Ukraine – A Depressing Bit Of History (Plus)

As I briefly mentioned in my post Ukraine – Something Wicked This Way Comes… Russians, historically, are quite adept and willing to engage in winter operations. Defensively and offensively it has served them well in the past. Joe Dolio over at Tactical Wisdom shared a rather depressing bit of history extending on that thought they also like to leverage holidays and international events to slow and confuse western response to these operations.

For example, the Russians rolled into Afghanistan on Christmas Eve in 1979 because they knew Western operations centers would be lightly staffed for the holiday. National and military leadership would also be out of pocket for the same reason. Moreover they have used international events such as the Olympics (starting soon) to help take advantage of the distractions they provide:

Russia took advantage of the Olympic Opening Ceremony to strike Georgia in 2008 and the Olympic Closing Ceremony in 2014 to take the Crimea.

He has some even more chilling concerns in this post (Learning from Mongol Moon) related to China. I encourage everyone to check it out and prepare as you see fit based on the scenario outlined.


Most assume a Russian offensive would begin with or include a cyberattack on the US and Western powers. So, is the discover of and widespread use of the Log4j vulnerability a coincidence?

I don’t have enough information to say one way or the other but…

Take all information like this with a grain of salt. Then take a look at your preparedness/readiness level and take whatever measures you feel are appropriate.

Be alert, get prepared, fight the good fight!

God bless and God save the Republic.

Ukraine – Something Wicked This Way Comes…

So, it seems the threat of a war in the Ukraine has filled the airwaves and the other propaganda outlets. It sure seems like a convenient way to make sure people are not paying attention to the various courtroom dramas, legal setbacks of the ruling junta, and the failing economy. What better way to take the nation’s attention off of the our own collapse than the threat of war?

That is not to say that the threat of war is not serious. It would not be the first time political posturing to take a nation’s mind off of domestic issues spiraled out of control. I have followed the situation in Ukraine for years and every previous time there was a “Russian buildup” it was tied to strengthening the bargaining position of one side or the other. Four decades after the end of the Cold War nothing opens the floodgates on US aid money that the threat of a mass of Russian tanks crossing a border somewhere. That same mass of Russian tanks tends to be very effective at influencing the behaviors of smaller nations facing those tanks.

The same pundits who have always had an valid explanation other than a Russian invasion for the troop movements are now saying that the tanks are very likely to roll this time, probably sometime in in January or February. Some will argue that will not happen. After all, who attacks in winter? The answer to those who only think they know history is…the Russians.

So, there is a very significant probability that the Russians are willing to roll this time. Based on the track record of those who have stolen control of our nation, the Russians are probably pretty confident that the US will fail to defend Ukraine as we are treaty bound to do. It is also probable that the current regime in the US will bumble their way into a war that they are incapable of winning. No matter how this plays out the US will suffer. As will the Ukrainian people.

Now, what happens if the US gets tangled up in the Ukraine?

First and foremost, we will likely face a massive wave of cyber attacks on critical infrastructure and financial systems. The Russian hackers are very good. We will probably see power outages, cellular and Internet outages and issues with electronic banking including EBT, debit, credit, zelle, etc being unavailable.

So, keep the fuel in your vehicles topped off. Have a backup power source and plenty of fuel and a way to stay warm in the cold. Keep some extra cash on hand if you can. Have an alternate means of communication and receiving news. I have sent out an message to my family to be prepared for such things and will be communicating it to my extended team before long.

Iran could decide it was time to actually use some of the newly purchased (with dollars provided by President Obama’s administration) military toys it has. Saudi Arabia, through Yemen, or Israel could face a firestorm.

With the US tied up fighting Russia, North Korea could decide to forcibly unify the peninsula.

Even more likely, China could move forward with bringing Taiwan into the fold by force. I don’t think they would directly invade Taiwan but they could take some of the smaller islands controlled by Taiwan relatively easily and set up a blockade of the nation as  whole. The US would be unable to respond in any meaningful way.

I pray that there are enough adults in the room to prevent a worst case scenario.

Be alert, get prepared, fight the good fight!

God bless and God save the Republic.

Colonial Pipeline: Something Smells Fishy…

After non-committal answers from the current administration during the Colonial Pipeline incident the Department of Justice has announced that they have recovered much of the money (Bitcoin) paid in ransom.

