Horkos @ the Centre for Unilateral Analysis Profile picture
cyber(punk) threat intel analyst, focus on Iran and Russia. the net’s own counterintelligence referent, maybe. #FUZZYSNUGGLYDUCK-in-chief. opinions are my own.
Sep 15, 2018 9 tweets 2 min read
John is right: if the intent of this disrupted black-bag job against the Spiez lab really was sabotage as opposed to espionage, it raises some curious potentialities about Russian motives. In a midnight analysis, it feels to me vaguely like some kind of desperation. 1/9 In my mind, the question is: what would make the increasing aggressive Russian services - in this case (apparently) the GRU - feel its necessary to engage in this particularly high-risk type of operation against a very hard target like a leading government CBRN facility? 2/9
Sep 6, 2018 6 tweets 2 min read
To be very clear: I think that the “GRU are clowns” narrative is that is emerging is counterproductive and ill-informed. But I believe GRU’s aggressive “can do at all costs” attitude appears to have had a trending negative impact on the quality of its tradecraft. /1 Major data points that I think support this argument include the failed coup in Montenegro, the activity covered in the Mueller indictments, and the Skripal attack. Each presents it’s own examples of some subpar tradecraft and each has created substantive blowback. /2
Sep 6, 2018 14 tweets 4 min read
In furtherance of the #counterintelligence discussion around the GRU and its competency, I want to address some recent reporting and analysis. Two articles - and one shared question - come to mind. /1 The 1st article takes the kind of argument I've made - the GRU has been sloppy resulting even successes generating some effects one would associate with qualified failures - and runs with it to the extreme. /2 bloomberg.com/view/articles/…
Sep 5, 2018 13 tweets 4 min read
In today's edition of "The GRU don't need no stinkin' tradecraft", which is becoming a #counterintelligence tradition, we have the UK charging of the 2 GRU officers who carried out the Skripal attack. Here's the timeline assembled by Scotland Yard. /1 news.met.police.uk/news/counter-t… This thread by @BBCDomC lays out the movements and footage described the Met in a very digestible thread. I highly recommend taking a look at it for reference alongside the Met's dry recitation of same. /2
Sep 5, 2018 20 tweets 8 min read
A #counterintelligence thread in the sense that I'm analyzing a foreign intelligence situation: I've been reading some very interesting analyses on the #Zakharchenko assassination and it's gotten me thinking about how this incident may or may not relate to FSB's role in Donbas /1 The first analysis I found useful was from @MarkGaleotti, and it emphasizes that it is doubtful that #Zakharchenko's death is move the situation towards peace. He mentions Dmitry Trapeznikov and Denis Pushilin as possible successors. /2
Aug 21, 2018 18 tweets 5 min read
Active measures pivot: Microsoft indicates that the APT28/GRU has tried to spoof the websites of conservative think tanks known for advocating democracy promotion, examining corruption, and/or criticism of Trump. My #counterintelligence commentary /1
nytimes.com/2018/08/21/us/… NYT has this right "The shift to attacking conservative think tanks underscores the Russian intelligence agency’s goals: to disrupt any institutions challenging Moscow and President Vladimir V. Putin of Russia." Russia doesn't care about our partisanship except to exploit it. /2
Aug 9, 2018 19 tweets 4 min read
So I tried to make dankness while the sun shown about the newest sanctions that are going to hit Russia (delayed as they might be), but I'd like to take a moment to seriously address just how bad this all is for the GRU. #counterintelligence /1 nytimes.com/2018/08/09/wor… The GRU's poor OPSEC has been a consistent driver among the naming-&-shaming and sanctions against Russia lately. Going all the way back to 2014, GRU - which has never been the most OPSEC conscious outfit - has been in the spotlight as Russia's primary meddling instrument. /2