Moon of Alabama Brecht quote
January 27, 2021

More Cyber Crimes, Attributed To Russia, Are Shown To Have Come From Elsewhere

Earlier today police in Europe took down the Emotet bot-network:

First discovered as a fairly run-of-the-mill banking trojan back in 2014, Emotet evolved over the years into one of the most professional and resilient cyber crime services in the world, and became a “go-to” solution for cyber criminals.

Its infrastructure acted as a mechanism to gain access to target systems, which was done via an automated spam email process that delivered Emotet malware to its victims via malicious attachments, often shipping notices, invoices and, since last spring, Covid-19 information or offers. If opened, victims would be promoted to enable macros that allowed malicious code to run and instal Emotet.

This done, Emotet’s operators then sold access on to other cyber criminal groups as a means to infiltrate their victims, steal data, and drop malware and ransomware. The operators of TrickBot and Ryuk were among the many users of Emotet.

Up to a quarter of all recent run of the mill cyber-crime was done through the Emotet network. Closing it down is a great success.

Wikipedia falsely claimed that Emotet was based in Russia:

Emotet is a malware strain and a cybercrime operation based in Russia.[1] The malware, also known as Geodo and Mealybug, was first detected in 2014[2] and remains active, deemed one of the most prevalent threats of 2019.[3]


However the Hindu report linked as source to the Russia claim under [1] only says:

The malware is said to be operated from Russia, and its operator is nicknamed Ivan by cyber security researchers.

"Is said to be operated from Russia" is quite a weak formulation and should not be used as source for attribution claims. It is also definitely false.

The operating center of Emotet was found in the Ukraine. Today the Ukrainian national police took control of it during a raid (video). The police found dozens of computers, some hundred hard drives, about 50 kilogram of gold bars (current price ~$60,000/kg) and large amounts of money in multiple currencies.


Since the 2016 publishing of internal emails of the DNC and the Clinton campaign attribution of computer intrusions to Russia has become a standard propaganda feature. But in no case was there shown evidence which proved that Russia was responsible for a hack.

The recently discovered deep intrusion into U.S. companies and government networks used a manipulated version of the SolarWinds Orion network management software. The Washington borg immediately attributed the hack to Russia. Then President Trump attributed it to China. But none of those claims were backed up by facts or known evidence.

The hack was extremely complex, well managed and resourced, and likely required insider knowledge. To this IT professional it 'felt' neither Russian nor Chinese. It is far more likely, as Whitney Webb finds, that Israel was behind it:

The implanted code used to execute the hack was directly injected into the source code of SolarWinds Orion. Then, the modified and bugged version of the software was “compiled, signed and delivered through the existing software patch release management system,” per reports. This has led US investigators and observers to conclude that the perpetrators had direct access to SolarWinds code as they had “a high degree of familiarity with the software.” While the way the attackers gained access to Orion’s code base has yet to be determined, one possibility being pursued by investigators is that the attackers were working with employee(s) of a SolarWinds contractor or subsidiary. 
Though some contractors and subsidiaries of SolarWinds are now being investigated, one that has yet to be investigated, but should be, is Samanage. Samanage, acquired by SolarWinds in 2019, not only gained automatic access to Orion just as the malicious code was first inserted, but it has deep ties to Israeli intelligence and a web of venture-capital firms associated with numerous Israeli espionage scandals that have targeted the US government.
Samanage offers what it describes as “an IT Service Desk solution.” It was acquired by SolarWinds so Samanage’s products could be added to SolarWinds’ IT Operations Management portfolio. Though US reporting and SolarWinds press releases state that Samanage is based in Cary, North Carolina, implying that it is an American company, Samanage is actually an Israeli firm. It was founded in 2007 by Doron Gordon, who previously worked for several years at MAMRAM, the Israeli military’s central computing unit.
Several months after the acquisition was announced, in November 2019, Samanage, renamed SolarWinds Service Desk, became listed as a standard feature of SolarWinds Orion software, whereas the integration of Samanage and Orion had previously been optional since the acquisition’s announcement in April of that year. This means that complete integration was likely made standard in either October or November. It has since been reported that the perpetrators of the recent hack gained access to the networks of US federal agencies and major corporations at around the same time. Samanage’s automatic integration into Orion was a major modification made to the now-compromised software during that period. 

