Poland on Thursday welcomed the first U.S. troops in a multi-national force which is being posted across the Baltic region to counter potential threats from Russia.
More than 1,100 soldiers — 900 U.S. troops as well as 150 British and 120 Romanians — are to be deployed in Orzysz, about 57 km (35 miles) south of Russia’s Baltic Sea enclave of Kaliningrad, where Moscow has stationed nuclear-capable missiles and an S-400 air missile defense system.
Three other formations are due to become operational by June across the region.
“Deploying of these troops to Poland is a clear demonstration of NATO’s unity and resolve and sends a clear message to any potential aggressor,” NATO Supreme Allied Commander Europe, General Curtis Scaparrotti, said at a welcoming ceremony for the first arrivals at Orzysz, 220 km (140 miles) northeast of the capital Warsaw.
Poland, alarmed by Russia’s assertiveness on NATO’s eastern flank, has lobbied hard for the stationing of NATO troops on its soil, especially since Moscow’s annexation of Crimea in 2014.
Polish President Andrzej Duda called the deployment a historic moment “awaited for by generations”.
The troops’ move in Orzysz takes place as U.S. President Donald Trump appears to have changed his previously critical views of NATO and soured his attitude toward Moscow.
While running for president, Trump dismissed the alliance as obsolete and said he hoped to build warmer ties with Russia.
But on Wednesday, he lavished praise on NATO and said the relationship with Russia may be at an all-time low.
“I said it was obsolete. It’s no longer obsolete,” Trump said as he stood at a news conference alongside NATO Secretary-General Jens Stoltenberg in the White House.
Poland’s ruling conservatives, the Law and Justice party (PiS) allied with Duda, have signaled plans to raise funds to modernize and increase the size of its military, even though Warsaw is already among NATO’s top spenders.
But the Polish armed forces have other problems.
Nearly 30 top of its top generals and more than 200 colonels — a quarter and a sixth of the army’s total — have resigned over the last year, citing in part disagreements with Defence Minister Antoni Macierewicz over personnel and other decisions.
The military has also seen potential procurement delays after Macierewicz canceled a multi-billion-dollar deal with Airbus Helicopters (AIR.PA) last year.
General Miroslaw Rozanski, a former senior commander, said in February he could not accept certain defense ministry decisions.
“We were implementing NATO decisions. Minister Macierewicz would agree with my proposals and then different decisions would be taken,” he said then.
The Defence Ministry says the officers’ departures amount to only a fraction more than in previous years. It has said, however, the army should be purged of commanders who began their service before the collapse of communist rule in 1989.
In response to Reuters’ request for a comment, a NATO official said it was up to the allies to decide how they structure their armed forces.
“What is important to NATO is that the armed forces of allies meet their capability targets, that they can operate with each other and that they have the right equipment to meet today’s security challenges,” the official said.
Polish sources said NATO, focusing on its troubled relations with the new U.S. president and Moscow, has adopted a “wait-and-see” attitude toward Warsaw.
“We are indeed the trouble makers,” a Polish government source told Reuters. “But because we fulfil all the obligations…because in the end we deliver, we are not the biggest problem right now. So, NATO has indeed adopted a ‘wait-and-see’ attitude toward us.”
But Daniel Keohane, a senior researcher at the Center for Security Studies at the ETH university in Zurich, said Poland’s relations within the alliance could suffer.
“While this should not in principle weaken Poland’s position within NATO, if these generals are resigning for political reasons, and a perception of an ongoing politicization of the Polish army emerges, this could cause worry in other NATO capitals,” he said.
(Additional reporting by Marcin Goettig and Pawel Sobczak in Warsaw; Writing by Lidia Kelly; Editing by Justyna Pawlak and Angus MacSwan)
Show of strength: More than 1,100 NATO-led soldiers from the US, Britain and Romania bolster Poland’s armed forces after Moscow stations nuclear-capable missiles nearby
A Russian Sukhoi Su-24 attack aircraft makes a very-low altitude pass by the USS Donald Cook (DDG 75) April 12, 2016, in the Baltic Sea near Poland. Donald Cook, an Arleigh Burke-class guided-missile destroyer, forward deployed to Rota, Spain is conducting a routine patrol in the U.S. 6th Fleet area of operations in support of U.S. national security interests in Europe. U.S. NAVY 6TH FLEET PHOTO/RELEASED
Protesters rallied in Budapest on Wednesday against a bill that would effectively shut down Central European University, an institution founded by George Soros.Credit Attila Kisbenedek/Agence France-Presse — Getty Images.
European commission says Central European University should be free to operate, patience with PM Viktor Orbán wears thin
Wednesday 12 April 2017 09.57 EDTLast modified on Wednesday 12 April 2017 17.00 EDT
A Hungarian law that threatens a leading university with closure is being investigated by the EU executive, as fears grow that Hungary’s prime minister, Viktor Orbán, is eroding democracy.
Frans Timmermans, the first vice-president of the European commission, said the new law had caused widespread concern and was perceived by many as an attempt to close down the Central European University, which was founded by the Hungarian-American financier and philanthropist George Soros after the fall of communism in Hungary.
Describing the university as “a pearl in the crown”, Timmermans said it was important it could continue to operate in Budapest undisturbed. “We need to quickly complete a thorough legal assessment of [the new law’s] compatibility with the free movement of services and the freedom of establishment,” he told journalists in Brussels.
That process could eventually lead to Hungary being taken to Europe’s highest court and fined for failing to uphold EU law. Timmermans promised an initial assessment would be complete by the end of April.
The investigation into the university law opens up a new front between Brussels and the Orbán government, amid bitter disputes over migration quotas and EU concerns about the detention of refugees in barbed-wire-fringed camps on the Hungarian border.
