The Strategy Shelf

Blog

  • Belarusian Helicopters Fly Low into Poland’s Białowieża Forest

    Belarusian Helicopters Fly Low into Poland’s Białowieża Forest

    Setup: Two events aimed at NATO ally Poland were apparently orchestrated by Moscow, Belarus, and Wagner Group mercenaries this week: (1) Wagner mercenaries moved toward the strategic Suwalki gap that joins NATO ally Poland with the Baltics (Estonia, Latvia, and Lithuania), (2) and a military helicopter incursion into Poland by at least two low-flying Belarusian military helicopters some 100 miles to the South over the Białowieża National Park forest area. One helicopter depicted bore the numeral 86 on its side and was reportedly an Mi-8 transport helicopter while the other bearing the numeral 14 was reportedly an Mi-24 Hind attack helicopter. 

    Risk: If the flight path of the Belarusian helicopters was not continuously observed nor captured on radar from start to finish the risk of a bold infiltration of the Polish forest by pro-Russian military elements must be considered for the national security of Poland and the NATO defense. Twitter (now “X”) account @visegrad24 posted photos of the Belarusia-marked helicopters and a map of the purported flight path of the helicopters into Poland, into Białowieża National Park, and back to Belarus which are the feature photograph of this dispatch. However, the flight map may not reflect actual continuous observation, technical or human.

    The Mi-8 transport helicopter is capable of carrying up to 24 combat troops and significant payloads. The door of the Mi-8 transport helicopter captured in private photos and posted to X (formerly Twitter) appeared closed, concealing the payload. The Mi-24 Hind attack helicopter is capable of carrying up to 8 combat troops or 4 litters, its doors also apparently closed.  The Polish forests in the Białowieża National Park forest area could provide thick, substantial cover for infiltrators. See pages of UNESCO Heritage site photos of the Białowieża Forest and the inset Wikimedia posted creative commons image, below:

    https://commons.wikimedia.org/wiki/File:Bialowieza03.jpghttps://commons.wikimedia.org/wiki/File:Bialowieza03.jpg

    Discussion: Reportedly, the breach of Polish airspace was brief, yet it is not clear exactly how long the helicopters were inside Poland, whether they slowed, offloaded, or landed while there. The Polish Defense Ministry reported the flights were at “very low altitude, making detection by radar systems difficult..” suggesting that the flight was not continuously observed by radar and human witnesses during the flight, accentuating the risk of unobserved activities by the helos. The Belarusian defense ministry, as expected, denied the incursion.

    One expert noted that the Belarusian military helicopter incursion was first reported and photographed by people living in the area on the Polish side, suggesting that the Polish military’s radars may have missed the incursion or did not attain continuous monitoring of it.

    The helicopters were reportedly engaged in military exercises when they crossed into Poland, however, the hostilities against Ukraine, a series of threats to Poland over time, and recent Belarusian and Russian musings about using Wagner mercenaries to attack Poland make possible infiltration an issue.

    Recommendations: Poland and Baltic neighbors will benefit from drone surveillance of their borderlands. Poland could benefit from a combination of drone and overhead surveillance of the highest yield hiding areas for small forces inside of and at the perimeters of the Białowieża National Park forest area. Proximity to potentially helpful local features or resources are another consideration for surveillance. Sabotage targets in or surrounding the forest, if any, should also be considered. The area is inhabited with wildlife, including large numbers of bison which could be hunting targets for living off the land for small forces, and the panicked movement of which might be of surveillance value.

    Data from sensors and cameras utilized in natural resource management, park services, farming, outdoor activity, touring, and logging should be protected, preserved, and reviewed by the Polish defense ministry. Tagged bison might also capture uncharacteristic movement of herds, post incursion or insertion.

    A caveat here is if the helicopter flight was meant for political-psychological impact on the Poles only, or whether it was also operational. Political, tactical, and psychological impact could include diversion from actual operations planned or ongoing elsewhere. Whether monitoring the national park area will take up any scarce surveillance resources should be considered and extra surveillance and reconnaissance means found to boost capacity for Poland’s defense and security.

    Efforts to disrupt Polish supply transports by air, rail, or roadway among NATO allies that happen also to be in the Ukraine Defense Contact Group supporting Ukraine’s self-defense should also be considered. For example, if Wagner or other forces brought anti-air capabilities with them, it could make the risk costlier overall.

    Intelligence gathering will always be part of an infiltration, to include for operational security of the small force, reportable strategic or tactical information for a larger force or state, and possibly the contacting of pro-Moscow intelligence operatives or their handled assets.

    Essential: Any thorough vetting of the potential drop-zone and analyses of diversionary risks associated with it will be balanced out by taking the opportunity to bolster and intensify defenses, their adaptability, and proactive, non-predictable measures to reverse the effects of the incursion and its possible risks.

     

     

     

  • Tehran’s and Moscow’s Violations of the Convention on the Legal Status of the Caspian Sea

    Tehran’s and Moscow’s Violations of the Convention on the Legal Status of the Caspian Sea

    Setup:

    Article 2(2) of the Convention on the Legal Status of the Caspian Sea holds that “This Convention shall define and regulate the rights and obligations of the Parties in respect of the use of the Caspian Sea, including its waters, seabed, subsoil, natural resources and the airspace over the Sea.”

