Thursday, April 13, 2023
The Cipher Brief curates open source information from around the world that impacts national security. Here's a look at today's headlines, broken down by region of the world:
In the Americas
Discord Group Members Claim Leaker Worked on U.S. Military Base, Leaks Began in 2022. The person behind the recent classified Pentagon briefings leak was male and a gun enthusiast who went by the initials ‘OG’, according to a Washington Post interview with members of the now-defunct private Discord group that likely was the first place the briefings were disclosed. ‘OG’ shared several documents a week, beginning in late 2022. The initial leaks from ‘OG’ were reportedly near-verbatim transcripts of classified intelligence documents that he claimed he brought home from his job on a ‘military base’. ‘OG’ claimed he spent at least some of his day in a secure facility that prohibited cell phones and other electronic devices, reportedly “lectured” the group on geopolitical issues and classified operations, and “seemed to think that his insider knowledge would offer the others protection from the troubled world around them”. Eventually, transcribing documents apparently became cumbersome, and ‘OG’ then posted hundreds of photos of documents on the server. The Post said they reviewed 300 photos of classified documents, most of which have not been made public, during conversations with two Discord group members, as well as an audio recording of a man the two members identified as ‘OG’. Discord said in a statement that it is cooperating with law enforcement and has declined to comment further. US President Joe Biden says that there is a ‘full blown’ investigation underway and that the intelligence community and the Justice Department are “getting close” to identifying the individual responsible for the leak. Biden’s comments came in Dublin, Ireland where he is meeting with the Irish President. Biden added that while he is concerned that the leak happened, he’s less concerned about the contents of the leak, seeming to downplay the significance of the information contained in the leaks. Washington Post CNN
U.S. Government Considering Expansion of Social Media Monitoring in Wake of Classified Document Leak . The Biden administration revealed on Wednesday that it is looking at expanding how intelligence agencies and law enforcement can monitor social media sites and chat rooms, according to a senior administration official and a congressional official briefed on the matter, the latest acknowledgment of a potential gap in U.S. intelligence processes. Senior officials inside the U.S. national security community were not briefed on the recently leaked classified documents until April 6, the same day the leak was first reported by the New York Times, according to two senior U.S. officials, and the Biden administration only began looking into the leak last week. After being posted on Discord, the classified documents were then posted on WaoMao, and then on other sites including Twitter, Telegram, and 4Chan. Currently, no agency is responsible for monitoring places like social media sites for classified leaks. Instead, each agency is responsible for investigating breaches of intelligence within their own departments. However, such a proposal raises potential concerns that monitoring such forums could constitute spying on Americans, which is prohibited by the charters that govern the Intelligence Community’s operations. The Office of the Director of National Intelligence, the CIA, the National Security Council, and the Pentagon all declined to comment. Politico NBC News
Top U.S. Hostage Negotiator Vows to Bring Evan Gershkovich Home. On Wednesday, Special Presidential Envoy for Hostage Affairs Roger Carstens called on Russia to allow U.S. Embassy officials to visit detained Wall Street Journal reporter Evan Gershkovich in a series of morning television interviews and pledged to find a way to secure the release of both Mr. Gershkovich and another detained American, Paul Whelan. Earlier on Wednesday, Russian officials said they would not succumb to pressure from the U.S. government over when they would grant Mr. Gershkovich consular access, and that contacts between Russia and the U.S. have not changed Moscow’s position. Russia’s Deputy Foreign Minister Sergei Ryabkov also complained that visas have not been issued to Russia’s foreign minister, Sergei Lavrov, nor a Russian delegation to attend a series of U.N. Security Council meetings being held in New York later this month. A State Department spokeswoman responded that applications need to be submitted as early as possible, and that “Russia’s unwarranted action against the U.S. Embassy in Russia, including forced termination of local and third-country national staff, have severely limited our staffing and therefore our capacity to process visas”. Wall Street Journal
