Spitfire List Web site and blog of anti-fascist researcher and radio personality Dave Emory.

For The Record  

FTR #967 Update on Ukrainian Fascism, the “Russia-Gate” Psy-Op and the Possibility of a Third World War

WFMU-FM is podcasting For The Record–You can subscribe to the podcast HERE.

You can subscribe to e-mail alerts from Spitfirelist.com HERE.

You can subscribe to RSS feed from Spitfirelist.com HERE.

You can subscribe to the comments made on programs and posts–an excellent source of information in, and of, itself HERE.

This broadcast was recorded in one, 60-minute segment.

Andrew Auerenheimer: Guest at Glenn Greenwald's party; apparent resident of Ukraine; friend of the "Atomwaffen."

Andrew Auerenheimer: Guest at Glenn Greenwald’s party; apparent resident of Ukraine; friend of the “Atomwaffen.”

Serpent's Walk: Forecasts a Nazi takeover of U.S. in mid-twenty-first century, after WMD terror, blamed on Russia, devastates U.S..

Serpent’s Walk: Forecasts a Nazi takeover of U.S. in mid-twenty-first century, after WMD terror, blamed on Russia, devastates U.S.

Introduction: This program affords a vista on several critical political and national security landscapes, including the use of nuclear power plants as an economic weapon and sabotaged via physical interdiction or cyber-interference.

After examining a supposed “Russian-meddling” incident which was actually an anti-Russian incident to use Ukrainian nuclear power plants to supersede the old Soviet power grid in former republics of the U.S.S.R., we note the continued dominance of the Ukrainian political landscape by virulent fascists evolved from the World War II era OUN/B.

We conclude with a terrifying look at the possibility that the sabotaging/hacking of nuclear power plants could lead to a Third World War.

With the media and political establishments turning handsprings over “Russia-gate,” we examine in detail one of the incidents prominent in the presentation of the supposition that “our democracy” was manipulated by the Russians.

In late January, Trump point man for “matters Russian”–CIA/FBI operative Felix Sater, a long-time associate of his and Trump’s lawyer Michael Cohen and a Ukrainian parliamentarian named Andrii Artemenko were proposing a cease-fire/peace plan for Ukraine. This has been spun by our media as constituting yet another of the “Russia controls Trump” manifestations.

The facts, however, reveal that this was not a “pro-Russian” gambit but an ANTI-Russian gambit! In addition to the CIA/FBI affiliation of Sater, it should be noted that Artemenko was part of the Pravy Sektor milieu in Ukraine, one of the most virulent of the OUN/B successor organizations in power in that benighted nation.

Sater, Artemenko and others were working on a plan to rehabilitate Ukrainian nuclear power plants in order to generate electricity for Ukraine and the Baltic states, freeing those former Soviet republics from their old Soviet electrical power grids. The aging Soviet grids are a remaining element for potential Russian influence in these areas.

Andrii Artemenko:

  1. ” . . . is a populist politician with ties to the far-right Ukrainian military-political group “Right Sector” and a member of the pro-Western opposition parliamentary coalition led by former Prime Minister Yulia Tymoshenko’s party. . . . Artemenko, who is a staunch ally of Valentyn Nalyvaichenko, a former head of Ukraine’s security service with lofty political ambitions, has aligned himself with other West-leaning populists like Tymoshenko. . . .”
  2. ” . . . . has a wife who is a model, he served 2.5 years in prison without a trial, he has business in U.S and he is involved in the military trade to the war zones in the Middle East. At home, he has close ties with the ultra-nationalistic Right Sector. . . .”
  3. ” . . . according to his previous e-declaration in 2015, Artemenko has a wife, model Oksana Kuchma and four children, including two with U.S. citizenship — Edward Daniel, Amber Katherine. . . .”
  4. ” . . . . founded several companies that provided military logistics services into the conflict zones and traveled to Saudi Arabia, Syria, and Qatar for business trips. . . .”
  5. ” . . . . is the deputy head of the European Integration Committee and responsible for diplomatic connections with Saudi Arabia, Qatar, United States, Kuwait, Lithuania and Belarus. . . .”
  6. ” . . . .  joined the Right Sector political party and was rumored to be one of the sponsors of its leader, Dmytro Yarosh, during his presidential election campaign in 2014. There is even a photo of Artemenko, seating among the Right Sector Party founders at the first party meeting in March 2014. Right Sector spokesperson Artem Skoropadsky told the Kyiv Post on Feb. 20 that he couldn’t confirm or deny whether Artemenko financed the Right Sector Party. . . .”

Anything but a “pro-Russian” agent. Again, he was working with Trump point man for matters Russian Felix Sater on this deal to provide nuclear-generated electricity to some former Soviet republics. Again, an anti-Russian plot, NOT a pro-Russian plot!

Next, we note that June 30th has been established as a commemorative celebration in Lvov [Lviv]. It was on June 30, 1941, when the OUN-B announced an independent Ukrainian state in the city of Lviv. That same day marked the start of the Lviv Pograms that led to the death of thousands of Jews.

The holiday celebrates Roman Shukhevych, commander of the Nachtigall Battalion that carried out the mass killings. The city of Lviv is starting “Shukhevychfest” to be held in Lviv on June 30th, commemorating the pogrom. Shukhevych’s birthday. Shukhevych was named a “Hero of the Ukraine” by Viktor Yuschenko.

In past posts and programs, we have discussed Volodomir Vyatrovich, head of the Orwellian Institute of National Remembrance. He defended Shukhevych and the public displaying of the symbol of the Galician Division (14th Waffen SS Division.)

Returning to Sater collaborator Andrii Artemenko, we note that he is part of push by Pravy Sektor and other OUN/B successor organizations in Ukraine to oust Poroshenko.

A major, terrifying part of the program focuses on nuclear power plants, the physical and/or cyber sabotaging of those plants and the possibility that this could lead to a Third World War. Against the background of the drumbeat of anti-Russian propaganda to which we are being subjected, the charge that “Russian hackers” attempted to gain access to U.S. nuclear power plants using a spearfishing attack is to be viewed with alarm.

“. . . . The Washington Post reported Saturday that U.S. government officials have already pinned the recent nuclear cyber intrusions on Russia. . . . Analysts remain quick to tamp down assertions that Russia’s fingerprint on the latest attack is a sure thing. . . . Still, it’s a pretty alarming situation regardless of who was behind it, in part because it’s an example of how potentially vulnerable things like nuclear plants are to any hacker, state-backed or not: . . . . Still, the source said a well-resourced attacker could try sneaking in thumb drives, planting an insider or even landing a drone equipped with wireless attack technology into a nuclear generation site. Reports indicate that the infamous Stuxnet worm, which damaged Iranian nuclear centrifuges in the late 2000s, probably snuck in on removable media. Once inside the “air gapped” target network, Stuxnet relied on its own hard-coded instructions, rather than any remote commands sent in through the internet, to cause costly and sensitive nuclear equipment to spin out of control. . . .”

The above-excerpted story should be viewed against the background of a frightening development in Florida. Devon Arthurs – a neo-Nazi-turned-Muslim–murdered two of his neo-Nazi roommates back in May. National Guard soldier Brandon Russell – Arthurs’s surviving third roommate, was found with bomb-making materials, radioactive substances and a framed picture of Timothy McVeigh after police searched their residence.

Russell:

  1. Planned to sabotage a nuclear power plant. ” . . . . He said Russell studied how to build nuclear weapons in school and is ‘somebody that literally has knowledge of how to build a nuclear bomb.’ . . . He also said they had a plan to fire mortars loaded with nuclear material into the cooling units of a nuclear power plant near Miami. He said the damage would cause ‘a massive reactor failure’ and spread ‘irradiated water’ throughout the ocean. . . .”
  2. Belonged to a Nazi group called “Atomwaffen.” ” . . . The FBI said Russell “admitted to his neo-Nazi beliefs” and said he was a member of a group called Atomwaffen, which is German for ‘atomic weapon.’ . . .”
  3. Was in the National Guard. Recall that, in the Nazi tract Serpent’s Walk, the Underground Reich gains control of the opinion-forming media, infiltrates the U.S. military and takes over the country after it is devastated by a series of terrorist incidents involving Russian WMDs. The stage is set for a Nazi flase flag operation that could be blamed on Russia.

Russell, and the rest of Atomwaffen, received a wringing endorsement from brilliant Nazi hacker Andrew Auerenheimer.  Auernheimer is a skilled hacker who may very well have the ability to trigger a nuclear melt down someday.  Writing of the murder of Russell’s roommates Auernheimer, the two killed roommates were “friends of friends” and the “Atomwaffen are a bunch of good dudes. They’ve posted tons of fliers with absolutely killer graphics at tons of universities over the years. They generally have a lot of fun and party.”

The point, here, is that Auerenheimer is part of the Nazi milieu that was looking to sabotage a nuclear power plant. With our media hyping “Russian hacking,” including the supposed attempt to hack U.S. nuclear power plants, the propaganda stage is set for someone with Auerenheimer’s formidable computer skills to sabotage a nuke plant, thereby [very possibly] starting World War III.

This post concludes with a detailed article referred to briefly at the end of the broadcast. It delves into the technically complicated discussion about the high-profile hacks.

Against the background of the reports of Russian hacking of U.S. nuclear power plants, the “Atomwaffen” link to Ukraine-based Andrew Auerenheimer, writer Jeffrey Carr’s reflections are to be weighed very seriously:

” . . . . Here’s my nightmare. Every time a claim of attribution is made—right or wrong—it becomes part of a permanent record; an un-verifiable provenance that is built upon by the next security researcher or startup who wants to grab a headline, and by the one after him, and the one after her. The most sensational of those claims are almost assured of international media attention, and if they align with U.S. policy interests, they rapidly move from unverified theory to fact.

Because each headline is informed by a report, and because indicators of compromise and other technical details are shared between vendors worldwide, any State or non-State actor in the world will soon have the ability to imitate an APT group with State attribution, launch an attack against another State, and generate sufficient harmful effects to trigger an international incident. All because some commercial cybersecurity companies are compelled to chase headlines with sensational claims of attribution that cannot be verified. . . .”

Program Highlights Include: The CIA/State Department background of Kurt Volker (nice Anglo-Saxon name, that), Trump’s envoy to Ukraine and an advocate of selling weaponry to that benighted state; Andrii Artemenko and Felix Sater’s would-be associate in the Ukrainian nuclear power plant scheme, Robert Armao; Armao’s links to Nelson Rockefeller, Marc Rich and Francesco Pazienza (a figure in the investigations into P-2, the shooting of Pope John Paul I and the collapse of the Banco Ambrosiano); Review of James Comey’s role in investigating Bill Clinton’s pardon of Marc Rich; review of the revival of the FBI’s Twitter account and its dissemination of Marc Rich material on the eve of the election; review of Felix Sater’s CIA/FBI background; Auerenheimer’s obsession with Timothy McVeigh; Brandon Russell’s fascination with Timothy McVeigh.

1a. By way of review, we remind listeners that the point man for the Trump business interests in their dealings with Russia is Felix Sater. A Russian-born immigrant, Sater is a professional criminal and a convicted felon with historical links to the Mafia. Beyond that, and more importantly, Sater is an FBI informant and a CIA contract agent. ” . . . . He [Sater] also provided other purported national security services for a reported fee of $300,000. Stories abound as to what else Sater may or may not have done in the arena of national security. . . .” We wonder if helping the “Russia-Gate” op may have been one of those. 

