Month: March 2022

The metaverse is viewed as a transformation of the internet, where avatars interact with one another and can interact, work, or play in a life-like virtual reality environment. By 2030, projections indicate that the metaverse could grow to a 678-billion-dollar industry. In addition, cryptocurrency can be a form of exchange in the metaverse, and the idea is gaining support from major U.S. companies like Facebook and JP Morgan Chase.

Most people are familiar with the term metaverse through virtual reality (VR) company Oculus, a gaming system with a $299.00 retail price. Oculus describes itself as tech that “uses cutting-edge graphics, best-in-class hardware, and artistically rendered experiences to create a computer-simulated environment where you aren’t just a passive participant, but a co-conspirator. With a VR headset, you’re fully absorbed in realistic 3D worlds, creating a major shift in how we experience the digital realm.”

There are currently over 50 million VR users in the U.S., and that number is anticipated to reach 95 million in 2022. However, with a new virtual reality evolving, there are also threats to users in the metaverse materializing in the real world. For this brief, Overwatch focused on the prevailing adoption of the metaverse, how kids are being targeted, and why digital social interaction requires investigation, analysis, and more public discourse.

A Recent Kidnapping Case

An unidentified teen in Roosevelt, Utah, used her Oculus and its VR world to communicate with a 25-year-old Chris Evans from Florida.

On the morning of March 8, 2022, the teen walked out of her home to meet up with Evans. Law enforcement discovered the teen through cellular data and communication apps, found her in the back of a semi-truck, and arrested Evans, known in the metaverse as Monkey King Budda.

Evan faces kidnapping and harboring charges.

Apps You Can Download on Oculus Where There is a Significant Gap in Monitoring

BBC News conducted an investigation in February 2022, using a VRChat, an app that can be downloaded from the Oculus platform. With VRChat, the only prerequisite for using the app is to have a Facebook profile. There are no other verification processes in place. The investigation from BBC News found that children mix with adults in the metaverse in adult-rated settings.

BBC News reported that, “Inside VRChat, there are rooms where users can meet: some are innocent and everyday – such as a McDonald’s restaurant, for example – but there are also pole-dancing and strip clubs. Children mix freely with adults.”

“One man told our researcher that avatars can get naked and do unspeakable things. Others talked about erotic role-play.”

Sex Crimes on Roblox

While Roblox is not in the metaverse, it is one of the world’s most popular online games. With Roblox, users can create games and play games developed by other Roblox players. There is over 12.1 million Roblox users in the U.S. and Canada.

In February 2022, a sexual predator targeted a 13-year-old girl on Roblox. After speaking with the girl for two days, the predator — Howard Graham, convinced the girl to leave her home in Topeka, Kansas. Graham then took her to his home in Clayton County, Georgia, where law enforcement says she was sexually assaulted multiple times.

The authorities found the girl because she messaged her mother through the Roblox app. Law enforcement arrested Graham at his workplace at the beginning of March. 

What Do Subject Matter Experts Say?

Overwatch spoke to two subject matter experts on internet crimes against children for this brief.

Our first source is a former ICAC Special Agent. She worked with the Internet Crimes Against Children task force for several years.

The source said, “Law enforcement is already drowning in cyber tips — there’s been a 25%+ increase in tips the National Center for Missing & Exploited Children (NCMEC) sends out. In many jurisdictions, there’s no other space to respond to those and reactive cases that get phoned in. The social media companies are reporting suspicious activity, but they use algorithms a lot of the time which means we get inundated with videos of a guy picking up his coffee mug and putting it back down again a bunch of times (the algorithm thinks he’s masturbating). So, it takes up a ton of time when we could be working on other more pressing cases. I’m sure there are a handful of law enforcement officers out there working proactive stuff in the metaverse, but you know how it is…everyone’s doing the best they can to keep up.”

Jessica Smith is Special Investigations Manager with the National Child Protection Task Force and Owner of ClickSafe Intelligence. She has over 15 years of experience in intelligence and investigations. Smith told Overwatch that the bigger concern about the metaverse is how the younger generation is becoming more isolated than previous generations.

She said, “So the metaverse has the ability to unfold in several different ways. While we are seeing reports of incidents currently, I think the bigger problem or potential problem rather lies in the next generation of kids. Mainly those who are just young elementary school age currently. These kids are, to a much larger degree than the rest of us, being raised in varied levels of isolation and experiencing the world in a far more digital way than older kids and adults.”

“Therefore, for most pre-teens, teens and adults (predators included) we’re all technologically fatigued right now. I see predators discussing the meta-verse with high levels of rejection because they don’t get it and don’t want to adopt it, even if it does mean more access to victims. Interesting huh? But, that said, as these younger children (toddlers and early elementary age kids under 10) grow and are more willing to engage with new technology, the predators will likely follow the way they did with social media.”

OUR ASSESSSMENT

As the metaverse gains more mainstream adoption, sexual predators will use the platform to target children, groom them from a distance, and then attempt to lure them outside of the virtual environment. Without proper mitigation measures, the metaverse could become a temporary haven for sexual predators, hiding behind internet anonymity and developing their own methods to commit sexual crimes against children.

An influx of metaverse sex crime cases would likely lead to platforms investing more resources into how to mitigate threats to children in the metaverse. Additionally, there are currently no laws in the VR environment. Further, any legislation regarding the metaverse won’t likely come until there is mainstream adoption of the idea. As such, metaverse platforms will have to cooperate with law enforcement, identifying patterns of how criminals operate in the space. This relationship will likely be similar to how cryptocurrency exchanges receive subpoenas from law enforcement when it identifies illicit activity on the blockchain.

For now, the most effective form of mitigation will come from up-to-date training for parents on the dangers to look out for as their children become more immersed in a virtual world.

While the global focus remains on the Russia-Ukraine War, the Chinese Communist Party (CCP) undermines regional security in the Indo-Pacific. On March 25, 2022, the Solomon Islands, which are northeast of Australia, confirmed drafting a security agreement with the People’s Republic of China (PRC). According to leaked documents, the deal gives the PRC the right to deploy forces on the island to protect its workers and projects. Australia said it has “great concerns” over the agreement between the Solomon Islands and the Chinese State.

However, the Solomon Islands and the PRC’s agreement is only one of many concerns about China’s goals for absolute power on the global stage. Overwatch analyzed the CCP’s capability to threaten the United States for this brief. We determined that the Chinese Communist Party is the most significant national security threat to the U.S. because of its data theft, espionage activities, targeting of dissidents, advances in the global tech race, and its majority control of the rare earths market.

Massive Cyber Theft

In a March 2022 speech to the Detroit Economic Club, FBI Director Christopher Wray said that China has stolen more data from the United States than all other countries combined. Wray said, “To pick just one example, a year ago, hackers with China’s Ministry of State Security targeted a vulnerability in the Microsoft Exchange Server software widely used in corporate e-mail systems. They compromised tens of thousands of computers worldwide and left back doors so they could return whenever they wanted. And to give you a sense of how common that kind of theft is, just using cyber means, Chinese government hackers have stolen more of our personal and corporate data than all other countries combined.”

According to William Evanina, the former Director of the U.S. Counterintelligence and Security Center, the PRC has the Personally Identifiable Information (PII) of 80% of Americans. PII can include a person’s first and last name, phone number, address, Social Security Number, medical records, financial records, criminal history, or driver’s license number.

In 2015, a state-sponsored hacking group working for the Chinese government breached 20 million U.S. government records from the Office of Personnel and Budget Management. These records also included information from peoples’ SF-86 form, which is required to get a security clearance. SF-86 forms have a significant amount of highly personal information about the person applying for a clearance.

Per cybersecurity firm Mandiant, in the last six months, the Chinese-state-sponsored hacking group, APT41 (Advanced Persistent Threat) compromised “at least six U.S. state government networks” through the exploitation of livestock app USAHerds.

