- Spitfire List - https://spitfirelist.com -

FTR #967 Update on Ukrainian Fascism, the “Russia-Gate” Psy-Op and the Possibility of a Third World War

WFMU-FM is pod­cast­ing For The Record–You can sub­scribe to the pod­cast HERE [1].

You can sub­scribe to e‑mail alerts from Spitfirelist.com HERE [2].

You can sub­scribe to RSS feed from Spitfirelist.com HERE [2].

You can sub­scribe to the com­ments made on pro­grams and posts–an excel­lent source of infor­ma­tion in, and of, itself HERE [3].

This broad­cast was record­ed in one, 60-minute seg­ment [4].

Andrew Auerenheimer: Guest at Glenn Greenwald's party; apparent resident of Ukraine; friend of the "Atomwaffen." [5]

Andrew Aueren­heimer: Guest at Glenn Green­wald’s par­ty; appar­ent res­i­dent of Ukraine; friend of the “Atom­waf­fen.”

Serpent's Walk: Forecasts a Nazi takeover of U.S. in mid-twenty-first century, after WMD terror, blamed on Russia, devastates U.S.. [6]

Ser­pen­t’s Walk: Fore­casts a Nazi takeover of U.S. in mid-twen­ty-first cen­tu­ry, after WMD ter­ror, blamed on Rus­sia, dev­as­tates U.S.

Intro­duc­tion: This pro­gram affords a vista on sev­er­al crit­i­cal polit­i­cal and nation­al secu­ri­ty land­scapes, includ­ing the use of nuclear pow­er plants as an eco­nom­ic weapon and sab­o­taged via phys­i­cal inter­dic­tion or cyber-inter­fer­ence.

After exam­in­ing a sup­posed “Russ­ian-med­dling” inci­dent which was actu­al­ly an anti-Russ­ian inci­dent to use Ukrain­ian nuclear pow­er plants to super­sede the old Sovi­et pow­er grid in for­mer republics of the U.S.S.R., we note the con­tin­ued dom­i­nance of the Ukrain­ian polit­i­cal land­scape by vir­u­lent fas­cists evolved from the World War II era OUN/B.

We con­clude with a ter­ri­fy­ing look at the pos­si­bil­i­ty that the sabotaging/hacking of nuclear pow­er plants could lead to a Third World War.

With the media and polit­i­cal estab­lish­ments turn­ing hand­springs over “Rus­sia-gate,” we exam­ine in detail one of the inci­dents promi­nent in the pre­sen­ta­tion of the sup­po­si­tion that “our democ­ra­cy” was manip­u­lat­ed by the Rus­sians.

In late Jan­u­ary, Trump point man for “mat­ters Russian”–CIA/FBI oper­a­tive Felix Sater, a long-time asso­ciate of his and Trump’s lawyer Michael Cohen and a Ukrain­ian par­lia­men­tar­i­an named Andrii Arte­menko were propos­ing a cease-fire/­peace plan for Ukraine. This has been spun by our media as con­sti­tut­ing yet anoth­er of the “Rus­sia con­trols Trump” man­i­fes­ta­tions.

The facts, how­ev­er, reveal that this was not a “pro-Russ­ian” gam­bit but an ANTI-Russ­ian gam­bit! In addi­tion to the CIA/FBI affil­i­a­tion of Sater, it should be not­ed that Arte­menko was part of the Pravy Sek­tor milieu in Ukraine, one of the most vir­u­lent of the OUN/B suc­ces­sor orga­ni­za­tions in pow­er in that benight­ed nation.

Sater, Arte­menko and oth­ers were work­ing on a plan to reha­bil­i­tate Ukrain­ian nuclear pow­er plants in order to gen­er­ate elec­tric­i­ty for Ukraine and the Baltic states, free­ing those for­mer Sovi­et republics from their old Sovi­et elec­tri­cal pow­er grids. The aging Sovi­et grids are a remain­ing ele­ment for poten­tial Russ­ian influ­ence in these areas.

Andrii Arte­menko:

  1. ” . . . is a pop­ulist politi­cian with ties to the far-right Ukrain­ian mil­i­tary-polit­i­cal group “Right Sec­tor” and a mem­ber of the pro-West­ern oppo­si­tion par­lia­men­tary coali­tion led by for­mer Prime Min­is­ter Yulia Tymoshenko’s par­ty. . . . Arte­menko, who is a staunch ally of Valen­tyn Naly­vaichenko [7], a for­mer head of Ukraine’s secu­ri­ty ser­vice with lofty polit­i­cal ambi­tions [8], has aligned him­self with oth­er West-lean­ing pop­ulists like Tymoshenko. . . .”
  2. ” . . . . has a wife who is a mod­el, he served 2.5 years in prison with­out a tri­al, he has busi­ness in U.S and he is involved in the mil­i­tary trade to the war zones in the Mid­dle East. At home, he has close ties with the ultra-nation­al­is­tic Right Sec­tor. . . .”
  3. ” . . . accord­ing to his pre­vi­ous e‑declaration in 2015, Arte­menko has a wife, mod­el Oksana Kuch­ma and four chil­dren, includ­ing two with U.S. cit­i­zen­ship — Edward Daniel, Amber Kather­ine. . . .”
  4. ” . . . . found­ed sev­er­al com­pa­nies that pro­vid­ed mil­i­tary logis­tics ser­vices into the con­flict zones and trav­eled to Sau­di Ara­bia, Syr­ia, and Qatar for busi­ness trips. . . .”
  5. ” . . . . is the deputy head of the Euro­pean Inte­gra­tion Com­mit­tee and respon­si­ble for diplo­mat­ic con­nec­tions with Sau­di Ara­bia, Qatar, Unit­ed States, Kuwait, Lithua­nia and Belarus. . . .”
  6. ” . . . .  joined the Right Sec­tor polit­i­cal par­ty and was rumored to be one of the spon­sors of its leader, Dmytro Yarosh, dur­ing his pres­i­den­tial elec­tion cam­paign in 2014. There is even a pho­to of Arte­menko, seat­ing among the Right Sec­tor Par­ty founders at the first par­ty meet­ing in March 2014. Right Sec­tor spokesper­son Artem Sko­ropad­sky told the Kyiv Post on Feb. 20 that he couldn’t con­firm or deny whether Arte­menko financed the Right Sec­tor Par­ty. . . .”

Any­thing but a “pro-Russ­ian” agent. Again, he was work­ing with Trump point man for mat­ters Russ­ian Felix Sater on this deal to pro­vide nuclear-gen­er­at­ed elec­tric­i­ty to some for­mer Sovi­et republics. Again, an anti-Russ­ian plot, NOT a pro-Russ­ian plot!

Next, we note that June 30th has been estab­lished as a com­mem­o­ra­tive cel­e­bra­tion in Lvov [Lviv]. It was on June 30, 1941, when the OUN‑B announced an inde­pen­dent Ukrain­ian state in the city of Lviv [9]. That same day marked the start of the Lviv Pograms that led to the death of thou­sands of Jews [10].

The hol­i­day cel­e­brates Roman Shukhevych, com­man­der of the Nachti­gall Bat­tal­ion that car­ried out the mass killings. The city of Lviv is start­ing “Shukhevy­ch­fest” to be held in Lviv on June 30th [11], [11] com­mem­o­rat­ing the pogrom. Shukhevy­ch’s birth­day. Shukhevych was named a “Hero of the Ukraine” [12] by Vik­tor Yuschenko [13].

In past posts and pro­grams, we have dis­cussed Volodomir Vya­tro­vich [14], head of the Orwellian Insti­tute of Nation­al Remem­brance. He defend­ed Shukhevych and the pub­lic dis­play­ing of the sym­bol of the Gali­cian Divi­sion (14th Waf­fen SS Divi­sion.)

Return­ing to Sater col­lab­o­ra­tor Andrii Arte­menko, we note that he is part of push by Pravy Sek­tor and oth­er OUN/B suc­ces­sor orga­ni­za­tions in Ukraine to oust Poroshenko.

A major, ter­ri­fy­ing part of the pro­gram focus­es on nuclear pow­er plants, the phys­i­cal and/or cyber sab­o­tag­ing of those plants and the pos­si­bil­i­ty that this could lead to a Third World War. Against the back­ground of the drum­beat of anti-Russ­ian pro­pa­gan­da to which we are being sub­ject­ed, the charge that “Russ­ian hack­ers” attempt­ed to gain access to U.S. nuclear pow­er plants using a spearfish­ing attack is to be viewed with alarm.

“. . . . The Wash­ing­ton Post report­ed [15]Sat­ur­day that U.S. gov­ern­ment offi­cials have already pinned the recent nuclear cyber intru­sions on Rus­sia. . . . Ana­lysts remain quick to tamp down asser­tions that Russia’s fin­ger­print on the lat­est attack is a sure thing. . . . Still, it’s a pret­ty alarm­ing sit­u­a­tion regard­less of who was behind it, in part because it’s an exam­ple of how poten­tial­ly vul­ner­a­ble things like nuclear plants are to any hack­er, state-backed or not: . . . . Still, the source said a well-resourced attack­er could try sneak­ing in thumb dri­ves, plant­i­ng an insid­er or even land­ing a drone equipped with wire­less attack tech­nol­o­gy into a nuclear gen­er­a­tion site. Reports indi­cate that the infa­mous Stuxnet worm, which dam­aged Iran­ian nuclear cen­trifuges in the late 2000s, prob­a­bly snuck in on remov­able media. Once inside the “air gapped” tar­get net­work, Stuxnet relied on its own hard-cod­ed instruc­tions, rather than any remote com­mands sent in through the inter­net, to cause cost­ly and sen­si­tive nuclear equip­ment to spin out of con­trol. . . .”

The above-excerpt­ed sto­ry should be viewed against the back­ground of a fright­en­ing devel­op­ment in Flori­da. Devon Arthurs [16] – a neo-Nazi-turned-Muslim–murdered two of his neo-Nazi room­mates back in May. Nation­al Guard sol­dier Bran­don Rus­sel [17]l – Arthurs’s sur­viv­ing third room­mate, was found with bomb-mak­ing mate­ri­als, radioac­tive sub­stances and a framed pic­ture of Tim­o­thy McVeigh after police searched their res­i­dence.

Rus­sell:

  1. Planned to sab­o­tage a nuclear pow­er plant. ” . . . . He said Rus­sell stud­ied how to build nuclear weapons in school and is ‘some­body that lit­er­al­ly has knowl­edge of how to build a nuclear bomb.’ . . . He also said they had a plan to fire mor­tars loaded with nuclear mate­r­i­al into the cool­ing units of a nuclear pow­er plant near Mia­mi. He said the dam­age would cause ‘a mas­sive reac­tor fail­ure’ and spread ‘irra­di­at­ed water’ through­out the ocean. . . .”
  2. Belonged to a Nazi group called “Atom­waf­fen.” ” . . . The FBI said Rus­sell “admit­ted to his neo-Nazi beliefs” and said he was a mem­ber of a group called Atom­waf­fen, which is Ger­man for ‘atom­ic weapon.’ . . .”
  3. Was in the Nation­al Guard. Recall that, in the Nazi tract Ser­pen­t’s Walk, the Under­ground Reich gains con­trol of the opin­ion-form­ing media, infil­trates the U.S. mil­i­tary and takes over the coun­try after it is dev­as­tat­ed by a series of ter­ror­ist inci­dents involv­ing Russ­ian WMDs. The stage is set for a Nazi flase flag oper­a­tion that could be blamed on Rus­sia.

Rus­sell, and the rest of Atom­waf­fen, received a wring­ing endorse­ment from bril­liant Nazi hack­er Andrew Aueren­heimer.  Auern­heimer is a skilled hack­er who may very well have the abil­i­ty to trig­ger a nuclear melt down some­day.  Writ­ing of the mur­der of Rus­sel­l’s room­mates Auern­heimer, the two killed room­mates were “friends of friends” and the “Atom­waf­fen are a bunch of good dudes. They’ve post­ed tons of fliers with absolute­ly killer graph­ics at tons of uni­ver­si­ties over the years. They gen­er­al­ly have a lot of fun and par­ty.”

The point, here, is that Aueren­heimer is part of the Nazi milieu that was look­ing to sab­o­tage a nuclear pow­er plant. With our media hyp­ing “Russ­ian hack­ing,” includ­ing the sup­posed attempt to hack U.S. nuclear pow­er plants, the pro­pa­gan­da stage is set for some­one with Aueren­heimer’s for­mi­da­ble com­put­er skills to sab­o­tage a nuke plant, there­by [very pos­si­bly] start­ing World War III.

This post con­cludes with a detailed arti­cle referred to briefly at the end of the broad­cast. It delves into the tech­ni­cal­ly com­pli­cat­ed dis­cus­sion about the high-pro­file hacks.

Against the back­ground of the reports of Russ­ian hack­ing of U.S. nuclear pow­er plants, the “Atom­waf­fen” link to Ukraine-based Andrew Aueren­heimer, writer Jef­frey Car­r’s reflec­tions are to be weighed very seri­ous­ly:

” . . . . Here’s my night­mare. Every time a claim of attri­bu­tion is made—right or wrong—it becomes part of a per­ma­nent record; an un-ver­i­fi­able prove­nance that is built upon by the next secu­ri­ty researcher or start­up who wants to grab a head­line, and by the one after him, and the one after her. The most sen­sa­tion­al of those claims are almost assured of inter­na­tion­al media atten­tion, and if they align with U.S. pol­i­cy inter­ests, they rapid­ly move from unver­i­fied the­o­ry to fact.

