Spitfire List Web site and blog of anti-fascist researcher and radio personality Dave Emory.

For The Record  

FTR #967 Update on Ukrainian Fascism, the “Russia-Gate” Psy-Op and the Possibility of a Third World War

WFMU-FM is podcasting For The Record–You can subscribe to the podcast HERE.

You can subscribe to e-mail alerts from Spitfirelist.com HERE.

You can subscribe to RSS feed from Spitfirelist.com HERE.

You can subscribe to the comments made on programs and posts–an excellent source of information in, and of, itself HERE.

This broadcast was recorded in one, 60-minute segment.

Andrew Auerenheimer: Guest at Glenn Greenwald's party; apparent resident of Ukraine; friend of the "Atomwaffen."

Andrew Auerenheimer: Guest at Glenn Greenwald’s party; apparent resident of Ukraine; friend of the “Atomwaffen.”

Serpent's Walk: Forecasts a Nazi takeover of U.S. in mid-twenty-first century, after WMD terror, blamed on Russia, devastates U.S..

Serpent’s Walk: Forecasts a Nazi takeover of U.S. in mid-twenty-first century, after WMD terror, blamed on Russia, devastates U.S.

Introduction: This program affords a vista on several critical political and national security landscapes, including the use of nuclear power plants as an economic weapon and sabotaged via physical interdiction or cyber-interference.

After examining a supposed “Russian-meddling” incident which was actually an anti-Russian incident to use Ukrainian nuclear power plants to supersede the old Soviet power grid in former republics of the U.S.S.R., we note the continued dominance of the Ukrainian political landscape by virulent fascists evolved from the World War II era OUN/B.

We conclude with a terrifying look at the possibility that the sabotaging/hacking of nuclear power plants could lead to a Third World War.

With the media and political establishments turning handsprings over “Russia-gate,” we examine in detail one of the incidents prominent in the presentation of the supposition that “our democracy” was manipulated by the Russians.

In late January, Trump point man for “matters Russian”–CIA/FBI operative Felix Sater, a long-time associate of his and Trump’s lawyer Michael Cohen and a Ukrainian parliamentarian named Andrii Artemenko were proposing a cease-fire/peace plan for Ukraine. This has been spun by our media as constituting yet another of the “Russia controls Trump” manifestations.

The facts, however, reveal that this was not a “pro-Russian” gambit but an ANTI-Russian gambit! In addition to the CIA/FBI affiliation of Sater, it should be noted that Artemenko was part of the Pravy Sektor milieu in Ukraine, one of the most virulent of the OUN/B successor organizations in power in that benighted nation.

Sater, Artemenko and others were working on a plan to rehabilitate Ukrainian nuclear power plants in order to generate electricity for Ukraine and the Baltic states, freeing those former Soviet republics from their old Soviet electrical power grids. The aging Soviet grids are a remaining element for potential Russian influence in these areas.

Andrii Artemenko:

  1. ” . . . is a populist politician with ties to the far-right Ukrainian military-political group “Right Sector” and a member of the pro-Western opposition parliamentary coalition led by former Prime Minister Yulia Tymoshenko’s party. . . . Artemenko, who is a staunch ally of Valentyn Nalyvaichenko, a former head of Ukraine’s security service with lofty political ambitions, has aligned himself with other West-leaning populists like Tymoshenko. . . .”
  2. ” . . . . has a wife who is a model, he served 2.5 years in prison without a trial, he has business in U.S and he is involved in the military trade to the war zones in the Middle East. At home, he has close ties with the ultra-nationalistic Right Sector. . . .”
  3. ” . . . according to his previous e-declaration in 2015, Artemenko has a wife, model Oksana Kuchma and four children, including two with U.S. citizenship — Edward Daniel, Amber Katherine. . . .”
  4. ” . . . . founded several companies that provided military logistics services into the conflict zones and traveled to Saudi Arabia, Syria, and Qatar for business trips. . . .”
  5. ” . . . . is the deputy head of the European Integration Committee and responsible for diplomatic connections with Saudi Arabia, Qatar, United States, Kuwait, Lithuania and Belarus. . . .”
  6. ” . . . .  joined the Right Sector political party and was rumored to be one of the sponsors of its leader, Dmytro Yarosh, during his presidential election campaign in 2014. There is even a photo of Artemenko, seating among the Right Sector Party founders at the first party meeting in March 2014. Right Sector spokesperson Artem Skoropadsky told the Kyiv Post on Feb. 20 that he couldn’t confirm or deny whether Artemenko financed the Right Sector Party. . . .”

Anything but a “pro-Russian” agent. Again, he was working with Trump point man for matters Russian Felix Sater on this deal to provide nuclear-generated electricity to some former Soviet republics. Again, an anti-Russian plot, NOT a pro-Russian plot!

Next, we note that June 30th has been established as a commemorative celebration in Lvov [Lviv]. It was on June 30, 1941, when the OUN-B announced an independent Ukrainian state in the city of Lviv. That same day marked the start of the Lviv Pograms that led to the death of thousands of Jews.

The holiday celebrates Roman Shukhevych, commander of the Nachtigall Battalion that carried out the mass killings. The city of Lviv is starting “Shukhevychfest” to be held in Lviv on June 30th, commemorating the pogrom. Shukhevych’s birthday. Shukhevych was named a “Hero of the Ukraine” by Viktor Yuschenko.

In past posts and programs, we have discussed Volodomir Vyatrovich, head of the Orwellian Institute of National Remembrance. He defended Shukhevych and the public displaying of the symbol of the Galician Division (14th Waffen SS Division.)

Returning to Sater collaborator Andrii Artemenko, we note that he is part of push by Pravy Sektor and other OUN/B successor organizations in Ukraine to oust Poroshenko.

A major, terrifying part of the program focuses on nuclear power plants, the physical and/or cyber sabotaging of those plants and the possibility that this could lead to a Third World War. Against the background of the drumbeat of anti-Russian propaganda to which we are being subjected, the charge that “Russian hackers” attempted to gain access to U.S. nuclear power plants using a spearfishing attack is to be viewed with alarm.

“. . . . The Washington Post reported Saturday that U.S. government officials have already pinned the recent nuclear cyber intrusions on Russia. . . . Analysts remain quick to tamp down assertions that Russia’s fingerprint on the latest attack is a sure thing. . . . Still, it’s a pretty alarming situation regardless of who was behind it, in part because it’s an example of how potentially vulnerable things like nuclear plants are to any hacker, state-backed or not: . . . . Still, the source said a well-resourced attacker could try sneaking in thumb drives, planting an insider or even landing a drone equipped with wireless attack technology into a nuclear generation site. Reports indicate that the infamous Stuxnet worm, which damaged Iranian nuclear centrifuges in the late 2000s, probably snuck in on removable media. Once inside the “air gapped” target network, Stuxnet relied on its own hard-coded instructions, rather than any remote commands sent in through the internet, to cause costly and sensitive nuclear equipment to spin out of control. . . .”

The above-excerpted story should be viewed against the background of a frightening development in Florida. Devon Arthurs – a neo-Nazi-turned-Muslim–murdered two of his neo-Nazi roommates back in May. National Guard soldier Brandon Russell – Arthurs’s surviving third roommate, was found with bomb-making materials, radioactive substances and a framed picture of Timothy McVeigh after police searched their residence.

Russell:

  1. Planned to sabotage a nuclear power plant. ” . . . . He said Russell studied how to build nuclear weapons in school and is ‘somebody that literally has knowledge of how to build a nuclear bomb.’ . . . He also said they had a plan to fire mortars loaded with nuclear material into the cooling units of a nuclear power plant near Miami. He said the damage would cause ‘a massive reactor failure’ and spread ‘irradiated water’ throughout the ocean. . . .”
  2. Belonged to a Nazi group called “Atomwaffen.” ” . . . The FBI said Russell “admitted to his neo-Nazi beliefs” and said he was a member of a group called Atomwaffen, which is German for ‘atomic weapon.’ . . .”
  3. Was in the National Guard. Recall that, in the Nazi tract Serpent’s Walk, the Underground Reich gains control of the opinion-forming media, infiltrates the U.S. military and takes over the country after it is devastated by a series of terrorist incidents involving Russian WMDs. The stage is set for a Nazi flase flag operation that could be blamed on Russia.

Russell, and the rest of Atomwaffen, received a wringing endorsement from brilliant Nazi hacker Andrew Auerenheimer.  Auernheimer is a skilled hacker who may very well have the ability to trigger a nuclear melt down someday.  Writing of the murder of Russell’s roommates Auernheimer, the two killed roommates were “friends of friends” and the “Atomwaffen are a bunch of good dudes. They’ve posted tons of fliers with absolutely killer graphics at tons of universities over the years. They generally have a lot of fun and party.”

The point, here, is that Auerenheimer is part of the Nazi milieu that was looking to sabotage a nuclear power plant. With our media hyping “Russian hacking,” including the supposed attempt to hack U.S. nuclear power plants, the propaganda stage is set for someone with Auerenheimer’s formidable computer skills to sabotage a nuke plant, thereby [very possibly] starting World War III.

This post concludes with a detailed article referred to briefly at the end of the broadcast. It delves into the technically complicated discussion about the high-profile hacks.

Against the background of the reports of Russian hacking of U.S. nuclear power plants, the “Atomwaffen” link to Ukraine-based Andrew Auerenheimer, writer Jeffrey Carr’s reflections are to be weighed very seriously:

” . . . . Here’s my nightmare. Every time a claim of attribution is made—right or wrong—it becomes part of a permanent record; an un-verifiable provenance that is built upon by the next security researcher or startup who wants to grab a headline, and by the one after him, and the one after her. The most sensational of those claims are almost assured of international media attention, and if they align with U.S. policy interests, they rapidly move from unverified theory to fact.

Because each headline is informed by a report, and because indicators of compromise and other technical details are shared between vendors worldwide, any State or non-State actor in the world will soon have the ability to imitate an APT group with State attribution, launch an attack against another State, and generate sufficient harmful effects to trigger an international incident. All because some commercial cybersecurity companies are compelled to chase headlines with sensational claims of attribution that cannot be verified. . . .”

Program Highlights Include: The CIA/State Department background of Kurt Volker (nice Anglo-Saxon name, that), Trump’s envoy to Ukraine and an advocate of selling weaponry to that benighted state; Andrii Artemenko and Felix Sater’s would-be associate in the Ukrainian nuclear power plant scheme, Robert Armao; Armao’s links to Nelson Rockefeller, Marc Rich and Francesco Pazienza (a figure in the investigations into P-2, the shooting of Pope John Paul I and the collapse of the Banco Ambrosiano); Review of James Comey’s role in investigating Bill Clinton’s pardon of Marc Rich; review of the revival of the FBI’s Twitter account and its dissemination of Marc Rich material on the eve of the election; review of Felix Sater’s CIA/FBI background; Auerenheimer’s obsession with Timothy McVeigh; Brandon Russell’s fascination with Timothy McVeigh.

1a. By way of review, we remind listeners that the point man for the Trump business interests in their dealings with Russia is Felix Sater. A Russian-born immigrant, Sater is a professional criminal and a convicted felon with historical links to the Mafia. Beyond that, and more importantly, Sater is an FBI informant and a CIA contract agent. ” . . . . He [Sater] also provided other purported national security services for a reported fee of $300,000. Stories abound as to what else Sater may or may not have done in the arena of national security. . . .” We wonder if helping the “Russia-Gate” op may have been one of those. 

  • The Making of Donald Trump by David Cay Johnston; Melville House [HC]; copyright 2016 by David Cay Johnston; ISBN 978-1-61219-632-9. p. 165.
    . . . . There is every indication that the extraordinarily lenient treatment resulted from Sater playing a get-out-of-jail free card. Shortly before his secret guilty plea, Sater became a freelance operative of the Central Intelligence Agency. One of his fellow stock swindlers, Salvatore Lauria, wrote a book about it. “The Scorpion and the Frog” is described on its cover as ‘the true story of one man’s fraudulent rise and fall in the Wall Street of the nineties.’ According to Lauria–and the court files that have been unsealed–Sater helped the CIA buy small missiles before they got to terrorists. He also provided other purported national security services for a reported fee of $300,000. Stories abound as to what else Sater may or may not have done in the arena of national security. . . .
  • Sater was active on behalf of the Trumps in the fall of 2015“. . . . Sater worked on a plan for a Trump Tower in Moscow as recently as the fall of 2015, but he said that had come to a halt because of Trump’s presidential campaign. . . .”
  • Indicative of the significance of Sater to the U.S. intelligence and national security establishment is a statement by Attorney General nominee Loretta Lynch during her confirmation hearing: “. . . . In late March, then-FBI director James Comey was asked about Sater’s relationship with the FBI when he appeared before the House Intelligence Committee. Comey declined to comment, presumably because Sater spent a decade as a secret government cooperator for both the FBI and at times, the CIA. But in 2015, during her confirmation hearing for the post of U.S. Attorney General, Loretta Lynch offered a teaser. In response to a written question about Sater by Senator Orrin Hatch, she stated that his [decade-long] assistance as a federal cooperator was ‘crucial to national security.’ [We wonder if this might have had anything to do with Lynch’s now infamous meeting with Bill Clinton at an airport–D.E.] . . . .”
  • Sater was initiating contact between the Russians and “Team Trump” in January of this year, a gambit that will be analyzed at length and detail in this program. As we shall see, the political valence of this event are at fundamental variance with the “Russia-Gate” psy-op: “ . . . . Nevertheless, in late January, Sater and a Ukrainian lawmaker reportedly met with Trump’s personal lawyer, Michael Cohen, at a New York hotel. According to the Times, they discussed a plan that involved the U.S. lifting sanctions against Russia, and Cohen said he hand-delivered the plan in a sealed envelope to then-national security advisor Michael Flynn. . . .”

1b. Fundamental to our understanding of the “peace plan” and alleged “Russian conspiracy” is Sater and Cohen’s collaborator, Ukrainian politician Andrii Artemenko.

“Trump’s Conduits For Capital From The Former Soviet Bloc Are Actually Old Pals” by Sam Thielman; Talking Points Memo; 07/25/2017

. . . . Sater told TPM he called the now-notorious meeting with Cohen and Ukrainian politician Andrii Artemenko in February to discuss the future of Ukraine. . . .

2a. Far from being a Russian “agent of influence,” Artemenko is a long standing member of Pravy Sektor and the Radical Party. As we will see below, he may have been a primary financial backer of this OUN/B successor organization. In addition to the anti-Russian conspiracy to which Sater, Cohen and Artemenko were party, the latter appears to have been part of a Ukrainian fascist consortium that, as we shall see below, are moving in the direction of ousting Petro Poroshenko. “. . . . Tall and brawny, Artemenko is a populist politician with ties to the far-right Ukrainian military-political group “Right Sector” and a member of the pro-Western opposition parliamentary coalition led by former Prime Minister Yulia Tymoshenko’s party. . . . Artemenko, who is a staunch ally of Valentyn Nalyvaichenko, a former head of Ukraine’s security service with lofty political ambitions, has aligned himself with other West-leaning populists like Tymoshenko. . . .

“Ukraine’s Back-Channel Diplomat Still Shopping Peace Plan to Trump” by Reid Standish; Foreign Policy; 04/18/2017

On Feb. 19, the right-wing Ukrainian member of parliament was sucked into the scandal surrounding President Donald Trump and his alleged ties to Russia when the New York Times reported that Artemenko had served as a back channel between Moscow and Trump associates.

In the aftermath of the report, Artemenko was forced out of his political faction in Ukraine, the far-right Radical Party . . . .

. . . . Tall and brawny, Artemenko is a populist politician with ties to the far-right Ukrainian military-political group “Right Sector” and a member of the pro-Western opposition parliamentary coalition led by former Prime Minister Yulia Tymoshenko’s party. . . .

. . . . Artemenko, who is a staunch ally of Valentyn Nalyvaichenko, a former head of Ukraine’s security service with lofty political ambitions, has aligned himself with other West-leaning populists like Tymoshenko. . . .

. . . . Artemenko insists that his intentions in pushing a peace plan for Ukraine are in the country’s best interests. But political observers see his freelance diplomacy as part of a rising groundswell in Kiev against Poroshenko by opposition forces ahead of parliamentary and presidential elections scheduled for 2019.

“Alliances are shifting in Ukraine right now against Poroshenko,” said Balazs Jarabik, a nonresident scholar at the Carnegie Endowment for International Peace. “All this diplomatic maneuvering in Washington needs to be viewed through this lens.”

Artemenko has emerged as a vocal critic of Poroshenko and says he has evidence showing corruption by the Ukrainian president. . . .

2b. Note the date of this Kiev Post article: February 20, 2017, which is one day after this ‘peace plan’ was initially reported in the New York Times. Andrii Artemko:

  • ” . . . . has a wife who is a model, he served 2.5 years in prison without a trial, he has business in U.S and he is involved in the military trade to the war zones in the Middle East. At home, he has close ties with the ultra-nationalistic Right Sector. . . .”
  • ” . . . according to his previous e-declaration in 2015, Artemenko has a wife, model Oksana Kuchma and four children, including two with U.S. citizenship — Edward Daniel, Amber Katherine. . . .”
  • ” . . . . founded several companies that provided military logistics services into the conflict zones and traveled to Saudi Arabia, Syria, and Qatar for business trips. . . .”
  • ” . . . . is the deputy head of the European Integration Committee and responsible for diplomatic connections with Saudi Arabia, Qatar, United States, Kuwait, Lithuania and Belarus. . . .”
  • ” . . . .  joined the Right Sector political party and was rumored to be one of the sponsors of its leader, Dmytro Yarosh, during his presidential election campaign in 2014. There is even a photo of Artemenko, seating among the Right Sector Party founders at the first party meeting in March 2014. Right Sector spokesperson Artem Skoropadsky told the Kyiv Post on Feb. 20 that he couldn’t confirm or deny whether Artemenko financed the Right Sector Party. . . .”

“Andrey Artemenko: Who Is this Ukrainian Member of Parliament with the Peace Plan?” by Veronika Melkozerova; Kyiv Post; 02/20/2017.

Now ex-Radical Party member of parliament Andrey Artemenko came under criticism from all sides after the New York Times revealed on Feb. 19 that he was trying to broker his own peace plan to end Russia’s war against Ukraine.

The plan was distinctly pro-Russian, but even the Russians rejected it and his freelance, amateurish diplomacy got him kicked out of his own party, although he remains a member of parliament.

His ideas included leasing Crimea to Russia for 50 years and the lifting of economic sanctions against Russia by U.S. President Donald J. Trump.

Dmitry Peskov, Vladimir Putin’s press secretary, denied prior knowledge of the sealed plan, which includes a suggestion that Ukraine lease Crimea to Russia, which annexed the region in 2014, the Telegraph in London quoted him as saying. “There’s nothing to talk about. How can Russia rent its own region from itself?” Peskov said.

Artemenko described himself to the New York Times as a Trump-style politician.

The 48-year-old lawmaker’s biography is colorful and controversial: He has a wife who is a model, he served 2.5 years in prison without a trial, he has business in U.S and he is involved in the military trade to the war zones in the Middle East. At home, he has close ties with the ultra-nationalistic Right Sector.

“I demand Andrey Artemenko discard as a lawmaker. He has no rights to represent our faction and party. Our position is unchangeable – Russia is the aggressor and must get away from Ukrainian territories,” Oleh Lyashko, Radical Party leader said to the journalist in Verkhovna Rada on Feb. 20.

“Nobody in Radical Party trades Ukraine,” Lyashko said. “To lease Crimea to Russia is the same as to give your own mother for rent to the traveling circus.”

Artemenko told the New York Times that many people would criticize him as a Russian or American C.I.A. agent for his plan, but peace is what he’s after.

“But how can you find a good solution between our countries if we do not talk?” Artemenko said.

Before the New York Times story, Artemenko wasn’t famous. He may see himself as the next president of Ukraine, but others saw him as just another gray cardinal.

Family, business in U.S.

Artemenko hasn’t filed electronic declaration for 2016.

However, according to his previous e-declaration in 2015, Artemenko has a wife, model Oksana Kuchma and four children, including two with U.S. citizenship — Edward Daniel, Amber Katherine. The children from the first marriage, Vitaly and Kristina Artemenko (Kraskovski), have Ukrainian citizenship but live in Ontario, Canada with their mother’s husband. In 2014 Artemenko’s elder daughter Kristina gave birth to Artemenko’s grandson.

Artemenko owns land plots of 14,000 square meters and 5,000 square meters in Vyshenki village of Kyiv Oblast.

And his wife Oksana Kuchma is not only a model but a businesswoman. [Kind of According to Artemenko’s e-declaration, Kuchma has a land plot of 3,000 square meters and a house in Gnidyn village of Kyiv Oblast, an 850 square meter apartment in Lviv Oblast’s Zhovkva and also a 127-square meter apartment in Kyiv under construction.

Artemenko also owns three luxury watches: De Grisogono (Hr 127,500), De Grisogono –Geneve (Hr 123,450), Franck Muller (Hr 118,950) and several luxury cars.

Kuchma owns a company OKSY GLOBAL LLC, registered in the U.S. and also the private avian-transportation company, the Aviation Company Special Avia Alliance registered in Kyiv at the same address as the company Global Business Group GMBh, Artemenko used to work as a deputy director before he came to Rada after the parliament elections in 2014.

According to the Ministry of Justice registry, the Global Business Group GMBh provides the variety of services: vehicles trade, various goods trade, restaurants business and business consulting.

The shareholder of the Global Business Group GMBh is also a U.S. based company Global Assets Inc., registered in Miami, Florida.

Start from Kyiv

Artemenko came into politics after business and jail. According to the biography on his official website, in the early 1990s he founded a law firm that advocated the interests of professional athletes and then he became a president of CSK Kyiv soccer club. In 1998-2000, he was the adviser of than Kyiv Mayor Oleksandr Omelchenko, a member and one of the founders of his party Unity.

In 2002, Artemenko was arrested by the Prosecutor’s General Office of Ukraine on accusations of money laundering and kept in pre-trial detention for more than two years. However, he successfully challenged his imprisonment as illegal and groundless. He said prosecutors were persecuting him in hopes of getting Omelchenko, who was also suspected of money laundering.

In 2004, Artemenko released from pre-trial detention center Lukyanivske on bail of Mikhail Dobkin, a Party of Regions lawmaker.

But in 2006 he became the head of the Kyiv department of Batkivshchyna Party, led by now ex-Prime Minister Yulia Tymoshenko.

In 2007-2013 Artemenko founded several companies that provided military logistics services into the conflict zones and traveled to Saudi Arabia, Syria, and Qatar for business trips.

Since 2013 he has his own charity foundation that helps internally displaced persons from the war-torn Donbas.

True patriot?

Artemenko came to the Verkhovna Rada in 2014 as a Radical Party lawmaker (16th on the party’s list). According to the parliament’s website, Artemenko is the deputy head of the European Integration Committee and responsible for diplomatic connections with Saudi Arabia, Qatar, United States, Kuwait, Lithuania and Belarus.

The lawmaker took an active part in EuroMaidan Revolution in 2013-2014 that deposed President Viktor Yanukovych.

In 2014 he joined the Right Sector political party and was rumored to be one of the sponsors of its leader, Dmytro Yarosh, during his presidential election campaign in 2014.

There is even a photo of Artemenko, seating among the Right Sector Party founders at the first party meeting in March 2014.
Right Sector spokesperson Artem Skoropadsky told the Kyiv Post on Feb. 20 that he couldn’t confirm or deny whether Artemenko financed the Right Sector Party.

“I was never into all the ‘financial stuff,’ but I have no information about him giving the money. I remember all those guys like him (Artemenko) and (Borislav) Bereza just came to us after March 22. They weren’t Right Sector members during the Revolution of Dignity,” said Skoropadsky.

He said that after the end of EuroMaidan Revolution there was a “mess” in Right Sector. Dozens of people a day was coming to the activists only in Kyiv.

“The ones who could afford it gave us money, others help in different ways. But as soon as we started building the structure of the organization, the guys like Artemenko and Bereza went to the other parties, came in Rada or other government structures,” Skoropadsky recalled.

———-

3. Before updating the resuscitation and Orwellian rehabilitation of the OUN/B World War II-era fascists in Ukraine, we note Trump’s appointment as special envoy to Ukraine–Kurt Volker, whose CV includes stints with CIA and Department of State.

“Can Kurt Volker Solve the Ukraine Crisis?” by Curt Mills; The National Interest; 7/10/2017.

 . . . . “Although he may be seen as hawkish by the Russian side, he will certainly be taken seriously,” says Matthew Rojansky, director of the Kennan Institute at the Woodrow Wilson Center, of the new special representative for Ukraine negotiations, whose vaunted resume also includes stints at the National Security Council, CIA and Foreign Service. “Volker’s appointment will be welcomed by our European allies and by the Ukrainian government.”  . . .

4. June 30th has been established as a commemorative celebration in Lvov [Lviv]. It was on June 30, 1941, when the OUN-B announced an independent Ukrainian state in the city of Lviv. That same day marked the start of the Lviv Pograms that led to the death of thousands of Jews.

The holiday celebrates Roman Shukhevych, commander of the Nachtigall Battalion that carried out the mass killings. The city of Lviv is starting “Shukhevychfest” to be held in Lviv on June 30th, commemorating the pogrom. Shukhevych’s birthday. Shukhevych was named a “Hero of the Ukraine” by Viktor Yuschenko.

In past posts and programs, we have discussed Volodomir Vyatrovich, head of the Orwellian Institute of National Remembrance. He defended Shukhevych and the public displaying of the symbol of the Galician Division (14th Waffen SS Division.)

Lvov Pogrom, 1941--Einsatzgruppe Nachtigall youth in action.

Lvov Pogrom, 1941–Einsatzgruppe Nachtigall youth in action, 6/30/1941.

“Ukraine City to Hold Festival in Honor of Nazi Collaborator Whose Troops Killed Jews”; Jewish Telegraph Agency; 06/28/2017

The Ukrainian city of Lviv will hold a festival celebrating a Nazi collaborator on the anniversary of a major pogrom against the city’s Jews.

Shukhevychfest, an event named for Roman Shukhevych featuring music and theater shows, will be held Friday.

Eduard Dolinsky, the director of the Ukrainian Jewish Committee, in a statement called the event “disgraceful.”

On June 30, 1941, Ukrainian troops, including militiamen loyal to Shukhevych’s, began a series of pogroms against Jews, which they perpetrated under the auspices of the German army, according to Yale University history professor Timothy Snyder and other scholars. They murdered approximately 6,000 Jews in those pogroms.

The day of the festival is the 110th birthday of Shukhevych, a leader of the OUN-B nationalist group and later of the UPA insurgency militia, which collaborated with the Nazis against the Soviet Union before it turned against the Nazis.

Shukhevychfest is part of a series of gestures honoring nationalists in Ukraine following the 2014 revolution, in which nationalists played a leading role. They brought down the government of President Viktor Yanukovuch, whose critics said was a corrupt Russian stooge.

On June 13, a Kiev administrative court partially upheld a motion by parties opposed to the veneration of Shukhevych in the city and suspended the renaming of a street after Shukhevych. The city council approved the renaming earlier this month.

In a related debate, the director of Ukraine’s Institute of National Remembrance, Vladimir Vyatrovich,, who recently described Shukhevych as an “eminent personality,” last month defended the displaying in public of the symbol of the Galician SS division. Responsible for countless murders of Jews, Nazi Germany’s most elite unit was comprised of Ukrainian volunteers.

Displaying Nazi symbols is illegal in Ukraine but the Galician SS division’s symbol is “in accordance with the current legislation of Ukraine,” Vyatrovich said. . . .

5a. In other, previous discussions of the return of Ukrainian fascism, we noted that the Svoboda Party’s militia is called Combat 14, named after the “14 words” minted by David Lane, the American neo-Nazi who participated in the killing of Denver talk show host Allan Berg.

He passed away on June 30th, triggering numerous demonstrations, including several in Ukraine.

June 30th appears to be a particularly significant day for the OUN/B successors and Nazis who are in power in Ukraine.

Maidan demonstrators celebrating the Nachtigall Battalion (Einsatzgruppe Nachtigall) that liquidated Jews and Poles during World War II.

Maidan demonstrators celebrating the Nachtigall Battalion (Einsatzgruppe Nachtigall) that liquidated Jews and Poles during World War II.

Ukrainian Nazis honor David Lane's passing

Ukrainian Nazis honor David Lane’s passing

“Fascist Formations in Ukraine” by Peter Lee; CounterPunch; 3/15/2015.

The Guardian published an adulatory feature on “The Women Fighting on the Frontline in Ukraine”.

One of the women profiled was “Anaconda”, fighting in the Aidar Battalion bankrolled by Igor Kolomoisky:

Anaconda was given her nickname by a unit commander, in a joking reference to her stature and power. The baby-faced 19-year-old says that her mother is very worried about her and phones several times a day, sometimes even during combat. She says it is better to always answer, as her mother will not stop calling until she picks up.

“In the very beginning my mother kept saying that the war is not for girls,” Anaconda says. “But now she has to put up with my choice. My dad would have come to the front himself, but his health does not allow him to move. He is proud of me now.”

