The nature of cyberspace makes attribution of cyber operations difficult but not impossible. Every kind of cyber operation—malicious or not—leaves a trail. US Intelligence Community analysts use this information, their constantly growing knowledge base of previous events and known malicious actors, and their knowledge of how these malicious actors work and the tools that they use, to attempt to trace these operations back to their source. In every case, they apply the same tradecraft standards described in the Analytic Process above.
This Joint Analysis Report (JAR) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This document provides technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities. The U.S. Government is referring to this malicious cyber activity by RIS as GRIZZLY STEPPE.
The FBI received information of an additional IP address, 126.96.36.199, which was detected in the July 2016 compromise of a state’s Board of Election Web site. Additionally, in August 2016 attempted intrusion activities into another state’s Board of Election system identified the IP address, 188.8.131.52 used in the aforementioned compromise.
Russia’s strategic objectives in the Baltic region do not focus on the Baltic States as final targets, but on using the Batlic States to discredit and dismantle the North Atlantic Treaty Organization (NATO) and undermining the European Union (EU) by using the Baltic States. Experts in Russia and European security from the United States and the Baltic region agree that Russia could use the Baltic States toward this end by employing any one of a spectrum of actions, to include direct invasion with conventional forces, an incursion and occupation using irregular forces like the one witnessed in Crimea in 2014, or longterm fostering of social, political, and economic instability. Disagreement existed among experts as to which approach was more likely.
This document is intended as a primer—a brief, informative treatment—concerning the ongoing conflict in Ukraine. It is an unclassified expansion of an earlier classified version that drew from numerous classified and unclassified sources, including key US Department of State diplomatic cables. For this version, the authors drew from open source articles, journals, and books. Because the primer examines a very recent conflict, it does not reflect a comprehensive historiography, nor does it achieve in-depth analysis. Instead, it is intended to acquaint the reader with the essential background to and course of the Russian intervention in Ukraine from the onset of the crisis in late 2013 through the end of 2014.
Syria and its ongoing civil war represent an operational environment (OE) that includes many of the characteristics illustrative of the complexities of modern warfare. Now in its fourth year, the civil war in Syria has lured a variety of threat actors from the Middle East and beyond. What began as a protest for improved opportunities and human rights has devolved into a full-scale civil war. As the Syrian military and security forces fought to subdue the civil unrest across the country, these protest groups responded with increasing violence aided by internal and external forces with a long history of terrorist activity. Ill-suited for the scale of combat that was unfolding across the country, Syrian forces turned to their allies for help, including Hezbollah and Iran. The inclusion of these forces has in many ways transformed the military of President Bashar al Assad from a conventional defensive force to a counterinsurgency force.
An updated version of the Military Doctrine of the Russian Federation released by the Kremlin on December 26, 2014. The update has received significant media coverage for reportedly naming the North Atlantic Treaty Organization as one of its primary threats, despite the fact that the previous version of the doctrine signed in 2010 contained similar statements.
Terrorists in late December 2013 conducted three attacks targeting people using public transportation systems in Russia, emphasizing terrorists’ persistent interest in attacking locations where large congregations of people are confined to small, often enclosed spaces. Russian officials claim North Caucasus-based violent extremists associated with the Imirat Kavkaz (IK) probably conducted these attacks to embarrass the Russian government in the build-up to the 2014 Olympic Games in Sochi. The IK, a violent extremist group based in Russia, has no known capability in the Homeland and is unlikely to directly target Western interests overseas.
A draft order from the Russian Ministry of Communications written in coordination with the FSB that, if implemented, will require Russian internet service providers to retain all internet traffic and provide the FSB with access for 12 hours after the data is collected, including stored data, phone numbers, IP addresses, account names, social network activity and e-mail addresses. The proposed rule changes have concerned Russian telecommunications providers who say that the requirements violate the Russian constitution.
The reference provides warning and other appropriate measures to guard against the outbreak of nuclear war, either as a result of planned intercontinental ballistic missile (ICBM) or submarine-launched ballistic missile (SLBM) launches, or unauthorized or unexplained accidents or incidents involving a US space launch or event or implying a possible threat of a nuclear attack. Because the highest national importance is attached to agreements with the Russian Federation, the United States intends to prevent any event that would violate the agreements and implement actions minimizing the effect of any incident that might occur.
Ten surveillance videos released by the FBI regarding the investigation into the so-called “Illegals Program”, a network of accused Russian spies operating unofficially in the U.S. from the late 1990s to 2010.
This “previously confidential list of people and organizations found to be involved in laundering money and funding terrorism” was presented by Rossiyskaya Gazeta, the Russian-government owned newspaper. It was originally compiled by the Russian Ministry of Justice.
This “previously confidential list of people and organizations found to be involved in laundering money and funding terrorism” was presented by Rossiyskaya Gazeta, the Russian-government owned newspaper. It was originally compiled by the Russian Foreign Ministry.
Six issues of the Open Source Center’s Russia “Cyber Focus” report with dates ranging from August 2009-June 2010.
Alaska State Trooper Russian Criminal Tattoos Guide, 2001.
(U/FOUO) According to Russian government and open source reporting, two female suicide bombers attacked two trains on the Moscow metro on 29 March by detonating improvised explosive devices (IEDs) that were worn on their bodies. Initial reporting indicates 38 people may have been killed and 102 injured.
Bombings(U) Moscow, Russia –Two female suicide bombers detonated explosives in Moscow’s subway system.
–(U) Two unidentified female suicide bombers detonated explosives in Moscow’s subway system
–(U) Explosions occurred on 29 March at Lubyanka and Park Kultury train stations in downtown Moscow at approximately 0800 and 0845 local Moscow time (2400 & 0045 EDT)
–(U) Preliminary reports indicate 37 killed, 102 injured
–(U) Russian media reports that an unexploded suicide belt was discovered at Park Kultury Station(U) No group has claimed responsibility at this time. However, Doku Umarov, a self-proclaimed Chechen militant leader, posted an Internet video warning of potential attacks in Russia in February.
NATO NAME: FROG-7
RANGE: 70000 m.