016. Russia is hacking the US power grid, and the US is hacking Russia’s power grid — just in case the capability is needed someday. All of these attacks began as a spying operation. Security vulnerabilities have real-world consequences.

    We’re not going to be able to secure our networks and systems in this no-rules, free-for-all every-network-for-itself world. The US needs to willingly give up part of its offensive advantage in cyberspace in exchange for a vastly more secure global cyberspace. We need to invest in securing the world’s supply chains from this type of attack, and to press for international norms and agreements prioritizing cybersecurity, like the 2018 Paris Call for Trust and Security in Cyberspace or the Global Commission on the Stability of Cyberspace. Hardening widely used software like Orion (or the core internet protocols) helps everyone. We need to dampen this offensive arms race rather than exacerbate it, and work towards cyber peace. Otherwise, hypocritically criticizing the Russians for doing the same thing we do every day won’t help create the safer world in which we all want to live.

    This essay previously appeared in the Guardian.

    forensics Intelwars Operational Security Russia traffic analysis

    Investigating the Navalny Poisoning

    Bellingcat has investigated the near-fatal poisoning of Alexey Navalny by the Russian GRU back in August. The details display some impressive traffic analysis. Navalny got a confession out of one of the poisoners, displaying some masterful social engineering.

    Lots of interesting opsec details in all of this.

    Intelwars propaganda Russia

    CNN + Bellingcat’s Latest Russian Novichok Lies

    December 23, 2020 (Brian Berletic – LD) – CNN and US government-funded war propaganda outfit “Bellingcat” teamed up to “investigate” the alleged poisoning of Russian opposition leader Alexei Navalny.

    Despite multiple reports – each several pages long – ultimately CNN admitted that they were unable to conclude who actually poisoned Navalny – also admitting there was no evidence that Russian FSB agents they claim followed Navalny played any role at all in the alleged crime. 

    I break down CNN and Bellingcat’s innuendo-filled report, their full admission that ultimately they were unable to draw any fact-based conclusions – and Russian state involvement is merely implied in what is yet another case of US-backed “weapons of mass destruction” lies used to justify US sanctions and aggression against Russia – and ruin Russia’s relations with Western European nations – particularly its Nord Stream 2 pipeline partner – Germany. 

    Intelwars Russia

    Russia’s Hypersonic ‘Zircon’ Missile Takes Flight

    December 19, 2020 (Brian Berletic – NEO) – Russian state media reported a successful test flight of its new hypersonic missile, the Zircon. Flying at Mach 8 (8 times the speed of sound or around 10,000 kph), the missile poses a new and credible threat to the air defense systems of potential aggressors. 

    Fired from vertical launch tubes on a Russian warship, the missile is capable of striking both targets at sea and on land. This most recent test took place over a range of 350 kilometers, but claims the missile is capable of ranges of up to 1,000 kilometers have been reported. 

    This would mean that missiles fired from the Mediterranean Sea, for example, could hit virtually any target amid the ongoing Syrian conflict, both within Syria but also in neighboring nations backing militants fighting against the Syrian government and its Russian allies. 

    Is the West Downplaying ‘Zircon’s’ Capabilities to Hide Fears? 

    The Western media has reported on Russia’s hypersonic missiles for a while. And now that the first Zircon missiles have taken flight in reportedly successful tests – speculation among the West as well as an attempt to downplay Russia’s technological achievement is in full motion.

    Articles like Popular Science’s, “Don’t believe the hype about Russia’s hypersonic missile,” claim: 

    Despite headlines to the contrary, not enough about the missile is known yet to definitely claim that it poses an uncounterable threats to ships at sea.

    The article continues by noting that speed alone is not necessarily an undefeatable trait of the Zircon missile and that an ability to maneuver – particularly end-game maneuverability right before hitting a target – would make it a truly credible and nearly unstoppable threat to the fleets of aggressor nations. 