Anaconda was photographed in combat dress resolutely holding an assault rifle in front of a rather decrepit van.

The caption read:

“Anaconda says she is being treated well by the men in her battalion, but is hoping that the war will end soon.”

As reported by the gadfly site OffGuardian, several readers posted critical observations on the van’s insignia in the comments section of the piece. One, “bananasandsocks”, wrote: “We learn from Wikipedia that the image on the door is the “semi-official” insignia of the 36th Waffen Grenadier Division of the SS…” and also pointed out the neo-Nazi significance of the number “1488”.

“bananasandsocks” seemingly temperate comment was removed by the Guardian for violating its community standards, as were several others, apparently as examples of “persistent misrepresentation of the Guardian and our journalists”.

But then the Guardian thought better of it. While not reinstating the critical comments, it quietly deleted the original caption to the photo of Anaconda and replaced it with:

Anaconda alongside a van displaying the neo-Nazi symbol 1488. The volunteer brigade is known for its far-right links.

Problem solved? Maybe not. Maybe it’s more like “Problem dodged”. Specifically, the problem of the pervasive participation of “ultra-right” paramilitary elements in Kyiv military operations, which even intrudes upon the Guardian’s efforts to put a liberal-friendly feminist sheen on the debacle of the recent ATO in eastern Ukraine.

As to “1488”, I’ll reproduce the Wikipedia entry:

The Fourteen Words is a phrase used predominantly by white nationalists. It most commonly refers to a 14-word slogan: “We must secure the existence of our people and a future for White Children.” It can also refer to another 14-word slogan: “Because the beauty of the White Aryan woman must not perish from the earth.”

Both slogans were coined by David Lane, convicted terrorist and member of the white separatist organization The Order. The first slogan was inspired by a statement, 88 words in length, from Volume 1, Chapter 8 of Adolf Hitler’s Mein Kampf:

Neo-Nazis often combine the number 14 with 88, as in “14/88? or “1488”. The 8s stand for the eighth letter of the alphabet (H), with “HH” standing for “Heil Hitler”.

Lane died in prison in 2007 while serving a 190 year sentence for, among other things, the murder of Denver radio talk show host Alan Berg. David Lane has considerable stature within global white nationalist/neo-Nazi/fascist circles as one of the American Aryan movement’s premier badasses (in addition involvement in to the Berg murder—in which he denied involvement—and a string of bank robberies to finance the movement—also denied, Lane achieved a certain martyr’s stature for enduring almost two decades in Federal detention, frequently in the notorious Communications Management Units).

And David Lane was a big deal for the “ultra-right” & fascists in Ukraine, according to the Southern Poverty Law Center:

Lane’s death touched off paeans from racists around the country and abroad. June 30 was designated a “Global Day of Remembrance,” with demonstrations held in at least five U.S. cities as well as England, Germany, Russia and the Ukraine.

Judging by this video, the march/memorial on the first anniversary of his death, in 2008, organized by the Ukrainian National Socialist Party in Kyiv, was well enough attended to merit a police presence of several dozen officers.

5b. Former U.S. Agency for International Development (USAID) project officer Josh Cohen (involved in managing “economic reform projects” in the former Soviet Union) notes the growing threat of the far-right and neo-Nazis in Ukraine (it’s a little ironic). It highlights the threat that the institutionalized OUN/B successor groups pose to what democracy there is in Ukraine and makes the important point about dangers of these groups operating with impunity following one violent act after another. Cohen notes that the Interior Ministry is run by a guy who sponsors the Azov Battalion and his deputy minister is a neo-Nazi.

This is the context in which Artemenko was operating.

“Ukraine’s ultra-right militias are challenging the government to a showdown” by Joshua Cohen; The Washington Post; 06/15/2017

Josh Cohen is a former U.S. Agency for International Development project officer involved in managing economic reform projects in the former Soviet Union.

As Ukraine’s fight against Russian-supported separatists continues, Kiev faces another threat to its long-term sovereignty: powerful right-wing ultranationalist groups. These groups are not shy about using violence to achieve their goals, which are certainly at odds with the tolerant Western-oriented democracy Kiev ostensibly seeks to become.

The recent brutal stabbing of a left-wing anti-war activist named Stas Serhiyenko illustrates the threat posed by these extremists. Serhiyenko and his fellow activists believe the perpetrators belonged to the neo-Nazi group C14 (whose name comes from a 14-word phrase used by white supremacists). The attack took place on the anniversary of Hitler’s birthday, and C14’s leader published a statement that celebrated Serhiyenko’s stabbing immediately afterward.

The attack on Serhiyenko is just the tip of the iceberg. More recently C14 beat up a socialist politician while other ultranationalist thugs stormed the Lviv and Kiev City Councils. Far-right and neo-Nazi groups have also assaulted or disrupted art exhibitions, anti-fascist demonstrations, a “Ukrainians Choose Peace” event, LGBT events, a social center, media organizations, court proceedings and a Victory Day march celebrating the anniversary of the end of World War II.

According to a study from activist organization Institute Respublica, the problem is not only the frequency of far-right violence, but the fact that perpetrators enjoy widespread impunity. It’s not hard to understand why Kiev seems reluctant to confront these violent groups. For one thing, far-right paramilitary groups played an important role early in the war against Russian-supported separatists. Kiev also fears these violent groups could turn on the government itself — something they’ve done before and continue to threaten to do.

To be clear, Russian propaganda about Ukraine being overrun by Nazis or fascists is false. Far-right parties such as Svoboda or Right Sector draw little support from Ukrainians.

Even so, the threat cannot be dismissed out of hand. If authorities don’t end the far right’s impunity, it risks further emboldening them, argues Krasimir Yankov, a researcher with Amnesty International in Kiev. Indeed, the brazen willingness of Vita Zaverukha – a renowned neo-Nazi out on bail and under house arrest after killing two police officers — to post pictures of herself after storming a popular Kiev restaurant with 50 other nationalists demonstrates the far right’s confidence in their immunity from government prosecution.

It’s not too late for the government to take steps to reassert control over the rule of law. First, authorities should enact a “zero-tolerance” policy on far-right violence. President Petro Poroshenko should order key law enforcement agencies — the Interior Ministry, the National Police of Ukraine, the Security Service of Ukraine (SBU) and the Prosecutor Generals’ Office (PGO) — to make stopping far-right activity a top priority.

The legal basis for prosecuting extremist vigilantism certainly exists. The Criminal Code of Ukraine specifically outlaws violence against peaceful assemblies. The police need to start enforcing this law.

Most importantly, the government must also break any connections between law enforcement agencies and far-right organizations. The clearest example of this problem lies in the Ministry of Internal Affairs, which is headed by Arsen Avakov. Avakov has a long-standing relationship with the Azov Battalion, a paramilitary group that uses the SS symbol as its insignia and which, with several others, was integrated into the army or National Guard at the beginning of the war in the East. Critics have accused Avakov of using members of the group to threaten an opposition media outlet. As at least one commentator has pointed out, using the National Guard to combat ultranationalist violence is likely to prove difficult if far-right groups have become part of the Guard itself.

Avakov’s Deputy Minister Vadym Troyan was a member of the neo-Nazi Patriot of Ukraine (PU) paramilitary organization, while current Ministry of Interior official Ilya Kiva – a former member of the far-right Right Sector party whose Instagram feed is populated with images of former Italian fascist leader Benito Mussolini – has called for gays “to be put to death.” And Avakov himself used the PU to promote his business and political interests while serving as a governor in eastern Ukraine, and as interior minister formed and armed the extremist Azov battalion led by Andriy Biletsky, a man nicknamed the “White Chief” who called for a crusade against “Semite-led sub-humanity.”

Such officials have no place in a government based on the rule of law; they should go. More broadly, the government should also make sure that every police officer receives human rights training focused on improving the policing and prosecution of hate crimes. Those demonstrating signs of extremist ties or sympathies should be excluded.

In one notorious incident, media captured images of swastika-tattooed thugs — who police claimed were only job applicants wanting to have “fun” — giving the Nazi salute in a police building in Kiev. This cannot be allowed to go on, and it’s just as important for Ukrainian democracy to cleanse extremists from law enforcement as it is to remove corrupt officials from former president Viktor Yanukovych’s regime under Ukraine’s “lustration” policy. . . .

6. Sater collaborator Artemenko appears to have been part of the anti-Poroshenko phalanx in the Ukrainian fascist milieu.

“Ukraine’s Back-Channel Diplomat Still Shopping Peace Plan to Trump” by Reid Standish; Foreign Policy; 04/18/2017

. . . . Artemenko insists that his intentions in pushing a peace plan for Ukraine are in the country’s best interests. But political observers see his freelance diplomacy as part of a rising groundswell in Kiev against Poroshenko by opposition forces ahead of parliamentary and presidential elections scheduled for 2019.“Alliances are shifting in Ukraine right now against Poroshenko,” said Balazs Jarabik, a nonresident scholar at the Carnegie Endowment for International Peace. “All this diplomatic maneuvering in Washington needs to be viewed through this lens.”

Artemenko has emerged as a vocal critic of Poroshenko and says he has evidence showing corruption by the Ukrainian president. . . .

7a. The alleged “Russian plot” centering on the Sater/Artemenko “peace plan”entailed plans to develop Ukraine’s nuclear energy sector in order to break the Russian grip on Ukraine’s energy.

In short, this is an anti-Russian plot, NOT a Russian plot.

“Trump’s Ex-Biz Partner Eyed Energy Deal As He Helped Push Ukraine ‘Peace Plan’” by Sam Thielman; Talking Points Memo Muckraker; 7/27/2017.

When a former business partner of President Donald Trump’s and a Ukrainian politician approached an ally of the administration with a “peace plan,” they were already at work on an energy trading deal. That deal, said one of the region’s leading energy policy experts, stood to benefit from the scheme the pair proposed to resolve the ongoing conflict in Ukraine.

Felix Sater, who worked obtaining financing for Trump projects including the Trump SoHo, told TPM that the “peace plan” came up in the course of his attempts to broker an agreement to sell energy abroad from Ukraine’s nuclear power plants with Andrii Artemenko, at the time a Ukrainian parliamentarian. The plan was to refurbish dilapidated nuclear power plants in that country and then sell the power generated by them into Eastern Europe, using established commodities trading companies as a means of retroactively financing the deal, Sater said.

The business proposition would help break the Russian monopoly on energy, according to Sater. But Artemenko’s political proposal would have had Ukrainian voters decide whether to lease Crimea to Russia for 50 or 100 years—an idea encouraged by advisors to Russian president Vladimir Putin, and so offensive to his country’s government that Ukrainian prosecutors accused Artemenko of treasonous conspiring with Russia after the peace plan was first reported earlier this year.

It’s been widely reported that Sater and Artemenko met with Michael Cohen, who was then Trump’s personal lawyer and who has known Sater since he was a teenager, in January; under discussion was the peace plan, which would have paved a path for the U.S. to lift sanctions on Russia. Cohen has given conflicting statements about his involvement. Sater said he came to be involved in the scheme through Artemenko.

“We were trying to do a business deal at the same time,” Sater told TPM. “We were working on a business deal for about five months, and he kept telling me about the peace deal, and as the Trump administration won, that’s when I delivered it [the peace deal] to them.”

He insisted the political and business propositions were unrelated, other than each involving himself and Artemenko as primary players.

Sater had worked brokering major deals internationally for some time after the 1996 dissolution of White Rock, a firm at the center of a pump-and-dump securities fraud scandal that led to Sater’s conviction for fraud. Instead of going to prison, Sater paid a fine and went to work as an FBI informant. Those deals included a job for AT&T in Russia, as previously reported by Mother Jones, where Sater says the company was “trying to expand.”

Sater said the business proposition with Artemenko “was to try to rehabilitate the existing nuclear power plants in the Ukraine and build new ones using either U.S. or Canadian [companies] like GE, or the Koreans.” Ukraine’s history with nuclear power includes the Chernobyl disaster, and Sater noted that the aging plants needed refurbishment in order to continue working without another incident. Otherwise, he noted, “they’re ready to [have] another Chernobyl any day now.”

The pair further planned “to sell the excess power to [international energy companies] Trafigura or Vitol to sell the power to Eastern Europe, and in that way finance the plants,” Sater explained. He named Poland and Belarus as two potential state clients.

“It was a way to break the energy monopoly the Russians have,” he said.

Chi Kong Chyong, director of the Energy Policy Forum at Cambridge University’s Energy Policy Research Group, told TPM that energy independence from Russia was indeed a pressing issue in Ukraine, and noted a peace deal would ease the kind of international transaction Sater and Artemenko were proposing.

Sources close to the matter told TPM that there were no records of any current conversations between Sater or Artemenko and American industrial conglomerate GE. Trafigura and Vitol are trading houses that deal heavily in energy; Victoria Dix, a spokeswoman for Trafigura, said there was “no element of truth whatsoever” to any suggestion that Sater was pursuing a proposal with the company. Andrea Schlaepfer, a spokeswoman for Vitol, said, “We don’t comment on commercial activities.” Neither the Ukrainian Embassy nor the Consulate immediately responded to requests for comment.

For Artemenko, the fallout from the January meeting with Sater and Cohen was immediate and severe. He was expelled from his Verkhovna Rada political party the day after the New York Times reported the meeting, and by May, Ukrainian President Petro Poroshenko had stripped him of his citizenship.

For his part, Sater said he had nothing to do with the documents filled with damaging information on Ukrainian politicians, including Poroshenko, that Artemenko reportedly brought to the January meeting. “I never saw them,” Sater said, adding that Cohen might have thrown them in trash but he wasn’t sure. “I don’t want to get into it.”

Whether Sater and Artemenko’s energy trading plan was well underway or simply in the proposal stage by the time of the meeting, it would have been an easier sell with Artemenko’s Putin-approved ceasefire in place, according to Chyong.

“Any military conflict in your neighborhood or close to you affects the transaction cost of arranging commercial deals, whether that is between Ukraine and the eastern [EU, where Poland lies] or Ukraine and Belarus, for example,” Chyong said. “It increases the transactional costs. The conflict itself, of course, forces the Ukraine to think about other ways and other sources of importation of energy—gas and electricity trading.

Exporting energy from Ukraine would be easiest to places like Belarus and Russia, Chyong noted. Old electrical grids are among the strongest remaining ties between former Soviet bloc states and Russia itself; Ukraine hopes to break them by 2025, something Sater said he hoped he could help along. . .

7b. Of more than passing interest is the CV of Robert Armao, one of the intended collaborators in the Sater/Artemenko anti-Russian plot to replace the old Soviet power grid in Eastern Europe. Robert Armao:

  • ” . . . . served as labor counsel to the late Vice President Nelson Rockefeller in the early 1970s. . . .”
  • ” . . . . once advised individuals who were working with former Ukrainian president Viktor Yushchenko during the Orange Revolution protests of 2004-2005. . . .”

“How Felix Sater — Former Mob-linked Hustler And Ex-Trump Adviser — Sought To ‘Protect’ Ukraine’s Nuclear Plants” Richard Behar; The National Memo; 05/25/2017.

. . . . Evidently Sater and Artemenko were seeking the assistance of a third person who attended the breakfast, Robert Armao — a well-connected international businessman who served as labor counsel to the late Vice President Nelson Rockefeller in the early 1970s. Armao says that Sater, whom he’d never met or spoken with prior to last fall, reached out to him through a mutual friend. . . .

. . . . Armao was invited to the New York meeting because he’s a longtime expert on Ukraine. He says he once advised individuals who were working with former Ukrainian president Viktor Yushchenko during the Orange Revolution protests of 2004-2005. During the October 7 breakfast, Armao says he was asked whether he could intercede with Ukraine’s current energy minister in an attempt to revive a contract that Kiev had signed with South Korea to bring the nuclear plants up to global standards. . . .

. . . . In late March, then-FBI director James Comey was asked about Sater’s relationship with the FBI when he appeared before the House Intelligence Committee. Comey declined to comment, presumably because Sater spent a decade as a secret government cooperator for both the FBI and at times, the CIA. But in 2015, during her confirmation hearing for the post of U.S. Attorney General, Loretta Lynch offered a teaser. In response to a written question about Sater by Senator Orrin Hatch, she stated that his [decade-long] assistance as a federal cooperator was “crucial to national security.” . . . .

7c. In addition, Armao was an apparent collaborator with probable P-2 member Francesco Pazienza, Pope shooting insider and Banco Ambrosiano co-conspirator Francesco Pazienza. (We discussed Pazienza at length in AFA #21.

Another Armao collaborator was Marc Rich.

Bill Clinton’s last minute pardon of Rich was investigated by former FBI chief James Comey and a long-silent Bureau Twitter account became active shortly before the election, tweeting about Marc Rich. (We discussed this in FTR #939.

“Italian Ex-Agent Ordered Extradited From U.S.” by Ralph Blumenthal; The New York Times; 09/12/1985.

. . . .The prisoner, Dr. Francesco Pazienza, a 39-year-old nonpracticing physician, has long been a subject of keen interest in Italy, where his name has also cropped up in investigations of the shooting of Pope John Paul II and of the purported plottings of a rightist underground. . . .

. . . As recently as last year, Dr. Pazienza said, he sought to be helpful to the Americans by trying to negotiate a renewal of the lease for a United States intelligence tracking station in the Seychelles. He said he and two partners were then exploring an oil venture with the Indian Ocean island nation off the east coast of Africa.

He identified the partners as Robert Armao and Marc Rich. Mr. Rich is a commodities broker now under criminal investigation in the United States in connection with tax evasion charges, for which he has already paid a $200 million civil settlement.

Mr. Armao, head of a New York public relations company and a former adviser to the Shah of Iran, largely confirmed Mr. Pazienza’s account. But he said that while a Marc Rich subsidiary had been involved in their discussions, the oil venture never came about. . . .

8. Here’s something to consider as destructive cyberbombs are being preemptively placed on networks as a form of cyber-MWDs and the US settles into a ‘Cold War’ modality with Russia: If any skilled hacker on the planet manages to hack a US nuclear power plan, that ‘cold war’ might heat up pretty fast whether Russia was behind it or not…especially if there’s a meltdown.

“. . . . The Washington Post reported Saturday that U.S. government officials have already pinned the recent nuclear cyber intrusions on Russia. . . .

. . . Analysts remain quick to tamp down assertions that Russia’s fingerprint on the latest attack is a sure thing. . . ;

. . . . Still, it’s a pretty alarming situation regardless of who was behind it, in part because it’s an example of how potentially vulnerable things like nuclear plants are to any hacker, state-backed or not:

. . . . Still, the source said a well-resourced attacker could try sneaking in thumb drives, planting an insider or even landing a drone equipped with wireless attack technology into a nuclear generation site. Reports indicate that the infamous Stuxnet worm, which damaged Iranian nuclear centrifuges in the late 2000s, probably snuck in on removable media. Once inside the “air gapped” target network, Stuxnet relied on its own hard-coded instructions, rather than any remote commands sent in through the internet, to cause costly and sensitive nuclear equipment to spin out of control. . . .”

“ ‘Who did it?’ zeroes in on Russian hacking” by Blake Sobczak; E&E News; 07/10/2017

A sophisticated group of hackers has targeted U.S. nuclear plants in a wide-ranging hacking campaign since at least May, according to multiple U.S. authorities.

The hackers tried to steal usernames and passwords in the hope of burrowing deep into nuclear power networks, in addition to other utility and manufacturing targets.

But the Department of Homeland Security, the FBI, sources familiar with the ongoing investigation and nonpublic government alerts told E&E News that heavily guarded nuclear safety systems were left unscathed by any recent cyber intrusions. Experts say the evidence so far points to a remote threat that, while advanced, likely could not have leaped from corporate business networks to the critical but isolated computer networks keeping nuclear reactors operating safely.

Still, the question that lingers is, who did it?

Suspicion has fallen on hackers with ties to Russia, in part because of past intrusions into U.S. companies and for Russia-linked attacks on Ukraine’s power grid in 2015 and 2016.

Ukrainian security services laid the blame for the grid hacks at Russian President Vladimir Putin’s feet. Several private U.S. cybersecurity companies have also drawn links between energy industry-focused hacking campaigns with names like “Energetic Bear” back to Russian intelligence services.

The Washington Post reported Saturday that U.S. government officials have already pinned the recent nuclear cyber intrusions on Russia.

Analysts remain quick to tamp down assertions that Russia’s fingerprint on the latest attack is a sure thing.

Without mentioning any nation-state by name, former Energy Secretary Ernest Moniz noted on Twitter that “these ‘advanced persistent threats’ have long worried U.S. intelligence officials — and recent events prove they are very real.”

Referencing reports of the recent nuclear cyber incidents, he added, “These breaches make plain that foreign actors are looking for ways to exploit US grid vulnerabilities. We saw this coming.”

If U.S. intelligence agencies confirm Russian security services were involved in the attack on nuclear plants, tensions with Moscow could escalate. In a Twitter comment that attracted bipartisan ridicule, President Trump yesterday morning said that he and Putin had agreed to create an “impenetrable Cyber Security unit” to guard against hacking, only to apparently reverse his position hours later and suggest such an arrangement “can’t” happen.

Sen. Maria Cantwell (D-Wash.), ranking member of the Senate Energy and Natural Resources Committee, reiterated her calls for the White House to assess energy-sector cyber vulnerabilities and abandon proposed budget cuts at the Department of Energy. “The disturbing reports of the past 24 hours indicate that our adversaries are trying to take advantage of the very real vulnerabilities of our energy infrastructure’s cyber defenses,” she said Friday.

Drawing from the Ukraine playbook

In 2015, a group of hackers set sights on several Ukrainian electric distribution companies. The intruders broke into the utilities’ business networks with “phishing” emails designed to lure employees into clicking on a document laced with malware.

From there, the attackers mapped out their victims’ computer systems, even gaining access to the virtual private network utility workers used to remotely operate parts of Ukraine’s electric grid.

On Dec. 23, 2015, after months of waiting and spying, the hackers struck, logging onto the operational network and flipping circuit breakers at electric substations. They succeeded in cutting power to several hundred thousand Ukrainian citizens for a few hours in what became the first known cyberattack on a power grid in the world.

At first glance, the latest nuclear hackers appear to have drawn from the same playbook.

They used a “fairly creative” phishing email to gain a foothold on targeted networks, according to Craig Williams, senior technical leader and global outreach manager for Cisco Talos, a cybersecurity research division of Cisco Systems Inc.

Instead of stowing malware in the Word document itself, the hackers tweaked a control engineer’s résumé into beaconing out to a malicious server via a Microsoft communications protocol called Server Message Block. The cyber intruders could then swipe fragments of SMB traffic containing the victims’ login information to set up an authorized connection to the targeted network and move on from there, Williams explained.

The technique points to “attackers who are dedicated and who’ve done their research,” he noted.

While Williams said Cisco had detected a variety of energy companies hit by the phishing emails, he pointed out that “the nuclear sector is extremely hardened.”

Getting blocked

Nuclear power plant operators have to abide by their own set of cybersecurity rules established by the Nuclear Regulatory Commission. Following its most recent cybersecurity audits in 2015, the NRC reported “several very low security significance violations of cyber security plan requirements.”

None of those violations could have resulted in an imminent threat to nuclear safety, the regulator said.

The NRC plans to ramp up cybersecurity inspections later this year. The agency has declined to comment on reports of the recent cyber breaches at nuclear power generation sites.

Nuclear power companies have had to account for the possibility of a cyberattack on their safety systems since 2002, according to NRC guidance.

Electric utilities typically adhere to a three-step model for protecting their most sensitive systems from hackers. At a basic level, this setup involves an information technology network — such as a utility’s internet-connected corporate headquarters — and an operational network that includes grid control systems. Companies typically add a third layer or “demilitarized zone” bridging those two sides of the business, replete with firewalls, cybersecurity technologies and other safeguards.

Nuclear operators add at least two more layers to that model, drawing lines among the public internet, the corporate network, onsite local area networks, industrial “data acquisition” networks and, finally, the core safety system overseeing radioactive materials, based on government guidelines.

In the U.S., safety systems are often still “analogue,” having originally been built in the 1980s or earlier, before the recent spread of web-connected technologies.

Within that last, critical zone — Level 4 in nuclear industry parlance — tight physical controls prevent phones and USB drives from getting in; and operational data is designed to flow only outward through “data diodes,” with no potential for online commands to enter from the public internet or even the site’s own local area network.

“Anybody ever reports that somebody got a connection from the internet directly or indirectly into the heart of a nuclear control system is either full of crap, or is revealing a massive problem with some particular site, because there should be physically no way for that to actually be possible,” said Andrew Ginter, vice president of Waterfall Security Solutions, which markets one such “unidirectional gateway” or data diode to the U.S. nuclear sector. “To me, it’s almost inconceivable.”

Marty Edwards, managing director of the Automation Federation, who until last month headed a team of industrial control security specialists at DHS, generally agreed that a remote connection would be nearly impossible to achieve. “When we tested those kinds of [one-way] devices in the lab, we found that you couldn’t circumvent any of them, basically, because they’re physics-based,” he said. “There’s no way to manipulate that stream.”

One source familiar with nuclear information technology practices, who agreed to speak about security matters on condition of anonymity, said that “in order to have a catastrophic impact, you have to get by the human in the control room” — no easy feat. “You’re talking workers who are regularly screened for insider [threat] indicators and psychological stability.”

Still, the source said a well-resourced attacker could try sneaking in thumb drives, planting an insider or even landing a drone equipped with wireless attack technology into a nuclear generation site. Reports indicate that the infamous Stuxnet worm, which damaged Iranian nuclear centrifuges in the late 2000s, probably snuck in on removable media. Once inside the “air gapped” target network, Stuxnet relied on its own hard-coded instructions, rather than any remote commands sent in through the internet, to cause costly and sensitive nuclear equipment to spin out of control.

But the source, who had reviewed recent DHS and FBI warnings about recent nuclear cyberthreats, added that there was no indication the actor behind it got close to nuclear operators’ crown jewels.

“To get around the data diodes and all the other defenses, it’d be unprecedented at this point,” at least from a U.S. perspective, said the source.

Would it even be possible?

“Maybe if you’re Vladimir Putin,” the source said.

9. Devon Arthurs – a neo-Nazi-turned-Muslim–murdered two of his neo-Nazi roommates back in May. Brandon Russell – Arthurs’s surviving third roommate, was found with bomb-making materials, radioactive substances and a framed picture of Timothy McVeigh after police searched their residence. Russell planned to sabotage a nuclear power plant

Russell, we note, was in the National Guard. In the Nazi tract Serpent’s Walk, a book we feel is–like The Turner Diaries–is intended as a teaching tool, operational blueprint and manifesto, the Underground Reich infiltrates the military, gains effective control of the opinion forming media and, following a series of WMD strikes blamed on Russia and a declaration of martial law, the Nazis take over the United States.

Brandon Russell’s activities fit very well into this scenario.

“National Guard ‘neo-Nazi’ aimed to hit Miami nuclear plant, roommate says” by Dan Sullivan; Tampa Bay Times; 06/13/2017

Brandon Russell, a National Guardsman and self-described neo-Nazi, had plans to blow up power lines in the Florida Everglades and launch explosives into a nuclear power plant near Miami, his roommate Devon Arthurs told police.

Prosecutors on Tuesday played portions of a recorded interrogation Arthurs gave in the hours immediately after he was arrested in the killings of Jeremy Himmelman and Andrew Oneschuk.In the video, Arthurs offers a justification for the killings, claiming that Russell, the surviving roommate, was preparing to commit acts of terrorism.

“The things they were planning were horrible,” Arthurs said. “These people were not good people.”

The U.S. Attorney’s Office presented the video excerpts in an effort to get U.S. Magistrate Judge Thomas B. McCoun III to revoke an order granting Russell bail, arguing that he poses a danger to the community.

Late Tuesday, the judge stayed the order. Russell will remain jailed while the judge reconsiders the issue.

Russell, 21, faces explosives charges after bombmaking materials were found at his Tampa Palms apartment May 19 during the murder investigation. Arthurs, separately, has been charged with two counts of first-degree murder in state court.

In the video, Arthurs sits beside a table in a white-walled interrogation room, his right leg resting over his left knee. He gestures with both hands as he casually describes Russell’s neo-Nazi beliefs and supposed plans to commit terrorist acts.

He said Russell studied how to build nuclear weapons in school and is “somebody that literally has knowledge of how to build a nuclear bomb.”

When a Tampa police detective asked Arthurs if his friends had any specific terrorist intentions, he said they had a plan to blow up power lines along Alligator Alley, the stretch of Interstate 75 linking Naples with Fort Lauderdale.

He also said they had a plan to fire mortars loaded with nuclear material into the cooling units of a nuclear power plant near Miami.

He said the damage would cause “a massive reactor failure” and spread “irradiated water” throughout the ocean.

“Think about a BP oil spill, except it wipes out parts of the eastern seaboard,” Arthurs said.

The detective asked why they wanted to do these things.

“Because they wanted to build a Fourth Reich,” Arthurs said. He said Russell idolized Oklahoma City bomber Timothy McVeigh.

“He said the only thing McVeigh did wrong was he didn’t put enough material into the truck to bring the whole building down.”

