back to article Hackers hit NATO, White House – then aimed at MH17 air disaster probe

The Pawn Storm hackers who tried to infiltrate NATO and White House networks have been spotted bothering another sensitive target: the team investigating the downed Malaysia Airlines MH17 flight. Researchers at Trend Micro found suspicious SFTP, VPN, and Outlook Web Access servers configured to collect usernames and passwords …

  1. Destroy All Monsters Silver badge
    Big Brother

    That's not nice, but...

    > hit with a Russian-made Buk surface-to-air missile

    No surprises here, but 'twas done with an old-style 9M38M1 likely from the Ukrainian arsenal. Could be that Mother Russia-leaning separatists got ahold of it and let loose at the first sight of a blip on badly calibrated screens. Or maybe not. Most of this story is very murky, if not amerrimurky.

    Who is keeping the quartermaster lists in Ukraine?

    1. Shoddy Bob

      Re: That's not nice, but...

      Gosh, who'd have thought a member of Putin's paid troll army would have turned up here on The Reg !

      1. Anonymous Coward
        Anonymous Coward

        Re: That's not nice, but...

        I doubt D.A.M. is paid to troll. That one just feels any evil act can always be traced back to the US, some way or other. We've learned to ignore it most of the time.

        1. Arctic fox
          Headmaster

          @Big John Whilst I think that it is likely that Russian seperatists shot down that plane........

          ........it is a sign of the times that I initially thought that "NATO, White House hackers tried to pwn MH17 air disaster probe" meant that Nato and the White House had tried to pwn the investigation until I read the main text of the article. The fact that that thought did not in any way surprise me says a great deal about the behavior of US security authorities in recent years and does not mean that I, at any rate, am on earners from Mr. Putin.

      2. Voland's right hand Silver badge

        Re: That's not nice, but...

        Gosh, who'd have thought a member of Putin's paid trol

        Read the damn report. The missile attacked the target directly and exploded ahead of the cockpit.

        The newer Buks in the Russian arsenal do not attack the target directly because they are specifically designed to attack targets with reduced radar and IR profile from below and looking at the aircraft "head-on"/"from the sides". They do this by going up to a predetermined coordinates calculated by the launch complex and looking at the predicted target area from _ABOVE_. I actually have seen the math for this when it first came out circa 1979 before it became classified and I personally know who derived the formulate to compute the coordinates to which the missile goes before enabling the seeker head.

        There is a simple rationale behind this design - most radar sig reduction tech sucks from that point of view. So if it was a newer one it would have hit most likely in the middle of the plane from above, not ahead of the cockpit.

        Based on this report and based on data published so far the "Russian supplied buk" as repeatedly claimed by Eu and USA officials does not match. That is not surprising either - the rebels pinched an unknown number of Bucks from Ukrainian military bases in the beginning of the war. That is a well known fact.

        The question of why the plane was flying 20km off-corridor exactly where the rebels took down a couple of Su-25s a few days earlier is also unanswered in the report.

        As far as who shot it down, it is most likely the rebels. With a Ukrainian Buk they pinched. Now why did they shoot it down - it is a different story. One we may never know. It would have taken something else besides the aircraft being 20km off-corridor in the middle of the conflict zone for them to pull the trigger. What - it will take finding who and bringing him to justice to know (if he has not been terminated long ago).

    2. MyffyW Silver badge

      Re: That's not nice, but...

      The dead cat maneuver... Now we're meant to forget about the Russian hacking and exclaim "mate you've put a dead cat on the table".

    3. Ossi

      Re: That's not nice, but...

      Erm, no. Russia, in fact denies that is was a 9M314M1 warhead (not '9M38M1 as you state - that's the missile type, and that's not the source of the dispute) that was used:

      https://www.rt.com/news/318653-buk-manufacturer-outdated-warhead/

      You know, starting from your conclusion and working backwards - the favoured method of all conspiracy theorists - is not a good way to find the truth.

      1. wolfetone Silver badge

        Re: That's not nice, but...

        Surprised no one has realised that from below Malaysian Airlines planes look at lot like the Russian Jet Putin uses to travel on. It's known Putin was travelling around the place at the time, a Ukrainian could have easily thought "Shit me, it's Putin's jet. Let's blow it up". They're not exactly going to wait around to find out if it's his Jet or not. If it looks like it, and why would there be any other plane in the area, blow it up while you have the chance.

        But obviously NATO wouldn't dare suggest that, would they?

        1. nematoad Silver badge

          Re: That's not nice, but...

          "...look at lot like the Russian Jet Putin uses to travel on."

