Things are getting hot ? Russia ‘prepared the battlefield’ for US a long time ago, officials say

As raucous pro and anti-Trump crowds poured into Washington for the presidential inauguration in January 2017, DC Police Department city surveillance cameras stopped recording. Within seconds, 123 of its 178 surveillance cameras, including those monitoring the streets around the White House and the headquarters of several federal agencies, had been “accessed and compromised”.

The lack of intelligence lasted three days, from January 12 to January 15. In the wake of Russia’s covert intrusions into the 2016 campaign, officials initially feared Vladimir Putin – or other bad actors, from China, Iran or North Korea. – had dramatically upped their game to create more chaos in American society and its politics.

In the end, it was none of them. A couple of low-level Romanian hackers had stumbled upon the system and used it in a ransomware demand for a paltry $60,800 in bitcoins in exchange for releasing control of the system. The suspects were found 11 months later and extradited to DC, where they pleaded guilty.

The incident further chills veteran agents who have spent decades worrying about such things. It could happen again, in spades, if the Ukraine crisis escalates into direct military competition between Russia and the United States, intelligence veterans say.

Decades ago, defectors from Russia’s GRU military intelligence agency said its operatives had planted weapons caches in the US and Europe for sabotage attacks should war break out . One said it was “likely” that GRU agents had placed “poison stockpiles near tributaries of major US reservoirs,” including the Potomac River that supplies Washington, DC with drinking water.

Defectors have corroborated the accounts of others, but it is unclear whether any caches here have ever been discovered. Swiss authorities reported finding a cache with an explosive mechanism to destroy evidence if an unauthorized person tried to dig it up.

But the blinding of DC surveillance cameras in January 2017 “underscores the fact that police, fire, emergency medical services, cities and municipalities are as vulnerable as private sector entities to cyberattacks.” says Ammar Y. Barghouty, a highly decorated retired FBI agent who ran a program responsible for computer threats from terrorist organizations. Like many homeland security officials over the past quarter-century, Barghouty, now director of cyber consulting for The Soufan Group, said key infrastructure organizations “should implement best practices” to defend against cyberattacks.

Yes, but it’s late, says Bill Evanina, a career FBI special agent who became director of domestic counterintelligence in the Obama administration. Utilities and financial networks began to ‘raise their drawbridges’ as the Ukraine crisis deepened, he and others said, but the Russians had ‘prepared the battlefield for many years already’ , he says. SpyTalk.

“They’ve been planting malware in critical infrastructure for over a decade,” said Evanina, who also led the CIA’s counterintelligence group.

As Putin threatens war over Western sanctions and possible transfer of Polish warplanes to Ukraine, Evanina says his ‘biggest concern is the use of intelligence agents here to do damage nearby’ . By that he means Russian agents sliding into targets with electronic devices to hack or disconnect their operating systems — or more, physically cutting their cables and peppering his fire control offices with expert snipers.

It happened in April 2013 at the Silicon Valley-adjacent Metcalf Power Plant, an incident that 60 minutes revisited February 27. Investigators found the unidentified perpetrators ‘fired 100 shotgun shells into 17 transformers, crippling the substation for a month and causing $15 million in damage,’ the NBC Bay Area affiliate reported. in 2015. “The attack lasted just 19 minutes but sparked widespread concern that it was either an act of terrorism or a trial for an even larger assault on the national power grid ” Subsequent investigations showed that the shots were fired and the cables cut with unusually high precision. Few physical security upgrades were made at power plants across the country in the wake of the attack. , 60 minutes found.

It was not Middle Eastern terrorists who attacked Metcalf, US intelligence agencies have concluded. The Obama administration has refrained from publicly blaming Moscow, but officials told a closed-door congressional committee that only three actors were capable of carrying out such a sophisticated operation: the United States, Israel and Russia – and it wasn’t Israel. The Russians have been suspected of carrying out more anomalous attacks on US power plants in recent years.

Meanwhile, in 2020, SVR, Russia’s foreign intelligence agency, was singled out in the hack of IT management company SolarWinds, which “may have exposed the networks of more than 18,000 companies and government agencies”. [and] inserted malware into an update to Orion, the company’s software platform that monitors network traffic,” a Columbia University panel said. Then, six months later, the Russians launched a massive ransomware attack on Colonial Pipeline, which controls about half of the fuel flowing to the US East Coast, Moscow blamed Russian “criminals” for being responsible for the attack.