Assistant U.S. Attorney Josephine Thomas noted during the hearing that the Turkey Point Nuclear Generating Station is near Miami.She also noted that when bomb squad members arrived at Russell’s apartment, their pagers alerted them to the presence of “two radiation sources.” The criminal complaint says those were thorium and americium, both radioactive metals.

Russell’s defense attorney, Ian Goldstein, noted that authorities have not charged him with possession of nuclear materials.

Goldstein questioned Arthurs’ credibility.

“Devon Arthurs is a person who just murdered two individuals, who is desperate to save himself, and, quite frankly, I think he is a few cards short of a full deck,” Goldstein said. “I hope the government brings Mr. Arthurs to the trial as their prime witness. He’s insane.”

Arthurs, according to court records, admitted to the killings, saying Himmelman and Oneschuk had disrespected his conversion to Islam.

“I was like, ‘How could I have done this?’ ” he said in the video played Tuesday. “If I hadn’t done that, there would be a lot more people dead than just these two guys in this organization.”

10. Surviving National Guardsman/Nazi Russell admitted to belonging to a group call Atomwaffen, which is German for “atomic weapon”.

Russell, and the rest of Atomwaffen, received a wringing endorsement from brilliant Nazi hacker Andrew Auerenheimer. Yes, Auernheimer, who happens to be the kind of skilled hacker who actually might have the ability to trigger a nuclear melt down someday, wrote about the whole incident on The Daily Stormer. According to Auernheimer, the two killed roommates were “friends of friends” and the “Atomwaffen are a bunch of good dudes. They’ve posted tons of fliers with absolutely killer graphics at tons of universities over the years. They generally have a lot of fun and party.”

“Neo-Nazi-turned-Muslim kills roommates over ‘disrespect,’ police say” by JASON DEAREN and MICHAEL KUNZELMAN; Associated Press; 05/22/2017

A man told police he killed his two roommates because they were neo-Nazis who disrespected his recent conversion to Islam, and investigators found bomb-making materials and Nazi propaganda after he led them to the bodies.

Devon Arthurs, 18, told police he had until recently shared his roommates’ neo-Nazi beliefs, but that he converted to Islam, according to court documents and a statement the Tampa Police Department released Monday. . . .

. . . . In the apartment with the victims’ bodies on Friday, investigators found Nazi and white supremacist propaganda; a framed picture of Oklahoma City bomber Timothy McVeigh; and explosives and radioactive substances, according to the court documents.

They also found a fourth roommate, Brandon Russell, crying and standing outside the apartment’s front door in his U.S. Army uniform.

“That’s my roommate (Russell). He doesn’t know what’s going on and just found them like you guys did,” Arthurs told the police officers, according to the report.

Federal agents arrested Russell, 21, on Saturday on charges related to the explosives.

The FBI said Russell “admitted to his neo-Nazi beliefs” and said he was a member of a group called Atomwaffen, which is German for “atomic weapon.”

Major Caitlin Brown, spokeswoman for the Florida National Guard, confirmed Russell was a current member of the Florida National Guard. But she couldn’t immediately provide any other information.

Arthurs started the chain of events on Friday when he held two customers and an employee hostage at gunpoint at a Tampa smoke shop, police said. He was complaining about the treatment of Muslims.

“He further informed all three victims that he was upset due to America bombing his Muslim countries,” police Detective Kenneth Nightlinger wrote in his report.

Officers talked Arthurs into letting the hostages go and dropping his weapon, and took him into custody.

While in custody, police said Arthurs started talking about killing two people, and then he directed them to a condominium complex where the four roommates shared an apartment.

“I had to do it,” Arthurs told police. “This wouldn’t have had to happen if your country didn’t bomb my country.”

Inside the apartment, the officers found the bodies of 22-year-old Jeremy Himmelman and 18-year-old Andrew Oneschuk. Both had been shot.

Police called in the FBI and a bomb squad, which found enough explosives to constitute a bomb, according to federal agents.

At first, Russell told agents he kept the explosives from his days in an engineering club at the University of South Florida in 2013, and that he used the substances to boost homemade rockets. The agents wrote that the substance found was “too energetic and volatile for these types of uses.”

Russell has been charged with possession of an unregistered destructive device and unlawful storage of explosive material. Court records did not list an attorney for him.

Andrew Auernheimer, a notorious computer hacker and internet troll, wrote a post about the killings for The Daily Stormer, a leading neo-Nazi website.

Auernheimer, known online as “weev,” said in Sunday’s post that he knew the shooting suspect and both of the shooting victims. He said he banned Arthurs from The Daily Stormer’s Discord server, an online forum, for posting “Muslim terrorist propaganda” earlier this year.

“He came in to convert people to Islam,” Auernheimer said during a telephone interview Monday. “It didn’t work out very well for him.”

Auernheimer described Himmelman and Oneschuk as “friends of friends” and said they belonged to the Atomwaffen group.

“Atomwaffen are a bunch of good dudes. They’ve posted tons of fliers with absolutely killer graphics at tons of universities over the years. They generally have a lot of fun and party,” he wrote.

———-

11. If any neo-Nazi hacker is capable of successfully taking down a nuclear plant, perhaps as part of a larger coordinated neo-Nazi attack or or just on his own, it’s Auernheimer.

Auernheimer shares in the McVeigh worship,recently proposing crowd-funding a McVeigh monument:

“McVeigh Worship: The New Extremist Trend” by Bill Morlin; The Southern Poverty Law Center; 06/27/2017

In extremist circles, there appears to be a bump of interest in Timothy James McVeigh.

Yes, that Timothy McVeigh. The guy who used a Ryder truck to bomb the Alfred P. Murrah Federal Building in Oklahoma City on April 19, 1995, killing 168 innocent children and adults and wounding more than 600 others.

His act 22 years ago, for those who may have forgotten, was the deadliest terrorist attack in the United States before the attacks of Sept. 11, 2001.

McVeigh was convicted of terrorism and executed just three months before those attacks.

His name and heinous crime are not forgotten, nor should they be, while there seems to be a growing admiration for McVeigh in some extremist circles. One militia honcho even likened McVeigh to Jesus Christ.

Check out these recent mentions of McVeigh:

In mid-May, police in Tampa, Florida, responded to the scene of a double-murder involving young, self-described neo-Nazis.

Brandon Russell, who shared the apartment with the murder suspect, was charged with possession of bomb-making materials and chemicals, including ammonium nitrate – the same kind of material used by McVeigh.

In Russell’s bedroom at the apartment he shared with the murder suspect and the two slain neo-Nazis, police found a framed photograph of Timothy McVeigh. Russell, who’s in custody, hasn’t publicly explained that fascination.

More recently, neo-Nazi Andrew ‘Weev’ Auernheimer, who writes for the racist web site “Daily Stormer,” said he was serious in proposing a crowd-funding account to raise money to build a “permanent monument” in a memorial grove honoring McVeigh.

“Think of it, a gigantic bronze statue of Timothy McVeigh poised triumphantly atop a Ryder truck, arms raised as if to form an Algiz rune from his body, with a plaque that states the honest truth,” Auernheimer wrote. “Nothing would be a greater insult to these pizza-party guarding federal swine than a permanent monument honoring [McVeigh’s] journey to Valhalla or Fólkvangr atop the piles of their corpses.”

“I am not joking,” Auernheimer wrote. “This should be done. Imagine how angry it would make people.”

———-

 

12. Is it possible that the “command & control” server used in the DNC server hacks was not only hacked and under 3rd party control during the 2015-2016 DNC hack but also the 2015 Bundestag hack? As we’re going to see, it’s possible.

First, here’s something to keep in mind regarding the German government’s public attribution in mid-May of 2016 that APT28/Fancy Bear is a Russian government hacking group and was responsible for 2015 Bundestag hack: As security analyst Jeffrey Carr notes in the piece below, when Germany’s domestic intelligence agency, the BfV, issued a report in January of 2016 that attributed both APT28 and APT29 to the Russian government, the report didn’t appear to reference any classified information. The conclusions appeared to be based on exactly the same kind of technical ‘clues’ that were used for attribution in the 2016 DNC hacks. And as Carr also points out, relying on those technical ‘clues’ is a rather clueless way to go about attribution:

“While it’s natural to think of Sofacy as a group of individuals, it’s more like a group of technical indicators which include tools, techniques, procedures, target choices, countries of origin, and of course, people. Since most bad actors operate covertly, we are highly dependent on the forensics. Since many of the tools used are shared, and other indicators easily subverted, the forensics can be unreliable.”

When cybersecurity firms publish reports about some “APT” (Advanced Persistent Threat) group, they’re not actually reporting on a specific group. They’re reporting on similar technical indicators that suggest an attack could have been the same group that did a previous hack and nothing more than that.

If those technical indicators include code that’s available to 3rd party hackers and servers that have already been hacked or show vulnerabilities to hacking, as is the case with the 176.31.112[.]10 Command & Control server used by “APT28” in both the DNC server hack and the Bundestag hack (with that IP address hard coded in both cases), those technical indicators are indicative of very little other than some group might be up to their old tricks or some other group is copying (or framing) them:


Problem #1: The IP address 176.31.112[.]10 used in the Bundestag breach as a Command and Control server has never been connected to the Russian intelligence services. In fact, Claudio Guarnieri, a highly regarded security researcher, whose technical analysis was referenced by Rid, stated that “no evidence allows to tie the attacks to governments of any particular country.”

Problem #2: The Command & Control server (176.31.112.10) was using an outdated version of OpenSSL vulnerable to Heartbleed attacks. Heartbleed allows attackers to exfiltrate data including private keys, usernames, passwords and other sensitive information.

The existence of a known security vulnerability that’s trivial to exploit opens the door to the possibility that the systems in question were used by one rogue group, and then infiltrated by a second rogue group, making the attribution process even more complicated. At the very least, the C2 server should be considered a compromised indicator.

“The existence of a known security vulnerability that’s trivial to exploit opens the door to the possibility that the systems in question were used by one rogue group, and then infiltrated by a second rogue group, making the attribution process even more complicated. At the very least, the C2 server should be considered a compromised indicator.”

Yet, despite these glaring issues with the technical indicators, when Germany’s BfV issued a report in January of 2016 pinning the blame for the Bundestag hacks on the GRU and FSB is an assumption based on technical indicators alone:

..
Problem #3: The BfV published a newsletter in January 2016 which assumes that the GRU and FSB are responsible because of technical indicators, not because of any classified finding; to wit: “Many of these attack campaigns have each other on technical similarities, such as malicious software families, and infrastructure—these are important indicators of the same authorship. It is assumed that both the Russian domestic intelligence service FSB and the military foreign intelligence service GRU run cyber operations.”

It looks like the BfV’s attribution that the Russian government was behind the “APT28” Bundestag hack was anything but solid.

Don’t forget that the attribution of the Bundestag hack is A LOT easier to make than the attribution of the DNC server hack. Why? Because after the Bundestag hack happen there was lots of discussion of it in the cybersecurity press, and that included discussion of how the Command & Control server at the 176.31.112[.]10 IP address was vulnerable to the Heartbleed attack.

“Principal consultant at 20KLeague.com; Founder of Suits and Spooks; Author of “Inside Cyber Warfare (O’Reilly Media, 2009, 2011)” by Jeffrey Carr; Medium; 07/27/2017

Yesterday, Professor Thomas Rid (Kings College London) published his narrative of the DNC breach and strongly condemned the lack of action by the U.S. government against Russia.

Susan Hennessey, a Harvard-educated lawyer who used to work at the Office of the General Counsel at NSA called the evidence “about as close to a smoking gun as can be expected where a sophisticated nation state is involved.”

Then late Monday evening, the New York Times reported that “American intelligence agencies have “high confidence” that the Russian government was behind the DNC breach.

It’s hard to beat a good narrative “when explanations take such a dreadful time” as Lewis Carroll pointed out. And the odds are that nothing that I write will change the momentum that’s rapidly building against the Russian government.

Still, my goal for this article is to address some of the factual errors in Thomas Rid’s Vice piece, provide some new information about the capabilities of independent Russian hackers, and explain why the chaos at GRU makes it such an unlikely home for an APT group.

Fact-Checking The Evidence

Thomas Rid wrote:

One of the strongest pieces of evidence linking GRU to the DNC hack is the equivalent of identical fingerprints found in two burglarized buildings: a reused command-and-control address?—?176.31.112[.]10?—?that was hard coded in a piece of malware found both in the German parliament as well as on the DNC’s servers. Russian military intelligence was identified by the German domestic security agency BfV as the actor responsible for the Bundestag breach. The infrastructure behind the fake MIS Department domain was also linked to the Berlin intrusion through at least one other element, a shared SSL certificate.

This paragraph sounds quite damning if you take it at face value, but if you invest a little time into checking the source material, its carefully constructed narrative falls apart.

Problem #1: The IP address 176.31.112[.]10 used in the Bundestag breach as a Command and Control server has never been connected to the Russian intelligence services. In fact, Claudio Guarnieri, a highly regarded security researcher, whose technical analysis was referenced by Rid, stated that “no evidence allows to tie the attacks to governments of any particular country.”

Problem #2: The Command & Control server (176.31.112.10) was using an outdated version of OpenSSL vulnerable to Heartbleed attacks. Heartbleed allows attackers to exfiltrate data including private keys, usernames, passwords and other sensitive information.

The existence of a known security vulnerability that’s trivial to exploit opens the door to the possibility that the systems in question were used by one rogue group, and then infiltrated by a second rogue group, making the attribution process even more complicated. At the very least, the C2 server should be considered a compromised indicator.

Problem #3: The BfV published a newsletterin January 2016 which assumes that the GRU and FSB are responsible because of technical indicators, not because of any classified finding; to wit: “Many of these attack campaigns have each other on technical similarities, such as malicious software families, and infrastructure—these are important indicators of the same authorship. It is assumed that both the Russian domestic intelligence service FSB and the military foreign intelligence service GRU run cyber operations.”

Professor Rid’s argument depended heavily on conveying hard attribution by the BfV even though the President of the BfV didn’t disguise the fact that their attribution was based on an assumption and not hard evidence.

Personally, I don’t want to have my government create more tension in Russian-U.S. relations because the head of Germany’s BfV made an assumption.

In intelligence, as in other callings, estimating is what you do when you do not know. (Sherman Kent)

When it came to attributing Fancy Bear to the GRU, Dmitry Alperovich used a type of estimative language because there was no hard proof: “Extensive targeting of defense ministries and other military victims has been observed, the profile of which closely mirrors the strategic interests of the Russian government, and may indicate affiliation with ??????? ???????????????? ?????????? (Main Intelligence Department) or GRU, Russia’s premier military intelligence service.”

For Cozy Bear’s attribution to the FSB, Dmitrysimply observed that there were two threat actor groups operating at the same time while unaware of each other’s presence. He noted that the Russian intelligence services also compete with each other, therefore Cozy Bear is probably either the FSB or the SVR: “we observed the two Russian espionage groups compromise the same systems and engage separately in the theft of identical credentials. While you would virtually never see Western intelligence agencies going after the same target without de-confliction for fear of compromising each other’s operations, in Russia this is not an uncommon scenario.”

The Fidelis report on the malware didn’t mention the GRU or FSB at all. Their technical analysis only confirmed the APT groups involved: “Based on our comparative analysis we agree with CrowdStrike and believe that the COZY BEAR and FANCY BEAR APT groups were involved in successful intrusions at the DNC.”

When it came to attributing the attack to the Russian intelligence services, Fidelis’ Mike Buratowski told reporter Michael Heller: “In a situation like this, we can’t say 100% that it was this person in this unit, but what you can say is it’s more probable than not that it was this group of people or this actor set.”

As Mark Twain said, good judgment comes from experience, and experience comes from bad judgment. The problem with judgment calls and attribution is that since there’s no way to be proven right or wrong, there’s no way to discern if one’s judgment call is good or bad.

The metadata in the leaked documents are perhaps most revealing: one dumped document was modified using Russian language settings, by a user named “?????? ??????????,” a code name referring to the founder of the Soviet Secret Police

OK. Raise your hand if you think that a GRU or FSB officer would add Iron Felix’s name to the metadata of a stolen document before he released it to the world while pretending to be a Romanian hacker. Someone clearly had a wicked sense of humor.

APT Groups Aren’t People. They‘re’ Indicators.

[see image of different names for the APT groups assumed to be Russian]

This is a partial spreadsheet for Russian APT threat groups. The one for China is about four times as big. If it looks confusing, that’s because it is. There is no formal process for identifying a threat group. Cybersecurity companies like to assign their own naming conventions so you wind up having multiple names for the same group. For example, CrowdStrike’s Fancy Bear group has the primary name of Sofacy, and alternative names of APT28, Sednit, Pawn Storm, and Group 74.

While it’s natural to think of Sofacy as a group of individuals, it’s more like a group of technical indicators which include tools, techniques, procedures, target choices, countries of origin, and of course, people. Since most bad actors operate covertly, we are highly dependent on the forensics. Since many of the tools used are shared, and other indicators easily subverted, the forensics can be unreliable.

Non-Government Russian Hacker Groups

Russia’s Ministry of Communication reportedthat Russian cybercriminals are re-investing 40% of the millions of dollars that they earn each year in improving their technology and techniques as they continue to target the world’s banking system. Kaspersky Lab estimated earnings for one 20 member group at $1 billion over a three year period.

A common (and erroneous) rationale for placing the blame of a network breach on a nation state is that independent hacker groups either don’t have the resources or that stolen data doesn’t have financial value. These recent reports by Kaspersky Lab and Russian Ministry of Communication make it clear that money is no object when it comes to these independent groups, and that sophisticated tools and encryption methods are constantly improved upon, just as they would be at any successful commercial enterprise or government agency.

That, plus the occasional cross-over between independent Russian hackers and Russia’s security services makes differentiation between a State and non-State threat actor almost impossible. For that reason alone, it should be incumbent upon policymakers and journalists to question their sources about how they know that the individuals involved are part of a State-run operation.

A Nightmare Scenario

“Indeed, there will be some policymakers who could not pass a rudimentary test on the “facts of the matter” but who have the strongest views on what the policy should be and how to put it into effect.” (Sherman Kent)

Here’s my nightmare. Every time a claim of attribution is made—right or wrong—it becomes part of a permanent record; an un-verifiable provenance that is built upon by the next security researcher or startup who wants to grab a headline, and by the one after him, and the one after her. The most sensational of those claims are almost assured of international media attention, and if they align with U.S. policy interests, they rapidly move from unverified theory to fact.

Because each headline is informed by a report, and because indicators of compromise and other technical details are shared between vendors worldwide, any State or non-State actor in the world will soon have the ability to imitate an APT group with State attribution, launch an attack against another State, and generate sufficient harmful effects to trigger an international incident. All because some commercial cybersecurity companies are compelled to chase headlines with sensational claims of attribution that cannot be verified.

I encourage my colleagues to leave attribution to the FBI and the agencies of the Intelligence Community, and I implore everyone else to ask for proof, even from the U.S. government, whenever you read a headline that places blame on a foreign government for an attack in cyberspace.

 

 

 

Discussion

11 comments for “FTR #967 Update on Ukrainian Fascism, the “Russia-Gate” Psy-Op and the Possibility of a Third World War”

  1. Check out the latest side effect of the Ukrainian civil war: ICBMs for North Korea. Yep, it looks like a missile factory in Dnipro, Ukraine, near the front-lines but in a government-controlled area, is the likely source of North Korea’s recent ICBM advances:

    The New York Times

    North Korea’s Missile Success Is Linked to Ukrainian Plant, Investigators Say

    By WILLIAM J. BROAD and DAVID E. SANGER
    AUG. 14, 2017

    North Korea’s success in testing an intercontinental ballistic missile that appears able to reach the United States was made possible by black-market purchases of powerful rocket engines probably from a Ukrainian factory with historical ties to Russia’s missile program, according to an expert analysis being published Monday and classified assessments by American intelligence agencies.

    The studies may solve the mystery of how North Korea began succeeding so suddenly after a string of fiery missile failures, some of which may have been caused by American sabotage of its supply chains and cyberattacks on its launches. After those failures, the North changed designs and suppliers in the past two years, according to a new study by Michael Elleman, a missile expert at the International Institute for Strategic Studies.

    Such a degree of aid to North Korea from afar would be notable because President Trump has singled out only China as the North’s main source of economic and technological support. He has never blamed Ukraine or Russia, though his secretary of state, Rex W. Tillerson, made an oblique reference to both China and Russia as the nation’s “principal economic enablers” after the North’s most recent ICBM launch last month.

    Analysts who studied photographs of the North’s leader, Kim Jong-un, inspecting the new rocket motors concluded that they derive from designs that once powered the Soviet Union’s missile fleet. The engines were so powerful that a single missile could hurl 10 thermonuclear warheads between continents.

    Those engines were linked to only a few former Soviet sites. Government investigators and experts have focused their inquiries on a missile factory in Dnipro, Ukraine, on the edge of the territory where Russia is fighting a low-level war to break off part of Ukraine. During the Cold War, the factory made the deadliest missiles in the Soviet arsenal, including the giant SS-18. It remained one of Russia’s primary producers of missiles even after Ukraine gained independence.

    But since Ukraine’s pro-Russian president, Viktor Yanukovych, was removed from power in 2014, the state-owned factory, known as Yuzhmash, has fallen on hard times. The Russians canceled upgrades of their nuclear fleet. The factory is underused, awash in unpaid bills and low morale. Experts believe it is the most likely source of the engines that in July powered the two ICBM tests, which were the first to suggest that North Korea has the range, if not necessarily the accuracy or warhead technology, to threaten American cities.

    “It’s likely that these engines came from Ukraine — probably illicitly,” Mr. Elleman said in an interview. “The big question is how many they have and whether the Ukrainians are helping them now. I’m very worried.”

    Bolstering his conclusion, he added, was a finding by United Nations investigators that North Korea tried six years ago to steal missile secrets from the Ukrainian complex. Two North Koreans were caught, and a U.N. report said the information they tried to steal was focused on advanced “missile systems, liquid-propellant engines, spacecraft and missile fuel supply systems.”

    Investigators now believe that, amid the chaos of post-revolutionary Ukraine, Pyongyang tried again.

    Mr. Elleman’s detailed analysis is public confirmation of what intelligence officials have been saying privately for some time: The new missiles are based on a technology so complex that it would have been impossible for the North Koreans to have switched gears so quickly themselves. They apparently fired up the new engine for the first time in September — meaning that it took only 10 months to go from that basic milestone to firing an ICBM, a short time unless they were able to buy designs, hardware and expertise on the black market.

    The White House had no comment when asked about the intelligence assessments.

    Last month, Yuzhmash denied reports that the factory complex was struggling for survival and selling its technologies abroad, in particular to China. Its website says the company does not, has not and will not participate in “the transfer of potentially dangerous technologies outside Ukraine.”

    American investigators do not believe that denial, though they say there is no evidence that the government of President Petro O. Poroshenko, who recently visited the White House, had any knowledge or control over what was happening inside the complex.

    On Monday, after this story was published, Oleksandr Turchynov, a top national security official in the government of Mr. Poroshenko, denied any Ukrainian involvement.

    “This information is not based on any grounds, provocative by its content, and most likely provoked by Russian secret services to cover their own crimes,” Mr. Turchynov said. He said the Ukrainian government views North Korea as “totalitarian, dangerous and unpredictable, and supports all sanctions against this country.”

    How the Russian-designed engines, called the RD-250, got to North Korea is still a mystery.

    Mr. Elleman was unable to rule out the possibility that a large Russian missile enterprise, Energomash, which has strong ties to the Ukrainian complex, had a role in the transfer of the RD-250 engine technology to North Korea. He said leftover RD-250 engines might also be stored in Russian warehouses.

    But the fact that the powerful engines did get to North Korea, despite a raft of United Nations sanctions, suggests a broad intelligence failure involving the many nations that monitor Pyongyang.

    Since President Barack Obama ordered a step-up in sabotage against the North’s missile systems in 2014, American officials have closely monitored their success. They appeared to have won a major victory last fall, when Mr. Kim ordered an end to flight tests of the Musudan, an intermediate-range missile that was a focus of the American sabotage effort.

    But no sooner had Mr. Kim ordered a stand-down of that system than the North rolled out engines of a different design. And those tests were more successful.

    It is unclear who is responsible for selling the rockets and the design knowledge, and intelligence officials have differing theories about the details. But Mr. Elleman makes a strong circumstantial case that would implicate the deteriorating factory complex and its underemployed engineers.

    “I feel for those guys,” said Mr. Elleman, who visited the factory repeatedly a decade ago while working on federal projects to curb weapon threats. “They don’t want to do bad things.”

    Dnipro has been called the world’s fastest-shrinking city. The sprawling factory, southeast of Kiev and once a dynamo of the Cold War, is having a hard time finding customers.

    American intelligence officials note that North Korea has exploited the black market in missile technology for decades, and built an infrastructure of universities, design centers and factories of its own.

    It has also recruited help: In 1992, officials at a Moscow airport stopped a team of missile experts from traveling to Pyongyang.

    That was only a temporary setback for North Korea. It obtained the design for the R-27, a compact missile made for Soviet submarines, created by the Makeyev Design Bureau, an industrial complex in the Ural Mountains that employed the rogue experts apprehended at the Moscow airport.

    But the R-27 was complicated, and the design was difficult for the North to copy and fly successfully.

    Eventually, the North turned to an alternative font of engine secrets — the Yuzhmash plant in Ukraine, as well as its design bureau, Yuzhnoye. The team’s engines were potentially easier to copy because they were designed not for cramped submarines but roomier land-based missiles. That simplified the engineering.

    Economically, the plant and design bureau faced new headwinds after Russia in early 2014 invaded and annexed Crimea, a part of Ukraine. Relations between the two nations turned icy, and Moscow withdrew plans to have Yuzhmash make new versions of the SS-18 missile.

    In July 2014, a report for the Carnegie Endowment for International Peace warned that such economic upset could put Ukrainian missile and atomic experts “out of work and could expose their crucial know-how to rogue regimes and proliferators.”

    The first clues that a Ukrainian engine had fallen into North Korean hands came in September when Mr. Kim supervised a ground test of a new rocket engine that analysts called the biggest and most powerful to date.

    Norbert Brügge, a German analyst, reported that photos of the engine firing revealed strong similarities between it and the RD-250, a Yuzhmash model.

    Alarms rang louder after a second ground firing of the North’s new engine, in March, and its powering of the flight in May of a new intermediate-range missile, the Hwasong-12. It broke the North’s record for missile distance. Its high trajectory, if leveled out, translated into about 2,800 miles, or far enough to fly beyond the American military base at Guam.

    On June 1, Mr. Elleman struck an apprehensive note. He argued that the potent engine clearly hailed from “a different manufacturer than all the other engines that we’ve seen.”

    Mr. Elleman said the North’s diversification into a new line of missile engines was important because it undermined the West’s assumptions about the nation’s missile prowess: “We could be in for surprises.”

    That is exactly what happened. The first of the North’s two tests in July of a new missile, the Hwasong-14, went a distance sufficient to threaten Alaska, surprising the intelligence community. The second went far enough to reach the West Coast, and perhaps Denver or Chicago.

    Last week, the Bulletin of the Atomic Scientists featured a detailed analysis of the new engine, also concluding that it was derived from the RD-250. The finding, the analysts said, “raises new and potentially ominous questions.”

    The emerging clues suggest not only new threats from North Korea, analysts say, but new dangers of global missile proliferation because the Ukrainian factory remains financially beleaguered. It now makes trolley buses and tractors, while seeking new rocket contracts to help regain some of its past glory.

    ———-

    “North Korea’s Missile Success Is Linked to Ukrainian Plant, Investigators Say” by WILLIAM J. BROAD and DAVID E. SANGER; The New York Times; 08/14/2017

    “Mr. Elleman’s detailed analysis is public confirmation of what intelligence officials have been saying privately for some time: The new missiles are based on a technology so complex that it would have been impossible for the North Koreans to have switched gears so quickly themselves. They apparently fired up the new engine for the first time in September — meaning that it took only 10 months to go from that basic milestone to firing an ICBM, a short time unless they were able to buy designs, hardware and expertise on the black market.”

    Yep, despite the Ukrainian government’s attempts to suggest that it was actually Russia behind the missile technology transfer to North Korea, the evidence its pointing investigators towards a Ukrainian missile factory fallen on hard times. So is Ukraine’s government quietly dealing with North Korea or was it an independent operation by underpaid employees of a missile factory who suddenly lost their primary customers in Russia when the war broke out? Or the far-right and neo-Nazis involved? These of the grim questions we now get to add to the pile of of grim questions about about the situation in Ukraine:


    But since Ukraine’s pro-Russian president, Viktor Yanukovych, was removed from power in 2014, the state-owned factory, known as Yuzhmash, has fallen on hard times. The Russians canceled upgrades of their nuclear fleet. The factory is underused, awash in unpaid bills and low morale. Experts believe it is the most likely source of the engines that in July powered the two ICBM tests, which were the first to suggest that North Korea has the range, if not necessarily the accuracy or warhead technology, to threaten American cities.

    “It’s likely that these engines came from Ukraine — probably illicitly,” Mr. Elleman said in an interview. “The big question is how many they have and whether the Ukrainians are helping them now. I’m very worried.”