China is also developing more sophisticated malware that can be used against “hardened targets.” CyberScoop reports, “A backdoor in use as recently as November 2021 is the ‘most advanced piece of malware’ ever seen from China-linked spies, according to researchers at Symantec.”

Espionage

In February 2022, Wray explained that the FBI pours most of its resources and time into the Chinese threat. Wray said, “When we tally up what we see in our investigations—over 2,000 of which are focused on the Chinese government trying to steal our information or technology—there is just no country that presents a broader threat to our ideas, our innovation, and our economic security than China.”

Convictions in espionage cases in the United States show that China has successfully recruited former Central Intelligence Agency (CIA) Case Officers and former Defense Intelligence Agency (DIA) Case Officers.

In May 2019, Jerry Chun Shing Lee, a former CIA Case Officer plead guilty to “conspiring to communicate, deliver and transmit national defense information to the People’s Republic of China.” Lee, who was recruited in Hong Kong, provided his handlers with classified information, including the identities of CIA operatives and sensitive CIA locations.

In September 2019, Ron Rockwell Hansen, a former DIA Case Officer, was sentenced to ten years in federal prison. According to a Department of Justice press release, Hansen provided national security information to Chinese agents about U.S. military readiness in a particular region — “information closely held by the federal government.”

Targeting Chinese Dissidents

In March 2022, the Department of Justice (DOJ) charged five individuals with spying on U.S. residents on behalf of the PRC’s Ministry of State Security. The DOJ press release, reads, in part, “Two complaints were unsealed, and one amended complaint was authorized today in federal court charging five defendants with various crimes related to efforts by the secret police of the People’s Republic of China (PRC) to stalk, harass, and spy on Chinese nationals residing in Queens, New York, and elsewhere in the United States.” The U.S. residents included a Chinese national and military veteran, who is openly critical of China’s government.

Overwatch spoke to an anti-CCP activist about how China harasses and threatens dissidents in the states. The activist spoke to us on a condition of anonymity. The activist said, “They do target high-profile people. Most Chinese speakers in the U.S. have WeChat on their phones. So, they use that to try and harass or exploit them. They usually use phrases like ‘be careful.’ They will use your family WeChat to deliver the message. Sometimes they will detain your family and talk to you in front of them.”

The activist continued, “In extreme cases, they will freeze your family members’ credit card. Or they might try and trick you that someone is sick at home, and you must go back and see them. We’ve seen this work before.”

The Global Tech Race and Rare Earths

The Chinese state aims to be the global leader in artificial intelligence by 2030. Currently, China produces more scholarly AI research than the United States.

A December 2021 report from the Belfer Center for Science and International Affairs says that China “displaced the U.S. as the world’s top high-tech manufacturer, producing 250 million computers, 25 million automobiles, and 1.5 billion smartphones in 2020.”

However, the Chinese government has been cracking down on the tech sector in the country. As a result, there are reports of significant layoffs in the industry inside of China. The South China Morning Post reports, “The destruction of tech-related jobs from content creation to private tutoring is translating into fears of a jobless wave that could rival the time when millions of rural migrant workers were turfed out of jobs amid the 2008 global financial crisis or when millions of state sector positions were lost amid the reforms of the late 1990s.”

One area where China has the upper hand over the United States in the global tech race is the rare earths market. Rare earths are essential in developing smartphones, flatscreen TVs, electric vehicle batteries, catalytic converters, for some industrial applications, defense systems, lasers, and even used for screening some genetic diseases. The PRC is currently responsible for 60-70% of rare earth production globally. Apple and defense contractors Raytheon and Lockheed Martin rely on rare earth minerals to develop their products.

OUR ASSESSMENT

We assess that China aims to surpass the United States economically, technologically, and militarily, willing to use any resources, tactics, or manpower to meet its objective of becoming the primary global superpower. The PRC will continue to target U.S. government and private sector systems, stealing sensitive data that will likely be used for further offensive cyber operations against the United States. With 80% of Americans’ PII collected, China has the capability to launch social engineering attacks on over two hundred million Americans. No country other than China can launch such a massive attack from its data theft.

The Chinese State will continue to recruit former intelligence community members, compromising classified information and state secrets. Further, as anti-CCP sentiment grows in the United States, the Ministry of State Security could potentially increase its efforts to harass, threaten, and intimidate Chinese government dissidents in the U.S.

As tensions continue to escalate between the U.S. and China, the CCP could use its majority control over rare earth production to further impact U.S. supply chains from companies that rely on rare earth materials for their products. Such a move would likely lead to a significant increase in the price of these products on the U.S. market. Additionally, if China can surpass the U.S. in the field of artificial intelligence, it would displace the U.S. as the global leader in the field and require many more U.S. government and private sector resources to compete with the Chinese state.

While the U.S. attempts to broker a new nuclear deal with the Islamic Republic of Iran, the Kingdom of Saudi Arabia (KSA) and the People’s Republic of China (PRC) are increasing economic ties and cooperation.

• On March 10, 2022, Saudi Aramco, the largest oil company globally, “finalized an investment” decision to build a major refinery and petrochemical complex in Northeast China. Aramco partnered with China-based North Huajin Chemical Industries Group Corporation and Panjin Xincheng Industrial Group and will supply the complex with 210,000 barrels of crude oil per day.
• On March 15, 2022, the Wall Street Journal reported the Kingdom of Saudi Arabia was “in talks” with China to sell some of its oil in Yuan instead of the U.S. dollar.

Saudi Arabia exports more oil to China than anywhere else globally. The potential for Saudi Arabia to sell its oil to China in Yuan, not U.S. dollars, could lessen the dollar’s influence as the world’s reserve currency. Additionally, China’s growing relationship with the Kingdom of Saudi Arabia may increase tensions between the United States and the KSA.

For this brief, Overwatch analyzed the growing ties between Saudi Arabia and China, identifying more economic cooperation as well as their expanding relationship in defense, militarily, in Artificial Intelligence (AI) and geospatial technology. China’s stronger relations with KSA could undermine the U.S. presence in the Middle East, giving China significant influence in the region.

A timeline of relations from February 2021 – Current Day

• In February 2021, KSA Foreign Affairs Minister Faisal bin Farhan Al-Saud told Chinese Foreign Minister Wang Yi that Saudi Arabia gives priority to the Saudi-China relationship.
• In March 2021, Saudi Aramco said its relationship with China is its main energy priority for the next 50 years.
• Also, in March 2021, KSA said that it supports China’s positions of Xinjiang and Hong Kong.
• In April 2021, Saudi Crown Prince Mohammed Bin Salman asked Chinese President Xi Jinping to merge KSA’s Vision 2030 and China’s Belt and Road Initiative. Saudi Arabia’s Vision 2030 aims to create a more diverse and sustainable economy, be a driver of international trade, and further connect Africa, Asia, and Europe through trade. China’s Belt and Road Initiative is a global infrastructure program that seeks to connect all trade routes in Africa, Asia, and Europe to China. Currently, 145 countries have signed a memorandum of understanding with the PRC to join its Belt and Road Initiative.
• In June 2021, the Saudi Chinese Business Council met via teleconference to discuss increasing bilateral trade.
• In December 2021, a report indicated that China was providing technical assistance to Saudi Arabia in building ballistic missiles.
• In January 2022, Saudi Arabia said it would deport two Muslim Uyghurs back to China, who have been held in the country without any trial since November 2020.
• Additionally, in January 2022, Chinese Minister of National Defense Wei Fenghe and KSA’s Deputy Defense Minister Khalid Bin Salman agreed to improve cooperation between each nation’s military.
• In February 2022, Huawei launched its largest overseas store in Saudi Arabia’s capital, Riyadh. In addition, the Saudi Digital Academy signed a memorandum of understanding with Huawei to develop local talent. Saudi Arabia’s goal is to send 8,000 Saudis to Huawei-approved centers to learn about AI, cyber security, 5G, and cloud computing.
• In March 2022, Saudi Arabia’s Advanced Communications and Electronics Systems Co. signed an agreement with China Electronics Technology Group Corp to build military drones together.
• In March 2022, Saudi Arabia’s Taqnia Ets and Taqnia Space and China’s Star Vision agreed to collaborate on research and development of geospatial and artificial intelligence technology.
• Then in mid-March 2022, Saudi Arabia invited Chinese President Xi Jinping to visit the country.
• In late March 2022, Foreign Minister Wang Yi said that he wants China to take its relationship with Islamic countries to “a new level.”