  • The Making of Donald Trump by David Cay Johnston; Melville House [HC]; copyright 2016 by David Cay Johnston; ISBN 978-1-61219-632-9. p. 165.
    . . . . There is every indication that the extraordinarily lenient treatment resulted from Sater playing a get-out-of-jail free card. Shortly before his secret guilty plea, Sater became a freelance operative of the Central Intelligence Agency. One of his fellow stock swindlers, Salvatore Lauria, wrote a book about it. “The Scorpion and the Frog” is described on its cover as ‘the true story of one man’s fraudulent rise and fall in the Wall Street of the nineties.’ According to Lauria–and the court files that have been unsealed–Sater helped the CIA buy small missiles before they got to terrorists. He also provided other purported national security services for a reported fee of $300,000. Stories abound as to what else Sater may or may not have done in the arena of national security. . . .
  • Sater was active on behalf of the Trumps in the fall of 2015“. . . . Sater worked on a plan for a Trump Tower in Moscow as recently as the fall of 2015, but he said that had come to a halt because of Trump’s presidential campaign. . . .”
  • Indicative of the significance of Sater to the U.S. intelligence and national security establishment is a statement by Attorney General nominee Loretta Lynch during her confirmation hearing: “. . . . In late March, then-FBI director James Comey was asked about Sater’s relationship with the FBI when he appeared before the House Intelligence Committee. Comey declined to comment, presumably because Sater spent a decade as a secret government cooperator for both the FBI and at times, the CIA. But in 2015, during her confirmation hearing for the post of U.S. Attorney General, Loretta Lynch offered a teaser. In response to a written question about Sater by Senator Orrin Hatch, she stated that his [decade-long] assistance as a federal cooperator was ‘crucial to national security.’ [We wonder if this might have had anything to do with Lynch’s now infamous meeting with Bill Clinton at an airport–D.E.] . . . .”
  • Sater was initiating contact between the Russians and “Team Trump” in January of this year, a gambit that will be analyzed at length and detail in this program. As we shall see, the political valence of this event are at fundamental variance with the “Russia-Gate” psy-op: “ . . . . Nevertheless, in late January, Sater and a Ukrainian lawmaker reportedly met with Trump’s personal lawyer, Michael Cohen, at a New York hotel. According to the Times, they discussed a plan that involved the U.S. lifting sanctions against Russia, and Cohen said he hand-delivered the plan in a sealed envelope to then-national security advisor Michael Flynn. . . .”

1b. Fundamental to our understanding of the “peace plan” and alleged “Russian conspiracy” is Sater and Cohen’s collaborator, Ukrainian politician Andrii Artemenko.

“Trump’s Conduits For Capital From The Former Soviet Bloc Are Actually Old Pals” by Sam Thielman; Talking Points Memo; 07/25/2017

. . . . Sater told TPM he called the now-notorious meeting with Cohen and Ukrainian politician Andrii Artemenko in February to discuss the future of Ukraine. . . .

2a. Far from being a Russian “agent of influence,” Artemenko is a long standing member of Pravy Sektor and the Radical Party. As we will see below, he may have been a primary financial backer of this OUN/B successor organization. In addition to the anti-Russian conspiracy to which Sater, Cohen and Artemenko were party, the latter appears to have been part of a Ukrainian fascist consortium that, as we shall see below, are moving in the direction of ousting Petro Poroshenko. “. . . . Tall and brawny, Artemenko is a populist politician with ties to the far-right Ukrainian military-political group “Right Sector” and a member of the pro-Western opposition parliamentary coalition led by former Prime Minister Yulia Tymoshenko’s party. . . . Artemenko, who is a staunch ally of Valentyn Nalyvaichenko, a former head of Ukraine’s security service with lofty political ambitions, has aligned himself with other West-leaning populists like Tymoshenko. . . .

“Ukraine’s Back-Channel Diplomat Still Shopping Peace Plan to Trump” by Reid Standish; Foreign Policy; 04/18/2017

On Feb. 19, the right-wing Ukrainian member of parliament was sucked into the scandal surrounding President Donald Trump and his alleged ties to Russia when the New York Times reported that Artemenko had served as a back channel between Moscow and Trump associates.

In the aftermath of the report, Artemenko was forced out of his political faction in Ukraine, the far-right Radical Party . . . .

. . . . Tall and brawny, Artemenko is a populist politician with ties to the far-right Ukrainian military-political group “Right Sector” and a member of the pro-Western opposition parliamentary coalition led by former Prime Minister Yulia Tymoshenko’s party. . . .

. . . . Artemenko, who is a staunch ally of Valentyn Nalyvaichenko, a former head of Ukraine’s security service with lofty political ambitions, has aligned himself with other West-leaning populists like Tymoshenko. . . .

. . . . Artemenko insists that his intentions in pushing a peace plan for Ukraine are in the country’s best interests. But political observers see his freelance diplomacy as part of a rising groundswell in Kiev against Poroshenko by opposition forces ahead of parliamentary and presidential elections scheduled for 2019.

“Alliances are shifting in Ukraine right now against Poroshenko,” said Balazs Jarabik, a nonresident scholar at the Carnegie Endowment for International Peace. “All this diplomatic maneuvering in Washington needs to be viewed through this lens.”

Artemenko has emerged as a vocal critic of Poroshenko and says he has evidence showing corruption by the Ukrainian president. . . .

2b. Note the date of this Kiev Post article: February 20, 2017, which is one day after this ‘peace plan’ was initially reported in the New York Times. Andrii Artemko:

  • ” . . . . has a wife who is a model, he served 2.5 years in prison without a trial, he has business in U.S and he is involved in the military trade to the war zones in the Middle East. At home, he has close ties with the ultra-nationalistic Right Sector. . . .”
  • ” . . . according to his previous e-declaration in 2015, Artemenko has a wife, model Oksana Kuchma and four children, including two with U.S. citizenship — Edward Daniel, Amber Katherine. . . .”
  • ” . . . . founded several companies that provided military logistics services into the conflict zones and traveled to Saudi Arabia, Syria, and Qatar for business trips. . . .”
  • ” . . . . is the deputy head of the European Integration Committee and responsible for diplomatic connections with Saudi Arabia, Qatar, United States, Kuwait, Lithuania and Belarus. . . .”
  • ” . . . .  joined the Right Sector political party and was rumored to be one of the sponsors of its leader, Dmytro Yarosh, during his presidential election campaign in 2014. There is even a photo of Artemenko, seating among the Right Sector Party founders at the first party meeting in March 2014. Right Sector spokesperson Artem Skoropadsky told the Kyiv Post on Feb. 20 that he couldn’t confirm or deny whether Artemenko financed the Right Sector Party. . . .”

“Andrey Artemenko: Who Is this Ukrainian Member of Parliament with the Peace Plan?” by Veronika Melkozerova; Kyiv Post; 02/20/2017.

Now ex-Radical Party member of parliament Andrey Artemenko came under criticism from all sides after the New York Times revealed on Feb. 19 that he was trying to broker his own peace plan to end Russia’s war against Ukraine.

The plan was distinctly pro-Russian, but even the Russians rejected it and his freelance, amateurish diplomacy got him kicked out of his own party, although he remains a member of parliament.

His ideas included leasing Crimea to Russia for 50 years and the lifting of economic sanctions against Russia by U.S. President Donald J. Trump.

Dmitry Peskov, Vladimir Putin’s press secretary, denied prior knowledge of the sealed plan, which includes a suggestion that Ukraine lease Crimea to Russia, which annexed the region in 2014, the Telegraph in London quoted him as saying. “There’s nothing to talk about. How can Russia rent its own region from itself?” Peskov said.

Artemenko described himself to the New York Times as a Trump-style politician.

The 48-year-old lawmaker’s biography is colorful and controversial: He has a wife who is a model, he served 2.5 years in prison without a trial, he has business in U.S and he is involved in the military trade to the war zones in the Middle East. At home, he has close ties with the ultra-nationalistic Right Sector.

“I demand Andrey Artemenko discard as a lawmaker. He has no rights to represent our faction and party. Our position is unchangeable – Russia is the aggressor and must get away from Ukrainian territories,” Oleh Lyashko, Radical Party leader said to the journalist in Verkhovna Rada on Feb. 20.

“Nobody in Radical Party trades Ukraine,” Lyashko said. “To lease Crimea to Russia is the same as to give your own mother for rent to the traveling circus.”

Artemenko told the New York Times that many people would criticize him as a Russian or American C.I.A. agent for his plan, but peace is what he’s after.

“But how can you find a good solution between our countries if we do not talk?” Artemenko said.

Before the New York Times story, Artemenko wasn’t famous. He may see himself as the next president of Ukraine, but others saw him as just another gray cardinal.

Family, business in U.S.

Artemenko hasn’t filed electronic declaration for 2016.

However, according to his previous e-declaration in 2015, Artemenko has a wife, model Oksana Kuchma and four children, including two with U.S. citizenship — Edward Daniel, Amber Katherine. The children from the first marriage, Vitaly and Kristina Artemenko (Kraskovski), have Ukrainian citizenship but live in Ontario, Canada with their mother’s husband. In 2014 Artemenko’s elder daughter Kristina gave birth to Artemenko’s grandson.

Artemenko owns land plots of 14,000 square meters and 5,000 square meters in Vyshenki village of Kyiv Oblast.

And his wife Oksana Kuchma is not only a model but a businesswoman. [Kind of According to Artemenko’s e-declaration, Kuchma has a land plot of 3,000 square meters and a house in Gnidyn village of Kyiv Oblast, an 850 square meter apartment in Lviv Oblast’s Zhovkva and also a 127-square meter apartment in Kyiv under construction.

Artemenko also owns three luxury watches: De Grisogono (Hr 127,500), De Grisogono –Geneve (Hr 123,450), Franck Muller (Hr 118,950) and several luxury cars.

Kuchma owns a company OKSY GLOBAL LLC, registered in the U.S. and also the private avian-transportation company, the Aviation Company Special Avia Alliance registered in Kyiv at the same address as the company Global Business Group GMBh, Artemenko used to work as a deputy director before he came to Rada after the parliament elections in 2014.

According to the Ministry of Justice registry, the Global Business Group GMBh provides the variety of services: vehicles trade, various goods trade, restaurants business and business consulting.

The shareholder of the Global Business Group GMBh is also a U.S. based company Global Assets Inc., registered in Miami, Florida.

Start from Kyiv

Artemenko came into politics after business and jail. According to the biography on his official website, in the early 1990s he founded a law firm that advocated the interests of professional athletes and then he became a president of CSK Kyiv soccer club. In 1998-2000, he was the adviser of than Kyiv Mayor Oleksandr Omelchenko, a member and one of the founders of his party Unity.

In 2002, Artemenko was arrested by the Prosecutor’s General Office of Ukraine on accusations of money laundering and kept in pre-trial detention for more than two years. However, he successfully challenged his imprisonment as illegal and groundless. He said prosecutors were persecuting him in hopes of getting Omelchenko, who was also suspected of money laundering.

