‘Pentagon cyber-espionage op’: US reportedly behind Slingshot malware targeting Mid East & Africa

Cybersecurity firm Kaspersky Lab reportedly busted a major US military asset when it exposed a sophisticated cyber-espionage operation that targeted computer networks in the Middle East.

On March 9, the leading Russia-based cybersecurity company reported their research on a program it called Slingshot, which used a highly sophisticated approach to infect computers with malware through infected routers. The operation had targeted computers throughout the Middle East and some parts of Africa since at least 2012, and required a lot of money and expertise from its creators. A report by an industry news publication, CyberScoop, claims Slingshot was run by the Special Operations Command (SOCOM).

@kaspersky : @Securityblvd provides details on sophisticated that uses compromised to penetrate networks https://kas.pr/889v

The report about the program was the biggest part of the Kaspersky Security Analyst Summit (SAS) this month. The firm’s researchers identified an advanced persistent threat (APT) – a term that usually describes a well-organized and trained group of hackers operating on a regular basis and possibly on behalf of a state government – that found a way to compromise various devises through routers. The attack was described as “remarkable and, to the best of our knowledge, unique” by Kaspersky researchers.

 
© Kirill Kallinikov

The company failed to identify how the routers themselves were infected. But they were used to inject malware into computers. The attack replaced one of the Windows libraries with a malicious one, and then used it to download and install two distinct pieces of malware called Cahnadr and GollumApp, which Kaspersky described as “masterpieces of cyberespionage art.” Combined, the two gave virtually unrestricted access to an attacked computer, harvesting screenshots, key strokes, network traffic, USB connections, clipboard content, and many other things.

The people behind Slingshot also took serious measures to protect their malware from being detected. For example, it can shut down its own components before being exposed by anti-viral software. It also runs its own file system to remain hidden from the computer-operating system, and blocks disc defragmentation to avoid being damaged by the process.

Kaspersky Lab said it has found around 100 victims of Slingshot and its related modules in Kenya, Yemen, Afghanistan, Libya, Congo, Jordan, Turkey, Iraq, Sudan, Somalia and Tanzania. Kenya and Yemen accounted for the majority of the cases. Most of the victims were individuals rather than organizations.

The company said they could not attribute the threat to a particular actor, but believed the people behind it to be “highly organized and professional and probably state-sponsored.” Text clues in the code suggested they were “English-speaking”.

The news report quotes unnamed former and current US intelligence officials, who said that Slingshot was an operation of the Joint Special Operations Command (JSOC), a component of SOCOM. Kaspersky Lab “burned” the program, which is believed to have been an anti-terrorist operation, leaving the American military without a valuable tool and potentially putting American lives at risk, the officials claimed.

 
© Kirill Kallinikov

 

“SOP [standard operating procedure] is to kill it all with fire once you get caught,” CyberScoop quoted a former intelligence official as saying. “It happens sometimes and we’re accustomed to dealing with it. But it still sucks… I can tell you this didn’t help anyone.”

CyberScoop says that Cahnadr and GollumApp are associated with hacker groups widely believed to be the NSA and the CIA respectively in the cybersecurity community. The report implies that Kaspersky Lab should have expected Slingshot to be a US operation.

“It’s clear by the way they wrote about this that they knew what it was being used for,” a senior official told the news service. “GReAT [Kaspersky’s Global Research & Analysis Team] is extremely adept at understanding the information needs of different actors out there on the internet. They take into considering the geopolitical circumstances, they’ve shown that time and time again. It would be a stretch for me to believe they didn’t know what they’re dealing with here.”

When asked about the claim that it damaged a US military operation, Kaspersky Lab denied knowing who the Slingshot APT was.

“As a result of anonymized data, it's impossible for us to tell who the specific targets are. All the company can state is that our users are protected against malicious software that can spy, steal or sabotage data from their computers,” they told RT in a statement.

Kaspersky Lab added that their software does not differentiate between malware based on who created it and for what purpose, as any malware is potentially dangerous, even if created by state actors, because it can always fall into the wrong hands.