Currently, Saudi Arabia is China’s largest trading partner in the Middle East. An October 2021 study from King Abdullah Petroleum Studies and Research Center (KAPSARC) shows just how deep trade ties have become between the PRC and KSA. “Trade flows between China and Saudi Arabia have also grown. China’s exports of industrial products to Saudi Arabia reached $28 billion in 2020, an increase of 50% since 2013. Saudi Arabia’s exports of crude oil to China grew from 364 million barrels in 2013 to 622 million barrels in 2020. Construction contracts between Chinese enterprises and Saudi Arabia grew even more rapidly. The total value of completed contracted projects by Chinese enterprises in Saudi Arabia from 2014 to 2019 was $40 billion. This amount is twice the corresponding value for 2008 to 2013.”

Based on open-source research, China currently has 71 companies with a presence in Saudi Arabia. The companies are primarily engineering, construction, or energy-related. In addition, Huawei’s subsidiary, Huawei Tech Investment Saudi Arabia Co. Ltd. is setting up data centers in KSA.  Huawei is also working with Saudi Arabia on AI technologies.

OUR ASSESSMENT

With U.S. support for a new Iranian nuclear deal and news that the Biden administration is considering removing the Iranian Revolutionary Guard Corps (IRGC) from the Foreign Terrorist Organizations List (FTO), Saudi Arabia will likely increase its cooperation with China economically, politically, in technology, and militarily. With Saudi Arabia’s Vision 2030 and China’s Belt and Road Initiative, both nations share similar goals for developing new infrastructure and regional trade routes. These projects will draw China and KSA closer together, weakening U.S. investment and economic relations with Saudi Arabia and potentially other Middle Eastern countries in the Gulf. From 2019 to 2020 Saudi Arabia’s Foreign Direct Investment (FDI) in the United States decreased. Additionally, with the U.S. reliance on oil from the Middle East, weakened relations with Gulf countries could impact the price of gas and utilities in the states.

Further, with the U.S. support for a new Iranian nuclear deal, Saudi Arabia could potentially rely on China for critical technology to develop nuclear weapons. In March 2018, Saudi Crown Prince Mohammad Bin Salman said, “Saudi Arabia does not want to acquire any nuclear bomb, but without a doubt, if Iran developed a nuclear bomb, we will follow suit as soon as possible.” Currently, Iran has enriched its uranium to 60%, 30% from weapons-grade uranium. In July 2021, former Iranian President Hassan Rouhani said that Iran could enrich to 90%, which is 30% from the weapons-grade uranium needed for a nuclear weapon.

Overwatch analysts also assess that China will continue to prioritize ties with other countries in the Gulf to compete with the United States, including Kuwait, Oman, Bahrain, Qatar, and the UAE — all members of the PRC’s Belt and Road Initiative. As China aims to be the world superpower and its footprint expands in the Middle East, it could threaten U.S. economic interests regionally and disrupt U.S. diplomatic relations with Gulf countries.

By the end of 2021, 300 million people globally were cryptocurrency holders, nearly 200 million more than in 2020. In 2021, 16% of Americans held or invested in cryptocurrency. However, according to a survey from crypto platform Voyager Digital, 61% of Americans “may purchase cryptocurrency in 2022.”

Crypto revenue exchanges grew by 600% in 2021 and will only continue to climb as more people buy, trade, and invest in digital assets. Yet, based on findings from Cryptoliteracy, most people still do not understand how cryptocurrency works. In addition, there are multiple threats in the cryptocurrency market, which remains unregulated.

For this brief, Overwatch will explain what cryptocurrency is, how digital assets are becoming more mainstream, and some of the potential threats for crypto holders.

What is Cryptocurrency?

Cryptocurrency is a digitally-based, encrypted, and decentralized form of exchange that eliminates the need for third parties like banks and financial institutions. Cryptocurrency exists on a digital ledger called the blockchain. The blockchain maintains a record of transactions that anyone can review.

The most well-known cryptocurrency on the blockchain is Bitcoin. Bitcoin, created in 2009, following the 2008 recession, was developed by a person or group of people under the pseudonym Satoshi Nakomoto. In a white paper titled: A Peer-to-Peer Electronic Cash System, Nakomoto wrote, “What is needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party.”

Since 2009, Bitcoin has gone from a digital asset with no monetary value to worth $40,912 per Bitcoin. From November 2021 to March 2022, Bitcoin has lost about one-third of its value, as it was $68,000 per Bitcoin on November 10, 2021.

Bitcoin remains the most valuable and popular cryptocurrency, but it is one of an estimated 12,000 cryptocurrencies. Further, per research by Motley Fool, there are 1,000 new cryptocurrencies added to the market monthly.

Aside from Bitcoin, other cryptocurrencies that hold significant monetary value are:

• Ethereum, which are $2,849 per coin
• BNB, which is $389.29 per coin
• Terra, which is $94.24 per coin
• Solana, which is $88.09 per coin
• Avalanche, which is $84.94 per coin

Cryptocurrency buyers can purchase digital assets on crypto exchanges, a few of which are Binance, Coinbase, Crypto.com, Gemini, and Kraken. These platforms could be compared to trading platforms for stocks and provide real-time data about the value of cryptocurrencies and analytics that show their value over time.

Cryptocurrency Becoming More Mainstream

According to data, cryptocurrencies are becoming a more popular asset and investment. Companies and financial institutions are beginning to put more resources into cryptocurrency, with some offering it as an asset. Social media platforms are implementing tipping systems with cryptocurrency, and it is becoming more commercialized in the media and entertainment industry.

• In February 2021, Tesla, the 6^th largest company globally, bought 1.5 billion dollars in Bitcoin.
• In March 2021, Morgan Stanley said it would provide its wealth management clients access to Bitcoin funds.
• In April 2021, Coinbase, a Bitcoin startup, went public, trading at $381.00 per share.
• In August 2021, Walmart put out a job posting for a cryptocurrency expert.
• In September 2021, former Twitter CEO and platform founder Jack Dorsey said that Twitter would allow users to tip their favorite accounts with Bitcoin.
• In November 2021, according to Pew Research, 16% of Americans used, invested in, or traded cryptocurrency.
• During Super Bowl 56 in February 2022, four cryptocurrency ads aired on TV.
• On March 9, 2022, U.S. President Joe Biden signed an executive order on “ensuring the responsibility of digital assets.” The executive order focuses on responsible innovation of digital currencies, mitigating illicit activity, exploring a digital currency for the United States government, and consumer and investor protection.

Crypto Threats

The most significant threat in the cryptocurrency market today is fraud. This fraud frequently occurs on social media platforms, with people claiming to be cryptocurrency experts reaching out to help you make money in the market. The fraud issue is prolific on Instagram. Overwatch analysts have been approached by fraudsters, claiming to be subject matter experts on the topic.

The following screenshot shows a fraudster reaching out to one of our analysts.

As we continued our conversation with Rebecca, we asked her to tell us the company she worked for, and she didn’t provide an answer. Instead, she asked for a WhatsApp number, commonly used by cybercriminals to launch phishing attacks. A further review of her account showed that Rebecca used the exact language posted from other social media accounts, who also claimed to be cryptocurrency experts.

