Alternative War: Unabridged

by J. J. Patrick

  Flicking through the pages and pages of research, I noted that, in January 2017, BGR was hired by the Ukrainian government to: “Support and help open lines of communication between key Ukrainian officials and US government officials, journalists, non-profit groups and others.” In truth, I wondered if Ukraine had simply decided to spy on the US’s Russian link directly. Without a doubt, however, I could see there were no degrees of separation between any of these men. This is where the second round of Russian connections manifested, in the form of Nigel Farage.

  The distinctly shadowy advisor to Donald Trump, Steve Bannon, and equally controversial Trump-appointed Attorney General, Sessions, had already known Farage for several years. In 2012, Bannon invited the UK politician to New York and Washington where he was introduced to Sessions204. This was two years before Breitbart launched in London. Sessions himself was, at the time I was doing this snooping, embroiled in a fresh ethics row after President Trump’s firing of the FBI Director James Comey, right in the middle of the Russia inquiry. Extraordinarily, the Attorney General had to remove himself from the investigation after undisclosed meetings between him and Russian officials were made public. Those very same officials were photographed inside the White House shortly afterwards and Sessions’ name went on to become synonymous with the other subjects of the unprecedented collusion allegations, Paul Manafort, Michael Flynn, Carter Page, and Roger Stone. But there, right in the middle of all this, was a British politician I’d linked to the far-right and Russia already.

  Visiting the Republican National Committee in mid-2016, Farage met a Bryant aide, John Barley Boykin, who suggested Farage visit Mississippi. The following day a formal invite from Bryant was sent to Farage. On the 23rd of August 2016, Farage arrived in Mississippi with Leave.EU’s financial backer Arron Banks. According to reports, it was actually Bryant who asked Farage to speak at the Trump rally and it was Steve Bannon who telephoned Farage to discuss what he would say205. When Farage and Trump subsequently met the next day, Donald Trump was so impressed with the speech he wanted to personally introduce Farage to the stage. Sessions was present at the rally along with another Russia Inquiry figure, former mayor of New York, Rudy Giuliani. Russian oil company Rosneft is a client of Rudy Giuliani’s law and consulting firm, Giuliani Partners, and Alfa Bank has previously hired Rudy Giuliani as a paid speaker. Investigative journalist Grant Stern has written206: “Circumstantial evidence strongly indicates that President Donald J. Trump and his campaign associates brokered a massive oil privatization deal, where his organisation facilitated a global financial transaction to sell Russian Oil stock to its Syrian War adversary, the Emirate of Qatar.” The Emirate of Qatar was another Giuliani client.

  Aside from this monstrously deep web of US business links to Russia, along with speeches by British politicians, my investigations had already established more substantial collaborative efforts between the so-called “Bad Boys of Brexit”, the Trump campaign, and Russia. Yet, the Leave.EU connection was relevant at the time for one further reason: Roger Stone. During the 2016 campaign, Stone was accused by John Podesta of having prior knowledge of Wikileaks publishing his private emails which had been obtained by a hacker. In fact, before the leak, Stone tweeted: “It will soon the Podesta's time in the barrel,” and five days prior to the release he did it again, writing: “Wednesday Hillary Clinton is done. #Wikileaks.” Breitbart News, the Mercer and Bannon disinformation channel, also published a subsequent denial by Stone, in which he claimed he had no advance knowledge of the Podesta e-mail hack or any connection to Russian intelligence. The thing was, I had already established a link between Russia, disinformation, Wikileaks, Trump, and Brexit, and found clear evidence from intelligence agencies that Wikileaks was known as a Russian operation.

  It transpired that Stone was a gift that kept giving the more I looked into him.

  During a speech on the 8th of August 2016, Stone said: “I actually have communicated with Assange” and referred to an “October surprise” coming via the Wikileaks site. He also stated that, while he had never met or spoken to the site’s founder, the pair had a “mutual friend” who served as an intermediary. The same day the speech was given, Stone was tweeting about a dinner he had with Nigel Farage, who was, of course, seen visiting Assange in March 2017 and had always refused to give reasons for the meeting.

