Tag Archives: Information Warfare

Turkish Blackhawk Kill Claimed by Kurds on YouTube, Turks “Counterattack” on Twitter.

The Social Media Battlefield: Fighting a Confusing War on Twitter, Youtube and Facebook.

It is the new battlefield, the great equalizer, delivered at the speed of light and impervious to bullets, missiles and armor. It is social media. Increasingly social media is being used as a weapons delivery platform in the information war. It is an equalizer between conventional militaries and insurgent forces, providing a sometimes-terrifying mouthpiece for guerillas and freedom fighters.

Weaponized Social Media (WSM for short) is also a source of misinformation and deception, one wielded effectively whether you are showing video of a U.S. Air Force B-2 stealth bomber strike, or an ISIL insurgent IED suicide attack. Every combatant on the YouTube battlefield is the same size, 800 x 600. For only a few thousand dollars an insurgency can terrorize the world via YouTube. It is the textbook manifestation of Sun Tzu’s axiom on terrorism in his masterwork, “The Art of War”. Sun Tzu wrote, “Kill one, terrorize a thousand”. The damage radius is limited only by the speed of your internet connection and the size of your monitor.

But there are at least two sides to every story, and often many more. During the last 24 hours, a fascinating textbook example of using Weaponized Social Media surfaced on Facebook, YouTube, Twitter and Instagram.

The country of Turkey is in conflict with the covertly U.S.-backed Kurdish People Protection Units, known as the “YPG”. There is also spill-over tacit U.S. support for the Syrian Democratic Forces, the free-Syrians not under Bashar al-Assad. Bashar al-Assad, as you know, is the Syrian President backed by Russia. As with most relationships played out on social media, it’s complicated.

The gray-area support from the U.S. government of the Kurdish People Protection Units (YPG) started during the administration of former President Barack Obama, and continues under President Donald Trump. Trump is a rough-talking gangster of a politician to Obama’s polished attorney voice.

Under Trump’s administration the SDF forces are now 50,000 strong according to reports- they fight Assad’s regular army Syrian units for control and in combat with their common enemy, ISIL. The authoritative publication “Foreign Policy” described the Syrian Democratic Forces (SDF) and their same-side alliance with the Kurdish People Protection Units (YPG) as, “The most capable anti-Islamic State force in northern Syria.” While Russia may not agree with that assessment, there is no doubt the SDF and YPG guerilla forces amount to more than a series of acronyms formed by a Scrabble game gone wrong.

Get out your notebook because it gets more complicated. Enter the Kurdistan Worker’s Party (PKK), listed as a terrorist organization by several states and organizations including NATO. The short story is, SDF and YPG are aligned with the PKK in the fight against ISIL, but not liked by the TAF, the Turkish Armed Forces. You can also call the TAF the “Türk Silahlı Kuvvetleri, or “TSK” if you prefer. The TAF, or TSK if you prefer, are the military forces of the Republic of Turkey. So, the PKK, the SDF and the YPG, backed by the USA, are at odds with the TAF, or TSK if you like.

Before you ask, “WTF?”, just think of it this way for our purposes; The guys in the Blackhawk helicopter in these photos and videos are fighting the guys who launch the rocket at them from the bottom of the mountain.

One video shows the rocket launch from the perspective of the guys firing it. It seems to weave and bob the way rockets do, on its way to the top of the ridge, where a Turkish S-70A helicopter appears. The Turkish Blackhawk dips below the ridge just as the PKK ATGM explodes. The inference is that the guys firing the ATGM hit the Blackhawk.

Click over to the video of the guys up on the ridge with the Blackhawk, being resupplied, it would appear. The wire-guided missile fired from the bottom of the ridge by the first guys videoing, explodes over the heads of the guys on top of the ridge, also videoing. An instant after the rocket explodes the Blackhawk successfully escapes. The point? The one video from the bottom of the ridge suggests the S-70A was hit, a huge victory for those lads. The other video shows the Turkish helicopter flying away, “proof” that it is not a victory, just a near miss and one for the highlight reel on YouTube.

The entire episode is proof of another Sun Tzu principle from “The Art of War”:

“All warfare is based on deception.”

“We Always Managed To Get Behind US-led Coalition Fighter Jets Encountered Over Syria” Cocky Russian Pilot Says

“We always found ourselves ‘on their tails’ as the pilots say, which means victory in a dogfight.” Just the latest chapter of Russia’s hybrid warfare in Syria?

Close encounters between Russian and U.S. aircraft over Syria are nothing new. What’s new is the way this close-quarter Russian/U.S. shadow boxing incidents are reported from both sides: two incidents, one on November 23 and another one on December 13, made headlines in Russia and the U.S. with differing accounts of the nearly identical incidents and the reasons they happened.