In 2004, Artemenko released from pre-trial detention center Lukyanivske on bail of Mikhail Dobkin, a Party of Regions lawmaker.

But in 2006 he became the head of the Kyiv department of Batkivshchyna Party, led by now ex-Prime Minister Yulia Tymoshenko.

In 2007-2013 Artemenko founded several companies that provided military logistics services into the conflict zones and traveled to Saudi Arabia, Syria, and Qatar for business trips.

Since 2013 he has his own charity foundation that helps internally displaced persons from the war-torn Donbas.

True patriot?

Artemenko came to the Verkhovna Rada in 2014 as a Radical Party lawmaker (16th on the party’s list). According to the parliament’s website, Artemenko is the deputy head of the European Integration Committee and responsible for diplomatic connections with Saudi Arabia, Qatar, United States, Kuwait, Lithuania and Belarus.

The lawmaker took an active part in EuroMaidan Revolution in 2013-2014 that deposed President Viktor Yanukovych.

In 2014 he joined the Right Sector political party and was rumored to be one of the sponsors of its leader, Dmytro Yarosh, during his presidential election campaign in 2014.

There is even a photo of Artemenko, seating among the Right Sector Party founders at the first party meeting in March 2014.
Right Sector spokesperson Artem Skoropadsky told the Kyiv Post on Feb. 20 that he couldn’t confirm or deny whether Artemenko financed the Right Sector Party.

“I was never into all the ‘financial stuff,’ but I have no information about him giving the money. I remember all those guys like him (Artemenko) and (Borislav) Bereza just came to us after March 22. They weren’t Right Sector members during the Revolution of Dignity,” said Skoropadsky.

He said that after the end of EuroMaidan Revolution there was a “mess” in Right Sector. Dozens of people a day was coming to the activists only in Kyiv.

“The ones who could afford it gave us money, others help in different ways. But as soon as we started building the structure of the organization, the guys like Artemenko and Bereza went to the other parties, came in Rada or other government structures,” Skoropadsky recalled.

———-

3. Before updating the resuscitation and Orwellian rehabilitation of the OUN/B World War II-era fascists in Ukraine, we note Trump’s appointment as special envoy to Ukraine–Kurt Volker, whose CV includes stints with CIA and Department of State.

“Can Kurt Volker Solve the Ukraine Crisis?” by Curt Mills; The National Interest; 7/10/2017.

 . . . . “Although he may be seen as hawkish by the Russian side, he will certainly be taken seriously,” says Matthew Rojansky, director of the Kennan Institute at the Woodrow Wilson Center, of the new special representative for Ukraine negotiations, whose vaunted resume also includes stints at the National Security Council, CIA and Foreign Service. “Volker’s appointment will be welcomed by our European allies and by the Ukrainian government.”  . . .

4. June 30th has been established as a commemorative celebration in Lvov [Lviv]. It was on June 30, 1941, when the OUN-B announced an independent Ukrainian state in the city of Lviv. That same day marked the start of the Lviv Pograms that led to the death of thousands of Jews.

The holiday celebrates Roman Shukhevych, commander of the Nachtigall Battalion that carried out the mass killings. The city of Lviv is starting “Shukhevychfest” to be held in Lviv on June 30th, commemorating the pogrom. Shukhevych’s birthday. Shukhevych was named a “Hero of the Ukraine” by Viktor Yuschenko.

In past posts and programs, we have discussed Volodomir Vyatrovich, head of the Orwellian Institute of National Remembrance. He defended Shukhevych and the public displaying of the symbol of the Galician Division (14th Waffen SS Division.)

Lvov Pogrom, 1941--Einsatzgruppe Nachtigall youth in action.

Lvov Pogrom, 1941–Einsatzgruppe Nachtigall youth in action, 6/30/1941.

“Ukraine City to Hold Festival in Honor of Nazi Collaborator Whose Troops Killed Jews”; Jewish Telegraph Agency; 06/28/2017

The Ukrainian city of Lviv will hold a festival celebrating a Nazi collaborator on the anniversary of a major pogrom against the city’s Jews.

Shukhevychfest, an event named for Roman Shukhevych featuring music and theater shows, will be held Friday.

Eduard Dolinsky, the director of the Ukrainian Jewish Committee, in a statement called the event “disgraceful.”

On June 30, 1941, Ukrainian troops, including militiamen loyal to Shukhevych’s, began a series of pogroms against Jews, which they perpetrated under the auspices of the German army, according to Yale University history professor Timothy Snyder and other scholars. They murdered approximately 6,000 Jews in those pogroms.

The day of the festival is the 110th birthday of Shukhevych, a leader of the OUN-B nationalist group and later of the UPA insurgency militia, which collaborated with the Nazis against the Soviet Union before it turned against the Nazis.

Shukhevychfest is part of a series of gestures honoring nationalists in Ukraine following the 2014 revolution, in which nationalists played a leading role. They brought down the government of President Viktor Yanukovuch, whose critics said was a corrupt Russian stooge.

On June 13, a Kiev administrative court partially upheld a motion by parties opposed to the veneration of Shukhevych in the city and suspended the renaming of a street after Shukhevych. The city council approved the renaming earlier this month.

In a related debate, the director of Ukraine’s Institute of National Remembrance, Vladimir Vyatrovich,, who recently described Shukhevych as an “eminent personality,” last month defended the displaying in public of the symbol of the Galician SS division. Responsible for countless murders of Jews, Nazi Germany’s most elite unit was comprised of Ukrainian volunteers.

Displaying Nazi symbols is illegal in Ukraine but the Galician SS division’s symbol is “in accordance with the current legislation of Ukraine,” Vyatrovich said. . . .

5a. In other, previous discussions of the return of Ukrainian fascism, we noted that the Svoboda Party’s militia is called Combat 14, named after the “14 words” minted by David Lane, the American neo-Nazi who participated in the killing of Denver talk show host Allan Berg.

He passed away on June 30th, triggering numerous demonstrations, including several in Ukraine.

June 30th appears to be a particularly significant day for the OUN/B successors and Nazis who are in power in Ukraine.

Maidan demonstrators celebrating the Nachtigall Battalion (Einsatzgruppe Nachtigall) that liquidated Jews and Poles during World War II.

Maidan demonstrators celebrating the Nachtigall Battalion (Einsatzgruppe Nachtigall) that liquidated Jews and Poles during World War II.

Ukrainian Nazis honor David Lane's passing

Ukrainian Nazis honor David Lane’s passing

“Fascist Formations in Ukraine” by Peter Lee; CounterPunch; 3/15/2015.

The Guardian published an adulatory feature on “The Women Fighting on the Frontline in Ukraine”.

One of the women profiled was “Anaconda”, fighting in the Aidar Battalion bankrolled by Igor Kolomoisky:

Anaconda was given her nickname by a unit commander, in a joking reference to her stature and power. The baby-faced 19-year-old says that her mother is very worried about her and phones several times a day, sometimes even during combat. She says it is better to always answer, as her mother will not stop calling until she picks up.

“In the very beginning my mother kept saying that the war is not for girls,” Anaconda says. “But now she has to put up with my choice. My dad would have come to the front himself, but his health does not allow him to move. He is proud of me now.”

Anaconda was photographed in combat dress resolutely holding an assault rifle in front of a rather decrepit van.

The caption read:

“Anaconda says she is being treated well by the men in her battalion, but is hoping that the war will end soon.”

As reported by the gadfly site OffGuardian, several readers posted critical observations on the van’s insignia in the comments section of the piece. One, “bananasandsocks”, wrote: “We learn from Wikipedia that the image on the door is the “semi-official” insignia of the 36th Waffen Grenadier Division of the SS…” and also pointed out the neo-Nazi significance of the number “1488”.

“bananasandsocks” seemingly temperate comment was removed by the Guardian for violating its community standards, as were several others, apparently as examples of “persistent misrepresentation of the Guardian and our journalists”.

But then the Guardian thought better of it. While not reinstating the critical comments, it quietly deleted the original caption to the photo of Anaconda and replaced it with:

Anaconda alongside a van displaying the neo-Nazi symbol 1488. The volunteer brigade is known for its far-right links.

Problem solved? Maybe not. Maybe it’s more like “Problem dodged”. Specifically, the problem of the pervasive participation of “ultra-right” paramilitary elements in Kyiv military operations, which even intrudes upon the Guardian’s efforts to put a liberal-friendly feminist sheen on the debacle of the recent ATO in eastern Ukraine.

As to “1488”, I’ll reproduce the Wikipedia entry:

The Fourteen Words is a phrase used predominantly by white nationalists. It most commonly refers to a 14-word slogan: “We must secure the existence of our people and a future for White Children.” It can also refer to another 14-word slogan: “Because the beauty of the White Aryan woman must not perish from the earth.”

Both slogans were coined by David Lane, convicted terrorist and member of the white separatist organization The Order. The first slogan was inspired by a statement, 88 words in length, from Volume 1, Chapter 8 of Adolf Hitler’s Mein Kampf:

Neo-Nazis often combine the number 14 with 88, as in “14/88? or “1488”. The 8s stand for the eighth letter of the alphabet (H), with “HH” standing for “Heil Hitler”.

Lane died in prison in 2007 while serving a 190 year sentence for, among other things, the murder of Denver radio talk show host Alan Berg. David Lane has considerable stature within global white nationalist/neo-Nazi/fascist circles as one of the American Aryan movement’s premier badasses (in addition involvement in to the Berg murder—in which he denied involvement—and a string of bank robberies to finance the movement—also denied, Lane achieved a certain martyr’s stature for enduring almost two decades in Federal detention, frequently in the notorious Communications Management Units).

And David Lane was a big deal for the “ultra-right” & fascists in Ukraine, according to the Southern Poverty Law Center:

Lane’s death touched off paeans from racists around the country and abroad. June 30 was designated a “Global Day of Remembrance,” with demonstrations held in at least five U.S. cities as well as England, Germany, Russia and the Ukraine.

Judging by this video, the march/memorial on the first anniversary of his death, in 2008, organized by the Ukrainian National Socialist Party in Kyiv, was well enough attended to merit a police presence of several dozen officers.

5b. Former U.S. Agency for International Development (USAID) project officer Josh Cohen (involved in managing “economic reform projects” in the former Soviet Union) notes the growing threat of the far-right and neo-Nazis in Ukraine (it’s a little ironic). It highlights the threat that the institutionalized OUN/B successor groups pose to what democracy there is in Ukraine and makes the important point about dangers of these groups operating with impunity following one violent act after another. Cohen notes that the Interior Ministry is run by a guy who sponsors the Azov Battalion and his deputy minister is a neo-Nazi.

This is the context in which Artemenko was operating.

“Ukraine’s ultra-right militias are challenging the government to a showdown” by Joshua Cohen; The Washington Post; 06/15/2017

Josh Cohen is a former U.S. Agency for International Development project officer involved in managing economic reform projects in the former Soviet Union.

As Ukraine’s fight against Russian-supported separatists continues, Kiev faces another threat to its long-term sovereignty: powerful right-wing ultranationalist groups. These groups are not shy about using violence to achieve their goals, which are certainly at odds with the tolerant Western-oriented democracy Kiev ostensibly seeks to become.