On December 27, 2021, Rebecca, posted to Instagram, “Start up a binary option investment today and enjoy 100% guaranteed profit every week with easy access to your account and direct communication with your account manager, payout/ withdraw is 100% accessible. We have excellent trading instruments, but we also support them with the best tools: volatility alerts, market updates, stock screeners, calendars, and newsletters.”

Analysts found the same language from a November 2020 tweet by Twitter user @mrs_elizabeth02. We ran a reverse image search on @mrs elizabeth02’s profile photo, which yielded results on VK.com, Russia’s equivalent of Facebook. On the VK profile, her username is Magaret Rylee, and she claims that she can help interested parties earn up to $15,000 per day.

In January 2022, the Federal Trade Commission (FTC) reported, “Social media is a tool for scammers in investment scams, particularly those involving bogus cryptocurrency investments — an area that has seen a massive surge in reports.  More than half of people who reported losses to investment scams in 2021 said the scam started on social media. Reports to the FTC show scammers use social media platforms to promote bogus investment opportunities, and even to connect with people directly as supposed friends to encourage them to invest. People send money, often cryptocurrency, on promises of huge returns, but end up empty-handed.”

Our Assessment

Overwatch assesses that the cryptocurrency market will continue to grow as consumers learn more about digital assets and companies continue to create avenues for crypto adoption, investment, and education. This growth will occur because cryptocurrency is seen as more resilient than traditional investments during times of global conflict. While the Russia-Ukraine war led to losses in the crypto market, the most traded cryptocurrencies are beginning to bounce back. Additionally, blockchain companies will continue to accumulate massive investment from venture capital firms, disrupting traditional commerce building more name recognition for the cryptocurrency market. With 1,000 cryptocurrencies joining new exchanges monthly, there will likely be market saturation in the future, where newer cryptocurrencies possibly hold less value. In 2021, venture capital firms invested 25.2 billion dollars in blockchain companies, a number we expect to see a significant increase in for 2022.

Cybercriminals and criminal networks will continue to target exchanges and individuals as the cryptocurrency market expands, developing new methods to manipulate and defraud potential investors. As platforms like Instagram, Facebook, and Twitter have no stated policy in place to monitor cryptocurrency fraud, these crimes will only increase on major social media platforms. Continued education throughout our societies will reduce scams carried out by criminals on people that do not fully understand credible cryptocurrency investment processes.

Entering the cryptocurrency market as a business owner or investor will continue to come with risk as the blockchain is not regulated by governments or law enforcement. However, many crypto exchanges are registered with the Financial Crimes Enforcement Network (FinCEN) and work in concert with law enforcement agencies to prevent fraud, scams, and money laundering on the blockchain.

On March 12, 2022, the Islamic Republic of Iran’s (IRI) Islamic Revolutionary Guard Corps (IRGC) fired Fateh-110 ballistic missiles into Erbil, Iraq. The U.S. designated the IRGC as a Foreign Terrorist Organization (FTO) in April 2019.

According to reports, some of the missiles landed near a new U.S. Consulate building in Erbil, resulting in the injury of one Kurdish national and significant structural damage in the area. There were no fatalities, according to the Kurdish government and the United States.

For this brief, Overwatch analyzed the misinformation on social media from the first initial reports of the attack, the IRI’s history of aggressive actions against the U.S. in Iraq, and how Iran could be setting the stage for further escalations against the U.S. and Israel.

MISINFORMATION

With the Russia-Ukraine War dominating news cycles globally, the news of the attack quickly became a trending topic on Twitter, with multiple claims that the Iranian missiles hit the U.S. Consulate or U.S. bases.

Disclose.tv, which has 896k followers, tweeted, “ballistic missiles were fired at the U.S. Consulate in Iraq.”

Amichai Stein, who is employed by Israeli Public Broadcasting, and has 69k followers, tweeted, “Several U.S. ballistic missiles hit the U.S. base in Erbil.”

Duty to Warn, which has 221.3k followers, tweeted:

Analysts note that many other Twitter accounts with tens of thousands of followers or more shared the narrative that Iranian ballistic missiles hit the U.S. consulate building in Iraq.

Several hours after the initial attack the U.S. officials stated that no Americans were injured or hurt during the attack. Additionally, Kurdish authorities said that one Kurdish national had been hurt but there were no other casualties. The spread of misinformation on Twitter doesn’t appear to be a direct campaign of any kind, but some reporters and social media influencers are not waiting to fact-check events.

IRANIAN MEDIA SOURCES

The Tehran Times claimed that the attack was due to an alleged Israeli drone attack in Western Iran. The report from the Tehran Times also said that IRGC’s operation against Erbil targeted Israeli buildings in the region supporting its special forces arm, Sayeret Matkal, and resulted in the deaths and injuries of Israelis.

Tasnim News Agency, which has close ties to the IRGC, reported that, “The center hit by the missiles was a place where a remarkable number of Zionists gathered, and considering the number of people present in that base, the likelihood of the (Zionist) regime’s human toll is very high.”

IRI’s HISTORY OF AGGRESSION IN IRAQ

Since the 2020 U.S. killing of former IRGC Quds Force Leader Qassem Soleimani, repeat rocket attacks have occurred in the Green Zone in Baghdad, Iraq, near the U.S. Embassy. The source of the rocket attacks are Shia militias in Iraq, which receive material support from the IRI.

In December 2020, multiple rockets hit an area housing U.S. Embassy personnel. The attacks killed an Iraqi civilian, but no U.S. citizens.

In March 2021, the U.S. Embassy in Baghdad put out a security alert, advising U.S. citizens in Iraq about a variety of threats. The alert reads, “The U.S. Embassy in Baghdad reminds U.S. citizens extremist groups and regional actors have conducted destructive and sometimes lethal attacks against a variety of targets.  Attacks may occur with little or no warning, impacting airports, tourist locations, transportation hubs, markets/shopping malls, and local government facilities.  Iraqi and Western facilities and places frequented by U.S. citizens and other Westerners may also be targeted.”

“There is a threat of drone and missile attacks impacting on civilian and other targets in Iraq.  Violence associated with Iran-supported groups represents a significant threat. U.S. citizens living and working near military bases and critical civilian infrastructure are at heightened risk of impacts from missile and drone attacks.”

In August 2021, multiple rockets were fired at the U.S. Embassy in Iraq, but instead landed in other areas of the Green Zone.

In January 2022, a rocket attack unsuccessfully targeted the U.S. Embassy in Baghdad, resulting in an injured Iraqi woman and a child.

THE U.S. RESPONSE

One of the units tasked with helping protect against air attacks in Iraq is the U.S. Army National Guard’s 182nd Infantry regiment’s Transportation Unit. In addition, the U.S. has MIM-104 Patriot Surface-to-Air Missile Systems at both Al Asad Airbase and in Erbil. It remains unknown why air defense systems in Erbil did not engage the ballistic missiles coming over the Iranian border.

OUR ASSESSMENT

While there are no reports of casualties currently from the Iranian attack on Erbil, reporting on past incidents suggests that this could be subject to change. In 2020, there were no casualties reported following the Iranian ballistic missile attack on Al Asad Air Base in Iraq. One month later, the Pentagon announced that 109 members of the U.S. military were diagnosed with Traumatic Brain Injuries (TBIs).

The pattern of attacks from the IRI and Iranian proxies against U.S. targets in Iraq suggests that such attacks could continue as long as U.S. presence remains in Iraq. The Iranian government, which has significant influence in Iraq politically, militarily, and culturally, views the United States as a threat to its power and control in the region.

In addition, the IRI has the largest arsenal of ballistic missiles in the Middle East, and it has been improving its missile capabilities for decades. The missiles could target U.S. bases again in Iraq or U.S. troops in Kuwait, Syria, Qatar, the UAE, or possibly cities in Israel. However, based on open-source information, the Iranians cannot currently hit any target outside of a 1,250-mile radius, suggesting that any ballistic missile attack will stay within the Middle East regionally.