A couple of things I have been able to determine from the press coverage of this “win” for the justice department.

First, the bad actor in question was (supposedly) smart enough to infiltrate and bring down a critical component of national infrastructure (more on this in a moment) but dumb as all get out by having the Bitcoin transferred into an online wallet maintained by a US-based company with its servers in the US. Basically, said bad actor gave them his personal bank account info to deposit money into…

Second, the DoJ shared that the bad actors involved (the ones dumb enough to give out easily traced info for the payment) were not in fact the Russian (oh, the scary Russians again!) DarkSide hackers. They were the one (or ones) who contracted with DarkSide to perform the hack (yes, Ransomware as a Service (RaaS) is actually a real thing).

Something doesn’t pass the smell test on this whole thing. It may have been an inside job by a Colonial employee wanting a quick payout when he/she recognized the security lapses. It may have been a government sting that actually failed but they are spinning it as a win. I don’t know but I know.

For a good analysis of the facts check out this article:

Stay alert, stay prepared and stay safe.

God bless.

What About Four Or More?

If Ian Fleming was right and Once is happenstance. Twice is coincidence. Three times is enemy action. I don’t know how to count these:

Solar Winds was a partner with a company named Huawei. Huawei is the largest telecommunications equipment manufacturer in the world, second largest cell phone maker and a network storage vendor. IT guys have been warned for years about Huawei including back doors for Chinese spying. As a partner and solution provider Solar Winds would have had to maintain Huawei equipment at least on their development network (which is part of what was compromised).

Silver Lake is one of the major investors in Solar Winds. They are also tied to Huawei and other Chinese government owned tech companies. Kenneth Hao, spearheaded the Silver Lake investments in China and opened the offices there. He is on the board of directors for Solar Winds…

Two more victims of this breach were announced today. One is Comcast a major network provider to businesses and government agencies. More interesting is the local government of Pima county Arizona. Why would the most advanced cyber attack on the planet target a local government instead of a large oil or insurance company? I can’t answer that for sure but oil and insurance companies don’t run elections.

Repeat after Ian Fleming:

Once is happenstance. Twice is coincidence. Three times is enemy action.

Take care and God bless.

Once is happenstance. Twice is coincidence. Three times is enemy action

If Ian Fleming was right we could be seeing the indications of a incredible enemy action.

The WuFlu hit (got loose/was released) in October 2019. The initial attacks linked to the Sunburst data breach started in October 2019

The WuFlu hit the US around March of 2020. The code for the Sunburst breach was injected into the supply chain in March 2020.

In December 2020 a new and more virulent strain of the WuFlu is discovered just weeks after the Sunburst breach was discovered

Repeat after Ian Fleming:

Once is happenstance. Twice is coincidence. Three times is enemy action.

By the way, despite what is being spun in the media there is nothing conclusive to show that this was the work of the Russians. The techniques are similar to those the Russian intelligence service uses but there is no hard evidence that this was a Russian operation.

Take care and God bless.

Cyber-Security: An Overview

I see a lot of stuff posted these days about cyber security and hacking. Most of the folks posting this information are reporting or “opinionating” from second hand information; what they see in the news or hear on the street.

I thought it might be a good idea to share some information with you directly, from the trenches, so to speak. As a technical professional in the cybersecurity industry I have some insights into what is going on and actually understand what is being reported. I cannot share company names and in many cases I may have to share information about “movies” that I may have seen in order to protect myself and others.

The Past

The world of cybersecurity has changed dramatically in the last 20-25 years. Back in the day we had limited points of ingress and egress to networks (think of a castle with a very few ways in or out where things could be inspected). The major threats were from amateur hackers who were essentially playing out video game fantasies to build “street cred.” There were very few who were making much more than pocket change for their efforts. That world is as far behind us as the walled towns of the medieval world.

Current State

The “script kiddies” and amateur hackers of the old days have, for the most part been replaced with highly organized networks of attackers.

The most significant of these threats are from nation states. Most nations today have dedicated organizations (or several of them) who are focused on offensive and defensive hacking operations. Israel, China, Russia, and the US have all made substantial investments in these operations. Even nations like North Korea and Iran have made sizable investments in these types of operations.