    Bolstering his conclusion, he added, was a finding by United Nations investigators that North Korea tried six years ago to steal missile secrets from the Ukrainian complex. Two North Koreans were caught, and a U.N. report said the information they tried to steal was focused on advanced “missile systems, liquid-propellant engines, spacecraft and missile fuel supply systems.”

    Investigators now believe that, amid the chaos of post-revolutionary Ukraine, Pyongyang tried again.

    “The big question is how many they have and whether the Ukrainians are helping them now. I’m very worried.”

    Another question raised by all this relates to the calls by the far-right coalition of Svoboda, Right Sector and National Corps called back in March for Ukraine to acquire its own nuclear weapons arsenal: So if Ukraine decided to quietly acquire its own nukes, does it have the capability to do that on its own? Or did it effectively lose that capability when it gave up its nuclear arsenal in 1994? Are elements in Ukraine just looking to sell on the nuclear black market or buy too? They’re questions we have to ask now that we now have a coalition of Ukrainian neo-Nazis calling for Ukraine to get its own nukes on top of reports of Ukrainian ICBM missile technology black market activity. Along with the generic question of WTF is wrong with humanity. That one never gets old.

    Posted by Pterrafractyl | August 14, 2017, 1:46 pm
  2. Check out the big New York Times article on the latest twist in the investigation of the 2016 DNC hacks and the quest to prove Russian hackers were behind it: There’s a witness! A real flesh and blood witness! Yep.

    So who is this witness? A Ukrainian hacker known as “the Profexer” who is apparently well respected in the hacker community and creates freely available malware that’s widely used by hackers across the former Soviet Union (and presumably everywhere else since there’s no reason effective hacking tools would be limited to the former Soviet Union). He apparently makes his money by charging users for expertise in how to employ his tools and for writing custom malware. In other words, it sounds like this was a pretty prominent hacker.

    And what did the “the Profexer” witness? The Profexer was allegedly hired by the anonymous Russian state-sponsored hackers to write customized code used in the DNC hacks. But he didn’t realize who he was working for or the intended purpose of the custom code. And it’s unclear how much actual interaction he had with the Russian hacking team. But he does know their online handles.

    And why did he come forward as a witness? Well, as the article describes, after the US Department of Homeland Security released its “Operation Grizzly Steppe” report in late December that purported to show the technical evidence the Russian government was behind the hacks there was a lot of confusion of why it was that the technical evidence wasn’t pointing towards Russia but instead Ukraine. In particular, one of the sample piece of malware released in that report was a tool called P.A.S. web shell, a script that could be uploaded to a server that would allow for remote execution of command. And P.A.S. web shell is the Profexer’s tool. His widely used freely available tool. It was apparently at that point that the Profexer starting getting very nervous that he was going to be arrested by the Ukrainian government and handed over to the US. So he decided to turn himself in to Ukrainian authorities.

    So a Ukrainian hacker who builds widely used free hacking tools and whose tool was used in at least one of the DNC hacks decided to turn himself in to Ukrainian authorities. He doesn’t have any actual evidence he was hired by a Russian hacking team, he claims he didn’t know who hired him or why, but apparently he was so freaked out about his tool showing up in the “Grizzly Steppe” report that he decided to turn himself in to Ukrainian authorities. And that’s the big twist that the following article contorts into further evidence of Russian government hackers.

    But the story gets even shadier: The assertion that the Profexer was paid by Russian hackers to write custom malware comes from Anton Gerashchenko, a far-right member of Ukraine’s Parliament with close ties to the security services. And according to Mr. Gerashchenko, the interaction the Prefexor had with the ‘Russian hackers’ was online or by phone and that the Ukrainian programmer had been paid to write customized malware without knowing its purpose. But as the article also notes, “It is not clear whether the specific malware the programmer created was used to hack the D.N.C. servers, but it was identified in other Russian hacking efforts in the United States.” So the custom code that the Profexer claims to have written for the Russian hackers who hacked the DNC maybe not have actually been used in the DNC hacks. But what about the P.A.S. web shell tool the Profexer wrote that was cited in the “Grizzly Steppe” report? Well, as many noted following the Grizzly Steppe report, the version of P.A.S. web shell they released in their sample malware used in the attack was an outdated version of P.A.S. web shell.

    The article also notes that the Ukrainian government has handed over to the FBI server images of the Ukrainian Election Commission server that was hacked in 2014 during a high profile hack suspected to be the work of Russian government agents. Investigators have found traces of the same malware on that server that was used in the DNC hacks which is being used as further evidence that Russian hackers were behind the DNC hacks, ignoring the fact highlighted by the rest of the article that hackers often use the same tools.

    So, to summarize, the hot new story about the flesh and blood witness in the ‘Russian hacks’ is a notorious Ukrainian hacker whose freely available and popular P.A.S. web shell hacking tool was released in batch of sample malware in the Grizzly Steppe report. And despite being the author of a widely used hacking tool that’s popular with hackers across the former Soviet Union, the fact that his tool turned up in the DHS report freaked him out so much that he decided to turn himself in to authorities, claiming that he was hired by people he believes were the Russian hackers to write customized tools, although he didn’t suspect it at the time and can only identify these people by their anonymous online handles. The P.A.S. web shell tool that was used in the hacks was an outdated version and it’s unclear whether the custom tool he allegedly wrote was used in the DNC hacks at all. That’s the flesh and blood witness:

    The New York Times

    In Ukraine, a Malware Expert Who Could Blow the Whistle on Russian Hacking

    By ANDREW E. KRAMER and ANDREW HIGGINS
    AUG. 16, 2017

    KIEV, Ukraine — The hacker, known only by his online alias “Profexer,” kept a low profile. He wrote computer code alone in an apartment and quietly sold his handiwork on the anonymous portion of the internet known as the dark web. Last winter, he suddenly went dark entirely.

    Profexer’s posts, already accessible only to a small band of fellow hackers and cybercriminals looking for software tips, blinked out in January — just days after American intelligence agencies publicly identified a program he had written as one tool used in Russian hacking in the United States. American intelligence agencies have determined Russian hackers were behind the electronic break-in of the Democratic National Committee.

    But while Profexer’s online persona vanished, a flesh-and-blood person has emerged: a fearful man who the Ukrainian police said turned himself in early this year, and has now become a witness for the F.B.I.

    “I don’t know what will happen,” he wrote in one of his last messages posted on a restricted-access website before going to the police. “It won’t be pleasant. But I’m still alive.”

    It is the first known instance of a living witness emerging from the arid mass of technical detail that has so far shaped the investigation into the election hacking and the heated debate it has stirred. The Ukrainian police declined to divulge the man’s name or other details, other than that he is living in Ukraine and has not been arrested.

    There is no evidence that Profexer worked, at least knowingly, for Russia’s intelligence services, but his malware apparently did.

    That a hacking operation that Washington is convinced was orchestrated by Moscow would obtain malware from a source in Ukraine — perhaps the Kremlin’s most bitter enemy — sheds considerable light on the Russian security services’ modus operandi in what Western intelligence agencies say is their clandestine cyberwar against the United States and Europe.

    It does not suggest a compact team of government employees who write all their own code and carry out attacks during office hours in Moscow or St. Petersburg, but rather a far looser enterprise that draws on talent and hacking tools wherever they can be found.

    Also emerging from Ukraine is a sharper picture of what the United States believes is a Russian government hacking group known as Advanced Persistent Threat 28 or Fancy Bear. It is this group, which American intelligence agencies believe is operated by Russian military intelligence, that has been blamed, along with a second Russian outfit known as Cozy Bear, for the D.N.C. intrusion.

    Rather than training, arming and deploying hackers to carry out a specific mission like just another military unit, Fancy Bear and its twin Cozy Bear have operated more as centers for organization and financing; much of the hard work like coding is outsourced to private and often crime-tainted vendors.

    Russia’s Testing Ground

    In more than a decade of tracking suspected Russian-directed cyberattacks against a host of targets in the West and in former Soviet territories — NATO, electrical grids, research groups, journalists critical of Russia and political parties, to name a few — security services around the world have identified only a handful of people who are directly involved in either carrying out such attacks or providing the cyberweapons that were used.

    This absence of reliable witnesses has left ample room for President Trump and others to raise doubts about whether Russia really was involved in the D.N.C. hack.

    “There is not now and never has been a single piece of technical evidence produced that connects the malware used in the D.N.C. attack to the G.R.U., F.S.B. or any agency of the Russian government,” said Jeffrey Carr, the author of a book on cyberwarfare. The G.R.U. is Russia’s military intelligence agency, and the F.S.B. its federal security service.

    United States intelligence agencies, however, have been unequivocal in pointing a finger at Russia.

    Security experts were initially left scratching their heads when the Department of Homeland Security on Dec. 29 released technical evidence of Russian hacking that seemed to point not to Russia, but rather to Ukraine.

    In this initial report, the department released only one sample of malware said to be an indicator of Russian state-sponsored hacking, though outside experts said a variety of malicious programs were used in Russian electoral hacking.

    The sample pointed to a malware program, called the P.A.S. web shell, a hacking tool advertised on Russian-language dark web forums and used by cybercriminals throughout the former Soviet Union. The author, Profexer, is a well-regarded technical expert among hackers, spoken about with awe and respect in Kiev.

    He had made it available to download, free, from a website that asked only for donations, ranging from $3 to $250. The real money was made by selling customized versions and by guiding his hacker clients in its effective use. It remains unclear how extensively he interacted with the Russian hacking team.

    After the Department of Homeland Security identified his creation, he quickly shut down his website and posted on a closed forum for hackers, called Exploit, that “I’m not interested in excessive attention to me personally.”

    Soon, a hint of panic appeared, and he posted a note saying that, six days on, he was still alive.

    Another hacker, with the nickname Zloi Santa, or Bad Santa, suggested the Americans would certainly find him, and place him under arrest, perhaps during a layover at an airport.

    “It could be, or it could not be, it depends only on politics,” Profexer responded. “If U.S. law enforcement wants to take me down, they will not wait for me in some country’s airport. Relations between our countries are so tight I would be arrested in my kitchen, at the first request.”

    In fact, Serhiy Demediuk, chief of the Ukrainian Cyber Police, said in an interview that Profexer went to the authorities himself. As the cooperation began, Profexer went dark on hacker forums. He last posted online on Jan. 9. Mr. Demediuk said he had made the witness available to the F.B.I., which has posted a full-time cybersecurity expert in Kiev as one of four bureau agents stationed at the United States Embassy there. The F.B.I. declined to comment.

    Profexer was not arrested because his activities fell in a legal gray zone, as an author but not a user of malware, the Ukrainian police say. But he did know the users, at least by their online handles. “He told us he didn’t create it to be used in the way it was,” Mr. Demediuk said.

    A member of Ukraine’s Parliament with close ties to the security services, Anton Gerashchenko, said that the interaction was online or by phone and that the Ukrainian programmer had been paid to write customized malware without knowing its purpose, only later learning it was used in Russian hacking.

    Mr. Gerashchenko described the author only in broad strokes, to protect his safety, as a young man from a provincial Ukrainian city. He confirmed that the author turned himself in to the police and was cooperating as a witness in the D.N.C. investigation. “He was a freelancer and now he is a valuable witness,” Mr. Gerashchenko said.

    It is not clear whether the specific malware the programmer created was used to hack the D.N.C. servers, but it was identified in other Russian hacking efforts in the United States.

    A Bear’s Lair

    While it is not known what Profexer has told Ukrainian investigators and the F.B.I. about Russia’s hacking efforts, evidence emanating from Ukraine has again provided some of the clearest pictures yet about Fancy Bear, or Advanced Persistent Threat 28, which is run by the G.R.U.

    Fancy Bear has been identified mostly by what it does, not by who does it. One of its recurring features has been the theft of emails and its close collaboration with the Russian state news media.

    Tracking the bear to its lair, however, has so far proved impossible, not least because many experts believe that no such single place exists.

    Even for a sophisticated tech company like Microsoft, singling out individuals in the digital miasma has proved just about impossible. To curtail the damage to clients’ operating systems, the company filed a complaint against Fancy Bear last year with the United States District Court for the Eastern District of Virginia but found itself boxing with shadows.

    As Microsoft lawyers reported to the court, “because defendants used fake contact information, anonymous Bitcoin and prepaid credit cards and false identities, and sophisticated technical means to conceal their identities, when setting up and using the relevant internet domains, defendants’ true identities remain unknown.”

    Nevertheless, Ukrainian officials, though wary of upsetting the Trump administration, have been quietly cooperating with American investigators to try to figure out who stands behind all the disguises.

    Included in this sharing of information were copies of the server hard drives of Ukraine’s Central Election Commission, which were targeted during a presidential election in May 2014. That the F.B.I. had obtained evidence of this earlier, Russian-linked electoral hack has not been previously reported.

    Traces of the same malicious code, this time a program called Sofacy, were seen in the 2014 attack in Ukraine and later in the D.N.C. intrusion in the United States.

    Intriguingly, in the cyberattack during the Ukrainian election, what appears to have been a bungle by Channel 1, a Russian state television station, inadvertently implicated the government authorities in Moscow.

    Hackers had loaded onto a Ukrainian election commission server a graphic mimicking the page for displaying results. This phony page showed a shocker of an outcome: an election win for a fiercely anti-Russian, ultraright candidate, Dmytro Yarosh. Mr. Yarosh in reality received less than 1 percent of the vote.

    The false result would have played into a Russian propaganda narrative that Ukraine today is ruled by hard-right, even fascist, figures.

    The fake image was programmed to display when polls closed, at 8 p.m., but a Ukrainian cybersecurity company, InfoSafe, discovered it just minutes earlier and unplugged the server.

    State television in Russia nevertheless reported that Mr. Yarosh had won and broadcast the fake graphic, citing the election commission’s website, even though the image had never appeared there. The hacker had clearly provided Channel 1 with the same image in advance, but the reporters had failed to check that the hack actually worked.

    “For me, this is an obvious link between the hackers and Russian officials,” said Victor Zhora, director of InfoSafe, the cybersecurity company that first found the fake graphic.

    A Ukrainian government researcher who studied the hack, Nikolai Koval, published his findings in a 2015 book, “Cyberwar in Perspective,” and identified the Sofacy malware on the server.

    The mirror of the hard drive went to the F.B.I., which had this forensic sample when the cybersecurity company CrowdStrike identified the same malware two years later, on the D.N.C. servers.

    “It was the first strike,” Mr. Zhora said of the earlier hack of Ukraine’s electoral computers. Ukraine’s Cyber Police have also provided the F.B.I. with copies of server hard drives showing the possible origins of some phishing emails targeting the Democratic Party during the election.

    In 2016, two years after the election hack in Ukraine, hackers using some of the same techniques plundered the email system of the World Anti-Doping Agency, or WADA, which had accused Russian athletes of systematic drug use.

    That raid, too, seems to have been closely coordinated with Russian state television, which began airing well-prepared reports about WADA’s hacked emails just minutes after they were made public. The emails appeared on a website that announced that WADA had been hacked by a group calling itself the “Fancy Bears’ Hack Team.”

    It was the first time Fancy Bear had broken cover.

    Fancy Bear remains extraordinarily elusive, however. To throw investigators off its scent, the group has undergone various makeovers, restocking its arsenal of malware and sometimes hiding under different guises. One of its alter egos, cyberexperts believe, is Cyber Berkut, an outfit supposedly set up in Ukraine by supporters of the country’s pro-Russian president, Viktor F. Yanukovych, who was ousted in 2014.

    After lying dormant for many months, Cyber Berkut jumped back into action this summer just as multiple investigations in Washington into whether the Trump campaign colluded with Moscow shifted into high gear. Cyber Berkut released stolen emails that it and Russian state news media said had exposed the real story: Hillary Clinton had colluded with Ukraine.

    ———-

    “In Ukraine, a Malware Expert Who Could Blow the Whistle on Russian Hacking” by ANDREW E. KRAMER and ANDREW HIGGINS; The New York Times; 08/16/2017

    “Security experts were initially left scratching their heads when the Department of Homeland Security on Dec. 29 released technical evidence of Russian hacking that seemed to point not to Russia, but rather to Ukraine.”

    Yep, when the DHS released its “Grizzly Steppe” report in late December the technical evidence curiously seemed to point not towards Russia but towards Urkaine. And the sample malware in that report happened to be the Profexer’s P.A.S. web shell tool which so terrified that hacker, a revered hacker and author of popular freely available hacking tools, that he decided to turn himself in Ukrainian authorities shortly afterwards:


    Security experts were initially left scratching their heads when the Department of Homeland Security on Dec. 29 released technical evidence of Russian hacking that seemed to point not to Russia, but rather to Ukraine.

    In this initial report, the department released only one sample of malware said to be an indicator of Russian state-sponsored hacking, though outside experts said a variety of malicious programs were used in Russian electoral hacking.

    The sample pointed to a malware program, called the P.A.S. web shell, a hacking tool advertised on Russian-language dark web forums and used by cybercriminals throughout the former Soviet Union. The author, Profexer, is a well-regarded technical expert among hackers, spoken about with awe and respect in Kiev.

    He had made it available to download, free, from a website that asked only for donations, ranging from $3 to $250. The real money was made by selling customized versions and by guiding his hacker clients in its effective use. It remains unclear how extensively he interacted with the Russian hacking team.

    After the Department of Homeland Security identified his creation, he quickly shut down his website and posted on a closed forum for hackers, called Exploit, that “I’m not interested in excessive attention to me personally.”

    And according to the far-right Ukrainian MP, Anton Gerashchenko, the Profexer was indeed hired by these Russian government hackers to write customized malware. But the Profexer can’t actually identify them by anything other than their anonymous online handles and it’s unclear if that customized malware was actually used in the DNC hacks, although it’s apparently clear that the customized malware was used in other hacking efforts in the US:


    In fact, Serhiy Demediuk, chief of the Ukrainian Cyber Police, said in an interview that Profexer went to the authorities himself. As the cooperation began, Profexer went dark on hacker forums. He last posted online on Jan. 9. Mr. Demediuk said he had made the witness available to the F.B.I., which has posted a full-time cybersecurity expert in Kiev as one of four bureau agents stationed at the United States Embassy there. The F.B.I. declined to comment.

    Profexer was not arrested because his activities fell in a legal gray zone, as an author but not a user of malware, the Ukrainian police say. But he did know the users, at least by their online handles. “He told us he didn’t create it to be used in the way it was,” Mr. Demediuk said.

    A member of Ukraine’s Parliament with close ties to the security services, Anton Gerashchenko, said that the interaction was online or by phone and that the Ukrainian programmer had been paid to write customized malware without knowing its purpose, only later learning it was used in Russian hacking.

    Mr. Gerashchenko described the author only in broad strokes, to protect his safety, as a young man from a provincial Ukrainian city. He confirmed that the author turned himself in to the police and was cooperating as a witness in the D.N.C. investigation. “He was a freelancer and now he is a valuable witness,” Mr. Gerashchenko said.

    It is not clear whether the specific malware the programmer created was used to hack the D.N.C. servers, but it was identified in other Russian hacking efforts in the United States.

    It is not clear whether the specific malware the programmer created was used to hack the D.N.C. servers, but it was identified in other Russian hacking efforts in the United States.”

    And while it’s unclear whether the custom malware was used in the DNC hacks, it’s pretty clear that the P.A.S. web shell malware that was used in the DNC hacks wasn’t customized. Because it was already an outdated version of P.A.S. web shell.

    So unless there’s a lot more information yet to come along this line of inquiry, it’s looking like the primary criminal activity that the Profexer witnessed was the his own quasi-crime of created customized malware for an anonymous group that may or may not have been used in the DNC hacks. Based on this compelling evidence it appears we can narrow the culprits down to…pretty much any hacker. Huzzah!

    Posted by Pterrafractyl | August 17, 2017, 8:06 pm
  3. Here’s a piece from Robert Parry that highlights a critical detail about the story of the transfer of Ukrainian ICBM technology to North Korea: The region where the financially distressed missile factory resides, Dnipropetrovsk, had Ukrainian oligarch Igor Kolomoisky installed as governor following the 2014 Maidan revolution. And Kolomoisky just happened to be a both Jewish and also a strong backer of the neo-Nazi elements of the Ukrainian militia units that played key combat roles in the military conflict in Eastern Ukraine. In particular the Azov battalion, the neo-Nazi militia that recently form the National Corps political party. Its one of the many tragic bedfellow situations created by the crisis in Ukraine (and not exclusive to Ukraine given the existence of fascist Jewish networks). And National Corp was one of the three neo-Nazi parties that recently formed a far-right political union, along with Right Sector/Pravy Sektor and Svoboda, that called for Ukraine to end its attempts to move closer to the EU and instead form a “European Union with the Baltic States” and for Ukraine to acquire its own nuclear arsenal.

    And don’t forget how the story of that bizarre “peace plan” that was hand delivered to Michael Flynn by Felix Sater involved the same a far-right Ukrainian political with close ties to Right Sector/Pravy Sektor, Andrey Artemenko, who was scheming was Sater to upgrade Ukraine’s nuclear energy capabilities with plans for electricity export while and ostensibly improving the safety of Ukraine’s existing nuclear infrastructure. And in fairness, upgrading the safety of Ukraine’s nuclear sector isn’t an unreasonable goal even for a bunch of neo-Nazis. But it’s another indication of the active interest of the neo-Nazi faction of Ukraine’s political scene demonstrating the country’s nuclear sector.

    As Parry also notes below, it was Kolomoisky’s operation in Dnipro also has come under suspicion for a possible role in the shoot-down of Malaysia Airlines Flight 17 on July 17, 2014. A shoot-down that included a number of indications that it could have been a rogue Ukrainian military operation associated with the neo-Nazi militias operating in that area at the time who had access to the same anti-aircraft missile technology.

    So when you have neo-Nazi political parties with a history of a reckless actions and a very active interest in upgrading both the nuclear energy and weapons capabilities of Ukraine, and one of the neo-Nazi parties the Azov Battalion, it’s definitely worth noting that and the key sponsor of the Azov Battalion was an oligarch who was in charge of the region where the missile factory that appears to have transferred that technology happens to reside:

    Consortium News

    A Ukraine Link to North Korea’s Missiles?

    Exclusive: By orchestrating the 2014 “regime change” in Ukraine, U.S. neocons may have indirectly contributed to a desperate Ukrainian factory selling advanced rocket engines to North Korea and endangering America, writes Robert Parry.

    By Robert Parry
    August 15, 2017

    U.S. intelligence analysts reportedly have traced North Korea’s leap forward in creating an intercontinental ballistic missile capable of striking U.S. territory to a decaying Ukrainian rocket-engine factory whose alleged role could lift the cover off other suppressed mysteries related to the U.S.-backed coup in Kiev.

    Because the 2014 coup – overthrowing elected President Viktor Yanukovych – was partly orchestrated by the U.S. government’s influential neoconservatives and warmly embraced by the West’s mainstream media, many of the ugly features of the Kiev regime have been downplayed or ignored, including the fact that corrupt oligarch Igor Kolomoisky was put in charge of the area where the implicated factory was located.

    As the region’s governor, the thuggish Kolomoisky founded armed militias of Ukrainian extremists, including neo-Nazis, who spearheaded the violence against ethnic Russians in eastern provinces, which had voted heavily for Yanukovych and tried to resist his violent overthrow.

    Kolomoisky, who has triple citizenship from Ukraine, Cyprus and Israel, was eventually ousted as governor of Dnipropetrovsk (now called Dnipro) on March 25, 2015, after a showdown with Ukraine’s current President Petro Poroshenko over control of the state-owned energy company, but by then Kolomoisky’s team had put its corrupt mark on the region.

    At the time of the Kolomoisky-Poroshenko showdown, Valentyn Nalyvaychenko, chief of the State Security Service, accused Dnipropetrovsk officials of financing armed gangs and threatening investigators, Bloomberg News reported, while noting that Ukraine had sunk to 142nd place out of 175 countries in Transparency International’s Corruptions Perception Index, the worst in Europe.

    Even earlier in Kolomoisky’s brutal reign, Dnipropetrovsk had become the center for the violent intrigue that has plagued Ukraine for the past several years, including the dispatch of neo-Nazi militias to kill ethnic Russians who then turned to Russia for support.

    Tolerating Nazis

    Yet, protected by the waves of anti-Russian propaganda sweeping across the West, Kolomoisky’s crowd saw few reasons for restraint. So, among the Kolomoisky-backed militias was the Azov battalion whose members marched with Swastikas and other Nazi insignias.

    Ironically, the same Western media which heartily has condemned neo-Nazi and white-nationalist violence in Charlottesville, Virginia, adopted a much more tolerant attitude toward Ukraine’s neo-Nazism even as those militants murdered scores of ethnic Russians in Odessa in May 2014 and attacked ethnic Russian communities in the east where thousands more died.

    When it came to Ukraine, The New York Times and other mainstream outlets were so dedicated to their anti-Russian propaganda that they veered between minimizing the significance of the neo-Nazi militias and treating them as bulwarks of Western civilization.

    For instance, on Feb. 11, 2015, the Times published a long article by Rick Lyman that presented the situation in the port city of Mariupol as if the advance by ethnic Russian rebels amounted to the arrival of barbarians at the gate while the inhabitants were being bravely defended by the forces of civilization. But then the article cited the key role in that defense played by the Azov battalion.

    Though the article provided much color and detail and quoted an Azov leader prominently, it left out the fact that the Azov battalion was composed of neo-Nazis.

    This inconvenient truth that neo-Nazis were central to Ukraine’s “self-defense forces” would have disrupted the desired propaganda message about “Russian aggression.” After all, wouldn’t many Americans and Europeans understand why Russia, which suffered some 27 million dead in World War II, might be sensitive to neo-Nazis killing ethnic Russians on Russia’s border?

    So, in Lyman’s article, the Times ignored Azov’s well-known neo-Nazism and referred to it simply as a “volunteer unit.”

    In other cases, the Times casually brushed past the key role of fascist militants. In July 2015, the Times published a curiously upbeat story about the good news that Islamic militants had joined with far-right and neo-Nazi battalions to kill ethnic Russian rebels.

    The article by Andrew E. Kramer reported that there were three Islamic battalions “deployed to the hottest zones,” such as around Mariupol. One of the battalions was headed by a former Chechen warlord who went by the name “Muslim,” Kramer wrote, adding:

    “The Chechen commands the Sheikh Mansur group, named for an 18th-century Chechen resistance figure. It is subordinate to the nationalist Right Sector, a Ukrainian militia. Right Sector formed during last year’s street protests in Kiev from a half-dozen fringe Ukrainian nationalist groups like White Hammer and the Trident of Stepan Bandera.

    “Another, the Azov group, is openly neo-Nazi, using the Wolf’s Hook’ symbol associated with the [Nazi] SS. Without addressing the issue of the Nazi symbol, the Chechen said he got along well with the nationalists because, like him, they loved their homeland and hated the Russians.”

    Rockets for North Korea

    The Times encountered another discomforting reality on Monday when correspondents William J. Broad and David E. Sanger described U.S. intelligence assessments pointing to North Korea’s likely source of its new and more powerful rocket engines as a Ukrainian factory in Dnipro.

    Of course, the Times bent over backward to suggest that the blame might still fall on Russia even though Dnipro is a stronghold of some of Ukraine’s most militantly anti-Russian politicians and although U.S. intelligence analysts have centered their suspicions on a Ukrainian-government-owned factory there, known as Yuzhmash.

    So, it would seem clear that corrupt Ukrainian officials, possibly in cahoots with financially pressed executives or employees of Yuzhmash, are the likeliest suspects in the smuggling of these rocket engines to North Korea.

    Even the Times couldn’t dodge that reality, saying: “Government investigators and experts have focused their inquiries on a missile factory in Dnipro, Ukraine.” But the Times added that Dnipro is “on the edge of the territory where Russia is fighting a low-level war to break off part of Ukraine” – to suggest that the Russians somehow might have snuck into the factory, stolen the engines and smuggled them to North Korea.

    But the Times also cited the view of missile expert Michael Elleman, who addressed North Korea’s sudden access to more powerful engines in a study issued this week by the International Institute for Strategic Studies.

    “It’s likely that these engines came from Ukraine — probably illicitly,” Elleman said in an interview with the Times. “The big question is how many they have and whether the Ukrainians are helping them now. I’m very worried.”

    Yet, always looking for a chance to shift the blame to Russia, the Times quickly inserted that “Mr. Elleman was unable to rule out the possibility that a large Russian missile enterprise, Energomash, which has strong ties to the Ukrainian complex, had a role in the transfer of the RD-250 engine technology to North Korea.”

    Yet, while the Ukraine crisis may have reduced living standards for average Ukrainians, it was an important catalyst in the creation of the New Cold War between Washington and Moscow, which offers lucrative opportunities for U.S. military contractors and their many think-tank apologists despite increasing the risk of nuclear war for the rest of us.

    In particular, U.S. neoconservatives have viewed heightened tensions between the West and Russia as valuable both in driving up military spending and laying the groundwork for a possible “regime change” in Moscow. The neocons have wanted to retaliate against Russian President Vladimir Putin’s role in frustrating neocon (and Israeli-Saudi) desires to overthrow Syrian President Bashar al-Assad and to bomb Iran, which Israel and Saudi Arabia now view as their principal regional adversary.