Hungary Law That Could Close George Soros’s University Faces Uncertainty
By HELENE BIENVENU and BALINT BARDI
APRIL 12, 2017
BUDAPEST — Even as a top European Union official on Wednesday questioned the wisdom of a new Hungarian law that seemed intended to shut down a university, the government of Prime Minister Viktor Orban appeared to be having second thoughts about the legislation.
Central European University, founded by the Hungarian-American financier and philanthropist George Soros, should be “able to operate in Budapest undisturbed,” said the European Union official, Frans Timmermans, first vice president of the European Commission, the union’s executive body.
The European commissioners, at their weekly meeting in Brussels on Wednesday, discussed recent laws introduced by Mr. Orban’s government, including the one involving Central European University. Mr. Timmermans said the group resolved to “consider next steps on any legal concerns by the end of April.”
The meeting came shortly after several top United States officials — including the acting State Department spokesman, Marc C. Toner — urged the Hungarian government to allow the university to operate in its present form.
The European Commission has reiterated its attempt to persuade Poland and Hungary to take in asylum seekers under the EU migration scheme. If the two countries refuse to cooperate, Brussels will use “all powers” in response, it said in a statement.
Warsaw and Budapest have opposed the refugee resettlement quotas since the very outset of the migrant crisis. Now, as the number of new arrivals has dropped, Brussels is seemingly keen to enforce the relocation from Greece and Italy – the main points of entry to the EU – to other member states of the bloc.
“This is solidarity in action and a demonstration of responsibility. Now is the time for our Member States to deliver on their commitments and to intensify their efforts,” said Dimitris Avramopoulos, EU Commissioner for Migration, Home Affairs and Citizenship.
“They have a political, moral and legal duty to do so. I call on those countries that have not yet joined this common effort to do so.”
With around 14,000 asylum seekers awaiting relocation in Greece and around 3,500 so far in Italy, the total number of people eligible for relocation in both countries “is well below what was foreseen in the Council decisions,” the European Commission argued in a statement.
“If Member States do not increase their relocations soon, the Commission will not hesitate to make use of its powers under the Treaties for those which have not complied with the Council decisions,” it said. Over the past months, Hungary has faced stark criticism from Brussels for its refusal to implement the refugee quotas. Hungarian Prime Minister Viktor Orban insists his country is being “attacked” by migrants, arguing that they form a hotbed of terrorism.
Last year, his government spent large amount of money to fund a six-month campaign – slammed by reputed rights groups as xenophobic and populist – in the lead-up to a failed referendum on accepting the EU migrant quotas. There have been other reports saying that alleged the widespread and systematic use of excessive force by Hungarian police against migrants trying to cross the border.
Earlier this month, the Times cited a senior diplomatic source from one of the major EU countries who told the newspaper that the bloc’s founding members, France and Germany, as well as up to 21 other countries, are poised to present Hungary and Poland with an ultimatum.
Meanwhile in Hungary, authorities are erecting a second electrified fence stretching 173km along the Serbian border. Construction of new detention camps is also underway despite a fierce backlash from the UN, rights groups and European judicial authorities.
Earlier, Poland took a similar stance as Budapest towards the migrant issue, with Foreign Minister Witold Waszczykowski arguing that Warsaw has already been sharing the migrant burden, citing 1.26 million visas issued for Ukrainians last year, with half of the documents enabling arrivals to work and live in Poland.
BRUSSELS — The European Union’s executive stepped up pressure on Poland and Hungary on Wednesday to take in asylum seekers under the bloc’s migration plan or risk legal action if their reluctant governments refuse.
Warsaw and Budapest have stonewalled the scheme to move 160,000 people from Italy and Greece – the main ports of arrival – to elsewhere in the EU. Other member states have also dragged their feet, leaving the divisive plan stalled.
The eurosceptic governments in Poland and Hungary have also put their media and judiciary under tighter state control, raising concerns in Brussels and other EU capitals that they are infringing on the bloc’s democratic checks and balances.
The influx of some 1.6 million refugees and migrants into the EU in 2014-2016 has led to rows on how to share the burden among member states. Only about 16,340 people have been moved so far under the emergency scheme that ends in September.
“If Member States do not increase their relocations soon, the Commission will not hesitate to make use of its powers … for those which have not complied,” the bloc’s executive arm said in a statement.
The Commission had proposed to fine member states for failing to take in migrants, but there has been little political backing for such a step. A court case would not resolve the issue quickly, but could add to mounting pressure for action from other EU states.
Italy has been in the forefront of calling for cuts to EU subsidies to Poland and Hungary over migration. Germany, Sweden, Austria and France – the most frequent final destinations – have also been stepping up pressure on the hold-outs.
Bulgaria, Croatia, Slovakia and the Czech Republic have taken in only a few asylum seekers and the European Commission also underlined their weak response to the plan.
The Commission statement recalled the relocation plan was decided by EU leaders in September 2015 despite Hungary, the Czech Republic, Slovakia and Romania voting against it. Although generally opposed to it, Poland eventually voted with majority.
RARE GOOD NEWS
In rare good news, Brussels noted that Austria has now decided to join the relocation programme. Vienna was previously exempted since it had taken in some 90,000 asylum seekers in 2015 as it sits on one of the key migratory routes into Europe.
Austria’s interior minister said he would make preparations for the country to receive people, with the first group expected to be around 50 unaccompanied children from Italy.
Some 14,000 people are currently eligible for relocation from Greece, the Commission said. It recommended that Italy speed up the necessary legal and security proceedings as it currently only has some 3,500 people waiting to be moved.
EU officials are split over whether to open legal proceedings over relocation, with some noting Poland and Hungary should be punished for undermining the bloc’s solidarity.
Others say that such so-called “infringements” would have to be launched against just about every EU state since so many cut corners on various agreements.
Hungary has filed its own lawsuit against the relocation scheme, which assigns each EU state a specific number of asylum seekers to receive. A hearing at the EU’s top European Court of Justice is due on May 10.
Poland’s and Hungary’s disputes over migration with the bloc are just one area on which the two post-communist countries, now governed by eurosceptics, clash with Brussels and the wealthier western European states.