    Article 3(2) holds that “The Parties shall carry out their activities in the Caspian Sea in accordance with the following principles:(..) (2) Using the Caspian Sea for peaceful purposes, making it a zone of peace, good neighborliness, friendship, and cooperation, and solving all issues related to the Caspian Sea through peaceful means;

    and Article 3(4) and (5): “(4) Ensuring a stable balance of armaments of the Parties in the Caspian Sea, developing military capabilities within the limits of reasonable sufficiency with due regard to the interests of all the Parties and without prejudice to the security of each other; (5) Compliance with the agreed confidence-building measures in the military field in the spirit of predictability and transparency in line with general efforts to strengthen regional security and stability, including in accordance with international treaties concluded among all the Parties;”

    Argument:

    The Russian Federation and Republic of Iran are using both the surface, subsurface, and airspace over the Caspian Sea for non-peaceful purposes of supporting the prosecution of Russia’s war of aggression against Ukraine. As for the surface of the Caspian Sea, Russia and Iran are using all bands of Party sovereignty across it to support an illegal, destabilizing war on Ukraine. Russia and Iran have also introduced an imbalance of their respective armaments in and over the Caspian Sea outside the “reasonable sufficiency” for regional peace and security.

    The aforementioned armament imbalance and trafficking of weapons in favor of the Russian Federation’s war of aggression against Ukraine, and the illegal war sponsorship of the Republic of Iran over and across other Caspian Convention parties’ Caspian zones violates Article 3(5) by failing to comply with the condition that “predictable and transparent” armaments and military activity in the Caspian will support “general efforts to strengthen regional security and stability including in accordance with international treaties concluded among all the Parties..” to-wit: the Geneva Conventions and the International Convention for the Suppression of Terrorist Bombing represent international treaties, among others violated and likely violated by Russia and Iran in their joint venture prosecuting and sponsoring the illegal, regionally destabilizing war of aggression against Ukraine. The use of the Caspian supports an illegal aggression causing refugee flows, civilian targeting, human trafficking, torture, indiscriminate bombardment, and: (1) Russia’s terroristic rigging for explosion of the Zaporizhzhia Nuclear Power Station (to the direct threat of fallout over the Caspian parties) and (2) the devastating demolition of the Kakhovka Dam (disrupting vital food supplies to the region and international regions of need). 

    Caspian Convention parties’ obligations are to support regional and international treaty based stability, rationality, and security. The above-described and related conduct of the Russian Federation and Republic of Iran reduces the legitimacy of the Caspian Convention such that its mutual obligations have been broken already.

    Remedies

    Adverse risk to Caspian Convention parties could support their prohibition of surface shipments of armaments from Iran to Russia across their respective Caspian waters and airspaces as such trafficking irrationally supports Russia’s destabilizing, illegal aggression against Ukraine and the risk to all Caspian parties that that illegal aggression with terrorist actions represents.

    Caspian Convention parties adversely affected could also seek international technological and security support for the suppression of terrorist sponsorship and non-peaceful activities in their respective waters sponsored by Russia and Iran. This would include all littoral parties to the Convention seeking to protect their sovereignty by showing legally supportable resistance to imbalanced, illegal military behaviors by two member states.

    Chinese, Syrian, North Korean, and terror group activities within the Caspian region that support Russia’s war of aggression against Ukraine could also be considered a violation of outside partisans destabilizing the regional security of members to the Caspian Convention.

  • Conceptual Thoughts: Defending Against the Onyx

    Conceptual Thoughts: Defending Against the Onyx

    Setup: The Kyiv Post ran a practical headline on Thursday, July 20, entitled with subhead, “Ukraine’s Latest Missile Problem – How to Shoot Down Russia’s ‘Onyx’: Russia has taken to using “Onyx” supersonic anti-ship cruise missiles against southern coastal cities, highlighting the shortage of air defense systems capable of taking them on.”

    The Onyx supersonic missile launches upwards briefly. Thrusters nearer the nose adjust their trajectory to a horizontal aspect after which a kerosene-fueled ramjet engine kicks in sending the warhead or submunitions on a flightpath as high as 14 kilometers and as low as 10-15 meters as it approaches the naval targets they were designed for. Yet Russia has been using them against coastal, civilian targets.

    Better and more air defense missiles such as U.S. Patriot missiles could answer the Onyx missile threat, however, not enough air defense missile systems have been sent to Ukraine to do that now. Also, as with other missiles, anti-ship missiles used against navy vessels, coastal installations, or inland targets may eventually release their own decoy countermeasures against interceptors.

    This came to the fore as recently as 2019 regarding ground-based U.S. missile defense system tests. The Society of Concerned Scientists issued a report calling interceptor missile tests in the Ground Based Midcourse Defense (GMD) inadequate for failing to use sufficiently realistic decoys that enemy missles might use. Likely fixed by now the report is instructive of the need to continuously assess and adapt to adversary or enemy attacks, defenses, and countermeasures while adapting our own attacks, defenses, and countermeasures with the flow of change.

    Other Solutions

    Decoys and Electronic Warfare: Yuri Ihnat, spokesman of the Air Force of the Armed Forces of Ukraine suggested to the Kyiv Post that electronic warfare (EW) might be one way to mitigate the Onyx’s impact for areas lacking air defense coverage. EW is already combined with a number of layered naval decoy and air defense countermeasures against anti-ship missiles. And BAE Systems acquired the Australian designed, developed, and joint Aussie-American-built Nulka Active Missile Decoy system, upping the game in anti-ship missile countermeasures.

    Yet Russia is already using anti-ship missiles against the port of Odessa and other coastal targets having announced an intent to treat civilian shipping to Ukrainian ports as hostile military traffic.

    Perhaps layered countermeasures for protecting navy vessels can also defend coastal installations such as the grain storage facility in Odessa and other targets Russia struck this week. While testing that hope, Ukraine will likely be thinking ahead, because coastal infrastructure and inland targets are not the same as naval vessels but broader, more vulnerable targets.

    Anti-aircraft gatling guns may help close-in, however, with the Onyx missiles traveling beyond supersonic speed, it is doubtful.

    Imagine All the Missiles Ditching into the Sea

    To guard coastal and inland installations from Onyx missiles, defenders need to present a broader informational mirage to anti-ship missile sensors and seekers.