    The neocon/Israeli-Saudi interests have produced many strange bedfellows with weapons flowing to Al Qaeda’s affiliate in Syria, and – because of Putin’s assistance to Syria and Iran – the tolerance of neo-Nazis and Islamic militants in Ukraine.

    The MH-17 Case

    Kolomoisky’s operation in Dnipro also has come under suspicion for a possible role in the shoot-down of Malaysia Airlines Flight 17 on July 17, 2014. According to a source briefed by U.S. intelligence analysts, Dnipro was the center of a plot to use a powerful anti-aircraft missile to shoot down Putin’s official plane on a return flight from South America, but instead – after Putin’s plane took a more northerly route – the missile brought down MH-17, killing all 298 people aboard.

    For reasons that have still not been explained, the Obama administration suppressed U.S. intelligence reports on the MH-17 tragedy and instead joined in pinning the shoot-down on ethnic Russian rebels and, by implication, Putin and his government.

    In the West, the MH-17 shoot-down became a cause celebre, generating a powerful propaganda campaign to demonize Putin and Russia – and push Europe into joining sanctions against Moscow. Few people dared question Russia alleged guilt even though the Russia-did-it arguments were full of holes. [See here and here.]

    Now this North Korean case forces the issue of Ukraine’s reckless behavior to the fore again: Did an inept or corrupt Ukrainian bureaucracy participate in or tolerate a scheme to sell powerful rocket engines to North Korea and enable a nuclear threat to U.S. territory?

    In response to the reports of possible Ukrainian collusion in North Korea’s missile program, Oleksandr Turchynov, secretary of the Ukrainian national security and defense council, issued a bizarre denial suggesting that The New York Times and U.S. intelligence agencies were pawns of Russia.

    “This information [about North Korea possibly obtaining rocket engines from Ukraine] is not based on any grounds, provocative by its content, and most likely provoked by Russian secret services to cover their own crimes,” Turchynov said.

    Press reports about Turchynov’s statement left out two salient facts: that as the interim President following the February 2014 coup, Turchynov ordered Right Sektor militants to begin the bloody siege of rebel-held Sloviansk, a key escalation in the conflict, and that Turchynov was the one who appointed Kolomoisky to be the ruler of Dnipropetrovsk.

    ———-

    “A Ukraine Link to North Korea’s Missiles?” by Robert Parry; Consortium News; 08/15/2017

    “Because the 2014 coup – overthrowing elected President Viktor Yanukovych – was partly orchestrated by the U.S. government’s influential neoconservatives and warmly embraced by the West’s mainstream media, many of the ugly features of the Kiev regime have been downplayed or ignored, including the fact that corrupt oligarch Igor Kolomoisky was put in charge of the area where the implicated factory was located.”

    Yep, a crazy billionaire with deep ties to the neo-Nazi militias was the governor of region where the missile technology appears to have disappeared. So it will be interesting to learn when exactly that technology transfer took place. But even if it happened after Kolomoiosky stepped down as governor in 2015, it’s still going to be his network running the place:


    As the region’s governor, the thuggish Kolomoisky founded armed militias of Ukrainian extremists, including neo-Nazis, who spearheaded the violence against ethnic Russians in eastern provinces, which had voted heavily for Yanukovych and tried to resist his violent overthrow.

    Kolomoisky, who has triple citizenship from Ukraine, Cyprus and Israel, was eventually ousted as governor of Dnipropetrovsk (now called Dnipro) on March 25, 2015, after a showdown with Ukraine’s current President Petro Poroshenko over control of the state-owned energy company, but by then Kolomoisky’s team had put its corrupt mark on the region.

    So given the frequently observation that the neo-Nazi militias that were embraced as a means of ‘saving’ Ukraine when the conflict breaks out are also the greatest threat to the future of Ukraine, if it turns out that the neo-Nazi elements of Ukraine played a role in this technology transfer it will merely be the latest reminder that shouldn’t just apply to Ukraine. Those neo-Nazi militias which have largely been quietly or openly accepted by the West should really be seen as a threat to the future of everyone. It’s one of the features of neo-Nazi movements: they’re threats to everyone everywhere except the avowed neo-Nazis. That’s sort of their point.

    Posted by Pterrafractyl | August 19, 2017, 1:43 pm
  4. Here’s another twist to the story about the Ukrainian hacker, the “Profexer”, who reportedly turned himself in to Ukrainian authorities over fears that he inadvertently assisted the ‘Russian hackers’ who hacked the DNC in the 2016 US elections: One of the odd parts of that report was how the freely available hacker software written by the Profexer, P.A.S. web shell, was listed in the “GrizzlySteppe” DHS report on the ‘Russian hacking’ as an example of the malware used in the hacks, and yet the customized software that the Profexer allegedly wrote for the ‘Russian hackers’ (which is what makes him a “witness” in this investigation) apparently wasn’t used in the DNC hacks at all. Or at least there was no indication it was used. Instead, the customized software was identified by US authorities as being used in a different set of attacks that were determined to have been done by the same hacking group. So the only thing directly tying him to the DNC hacks was the use of an outdated version of the P.A.S. web shell tool.

    But according to this report by Krebs Security, when contacted Crowdstrike to get a list of all the malware found in the DNC server hack P.A.S. web shell was not on the list at all. In other words, it’s unclear if any software, customized or not, used in any of the DNC hacks was actually written by this Ukrainian hacker who turned himself in over concerns that he helped the ‘Russian hackers’:

    Krebs on Security

    Blowing the Whistle on Bad Attribution

    Brian Krebs
    Aug 18, 2017

    The New York Times this week published a fascinating story about a young programmer in Ukraine who’d turned himself in to the local police. The Times says the man did so after one of his software tools was identified by the U.S. government as part of the arsenal used by Russian hackers suspected of hacking into the Democratic National Committee (DNC) last year. It’s a good read, as long as you can ignore that the premise of the piece is completely wrong.

    The story, “In Ukraine, a Malware Expert Who Could Blow the Whistle on Russian Hacking,” details the plight of a hacker in Kiev better known as “Profexer,” who has reportedly agreed to be a witness for the FBI. From the story:

    “Profexer’s posts, already accessible to only a small band of fellow hackers and cybercriminals looking for software tips, blinked out in January — just days after American intelligence agencies publicly identified a program he had written as one tool used in Russian hacking in the United States. American intelligence agencies have determined Russian hackers were behind the electronic break-in of the Democratic National Committee.”

    The Times’ reasoning for focusing on the travails of Mr. Profexer comes from the “GRIZZLYSTEPPE” report, a collection of technical indicators or attack “signatures” published in December 2016 by the U.S. government that companies can use to determine whether their networks may be compromised by a number of different Russian cybercrime groups.

    The only trouble is nothing in the GRIZZLYSTEPPE report said which of those technical indicators were found in the DNC hack. In fact, Prefexer’s “P.A.S. Web shell” tool — a program designed to insert a digital backdoor that lets attackers control a hacked Web site remotely — was specifically not among the hacking tools found in the DNC break-in.

    That’s according to Crowdstrike, the company called in to examine the DNC’s servers following the intrusion. In a statement released to KrebsOnSecurity, Crowdstrike said it published the list of malware that it found was used in the DNC hack, and that the Web shell named in the New York Times story was not on that list.

    Robert M. Lee is founder of the industrial cybersecurity firm Dragos, Inc. and an expert on the challenges associated with attribution in cybercrime. In a post on his personal blog, Lee challenged The Times on its conclusions.

    “The GRIZZLYSTEPPE report has nothing to do with the DNC breach though and was a collection of technical indicators the government compiled from multiple agencies all working different Russian related threat groups,” Lee wrote.

    “The threat group that compromised the DNC was Russian but not all Russian groups broke into the DNC,” he continued. “The GRIZZLYSTEPPE report was also highly criticized for its lack of accuracy and lack of a clear message and purpose. I covered it here on my blog but that was also picked up by numerous journalists and covered elsewhere [link added]. In other words, there’s no excuse for not knowing how widely criticized the GRIZZLYSTEPPE report was before citing it as good evidence in a NYT piece.”

    Perhaps in response to Lee’s blog post, The Times issued a correction to the story, re-writing the above-quoted and indented paragraph to read:

    “It is the first known instance of a living witness emerging from the arid mass of technical detail that has so far shaped the investigation into the election hacking and the heated debate it has stirred. The Ukrainian police declined to divulge the man’s name or other details, other than that he is living in Ukraine and has not been arrested.”

    [Side note: Profexer may well have been doxed by this publication just weeks after the GRIZZLYSTEPPE report was released.]

    This would not be the first time the GRIZZLYSTEPPE report provided fodder for some too-hasty hacking conclusions by a major newspaper. On December 31 2016, The Washington Post published a breathless story reporting that an electric utility in Vermont had been compromised by Russian hackers who had penetrated the U.S. electric grid.

    The Post cited unnamed “U.S. officials” saying the Vermont utility had found a threat signature from the GRIZZLYSTEPPE report inside its networks. Not long after the story ran, the utility in question said it detected the malware signature in a single laptop that was not connected to the grid, and the Post was forced to significantly walk back its story.

    Matt Tait, a senior fellow at the Robert Strauss Center for International Security and Law at UT Austin, said indicators of compromise or IOCs like those listed in the GRIZZLYSTEPPE report have limited value in attributing who may be responsible for an online attack.

    “It’s a classic problem that these IOCs indicate you may be compromised, but they’re not very good for attribution,” Tait said. “The Grizzly Steppe report is a massive file of signatures, and loads of people have run those, found various things on their network, and then assumed it’s all related to the DNC hack. But there’s absolutely no tie between the DNC hack that in any way involved this P.A.S. Web shell.”

    ———-

    “Blowing the Whistle on Bad Attribution” Brian Krebs; Krebs on Security; 08/18/2017

    “The only trouble is nothing in the GRIZZLYSTEPPE report said which of those technical indicators were found in the DNC hack. In fact, Prefexer’s “P.A.S. Web shell” tool — a program designed to insert a digital backdoor that lets attackers control a hacked Web site remotely — was specifically not among the hacking tools found in the DNC break-in.

    And it’s not Krebs independtly making the assertion that the Profexer’s P.A.S. web shell tool wasn’t actually used in the DNC break-in. Crowdstrike, the only firm to actually examine the DNC’s servers, released its own list of malware and P.A.S. web shell was not on that list:


    That’s according to Crowdstrike, the company called in to examine the DNC’s servers following the intrusion. In a statement released to KrebsOnSecurity, Crowdstrike said it published the list of malware that it found was used in the DNC hack, and that the Web shell named in the New York Times story was not on that list.

    So unless there’s a bunch of stuff we aren’t being told, it appears that the Ukrainian hacker who became an FBI “witness” has pretty much nothing to do with the hack other than being a hacker.

    And note this interesting observation: The Profexer was identified back in January, shortly after the Grizzley Steppe report:


    [Side note: Profexer may well have been doxed by this publication just weeks after the GRIZZLYSTEPPE report was released.]

    And sure enough, when you look at the Off-Guardian report, it does indeed look like they identified the guy as Jaroslav Volodimirovich Panchenko, an information technology student at Poltava National Technical University:

    Off-Guardian

    Did a Ukrainian University Student Create Grizzly Steppe?

    by Petri Krohn
    Published on January 9, 2017

    1) U.S. Department of Homeland Security claims that the DNC was hacked by Russian intelligence services using a Russian malware tool they have named Grizzly Steppe or “PAS tool PHP web kit”. They have published a YARA signature file that allows anyone to identify it.

    https://www.us-cert.gov/security-publications/GRIZZLY-STEPPE-Russian-Malicious-Cyber-Activity.

    [see image of the YARA signature file as published by DHS.]

    2) Security company Wordefence says Grizzly Steppe is actually P.A.S. web shell, a common malware tool on WordPress sites. They have identified its origin to an Ukrainian download site Profexer.name

    https://www.wordfence.com/blog/2016/12/russia-malware-ip-hack/

    [see image of the download page at profexer.name as seen by Wordfence before the site was disabled.]

    3) The profexer site presents a SSL certificate that identifies it as pro-os.ru and gives an email address aazzz@ro.ru.

    https://profexer.name
    [see image of the SSL certificate presented by profexer.name when accessed over the HTTPS protocol].

    4) pro-os.ru is offline with the domain registration expired, but Internet Archive has copies from April and May 2015. The photo on the page indicates that they are experts in “deadly” computer viruses.

    https://web.archive.org/web/20150405005032/http://pro-os.ru/

    [see image of Facebook cached copy of the pro-os.ru site.]

    The contacts given on the pro-os.ru site link to the VK account of Roman Alexeev and the email address roman@pro-os.ru. The VK account has been suspended because of “suspicious activity”. (You need to be logged in to VK to see the “Author” of the application.)

    https://vk.com/app47143488

    [see image of the pro-os.ru site links to a VK aplication which again links to Roman Alexeev’s VK profile.]

    4b) The site toster.ru links the email address aazzz@ro.ru to the name Roman Alexeev (????? ????????).

    https://toster.ru/user/aazzz (archive)

    https://ibazh.com/members/roman.3232/ (archive)

    5) “Roman Alexeev” advertises his skills and services as a web developer, linking to his VK account but also giving a skype account (ya.aalexeev) and an email address (mcmugok@yandex.ru).
    http://verni.com.ua/feedback/

    https://freelancehunt.com/project/kopiya-sayta/141070.html

    6) One of the sites where “Roman Alexeev” links to his VK account is Freelancehunt.com. His profile contains a photograph and the nick aazzz. He claims he is from Zaporizhia and 25 years old.

    https://freelancehunt.com/freelancer/aazzz.html (archive)

    [see profile photo used by “Roman Alexeev” at the Freelancehunt site.]

    7) The profile photo on Freelancehunt actually belongs to Jaroslav Volodimirovich Panchenko (???????? ??????? ?????????????), an information technology student and member of the student self-government structure of the Poltava National Technical University.

    http://pntu.edu.ua/ru/diyalnist/studentske-zhittya.html

    ———-

    “Did a Ukrainian University Student Create Grizzly Steppe?” by Petri Krohn; Off-Guardian; 01/09/2017

    “The profile photo on Freelancehunt actually belongs to Jaroslav Volodimirovich Panchenko (???????? ??????? ?????????????), an information technology student and member of the student self-government structure of the Poltava National Technical University.”

    So if Jaroslav Panchenko is indeed the “Profexer” you can understand why he might be somewhat concerned about being outed, which raises the question of whether or not the publication of this Off-Guardian article on January 9th had anything to do with his decision to turn himself in to Ukrainian authorities. Note the New York Times report about the Profexer states that he “went dark” on the hacker forums in early January, with his last post online on January 9th. It’s quite a coincidence. Still, if even the P.A.S. web shell tool he wrote wasn’t used in the DNC hacks it’s unclear what concerns the Profexer should have at all over potential legal liability over his role in the DNC hacks since it doesn’t look like he actually played a role in those hacks, even indirectly. And that’s the lone “flesh and blood” witness thus far.

    Posted by Pterrafractyl | August 24, 2017, 2:10 pm
  5. Here’s the latest story about hackers, who we are told with an inexplicably high degree of certainty are Russian government hackers, hacking into US and European electrical grids. But in this case it sounds like the hackers actually have the capacity to shut down at least some power grid operations and even trigger blackouts. The hacking group has been named Dragonfly 2.0, Energetic Bear, Iron Liberty, and Koala, by the various companies like Crowdstrike and FireEye that have been tracking it since 2010.

    This of course, assumes this is a single group hacking group behind all these attacks and not simply multiple operators utilizing similar code and methods, which is a big assumption).

    Also, Symantec, the company that released the latest report on “Dragonfly 2.0”, emphasized that it did not have the necessary evidence to attribute these hacks to the Russian government. Crowdstrike and FireEye, on the other hand, have already made that attribution for the group based on previous hacks.

    So we now have reports about one of more hacking groups that have successfully hacked into the US and European electrical grids, obtaining operational control and the ability to trigger blackouts at will in some instances. And it’s already been concluded that Russia did it:

    Wired

    Hackers Gain ‘Switch-Flipping’ Access to US Power Grid Control Systems

    Andy Greenberg
    09.06.17 06:00 am

    In an era of hacker attacks on critical infrastructure, even a run-of-the-mill malware infection on an electric utility’s network is enough to raise alarm bells. But the latest collection of power grid penetrations went far deeper: Security firm Symantec is warning that a series of recent hacker attacks not only compromised energy companies in the US and Europe but also resulted in the intruders gaining hands-on access to power grid operations—enough control that they could have induced blackouts on American soil at will.

    Symantec on Wednesday revealed a new campaign of attacks by a group it is calling Dragonfly 2.0, which it says targeted dozens of energy companies in the spring and summer of this year. In more than 20 cases, Symantec says the hackers successfully gained access to the target companies’ networks. And at a handful of US power firms and at least one company in Turkey—none of which Symantec will name—their forensic analysis found that the hackers obtained what they call operational access: control of the interfaces power company engineers use to send actual commands to equipment like circuit breakers, giving them the ability to stop the flow of electricity into US homes and businesses.

    “There’s a difference between being a step away from conducting sabotage and actually being in a position to conduct sabotage … being able to flip the switch on power generation,” says Eric Chien, a Symantec security analyst. “We’re now talking about on-the-ground technical evidence this could happen in the US, and there’s nothing left standing in the way except the motivation of some actor out in the world.”

    Never before have hackers been shown to have that level of control of American power company systems, Chien notes. The only comparable situations, he says, have been the repeated hacker attacks on the Ukrainian grid that twice caused power outages in the country in late 2015 and 2016, the first known hacker-induced blackouts.

    The Usual Suspects

    Security firms like FireEye and Dragos have pinned those Ukrainian attacks on a hacker group known as Sandworm, believed to be based in Russia. But Symantec stopped short of blaming the more recent attacks on any country or even trying to explain the hackers’ motives. Chien says the company has found no connections between Sandworm and the intrusions it has tracked. Nor has it directly connected the Dragonfly 2.0 campaign to the string of hacker intrusions at US power companies—including a Kansas nuclear facility—known as Palmetto Fusion, which unnamed officials revealed in July and later tied to Russia.

    Chien does note, however, that the timing and public descriptions of the Palmetto Fusion hacking campaigns match up with its Dragonfly findings. “It’s highly unlikely this is just coincidental,” Chien says. But he adds that while the Palmetto Fusion intrusions included a breach of a nuclear power plant, the most serious DragonFly intrusions Symantec tracked penetrated only non-nuclear energy companies, which have less strict separations of their internet-connected IT networks and operational controls.

    As Symantec’s report on the new intrusions details, the company has tracked the Dragonfly 2.0 attacks back to at least December of 2015, but found that they ramped up significantly in the first half of 2017, particularly in the US, Turkey, and Switzerland. Its analysis of those breaches found that they began with spearphishing emails that tricked victims into opening a malicious attachment—the earliest they found was a fake invitation to a New Year’s Eve party—or so-called watering hole attacks that compromise a website commonly visited by targets to hack victims’ computers.

    Those attacks were designed to harvest credentials from victims and gain remote access to their machines. And in the most successful of those cases, including several instances in the US and one in Turkey, the attackers penetrated deep enough to screenshot the actual control panels for their targets’ grid operations—what Symantec believes was a final step in positioning themselves to sabotage those systems at will. “That’s exactly what you’d do if you were to attempt sabotage,” he says. “You’d take these sorts of screenshots to understand what you had to do next, like literally which switch to flip.”

    And if those hackers did gain the ability to cause a blackout in the US, why did they stop short? Chien reasons that they may have been seeking the option to cause an electric disruption but waiting for an opportunity that would be most strategically useful—say, if an armed conflict broke out, or potentially to issue a well-timed threat that would deter the US from using its own hacking capabilities against another foreign nation’s critical infrastructure. “If these attacks are from a nation state,” Chien says, “one would expect sabotage only in relation to a political event.”

    The Ukrainian Precedent

    Not every group of hackers has shown that kind of restraint. Hackers now believed to be the Russian group Sandworm used exactly the sort of access to electricity control interfaces that Symantec describes Dragonfly having to shut off the power to a quarter million Ukrainians in December 2015. In one case they took over the remote help desk tool of a Ukrainian energy utility to hijack engineers’ mouse controls and manually clicked through dozens of circuit breakers, turning off the power to tens of thousands of people as the engineers watched helplessly.

    Operations like that one and a more automated blackout attack a year later have made Russia the first suspect in any grid-hacking incident. But Symantec notes that the hackers mostly used freely available tools and existing vulnerabilities in software rather than previously unknown weaknesses, making any attribution more difficult. They found some Russian-language strings of code in the malware used in the intrusions, but also some hints of French. They note that either language could be a “false flag” meant to throw off investigators.

    In naming the hacking campaign Dragonfly, however, Symantec does tie it to an earlier, widely analyzed set of intrusions also aimed at the US and European energy sectors, which stretched from as early as 2010 to 2014. The hackers behind that series of attacks, called Dragonfly by Symantec but also known by the names Energetic Bear, Iron Liberty, and Koala, shared many of the same characteristics as the more recent Dragonfly 2.0 attacks, Symantec says, including infection methods, two pieces of malware used in the intrusions, and energy sector victims. And both the security firm Crowdstrike and the US government have linked those earlier Dragonfly attacks with the Kremlin—a report published by the Department of Homeland Security and the FBI last December included the group on its list of known Russian-government hacking operations.

    Symantec says it has assisted the power companies that experienced the deepest penetrations, helping them eject the hackers from their networks. The firm also sent warnings to more than a hundred companies about the Dragonfly 2.0 hackers, as well as to the Department of Homeland Security and the North American Electric Reliability Corporation, which is responsible for the stability of the US power grid. NERC didn’t immediate answer WIRED’s request for comment on Symantec’s findings, but DHS spokesperson Scott McConnell wrote in a statement that “DHS is aware of the report and is reviewing it,” and “at this time there is no indication of a threat to public safety.”

    The Dragonfly hackers remain active even today, Chien warns, and electric utilities should be on high alert. Given that the group has, in some form, been probing and penetrating energy utility targets for the past seven years, don’t expect them to stop now.

    ———-

    “Hackers Gain ‘Switch-Flipping’ Access to US Power Grid Control Systems” by Andy Greenberg; Wired; 09/06/2017

    “Symantec on Wednesday revealed a new campaign of attacks by a group it is calling Dragonfly 2.0, which it says targeted dozens of energy companies in the spring and summer of this year. In more than 20 cases, Symantec says the hackers successfully gained access to the target companies’ networks. And at a handful of US power firms and at least one company in Turkey—none of which Symantec will name—their forensic analysis found that the hackers obtained what they call operational access: control of the interfaces power company engineers use to send actual commands to equipment like circuit breakers, giving them the ability to stop the flow of electricity into US homes and businesses.”

    So if these reports are correct, not only have one or more hacking groups identified as “Dragonfly 2.0” already given themselves the ability to trigger blackouts with the ‘flip of a a switch’ but Russia has already been preemptively blamed too. Even though Symantec emphasizes that it has no proof of any particular state being behind the hacks. Symantec also notes that the hackers appear to be using freely available tools and existing vulnerabilities in software rather than previously unknown weaknesses and saw nothing to tie these hacks to the hacks of the Ukrainian electrical grid attributed to the “Sandworm” hacking group (which is also attributed to the Russian government). But Symantec did see signs of both Russian and French language in the malware, which they warned could obviously be a false flag intended to confuse attribution:


    Never before have hackers been shown to have that level of control of American power company systems, Chien notes. The only comparable situations, he says, have been the repeated hacker attacks on the Ukrainian grid that twice caused power outages in the country in late 2015 and 2016, the first known hacker-induced blackouts.

    The Usual Suspects

    Security firms like FireEye and Dragos have pinned those Ukrainian attacks on a hacker group known as Sandworm, believed to be based in Russia. But Symantec stopped short of blaming the more recent attacks on any country or even trying to explain the hackers’ motives. Chien says the company has found no connections between Sandworm and the intrusions it has tracked. Nor has it directly connected the Dragonfly 2.0 campaign to the string of hacker intrusions at US power companies—including a Kansas nuclear facility—known as Palmetto Fusion, which unnamed officials revealed in July and later tied to Russia.

    And if those hackers did gain the ability to cause a blackout in the US, why did they stop short? Chien reasons that they may have been seeking the option to cause an electric disruption but waiting for an opportunity that would be most strategically useful—say, if an armed conflict broke out, or potentially to issue a well-timed threat that would deter the US from using its own hacking capabilities against another foreign nation’s critical infrastructure. “If these attacks are from a nation state,” Chien says, “one would expect sabotage only in relation to a political event.”

    The Ukrainian Precedent

    Not every group of hackers has shown that kind of restraint. Hackers now believed to be the Russian group Sandworm used exactly the sort of access to electricity control interfaces that Symantec describes Dragonfly having to shut off the power to a quarter million Ukrainians in December 2015. In one case they took over the remote help desk tool of a Ukrainian energy utility to hijack engineers’ mouse controls and manually clicked through dozens of circuit breakers, turning off the power to tens of thousands of people as the engineers watched helplessly.

    Operations like that one and a more automated blackout attack a year later have made Russia the first suspect in any grid-hacking incident. But Symantec notes that the hackers mostly used freely available tools and existing vulnerabilities in software rather than previously unknown weaknesses, making any attribution more difficult. They found some Russian-language strings of code in the malware used in the intrusions, but also some hints of French. They note that either language could be a “false flag” meant to throw off investigators.

    But while Symantec can’t tie the current hacks to the Ukrainian “Sandworm” hack, it does appear to share a number of characteristics with an earlier set of hacks attributed to Dragonfly 2.0 from 2010-2014. And, of course, Crowdstike and the US government already attributed those earlier attacks to the Russian government, which was included in the DHS’s “Grizzly Steppe” report about the 2016 DNC hacks:


    In naming the hacking campaign Dragonfly, however, Symantec does tie it to an earlier, widely analyzed set of intrusions also aimed at the US and European energy sectors, which stretched from as early as 2010 to 2014. The hackers behind that series of attacks, called Dragonfly by Symantec but also known by the names Energetic Bear, Iron Liberty, and Koala, shared many of the same characteristics as the more recent Dragonfly 2.0 attacks, Symantec says, including infection methods, two pieces of malware used in the intrusions, and energy sector victims. And both the security firm Crowdstrike and the US government have linked those earlier Dragonfly attacks with the Kremlin—a report published by the Department of Homeland Security and the FBI last December included the group on its list of known Russian-government hacking operations.

    So, since the similarities between this current hacks and those earlier hacks that were attributed to the Russian government are being used to attribute the current hack to Russia, let’s take a look at what it was the Crowdstrike used to attribute those early hacks to Russia: The fact that the group had a lot of resources and appear to be working during Moscow office hours:

    The New York Times

    Russian Hackers Targeting Oil and Gas Companies

    By NICOLE PERLROTH
    JUNE 30, 2014

    SAN FRANCISCO — Russian hackers have been systematically targeting hundreds of Western oil and gas companies, as well as energy investment firms, according to private cybersecurity researchers.

    The motive behind the attacks appears to be industrial espionage — a natural conclusion given the importance of Russia’s oil and gas industry, the researchers said.

    The manner in which the Russian hackers are targeting the companies also gives them the opportunity to seize control of industrial control systems from afar, in much the same way the United States and Israel were able to use the Stuxnet computer worm in 2009 to take control of an Iranian nuclear facility’s computer systems and destroy a fifth of the country’s uranium supply, the researchers said.

    The Russian attacks, which have affected over 1,000 organizations in more than 84 countries, were first discovered in August 2012 by researchers at CrowdStrike, a security company in Irvine, Calif. The company noticed an unusually sophisticated and aggressive Russian group targeting the energy sector, in addition to health care, governments and defense contractors.

    The group was named “Energetic Bear” because the vast majority of its victims were oil and gas companies. And CrowdStrike’s researchers believed the hackers were backed by the Russian government given their apparent resources and sophistication and because the attacks occurred during Moscow working hours.

    A report released Monday by Symantec, a computer security company based in Mountain View, Calif., detailed similar conclusions and added a new element — the Stuxnet-like remote control capability.

    In addition to basic hacking techniques, like sending mass emails containing malicious links or attachments, the group infected websites frequented by energy workers and investors in what is known as a “watering hole attack.”

    In this attack, instead of targeting a victim’s computer network directly, hackers infect websites their targets visit often — like an online menu for a Chinese restaurant — with malicious software. Without knowing it, workers visiting that site inadvertently download the so-called malware and help the hackers get inside their computer network.

    The Russian hackers were careful to cover their tracks, the researchers said. They hid their malware using encryption techniques that made it difficult to identify their tools and where they came from. In some cases, researchers found evidence that the hackers were probing the core of victims’ machines, the part of the computer known as the BIOS, or basic input/output system. Unlike software, which can be patched and updated, once a computer’s hardware gets infected, it typically becomes unusable.

    F-Secure, the Finnish security firm, also told its clients last week about the Russian hacking group, which Symantec has named “Dragonfly.”