The bloc has voiced concern over the weakening of the rule of law and undermining of democratic standards by both Budapest under Prime Minister Viktor Orban and Warsaw under the right-wing government of the Law and Justice (PiS) party.
The Commission on Wednesday separately warned Hungary it risked being sued in court over a number of Orban’s policies.
(Additional reporting by Francois Murphy in Vienna; Editing by Tom Heneghan)
Similarities between hacks underscore concerns about rash of recent cyberattacks on financial institutions world-wide
A Union Bank service point in the eastern Indian city of Bhubaneswar.PHOTO: NURPHOTO/ZUMA PRESS
By JULIE STEINBERG in Hong Kong and GABRIELE PARUSSINI in Mumbai
The Wall Street Journal
April 10, 2017 5:30 a.m. ET
Cyberthieves who attempted to steal $170 million from an Indian bank last July used methods that strongly resemble those of an earlier, successful $81 million heist targeting Bangladesh’s central bank, according to people familiar with the matter.
State-owned Union Bank of IndiaLtd.’sEQUNIONBANK 1.69% computer system was infected with malware that allowed thieves to authorize the transfer of around $170 million from the bank’s account in New York to private accounts in five locations, people familiar with the matter said. Fast detection by bankers allowed the Indian lender to prevent the money’s release.
Investigators studying the Indian hack said similar tactics and coding were used by computer criminals who attempted to steal nearly $1 billion from Bangladesh’s account at the Federal Reserve Bank of New York in February of last year. Many orders had been filled with misspellings and formatting errors, and the Fed blocked some of the withdrawal—but the thieves were able to move about $81 million to accounts in the Philippines.
This account of the Union Bank of India hack is based on interviews with Arun Tiwari, the bank’s chairman, and several other people familiar with the incident.
The attack on Union Bank began in late July last year when an employee opened an attachment on an email that appeared to have come from India’s central bank, Mr. Tiwari said. That action activated a piece of malware that allowed the hackers to steal Union Bank’s access codes for the international messaging system banks use to authorize cross-border transactions, known as the Society for Worldwide Interbank Financial Telecommunication, or Swift.
The hackers then used those codes to send authentic-looking instructions to a Union Bank account at CitigroupInc. in New York, which handles processing of wire transfers and clears dollar transactions. The instructions ordered around $170 million to be sent to accounts in Thailand, Cambodia, Australia, Hong Kong and Taiwan.
The money went to several shell companies associated with Asian—in particular Chinese—organized crime syndicates, according to a person familiar with the matter.
Arun Tiwari, Union Bank’s chairmanPHOTO: DHIRAJ SINGH/BLOOMBERG NEWS
The cybercriminals behind the Bangladesh heist similarly stole bank codes to place fake transfer orders. Swift in November said banks using its network had sustained fresh attacks from hackers since the Bangladesh heist. Swift declined to comment on whether Union Bank of India was one of those banks, although Mr. Tiwari said Swift officials have been working with Union Bank since the day of the hack.
Swift generally creates two reports per transaction: one sent to the originating bank, in this case, Union Bank, and another to the so-called correspondent bank handling the overseas transactions, which was Citigroup. The correspondent bank then forwards its report to the originating bank the next day, so it can cross-check the transactions.
On July 21, an employee in Union Bank’s treasury department who was comparing the reports found that Citigroup had executed six transactions that Union Bank hadn’t intended to authorize. He notified senior executives of the mismatch, and the bank immediately began trying to get the money back.
“This was a war room that day,” Mr. Tiwari said.
Union Bank recovered the money sent to Thailand, Cambodia, and Australia—more than half of the total—within 24 hours. It got a court order in Hong Kong to retrieve the rest of the funds, and had gotten all of its money back by July 24.
Employees on Citigroup’s cybersecurity team observed similarities in how the malware behaved in the Union Bank attack and that used in the attack on Bangladesh’s central bank. Citigroup is an intermediary bank for the New York Fed, which gives it visibility into certain transactions.
Ernst & Young LLP, which was hired by Union Bank to investigate the hack and its aftermath, also concluded it had been executed similarly to the attack on the Bangladesh central bank, according to Mr. Tiwari. In both cases the malware reached the target banks by emails addressed to employees, and took control of Swift functions at the originating bank, a person familiar with the attack said.
Both hacks also disabled computer systems that create automatic logs of the transactions, another person familiar with the matter said.
The first-ever freight train from Britain to China, laden with whisky, soft drinks and baby products, started its mammoth journey on Monday along a modern-day “Silk Road” trade route.
The 32-container train, around 600 metres (yards) long, left from the vast London Gateway container port on the River Thames estuary, bound for Yiwu on the Chinese east coast.
It was seen off on its 18-day, 12,000-kilometre (7,500-mile) journey with a string quartet, British and Chinese flags, and speeches voicing hope that it will cement a new golden age of trade between the two countries as the UK leaves the European Union.
The first train from China to Britain arrived on January 18, filled with clothes and other retail goods, and Monday’s departure was the first journey in the other direction.
The rail route is cheaper than air freight and faster than sea freight, offering logistics companies a new middle option.
The driver gave a thumbs-up and tooted his horn as he got the wagons rolling at the port in Stanford-le-Hope, east of London.
The train will go through the Channel Tunnel before travelling across France, Belgium, Germany, Poland, Belarus, Russia and Kazakhstan before heading into China.
The containers will be taken off and put on different wagons at the Belarus border, as the former Soviet Union countries use a wider rail gauge.
The containers switch back to standard gauge rails at the Chinese border, an operation that typically takes around two hours.
“We are proud to be able to offer the first ever UK to China export train,” said Xubin Feng, the chairman of Yiwu Timex Industrial Investment.
“Restoring the ancient Silk Road as a means by which China, north Europe and now the UK can exchange goods is an important and exciting initiative.