          Just one small problem with that. MH17 was flying at 33,000 feet and from that distance you would not be able to see the aircraft, let alone see what type it was. Unless that is whoever shot it down possesses some super optics.

          The aircraft was probably targeted by radar on or near the launcher and radar cannot distinguish one aircraft from another. It's the transponders that give the ID and that is overlaid onto the radar plots used by ATC controllers.

          1. paulc

            Re: That's not nice, but...

            "Just one small problem with that. MH17 was flying at 33,000 feet and from that distance you would not be able to see the aircraft, let alone see what type it was. Unless that is whoever shot it down possesses some super optics."

            they do have optical telescopes built into the launcher and tracker units...

            1. Anonymous Coward
              Anonymous Coward

              Re: That's not nice, but...

              And large jets can be easily visible to the eye on a clear day. Here in the Southwest US I see them sometimes, and can even make out the type, despite them being in high altitude cruise mode. With binoculars it would be trivial. However, most places don't have really clear skies most of the time.

        2. Anonymous Coward
          Anonymous Coward

          Re: That's not nice, but...

          Russian Jet Putin

          Close, but no cigar. There are multiple reports that the jet was escorted by 2 Ukrainian fighter jets through part of Ukraine airspace including testimony of Spanish air traffic control contractor working for Ukraine traffic control.

          The circumstantial evidence that these may indeed be real and not propaganda, is that Ukraine has _FAILED_ to cooperate with the inquiry and has _FAILED_ to produce the full recordings including radar data and telemetry off their traffic control. They are _NOT_ in the report addendum and there is _NO_ trace that any such data was used in the conclusion. There was also _NO_ data off any of the military Ukraine radar installations including ones active in that area in the inquiry evidence.

          You are a rebel on the ground. You see a jet with an escort in a combat area. What do you do. I am not going to second guess. They should have fessed up to that from the very start instead of repeating the stupidity with the Korean Air flight 007 or the Ukrainian version of the same - Siberia Airlines flight 1812. Is this true, or not - we will never know. All radar data was destroyed instead of being given to the inquiry.

        3. ZippedyDooDah

          Re: That's not nice, but...

          "Surprised no one has realised that from below Malaysian Airlines planes look at lot like .."

          Amazing coincidence that, rt.com happened to notice as well.

          https://www.rt.com/news/173672-malaysia-plane-crash-putin/

  2. Dixey

    Pwn attack by unknown group = We haven't a clue what is going on here.

    This could be an attack by a pro-Russian group or it could be an attempt by some western power to make it look like the Russians are trying to muck up the investigation. We simply cannot tell (or rather I cannot tell) what is really going on from what is described in this Reg article.

    The bottom line is that the lives of 298 innocent people are still being used like pawns (pun intended) in a rather ugly power-struggle. I hope they are allowed to rest in peace and that the relatives eventually do get to know who robbed them of such a precious chunk of their lives.

    1. Keef

      Re: Pwn attack by unknown group = We haven't a clue what is going on here.

      Not sure why you got a downvote for that post Dixey, maybe it was the 'western power' bit, but as you wrote 'we' cannot tell.

      However the overriding sentiment in your post seems to me to be about the loss innocent lives.

      Have an upvote from me to balance that downvote out.

      1. Keef

        Re: Pwn attack by unknown group = We haven't a clue what is going on here.

        A downvote for mourning the loss of life, really?

        I support free speech so I'll take it on the chin, you have every right to voice your opinion.

    2. Turtle

      Re: Pwn attack by unknown group = We haven't a clue what is going on here.

      "This could be an attack by a pro-Russian group or it could be an attempt by some western power to make it look like the Russians are trying to muck up the investigation. We simply cannot tell (or rather I cannot tell) what is really going on from what is described in this Reg article. The bottom line is that the lives of 298 innocent people are still being used like pawns (pun intended) in a rather ugly power-struggle."

      Oh? Only you can do that, then?

      Or perhaps you think that you can remove the politics from it by repeating and enlarging the allegations - no matter how stupid your additions are.

      1. Dixey

        Re: Pwn attack by unknown group = We haven't a clue what is going on here.

        Cut and paste is not the same as reading and understanding.

        My thanks to all who really did read my comment and gave it an up vote.

  3. Dadmin
    Paris Hilton

    Did you know that...

    I am critical of Russian strikes on Syria, launching attacks on websites condemning Russia's actions in the Middle East and other stuff. I am Alex Tapanaris. I am DANGER, ACHTUNG. I am Spartacus. Watch me type! *click* *click* *click* *space* *click* *click*

    Putin thinks he's super ripped, and people point out his foibles and other faults online, but he has people who filter his tweets so he can be in his safe place and just read the positives.