    Then there is’s article, “Why Russia’s Hypersonic Missiles Can’t Be Seen on Radar,” which notes (emphasis added): 

    The missile flies with an advanced fuel that the Russians say gives it a range of up to 1,000 kilometers. And it’s so fast that the air pressure in front of the weapon forms a plasma cloud as it moves, absorbing radio waves and making it practically invisible to active radar systems.

    U.S. Aegis missile interceptor systems require 8-10 seconds of reaction time to intercept incoming attacks. In those 8-10 seconds, the Russian Zircon missiles will already have traveled 20 kilometers, and the interceptor missiles do not fly fast enough to catch up.

    The only hope to stopping an incoming Zircon missile – or any hypersonic missile for that matter – would be to detect it early enough and be able to react fast enough to throw up defenses in its flight path. Barring its ability to maneuver at the last moment to evade these defenses – there is the possibility of intercepting them. 

    But that’s if just one, or a few missiles are launched. Even a full-fledged US carrier strike group would be able to shoot down only so many of these missiles at one given time. 

    The footage made available of the Zircon’s recent test flight shows it deploying from one of several vertical launch tubes meaning that in the future – multiple missiles will be aboard any given Russian military vessel – meaning that several vessels can launch several missiles at any given time. 

    With the possibility of altering their flight paths accordingly – large numbers of missiles could reach a potential target or targets simultaneously and from multiple angles, overwhelming even the best air defenses in a process known as saturation. 

    This means that should enough of these missiles make it into service with Russia’s naval forces and  should the need arise to use them – large numbers can be used to overwhelm air defense systems even if they are tuned specifically to counter hypersonic weapons like the Zircon missile. 

    Raising the Cost of Western Military Aggression 

    Not only does the development and deployment among Russia’s fleet of Zircon hypersonic missiles give Russia yet another conventional weapon serving as a deterrence against Western aggression, the prospect of these weapons being sold to allies would extend a credible deterrence well beyond Russia’s borders and shores as well. 

    In fact, US-based think-tank – RAND Corporation – detailed the threat proliferation poses to US military aggression around the globe in a lengthy policy paper titled, “Hypersonic Missile Nonproliferation: Hindering the Spread of a New Class of Weapons.” 

    The paper notes that: 

    …because of the difficulties of defending against hypersonic missiles, relatively small hypersonic forces can pose threats against major powers’ forward-projected forces, or even deterrent threats against the homelands of major powers.

    And this “threat” to the “forward-projected forces” of “major powers” – referring almost exclusively to the United States and is multiple, ongoing campaigns of military aggression, occupation, and intervention around the globe – is what the US fears the most. 

    It is a non-nuclear military deterrence capable of sinking a US fleet or demolishing a US military base built illegally in an occupied nation, and one the US has very few means to defend against. There is also no real pretext to oppose a nation of developing or acquiring such weapons either, besides the ability of hypersonic missiles to thwart otherwise illegal military aggression carried out by the US. It would be a very difficult case to make and produce policy very difficult to sell to the international community. 

    For the US itself – a nation surrounded by two vast oceans – the Atlantic and Pacific – the prospect of hypersonic missiles posing a threat to its actual territory is minimum. It is its illegally deployed military forces engaged in likewise illegal military aggression around the globe that are most at risk. 

    The RAND Corporation’s paper advocating for moves to limit the proliferation of hypersonic missiles is already an uphill battle. While not hypersonic, the incredibly fast and advanced BrahMos cruise missile – jointly developed by Russia and India – is set to be further developed into a hypersonic missile in the near future. 

    This technology will undoubtedly be proliferated by nations like Russia and China specifically because of the check and balance it serves against US military aggression around the globe – a non-nuclear alternative that raises the stakes and price for US military aggression, thus leaving policymakers in Washington and their sponsors on Wall Street with more constructive competition and collaboration as as their only alternatives. 

    In many ways, Russia’s hypersonic missile – the Zircon – is not just a technological achievement or a newly acquired and formidable military capability – it is also a useful component of a much wider diplomatic effort to shift the world from the Western-dominated unipolar “rules-based international order” – one underwritten by Western military aggression – and toward multipolarism where the cost of conflict is higher than the cost of fair competition and cooperation. 