“This is the first export train and just the start of a regular direct service between the UK and China. We have great faith in the UK as an export nation and rail provides an excellent alternative for moving large volumes of goods over long distances faster.”
Kaspersky Lab says digital records show link to a computer with North Korean internet address
By ROBERT MCMILLAN
The Wall Street Journal
April 3, 2017 2:00 p.m. ET
A newly discovered digital clue links the hacking group blamed for a multimillion-dollar cyberattack on Bangladesh’s central bank to a computer in North Korea, according to the Russian cybersecurity company Kaspersky Lab ZAO.
Kaspersky announced Monday at its security conference on the Caribbean island of St. Maarten that its researchers had obtained digital records showing a European server used by the group to launch its attacks…
Chasing Lazarus: A Hunt for the Infamous Hackers to Prevent Large Bank Robberies
Kaspersky Lab helps disrupt attacks against financial organizations in Southeast Asia and Europe
SAINT MAARTEN, Apr 03, 2017 (BUSINESS WIRE) —Security Analyst Summit – Kaspersky Lab published today the results of its more-than-year-long investigation into the activity of Lazarus , a notorious hacking group allegedly responsible for the theft of $81 million USD from the Central Bank of Bangladesh in 2016. During the forensic analysis of artefacts left by the group in Southeast Asian and European banks, Kaspersky Lab gained a deep understanding of what malicious tools the group uses and how it operates, enabling the company to interrupt at least two other potential Lazarus operations attempting to steal a large amount of money from financial institutions.
In February 2016, a group of hackers (unidentified at that time) attempted to steal $851 million USD, and managed to transfer $81 million USD from the Central Bank of Bangladesh. This is considered to be one of the largest, most successful cyber heists ever. Further investigation conducted by researchers from different IT security companies, including Kaspersky Lab, revealed a high chance that the attacks were conducted by Lazarus – a notorious cyber espionage and sabotage group responsible for a series of regular and devastating attacks, and known for attacking manufacturing companies, media and financial institutions in at least 18 countries around the world since 2009.
Although several months of silence followed the Bangladesh attack, the Lazarus group was still active. They had been preparing for a new operation to steal money from other banks and, by the time they were ready, they already had their foot in a financial institution in Southeast Asia. After being interrupted by Kaspersky Lab products, and the following investigation, they were set back for another few months, and later decided to change their operation by moving to Europe. But here too, their attempts were interrupted by Kaspersky Lab’s security software detections, as well as the quick incident response, forensic analysis, and reverse engineering with support from the company’s top researchers.
Based on the results of the forensic analysis of these attacks, Kaspersky Lab researchers were able to reconstruct the modus operandi of the group.
Geography and Attribution
The attacks investigated by Kaspersky Lab researchers lasted for weeks; however, the attackers could operate under the radar for months. For example, during the analysis of the incident in Southeast Asia, experts discovered that hackers were able to compromise the bank network no less than seven months prior to the day when the bank’s security team requested incident response. In fact, the group had access to the network of that bank even before the day of the Bangladesh incident.
According to Kaspersky Lab records, from December 2015, malware samples relating to Lazarus group activity appeared in financial institutions, casinos, software developers for investment companies and crypto-currency businesses in Korea, Bangladesh, India, Vietnam, Indonesia, Costa Rica, Malaysia, Poland, Iraq, Ethiopia, Kenya, Nigeria, Uruguay, Gabon, Thailand and several other countries. The latest samples known to Kaspersky Lab were detected in March 2017, showing that attackers have no intention of stopping.
Even though attackers were careful enough to wipe their traces, at least one server they breached for another campaign contained a serious mistake with an important artefact being left behind. In preparation for operation, the server was configured as the command & control center for the malware. The first connections made on the day of configuration were coming from a few VPN/proxy servers indicating a testing period for the C&C server; however, there was one short connection on that day which was coming from a very rare IP address range in North Korea.
According to researchers, that could mean several things:
The Lazarus group heavily invests in new variants of their malware. For months they were trying to create a malicious toolset which would be invisible to security solutions, but every time they did this, Kaspersky Lab’s specialists managed to identify unique features in how they create their code, allowing Kaspersky Lab to keep tracking the new samples. Now, the attackers have gone relatively quiet, which probably means that they have paused to rework their arsenal.
“We’re sure they’ll come back soon. In all, attacks like the ones conducted by Lazarus group show that a minor misconfiguration may result in a major security breach, which can potentially cost a targeted business hundreds of millions of dollars in loss,” said Vitaly Kamluk, head of the Global Research and Analysis Team APAC at Kaspersky Lab. “We hope that chief executives from banks, casinos and investment companies around the world will become wary of the name Lazarus.”
Kaspersky Lab products successfully detect and block the malware used by the Lazarus threat actor with the following detection names:
The company is also releasing crucial Indicators of Compromise (IOC) and other data to help organizations search for traces of these attack groups in their corporate networks. For more information go to Securelist.com
We urge all organizations to carefully scan their networks for the presence of Lazarus malware samples, and if detected, to disinfect their systems and report the intrusion to law enforcement and incident response teams.
To learn more about financial attacks by Lazarus group, read the blog post available at Securelist.com and watch the video.
About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company founded in 1997. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.
For the latest in-depth information on security threat issues and trends, please visit:
North Korea-linked hackers are attacking banks worldwide
By Jose Pagliery, CNN
Updated 2:11 PM ET, Mon April 3, 2017
There are signs that North Korea is hacking banks worldwide
The stolen money fuels the country’s illegal development of nuclear weapons
Saint Maarten (CNN)North Korea’s hacking operations are growing and getting more bold – and increasingly targeting financial institutions worldwide.
North Korea is now being linked to attacks on banks in 18 countries, according to a new report from Russian cybersecurity firm Kaspersky.
And the stolen money is likely being spent advancing North Korea’s development of nuclear weapons, according to two international security experts.