The recent brutal stabbing of a left-wing anti-war activist named Stas Serhiyenko illustrates the threat posed by these extremists. Serhiyenko and his fellow activists believe the perpetrators belonged to the neo-Nazi group C14 (whose name comes from a 14-word phrase used by white supremacists). The attack took place on the anniversary of Hitler’s birthday, and C14’s leader published a statement that celebrated Serhiyenko’s stabbing immediately afterward.

The attack on Serhiyenko is just the tip of the iceberg. More recently C14 beat up a socialist politician while other ultranationalist thugs stormed the Lviv and Kiev City Councils. Far-right and neo-Nazi groups have also assaulted or disrupted art exhibitions, anti-fascist demonstrations, a “Ukrainians Choose Peace” event, LGBT events, a social center, media organizations, court proceedings and a Victory Day march celebrating the anniversary of the end of World War II.

According to a study from activist organization Institute Respublica, the problem is not only the frequency of far-right violence, but the fact that perpetrators enjoy widespread impunity. It’s not hard to understand why Kiev seems reluctant to confront these violent groups. For one thing, far-right paramilitary groups played an important role early in the war against Russian-supported separatists. Kiev also fears these violent groups could turn on the government itself — something they’ve done before and continue to threaten to do.

To be clear, Russian propaganda about Ukraine being overrun by Nazis or fascists is false. Far-right parties such as Svoboda or Right Sector draw little support from Ukrainians.

Even so, the threat cannot be dismissed out of hand. If authorities don’t end the far right’s impunity, it risks further emboldening them, argues Krasimir Yankov, a researcher with Amnesty International in Kiev. Indeed, the brazen willingness of Vita Zaverukha – a renowned neo-Nazi out on bail and under house arrest after killing two police officers — to post pictures of herself after storming a popular Kiev restaurant with 50 other nationalists demonstrates the far right’s confidence in their immunity from government prosecution.

It’s not too late for the government to take steps to reassert control over the rule of law. First, authorities should enact a “zero-tolerance” policy on far-right violence. President Petro Poroshenko should order key law enforcement agencies — the Interior Ministry, the National Police of Ukraine, the Security Service of Ukraine (SBU) and the Prosecutor Generals’ Office (PGO) — to make stopping far-right activity a top priority.

The legal basis for prosecuting extremist vigilantism certainly exists. The Criminal Code of Ukraine specifically outlaws violence against peaceful assemblies. The police need to start enforcing this law.

Most importantly, the government must also break any connections between law enforcement agencies and far-right organizations. The clearest example of this problem lies in the Ministry of Internal Affairs, which is headed by Arsen Avakov. Avakov has a long-standing relationship with the Azov Battalion, a paramilitary group that uses the SS symbol as its insignia and which, with several others, was integrated into the army or National Guard at the beginning of the war in the East. Critics have accused Avakov of using members of the group to threaten an opposition media outlet. As at least one commentator has pointed out, using the National Guard to combat ultranationalist violence is likely to prove difficult if far-right groups have become part of the Guard itself.

Avakov’s Deputy Minister Vadym Troyan was a member of the neo-Nazi Patriot of Ukraine (PU) paramilitary organization, while current Ministry of Interior official Ilya Kiva – a former member of the far-right Right Sector party whose Instagram feed is populated with images of former Italian fascist leader Benito Mussolini – has called for gays “to be put to death.” And Avakov himself used the PU to promote his business and political interests while serving as a governor in eastern Ukraine, and as interior minister formed and armed the extremist Azov battalion led by Andriy Biletsky, a man nicknamed the “White Chief” who called for a crusade against “Semite-led sub-humanity.”

Such officials have no place in a government based on the rule of law; they should go. More broadly, the government should also make sure that every police officer receives human rights training focused on improving the policing and prosecution of hate crimes. Those demonstrating signs of extremist ties or sympathies should be excluded.

In one notorious incident, media captured images of swastika-tattooed thugs — who police claimed were only job applicants wanting to have “fun” — giving the Nazi salute in a police building in Kiev. This cannot be allowed to go on, and it’s just as important for Ukrainian democracy to cleanse extremists from law enforcement as it is to remove corrupt officials from former president Viktor Yanukovych’s regime under Ukraine’s “lustration” policy. . . .

6. Sater collaborator Artemenko appears to have been part of the anti-Poroshenko phalanx in the Ukrainian fascist milieu.

“Ukraine’s Back-Channel Diplomat Still Shopping Peace Plan to Trump” by Reid Standish; Foreign Policy; 04/18/2017

. . . . Artemenko insists that his intentions in pushing a peace plan for Ukraine are in the country’s best interests. But political observers see his freelance diplomacy as part of a rising groundswell in Kiev against Poroshenko by opposition forces ahead of parliamentary and presidential elections scheduled for 2019.“Alliances are shifting in Ukraine right now against Poroshenko,” said Balazs Jarabik, a nonresident scholar at the Carnegie Endowment for International Peace. “All this diplomatic maneuvering in Washington needs to be viewed through this lens.”

Artemenko has emerged as a vocal critic of Poroshenko and says he has evidence showing corruption by the Ukrainian president. . . .

7a. The alleged “Russian plot” centering on the Sater/Artemenko “peace plan”entailed plans to develop Ukraine’s nuclear energy sector in order to break the Russian grip on Ukraine’s energy.

In short, this is an anti-Russian plot, NOT a Russian plot.

“Trump’s Ex-Biz Partner Eyed Energy Deal As He Helped Push Ukraine ‘Peace Plan’” by Sam Thielman; Talking Points Memo Muckraker; 7/27/2017.

When a former business partner of President Donald Trump’s and a Ukrainian politician approached an ally of the administration with a “peace plan,” they were already at work on an energy trading deal. That deal, said one of the region’s leading energy policy experts, stood to benefit from the scheme the pair proposed to resolve the ongoing conflict in Ukraine.

Felix Sater, who worked obtaining financing for Trump projects including the Trump SoHo, told TPM that the “peace plan” came up in the course of his attempts to broker an agreement to sell energy abroad from Ukraine’s nuclear power plants with Andrii Artemenko, at the time a Ukrainian parliamentarian. The plan was to refurbish dilapidated nuclear power plants in that country and then sell the power generated by them into Eastern Europe, using established commodities trading companies as a means of retroactively financing the deal, Sater said.

The business proposition would help break the Russian monopoly on energy, according to Sater. But Artemenko’s political proposal would have had Ukrainian voters decide whether to lease Crimea to Russia for 50 or 100 years—an idea encouraged by advisors to Russian president Vladimir Putin, and so offensive to his country’s government that Ukrainian prosecutors accused Artemenko of treasonous conspiring with Russia after the peace plan was first reported earlier this year.

It’s been widely reported that Sater and Artemenko met with Michael Cohen, who was then Trump’s personal lawyer and who has known Sater since he was a teenager, in January; under discussion was the peace plan, which would have paved a path for the U.S. to lift sanctions on Russia. Cohen has given conflicting statements about his involvement. Sater said he came to be involved in the scheme through Artemenko.

“We were trying to do a business deal at the same time,” Sater told TPM. “We were working on a business deal for about five months, and he kept telling me about the peace deal, and as the Trump administration won, that’s when I delivered it [the peace deal] to them.”

He insisted the political and business propositions were unrelated, other than each involving himself and Artemenko as primary players.

Sater had worked brokering major deals internationally for some time after the 1996 dissolution of White Rock, a firm at the center of a pump-and-dump securities fraud scandal that led to Sater’s conviction for fraud. Instead of going to prison, Sater paid a fine and went to work as an FBI informant. Those deals included a job for AT&T in Russia, as previously reported by Mother Jones, where Sater says the company was “trying to expand.”

Sater said the business proposition with Artemenko “was to try to rehabilitate the existing nuclear power plants in the Ukraine and build new ones using either U.S. or Canadian [companies] like GE, or the Koreans.” Ukraine’s history with nuclear power includes the Chernobyl disaster, and Sater noted that the aging plants needed refurbishment in order to continue working without another incident. Otherwise, he noted, “they’re ready to [have] another Chernobyl any day now.”

The pair further planned “to sell the excess power to [international energy companies] Trafigura or Vitol to sell the power to Eastern Europe, and in that way finance the plants,” Sater explained. He named Poland and Belarus as two potential state clients.

“It was a way to break the energy monopoly the Russians have,” he said.

Chi Kong Chyong, director of the Energy Policy Forum at Cambridge University’s Energy Policy Research Group, told TPM that energy independence from Russia was indeed a pressing issue in Ukraine, and noted a peace deal would ease the kind of international transaction Sater and Artemenko were proposing.

Sources close to the matter told TPM that there were no records of any current conversations between Sater or Artemenko and American industrial conglomerate GE. Trafigura and Vitol are trading houses that deal heavily in energy; Victoria Dix, a spokeswoman for Trafigura, said there was “no element of truth whatsoever” to any suggestion that Sater was pursuing a proposal with the company. Andrea Schlaepfer, a spokeswoman for Vitol, said, “We don’t comment on commercial activities.” Neither the Ukrainian Embassy nor the Consulate immediately responded to requests for comment.

For Artemenko, the fallout from the January meeting with Sater and Cohen was immediate and severe. He was expelled from his Verkhovna Rada political party the day after the New York Times reported the meeting, and by May, Ukrainian President Petro Poroshenko had stripped him of his citizenship.

For his part, Sater said he had nothing to do with the documents filled with damaging information on Ukrainian politicians, including Poroshenko, that Artemenko reportedly brought to the January meeting. “I never saw them,” Sater said, adding that Cohen might have thrown them in trash but he wasn’t sure. “I don’t want to get into it.”

Whether Sater and Artemenko’s energy trading plan was well underway or simply in the proposal stage by the time of the meeting, it would have been an easier sell with Artemenko’s Putin-approved ceasefire in place, according to Chyong.

“Any military conflict in your neighborhood or close to you affects the transaction cost of arranging commercial deals, whether that is between Ukraine and the eastern [EU, where Poland lies] or Ukraine and Belarus, for example,” Chyong said. “It increases the transactional costs. The conflict itself, of course, forces the Ukraine to think about other ways and other sources of importation of energy—gas and electricity trading.

Exporting energy from Ukraine would be easiest to places like Belarus and Russia, Chyong noted. Old electrical grids are among the strongest remaining ties between former Soviet bloc states and Russia itself; Ukraine hopes to break them by 2025, something Sater said he hoped he could help along. . .

7b. Of more than passing interest is the CV of Robert Armao, one of the intended collaborators in the Sater/Artemenko anti-Russian plot to replace the old Soviet power grid in Eastern Europe. Robert Armao:

  • ” . . . . served as labor counsel to the late Vice President Nelson Rockefeller in the early 1970s. . . .”
  • ” . . . . once advised individuals who were working with former Ukrainian president Viktor Yushchenko during the Orange Revolution protests of 2004-2005. . . .”

“How Felix Sater — Former Mob-linked Hustler And Ex-Trump Adviser — Sought To ‘Protect’ Ukraine’s Nuclear Plants” Richard Behar; The National Memo; 05/25/2017.

. . . . Evidently Sater and Artemenko were seeking the assistance of a third person who attended the breakfast, Robert Armao — a well-connected international businessman who served as labor counsel to the late Vice President Nelson Rockefeller in the early 1970s. Armao says that Sater, whom he’d never met or spoken with prior to last fall, reached out to him through a mutual friend. . . .