    Just as a mirage tells water seekers in the desert to see, hear, and believe that which is not there, so a good decoy system for coastal installations and inland targets will tell incoming missile sensors and seekers what their programmers expect them to see and hear when in fact it is not there. This, so that enemy anti-ship missiles will follow clever ghosts into the sea or into gauntlets of crossfire from close-range gatling guns and or air defense lasers.

    Offensive Countermeasures

    In addition to more air defense solutions, Ukraine could use help with boosted supplies and production of land-based, rocket-fired airborne torpedos that enter the sea within range of enemy vessels, unmanned attack craft, and anti-ship missiles with which to strike back at the Russian Black Sea Fleet which has made itself a legitimate target for its bombardments of Ukraine’s sovereign territory.

    To help Ukraine liberate Ukraine, defeating the Russian Black Sea fleet is necessary.

  • Stalking Horse, Provocateur, and PMC-Pirate for Putin

    Stalking Horse, Provocateur, and PMC-Pirate for Putin

    Set Up: Yevgeny Prigozhin has popped-up again in Belarus, claiming that new Wagner Group deployments are coming, emphasizing Africa and not ruling out future action in Ukraine. This, as Wagner fighters train Belarusian troops near Belarus’s border with Poland, and Russian troops mass with tanks, artillery, and multiple rocket launchers inside Belarus to open up a second attack vector against Ukraine to disrupt Ukrainian Armed Forces’ counteroffensive in Southern Ukraine.

    Prigozhin had disappeared from public view for several days, reputedly in St. Petersburg, Russia, if reports were correct. Some speculated he was dead. Still others that he was not likely dead but working out a deal with Putin for Wagner’s future.

    In all, Prigozhin seems to be operating from a recent historical playbook in his bob-and-move routine.

    Discussion

    In 2015, we wrote that Putin pulled a similar disappearing act after the February 2015 assassination of popular opposition activist and protestor Boris Nemtsov on the Bolshoy Moskvoretsky Bridge in front of the Kremlin. Nemtsov’s February 2015 message-murder-by-Makarov (a standard KGB sidearm carried by Putin earlier in his KGB career) had, by March, unleashed mass protests in the Russian street against the old Soviet secret police method of rule by terror.

    Putin’s disappearance from public view for over a week spurred a “Where’s Waldo” meets “DaVinci Code” news cycle to distract Russians from the Nemtsov street execution. We characterized it like this:

    Putin also needed attention off of himself as related to Nemtsov. The PSYOP approach was to create an aversion effect by constant, frenzied, and anxious news saturation about Vladimir V. Putin for nearly 200 hours straight. At its zenith came a high-profile shock and sleep-depriving news event at a locus of mass cultural fondness and stability, a late night fire at the Novodivechy Convent next to the Kremlin.

    By the time Putin showed up again, the news cycles were worn out with him, which meant that it was unlikely to get ratings if media plowed right back into Putin’s role in the Nemtsov murder.

    And the fire at Novodivechy Convent turned Russians’ attention to something else: the prospect that without Putin, what is familiar from Russia’s imperial past would be lost. This, just before Putin reappeared as a familiar face for stability – the rescuer. The manipulation of fear of loss and chaos after a traumatic event can lead to something of a Stockholm Syndrome relationship between the scariest personality cults and their followers. Nemtsov was not forgotten, but the indignation over his still small voice was swept away in imperial images, symbols, and Russians’ fear of chaos.

    Now compare Prigozhin’s remaking through many social media rants from criminal lord of cannon fodder to patriotic advocate for the rank and file Russian troops (and Putin the martyr misled by the evil military bureaucracy); and into a populist, nationalist leader vowing his “march of justice” against the bureaucracy. The false savior of Russia needed saving for his unnecessary war of legacy against Ukraine, and so Prigozhin played the false disciple Peter, rushing to sever the ears from those who would see Putin fail.

    Note that here is where the face of Prigozhin’s falseness flashes its grim visage: that on one hand he claimed Putin was misled about the war on Ukraine and that it was an unnecessary war; and on the other that he continues to entertain such warfare on Ukraine, has not renounced Putin, and failed all of those he claimed to advocate for.

    Rewind to Putin in 2015, whose Russia-rescue play was deep-cringe psychological warfare masking his own political self-rescue. We put it this way on LinkedIn’s then content article section, Pulse:

    If Boris Nemtsov’s assassination opened a window of doubt in the father-ruler’s children about his love for them, then the father-ruler disappears long enough to make the children feel vulnerable to chaos without the order he imposes. He took their psychological blanket away and left them to sleep in the cold orphanage without his calming, inspiring, and familiar presence for over a week.

    To underscore the point, the very unlikely accident of a fire in the Novodivechy Convent adjacent to the Kremlin complex burned high into the night sky just as the Russian media and public’s anxiety reached its zenith. It was like a great candle had been lit for Putin, then put out, leaving a fitful darkness over Russia.

    The implied message of that fire to the Russian people: a threat to Putin is a threat to all you hold dear.

    Just when all appeared to be fading into darkness…

    Vladimir Putin shows up the next day as the calm, stable salve of all popular anxieties, using a secular play on Russian Orthodox Easter services in which the Savior has reappeared from the tomb. It is a deeply cynical psychological appeal to something deep within the Russian psyche: Resurrection.

    After the psychological operation was over, Boris Nemtsov’s life seemed a distant irrelevancy compared to what unimaginable losses might attend the world chaos absent the saving, strong leadership of Vladimir V. Putin, quasi-Czar and Steward of the Kremlin.

    Reality: Novodivechy Convent, after its extravagant renovation would safely ensconce officials and visitors cozy in the imperial shelter above the street where Russian citizen Boris Nemtsov was murdered. Nemtsov had dared speak for murdered journalists, lawyers, and activists, including Anna Politkovskaya, who wrote against the emperor’s war on Chechnya that prefigured his war on Ukraine. Anna Politkovskaya was executed when she was shot to death outside her Moscow apartment on Vladimir Putin’s birthday.