    ———-

    “Russian Hackers Targeting Oil and Gas Companies” by NICOLE PERLROTH; The New York Times; 06/30/2014

    “The Russian attacks, which have affected over 1,000 organizations in more than 84 countries, were first discovered in August 2012 by researchers at CrowdStrike, a security company in Irvine, Calif. The company noticed an unusually sophisticated and aggressive Russian group targeting the energy sector, in addition to health care, governments and defense contractors.

    And what made Crowdstrike so sure it was looking at a Russian government hacking operation: resources, sophistication, and Moscow working hours:


    The group was named “Energetic Bear” because the vast majority of its victims were oil and gas companies. And CrowdStrike’s researchers believed the hackers were backed by the Russian government given their apparent resources and sophistication and because the attacks occurred during Moscow working hours.

    That’s some really compelling evidence, if you ignore how many hacking operations around the world are going to have plenty of resources and the fact that doing all the attacks during Moscow working hours isn’t exactly a sign of sophistication.

    Let’s also not forget that it was “Moscow working hours” that was originally used by FireEye to attribute APT28/Fancy Bear with the Russian government back in 2014 too. And it wasn’t that the working hours detail was just a small part of their analysis. Along with the targets (Russia’s targets tend not to be exclusively Russian targets), the malware used (malware is reusable by other hackers unless there are unknown exploits), the language (i.e. leaving Russian language words and Cyrillic characters in the malware code, which is highly spoofable), and the Moscow working hour compile times (again, also highly spoofable) were the major reason for their conclusion that Fancy Bear was working for the Russian government:

    SCMagazine.com

    FireEye identifies cyber espionage group possibly tied to Russian government

    by Adam Greenberg, Senior Reporter
    October 28, 2014

    The country of Georgia and the Caucasus, Eastern European governments and militaries, and various security-related organizations including the North Atlantic Treaty Organization (NATO) have been the targets of a cyber espionage group – referred to as APT28 – that is believed to Russian, according to FireEye.

    Analyzed malware samples feature a consistent use of the Russian language, according to a FireEye report released Tuesday, which adds that more than 96 percent of malware samples were compiled between Monday and Friday and more than 89 percent were compiled between 8AM and 6PM in the time zone paralleling working hours in Moscow and St. Petersburg.
    http://spitfirelist.com/news/oh-what-tangled-webs-we-weev-ukraine-hacking-nukes-and-serpents-walk/
    APT28 is believed to have been operating since at least 2007, and its targeting, malware, language, and working hours has led FireEye to believe that the group is sponsored by the Russian government, Dan McWhorter, VP of threat intelligence with FireEye, told SCMagazine.com in a Tuesday email correspondence.

    ———-

    “FireEye identifies cyber espionage group possibly tied to Russian government” by Adam Greenberg; SCMagazine.com; 10/28/2014

    “APT28 is believed to have been operating since at least 2007, and its targeting, malware, language, and working hours has led FireEye to believe that the group is sponsored by the Russian government, Dan McWhorter, VP of threat intelligence with FireEye, told SCMagazine.com in a Tuesday email correspondence.”

    And that same type of questionably conclusive analysis used to attribute Fancy Bear/APT28 to the Russian government appears to have been used for the “Energetic Bear”/Dragonfly Russian government attribution too. And because the current attacks on electical grid systems has some simliarities to those hacks that were questionably attributed to the Russian government back in 2014, we now are apparently suppose to conclude that “Dragonfly 2.0” is also working for the Russian government. A daisy-chain of questionable assumption.

    So at this point the only thing we really know is that one of more groups has hacked into US and European electrical grids and if they cause a blackout it’s going to be immediately blamed on the Russian government and potentially cause a major international flashpoint. That’s pretty much all we know. Oh, and we also know that the hackers now know that whatever they do will be blamed on Russia. And that’s the kind of situation where we had better hope they really are Russian hackers. Because if there’s one advantage to the contemporary default position of “Russian hackers did it!” it’s that actual Russian government hackers might be less inclined to engage in a destructive hack, knowing they’ll get blamed whether there’s evidence or not. Of course, this also means that all non-Russian government hackers are going to be more inclined to engage in a destructive hack because, hey, why not spark a conflict with the US and Russia? For the lulz! And any other reasons a non-Russian hacker might have for wanting to foment conclict between two nuclear powers. It’s the downside of reflexively and preemptively blaming difficult/impossible to attribute cyberattacks attacks on Russia: all non-Russian hackers are given the green light to proceed with gusto.

    So, yeah, thanks to our “Russia did it!” default approach to these things we have to hope these really were Russian hackers that just hacked into the electrical grid. Because it could be worse than real Russian government hackers in that situation. A lot worse.

    Posted by Pterrafractyl | September 6, 2017, 2:42 pm
  6. Here’s a few more interesting fun facts that the ‘peace plan’ pushed by Ukrainian MP Andreii Artemenko and Felix Sater to the bizarre story of Mikahil Saakashvili breaking into Ukraine with the help of his supporters so he can wage an anti-corruption campaign against Petro Poroshenko. Supporters that include former Prime Minister Yulia Tymoshenko: First, note that Artemenko wasn’t the only Ukrainian politician to approach the Trump administration in early 2017. Yulia Tymoshenko did the same thing too in February, saying Trump promised her that he would “not abandon Ukraine.”

    Additionally, Valentyn Nalyvaichenko, the former head of the Security Service of Ukraine and a political ally of Tymoshenko, claims he traveled to the US in December and January and delivered to the U.S. Department of Justice proof of “political corruption by (Ukraine’s) top officials.” And he apparently gave the same material to Artemenko in 2015. And while Nalyvaichenko says he doesn’t back Artemenko’s peace plan, he did admit to submit a peace plan of his own to the US government.

    And there were even more peace plans from Ukrainian politicians in 2017, including one by Viktor Pinchuk, a Ukrainian oligarch who also a member of the anti-Russian Atlantic Council. So the notion that peace plan proposals were something only a zany pro-Kremlin obscure lawmaker would have engaged in is just not the case (especially since Artemenko doesn’t appear to actually be pro-Kremlin at all).

    So Artementko’s dirt on Poroshenko that he was hoping to use to topple the Poroshenko government came from a political ally of Yulia Tymoshenko. A political ally with his own peace plan that he proposed to the US. And that was just one of the additional peace proposals peddled to the US earlier this year:

    Kyiv Post

    Artemenko goes from obscurity to notoriety

    24 Feb 2017
    BY VERONIKA MELKOZEROVA, OKSANA GRYTSENKO

    Andrey Artemenko said he wanted to be a peacemaker. But within a week of the New York Times revealing on Feb. 19 that the little-known Ukrainian parliamentarian had brought to Washington a plan to end Russia’s war against Ukraine, he faced widespread criticism in his homeland. He could even be charged with treason.

    That’s because Artemenko’s plan was distinctly pro-Kremlin. The Radical Party lawmaker’s ideas included leasing Crimea to Russia for 50 years and the lifting of economic sanctions against Russia by the United States.

    It didn’t take long for the blowback to arrive.

    On Feb. 20, Radical Party leader Oleh Lyashko told journalists in parliament that Artemenko had been expelled from the party.

    “He (Artemenko) has positioned himself as a ‘peacemaker’, so we expect that he will also give up being a lawmaker,” said Lyashko. “Let those who suggest leasing Crimea first give their apartments to robbers to rent.”

    But Artemenko is not the only Ukrainian politician to reach out to the White House behind President Petro Poroshenko’s back.

    Yulia Tymoshenko, the former prime minister and leader of Batkivshchyna Party, had a brief meeting with U.S. President Donald J. Trump before the National Prayer Breakfast in Washington on Feb. 3, during which Trump reportedly promised her that he would “not abandon Ukraine.”

    And Valentyn Nalyvaichenko, the former head of the Security Service of Ukraine and a political ally of Tymoshenko, says he visited the U.S. in December and January.

    Nalyvaichenko told the Kyiv Post he met there with former Republican Senator Jim DeMint, a Trump advisor and president of the conservative the Heritage Foundation, a conservative think tank, and Bob Corker, a Republican senator from Tennessee and Senate Foreign Relations Committee chairman.

    Nalyvaichenko said he delivered to the U.S. Department of Justice proof of “political corruption by (Ukraine’s) top officials.” He said also delivered to Ukraine’s Prosecutor General’s Office materials about alleged money laundering and the illegal use of offshore companies by Poroshenko’s business partner and lawmaker Ihor Kononenko.

    Back in 2015, Nalyvaichenko gave the compromising materials on Poroshenko to Artemenko, which he claimed to also give to the U.S. authorities.

    At the same time, Nalyvaichenko called Artemenko’s idea of leasing Crimea to Russia unacceptable, and said he had brought to the U.S. his own peace plan.

    Many peacemakers

    Artemenko, who stays in the Rada as an independent parliamentarian, told the Kyiv Post on Feb. 22 that he saw his plan as the only reasonable alternative to the failed Minsk peace process.

    “Minsk doesn’t work – that’s obvious,” Artemenko said, adding that it was especially obvious after Russia said on Feb. 18 it recognized the “passports” issued by the Luhansk and Donetsk-based separatists who call the territories they occupy “republics.”

    Artemenko is not the only one to suggest an alternative to Minsk. Since December, suggestions to abandon the failed Minsk peace deal have also been made by oligarch Victor Pinchuk, businessman and former governor of Donetsk Oblast Serhiy Taruta, Vadym Chernysh, the minister for the temporarily occupied territories, and Andriy Yermolayev, the head of Nova Ukraina think tank, which is close to Serhiy Lyovochkin, a top lawmaker from the Opposition Bloc and ex-president Viktor Yanukovych’s former chief of staff.

    Like Pinchuk or Artemenko, Yermolayev proposed Ukraine adopt a neutral status and also launch a direct dialogue between Ukraine and the separatist authorities. Under the plan, the separatist-held zone would be demilitarized and placed under the control of UN peacekeepers and armed monitors from the Organization for Security and Cooperation in Europe.

    Lyashko later claimed the Kremlin was behind Artemenko’s plan. He said that Artemenko worked on the plan with Lyovochkin, Opposition Bloc faction leader Yuriy Boyko, and Ukrainian politician and close friend of Putin Viktor Medvedchuk.

    Medvedchuk’s spokesperson Oleg Babanin told the Kyiv Post on Feb. 22 that the politician had had nothing to do with Artemenko’s plan. He described Lyashko’s claims as “not serious.”

    Artemenko confirmed that he worked on the plan with several Ukrainian lawmakers, but said they are now afraid to admit this because of the negative public reaction to the proposed deal.

    Artemenko told the Kyiv Post he was going to have a press conference in Washington early in March, at which he will reveal all the details of his plan – and compromising material about Poroshenko, which he supposedly received from Nalyvaichenko.

    Meanwhile, fugitive lawmaker Oleksandr Onyshchenko told the Kyiv Post that Artemenko’s evidence of Poroshenko’s alleged corruption was similar to materials he himself had submitted to the U.S. authorities in December. Nalyvaichenko, however, denied having any links with Onyshchenko.

    Treason case

    On Feb. 21 Prosecutor General Yuriy Lutsenko revealed that Ukrainian prosecutors launched a criminal investigation of Artemenko, suspecting treason.

    The preliminary charges read that Artemenko, backed by Russia, betrayed Ukraine by promoting abroad the openly pro-Russian idea of leasing Crimea, thereby aiding the aggressor state.

    Artemenko denied that his plan was backed by Russia and said all the accusations against him “were just words that needed to be proven.”

    “We desperately need a new platform for dialog,” Artemenko said. “Or should we fight against Russia until the very last Ukrainian soldier?”

    And for an allegedly pro-Russian peace plan, Artemenko’s proposals have been poorly received by the Kremlin – at least in public.

    In particular, Dmitry Peskov, Russian President Vladimir Putin’s spokesperson, dismissed the part of the plan about leasing Crimea to Russia.

    “There’s nothing to talk about. How can Russia rent its own region from itself?” Peskov told the Telegraph.

    ———-

    “Artemenko goes from obscurity to notoriety” by VERONIKA MELKOZEROVA, OKSANA GRYTSENKO; Kyiv Post; 02/24/2017

    “But Artemenko is not the only Ukrainian politician to reach out to the White House behind President Petro Poroshenko’s back.”

    Nope, Artmenko in his peace plan efforts. He had competition in the secret peace plan department from Valentyn Nalyvaichenko, the former head of the Security Service of Ukraine and a political ally of Tymoshenko. Although it’s unclear how much competition he had since we don’t get to know any of the details of that alternative peace proposal. We just know that Nalyvaichenko didn’t like the proposal to have Russia lease Crimea. Other than that we have no idea how similar these plans were, but we do know that Nalyvaichenko was working with Artemenko on some level since he apparently gave Artemenko his anti-Poroshenko corruption evidence back in 2015:


    Yulia Tymoshenko, the former prime minister and leader of Batkivshchyna Party, had a brief meeting with U.S. President Donald J. Trump before the National Prayer Breakfast in Washington on Feb. 3, during which Trump reportedly promised her that he would “not abandon Ukraine.”

    And Valentyn Nalyvaichenko, the former head of the Security Service of Ukraine and a political ally of Tymoshenko, says he visited the U.S. in December and January.

    Nalyvaichenko told the Kyiv Post he met there with former Republican Senator Jim DeMint, a Trump advisor and president of the conservative the Heritage Foundation, a conservative think tank, and Bob Corker, a Republican senator from Tennessee and Senate Foreign Relations Committee chairman.

    Nalyvaichenko said he delivered to the U.S. Department of Justice proof of “political corruption by (Ukraine’s) top officials.” He said also delivered to Ukraine’s Prosecutor General’s Office materials about alleged money laundering and the illegal use of offshore companies by Poroshenko’s business partner and lawmaker Ihor Kononenko.

    Back in 2015, Nalyvaichenko gave the compromising materials on Poroshenko to Artemenko, which he claimed to also give to the U.S. authorities.

    At the same time, Nalyvaichenko called Artemenko’s idea of leasing Crimea to Russia unacceptable, and said he had brought to the U.S. his own peace plan.

    And the peace plans were limited to Nalyvaichenko and Artemenko:


    Many peacemakers

    Artemenko, who stays in the Rada as an independent parliamentarian, told the Kyiv Post on Feb. 22 that he saw his plan as the only reasonable alternative to the failed Minsk peace process.

    “Minsk doesn’t work – that’s obvious,” Artemenko said, adding that it was especially obvious after Russia said on Feb. 18 it recognized the “passports” issued by the Luhansk and Donetsk-based separatists who call the territories they occupy “republics.”

    Artemenko is not the only one to suggest an alternative to Minsk. Since December, suggestions to abandon the failed Minsk peace deal have also been made by oligarch Victor Pinchuk, businessman and former governor of Donetsk Oblast Serhiy Taruta, Vadym Chernysh, the minister for the temporarily occupied territories, and Andriy Yermolayev, the head of Nova Ukraina think tank, which is close to Serhiy Lyovochkin, a top lawmaker from the Opposition Bloc and ex-president Viktor Yanukovych’s former chief of staff.

    ‘Peace’ was in the air in late 2016-2017. At least something was in the air.

    And, again, keep in mind that Yulia Tymoshenko is currently trying to form an opposition alliance against Poroshenko. So it’s also worth noting another interesting fun fact about Artemenko’s history and Tymoshenko: while Artemenko was expelled from the Radical Party and has close ties to Right Sector/Pravy Sektor, there’s another chapter of his political background we can’t overlook in this context. In 2006 Andreii Artemenko became the head of the Kiev branch of Tymoshenko’s Batkivshchyna Party:

    Kyiv Post

    Andrey Artemenko: Who is this Ukrainian member of parliament with the peace plan?

    By Veronika Melkozerova.
    Published Feb. 20. Updated Feb. 20 at 8:24 pm

    Now ex-Radical Party member of parliament Andrey Artemenko came under criticism from all sides after the New York Times revealed on Feb. 19 that he was trying to broker his own peace plan to end Russia’s war against Ukraine.

    The plan was distinctly pro-Russian, but even the Russians rejected it and his freelance, amateurish diplomacy got him kicked out of his own party, although he remains a member of parliament.

    His ideas included leasing Crimea to Russia for 50 years and the lifting of economic sanctions against Russia by U.S. President Donald J. Trump.

    Dmitry Peskov, Vladimir Putin’s press secretary, denied prior knowledge of the sealed plan, which includes a suggestion that Ukraine lease Crimea to Russia, which annexed the region in 2014, the Telegraph in London quoted him as saying. “There’s nothing to talk about. How can Russia rent its own region from itself?” Peskov said.

    Artemenko described himself to the New York Times as a Trump-style politician.

    The 48-year-old lawmaker’s biography is colorful and controversial: He has a wife who is a model, he served 2.5 years in prison without a trial, he has business in U.S and he is involved in the military trade to the war zones in the Middle East. At home, he has close ties with the ultra-nationalistic Right Sector.

    “I demand Andrey Artemenko discard as a lawmaker. He has no rights to represent our faction and party. Our position is unchangeable – Russia is the aggressor and must get away from Ukrainian territories,” Oleh Lyashko, Radical Party leader said to the journalist in Verkhovna Rada on Feb. 20.

    “Nobody in Radical Party trades Ukraine,” Lyashko said. “To lease Crimea to Russia is the same as to give your own mother for rent to the traveling circus.”

    Artemenko told the New York Times that many people would criticize him as a Russian or American C.I.A. agent for his plan, but peace is what he’s after.

    “But how can you find a good solution between our countries if we do not talk?” Artemenko said.

    Before the New York Times story, Artemenko wasn’t famous. He may see himself as the next president of Ukraine, but others saw him as just another gray cardinal.

    Start from Kyiv

    Artemenko came into politics after business and jail. According to the biography on his official website, in the early 1990s he founded a law firm that advocated the interests of professional athletes and then he became a president of CSK Kyiv soccer club. In 1998-2000, he was the adviser of than Kyiv Mayor Oleksandr Omelchenko, a member and one of the founders of his party Unity.

    In 2002, Artemenko was arrested by the Prosecutor’s General Office of Ukraine on accusations of money laundering and kept in pre-trial detention for more than two years. However, he successfully challenged his imprisonment as illegal and groundless. He said prosecutors were persecuting him in hopes of getting Omelchenko, who was also suspected of money laundering.

    In 2004, Artemenko released from pre-trial detention center Lukyanivske on bail of Mikhail Dobkin, a Party of Regions lawmaker.

    But in 2006 he became the head of the Kyiv department of Batkivshchyna Party, led by now ex-Prime Minister Yulia Tymoshenko.

    In 2007-2013 Artemenko founded several companies that provided military logistics services into the conflict zones and traveled to Saudi Arabia, Syria, and Qatar for business trips.

    Since 2013 he has his own charity foundation that helps internally displaced persons from the war-torn Donbas.

    True patriot?

    Artemenko came to the Verkhovna Rada in 2014 as a Radical Party lawmaker (16th on the party’s list). According to the parliament’s website, Artemenko is the deputy head of the European Integration Committee and responsible for diplomatic connections with Saudi Arabia, Qatar, United States, Kuwait, Lithuania and Belarus.

    The lawmaker took an active part in EuroMaidan Revolution in 2013-2014 that deposed President Viktor Yanukovych.

    In 2014 he joined the Right Sector political party and was rumored to be one of the sponsors of its leader, Dmytro Yarosh, during his presidential election campaign in 2014.

    There is even a photo of Artemenko, seating among the Right Sector Party founders at the first party meeting in March 2014.

    Right Sector spokesperson Artem Skoropadsky told the Kyiv Post on Feb. 20 that he couldn’t confirm or deny whether Artemenko financed the Right Sector Party.

    “I was never into all the ‘financial stuff,’ but I have no information about him giving the money. I remember all those guys like him (Artemenko) and (Borislav) Bereza just came to us after March 22. They weren’t Right Sector members during the Revolution of Dignity,” said Skoropadsky.

    He said that after the end of EuroMaidan Revolution there was a “mess” in Right Sector. Dozens of people a day was coming to the activists only in Kyiv.

    “The ones who could afford it gave us money, others help in different ways. But as soon as we started building the structure of the organization, the guys like Artemenko and Bereza went to the other parties, came in Rada or other government structures,” Skoropadsky recalled.

    ———-

    “But in 2006 he became the head of the Kyiv department of Batkivshchyna Party, led by now ex-Prime Minister Yulia Tymoshenko.”

    So in 2006 Artemenko becomes head of the Kiev department of Tymoshenko’s party, and then it doesn’t appear that he aligns himself with a different party until 2014, when he participate in the Maidan revolution and later helps form Right Sector/Pravy Sektor and joins the Radical Party:


    The lawmaker took an active part in EuroMaidan Revolution in 2013-2014 that deposed President Viktor Yanukovych.
    And it was In 2014 he joined the Right Sector political party and was rumored to be one of the sponsors of its leader, Dmytro Yarosh, during his presidential election campaign in 2014.

    There is even a photo of Artemenko, seating among the Right Sector Party founders at the first party meeting in March 2014.

    Right Sector spokesperson Artem Skoropadsky told the Kyiv Post on Feb. 20 that he couldn’t confirm or deny whether Artemenko financed the Right Sector Party.

    Unless there’s some new revelation about Artemenko’s political activity from 2006-2014 it seems like a relatively safe assumption that he maintains pretty close ties to Tymoshenko and her party. Tymoshenko ally Valentyn Nalyvaichenko admitted to handing Artemenko dirt on Poroshenko and Tymoshenko is currently trying to form an anti-Poroshenko alliance with the help of Mikail Saakashvili. Curiouser and curiouser.

    Posted by Pterrafractyl | September 13, 2017, 1:28 pm
  7. @Pterrafractyl–

    Note that Nalyvaichenko tracks back to the OUN/B milieu, as does Timoshenko (Jaroslav Stetsko’s personal secretary Roman Svarych was “Just Us” Minister in both of her regimes).

    Keep up the great work!

    Best,

    Dave

    Posted by Dave Emory | September 13, 2017, 2:37 pm
  8. Here’s a piece about Andreii Artemenko from back in February in a Ukrainian outlet, Hromadske, that contains some additional information on his past associations and how they resulted in him joining up with Right Sector/Pravy Sektor. Specifically, it sounds like one of the figures Artemenko was imprisoned with back in 2001 for protesting with against the Kuchma regime was Mykola Karpyuk/Karpiuk, described as a frontman for the UNA-UNSO till March 2014. Recall from FTR#808 how the UNA-UNSO emerged from Roman Shukeyvuch’s UPA and eventually morphed into Right Sector/Pravy Sektor in 2014. Also recall that Roman Shukeyvuch led a pogram against the Jews of Lviv under orders from the Nazi occupiers and is now being celebrated there with “Shukhevychfest”. That’s the kind of group the UNA-UNSO was which tells us quite a bit about Artemenko’s associate Mykola Karpyuk. It also tells us quite a bit about how Artemenko ended up in Right Sector/Pravy Sektor.

    But there was another important claim by Artemaneko in the article that could also go quite a way in clearing up who may have been working with Artemenko on his ‘peace plan’. The peace plan that’s characterized as ‘pro-Kremiln’ despite the fact that it involves handing Crimea back to Ukraine and just leasing it out for 100 years and toppling Petro Poroshenko in a corruption scandal so Artemenko could take his place (it’s mostly just a pro-Artemenko plan). Artemenko asserts that he worked on this peace plan with other Ukrainian MPs who don’t want to be named. And while that leaves us speculating, he also recounts a previous attempt to negotiate with the Kremlin that should be kept in mind when assessing the likelihood that Right Sector may have been willing to engage in a back-channel negotiation with the Kremlin: According to Artemenko, Right Sector’s leadership had a meeting a few days before the Crimea referendum in 2014 with other right movement leaders and over the course of that meeting it was decided that Mykola Karpyuk would travel to Russia with the head of the Kiev Right Sector division and try to negotiate a resolution that would avoid the referendum. Karpyuk did exactly that, was arrested at the Russian-Ukrainian border, and sentenced to 22.5 years in prison for his participation in the Chechen civil war (see FTR#911 for more on the UNA-UNSO participation in the Chechen civil war).

    While the negotiations obviously didn’t work out for Right Sector, in light of the strange case of the Artemenko/Michael Cohen/Felix Sater peace plan scheme of 2016, it’s a pretty noteworthy precedent to read about a ‘peace plan’ back-channel that Right Sector was trying to establish with the Kremlin back in 2014:

    Hromadske International

    Who Is The Person That Suggested To Lease Crimea To Russia?

    21 February, 2017

    Political renegade, Trump fan and treasurer of the “Right Sector”. What do we know about the MP Andrii Artemenko?

    The MP Andrii Artemenko of the right-wing “Oleh Lyashko’s Radical Party” handed over a plan concerning Ukraine to then US National Security Advisor Michael Flynn. The plan included a proposal how to reconcile Ukraine and Russia and lift anti-Russian sanctions. In particular, it suggested to hold all-Ukrainian referendum on leasing Crimea to Russia, withdrawal of troops from Ukraine and lifting sanctions from Russia. Kremlin called the plan ‘an absurd’ and denied connections to formation of it.

    A week later Flynn resigned because of his leaked conversations with Russian diplomats on lifting American sanctions. In an interview with “Strana.ua” Artemenko claimed, that he turned over material compromising Poroshenko to the American government with the help of Valentin Nalivaychenko – Head of Ukrainian Security Service.

    In interview with Russian radio station “Echo of Moscow” he said: “I won’t deny, I sympathised with Trump since his confirmation. I am convinced that the American people ought to have elected someone like him. There are new international agreements in the making, new possibilities, also to end the Ukraine crisis. I can’t look at what Ukraine has become, the economic collapse we’re in. Poroshenko’s and the current government’s politics have led the country to a point, at which the loss of our autonomy and unity is a matter of days. The main goal and my duty is to establish peace. I am glad that my colleagues – the congressmen of the US, the Ukrainian MPs and hopefully the Russian MPs as well – will support my initiative. I hope we can create a platform to put an end to this ghastly conflict.”

    Who is Andrii Artemenko?

    Andrii Artemenko is a known renegade. He was the president of ?SKA Kiev football club, later he went to prison for stealing $4 million through it. He also was Kyiv mayor advisor in 2000, before going to prison.

    Artemenko was imprisoned together with Mykola Karpyuk – a frontman of far-right Ukrainian organization UNA-UNSO till March 2014. In 2000-2001 he and Artemenko were activists in protests “Ukraine without Kuchma” (ex-president of Ukraine) and were jailed for 4,5 years. During Maidan at 2013-2014 Karpyuk’s organization became a part of Right Sector – a union of far-right movements, which was set off during Maidan. In March 2014 after “referendum” in Crimea he went to Russia to negotiate with Putin’s aides about destiny of Crimea. Artemenko insisted on this. He was arrested by FSB officers on Russian-Ukrainian border and later condemned to 22.5 years in prison.

    In the 2014 elections Andrii Artemeko entered parliament on the list of “Oleh Lyashko’s Radical Party”, which is more populist, than ideological. Its odious leader was a member of Yulia Tymoshenko Bloc before taking the leadership of a new political movement. His US Viza was cancelled earlier. Artemenko claims that he is responsible for security in the party, as wells as „some economic issues and projects involving the attraction of foreign investments to Ukraine.“ But after NYT article brought to the lights the delivery of a ‘peace plan’, MP was excluded from the party.

    When the second Maidan started, Artemenko ended up – through Karpyuk, who by then was the leader of UNSO – in the “Right Sector”. According to former „Right Sector“ leader Dmytro Yarosh, he was responsible for the finances there. In March. 2014, before the referendum in Crimea, Russian court opened a case on him, accusing Dmytro Yarosh of ‘calls for extremist activity”. Two years after Interpol deleted the information about international search of Dmytro Yarosh. Now he is non-affiliated member of parliament and an advisor to the Chief of the General Staff.

    Later he started to oppose Yarosh, before leaving the “Right Sector” and becoming an MP with “Oleh Lyashko’s Radical Party”.

    Referendum in Crimea

    Artemenko told in Hromadske’s interview that couple days before the referendum on the status of Crimea was held on March, 2014, a meeting with Dmytro Yarosh, Mykola Karpiuk and other right movements took place. They were discussing the annexation of Crimea and a crisis plan.

    During the meeting it was decided that Karpiuk with the head of Kyiv Right Sector department will go to Russia to negotiate on the top-level.

    “Mykola (Karpiuk) decided to go to Russia by himself. […] Then the question of the annexation of Crimea was arrised, and some propositions from a person, close to Karpiuk, appeared. He suggested they could come and negotiate. Meabe we had a chance to cancel that “referendum”,” said Mr. Yarosh.

    The next day after the referendum Mykola Karpiuk and his collegue frim Right Sector were arrested on the Russian-Ukrainian border. Russian court sentenced him to 22,5 years of detention for allegedly participation in the Chechen war on separatists side. Amnesty International called this lawsuit “a mockery of justice”.

    Meanwhile Andrii Artemenko started clamour against then leader of Right Sector Dmytro Yarosh and got into the parliament as a member of “Radical Party”.

    American ties

    What surprises most American analysts and journalists is, how a marginally known and even less influential Ukrainian politician had a connection to the now ex-National Security Advisor to the President of the US. Artemenko claims that he worked seven years in the US and before returning to Ukraine, owned a logistics company in Qatar and that his work was connected to supplying military bases.