. . . . Armao was invited to the New York meeting because he’s a longtime expert on Ukraine. He says he once advised individuals who were working with former Ukrainian president Viktor Yushchenko during the Orange Revolution protests of 2004-2005. During the October 7 breakfast, Armao says he was asked whether he could intercede with Ukraine’s current energy minister in an attempt to revive a contract that Kiev had signed with South Korea to bring the nuclear plants up to global standards. . . .

. . . . In late March, then-FBI director James Comey was asked about Sater’s relationship with the FBI when he appeared before the House Intelligence Committee. Comey declined to comment, presumably because Sater spent a decade as a secret government cooperator for both the FBI and at times, the CIA. But in 2015, during her confirmation hearing for the post of U.S. Attorney General, Loretta Lynch offered a teaser. In response to a written question about Sater by Senator Orrin Hatch, she stated that his [decade-long] assistance as a federal cooperator was “crucial to national security.” . . . .

7c. In addition, Armao was an apparent collaborator with probable P-2 member Francesco Pazienza, Pope shooting insider and Banco Ambrosiano co-conspirator Francesco Pazienza. (We discussed Pazienza at length in AFA #21.

Another Armao collaborator was Marc Rich.

Bill Clinton’s last minute pardon of Rich was investigated by former FBI chief James Comey and a long-silent Bureau Twitter account became active shortly before the election, tweeting about Marc Rich. (We discussed this in FTR #939.

“Italian Ex-Agent Ordered Extradited From U.S.” by Ralph Blumenthal; The New York Times; 09/12/1985.

. . . .The prisoner, Dr. Francesco Pazienza, a 39-year-old nonpracticing physician, has long been a subject of keen interest in Italy, where his name has also cropped up in investigations of the shooting of Pope John Paul II and of the purported plottings of a rightist underground. . . .

. . . As recently as last year, Dr. Pazienza said, he sought to be helpful to the Americans by trying to negotiate a renewal of the lease for a United States intelligence tracking station in the Seychelles. He said he and two partners were then exploring an oil venture with the Indian Ocean island nation off the east coast of Africa.

He identified the partners as Robert Armao and Marc Rich. Mr. Rich is a commodities broker now under criminal investigation in the United States in connection with tax evasion charges, for which he has already paid a $200 million civil settlement.

Mr. Armao, head of a New York public relations company and a former adviser to the Shah of Iran, largely confirmed Mr. Pazienza’s account. But he said that while a Marc Rich subsidiary had been involved in their discussions, the oil venture never came about. . . .

8. Here’s something to consider as destructive cyberbombs are being preemptively placed on networks as a form of cyber-MWDs and the US settles into a ‘Cold War’ modality with Russia: If any skilled hacker on the planet manages to hack a US nuclear power plan, that ‘cold war’ might heat up pretty fast whether Russia was behind it or not…especially if there’s a meltdown.

“. . . . The Washington Post reported Saturday that U.S. government officials have already pinned the recent nuclear cyber intrusions on Russia. . . .

. . . Analysts remain quick to tamp down assertions that Russia’s fingerprint on the latest attack is a sure thing. . . ;

. . . . Still, it’s a pretty alarming situation regardless of who was behind it, in part because it’s an example of how potentially vulnerable things like nuclear plants are to any hacker, state-backed or not:

. . . . Still, the source said a well-resourced attacker could try sneaking in thumb drives, planting an insider or even landing a drone equipped with wireless attack technology into a nuclear generation site. Reports indicate that the infamous Stuxnet worm, which damaged Iranian nuclear centrifuges in the late 2000s, probably snuck in on removable media. Once inside the “air gapped” target network, Stuxnet relied on its own hard-coded instructions, rather than any remote commands sent in through the internet, to cause costly and sensitive nuclear equipment to spin out of control. . . .”

“ ‘Who did it?’ zeroes in on Russian hacking” by Blake Sobczak; E&E News; 07/10/2017

A sophisticated group of hackers has targeted U.S. nuclear plants in a wide-ranging hacking campaign since at least May, according to multiple U.S. authorities.

The hackers tried to steal usernames and passwords in the hope of burrowing deep into nuclear power networks, in addition to other utility and manufacturing targets.

But the Department of Homeland Security, the FBI, sources familiar with the ongoing investigation and nonpublic government alerts told E&E News that heavily guarded nuclear safety systems were left unscathed by any recent cyber intrusions. Experts say the evidence so far points to a remote threat that, while advanced, likely could not have leaped from corporate business networks to the critical but isolated computer networks keeping nuclear reactors operating safely.

Still, the question that lingers is, who did it?

Suspicion has fallen on hackers with ties to Russia, in part because of past intrusions into U.S. companies and for Russia-linked attacks on Ukraine’s power grid in 2015 and 2016.

Ukrainian security services laid the blame for the grid hacks at Russian President Vladimir Putin’s feet. Several private U.S. cybersecurity companies have also drawn links between energy industry-focused hacking campaigns with names like “Energetic Bear” back to Russian intelligence services.

The Washington Post reported Saturday that U.S. government officials have already pinned the recent nuclear cyber intrusions on Russia.

Analysts remain quick to tamp down assertions that Russia’s fingerprint on the latest attack is a sure thing.

Without mentioning any nation-state by name, former Energy Secretary Ernest Moniz noted on Twitter that “these ‘advanced persistent threats’ have long worried U.S. intelligence officials — and recent events prove they are very real.”

Referencing reports of the recent nuclear cyber incidents, he added, “These breaches make plain that foreign actors are looking for ways to exploit US grid vulnerabilities. We saw this coming.”

If U.S. intelligence agencies confirm Russian security services were involved in the attack on nuclear plants, tensions with Moscow could escalate. In a Twitter comment that attracted bipartisan ridicule, President Trump yesterday morning said that he and Putin had agreed to create an “impenetrable Cyber Security unit” to guard against hacking, only to apparently reverse his position hours later and suggest such an arrangement “can’t” happen.

Sen. Maria Cantwell (D-Wash.), ranking member of the Senate Energy and Natural Resources Committee, reiterated her calls for the White House to assess energy-sector cyber vulnerabilities and abandon proposed budget cuts at the Department of Energy. “The disturbing reports of the past 24 hours indicate that our adversaries are trying to take advantage of the very real vulnerabilities of our energy infrastructure’s cyber defenses,” she said Friday.

Drawing from the Ukraine playbook

In 2015, a group of hackers set sights on several Ukrainian electric distribution companies. The intruders broke into the utilities’ business networks with “phishing” emails designed to lure employees into clicking on a document laced with malware.

From there, the attackers mapped out their victims’ computer systems, even gaining access to the virtual private network utility workers used to remotely operate parts of Ukraine’s electric grid.

On Dec. 23, 2015, after months of waiting and spying, the hackers struck, logging onto the operational network and flipping circuit breakers at electric substations. They succeeded in cutting power to several hundred thousand Ukrainian citizens for a few hours in what became the first known cyberattack on a power grid in the world.

At first glance, the latest nuclear hackers appear to have drawn from the same playbook.

They used a “fairly creative” phishing email to gain a foothold on targeted networks, according to Craig Williams, senior technical leader and global outreach manager for Cisco Talos, a cybersecurity research division of Cisco Systems Inc.

Instead of stowing malware in the Word document itself, the hackers tweaked a control engineer’s résumé into beaconing out to a malicious server via a Microsoft communications protocol called Server Message Block. The cyber intruders could then swipe fragments of SMB traffic containing the victims’ login information to set up an authorized connection to the targeted network and move on from there, Williams explained.

The technique points to “attackers who are dedicated and who’ve done their research,” he noted.

While Williams said Cisco had detected a variety of energy companies hit by the phishing emails, he pointed out that “the nuclear sector is extremely hardened.”

Getting blocked

Nuclear power plant operators have to abide by their own set of cybersecurity rules established by the Nuclear Regulatory Commission. Following its most recent cybersecurity audits in 2015, the NRC reported “several very low security significance violations of cyber security plan requirements.”

None of those violations could have resulted in an imminent threat to nuclear safety, the regulator said.

The NRC plans to ramp up cybersecurity inspections later this year. The agency has declined to comment on reports of the recent cyber breaches at nuclear power generation sites.

Nuclear power companies have had to account for the possibility of a cyberattack on their safety systems since 2002, according to NRC guidance.

Electric utilities typically adhere to a three-step model for protecting their most sensitive systems from hackers. At a basic level, this setup involves an information technology network — such as a utility’s internet-connected corporate headquarters — and an operational network that includes grid control systems. Companies typically add a third layer or “demilitarized zone” bridging those two sides of the business, replete with firewalls, cybersecurity technologies and other safeguards.

Nuclear operators add at least two more layers to that model, drawing lines among the public internet, the corporate network, onsite local area networks, industrial “data acquisition” networks and, finally, the core safety system overseeing radioactive materials, based on government guidelines.

In the U.S., safety systems are often still “analogue,” having originally been built in the 1980s or earlier, before the recent spread of web-connected technologies.

Within that last, critical zone — Level 4 in nuclear industry parlance — tight physical controls prevent phones and USB drives from getting in; and operational data is designed to flow only outward through “data diodes,” with no potential for online commands to enter from the public internet or even the site’s own local area network.

“Anybody ever reports that somebody got a connection from the internet directly or indirectly into the heart of a nuclear control system is either full of crap, or is revealing a massive problem with some particular site, because there should be physically no way for that to actually be possible,” said Andrew Ginter, vice president of Waterfall Security Solutions, which markets one such “unidirectional gateway” or data diode to the U.S. nuclear sector. “To me, it’s almost inconceivable.”

Marty Edwards, managing director of the Automation Federation, who until last month headed a team of industrial control security specialists at DHS, generally agreed that a remote connection would be nearly impossible to achieve. “When we tested those kinds of [one-way] devices in the lab, we found that you couldn’t circumvent any of them, basically, because they’re physics-based,” he said. “There’s no way to manipulate that stream.”

One source familiar with nuclear information technology practices, who agreed to speak about security matters on condition of anonymity, said that “in order to have a catastrophic impact, you have to get by the human in the control room” — no easy feat. “You’re talking workers who are regularly screened for insider [threat] indicators and psychological stability.”

Still, the source said a well-resourced attacker could try sneaking in thumb drives, planting an insider or even landing a drone equipped with wireless attack technology into a nuclear generation site. Reports indicate that the infamous Stuxnet worm, which damaged Iranian nuclear centrifuges in the late 2000s, probably snuck in on removable media. Once inside the “air gapped” target network, Stuxnet relied on its own hard-coded instructions, rather than any remote commands sent in through the internet, to cause costly and sensitive nuclear equipment to spin out of control.

But the source, who had reviewed recent DHS and FBI warnings about recent nuclear cyberthreats, added that there was no indication the actor behind it got close to nuclear operators’ crown jewels.

“To get around the data diodes and all the other defenses, it’d be unprecedented at this point,” at least from a U.S. perspective, said the source.

Would it even be possible?

“Maybe if you’re Vladimir Putin,” the source said.

