19 MAY 17 – Executive Intelligence Summary – Forward Observer Shop

19 MAY 17 – Executive Intelligence Summary


[wcm_nonmember]In this EXSUM… (2754 words)

  • Shadow Brokers problematic for US government, computers systems around the globe
  • Russia & China SITREPs
  • CNO’s ambitious plan to field combat ships
  • Revolutionary Abolitionist Movement launched
  • Take It Down STL aims to remove Confederate memorial
  • RIA Novosti: American Civil War 2.0
  • Fink on US economy, markets
  • And more…


This content is for subscribers only. To continue reading, please log in or subscribe here. [/wcm_nonmember]

[wcm_restrict plan =”fo-osint”]

Bottom Line Up Front:  This morning, Global Times — often the mouthpiece for the Chinese Communist Party — published an editorial claiming that President Trump is “in big trouble”.  Despite the history of pro-China propaganda, the editorial actually outlines pretty clearly the situation in the United States.  “The American elite still refuse to accept Trump after his 100 days in the Oval Office. He is at odds with the mainstream media; insiders have constantly leaked information to the media.”

Unless something damning comes out in the future, nothing I’ve seen constitutes an impeachable offense for President Trump, especially considering that the House of Representatives is the only body that can impeach a President.  As it stands right now, President Trump is unlikely to be impeached.  But the constant haranguing by the press, Democrats, and the Republican establishment, along with the backstabbing coming from Trump’s own administration, is creating a political crisis for the nation.  I found this particular statement by the Global Times particularly interesting:

The US won’t be engulfed by chaos if its president is caught in a lawsuit. Someone has pointed out that no matter how chaotic the White House and Capitol Hill are, the overall operation of the US will not be a major problem as long as the enterprises and social organizations in the country are stable. This is seen as an advantage of the American system.

I tend to agree with this outlook, with a caveat.  Despite rifts in social cohesion, mostly caused by social ideology, race, and politics, as long as the economy is clipping along and basic services and utilities are still running, I don’t see a massive conflict in the immediate future… but we are locked in a culture war which features sporadic political violence.  Many Leftists are holding out hope that Trump will be impeached, or that the Democrats will take back the House and/or Senate in 2018, or that a Democrat will be elected president in 2020.  As long as that hope is there, I don’t expect to see widespread, organized political violence.  Should any of those hopes be dashed, then we’ll probably see some limited violence.

My one caveat:  Earlier this month, President Trump tweeted out, “Our country needs a good ‘shutdown’ in September to fix [this political] mess!” in reference to the September 2017 showdown in the Senate over government funding for the next fiscal year.  Outside of a black swan event or especially negative results from the investigation into potential collusion between the Trump campaign and Russia, September will be the next scheduled hurdle.  If Trump is serious about a shutdown, then we need to take seriously the second- and third-order effects.


Priority Intelligence Requirements:

PIR1: What are the current indicators of systems disruption or instability that could lead to civil unrest or violence?

PIR2: What are the current indicators of an outbreak of global conflict?

PIR3: What are the current indicators of organized political violence?

PIR4: What are the current indicators of economic, financial, or monetary instability?

PIR1: What are the current indicators of systems disruption that could lead to instability, civil unrest, or violence?

Shadow Brokers problematic for US government, computers systems around the globe

Last year we reported on a hacker group named Shadow Brokers who made news by leaking cyber exploits developed by the National Security Agency (NSA).  Some experts claimed that Shadow Brokers were linked to Russia, others said that they may be non-state-sponsored; however, consensus is that Shadow Brokers are a major thorn in the side of many nations, especially the United States.  Shadow Brokers frequently release cyber tools and information they say was stolen from NSA, and promise to dump more data in June.  More on Shadow Brokers in a moment…

Last Friday, media outlets reported on a new strain of ransomware dubbed WannaCry, which by Tuesday had infected 300,000 computers around the world.  What makes this particular ransomware special is that it uses a cyber tool developed by NSA named EternalBlue — one of the tools released by Shadow Brokers last year — that exploits a bug in Microsoft Windows.  At least one cybersecurity firm is now warning of a second ransomware attack wave named AdylKuzz, which also uses NSA exploits to facilitate its spread.  Ransomware is a type of malware that encrypts computer hard drives and then demands a ransom in order to decrypt the computer system.  Often, as is with the case of WannaCry, hackers demand payment via bitcoin.  According to reports, WannaCry netted over $90,000 in bitcoin payments from their victims.

Shadow Brokers have stayed in the news by frequently releasing new information from NSA.

This blog post, which appears to be a legitimate write up from the Shadow Brokers on or about Tuesday, 16 May; shows the group will offer a monthly subscription service of data dumps, which starting in June will include information regarding the SWIFT international financial network, as well as information on nuclear missile programs from unknown sources.  If you read the post, understand that it’s difficult to read due to deliberately poor syntax, which is a countermeasure for writing analysis.  In other words, the article is so poorly written that law enforcement can’t track the writing style back to its author(s).