    1. Chronigan

      Re: Did you know that...

      Did you just say he has people filter his tweets? How young and innocent are you? Tweets do not matter. The only thing that matters is what the rest of the world does to oppose him. And right now it is not much.

      1. DropBear Silver badge

        Re: Did you know that...

        "Did you just say he has people filter his tweets?"

        No, he just watched yesterday's South Park episode and apparently feels compelled to riff on it... </annoyed>

  4. Your alien overlord - fear me

    I'm just suprised that el Reg (known for it's fairness in attributing hacker groups to countries) hasn't said where Pawn Storm comes from. I mean, we can infer, but who has started wearing the trousers at el Reg Towers, Putin or the journos?

  5. Bota

    I guess most of you haven't seen the bullet holes clearly avaliable on Google included in the wreckage. Where's the black box data? Oh right. Classified.

    As for the "I hate Russia because the media told me too." Russia has destroyed 50% of isis infrastructure within mere weeks. The fact the us has done for all in a year speaks volumes.

    1. Keef

      Eh. what?

      "The fact the us has done for all in a year speaks volumes."

      Not sure what that concluding sentence means, care to elaborate so I can comprehend?

      Can you provide links to substantiate your claim of Russia destroying 50% of ISIS infrastructure?

      Can you provide links to show the 'bullet holes' so we can evaluate your comment?

      I think most black box data is withheld initially, some parts will usually be released eventually.

      Most things are complicated:

      http://avherald.com/h?article=47770f9d/0103&opt=0

      1. Jos V

        Re: Eh. what?

        Hey Keef. Let me venture an attempt at this.

        There is a wild pro/anti Russian argument going on on the internet about the shapes of the puncture holes in the aircraft. The pro-Russian stance is that all the holes are cube shaped and there is no "bow-tie" shaped holes, which would indicate an older type of buk missile that Russia has long stopped using, and the Ukrainians had (but claim to have sold off to Serbia, but pro-Russian Ukrainians/Seperatists have apparently snatched a couple, another part of the pro/anti thing, so take your pick). The Russian side agrees that since no bow-tie holes are found, it must have been Ukrainian, as they have only the bow-tie version.

        The anti Russian side of things, is where Russia seems to have shot themselves in the foot with the former statement.

        The Dutch transportation safety report says that there were bow-tie shaped fragments (including in the captain's body), as well as the cubed and filler forms, and pictures are included in the report.

        Then again, the pro-side defends this by saying the evidence was rigged, and the objects in the picture were planted by the Dutch investigators.

        So there, a nice conspiracy theory, and as usual you can google your answers straight to where/who you want to point your finger at.

        1. Ossi

          Re: Eh. what?

          A nice summary. This bit's interesting:

          "Then again, the pro-side defends this by saying the evidence was rigged, and the objects in the picture were planted by the Dutch investigators."

          I suggest thinking people apply Occam's Razor. If you find yourself adding in implausible assumptions with no evidence to make your story add up, then consider whether you've simply started from the conclusion and worked backwards. That's really not a good way to find the truth.

          What's the more plausible explanation?

          Which side would be wanting to fire at aircraft? The rebels. Why would the Ukrainians since the rebels don't have aircraft?

          Is cock up or conspiracy more likely? Cock up every time.

          By far the most plausible explanation is that the rebels screwed up and shot down an aircraft they didn't intend to shoot down with a Russian-supplied system. Of course, their only possible course of action after doing so was deny, deny, deny.

          1. hi-tower

            Re: Eh. what?

            "By far the most plausible explanation is that the rebels screwed up and shot down an aircraft they didn't intend to shoot down with a Russian-supplied system. Of course, their only possible course of action after doing so was deny, deny, deny."

            If that was a rebels' Buk, you would see a lot of evidence of this - satellite images of position, radar emission detection, rocket launch flare detection, and so on. Nothing like this has not been published.

            My opinion is that the drunken Ukrainian Buk crew was training to target aircrafts to prepare to Russian invasion. Of course, they was using the civil aircrafts flying over there for training, but the system accidentally switched to operational mode from training mode.

            1. Sandtitz Silver badge
              FAIL

              Re: Eh. what?

              "If that was a rebels' Buk, you would see a lot of evidence of this - satellite images of position, radar emission detection, rocket launch flare detection, and so on. Nothing like this has not been published."

              Use logic and the Occam's Razor.

              Russia has their own share of spy satellites orbiting Earth, and it it very likely that some are over Ukraine since they're orchestrating the rebel strategy. If there was any reasonable evidence to support Ukrainian BUK launch the Russian government would have handed them over to everyone.

