Slot Gacor
russia Archives ✔️ News For Finance
Home Archive by category russia
The White House, the South Lawn, and part of the Ellipse are seen from the observation deck of the Washington Monument on October 1, 2014, in Washington, DC.
Enlarge / The White House, the South Lawn, and part of the Ellipse are seen from the observation deck of the Washington Monument on October 1, 2014, in Washington, DC.

At least two US government officials in the Washington, DC, area have experienced mysterious health incidents that are strikingly similar to the brain-damaging “health attacks” that plagued US diplomats in Cuba beginning in 2016.

Last November, a National Security Council official reported being sickened while near the Ellipse, the White House’s large, oval-shaped southern lawn, according to a report by CNN. In a separate 2019 incident, a White House staff member said she also experienced something akin to a health attack while walking her dog in Arlington, Virginia, a suburb of Washington, DC. The 2019 incident, which occurred just after Thanksgiving, was first reported by GQ last year. The magazine wrote at the time:

According to a government source familiar with the incident, the staffer passed a parked van. A man got out and walked past her. Her dog started seizing up. Then she felt it too: a high-pitched ringing in her ears, an intense headache, and a tingling on the side of her face.

The staffer also said she had experienced a similar incident just a few months earlier, in August of 2019, while she was traveling in London with then-National Security Adviser John Bolton. According to GQ, the staffer reported again feeling a tingling in the side of her head, which was facing the window of her hotel room, as well as intense pressure and ringing in her ears. All of those symptoms stopped when she left the room.

The accounts are eerily similar to those from US and Canadian diplomats in Cuba, as well as later reports from US diplomats in China. Many of the diplomats reported experiencing directional high-pitch sounds, grinding noises, and/or vibrations that led to a constellation of symptoms, including dizziness, nausea, headaches, balance problems, ringing in the ears, nosebleeds, difficulty concentrating and recalling words, permanent hearing loss, and speech problems. A medical case report of some of the victims concluded that they had sustained “injury to widespread brain networks without an associated history of head trauma.”

Ongoing investigation

Since the first reports occurred among diplomats in Cuba, the puzzling condition has often been dubbed “Havana syndrome.” The cases led the US to dramatically reduce staff at the US embassy in Havana.

On Thursday, CNN reported and NBC News confirmed that federal agencies are now investigating the two incidents on US soil, as well as the more than 40 cases reported in diplomats who were sickened abroad.

Director of National Intelligence Avril Haines told lawmakers on Thursday that she would work to get them more details on the investigation, NBC News reported. So far, details appear scarce because the investigation is classified.

“Our concern obviously with the classification is because it’s protecting sources and methods and it’s critical to our national security,” Haines said during testimony before the Senate Committee on Armed Services.

The bizarre incidents and health effects have led to much public speculation on the potential cause. Scientists in Cuba and elsewhere have suggested that the syndrome may be a collective delusion, or mass psychogenic illness (MPI). Others have suggested that the irritating experiences may simply be due to the clamor of mating crickets or malfunctioning surveillance equipment. Officials in Canada have suggested the effects may be caused by overexposure to pesticides.

A report released late last year by a committee of scientific experts assembled by the National Academies of Sciences, Engineering, and Medicine concluded that the “most plausible mechanism” that explains the diplomats’ experiences and symptoms is directed pulsed radiofrequency energy. To support their conclusion, experts pointed to significant research conducted in Russia/the USSR on pulsed RF exposures.

The finding feeds into a persistent idea that Russia is behind the attacks and is carrying them out with some sort of clandestine, portable, microwave-based weapon. Since the cases came to light in Cuba, US personnel have also reported similar incidents while in Russia. Defense officials told CNN that Russia is among the top suspects but that China is suspected as well.

US government strikes back at Kremlin for SolarWinds hack campaign
Matt Anderson Photography/Getty Images

US officials on Thursday formally blamed Russia for backing one of the worst espionage hacks in recent US history and imposed sanctions designed to mete out punishments for that and other recent actions.

In a joint advisory, the National Security Agency, FBI, and Cybersecurity and Information Security Agency said that Russia’s Foreign Intelligence Service, abbreviated as the SVR, carried out the supply-chain attack on customers of the network management software from Austin, Texas-based SolarWinds.