U.S. and UK Target Russian Oligarchs with New Sanctions. The U.S. and Britain targeted the networks of some of Russia’s wealthiest oligarchs with a fresh round of sanctions on Wednesday. The two countries announced that they were imposing additional sanctions aimed at Alisher B. Usmanov, a longtime ally of Russian President Vladimir Putin who is already under sanctions imposed by the U.S., EU, UK, and others last year. Forbes lists Mr. Usmanov as the world’s 125th wealthiest person with a net worth of $14.4 billion. The new round of U.S. sanctions affects over 120 entities and people across more than 20 countries and jurisdictions. The Treasury Department also imposed sanctions on the Russian-controlled International Investment Bank in Budapest and three of its current or former executives. Britain announced sanctions for Demetris Ioannides, who it said was responsible for facilitating the hiding of assets for already-sanctioned Roman Abramovich and is also tied to trusts and companies linked to Mr. Usmanov. Several family members of oligarchs were also hit with sanctions for hiding assets. New York Times Wall Street Journal
Treasury Secretary Yellen Pledges Additional Aid for Ukraine at IMF Meeting. At a spring meeting of the International Monetary Fund on Wednesday, U.S. Treasury Secretary Janet Yellen called for continued aid to Ukraine, and applauded Ukrainian authorities’ focus on good governance and corruption. On Monday, a senior U.S. Treasury official said the U.S. has provided nearly $50 billion in assistance over the last year, including more than $23 billion in budget support to keep government services going. Ukrainian officials, including Ukrainian President Zelenskyy, thanked donor countries for their support and initial investment in Ukraine’s reconstruction, but also flagged a recent report that estimates it will cost more than $400 billion to rebuild Ukraine’s economy and stated that they need to attract $14 billion in donor aid by the end of 2023. In response, Yellen said the U.S. plans to provide additional aid through September and to support Ukraine’s energy security and early recovery efforts. Reuters US Treasury Department New York Times
Western Europe
German Foreign Minister Heads to China After Disarray from France’s Macron’s Comments. German Foreign Minister Annalena Baerbock is expected to begin her visit to China on Thursday, as part of the European Union’s damage control campaign following French President Emmanuel Macron’s trip to China. Macron’s comments during and after his visit, where he called for Europe to take a separate approach from the U.S. towards navigating the Taiwan issue, were viewed by many as a “gift” to China as part of the country’s goal of dismantling unity between the US and EU, and also make it difficult for a common European China policy. Experts see Baerbock’s trip as an attempt by the bloc to present clearer, firmer policy on China. Politico Reuters
France Seeks Independent Path, But Remains U.S. Ally. French finance minister Bruno LeMaire said on Wednesday that while France wants to pursue an independent China policy from the U.S. and wants to engage with Beijing, both Paris and Europe will remain “strong and reliable allies” of the U.S. His comments come amid backlash from French President Emmanuel Macron’s recent comments where he called for less EU dependence on the U.S. and an independent approach towards Taiwan. LeMaire said criticism of these comments is unfounded as France has long maintained the position that it wants “Europe to be sovereign.” Reuters
U.K. to Offer Ukraine $500 Million in Loan Guarantees. British Finance Minister Jeremy Hunt announced on Wednesday that the U.K. is prepared to offer a loan of $500 million to Ukraine as they continue to fight against Russia’s invasion. According to Hunt, this loan will go towards Ukrainian schools and hospitals. The loan will bring the total amount of aid that Britain has given to Ukraine this year to $1 billion, and a total of $8.1 billion since the start of the war. Reuters
Central and Eastern Europe
U.S. Smart Bombs in Ukraine Hit by Russian Jamming, Suffer Technical Issues. Documents from the U.S. intelligence leak say that U.S. smart bombs used by the Ukrainian military are missing their targets due to Russian electronic jamming. The U.S. gave Ukraine equipment that can convert unguided air-dropped munitions into precision-guided bombs called Joint Direct Attack Munitions (JDAMs). According to the leaked documents, the JDAMs have been falling victim to Russian GPS jamming which interferes with the weapon’s targeting processes. The document adds that the JDAMs has also recently been suffering from faulty fuzes that prevent detonation, though Ukrainian forces have since fixed this technical issue. The details about the difficulties Ukraine is having with the JDAMs adds to information from the U.S. intelligence leak suggesting that Ukraine’s military could be facing significant ammunition and air defense shortages. Politico