  In May 2017, Farage changed tack and told Germany’s Die Zeit newspaper207 he visited the Ecuadorian Embassy for “journalistic reasons, not political reasons” before cutting the questions short, saying: “It has nothing to do with you. It was a private meeting.” What set him off, according to the reporters, was when they directly asked if he was working for Russia. In response to questions about his 2013 meeting with Yakavenko, Farage began ranting “I think you are a nutcase! You are really a nutcase! Brexit is the best thing to happen: for Russia, for America, for Germany and for democracy.” For me, Farage’s response clarified pretty much everything. This car-crash interview came shortly after Wikileaks had dumped material aimed at influencing voters in France to vote against Emanuel Macron and side with the far-right candidate Marine Le Pen – whose deep financial and political ties to Russia I’d already exposed. Farage was, as I’ve set out, openly supporting Le Pen during her campaign, and was backed up by Leave.EU and Banks’ alternative media site Westmonster. By this time, that deep relationship between Farage, Russia, and Julian Assange, most openly displayed through RT and UKIP’s activities, was bathing in the disinfectant of sunlight.

  I took the time to sit and review everything I’d uncovered so far and decided there was nothing so easy as a simple financial trail which would expose this global mess. Those days of investigative journalism were clearly dead, along with stories compacted to fit headlines and column inches. We were dealing with such a complex problem I still think the whole truth may never be known, especially if the assertions of Christopher Steele – that the cover-up operation began on Putin’s orders as soon as Trump won – are to be given credit. I realised it was also more complicated than a question of exposing diplomatic gain. Those days were gone too. This power play had gone directly for political and financial dominance on a scale which condemned the diplomatic wrangling of independent nations to the past, rendering countries standing as lone entities impotent. I could see this was the true reason the EU had been targeted – structurally, it could potentially defeat this axis along with NATO, which is why divide and conquer was crucial.

  Almost idly, I called the Ecuadorian Embassy, to ask how many times Nigel Farage had visited Julian Assange. They hung up as soon as the question was asked.

  Sixteen:

  While I was busy trying to unravel all of this, the world was plunged into chaos on Friday the 12th of May by a massive cyberattack which crippled the United Kingdom’s National Health Service208 – as well as a number of other large infrastructure organisations across many nations, including Spain’s Telefonica, Fedex in the US, and – reportedly – some Russian organisations.

  The source of the attack was pretty clear from the outset and its timing was no coincidence, yet a bewildered media, in reality unequipped to report on the complexities of cyber warfare, scrambled to push focus onto the impact of the hack while adding base-level explainers on Ransomware to a confused and scared public. Extraordinarily, British Home Secretary, Amber Rudd, was also quick to make a statement the attack was not “targeted” and, across the British parties – by then all electioneering – the focus shifted immediately to arguments about public spending. The election flux was a huge weakness and it was exploited with ruthless efficiency. In short order, both Wikileaks and the infamous, former NSA IT contractor Edward Snowden also began to lay the blame at the door of the United States’ National Security Agency, as the attack allegedly involved the use of Eternal Blue – a spying tool designed to exploit a weakness in Microsoft Windows remote access capabilities. Amidst all the noise, however, it seemed obvious to me the culprit was sitting in plain sight.

  Ran
somware is a type of virus or malware which, when activated, encrypts the contents of a computer (or computers) so the user or owner can’t access anything. It’s called Ransomware because it offers the opportunity to have the data restored in exchange for a payment – normally in the cryptocurrency Bitcoin. It makes for an effective Denial of Service (DoS) attack and there are no guarantees systems will be restored even if payment is made by the victim. This attack used a version of the software called Wanacryptor 2 or “Wannacry,” which would normally infect a computer through the standard route of opening an attachment in an email or via an infected browser cookie. However, the software also integrated the capabilities of a previously stolen tool from the NSA, Eternal Blue, which allows an infected computer to search for and infect other vulnerable computers on internal or external networks. The software exploited a mechanism within Windows which Microsoft released a patch for after the theft had occurred, though older versions of the system were still wide open as this support had finished. Vehicle manufacturing plants, power plants, and rail services were among the other institutions and companies shut down as a result of the attack and experts rightly predicted the software would continue to attack vulnerabilities over the following days.

