05/13/2014

hacking Belgian ministry External Affairs - More attacks against Belgian networks ?

We are hearing from sources that more attacks against Belgian networks are taking place and that we can suppose that even the network of the Belgian Ministry of External Affairs is still seeing attacks against her network

now this shouldn't supprise you, I don't understand why people are surprised when their network is attacked - especially if their network has information that could be very interesting or worthwhile for people or organisations. It is normal that your network is attacked by these people and organisations because they want that information by all means and you have it on your network so instead of trying to send spies to steal they try to break into your network to get that information. You should expect it and you should protect your network as if you expect these kinds of attacks to happen.

and you should of course analyse them and learn from them and try to implement all the additional security policies and install the new security appliances that you need to let your security evolve with these evolving continuing attacks

in fact you should now change your mindset in many occasions. We are entering a new cold war period if you like it or not but that is the case. If Russia is provoking us by sending nuclear bombers and ships near our borders to test our defenses and places 40.000 troops at the borders of Ukraine why shouldn't it send espionagetools to get the information it wants ? For what good reason wouldn't it do that if it is overwhelming us with propaganda and cutting all the military and diplomatic ties that we have developed over the last 10 years ?

about the virus there some interesting facts

* it already hit Belgium last year twice so it is not an unknown virus on the Belgian territory

* it is a very old espionagetool that has evolved over the years

* it uses two exploits to install itself on a windowssystem

* it installs a vulernable virtual host driver after which it gets the administration rights after which it can exploit the installed vulnerability to downgrade the security of windows so it doesn't aks for a signed driver (so you know where it is from) when a driver is installed in the kernel (and is totally trusted)

* there is a list of websites to block

* there a few snort signatures (or the commercial sourcefire)

you can find all that documentation in this report

http://www.baesystems.com/what-we-do-rai/the-snake-campaign

Permalink | |  Print |  Facebook | | | | Pin it! |

THis is probably how the computer of Belgian External affairs were infected

You have to put the different pieces of the puzzle together

First you have the fact that the military intelligence said that they had people on the ground in Ukraine (as they shouldn't have done their work as they should if they hadn't because it is the first real example of a new Russian military strategy by proxy that could be copied in many other countries (which makes so many other countries in the region nervous to say the least)

Secondly they have discovered the virus and informed External Affairs that they were infected and they were the people who have overviewed the cleanup operation.

Thirdly they say the infection was by the 'Snake virus'

Fourth you read that the Ukranian networks were infected by the Snake virus.

Fifth they say that this virus was developed and installed by the Russian Operators.

"Because it can stay inactive for a number of days, it is extremely hard to detect.

 

Although its origins are unclear, its developers appear to operate it in the same time zone as Moscow and some Russian text is embedded into the code, BAE said.

 

BAE has identified 14 cases of Snake in Ukraine since the start of 2014, compared to eight cases in the whole of 2013. In all there have been 32 reported cases in Ukraine since 2010, out of 56 worldwide.

 

Nigel Inkster, who until 2006 was the head of operations and intelligence at Britain's MI6 foreign intelligence agency, said Russia was most likely behind the cyber-attacks on Ukraine.
http://www.aljazeera.com/news/europe/2014/03/ukraine-comp...

Most notable is the trick used by the developers to load unsigned malware in 64-bit Windows machines, by-passing a fundamental element of Windows security," BAE Systems said in a statement.

There have also been cases of Snake cyber attacks in Belgium, Georgia, Britain, and Lithuania, among others.

The Snake rootkit is a newer version of what has been known in the cybersecurity community as Agen.BTZ. The United States has also been attacked before by a similar malware in 2008 and 2011.
http://www.techtimes.com/articles/4250/20140312/ukraine-w...

Read this report (31 pages)

http://www.baesystems.com/what-we-do-rai/the-snake-campaign

Permalink | |  Print |  Facebook | | | | Pin it! |

05/12/2014

new interesting facts about the hack of the Foreign Affairs of Belgium

First it wouldn't have been too difficult to secure the network because on Belgian television they have said today that the network was offline for the day and that the cleanup operation would be finished by the end of the day. Well, if that is only what it takes to secure or clean up your network, than why didn't it happen earlier ?