The operation infected SolarWinds’ software build and distribution system and used it to push backdoored updates to about 18,000 customers. The hackers then sent follow-up payloads to about 10 US federal agencies and about 100 private organizations. Besides the SolarWinds supply-chain attack, the hackers also used password guessing and other techniques to breach networks.

After the massive operation came to light, Microsoft President Brad Smith called it an “act of recklessness.” In a call with reporters on Thursday, NSA Director of Cybersecurity Rob Joyce echoed the assessment that the operation went beyond established norms for government spying.

“We observed absolutely espionage,” Joyce said. “But what is concerning is from that platform, from the broad scale of availability of the access they achieved, there’s the opportunity to do other things, and that’s something we can’t tolerate and that’s why the US government is imposing costs and pushing back on these activities.”

Thursday’s joint advisory said that the SVR-backed hackers are behind other recent campaigns targeting COVID-19 research facilities, both by infecting them with malware known as both WellMess and WellMail and by exploiting a critical vulnerability in VMware software.

The advisory went on to say that the Russian intelligence service is continuing its campaign, in part by targeting networks that have yet to patch one of the five following critical vulnerabilities. Including the VMware flaw, they are:

  • CVE-2018-13379 Fortinet FortiGate VPN
  • CVE-2019-9670 Synacor Zimbra Collaboration Suite
  • CVE-2019-11510 Pulse Secure Pulse Connect Secure VPN
  • CVE-2019-19781 Citrix Application Delivery Controller and Gateway
  • CVE-2020-4006 VMware Workspace ONE Access

“Mitigation against these vulnerabilities is critically important as US and allied networks are constantly scanned, targeted, and exploited by Russian state-sponsored cyber actors,” the advisory stated. It went on to say that the “NSA, CISA, and FBI strongly encourage all cybersecurity stakeholders to check their networks for indicators of compromise related to all five vulnerabilities and the techniques detailed in the advisory and to urgently implement associated mitigations.”


The US Treasury Department, meanwhile, imposed sanctions to retaliate for what it said were “aggressive and harmful activities by the Government of the Russian Federation.” The measures include new prohibitions on Russian sovereign debt and sanctions on six Russia-based firms that the Treasury Department said “supported the Russian Intelligence Services’ efforts to carry out malicious cyber activities against the United States.”

The firms are:

  • ERA Technopolis, a research center operated by the Russian Ministry of Defense for transferring the personnel and expertise of the Russian technology sector to the development of technologies used by the country’s military. ERA Technopolis supports Russia’s Main Intelligence Directorate (GRU), a body responsible for offensive cyber and information operations.
  • Pasit, a Russia-based information technology company that has conducted research and development supporting malicious cyber operations by the SVR.
  • SVA, a Russian state-owned research institute specializing in advanced systems for information security located in that country. SVA has done research and development in support of the SVR’s malicious cyber operations.
  • Neobit, a Saint Petersburg, Russia-based IT security firm whose clients include the Russian Ministry of Defense, SVR, and Russia’s Federal Security Service. Neobit conducted research and development in support of the cyber operations conducted by the FSB, GRU, and SVR.
  • AST, a Russian IT security firm whose clients include the Russian Ministry of Defense, SVR, and FSB. AST provided technical support to cyber operations conducted by the FSB, GRU, and SVR.
  • Positive Technologies, a Russian IT security firm that supports Russian Government clients, including the FSB. Positive Technologies provides computer network security solutions to Russian businesses, foreign governments, and international companies and hosts recruiting events for the FSB and GRU.

“The reason they were called out is because they’re an integral part and participant in the operation that the SVR executes,” Joyce said of the six companies. “Our hope is that by denying the SVR the support of those companies, we’re impacting their ability to project some of this malicious activity around the world and especially into the US.”

Russian government officials have steadfastly denied any involvement in the SolarWinds campaign.

Besides attributing the SolarWinds campaign to the Russian government, Thursday’s release from the Treasury Department also said that the SVR was behind the August 2020 poisoning of Russian opposition leader Aleksey Navalny with a chemical weapon, the targeting of Russian journalists and others who openly criticize the Kremlin, and the theft of “red team tools,” which use exploits and other attack tools to mimic cyber attacks.