Kaspersky Lab is currently in the middle of court battle with the US government over the company’s expulsion from part of the American market. US government entities were banned from purchasing services from Kaspersky after the US intelligence accused the company of providing a backdoor for their Russian counterparts through its anti-virus software. Kaspersky denies the allegations and claimed in its lawsuit that the government’s decision was based largely on uncorroborated news media reports as evidence.

  • Published in World

Moscow slams ‘illegal’ US presence in Syria as Pentagon reserves right for ‘defensive’ attacks

Russia has reminded the US that its presence in Syria is illegal after the coalition struck pro-government militias. Washington however reserved the right for “defensive” attacks to achieve peace “from a position of strength.”

The US presence in Syria is “actually illegal,” the Russian Ambassador to the UN reminded his Western counterparts on Thursday at a closed-door meeting of the UN Security Council. “Nobody invited them there,” Vasily Nebenzya stated, emphasizing that a hard fought for stability in Syria is being jeopardized by US actions.

On Wednesday, the US-led coalition said it carried out several “defensive” airstrikes on Syrian forces in Deir Ez-Zor province in retaliation for what they described as an “unprovoked” attack on the so-called Syrian Democratic Forces (SDF) and foreign military “advisers.”

 
FILE PHOTO. Oil well on the outskirts of the city of Deir ez-Zor. © Mikhail Voskresenskiy

According to the Russian Defense Ministry, the Syrian militia unit was advancing against a “sleeper cell” of Islamic State (IS, formerly ISIS/ISIL) terrorists near the former oil processing plant of al-Isba, when it suddenly came under massive air strikes. At least 25 militiamen were injured in the attack, the Russian MoD noted, clarifying that pro-government troops targeted by the coalition did not coordinate their operation with the Russian command.

The US, however, maintains that the militia attacked the SDF. The Pentagon said Syrian forces moved “in a battalion-sized unit formation, supported by artillery, tanks, multiple-launch rocket systems and mortars.” The battle which lasted over three hours, the US claims, began after 30 artillery tank rounds landed within 500 meters of the SDF unit’s location.

“At the start of the unprovoked attack on Syrian Democratic Forces and coalition advisers, coalition aircraft, including F-22A Raptors and MQ-9B Reapers, were overhead providing protective overwatch, defensive counter air and [intelligence, surveillance and reconnaissance] support as they have 24/7 throughout the fight to defeat ISIS,” Air Forces Central Command spokesman Lt. Col. Damien Pickart told Military.com.

“Following a call for support from Air Force Joint Terminal Attack Controllers, a variety of joint aircraft and ground-based artillery responded in defense of our SDF partners, including F-15E Strike Eagles,” he said in a statement Thursday. “These aircraft released multiple precision-fire munitions and conducted strafing runs against the advancing aggressor force, stopping their advance and destroying multiple artillery pieces and tanks.”

@RT_com 'Actions of the US coalition do not comply with legal norms. Beyond all doubt, it is aggression' https://on.rt.com/8yo4

Damascus called the attack a “war crime,” while the Russian military asserted that Washington’s true goal is to capture “economic assets” in Syria. The Russian Foreign Ministry spokeswoman Maria Zakharova affirmed that the US military presence in Syria poses a dangerous threat to the political process and territorial integrity of the country, while Foreign Minister Sergey Lavrov called the strike another violation of Syria’s sovereignty by the US.

The US, however, remained unmoved, promising to continue to support the US-allied forces in Syria at any cost. “We continue to support SDF with respect to defeating ISIS... ISIS is still there, and our mission is still to defeat ISIS,” Pentagon spokeswoman Dana White said Thursday. “We will continue to support them. Our goal is to ensure that our diplomats can negotiate from a position of strength, with respect to the Geneva process.”

@RT_com 'What right does the US have to defend illegal formations in Syria?' - former US diplomat @JimJatras https://on.rt.com/8yow

“They [US] constantly assert that they are fighting international terrorism there, but we see that they go beyond this framework,” Nebenzya told the UNSC. He warned the US-led coalition members that it is “criminal” to engage the only forces “who actually fight” international terrorism in Syria.