The U.S. National Security Agency has ways and means to find out who was behind the SolarWinds hack. But if Israel is the real culprit no one will be allowed to say so publicly. Some high ranging U.-S. general or official will fly to Israel and read his counterpart the riot act. Israel will ignore it just as it has done every time when it was caught spying on the U.S. government.

With more then half of Washington's politicians in its pockets it has no reason to fear any consequences.

Posted by b on January 27, 2021 at 15:32 UTC | Permalink

« previous page

I saw a Tubman $20 bill and wondered what Idi Amin was doing on our currency.

Posted by: Shadow | Jan 28 2021 19:19 utc | 101

vk | Jan 28 2021 14:16 utc | 84

Leaving out God, there is no need to go to extremes, and he always has the last word. It is clear that the Zuckerbergs, Bezos of this world think they are a superior race. A bit like the Haredim who were told that even their bodies were superior to the rest of humanity. (Something that other Israelis might have a hard time agreeing with). The Zuckerbezos would love to be considered as a pantheon of gods, omnipotent, omniscient and an insurmountable obstacle.

That assumption is about to be sorely tested by the rest of the world and even by the "westerners". (Think of the questions now surrounding Twits, Parlers, and censorship). The Chinese, Russians have given up expecting a solution to world problems to come from them. If you look carefully, most, if not all, actions/agreements they take no longer are communicated directly with the "west". Much of it is subsurface. a) to not provoke "sanctions", b) to get round "sanctions" and form a unified bloc.

I have been reading about the Iranians and how a seemingly bankrupt country can give out multibillion contracts. (Chinese backing of course). How their newest pipeline will get their Oil to the Indian side of the straits of Hormuz, etc. The Moving finger writes and then moves on. Unfortunately or fortunately (depending on your viewpoint) future commercial repayments will be in "soft" (read non-dollar) currencies. Even Nordstream II is to use the Euro and not the dollar. The zuckebezos want dollar supremacy to continue as they have become accustomed to free cash.
(Ooops went of a bit on a side track there).

The Davos regulars now want a "reset" (to put everything in their hot little hands), and a "green" agenda which is designed to put all of Africa under their control and food production into their hands as well (It is now possible to speculate and manipulate food prices).

The Chinese and Russians probably do not see this as to their advantage.

PS; the a pantheon of gods, omnipotent, omniscient and an insurmountable obstacle. is more like the chaos that happened with the Greek Gods and not more dignified.

Posted by: Stonebird | Jan 28 2021 19:28 utc | 102

Wow, 2 days after all the news of the take-down of Emotet (servers/infrastructure, Ukrainian individuals, and money/gold) in the Ukraine, by the Ukraine's national police, as reported by Ukraine's news media, the Wikipedia page still starts with:

"Emotet is a malware strain and a cybercrime operation believed to be based in Russia."
Still based only on that one "said to be" statement from The Hindu article from August, 2020, while numerous more substantial and recent articles from the last two days are just ignored.

And that's despite about 25 edits by at least 14 different editors since the Ukraine news came out. The best they did was change "based in Russia" to "said to be based in Russia" to "believed to be based in Russia".

From the Kyiv Post:

"Ukrainian cyberpolice helped dismantle an international hacking system from Ukraine called Emotet [..] Ukrainian authorities announced on Jan. 27.

Law enforcement seized server equipment, computer equipment as well as bank cards, money, and sensitive data in Kharkiv, Ukraine's second-largest city with 1.4 million residents and located 500 kilometers east of Kyiv, and in Kharkiv Oblast.

Investigators said they learned the identity of two Ukrainians involved in the network [..]"

The BBC's reporting (the first link that Google News feeds me on searching for Emotet) on the other hand somehow manages to make absolutely zero mention of the Ukraine.

Wikipedia was long ago subverted by the same people that control our establishment media - still can't believe just how blatant and extensive the selective editing is.