Because each head­line is informed by a report, and because indi­ca­tors of com­pro­mise and oth­er tech­ni­cal details are shared between ven­dors world­wide, any State or non-State actor in the world will soon have the abil­i­ty to imi­tate an APT group with State attri­bu­tion, launch an attack against anoth­er State, and gen­er­ate suf­fi­cient harm­ful effects to trig­ger an inter­na­tion­al inci­dent. All because some com­mer­cial cyber­se­cu­ri­ty com­pa­nies are com­pelled to chase head­lines with sen­sa­tion­al claims of attri­bu­tion that can­not be ver­i­fied. . . .”

Pro­gram High­lights Include: The CIA/State Depart­ment back­ground of Kurt Volk­er (nice Anglo-Sax­on name, that), Trump’s envoy to Ukraine and an advo­cate of sell­ing weapon­ry to that benight­ed state; Andrii Arte­menko and Felix Sater’s would-be asso­ciate in the Ukrain­ian nuclear pow­er plant scheme, Robert Armao; Armao’s links to Nel­son Rock­e­feller, Marc Rich and Francesco Pazien­za (a fig­ure in the inves­ti­ga­tions into P‑2, the shoot­ing of Pope John Paul I and the col­lapse of the Ban­co Ambrosiano); Review of James Comey’s role in inves­ti­gat­ing Bill Clin­ton’s par­don of Marc Rich; review of the revival of the FBI’s Twit­ter account and its dis­sem­i­na­tion of Marc Rich mate­r­i­al on the eve of the elec­tion; review of Felix Sater’s CIA/FBI back­ground; Aueren­heimer’s obses­sion with Tim­o­thy McVeigh; Bran­don Rus­sel­l’s fas­ci­na­tion with Tim­o­thy McVeigh.

1a. By way of review, we remind lis­ten­ers that the point man for the Trump busi­ness inter­ests in their deal­ings with Rus­sia is Felix Sater. A Russ­ian-born immi­grant, Sater is a pro­fes­sion­al crim­i­nal and a con­vict­ed felon with his­tor­i­cal links to the Mafia. Beyond that, and more impor­tant­ly, Sater is an FBI infor­mant and a CIA con­tract agent [18]. [18] ” . . . . He [Sater] also pro­vid­ed oth­er pur­port­ed nation­al secu­ri­ty ser­vices for a report­ed fee of $300,000. Sto­ries abound as to what else Sater may or may not have done in the are­na of nation­al secu­ri­ty. . . .” We won­der if help­ing the “Rus­sia-Gate” op may have been one of those. 

1b. Fun­da­men­tal to our under­stand­ing of the “peace plan” and alleged “Russ­ian con­spir­a­cy” is Sater and Cohen’s col­lab­o­ra­tor, Ukrain­ian politi­cian Andrii Arte­menko.

“Trump’s Con­duits For Cap­i­tal From The For­mer Sovi­et Bloc Are Actu­al­ly Old Pals” by Sam Thiel­man; Talk­ing Points Memo; 07/25/2017 [22]

. . . . Sater told TPM he called the now-noto­ri­ous meet­ing with Cohen and Ukrain­ian politi­cian Andrii Arte­menko in Feb­ru­ary to dis­cuss the future of Ukraine. . . .

2a. Far from being a Russ­ian “agent of influ­ence,” Arte­menko is a long stand­ing mem­ber of Pravy Sek­tor and the Rad­i­cal Par­ty. As we will see below, he may have been a pri­ma­ry finan­cial backer of this OUN/B suc­ces­sor orga­ni­za­tion. In addi­tion to the anti-Russ­ian con­spir­a­cy to which Sater, Cohen and Arte­menko were par­ty, the lat­ter appears to have been part of a Ukrain­ian fas­cist con­sor­tium that, as we shall see below, are mov­ing in the direc­tion of oust­ing Petro Poroshenko. “. . . . Tall and brawny, Arte­menko is a pop­ulist politi­cian with ties to the far-right Ukrain­ian mil­i­tary-polit­i­cal group “Right Sec­tor” and a mem­ber of the pro-West­ern oppo­si­tion par­lia­men­tary coali­tion led by for­mer Prime Min­is­ter Yulia Tymoshenko’s par­ty. . . . Arte­menko, who is a staunch ally of Valen­tyn Naly­vaichenko [7], a for­mer head of Ukraine’s secu­ri­ty ser­vice with lofty polit­i­cal ambi­tions [8], has aligned him­self with oth­er West-lean­ing pop­ulists like Tymoshenko. . . .

“Ukraine’s Back-Chan­nel Diplo­mat Still Shop­ping Peace Plan to Trump” by Reid Stan­dish; For­eign Pol­i­cy; 04/18/2017 [23]

On Feb. 19, the right-wing Ukrain­ian mem­ber of par­lia­ment was sucked into the scan­dal sur­round­ing Pres­i­dent Don­ald Trump and his alleged ties to Rus­sia when the New York Times report­ed [24] that Arte­menko had served as a back chan­nel between Moscow and Trump asso­ciates.

In the after­math of the report, Arte­menko was forced [25] out of his polit­i­cal fac­tion in Ukraine, the far-right Rad­i­cal Par­ty . . . .

. . . . Tall and brawny, Arte­menko is a pop­ulist politi­cian with ties to the far-right Ukrain­ian mil­i­tary-polit­i­cal group “Right Sec­tor” and a mem­ber of the pro-West­ern oppo­si­tion par­lia­men­tary coali­tion led by for­mer Prime Min­is­ter Yulia Tymoshenko’s par­ty. . . .

. . . . Arte­menko, who is a staunch ally of Valen­tyn Naly­vaichenko [7], a for­mer head of Ukraine’s secu­ri­ty ser­vice with lofty polit­i­cal ambi­tions [8], has aligned him­self with oth­er West-lean­ing pop­ulists like Tymoshenko. . . .

. . . . Arte­menko insists that his inten­tions in push­ing a peace plan for Ukraine are in the country’s best inter­ests. But polit­i­cal observers see his free­lance diplo­ma­cy as part of a ris­ing groundswell in Kiev against Poroshenko by oppo­si­tion forces ahead of par­lia­men­tary and pres­i­den­tial elec­tions sched­uled for 2019.

“Alliances are shift­ing in Ukraine right now against Poroshenko,” said Bal­azs Jara­bik, a non­res­i­dent schol­ar at the Carnegie Endow­ment for Inter­na­tion­al Peace. “All this diplo­mat­ic maneu­ver­ing in Wash­ing­ton needs to be viewed through this lens.”

Arte­menko has emerged as a vocal crit­ic of Poroshenko and says he has evi­dence show­ing cor­rup­tion by the Ukrain­ian pres­i­dent. . . .

2b. Note the date of this Kiev Post arti­cle: Feb­ru­ary 20, 2017, which is one day after this ‘peace plan’ was ini­tial­ly report­ed in the New York Times [26]. Andrii Artemko:

“Andrey Arte­menko: Who Is this Ukrain­ian Mem­ber of Par­lia­ment with the Peace Plan?” by Veroni­ka Melkoze­ro­va; Kyiv Post; 02/20/2017 [27].

Now ex-Rad­i­cal Par­ty mem­ber of par­lia­ment Andrey Arte­menko came under crit­i­cism from all sides after the New York Times revealed on Feb. 19 that he was try­ing to bro­ker his own peace plan to end Russia’s war against Ukraine.

The plan was dis­tinct­ly pro-Russ­ian, but even the Rus­sians reject­ed it and his free­lance, ama­teur­ish diplo­ma­cy got him kicked out of his own par­ty, although he remains a mem­ber of par­lia­ment.

His ideas includ­ed leas­ing Crimea to Rus­sia for 50 years and the lift­ing of eco­nom­ic sanc­tions against Rus­sia by U.S. Pres­i­dent Don­ald J. Trump.

Dmit­ry Peskov, Vladimir Putin’s press sec­re­tary, denied pri­or knowl­edge of the sealed plan, which includes a sug­ges­tion that Ukraine lease Crimea to Rus­sia, which annexed the region in 2014, the Tele­graph in Lon­don quot­ed him as say­ing. “There’s noth­ing to talk about. How can Rus­sia rent its own region from itself?” Peskov said.

Arte­menko described him­self to the New York Times as a Trump-style politi­cian.

The 48-year-old lawmaker’s biog­ra­phy is col­or­ful and con­tro­ver­sial: He has a wife who is a mod­el, he served 2.5 years in prison with­out a tri­al, he has busi­ness in U.S and he is involved in the mil­i­tary trade to the war zones in the Mid­dle East. At home, he has close ties with the ultra-nation­al­is­tic Right Sec­tor.

“I demand Andrey Arte­menko dis­card as a law­mak­er. He has no rights to rep­re­sent our fac­tion and par­ty. Our posi­tion is unchange­able – Rus­sia is the aggres­sor and must get away from Ukrain­ian ter­ri­to­ries,” Oleh Lyashko, Rad­i­cal Par­ty leader said to the jour­nal­ist in Verk­hov­na Rada on Feb. 20.

“Nobody in Rad­i­cal Par­ty trades Ukraine,” Lyashko said. “To lease Crimea to Rus­sia is the same as to give your own moth­er for rent to the trav­el­ing cir­cus.”

Arte­menko told the New York Times that many peo­ple would crit­i­cize him as a Russ­ian or Amer­i­can C.I.A. agent for his plan, but peace is what he’s after.

“But how can you find a good solu­tion between our coun­tries if we do not talk?” Arte­menko said.

Before the New York Times sto­ry, Arte­menko wasn’t famous. He may see him­self as the next pres­i­dent of Ukraine, but oth­ers saw him as just anoth­er gray car­di­nal.

Fam­i­ly, busi­ness in U.S.

Arte­menko hasn’t filed elec­tron­ic dec­la­ra­tion for 2016.

How­ev­er, accord­ing to his pre­vi­ous e‑declaration in 2015, Arte­menko has a wife, mod­el Oksana Kuch­ma and four chil­dren, includ­ing two with U.S. cit­i­zen­ship — Edward Daniel, Amber Kather­ine. The chil­dren from the first mar­riage, Vitaly and Kristi­na Arte­menko (Kraskovs­ki), have Ukrain­ian cit­i­zen­ship but live in Ontario, Cana­da with their mother’s hus­band. In 2014 Artemenko’s elder daugh­ter Kristi­na gave birth to Artemenko’s grand­son.

Arte­menko owns land plots of 14,000 square meters and 5,000 square meters in Vyshen­ki vil­lage of Kyiv Oblast.

And his wife Oksana Kuch­ma is not only a mod­el but a busi­ness­woman. [Kind of Accord­ing to Artemenko’s e‑declaration, Kuch­ma has a land plot of 3,000 square meters and a house in Gni­dyn vil­lage of Kyiv Oblast, an 850 square meter apart­ment in Lviv Oblast’s Zhovk­va and also a 127-square meter apart­ment in Kyiv under con­struc­tion.

Arte­menko also owns three lux­u­ry watch­es: De Griso­gono (Hr 127,500), De Griso­gono –Gen­eve (Hr 123,450), Franck Muller (Hr 118,950) and sev­er­al lux­u­ry cars.

Kuch­ma owns a com­pa­ny OKSY GLOBAL LLC, reg­is­tered in the U.S. and also the pri­vate avian-trans­porta­tion com­pa­ny, the Avi­a­tion Com­pa­ny Spe­cial Avia Alliance reg­is­tered in Kyiv at the same address as the com­pa­ny Glob­al Busi­ness Group GMBh, Arte­menko used to work as a deputy direc­tor before he came to Rada after the par­lia­ment elec­tions in 2014.

Accord­ing to the Min­istry of Jus­tice reg­istry, the Glob­al Busi­ness Group GMBh pro­vides the vari­ety of ser­vices: vehi­cles trade, var­i­ous goods trade, restau­rants busi­ness and busi­ness con­sult­ing.

The share­hold­er of the Glob­al Busi­ness Group GMBh is also a U.S. based com­pa­ny Glob­al Assets Inc., reg­is­tered in Mia­mi, Flori­da.

Start from Kyiv

Arte­menko came into pol­i­tics after busi­ness and jail. Accord­ing to the biog­ra­phy on his offi­cial web­site, in the ear­ly 1990s he found­ed a law firm that advo­cat­ed the inter­ests of pro­fes­sion­al ath­letes and then he became a pres­i­dent of CSK Kyiv soc­cer club. In 1998–2000, he was the advis­er of than Kyiv May­or Olek­san­dr Omelchenko, a mem­ber and one of the founders of his par­ty Uni­ty.

In 2002, Arte­menko was arrest­ed by the Prosecutor’s Gen­er­al Office of Ukraine on accu­sa­tions of mon­ey laun­der­ing and kept in pre-tri­al deten­tion for more than two years. How­ev­er, he suc­cess­ful­ly chal­lenged his impris­on­ment as ille­gal and ground­less. He said pros­e­cu­tors were per­se­cut­ing him in hopes of get­ting Omelchenko, who was also sus­pect­ed of mon­ey laun­der­ing.

In 2004, Arte­menko released from pre-tri­al deten­tion cen­ter Lukyanivske on bail of Mikhail Dobkin, a Par­ty of Regions law­mak­er.

But in 2006 he became the head of the Kyiv depart­ment of Batkivshchy­na Par­ty, led by now ex-Prime Min­is­ter Yulia Tymoshenko.