A quick synopses of the article:

1.  Shadow Brokers claim they own 75 percent of NSA’s cyber weapons arsenal.

2. Shadow Brokers accuse NSA’s Equation Group of placing employees deep within technology companies like Google and Microsoft to aid state-sponsored hacking.  They also accuse the governments of Russia, China, Iran, and Israel of doing the same.

3.  They accuse the Equation Group of having a former NSA employee work at Google Project Zero, which is tasked with finding zero-day exploits.  (A “zero-day” exploit is a bug or vulnerability previously undiscovered by a company.  They’re called zero-day, or 0-day, exploits because the company has zero days to create a security patch for the bugs, because the vulnerability is live and currently exploitable.)  The post accuses the Equation Group of paying companies like Google and Microsoft to not patch known vulnerabilities so NSA can exploit those vulnerabilities to attack its targets.  Alternatively, the Equation Group is using former NSA employees currently working as zero-day researchers at Google or Microsoft to find zero-day vulnerabilities to report to NSA without alerting their employers.

4.  Part of the rationale for this accusation is that Microsoft was slow to patch the EternalBlue vulnerability NSA was using because NSA never alerted Microsoft to the vulnerability in the first place.  (I wrote a similar article in late March about NSA doing this.)

5.  Shadow Brokers mock the idea that the WannaCry attack is linked to North Korean hackers, saying that this is the line of reasoning employed by policy makers to justify war with North Korea.  “The oracle is telling theshadowbrokers North Korea is being responsible for the global cyber attack Wanna Cry. Nukes and cyber attacks, America has to go to war, no other choices! (Sarcasm)”

6. After a failed auction of the cyber tools, Shadow Brokers are starting a monthly subscription service for data dumps.  “Is being like wine of month club.”  The Shadow Brokers say that they’ll provide the data to subscribers, and what subscribers do with the data after that is up to them.  Two of the examples of data dumps are significant:

  • “compromised network data from more SWIFT providers and Central banks” – SWIFT is the global financial networking system that makes bank-to-bank and international money transfers possible.  In previous years, SWIFT has lost millions of dollars due to hackers spoofing money transfers.  The SWIFT system comes under frequent attack from hackers.  With this new data, hacks against SWIFT may become more problematic.
  • “compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programs” – The post doesn’t elaborate, however, this could well be data that NSA stole from foreign governments; infiltrated from the networks of foreign defense companies.

7. Finally, the Shadow Brokers make an offer to foreign governments to purchase the remaining data to avoid the monthly releases.   Earlier this year, Shadow Brokers failed in their attempt to auction off this data for $500 million.  It’s unclear if Shadow Brokers were sincere in their attempts to make $500 million, or if they asked for an exorbitant amount to toy with NSA.

Due to the amount and severity of data already released by Shadow Brokers, there’s no reason to doubt that additional critical information will be released in the future.  My chief concern is the SWIFT system, which already comes under cyber attacks, and what might happen should the SWIFT leaks be especially useful for hackers.  I should note that the Russia financial system has an alternative to SWIFT, should SWIFT be an untenable or otherwise inconsistent option in the future.

PIR2: What are the current indicators of an outbreak of global conflict?

The prospects of global conflict continue to revolve five geopolitical actors: Russia, China, North Korea, and Iran. In the event of war with any of these nations, consider domestic systems disruption a distinct possibility.


Citing lessons learned from ground operations in Syria, Russian President Vladimir Putin called this week for a major rearmament of the Russian military.  “Combat experience gained during the operation in the Syrian Arab Republic as well as the necessity for reinforcing the defense of our Arctic territories, western and south-western borders require a reassessment of our approaches to re-equipment of troops.”  Regular readers will know that the Arctic has become a pressing issue for Putin, and that the Russian military is a much more capable animal than even a few short years ago.

As has been the case for three years now, both NATO and Russia are preparing for war.  War may not be likely in the short term, but both sides continue to advance their military interests in the region.  For instance, US Army units in Germany are testing Saab’s Barracuda Mobile Camouflage System [1],  and Russia continues its information operations campaigns in the Balkans to prevent the further Westward lean in nations like Albania, Montenegro, and Croatia [2].  Russian influence operations are also active in numerous other NATO and non-NATO nations across Europe.   Meanwhile, Putin is keeping mum on his re-election bid in the presidential election coming up in March 2018.

[1] https://members.shop.forwardobserver.com/2017/05/17/us-army-tests-saabs-barracuda-mobile-camouflage-system-in-germany/

[2] https://members.shop.forwardobserver.com/2017/05/18/u-s-state-department-official-warns-of-russias-malign-influence-in-balkans/

[3] https://members.shop.forwardobserver.com/2017/05/15/putin-says-too-early-to-speak-about-his-plans-for-2018-presidential-elections/



Meanwhile, China continues to arm the South China Sea.  This week the Chinese Defense Times newspaper published that rocket launchers had been deployed to the disputed Fiery Cross Reef.  The rocket launchers are specifically designed to identify, track, and target military combat divers; specifically Vietnamese combat divers who had been active in the area.  Now military planners at the Pentagon are allegedly considering using hyper-accurate artillery pieces as air defense weapons, should the US go to war in the region.  An Pentagon official said this week that the US is increasing its coordination with allies in the region.  Philippines President Rodrigo Duterte claimed this week that the Chinese have threatened to go to war with the Philippines over oil drilling in the South China Sea.  Due to the ongoing military build up, analysts are already asking if the South China Sea is lost to the US and its Asian allies.