9. Devon Arthurs – a neo-Nazi-turned-Muslim–murdered two of his neo-Nazi roommates back in May. Brandon Russell – Arthurs’s surviving third roommate, was found with bomb-making materials, radioactive substances and a framed picture of Timothy McVeigh after police searched their residence. Russell planned to sabotage a nuclear power plant

Russell, we note, was in the National Guard. In the Nazi tract Serpent’s Walk, a book we feel is–like The Turner Diaries–is intended as a teaching tool, operational blueprint and manifesto, the Underground Reich infiltrates the military, gains effective control of the opinion forming media and, following a series of WMD strikes blamed on Russia and a declaration of martial law, the Nazis take over the United States.

Brandon Russell’s activities fit very well into this scenario.

“National Guard ‘neo-Nazi’ aimed to hit Miami nuclear plant, roommate says” by Dan Sullivan; Tampa Bay Times; 06/13/2017

Brandon Russell, a National Guardsman and self-described neo-Nazi, had plans to blow up power lines in the Florida Everglades and launch explosives into a nuclear power plant near Miami, his roommate Devon Arthurs told police.

Prosecutors on Tuesday played portions of a recorded interrogation Arthurs gave in the hours immediately after he was arrested in the killings of Jeremy Himmelman and Andrew Oneschuk.In the video, Arthurs offers a justification for the killings, claiming that Russell, the surviving roommate, was preparing to commit acts of terrorism.

“The things they were planning were horrible,” Arthurs said. “These people were not good people.”

The U.S. Attorney’s Office presented the video excerpts in an effort to get U.S. Magistrate Judge Thomas B. McCoun III to revoke an order granting Russell bail, arguing that he poses a danger to the community.

Late Tuesday, the judge stayed the order. Russell will remain jailed while the judge reconsiders the issue.

Russell, 21, faces explosives charges after bombmaking materials were found at his Tampa Palms apartment May 19 during the murder investigation. Arthurs, separately, has been charged with two counts of first-degree murder in state court.

In the video, Arthurs sits beside a table in a white-walled interrogation room, his right leg resting over his left knee. He gestures with both hands as he casually describes Russell’s neo-Nazi beliefs and supposed plans to commit terrorist acts.

He said Russell studied how to build nuclear weapons in school and is “somebody that literally has knowledge of how to build a nuclear bomb.”

When a Tampa police detective asked Arthurs if his friends had any specific terrorist intentions, he said they had a plan to blow up power lines along Alligator Alley, the stretch of Interstate 75 linking Naples with Fort Lauderdale.

He also said they had a plan to fire mortars loaded with nuclear material into the cooling units of a nuclear power plant near Miami.

He said the damage would cause “a massive reactor failure” and spread “irradiated water” throughout the ocean.

“Think about a BP oil spill, except it wipes out parts of the eastern seaboard,” Arthurs said.

The detective asked why they wanted to do these things.

“Because they wanted to build a Fourth Reich,” Arthurs said. He said Russell idolized Oklahoma City bomber Timothy McVeigh.

“He said the only thing McVeigh did wrong was he didn’t put enough material into the truck to bring the whole building down.”

Assistant U.S. Attorney Josephine Thomas noted during the hearing that the Turkey Point Nuclear Generating Station is near Miami.She also noted that when bomb squad members arrived at Russell’s apartment, their pagers alerted them to the presence of “two radiation sources.” The criminal complaint says those were thorium and americium, both radioactive metals.

Russell’s defense attorney, Ian Goldstein, noted that authorities have not charged him with possession of nuclear materials.

Goldstein questioned Arthurs’ credibility.

“Devon Arthurs is a person who just murdered two individuals, who is desperate to save himself, and, quite frankly, I think he is a few cards short of a full deck,” Goldstein said. “I hope the government brings Mr. Arthurs to the trial as their prime witness. He’s insane.”

Arthurs, according to court records, admitted to the killings, saying Himmelman and Oneschuk had disrespected his conversion to Islam.

“I was like, ‘How could I have done this?’ ” he said in the video played Tuesday. “If I hadn’t done that, there would be a lot more people dead than just these two guys in this organization.”

10. Surviving National Guardsman/Nazi Russell admitted to belonging to a group call Atomwaffen, which is German for “atomic weapon”.

Russell, and the rest of Atomwaffen, received a wringing endorsement from brilliant Nazi hacker Andrew Auerenheimer. Yes, Auernheimer, who happens to be the kind of skilled hacker who actually might have the ability to trigger a nuclear melt down someday, wrote about the whole incident on The Daily Stormer. According to Auernheimer, the two killed roommates were “friends of friends” and the “Atomwaffen are a bunch of good dudes. They’ve posted tons of fliers with absolutely killer graphics at tons of universities over the years. They generally have a lot of fun and party.”

“Neo-Nazi-turned-Muslim kills roommates over ‘disrespect,’ police say” by JASON DEAREN and MICHAEL KUNZELMAN; Associated Press; 05/22/2017

A man told police he killed his two roommates because they were neo-Nazis who disrespected his recent conversion to Islam, and investigators found bomb-making materials and Nazi propaganda after he led them to the bodies.

Devon Arthurs, 18, told police he had until recently shared his roommates’ neo-Nazi beliefs, but that he converted to Islam, according to court documents and a statement the Tampa Police Department released Monday. . . .

. . . . In the apartment with the victims’ bodies on Friday, investigators found Nazi and white supremacist propaganda; a framed picture of Oklahoma City bomber Timothy McVeigh; and explosives and radioactive substances, according to the court documents.

They also found a fourth roommate, Brandon Russell, crying and standing outside the apartment’s front door in his U.S. Army uniform.

“That’s my roommate (Russell). He doesn’t know what’s going on and just found them like you guys did,” Arthurs told the police officers, according to the report.

Federal agents arrested Russell, 21, on Saturday on charges related to the explosives.

The FBI said Russell “admitted to his neo-Nazi beliefs” and said he was a member of a group called Atomwaffen, which is German for “atomic weapon.”

Major Caitlin Brown, spokeswoman for the Florida National Guard, confirmed Russell was a current member of the Florida National Guard. But she couldn’t immediately provide any other information.

Arthurs started the chain of events on Friday when he held two customers and an employee hostage at gunpoint at a Tampa smoke shop, police said. He was complaining about the treatment of Muslims.

“He further informed all three victims that he was upset due to America bombing his Muslim countries,” police Detective Kenneth Nightlinger wrote in his report.

Officers talked Arthurs into letting the hostages go and dropping his weapon, and took him into custody.

While in custody, police said Arthurs started talking about killing two people, and then he directed them to a condominium complex where the four roommates shared an apartment.

“I had to do it,” Arthurs told police. “This wouldn’t have had to happen if your country didn’t bomb my country.”

Inside the apartment, the officers found the bodies of 22-year-old Jeremy Himmelman and 18-year-old Andrew Oneschuk. Both had been shot.

Police called in the FBI and a bomb squad, which found enough explosives to constitute a bomb, according to federal agents.

At first, Russell told agents he kept the explosives from his days in an engineering club at the University of South Florida in 2013, and that he used the substances to boost homemade rockets. The agents wrote that the substance found was “too energetic and volatile for these types of uses.”

Russell has been charged with possession of an unregistered destructive device and unlawful storage of explosive material. Court records did not list an attorney for him.

Andrew Auernheimer, a notorious computer hacker and internet troll, wrote a post about the killings for The Daily Stormer, a leading neo-Nazi website.

Auernheimer, known online as “weev,” said in Sunday’s post that he knew the shooting suspect and both of the shooting victims. He said he banned Arthurs from The Daily Stormer’s Discord server, an online forum, for posting “Muslim terrorist propaganda” earlier this year.

“He came in to convert people to Islam,” Auernheimer said during a telephone interview Monday. “It didn’t work out very well for him.”

Auernheimer described Himmelman and Oneschuk as “friends of friends” and said they belonged to the Atomwaffen group.

“Atomwaffen are a bunch of good dudes. They’ve posted tons of fliers with absolutely killer graphics at tons of universities over the years. They generally have a lot of fun and party,” he wrote.

———-

11. If any neo-Nazi hacker is capable of successfully taking down a nuclear plant, perhaps as part of a larger coordinated neo-Nazi attack or or just on his own, it’s Auernheimer.

Auernheimer shares in the McVeigh worship,recently proposing crowd-funding a McVeigh monument:

“McVeigh Worship: The New Extremist Trend” by Bill Morlin; The Southern Poverty Law Center; 06/27/2017

In extremist circles, there appears to be a bump of interest in Timothy James McVeigh.

Yes, that Timothy McVeigh. The guy who used a Ryder truck to bomb the Alfred P. Murrah Federal Building in Oklahoma City on April 19, 1995, killing 168 innocent children and adults and wounding more than 600 others.

His act 22 years ago, for those who may have forgotten, was the deadliest terrorist attack in the United States before the attacks of Sept. 11, 2001.

McVeigh was convicted of terrorism and executed just three months before those attacks.

His name and heinous crime are not forgotten, nor should they be, while there seems to be a growing admiration for McVeigh in some extremist circles. One militia honcho even likened McVeigh to Jesus Christ.

Check out these recent mentions of McVeigh:

In mid-May, police in Tampa, Florida, responded to the scene of a double-murder involving young, self-described neo-Nazis.

Brandon Russell, who shared the apartment with the murder suspect, was charged with possession of bomb-making materials and chemicals, including ammonium nitrate – the same kind of material used by McVeigh.

In Russell’s bedroom at the apartment he shared with the murder suspect and the two slain neo-Nazis, police found a framed photograph of Timothy McVeigh. Russell, who’s in custody, hasn’t publicly explained that fascination.

More recently, neo-Nazi Andrew ‘Weev’ Auernheimer, who writes for the racist web site “Daily Stormer,” said he was serious in proposing a crowd-funding account to raise money to build a “permanent monument” in a memorial grove honoring McVeigh.

“Think of it, a gigantic bronze statue of Timothy McVeigh poised triumphantly atop a Ryder truck, arms raised as if to form an Algiz rune from his body, with a plaque that states the honest truth,” Auernheimer wrote. “Nothing would be a greater insult to these pizza-party guarding federal swine than a permanent monument honoring [McVeigh’s] journey to Valhalla or Fólkvangr atop the piles of their corpses.”

“I am not joking,” Auernheimer wrote. “This should be done. Imagine how angry it would make people.”

———-

 

12. Is it possible that the “command & control” server used in the DNC server hacks was not only hacked and under 3rd party control during the 2015-2016 DNC hack but also the 2015 Bundestag hack? As we’re going to see, it’s possible.

First, here’s something to keep in mind regarding the German government’s public attribution in mid-May of 2016 that APT28/Fancy Bear is a Russian government hacking group and was responsible for 2015 Bundestag hack: As security analyst Jeffrey Carr notes in the piece below, when Germany’s domestic intelligence agency, the BfV, issued a report in January of 2016 that attributed both APT28 and APT29 to the Russian government, the report didn’t appear to reference any classified information. The conclusions appeared to be based on exactly the same kind of technical ‘clues’ that were used for attribution in the 2016 DNC hacks. And as Carr also points out, relying on those technical ‘clues’ is a rather clueless way to go about attribution:

“While it’s natural to think of Sofacy as a group of individuals, it’s more like a group of technical indicators which include tools, techniques, procedures, target choices, countries of origin, and of course, people. Since most bad actors operate covertly, we are highly dependent on the forensics. Since many of the tools used are shared, and other indicators easily subverted, the forensics can be unreliable.”