    Brian Berletic is a Bangkok-based geopolitical researcher and writer, especially for the online magazine New Eastern Outlook”.


    RT – Russia successfully tests hypersonic Zircon missile, flying EIGHT TIMES the speed of sound to hit ground-based target (VIDEO):

    NATO –  Patriot Missile Fact Sheet:

    Military Dot Com – Why Russia’s Hypersonic Missiles Can’t Be Seen on Radar:

    Popular Science – Don’t believe the hype about Russia’s hypersonic missile:

    RAND Corporation – Hypersonic Missile Nonproliferation: Hindering the Spread of a New Class

    of Weapons:


    Commentary Conspiracy Intelwars Politics Russia Russians SolarWinds Tech Technology War World

    “The Russians Hacked Us!”: They Are Pushing A Narrative That We Are Heading For A Conflict With Russia

    Not this again.  In the aftermath of the 2016 election, Democrats squarely blamed “Russian interference” for Trump’s election victory, and they spent the next several years going down the rabbit hole of that conspiracy theory.  So here we are in the aftermath of the 2020 election, and once again they are pushing another “blame Russia” narrative.  In recent days the mainstream media has been breathlessly telling us about “a massive cyberattack” that was “the largest espionage attack in history”, and even though they are not giving us any evidence that would point to the Russians, they are insisting that Russia must have been behind the attack.

    Of course it is theoretically possible that the Russians could have done it, but the Chinese, the North Koreans and the Iranians also have extremely sophisticated cyberattack capabilities.

    Why couldn’t it have been one of them?

    And it is entirely possible that we could have simply attacked ourselves so that we could blame it on the Russians later.

    We probably will never know the actual truth in this matter.  The U.S. intelligence community has been lying to the American people for so long that most of us wouldn’t believe them even if everything that they were saying was 100 percent true.  And whoever did actually conduct this cyberattack is almost certainly never going to admit it.

    But what we do know is that this provides a convenient anti-Russia narrative for the deep state at a moment when it looks like a new administration might be entering the White House.

    Needless to say, the mainstream media has fallen for the “blame Russia” angle hook, line and sinker.  For example, just check out the sort of stuff that is being said about this attack on CNN

    Richard Clarke worked under three administrations and served as special advisor to President George W. Bush. Appearing on The Lead with Jake Tapper Thursday, he offered terrifying insight into reports of a massive cyber-attack carried out on the U.S. government.

    “This is the largest espionage attack in history,” Clarke flatly opened to host Jake Tapper. “This is as though the Russians got a passkey, a skeleton key for about half the locks in the country. Think about it that way. It’s 18,000 companies and government institutions scattered around the U.S. And the world. This is an espionage attack.”

    Needless to say, you can find similar coverage of this story on all of the other major news networks as well.

    But jumping to conclusions is extremely dangerous.  Many of the experts that are blaming “the Russians” for “the largest espionage attack in history” also seem to be implying that the United States needs to respond in some manner.

    So exactly what would such a U.S. “response” look like?

    And how would the Russians respond once we start hitting back at them?

    I think that those are very important questions.

    We are being told that a whole host of U.S. agencies were affected by this cyberattack, and that includes the agency “which maintains the U.S. nuclear weapons stockpile”

    The Energy Department and National Nuclear Security Administration, which maintains the U.S. nuclear weapons stockpile, have evidence that hackers accessed their networks as part of an extensive espionage operation that has affected at least half a dozen federal agencies, officials directly familiar with the matter said.

    On Thursday, DOE and NNSA officials began coordinating notifications about the breach to their congressional oversight bodies after being briefed by Rocky Campione, the chief information officer at DOE.

    And we are also being told that “the Russians” have had access to the networks of those agencies “for six to nine months”

    Tom Bossert, a former homeland security adviser to President Donald Trump, said the “magnitude of this ongoing attack is hard to overstate.”

    “The Russians have had access to a considerable number of important and sensitive networks for six to nine months,” Bossert said in column published in the New York Times, adding that Russian intelligence officials have likely gained “administrative control over the networks it considered priority targets.”