In 2007–2013 Arte­menko found­ed sev­er­al com­pa­nies that pro­vid­ed mil­i­tary logis­tics ser­vices into the con­flict zones and trav­eled to Sau­di Ara­bia, Syr­ia, and Qatar for busi­ness trips.

Since 2013 he has his own char­i­ty foun­da­tion that helps inter­nal­ly dis­placed per­sons from the war-torn Don­bas.

True patri­ot?

Arte­menko came to the Verk­hov­na Rada in 2014 as a Rad­i­cal Par­ty law­mak­er (16th on the party’s list). Accord­ing to the parliament’s web­site, Arte­menko is the deputy head of the Euro­pean Inte­gra­tion Com­mit­tee and respon­si­ble for diplo­mat­ic con­nec­tions with Sau­di Ara­bia, Qatar, Unit­ed States, Kuwait, Lithua­nia and Belarus.

The law­mak­er took an active part in Euro­Maid­an Rev­o­lu­tion in 2013–2014 that deposed Pres­i­dent Vik­tor Yanukovych.

In 2014 he joined the Right Sec­tor polit­i­cal par­ty and was rumored to be one of the spon­sors of its leader, Dmytro Yarosh, dur­ing his pres­i­den­tial elec­tion cam­paign in 2014.

There is even a pho­to of Arte­menko, seat­ing among the Right Sec­tor Par­ty founders at the first par­ty meet­ing in March 2014.
Right Sec­tor spokesper­son Artem Sko­ropad­sky told the Kyiv Post on Feb. 20 that he couldn’t con­firm or deny whether Arte­menko financed the Right Sec­tor Par­ty.

“I was nev­er into all the ‘finan­cial stuff,’ but I have no infor­ma­tion about him giv­ing the mon­ey. I remem­ber all those guys like him (Arte­menko) and (Borislav) Bereza just came to us after March 22. They weren’t Right Sec­tor mem­bers dur­ing the Rev­o­lu­tion of Dig­ni­ty,” said Sko­ropad­sky.

He said that after the end of Euro­Maid­an Rev­o­lu­tion there was a “mess” in Right Sec­tor. Dozens of peo­ple a day was com­ing to the activists only in Kyiv.

“The ones who could afford it gave us mon­ey, oth­ers help in dif­fer­ent ways. But as soon as we start­ed build­ing the struc­ture of the orga­ni­za­tion, the guys like Arte­menko and Bereza went to the oth­er par­ties, came in Rada or oth­er gov­ern­ment struc­tures,” Sko­ropad­sky recalled.

———-

3. Before updat­ing the resus­ci­ta­tion and Orwellian reha­bil­i­ta­tion of the OUN/B World War II-era fas­cists in Ukraine, we note Trump’s appoint­ment as spe­cial envoy to Ukraine–Kurt Volk­er, whose CV includes stints with CIA and Depart­ment of State.

“Can Kurt Volk­er Solve the Ukraine Cri­sis?” by Curt Mills; The Nation­al Inter­est; 7/10/2017. [28]

 . . . . “Although he may be seen as hawk­ish by the Russ­ian side, he will cer­tain­ly be tak­en seri­ous­ly,” says Matthew Rojan­sky, direc­tor of the Ken­nan Insti­tute at the Woodrow Wil­son Cen­ter, of the new spe­cial rep­re­sen­ta­tive for Ukraine nego­ti­a­tions [29], whose vaunt­ed resume also includes stints at the Nation­al Secu­ri­ty Coun­cil, CIA and For­eign Ser­vice. “Volker’s appoint­ment will be wel­comed by our Euro­pean allies and by the Ukrain­ian gov­ern­ment.”  . . .

4. June 30th has been estab­lished as a com­mem­o­ra­tive cel­e­bra­tion in Lvov [Lviv]. It was on June 30, 1941, when the OUN‑B announced an inde­pen­dent Ukrain­ian state in the city of Lviv [9]. That same day marked the start of the Lviv Pograms that led to the death of thou­sands of Jews [10].

The hol­i­day cel­e­brates Roman Shukhevych, com­man­der of the Nachti­gall Bat­tal­ion that car­ried out the mass killings. The city of Lviv is start­ing “Shukhevy­ch­fest” to be held in Lviv on June 30th [11], [11] com­mem­o­rat­ing the pogrom. Shukhevy­ch’s birth­day. Shukhevych was named a “Hero of the Ukraine” [12] by Vik­tor Yuschenko [13].

In past posts and pro­grams, we have dis­cussed Volodomir Vya­tro­vich [14], head of the Orwellian Insti­tute of Nation­al Remem­brance. He defend­ed Shukhevych and the pub­lic dis­play­ing of the sym­bol of the Gali­cian Divi­sion (14th Waf­fen SS Divi­sion.)

Lvov Pogrom, 1941--Einsatzgruppe Nachtigall youth in action. [30]

Lvov Pogrom, 1941–Einsatzgruppe Nachti­gall youth in action, 6/30/1941.

“Ukraine City to Hold Fes­ti­val in Hon­or of Nazi Col­lab­o­ra­tor Whose Troops Killed Jews”; Jew­ish Tele­graph Agency; 06/28/2017 [11]

The Ukrain­ian city of Lviv will hold a fes­ti­val cel­e­brat­ing a Nazi col­lab­o­ra­tor on the anniver­sary of a major pogrom against the city’s Jews.

Shukhevy­ch­fest, an event named for Roman Shukhevych fea­tur­ing music and the­ater shows, will be held Fri­day.

Eduard Dolin­sky, the direc­tor of the Ukrain­ian Jew­ish Com­mit­tee, in a state­ment called the event “dis­grace­ful.”

On June 30, 1941, Ukrain­ian troops, includ­ing mili­ti­a­men loy­al to Shukhevych’s, began a series of pogroms against Jews, which they per­pe­trat­ed under the aus­pices of the Ger­man army, accord­ing to Yale Uni­ver­si­ty his­to­ry pro­fes­sor Tim­o­thy Sny­der and oth­er schol­ars. They mur­dered approx­i­mate­ly 6,000 Jews in those pogroms.

The day of the fes­ti­val is the 110th birth­day of Shukhevych, a leader of the OUN‑B nation­al­ist group and lat­er of the UPA insur­gency mili­tia, which col­lab­o­rat­ed with the Nazis against the Sovi­et Union before it turned against the Nazis.

Shukhevy­ch­fest is part of a series of ges­tures hon­or­ing [31] nation­al­ists in Ukraine fol­low­ing the 2014 rev­o­lu­tion, in which nation­al­ists played a lead­ing role. They brought down the gov­ern­ment of Pres­i­dent Vik­tor Yanukovuch, whose crit­ics said was a cor­rupt Russ­ian stooge.

On June 13, a Kiev admin­is­tra­tive court par­tial­ly upheld a motion by par­ties opposed to the ven­er­a­tion of Shukhevych in the city and sus­pend­ed [32] the renam­ing of a street after Shukhevych. The city coun­cil approved [33] the renam­ing ear­li­er this month.

In a relat­ed debate, the direc­tor of Ukraine’s Insti­tute of Nation­al Remem­brance, Vladimir Vya­tro­vich [34], who recent­ly described Shukhevych as an “emi­nent per­son­al­i­ty,” last month defend­ed [35] the dis­play­ing in pub­lic of the sym­bol of the Gali­cian SS divi­sion [36]. Respon­si­ble for count­less mur­ders of Jews, Nazi Germany’s most elite unit was com­prised of Ukrain­ian vol­un­teers.

Dis­play­ing Nazi sym­bols is ille­gal in Ukraine but the Gali­cian SS division’s sym­bol is “in accor­dance with the cur­rent leg­is­la­tion of Ukraine,” Vya­tro­vich said. . . .

5a. In oth­er, pre­vi­ous dis­cus­sions of the return of Ukrain­ian fas­cism, we not­ed that the Svo­bo­da Par­ty’s mili­tia is called Com­bat 14, named after the “14 words” mint­ed by David Lane, the Amer­i­can neo-Nazi who par­tic­i­pat­ed in the killing of Den­ver talk show host Allan Berg.

He passed away on June 30th, trig­ger­ing numer­ous demon­stra­tions [37], includ­ing sev­er­al in Ukraine.

June 30th appears to be a par­tic­u­lar­ly sig­nif­i­cant day for the OUN/B suc­ces­sors and Nazis who are in pow­er in Ukraine.

Maidan demonstrators celebrating the Nachtigall Battalion (Einsatzgruppe Nachtigall) that liquidated Jews and Poles during World War II. [38]

Maid­an demon­stra­tors cel­e­brat­ing the Nachti­gall Bat­tal­ion (Ein­satz­gruppe Nachti­gall) that liq­ui­dat­ed Jews and Poles dur­ing World War II.

Ukrainian Nazis honor David Lane's passing [39]

Ukrain­ian Nazis hon­or David Lane’s pass­ing

“Fas­cist For­ma­tions in Ukraine” by Peter Lee; Coun­ter­Punch; 3/15/2015. [37]

The Guardian pub­lished an adu­la­to­ry fea­ture on “The Women Fight­ing on the Front­line in Ukraine [40]”.

One of the women pro­filed was “Ana­con­da”, fight­ing in the Aidar Bat­tal­ion bankrolled by Igor Kolo­moisky:

Ana­con­da was giv­en her nick­name by a unit com­man­der, in a jok­ing ref­er­ence to her stature and pow­er. The baby-faced 19-year-old says that her moth­er is very wor­ried about her and phones sev­er­al times a day, some­times even dur­ing com­bat. She says it is bet­ter to always answer, as her moth­er will not stop call­ing until she picks up.

“In the very begin­ning my moth­er kept say­ing that the war is not for girls,” Ana­con­da says. “But now she has to put up with my choice. My dad would have come to the front him­self, but his health does not allow him to move. He is proud of me now.”

Ana­con­da was pho­tographed in com­bat dress res­olute­ly hold­ing an assault rifle in front of a rather decrepit van.

The cap­tion read:

“Ana­con­da says she is being treat­ed well by the men in her bat­tal­ion, but is hop­ing that the war will end soon.”

As report­ed [41] by the gad­fly site Off­Guardian, sev­er­al read­ers post­ed crit­i­cal obser­va­tions on the van’s insignia in the com­ments sec­tion of the piece. One, “bananasand­socks”, wrote: “We learn from Wikipedia that the image on the door is the “semi-offi­cial” insignia of the 36th Waf­fen Grenadier Divi­sion of the SS…” and also point­ed out the neo-Nazi sig­nif­i­cance of the num­ber “1488”.

“bananasand­socks” seem­ing­ly tem­per­ate com­ment was removed by the Guardian for vio­lat­ing its com­mu­ni­ty stan­dards, as were sev­er­al oth­ers, appar­ent­ly as exam­ples of “per­sis­tent mis­rep­re­sen­ta­tion of the Guardian and our jour­nal­ists”.

But then the Guardian thought bet­ter of it. While not rein­stat­ing the crit­i­cal com­ments, it qui­et­ly delet­ed the orig­i­nal cap­tion to the pho­to of Ana­con­da and replaced it with:

Ana­con­da along­side a van dis­play­ing the neo-Nazi sym­bol 1488. The vol­un­teer brigade is known for its far-right links.

Prob­lem solved? Maybe not. Maybe it’s more like “Prob­lem dodged”. Specif­i­cal­ly, the prob­lem of the per­va­sive par­tic­i­pa­tion of “ultra-right” para­mil­i­tary ele­ments in Kyiv mil­i­tary oper­a­tions, which even intrudes upon the Guardian’s efforts to put a lib­er­al-friend­ly fem­i­nist sheen on the deba­cle of the recent ATO in east­ern Ukraine.

As to “1488”, I’ll repro­duce the Wikipedia entry [42]:

The Four­teen Words is a phrase used pre­dom­i­nant­ly by white nation­al­ists. It most com­mon­ly refers to a 14-word slo­gan: “We must secure the exis­tence of our peo­ple and a future for White Chil­dren.” It can also refer to anoth­er 14-word slo­gan: “Because the beau­ty of the White Aryan woman must not per­ish from the earth.”

Both slo­gans were coined by David Lane, con­vict­ed ter­ror­ist and mem­ber of the white sep­a­ratist orga­ni­za­tion The Order. The first slo­gan was inspired by a state­ment, 88 words in length, from Vol­ume 1, Chap­ter 8 of Adolf Hitler’s Mein Kampf:

Neo-Nazis often com­bine the num­ber 14 with 88, as in “14/88? or “1488”. The 8s stand for the eighth let­ter of the alpha­bet (H), with “HH” stand­ing for “Heil Hitler”.

Lane died in prison in 2007 while serv­ing a 190 year sen­tence for, among oth­er things, the mur­der of Den­ver radio talk show host Alan Berg. David Lane has con­sid­er­able stature with­in glob­al white nation­al­ist/­neo-Naz­i/­fas­cist cir­cles as one of the Amer­i­can Aryan movement’s pre­mier badass­es (in addi­tion involve­ment in to the Berg murder—in which he denied involvement—and a string of bank rob­beries to finance the movement—also denied, Lane achieved a cer­tain martyr’s stature for endur­ing almost two decades in Fed­er­al deten­tion, fre­quent­ly in the noto­ri­ous Com­mu­ni­ca­tions Man­age­ment Units).