When cybersecurity firms publish reports about some “APT” (Advanced Persistent Threat) group, they’re not actually reporting on a specific group. They’re reporting on similar technical indicators that suggest an attack could have been the same group that did a previous hack and nothing more than that.

If those technical indicators include code that’s available to 3rd party hackers and servers that have already been hacked or show vulnerabilities to hacking, as is the case with the 176.31.112[.]10 Command & Control server used by “APT28” in both the DNC server hack and the Bundestag hack (with that IP address hard coded in both cases), those technical indicators are indicative of very little other than some group might be up to their old tricks or some other group is copying (or framing) them:


Problem #1: The IP address 176.31.112[.]10 used in the Bundestag breach as a Command and Control server has never been connected to the Russian intelligence services. In fact, Claudio Guarnieri, a highly regarded security researcher, whose technical analysis was referenced by Rid, stated that “no evidence allows to tie the attacks to governments of any particular country.”

Problem #2: The Command & Control server (176.31.112.10) was using an outdated version of OpenSSL vulnerable to Heartbleed attacks. Heartbleed allows attackers to exfiltrate data including private keys, usernames, passwords and other sensitive information.

The existence of a known security vulnerability that’s trivial to exploit opens the door to the possibility that the systems in question were used by one rogue group, and then infiltrated by a second rogue group, making the attribution process even more complicated. At the very least, the C2 server should be considered a compromised indicator.

“The existence of a known security vulnerability that’s trivial to exploit opens the door to the possibility that the systems in question were used by one rogue group, and then infiltrated by a second rogue group, making the attribution process even more complicated. At the very least, the C2 server should be considered a compromised indicator.”

Yet, despite these glaring issues with the technical indicators, when Germany’s BfV issued a report in January of 2016 pinning the blame for the Bundestag hacks on the GRU and FSB is an assumption based on technical indicators alone:

..
Problem #3: The BfV published a newsletter in January 2016 which assumes that the GRU and FSB are responsible because of technical indicators, not because of any classified finding; to wit: “Many of these attack campaigns have each other on technical similarities, such as malicious software families, and infrastructure—these are important indicators of the same authorship. It is assumed that both the Russian domestic intelligence service FSB and the military foreign intelligence service GRU run cyber operations.”

It looks like the BfV’s attribution that the Russian government was behind the “APT28” Bundestag hack was anything but solid.

Don’t forget that the attribution of the Bundestag hack is A LOT easier to make than the attribution of the DNC server hack. Why? Because after the Bundestag hack happen there was lots of discussion of it in the cybersecurity press, and that included discussion of how the Command & Control server at the 176.31.112[.]10 IP address was vulnerable to the Heartbleed attack.

“Principal consultant at 20KLeague.com; Founder of Suits and Spooks; Author of “Inside Cyber Warfare (O’Reilly Media, 2009, 2011)” by Jeffrey Carr; Medium; 07/27/2017

Yesterday, Professor Thomas Rid (Kings College London) published his narrative of the DNC breach and strongly condemned the lack of action by the U.S. government against Russia.

Susan Hennessey, a Harvard-educated lawyer who used to work at the Office of the General Counsel at NSA called the evidence “about as close to a smoking gun as can be expected where a sophisticated nation state is involved.”

Then late Monday evening, the New York Times reported that “American intelligence agencies have “high confidence” that the Russian government was behind the DNC breach.

It’s hard to beat a good narrative “when explanations take such a dreadful time” as Lewis Carroll pointed out. And the odds are that nothing that I write will change the momentum that’s rapidly building against the Russian government.

Still, my goal for this article is to address some of the factual errors in Thomas Rid’s Vice piece, provide some new information about the capabilities of independent Russian hackers, and explain why the chaos at GRU makes it such an unlikely home for an APT group.

Fact-Checking The Evidence

Thomas Rid wrote:

One of the strongest pieces of evidence linking GRU to the DNC hack is the equivalent of identical fingerprints found in two burglarized buildings: a reused command-and-control address?—?176.31.112[.]10?—?that was hard coded in a piece of malware found both in the German parliament as well as on the DNC’s servers. Russian military intelligence was identified by the German domestic security agency BfV as the actor responsible for the Bundestag breach. The infrastructure behind the fake MIS Department domain was also linked to the Berlin intrusion through at least one other element, a shared SSL certificate.

This paragraph sounds quite damning if you take it at face value, but if you invest a little time into checking the source material, its carefully constructed narrative falls apart.

Problem #1: The IP address 176.31.112[.]10 used in the Bundestag breach as a Command and Control server has never been connected to the Russian intelligence services. In fact, Claudio Guarnieri, a highly regarded security researcher, whose technical analysis was referenced by Rid, stated that “no evidence allows to tie the attacks to governments of any particular country.”

Problem #2: The Command & Control server (176.31.112.10) was using an outdated version of OpenSSL vulnerable to Heartbleed attacks. Heartbleed allows attackers to exfiltrate data including private keys, usernames, passwords and other sensitive information.

The existence of a known security vulnerability that’s trivial to exploit opens the door to the possibility that the systems in question were used by one rogue group, and then infiltrated by a second rogue group, making the attribution process even more complicated. At the very least, the C2 server should be considered a compromised indicator.

Problem #3: The BfV published a newsletterin January 2016 which assumes that the GRU and FSB are responsible because of technical indicators, not because of any classified finding; to wit: “Many of these attack campaigns have each other on technical similarities, such as malicious software families, and infrastructure—these are important indicators of the same authorship. It is assumed that both the Russian domestic intelligence service FSB and the military foreign intelligence service GRU run cyber operations.”

Professor Rid’s argument depended heavily on conveying hard attribution by the BfV even though the President of the BfV didn’t disguise the fact that their attribution was based on an assumption and not hard evidence.

Personally, I don’t want to have my government create more tension in Russian-U.S. relations because the head of Germany’s BfV made an assumption.

In intelligence, as in other callings, estimating is what you do when you do not know. (Sherman Kent)

When it came to attributing Fancy Bear to the GRU, Dmitry Alperovich used a type of estimative language because there was no hard proof: “Extensive targeting of defense ministries and other military victims has been observed, the profile of which closely mirrors the strategic interests of the Russian government, and may indicate affiliation with ??????? ???????????????? ?????????? (Main Intelligence Department) or GRU, Russia’s premier military intelligence service.”

For Cozy Bear’s attribution to the FSB, Dmitrysimply observed that there were two threat actor groups operating at the same time while unaware of each other’s presence. He noted that the Russian intelligence services also compete with each other, therefore Cozy Bear is probably either the FSB or the SVR: “we observed the two Russian espionage groups compromise the same systems and engage separately in the theft of identical credentials. While you would virtually never see Western intelligence agencies going after the same target without de-confliction for fear of compromising each other’s operations, in Russia this is not an uncommon scenario.”

The Fidelis report on the malware didn’t mention the GRU or FSB at all. Their technical analysis only confirmed the APT groups involved: “Based on our comparative analysis we agree with CrowdStrike and believe that the COZY BEAR and FANCY BEAR APT groups were involved in successful intrusions at the DNC.”

When it came to attributing the attack to the Russian intelligence services, Fidelis’ Mike Buratowski told reporter Michael Heller: “In a situation like this, we can’t say 100% that it was this person in this unit, but what you can say is it’s more probable than not that it was this group of people or this actor set.”

As Mark Twain said, good judgment comes from experience, and experience comes from bad judgment. The problem with judgment calls and attribution is that since there’s no way to be proven right or wrong, there’s no way to discern if one’s judgment call is good or bad.

The metadata in the leaked documents are perhaps most revealing: one dumped document was modified using Russian language settings, by a user named “?????? ??????????,” a code name referring to the founder of the Soviet Secret Police

OK. Raise your hand if you think that a GRU or FSB officer would add Iron Felix’s name to the metadata of a stolen document before he released it to the world while pretending to be a Romanian hacker. Someone clearly had a wicked sense of humor.

APT Groups Aren’t People. They‘re’ Indicators.

[see image of different names for the APT groups assumed to be Russian]

This is a partial spreadsheet for Russian APT threat groups. The one for China is about four times as big. If it looks confusing, that’s because it is. There is no formal process for identifying a threat group. Cybersecurity companies like to assign their own naming conventions so you wind up having multiple names for the same group. For example, CrowdStrike’s Fancy Bear group has the primary name of Sofacy, and alternative names of APT28, Sednit, Pawn Storm, and Group 74.

While it’s natural to think of Sofacy as a group of individuals, it’s more like a group of technical indicators which include tools, techniques, procedures, target choices, countries of origin, and of course, people. Since most bad actors operate covertly, we are highly dependent on the forensics. Since many of the tools used are shared, and other indicators easily subverted, the forensics can be unreliable.

Non-Government Russian Hacker Groups

Russia’s Ministry of Communication reportedthat Russian cybercriminals are re-investing 40% of the millions of dollars that they earn each year in improving their technology and techniques as they continue to target the world’s banking system. Kaspersky Lab estimated earnings for one 20 member group at $1 billion over a three year period.

A common (and erroneous) rationale for placing the blame of a network breach on a nation state is that independent hacker groups either don’t have the resources or that stolen data doesn’t have financial value. These recent reports by Kaspersky Lab and Russian Ministry of Communication make it clear that money is no object when it comes to these independent groups, and that sophisticated tools and encryption methods are constantly improved upon, just as they would be at any successful commercial enterprise or government agency.

That, plus the occasional cross-over between independent Russian hackers and Russia’s security services makes differentiation between a State and non-State threat actor almost impossible. For that reason alone, it should be incumbent upon policymakers and journalists to question their sources about how they know that the individuals involved are part of a State-run operation.

A Nightmare Scenario

“Indeed, there will be some policymakers who could not pass a rudimentary test on the “facts of the matter” but who have the strongest views on what the policy should be and how to put it into effect.” (Sherman Kent)

Here’s my nightmare. Every time a claim of attribution is made—right or wrong—it becomes part of a permanent record; an un-verifiable provenance that is built upon by the next security researcher or startup who wants to grab a headline, and by the one after him, and the one after her. The most sensational of those claims are almost assured of international media attention, and if they align with U.S. policy interests, they rapidly move from unverified theory to fact.

Because each headline is informed by a report, and because indicators of compromise and other technical details are shared between vendors worldwide, any State or non-State actor in the world will soon have the ability to imitate an APT group with State attribution, launch an attack against another State, and generate sufficient harmful effects to trigger an international incident. All because some commercial cybersecurity companies are compelled to chase headlines with sensational claims of attribution that cannot be verified.

I encourage my colleagues to leave attribution to the FBI and the agencies of the Intelligence Community, and I implore everyone else to ask for proof, even from the U.S. government, whenever you read a headline that places blame on a foreign government for an attack in cyberspace.