Secondly the cleanup is done by the Military Intelligence. Hey, wasn't it the boss of the Belgian military intelligence who said in the newspaper a few weeks ago that everybody knows that the network of the Ministery of Foreign Affairs was unsecure and that everybody knew that ? Something we said that was not really wise to say as you could inspire others to take it on as a target - although that happened already before by the Chinese this time.

Others have informed me that the people responsable for the securisation of their network were not really interested and motivated. That it was really hard to explain to them why several things were necessary.

Thirdly in the papers there is also mention of the fact that our Military intelligence service (spies that is) have people on the ground in Ukraine (as has every public and private intelligence service who respects itself because it is where you can learn the most about the new russian undercover tactics, networks and propaganda). Well, if they were there and they have informed the Ministry of Foreign Affairs that someone was stealing the files about Ukraine on their servers, how did they know ?

there are only a few possibilities

* the embassy in Ukraine itself was the source of the infection and as they work from the same place they have noticed strange things

* another friendly service has informed them that they saw the files pass their filters and that it took their attention

* the files were found by the Ukranian secret services on one of their intercepts or raids

why did the hacker need those files ?

The files were very important because they were about the future economic and financial sanctions that Europe could agree on in one of the next phases. These names make a lot of difference on the stockmarket and so if you have knowledge before as a speculator you can sell all your shares before and if you are on the list you can start moving your funds out of Europe and place them somewhere safe. That information is worth billions.

Permalink | |  Print |  Facebook | | | | Pin it! |

#ukraine US is preparing for the second front (Romania, Moldavia and Transdiestnr)

this is clear

Romania is a member of NATO

Moldavia wants to become member of NATO and the EU

Transdiestnr is a rogue state soviet style where thousands of Russian soldiers are stationed and is being used as a bridgehead to get more 'volunteers' and 'weapons' into Ukraine (with Odessa as the main center of attraction). It is a breakaway region from Moldavia protected by russian 'peacekeepers'.

It wants to be included in Russia but the official papers have been intercepted and didn't arrive at the desk of Putin

the situation can't be more explosive because it is a set of dominos because Moldavia has said that it won't accept the inclusion of Transdiestnr in Russia and Moldavia has been sending more troops to its borders with Transdienstnr.

Instead of running from incident to incident and from hotspot to hotspot it becomes time to have a global approach to the whole region based on some clear principles everybody understands

* there won't be any new states

* there won't be any new borders

* those who want to become member of NATO can at least have a military cooperation agreement and will be protected as such

* those who want to become connected to the EU can at least have economic cooperation agreements and will be helped as such

* countries who want to become member or connected to NATO and EU should respect the human rights and those of minorities

okay, this says, go to hell, Putin

but it is time to state some things very clear

and go to hell, Putin, is very clear

Permalink | |  Print |  Facebook | | | | Pin it! |

#ukraine Nederlandse marine niet meer bij machte eigen zeegebied te beschermen

Russische oorlogsschepen voerden verleden week voor he eerst sinds lang door het Kanaal en dicht bij Engeland. Indien dit gebeurt, dan is dit om de response te testen van de landen zonder dat men moet dreigen. Deze infomatie wordt dan gebruikt voor het bijstellen van eventuele militaire plannen. Wat betreft de Noordzee en Nederland hoeven de Russische militairen zich geen zorgen te maken, terwijl in Nederland de alarmbellen zijn afgegaan. Het is zo dat in vredestijd militaire besparingen elkaar blijven opvolgen en er weinig redenen zijn om dit tegen te spreken (wie zou nu het Kanaal dat strategisch enorm belangrijk is willen bedreigen ?).

Maar zo te zien zijn de militairen in Rusland bezig met een groot aantal testen want het aantal militaire testen, oefeningen, plannen, moderniseringen en testen van de weerbaarheid en opmerkzaamheid van militarie schepen, radars en vliegtuigen rondom hen en tot in de VS begint toch een vreemde tendens aan te nemen.

"Indien de Russische marine gisteravond de route over de Noordzee zag als gereedheidstest voor de marines van omringende landen, scoorde ons land niet best. In de Golf van Biskaje werden de Russen afgelopen woensdag nog waargenomen door Zr.Ms. De Zeven Provinciën. Daarna voeren de zes Russische marineschepen, aangevoerd door het 305 meter lange vliegkampschip RFS Kuznetsov, door richting het Kanaal. Daar werden zij opgevangen door het Britse schip van de wacht HMS Dragon.