Two examples of recent “movies” I have seen:

Example 1: A major construction and engineering firm was contracted by the Chinese government to design and build major infrastructure projects. These contracts were worth tens of billions of dollars. Once the planning was completed the contracts were cancelled but the company (in this movie) later discovered that the projects were still underway. In fact, the very engineering and planning documents they created were being used in the effort. Forensic investigation showed that they had been hacked and the intellectual property stolen. Legal efforts to recover their investment in time and capital were ineffective. Further investigation showed that their legal counsel had also been hacked and all the evidence and legal strategies were known to the defense team months before being presented.

Example 2: All military vehicles require regular maintenance and upgrade. In order to facilitate such things plans and detail specifications are stored of all this equipment. A major western power discovered that a foreign nation had hacked the maintenance systems and all these plans and specifications had been stolen. In this “movie” we can expect to see significant advances in weapons design and intimate knowledge of the weaknesses of major weapons systems by certain foreign nations. Much of this data will likely be sold or traded internationally and will, basically, be common knowledge by enemies of the West.

I have seen instances where, as part of garnering a contract with certain governments (China) the organization is “required” to purchase networking gear from specific companies (Huawei). Well before the US government started issuing warnings about the use of this company’s gear the backdoors and spyware had been discovered. As a member of the IT staff of a company that did significant business with China we purchased the required gear. It sat in boxes in a storeroom on direct orders from of chief security officer and our recommendations. Anyone buying or implementing this gear has essentially turned off any ability to protect themselves from the Chinese government’s cybersecurity efforts.

It is a pretty open secret that Russian was able to hack the Ukrainian power grid and shut down the electrical service for much of the country. This was not an isolated event. They have done the same to several nations (on a smaller scale). It is the modern equivalent “naval diplomacy,” of having a battleship show up off the coast to show lesser powers who is the boss.

While it is not uncommon to hear of nation states hacking corporations or each other the true impact of most of these breaches is almost never shared publicly. For example when North Korea hacked a certain major corporation not only did they shut down critical systems and release sensitive data publicly but they also threatened attacks on company owned facilities, the facilities of business partners and on the personal homes of hundreds of employees. Based on the data compromised if the will and manpower had been available these could have been successful.

Most cyber attacks against national infrastructure is either never reported or is reported as as something else like a misconfiguration, a system failure, a communications error, etc. Think about that next time you are watching the news.

Outside of nation states the biggest threat comes from criminal and terrorist organizations. Criminal organizations are driven by profit. Your personal and financial information is sold for (cyber) cash like Bitcoin. Organized crime syndicates out of Eastern Europe (especially Russia) and Asia have huge investments in hacking networks. They are driven by pure profit. Credit card, banking information and personal data is worth money.

Outside of “the mob” terrorist organizations also have a tremendous investment in hacking networks. Many ransomware payouts fund terror activities around the world. Other times they are specifically targeting information to assist in planning attacks. For example a retail organization located in the Washington DC area was targeted to get lists of government employees to build “kill lists” to be published for “lone wolf” terrorists in the US. This and several other cyberattacks were traced to ISIS in Raqqa. In other cases the hacks themselves are the terror attack. For example, in one of the “movies” I know about, the control systems of a electric company were compromised and the flood gates of a hydro-electric dam were opened. The only reason thousands were not killed was that the motors actuating the gates were offline for repair…

Some Alarming Statistics:

It takes an average of 206 days for most data breaches to be discovered.

However, most data breaches are never discovered or reported.

77% of IT organizations do not have a cyber security incident response plan.

Cybercrime is a $6 Trillion industry

I hope this helps shed some light on this whole business.

Take care and God bless.




Ransomware Apocalypse: It Was The North Koreans!

According to news reports running around today, at least a couple of cyber-security firms the North Koreans may be behind last week’s ransomware outbreak. No one seems to be worried about the fact that this is based on an exploit the NSA has been using for some time that was leaked a week or so back. Memories are short, especially in today’s 24/7 news cycles.

Let’s be honest, what’s more concerning that a known international bad actor might be behind this latest ransomware incarnation or that the US government has been using this exploit to spy on friends, allies, citizens and enemies alike for months or years?

God bless