 

 

 

Discussion

One comment for “FTR #967 Update on Ukrainian Fascism, the “Russia-Gate” Psy-Op and the Possibility of a Third World War”

  1. Check out the latest side effect of the Ukrainian civil war: ICBMs for North Korea. Yep, it looks like a missile factory in Dnipro, Ukraine, near the front-lines but in a government-controlled area, is the likely source of North Korea’s recent ICBM advances:

    The New York Times

    North Korea’s Missile Success Is Linked to Ukrainian Plant, Investigators Say

    By WILLIAM J. BROAD and DAVID E. SANGER
    AUG. 14, 2017

    North Korea’s success in testing an intercontinental ballistic missile that appears able to reach the United States was made possible by black-market purchases of powerful rocket engines probably from a Ukrainian factory with historical ties to Russia’s missile program, according to an expert analysis being published Monday and classified assessments by American intelligence agencies.

    The studies may solve the mystery of how North Korea began succeeding so suddenly after a string of fiery missile failures, some of which may have been caused by American sabotage of its supply chains and cyberattacks on its launches. After those failures, the North changed designs and suppliers in the past two years, according to a new study by Michael Elleman, a missile expert at the International Institute for Strategic Studies.

    Such a degree of aid to North Korea from afar would be notable because President Trump has singled out only China as the North’s main source of economic and technological support. He has never blamed Ukraine or Russia, though his secretary of state, Rex W. Tillerson, made an oblique reference to both China and Russia as the nation’s “principal economic enablers” after the North’s most recent ICBM launch last month.

    Analysts who studied photographs of the North’s leader, Kim Jong-un, inspecting the new rocket motors concluded that they derive from designs that once powered the Soviet Union’s missile fleet. The engines were so powerful that a single missile could hurl 10 thermonuclear warheads between continents.

    Those engines were linked to only a few former Soviet sites. Government investigators and experts have focused their inquiries on a missile factory in Dnipro, Ukraine, on the edge of the territory where Russia is fighting a low-level war to break off part of Ukraine. During the Cold War, the factory made the deadliest missiles in the Soviet arsenal, including the giant SS-18. It remained one of Russia’s primary producers of missiles even after Ukraine gained independence.

    But since Ukraine’s pro-Russian president, Viktor Yanukovych, was removed from power in 2014, the state-owned factory, known as Yuzhmash, has fallen on hard times. The Russians canceled upgrades of their nuclear fleet. The factory is underused, awash in unpaid bills and low morale. Experts believe it is the most likely source of the engines that in July powered the two ICBM tests, which were the first to suggest that North Korea has the range, if not necessarily the accuracy or warhead technology, to threaten American cities.

    “It’s likely that these engines came from Ukraine — probably illicitly,” Mr. Elleman said in an interview. “The big question is how many they have and whether the Ukrainians are helping them now. I’m very worried.”

    Bolstering his conclusion, he added, was a finding by United Nations investigators that North Korea tried six years ago to steal missile secrets from the Ukrainian complex. Two North Koreans were caught, and a U.N. report said the information they tried to steal was focused on advanced “missile systems, liquid-propellant engines, spacecraft and missile fuel supply systems.”

    Investigators now believe that, amid the chaos of post-revolutionary Ukraine, Pyongyang tried again.

    Mr. Elleman’s detailed analysis is public confirmation of what intelligence officials have been saying privately for some time: The new missiles are based on a technology so complex that it would have been impossible for the North Koreans to have switched gears so quickly themselves. They apparently fired up the new engine for the first time in September — meaning that it took only 10 months to go from that basic milestone to firing an ICBM, a short time unless they were able to buy designs, hardware and expertise on the black market.

    The White House had no comment when asked about the intelligence assessments.

    Last month, Yuzhmash denied reports that the factory complex was struggling for survival and selling its technologies abroad, in particular to China. Its website says the company does not, has not and will not participate in “the transfer of potentially dangerous technologies outside Ukraine.”

    American investigators do not believe that denial, though they say there is no evidence that the government of President Petro O. Poroshenko, who recently visited the White House, had any knowledge or control over what was happening inside the complex.

    On Monday, after this story was published, Oleksandr Turchynov, a top national security official in the government of Mr. Poroshenko, denied any Ukrainian involvement.

    “This information is not based on any grounds, provocative by its content, and most likely provoked by Russian secret services to cover their own crimes,” Mr. Turchynov said. He said the Ukrainian government views North Korea as “totalitarian, dangerous and unpredictable, and supports all sanctions against this country.”

    How the Russian-designed engines, called the RD-250, got to North Korea is still a mystery.

    Mr. Elleman was unable to rule out the possibility that a large Russian missile enterprise, Energomash, which has strong ties to the Ukrainian complex, had a role in the transfer of the RD-250 engine technology to North Korea. He said leftover RD-250 engines might also be stored in Russian warehouses.

    But the fact that the powerful engines did get to North Korea, despite a raft of United Nations sanctions, suggests a broad intelligence failure involving the many nations that monitor Pyongyang.

    Since President Barack Obama ordered a step-up in sabotage against the North’s missile systems in 2014, American officials have closely monitored their success. They appeared to have won a major victory last fall, when Mr. Kim ordered an end to flight tests of the Musudan, an intermediate-range missile that was a focus of the American sabotage effort.

    But no sooner had Mr. Kim ordered a stand-down of that system than the North rolled out engines of a different design. And those tests were more successful.

    It is unclear who is responsible for selling the rockets and the design knowledge, and intelligence officials have differing theories about the details. But Mr. Elleman makes a strong circumstantial case that would implicate the deteriorating factory complex and its underemployed engineers.

    “I feel for those guys,” said Mr. Elleman, who visited the factory repeatedly a decade ago while working on federal projects to curb weapon threats. “They don’t want to do bad things.”

    Dnipro has been called the world’s fastest-shrinking city. The sprawling factory, southeast of Kiev and once a dynamo of the Cold War, is having a hard time finding customers.

    American intelligence officials note that North Korea has exploited the black market in missile technology for decades, and built an infrastructure of universities, design centers and factories of its own.

    It has also recruited help: In 1992, officials at a Moscow airport stopped a team of missile experts from traveling to Pyongyang.

    That was only a temporary setback for North Korea. It obtained the design for the R-27, a compact missile made for Soviet submarines, created by the Makeyev Design Bureau, an industrial complex in the Ural Mountains that employed the rogue experts apprehended at the Moscow airport.

    But the R-27 was complicated, and the design was difficult for the North to copy and fly successfully.

    Eventually, the North turned to an alternative font of engine secrets — the Yuzhmash plant in Ukraine, as well as its design bureau, Yuzhnoye. The team’s engines were potentially easier to copy because they were designed not for cramped submarines but roomier land-based missiles. That simplified the engineering.

    Economically, the plant and design bureau faced new headwinds after Russia in early 2014 invaded and annexed Crimea, a part of Ukraine. Relations between the two nations turned icy, and Moscow withdrew plans to have Yuzhmash make new versions of the SS-18 missile.

    In July 2014, a report for the Carnegie Endowment for International Peace warned that such economic upset could put Ukrainian missile and atomic experts “out of work and could expose their crucial know-how to rogue regimes and proliferators.”

    The first clues that a Ukrainian engine had fallen into North Korean hands came in September when Mr. Kim supervised a ground test of a new rocket engine that analysts called the biggest and most powerful to date.

    Norbert Brügge, a German analyst, reported that photos of the engine firing revealed strong similarities between it and the RD-250, a Yuzhmash model.

    Alarms rang louder after a second ground firing of the North’s new engine, in March, and its powering of the flight in May of a new intermediate-range missile, the Hwasong-12. It broke the North’s record for missile distance. Its high trajectory, if leveled out, translated into about 2,800 miles, or far enough to fly beyond the American military base at Guam.

    On June 1, Mr. Elleman struck an apprehensive note. He argued that the potent engine clearly hailed from “a different manufacturer than all the other engines that we’ve seen.”

    Mr. Elleman said the North’s diversification into a new line of missile engines was important because it undermined the West’s assumptions about the nation’s missile prowess: “We could be in for surprises.”

    That is exactly what happened. The first of the North’s two tests in July of a new missile, the Hwasong-14, went a distance sufficient to threaten Alaska, surprising the intelligence community. The second went far enough to reach the West Coast, and perhaps Denver or Chicago.

    Last week, the Bulletin of the Atomic Scientists featured a detailed analysis of the new engine, also concluding that it was derived from the RD-250. The finding, the analysts said, “raises new and potentially ominous questions.”

    The emerging clues suggest not only new threats from North Korea, analysts say, but new dangers of global missile proliferation because the Ukrainian factory remains financially beleaguered. It now makes trolley buses and tractors, while seeking new rocket contracts to help regain some of its past glory.

    ———-

    “North Korea’s Missile Success Is Linked to Ukrainian Plant, Investigators Say” by WILLIAM J. BROAD and DAVID E. SANGER; The New York Times; 08/14/2017

    “Mr. Elleman’s detailed analysis is public confirmation of what intelligence officials have been saying privately for some time: The new missiles are based on a technology so complex that it would have been impossible for the North Koreans to have switched gears so quickly themselves. They apparently fired up the new engine for the first time in September — meaning that it took only 10 months to go from that basic milestone to firing an ICBM, a short time unless they were able to buy designs, hardware and expertise on the black market.”

    Yep, despite the Ukrainian government’s attempts to suggest that it was actually Russia behind the missile technology transfer to North Korea, the evidence its pointing investigators towards a Ukrainian missile factory fallen on hard times. So is Ukraine’s government quietly dealing with North Korea or was it an independent operation by underpaid employees of a missile factory who suddenly lost their primary customers in Russia when the war broke out? Or the far-right and neo-Nazis involved? These of the grim questions we now get to add to the pile of of grim questions about about the situation in Ukraine:


    But since Ukraine’s pro-Russian president, Viktor Yanukovych, was removed from power in 2014, the state-owned factory, known as Yuzhmash, has fallen on hard times. The Russians canceled upgrades of their nuclear fleet. The factory is underused, awash in unpaid bills and low morale. Experts believe it is the most likely source of the engines that in July powered the two ICBM tests, which were the first to suggest that North Korea has the range, if not necessarily the accuracy or warhead technology, to threaten American cities.

    “It’s likely that these engines came from Ukraine — probably illicitly,” Mr. Elleman said in an interview. “The big question is how many they have and whether the Ukrainians are helping them now. I’m very worried.”

    Bolstering his conclusion, he added, was a finding by United Nations investigators that North Korea tried six years ago to steal missile secrets from the Ukrainian complex. Two North Koreans were caught, and a U.N. report said the information they tried to steal was focused on advanced “missile systems, liquid-propellant engines, spacecraft and missile fuel supply systems.”

    Investigators now believe that, amid the chaos of post-revolutionary Ukraine, Pyongyang tried again.

    “The big question is how many they have and whether the Ukrainians are helping them now. I’m very worried.”

    Another question raised by all this relates to the calls by the far-right coalition of Svoboda, Right Sector and National Corps called back in March for Ukraine to acquire its own nuclear weapons arsenal: So if Ukraine decided to quietly acquire its own nukes, does it have the capability to do that on its own? Or did it effectively lose that capability when it gave up its nuclear arsenal in 1994? Are elements in Ukraine just looking to sell on the nuclear black market or buy too? They’re questions we have to ask now that we now have a coalition of Ukrainian neo-Nazis calling for Ukraine to get its own nukes on top of reports of Ukrainian ICBM missile technology black market activity. Along with the generic question of WTF is wrong with humanity. That one never gets old.

    Posted by Pterrafractyl | August 14, 2017, 1:46 pm

Post a comment