  The spread was hindered when a young computer blogger discovered the software communicating with an unregistered domain name (http://iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com) and by registering the domain name himself – what’s known as sink-holing – the software stopped interacting. It appears the lack of ability to communicate with the domain made the software decide it was in sandpit mode – meaning not actively deployed. The domain itself was human generated keyboard garbage – named by swiping a hand across keys – and, because it was sink-holed on the day of the attack, the original registration details weren’t accessible to anyone looking. I know this because I was one of the people looking.

  While the Ransomware itself was freely available on the internet and not traceable in any useful sense, Eternal Blue proved to be a different matter. On the 8th of April 2017, a group of hackers known as The Shadow Brokers released a lengthy, rambling statement in what appeared, to me, to be deliberately broken English, which commenced with “Dear President Trump, Respectfully, what the fuck are you doing? TheShadowBrokers voted for you. TheShadowBrokers supports you. TheShadowBrokers is losing faith in you. Mr. Trump helping theshadowbrokers, helping you. Is appearing you are abandoning “your base”, “the movement”, and the peoples who getting you elected.”

  The group’s reappearance came only days after Trump’s unexpected intervention in Syria with airstrikes targeting a Russian-Syrian airbase and a spokesman for Vladimir Putin responded to those strikes stating the US had violated international law “under a false pretext”, and the country’s UN deputy ambassador, Vladimir Safronkov, warned “extremely serious” consequences could follow the strike. The prime minister, Dmitry Medvedev, also said the action had “completely ruined relations.” The Shadow Brokers’ statement mentioned Syria repeatedly and also cited disgruntlement at the rumoured removal of Steve Bannon from the National Security Council. They also went on to make further statements about Trump’s supporters, saying they: “Don’t care if you swapped wives with Mr Putin, double down on it, “Putin is not just my firend he is my BFF.” Don’t care if the election was hacked or rigged, celebrate it “so what if I did, what are you going to do about it”,” adding that they supported “the ideologies and policies of Steve Bannon, Anti-Globalism, Anti-Socialism, Nationalism, Isolationism.”

  On the topic of Russia, they openly aligned themselves with the Federation too, saying “for peoples still being confused about TheShadowBrokers and Russia. If theshadowbrokers being Russian don’t you think we’d be in all those US government reports on Russian hacking? TheShadowBrokers isn’t not fans of Russia or Putin but “The enemy of my enemy is my friend.” We recognize Americans’ having more in common with Russians than Chinese or Globalist or Socialist. Russia and Putin are nationalist and enemies of the Globalist, examples: NATO encroachment and Ukraine conflict. Therefore Russia and Putin are being best allies until the common enemies are defeated and America is great again.” These were both Russian narratives I had become very familiar with.

  At the end of the statement, the core message of which was an echo of almost all non-state actor and alt-right narrative which I’d already linked directly to Russia and its disinformation, the hacking group gave a password to a darkweb site where the NSA tools were freely available.

  The original NSA hack took place in August 2016 and drew significant commentary, including from Edward Snowden who tweeted: “Circumstantial evidence and conventional wisdom indicates Russian responsibility,” which he interpreted – according to the New York Times – as a “warning shot to the American government” in case it was thinking of imposing sanctions against Russia in the cyber theft of documents from the Democratic National Committee.

  “No one knows, but I suspect this is more diplomacy than intelligence, related to the escalation around the DNC hack,” Snowden said, around the time Julian Assange’s Russian outfit Wikileaks stated they had files to release and Stone was making his speech and having dinner with Farage.