Toen zij vervolgens opstoomden richting de Noordzee, moest de Koninklijke Marine echter verstek laten gaan. Waar in het verleden niet-NAVO schepen in deze wateren gevolgd werden, zoals F-16's Russische vliegtuigen nu ook begeleiden, waren er volgens een woordvoerder van het Ministerie van Defensie geen geschikte Nederlandse marineschepen voorhanden. Uit kostenoverwegingen is alleen een mijnenjager gereed voor calamiteiten. Deze schepen kunnen bij bijvoorbeeld rampen op zee wel direct worden ingezet, maar voor het volgen van eskaders zijn zij mede door hun lage maximale snelheid, niet geschikt.

Vooral fregatten -en anders OPV's- kunnen goed ingezet worden om schepen te volgen. Door aflossing van de Zeeland in de West en de Evertsen bij Somalië is echter een groot deel van dat bestand op zee. De resterende fregatten en OPV's zijn in onderhoud of waren gisteravond niet direct beschikbaar.

Ook heeft de marine na de bezuinigingen van 2003 geen maritieme patrouillevliegtuigen meer. De zeemacht moest gisteren daardoor aankloppen bij de Kustwacht en vragen of één van hun toestellen de Russische schepen kon volgen. Dat is niet alleen pijnlijk, van een Kustwachtvliegtuig kan niet hetzelfde worden verwacht als een marinevliegtuig. De twee Dornier 228-212 vliegtuigen van de Kustwacht kunnen weliswaar foto- en video-opnamen maken, maar ontberen systemen om bijvoorbeeld radaruitzendingen te registreren.
http://marineschepen.nl/nieuws/Russisch-eskader-op-de-Noo...

Permalink | |  Print |  Facebook | | | | Pin it! |

#ukraine Putin wants to redraw the whole eastern european borders

"In a speech in parliament on March 18, Putin accused the Bolsheviks of having drawn arbitrary borders between the Soviet republics of Ukraine and Russia — and then, in 1954, of giving Crimea and the city of Sevastopol to Ukraine. He conveniently omitted the fact that, at the same time,lands that had been Ukrainian were handed to the Soviet Russian republic — and remain a part of Russia today.

More important, Putin clearly indicated he believes that borders drawn even earlier — right after the revolution of 1917 — can and should be redrawn. In other words, he positions contemporary Russia as the heir to the Russian Empire as it was constituted under the czars.

A month later, speaking to the public via his annual, highly scripted phone-in hotline, Putin brought other countries into this scenario, saying, “Parts of today’s territories were in Czechoslovakia, parts in Hungary, parts in Austria, parts in the Austro-Hungarian Empire, parts in Poland.” The message here: Look, borders can and have been redrawn — come on, Europe, let’s just divide Ukraine between us. We’ve done it before.
http://www.washingtonpost.com/opinions/after-carving-up-u...

so you see where this can finish

borders are in Eastern Europe part of security and trust and peace, once you start changing them you can have some kind of war (internal or international). Most of the times we had to adapt borders or lay new ones there was the threat of a war. So thinking about changing borders is most of the times also thinking about war.

this is really imperialistic and 19th and 20th century thinking

this is the reason and the basis of all the conflicts to come if one holds on to this line of thinking and it will be the basis and reason for the new cold war, the increase of risk and the changing of the risk and geopolitical situation in this reason

and all that for a 'grand dream' of a 'New Russia'. pfffffff

Permalink | |  Print |  Facebook | | | | Pin it! |

#ukraine a whole region under increasing tension since one month

this is the map

Embedded image permalink

and Russia in investing - as Hitler did - millions in russian nationalistic organisations in these countries (who also organise pseudo military training camps)