NYT: Special Report from Bakhmut. The New York Times is out with a special report out of the embattled eastern Ukrainian city of Bakhmut. The report features commentary from Ukrainian forces holding out in the city discussing challenges they face, such as ammunition shortages, and the intense street fighting in the city that has been ongoing for the last 10 months. New York Times
Russian Government at Odds over War, Leaked Docs Reveal Internal Unrest. A new batch of documents that were not part of the trove that came to public attention last week demonstrates the depth of U.S. knowledge of nearly every aspect of Russia’s intelligence and military apparatus; it also demonstrates that the intelligence leak could provide more material than previously known. The documents, according to The New York Times, do not appear to contain much information from human sources but instead come from communications intercepts. Some of the documents suggest deep infighting within the Russian government over the number of dead and wounded Russian soldiers in the war with Ukraine, with Russia’s domestic intelligence agency reportedly accusing the military of obscuring the scale of Russian casualties. The new documents also provide new details about a public accusation that Yevgeny Prigozhin, who runs the Wagner force, made about Russian military officials withholding ammunition from his fighters; according to the documents, Russian President Vladimir Putin attempted to personally resolve that dispute. The new documents were shared in photos, and some are missing pages. They include material from the National Security Agency, the Office of the Director of National Intelligence, and the Pentagon’s Joint Staff intelligence directorate (J2). While officials did not dispute the information, they said they could not, and would not, independently verify the documents. New York Times
Russian Lawmakers Pass Bill to Permit Electronic Draft. Russia’s parliament quickly passed a bill on Wednesday allowing electronic military conscription notices to tackle draft evasion. Previously, Russian citizens could evade the draft by avoiding their home addresses and not accepting the in-person delivery of conscription summonses. Now, draftees and reservists must participate in the war or risk being barred from leaving the country, having their driver’s license suspended, or being prohibited from selling their home or assets. In the fall of last year, hundreds of thousands of men fled Russia to escape Putin’s draft of 300,000 reservists. The passing of the bill suggests that Russia is preparing for mass mobilization in the war with Ukraine, despite the Kremlin’s assertion that the adoption of online notices function only to “streamline” and modernize the conscription system. The bill now only requires Russian President Vladimir Putin’s final approval. Associated Press
Hungary Signs Energy Agreement with Russia. In a move against current European Union sanctions, Hungary has signed an energy agreement with Russian state energy company Gazprom. According to Hungarian Foreign Minister Peter Szijjarto, the imported gas will be capped at 150 euros ($163) per megawatt hour and Gazprom has agreed to allow Hungary to import gas beyond the amounts agreed upon in last year's long-term contract, if needed. Szijjarto visited Moscow to sign the deal, making him one of the only EU officials to visit Russia since the start of the war last year. Hungary has lobbied internally within the EU to be exempted from sanctions on Russian oil and gas, as it is heavily reliant on Russian energy. Associated Press
Hungary Views U.S. as One of Top Three Adversaries. A purported CIA assessment from the U.S. intelligence leak says that Hungarian Prime Minister Viktor Orban views the U.S. as one of the top three adversaries to his Fidesz Party. The document refers to a Fidesz Party political-strategy meeting in late February where Orban made this distinction, calling it an “escalation of the level of anti-American rhetoric.” The reference to the meeting suggests that the U.S. is spying on Hungary’s ruling party. Orban and his party and the U.S. Embassy in Budapest did not comment on the matter. Wall Street Journal
Asia
Taiwanese Military on High Alert Over Chinese Pressure. Taiwan’s defense ministry said it has launched air patrols, naval patrols, and land-based missile systems to monitor Chinese air and naval forces remaining near the island despite the end of Chinese war games in the area days ago. The ministry said it detected 35 Chinese warplanes – 16 of which either crossed the unofficial median line in the Taiwan Strait or entered Taiwan’s southwest air identification zone – and eight Chinese warships operating near Taiwan on Wednesday. The continued presence of Chinese forces near Taiwan is seen as continued harassment and aggression that appear to be part of Beijing’s retaliation for Taiwanese President Tsai Ing-wen’s meeting with U.S. House Speaker Kevin McCarthy last week. Taiwan authorities say they will continue watching Chinese forces in the area and will pay special attention to moves by China to carry out a planned closure of airspace north of Taiwan on Sunday. South China Morning Post