    In his interview with “Strana.ua”, Artemenko said that his “peace-plan” with Russia had been developed by a group of Ukrainian MPs (he wouldn’t tell names) and two key figures of this story – the personal lawyer and special advisor of Trump, Michael Cohen and the American businessman of Russian origin Felix Sater. Artemenko claims that he has known them for a long time. According to “Strana.ua”, he got acquainted with Sater through mutual friends and Cohen he knows since the time the lawyer founded a family “business on ethanol” in Ukraine.

    It was Cohen who left a sealed envelope containing the Ukraine plan in Michael Flynn’s office in the beginning of February. According to Artemenko, he discussed the “peace-plan” with Cohen and Sater “at the time of the primaries, when no one believed that Trump would even be nominated.”

    Trump has been acquainted with Sater for a long time. Sater had been Trump’s senior advisor for ten years. He claims that before that he actively cooperated with American intelligence agencies and allegedly helped to find Osama bin Laden.

    Michael Cohen – Trump’s lawyer – is said to be the US President’s connecting link to the Kremlin. In January 2017 “BuzzFeed” published an article on Trump’s ties to the Russian government, claiming that Trump has being cooperating with it for many years through Cohen. Among other things the articles says that Cohen met secretly Russian emissaries in Prague on 29 August 2016. He soon insisted on the article to be fake.

    Now he is denying that he transmitted the Ukranian MP’s “peace-plan” to the White House. But he confirmed meeting with Artemenko and receiving this plan from him.

    ———-

    “Who Is The Person That Suggested To Lease Crimea To Russia?” By Ekaterina Sergatskova. Translated by Fyodr Shulgin; Hromadske International; 02/21/2017

    Artemenko was imprisoned together with Mykola Karpyuk – a frontman of far-right Ukrainian organization UNA-UNSO till March 2014. In 2000-2001 he and Artemenko were activists in protests “Ukraine without Kuchma” (ex-president of Ukraine) and were jailed for 4,5 years. During Maidan at 2013-2014 Karpyuk’s organization became a part of Right Sector – a union of far-right movements, which was set off during Maidan. In March 2014 after “referendum” in Crimea he went to Russia to negotiate with Putin’s aides about destiny of Crimea. Artemenko insisted on this. He was arrested by FSB officers on Russian-Ukrainian border and later condemned to 22.5 years in prison.”

    When you’re hanging around with UNA-UNSO frontmen in 2000-2001 you just might end up in a neo-Nazi group like Right Sector 2014. It’s not so much a natural progression as a natural continuation.

    And note how it’s not just Artemenko who describes this meeting and the decision to send Mykola Karpyuk to Russia. Right Sector’s neo-Nazi leader Dmytro Yarosh confirms that this meeting happened too:


    Artemenko told in Hromadske’s interview that couple days before the referendum on the status of Crimea was held on March, 2014, a meeting with Dmytro Yarosh, Mykola Karpiuk and other right movements took place. They were discussing the annexation of Crimea and a crisis plan.

    During the meeting it was decided that Karpiuk with the head of Kyiv Right Sector department will go to Russia to negotiate on the top-level.

    “Mykola (Karpiuk) decided to go to Russia by himself. […] Then the question of the annexation of Crimea was arrised, and some propositions from a person, close to Karpiuk, appeared. He suggested they could come and negotiate. Meabe we had a chance to cancel that “referendum”,” said Mr. Yarosh.

    The next day after the referendum Mykola Karpiuk and his collegue frim Right Sector were arrested on the Russian-Ukrainian border. Russian court sentenced him to 22,5 years of detention for allegedly participation in the Chechen war on separatists side. Amnesty International called this lawsuit “a mockery of justice”.

    ““Mykola (Karpiuk) decided to go to Russia by himself. […] Then the question of the annexation of Crimea was arrised, and some propositions from a person, close to Karpiuk, appeared. He suggested they could come and negotiate. Meabe we had a chance to cancel that “referendum”,” said Mr. Yarosh.”

    So this isn’t just Andereii Artemenko telling tall tales. If it’s a tall tale, Dmyrto Yarosh is in on it. And the events of 2016 only buttress the events of 2014.

    And note Karpyuk’s arrest and sentencing to 22.5 years isn’t in question. His sentencing has been widely reported in Ukraine in a case that’s described as a judicial farce of made up lies about Karpyuk fighting in Chechnya. And as the following article from May of 2016 also makes clear, any mention of a Right Sector ‘peace plan’ for Crimea being the reason for Karpyuk’s arrest is not part of the coverage (his arrest is described as “unclear circumstances” in the following piece). So there’s clearly been no desire to have this 2014 peace plan outreach attempt by Right Sector discussed in public, which is part of why the admission Artemenko and Yarosh appear to have made in the above interview is so notable. No one involved with this failed 2014 far-right outreach to the Kremlin has really wanted to talk about it, despite the jailing of Karpyuk being a a case followed in the Ukrainian media:

    Unian.info

    Chechen court ruling: Karpiuk sentenced to 22.5 years, Klykh should serve 20 years

    Judge of the Supreme Court of the Republic of Chechnya Vakhit Ismailov has ruled to sentence Ukrainian citizen Mykola Karpiuk to 22.5 years in a strict-regime penal colony, another Ukrainian citizen Stanislav Klykh has been sentenced to 20 years in prison, according to Radio Free Europe/Radio Liberty freelance journalist Anton Naumlyuk

    19:42, 26 May 2016

    “Both Ukrainians signed an application for submitting an appeal against the court’s decision,” he wrote on Facebook on Thursday.
    [see Facebook post]
    As was reported, a prosecutor in Russia’s North Caucasus region of Chechnya called for two Ukrainian citizens convicted of fighting alongside Chechen separatists in the 1990s to be sentenced to 22.5 and 22 years in prison, respectively.

    Karpiuk, born in 1964, the leader of the Ukrainian National Assembly-Ukrainian National Self-Defense (UNA-UNSO) and one of the founders of the Right Sector, was detained under unclear circumstances in Russia on March 21, 2014. Based only on the statements of a Crimean recidivist serving a sentence in a Russian colony, the Russian services fabricated a criminal case against Karpiuk, claiming he allegedly fought against federal troops during the First Chechen War and even killed a number of Russian soldiers. Stanislav Klykh, a historian, was detained on August 11, 2014, when he arrived to visit his girlfriend in the Russian city of Orel. The Russian authorities accused him along with Karpiuk of involvement in the murder of Russian soldiers during the First Chechen War. The two Ukrainians deny their guilt, saying that they were tortured to witness. Ukrainian President Petro Poroshenko said that Karpiuk and Klykh should be freed under the Minsk agreements.

    ———-

    “Chechen court ruling: Karpiuk sentenced to 22.5 years, Klykh should serve 20 years”; Unian.info; 05/26/2016

    Karpiuk, born in 1964, the leader of the Ukrainian National Assembly-Ukrainian National Self-Defense (UNA-UNSO) and one of the founders of the Right Sector, was detained under unclear circumstances in Russia on March 21, 2014. Based only on the statements of a Crimean recidivist serving a sentence in a Russian colony, the Russian services fabricated a criminal case against Karpiuk, claiming he allegedly fought against federal troops during the First Chechen War and even killed a number of Russian soldiers. Stanislav Klykh, a historian, was detained on August 11, 2014, when he arrived to visit his girlfriend in the Russian city of Orel. The Russian authorities accused him along with Karpiuk of involvement in the murder of Russian soldiers during the First Chechen War. The two Ukrainians deny their guilt, saying that they were tortured to witness. Ukrainian President Petro Poroshenko said that Karpiuk and Klykh should be freed under the Minsk agreements.”

    Karpyuk was “detained under unclear circumstances in Russia on March 21, 2014.” That’s the general level of detail you’ll find in the stories on his arrest. But it appears Artemenko and Yarosh just revealed what exactly led to that arrest in the above interview and it was some sort of proposal Right Sector was willing to offer the Kremlin. Presumably a proposal involving extending Russia’s lease on Crimea and somehow getting Right Sector vaulted into power. You know, pretty much Artemenko’s plan.

    Posted by Pterrafractyl | September 18, 2017, 8:31 pm
  9. One of the more curious aspects of the whole #TrumpRussia investigation is how the case of Ukrainian far-right MP Andrey Artemenko and the ‘peace plan’ scheme he apparently hatched with Felix Sater and Michael Cohen continues to be regularly reported on and regularly cited as a key piece of circumstantial evidence suggesting the Trump team was secretly colluding with the Kremlin despite the fact that virtually everything about Artemenko’s background points in the exact opposite direction towards the anti-Kremlin faction of the Ukrainian far-right. It’s rather amazing. Even the Ukrainian press, which routinely notes Artemenko’s history with the viruently anti-Russian neo-Nazi Right Sector party, still treats Artemenko as a Kremlin agent as opposed to a Ukrainian far right agent. It’s such a remarkable disinformation strategy because it appears to hinge on the hope that the obvious is never pointed out. But so far it’s a strategy that’s largely worked.

    So it’s worth noting another one of those ‘WTF?!’ moments that’s popped up in the #TrumpRussia investigation. A ‘WTF?!’ moment involving Paul Manafort and his work as a political consultant (and possible money-launderer) for Viktor Yanukovich’s Party of Regions before Yanukovich was forced to flee during the Maidan protests following the mass outrage over the deaths of over 100 protestors by sniper fire widely blamed the Yanukovich government: Recall the thousands of text messages of Andrea Manafort, Paul Manfort’s daughter, that were allegedly hacked and released on the dark web back in February talking about Ukrainian “blood money” and how her dad had people people killed. Specifically, her texts appeared to allude to Manafort advising whoever did the sniper attacks to carry them out in order to bring international attention to the situation, including a text saying, ““You know he has killed people in Ukraine? Knowingly, as a tactic to outrage the world and get focus on Ukraine. Remember when there were all those deaths taking place. A while back. About a year ago. Revolts and what not. Do you know whose strategy that was to cause that, to send those people get them slaughtered.”

    And, of course, is was those sniper attacks that basically sealed the Yanukovich government’s fate by directing local and international outrage at the Ukrainian government, which is one of the reasons there’s so much speculation about the sniper attacks having actually been carried out by forced trying to get the Yanukovich government removed. Speculation backed up by an abundance of testimonies and questionable official investigations.

    And as we’re going to see, perhaps the biggest ‘WTF?!’ aspect of the investigation into the Maidan sniper attacks is that the official prosecutors claim to have found the sniper rifle as part of a larger cache of broken down weapons found sunk in a lake. And the person who led them to that cache was part of the Maidan protests. Yep. Ukrainian prosecutors assert that someone, still unnamed, who was part of the Maidan protests actually led the “Berkut” secret police units who are accused to carrying out the sniper attack out of Kiev so they could escape. This was the charge prosecutors were making last year, warning the Ukrainian public that there was be some shocking revelations when they finally reveal their case. A case the public is still waiting for.

    And, again, the one thing that more or less guaranteed the success of the Maidan revolution was the sniper fire which is part of why there was suspicions this was ‘friendly fire’ from the beginning. Sniping the protestors made absolutely no sense for the Yanukovich government but it made a lot of sense for a the Maidan protest movement…a movement tragically infused with exactly the kind of neo-Nazi forces that would have been more than happy to shoot some protestors to achieve their goal.

    So if Andrea Manafort was under the impression that her father was advising someone to carry out the sniper attacks in order to bring international attention to the situation you have to wonder if Manafort was advising more than just the Yanukovich government during that Maidan period. After all, while Manafort may have done some consulting work for the Party of Regions it’s not like we have any compelling reason to believe he’s actually loyal to the Party of Regions. Might he have been advising the pro-Maidan forces too? It’s a question worth asking. Especially if those hacked text messages become a focus in the investigation to establish the Trump campaign’s ties to the Kremlin. Much like the strange case of Andrey Artemenko, when it comes to Paul Manafort and the Maidan sniper it’s the kind evidence that, both circumstantially and logically, point in the opposite direction of the prevailing speculation:

    The Independent

    As the Russia investigation continues, the focus has intensified on Ukraine

    It is Paul Manafort, one of Donald Trump’s presidential campaign managers, who is most immediately in the firing line

    Kim Sengupta
    Thursday 21 September 2017 12:15 BST

    A hearing took place last week in Kiev on Andrii Artemenko’s efforts to have his citizenship restored. A day later John Bolton, the former American envoy to the UN, and a staunch Donald Trump supporter, told an international conference in the city that he expected some of the people around the US President to go to prison. Investigations into Paul Manafort, meanwhile, are looking at his activities in Ukraine.

    The Ukrainian connection in the Trump affair is under increasing scrutiny. Mr Artemenko, an MP, is a relatively unfamiliar name in the expanding and colourful cast of those now entangled. But his links with Donald Trump’s personal lawyer, Michael Cohen, and Felix Sater, a criminal and former business associate of Trump, has become important in establishing whether the Kremlin was actively seeking to influence American policy.

    Mr Artemenko has been accused of treason by the government of Petro Poroshenko and stripped of his citizenship. That came after revelations that he reportedly gave details of a secret plan to Mr Sater and Mr Cohen to be passed on to the Trump White House which would, in effect, formalise the dismemberment of Ukraine. The proposal was that sanctions against Russia would be lifted in return for Moscow leasing the Crimea for an unspecified amount of time.

    Mr Trump had stated during his election campaign that he may accept the Kremlin’s annexation of Crimea. Mr Artemenko delivered his plan to Mr Cohen who passed it on, it has been claimed, to Michael Flynn, a former Lieutenant General, who was then Mr Trump’s National Security Adviser. Mr Flynn was himself forced to resign over his contacts with the Russian government and is now the subject of an inquiry over that as well as over lobbying for Recep Tayyep Erdogan’s Turkish government.

    It is Mr Manafort who is most immediately in the firing line with his work as Mr Trump’s campaign manager as well as that of Viktor Yanukovych, Ukraine’s pro-Moscow President who was overthrown in the revolution of four years ago and fled to Russia, being examined.

    It has been revealed that Mr Manafort was secretly wiretapped by the FBI and has been told by prosecutors that he may face indictment over alleged violations of tax laws, money laundering, and lobbying for a foreign power. Federal agents working for Special Investigator Robert Mueller, who carried out an early morning raid at his apartment in Alexandria, Virginia, have taken away documents and computer files which include, it is believed, details of his work for President Yanukovych.

    A number of Mr Manafort’s associates have been subpoenaed by Mr Mueller’s team. They include the heads of two consulting firms, Mercury Public Affairs and the Podesta Group, who worked with Mr Manafort in Ukraine.

    Ukraine’s Anti-Corruption Bureau, set up under Western supervision, has allegedly discovered secret accounts, the so-called “black ledger”, supposedly showing that in a period of five years, between 2007 and 2012, when Mr Manafort received $12.7m from Mr Yanukovych’s Party of Regions. Officials hold that the money was part of an illegal clandestine system which had been used to pay off a number of figures. Mr Manafort has insisted that he had not received the money.

    Human rights groups in Ukraine also want to question Mr Manafort about killings during the Maidan protests in Kiev in 2014. Eugenia Zakrevska, a lawyer representing families of victims, is part of a team seeking information on who was complicit in President Yanukovych’s ordering security forces to open fire on demonstrators.

    The lawyer’s demands for explanation spring from the hacking earlier this year of the iPhone of Mr Manafort’s daughter, Andrea, with around 300,000 messages published in the dark web. One of the texts sent to her sister Jessica said: “Don’t fool yourself. That money we have is blood money.” It continued “You know he has killed people in Ukraine? Knowingly, as a tactic to outrage the world and get focus on Ukraine. Remember when there were all those deaths taking place. A while back. About a year ago. Revolts and what not. Do you know whose strategy that was to cause that, to send those people get them slaughtered.”

    In another text she said: “He is cash-poor right now. And now Ukraine is late in paying him.”

    No evidence has been presented that Mr Manafort was responsible for deaths and Andrea Manafort has refused to comment on the texts. Ms Zakrevska, however, wants Mr Manafort “to clarify the allegations contained in the text messages and to contact us with any information you may have about events that occurred in central Kiev between 18 and 20 February 2014”.

    Mr Artemenko, according to a New York Times report “emerged from the opposition” organised against President Poroshenko by Mr Manafort and was instigated in putting together the “peace deal” by figures close to Vladimir Putin. This is denied by the MP complains that that “anyone who has a personal opinion in Ukraine is automatically named a Russian spy. I don’t have such connections with Russia, that is the reason why I tried to involve the Trump administration on this issue and not the Kremlin.”

    But the man Mr Artemenko chose to help him get his plan to the Trump administration boasts of the sheer extent of his Russian connections. Felix Sater, born Felix Sheferovsky in Russia, whose family emigrated to the US when he was six, had declared that he could get the Kremlin’s backing to make Mr Trump the US President.

    “Our boy can become President of the USA and we can engineer it … I will get Putin on this programme and we will get Trump elected,” he emailed Mr Cohen, a lifelong friend. Another excited email to Mr Trump’s lawyer said “Can you believe two guys from Brooklyn are going to elect a President?”

    Mr Sater’s connections were enough to ensure that Ivanka Trump got to seat on Putin’s chair at the Presidential office in the Kremlin. He had chaperoned her and Donald Jr on a trip to Moscow at the request of Mr Trump. Ivanka recalls the trip included “a brief tour of Red Square and the Kremlin” and this may have involved sitting at President Putin’s desk.

    Mr Sater was jailed in 1991 for slashing a man with a broken cocktail glass (a margarita) and he was also convicted for involvement in an investment scam in which Russian and American organised crime groups targeted the elderly, some of whom were Holocaust survivors. On that occasion he avoided a potential sentence of 20 years, paying a £25,000 fine instead. He also became a federal informer. According to prosecution documents he supplied highly valuable material on al-Qaeda, Russian organised crime, the American mafia and foreign governments.

    Mr Artemenko, Mr Sater and Mr Cohen met at a Manhattan restaurant earlier this year where, according to Mr Artemenko and Mr Sater, the Ukraine plan was discussed at length and Mr Cohen offered to take it to Michael Flynn. The New York Times reported that he subsequently delivered it personally, in a sealed envelope, to the President’s National Security Adviser. Mr Cohen later denied this account. The newspaper stands by its story, saying that he had acknowledged what he had done to its journalists.

    Mr Flynn was forced to resign soon afterwards. Investigators now have obtained a copy of the Artemenko plan. Prosecution lawyers are said to be considering whether it constituted a covert attempt by a foreign power to influence US policy.

    Mr Artemenko feels he has been caught in the crossfire between Mr Trump and “the liberal media”. He will continue with his “Roadmap for Peace”, he says, and strive to regain Ukrainian nationality – his birth right. A source close to him refused to say whether or not he has agreed to meet Robert Mueller’s investigators.

    ———-

    “As the Russia investigation continues, the focus has intensified on Ukraine” by Kim Sengupta; The Independent; 09/21/2017

    “Human rights groups in Ukraine also want to question Mr Manafort about killings during the Maidan protests in Kiev in 2014. Eugenia Zakrevska, a lawyer representing families of victims, is part of a team seeking information on who was complicit in President Yanukovych’s ordering security forces to open fire on demonstrators.”

    Yep, three and a half years after those sniper attacks that were critical to the success of the Maidan revolution and the families of the victims still have yet to get any meaningful answers from the government investigators. So let’s hope someone really is looking into a possible role Manafort may have played in advising the forces behind those sniper attacks because it’s one of the most important unresolved mysteries of the whole situation in Ukraine:


    The lawyer’s demands for explanation spring from the hacking earlier this year of the iPhone of Mr Manafort’s daughter, Andrea, with around 300,000 messages published in the dark web. One of the texts sent to her sister Jessica said: “Don’t fool yourself. That money we have is blood money.” It continued “You know he has killed people in Ukraine? Knowingly, as a tactic to outrage the world and get focus on Ukraine. Remember when there were all those deaths taking place. A while back. About a year ago. Revolts and what not. Do you know whose strategy that was to cause that, to send those people get them slaughtered.”

    In another text she said: “He is cash-poor right now. And now Ukraine is late in paying him.”

    No evidence has been presented that Mr Manafort was responsible for deaths and Andrea Manafort has refused to comment on the texts. Ms Zakrevska, however, wants Mr Manafort “to clarify the allegations contained in the text messages and to contact us with any information you may have about events that occurred in central Kiev between 18 and 20 February 2014”.

    Did Paul Manafort seriously recommend the sniping of protestors “Knowingly, as a tactic to outrage the world and get focus on Ukraine”? If so, and if he made this recommendation to the Yanukovich government he’s got to be one of the worst political consultants in history. On the other hand, if he was quietly advising the far-right elements of the pro-Maidan forces, well…you can argue about the morality of that tactic but you can’t argue with the results. Those sniper attacks basically guaranteed the success fo the Maidan revolution. So which is it? Is Manafort a haplessly evil or a brilliantly evil consultant?

    It’s a pretty big question but, tragically like so much of the #TrumpRussia investigation, it’s a question is almost never asked. The narrative of this Trump affiliated network as being exclusively Kremlin operatives – as opposed to international sellout mobsters who will work for all sorts of nefarious forces and appear to be fascists at heart – is considered an absolutely vital narrative to maintain as opposed to a dangerous narrative that’s systematically skewing our understanding of how the world works by almost removing the western far right from consideration as a bad actor on the global battlefield even when there’s an abundance of evidence that the far right is carrying out these operations.

    Of course, we also have to keep in mind that, as we’ve seen with the s number of high profile hacks, there’s nothing stopping hackers from just fabricating texts and documents and that very well could be the case in these hacked texts. So it’s worth noting that Paul Manafort has actually confirmed that some of the hacked texts are real. As as the following article also notes, Andrea Manafort was actually with her dad in Florida during the sniper attacks (so it’s not inconceivable he was getting chatty about it with her) and the text she sent about the attacks were sent after they took place:

    CNN

    Ukraine lawyer seeks probe of alleged hacked texts of Manafort’s daughter

    By Simon Ostrovsky
    Updated 7:17 AM ET, Sat March 11, 2017

    Kiev, Ukraine (CNN)A Ukrainian human rights attorney representing the victims of mass police shootings in Kiev in 2014 has asked prosecutors to investigate what are purported to be the hacked text messages of one of Paul Manafort’s daughters, saying the texts point to possible influence Manafort had with Ukraine’s president during that period.

    “You know he has killed people in Ukraine? Knowingly,” Andrea Manafort allegedly wrote of her father in March 2015 in an angry series of texts to her sister, Jessica, about her father’s personal and professional life.

    “Remember when there were all those deaths taking place. A while back. About a year ago. Revolts and what not,” reads another text in reference to the bloodshed in Kiev.

    “Do you know whose strategy that was to cause that, to send those people out and get them slaughtered.”

    “He has no moral or legal compass,” Andrea allegedly wrote about her father earlier as part of the same conversation.

    The messages were obtained from a hacker website that in February posted four years’ worth of texts, consisting of 300,000 messages, apparently taken from Andrea Manafort’s iPhone.

    Paul Manafort: No comment

    Paul Manafort currently faces an FBI investigation over millions of dollars’ worth of payments he allegedly received while working as a political strategist for Ukraine’s Russia-backed president, Viktor Yanukovych. Manafort has denied receiving the undeclared cash payments.

    Protesters descended on Kiev’s central square in a peaceful protest in the winter of 2013 when Yanukovych unexpectedly backed out of a trade deal with the European Union under pressure from the Kremlin. Close to 100 people died in the shootings in the weeks before Yanukovych fled in February 2014.

    Ukrainian authorities say Yanukovych created conditions that allowed security forces to kill the pro-Western protesters in Kiev, but so far have not been able to charge him because he is in Russia.

    Manafort has not been linked to the shootings.

    Asked by CNN to comment, Manafort said via text message: “Comment on what. There is nothing.”

    Manafort would not confirm whether the texts were genuine, but in a Politico story last month on the texts, he indicated that some of them were.

    The texts suggest that Manafort and his daughter were together in Florida on the day of the worst violence in Kiev on February 20th, when close to 50 people died.

    Manafort already influential in Ukraine

    Thursday, the human rights lawyer, Eugenia Zakrevska, filed a motion in Kiev requesting that prosecutors verify the contents of the text message dump and take measures to compel US authorities to question Manafort.

    “I call on Mr. Manafort to clarify the allegations contained in the text messages and to contact us with any information he may have on those events,” Zakrevska told CNN.

    Zakrevska and a special prosecution unit have been working together on several concurrent cases looking into the violence in and around Kiev’s Independence Square.

    Zakrevska said all of the killings would have already taken place by the time Manafort met his daughter the evening of the 20th, if the texts’ timestamps are accurate, and she thought it was unlikely that Andrea actually witnessed Paul Manafort personally directing Kiev police forces.

    “But this doesn’t rule out Manafort’s influence on Yanukovych’s actions and decisions during that period,” Zakrevska said.

    Serhiy Gorbatyuk, Ukraine’s prosecutor for special investigations, confirmed to CNN that his office received Zakrevska’s motion and said the text messages would be investigated and potentially entered into evidence. “We will check thoroughly to verify if they are real or not.”

    Asked by CNN about the prospect of an investigation by the general prosecutors’ office, Manafort replied: “Total BS on GP (general prosecutor).”

    Manafort began working for Yanukovych in 2004 and grew to be an influential figure in Ukraine who had the ear of the President. After Yanukovych was ousted and pro-Western forces took the reins, Manafort stayed on in the country to help rebrand Yanukovych’s Party of Regions as “Opposition Bloc.”

    Covert methods and ‘shady email’

    The text messages, if genuine, shed light both on the last days of the Yanukovych regime in Ukraine and a turbulent period in the Trump campaign last summer, when Trump shook up his team’s leadership structure.

    They also cover the time period when Russia, according to US intelligence agencies, may have been conducting hacks into email accounts associated with the Democratic Party.

    In the same 2015 conversation with her sister, Andrea allegedly suggests to Jessica that their father used covert methods to send messages to Ukraine.

    “I was there when it happened. I saw him on his shady email,” she allegedly wrote. “They don’t write emails. They log on and write in the drafts So it’s never transmitted over any servers.”

    In another alleged exchange with Jessica, in June 2016, Andrea plays down her father’s involvement in the hacks of the Democratic Party emails.

    “Pretty crazy about all the email hacking huh?” the texts read. “Dad must be over the moon.”

    “Oh i saw.” is the reply. “The russians.”

    “Well it wasn’t dad’s doing. It was hackers,” Andrea allegedly writes back. “No clue who the hackers were. Fbi is looking into it.”

    ———-

    “Ukraine lawyer seeks probe of alleged hacked texts of Manafort’s daughter” by Simon Ostrovsky; CNN; 03/11/2017

    “Manafort would not confirm whether the texts were genuine, but in a Politico story last month on the texts, he indicated that some of them were.”

    Ok, so at least some of the texts are real based on Paul Manafort’s own admission, although he wouldn’t confirm which ones. But if the ones of the killings in Ukraine are real that’s pretty fishy since they were sent after the sniper attacks:


    The texts suggest that Manafort and his daughter were together in Florida on the day of the worst violence in Kiev on February 20th, when close to 50 people died.

    Thursday, the human rights lawyer, Eugenia Zakrevska, filed a motion in Kiev requesting that prosecutors verify the contents of the text message dump and take measures to compel US authorities to question Manafort.

    “I call on Mr. Manafort to clarify the allegations contained in the text messages and to contact us with any information he may have on those events,” Zakrevska told CNN.

    Zakrevska and a special prosecution unit have been working together on several concurrent cases looking into the violence in and around Kiev’s Independence Square.

    Zakrevska said all of the killings would have already taken place by the time Manafort met his daughter the evening of the 20th, if the texts’ timestamps are accurate, and she thought it was unlikely that Andrea actually witnessed Paul Manafort personally directing Kiev police forces.

    “But this doesn’t rule out Manafort’s influence on Yanukovych’s actions and decisions during that period,” Zakrevska said.

    It’s going to be interesting to see what, if anything, Ukrainian investigators into the sniper attacks say about this part of their investigation. And investigation that continues three and a half years after the attacks.

    Of course, given that the investigation would utterly undermine the current Ukrainian government if it concluded that the snipers were anyone other that people working on Yanukovich, it’s hard to have too much confidence in its outcome. Still, the investigators are going to have to release some sort of conclusion eventually. And that brings us to the remarkable warning prosecutors gave to the Ukrainian public in July of 2016 about who was working with the sniper: The prosecutors continue to assert tha the sniper was a member of the “Berkut” secret police. But, prosecutors warn the public, get ready for a major twist because the person who prosecutors say led the group of Berkut forces who carried out the attacks was a member of the Maidan protest. This is the warning issued by Ukraine’s Prosecutor General.

    So given how much circumstantial evidence suggests someone backing the the protests actually shot the protestors in order to generate international outrage against the Yanukovich government it’s worth keeping in mind that the person who led Ukrainian investigators to the cache of weapons allegedly used the attacks was also a member of the protests:

    Unian.info

    Prosecutors say public to face unpleasant surprise in Maidan killings probe

    Ukraine’s Prosecutor General Yuriy Lutsenko says that the man who helped so-called “black hundred” of police task force Berkut, who had been shooting at protesters during the Revolution of Dignity, flee Kyiv and deliberately drowned their weapons to conceal evidence, was himself one of the participants of the Maidan protests.