Ongoing geopolitical events reveal potential alliances through common ideas and policies or stand-up to common enemies. Extended cooperation between the Asaad regime, Russia’s military forces, and the Iranian proxies operating in Syria are likely to embolden aggressive rhetoric and action against Israel and the U.S., as a strong ally. Continued withdrawal of U.S. influence and involvement in the region will allow opportunities for Iran to take a more aggressive posture and rhetoric.

The strike in Erbil was Iran’s retaliation against Israel killing two IRGC officers in Syria on March 7, 2022 in what an IRGC statement claimed was an air strike. Recently, the Iranian regime has considered action from Israel to be inherently linked to the U.S. It is unclear the U.S. Consulate was the intended target, yet it offers what could be considered the less risky option for military action near a U.S. diplomatic facility considered “U.S. soil”. Erbil is in Kurdish territory and far from the larger embassy in Baghdad in a much more populated metropolitan city.

With the ongoing war in Ukraine, multiple disinformation narratives are intensifying online as part of disinformation efforts from the Russian state. The disinformation narrative gaining the most momentum in the digital space is that Ukraine is developing bioweapons with the assistance of the United States government.

At least 22 major media outlets published stories about the narrative with varying angles, which has spread across social media platforms like Facebook, Twitter, Instagram, Parler, Gab, Rumble, Telegram, VK, etc. The Chinese state is also promoting Russia’s bioweapons conspiracy on the world stage.

Overwatch used OSINT techniques and EAG’s D2M Methodology to investigate the bioweapons disinformation narrative and identify its possible online origin point. In addition, we researched the U.S. company, Black and Veatch, and U.S. government entity, the Defense Threat Reduction Agency, that worked with Ukraine to build biolabs in the country.

A Timeline

On February 25, 2022, the day after Russia invaded Ukraine, a post surfaced on 4chan, claiming that the U.S. Department of Defense funded Ukrainian bioweapons. The 4chan post received significant attention from QAnon supporters and quickly spread across social media.

On March 8, 2022, Senator Marco Rubio (R-FL) asked the Under Secretary of State for Political Affairs, Victoria Nuland, if there are biolabs in Ukraine. Nuland told Rubio, “Ukraine has biological research facilities, which in fact we are now quite concerned [that] Russian troops, Russian forces may be seeking to gain control of. So, we are working with the Ukrainians on how they can prevent any of those research materials from falling into the hands of Russian forces, should they approach.”

Two days later, Russian Defense Ministry spokesman Igor Konashenkov claimed that the U.S. funded biological weapons research in Ukraine for the “stealthy spread of deadly pathogens.”

On March 11, 2022, Russian Ambassador to the UN, Vasily Nebenzya, promoted the conspiracy at the United Nations. Nebenzya said that the U.S. had plotted to spread biological weapons using “migrating birds, bats, and insects.”

On Russian social media site, VK, news pages that support Russia’s military invasion of Ukraine claim that the U.S. secretly began to work with Ukraine on biological experiments in Kharkiv, Ukraine, in 2021.

Overwatch Findings

Overwatch research shows that Black and Veatch, founded in 1915, helped build biolabs in Ukraine through a contract with the Defense Threat Reduction Agency (DTRA). The mission of DTRA is to “enable the Department of Defense (DoD), The United States Government and International partners to counter and deter weapons of mass destruction (WMD) and emerging threats.”

Black and Veatch helped construct a biolab in Odessa, Ukraine. On the Black and Veatch website, the company says that “the new facility enhances the government’s existing disease surveillance systems to detect, report and respond to bioterrorism attacks, epidemics and potential pandemics.”

Through use of the Wayback Machine, analysts located additional data from Black and Veatch about the biolab in Odessa, designed to hold “especially dangerous pathogens.”

Black and Veatch said of the Odessa biolab, “The BSL-3 laboratory was specifically designed and constructed to support work with especially dangerous pathogens that can be naturally occurring or introduced through a bioterrorism attack. It serves as a central location for research, consolidation, and training on the proper handling of dangerous pathogens. The lab also provides the Ukrainian Ministry of Health a safe environment to confirm diagnosis of suspected dangerous pathogens, enhancing public health while deterring bioterrorism.”

Analysts note that a BSL-3 facility is the second highest biosafety level. According to Consolidated Sterilizer Systems, “a BSL-3 laboratory typically includes work on microbes that are either indigenous or exotic and can cause serious or potentially lethal disease through inhalation. Examples of microbes worked with in a BSL-3 includes yellow fever, West Nile virus, and the bacteria that causes tuberculosis.”

BSL-4 is the top level of biosafety. There are 60 BSL-4 labs globally, some of which are in the United States and Russia. Ukraine currently has no BSL-4 labs. Additional investigation into Black and Veatch shows a company with a global footprint, including having done business in Russia. In the 2007 report from the Office of Cooperative Threat Reduction to Congress, page 30 mentions that in 2005 the Russian Ministry of Defense implemented BV technology to further secure nuclear weapons awaiting dismantling.

According to Black and Veatch, “Black & Veatch led AICMS SRF to support Ministry of Defense of the Russian Federation (RF MOD) with enhanced capability to provide security, inventory, and control over Russia’s strategic and tactical nuclear weapons awaiting dismantlement. Black & Veatch constructed and equipped new AICMS secure facilities at 11 nuclear weapons storage sites across Russia using our proven EPC subcontractor management approach. ”

Possible Online Origin Point for the Bioweapons Conspiracy

Overwatch identified two articles that mention bioweapons development in Ukraine that predate the post on 4Chan by several years. The first article came from Topwar.ru, a popular pro-Russian military website, and the second from the Russian Institute for Strategic Studies (RISS), whose head is Mikhail Fradkov, the former Director of the Russian Foreign Intelligence Service (SVR).

In August 2013, Topwar.ru published an article in Russian translated as: American biolaboratories in Ukraine: Life-threatening. The article reads, in part, “And everything is quite simple: it is no secret that the Americans have long been trying to involve Ukraine in the implementation of their biological defense project. Therefore, we can say that Ukrainian and American interests in this case cannot coincide in any way, and Ukraine is just a convenient testing ground for testing especially dangerous infections, bred, moreover, in Ukrainian laboratories.”

In May 2014, the Russian Institute for Strategic Studies (RISS), published an article about biological military facilities in Ukraine. The author of the article, Dmitry Popov, wrote, “The United States is forming an expensive system of military biological facilities around Russia, which, according to Russian industry experts, directly threatens the national security of not only the Russian Federation, but also the states on whose territory American centers are located. Iran and China are also at risk.”

The articles from Topwar and RISS are the two earliest online points analysts identified regarding the conspiracy of bioweapons development in Ukraine.

OUR ASSESSMENT

We assess Black and Veatch’s construction of biolabs in Ukraine was for biosecurity and biosafety. A thorough review of Black and Veatch projects, publicly available information about DTRA’s operations and researching previous and current DTRA employees involved in projects in Eastern Europe did not return any findings suggesting that DTRA or Black and Veatch worked on an offensive bioweapons program in Ukraine. While the biolabs did deal with “deadly pathogens,” analysts did not locate any information indicating that they were used to develop bioweapons.

Overwatch analysts assess that the Russian state and China will continue to promote the bioweapons disinformation narrative in the digital space and could use it as a pretext for additional escalation in the region. Additionally, we foresee the Islamic Republic of Iran joining the disinformation campaign. These countries have a pattern of working together to undermine the United States, its allies, and partners. During the height of COVID-19, Russia, China, and Iran all accused the U.S. of building COVID-19 as a possible bioweapon.

We may see major social media platforms implement content moderation over the bioweapon’s disinformation narrative, flagging it as false information. Should platforms like Facebook and Twitter block the specified content, the Russian state will likely use the decision to push more disinformation about bioweapons, further accusing the U.S. of censoring the truth.