North Korea Launches Ballistic Missile, Japan Briefly Orders Evacuation Order. South Korea’s military says North Korea fired another ballistic missile off its east coast on Thursday. Seoul says the missile appeared to have been a new intermediate or long-range model displayed at recent military parades and may have used solid fuel. The missile was launched from near Pyongyang and landed in waters between North Korea and Japan. The launch caused Japanese authorities to issue a warning on the northern island of Hokkaido for residents to find shelter. The order was later retracted after it was clear the missile did not fly over Japan. The North Korean missile launch – the first in over two weeks – came amid heightened tensions on the Korean peninsula and joint drills between U.S. and Japanese forces in the Sea of Japan. The launch also came after North Korean leader Kim Jong Un presided over a meeting of his Workers’ Party’s Central Military Commission on Monday, where he called for the expansion of the country’s military. Associated Press New York Times Nikkei Asia Reuters
Japan Plans to Make Sub-Launched Missiles Ready Sooner. Japan is pushing to deploy new submarine-launched standoff missiles by fiscal 2028, earlier than the originally planned rollout in the 2030s. The new missiles will be developed by Mitsubishi Heavy Industries, which has also been tapped to develop other long-range and hypersonic missiles. The submarine-launched missiles are seen as a deterrent as Japan’s submarine fleet is known for quiet operation, making them difficult to track and target for counterattacks. Nikkei Asia
China Withholds COVID-19 Data, Censors Info in Drive to Promote Narrative of Triumph. China is reportedly withholding data on its battle with Covid-19 and censoring criticism of its response to the virus to push the narrative that it handled the pandemic in a successful way. A Wall Street Journal review found that Chinese authorities are restricting access to records, such as reports on bodies cremated, that could reveal how many Chinese people died in the pandemic. On social media, monitors are censoring conversations on the psychological impacts of harsh lockdowns from China’s “zero-Covid” policy. Chinese companies are also not explicitly citing Covid-19 as a reason for financial disruptions in recent years. Experts note that most people in China are likely happy to move on from the pandemic and are supportive of the government’s efforts to keep deaths to a minimum. Despite this, Beijing’s clamping down on criticism of its anti-Covid measures adds to its history of shaping public memory and history to avoid signs of mistakes or wrongdoing. Wall Street Journal
Middle East and Northern Africa
Saudi Arabia’s Drive to Bring Syria into Arab League Meets Opposition. Some Saudi Arabian allies are bristling at the country’s push to bring Syria back into the Arab League, according to Arab officials, creating a roadblock to Crown Prince Mohammed bin Salman’s efforts to enhance his diplomatic clout in Damascus and the wider region. At least five members of the Arab League, including Morocco, Kuwait, Qatar, and Yemen, are refusing to readmit Syria into the Arab League; Egypt is also pushing back. In addition to individual demands, the countries want Syrian President Bashar al-Assad to first engage with the Syrian political opposition “in a way that would give all Syrians a voice to determine their future”. While a simple majority could readmit Syria, only a consensus is binding for all members and would provide the legitimacy that Damascus needs to lobby the wider international community to lift sanctions. Saudi Arabia has invited ministers from the Gulf Cooperation Council, as well as Egypt, Iraq, and Jordan, to meet in Jeddah on Friday to discuss ties with Syria, in an effort to overcome the resistance to Syria’s readmission. Wall Street Journal Associated Press
Senator Graham Meets with Saudi Prince, Seeks Cooperation. U.S. Senator Lindsey Graham met with Saudi Arabian Crown Prince Mohammed bin Salman in Jeddah on Tuesday. Graham said he had a “productive, candid meeting” with MBS and is calling for a bipartisan push to take the U.S.-Saudi relationship to “the next level.” Graham also said he thanked the Saudi prince for the Kingdom’s purchase of $37 billion worth of Boeing 787 airplanes, which are made in South Carolina, for the new Saudi airline. Graham’s meeting with MBS reverses his criticism of the prince following the 2018 murder of Jamal Khashoggi; Graham had said he would not return to Saudi Arabia as long as MBS is in charge due to his perceived role in the killing, which the prince has denied. Graham’s meeting adds to U.S. outreach despite heightened scrutiny of Saudi Arabia due to Khashoggi’s death, oil production tensions and the China-brokered rapprochement deal between Saudi Arabia and Iran. Politico Washington Post
Sub Saharan Africa