    You have got to be kidding me.

    Hackers have been prancing around in highly sensitive U.S. government computer systems for six to nine months and we are just finding out about it now?

    Apparently hackers were able to gain access to those systems through a piece of software created by a company called SolarWinds

    The attackers penetrated federal computer systems through a popular piece of server software offered through a company called SolarWinds.

    According to USA Today, the SolarWinds Orion Platform “is used by hundreds of thousands of organizations globally, including most Fortune 500 companies and multiple U.S. federal agencies”.

    All of those entities could have been compromised, and all of them will now need to work to secure their networks.

    It also turns out that Dominion Voting Systems also uses software that was created by SolarWinds, but we are being told not to worry because they don’t use the Orion Platform that was the specific target of these particular attacks.

    Uh, okay.

    No matter who was actually behind these recent cyberattacks, the deep state and the mainstream media will almost certainly continue to pin the blame on the Russians, and that means that our relationship with Russia will continue to rapidly deteriorate.

    Meanwhile, the Chinese military has been training for an invasion of Taiwan

    Footage aired by China’s state broadcaster CCTV last week included rare images of the Type 96A main battle tank during a war game in Hangzhou, in east China.

    The Chinese army units of 72nd Group Army took part in the street battle exercise which attempted to simulate conditions China’s invading forces could encounter if they invade Taiwan.

    If the Chinese actually pull the trigger on such an invasion, that would likely result in military conflict between the U.S. and China.

    But if there is a weak president such as Joe Biden in the White House, the Chinese may be emboldened to try such a move.

    We live at a time of wars and rumors of wars, and once Trump is out of the White House I believe that we would inevitably move much closer to war with both Russia and China.

    Unfortunately, most Americans don’t spend much time thinking about foreign policy these days.

    In fact, most Americans don’t spend much time thinking for themselves at all.

    Instead, they allow others to do most of their thinking for them, and that is extremely unfortunate.

    ***Michael’s new book entitled “Lost Prophecies Of The Future Of America” is now available in paperback and for the Kindle on Amazon.***

    About the Author: My name is Michael Snyder and my brand new book entitled “Lost Prophecies Of The Future Of America” is now available on  In addition to my new book, I have written four others that are available on including The Beginning Of The EndGet Prepared Now, and Living A Life That Really Matters. (#CommissionsEarned)  By purchasing the books you help to support the work that my wife and I are doing, and by giving it to others you help to multiply the impact that we are having on people all over the globe.  I have published thousands of articles on The Economic Collapse BlogEnd Of The American Dream and The Most Important News, and the articles that I publish on those sites are republished on dozens of other prominent websites all over the globe.  I always freely and happily allow others to republish my articles on their own websites, but I also ask that they include this “About the Author” section with each article.  The material contained in this article is for general information purposes only, and readers should consult licensed professionals before making any legal, business, financial or health decisions.  I encourage you to follow me on social media on FacebookTwitter and Parler, and any way that you can share these articles with others is a great help.  During these very challenging times, people will need hope more than ever before, and it is our goal to share the gospel of Jesus Christ with as many people as we possibly can.

    The post “The Russians Hacked Us!”: They Are Pushing A Narrative That We Are Heading For A Conflict With Russia first appeared on End Of The American Dream.

    Breaches cyberespionage Cybersecurity Intelwars national security policy Russia

    More on the SolarWinds Breach

    The New York Times has more details.

    About 18,000 private and government users downloaded a Russian tainted software update –­ a Trojan horse of sorts ­– that gave its hackers a foothold into victims’ systems, according to SolarWinds, the company whose software was compromised.

    Among those who use SolarWinds software are the Centers for Disease Control and Prevention, the State Department, the Justice Department, parts of the Pentagon and a number of utility companies. While the presence of the software is not by itself evidence that each network was compromised and information was stolen, investigators spent Monday trying to understand the extent of the damage in what could be a significant loss of American data to a foreign attacker.