  • Published in World

Coalition will investigate own airstrike that reportedly killed 30+ civilians in Syria – Pentagon

The Pentagon will aid in investigating reports that at least 33 civilian died near the Syrian town of Raqqa during a US-led coalition airstrike, officials said on Wednesday, following accusations from both local media and monitoring groups based abroad.

“At this time, we have no indication that an airstrike struck civilians near Raqqa as the Syrian Observatory for Human Rights claims,” said an official statement from Operation Inherent Resolve, the US-led coalition against Islamic State (IS, formerly ISIS/ISIL).

“However, since we have conducted several strikes near Raqqa we will provide this information to our civilian casualty team for further investigation.”

“CJTF-OIR [Combined Joint Task Force – Operation Inherent Resolve] takes all reports of civilian casualties seriously and assesses all incidents as thoroughly as possible. Coalition forces work diligently to be precise in our airstrikes. Coalition forces comply with the Law of Armed Conflict and take all feasible precautions during the planning and execution of airstrikes to reduce the risk of harm to civilians.”

 
According to local media reports, bombs from a US-led coalition plane hit a school in Al-Badia Al-Ad Dakhiliyah in the south of Al-Mansur, where at least 50 families from Raqqa, Palmyra, and Aleppo had been taking shelter. The school building itself was completely destroyed.
 
 

Al-Mansu is around 30 kilometers (18.5 miles) west of Raqqa, which is held by Islamic State (IS, formerly ISIS/ISIL).

 
Earlier in March, officials from Operation Inherent Resolve admitted responsibility for at least 220 civilian deaths in Syria and Iraq during their campaign against IS. However, the monitoring group Airwars has asserted that this figure may be far below the real death toll, which may be as high as 2,700.

The Pentagon admitted that it had carried out 19 strikes near Raqqa on Monday, three of which destroyed a local IS base. The airstrikes are meant to support the Kurdish-led Syrian Democratic Forces (SDF), an alliance of armed groups currently advancing on Raqqa, the de-facto capital of the extremist Islamist group.

On March 16, a mosque packed with worshipers in the Syrian village of Al-Jinah was hit by a missile strike in which at least 50 people were reportedly killed. The Pentagon has denied responsibility, claiming that it had targeted a nearby town hall being used as a meeting place for IS, with spokesman Captain Jeff Davis claiming the mosque remained “relatively unscathed,” despite video evidence to the contrary.

  • Published in World

Russia disagrees with Trump labeling Iran ‘number one terrorist state’

Russia disagrees with a remark recently made by US President Donald Trump’s that branded Iran as “the number one terrorist state,” Kremlin spokesman Dmitry Peskov said, citing partnership between Moscow and Tehran.

“We do not agree with the definition,” Russian presidential spokesman Dmitry Peskov told reporters on Monday. “All of you know that Russia enjoys warm relations with Iran, we do cooperate on a range of issues, and we do appreciate our economic ties which, we hope, will go further,” he added.

Trump lambasted the landmark nuclear deal reached in 2015 between Iran, the P5+1 (the five permanent members of the United Nations Security Council – China, France, Russia, United Kingdom and United States, plus Germany), and the European Union.

In the first part of the interview with Fox News host Bill O’Reilly, which was published on Sunday, Trump said “they [Iran] have total disregard for our country, they’re the number one terrorist state, they’re sending money all over the place and weapons.”

Earlier in February, one day after the White House imposed new sanctions on Iran in response to a ballistic missile test, US Defense Secretary James Mattis called Tehran the world’s “biggest state sponsor of terrorism.”

“It's no secret for anyone that Moscow and Washington hold diametrically-opposed views on many international and regional policy issues,” said Peskov. “Meanwhile, it can’t be and should not be an obstacle when it comes to forging normal communication and pragmatic mutually-beneficial relations between Russia and the US.”

A meeting between Russian President Vladimir Putin and his Iranian counterpart, Hassan Rouhani, is currently being arranged, Dmitry Peskov also said on Monday.