For instance, dealing with the first one, according to the Russian version, a Sukhoi Su-35S was scrambled after a U.S. F-22 interfered with two Su-25s that were bombing an Islamic State target and chased the Raptor away. The Russian account was denied by the U.S. Central Command, that in an email to The Aviationist explained that there was no truth in the allegation:

“According to our flight logs for Nov 23, 2017, this alleged incident did not take place, nor has there been any instance where a Coalition aircraft crossed the river without first deconflicting with the Russians via the deconfliction phone line set up for this purpose. Of note, on Nov 23, 2017, there were approximately nine instances where Russian fighter aircraft crossed to the east side of the Euphrates River into Coalition airspace without first using the deconfliction phone. This random and unprofessional activity placed Coalition and Russian aircrew at risk, as well as jeopardizing Coalition ability to support partner ground forces in the area.”

Dealing with the second incident, U.S. officials told Fox News that a USAF F-22 Raptor stealth fighter flew in front of a pair of Russian Air Force Su-25 Frogfoot attack jets near Al Mayadin, Syria, “an area off-limits to Russian jets based on a long-standing mutual agreement”. In an attempt to force the Russian aircraft to change course, the American stealth jet cut across the front of the Russian jets, and released flares (a tactic known as ‘head-butting,’ meant to send a strong warning to an opposing warplane).

A Russian Flanker flying at MAKS 2017 (Jacek Siminski)

Needless to say, this time it was the Russians to deny the version of events: according to the Russian MoD the Su-25s were escorting a humanitarian convoy on the western side of the Eurphrates and it was the U.S. aircraft that crossed the deconfliction line. “A Russian Su-35 fighter jet, performing an air cover mission at an altitude of 10,000 meters, swiftly approached the F-22 from the rear, forcing the American aircraft to leave the area.”

“We saw anywhere from six to eight incidents daily in late November, where Russian or Syrian aircraft crossed into our airspace on the east side of the Euphrates River,” Lt. Col. Damien Pickart of the U.S. Air Forces Central Command told U.S. news outlet CNN recently. “It’s become increasingly tough for our pilots to discern whether Russian pilots are deliberately testing or baiting us into reacting, or if these are just honest mistakes.”

On Dec. 29, the state-run RT media outlet reported:

Russian pilots always managed to get behind US-led coalition fighter jets they encountered in the skies over Syria, a Russian ace said after receiving a state award from President Putin at the Kremlin.

When meeting our partners from the Western coalition in the air, we always found ourselves ‘on their tails’ as the pilots say, which means victory in a dogfight,” Russian Airspace Forces major, Maksim Makolin, said.

The so-called ‘lag pursuit’ when the nose of an attacking plane points at the tail of the opponent’s aircraft is considered the optimum location in an aerial fight. It allows the plane at the back a range of options, from increasing or maintaining range without overshooting to freely attacking, all the while remaining concealed in the blind spot behind the defending aircraft.

Makolin became one of the 14,000 Russian servicemen who received state decorations for their courage and professionalism during the two-year-long Russian campaign in Syria.

We have already discussed these close encounters, the tactical value of supermaneuverability vs stealthiness, the ROE, etc. In this case it’s only worth noticing there is no attempt to ease tensions, quite the contrary, as if certain statements were part of a hybrid warfare made of actual aircraft, as well as cyber warfare, proxy forces and propaganda. In this respect, if you are willing to learn more about “Russia’s campaign to mislead the public and undermine democratic institutions around the world,” I suggest you reading this report here.  “It reveals how the Russian government is conducting a major multi-pronged propaganda campaign to spread false information… […]”

Image credit: Dmitry Terekhov from Odintsovo, Russian Federation/Wiki

A Cyber attack by Syrian Electronic Army may be Assad’s most dangerous reaction to U.S. air strikes

Considered the current status of the Syrian military, whose capabilities have been consumed by a couple of years of war against the rebels of the Free Syrian Army, a series of cyber attacks by the Syrian Electronic Army is the most serious answer the U.S. can expect from Damascus following an attack on Assad’s Chemical Warfare arsenal.

According to Wikipedia:

“The Syrian Electronic Army, also known as the Syrian Electronic Soldiers, is a collection of pro-government computer hackers aligned with Syrian President Bashar al-Assad. Using denial of service attacks, defacement, and other methods, it mainly targets political opposition groups and western websites, including news organizations and human rights groups. The Syrian Electronic Army (SEA) is the first public, virtual army in the Arab world to openly launch cyber attacks on its opponents, though the precise nature of its relationship with the Syrian government is debated.”

Hackmageddon.com Editor Paolo Passeri (@paulsparrows) explains:

“The SEA is not an Advanced Persistent Threat as we know it. Their attacks are limited, not persistent nor advanced.

They usually conduct social engineering attacks against media with the aim to spread their propaganda messages using compromised Twitter accounts or defaced websites. They send spear phishing emails to their targets in order to get the user credentials needed to get into the accounts and post their messages.

Most of times, once compromised, the targeted media disclosed the (successful) attack describing the hack with specific blog posts, like done by The Onion and Outbrain.”

Hackmageddon.com was one of the first ICT security-focused blogs to follow SEA’s activities and record all their hacks in its attack timelines.

In the last hours SEA attacked NYTimes.com (the media outlet had its DNS redirected to a page displaying the “Hacked by SEA” message) whereas Twitter’s domain registrar was changed.