    It’s unlikely that the SVR (a successor to the KGB) penetrated all of those networks. But it is likely that they penetrated many of the important ones. And that they have buried themselves into those networks, giving them persistent access even if this vulnerability is patched. This is a massive intelligence coup for the Russians and failure for the Americans, even if no classified networks were touched.

    Meanwhile, CISA has directed everyone to remove SolarWinds from their networks. This is (1) too late to matter, and (2) likely to take many months to complete. Probably the right answer, though.

    This is almost too stupid to believe:

    In one previously unreported issue, multiple criminals have offered to sell access to SolarWinds’ computers through underground forums, according to two researchers who separately had access to those forums.

    One of those offering claimed access over the Exploit forum in 2017 was known as “fxmsp” and is wanted by the FBI “for involvement in several high-profile incidents,” said Mark Arena, chief executive of cybercrime intelligence firm Intel471. Arena informed his company’s clients, which include U.S. law enforcement agencies.

    Security researcher Vinoth Kumar told Reuters that, last year, he alerted the company that anyone could access SolarWinds’ update server by using the password “solarwinds123”

    “This could have been done by any attacker, easily,” Kumar said.

    Neither the password nor the stolen access is considered the most likely source of the current intrusion, researchers said.

    That last sentence is important, yes. But the sloppy security practice is likely not an isolated incident, and speaks to the overall lack of security culture at the company.

    And I noticed that SolarWinds has removed its customer page, presumably as part of its damage control efforts. I quoted from it. Did anyone save a copy?

    cyberespionage Cybersecurity hacking Intelwars Russia

    Another Massive Russian Hack of US Government Networks

    The press is reporting a massive hack of US government networks by sophisticated Russian hackers.

    Officials said a hunt was on to determine if other parts of the government had been affected by what looked to be one of the most sophisticated, and perhaps among the largest, attacks on federal systems in the past five years. Several said national security-related agencies were also targeted, though it was not clear whether the systems contained highly classified material.


    The motive for the attack on the agency and the Treasury Department remains elusive, two people familiar with the matter said. One government official said it was too soon to tell how damaging the attacks were and how much material was lost, but according to several corporate officials, the attacks had been underway as early as this spring, meaning they continued undetected through months of the pandemic and the election season.

    The attack vector seems to be a malicious update in SolarWinds’ “Orion” IT monitoring platform, which is widely used in the US government (and elsewhere).

    SolarWinds’ comprehensive products and services are used by more than 300,000 customers worldwide, including military, Fortune 500 companies, government agencies, and education institutions. Our customer list includes:

    • More than 425 of the US Fortune 500
    • All ten of the top ten US telecommunications companies
    • All five branches of the US Military
    • The US Pentagon, State Department, NASA, NSA, Postal Service, NOAA, Department of Justice, and the Office of the President of the United States
    • All five of the top five US accounting firms
    • Hundreds of universities and colleges worldwide

    I’m sure more details will become public over the next several weeks.

    covid Covid vaccine Intelwars Russia

    Russia delivers very bad news to its citizens seeking COVID-19 vaccine: No alcohol for two months

    Russia has its own COVID-19 vaccine its offering to its citizenry that it claims is 95% effective — but there’s a catch for anyone who wants to get the shots: no booze for two months.

    What’s going on with this vaccine?

    Last week, Russia began issuing its Sputnik V coronavirus vaccine to its members of its army as well as education, health care, and social services workers, and then to the rest of the citizenry, the government said via the state-run TASS News Agency.

    But the government had a warning for anyone wanting to get the vaccine: You need to abstain from alcohol for about two months during the inoculation process.

    Russian Deputy Prime Minister Tatiana Golikova issued the warning Friday, TASS said, telling would-be vaccine patients that they must not only continue virus mitigation efforts — wearing face masks, socially distancing, using sanitizers — but also “refrain from drinking alcohol or taking immunosuppressant drugs.”

    The head of the nation’s consumer safety watchdog, Anna Popova, repeated those warnings Tuesday in an interview with Radio Komsomolskaya Pravda, noting that anyone receiving the vaccine should avoid alcohol for two weeks before the first shot and then for another 42 days afterward because there is a 21-day gap between doses, the Moscow Times reported.

