5 October 2018 — Moon of Alabama
Yesterday several NATO countries ran a concerted propaganda campaign against Russia. The context for it was a NATO summit in which the U.S. presses for an intensified cyberwar against NATO’s preferred enemy.
On the same day another coordinated campaign targeted China. It is aimed against China’s development of computer chip manufacturing further up the value chain. Related to this is U.S. pressure on Taiwan, a leading chip manufacturer, to cut its ties with its big motherland.
The anti-Russian campaign is about alleged Russian spying, hacking and influence operations. Britain and the Netherland took the lead. Britain accused Russia’s military intelligence service (GRU) of spying attempts against the Organisation for the Prohibition of Chemical Weapons (OPCW) in The Hague and Switzerland, of spying attempts against the British Foreign Office, of influence campaigns related to European and the U.S. elections, and of hacking the international doping agency WADA. British media willingly helped to exaggerate the claims:
The Foreign Office attributed six specific attacks to GRU-backed hackers and identified 12 hacking group code names as fronts for the GRU – Fancy Bear, Voodoo Bear, APT28, Sofacy, Pawnstorm, Sednit, CyberCaliphate, Cyber Berku, BlackEnergy Actors, STRONTIUM, Tsar Team and Sandworm.”
The “hacking group code names” the Guardian tries to sell to its readers do not refer to hacking groups but to certain cyberattack methods. Once such a method is known it can be used by any competent group and individual. Attributing such an attack is nearly impossible. Moreover Fancybear, ATP28, Pawn Storm, Sofacy Group, Sednit and Strontium are just different names for one and the same well known method. The other names listed refer to old groups and tools related to criminal hackers. Blackenergy has been used by cybercriminals since 2007. It is alleged that a pro-Russian group named Sandworm used it in Ukraine, but the evidence for that is dubious at best. To throw out such a list of code names without any differentiation reeks of a Fear-Uncertainty-Doubt (FUD) campaign designed to dis-inform and scare the public.
The Netherland for its part released a flurry of information about the alleged spying attempts against the OPCW in The Hague. It claims that four GRU agents traveled to The Hague on official Russian diplomatic passports to sniff out the WiFi network of the OPCW. (WiFi networks are notoriously easy to hack. If the OPCW is indeed using such it should not be trusted with any security relevant issues.) The Russian officials were allegedly very secretive, even cleaning out their own hotel trash, while they, at the same, time carried laptops with private data and even taxi receipts showing their travel from a GRU headquarter in Moscow to the airport. Like in the Skripal/Novichok saga the Russian spies are, at the same time, portrayed as supervillains and hapless amateurs. Real spies are neither.
The U.S. Justice Department added to the onslaught by issuing new indictments (pdf) against alleged GRU agents dubiously connected to several alleged hacking incidents. As none of those Russians will ever stand in front of a U.S. court the broad allegations will never be tested.
Katie Wheelbarger, the principal deputy assistant defense secretary for international security affairs, said the U.S. is committing to use offensive and defensive cyber operations for NATO allies, but America will maintain control over its own personnel and capabilities.
If the European NATO allies, under pressure of the propaganda onslaught, agree to that, the obvious results will be more U.S. control over its allies’ networks and citizens as well as more threats against Russia:
NATO’s chief vowed on Thursday to strengthen the alliance’s defenses against attacks on computer networks that Britain said are directed by Russian military intelligence, also calling on Russia to stop its “reckless” behavior.
The allegations against Russia over nefarious spying operations and sockpuppet campaigns are highly hypocritical. The immense scale of U.S. and British spying revealed by Edward Snowden and through the Wikileaks Vault 7 leak of CIA hacking tools is well known. The Pentagon runs large social media manipulation campaigns. The British GHCQ hacked Belgium’s largest telco network to spy on the data of the many international organizations in Brussels.
International organizations like the OPCW have long been the target of U.S. spies and operations. The U.S. National Security Service (NSA) regularly hacked the OPCW since at least September 2000:
According to last week’s Shadow Brokers leak, the NSA compromised a DNS server of the Hague-based Organization for the Prohibition of Chemical Weapons in September 2000, two years after the Iraq Liberation Act and Operation Desert Fox, but before the Bush election.
It was the U.S. which in 2002 forced out the head of the OPCW because he did not agree to propagandizing imaginary Iraqi chemical weapons:
José M. Bustani, a Brazilian diplomat who was unanimously re-elected last year as the director general of the 145-nation Organization for the Prohibition of Chemical Weapons, was voted out of office today after refusing repeated demands by the United States that he step down because of his “management style.” No successor has been selected.
The U.S. arranged the vote against Bustani by threatening to leave the OPCW. Day’s earlier ‘Yosemite Sam’ John Bolton, now Trump’s National Security Advisor, threatened to hurt José Bustani’s children to press him to resign:
“I got a phone call from John Bolton – it was first time I had contact with him – and he said he had instructions to tell me that I have to resign from the organization, and I asked him why,” Bustani told RT. “He said that [my] management style was not agreeable to Washington.”