    Prigozhin pretended to be a friend to those opposing the Ukraine war for a short time. He had even ranted before his ‘march of justice’ that the “special military operation” was a concocted war — yet given his ongoing submission to the Kremlin to date, apparently said it to draw off the poison of the same growing sentiment in the Russian rank, file, and street. Prigozhin the agent provocateur had their backs without really having their backs, taking force away from Russian troops’ demands and likely drawing out military officers’ opposition to Putin’s war for the FSB to hunt and purge. General Sergei Surovikin and now Igor Gurkin, aka Strelkov, have both been reportedly arrested by the FSB among others. Vladimir Solovyov also fit this pattern of acting as a friend to persecuted Russian journalists after Anna Politkovskaya was executed, only later to be revealed as firmly in Putin’s circle.

    Today, Prigozhin’s ongoing advocacy for Wagner Group, his retreat to St. Petersburg, and his new missions suggests that he has been in consistent service to Putin’s interests throughout the feint at Moscow, the purges, and his relocation to Belarus nearby to a new Russian offensive. Maxar satellite photos show a military buildup at the Wagner camp at Osipovichi in Belarus.

    It is possible, even likely, that Prigozhin and Wagner Group will be redeployed against Ukraine along with a reportedly growing Russian force of 100,000. Belarusian forces, if Ukraine strikes Russian forces inside Belarus, may also enter the conflict in the name of self-defense despite that the Lukashenko regime has clearly given material and strategic access support to Putin’s illegal war of aggression against Ukraine.

    Observations, Thoughts, Recommendations

    Information: The active measures patterns reviewed above call for the activation of free nations’ bully pulpits aiding Ukrainians as they fight for life, defense, and freedom, to forcefully repeat:

    (1) That Vladimir Putin, his silovarchs, and those who have signed-onto his agenda as dependent, dedicated proxies have shown that they will push wars of aggression, burn holy sites, concoct false flag attacks, engage in mass human trafficking, spin-off refugee crises, and murder women, children, and innocent men merely for speaking, writing, or standing for truth;

    (2) That Vladimir Putin’s regime is bankrupt of legitimacy for its devolution into an organization purveying war crimes and terrorist acts (Zaporizhzhia, Kakhovka Dam, Mariupol, Bucha, mass child trafficking);

    (3) That China cannot be a legitimate leader in a multi-polar world so long as it supports Russia’s wars of aggression, war crimes, terrorism, and subversion of free nations on rigid communist ideologic or imperial nationalist terms;

    (4) That free nations must pay for the effective, efficient, inventive military buildups necessary to deter global expansion of dictatorships of the above character and systematic evil, and that free nation corporations must be required and aided in their rapid removal of all supportive business benefiting the Russian regime of Vladimir Putin until it is overthrown or the aggression stops;

    (5) That corporate representations and rationalizations for supporting such evil from a business standpoint merely camouflage the evil progressing toward greater control over global commerce routes, supply centers, natural resources, space assets, and strategic places and assets, and as such must be subject to temporary legislation aimed at incentivizing them to cease all such supportive activity. The meaning of fiduciary duty to corporate shareholders must be legislated specifically to define company financial support of foreign nation threats to free nation commerce, rule of law, governance, instruments of power, resources, and other vital interests necessary to the viability of future business freedoms, shareholder freedoms, and property rights to be a breach of fiduciary duty to the shareholders.

    Action

    Free nations require buildups and updates in effective military assets to deter wider war while doing all that can be done to stop the expansion of aggressor dictatorships against their vital multinational interests.

    Free nations should not telegraph themselves unless it serves the freedom interest with effective results to deter and if necessary defeat aggressors. Free nations must have leeway to reverse illegal, damaging, and indirectly-lethal actions against them by adversaries, whether kinetic or non-kinetic. A model for gray warfare aimed at deterring, thwarting, stopping, and exacting compensation for losses imposed on free nations by dictatorships and non-state dictatorial terrorist groups’ requires defining, funding, and tasking.

    Dictatorships’ and terror regimes’ damaging and/or lethal actions against free peoples, people yearning for freedom, and free nations’ vital interests and legitimate, lawful instruments of power must meet with free nation gray warfare to deter the death of free nations by millions of cuts. Free nation rights to sovereignty, trade, commerce, resourcing, and self-defense depend on stopping, deterring, and defeating aggressor dictatorships’ gray warfare.

  • Did Storm 0558 Access an On-Premises Hardware Security Module?

    Did Storm 0558 Access an On-Premises Hardware Security Module?

    Set-up: On June 14th @Serghei for Bleeping Computer tweeted that “Microsoft says it still doesn’t know how Storm-0558 Chinese hackers stole an inactive MSA consumer signing key used to breach the Exchange Online and Azure AD accounts of two dozen organizations, including U.S. government agencies.”

    Bleeping Computer seemed to rely on a June 14th update at Microsoft’s security blog, specifically that:

    “Storm-0558 acquired an inactive MSA consumer signing key and used it to forge authentication tokens for Azure AD enterprise and MSA consumer to access OWA and Outlook.com.”

    “The method by which the actor acquired the key is a matter of ongoing investigation.”

    Microsoft Marketing Instructional on Hardware Security Modules (HSM)

    If I understand Microsoft’s learning piece on Azure Key Vault Managed HSM, Microsoft signing keys, including MSA consumer signing keys, are protected by Hardware Security Modules. Azure Key Vault is either a cloud-based unmanaged Hardware Security Module or a Microsoft managed Hardware Security Module with attributes listed in the article. However, as Microsoft explains the service, we learn that Azure Key Vault Managed HSM allows customers to “Import keys from your on-premises HSMs” and to “Generate HSM-protected keys in your on-premises HSM and import them securely into Managed HSM.”