    12:00, 24 July 2016

    “With the help of military counterintelligence, we have found weapons of the “black hundred,” including a sniper rifle, which the entire country saw on footage showing the shooting at the protesters from outside the October Palace,” he told the 112 Ukraine TV channel.

    “We found it with a large number of automatic rifles on the bottom of one of Kiev’s lakes. They were cut and drowned in one batch by a single group, whose leader is one of the targets of our investigation. Unfortunately, this man who, according to our version, upon the orders of [former Interior Minister Vitaliy] Zakharchenko helped the “black hundred” flee Kyiv, destroyed and drowned their weapons, he, himself, was with us on the Maidan,” Lutsenko said.

    As UNIAN reported earlier, the Prosecutor General’s Office July 14 conducted searches at the houses of persons involved in assisting the troops from Berkut police special forces’ “black hundred” in fleeing Kyiv after the bloody killings of the Maidan activists and subsequent destruction of their weapons.

    Earlier, Deputy Prosecutor General of Ukraine, Chief Military Prosecutor Anatoliy Matios said: “When public learns who is involved in this, people will be very surprised.” According to him, information to be published may cause rejection, “but the truth is the truth.”

    ———-

    “Prosecutors say public to face unpleasant surprise in Maidan killings probe”; Unian.info; 07/24/2016

    “”We found it with a large number of automatic rifles on the bottom of one of Kiev’s lakes. They were cut and drowned in one batch by a single group, whose leader is one of the targets of our investigation. Unfortunately, this man who, according to our version, upon the orders of [former Interior Minister Vitaliy] Zakharchenko helped the “black hundred” flee Kyiv, destroyed and drowned their weapons, he, himself, was with us on the Maidan,” Lutsenko said.”

    Yes, according to Ukraine’s Prosecutor General Yuriy Lutsenko, the leader of the Berkut officers who carried out the attack was “with us on the Maidan”. Yeah, that’s quite a twist. The kind of twist that’s going to make it very interesting to hear more of the details from these prosecutors in terms who this person is and what the evidence is that they were directing this sniper operation. Like, do the prosecutors primarily have evidence tying the weapons they found back to this mystery Maidan person, and then extrapolate that they must have been leading the Berkut because it was a foregone conclusion that the Berkut carried out the attack? Or do prosecutors have evidence tying these discovered weapons to the Berkut members? These are the kinds of details the world is still waiting for and in the mean time we have to settle for the sporadic hints of what to expect.

    And thanks to those hacked texts we now have to ask the question: what was the relationship between Paul Manafort and this mystery Maidan individual who prosecutors assert was secretly leading the Berkut unit charged with the sniper attacks? It doesn’t seem likely we’ll ever get an answer to that question but it’s still worth asking. Like so many of the ‘WTF?!’ questions swirling around all things involving Russian and Ukraine these days that are either never asked, or asked, answered, and systematically ignored.

    Posted by Pterrafractyl | September 30, 2017, 3:24 pm
  10. @Pterrafractyl–

    Brilliant, brilliant work!!

    Bravo!

    Recall that in FTR #919, I suggested that Manafort’s CV suggests that he was actually an agent of penetration, sent in to ally himself with a leader targeted for destabilization and subsequent removal.

    http://spitfirelist.com/for-the-record/ftr-919-the-trumpenkampfverbande-part-2-german-ostpolitik-part-2/

    The analysis you have presented suggests that that was the case in Ukraine, as it was in the Philippines.

    Keep up your magnificent efforts.

    Best,

    Dave

    Posted by Dave Emory | September 30, 2017, 4:15 pm
  11. A number of significant questions have been raised by Trump administration’s refusal to certify the Iran nuclear deal and threatened to abandon it altogether if it isn’t modified, but perhaps the most ominous question is whether or not the intent of this actions is actually to create the conditions where Iran not only chooses to reignite its nuclear program but actually build a nuclear device. Could that be part of the agenda? As far fetched as the possibility might seem on its face, in the context of a number of other nuclear-related stories we’ve seen emerge from the Trump team over the last year it’s a question we have to ask.

    Let’s recall all those stories:
    1. The secret negotiations involving Ukrainian far right politician Andreii Artemenko, Felix Sater, Robert Armao, and Trump Org attorney Michael Cohen to rehab Ukraine’s nuclear power sector and export electricity to Ukraine’s neighbors.

    2. The evidence indicating that North Korea’s recent advances in ICBM technology came from a Ukrainian rocket factory, raising obvious questions about whether or not the Ukrainian far right played a role in the technology transfer.

    So we have a story about a possible the Ukrainian missile technology trafficking network (which would likely involve the Ukrainian far right if such a network exists) paired with a story about Felix Sater and Michael Cohen talking with a Ukrainian far right politician upgrading Ukraine’s nuclear plants. All in all, it’s pretty clear that at least elements of Ukraine’s far right has an eye on exploiting the two sectors of Ukraine’s economy that are required for a nuclear missile.

    But then there’s following story that came out back in June about another nuclear-power related scheme. A scheme that involving Michael Flynn a group of US ex-generals to totally transform the energy sector across the Middle East by encouraging nuclear power in countries like Saudi Arabia, Egypt and Jordan. Part of the reported motivation behind the plan was concerns about the amount of international business the US nuclear industry was losing out to Russian and South Korean nuclear industries. But one of the other key goals of this scheme was to incentivize Russia to drop Iran as a client state by making Russia a key partner in the plan, along with promises for more sales of Russian military hardware if it drops Iran as a client.

    And this scheme was already getting explored by Michael Flynn back in June of 2015 (so before Flynn actually joined Trump’s campaign), when Flynn flew to Egypt and Israel . It was reportedly up to Michael Flynn to explore the Egyptian and Israeli receptivity to the idea. The Obama administration opposed the plan due to Russia’s involvement, so when Michael Flynn later became Trump’s national security advisor the plan suddenly looked like a real possibility. But then all the investigations in the Trump campaign and the Kremlin emerged and backers began to walk away.

    The Saudis also reportedly never showed much interest in the plan, with some suspecting that the Saudis have much greater nuclear ambitions (like secret nuclear weapons development with Pakistan or China).

    So we have Michael Flynn participating in secret negotiations over a scheme hatched by US ex-generals to promote the US nuclear power sector by partnering with the Russian nuclear sector (in order to weaken Iran), and the Trump team was suddenly exactly the kind of administration that might be able to make this plan come to fruition given its overtly friendly disposition towards Moscow. But then #TrumpRussia derails the scheme.

    It all raises the question of how the collapse of the Iran nuclear deal might impact the future prospects of this scheme. Because if Iran ends up restarting its nuclear weapons program we should expect a response from its Sunni rivals. And if that happens, a scheme involving the development of nuclear power (a stepping stone to a nuclear weapons program) just might become a lot more tempting for the various players involved. And it’s hard to imaging a scheme with more potential profits than setting up a long-term nuclear power plant building, maintenance, and waste storage and disposal disposal contracts across the Middle East for decades to come with the possibility of future nuclear weapons-related services when the situation devolves into a nuclear arms race.

    All in all, it’s a reminder that starting a nuclear arms race in the Middle East would be incredibly profitable (until the nukes fly, although they’ll probably find a way to profit from that):

    Newsweek

    Michael Flynn, Russia and a Grand Scheme to Build Nuclear Power Plants in Saudi Arabia and the Arab World

    By Jeff Stein On 6/9/17 at 7:00 AM

    Updated | By the time Michael Flynn was fired as President Donald Trump’s national security adviser in February, he had made a lot of bad decisions. One was taking money from the Russians (and failing to disclose it); another was taking money under the table from the Turks. But an overlooked line in his financial disclosure form, which he was forced to amend to detail those foreign payments, reveals he was also involved in one of the most audacious—and some say harebrained—schemes in recent memory: a plan to build scores of U.S. nuclear power plants in the Middle East. As a safety measure.

    In 2015 and 2016, according to his filing, Flynn was an adviser to X-Co Dynamics Inc./Iron Bridge Group, which at first glance looks like just another Pentagon consultancy that ex-military officers use to fatten their wallets. Its chairman and CEO was retired Admiral Michael Hewitt; another retired admiral, Frank “Skip” Bowman, who oversaw the Navy’s nuclear programs, was an adviser. Other top guns associated with it were former National Security Agency boss Keith Alexander and retired Marine Corps General James “Hoss” Cartwright, a former vice chairman of the Joint Chiefs of Staff whose stellar career was marred when he was prosecuted last year for lying to the FBI during a leak investigation.

    In June 2015, knowledgeable sources tell Newsweek, Flynn flew to Egypt and Israel on behalf of X-Co/Iron Bridge. His mission: to gauge attitudes in Cairo and Jerusalem toward a plan for a joint U.S.-Russian (and Saudi-financed) program to get control over the Arab world’s rush to acquire nuclear power. At the core of their concern was a fear that states in the volatile Middle East would have inadequate security for the plants and safeguards for their radioactive waste—the stuff of nuclear bombs.

    But no less a concern for Flynn and his partners was the moribund U.S. nuclear industry, which was losing out to Russian and even South Korean contractors in the region. Or, as Stuart Solomon, a top executive along with Hewitt at his new venture, IP3 (International Peace, Power and Prosperity), put it in a recent speech to industry executives, “We find ourselves…standing on the sidelines and watching the competition pass us by.”

    That the oil-rich, sun-soaked Arab Middle East would pursue nuclear energy seems paradoxical. But as The Economist noted in 2015, “Demand for electricity is rising, along with pressure to lower carbon emissions; nuclear plants tick both boxes.” And some of the region’s major players, like Egypt and Jordan, don’t have oil and gas resources and “want nuclear power to shore up the security of their energy supplies,” The Economist said.

    So the genius idea the Americans advocated was a U.S.-Russian partnership to build and operate plants and export the dangerous spent fuel under strict controls. Flynn’s role would be helping X-Co/Iron Bridge design and implement a vast security network for the entire enterprise, according to an internal memo by ACU Strategic Partners, one of the lead companies involved, obtained by Newsweek.

    Not only would the project revive the U.S. nuclear industry, but it would cost American taxpayers nothing, its principals asserted. It would be “funded entirely by Saudi Arabia and other Gulf countries,” according to the ACU memo. The cost for the kingdom? “Close to a trillion dollars,” says a project insider, who asked for anonymity in exchange for discussing internal matters.

    Theoretically, the Saudis and other “participating Mid-East governments” would recoup some costs by selling energy “through their utilities,” according to the ACU plan. But if the Saudis and other Arab states buy in, it won’t be for energy, says Thomas Cochran, a prominent scientist and nuclear nonproliferation proponent involved with the ACU project. “They are buying security,” he tells Newsweek. Under the ACU plan, “they’re buying a security arrangement involving the U.S., Russia, France, and the U.K., eventually.”

    Left out of this grand nuclear scheme: Iran (along with Syria, its war-ravaged Shiite proxy). In fact, “it was always part of the project that Russia’s involvement…would tilt Russia away from Iran,” Fred Johnson, ACU’s chief economist, wrote in an email to his advisers obtained by Newsweek. The idea was that Russia, facing what Johnson called an “economic and existential calamity” because of low oil prices, could use the income generated from the partnership. The consortium could then purchase “Russian military hardware” to compensate Moscow for losing military sales to Iran.

    “Further plans to sideline Iran,” Johnson wrote, included “the development of X-Co,” the Hewitt company that Flynn was advising, “with its very visible deployment of Sea Launch,” a Russian company “that would provide a platform for rockets” to put surveillance satellites in orbit.

    Flynn was “not involved” in the negotiations with Sea Launch, Cochran says. The former general, now being pursued by federal investigators probing contacts between Russian officials and Trump’s inner circle, did not respond to an inquiry from Newsweek. People associated with the Middle East project say they thought Flynn’s involvement was limited to sounding out the Egyptians and Israelis on security aspects of the enterprise. He listed no income from X-Co/Iron Bridge on his financial disclosure form.

    “To the best of my knowledge,” Flynn was not being paid for his expertise, as was the case with many advisers to the project, Cochran says, but the former general’s travel expenses were picked up by ACU, as were his own. (The cost of business-class round-trip airfare and exclusive hotels for the trip would have ranged between $10,000 and $15,000.)

    Hewitt denied that isolating Iran was part of the plan. “X-Co wasn’t created to simply ‘sideline Iran,’” he responded to Johnson and their associates in an email. “It was designed to set the conditions for stability which were the precursors to building 40 plants” and to “solidify the [Gulf Corporation Council], Jordan, Egypt under a security construct, led by two superpowers, using state of the art capability.”

    But the project faced opposition from the Obama administration, Cochran says. “They didn’t want to do it with the Russians and didn’t want to do it while they were negotiating the Iran [nuclear] deal,” he tells Newsweek.

    Trump’s embrace of Russian President Vladimir Putin, on the other hand, offered an attractive possibility. And when Flynn, who had connections to the Russians, became the candidate’s national security adviser, the ACU team, led by British-American dealmaker Alex Copson, suddenly seemed to have an inside man. Last year, Copson was touting such connections when he tried to persuade the Tennessee Valley Authority to transfer an unfinished Alabama nuclear plant to the ACU in exchange for shares in the consortium that would build reactors in the Middle East, telling a Huntsville reporter that “Alabama’s two senators”—both Republicans, and one, Jeff Sessions, then a top Trump campaign adviser—“can help the next administration move this project forward.” The plant was eventually sold to another company.

    When reports surfaced that the FBI was investigating possible collusion between the Russians and the Trump campaign, however, some of Copson’s partners and advisers decided it was time to walk away. “When Copson decided he was going to saddle up with the Trump team, that was the last straw for me,” the insider says. “I said it’s time to regroup.”

    The Saudis hadn’t shown much interest anyway, the insider says. “Copson was promising the advisers lots of money if the Saudis put up money,” but it failed to materialize. “And so there’s nothing that anyone was going to gain unless the project was a success,” he tells Newsweek.

    Hewitt and his associates also split from ACU to pursue their own path toward a nuclear-powered Middle East, one that would swap in China for Russia as a nuclear partner, two sources close to the project say. (Hewitt declined to discuss plans for IP3, telling Newsweek he was “working hard to create our public persona right now.”)

    But the highly regarded Cochran stayed with ACU. A longtime senior scientist at the Natural Resources Defense Council, where he was director of its nuclear program, Cochran was the author of countless studies and articles over the decades and had initiated with Moscow the U.S.-Soviet nuclear test ban verification project in 1986. He “has extraordinary chutzpah,” a writer for Scientific American observed in 1998. “He is willing to take on what most people wouldn’t bother with because they assume it’s hopeless.”

    Or nuts. In 2001, a writer for the left-wing In These Times weekly got hold of a draft proposal for a 1990s-era project that Cochran was involved in, the Non-Proliferation Trust (NPT), which envisioned taking control of spent fuel from reactors around the world and shipping it to Russia “on large ships mounted with an arsenal of weapons designed to ward off nuclear pirates,” wrote Jeffrey St. Clair. “The big question is what happens to the waste after it arrives in Russia.”

    Most observers, including Cochran, believe countries developing nuclear power should be responsible for disposing of their own spent nuclear fuel. What St. Clair failed to appreciate, he says, is the difficulty of doing so for many countries, either because of geology (Taiwan, in the earthquake-prone Pacific), costs (Mexico) or a weak security environment, as in the Middle East, “where the buildup of spent fuel represents a significant proliferation risk.” Had the NPT project not failed, Cochran says, “we probably would have a spent fuel repository underway in Russia” and now under strict oversight—instead of a looming crisis. As for the danger of shipping spent fuel across the oceans, Cochran says it’s been done safely for decades.

    All the more reason to partner with the Russians today in an ironclad security arrangement, Hewitt says. “We’re always going to be engaged in the security of the Middle East,” he told a May gathering at the Nuclear Energy Institute. “It is in our best interests to ensure that nuclear power is introduced with all of the safety [standards of the U.S.].”

    Cochran urges critics not to lose focus on the big picture, which he alternately likens to launching the U.S. Marshall Plan, which rebuilt Europe after World War II, and the Tennessee Valley Authority, which tamed rivers and brought electricity and industrial development to the American South in the 1930s. “It would provide energy and jobs and so forth for countries like Egypt and others in the region,” he says, “so that these young men have got something more useful to do than go out and shoot each other.”

    For a project fraught with such diplomatic and logistical minefields, however, Copson is perhaps an odd choice to lead ACU into the Middle East. Widely reported to be “a sometime bass player with the British rock band Iron Butterfly,” (though not an official member), Copson once famously “described the natives of the Marshall Islands as ‘fat, lazy fu cks’ when they nixed one of his nuke dump schemes” in the Central Pacific Ocean, muckraking journalist Greg Palast wrote in 2001. (The islands are now disappearing under rising seas.)

    Copson did not respond to several calls, emails and written questions asking for comment. But it’s not likely the Trump team, many of whom are under close scrutiny for their undisclosed Russian contacts, will be any help to Copson now. And the Saudis aren’t “taking the kind of steps that would be required to really get serious about setting up a civil nuclear-energy infrastructure,” says Tristan Volpe, a fellow in the Nuclear Policy Program of the Carnegie Endowment for International Peace in Washington, D.C.

    Others suspect the Saudis are up to something more nefarious because of the U.S.-led nuclear deal with Iran. The Saudis “have big ambitions for nuclear,” says David Albright, president of the Institute for Science and International Security in Washington, D.C. “The issue is whether they cross over into any processing or enrichment” with secret partners like Pakistan or China.

    Flynn once expressed deep worries about a Saudi-Iranian nuclear arms race. In a January 2016 interview with Al-Jazeera, he sounded like Cochran, the elder statesman of the nonproliferation movement. “An entirely new economy is what this region needs,” he said, especially for the millions of unemployed young men living under corrupt autocracies and tempted by extremism. “You’ve got to give them something else to do. If you don’t, they’re going to turn on their own governments.”

    But that was before he hitched up with Trump, who has embraced the Saudi monarchy and ratcheted up his rhetoric against Iran. Talk of a grand scheme to create jobs in the Middle East, meanwhile, has evaporated, with the Russia scandal enveloping not only Flynn but Trump’s entire presidency.

    ———-

    “Michael Flynn, Russia and a Grand Scheme to Build Nuclear Power Plants in Saudi Arabia and the Arab World” by Jeff Stein; Newsweek; 06/09/2017

    In June 2015, knowledgeable sources tell Newsweek, Flynn flew to Egypt and Israel on behalf of X-Co/Iron Bridge. His mission: to gauge attitudes in Cairo and Jerusalem toward a plan for a joint U.S.-Russian (and Saudi-financed) program to get control over the Arab world’s rush to acquire nuclear power. At the core of their concern was a fear that states in the volatile Middle East would have inadequate security for the plants and safeguards for their radioactive waste—the stuff of nuclear bombs.”

    A joint US-Russian plan to set up and safeguard nuclear plants around the Middle East. A plant that not only might draw Russia away from Iran but also save the US nuclear industry from Russian competition. And the Saudis and other Gulf countries would finance the entire thing:


    But no less a concern for Flynn and his partners was the moribund U.S. nuclear industry, which was losing out to Russian and even South Korean contractors in the region. Or, as Stuart Solomon, a top executive along with Hewitt at his new venture, IP3 (International Peace, Power and Prosperity), put it in a recent speech to industry executives, “We find ourselves…standing on the sidelines and watching the competition pass us by.”

    That the oil-rich, sun-soaked Arab Middle East would pursue nuclear energy seems paradoxical. But as The Economist noted in 2015, “Demand for electricity is rising, along with pressure to lower carbon emissions; nuclear plants tick both boxes.” And some of the region’s major players, like Egypt and Jordan, don’t have oil and gas resources and “want nuclear power to shore up the security of their energy supplies,” The Economist said.

    So the genius idea the Americans advocated was a U.S.-Russian partnership to build and operate plants and export the dangerous spent fuel under strict controls. Flynn’s role would be helping X-Co/Iron Bridge design and implement a vast security network for the entire enterprise, according to an internal memo by ACU Strategic Partners, one of the lead companies involved, obtained by Newsweek.

    Not only would the project revive the U.S. nuclear industry, but it would cost American taxpayers nothing, its principals asserted. It would be “funded entirely by Saudi Arabia and other Gulf countries,” according to the ACU memo. The cost for the kingdom? “Close to a trillion dollars,” says a project insider, who asked for anonymity in exchange for discussing internal matters.

    It would be “funded entirely by Saudi Arabia and other Gulf countries,” according to the ACU memo. The cost for the kingdom? “Close to a trillion dollars,” says a project insider, who asked for anonymity in exchange for discussing internal matters.”

    That’s not chump change. And keep in mind that if this plan actually happened we’re talking about building nuclear plants that are going to be running for decades generating waste that’s going to have to be stored for potentially centuries. It’s A LOT of money at stake.

    And it was Donald Trump as president who just might be able to thread this needle and make it happen. Until #TrumpRussian happened and the deal appears to have fallen apart (and the Saudis never showed much interest anyway):


    But the project faced opposition from the Obama administration, Cochran says. “They didn’t want to do it with the Russians and didn’t want to do it while they were negotiating the Iran [nuclear] deal,” he tells Newsweek.

    Trump’s embrace of Russian President Vladimir Putin, on the other hand, offered an attractive possibility. And when Flynn, who had connections to the Russians, became the candidate’s national security adviser, the ACU team, led by British-American dealmaker Alex Copson, suddenly seemed to have an inside man. Last year, Copson was touting such connections when he tried to persuade the Tennessee Valley Authority to transfer an unfinished Alabama nuclear plant to the ACU in exchange for shares in the consortium that would build reactors in the Middle East, telling a Huntsville reporter that “Alabama’s two senators”—both Republicans, and one, Jeff Sessions, then a top Trump campaign adviser—“can help the next administration move this project forward.” The plant was eventually sold to another company.

    When reports surfaced that the FBI was investigating possible collusion between the Russians and the Trump campaign, however, some of Copson’s partners and advisers decided it was time to walk away. “When Copson decided he was going to saddle up with the Trump team, that was the last straw for me,” the insider says. “I said it’s time to regroup.”

    The Saudis hadn’t shown much interest anyway, the insider says. “Copson was promising the advisers lots of money if the Saudis put up money,” but it failed to materialize. “And so there’s nothing that anyone was going to gain unless the project was a success,” he tells Newsweek.

    So now some of the people are insteady pursuing a different plan, swapping out Russia for China:


    Hewitt and his associates also split from ACU to pursue their own path toward a nuclear-powered Middle East, one that would swap in China for Russia as a nuclear partner, two sources close to the project say. (Hewitt declined to discuss plans for IP3, telling Newsweek he was “working hard to create our public persona right now.”)

    So even if such a plan proves impossible with Russia’s involvement, it still might happen with China if that ends up being more politically palatable.

    But whatever deal the Saudis sign on to is probably going to involve them eventually acquiring their own nuclear arsenal:


    Others suspect the Saudis are up to something more nefarious because of the U.S.-led nuclear deal with Iran. The Saudis “have big ambitions for nuclear,” says David Albright, president of the Institute for Science and International Security in Washington, D.C. “The issue is whether they cross over into any processing or enrichment” with secret partners like Pakistan or China.

    And while it might appear that the Trump team’s ties to this whole thing primarily flows through Michael Flynn and predates his role on the Trump campaign, as some the following article notes, Steve Bannon and Jared Kushner apparently discussed this scheme with the king of Jordon. And as one expert in the following article describes the plan, it would be like providing “a nuclear weapons starter kit.”

    So we have Flynn, Bannon and Kushner involved with secret negotiations to set up nuclear weapons starter kits across the Middle East. Highly profitable nuclear weapons starter kits. It’s something worth keeping in mind in the context of the collapse of the Iranian nuclear deal:

    BuzzFeed

    Trump Advisers Secretly Met With Jordan’s King While One Was Pushing A Huge Nuclear Power Deal

    Michael Flynn, Jared Kushner, and Steve Bannon met with King Abdullah II while Flynn was reportedly pressing for a controversial, for-profit deal to build nuclear power plants in the Middle East.

    By Jason Leopold (BuzzFeed News Reporter) Chris McDaniel (BuzzFeed News Reporter) Anthony Cormier (BuzzFeed News Reporter)
    Posted on September 15, 2017, at 1:12 p.m.

    In the days leading up to Donald Trump’s presidential inauguration, when his soon-to-be national security adviser Michael Flynn was reportedly pushing a multibillion-dollar deal to build nuclear reactors in Jordan and other Middle East nations, Flynn and two other top Trump advisers held a secret meeting with the king of Jordan.

    The meeting — details of which have never been reported — is the latest in a series of secret, high-stakes contacts between Trump advisers and foreign governments that have raised concerns about how, in particular, Flynn and senior adviser Jared Kushner handled their personal business interests as they entered key positions of power. And the nuclear project raised additional security concerns about expanding nuclear technology in a tinderbox region of the world. One expert compared it to providing “a nuclear weapons starter kit.”

    On the morning of Jan. 5, Flynn, Kushner, and former chief strategist Steve Bannon greeted King Abdullah II at the Four Seasons hotel in lower Manhattan, then took off in a fleet of SUVs and a sedan to a different location.

    People close to the three Trump advisers say that the nuclear deal was not discussed. But a federal official with access to a document created by a law enforcement agency about the meeting said that the nuclear proposal, known as the Marshall Plan, was one of the topics the group talked about.

    The Wall Street Journal reported that while Flynn’s White House disclosure forms state that he stopped working on the deal in December 2016, he in fact continued to push it even after he entered the White House. Flynn’s lawyer declined to comment on the claims in the Journal story.

    The plan, for which Flynn was reportedly paid as a consultant, initially envisioned that the reactors would be built by US companies and security would be provided by the Russian state-owned firm Rosoboron, an arms exporter currently facing US sanctions. As the plan evolved, Russian involvement reportedly lessened, and it is not known whether Russia or its companies featured in the meeting with the Jordanian king. This week, Democratic members of the House Oversight Committee said they would turn over documents about the nuclear plan to Special Counsel Robert Mueller, contending that Flynn may have violated federal law by not disclosing foreign trips and meetings.

    While it is not unusual for an incoming administration to meet with foreign dignitaries during the transition, Trump surrogates have repeatedly failed to acknowledge these contacts. Attorney General Jeff Sessions at first said he did not discuss campaign matters with Russian officials, only to later acknowledge at least two conversations with Russian Ambassador Sergey Kislyak. The United Arab Emirates set up a meeting between a military contractor close to the Trump administration and a Russian close to President Vladimir Putin. And this week, CNN reported that Abu Dhabi’s crown prince, Sheikh Mohammed bin Zayed al-Nahyan, visited with Flynn, Kushner, and Bannon without alerting the American government beforehand.

    The meeting with the king of Jordan had extremely high stakes: a discussion with the head of a key American ally that might have included plans about spreading nuclear power to one of the world’s least stable regions, possibly with the help of one of America’s main geopolitical enemies, Russia. The revelation of the meeting comes as Abdullah plans to visit the United States next week and speak with Trump.

    An eyewitness who saw the trio of Trump’s advisers that morning in the bar of the Four Seasons, and had a brief exchange with Bannon, said at least half a dozen other people were with them. It is not clear who they were. BuzzFeed News reached out to attorneys and spokespeople for Flynn, Kushner, and Bannon, as well as White House special counsel Ty Cobb and Bannon himself. None of them would comment on the record.

    The only known public acknowledgement that Abdullah had left his country is a short note on his website saying: “His Majesty King Abdullah on Saturday arrived back home after a private visit abroad.”

    ———-

    “Trump Advisers Secretly Met With Jordan’s King While One Was Pushing A Huge Nuclear Power Deal” by Jason Leopold, Chris McDaniel, Anthony Cormier; BuzzFeed; 09/15/2017

    “The meeting — details of which have never been reported — is the latest in a series of secret, high-stakes contacts between Trump advisers and foreign governments that have raised concerns about how, in particular, Flynn and senior adviser Jared Kushner handled their personal business interests as they entered key positions of power. And the nuclear project raised additional security concerns about expanding nuclear technology in a tinderbox region of the world. One expert compared it to providing “a nuclear weapons starter kit.”

    A plan to safely allow for the proliferation of nuclear power in one of the most unstable regions in the world that just so happens to double as a nuclear weapons starter kit according to one expert. That was the plan. The secret, extremely profitable plan that collapsed in the wake of the #TrumpRussia fervor.
    It all raises another question: if this plan had come to fruition, what would Iran’s response be? Especially since the plan involved pulling Russia away from Iran. Wouldn’t that make Iran much more likely to pursue nuclear weapons as rapidly as possible? If so, then this plan was a plan for a Middle East nuclear arms race.

    So that could be one more reason the Trump team appears to be fine with risking the renewal of Iran’s nuclear weapons program: That was the extremely profitable plan anyway and having Iran restart its nuke program might be the best way to make that extremely profitable plan become a reality.

    Posted by Pterrafractyl | October 14, 2017, 3:09 pm

Post a comment