Defense in Brief:

CNO’s ambitious plan to field combat ships

On Wednesday morning, the Chief of Navy Operations (CNO) released a white paper on the future of the Navy.  Citing a shift in the landscape of sea power, CNO confirmes that the Navy needs 350 ships, including manned and unmanned systems; up from the 275 deployable ships they have now.  The US Navy is currently deployed to “faster paced, more complex, and increasingly competitive” environments featuring multi-domain challenges.  While the Army focuses on future fights in mega-cities (link), the Navy sets its sights on combat in littoral environments where coastlines will become more populated, maritime traffic will increase, and nations will compete for limited resources from the ocean, such as fisheries, oil, and minerals.  Meanwhile, near-peer competitors are challenging US Navy dominance of the seas.  (Read the rest…)


PIR3: What are the current indicators of organized political violence?

Revolutionary Abolitionist Movement launched

A group of organized recently launched the “Revolutionary Abolitionist Movement,” which seeks to “burn down the American plantation.”  According to the group’s statement, “The United States was built on slavery, and despite the American Civil War, this oppression never ended. The abolitionist movement fought against this tyranny, but modern slavery and mass brutality persist unchecked.”  The Revolutionary Abolitionist Movement cites the success of modern-day abolitionism in Rojava, Syria, saying, “With a foundation in feminism, ecology, anti-state organizing, and armed struggle, it has actualized a revolution beyond 20th century nationalism. With the founding of groups like the International Revolutionary People’s Guerrilla Forces, it is clear that this is the time for anarchist revolutionaries to act without hesitation.”

The sentiment is not new, however, the RAM joins a chorus of radical revolutionary movements growing in their militancy.  “We intend to establish a new Underground Railroad to free people from bondage. By building revolutionary self-defense networks, connecting them to one another, and developing militant strategies in our neighborhoods, our network will create the capacity to destroy state power and defend our communities.” (https://itsgoingdown.org/revolutionary-abolitionist-movement/).


Take It Down STL aims to remove Confederate memorial

On 23 May, 30 May, on 06 June, Take It Down St. Louis will be gathering to protest the Confederate memorial.  Southern pride and Alt-Right groups are also appearing to be organizing counter protests.  If you’re in the St. Louis area, here’s the Facebook event page.


RIA Novosti: American Civil War 2.0

Russian state-run news outlet RIA Novosti published an opinion piece which accurately sums up the current situation (LINK; translated via Google Translate).  “The fact is that the active phase of the civil war began several years ago, when Barack Obama’s plans became known to give citizenship to several million illegal immigrants. It was assumed that they would all vote for Democrats. Accordingly, a one-party system would be established in the country, the white Anglo-Saxons and other Europeans (Republicans) would already, for sure and forever, be in the minority.”  He also writes:  “Democrats do not have a majority in Congress or their own army, but the war they have been waging is a hybrid one.”  The opinion goes on to detail that conservatives went on the offensive, but are largely unhappy with Trump’s slow progress.  The author then addresses universities: “To universities where students had to be taken to psychiatrists after Trump’s victory, where they even agitated not to hang US flags, since it reminds someone of Hitler’s Germany…  Democrats, as we see, have something to lose in this war. The fact that the intelligence is working against the president, the military department or the remnants of the defeated State Department is just the tip of the iceberg…  We are watching this, and in addition we see that the end of the American war is not over.”

PIR4: What are the current indicators of economic, financial, or monetary instability that lead to worsening economic conditions or civil unrest?

Fink on US economy, markets

Starting in 2014, Blackrock CEO Larry Fink warned CEOs that cutting costs and decreasing spending budgets may be good for corporate profits, but it’s hurting the US economy.  As of last week, corporate profits are at the highest levels since 2012, which sounds great but as Fink has warned, it’s largely due to CEOs maximizing short term profits by cutting costs and refusing to spend on capital investments.  Fink is concerned that corporations — specifically those in the S&P 500 — are not doing enough to spur long term growth.  And with the US economy stuck at about 2 percent growth each year, Fink believes CEOs are waiting to see the Trump administration’s pro-growth policies.

Overall, Fink seems to be somewhat optimistic about the future of the US markets (and potentially the economy) under President Trump.  Fink believes that the market is overbought and could see a 5-10 percent pull back.  Once that happens, he said, it’s time “buy, buy, buy”.  He took to Fox Business Channel last week and said, “I believe this is going to take a somewhat longer time, but we all should hope that we are going to get some success out of the [Trump] administration to validate the marketplace.”


Mike Shelby is a former military intelligence NCO and contract intelligence analyst. He spent three years in Iraq and Afghanistan and is now the intelligence and warfare researcher at Forward Observer.

Leave a Reply

Your email address will not be published. Required fields are marked *

Name *