    This suggests that security signing keys, among other keys, may be generated with a physical on-premises Hardware Security Module in the customer’s control, either on a portable device or on their local computers or servers.

    As discussed on Strategy Shelf on Saturday July 15th, Microsoft has a robust server business in Singapore and has set-up a major server and hardware recycling center called Microsoft Circular Center for hardware lifecycle management there.

    More Specific Questions

    Considering all of the above, today we can more specifically ask: Did Storm-0558 access an on-premises Hardware Security Module or Modules on a Microsoft customer’s device hardware or on Microsoft Corporation’s hardware, and use it to forge an MSA consumer signing key?

    If the access to the Hardware Security Module and the acquisition of signing keys was from a Microsoft B2B customer’s on-premises hardware, where in the lifecycle of the hardware was the hardware exploited or breached? Manufacturing, supply chain, or onsite?

    If the HSM relies on embedded chip technology, is it possible the chip in the supply chain was spiked by Chinese state actors or insiders handled by them to make it easier for hackers to acquire the signing keys?

    Or in the alternative, was the hack enabled by an on-premises or transitional phase physical security theft and or breach of the physical HSM hardware?

  • Pattern Leads: Singapore Servers a Factor in China Hack?

    Pattern Leads: Singapore Servers a Factor in China Hack?

    Set-up: A Chinese hacker group called Storm-0558 reportedly breached accounts inside more than 24 organizations, including U.S. State Department officials’ Microsoft accounts leading-up to Secretary Antony Blinken’s June trip to Beijing. The hackers exploited a validation coding error enabling them to forge Azure AD tokens using an acquired Microsoft account (MSA) consumer signing key, as a cryptographic tool, according to the Wall Street Journal (WSJ). Microsoft continues to investigate how the hackers got the cryptographic key and other unanswered questions.

    Observed Anecdotes and Trends: Singapore Servers and Profile-Locations

    VPN Server Anecdote: The WSJ stories immediately reminded me of recent VPN disconnects on a device with an associated “Certificate Verification Error” in the logs. A week or so later came a most unexpected change from the U.S.-located servers that my settings routinely connected me to, over onto a “Myanmar” server. I shut down the connection and raised hell with the VPN company about “Myanmar” servers. I was told that the company’s Myanmar servers are really in Singapore.

    Hack Bait Anecdote: Singapore servers were also the reported origin or latest waypoint for the greatest number of spam / phishing attacks aimed at and blocked from my company website based on recent stats. Then there is the LinkedIn China-Singapore social engineering phenom.

    Social Engineering for Secrets and Greenbacks, Trend: Singapore brings to mind many, many PRC-origin and styled LinkedIn profiles with very few connections that list Singapore as their location or site for university or professional education.

    These profiles often present images and identities of attractive young professional women or men ostensibly working for western firms and persistently following, liking, reacting, and if possible, communicating and connecting with national security and defense professionals. Some are likely state actors working espionage desks, others are criminals, and or intermediary agents for mainland China and other state actors.

    Anecdote: Gamers Complain of Chinese Hacker Latency on Singapore Based Servers: Three key causes of latency (delayed loading, slow performance) on servers are distance from the host servers, high network traffic loads, and server overload in processing mass requests.

    Apparently, gamers have been complaining about high latency on some Singaporean servers hosting their games. Reddit forums cite Chinese hackers causing latency on Singaporean servers. User SoloQHerolol wrote “Asian Servers are plagued by Chinese Hackers,” and another, with 339 upvotes wrote “Singapore servers are absolutely full of bot. Use that information as you please,” as comments blame hackers from China for bot traffic. These are anecdotal samples suggesting that the traffic of Chinese hackers and bots causes latency on Singapore’s servers.

    Recent History Context: PLA Threat to Singapore of Retaliation: In 2016 Singapore was openly threatened by PLA Major General Jin Yinan, influential strategic military advisor and PLA National Defense University professor who decried the use of Singapore’s Changi Naval Base by the US military and Singapore’s independent views on South China Sea rights. The PLA general’s wolf-warring words targeted Singapore on Chinese state radio that October: (excerpts follow…)

    “It’s inevitable for China to strike back at Singapore, and not just on the public opinion front,” the PLA General said. “Since Singapore has gone thus far, we have got to do something, be it retaliation or sanction. We must express our discontent.”

    “We understand [Singapore] has to survive among big countries,” General Jin said. “But now Singapore is not seeking balance among big countries – it is playing big countries off against each other … this is playing with fire.”

    “Singapore claims it is a non-aligned country and its Changi Naval Base is an open port. But why don’t you invite the Chinese navy to berth at it?” he asked.

    Within a few years the PLA Navy was berthing in Singapore and running joint naval drills with the City State, albeit not eclipsing the United States military partnership.

    Singapore plays its neutrality between China and the U.S. in part analogy to the way Switzerland plays neutrality to Russian versus U.S. interests. Neutral states balancing between East and West; between autocracy and freedom.

    Major Gen. Jin Yinan’s 2016 threats clearly leveraged Singapore. They also promised retaliation that could logically include loopholes for Chinese HUMINT, insider recruitment, access to servers, hardware, and related assets, information, and supply chains.

    Such incursions would not be edgy at all in PLA terms. Edgy for the PLA and Chinese intelligence is hunting down dissidents in free nation cities and campuses; flying military sorties over South Korean territory; proliferating nuclear technology to tinpot dictators; terraforming islands bristling with military navy and air assets from shoals in the South China Sea; militarizing fishing boats and ramming vessels flying neighbor-nation flags; shooting lasers at U.S. military pilots’ eyes; and clipping U.S. surveillance planes in international airspace.