Bustani said he “owed nothing” to the US, pointing out that he was appointed by all OPCW member states. Striking a more sinister tone,
Bolton said: “OK, so there will be retaliation. Prepare to accept the consequences. We know where your kids are.
According to Bustani, two of his children were in New York at the time, and his daughter was in London.
Russia’s government will need decades of hard work to reach the scale of U.S./UK hypocrisy, hacking and lying.
The propaganda rush against Russia came on the same day as a similar campaign was launched against China. A well timed Bloomberg story, which had been in the works for over a year, claimed that Chinese companies manipulated hardware they manufactured for the U.S. company SuperMicro. The hardware was then sold to Apple, Amazon and others for their cloud server businesses.
Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design.
Both Apple and Amazon denied the story with very strong statements. The Bloomberg tale has immense problems. It is for one completely based on anonymous sources, most of them U.S. government officials:
The companies’ denials are countered by six current and former senior national security officials, who—in conversations that began during the Obama administration and continued under the Trump administration—detailed the discovery of the chips and the government’s investigation.
The way the alleged manipulation is described to function is theoretical possible, but not plausible. In my learned opinion one would need multiple manipulations, not just one tiny chip, to achieve the described results. Even reliably U.S. friendly cyberhawks are unconvinced of the story’s veracity. It is especially curious that such server boards are still in use in security relevant U.S. government operations:
Assuming the Bloomberg story is accurate, that means that the US intelligence community, during a period spanning two administrations, saw a foreign threat and allowed that threat to infiltrate the US military. If the story is untrue, or incorrect on its technical merits, then it would make sense that Supermicro gear is being used by the US military.
There might be financial motives behind the story:
Bloomberg reporters receive bonuses based indirectly on how much they shift markets with their reporting. This story undoubtedly did that.
When the story came out SuperMicro’s stock price crashed from $21.40 to below $9.00 per share. It now trades at $12.60:
The story might be a cover-up for a NSA hack that was accidentally detected. Most likely it is exaggerated half truth, based on an old event, to deter the ‘western’ industry from sourcing anything from producers in China.
This would be consistent with other such U.S. moves against China which coincidentally (not) happened on the same day the Bloomberg story was launched.
One is a very hawkish speech U.S. Vice President Pence held yesterday:
Vice President Mike Pence accused China on Thursday of trying to undermine President Donald Trump as the administration deploys tough new rhetoric over Chinese trade, economic and foreign policies.
Sounding the alarm, Pence warned other nations to be wary of doing business with China, condemning the Asian country’s “debt diplomacy” that allows it to draw developing nations into its orbit.
Pence also warned American businesses to be vigilant against Chinese efforts to leverage access to their markets to modify corporate behavior to their liking.
Another move is a new Pentagon report warning against the purchase of Chinese equipment and launched via Reuters in support of the campaign:
China represents a “significant and growing risk” to the supply of materials vital to the U.S. military, according to a new Pentagon-led report that seeks to mend weaknesses in core U.S. industries vital to national security.
The nearly 150-page report, seen by Reuters on Thursday ahead of its formal release Friday, concluded there are nearly 300 vulnerabilities that could affect critical materials and components essential to the U.S. military.
“A key finding of this report is that China represents a significant and growing risk to the supply of materials and technologies deemed strategic and critical to U.S. national security,” the report said.
The Bloomberg story, the Pence speech and the Pentagon report ‘leak’ on the same day seem designed to scare everyone away from using Chinese equipment or China manufactured parts within there supply chain.
The allegations of Chinese supply chain attacks are of course just as hypocritical as the allegations against Russia. The very first know case of computer related supply chain manipulation goes back to 1982:
A CIA operation to sabotage Soviet industry by duping Moscow into stealing booby-trapped software was spectacularly successful when it triggered a huge explosion in a Siberian gas pipeline, it emerged yesterday.
Mr Reed writes that the software “was programmed to reset pump speeds and valve settings to produce pressures far beyond those acceptable to pipeline joints and welds”.
The U.S. government under Trump – and with John Bolton in a leading position – copied Trump’s brutal campaign style and uses it as an instrument in its foreign policy. Trump’s victory in the 2016 election proves that such campaigns are highly successful, even when the elements they are build of are dubious or untrue. In their scale and coordination the current campaigns are comparable to the 2002 run-up for the war on Iraq.
Then, as during the Trump election campaign and as now, the media are crucial to the public effect these campaigns have. Will they attempt to take the stories the campaigns are made of apart? Will they set them into the larger context of global U.S. spying and manipulation? Will they explain the real purpose of these campaigns?
Don’t bet on it.