"Reports from the area of the Anti-Terrorist Operation, have repeatedly been mentioning the “Smerch” Multiple Rocket Launch System (MLRS) by Russian forces in Ukraine. In a report by Human Rights Watch on September 1, observers confirmed finding remnants of 300 mm Smerch rockets and cluster munitions delivered by 220 mm Uragan rockets.
Currently, Ukrainian soldiers say Russian forces are setting up Smerch launch rocket systems in Novoazovsk and aiming them at the city of Mariupol, the capital of the Donetsk region"
“This is the Smerch Multiple Rocket Launch System. The most horrific weapon on earth after nuclear weapons. Just in 40 seconds the Smerch can launch all of its 12 rockets. Its 300mm (11.8 inch)-diameter rockets can reach targets up to 90 km (56 miles) away and destroy everything alive in an area of 67 hectares (166 acres).
“The Smerch was adopted by the Soviet Army back in 1987, but even now no [non-nuclear] weapon can equal its destructive power…”
and another one
so it appears that people are being trained and prepared to start movements and probably take-overs of buildings in both countries - this is what the rumours and some bits of information say
well better now than too late
what was the most important tool to defend their occupied buildings and block roads
so get all dumps of tyres to burn the stuff (makes electricity) or export it far away
otherwise you may see them here like these - remember them ?
the two biggest social networks that Ukranians use are Russians which means that all their data is on Russian servers and in Russian hands and falls under Russian laws and is now controlled by friends of Putin who have ousted directors who were too independent
imagine that the Russians attack Mariupol this weekend saying that Ukr broke the truce - even if that is totally false
imagine that the NATO troops are in Ukraine and that there is an attack on Mariupol or tension on the border with Transdistnr or whatever
what will they do
sit back and watch ?
and what if a Russian missile is fired at NATO troops ?
a week of tension because the least thing we can say about Putin is that he is predictable :)
information like this has been going around but is now more insisting and has to be linked to information about troop movements of the Russian Troops in Transdistnr
one example of an institution that has connections or relations with Israel and got hacked and leaked
strange that their security department didn't see that
but disabling activist accounts that can go quite fast nowadays
meanwhile more than hundred new Russian tanks and artillery arrived in Rostock by Rail today and were transferred to trucks
a very good collection can be found here https://twitter.com/galandecZP especially of new transports during the truce.... no truce just an increased buildup
actions like these are taking place very day truce or no truce
and you thought they wouldn't test their latest Tools and every tool they had to be sure that they could win this war when it started again - or you just don't think that this is just a pauze
"During the 23 years of independence of Moscow has never renounced its territorial claims against neighboring Estonia. This is evidenced grown Russia "boil" under the name "Republic of Narva". This political project aimed at the destruction of the state of the Baltic countries, can be considered one of the Estonian Donbass, reports Espreso.TV .
Founded by the Danes in the XIII century, the third largest city in Estonia - Narva is located on the "far east" of the country, in fact, on the border with Russia. On the contrary - the Russian Ivangorod, which was once a city with Narva ("Narva" translates as "dual city"). Today, between the two cities is the border, and communication is carried out over the international bridge "Friendship", in which commuter and tourist buses cross the interstate Russian-Estonian border
Residents in Narva, there are about 70 thousand, and the vast majority are Russian, they are more than 90% of the total composition. TV stations in Narva also show mostly Russian.
In Narva, only 46.7% of city residents are Estonian citizens, 36.3% have Russian passports. Another 15.3% have a "gray" passports, that is, not having Russian citizenship, and they are non-citizens of Estonia. So, the election shall be entitled to vote only half of the residents of Narva"
and there is precedence to organize a referendum
"In 1991 and 1993, the Estonian part Prinarovya with predominantly Russian population (Ida-Viru County) attempted proclamation "Prinarovskoi republic" (by analogy with Transnistria), but has not been created even territorial autonomy.
Local authorities Estonian Prinarovya organized voting. Participated in the referendum, 74.2% of voters, 95.0% of whom voted for the preservation of the USSR."
this is how it it should be done
source and more : http://leaksource.info/2014/09/08/e-gate-because-we-say-so/
"Twitter has a reputation as an open platform for expressing one's opinions. It's become a place for dissent and debate. It played a key role in the "Arab Spring" revolutions of the last couple of years.