    Microsoft’s Singapore Server Lifecycle Management:  In 2022 Microsoft established its first eastern Circular Center of hardware lifecycle management in Singapore, reportedly processing some 12,000 servers per month for reuse. That figure implies a dense, vast global industry in server farms, data centers, and related supply-resupply chains inside of Singapore. That is an immense number of servers throughout their lifecycles to keep secure. The connections, servicing, support, communications, and labor to sustain data centers in Singapore including Microsoft’s clients, contractors, and competitors implies significant, complex interrelatedness between Singaporean servers and the world.

    More Storm-0558 Attack Specifics: WSJ’s reporting zeroed in on the “cryptographic protection system” breach implied by the PRC’s hack discovered in June 2023:

    With the latest attack, the Chinese went a step further in their stealth technique. They gained access to the guts of Microsoft’s cryptographic protection system and used it to produce digital tokens—long strings of numbers and letters that are stored in the browser and act as a digital passport for Microsoft’s online services. 

    Microsoft’s Incident Response blog put it this way:

    Storm-0558 acquired an inactive MSA consumer signing key and used it to forge authentication tokens for Azure AD enterprise and MSA consumer to access OWA and Outlook.com. All MSA keys active prior to the incident – including the actor-acquired MSA signing key – have been invalidated.

    Patterns to Formulate Research Question

    Questions: Given the patterns and events above, could Storm-0558 have obtained inactive MSA consumer signing key by accessing component physical servers due for recycling that had been part of the virtual cloud network utilized by contract entities serving victim governments and organizations?

    At what points in the physical server’s recycle and resupply chain could threat actors physically access cloud component physical servers not yet wiped or considered “stale devices”?

    Alternatively, is it possible a missing or stale computing or storage device from a past Administration of an affected victim organization or agency was provided and ultimately accessed by Storm-0558?

    It is possible that these questions miss the boat, or that the exploit risks raised by these questions have been ruled out. If so, it is hoped that the anecdotes, trends, details, and connections reviewed in these questions may aid investigators with discovering the method used by Storm-0558 to acquire the signing key.

  • Implications for Russians if “Wagner Doesn’t Exist”

    Implications for Russians if “Wagner Doesn’t Exist”

    The BBC reported that Russian dictator Vladimir Putin said, “Wagner doesn’t exist” when asked if Yevgeny Prigozhin’s Wagner Group would continue as a fighting force aggressing against Ukraine. Putin set his portrayal of Wagner Group’s non-existence in the context of Russian law prohibiting mercenary armies, a law that he admittedly violated when he told the world that Moscow had bankrolled Wagner Group. That comment was meant to shame Prigozhin for what the Soviets would have termed capitalist war profiteering.

    Setting aside the “little masquerade” here, what is the implication of Putin’s statement that Wagner Group does not exist? Yevgeny Prigozhin himself told Russians the truth about this last year:

    “It’s either private military companies and prisoners [fighting in Ukraine], or your children — decide for yourself.”

    The Russian people deserve to know that. Information spaces surrounding Russian ears could be saturated with this implication if the mil-bloggers pick it up. Enough pressure there could cause a reversal by Putin, whose “flip-flopping” will accentuate his weakness and a leadership failure that belongs to him, the siloviki, and increasingly, Xi Jinping.

  • Collective Action: Zaporizhzhia Nuclear Power Station and Nova Kakhovka Dam

    Collective Action: Zaporizhzhia Nuclear Power Station and Nova Kakhovka Dam

    Ask: What new, perhaps non-obvious proactive approaches can be taken to try to reverse weaponization of Zaporizhzhia Nuclear Power Station and Ukraine’s hemispherically important Nova Kakhovka Dam by Russia?

    Fact: The Putin regime’s state terrorist activities against the Nova Kakhovka Dam and Zaporizhzhia Nuclear Power Station are a threat to world food supply, and specifically to developing Africa.

    Approach: Ukraine and all friendly nations standing by its side should confer and collaborate to:

    1. Engage a diplomatic full court press to persuade African nations to pull together in collective security to pressure China to verifiably, with no surreptitious exceptions, use all influence channels to cut-off international aid and economic support to Russia while Putin’s regime engages in nuclear-radiation terrorism at Zaporizhzhia Nuclear Power Station, and at the Nova Kakhovka Dam it blew up, the repair and remediation of which it continues to disrupt by its unnecessary war of aggression in Ukraine. Also, African nations should pressure China to influence an end to Russia’s destabilizing activities in Africa by the Wagner Group. Acts of terrorist bombing have or will have a disproportionate negative impact on African nations’ food supplies, security, harmony, and will add painful destabilization pressure on African peoples and governments that threaten to trigger pressure points for famine, refugee crises, and wars. African governments’ leverage should be their freedom to switch over to Western business partners in proceeding with infrastructure development, ceasing indefinitely further BRI activities in Africa, and ejecting Wagner Group from Africa. When African nations act collectively, it can help prevent crises from merely being moved around, externally caused, or reseeded in easily provoked retaliatory cycles.
    2. Multilaterally agree among signing nations to employ applicable provisions of the United Nations Convention on the Suppression of Terrorist Bombing (UNCSTB) to interdict war-making supplies, contraband, stolen goods, conflict minerals, weapons, money, and things of value bound for or credited to Russia with which it may continue its war on Ukraine and terrorist acts under cover of illegitimate warfare. Convention states should take combined, measured military action against suppliers, commandeer supplies for Ukrainian use, and challenge the Russian aggression against Ukraine as failing to fall within the meaning of War as opposed to terrorist action under the UNCSTB by its own terms, and in view of Russia’s UN Security council veto rendering irrelevant enforcement of the Law of War as to Russia, the resulting fictional applicability of which is used in bad faith to justify non-application of the UNCSTB;
    3. Take repeated, collective action among all nations supporting Ukraine to diplomatically persuade more nations to get behind a United Nations Emergency Assembly to initiate or further a process for removing Russia from the U.N. Security Council based on Moscow’s actions of nuclear radiation terrorism, food supply terrorism, and for political coercion using terrorism against civilian infrastructure in Ukraine that reach beyond Ukraine with fallout.

