Friday, December 30, 2016

Inside an ISIS Bunker 122916 Did This Mysterious Female Hacker Help Crack the DNC? Alisa Shevchenko

UNDER WORLD

Inside an ISIS Bunker 122916

Booby-trapped houses above. A city strewn with bombs ahead. And below, a network of tunnels fit for a terror army.

12.29.16 10:13 PM ET

BAA’SHIQA, Iraq—The ISIS fighter’s black-hooded jacket is still hanging on a hook on the wall, and his sleeping blankets cover the floor tangled with pillows and abandoned clothes in the now-empty cave. It’s perhaps 50 feet deep down a long dark, claustrophobia-inducing tunnel beneath the missile-blasted house above.
Along the hallway, what looks like an oxygen tank is connected to fans that once circulated air from the outside, and the tunnels are lined with electric wires and light bulbs every few feet. There is a now-empty TV frame on the smooth white walls, constructed of some sort of wood paneling to insulate the room from the bare earth.
A second room was a few feet down another branch of the tunnels, another nest-like sleeping area for more fighters hiding from coalition bombs above, according to the troops-turned-tour guides.
This warren of tunnels and subterranean rooms was, until not that long ago, an underground bunker and command center for the so-called Islamic State widely known as ISIS. And its size and sophistication—not to mention all of the booby-trapped houses above—show the literal entrenchment of the terror army around Mosul, its Iraqi capital.
One regional official told The Daily Beast that ISIS is even more dug in on the western side of Mosul. According to tipsters inside the city, ISIS hasn’t just mined individual houses, but rigged entire neighborhood blocks to blow up, with explosive devices daisy-chained through houses in deadly arcs.
Outside in the street, above this particular hideout the sulphur smell of coalition bombs still coats the air and the back of your throat, the residue of pounding air strikes followed by a fierce house-to-house battle for the town of Baa’shiqa, about 15 miles from Mosul, and just two or three miles from current front.
It was Wednesday when Pesh Merga forces showed The Daily Beast around, during the Iraqi army’s brief pause to refresh men and material after a bloody 60-day push into the outskirts of eastern Mosul, and the surrounding villages like Baa’shiqa. Tired-looking Iraqi soldiers were driving broken vehicles through the checkpoints that now encircle every major route out of the area.
A day later, 6 a.m. Thursday Iraqi time, the fight was back on, according to Iraq’s Ministry of Defense. “Troops from the army, federal police, and Iraqi counterterrorism forces have started the second phase of fully liberating the left bank of Mosul,” said a statement on the Ministry’s Facebook page in Arabic. It was signed by Iraqi Gen. Abdulameer Rasheed Yaralah.
A statement from U.S. Central Command confirmed the army, police, and counterterrorism forces “initiated a simultaneous advance along three axes in Mosul,” from the south, west, and north of the city.
Iraqi officers are refusing to talk to reporters at the moment, burned by criticism that the two-month-long battle is going slower than expected, and also stung by U.S. Lt. Gen. Stephen Townsend’s Christmas Day prediction that it may take a year to clear both capitals of the so-called Islamic State, Mosul and Raqqah, and then another year to pursue ISIS into the vast desert in the triangle between the two cities and Anbar province in the south.
An angry Iraqi Prime Minister Haider al-Abadi told reporters this week that the fight for Mosul would take only another three months, ending just in time for possible provincial elections in April. Other Iraqi officials backed up his assertion, saying the deadline would be met but conceding that a bit of bravado fueled initial predictions of a swift victory.
“Everyone had unrealistic expectations—military, politicians, and public,” Iraq’s Deputy National Security Adviser Dr. Safa al-Sheikh told The Daily Beast in an interview. “Shortly, maybe the left side of Mosul will be liberated, but it will take a couple of months,” to clear the west side of Mosul.
The Pesh Merga fighters in Baa’shiqa praised Abadi’s forces, saying they’ve fought hard and cooperation has been good. It’s a rare salute, at odds with the sniping between the politicians that command both forces.
But they don’t see how any force, no matter how good, can blast through what’s ahead of the Iraqi troops in western Mosul.
“The Iraqi army fighters are exhausted, and there is no one to replace them,” said Pesh Merga Brigadier General Bahram Yassin Arif, at his makeshift headquarters of tents set up inside a large hall in Baa’shiqa—one of the only buildings left mostly untouched by the fighting.
GET THE BEAST IN YOUR INBOX!