There was a quote in 2004 from an unnamed (I would guess neocon) official in the George W. Bush administration "We're an empire now, and when we act, we create our own reality." I guess the empire's goal of owning and controlling reality includes control of mainstream media and Wikipedia. Just a few more steps from there toward totalitarian fascism.

Posted by: Canadian Cents | Jan 28 2021 19:30 utc | 103

@103 Canadian Cents

Generally attributed to Karl Rove I believe.

Posted by: Digital Spartacus | Jan 28 2021 20:05 utc | 104

Posted by: Hoarsewhisperer | Jan 28 2021 14:05 utc | 83

To say the "Israelis" are unhappy with Russia would be the understatement of Millennia.

And yet here they are bombing Syrian civilian and military targets on a weekly basis. And at zero political cost. I don't see much of a Russian moderation on Israeli aggression. Do you?

It should be obvious that the ones left holding the short end of the stick are the Syrians. They are the ones actually living in rubble. Israelis can sip sodas by the pool with the confidence that they can just lob bombs into Syria, anywhere, anytime, and the rest of the world won't even blink.

Posted by: robin | Jan 28 2021 20:39 utc | 105

Posted by: William Gruff | Jan 27 2021 16:27 utc | 9

Was there a better way for Trump to telegraph (or tweet, whatever) to the public that the establishment had no idea who was behind the hack?

If Trump said that he didn't believe Russia did it that would just give the establishment mass media ammunition to say he was Putin's puppet. After dozens of mass media products echo the narrative off each other to amplify a weak and vague suggestion and build it into something that the public perceives as truth, Trump crushed it all by just accusing someone else. Rather than laboriously dismantling the accusation aimed at Russia he just cut it off at the knees.

Playing along with your clever telegraph posit, the masses are far too absorbed by the great sectarian divide to have any independent analysis on just about any matter of significance. I don't see anyone making the conclusion you made. The president didn't crush anything, he just made sure that the good folks remember to save some hate for China.

In any case, mass media and the accompanying social media circus has been doubling down with the Putin's puppet meme even as the administration led the country into a an unprecedented anti-Russia frenzy. Of course, that's how the system works best, when the only opposition heard are yells for a harsher stance.

We play both kinds of music, country AND western.

Posted by: robin | Jan 28 2021 21:20 utc | 106

The MSM will investigate and report on Samanage about as much as was done on the 1968 attack on the USS Liberty (google it) - namely nothing.

Posted by: Paul Ba | Jan 28 2021 21:27 utc | 107

wallstreetonparade Martens' website excellent too MOA !!!!

Posted by: RKelly | Jan 28 2021 22:19 utc | 108

Hoarsewhisperer | Jan 27 2021 16:26 utc | 8

Precisely. And it's almost as bad in Oz, and even worse in the UK. Money is the only logical explanation for the "Israel" Worship indulged in by corrupt, amoral Western political 'leaders'.

I don't think love of money explains it. I think it must be blackmail, probably mostly pedophile/child-sacrifice blackmail. It seems so effective.

Posted by: foolisholdman | Jan 28 2021 22:51 utc | 109

The Russia angle wasn't pushed really. Mainstream sources generally talk about Ukraine.

Posted by: Tuyzentfloot | Jan 28 2021 23:24 utc | 110

"PM Bibi Netanyahu Boasts about the Israeli NSA Unit 8200 Israel is the Second Eye of Five Eyes" ( )

Posted by: GoFundMeADrone | Jan 29 2021 0:37 utc | 111

@105 robin - "I don't see much of a Russian moderation on Israeli aggression [...] the ones left holding the short end of the stick are the Syrians.

Why don't you ask the Syrian people how much they love the Russians? Especially ask the Syrian soldiers, who have commented in complete admiration that they have watched Russian soldiers fight and give their lives for Syria as it it were for their own mother country.

Go read some past articles from b or Saker to see how Russia saved Syria from enormous pain and the prolongation of the conflict. Even Iran today says that the conflict would have taken much longer without Russia. It's rather presumptuous to ask for any more from Russia than the precious blood she has already shed for this country which is not her own.

While you're reading, check Nasrallah to see how carefully the IDF moderates all of its attacks so as not to provoke an actual conflict - of which it is literally terrified.