Permalink | |  Print |  Facebook | | | | Pin it! |

hacked intranetloginpages assuralia.be (house of insurance companies)

this is the normal page of the intranet presentation page

and this is the page they have added

Permalink | |  Print |  Facebook | | | | Pin it! |

hacked managedservices.be

this is the normal page

this is the new page they have added to that service

Permalink | |  Print |  Facebook | | | | Pin it! |

05/11/2014

#ukraine we live in a mad mad world today

every day we learn about new threats coming out of the Kremlin against countries or territories

every day we learn about money the Kremlin is spending to help Russian minorities organize themselves and be ready when the time is there to change into a 'militia' (Estonia for example)

every day we learn about another agreement or confidence building measure that has been terminated or is no longer used

every week we learn about new provocations in which Russian ships or airplanes test our defenses - even close to our own borders

every week we learn about new russian military plans and we hear new speeches about the 'conquering Russian empire' that wants to unite all the 'russian speaking countries or territories'

every week we are faced with the obligation to invest more money in defense and intelligence and to prepare for the worst

every week we go further back in the past and now we are at the point in which for the moment you can start treating everything Russian as a possible threat

also in your cyberconnections and exchanges

yes our world is becoming a mad bad place, but you have to stay very rational about it and start to cut all the connections with that country that you can't trust anymore and that you should rather not have anymore

for a start increase your cyberdefense budget, just as all the defense and intelligence budgets that are increasing

the world has changed dramatically the last month, so should you if you want to stay safe in this mad mad world

Permalink | |  Print |  Facebook | | | | Pin it! |

what people miss about the hack of the belgian ministery of external affairs for Info about Ukraine

First they say it is done by Russia, but that would be very stupid by Russia if they would have done it themselves and from their own territory, making it possible to have immediately some clear indications. If this is they case, it is very very stupid. So I am not that sur that you would have clear indications like that. The fact that the intelligence services alarmed the Minister of International affairs of Belgium that his netwerk was hacked is an indication that some-one somewhere saw indications about this hacked (partner intelligence service) and informed them.

Another reason is because you normally limit all connections to China, Russia and a few others in your network and you control them more thoroughly. And if you don't have any reason to accept connections from China or Russia than you don't accept them. And if somebody needs that kind of connections that he should ask it to be put on a whitelist.

Secondly that they were after information about Ukraine is also an indication that either the case-officers or Belgian consultat-embassy were infected or that they infected the administrators of the network and only took the information they wanted.

Third it was done with malware. Well there are two ways to do that. Or you send an attachment by email and in any case if there is some antivirus than you have to send a zeroday in word or pdf or xcel to bypass those controls. This means that you need a protection against adavanced attacks and secondly that you need to open all attachments in a sandbox. The other possibility is that someone clicked on a link and installed some malware but this means that his antivirus protections were too limited and that the installment rights he has on his computer were too lax. In the worst case it is one of those XP computers that some time now will be upgraded.

Now this is the second time that this network has been hacked and than they promised that they would upgrade the security of their network. Well, that is now nearly two years ago. The securisation of a network is not a project that has all its normal managers, conferences and meetings without an end, it is above all a hardening operation, a monitoring operation and a cleanup operation.

It is good to have a national strategy and all that but just as you have a warplan in Ukraine, you need the soldiers to realise it every day.

Permalink | |  Print |  Facebook | | | | Pin it! |

#ukraine now transdiestnr will start sending volunteers into Ukraine starting the 12of may

we are beginning to have the first signs of a second front that will be opening soon and will follow the same path as Ukraine

Yesterday there was a lot to do about a Kremlin person (they're all alike) who wanted to take the plane to get a signed letter in which the parliament and other dignitaries of Transdiestnr asked for Russia to help them and to be a part of Russia. But for the moment this letter didn't arrive. Meanwhile they are trying to send as much volunteers and weapons into Ukraine as possible and in these regions with the technology and manpower they can't guard their borders totally closed.

"Russian media replicate the text of a letter signed by the chairman of the Congress of Russian Communities of Moldova, leader Socio-Political Movement "Equality" Valery Klimenko . Message sent supposedly acting in the name Ukrainian President Turchinova .

The text of the letter stated that the Armed Forces of Ukraine authorities ordered " to kill their citizens who disagree with the current political course of Ukraine 's central leadership ." " His aides power attracted illegal armed groups , including the notorious for his cruelty " Right sector . " The result was the death of the slaughter huge number of innocent people , many of whom are Russian and compatriots - hereditary residents and citizens of Ukraine ," - says Klimenko .