And the battle is vicious, with an array of ISIS assaults from armored car bombs, suicide vest bombers, and snipers who aren’t that skilled but are persistent.
“Not so good, or accurate, but still dangerous,” the general said, over cups of heavily sugared tea by a roaring fireplace in the cavernous building, empty except for red plastic chairs and his troop’s tents.
“If the fighting goes like this, it will take longer than they think,” he added.
Outside the makeshift headquarters is an array of homemade ISIS missiles of indeterminate ranges that show both a level of technical prowess and long preparation.
“They have some experts from Saddam Hussein’s regime, and some western experts too,” the general said.
When The Daily Beast asks if the captured munitions have been defused and rendered safe, the fighters say no. There’s enough ordnance here to blow the whole compound to bits, but these fighters don’t have enough tourniquets to go around, much less the bomb squad technicians who would tell them such weaponry needs to be kept in a deep pit at a safe distance.
The general says the whole town is littered with leftover munitions and as-yet-untriggered improvised bombs, left to maim and kill long after ISIS has departed. Such devices have already taken dozens of lives of returning civilians in places like the city of Ramadi.
Yet the Kurdish Pesh Merga forces who seized this territory are proud to show off this smoldering town, fearlessly tracking through the battered house that provides the entrance to ISIS’s underground network, despite the risk that the terrorists may have left booby-trap explosive devices behind.
The house where the tunnel entrance is located is a classic example of the urban nightmare to come as Iraqi forces push ahead. The walls of the houses and between them are punched through with massive door-sized holes, so that ISIS fighters may run house to house through the neighborhood unseen by the drones and war planes above.
There are more of the same labyrinthine passages and dug-in fighters ahead for the Iraqi army troops who must take the rest of eastern Mosul, and then work their way into the west of the city. ISIS fighters have already used such hidden passages to pop up behind Iraqi lines, slaying the advancing force by shooting them in the back by the dozens.
Sheikh, Iraq’s deputy national security adviser, said his government knows a brutal fight lies ahead.
“The number of Daesh people inside Mosul is larger than in Anbar [province, previously held by ISIS] so they could terrorize people,” he said, using an Arabic pejorative for terror group. The estimates of how many ISIS fighters are left inside Mosul range from a few thousand to as many as 10,000. “And no one knows how many are core fighters—the people who will fight to the death,” he said.
The Iraqi government is not expecting much help from the civilians trapped inside Mosul, according to intelligence reports they’ve had from within the city, Sheikh said.
“When Daesh entered the city, generally, they were welcomed by the citizens,” he said. ISIS’s harsh rule soon soured the local population, but terror replaced their initial welcome. “It decayed to the degree that the people would welcome the Iraqi forces but they are not able to revolt against Daesh.”
At a nearby camp for displaced Iraqis run by a local Kurdish charity, a crowd of escapees agreed.
“They didn’t kill us right away. Life was normal at first,” said one man who fled ISIS rule. (The escapees from Mosul did not want to be named for fear of endangering those left behind in ISIS territory.) “You had to grow a beard and wear short trousers,” with an elasticized ankle. The men around him showed their similar pants. “But then I missed a couple of prayers at the mosque… First they lashed me 30 times,” and later, when they found he wasn’t observing the fast during Ramadan, lashed him 50 times.”
A second man was imprisoned when ISIS discovered he was a former Iraqi soldier. His uncle paid $800 ransom to ISIS to spring him from jail—but not before the fighters used a hot poker to gouge one of his legs.
Another man was held in prison for reasons he would not explain, but said while there, he witnessed ISIS fighters beheading prisoners with swords, or chopping hands off with knives.
When asked if the people left behind would rebel against ISIS, every head in the crowd shook “no.”
“If they speak against Daesh, they will behead them,” they said.
The coalition has been bombing ISIS for two months, yet ISIS is still standing, one man added. “The people inside have no weapons. How do you expect them to fight?”
with additional reporting from Bawar Ihsan in Baa’shiqa, Iraq, and Saud Murrani in Baghdad
AUTHOR’S  NOTE: This story was updated to note that the man who was lashed twice by ISIS was punished the second time for failing to observe the fast during Ramadan.