U.S. Warns Mali to Commit to Peace and Cease Restrictions on UN Peacekeepers. The U.S. warned Mali’s military government yesterday that there is little value in the UN continuing to deploy more than 15,000 peacekeepers as part of the UN Mission there, whose current mandate expires on June 30, unless Bamako ends restrictions on operating reconnaissance drones and implements political commitments toward elections in March 2024 and a broader peace in the country. Malian authorities have reportedly denied nearly 300 flight requests from January through March, nearly 80 percent of which were for intelligence, surveillance, and reconnaissance drones that are seen as critical for the safety of the peacekeepers and their ability to protect civilians. Associated Press
Unidentified People Board Oil Tanker from Singapore in Gulf of Guinea. Singapore’s port authority says unidentified people have boarded a Singapore-registered oil tanker 300 nautical miles off Ivory Coast in the Gulf of Guinea. The tanker, Success 9, had 20 crew members on board when it was boarded. Ship-tracking data shows the tanker has been in West Africa for 60 days and was carrying diesel. Ivorian authorities have been unable to locate the tanker because its beacon has been turned off. Al Jazeera
Cyber & Tech
CISA Releases Secure by Design Principles. CISA, along with other U.S. and foreign cyber authorities, released a set of secure-by-design and -default principles and approaches aimed at guiding product security. In line with the U.S. National Cybersecurity Strategy, the set of principles puts the impetus on software manufacturers and service providers to integrate security and resilience into their products to protect and shift liability away from consumers. The principles also call for transparency and accountability in regard to disclosing flaws and breaches. CISA Cybersecurity Drive
FBI Warns Against Using Public Phone Charging Stations. The FBI’s Denver branch is warning against using public phone charging stations, as it could expose user devices to malware. According to the warning, public USB stations are being used by malicious actors to spread malware and types of monitoring software. The FBI did not provide any other additional details, but researchers have raised concerns over this issue, termed “juice jacking” for several years. CNN The Hill
NSA Cybersecurity Chief Warns Tech Firms to Wargame Possibility of China Invading Taiwan. During an event hosted by the Center for Strategic and International Studies on Tuesday, NSA Cybersecurity Director Rob Joyce warned that businesses should start developing contingency plans for a potential Chinese invasion of Taiwan. Joyce made the warning due to challenges from Russia’s invasion of Ukraine; companies operating in both countries had to deal with evacuating employees from Ukraine, as well as navigating what systems and networks to maintain in Russia and Ukraine and how. Joyce said these challenges would be amplified in Taiwan given the island’s larger role in the global economy as a semiconductor hub, the fact that Taiwan can be blockaded by Chinese naval forces, and the heightened cyber threat from China compared to Russia. Joyce noted that while a conflict in the Taiwan Strait would be more devastating, businesses can learn from the Ukraine war response; they should prepare proper system backups and rely on government and pro-bono support for server support. Breaking Defense
AI Will Make Hackers More Effective According to Top NSA Official. At the same CSIS event, Joyce said that generative AI technologies like ChatGPT will enhance hackers’ ability to trick people, and will optimize the workflow for malicious actors, improving their ability to use those tools better and faster. He also highlighted a risk that foreign competitors might try to steal the intellectual property behind some of these generative AI technologies. That said, officials also believe these technologies could be a useful tool for the U.S. intelligence community. NSA and CIA have expressed interest in these types of capabilities, and the Pentagon is looking at generative AI as a tool that could aid with “decision support and superiority”. DefenseScoop
U.S. Cyber Chiefs Warn AI Will Help Adversaries Develop More Advanced Cyber Attacks. U.S. cyber chiefs are warning that cyber criminal gangs will be using artificial intelligence to develop more attacks on IT at a faster rate. Rob Joyce, the NSA’s cybersecurity director, says he does not think AI will be used for massive, unprecedented automated attacks “in the near term,” but he does think AI will be used to launch a greater number of more complex cyberattacks. He added that defenders should also be looking at how to use AI to bolster cybersecurity in response. The Register
Italy's Data Protection Agency Says It Will Lift Temporary ChatGPT Ban. Italy’s data protection agency, Garante, announced that it would lift the ChatGPT ban if OpenAI meets a set of “concrete” demands by April 30th. The regulator imposed the ban on the chatbot over security, privacy, legal and ethical concerns about ChatGPT and amid growing calls to regulate AI. OpenAI released a statement welcoming the decision, saying they look forward to working with the Italian government to reopen ChatGPT to Italian customers. Reuters