    These core actions will produce results which themselves will build more leverage for positive reversal of irresponsible terrorist activity by Russia and obvious terror sponsorship by Russia’s enablers in its war on Ukraine.

     

  • From Cluster Munitions to Cluster Neutralizers

    From Cluster Munitions to Cluster Neutralizers

    Setup: Cluster munition shells made the latest round of U.S. military support to help Ukrainian Armed Forces replenish dwindling artillery shell supplies. For that stopgap purpose, it may be the only substitute the U.S. can now give. To date, Russia has aggressed with cluster and incendiary weapons against Ukrainian defenders and civilians, and Ukraine has defended with some Turkish cluster munitions.

    Problems, Pros, & Cons: Debate has picked-up over how the U.S. supply of dated, unused cluster munitions will pose risks to civilians versus help Ukraine liberate its territory sooner, shortening the war. Cluster Cons: So far, 123 nations (including U.S. allies but not the U.S., Ukraine, or Russia) are party to the The Convention on Cluster Munitions banning the use of cluster munitions for the inherent risks to unintended targets of dispersive bomblets modified by weather, miscalculations, erroneous intelligence, confusing battlefield conditions, ‘friendly’ fire, dormancy, and secondary effects (shrapnel, burns, and blast waves). The risk to civilians can be persistent for months, years, or decades for unexploded bombs and bomblets. Cluster Pros: The currently accepted advantage of cluster munitions for Ukraine’s liberation is that their particulate numbers and dispersed delivery can hit dispersing targets and infiltrate trench networks more effectively than unitary warheads, helping Ukraine sooner drive Russian troops from Ukraine and end the war.

    Strategic Point: There are broader and deeper issues in lethal weapon choices, including cluster munitions relating to entrenched, trapped, and poorly led enemy troops. Civilians and future civilian life among neighboring countries will be affected as implied by the argument of this paper and following discussion.

    Argument: In future scenarios akin to Russia’s current entrenchment in Eastern Ukraine free nations should innovate, develop, and have as added options proven non-lethal (NL) clustered payloads and other larger scale conventional NL weapon solutions. Free nations should add NL solutions to their arsenals and military support aid that, under warranted circumstances, help destroy or obstruct the effective use of aggressor forces’ weapons, war machinery, vehicles, materiel, cover, and ability to defend their supply lines.

    Discussion:

    NL Alternatives: What non-lethal payloads could do that? That is the innovation challenge for private, secure invention and development, not for public announcement. For this paper’s purposes, we will assume we have non-lethal solutions that can neutralize aggressor forces’ weapons, war machinery, vehicles, materiel, cover, and ability to defend their supply lines.

    This could reduce the unnecessary killing and maiming of at-risk civilians, opposing troops, and the toxic pollution of the landscape by attrition warfare per Sun Tzu’s admonition:

    Sun Tzu said: In the practical art of war, the best thing of all is to take the enemy’s country whole and intact; to shatter and destroy it is not so good. So, too, it is better to recapture an army entire than to destroy it, to capture a regiment, a detachment or a company entire than to destroy them.  

    Minus effective use their weapons adversaries cannot defend their supply lines from armed interdiction. Once isolated from supply, options available to trapped forces narrow to retreat, escape, surrender, or capture.

    Value of Capture: The ethos of sparing outmatched men from slaughter and treating them humanely in captivity is an opportunity to contrast freedom nation conduct with that of dictatorships. In Ukraine, it would be a permissive opportunity for spared enemy troops to think over the sort of future they want for Russia. In this, it pays to know the enemy: many or most Russian troops in Ukraine did not volunteer for Putin’s war but followed a mobilization mandate or were deceived into volunteering, a form of coercion.

    Still, among the captured there will be die-hard loyalists or extremists within the dictator’s cult of personality. This requires improvable methods for discerning and handling such prisoners.

    Assuming NL weapons lead to more captured enemy troops, those running the prison must exemplify humane principles, fairness, and humanity in how captured POWs are treated. This requires, experienced, observant, empathetic, canny, professional, intelligent, and no-nonsense staffing of POW programs. The more humane the POW programs, the more leverage for getting enemy troops to surrender.

    Under Putin and the siloviki Russia has become a state with a superpower’s nuclear arsenal subject to a backwards governing model wasting the scarce resource of Russian men’s lives for a dictator’s political legacy. Putin’s silovki regime is depopulating Russia’s future defense and economic base each day it persists its war of hubris over Ukraine.

    Free nations should also use information spaces to respectfully demonstrate that free nations do what Putin does not care enough to do for his people: look after his troops, even in captivity.

    Where possible and protective of one’s own troops, capturing and preserving enemy combat veterans’ lives and treating them honorably will model for them the sort of future leadership that dictatorships do not allow. With such men and women returning to Russia, this could help usher in the end of dictatorship, reversal of the population drain, and prevent repeat leadership meltdowns dictators impose.

    The experience of surviving Russian troops would also tend to inject a future reality-check demographic inside Russia to help stabilize, inform, and secure Russia from ideologies of unsustainable expansionism. Free trade, travel, mutual benefits, and diplomacy would be the logical, humble, yet enriching alternative to conquest and control.

    Final Thoughts

    Ukraine and Supporters, Short Term: For Ukrainian Armed Forces and supporters, rapidly developing and using custom-rigged and predesigned anti-materiel, anti-weapon, anti-capacity, and anti-supply NL weapons could help realize similar objectives to lethal cluster munitions in taking the fight out of the enemy while accomplishing influence, mitigating trauma, and establishing a lasting unifying moral principle (morale) in one’s own troops. Captured, enemy troops released post-war will be the people who return to Russia. In that light, much thought and work should go into an authentic, honest, effective prisoner of war experience for those people.