And David Lane was a big deal for the “ultra-right” & fas­cists in Ukraine, accord­ing to [43] the South­ern Pover­ty Law Cen­ter:

Lane’s death touched off paeans from racists around the coun­try and abroad. June 30 was des­ig­nat­ed a “Glob­al Day of Remem­brance,” with demon­stra­tions held in at least five U.S. cities as well as Eng­land, Ger­many, Rus­sia and the Ukraine.

Judg­ing by this video, the march/memorial on the first anniver­sary of his death, in 2008, orga­nized by the Ukrain­ian Nation­al Social­ist Par­ty in Kyiv, was well enough attend­ed to mer­it a police pres­ence of sev­er­al dozen offi­cers.

5b. For­mer U.S. Agency for Inter­na­tion­al Devel­op­ment (USAID) project offi­cer Josh Cohen (involved in man­ag­ing “eco­nom­ic reform projects” in the for­mer Sovi­et Union) notes the grow­ing threat of the far-right and neo-Nazis in Ukraine (it’s a lit­tle iron­ic [44]). It high­lights the threat that the insti­tu­tion­al­ized OUN/B suc­ces­sor groups pose to what democ­ra­cy there is in Ukraine and makes the impor­tant point about dan­gers of these groups oper­at­ing with impuni­ty fol­low­ing one vio­lent act after anoth­er. Cohen notes that the Inte­ri­or Min­istry is run by a guy who spon­sors the Azov Bat­tal­ion and his deputy min­is­ter is a neo-Nazi.

This is the con­text in which Arte­menko was oper­at­ing.

“Ukraine’s ultra-right mili­tias are chal­leng­ing the gov­ern­ment to a show­down” by Joshua Cohen; The Wash­ing­ton Post; 06/15/2017 [45]

Josh Cohen is a for­mer U.S. Agency for Inter­na­tion­al Devel­op­ment project offi­cer involved in man­ag­ing eco­nom­ic reform projects in the for­mer Sovi­et Union.

As Ukraine’s fight against Russ­ian-sup­port­ed sep­a­ratists con­tin­ues, Kiev faces anoth­er threat to its long-term sov­er­eign­ty: pow­er­ful right-wing ultra­na­tion­al­ist groups. These groups are not shy about using vio­lence to achieve their goals, which are cer­tain­ly at odds with the tol­er­ant West­ern-ori­ent­ed democ­ra­cy Kiev osten­si­bly seeks to become.

The recent bru­tal stab­bing of a left-wing anti-war activist named Stas Ser­hiyenko illus­trates the threat posed by these extrem­ists. Ser­hiyenko and his fel­low activists believe the per­pe­tra­tors belonged to the neo-Nazi group C14 (whose name comes from a 14-word phrase [46] used by white suprema­cists). The attack took place on the anniver­sary of Hitler’s birth­day, and C14’s leader pub­lished a state­ment [47] that cel­e­brat­ed Serhiyenko’s stab­bing imme­di­ate­ly after­ward.

The attack on Ser­hiyenko is just the tip of the ice­berg. More recent­ly C14 beat up [48] a social­ist politi­cian while oth­er ultra­na­tion­al­ist thugs stormed the Lviv [49] and Kiev [50] City Coun­cils. Far-right and neo-Nazi groups have also assault­ed or dis­rupt­ed art exhi­bi­tions [51], anti-fas­cist demon­stra­tions [52], a “Ukraini­ans Choose Peace” event [53], LGBT events [54], a social cen­ter [55], media orga­ni­za­tions [56], court pro­ceed­ings [57] and a Vic­to­ry Day march [58] cel­e­brat­ing the anniver­sary of the end of World War II.

Accord­ing to a study [59] from activist orga­ni­za­tion Insti­tute Respub­li­ca, the prob­lem is not only the fre­quen­cy of far-right vio­lence, but the fact that per­pe­tra­tors enjoy wide­spread impuni­ty. It’s not hard to under­stand why Kiev seems reluc­tant to con­front these vio­lent groups. For one thing, far-right para­mil­i­tary groups played [60] an impor­tant role ear­ly in the war against Russ­ian-sup­port­ed sep­a­ratists. Kiev also fears these vio­lent groups could turn on the gov­ern­ment itself — some­thing they’ve done [61] before and con­tin­ue to threat­en [62] to do.

To be clear, Russ­ian pro­pa­gan­da about Ukraine being over­run by Nazis or fas­cists is false. Far-right par­ties such as Svo­bo­da or Right Sec­tor draw lit­tle sup­port from Ukraini­ans.

Even so, the threat can­not be dis­missed out of hand. If author­i­ties don’t end the far right’s impuni­ty, it risks fur­ther embold­en­ing them, argues Krasimir Yankov, a researcher with Amnesty Inter­na­tion­al in Kiev. Indeed, the brazen will­ing­ness of Vita Zaverukha – a renowned neo-Nazi [63] out on bail and under house arrest [64] after killing two police offi­cers — to post pic­tures of her­self [65] after storm­ing a pop­u­lar Kiev restau­rant with 50 oth­er nation­al­ists demon­strates the far right’s con­fi­dence in their immu­ni­ty from gov­ern­ment pros­e­cu­tion.

It’s not too late for the gov­ern­ment to take steps to reassert con­trol over the rule of law. First, author­i­ties should enact a “zero-tol­er­ance” pol­i­cy on far-right vio­lence. Pres­i­dent Petro Poroshenko should order key law enforce­ment agen­cies — the Inte­ri­or Min­istry, the Nation­al Police of Ukraine, the Secu­ri­ty Ser­vice of Ukraine (SBU) and the Pros­e­cu­tor Gen­er­als’ Office (PGO) — to make stop­ping far-right activ­i­ty a top pri­or­i­ty.

The legal basis for pros­e­cut­ing extrem­ist vig­i­lan­tism cer­tain­ly exists. The Crim­i­nal Code of Ukraine specif­i­cal­ly out­laws [59] vio­lence against peace­ful assem­blies. The police need to start enforc­ing this law.

Most impor­tant­ly, the gov­ern­ment must also break any con­nec­tions between law enforce­ment agen­cies and far-right orga­ni­za­tions. The clear­est exam­ple of this prob­lem lies in the Min­istry of Inter­nal Affairs, which is head­ed by Arsen Avakov. Avakov has a long-stand­ing rela­tion­ship with the Azov Bat­tal­ion, a para­mil­i­tary group that uses the SS sym­bol as its insignia and which, with sev­er­al oth­ers, was inte­grat­ed into the army or Nation­al Guard at the begin­ning of the war in the East. Crit­ics have accused [66] Avakov of using mem­bers of the group to threat­en an oppo­si­tion media out­let. As at least one com­men­ta­tor has point­ed out [61], using the Nation­al Guard to com­bat ultra­na­tion­al­ist vio­lence is like­ly to prove dif­fi­cult if far-right groups have become part of the Guard itself.

Avakov’s Deputy Min­is­ter Vadym Troy­an was a mem­ber of the neo-Nazi Patri­ot of Ukraine (PU) para­mil­i­tary orga­ni­za­tion, while cur­rent Min­istry of Inte­ri­or offi­cial Ilya Kiva – a for­mer mem­ber [66] of the far-right Right Sec­tor par­ty whose Insta­gram feed is pop­u­lat­ed with images [67] of for­mer Ital­ian fas­cist leader Ben­i­to Mus­soli­ni – has called [68] for gays “to be put to death.” And Avakov him­self used the PU to pro­mote his busi­ness and polit­i­cal inter­ests while serv­ing as a gov­er­nor in east­ern Ukraine, and as inte­ri­or min­is­ter formed and armed [69] the extrem­ist Azov bat­tal­ion led by Andriy Bilet­sky, a man nick­named the “White Chief” who called [70] for a cru­sade against “Semi­te-led sub-human­i­ty.”

Such offi­cials have no place in a gov­ern­ment based on the rule of law; they should go. More broad­ly, the gov­ern­ment should also make sure that every police offi­cer receives human rights train­ing focused on improv­ing the polic­ing and pros­e­cu­tion of hate crimes. Those demon­strat­ing signs of extrem­ist ties or sym­pa­thies should be exclud­ed.

In one noto­ri­ous inci­dent, media cap­tured images of swasti­ka-tat­tooed thugs — who police claimed [71] were only job appli­cants want­i­ng to have “fun” — giv­ing [72] the Nazi salute in a police build­ing in Kiev. This can­not be allowed to go on, and it’s just as impor­tant for Ukrain­ian democ­ra­cy to cleanse extrem­ists from law enforce­ment as it is to remove cor­rupt offi­cials from for­mer pres­i­dent Vik­tor Yanukovych’s regime under Ukraine’s “lus­tra­tion [73]” pol­i­cy. . . .

6. Sater col­lab­o­ra­tor Arte­menko appears to have been part of the anti-Poroshenko pha­lanx in the Ukrain­ian fas­cist milieu.

“Ukraine’s Back-Chan­nel Diplo­mat Still Shop­ping Peace Plan to Trump” by Reid Stan­dish; For­eign Pol­i­cy; 04/18/2017 [23]

. . . . Arte­menko insists that his inten­tions in push­ing a peace plan for Ukraine are in the country’s best inter­ests. But polit­i­cal observers see his free­lance diplo­ma­cy as part of a ris­ing groundswell in Kiev against Poroshenko by oppo­si­tion forces ahead of par­lia­men­tary and pres­i­den­tial elec­tions sched­uled for 2019.“Alliances are shift­ing in Ukraine right now against Poroshenko,” said Bal­azs Jara­bik, a non­res­i­dent schol­ar at the Carnegie Endow­ment for Inter­na­tion­al Peace. “All this diplo­mat­ic maneu­ver­ing in Wash­ing­ton needs to be viewed through this lens.”

Arte­menko has emerged as a vocal crit­ic of Poroshenko and says he has evi­dence show­ing cor­rup­tion by the Ukrain­ian pres­i­dent. . . .

7a. The alleged “Russ­ian plot” cen­ter­ing on the Sater/Artemenko “peace plan“entailed plans to devel­op Ukraine’s nuclear ener­gy sec­tor in order to break the Russ­ian grip on Ukraine’s ener­gy. [74]

In short, this is an anti-Russ­ian plot, NOT a Russ­ian plot.

“Trump’s Ex-Biz Part­ner Eyed Ener­gy Deal As He Helped Push Ukraine ‘Peace Plan’” by Sam Thiel­man; Talk­ing Points Memo Muck­rak­er; 7/27/2017. [74]

When a for­mer busi­ness part­ner of Pres­i­dent Don­ald Trump’s and a Ukrain­ian politi­cian approached an ally of the admin­is­tra­tion with a “peace plan,” they were already at work on an ener­gy trad­ing deal. That deal, said one of the region’s lead­ing ener­gy pol­i­cy experts, stood to ben­e­fit from the scheme the pair pro­posed to resolve the ongo­ing con­flict in Ukraine.

Felix Sater, who worked obtain­ing financ­ing for Trump projects includ­ing the Trump SoHo, told TPM that the “peace plan” came up in the course of his attempts to bro­ker an agree­ment to sell ener­gy abroad from Ukraine’s nuclear pow­er plants with Andrii Arte­menko, at the time a Ukrain­ian par­lia­men­tar­i­an. The plan was to refur­bish dilap­i­dat­ed nuclear pow­er plants in that coun­try and then sell the pow­er gen­er­at­ed by them into East­ern Europe, using estab­lished com­modi­ties trad­ing com­pa­nies as a means of retroac­tive­ly financ­ing the deal, Sater said.

The busi­ness propo­si­tion would help break the Russ­ian monop­oly on ener­gy, accord­ing to Sater. But Artemenko’s polit­i­cal pro­pos­al would have had Ukrain­ian vot­ers decide whether to lease Crimea to Rus­sia for 50 or 100 years—an idea encour­aged by advi­sors to Russ­ian pres­i­dent Vladimir Putin [75], and so offen­sive to his country’s gov­ern­ment that Ukrain­ian pros­e­cu­tors accused Arte­menko of trea­so­nous con­spir­ing with Rus­sia after the peace plan was first report­ed ear­li­er this year.

It’s been wide­ly report­ed that Sater and Arte­menko met with Michael Cohen, who was then Trump’s per­son­al lawyer and who has known Sater since he was a teenag­er [22], in Jan­u­ary; under dis­cus­sion was the peace plan, which would have paved a path for the U.S. to lift sanc­tions on Rus­sia. Cohen has giv­en con­flict­ing state­ments about his involve­ment. Sater said he came to be involved in the scheme through Arte­menko.

“We were try­ing to do a busi­ness deal at the same time,” Sater told TPM. “We were work­ing on a busi­ness deal for about five months, and he kept telling me about the peace deal, and as the Trump admin­is­tra­tion won, that’s when I deliv­ered it [the peace deal] to them.”

He insist­ed the polit­i­cal and busi­ness propo­si­tions were unre­lat­ed, oth­er than each involv­ing him­self and Arte­menko as pri­ma­ry play­ers.

Sater had worked bro­ker­ing major deals inter­na­tion­al­ly for some time after the 1996 dis­so­lu­tion of White Rock, a firm at the cen­ter of a pump-and-dump secu­ri­ties fraud scan­dal that led to Sater’s con­vic­tion for fraud. Instead of going to prison, Sater paid a fine and went to work as an FBI infor­mant. Those deals includ­ed a job for AT&T in Rus­sia, as pre­vi­ous­ly report­ed by Moth­er Jones [76], where Sater says the com­pa­ny was “try­ing to expand.”