Since they are a looseknit hacker group loyal to Assad, SEA are likely to react to the air strikes that are about to pound Syria. Even if their assault will be not-persistent, not-advanced it could still cause some pain. If not to Obama or the Pentagon, to one of the media outlets that will be reporting about the U.S. air campaign in Syria.

Enhanced by Zemanta

Lockheed's SecurID Breach Also Threatens Online Banking

The same type of attack used recently to get around security measures at Lockheed Martin, and possibly other defense contractors as well, could also be used to hack international banking services, security experts say.

That’s because both the defense and banking industries rely heavily on RSA’s SecurID tokens, 40 million of which are in use around the world.

Small businesses and private users use SecurID tokens to access online banking services, while large corporations use them to authenticate employees who need to remotely or locally access internal networks and resources.

SecurID devices are small, tamper-resistant tokens that generate numeric codes every 30 or 60 seconds. The complex cryptographic algorithm combines three inputs: the token’s serial number, the internal seed (a secret key hard-coded in the token) and absolute computer time (which counts seconds from January 1, 1970 and never repeats).

The same computation is performed by the authentication server, which compares its code with the one provided by the user. If they correspond, the user is granted access.

The seemingly random sequences of numbers generated by SecurID tokens are technically called OTPs (One Time Passwords) — they can be used only once and expire even if never used.

An OTP can’t be modified, changed or altered, and a SecurID token can’t be fixed, opened or reprogrammed. If it’s compromised, a SecurID token must be replaced.

These tokens can also exist as software applications installed on a PC or a smartphone to perform the same function.

Theoretically, the physical possession of the token, PC or smartphone ensures the security of the authentication mechanism. The only circumstance under which an attacker could clone the token (and it would take some time) would be if seeds and token serial numbers had been stolen.

Unfortunately, that’s exactly what seems to have happened.

“On March 17, 2011, RSA, the security division of EMC Corporation, one of the most important players in the IT security market, publicly announced that information that could be used to reduce the effectiveness of their SecurID authentication implementation was compromised,” explained Paolo Passeri, an ICT (Information and Communication Technology) Security expert based in Rome, Italy.

Passeri was among the first to understand that the RSA security breach could be used to attack EMC Security Division’s corporate clients using SecurID tokens.

Two months later, Lockheed Martin, one of the world’s largest suppliers of military hardware to the U.S. and other countries, announced it had suffered a network intrusion. Lockheed Martin disabled all remote access to its internal networks and said it would replace every one of its RSA SecurID tokens – and that RSA would pay the replacement costs.

“Since the information stolen from RSA, alone, could not be used to successfully clone the tokens, in order to perpetrate the attacks, the hackers must have used keylogger malware and phishing campaigns to get the missing pieces of the puzzle (usernames and PINs — personal identification numbers),” Passeri surmised.

In fact, RSA has not publicly disclosed what was taken from its servers in March (it will tell only existing clients who sign a non-disclosure agreement), and Lockheed Martin has not said if or how its attackers had usernames or passwords.

But the problems for defense contractors may have just begun.

….

[Read the rest of my article on Tech News Daily]

Can you believe President Obama exchanged confidential information about Osama Bin Laden raid through pieces of paper?

We already know that secrecy was of paramount importance in Operation Neptune’s Spear. The US willingness to use Stealth Black Hawk helicopters during the Osama Bin Laden raid is a measure of the importance of a mission involving Special Forces, aircraft, ships, drones, satellites and who knows how many new/unknown technologies, deep inside a foreign country’s territory as if Pakistan was the worst American enemy.

As we know, President Barack Obama gave the go ahead to the operation on Apr. 29 at 08.20AM, in the Diplomatic Room, before leaving for Alabama. According to the reports, he had met his “national security adviser Thomas Donilon, counter-terrorism adviser John O Brennan, and other senior national security aides to go through the detailed plan to attack the compound and sign the formal orders authorising it”.

As Italian news station Rainews noticed, few hours later, as Obama arrived in Cape Canaveral, Florida, he quite “stealthily” gave a piece of paper to Air Force General Ed Wilson (Commander, 45th Space Wing, and Director, Eastern Range, Patrick AFB, Fla.) while they shook hands. Gen. Wilson, took another paper from his pocket and, in the same way, put it into the President’s palm.

Even if it is impossible to guess what kind of information they exchanged in such a weird manner, for sure the way the information was transferred as well as the timing of the episode raise some questions. Rainews Director Corradino Mineo ventured the suggestion that the exchanged information could be related to the OBL raid, demonstrating how keeping it confidential was the number one priority of US government.

Even if I find it intriguing, I think this would be a rather clumsy way to exchange secret orders or other intelligence information: in front of cameras and not, for example, during an extremely quick private meeting. Anyway, at the same time, I can’t completely rule out the possibility that those papers contained something as important as Operation Neptune’s Spear orders. However if “mission critical” information must be exchanged on paper to ensure confidentiality, maybe time’s arrived to review Net Centric Warfare doctrine and Joint Battlespace Infosphere concept (just to name but two) which are based on an integrated, secure, internetworked information flow…