" In this regard, the Russian compatriots Moldova require the Congress of Russian Communities of the Republic of Moldova to begin work immediately to mobilize volunteers from Moldova to protect Russian compatriots in Ukraine," - actually threatens Russian agent in Moldova.

According to him, after volunteers from Moldova to Ukraine gush volunteers from other countries. For Ukraine it would be a disaster . " If Ukraine will continue military confrontation with civil society - you open the floodgates for nearly four thousand well-trained fighters , ready to defend against infantry Soldiers of Russian compatriots in Ukraine," - continues to threaten Klimenko .

" Therefore I urge you , Mr. President, to immediately cease any use of force and to begin negotiations on the settlement of the conflict with all stakeholders . Deadline - May 12. If before this date will not change anything and will continue to spill the blood of Russian compatriots - troops will move to the East . And believe me : no borders can not stop them " - promises chairman of the Congress of Russian Communities Moldova.
https://translate.google.com

http://glavcom.ua/news/204896.html

Permalink | |  Print |  Facebook | | | | Pin it! |

#ukraine why US should support Ukraine more if Obama wants to keep its credibility

"Ukraine is not Iraq or Afghanistan. This is not a country where democracy needs to be built from scratch. The Maidan protests of this past winter demonstrated how hungry most Ukrainians are for real, Western-style democracy. Ukraine’s political and business communities are begging for American and European support and aid so that they can build a better future for their country. Again and again they are disappointed by a lackluster response from Washington and Brussels.

 

In his 2009 Cairo speech, Obama voiced “an unyielding belief that all people yearn for certain things: the ability to speak your mind and have a say in how you are governed; confidence in the rule of law and the equal administration of justice; government that is transparent and doesn’t steal from the people; the freedom to live as you choose. Those are not just American ideas, they are human rights, and that is why we will support them everywhere.”

 

I would like to believe that these were not empty words.

 

But if Obama claims that when people rise in defense of democracy “we will support them everywhere,” then certainly we should support them in Ukraine.
http://www.forbes.com/sites/dougschoen/2014/05/08/putin-i...

Permalink | |  Print |  Facebook | | | | Pin it! |

05/10/2014

#ukraine the seperatist referendum today is already finished (the results are already in)

so if anyone calls this

Permalink | |  Print |  Facebook | | | | Pin it! |

05/09/2014

#ukraine the craziest video of the battles in Mariupol

Permalink | |  Print |  Facebook | | | | Pin it! |

#ukraine the different interpretation of the same event

the first is a more militaryminded Ukr observer and the second is an external journalistic observer

the video is when people are trying to stop a tank who is rushing to the positions in Mariupol he has to take up and where a few hundred prorussians are roaming the street, failing already to take a few buildings

Permalink | |  Print |  Facebook | | | | Pin it! |

#ukraine the best blond joke of the Ukraine (leading role for stupidstan series)

she has switched so many times from sides that at the end she doesn't know herself anymore

but she loves her shoes

well she has no choice she has made herself look so stupid she can't stay in office - unless with the help of guns

Permalink | |  Print |  Facebook | | | | Pin it! |

#ukraine fanatic orthodox church members showing antisemite banners and fighting as djihadists

this needs some more information and research but these snippets are no accident

this on the 9th of may day march

and this travelling war journalist of a kind tells me he has been seeing these headbands more and more

this is the english text of the psalm under it with links to all different kinds of explanations, studies

this some commentary about this psalm and its interpretations

and this is their muslim couterpart (which probably inspired them)

so those who thought that antisemitism was not an integral part of this national-bolshevism that is supported by Putin (because not suppressed - even encouraged) the evidence is showing that he is opening a can of old myths and hatred and the question will be if he will be able to control it (that is more often not the case in history)

Permalink | |  Print |  Facebook | | | | Pin it! |

#ukraine russian soldier on tank nearly on the Ukr border (blue sign)

they have retreated a few meters

Permalink | |  Print |  Facebook | | | | Pin it! |

#ukraine russian propagandachannel Russia today showing off russian military

this is really convincing about  your peaceful intentions

 

Permalink | |  Print |  Facebook | | | | Pin it! |