Sater said the busi­ness propo­si­tion with Arte­menko “was to try to reha­bil­i­tate the exist­ing nuclear pow­er plants in the Ukraine and build new ones using either U.S. or Cana­di­an [com­pa­nies] like GE, or the Kore­ans.” Ukraine’s his­to­ry with nuclear pow­er includes the Cher­nobyl dis­as­ter, and Sater not­ed that the aging plants need­ed refur­bish­ment in order to con­tin­ue work­ing with­out anoth­er inci­dent. Oth­er­wise, he not­ed, “they’re ready to [have] anoth­er Cher­nobyl any day now.”

The pair fur­ther planned “to sell the excess pow­er to [inter­na­tion­al ener­gy com­pa­nies] Trafigu­ra or Vitol to sell the pow­er to East­ern Europe, and in that way finance the plants,” Sater explained. He named Poland and Belarus as two poten­tial state clients.

“It was a way to break the ener­gy monop­oly the Rus­sians have,” he said.

Chi Kong Chy­ong, direc­tor of the Ener­gy Pol­i­cy Forum at Cam­bridge University’s Ener­gy Pol­i­cy Research Group, told TPM that ener­gy inde­pen­dence from Rus­sia was indeed a press­ing issue in Ukraine, and not­ed a peace deal would ease the kind of inter­na­tion­al trans­ac­tion Sater and Arte­menko were propos­ing.

Sources close to the mat­ter told TPM that there were no records of any cur­rent con­ver­sa­tions between Sater or Arte­menko and Amer­i­can indus­tri­al con­glom­er­ate GE. Trafigu­ra and Vitol are trad­ing hous­es that deal heav­i­ly in ener­gy; Vic­to­ria Dix, a spokes­woman for Trafigu­ra, said there was “no ele­ment of truth what­so­ev­er” to any sug­ges­tion that Sater was pur­su­ing a pro­pos­al with the com­pa­ny. Andrea Schlaepfer, a spokes­woman for Vitol, said, “We don’t com­ment on com­mer­cial activ­i­ties.” Nei­ther the Ukrain­ian Embassy nor the Con­sulate imme­di­ate­ly respond­ed to requests for com­ment.

For Arte­menko, the fall­out from the Jan­u­ary meet­ing with Sater and Cohen was imme­di­ate and severe. He was expelled [25] from his Verk­hov­na Rada polit­i­cal par­ty the day after the New York Times report­ed the meet­ing, and by May, Ukrain­ian Pres­i­dent Petro Poroshenko had stripped him of his cit­i­zen­ship [77].

For his part, Sater said he had noth­ing to do with the doc­u­ments filled with dam­ag­ing infor­ma­tion on Ukrain­ian politi­cians, includ­ing Poroshenko, that Arte­menko report­ed­ly brought [75] to the Jan­u­ary meet­ing. “I nev­er saw them,” Sater said, adding that Cohen might have thrown them in trash but he wasn’t sure. “I don’t want to get into it.”

Whether Sater and Artemenko’s ener­gy trad­ing plan was well under­way or sim­ply in the pro­pos­al stage by the time of the meet­ing, it would have been an eas­i­er sell with Artemenko’s Putin-approved cease­fire in place, accord­ing to Chy­ong.

“Any mil­i­tary con­flict in your neigh­bor­hood or close to you affects the trans­ac­tion cost of arrang­ing com­mer­cial deals, whether that is between Ukraine and the east­ern [EU, where Poland lies] or Ukraine and Belarus, for exam­ple,” Chy­ong said. “It increas­es the trans­ac­tion­al costs. The con­flict itself, of course, forces the Ukraine to think about oth­er ways and oth­er sources of impor­ta­tion of energy—gas and elec­tric­i­ty trad­ing.

Export­ing ener­gy from Ukraine would be eas­i­est to places like Belarus and Rus­sia, Chy­ong not­ed. Old elec­tri­cal grids are among the strongest remain­ing ties between for­mer Sovi­et bloc states and Rus­sia itself; Ukraine hopes to break them by 2025 [78], some­thing Sater said he hoped he could help along. . .

7b. Of more than pass­ing inter­est is the CV of Robert Armao, one of the intend­ed col­lab­o­ra­tors in the Sater/Artemenko anti-Russ­ian plot to replace the old Sovi­et pow­er grid in East­ern Europe. Robert Armao:

“How Felix Sater — For­mer Mob-linked Hus­tler And Ex-Trump Advis­er — Sought To ‘Pro­tect’ Ukraine’s Nuclear Plants” Richard Behar; The Nation­al Memo; 05/25/2017 [20].

. . . . Evi­dent­ly Sater and Arte­menko were seek­ing the assis­tance of a third per­son who attend­ed the break­fast, Robert Armao — a well-con­nect­ed inter­na­tion­al busi­ness­man who served as labor coun­sel to the late Vice Pres­i­dent Nel­son Rock­e­feller in the ear­ly 1970s. Armao says that Sater, whom he’d nev­er met or spo­ken with pri­or to last fall, reached out to him through a mutu­al friend. . . .

. . . . Armao was invit­ed to the New York meet­ing because he’s a long­time expert on Ukraine. He says he once advised indi­vid­u­als who were work­ing with for­mer Ukrain­ian pres­i­dent Vik­tor Yushchenko [13] dur­ing the Orange Rev­o­lu­tion protests of 2004–2005. Dur­ing the Octo­ber 7 break­fast, Armao says he was asked whether he could inter­cede with Ukraine’s cur­rent ener­gy min­is­ter in an attempt to revive a con­tract that Kiev had signed with South Korea to bring the nuclear plants up to glob­al stan­dards. . . .

. . . . In late March, then-FBI direc­tor James Comey was asked about Sater’s rela­tion­ship with the FBI when he appeared before the House Intel­li­gence Com­mit­tee. Comey declined to com­ment, pre­sum­ably because Sater spent a decade as a secret gov­ern­ment coop­er­a­tor for both the FBI and at times, the CIA. But in 2015, dur­ing her con­fir­ma­tion hear­ing for the post of U.S. Attor­ney Gen­er­al, Loret­ta Lynch offered a teas­er. In response to a writ­ten ques­tion about Sater by Sen­a­tor Orrin Hatch, she stat­ed that his [decade-long] assis­tance as a fed­er­al coop­er­a­tor was “cru­cial to nation­al secu­ri­ty.” . . . .

7c. In addi­tion, Armao was an appar­ent col­lab­o­ra­tor with prob­a­ble P‑2 mem­ber Francesco Pazien­za, Pope shoot­ing insid­er and Ban­co Ambrosiano co-con­spir­a­tor Francesco Pazien­za. (We dis­cussed Pazien­za at length in AFA #21 [79].

Anoth­er Armao col­lab­o­ra­tor was Marc Rich.

Bill Clin­ton’s last minute par­don of Rich was inves­ti­gat­ed by for­mer FBI chief James Comey and a long-silent Bureau Twit­ter account became active short­ly before the elec­tion, tweet­ing about Marc Rich. (We dis­cussed this in FTR #939 [80].

“Ital­ian Ex-Agent Ordered Extra­dit­ed From U.S.” by Ralph Blu­men­thal; The New York Times; 09/12/1985 [81].

. . . .The pris­on­er, Dr. Francesco Pazien­za, a 39-year-old non­prac­tic­ing physi­cian, has long been a sub­ject of keen inter­est in Italy, where his name has also cropped up in inves­ti­ga­tions of the shoot­ing of Pope John Paul II and of the pur­port­ed plot­tings of a right­ist under­ground. . . .

. . . As recent­ly as last year, Dr. Pazien­za said, he sought to be help­ful to the Amer­i­cans by try­ing to nego­ti­ate a renew­al of the lease for a Unit­ed States intel­li­gence track­ing sta­tion in the Sey­chelles. He said he and two part­ners were then explor­ing an oil ven­ture with the Indi­an Ocean island nation off the east coast of Africa.

He iden­ti­fied the part­ners as Robert Armao and Marc Rich. Mr. Rich is a com­modi­ties bro­ker now under crim­i­nal inves­ti­ga­tion in the Unit­ed States in con­nec­tion with tax eva­sion charges, for which he has already paid a $200 mil­lion civ­il set­tle­ment.

Mr. Armao, head of a New York pub­lic rela­tions com­pa­ny and a for­mer advis­er to the Shah of Iran, large­ly con­firmed Mr. Pazienza’s account. But he said that while a Marc Rich sub­sidiary had been involved in their dis­cus­sions, the oil ven­ture nev­er came about. . . .

8. Here’s some­thing to con­sid­er as destruc­tive cyber­bombs are being pre­emp­tive­ly placed on net­works as a form of cyber-MWDs [82]and the US set­tles into a ‘Cold War’ modal­i­ty with Rus­sia: If any skilled hack­er on the plan­et man­ages to hack a US nuclear pow­er plan, that ‘cold war’ might heat up pret­ty fast whether Rus­sia was behind it or not…especially if there’s a melt­down [83].

“. . . . The Wash­ing­ton Post report­ed [15]Sat­ur­day that U.S. gov­ern­ment offi­cials have already pinned the recent nuclear cyber intru­sions on Rus­sia. . . .

. . . Ana­lysts remain quick to tamp down asser­tions that Russia’s fin­ger­print on the lat­est attack is a sure thing. . . ;

. . . . Still, it’s a pret­ty alarm­ing sit­u­a­tion regard­less of who was behind it, in part because it’s an exam­ple of how poten­tial­ly vul­ner­a­ble things like nuclear plants are to any hack­er, state-backed or not:

. . . . Still, the source said a well-resourced attack­er could try sneak­ing in thumb dri­ves, plant­i­ng an insid­er or even land­ing a drone equipped with wire­less attack tech­nol­o­gy into a nuclear gen­er­a­tion site. Reports indi­cate that the infa­mous Stuxnet worm, which dam­aged Iran­ian nuclear cen­trifuges in the late 2000s, prob­a­bly snuck in on remov­able media. Once inside the “air gapped” tar­get net­work, Stuxnet relied on its own hard-cod­ed instruc­tions, rather than any remote com­mands sent in through the inter­net, to cause cost­ly and sen­si­tive nuclear equip­ment to spin out of con­trol. . . .”

“ ‘Who did it?’ zeroes in on Russ­ian hack­ing” by Blake Sobczak; E&E News; 07/10/2017 [83]

A sophis­ti­cat­ed group of hack­ers has tar­get­ed U.S. nuclear plants in a wide-rang­ing hack­ing cam­paign since at least May, accord­ing to mul­ti­ple U.S. author­i­ties.

The hack­ers tried to steal user­names and pass­words in the hope of bur­row­ing deep into nuclear pow­er net­works, in addi­tion to oth­er util­i­ty and man­u­fac­tur­ing tar­gets.

But the Depart­ment of Home­land Secu­ri­ty, the FBI, sources famil­iar with the ongo­ing inves­ti­ga­tion and non­pub­lic gov­ern­ment alerts told E&E News that heav­i­ly guard­ed nuclear safe­ty sys­tems were left unscathed by any recent cyber intru­sions. Experts say the evi­dence so far points to a remote threat that, while advanced, like­ly could not have leaped from cor­po­rate busi­ness net­works to the crit­i­cal but iso­lat­ed com­put­er net­works keep­ing nuclear reac­tors oper­at­ing safe­ly.

Still, the ques­tion that lingers is, who did it?

Sus­pi­cion has fall­en on hack­ers with ties to Rus­sia, in part because of past intru­sions into U.S. com­pa­nies and for Rus­sia-linked attacks on Ukraine’s pow­er grid in 2015 and 2016.

Ukrain­ian secu­ri­ty ser­vices laid the blame for the grid hacks at Russ­ian Pres­i­dent Vladimir Putin’s feet. Sev­er­al pri­vate U.S. cyber­se­cu­ri­ty com­pa­nies have also drawn links between ener­gy indus­try-focused hack­ing cam­paigns with names like “Ener­getic Bear” back to Russ­ian intel­li­gence ser­vices.

The Wash­ing­ton Post report­ed [15] Sat­ur­day that U.S. gov­ern­ment offi­cials have already pinned the recent nuclear cyber intru­sions on Rus­sia.

Ana­lysts remain quick to tamp down asser­tions that Russia’s fin­ger­print on the lat­est attack is a sure thing.

With­out men­tion­ing any nation-state by name, for­mer Ener­gy Sec­re­tary Ernest Moniz not­ed on Twit­ter that “these ‘advanced per­sis­tent threats’ have long wor­ried U.S. intel­li­gence offi­cials — and recent events prove they are very real.”

Ref­er­enc­ing reports of the recent nuclear cyber inci­dents, he added [84], “These breach­es make plain that for­eign actors are look­ing for ways to exploit US grid vul­ner­a­bil­i­ties. We saw this com­ing.”

If U.S. intel­li­gence agen­cies con­firm Russ­ian secu­ri­ty ser­vices were involved in the attack on nuclear plants, ten­sions with Moscow could esca­late. In a Twit­ter com­ment that attract­ed bipar­ti­san ridicule, Pres­i­dent Trump yes­ter­day morn­ing said that he and Putin had agreed to cre­ate an “impen­e­tra­ble Cyber Secu­ri­ty unit” to guard against hack­ing, only to appar­ent­ly reverse his posi­tion hours lat­er and sug­gest such an arrange­ment “can’t” hap­pen.