    “It’s a strain on the body. If we want to stay healthy and have a strong immune response, don’t drink alcohol,” she pleaded in the interview.

    The request could be a tough one for the citizens of a country that, according to the World Health Organization, is the fourth-largest consumer of alcohol per capita, the New York Post noted.

    Following Popova’s remarks, Alexander Gintsburg, the head of the state-run Gamaleya research center, which was responsible for developing Sputnik V, tempered those warnings a little by saying that, while no one should abuse alcohol during the inoculation process, “a single glass of champagne never hurt anyone,” the Times said.

    Sputnick V’s developers have claimed that the vaccine is 95% effective, the Times reported. But, as the Post revealed, the county has yet to provide studies to show the shots work, and Russian President Vladimir Putin has thus far refused to take it.

    The vaccination push over the weekend saw approximately 100,000 people receiving the first of two shots required for the inoculation, according to the Times.

    Breaches cyberespionage hacking Intelwars Network Security Russia

    FireEye Hacked

    FireEye was hacked by — they believe — “a nation with top-tier offensive capabilities”:

    During our investigation to date, we have found that the attacker targeted and accessed certain Red Team assessment tools that we use to test our customers’ security. These tools mimic the behavior of many cyber threat actors and enable FireEye to provide essential diagnostic security services to our customers. None of the tools contain zero-day exploits. Consistent with our goal to protect the community, we are proactively releasing methods and means to detect the use of our stolen Red Team tools.

    We are not sure if the attacker intends to use our Red Team tools or to publicly disclose them. Nevertheless, out of an abundance of caution, we have developed more than 300 countermeasures for our customers, and the community at large, to use in order to minimize the potential impact of the theft of these tools.

    We have seen no evidence to date that any attacker has used the stolen Red Team tools. We, as well as others in the security community, will continue to monitor for any such activity. At this time, we want to ensure that the entire security community is both aware and protected against the attempted use of these Red Team tools. Specifically, here is what we are doing:

    • We have prepared countermeasures that can detect or block the use of our stolen Red Team tools.
    • We have implemented countermeasures into our security products.
    • We are sharing these countermeasures with our colleagues in the security community so that they can update their security tools.
    • We are making the countermeasures publicly available on our GitHub.
    • We will continue to share and refine any additional mitigations for the Red Team tools as they become available, both publicly and directly with our security partners.

    Consistent with a nation-state cyber-espionage effort, the attacker primarily sought information related to certain government customers. While the attacker was able to access some of our internal systems, at this point in our investigation, we have seen no evidence that the attacker exfiltrated data from our primary systems that store customer information from our incident response or consulting engagements, or the metadata collected by our products in our dynamic threat intelligence systems. If we discover that customer information was taken, we will contact them directly.

    From the New York Times:

    The hack was the biggest known theft of cybersecurity tools since those of the National Security Agency were purloined in 2016 by a still-unidentified group that calls itself the ShadowBrokers. That group dumped the N.S.A.’s hacking tools online over several months, handing nation-states and hackers the “keys to the digital kingdom,” as one former N.S.A. operator put it. North Korea and Russia ultimately used the N.S.A.’s stolen weaponry in destructive attacks on government agencies, hospitals and the world’s biggest conglomerates ­- at a cost of more than $10 billion.

    The N.S.A.’s tools were most likely more useful than FireEye’s since the U.S. government builds purpose-made digital weapons. FireEye’s Red Team tools are essentially built from malware that the company has seen used in a wide range of attacks.

    Russia is presumed to be the attacker.

    Reuters article. Boing Boing post. Slashdot thread.

    #COVID1984 Global News Government Health Intelwars Politics Russia Society Vladimir Putin

    Putin Orders Mass Covid Vaccinations To Begin Next Week In Russia

    Just another Freemason & Illuminati puppet, as I’ve been telling you for a looong time… Putin Orders Mass Covid Vaccinations To Begin Next Week In Russia "I’d ask you to organize the work in a way that would allow the start of large-scale vaccination by the end of next week." — Infinite Unknown (@SecretNews) December … Read more

    EU Europe Intelwars Russia US

    US Walks Away From Another Treaty, Closer to Confrontation with Russia

    November 25, 2020 (Gunnar Ulson – NEO) – The US has signaled a desire to withdraw from yet another agreement created specifically to reduce the likelihood of a military confrontation between the US and NATO versus Russia. 