On March 7, 2022, a U.S. delegation in Caracas, led by Juan Gonzales, the White House’s National Security Council Senior Director for the Western Hemisphere, met with Venezuela’s contested President, Nicolas Maduro, and other Venezuelan officials.

According to La Patilla — one of Venezuela’s most prominent news outlets — the U.S. delegation discussed the possibility of easing oil sanctions on Venezuela. Based on reporting from the New York Times, the talks also led to the release of two American prisoners in Venezuela — Gustavo Cárdenas, and Jorge Alberto Fernández. Cardenas is an oil executive employed by Texas’ CITGO Petroleum Corporation, an indirect subsidiary of PVD Holding, which is owned by Venezuela’s state oil company — Petróleos de Venezuela (PDVSA). The U.S. Department of Treasury sanctioned PDVSA in 2019. Jorge Alberto Fernandez is a U.S.-Cuban dual citizen, imprisoned in Venezuela in February 2021.

With Venezuela having more oil reserves than any country, a potential return to trade relations between the United States and Venezuela could lower record-setting gas prices, currently at a national average of $4.17. However, capital from the U.S. to Venezuela could potentially go to funding terrorism, narcoterrorism, drug trafficking, or human rights abuses in the country. Such a policy shift between the U.S. and Venezuela could significantly impact the U.S. image on the world stage, leading to international condemnation of the United States for cooperating with Nicolas Maduro.

Venezuela’s Relationship with the Islamic Republic of Iran and Hezbollah

The Venezuelan government and the Islamic Republic of Iran (IRI) have cooperated since former Venezuelan President Hugo Chavez was in power. Chavez had a close relationship with former Iranian President Mahmoud Ahmadinejad. Through their relationship, Venezuela not only increased trade relations and economic ties but provided support and sanctuary to Hezbollah, a U.S. designated Foreign Terrorist Organization.

In a 2011 hearing before the Subcommittee on Counterterrorism and Intelligence, Roger Noriega, the former United States Assistant Secretary of State for Western Hemisphere Affairs, testified of Hezbollah’s presence in Venezuela. Noriega said, “Last spring, two Iranian Hezbollah operatives were conducting terror training on Venezuela’s Margarita Island for persons brought there from other countries in the region.”

Venezuelan state media refer to Hezbollah as a resistance movement, not a terrorist organization or criminal group.

More recently, Venezuela and the IRI are increasing economic ties.

Support for Narcoterrorism and Drug Trafficking

The Venezuelan government has a long history of working with former narcoterrorism groups like the Revolutionary Armed Forces of Colombia (FARC). Venezuela reportedly permitted FARC (a Colombian militant group, known for kidnapping, murder, extortion, terrorism, and drug running) to use its territory to conduct criminal and terrorist activity. The U.S. State Department delisted FARC as a Foreign Terrorist Organization in November 2021, a month later, designating the Revolutionary Armed Forces of Colombia – People’s Army (FARC-EP), which is led by former FARC leaders, as a terrorist group.

However, a year prior, the Department of Justice, indicted Maduro for allegedly partnering with the FARC to flood the U.S. with cocaine.

The indictment dated March 2020, against Maduro and 14 other high-profile Venezuelans, reads, in part, “Nicolas Maduro Moros, the defendant, helped manage and, ultimately, lead the Cartel de Los Soles as he gained power in Venezuela. Under the leadership of MADURO MOROS and others, the Cartel de Los Soles sought not only to enrich its members and enhance their power but also to “flood” the United States with cocaine and inflict the drug’s harmful and addictive effects on users in this country. Thus, whereas most drug-trafficking organizations in South and Central America have sought to recede from their roles in importing narcotics into the United States in an effort to avoid U.S. prosecution, the Cartel de Los Soles, under the leadership of Maduro Moros and others, prioritized using cocaine as a weapon against America and importing as much cocaine as possible into the United States.”

OUR ASSESSMENT

Reengaging in relations with the Venezuela state under Nicolas Maduro would negatively impact the United States’ reputation on the international stage, as Venezuela remains a close partner to Russia and is viewed as a rogue state by many nations. Additionally, the U.S.’s Latin American partners who see Venezuela as a threat to stability in the region and support Venezuela’s opposition leader, Juan Guaido, could become less supportive of U.S. policy in South America. The Chinese state, whose influence is growing in South America, would likely capitalize on any opportunity to develop stronger relations with a Latin American nation aggrieved at renewed cooperation between the U.S. and Maduro.

Any potential oil arrangement between the United States and Venezuela would face steep political opposition on Capitol Hill and could impact Latin American voting in Cuban and Venezuelan diaspora communities. Further, Venezuela could potentially use funds from the United States to facilitate its drug trafficking operations and support Iranian policy in South America or fund Hezbollah.

On February 24, 2022, Anonymous — a global collective of hackers — announced it was launching a cyber operation against Russian President Vladimir Putin and the Russian state for invading Ukraine. At 2:50 PM EST on February 24, 2022, an Anonymous Twitter account with 1.3 million followers tweeted, “The Anonymous collective is officially in cyberwar against the Russian government.”

Since February 2022, many other hackers have launched cyber offensives against Russia, targeting numerous entities, government departments, media, and social media platforms. Currently, most of what has taken place are DDoS (Distributed Denial of Service) attacks, which target a website’s ability to operate, penetrating its infrastructure with a flood of requests, effectively disrupting the website’s service.

However, there is potential for the cyberwar between hackers and Russia to escalate further, using malware on U.S. and European critical infrastructure, which could potentially disrupt utilities ranging from water to gas, or power. These types of attacks are the most severe cyberattacks and can result in a loss of life from the interruption of critical services.

Such attacks would likely trigger NATO’s Article 5, putting the alliance in a position to where it would be forced to respond, leading to a direct conflict with Russia. In February 2022, NATO Secretary-General Jens Stoltenberg said that cyberattacks against a NATO country could lead to triggering Article 5. Additionally, a NATO official who spoke to Reuters in February 2022, said that a cyberattack could trigger Article 5.

Overwatch spoke with three cyber security and hacking experts. First, Occupytheweb@three_cube is a pentester, forensic investigator, and skilled hacker who has trained members of the U.S. military and intelligence community on hacking skillsets. Second, a member of ATW, a team of hackers who have breached Chinese Communist Party systems and are now acting against Russia. Third, Mr. Ken Westin is a cyber security expert with 15+ years of experience in threat hunting, insider threat research, and vulnerability research.

Research

According to data on the dark web about Anonymous’ operations, the collective group of hackers has breached “Russian military databases, economic websites, Department of Information projects based in Russia, Russian TV channels, Russian telecommunications, Russian radio systems, in addition to Russian and Belarusian banks.”

Videos posted to social media show Russian TV interrupted and replaced with footage of the war in Ukraine and messages in support of Ukrainians.

According to the Ukrainian government, more than 400,000 people around the world have joined in a crowdsourced cyber offensive against the Russian state.

One of the most significant hacks of Russian state media was against The Russian News Agency (TASS). TASS, which has millions of monthly visitors, was breached with a message reading, “Dear citizens. We urge you to stop this madness, do not send your sons and husbands to certain death. Putin is forcing us to lie and is putting us in danger.”

As of the writing of this brief, the Russian state’s government website, government.ru, remains inaccessible, as well as the Moscow Stock Exchange website.

In addition, hackers against Russia’s invasion of Ukraine, set up a website, 1920.in, where people can send messages to random Russian phone numbers about the war in Ukraine.

Hackers are also using platforms like Shodan — a search engine that finds devices that are online globally — to identify and target vulnerabilities in Russian devices and systems that have lapsed on their security updates or may be easier to exploit.