Spain Calls on the European Union to Discuss ChatGPT. The spokesperson of the EU’s data protection board told Reuters In a statement that Spain has requested the agency look into ChatGPT, as part of the growing global scrutiny over artificial intelligence systems. This comes as France’s privacy watchdog announced it was investigating complaints into ChatGPT, and after Italy’s data regulator recently banned the application in the country. Reuters
Internet Outages in Ukraine Caused by Russian Attacks on Infrastructure. Cybersecurity company Cloudflare released research on Wednesday showing that Russian missile and artillery strikes on Ukraine’s power grid are causing localized internet outages. Cloudflare did not assert that Russia is more aggressively attacking Ukraine’s energy infrastructure with the intent of disrupting internet services, but the findings show Russian attacks on Ukrainian civilian infrastructure are disrupting Ukraine’s access to information. Beyond kinetic attacks, Russia is also rerouting internet infrastructure in areas it occupies to control information and conduct surveillance. Cyberscoop
The Pentagon’s Path Towards Hypersonics. DefenseScoop is out with a review on U.S. efforts to develop hypersonic missiles. The report focuses on two systems: boost-glide missiles and cruise missiles, which differ in thrust and energy capabilities and costs. The Pentagon has $4.5 billion in the fiscal 2023 budget to explore these systems, with focus on procuring the Hypersonic Attack Cruise Missile (HACM) over the Air-launched Rapid Response Weapon (ARRW), which failed in prototype testing in March. DefenseScoop
House to Vote on Bill Addressing Huawei and ZTE Threats. The US House of Representatives is expected to vote on a bill next week that will crackdown on the Chinese telecom companies Huawei and ZTE Corp. The bipartisan bill, called Countering Untruster Telecommunications Abroad Act, would require the State Department to report on any allies using these companies for telecom equipment or other services. It would also require any publicly traded companies to disclose if they are contracted to use either company, and would mandate a report on telecom vulnerabilities at US embassies overseas. Reuters
Cybercriminals Selling Services to Hack Google Play Store Apps. Cybersecurity company Kaspersky reports that malicious cyber actors are offering services on the dark web to hack targets with malware and spyware on compromised Google Play Store apps. Prospective attackers purchase stolen developer accounts to upload a new app and then sneak in malicious code on app updates. These updates often include requests for the user to download apps or information outside of the Play Store which contain the full, final malware payload. The process adds to methods that hackers use to obfuscate attacks and circumvent security measures. TechSpot
Ransomware Gangs Are Deploying Zero-Days to Maximize Effect of Attacks. On Tuesday, researchers at the cybersecurity firm Kaspersky said that a cybercrime group recently deployed a Microsoft zero-day vulnerability as part of a global digital extortion campaign against small and medium-sized businesses. The move is an indication of a shift in the use of zero-day exploits, which previously came mostly from nation-state actors, to cybercriminals and ransomware gangs. This particular zero-day was patched by Microsoft on Tuesday; unaddressed, it would have reportedly allowed attackers with authentication privileges to run code on the target system and launch an elevation-of-privilege exploit. In addition to the zero-day patch, Microsoft also fixed 97 other flaws as part of its monthly “Patch Tuesday” effort. CyberScoop
A Look at North Korea’s Advancing Cyber Powers. Axios is out with a review of North Korea’s advancing cyber capabilities. The report notes that despite public perception that Pyongyang solely focuses on cybercrime to fund its weapons programs, recent attacks from North Korean state-backed hackers, namely the 3CX supply chain attack, suggest the country is moving towards developing espionage and sabotage capabilities in cyberspace and more disruptive cyber activities. Axios
FBI Warns Cybercriminals Are Targeting Chinese Communities by Posing as PRC. The FBI is warning that cybercriminals are posing as law enforcement officers or prosecutors from China to scam Chinese nationals in the U.S. The FBI says the threat actors accuse victims of financial crimes and threaten with arrest or violence if they do not pay a fine. The scheme mimics and takes advantage of the Chinese government’s recorded harassment of Chinese nationals abroad for repatriation. The Record
Read deeply-experienced, expert-driven national security news, analysis and opinion inThe Cipher Brief