Banks and security researchers have previously identified four similar cyber-heists attempted on financial institutions in Bangladesh, Ecuador, the Philippines and Vietnam.
But researchers at Kaspersky now say the same hacking operation – known as “Lazarus” – also attacked financial institutions in Costa Rica, Ethiopia, Gabon, India, Indonesia, Iraq, Kenya, Malaysia, Nigeria, Poland, Taiwan, Thailand, and Uruguay.
The hackers can be traced back to North Korea, according to Kaspersky researchers.
To hide their location, hackers typically launch cyberattacks from computer servers far from home. According to Kaspersky, the Lazarus hackers carefully routed their signal through France, South Korea and Taiwan to setup that attack server. But there was apparently one mistake spotted by Kaspersky: A connection that briefly came from North Korea.
“North Korea is a very important part of this equation,” said Vitaly Kamluk, who leads Kaspersky’s Asia-Pacific research team.
Researchers disclosed their findings publicly on Monday at Kaspersky’s Security Analyst Summit, a cybersecurity conference on the Caribbean island of St. Maarten.
Kaspersky is one of the world’s top cybersecurity firms, providing popular anti-malware protection to computers at homes and companies worldwide. Its researchers are known for exposing some of the most complex global hacking operations. US law enforcement remains suspicious of the firm’s ties to the Russian government, but Kaspersky strongly denies Kremlin influence on the company’s business.
North Korea’s targets have been shifting in recent years.
In 2013, when South Korea’s banks and broadcasters were attacked, that government blamed its neighbor to the north. In 2014, the US government blamed North Korea for the the hack on Sony Pictures. Clues in both cases pointed to Lazarus.
By late 2015, the Lazarus hackers shifted their attention to the global financial system, according to researchers at BAE Systems, FireEye and Symantec.
The earliest known victim was a Vietnamese commercial bank. The latest attacks, observed by Kaspersky in March, included operations attacking financial institutions in Gabon and Nigeria in Africa.
Though most of the attacks were not successful in stealing money, several were, according to Symantec.
And researchers said these hackers intend to attack major Western banks using increasingly sophisticated methods.
One recent example is a trap set at the website of Poland’s financial regulator. Hackers embedded malicious code onto that Polish website, according to BAE Systems. And they limited the infections to visitors from particular internet addresses – employees at banks.
The code showed that Lazarus hackers created a list of 150 internet addresses that served as “a hit list,” said Eric Chien, a researcher at Symantec, which issued its own warning about North Korea hacking earlier this year.
CNN ran those addresses through internet records kept by Domain Tools, a cybersecurity firm. Those IP addresses belong to the World Bank, as well as the central banks of Brazil, Chile, Estonia, Mexico and Venezuela, as well as a wide range of well known global banks.
Kaspersky said its defense software has blocked more than a dozen infections from Lazarus. It’s unclear which banks were ultimately infected.
Researchers at several cybersecurity firms theorize that North Korea is attempting to build a network of infected banks to move around stolen money.
For example, millions of dollars were taken from Bangladesh’s account at the New York Federal Reserve last year and moved to Sri Lanka and a casino in the Philippines, according to investigators.
North Korea tried to funnel some of that money through one infected bank in Southeast Asia, according to a researcher at FireEye. But an emergency team at FireEye managed to block it in time.
American prosecutors in Los Angeles are now investigating the Bangladesh bank hack, a federal law enforcement source told CNN.
And the money may be going to help develop North Korea’s nuclear program.
“This is all for their nuclear weapons and missile programs. They need this money for building and researching more ballistic missiles,” said Anthony Ruggiero, a senior fellow for Foundation for Defense of Democracies who tracks North Korea’s illegal behavior.
North Korea’s secret banking
This aggressive hacking operation coincides with a global effort to block North Korea from the financial system as punishment for its nuclear program. United Nations sanctions block countries from allowing banks to do business with the tightly-controlled regime of Kim Jong Un.
But in February, a UN investigation revealed that North Korea is using a network of front companies and secret agents to access global banks. For example, North Korea used electronics and shipping companies to move millions of dollars, essentially making them financial institutions. The regime also set up several banks as subsidiaries of Chinese and Malaysian firms, masking their true ownership.
Cyber heists play a role in this illicit scheme, because stolen funds can be used to prop up those front companies, according to Sung-Yoon Lee, a Korea expert who teaches at Tufts University.
“We tend to patronize North Korea and mock them. But over the past decade, they have shown the world they are… very capable when it comes to cybercrime,” he said.
Russia has developed the capability to launch an attack on the Baltic states with as little as 24 hours’ notice, limiting NATO’s options to respond other than to have military forces already deployed in the region, Lithuania’s intelligence service said on Monday.
Lithuania, Latvia and Estonia, annexed by the Soviet Union in the 1940s but now part of both NATO and the European Union, have been increasingly nervous since the Russian takeover of Crimea in 2014.
The Lithuanian intelligence service said in its annual threat assessment that Russia had upgraded its military in the Kaliningrad region last year, reducing lead times for any attack and potentially preventing NATO reinforcements.
The Russian upgrade included Su-30 fighter aircraft and missile systems allowing ships to be targeted almost anywhere in the Baltic Sea.
“This is a signal to NATO to improve its decision speed,” Lithuanian Defence Minister Raimundas Karoblis told reporters on the sidelines of the presentation of the report. “NATO’s reaction time is not as fast as we would like it to be.”
Kremlin spokesman Dmitry Peskov dismissed the concerns as a display of anti-Russian sentiment.
“There is total Russophobia, hysterical Russophobia going on,” he said at a daily conference call with reporters.
“Moscow has always supported good relations with the Baltic states,” he said.
This year NATO is deploying a force of about 1,000 soldiers in each of the Baltic states and Poland, in addition to smaller contingents of U.S. troops already in the region.
“The force is adequate in the short-term, but in the medium-term perspective we would like more capability, and not only land troops but also air defenses and capabilities to counter any blockade,” Karoblis said.