Subject Matter Experts

Occupytheweb@three_cube

Occupytheweb@three_cube told Overwatch about the effectiveness of cyber operations against the Russian state. “From what we have been able to do so far, I think we have been reasonably successful. Nearly all websites ending .ru are unreachable. We have implemented one of the largest DDoS attacks in history. Over 100,000 participants have helped to flood all the Russian websites making them unavailable. This is a simple, brute force attack that can be very effective when you have the number of participants we have for a short period of time. Russia is preparing its defenses to this attack now. We expect a response soon.”

Occupytheweb@three_cube said that things could escalate with Russia, to where they target industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems. “I believe that Russia if they have their backs to a wall, will pull the trigger on all the backdoors they have in systems throughout the West nations from the SolarWinds hack and other compromises. Ultimately, both sides will likely pull the SCADA/ICS trigger if things escalate further. This could be devastating for all sides.”

“These are industrial systems that run everything from the electricity grid, water and sewer systems, refineries, manufacturing plants, etc. Russia shut down the electrical grid in Ukraine in 2014-2015 with the Blackenergy3 attack.”

Occupytheweb@three_cube said that private corporations’ SCADA/ICS systems could be vulnerable. “We know that Russia has SCADA/ICS-specific malware that we have detected in the past. Of course, the West has SCADA/ICS specific malware as well, but my research indicates that in the last 5 years the Russians have undertaken a concerted effort to improve their SCADA/ICS defenses, whereas, in the West, these systems are defended by private corporations whose interests and incentives often diverge from national security interests.”

When we asked what the overall goal was from the hacks, Occupytheweb@three_cube said the objective is similar to the economic sanctions imposed on Russia by NATO countries.

Pascal from ATW

Overwatch asked Pascal about the chances of Russia hitting SCADA/ICS systems in the U.S. or Europe. Pascal said, “Highly likely. Not by the likes of the FSB. More by the GRU (Russian Military Intelligence) SVR (Russian Foreign Intelligence Service). As someone who has worked in intelligence, I know that when countries allow civilians to act out online against a country, such as West Europe, the USA, etc. The Russians won’t take kindly for those actions and will likely try to do the same ‘hack-back’ type of attacks, which their country has faced.”

We also asked Pascal what kind of data he is seeing Russians keeping on U.S. entities. Pascal said, “This is the first time we’ve seen any external government and country data. I think that they have a lot deeper down online and on their RUNet intranet. Especially from the SolarWinds hacks. However, with their attacks on Ukrainian infrastructure, I feel that they could be clasping at straws. I base this belief off the fact that state-backed Russian APTs (Advanced Persistent Threat) are only using wiper malware and defacements to hack into Ukrainian infrastructure. If this country had a lot of resources, it could easily ruin the online world for Ukraine. Conclusion: I don’t see them having too much grease on US entities. However, this isn’t a reason to think that they aren’t capable of changing this.”

Ken Westin

Overwatch asked Westin how 400,000 hackers working on behalf of Ukrainian interests could impact Russia. He said, “I am not sure if the number is that high and of course, you are dealing with quite a spectrum of skill sets. The bulk of the offensive security actions against Russia by civilians has been mostly propaganda types of activities such as website defacement, TV broadcasts, maybe the occasional database compromise, but nothing on the cyber side that would affect things like the power grid or other services. Russia is also slowly shutting out the outside world, so it is getting more difficult to even gain access to networks inside Russia except through established proxies and backdoors.”

We also asked Westin where he sees the cyberwar in the next 30 days. Westin explained how even if Russia attacked infrastructure, it would play its hand, and threat intelligence would be quickly shared across a wide network, helping further mitigate the threat.

“Particularly as the U.S. has led the financial sanctions against Russia, it is highly likely that Russia sees the US financial system as well as the financial systems of NATO countries as a legitimate target, if things continue to escalate, we may see this shift to critical infrastructure. Something to remember is that when a nation or cybercriminal use a new exploit whether it’s a zero-day or a new attack technique, it reveals their hand, and threat intelligence is quickly shared across networks mitigating the new threat, so they usually hold these close to their chest and realize that with some they will only be used once.”

OUR ASSESSMENT

Cyber operations against the Russian state could potentially lead to further escalation with the hacking of ICS/SCADA systems and NATO triggering Article 5. Further, analysts assess that NATO allies with less robust cyber security infrastructure in place may find their critical infrastructure targeted by ransomware gangs affiliated with the Russian government. However, these attacks are unlikely to trigger a significant response from NATO.

Overwatch also assesses Russian hackers may retaliate to the defacing of Russian media websites and the disruption of Russian TV channels with a tit for tat response, attacking U.S. and European media sites in addition to telecommunication mediums, broadcasting messaging in support of the Kremlin’s invasion of Ukraine.

Should hackers turn to more advanced cyberweapons like malware and viruses, the impact could transcend Russian or Ukrainian borders, leading to a broader conflict on the world stage. Additionally, after the malware is open to use, individual hackers or hacking groups can obtain the software and weaponize it further to use against countries, states, or other entities.

Further, as hackers united in their efforts against the Russian state and in support of Ukraine, analysts foresee a potentially similar response to the Chinese state, should it invade Taiwan in the future. As the age of cyber warfare evolves, we may see more significant activities affect geopolitical relations outside of diplomatic procedures. This involvement will participate in more non-kinetic operations to set favorable conditions and achieve strategic objectives. In 2003, the PRC Central Military Commission (CMC) introduced their “Three Warfares” framework. This framework included “Strategic Psychological Operations, Overt and Cover media Manipulations, and Exploitation of National and International Legal Systems”.

Overwatch will continue to monitor such events through OSINT and provide forward-thinking assessments on how they may impact other global interests.

On February 25, 2022, President Joe Biden announced Ketanji Brown Jackson as his Supreme Court nominee. From 2013 to 2021, former President Barack Obama nominated Jackson to serve as a judge on the United States District Court for the District of Columbia. In addition, she has served as a United States Circuit Court Judge since June 2021.

If confirmed, Jackson will replace retiring Supreme Court Associate Justice Stephen Breyer and be the first African American woman to serve on the Supreme Court of the United States.

Jackson’s nomination to the Supreme Court follows through on President Biden’s promise to appoint an African American woman to the highest judicial authority in the United States. With Jackson on the bench, civil rights groups, gun control groups, and public-sector unions see somebody representing their interests and who will likely rule in line with left-leaning policies.

Overwatch performed an Echo Check Plus into Jackson to dive deeper into her history as a lawyer and judge for this brief.

Jackson’s Background and Education

Jackson, a D.C. native, was raised in Miami, Florida. Jackson graduated from Miami Palmetto Senior High School in Pinecrest, Florida, in 1988. At Miami Palmetto, Jackson’s mentor was Francine Berger, an award-winning speech and debate coach. From 1988-1992 Jackson attended Harvard University, earning her B.A.

Also, from 1992 to 1993, she worked at Time Magazine, writing about various subjects, including rising prices on pharmaceutical drugs, the ACLU, Rodney King, and Coca Cola advertising. In 1996, Jackson attended Harvard Law, where she received her Juris Doctor.

Law Firm Experience

From 1994 to 2010, Jackson worked for the following law firms:

• Kirkland and Ellis, LLP – the largest law firm in the U.S. by revenue
• Miller Cassidy LaRocca & Lewin, LLP – no longer in operation
• The Law Office of Nan Elder
• Ropes and Gray, LLP. – a global firm with 1,400 attorneys
• Goodwin Procter, LLP – one of the world’s largest law firms
• Feinberg Rozen, LLP
• Morrison and Foerster, LLP – which has over 1,000 attorneys

Research into each law firm and Jackson did not return any concerning data.

Jackson and Guantanamo Bay Detainees

In 2007, Jackson was a member of the Center for Constitutional Rights (CCR) Guantanamo Global Justice initiative. As a member of the CCR’s initiative, she filed habeas corpus petitions on behalf of Guantanamo Bay detainees.