Do some more reading, including here, and you'll come to understand that the strikes by Israel are very carefully calculated so as not to provoke a response. Occasionally Israel stumbles across the line of what is tolerable, and then Syria hammers back. Or else Israel makes a formal apology to Hezbollah after inadvertently stepping over another red line.

Israel lives in fear and trepidation, and rightly so. What little it can do overtly nowadays is mostly theater. It also sends its trolls out to talk down its enemies in forum threads, and to talk up its theatrical "accomplishments", and this is usually done in the tone known as "concern trolling". We must certainly beware of that sort of commenter.

So yes, there is much to learn, but it's not hard to find. Sorry I have no links to offer, but stay tuned, because collateral for everything I've said here appears all the time - there's even some already in this thread.

Posted by: Grieved | Jan 29 2021 0:55 utc | 112

@ Triden

No, it's not apple/orange at all.

Fiat itself is a viable concept, a fake but workable social contract, but stock is just fantasy.

A stock costs $10 one day and the other day it costs $1000, but it's still one stock.

You know damn well there's something fucky in there, and you can't determine the value of something by the amount of money it costs present.

Posted by: Smith | Jan 29 2021 1:22 utc | 113

With more then half of Washington's politicians in its pockets [Israel] has no reason to fear any consequences.

Posted by b on January 27, 2021 at 15:32 UTC | Permalink

It reminds me a joke: someone asks a Minnesota teacher if it is true that 95% high school kids in the state are fishing. "Yes, I find it hard to believe, but it is true. I have no idea what is wrong about those 5%."

That said, the statement is not precise. First of all, the money is American -- American Zionists like late Sheldon Adelson (although his widow, now with money on the purse, is Israeli). Business people need networking, and for American Jews who are mostly tepidly religious (or not religious at all), "bond with Israel" is a uniting element of the diaspora -- with networking benefits. Second, I would conjecture that most creatures in the Capitol get rather paltry money. But the most ambitious ones get a lot, and this is enough to create a climate of intimidation. Voicing a "heretical statement", like that "USA should be even-handed in Israeli-Palestinian conflict" raises a firestorm (thus I learned that "evenhanded" is an anti-Semitic slur, more precisely, alleging lack of evenhandedness is ridiculous given that Fakestinians get much more than they deserve, Palestinian is a term that is tolerable when talking with grim). And if you do not retire from politics, you can bet on facing a well-funded primary opponents next time.

Alas, more than half of the congressional districts are not competitive, so this threat is hollow, and few percent in Congress dare to be heretical from time to time. But MUCH LESS THAT HALF.

Posted by: Piotr Berman | Jan 29 2021 3:15 utc | 114

@Someone (44)
Others claim the €500 note was introduced so as to replace the 1000-Deutsche mark note. And considering how $500 at the time was worth what $100 used to be decades prior, why wouldn't they?

Posted by: joey_n | Jan 29 2021 8:44 utc | 115

Exclusive: Proud Boys leader was ‘prolific’ informer for law enforcement
Posted by: Bemildred | Jan 27 2021 16:35 utc | 11

Interesting that Tarrio was "extracted" (i.e. "arrested" and forced to leave DC) 2 days before the Congress affair. We can speculate that he may have been the one who incited violent actions of the Proud Boys, at FBI/Dem request, in order to enhance the provocation for Dem benefit, while Tarrio himself was removed so that he would not face resulting punishments. If so, one would surmise that the other Proud Boys members might be punished exceptionally harshly, so Tarrio would want to be given an excuse.

Posted by: BM | Jan 29 2021 13:33 utc | 116

@ Grieved 112

As far as I know, Russia has neither prevented an israeli attack nor ever carried out retaliations of any sort. That's all I wanted to point out.

Suggesting the aggressor is cowering in fear of a hypothetical devastating retaliation from the victim grossly misrepresents the balance of power. I can understand how local officials, wary of a domestic public opinion confusing helplessness with incompetence, may wish to play down the extent of attacks. Internationally, however, this type of baghdad-bobbism tends to play into the hands of an aggressor who expends considerable resources to manipulate public perception and portrays himself as a benevolent yet victimized actor.