Sen. Maria Cantwell (D‑Wash.), rank­ing mem­ber of the Sen­ate Ener­gy and Nat­ur­al Resources Com­mit­tee, reit­er­at­ed her calls for the White House to assess ener­gy-sec­tor cyber vul­ner­a­bil­i­ties and aban­don pro­posed bud­get cuts at the Depart­ment of Ener­gy. “The dis­turb­ing reports of the past 24 hours indi­cate that our adver­saries are try­ing to take advan­tage of the very real vul­ner­a­bil­i­ties of our ener­gy infrastructure’s cyber defens­es,” she said Fri­day.

Draw­ing from the Ukraine play­book

In 2015, a group of hack­ers set sights on sev­er­al Ukrain­ian elec­tric dis­tri­b­u­tion com­pa­nies. The intrud­ers broke into the util­i­ties’ busi­ness net­works with “phish­ing” emails designed to lure employ­ees into click­ing on a doc­u­ment laced with mal­ware.

From there, the attack­ers mapped out their vic­tims’ com­put­er sys­tems, even gain­ing access to the vir­tu­al pri­vate net­work util­i­ty work­ers used to remote­ly oper­ate parts of Ukraine’s elec­tric grid.

On Dec. 23, 2015, after months of wait­ing and spy­ing, the hack­ers struck, log­ging onto the oper­a­tional net­work and flip­ping cir­cuit break­ers at elec­tric sub­sta­tions. They suc­ceed­ed in cut­ting pow­er to sev­er­al hun­dred thou­sand Ukrain­ian cit­i­zens for a few hours in what became the first known cyber­at­tack on a pow­er grid in the world.

At first glance, the lat­est nuclear hack­ers appear to have drawn from the same play­book.

They used a “fair­ly cre­ative” phish­ing email to gain a foothold on tar­get­ed net­works, accord­ing to Craig Williams, senior tech­ni­cal leader and glob­al out­reach man­ag­er for Cis­co Talos, a cyber­se­cu­ri­ty research divi­sion of Cis­co Sys­tems Inc.

Instead of stow­ing mal­ware in the Word doc­u­ment itself, the hack­ers tweaked a con­trol engineer’s résumé into bea­con­ing out to a mali­cious serv­er via a Microsoft com­mu­ni­ca­tions pro­to­col called Serv­er Mes­sage Block. The cyber intrud­ers could then swipe frag­ments of SMB traf­fic con­tain­ing the vic­tims’ login infor­ma­tion to set up an autho­rized con­nec­tion to the tar­get­ed net­work and move on from there, Williams explained.

The tech­nique points to “attack­ers who are ded­i­cat­ed and who’ve done their research,” he not­ed.

While Williams said Cis­co had detect­ed a vari­ety of ener­gy com­pa­nies hit by the phish­ing emails, he point­ed out that “the nuclear sec­tor is extreme­ly hard­ened.”

Get­ting blocked

Nuclear pow­er plant oper­a­tors have to abide by their own set of cyber­se­cu­ri­ty rules estab­lished by the Nuclear Reg­u­la­to­ry Com­mis­sion. Fol­low­ing its most recent cyber­se­cu­ri­ty audits in 2015, the NRC report­ed “sev­er­al very low secu­ri­ty sig­nif­i­cance vio­la­tions of cyber secu­ri­ty plan require­ments.”

None of those vio­la­tions could have result­ed in an immi­nent threat to nuclear safe­ty, the reg­u­la­tor said.

The NRC plans to ramp up cyber­se­cu­ri­ty inspec­tions lat­er this year. The agency has declined to com­ment on reports of the recent cyber breach­es at nuclear pow­er gen­er­a­tion sites.

Nuclear pow­er com­pa­nies have had to account for the pos­si­bil­i­ty of a cyber­at­tack on their safe­ty sys­tems since 2002, accord­ing to NRC guid­ance.

Elec­tric util­i­ties typ­i­cal­ly adhere to a three-step mod­el for pro­tect­ing their most sen­si­tive sys­tems from hack­ers. At a basic lev­el, this set­up involves an infor­ma­tion tech­nol­o­gy net­work — such as a utility’s inter­net-con­nect­ed cor­po­rate head­quar­ters — and an oper­a­tional net­work that includes grid con­trol sys­tems. Com­pa­nies typ­i­cal­ly add a third lay­er or “demil­i­ta­rized zone” bridg­ing those two sides of the busi­ness, replete with fire­walls, cyber­se­cu­ri­ty tech­nolo­gies and oth­er safe­guards.

Nuclear oper­a­tors add at least two more lay­ers to that mod­el, draw­ing lines among the pub­lic inter­net, the cor­po­rate net­work, onsite local area net­works, indus­tri­al “data acqui­si­tion” net­works and, final­ly, the core safe­ty sys­tem over­see­ing radioac­tive mate­ri­als, based on gov­ern­ment guide­lines.

In the U.S., safe­ty sys­tems are often still “ana­logue,” hav­ing orig­i­nal­ly been built in the 1980s or ear­li­er, before the recent spread of web-con­nect­ed tech­nolo­gies.

With­in that last, crit­i­cal zone — Lev­el 4 in nuclear indus­try par­lance — tight phys­i­cal con­trols pre­vent phones and USB dri­ves from get­ting in; and oper­a­tional data is designed to flow only out­ward through “data diodes,” with no poten­tial for online com­mands to enter from the pub­lic inter­net or even the site’s own local area net­work.

“Any­body ever reports that some­body got a con­nec­tion from the inter­net direct­ly or indi­rect­ly into the heart of a nuclear con­trol sys­tem is either full of crap, or is reveal­ing a mas­sive prob­lem with some par­tic­u­lar site, because there should be phys­i­cal­ly no way for that to actu­al­ly be pos­si­ble,” said Andrew Gin­ter, vice pres­i­dent of Water­fall Secu­ri­ty Solu­tions, which mar­kets one such “uni­di­rec­tion­al gate­way” or data diode to the U.S. nuclear sec­tor. “To me, it’s almost incon­ceiv­able.”

Mar­ty Edwards, man­ag­ing direc­tor of the Automa­tion Fed­er­a­tion, who until last month head­ed a team of indus­tri­al con­trol secu­ri­ty spe­cial­ists at DHS, gen­er­al­ly agreed that a remote con­nec­tion would be near­ly impos­si­ble to achieve. “When we test­ed those kinds of [one-way] devices in the lab, we found that you couldn’t cir­cum­vent any of them, basi­cal­ly, because they’re physics-based,” he said. “There’s no way to manip­u­late that stream.”

One source famil­iar with nuclear infor­ma­tion tech­nol­o­gy prac­tices, who agreed to speak about secu­ri­ty mat­ters on con­di­tion of anonymi­ty, said that “in order to have a cat­a­stroph­ic impact, you have to get by the human in the con­trol room” — no easy feat. “You’re talk­ing work­ers who are reg­u­lar­ly screened for insid­er [threat] indi­ca­tors and psy­cho­log­i­cal sta­bil­i­ty.”

Still, the source said a well-resourced attack­er could try sneak­ing in thumb dri­ves, plant­i­ng an insid­er or even land­ing a drone equipped with wire­less attack tech­nol­o­gy into a nuclear gen­er­a­tion site. Reports indi­cate that the infa­mous Stuxnet worm, which dam­aged Iran­ian nuclear cen­trifuges in the late 2000s, prob­a­bly snuck in on remov­able media. Once inside the “air gapped” tar­get net­work, Stuxnet relied on its own hard-cod­ed instruc­tions, rather than any remote com­mands sent in through the inter­net, to cause cost­ly and sen­si­tive nuclear equip­ment to spin out of con­trol.

But the source, who had reviewed recent DHS and FBI warn­ings about recent nuclear cyberthreats, added that there was no indi­ca­tion the actor behind it got close to nuclear oper­a­tors’ crown jew­els.

“To get around the data diodes and all the oth­er defens­es, it’d be unprece­dent­ed at this point,” at least from a U.S. per­spec­tive, said the source.

Would it even be pos­si­ble?

“Maybe if you’re Vladimir Putin,” the source said.

9. Devon Arthurs – a neo-Nazi-turned-Muslim–murdered two of his neo-Nazi room­mates back in May. Bran­don Rus­sell – Arthurs’s sur­viv­ing third room­mate, was found with bomb-mak­ing mate­ri­als, radioac­tive sub­stances and a framed pic­ture of Tim­o­thy McVeigh after police searched their res­i­dence. Rus­sell planned to sab­o­tage a nuclear pow­er plant

Rus­sell, we note, was in the Nation­al Guard. In the Nazi tract Ser­pen­t’s Walk [85], a book we feel is–like The Turn­er Diaries [85]–is intend­ed as a teach­ing tool, oper­a­tional blue­print and man­i­festo, the Under­ground Reich infil­trates the mil­i­tary, gains effec­tive con­trol of the opin­ion form­ing media and, fol­low­ing a series of WMD strikes blamed on Rus­sia and a dec­la­ra­tion of mar­tial law, the Nazis take over the Unit­ed States.

Bran­don Rus­sel­l’s activ­i­ties fit very well into this sce­nario.

“Nation­al Guard ‘neo-Nazi’ aimed to hit Mia­mi nuclear plant, room­mate says” by Dan Sul­li­van; Tam­pa Bay Times; 06/13/2017 [16]

Bran­don Rus­sell, a Nation­al Guards­man and self-described neo-Nazi, had plans to blow up pow­er lines in the Flori­da Ever­glades and launch explo­sives into a nuclear pow­er plant near Mia­mi, his room­mate Devon Arthurs told police.

Pros­e­cu­tors on Tues­day played por­tions of a record­ed inter­ro­ga­tion Arthurs gave in the hours imme­di­ate­ly after he was arrest­ed in the killings of Jere­my Him­mel­man and Andrew Oneschuk.In the video, Arthurs offers a jus­ti­fi­ca­tion for the killings, claim­ing that Rus­sell, the sur­viv­ing room­mate, was prepar­ing to com­mit acts of ter­ror­ism.

“The things they were plan­ning were hor­ri­ble,” Arthurs said. “These peo­ple were not good peo­ple.”

The U.S. Attorney’s Office pre­sent­ed the video excerpts in an effort to get U.S. Mag­is­trate Judge Thomas B. McCoun III to revoke an order grant­i­ng Rus­sell bail, argu­ing that he pos­es a dan­ger to the com­mu­ni­ty.

Late Tues­day, the judge stayed the order. Rus­sell will remain jailed while the judge recon­sid­ers the issue.

Rus­sell, 21, faces explo­sives charges after bomb­mak­ing mate­ri­als were found at his Tam­pa Palms apart­ment May 19 dur­ing the mur­der inves­ti­ga­tion. Arthurs, sep­a­rate­ly, has been charged with two counts of first-degree mur­der in state court.

In the video, Arthurs sits beside a table in a white-walled inter­ro­ga­tion room, his right leg rest­ing over his left knee. He ges­tures with both hands as he casu­al­ly describes Russell’s neo-Nazi beliefs and sup­posed plans to com­mit ter­ror­ist acts.

He said Rus­sell stud­ied how to build nuclear weapons in school and is “some­body that lit­er­al­ly has knowl­edge of how to build a nuclear bomb.”

When a Tam­pa police detec­tive asked Arthurs if his friends had any spe­cif­ic ter­ror­ist inten­tions, he said they had a plan to blow up pow­er lines along Alli­ga­tor Alley, the stretch of Inter­state 75 link­ing Naples with Fort Laud­erdale.

He also said they had a plan to fire mor­tars loaded with nuclear mate­r­i­al into the cool­ing units of a nuclear pow­er plant near Mia­mi.

He said the dam­age would cause “a mas­sive reac­tor fail­ure” and spread “irra­di­at­ed water” through­out the ocean.

“Think about a BP oil spill, except it wipes out parts of the east­ern seaboard,” Arthurs said.

The detec­tive asked why they want­ed to do these things.

“Because they want­ed to build a Fourth Reich,” Arthurs said. He said Rus­sell idol­ized Okla­homa City bomber Tim­o­thy McVeigh.

“He said the only thing McVeigh did wrong was he didn’t put enough mate­r­i­al into the truck to bring the whole build­ing down.”

Assis­tant U.S. Attor­ney Josephine Thomas not­ed dur­ing the hear­ing that the Turkey Point Nuclear Gen­er­at­ing Sta­tion is near Mia­mi.She also not­ed that when bomb squad mem­bers arrived at Russell’s apart­ment, their pagers alert­ed them to the pres­ence of “two radi­a­tion sources.” The crim­i­nal com­plaint says those were tho­ri­um and ameri­ci­um, both radioac­tive met­als.

Russell’s defense attor­ney, Ian Gold­stein, not­ed that author­i­ties have not charged him with pos­ses­sion of nuclear mate­ri­als.

Gold­stein ques­tioned Arthurs’ cred­i­bil­i­ty.

“Devon Arthurs is a per­son who just mur­dered two indi­vid­u­als, who is des­per­ate to save him­self, and, quite frankly, I think he is a few cards short of a full deck,” Gold­stein said. “I hope the gov­ern­ment brings Mr. Arthurs to the tri­al as their prime wit­ness. He’s insane.”

Arthurs, accord­ing to court records, admit­ted to the killings, say­ing Him­mel­man and Oneschuk had dis­re­spect­ed his con­ver­sion to Islam.

“I was like, ‘How could I have done this?’ ” he said in the video played Tues­day. “If I hadn’t done that, there would be a lot more peo­ple dead than just these two guys in this orga­ni­za­tion.”

10. Sur­viv­ing Nation­al Guardsman/Nazi Rus­sell admit­ted to belong­ing to a group call Atom­waf­fen, which is Ger­man for “atom­ic weapon”.