    The US State Department’s own Voice of America in an article titled, “US Officially Withdraws from Open Skies Agreement,” would report: 

    The United States formally withdrew on Sunday from the Open Skies Treaty, an 18-year-old arms control and verification agreement that Washington repeatedly accused Moscow of violating.

    The withdrawal is the latest blow to the system of international arms control that U.S. President Donald Trump has repeatedly scorned, complaining that Washington was being either deceived or unfairly restrained in its military capabilities.

    Even the VOA article admits there is no evidence regarding US accusations that Russia has violated the agreement.

    The Open Skies Treaty put into effect in 2002 made provisions for short-notice unarmed observation flights by both sides over each other’s territory to help assure both sides that neither was secretly preparing forces for attack or amassing troops in sensitive areas. 

    For Russia, this would mean amassing troops within its own territory but close to its borders with Western Europe. 

    For the US, this would mean amassing troops thousands of miles from its own shores in European nations hosting them which now includes nations directly on Russia’s borders, circumstances already decidedly in favor of potential American, not Russian aggression. 

    Despite the treaty ultimately being designed to ensure European security from a potential Russian attack, European allies of Washington including Germany have reacted negatively to Washington’s withdrawal from it. 

    Germany’s Deutsche Welle (DW) in an article titled, “US officially withdraws from Open Skies transparency pact,” would note: 

    German Foreign Minister Heiko Maas said Germany regrets the US decision and that Berlin still regarded the agreement as “an important part of the arms control architecture that contributes to mutual trust and thus security in the northern hemisphere.”

    Thus, one of the key nations the treaty is designed primarily to protect still stands by it, regretting Washington’s decision to withdraw from it and even indirectly suggesting that Washington’s actions threaten trust and security in the northern hemisphere. 

    Washington’s withdrawal from Open Skies comes after a series of other arms control and security agreements between the US, NATO and Russia have been abandoned by the US. 

    This includes Intermediate-Range Nuclear Forces (INF) Treaty, abandoned by the US under similarly dubious circumstances. 

    As a result the US began arming European allies with missile systems previously prohibited under the treaty reaping billions in profits for US defense contractors and US-based arms manufacturer Lockheed Martin in particular. 

    Growing military confrontation and the threat of potential war as the US continues withdrawing from additional agreements and treaties is creating a deteriorating security environment that  favors one of America’s remaining profitable export sectors, arms manufacturing. 

    It also allows the US to continue its military encirclement of not only Russia, but also China under similarly dubious claims of the threats Washington claims both nations represent to a world where the US itself is undermining security treaties designed specifically to maintain peace and stability. 

    In a much wider arc, it is the shift of economic power from West to East that has prompted increasingly aggressive moves by the US to reassert itself globally. 

    However, nothing about Washington’s increasingly aggressive posture seems likely to correct the economic fundamentals driving America’s decline as a global power and until such fundamentals are seriously addressed back home in America, its decline abroad will likely continue. 

    For Russia and China who both face growing US aggression along their borders, the need to work together as well as cultivate better ties with neighboring nations like Germany in Russia’s case or Southeast Asia in China’s case is growing in importance and already paying dividends in blunting US “containment” measures. 

    It is entirely ironic that as the US accuses its adversaries of posing a danger to global peace and security, it is the US’ own actions that are in fact endangering both. The US’ abandoning of key treaties meant to ensure trust and security across Eurasia opens the door for new treaties agreed upon between Russia, China and the other nations of Eurasia, excluding America, and thus isolating America geopolitically to North America where some might say American power should ultimately and solely reside. 

    Ulson Gunnar, a New York-based geopolitical analyst and writer especially for the online magazine “New Eastern Outlook”.