“Such contacts are being prepared. We’ll inform you of the possible date in due time,” Peskov said when asked if a meeting with the Iranian president was on Putin’s schedule.

Earlier on Monday, Russia’s ambassador to Iran, Levan Dzhagaryan, told RIA Novosti that “Rouhani’s visit [to Russia] is expected to take place in late March.”

“During the talks with the Russian leadership, [the sides] will discuss the main aspects of bilateral relations concerning the political and trade and economic sectors. Aside from this, attention will be paid to the most urgent issues on the regional agenda, such as the situation in Afghanistan, the Caspian problem, and the Nagorno-Karabakh conflict,” Dzhagaryan said.

The Syrian issue will also “take up significant space in the agenda of negotiations,” the ambassador added.

Russian Foreign Minister Sergey Lavrov echoed the Kremlin’s statement, stressing that Tehran takes an active part in fighting Islamic State (IS, previously ISIS/ISIL).

“Iran has never been complicit in any links to IS or Al-Nusra Front whatsoever,” the minister said.

“Moreover, Iran contributes to combatting IS. We have long advocated the idea of creating a unified anti-terrorist front. I am convinced that Iran must be part of our common effort if we evaluate potential contributors to such an alliance objectively,” Lavrov said.

  • Published in World

Pentagon and CIA to Decide on Illegal Interrogation Methods

Washington, Jan 26 (Prensa Latina) The possible US decision to reintroduce illegal interrogation methods to prisoners falls today to the Department of Defense and the Central Intelligence Agency (CIA), according to President Donald Trump.

According to him, who will serve a week in office tomorrow, drowning and other procedures, considered as torture, works well.

However, Trump assured in an interview last night with ABC that he will let the respective Pentagon and the CIA chiefs, James Mattis and Mike Pompeo, decide on the existence of such practices.

I will respect what they say; if they do not want to do that, that is fine; if they want to do it, then I will continue until the end. I want to do everything that one is authorized to legally do, he said.

For the Republican president, it is necessary to fight fire with fire facing the decapitations of Americans and other crimes committed by the terrorist group Islamic State.

These statements by Trump occurred in the context of press releases about his government's presumed assessment of reinstalling secret CIA prisons abroad, known as black sites.

According to Mattis, US Secretary of Defense, building trust with the detainees and rewarding their cooperation is much better.

  • Published in World

Pentagon Wants Psychologists to Reverse Ban on Aiding Torture

The Pentagon is pushing military psychologists to pass a resolution at this year's conference that would allow members to help with torture practices.

The largest psychologists’ association in the United States is reconsidering its ban on helping with torture practices.

RELATED: CIA Knew Torture Program Was Illegal Back in 2002

At its annual conference in Denver that started Thursday, the American Psychological Association will vote on whether to ignore its “do no harm” obligation and allow members to help out with “enhanced interrogation” tactics—a euphemism for torture—at CIA black sites and other detention centers like Guantanamo Bay.

Following a years-long controversy over collusion between psychologists and the U.S., Defense Department, confirmed by the Hoffman Report released last year, the APA introduced strict rules to prevent even tangential aid to torture programs.

“small but powerful group” of military psychologists and former APA leaders are pushing for a rollback, according to psychologist Stephen Soldz, who advocated for the ban. According to the Colorado Independent, the Pentagon pushed the APA to introduce the resolution doing away with is prohibition on being an accesory to violations of international law.

IN DEPTH: US Senate Report on CIA Torture

“The people proposing this bill were very smart and submitted it almost without anybody knowing it. It’s hard to believe, but this is happening without the rank and file membership’s awareness,” psychology professor Dan Aalbers, one of the main backers of the reform, told the Colorado Independent. He added that the vote could be “very close.”

“It’s surreal, really, given the overwhelming support for the new ethics policies, that this issue is popping up again,” said Aalbers.

While some argue psychologists should offer their support to detainees, others maintain that support is fine only as long as the psychologist is acting independently and not on behalf of the military. Military psychologists have been pressured to deny signs of PTSD, for instance.

  • Published in World
Subscribe to this RSS feed