Rus­sell, and the rest of Atom­waf­fen, received a wring­ing endorse­ment from bril­liant Nazi hack­er Andrew Aueren­heimer. Yes, Auern­heimer, who hap­pens to be the kind of skilled hack­er who actu­al­ly might have the abil­i­ty to trig­ger a nuclear melt down some­day, wrote about the whole inci­dent on The Dai­ly Stormer. Accord­ing to Auern­heimer, the two killed room­mates were “friends of friends” and the “Atom­waf­fen are a bunch of good dudes. They’ve post­ed tons of fliers with absolute­ly killer graph­ics at tons of uni­ver­si­ties over the years. They gen­er­al­ly have a lot of fun and par­ty.”

“Neo-Nazi-turned-Mus­lim kills room­mates over ‘dis­re­spect,’ police say” by JASON DEAREN and MICHAEL KUNZELMAN; Asso­ci­at­ed Press; 05/22/2017 [17]

A man told police he killed his two room­mates because they were neo-Nazis who dis­re­spect­ed his recent con­ver­sion to Islam, and inves­ti­ga­tors found bomb-mak­ing mate­ri­als and Nazi pro­pa­gan­da after he led them to the bod­ies.

Devon Arthurs, 18, told police he had until recent­ly shared his room­mates’ neo-Nazi beliefs, but that he con­vert­ed to Islam, accord­ing to court doc­u­ments and a state­ment the Tam­pa Police Depart­ment released Mon­day. . . .

. . . . In the apart­ment with the vic­tims’ bod­ies on Fri­day, inves­ti­ga­tors found Nazi and white suprema­cist pro­pa­gan­da; a framed pic­ture of Okla­homa City bomber Tim­o­thy McVeigh; and explo­sives and radioac­tive sub­stances, accord­ing to the court doc­u­ments.

They also found a fourth room­mate, Bran­don Rus­sell, cry­ing and stand­ing out­side the apartment’s front door in his U.S. Army uni­form.

“That’s my room­mate (Rus­sell). He doesn’t know what’s going on and just found them like you guys did,” Arthurs told the police offi­cers, accord­ing to the report.

Fed­er­al agents arrest­ed Rus­sell, 21, on Sat­ur­day on charges relat­ed to the explo­sives.

The FBI said Rus­sell “admit­ted to his neo-Nazi beliefs” and said he was a mem­ber of a group called Atom­waf­fen, which is Ger­man for “atom­ic weapon.”

Major Caitlin Brown, spokes­woman for the Flori­da Nation­al Guard, con­firmed Rus­sell was a cur­rent mem­ber of the Flori­da Nation­al Guard. But she couldn’t imme­di­ate­ly pro­vide any oth­er infor­ma­tion.

Arthurs start­ed the chain of events on Fri­day when he held two cus­tomers and an employ­ee hostage at gun­point at a Tam­pa smoke shop, police said. He was com­plain­ing about the treat­ment of Mus­lims.

“He fur­ther informed all three vic­tims that he was upset due to Amer­i­ca bomb­ing his Mus­lim coun­tries,” police Detec­tive Ken­neth Nightlinger wrote in his report.

Offi­cers talked Arthurs into let­ting the hostages go and drop­ping his weapon, and took him into cus­tody.

While in cus­tody, police said Arthurs start­ed talk­ing about killing two peo­ple, and then he direct­ed them to a con­do­mini­um com­plex where the four room­mates shared an apart­ment.

“I had to do it,” Arthurs told police. “This wouldn’t have had to hap­pen if your coun­try didn’t bomb my coun­try.”

Inside the apart­ment, the offi­cers found the bod­ies of 22-year-old Jere­my Him­mel­man and 18-year-old Andrew Oneschuk. Both had been shot.

Police called in the FBI and a bomb squad, which found enough explo­sives to con­sti­tute a bomb, accord­ing to fed­er­al agents.

At first, Rus­sell told agents he kept the explo­sives from his days in an engi­neer­ing club at the Uni­ver­si­ty of South Flori­da in 2013, and that he used the sub­stances to boost home­made rock­ets. The agents wrote that the sub­stance found was “too ener­getic and volatile for these types of uses.”

Rus­sell has been charged with pos­ses­sion of an unreg­is­tered destruc­tive device and unlaw­ful stor­age of explo­sive mate­r­i­al. Court records did not list an attor­ney for him.

Andrew Auern­heimer, a noto­ri­ous com­put­er hack­er and inter­net troll, wrote a post about the killings for The Dai­ly Stormer, a lead­ing neo-Nazi web­site.

Auern­heimer, known online as “weev,” said in Sunday’s post that he knew the shoot­ing sus­pect and both of the shoot­ing vic­tims. He said he banned Arthurs from The Dai­ly Stormer’s Dis­cord serv­er, an online forum, for post­ing “Mus­lim ter­ror­ist pro­pa­gan­da” ear­li­er this year.

“He came in to con­vert peo­ple to Islam,” Auern­heimer said dur­ing a tele­phone inter­view Mon­day. “It didn’t work out very well for him.”

Auern­heimer described Him­mel­man and Oneschuk as “friends of friends” and said they belonged to the Atom­waf­fen group.

“Atom­waf­fen are a bunch of good dudes. They’ve post­ed tons of fliers with absolute­ly killer graph­ics at tons of uni­ver­si­ties over the years. They gen­er­al­ly have a lot of fun and par­ty,” he wrote.

———-

11. If any neo-Nazi hack­er is capa­ble of suc­cess­ful­ly tak­ing down a nuclear plant, per­haps as part of a larg­er coor­di­nat­ed neo-Nazi attack or or just on his own, it’s Auern­heimer.

Auern­heimer shares in the McVeigh worship,recently propos­ing crowd-fund­ing a McVeigh mon­u­ment:

“McVeigh Wor­ship: The New Extrem­ist Trend” by Bill Mor­lin; The South­ern Pover­ty Law Cen­ter; 06/27/2017 [86]

 

In extrem­ist cir­cles, there appears to be a bump of inter­est in Tim­o­thy James McVeigh.

Yes, that Tim­o­thy McVeigh. The guy who used a Ryder truck to bomb the Alfred P. Mur­rah Fed­er­al Build­ing in Okla­homa City on April 19, 1995 [87], killing 168 inno­cent chil­dren and adults and wound­ing more than 600 oth­ers.

His act 22 years ago, for those who may have for­got­ten, was the dead­liest ter­ror­ist attack in the Unit­ed States before the attacks of Sept. 11, 2001.

McVeigh was con­vict­ed of ter­ror­ism and exe­cut­ed just three months before those attacks.

His name and heinous crime are not for­got­ten, nor should they be, while there seems to be a grow­ing admi­ra­tion for McVeigh in some extrem­ist cir­cles. One mili­tia hon­cho even likened McVeigh to Jesus Christ.

Check out these recent men­tions of McVeigh:

In mid-May, police in Tam­pa, Flori­da, respond­ed to the scene of a dou­ble-mur­der involv­ing young, self-described neo-Nazis.

Bran­don Rus­sell [88], who shared the apart­ment with the mur­der sus­pect, was charged with pos­ses­sion of bomb-mak­ing mate­ri­als and chem­i­cals, includ­ing ammo­ni­um nitrate – the same kind of mate­r­i­al used by McVeigh.

In Russell’s bed­room at the apart­ment he shared with the mur­der sus­pect and the two slain neo-Nazis, police found a framed pho­to­graph of Tim­o­thy McVeigh. Rus­sell, who’s in cus­tody, hasn’t pub­licly explained that fas­ci­na­tion.

More recent­ly, neo-Nazi Andrew ‘Weev’ Auern­heimer [89], who writes for the racist web site “Dai­ly Stormer,” said he was seri­ous in propos­ing a crowd-fund­ing account to raise mon­ey to build a “per­ma­nent mon­u­ment” in a memo­r­i­al grove hon­or­ing McVeigh.

“Think of it, a gigan­tic bronze stat­ue of Tim­o­thy McVeigh poised tri­umphant­ly atop a Ryder truck, arms raised as if to form an Algiz rune from his body, with a plaque that states the hon­est truth,” Auern­heimer wrote. “Noth­ing would be a greater insult to these piz­za-par­ty guard­ing fed­er­al swine than a per­ma­nent mon­u­ment hon­or­ing [McVeigh’s] jour­ney to Val­hal­la or Fólk­van­gr atop the piles of their corpses.”

“I am not jok­ing,” Auern­heimer wrote. “This should be done. Imag­ine how angry it would make peo­ple.” . . .

12. Is it pos­si­ble that the “com­mand & con­trol” serv­er used in the DNC serv­er hacks was not only hacked and under 3rd par­ty con­trol dur­ing the 2015–2016 DNC hack but also the 2015 Bun­destag hack? As we’re going to see, it’s pos­si­ble.

First, here’s some­thing to keep in mind regard­ing the Ger­man government’s pub­lic attri­bu­tion in mid-May of 2016 that APT28/Fancy Bear is a Russ­ian gov­ern­ment hack­ing group and was respon­si­ble for 2015 Bun­destag hack: As secu­ri­ty ana­lyst Jef­frey Carr notes in the piece below, when Germany’s domes­tic intel­li­gence agency, the BfV, issued a report in Jan­u­ary of 2016 that attrib­uted both APT28 and APT29 to the Russ­ian gov­ern­ment, the report didn’t appear to ref­er­ence any clas­si­fied infor­ma­tion. The con­clu­sions appeared to be based on exact­ly the same kind of tech­ni­cal ‘clues’ that were used for attri­bu­tion in the 2016 DNC hacks. And as Carr also points out, rely­ing on those tech­ni­cal ‘clues’ is a rather clue­less way to go about attri­bu­tion [90]:

“While it’s nat­ur­al to think of Sofa­cy as a group of indi­vid­u­als, it’s more like a group of tech­ni­cal indi­ca­tors which include tools, tech­niques, pro­ce­dures, tar­get choic­es, coun­tries of ori­gin, and of course, peo­ple. Since most bad actors oper­ate covert­ly, we are high­ly depen­dent on the foren­sics. Since many of the tools used are shared, and oth­er indi­ca­tors eas­i­ly sub­vert­ed, the foren­sics can be unre­li­able.”

When cyber­se­cu­ri­ty firms pub­lish reports about some “APT” (Advanced Per­sis­tent Threat) group, they’re not actu­al­ly report­ing on a spe­cif­ic group. They’re report­ing on sim­i­lar tech­ni­cal indi­ca­tors that sug­gest an attack could have been the same group that did a pre­vi­ous hack and noth­ing more than that.

If those tech­ni­cal indi­ca­tors include code that’s avail­able to 3rd par­ty hack­ers and servers that have already been hacked or show vul­ner­a­bil­i­ties to hack­ing, as is the case with the 176.31.112[.]10 Com­mand & Con­trol serv­er used by “APT28” in both the DNC serv­er hack and the Bun­destag hack (with that IP address hard cod­ed in both cas­es), those tech­ni­cal indi­ca­tors are indica­tive of very lit­tle oth­er than some group might be up to their old tricks or some oth­er group is copy­ing (or fram­ing) them:


Prob­lem #1: The IP address 176.31.112[.]10 used in the Bun­destag breach as a Com­mand and Con­trol serv­er has nev­er been con­nect­ed to the Russ­ian intel­li­gence ser­vices. In fact, Clau­dio Guarnieri [91], a high­ly regard­ed secu­ri­ty researcher, whose tech­ni­cal analy­sis was ref­er­enced [92] by Rid, stat­ed that “no evi­dence allows to tie the attacks to gov­ern­ments of any par­tic­u­lar coun­try.”

Prob­lem #2: The Com­mand & Con­trol serv­er (176.31.112.10) was using an out­dat­ed ver­sion of OpenSSL vul­ner­a­ble to Heart­bleed attacks [93]. Heart­bleed allows attack­ers to exfil­trate data includ­ing pri­vate keys, user­names, pass­words and oth­er sen­si­tive infor­ma­tion.

The exis­tence of a known secu­ri­ty vul­ner­a­bil­i­ty that’s triv­ial to exploit opens the door to the pos­si­bil­i­ty that the sys­tems in ques­tion were used by one rogue group, and then infil­trat­ed by a sec­ond rogue group, mak­ing the attri­bu­tion process even more com­pli­cat­ed. At the very least, the C2 serv­er should be con­sid­ered a com­pro­mised indi­ca­tor.

“The exis­tence of a known secu­ri­ty vul­ner­a­bil­i­ty that’s triv­ial to exploit opens the door to the pos­si­bil­i­ty that the sys­tems in ques­tion were used by one rogue group, and then infil­trat­ed by a sec­ond rogue group, mak­ing the attri­bu­tion process even more com­pli­cat­ed. At the very least, the C2 serv­er should be con­sid­ered a com­pro­mised indi­ca­tor.”

Yet, despite these glar­ing issues with the tech­ni­cal indi­ca­tors, when Germany’s BfV issued a report in Jan­u­ary of 2016 pin­ning the blame for the Bun­destag hacks on the GRU and FSB is an assump­tion based on tech­ni­cal indi­ca­tors alone:

..
Prob­lem #3: The BfV pub­lished a newslet­ter [94]in Jan­u­ary 2016 which assumes that the GRU and FSB are respon­si­ble because of tech­ni­cal indi­ca­tors, not because of any clas­si­fied find­ing; to wit: “Many of these attack cam­paigns have each oth­er on tech­ni­cal sim­i­lar­i­ties, such as mali­cious soft­ware fam­i­lies, and infrastructure—these are impor­tant indi­ca­tors of the same author­ship. It is assumed that both the Russ­ian domes­tic intel­li­gence ser­vice FSB and the mil­i­tary for­eign intel­li­gence ser­vice GRU run cyber oper­a­tions.”