Like Evanina, retired senior CIA official Gregory Sims sees it all as Russia prepares the battlefield for war.

“Russian doctrine clearly suggests that these vulnerabilities are being exploited not only to gather intelligence, but also to recognize critical US networks in order to lay the groundwork to disrupt or destroy them,” Sims wrote in January.

America’s national security leaders, he said, would be well advised to expect the unexpected, a shock on the order of Japan’s sneak attack on Pearl Harbor or Al’s audacious plot. -Qaeda on 9/11.

“By the summer of 1941, American officials knew that war with Japan was a real possibility, especially after they imposed an oil embargo in response to Japanese military actions in French Indochina, a crippling blow given that Japan was then importing 80 % of its oil from the United States,” Sims wrote for The brief cipher, a website populated by retired intelligence officers. “What was surprising was not that Japan attacked in December 1941, but that it dared to attack the American Pacific Fleet in its home port of Pearl Harbor.”

“Sixty years later, in the summer of 2001,” Sims added, “the warning signs of another enemy, this time Al-Qaeda, were also ‘flashing red.’ The policy makers repeatedly received indications that al-Qaeda was planning a spectacular attack. Yet again, the failure was not to anticipate an attack, but to fail to imagine its breathtaking audacity.”

Now the lights are “flashing red” in the cyber realm, but Sims says officials should broaden their focus.

Going deep

“It is worth reflecting, for example, on the fact that Russia has developed, at great expense, a sophisticated capability using exotic and highly specialized nuclear submarines and ships to attack the vast network of undersea cables that carries 97% of the world’s communications traffic, including the equivalent of $10 trillion in financial transactions per day,” wrote Sims, who toured several times as station chief or deputy chief of the CIA before retire at the end of 2018.

“A large-scale, coordinated attack on this network would have the potential to wreak enormous economic, political and social havoc on both sides of the Atlantic,” Sims added. “According to Putin’s calculations, couldn’t this be an appropriate response to a Russian ejection from SWIFT or other sanctions designed to cripple the Russian economy?”

Anything is possible, say other intelligence veterans, given Putin’s excited state of mind, but the recent history of the Kremlin’s covert activities suggests its attacks will remain in cyberspace, its ‘centre of gravity’ , as former DHS intelligence chief Brian Murphy puts it. . Cyber ​​saboteurs could blow up gas pipelines or open the floodgates of a massive dam.

As for the arms caches, Murphy said SpyTalk in an interview, “We heard things from time to time…from sources who heard something, from sources with less than credible access. I never heard anything come out of it.” Again, he says, “it wouldn’t surprise me” because Iranian operatives here had in the past been caught extracting ammonium nitrate and other chemicals from cold packs to make bombs. Ten years ago, the FBI and DHS issued an alert to local law enforcement to be on the lookout for suspicious cold pack accumulations. You would expect the Russians to be more sophisticated than that.

GRU defectors who told their stories of sabotage years ago corroborated the accounts of others, but it’s unclear if any caches here were ever discovered. Swiss authorities reported finding a cache with an explosive mechanism to destroy evidence if an unauthorized person tried to dig it up. But, as Evanina said SpyTalksimply disabling half a dozen major transportation hubs, like airports, via mobile cyber devices could create chaos across the country.

“As you know, we panic like no one else in America, don’t we?” he said. “So my biggest concern is the use of intelligence operatives here to do harm in close quarters.”

The United States recently fired 13 Russian diplomats suspected of espionage activities, with the last expulsions dating back to the Obama administration.

Alas, it’s not just the Russians that the authorities have to worry about. Just two weeks ago, three white supremacists pleaded guilty to conspiring to dismantle power grids in three different regions to hasten “economic distress and civil unrest”.

But the main worry right now is Russia’s intelligence agencies, because of their proven expertise, sophistication, and long history of assaulting US institutions, from infrastructure to elections.

“I think Putin is ready to do whatever it takes,” said Gregory Sims SpyTalk.

“His mindset should be about the world.”

This article by Jeff Stein first appeared on Spytalk.co.

Show full article

© Copyright 2022 SpyTalk. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Comments are closed.