Russia is monitoring and suppressing radio frequencies used by NATO pilots over the Baltic Sea and is using commercial and scientific ships for surveillance, the report said.
The intelligence service said there was also the risk of “deliberate or accidental incidents” involving Russian and Belarusian troops who are taking part in military exercises planned for March.
The Baltic states have previously said they would press the United States and NATO to take additional security measures in the region ahead of the exercises.
Intelligence officers said disinformation aimed at discrediting NATO soldiers stationed in Lithuania, such as a recent false report of a rape by German soldiers, was likely to persist.
“Provocations against NATO units in Lithuania will continue and will get bigger,” Remigijus Baltrenas, head of Lithuanian military counterintelligence, told reporters.
During a meeting with defence minister Andrei Raukou on 20 March, president Alexander Lukashenka demanded ‘absolute transparency’ at the forthcoming West-2017 Belarusian-Russian military exercise. The Belarusian government is working to counter the negative repercussions of such a massive show of military force in the region.
These repercussions have certainly been felt. On 9 February, Lithuanian president Dalia Grybauskaitė stated that during the West-2017 exercises ‘aggressive forces are concentrating in very large numbers, this is a demonstrative preparation for a war with the West.’
Moscow would apparently like to increase the fog of uncertainty surrounding its military moves. The Russian military previously published the numbers of railway wagons needed for troop movement. In the absence of proper explanations, this created a threatening impression. Yet it is now clear that the exercises on Belarusian territory will be smaller than in 2009.
Minsk avoids confrontation with the West
As Lukashenka elaborated, ‘I demand that this event [West-2017] on the territory of our country [sic!] be transparent and all its components be accessible not only to our friends in the Collective Security Treaty Organisation, the Eurasian Economic Union, the Commonwealth of Independent States, but also to NATO members.’
However, the Belarusian and Russian media framed Lukashenka’s words in remarkably different ways. The Belarusian media, such as TUT.by, simply mentioned the quote as part of more general reports. Meanwhile, the Russian media, such as Lenta.ru, used the quote as a headline and expressly underlined Lukashenka’s ‘demand’ to admit NATO observers to the exercise, thus creating an impression that he was openly defying Moscow.
Image: vsr.mil.byMoscow is prone to militant statements and ambiguous threats. Russian defence minister Sergei Shoigu, commenting on West-2017, said that his government had been forced to take preparatory defensive measures: ‘The US and other NATO members are actively building up their offensive potential at the western borders of the Union State [of Belarus and Russia].’
Needless to say, his Belarusian counterpart Andrei Raukou describes West-2017 only in general terms, highlighting the necessity to practise defensive measures and continue cooperation with Russia. He also emphasised that Belarus would invite Western observers and that ‘the requirements of Western partners would be met.’
West-2017 smaller than West-2009
Belarus and Russia have been holding ‘West’ (Zakhad, Zapad) joint strategic exercises every four years since 2009: on Belarusian and Russian territory in turn. As part of the West-2017 military exercise, on 14-20 September Belarusian and Russian troops will exercise on a territory spanning from the extreme North of Russia to Belarus. In Belarus, a ‘Regional Group’ of Russian and Belarusian troops will train on seven different sites. The Regional Group includes Belarusian armed forces and the First Tank Army of Russia.
Moscow means for these exercises to seem impressive. Nevertheless, Belarusian defence minister Raukou revealed that the activities of the exercise on Belarusian territory would be of a rather limited nature. Around 3,000 Russian personnel and 280 items of equipment will arrive in Belarus to participate in the drills. In comparison, in 2009 more than 6,000 Russian troops participated in the drills on Belarusian territory.
Raukou’s revelations put an end to lively discussions regarding the scale of the forthcoming West-2017 exercise which began last November. At that point, Ukrainian websites such as Inform Napalm and Apostrophe had discovered that the Russian defence ministry had announced an official tender for 4,162 railway wagons for shipments to and from Belarus in 2017.
The Russian military did not explain its need for so many wagons, and no data for similar purchases during previous West exercises were available at the time. Thus, all kinds of hypotheses attempting to explain the number of wagons were set forth, including a forthcoming annexation of Belarus by Russian forces, which would come to the country under the guise of military exercises.
Image: ONTIt took the Russian military two months to finally comment on the tender for more than 4,000 wagons. Upon the request of the Moscow-based liberal daily Novaya Gazeta, the Russian military explained itself in just four sentences.
First, it clarified that the declared amount of wagons were meant for transportation to and from Belarus, i.e., 2,000 wagons in each direction. Second, the Russian military disclosed never-before-published information on military shipments to and from Belarusian territory from previous joint exercises. During West-2009, these shipments required over 6,000 wagons, and during West-2013, almost 2,500 wagons.
Defence cooperation as a ‘red line’ for the Kremlin
Given that the Belarusian government wishes to limit the potentially negative repercussions of the exercise on Minsk’s relations with its neighbours and the West, it is exercising caution with regard to military cooperation with Russia. Bilateral relations with Russia are also suffering from several unresolved problems. Nevertheless, on 20 March, Lukashenka had to say that Minsk ‘was not going to reduce military cooperation with Russia because of disagreements which had emerged in other areas’.
On one hand, the Belarusian government maintains a critical attitude towards the defence cooperation with Russia. Hence, Lukashenka told Raukou that he wants the Belarusian defence ministry ‘to conduct a general assessment of the efficiency of bilateral military cooperation with Russia.’ This could be important because of a ‘possible’ meeting of the Supreme State Council of the Union State of Belarus and Russia, at which time the Belarusian leader would like to raise relevant issues with his Russian counterparts.
On the other hand, the Belarusian leader realises the sensitivity of defence cooperation issues for Moscow given the vital role of Belarus in providing security to Russia’s core region around Moscow. Therefore, at the same conference, Lukashenka together with the defence minister announced: ‘As far as security issues and defence of our common borders are concerned, they could never under any circumstances be taken lightly.’