While it is unclear at what date Jackson represented former Taliban Intelligence Chief, Khi Ali Ghul, he was one of her clients while she was a public defender in Washington D.C.

The Fraternal Order of Police on Jackson’s Nomination

The Fraternal Order of Police (FOP) is the law enforcement labor organization and assesses that Jackson, would rule justly.

On February 25, 2022, the FOP wrote, “From our analysis of Judge Jackson’s record and some of her cases, we believe she has considered the facts and applied the law consistently and fairly on a range of issues.  There is little doubt that she has the temperament, intellect, legal experience, and family background to have earned this appointment.  We are reassured that, should she be confirmed, she would approach her future cases with an open mind and treat issues related to law enforcement fairly and justly.”

Judge Jackson’s Positions on Various Issues

In the 2019 case, MAKE THE ROAD NEW YORK, et al., Plaintiffs, v. Kevin MCALEENAN, Acting Secretary of the Department of Homeland Security, et al., Defendants, Jackson ruled that the Department of Homeland Security could not broaden deportation without a court hearing.

Jackson has received endorsements from the U.S.’s top gun control organizations, Everytown for Gun Safety, Giffords Law Center, and the Brady Center to Prevent Gun Violence. However, researching Jackson’s views on the 2^nd amendment, did not return any data suggesting what her legal opinion is on the issue.

Judge Jackson has yet to rule on a case relating to abortion, which 1 in 4 voters see as a key issue. She was endorsed by Planned Parenthood on February 25, 2022. Planned Parenthood wrote, “Now more than ever, we need a Supreme Court justice who understands the impact of the court’s rulings on people — particularly on reproductive and LGBTQ+ rights — and the importance of protecting individual liberties for generations to come.”

In February 2022, Judge Jackson ruled against a Trump Administration policy, which limited the collective bargaining power of federal labor unions.

According to greenmatters.com, Jackson does not appear to have a strong opinion on environmental issues like President Joe Biden and his cabinet. She has ruled both in favor and against environmental causes.

OUR ASSESSMENT

Judge Jackson may face some opposition during confirmation hearings due to her time as a public defender and her support for the habeas corpus of GITMO detainees. Judge Jackson has never ruled on gun rights, voting rights, or abortion — all key voting issues to Americans — so analysts cannot determine how she sides with the court. Further, as Jackson appears somewhat indifferent to environmental issues, it remains to be seen whether she supports climate change policies should she be confirmed.

Jackson, who was endorsed by 12 public-sector unions, will likely be seen as an ally. The conservative majority on the bench will present consistent opposition should Jackson be confirmed.

A review of open-source data sets revealed no inflammatory or concerning commentary from Jackson. Our analysts found no significant digital footprint or social media presence for Jackson. Her lack of digital footprint and social media presence may indicate an attempt to maintain her impartiality in the eyes of constitutional law.

A massive convoy of semi-trucks and other vehicles is scheduled to arrive in Washington, D.C. on March 5, 2022. The truckers and supporters are part of an activist group called The People’s Convoy, inspired by truckers in Canada protesting COVID-19 mandates.

Details On the People’s Convoy

On February 28, 2022, the People’s Convoy made its way through Oklahoma.

The People’s Convoy, formerly known as the — US Freedom Convoy Ottawa D.C. 2020, set out on its mission on February 23, 2022, from Adelanto, California. Its participants are demanding that the United States government lift Proclamation 9994, the Declaration of National Emergency Regarding the COVID-19 Pandemic. Their Facebook group has over 260k members.

The People’s Convoy organizers see COVID-19 mandates as unconstitutional and a threat to their freedom. Additionally, the group insists that it is law-abiding. According to open-source research, there are thousands of vehicles in the caravan.

The American Foundation for Civil Liberties and Freedom along with the Unity Project are official partners of the People’s Convoy.

The convoy has held rallies in the U.S. since its February 23 launch day, primarily protesting COVID-19 mandates. Thus far, the People’s Convoy has raised over 1 million dollars.

Maureen Steele is the national organizer for The People’s Convoy. In her interviews, Steele discusses how they are battling tyranny, how she talks to truckers in Canada regularly, and how they want congressional hearings on the COVID-19 pandemic. Brian Brase, the co-organizer for the People’s Convoy, echoes similar sentiments for the group as Steele.

Reviewing the People’s Convoy on Social Media

Our analysis of the People’s Convoy Facebook pages and supporting pages on other social media platforms shows that supporters generally have conservative and libertarian views. In addition, there have also been some posts supportive of QAnon’s conspiracies and conspiracies about the war in Ukraine. However, there are also posts about how truckers can buy the Ukrainian flag to support Ukraine’s fight against the Russian Federation.

Analysts also note that people who want to become members of the group can easily join. A lack of verification leaves these Facebook groups open to scams from bots and fraudsters.

For example, in one of the groups, Facebook user, Chester Wun, is offering $500 gift cards to truckers who make short videos about their community.

A review of Mr. Wun’s Facebook page indicates minimal activity and no posts about truckers. In addition, queries about the group, Honk, return no relevant data, suggesting Wun attempts to scam users in the group.

Further, in the People’s Convoy Official Facebook group, members are joining every minute. Overwatch notes that the bot accounts can quickly enter the group because there is no verification system in place.

In the Freedom Convoy USA (2022) IN group, user Lucy Molly fraudulently claimed to be making $3,000 a day and provided her Telegram account so people could reach out to find how to replicate her income for themselves.

The tactic used by Lucy is like other fraudsters on social media, promising social media users major financial returns for limited work.

Other Trucker Convoy Groups

In early February 2022, Facebook removed a group from its platform called Convoy to D.C. 2022 for promoting QAnon conspiracy theories, which violates the website’s terms of service.

Also, in February 2022, another group called the Freedom Convoy intended to drive across the country and congest traffic in Washington D.C. on March 1, 2022, during President Biden’s State of the Union speech. That group, however, did not receive the support it intended, and decided to abandon its plans for D.C. Open-source research indicates that some people participating in the Freedom Convoy chose to join the People’s Convoy.

A Brief Overview of What Happened in Canada

From January 28, 2022, through February 2022, truckers in Ottawa, Canada, protested COVID-19 mandates, with some participants blocking trade routes. The protest, which began on January 28, 2022, cost Ottawa 30 million dollars.

As a result of the protests, Canadian Prime Minister Justin Trudeau declared a national public order emergency on February 14, 2022. The order gave Trudeau the authority to freeze the bank accounts of people involved in the protest and remove the blockades obstructing trade routes.

OUR ASSESSMENT

The People’s Convoy has no intention of entering downtown Washington D.C., which indicates that the caravan’s appearance in the nation’s capital will likely cause little controversy. The organizers say they won’t enter Downtown D.C., so they do not impede emergency services or raise significant security concerns similar to the January 6, 2021 protests and riots at the Capitol building.

However, analysts note that other trucker convoy offshoots could potentially join the People’s Convoy before March 5, 2022, arrive in D.C., and congest traffic, which correlates with the disbanded Freedom Convoy’s initial goals. Such a situation could create an incident in Washington D.C., which leads to a response from law enforcement or other authorities.

After reviewing dozens of live streams from truckers participating in the People’s Convoy, analysts assess the level of risk to D.C. as low on March 5, 2022. We saw no indicators of support for violence or unlawful behavior.

The People’s Convoy will receive mixed press coverage between now and March 5, 2022, when the convoy arrives in the vicinity of Washington D.C. Conservative opinion personalities and media outlets will leverage this demonstration as an outward cry from American citizens to restrain the government’s implied over-reach of power infringing on constitutional rights and civil liberties. Liberal media outlets and personalities will cover this event with the characterization that the participants are synonymous with the January 6, 2021, rioters that violated the law by illegally entering the Capitol grounds, vandalizing the building, and stealing property.