The “red team tools” reference was likely related to the offensive tools taken from FireEye, the security firm that first identified the Solar Winds campaign after discovering its network had been breached.
The Treasury department went on to say that the Russian government “cultivates and co-opts criminal hackers” to target US organizations. One group, known as Evil Corp., was sanctioned in 2019. That same year, federal prosecutors indicted the Evil Corp kingpin Maksim V. Yakubets and posted a $5 million bounty for information that leads to his arrest or conviction.

Although overshadowed by the sanctions and the formal attribution to Russia, the most important takeaway from Thursday’s announcements is that the SVR campaign remains ongoing and is currently leveraging the exploits mentioned above. Researchers said on Thursday that they’re seeing Internet scanning that is intended to identify servers that have yet to patch the Fortinet vulnerability, which the company fixed in 2019. Scanning for the other vulnerabilities is also likely ongoing.

People managing networks, particularly any that have yet to patch one of the five vulnerabilities, should read the latest CISA alert, which provides extensive technical details about the ongoing hacking campaign and ways to detect and mitigate compromises.

Former Slovak Prime Minister Igor Matovic wears a face mask as he gives a press statement at the International Airport in Kosice, Slovakia, on March 1, 2021, after an aircraft of the Slovak Army arrived from Moscow, carrying doses of the Sputnik V vaccine against Covid-19.
Enlarge / Former Slovak Prime Minister Igor Matovic wears a face mask as he gives a press statement at the International Airport in Kosice, Slovakia, on March 1, 2021, after an aircraft of the Slovak Army arrived from Moscow, carrying doses of the Sputnik V vaccine against Covid-19.

Russia has asked Slovakia to return 200,000 doses of Sputnik V COVID-19 vaccine after Slovak testing indicated serious quality control issues.

The Slovak regulatory agency, the State Institute for Drug Control, reported that the batches it received did not “have the same characteristics and properties” as the Sputnik vaccine that was peer-reviewed in the Lancet and found to be 91.6 percent effective.

In light of Slovakia’s doubts about the quality of the vaccine doses, Russia went on the attack on Twitter. Russia’s official “Sputnik V” Twitter account claimed in a thread that the Slovak regulator has “launched a disinformation campaign against #SputnikV and plans additional provocations.” The account labeled the agency’s testing results as “fake news.”

The Sputnik V account further accused the Slovak regulator of violating its contract and committing an “act of sabotage” by having doses of Sputnik V tested in a laboratory that is not certified by the European Union. Now, Russia apparently wants the vaccine doses back.

According to the Sputnik V account, the Russian Direct Investment Fund—the sovereign fund that financially backed the vaccine’s development—sent a letter to the government of Slovakia on April 6 requesting that it “return the vaccine due to multiple contract violations so that it can be used in other countries.”

Dubious doses

The Slovak regulatory agency reported that around 40 countries are using or planning to use Sputnik V, which is made in seven different locations in Russia as well as in plants in India and South Korea. But the different vials of vaccine produced in different places and labeled Sputnik V are “only associated by the name,” according to the Slovak regulator.

“The comparability and consistency of different batches produced at different locations has not been demonstrated,” the Slovak regulator said, according to the New York Times. “In several cases, they appear to be vaccines with different properties (lyophilisate versus solution, single-dose ampoules versus multi-dose vials, different storage conditions, composition and method of manufacture).”

Sputnik V has not been approved by the EU’s regulator, the European Medicines Agency, though the EMA has begun a rolling review of the vaccine. In the EU, Hungary has begun using Sputnik V in its mass vaccination campaign and, as of Thursday, Germany is looking into placing a pre-order with Moscow.

Slovakia received doses of Sputnik V after former Prime Minister Igor Matovic set up a secret deal to buy 2 million doses, according to the Associated Press. Matovic welcomed the first batch of 200,000 vaccines at an airport on March 1. But, Matovic was forced out of office after Slovakia’s coalition government collapsed last month. He now serves as the finance minister and deputy prime minister in the new government.

In a Facebook post April 8, Matovic slammed political opponents for the events that led Russia to request the country return the vaccines. “CONGRATULATIONS IDIOTS!,” Matovic wrote.

Cartoon padlock and broken glass superimposed on a Russian flag.
Enlarge / What’s happened to Russia’s flag?