PHOTO ILLUSTRATION BY ELIZABETH BROCKWAY/THE DAILY BEAST

RED LETTER

Did This Mysterious Female Hacker Help Crack the DNC?

Alisa Shevchenko is a “self-taught,” relatively unknown player in Russia’s hacker scene. Why did the Obama administration target her, of all people, for sanctions?
The U.S. sanctioned a couple of well-known crooks and handful of Russian government intelligence officers Thursday in retaliation for the Russian government’s interference in America’s elections and diplomacy.
Barely noticed on the sanctions list was the young, relatively-unknown female hacker whose company the U.S. said helped the GRU with “technical research and development” to penetrate the Democratic National Committee and Hillary Clinton’s campaign chairman, John Podesta in 2015 and 2016.
“She’s the only interesting one on the list. The rest of them are well known,” a cybersecurity researcher intimately familiar with the Russian hacking scene told The Daily Beast.
But ZOR Security’s founder Alisa Shevchenko denies the allegations and maintains that her company’s inclusion was just a big mistake.
“What really happened: anonymous clerk at U.S. treasury googled the internet for ‘cyber’ while intel analysts were on their Christmas vacation,” Alisa Shevchenko tweeted on Friday. “Another version: a naughty Santa, deep in the Christmas night, hacked into Obama’s computer and put some random Russian names in his papers.”
If that’s the case—and the U.S. government has supplied no evidence to back up the allegation of ZOR’s involvement—it could raise serious questions about the Obama administration’s retaliatory measures for the election-related hacks.
Shevchenko is a self-anointed “self-taught offensive security researcher.” That’s a relative rarity in a field in which most people describe themselves as network defenders. She learned to code at 15 but was more drawn to hacking than programming, according to a 2014 profile of the businesswoman in Forbes Russia. Shevchenko dropped out of school and wound up working for five years as a virus analytics expert for Kaspersky labs instead. In 2009, she founded her own company, then known as Esage labs, and later as ZOR Security. (The acronym, in Russian, stands for “Digital Weapons and Defense.”) A self-described “offensive security researcher,” she focuses on finding vulnerabilities rather than fixing ones exposed by other hackers.
The company initially handled crisis response for companies like Russian banks, according toForbes Russia. In one of her early jobs, she helped a bank figure out how hundreds of fake debit cards were withdrawing thousands of dollars from accounts. And she also tested an antivirus software for her former employer, Kaspersky Labs—a company which itself has strong ties to Russia’s security services.
But while the business of responding to security breaches paid well, the work wasn’t steady. She instead turned to her specialty: hacking companies to inform them of weaknesses in their own security systems. Shevchenko’s specialty and passion, according to Forbes Russia, is defense against Rootkits, or software that lets a person gain unauthorized control of a computer. Her company stopped taking one-off jobs, instead relying on lucrative contracts for penetration tests. The profile said she was courting an increasingly international clientele.
Along the way, she established a bit of a reputation for herself in cybersecurity circles. The U.S. government even credited her with finding a software vulnerability or two.
The cybersecurity researcher called it “not the most brilliant of the most brilliant, but respectable research. [It] show[s] a knowledge of the concepts of exploit development.”
Sometime along the way, ZOR Security shut down, according to Shevchenko. She told a Forbes reporter on Friday that her company had never been involved in any of the actions it’s accused of by the U.S. Its now-defunct website said, in Russian, that its mission was to “protect Russian companies from the professional computer attacks.”
“Dear journalists, please forgive me my silence. I am really trying to make any sense of it,” Shevchenko tweeted. “how my little simple company (closed long ago at that) could possibly appear on the same list with the FSB and international terrorists.”
The FSB, or Federal Security Service, is Russia’s main security agency.
It’s not clear what Shevchenko is up to these days. Another of her projects, a hacking journal called No Bunkum, appears to not have been updated in years. A now-private Instagram account listed her location as Bangkok.
GET THE BEAST IN YOUR INBOX!
In recent years, the Kremlin has opened up its cyber warfare and intelligence operations to all sorts outside traditional government circles—independent hackers, criminals, private companies, and quasi-independent research agencies. In a sense, it’s not much different than how Washington operates. Much of the information published by the U.S. government about the DNC hacks on Thursday relied on the work of private cybersecurity companies like Crowdstrike.
"Every agency has them—these nominally private companies or research institutions,” he said. “They can build you connections [with hackers skeptical of the government],” the cybersecurity researcher said.
But that researcher added that it would be a surprise if ZOR security was directly involved in the DNC hacks. “Maybe they sold them an exploit. [But I] doubt they were involved in the operation,” the researcher said.
“What interests me is how this person and this company became chosen for any of [the sanctions],” the researcher told The Daily Beast in an email. “There are better, highly active companies in Russia that do sell vulnerabilities / exploits to the government.”
Of course, there are plenty of unknown hackers who become instantly (in)famous. But the others on the U.S. list are more notorious today. The two hackers named alongside GRU officials had already graced the FBI’s most-wanted list for years. Evgeniy Bogachev and Aleksey Belan are both accused of engaging “malicious cyber-enabled misappropriation of financial information,” though not for the Russian government but for personal financial gain.
The 29-year old Belan allegedly intruded the networks of three American e-commerce companies to steal their user databases. The FBI also says he sold the users’ names and passwords.
Bogachev, 33, made the FBI’s Most Wanted List for spreading a malicious software called Zeus on peoples’ computers, which compromised their bank accounts, passwords, and other personal information. He then allegedly used that information to steal money from his victims. A later version of the malware is believed to have stolen more than $100 million and to have infected more than a million computers.
The GRU officials on the list were less notorious. But the cybersecurity researcher told The Daily Beast that their names came no closer to attributing the attacks to the actual individuals who carried them out.
“Two reasons to make that list [of sanctioned entities]: Either they’re really stupid, since these guys are outed already. Or they don’t want to show who they know and how they know it,” the researcher said. “No one is on the list is an actor that would be responsible for the acts. The GRU chiefs might have been aware. But they were not the ones doing it.”

No comments:

Post a Comment