But last week, it agreed to censor a pro-Ukrainian Twitter feed in Russia. It also blocked a "blasphemous" account in Pakistan. It's not the first time Twitter has censored politically sensitive accounts. Now, it seems, Twitter's reputation as a platform for free speech is at risk.
and this has nothing to do with spam, viruses or other normal illegal acts but with normal democratic free speech that is surpressed in certain countries
by acting like that it in fact has become an instrument in the hands of the dictators and the autocrats even if for that it has to play a game of 'whack a mole'
300 business exécutives all over Europe were infected
from 2002 onwards and nobody saw it
300 shell companies were based in the UK to harvest the data
the data was also about biological warfare and nuclear research
somebody read too many spynovels and did a fast but wrong analysis and quickly confused adware with spyware and spyware with espionagewar and from there to targeted attacks
and maybe the business exécutives were more attacked because they don't like the protections that the others have and nobody has the guts to impose them
and maybe the business exécutives had access to these data but that doesn't mean that they lost that data
except if there is real proof that the adware network was used for real cyberespionage
this is another salestrick as we see more and more often
especially when firms are in for clients or have to face a though quarter or an IPO
meanwhile trust in reporting about cybersecurity got another foot in the mouth
except if they come with real evidence
they are LIARS LIARS LIARS
show me the real evidence of shut up
this is the analysis based upon the pdf with the dangerous IP addresses linked to this cyberespionage operation
and these are in fact known - just as all the other IP ranges to be known as spam and adware - which some of the domains in fact show (and yes the firm Consumer benefit is in the UK)
and there are viruses on the domains but they are ADWARE
"A couple of network blocks came to my attention after investigating some adware ntlanmbn.exe (VirusTotal report) and GFilterSvc.exe (report) both in C:WINDOWSSYSTEM32.
The blocks are 188.8.131.52/27 and 184.108.40.206/28
and many of the URL's are clean by the way
although some have some detection
and than look at this file and you will see that it is about exactly the same operation
so is it all crap because you have distributed your product in the three countries that you have said are touched
because this proofs nothing of what you said
but absolutely nothing
I think it is about time that we begin to prosecute security firms who
* scare markets and countries with false flag information
* find datadumps and don't give them to the authorities but keep them for their own
* find botnets and don't give the IP addresses to the certs concerned
This specific attack has proven to be just the tip of an international cybercrime iceberg. CYBERTINEL has since found records of ‘Harkonnen Operation’ on more than 300 additional organisations in Germany, Austria and Switzerland, targeting key executives
try to explain to your CEO or topmanagment that they can't have access to those documents, that they can't install whatever they want on their computer or smartphone and that the material they get is totally locked down because they are prime targets
if they are smart they ask for that kind of protection or if the firm is smart it is written in their contracts
they should take it as part of the proof that they have become so important that their access to information has become so important to the organisation that they need the 'secret protection' of their hardware and access because they have become the prime targets for any group of specialised dedicated hackers
this is the reason why they should be in permanent 'hardware lockdown' and 'full supervision' and 'full encryption'
try to explain that to your big boss
or try to keep him holding on to that without trying to bypass you or the system
yep it is in the détails again
if you sit down you read the following sentence aloud or to some-one else and look at your own or his or her reaction
"In the past month, Cybertinel has been in touch with 300 current and former victims, who discovered digital clues indicating that the hackers stole sensitive documents — studies on biological warfare and nuclear physics, as well as plans for key (and top-secret) infrastructure, along with the “usual” bank account and credit card data.
the first question is if one of the both kinds of documents may be a diversion and if those documents have been thrown away afterwards or not
if it is a Financial operation they could have done the data-operations to set the investigators on the wrong foot, looking for state actors instead of the tradtional cybercrime operations
if it is a spy operation than the Financial data may be a diversion to make the investigators and the press look for the typical cybercrime operations instead of the state operations
you can also say that if it is a Russian or Chinese operation they may have needed those military or scientific documents to keep the state intelligence services happy so they could operate freely (as long as they didn't attack infrastructure in their own country of course)
The first question for the intelligence agencies in Europe will now be to find the culprits and to dismantle or infiltrate the whole infrastructure or group. The second question will be to know what was lost or may be considered 'compromised' and what is the damage done. And one kind of analysis is what would happen if that information got into the hands of..... Knowing that this kind of information could also be 'put on the market'.