Image: vsr.mil.byIn a word, Minsk and Moscow differ in their attitudes towards the West-2017 exercises. Minsk downplays the confrontational aspects of the exercise. Moscow, on the contrary, is working to make the drills non-transparent and thus more threatening than they really are.
The leakage of the previously unrevealed and confusing numbers of Russian military shipments via Belarusian railways, along with the intentionally late explanation, are aspects of Russia’s information warfare.
The Belarusian government has tried to neutralise the negative consequences of this ‘fog of war’ by making the drills more transparent. This divergence with regard to transparency started years ago. A case in point is the Treaty on Conventional Armed Forces in Europe (CFE). Minsk consistently adheres to the CFE, which rests on principles of transparency, while Moscow suspended its cooperation in 2007 and renounced it altogether in 2015.
Minsk continues military cooperation with Russia knowing that this is a ‘red line’ for Moscow. Yet the Belarusian government shapes the conditions and scale of its cooperation. It does not plan to participate in Putin’s intimidation of NATO and its allies.
Siarhei Bohdan is an associate analyst at the Ostrogorski Centre.
Brexit will see the departure of the EU’s largest military force, leaving France as the bloc’s main military power. And as the US pressures Europe to take more responsibility for its own defense, much of that burden will likely fall on Paris.
Speaking at a meeting of NATO foreign ministers on Friday, US Secretary of State Rex Tillerson once again called on European nations to commit 2 percent of GDP to defense spending, as agreed at a 2014 NATO summit in Wales.
NATO’s 2016 annual report noted that only five countries – the United States, Britain, Estonia, Greece and Poland – met the 2 percent target, with the US providing 68 percent of total NATO defense spending.
“It is no longer sustainable for the US to maintain a disproportionate share of NATO’s defense expenditures,” Tillerson told the foreign ministers gathered in Brussels.
Tillerson was reiterating similar statements made by US President Donald Trump, who sparked concern in interviews with European media outlets before he took office when he described the NATO alliance as “obsolete” because it had failed to tackle the challenges posed by global terrorism.
During a visit to NATO’s Brussels headquarters in February, US Defense Secretary James Mattis warned that Washington might “moderate” its commitment to NATO if other alliance members did not do their fair share.
A Western alliance that arose out of the Cold War, NATO provides a framework for mutual protection among its 28 member nations. Much of its deterrent power is provided by the United States, however, which earlier this year sent 4,000 more troops to Poland – the largest deployment of US forces to Europe since the end of the Cold War – in a move aimed at sending a message to Russia over its expansion into Ukraine. In March 2014 Russia annexed the Ukrainian territory of Crimea and has provided support to pro-Russian separatists in the country’s east.
“We want to have a discussion around NATO’s posture in Europe, most particularly in Eastern Europe in response to Russia’s aggression in Ukraine and elsewhere,” Tillerson told reporters last week in Brussels.
He went on to say that the NATO alliance is “fundamental to countering both non-violent, but at times violent, Russian agitation and Russian aggression”.
Tillerson’s comments struck a more bellicose chord than those often made by Trump, who has repeatedly stressed his desire to improve relations with Moscow. European allies have worried that these better ties might come at the expense of the pro-Western government in Ukraine, or the former Soviet states of the Baltics and Europe’s east.
But NATO itself has acknowledged that member states need to boost their defense contributions.
“While recognising that the US’ status as a global power means its defense spending is not directly comparable to that of other NATO members, Allies accept the need for a better balance,” the alliance said in its latest annual report.
Speaking in March, NATO Secretary-General Jens Stoltenberg said it was reasonable to expect member states to reach the 2 percent of GDP target.
“It is realistic that all allies should reach this goal,” he said. “All allies have agreed to it at the highest level and it can be done.”
Europe on its own
The dawning realization that the West’s two main military powers are becoming increasingly isolationist has left Europe facing some uncomfortable realities.
Britain’s exit from the EU will see the departure of the only EU member besides France that possesses nuclear weapons. And across the Atlantic, Donald Trump’s presidency “raises serious questions about the endurance and credibility of the security guarantees given by Washington”, writes Corentin Brustlein, coordinator of the Security Studies Centre at the French Institute of International Relations.
In an analysis entitled “Defense: The Moment of Truth”, Brustlein says this new US disinterest “shines a cold light on the military capability areas in which France and Europe are dependent on the United States”.
In response to these and other geostrategic shifts, European Union nations have already announced plans for a significant increase in defense spending. In his September 2016 State of the Union speech, European Commission President Jean-Claude Juncker highlighted the importance of investing in common defense capabilities, including cyber security.
“If Europe does not take care of its own security, nobody else will do it for us,” Juncker said. “A strong, competitive and innovative defense industrial base is what will give us strategic autonomy.”
In late November the European Union announced significant increases in defense spending, including allocating €5.5 billion annually to help members purchase military hardware such as updating their arsenals with drones.
As part of a new European Defence Action Plan, the European Commission also proposed €25 million for defense research as part of the 2017 budget, forseeing that this could rise to as much as €90 million leading up to 2020.
France spends more on defense than any other European nation except Great Britain, and after Brexit it will become the EU’s major defense contributor, significantly ahead of even Germany.
According to preliminary NATO figures for 2016, the UK spent €49.3 billion on defense to France’s €39.8 billion and Germany’s €37.1 billion. As a percentage of GDP, the United Kingdom exceeds NATO’s 2 percent threshold at 2.2 percent. France and Germany lag behind with 1.8 percent and 1.2 percent, respectively.
France has launched significant military operations overseas in the past several years, notably its intervention against Islamists in northern Mali and in the Central African Republic in 2013. It is also a member of the US-led coalition of nations battling the Islamic State group in Iraq and Syria.