  Personally, I find Snowden curious. At first, being a whistleblower myself, I fully supported what he did but now I find his residence in Moscow increasingly uncomfortable. Russia has extended his leave to remain until 2020, with Putin himself commenting on the refusal to extradite Snowden in his Oliver Stone interviews, saying: “No, under no circumstances. Because he's no criminal.” I can’t say one way or another whether I trust Snowden, but knowing people the way I do from policing, I’m only too aware that circumstances change people – make them pliable. Especially when others have some element of control, which manifests as control over destiny in Snowden’s case. This is something clearly included within the meaning of kompromat. I suppose my feelings about Snowden distill down to the factor of unknown risk, which you must always approach as high one because it’s unquantifiable.

  In January 2017, a report jointly compiled by the NSA, CIA and FBI concluded Russia's intelligence services had indeed conducted hacking attacks against organisations involved with the 2016 US presidential election209, with the most high-profile target being the Democratic National Committee (DNC). By then, I had investigated far enough to have identified the hacking group APT28 as being directly attributable to the Russian intelligence services and to other operations which also involved significant elements of disinformation. I knew they had previously claimed to be ISIS, again using flawed language patterns and this little side note stuck, thankfully. James A. Lewis, a computer expert at the Center for Strategic and International Studies, mirrored my concerns about the group’s use of English210, saying: “This is probably some Russian mind game, down to the bogus accent…some of the messages sent to media organisations by the Shadow Brokers group [were] delivered in broken English that seemed right out of a bad spy movie.”

  After the attack, I took a more focused look at the Russians and re-confirmed that Russia's military intelligence, the GRU, is known to operate under the name APT28 – which is also known as Fancy Bear. I found it was also known that a second group with strong links to the FSB, the modern version of the KGB, existed under the name APT29, or Cozy Bear. Security experts believed the groups have been supporting operations to influence the domestic politics of foreign nations, including by leaking stolen information, since at least 2014 and attacks on the World Anti-Doping Agency, the DNC, the Ukrainian Central Election Commission were among those attributed to them. Security company FireEye had previously documented that APT28's software is Russian made211, saying: “The malware is built during the working day of the GMT + 4 time zone, which includes Moscow and St. Petersburg, and the developers used Russian language settings until 2013.” They also highlighted the group has extensive Zero Day attack capabilities – meaning they have deep pockets – and have shown they can take on multiple targets at the same
time, which is indicative of state-backing. “For example, operations might involve setting up thousands of web domains, and dealing with the massive amount of information they are stealing likely involves the use of trained linguists to understand and evaluate it. All of this means that ATP 28 is likely to involve hundreds of staff directly, if not thousands indirectly,” said Jonathan Wrolstad, a senior threat intelligence analyst working at the company FireEye.

  On the 11th of May, the day before the worldwide cyberattack began, technology media outlets reported interception of a spear-phishing attack by Romanian security services212. The attack involved the sending of a barrage of emails, including some purporting to be from a NATO representative, to diplomatic organisations in Europe, including Romania’s Foreign Ministry of Affairs. The message came from a fake address at the hq.nato.intl domain currently used by NATO employees. The cyberattack was attributed to APT28.

  The emails carried APT28’s malware which exploits Zero Day capabilities, also initially thought to have been stolen from the NSA, and, I found in the case of the Romanian Foreign Ministry, the infected code was hidden in a word document entitled “Trump's_Attack_on_Syria_English.docx” According to cyber security companies, Romania was one of the worst countries affected during the 12th of May ransomware attack. A NATO spokesman said, at the time of the spear-phishing attack being discovered: “As is common practice, whenever we detect spoofed email addresses, NATO alerts the responsible authorities in Allied countries to prevent attacks from spreading. The hacker group APT28 – which is also called Fancy Bear or Pawn Storm – is well known to the cyber defense community and we track its activities closely.”