Russia has implemented a novel censorship method in an ongoing effort to silence Twitter. Instead of outright blocking the social media site, the country is using previously unseen techniques to slow traffic to a crawl and make the site all but unusable for people inside the country.

Research published Tuesday says that the throttling slows traffic traveling between Twitter and Russia-based end users to a paltry 128kbps. Whereas past Internet censorship techniques used by Russia and other nation-states have relied on outright blocking, slowing traffic passing to and from a widely used Internet service is a relatively new technique that provides benefits for the censoring party.

Easy to implement, hard to circumvent

“Contrary to blocking, where access to the content is blocked, throttling aims to degrade the quality of service, making it nearly impossible for users to distinguish imposed/intentional throttling from nuanced reasons such as high server load or a network congestion,” researchers with Censored Planet, a censorship measurement platform that collects data in more than 200 countries, wrote in a report. “With the prevalence of ‘dual-use’ technologies such as Deep Packet Inspection devices (DPIs), throttling is straightforward for authorities to implement yet hard for users to attribute or circumvent.”

The throttling began on March 10, as documented in tweets here and here from Doug Madory, director of Internet analysis at Internet measurement firm Kentik.

In an attempt to slow traffic destined to or originating from Twitter, Madory found, Russian regulators targeted, the domain used to host all content shared on the site. In the process, all domains that had the string ** in it (for example, or were throttled, too.

That move led to widespread Internet problems because it rendered affected domains as effectively unusable. The throttling also consumed the memory and CPU resources of affected servers because it required them to maintain connections for much longer than normal.

Roskomnadzor—Russia’s executive body that regulates mass communications in the country—has said last month that it was throttling Twitter for failing to remove content involving child pornography, drugs, and suicide. It went on to say that the slowdown affected the delivery of audio, video, and graphics, but not Twitter itself. Critics of government censorship, however, say Russia is misrepresenting its reasons for curbing Twitter availability. Twitter declined to comment for this post.

Are Tor and VPNs affected? Maybe

Tuesday’s report says that the throttling is carried out by a large fleet of “middleboxes” that Russian ISPs install as close to the customer as possible. This hardware, Censored Planet researcher Leonid Evdokimov told me, is typically a server with a 10Gbps network interface card and custom software. A central Russian authority feeds the boxes instructions for what domains to throttle.

The middleboxes inspect both requests sent by Russian end users as well as responses that Twitter returns. That means that the new technique may have capabilities not found in older Internet censorship regimens, such as filtering of connections using VPNs, Tor, and censorship-circumvention apps. Ars previously wrote about the servers here.

The middleboxes use deep packet inspection to extract information, including the SNI. Short for “server name identification,” the SNI is the domain name of the HTTPS website that is sent in plaintext during a normal Internet transaction. Russian censors use the plaintext for more granular blocking and throttling of websites. Blocking by IP address, by contrast, can have unintended consequences because it often blocks content the censor wants to keep in place.

One countermeasure for circumventing the throttling is the use of ECH, or Encrypted ClientHello. An update for the Transport Layer Security protocol, ECH prevents blocking or throttling by domains so that censors have to resort to IP-level blocking. Anti-censorship activists say this leads to what they call “collateral freedom” because the risk of blocking essential services often leaves the censor unwilling to accept the collateral damage resulting from blunt blocking by IP address.

In all, Tuesday’s report lists seven countermeasures:

  • TLS ClientHello segmentation/fragmentation (implemented in GoodbyeDPI and zapret)
  • TLS ClientHello inflation with padding extension to make it bigger than 1 packet (1500+ bytes)
  • Prepending real packets with a fake, scrambled packet of at least 101 bytes
  • Prepending client hello records with other TLS records, such as change cipher spec
  • Keeping the connection in idle and waiting for the throttler to drop the state
  • Adding a trailing dot to the SNI
  • Any encrypted tunnel/proxy/VPN

It’s possible that some of the countermeasures could be enabled by anti-censorship software such as GoodbyeDPI, Psiphon, or Lantern. The limitation, however, is that the countermeasures exploit bugs in Russia’s current throttling implementation. That means the ongoing tug of war between censors and anti-censorship advocates may turn out to be protracted.