In July 2015, still reeling from the Charlie Hebdo attacks of that January, France passed the Military Programming Law, which raised defense spending that year by €600 million. Another €600 million increase was approved in 2016, bringing the 2017 military budget to €32.7 billion (excluding pensions).
But some security experts say these increases are inadequate to deal with the increasing and diversifying threats France and Europe are facing.
“The increase in funding initiated timidly by the government after the terrorist attacks of 2015 is real enough, but fragile,” Brustlein wrote, warning that the “situation remains critical”.
“If the financial resources devoted to defense are not increased significantly, France’s military model of strategic autonomy will soon be at risk, at the very time when the international environment serves to show, once again, why it is needed and relevant.”
Brustlein recommends that France increase its spending by €1-2 billion each year over the next five years. Any delay, he said, could “reduce France’s freedom of manoeuvre and the credibility of its foreign policy”.
France’s chief of staff for defense, General Pierre de Villiers, has also issued an urgent call for a renewal of defense capabilities. It is extremely rare for a French military official to make a public appeal. But in a December 2016 op-ed in French business journal Les Echos, Villiers put it bluntly: “You can’t win a war without a war effort.”
Moreover, he said, today’s threats necessitate a “comprehensive” response, “because winning the war is not enough to secure the peace”.
The world has returned to being a system of competing great powers, Villers wrote. “At the gates of Europe, in Asia, in the Near and Middle East, more and more countries are pursuing strategies based on the balance of power. Look at the facts: all are re-arming.”
He called the Military Programming Law a “first step”, but urged France to increase its military spending to 2 percent of GDP within the next five years.
A new Franco-German alliance
The possibility of a new Franco-German partnership to fill the vacuum left by Britain has also been raised as a possibility. Berlin and Paris have both said they want to strengthen the Eurocorps, a military group of EU and NATO states, and are considering ways to deploy EU forces more rapidly.
“After the British vote to leave the Franco-German couple is the obvious pair to provide leadership for EU defence,” writes research fellow Sophia Besch of the Centre for European Reform. “France will be the only country left in the EU that can credibly project force abroad, and not many initiatives can succeed in Brussels without Germany’s support.”
“And post-Brexit, the EU may be able to unfreeze some of the defence initiatives – such as an EU military headquarters – that the UK has vetoed in the past,” she added.
At a November meeting of EU defense and foreign ministers in Brussels, officials were authorized to to go ahead with a protocol known as “permanent structured cooperation” or Pesco, which could include the establishment of a military headquarters to run EU missions. An article under the EU treaty, Pesco calls for the permanent integration of military forces but has never been implemented.
So far, the EU appears to be taking steps to meet the challenges posed by recent geostrategic shifts. But in an October speech, French President François Hollande warned Europe against falling back into a sense of complacency.
“There are countries – European countries – that think the United States will always be there to protect them,” he said. “[There] are some that think the conflicts in the Middle East don’t concern them, that Africa has no link to Europe apart from a few migrants…”
“Those countries must be warned,” he said. “Today we’re in a global world. Conflicts necessarily affect us. So those European countries must be told – and I won’t stop doing so – that if they don’t defend themselves they will no longer be defended.”
WARSAW (AFP) – Polish prosecutors on Monday said they would charge Russian air controllers with having deliberately caused the 2010 Polish presidential jet crash in Russia that killed 96 people, a theory the Kremlin immediately denied.
The conservative Law and Justice (PiS) government believes the crash was no accident and has been conducting a new probe into the incident, which Polish and Russian investigators earlier attributed to human error and bad weather.
A fresh analysis of the evidence, which includes recordings of the conversations between the pilots and the control tower, “enabled prosecutors to formulate new charges against the two air controllers, who are Russian citizens, as well as against a third person present in the tower at the time,” Polish Deputy Prosecutor General Marek Pasionek told reporters.
He said the individuals were guilty of “deliberately causing a catastrophe… that resulted in the deaths of many people.”
Kremlin spokesman Dmitry Peskov immediately responded that “of course we cannot agree with such statements.”
The wreckage of the Polish Tupolev Tu-154M presidential aircraft is seen at the airport in Smolensk October 1, 2010. The plane crashed at the airport in April, killing the Polish president Lech Kaczynski and 95 others. REUTERS/LIDIA KELLY
“You know that an investigation is also ongoing on the Russian side. The circumstances of this tragedy, this catastrophe, are already very well elucidated and investigated,” he told reporters.
In addition to former president Lech Kaczynski — the twin brother of PiS leader Jaroslaw Kaczynski — many senior state officials including the central banker and military chief of staff died when the plane came down in Smolensk, western Russia on April 10, 2010.
Polish prosecutors had already pressed charges against the two Russian air controllers in 2015: one for “being directly responsible for having endangered air traffic” and the other for “unintentionally causing an air traffic disaster”.
Prosecutors on Monday added that fragments of the plane will be sent next month to four labs abroad to check for traces of explosives.
Polish justice officials have also been exhuming the remains of the victims to establish the cause of death.
Warsaw has repeatedly asked Moscow to return the wreckage of the plane, but Russia says it will only do so once its own inquiry is over.
Last month, Defence Minister Antoni Macierewicz, who believes the crash was the result of a Polish-Russian conspiracy, accused former Polish premier and current EU President Donald Tusk of “diplomatic treason” over an earlier probe into the crash.
It occurred as the presidential delegation was heading to a ceremony in Russia’s Katyn forest for thousands of Polish army officers killed by Soviet secret police in 1940 — a massacre the Kremlin denied until 1990.
Poland’s ruling party leader, Jaroslaw Kaczynski, lays a wreath in front of the portrait of his late twin brother, the former President Lech Kaczynski, and his wife Maria Kaczynska, at the Presidential Palace in Warsaw, Poland, on Sunday, April 10, 2016, during ceremonies marking six years since the presidential couple and dozens of other state officials were killed in a plane crash in Russia. (AP Photo/Czarek Sokolowski) THE ASSOCIATED PRESS