It looks like the BfV’s attri­bu­tion that the Russ­ian gov­ern­ment was behind the “APT28” Bun­destag hack was any­thing but sol­id.

Don’t for­get that the attri­bu­tion of the Bun­destag hack is A LOT eas­i­er to make than the attri­bu­tion of the DNC serv­er hack. Why? Because after the Bun­destag hack hap­pen there was lots of dis­cus­sion of it in the cyber­se­cu­ri­ty press, and that includ­ed dis­cus­sion of how the Com­mand & Con­trol serv­er at the 176.31.112[.]10 IP address was vul­ner­a­ble to the Heart­bleed attack.

“Prin­ci­pal con­sul­tant at 20KLeague.com; Founder of Suits and Spooks; Author of “Inside Cyber War­fare (O’Reilly Media, 2009, 2011)” by Jef­frey Carr; Medi­um; 07/27/2017 [90]

Yes­ter­day, Pro­fes­sor Thomas Rid (Kings Col­lege Lon­don) pub­lished his nar­ra­tive [95] of the DNC breach and strong­ly con­demned the lack of action by the U.S. gov­ern­ment against Rus­sia.

Susan Hen­nessey [96], a Har­vard-edu­cat­ed lawyer who used to work at the Office of the Gen­er­al Coun­sel at NSA called the evi­dence “about as close to a smok­ing gun as can be expect­ed where a sophis­ti­cat­ed nation state is involved.”

Then late Mon­day evening, the New York Times [97]report­ed that “Amer­i­can intel­li­gence agen­cies have “high con­fi­dence” that the Russ­ian gov­ern­ment was behind the DNC breach.

It’s hard to beat a good nar­ra­tive “when expla­na­tions take such a dread­ful time” as Lewis Car­roll point­ed out. And the odds are that noth­ing that I write will change the momen­tum that’s rapid­ly build­ing against the Russ­ian gov­ern­ment.

Still, my goal for this arti­cle is to address some of the fac­tu­al errors in Thomas Rid’s Vice piece, pro­vide some new infor­ma­tion about the capa­bil­i­ties of inde­pen­dent Russ­ian hack­ers, and explain why the chaos at GRU makes it such an unlike­ly home for an APT group.

Fact-Check­ing The Evi­dence

Thomas Rid wrote:

One of the strongest pieces of evi­dence link­ing GRU to the DNC hack is the equiv­a­lent of iden­ti­cal fin­ger­prints found in two bur­glar­ized build­ings: a reused com­mand-and-con­trol address?—?176.31.112[.]10?—?that was hard cod­ed [98] in a piece of mal­ware found both in the Ger­man par­lia­ment as well as on the DNC’s servers. Russ­ian mil­i­tary intel­li­gence was iden­ti­fied by the Ger­man domes­tic secu­ri­ty agency BfV as the actor respon­si­ble for the Bun­destag breach. The infra­struc­ture behind the fake MIS Depart­ment domain was also linked to the Berlin intru­sion through at least one oth­er ele­ment, a shared [99] SSL cer­tifi­cate.

This para­graph sounds quite damn­ing if you take it at face val­ue, but if you invest a lit­tle time into check­ing the source mate­r­i­al, its care­ful­ly con­struct­ed nar­ra­tive falls apart.

Prob­lem #1: The IP address 176.31.112[.]10 used in the Bun­destag breach as a Com­mand and Con­trol serv­er has nev­er been con­nect­ed to the Russ­ian intel­li­gence ser­vices. In fact, Clau­dio Guarnieri [91], a high­ly regard­ed secu­ri­ty researcher, whose tech­ni­cal analy­sis was ref­er­enced [92] by Rid, stat­ed that “no evi­dence allows to tie the attacks to gov­ern­ments of any par­tic­u­lar coun­try.”

Prob­lem #2: The Com­mand & Con­trol serv­er (176.31.112.10) was using an out­dat­ed ver­sion of OpenSSL vul­ner­a­ble to Heart­bleed attacks [93]. Heart­bleed allows attack­ers to exfil­trate data includ­ing pri­vate keys, user­names, pass­words and oth­er sen­si­tive infor­ma­tion.

The exis­tence of a known secu­ri­ty vul­ner­a­bil­i­ty that’s triv­ial to exploit opens the door to the pos­si­bil­i­ty that the sys­tems in ques­tion were used by one rogue group, and then infil­trat­ed by a sec­ond rogue group, mak­ing the attri­bu­tion process even more com­pli­cat­ed. At the very least, the C2 serv­er should be con­sid­ered a com­pro­mised indi­ca­tor.

Prob­lem #3: The BfV pub­lished a newslet­ter [94]in Jan­u­ary 2016 which assumes that the GRU and FSB are respon­si­ble because of tech­ni­cal indi­ca­tors, not because of any clas­si­fied find­ing; to wit: “Many of these attack cam­paigns have each oth­er on tech­ni­cal sim­i­lar­i­ties, such as mali­cious soft­ware fam­i­lies, and infrastructure—these are impor­tant indi­ca­tors of the same author­ship. It is assumed that both the Russ­ian domes­tic intel­li­gence ser­vice FSB and the mil­i­tary for­eign intel­li­gence ser­vice GRU run cyber oper­a­tions.”

Pro­fes­sor Rid’s argu­ment depend­ed heav­i­ly on con­vey­ing hard attri­bu­tion by the BfV even though the Pres­i­dent of the BfV didn’t dis­guise the fact that their attri­bu­tion was based on an assump­tion and not hard evi­dence.

Per­son­al­ly, I don’t want to have my gov­ern­ment cre­ate more ten­sion in Russian‑U.S. rela­tions because the head of Germany’s BfV made an assump­tion.

In intel­li­gence, as in oth­er call­ings, esti­mat­ing is what you do when you do not know. (Sher­man Kent)

When it came to attribut­ing Fan­cy Bear to the GRU, Dmit­ry Alper­ovich used a type of esti­ma­tive lan­guage because there was no hard proof: “Exten­sive tar­get­ing of defense min­istries and oth­er mil­i­tary vic­tims has been observed, the pro­file of which close­ly mir­rors the strate­gic inter­ests of the Russ­ian gov­ern­ment, and may indi­cate affil­i­a­tion with ??????? ???????????????? ?????????? (Main Intel­li­gence Depart­ment) or GRU, Russia’s pre­mier mil­i­tary intel­li­gence ser­vice.”

For Cozy Bear’s attri­bu­tion to the FSB, Dmit­ry [100]sim­ply observed that there were two threat actor groups oper­at­ing at the same time while unaware of each other’s pres­ence. He not­ed that the Russ­ian intel­li­gence ser­vices also com­pete with each oth­er, there­fore Cozy Bear is prob­a­bly either the FSB or the SVR: “we observed the two Russ­ian espi­onage groups com­pro­mise the same sys­tems and engage sep­a­rate­ly in the theft of iden­ti­cal cre­den­tials. While you would vir­tu­al­ly nev­er see West­ern intel­li­gence agen­cies going after the same tar­get with­out de-con­flic­tion for fear of com­pro­mis­ing each other’s oper­a­tions, in Rus­sia this is not an uncom­mon sce­nario.”

The Fidelis report [101] on the mal­ware didn’t men­tion the GRU or FSB at all. Their tech­ni­cal analy­sis only con­firmed the APT groups involved: “Based on our com­par­a­tive analy­sis we agree with Crowd­Strike and believe that the COZY BEAR and FANCY BEAR APT groups were involved in suc­cess­ful intru­sions at the DNC.”

When it came to attribut­ing the attack to the Russ­ian intel­li­gence ser­vices, Fidelis’ Mike Bura­tows­ki told reporter Michael Heller [102]: “In a sit­u­a­tion like this, we can’t say 100% that it was this per­son in this unit, but what you can say is it’s more prob­a­ble than not that it was this group of peo­ple or this actor set.”

As Mark Twain said, good judg­ment comes from expe­ri­ence, and expe­ri­ence comes from bad judg­ment. The prob­lem with judg­ment calls and attri­bu­tion is that since there’s no way to be proven right or wrong [103], there’s no way to dis­cern if one’s judg­ment call is good or bad.

The meta­da­ta in the leaked doc­u­ments are per­haps most reveal­ing: one dumped doc­u­ment was mod­i­fied using Russ­ian lan­guage set­tings, by a user named [104] “?????? ??????????,” a code name refer­ring to the founder of the Sovi­et Secret Police

OK. Raise your hand if you think that a GRU or FSB offi­cer would add Iron Felix’s [105] name to the meta­da­ta of a stolen doc­u­ment before he released it to the world while pre­tend­ing to be a Roman­ian hack­er. Some­one clear­ly had a wicked sense of humor.

APT Groups Aren’t Peo­ple. They‘re’ Indi­ca­tors.

[see image of dif­fer­ent names for the APT groups assumed to be Russ­ian [106]]

This is a par­tial spread­sheet for Russ­ian APT threat groups. The one for Chi­na is about four times as big. If it looks con­fus­ing, that’s because it is. There is no for­mal process for iden­ti­fy­ing a threat group. Cyber­se­cu­ri­ty com­pa­nies like to assign their own nam­ing con­ven­tions so you wind up hav­ing mul­ti­ple names for the same group. For exam­ple, CrowdStrike’s Fan­cy Bear group has the pri­ma­ry name of Sofa­cy, and alter­na­tive names of APT28, Sed­nit, Pawn Storm, and Group 74.

While it’s nat­ur­al to think of Sofa­cy as a group of indi­vid­u­als, it’s more like a group of tech­ni­cal indi­ca­tors which include tools, tech­niques, pro­ce­dures, tar­get choic­es, coun­tries of ori­gin, and of course, peo­ple. Since most bad actors oper­ate covert­ly, we are high­ly depen­dent on the foren­sics. Since many of the tools used are shared, and oth­er indi­ca­tors eas­i­ly sub­vert­ed, the foren­sics can be unre­li­able.

Non-Gov­ern­ment Russ­ian Hack­er Groups

Russia’s Min­istry of Com­mu­ni­ca­tion report­ed [107]that Russ­ian cyber­crim­i­nals are re-invest­ing 40% of the mil­lions of dol­lars that they earn each year in improv­ing their tech­nol­o­gy and tech­niques as they con­tin­ue to tar­get the world’s bank­ing sys­tem. Kasper­sky Lab [108] esti­mat­ed earn­ings for one 20 mem­ber group at $1 bil­lion over a three year peri­od.

A com­mon (and erro­neous) ratio­nale for plac­ing the blame of a net­work breach on a nation state is that inde­pen­dent hack­er groups either don’t have the resources or that stolen data doesn’t have finan­cial val­ue. These recent reports by Kasper­sky Lab and Russ­ian Min­istry of Com­mu­ni­ca­tion make it clear that mon­ey is no object when it comes to these inde­pen­dent groups, and that sophis­ti­cat­ed tools and encryp­tion meth­ods are con­stant­ly improved upon, just as they would be at any suc­cess­ful com­mer­cial enter­prise or gov­ern­ment agency.

That, plus the occa­sion­al cross-over between inde­pen­dent Russ­ian hack­ers and Russia’s secu­ri­ty ser­vices makes dif­fer­en­ti­a­tion between a State and non-State threat actor almost impos­si­ble. For that rea­son alone, it should be incum­bent upon pol­i­cy­mak­ers and jour­nal­ists to ques­tion their sources about how they know that the indi­vid­u­als involved are part of a State-run oper­a­tion.

A Night­mare Sce­nario

“Indeed, there will be some pol­i­cy­mak­ers who could not pass a rudi­men­ta­ry test on the “facts of the mat­ter” but who have the strongest views on what the pol­i­cy should be and how to put it into effect.” (Sher­man Kent [109])

Here’s my night­mare. Every time a claim of attri­bu­tion is made—right or wrong—it becomes part of a per­ma­nent record; an un-ver­i­fi­able prove­nance that is built upon by the next secu­ri­ty researcher or start­up who wants to grab a head­line, and by the one after him, and the one after her. The most sen­sa­tion­al of those claims are almost assured of inter­na­tion­al media atten­tion, and if they align with U.S. pol­i­cy inter­ests, they rapid­ly move from unver­i­fied the­o­ry to fact.

Because each head­line is informed by a report, and because indi­ca­tors of com­pro­mise and oth­er tech­ni­cal details are shared between ven­dors world­wide, any State or non-State actor in the world will soon have the abil­i­ty to imi­tate an APT group with State attri­bu­tion, launch an attack against anoth­er State, and gen­er­ate suf­fi­cient harm­ful effects to trig­ger an inter­na­tion­al inci­dent. All because some com­mer­cial cyber­se­cu­ri­ty com­pa­nies are com­pelled to chase head­lines with sen­sa­tion­al claims of attri­bu­tion that can­not be ver­i­fied.

I encour­age my col­leagues to leave attri­bu­tion to the FBI and the agen­cies of the Intel­li­gence Com­mu­ni­ty, and I implore every­one else to ask for proof, even from the U.S. gov­ern­ment, when­ev­er you read a head­line that places blame on a for­eign gov­ern­ment for an attack in cyber­space.