If Syria could hammer back, as you suggest, why does it not do so? Can you think of any reason for allowing such blatant acts of aggression? Most peer and near-peer actors would respond after the very first wave. The actual nature of the target, be it expensive AA kit, live troops or simple garden sheds, does not matter. What counts is establishing effective deterrence. Anything short of that and you will always be living in fear, unwilling to invest and watching helplessly your country get picked to pieces.

Posted by: robin | Jan 29 2021 20:02 utc | 117

China & Russia dumping US$, not a 2yr window that was rumored

Metal weighs in value/s be prepared MOA, et al, money as pocket change

Posted by: RKelly | Jan 29 2021 20:16 utc | 118

@117 robin

I happened to come by and see your comment, so here's one final word on this matter. You can think what you like and deduce whatever you choose from first principles, and you can assume you're dealing with the straight story simply because your logic seems sound, regardless of whether your premises are actually reliable.

Or you can read some of the sources I suggested and find out for yourself what many people have already long discussed.

Posted by: Grieved | Jan 29 2021 23:09 utc | 119

Posted by: robin | Jan 29 2021 20:02 utc | 117

It's called fire discipline, you don't waste your relatively precious air defenses on minor attacks, which all of these are. Also, you don't want to reveal your air defense deployments either, for the same reason, that's good intel for the Izzies, that's what they are looking for. All right?

Posted by: Bemildred | Jan 30 2021 0:07 utc | 120

Wasn't SolarWinds Orion software interfaced with, the SENTINEL System developed and created by Christine Maxwell's company Cilead ?

SolarWinds Orion backdoor software is thought "likely " to have been used to provide back door access to Dominion voting machines .

Posted by: Fíréan | Jan 30 2021 0:10 utc | 121

@ Bemildred 120

From what I'm reading, Syrian forces are in fact expending precious air defence resources to parry Israeli bombs and missiles instead of going after the delivering platforms. Would it not make sense to take shots at the IAF as it approaches over Lebanon? As it stands, Syrian forces won't even try anything over Al Tanf, their own sovereign territory. That alone should tell us where lies the balance of power.

Let's reverse the situation as a thought experiment. Immediately following the first act of aggression, Israel and probably a whole coalition, would have laid waste to Syria's airfields as well as other military targets. It would be open season on civilian infrastructure as well and the nation's development would be wound back many more decades.

I'm genuinely curious to know the motivation behind the denial of this balance of power.

Posted by: robin | Jan 30 2021 7:59 utc | 122

Posted by: robin | Jan 30 2021 7:59 utc | 122

No, I'm done here. You asked, but I didn't think you'd like the answer, and I know you won't shutup about it.

Posted by: Bemildred | Jan 30 2021 12:31 utc | 123

Wikipedia falsely claimed that Emotet was based in Russia:

The page STILL contains the same lie.

Personally I'm done with wikipedia.

I don't even think it can be trusted for objective truths like standard computing algorithms or mathematics anymore...

Posted by: Arch Bungle | Jan 31 2021 13:17 utc | 124

@oldhippie #81
If these places are doing so, they are breaking all manner of laws.
Among other things, pawn shops are legally required to keep records of incoming merchandise in case it is stolen.
The records also prevent fuckery on the part of the pawn shop - since they are also legally regulated on how much interest they can charge and that people can redeem their merchandise back.
These places also all have cameras for security reasons.
The notion that you can sell something and have no legal or other records is only possible if you are talking about illegal activities - which in turn open you up to fraud and theft.

Posted by: c1ue | Feb 2 2021 10:29 utc | 125

Posted by: Arch Bungle | Jan 31 2021 13:17 utc | 124

Wikipedias math stuff is crap too. I gave them money once. Now I'm sorry. It's amazing how many of our charities and public service organizations have been turned into financial rackets. Just like Russia in the 90s.

Something more interesting:

Putin Lays Flowers At 1st Russian President Boris Yeltsin's Grave On His 90th Birthday

I watched a short video, it was very moving. I can well imagine Putin's feelings in such a moment.

Posted by: Bemildred | Feb 2 2021 11:50 utc | 126

« previous page

The comments to this entry are closed.