OBSERVE | ORIENT | decide | act

Throughout the Mueller investigation, many subject matter experts (who felt the whole investigation to be a bit myopic) encouraged us to not miss the role Chinese, North Korean, and Iranian influence campaigns were playing (in addition to the Russians) in what was a multinational Bitskrieg on our cognitive infrastructure in the lead up to the 2016 and 2020 Presidential Elections.

History is unfolding and law enforcement and criminal justice activities are now contributing to the historical record of the breadth and scope of the influence campaigns directed at the United States in that time period.

Remember the Name Vladislav Klyushin

On January 3rd,  reports started surfacing about the December 2021 extradition from Switzerland of a Kremlin insider who may have secrets of the 2016 hack.   Vladislav Klyushin is a Russian IT executive (some reports describe him as a “Tech Tycoon”) who arrived in the U.S. to face insider trading charges and a securities fraud case against him (based on evidence of illegal earnings from trading on hacked corporate-earnings information). (1)

According to Bloomberg:

“Klyushin’s cybersecurity work and Kremlin ties could make him a useful source of information for U.S. officials, according to several people familiar with Russian intelligence matters. Most critically, these people said, if he chooses to cooperate, he could provide Americans with their closest view yet of 2016 election manipulation.

According to people in Moscow who are close to the Kremlin and security services, Russian intelligence has concluded that Klyushin, 41, has access to documents relating to a Russian campaign to hack Democratic Party servers during the 2016 U.S. election. These documents, they say, establish the hacking was led by a team in Russia’s GRU military intelligence that U.S. cybersecurity companies have dubbed ‘Fancy Bear’ or APT28. Such a cache would provide the U.S. for the first time with detailed documentary evidence of the alleged Russian efforts to influence the election, according to these people.”

The Iranians Almost Slip Through The Cracks

In November of last year, it was easy to miss this indictment of two Iranian Nationals Charged for Cyber-Enabled Disinformation and Threat Campaign Designed to Influence the 2020 U.S. 

According to the New York Times:

“The Justice Department indicted two Iranian hackers on Thursday for seeking to influence the 2020 election with a clumsy effort to intimidate voters, just a day after the nation’s cyberdefense authorities warned of an escalating Iranian effort to insert malicious code into the computer networks of hospitals and other critical infrastructure.

The hackers, identified in a grand jury indictment handed up in New York as Seyyed Kazemi, 24, and Sajjad Kashian, 27, are accused of sending threatening messages to several thousand voters, after breaking into some voter registration systems and at least one media company. Many of the messages sent by the Iranians were designed to look like they were from the Proud Boys, the right-wing extremist group.

Law enforcement officials also revealed Thursday that the Iranians had hacked into a media company that provides a content management system for dozens of newspapers, although officials did not reveal the name of the organization.  Had they kept access, they might have been able to post fake stories to undermine the election, law enforcement officials said. But the F.B.I. detected the intrusion and notified the company. When the Iranians tried to enter the system the day after the election, they discovered their access was blocked.”

Coincidentally (or not?), the indictment of the two Iranian hackers was released days after a  Joint Cybersecurity Advisory Released by CISA, FBI, AUS CSC and UK NCSC Regarding Iranian Government-Sponsored APT Joint CSA’s are rare.  This warning was specific in its attribution of threat activities organized by the Iranian government and did not single out non-state actors and criminal groups. In light of the indictment, the joint CSA seems to infer that Kazemi and Kashian are formally affiliated with the Iranian government (or that their activity can be attributed to Iran through the evidence offered in the indictment).

Noting the timing of the joint cybersecurity advisory, David Singer and his co-authors surmised that “taken together, the indictment and the warning suggest that the Iranian government is making broader use of its offensive cyber-units, and learning from techniques it is picking up from Russia and elsewhere. The warning did not name which American hospitals or transportation systems were the focus of Iranian attacks..” (2)

Related Reading:

Black Swans and Gray Rhinos

Now more than ever, organizations need to apply rigorous thought to business risks and opportunities. In doing so it is useful to understand the concepts embodied in the terms Black Swan and Gray Rhino. See: Potential Future Opportunities, Risks and Mitigation Strategies in the Age of Continuous Crisis

Explore OODA Research and Analysis

Use OODA Loop to improve your decision-making in any competitive endeavor. Explore OODA Loop

Decision Intelligence

The greatest determinant of your success will be the quality of your decisions. We examine frameworks for understanding and reducing risk while enabling opportunities. Topics include Black Swans, Gray Rhinos, Foresight, Strategy, Stratigames, Business Intelligence, and Intelligent Enterprises. Leadership in the modern age is also a key topic in this domain. Explore Decision Intelligence

Disruptive/Exponential Technology

We track the rapidly changing world of technology with a focus on what leaders need to know to improve decision-making. The future of tech is being created now and we provide insights that enable optimized action based on the future of tech. We provide deep insights into Artificial Intelligence, Machine Learning, Cloud Computing, Quantum Computing, Security Technology, Space Technology. Explore Disruptive/Exponential Tech

Security and Resiliency

Security and resiliency topics include geopolitical and cyber risk, cyber conflict, cyber diplomacy, cybersecurity, nation-state conflict, non-nation state conflict, global health, international crime, supply chain, and terrorism. Explore Security and Resiliency

Community

The OODA community includes a broad group of decision-makers, analysts, entrepreneurs, government leaders, and tech creators. Interact with and learn from your peers via online monthly meetings, OODA Salons, the OODAcast, in-person conferences, and an online forum. For the most sensitive discussions interact with executive leaders via a closed Wickr channel. The community also has access to a member-only video library. Explore The OODA Community