              Since the rebels mostly consist of (former) Ukrainians, it is likely that some have been part of Ukrainian Military and Anti-aircraft divisions. The rebels have BUK systems, reported by AP journalists. The systems either belonged to Ukrainian bases in rebel zones - therefore possibly explaining the older missile type - or handed over by Russia, which has denied providing anything else but humanitarian help since the beginning.

              1. hi-tower

                Re: Eh. what?

                "Russia has their own share of spy satellites orbiting Earth, and it it very likely that some are over Ukraine since they're orchestrating the rebel strategy. If there was any reasonable evidence to support Ukrainian BUK launch the Russian government would have handed them over to everyone."

                And that evidence shown to public - Russian MOD published satellite images of deployed Ukrainian BUK launchers and detected BUK system radar (KUPOL) activity.

                http://archive.mid.ru//brp_4.nsf/0/ECD62987D4816CA344257D1D00251C76

        2. DonnieD

          Re: Eh. what?

          Serbia never had BUK, and has not purchased such "old systems", otherwise, it would have been slightly different outcome on 1999 NATO bombing. Croatia purchased S-300 system from Ukraine in 1990s, but incomplete, so it was not usable to them.

          BUK missile that hit MH17 has not been in manufacturing since 1986, and we all know what happened after SSSR got disolved and where some of those weapons ended up...untraced....and why we got so many rich Russinans now....

          As who operated that particular BUK that knocked down MH17, we may not find out, ever, as there are too many political games on both sides. Also, to operate BUK, you need to have highly trained personnel, and those do not come available on the job market.

          So far we can have some of those theories (please add to the list):

          1. Rebels shot it with stolen unit from Ukrainian army - untrained personnel

          2. Rebels shot it with stolen unit from Ukrainian army – Ukrainian Su-25 in the shadow of MH17, mixed with point 1

          3. Ukrainian army shot it – not informed that commercial flights are in that corridor

          4. Ukrainian army shot it – another plane in the shadow of MH17, possibly Russian

          5. Conspiracy theory – scientist had cure for AIDS had to be “terminated”

    2. Donchik

      ISIS? Like F**k!

      Putin has spent 90% of his time blowing 7 kinds of excrement out of the moderate rebel forces.

      His only interest is propping up his puppet dictator and mass murderer Asad.

      Try using independent sources of news and don't troll Putin's fantasy here.

      1. DonnieD

        Re: ISIS? Like F**k!

        So Saddam had WMD and Ghadafi had hump for HillaryC ;)

        It is only that western media proclaims Asad "murderer", and those barbarians chopping peoples heads on public TV are "moderate rebels"...give me a brake... Like it or not, Asad is the legitimate president of Syria, and according to the UN law, he has invited Russia to help. NATO is illegaly there, according to UN and international law, and illegaly trying to change legitimate regime, as it was doing it in Ukraine.

        Russia is looking into its own geopolitical strategy there, nothing more, nothing less, as is NATO.

      2. Voland's right hand Silver badge

        Re: ISIS? Like F**k!

        Putin has spent 90% of his time blowing 7 kinds of excrement out of the moderate rebel forces.

        True. However at 130+ sorties per day versus under 10 (over Syrian territory, I am subtracting Iraq ones here) by the allies this still makes up for more "ISIS Bashing" than any that the allies have delivered so far.

        As far as "moderate", I wouldn't call Al Qaida of the Arabian Peninsula moderate. At all. Several of the other "moderates" are also religious driven and they consider the Alavite sect to which Bashar belongs the mother of all Islamic apostasies. They also intend to do to it what is done to an apostasy by "moderate" Arabian peninsula Islamists (like for example Saudi Arabia).

        IMHO Putin's count of "moderate syrian opposition" being equal to about 5 people is about right. The rest (with the exemption of Kurds) are all shades of the same. By the way - he has not hit the Kurds even once which is exactly what is pissing off the Turks in this case as they are very "moderate" towards both Kurds and Alavites. In the "Armenian/1915" Turkish definition of the word "moderate".

        There are no rights in this conflict. However from the choice of wrongs US and UK are supporting in that conflict, we have chosen the "wrongest".

    3. Zork-1

      Modern AA missiles don't hit their target directly. They exploded when the target is near and sends shrapnel into the target, causing structural or equipment damage - much like a shotgun in close range.

      So those ain't bullet holes.

  6. Slx

    No wonder Clinton was using her own email setup !

  7. Anonymous Coward
    Anonymous Coward

    Hacking an air accident investigation

    Such class

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019