The third question is why that information wasn't protected better ?
"The Harkonnen attacks showed just how easy it is for hackers to pull off a scam, said Ben-Naim. “One of the secrets of their success was that they were in and out quickly, so even though they used the same infrastructure to attack companies, they only remained on a server for a few months.” In the case of their German client — a 30 year old corporation with over 300 employees — the hackers stayed on a little longer than usual, giving the company an opportunity to notice that something was amiss.
“The fact that the attacks were relatively short and specifically directed at certain data, and that the Trojans were unsigned, all contributed to the failure by anyone to realize that a major organized attack was going on for such a long time,” he said. “’You can’t be too careful’ is a lesson I would take from this incident.”
so when people talk about '800 victims' than we should remember that they weren't all victims at the same time but that at some time they were penetrated for some weeks or maximum months and than were left - and it is not clear if they cleaned up the proof afterwards which some attackers do (especially if they have also access to the logs and you don't have a protected 'no access' copy.
but the method was traditional, one of the shell companies wrote an email with a link that was clicked upon by somebody which installed the trojan and that computer was used as the beachhead to get the documents and once the documents or data were found, they've stopped the operation and moved on to the next target
and the trojan was not that complicated they say (before you start shouting about APT and complicated malware)
By the way I hate all that APT and complicated malware stuff because the most complicated malware can be bought online for a several hundred Euro for the most complicated and permanently updated attacktools and secondly even the most simple attacktool now have incorporated some of those 'complicated' functions of the socalled Advanced malware
hackers used since 2002 a real spytactic to hide their hack of 300 european (financial) businesses and instutions
In real espionage you set up a shell company and you make everything look as if it is legitimate - this is important because you don't alert any suspicion straight from the beginning
these attackers spent an enormous lot of money - maybe the result of their first penetrations - to set up real companies on paper and get the paperwork done to look as if it is real. Remember this operation has been going on since 2002 and has only been discovered in august 2014 (so 300 companies and networks have a maximum of 12 years of penetration through a digital beachhead)
other attackers are still too stupid to spend some cash on hiding themselves more professionally but this could change because if you could hide your operations for years by setting up shells - than the Return on Investment is really Worth it
"Unusually for a targeted attack campaign, the group behind Harkonnen chose not to send the exfiltrated data to a hijacked domain, but instead spent $150,000 setting up legitimately registered companies with legitimate domains and certificates in the UK – making it much harder to detect.
“If they would have hijacked legitimate hosts they would have risked detection much earlier, which would have put their entire attack business at risk,” explained Jonathan Gad of Cybertinel partner Elite Cyber Solutions.
“Remember, technically, the infrastructure was completely real. You could look up the companies at Companies House, or the domains etc, and see a real entity with an address and phone number. These hackers were long-term serious hackers, so they made long-term serious investments which look like they paid off.”
Gad told Infosecurity that the lack of checks made on companies registering domains in the UK helped the gang get away with their campaign for so long.
For example, many of the 833 ‘companies’ were registered with the same physical address in Wakefield but with the same phone number, a German number.
In addition many were closed a few months after opening but the certs were renewed annually.
“It does seem that better checks could be done on company registration/cert buying etc to avoid this kind of scam. In other countries a range of additional checks are done when buying certs, so the UK could include some of these too,” Gad argued
off course this makes any company in the UK now look suspicious if it doesn't have enough credentials already - and the UK is not the only one thinking about companies in Russia and China which are spyridden or offshore companies in which you will never know who is behind them
that is also why real business buy businessinformation and analyses before getting into business with a business and maybe this will be a new 'dataleakage' protection service (checking on the business you are sending certain kinds of information) It can also be a blacklist or a list with indicators based upon administrative and business data (turnover for example, number of clients, etc....)
more information can be found here