    To utterly destroy a nation’s defensive potential by focusing only on exterminating their military forces or because their dictator uses his people as mass cannon fodder invites a failed state next door tomorrow, or a massive nation building challenge in lands not suited for it. Failed state status is not a good outcome for a nation stocked with nuclear weapons and WMD stockpiles.

    Free Nations, Mid to Long Term: In 1835, British clergymen Andrew Reed and James Matheson wrote, “America will be great if America is good. If not, her greatness will vanish away like a morning cloud.” Taken in the spirit with which President Eisenhower paraphrased this (and may have erred in its attribution to de Tocqueville) this would be true of all free nations, alliances and friendships.

    Yet for the U.S., being known for goodness changed to being known as most feared somewhere deep within the Cold War, and in part because of it. Other freedom nations on the rise in prosperity and good government will face similar challenges at some point. 

    Using NL weapons to stop aggressor warfare and neutralize terrorist weapons is one way to help win battles while reducing fear of the United States, NATO, and other freedom nations. It can also help render ineffective anti-freedom information warfare. Over time, remaining consistent in using NL weapons only when warranted and safe to do so should improve U.S. international relations, trust, and influence.

    NL weapons could be categorized according to what they accomplish, how, and under what conditions. We will not get into specifics of NL weapons and solutions, just that NL weapons should become an innovation focus for winning battles, saving lives, leaving civilization intact, influence, and goodwill.

    Note: What conventional scale NL weapons are not for in the context of freedom nations: (1) aggressor weapons; (2) domestic law enforcement weapons; (3) political, social, or terrorist oppression tools; (4) supplies to nations who use them as (1), (2), or (3) or other nefarious purposes.

  • Observations: Prigozhin, Wagner & Russian Forces

    Observations: Prigozhin, Wagner & Russian Forces

    Yevgeny Prigozhin reportedly remains in St. Petersburg, Russia rather than in exile in Belarus as expected after his June 24th “march of justice” on Moscow.

    Belarusian President Lukashenko publicly speculated that Russian President Vladimir Putin has softened toward Prigozhin, perhaps discussing a “new” working relationship.

    Observations, Thoughts, and Informational Uses

    1. Shifting words and actions by the Russian leadership figures surrounding Prigozhin’s activities, location, favor with Putin, ‘march of justice,’ and Prigozhin’s own words fit the purpose and patterns of past Russian deception operations, or maskirovka, creating ongoing uncertainty, doubt, confusion, and hesitation about Moscow’s actions and intentions. This could also have helped conceal and protect Wagner Group’s repurposing from combat to counterintelligence and back to combat for a time, introducing Lukashenko as a diversionary interlocutor. While this may not have been the original plan, it is plausible it was given the history of Russian deception. It could also be an adaptation from chaos to cover weakness and buy time to find strength (Sun Tzu). In the end it does not matter so long as strength is found. Time is the suspect commodity here, needed and secured. Nuclear arms, their use, and or insecurity in chaos, repeatedly set the deterrent, uncertainty backdrop trending in Western discouragement of Ukraine from striking high value Russian targets inside Russia when Russia appears weak.
    2. Yevgeney Prigozhin in recent days morphed his ‘march of justice’ again from a protest to a (counterintelligence?) operation to expose “traitors” and rally Russians. This seems consistent with purges in the Russian military and others by the FSB thereafter, including the alleged arrest of General Sergei Surovokin, Commander of Russian Aerospace Forces for supposed sympathy with Prigozhin’s stated cause. Russian Aerospace Forces Commander Gen. Sergei Surovikin’s reported arrest and some pilots under his command refusing to bomb Wagner mercenaries, combined with Prigozhin’s about face on his ‘march of justice’ would tend to support the view that Prigozhin betrayed military elements sympathetic with his ‘march.’
    3. Yevgeny Prigozhin’s prolonged presence in Russia following President Putin’s condemnation of Prigozhin for  apparent treason and exile to Belarus suggests that Prigozhin and Wagner Group were serving Putin and the FSB, while his exile and Wagner’s removal to Belarus was for repurposing, possibly rearming, and preservation from both Ukrainian attack and possible reprisals from within the Russian military for Prigozhin’s two-faced maneuvers for ‘justice.’
    4. Prigozhin’s recent video comments promoted himself and Wagner Group as due to return to the forefront of the aggression against Ukraine, consistent with the above points. Lukashenko represents Wagner Group as both trainers and possible protectors of Belarus, however a stretch that is given Wagner’s massive losses in Bakhmut for little gain. In our last dispatch we cited Lukashenko naming Russia and Belarus as a “union.” This combined with an old military encampment undergoing expansion near Osipovichi, Belarus could stage Wagner Group mercenaries and visiting Russian troops relatively close to Ukraine, Lithuania, and Latvia.
    5. President Lukashenko reportedly said relations between Putin and Prigozhin were good, Putin was softening-up on Prigozhin, and maybe better than good in his public statements about their history in St. Petersburg together, which was an odd comment. Business Insider reported on Prigozhin’s private calendar indicating frequent work within Putin’s circle of power for over a decade.
    6. Informational usage: At a minimum, Western diplomacy at the United Nations and abroad should publicly and repeatedly point to Russia’s autocratic leadership model as fundamentally deceptive, untrustworthy at home and abroad, and as self-destructive of the Russian national unity. The truth that deception has spun out of control in Russia leading to leadership self-deception as happened before the collapse of the Soviet Union should repeatedly reach the Russian people’s ears at their red line: chaos is coming because of Putin. To back this up in the world of operations, Ukraine and its defense contact group of nations must be willing to allow certain military-related targets inside Russia and between Russia and Ukraine to be struck to establish deterrence that may lead to regime change, and then detente.