Today's D Brief: POTUS in Rome; SOUTHCOM's big day; SIGAR's new report; Russian hacker charged in Ohio; And a bit more.

POTUS46’s Euro trip begins today in Italy. U.S. President Joe Biden started his weekend abroad with a stop today in Vatican City, where he and the First Lady met with Pope Francis for about 90 minutes. Next up, Biden plans to visit with Italy’s President Sergio Mattarella and Prime Minister Mario Draghi. 

Biden later chats with French President Emmanuel Macron in their first face-to-face meeting since they spoke on the sidelines of the G7 summit in Brussels back in June. And that comes about five weeks since the submarine row that delighted Australian officials at the expense of the French. 

By the way: Biden is reportedly “prepared to bolster France’s counterterrorism efforts in Africa” with drones and reconnaissance aircraft, the New York Times reported Thursday. 

Biden is also expected to at last support Macron’s desired European military force as “a separate but complementary pillar to NATO,” according to the Times’ Roger Cohen and Helene Cooper. Read on, here.

Next: The two-day G20 summit begins Saturday in Rome. There, Biden plans to discuss “resuming negotiations for a return to the JCPOA” with his British, French, and German counterparts Boris Johnson, Macron, and Angela Merkel. 

On Sunday, Biden wants to talk about global supply chains and pandemic recovery efforts, according to the White House’s preview. 

Then it’s off to Glasgow on Monday to talk about the climate at the 26th Conference of the Parties to the UN Framework Convention on Climate Change (aka COP26) before catching a return flight back to the states on Tuesday.

From Defense One

How Facebook Failed the World // Ellen Cushing, The Atlantic: Company officials know that their products facilitate violent cartels, ethnic cleansing, and extremist rhetoric. They also know they are not doing enough to stop this.

Don’t Assume the US Will Fight China and Russia One at a Time // Bradley Bowman, Zane Zovak, and John Hardie: Beijing and Moscow are boosting their strategic coordination along with their militaries.

Welcome to this Friday edition of The D Brief from Ben Watson with Jennifer Hlad. If you’re not already subscribed to The D Brief, you can do that here. On this day in 1918 and after more than four years of war with their neighbors, German sailors aboard at least two ships mutinied, asking for “peace and bread” due to wartime shortages. Their protest would quickly spread across the country and trigger the German revolution, which soon toppled the monarchy on November 9, just two days before Armistice Day.

SOUTHCOM gets a new leader. Defense Secretary Lloyd Austin and Joint Chiefs Chairman Army Gen. Mark Milley are in Florida today for a change of command ceremony at U.S. Southern Command, near Miami.
Outgoing: Navy Adm. Craig Faller, who will retire after more than four decades of service.
Incoming: Army Gen. Laura Richardson, who last commanded U.S. Army North. Catch the ceremony’s livestream at 1 p.m. ET on DVIDS, here.
This afternoon in D.C., climate change and the Pentagon will be the focus of a virtual event hosted by New America, and featuring Under Secretary of Defense for Policy Colin Kahl, as well as the Defense Department’s Senior Climate Advisor Joseph Bryan. That gets underway at 1:30 p.m. ET. Details, here.

New U.S. aid for Afghanistan: The White House says it will give $144 million in new humanitarian aid to Afghans in need, National Security Council spokesperson Emily Horne said in a statement Thursday. The new money will be routed “through independent humanitarian organizations who provide support directly to more than 18.4 million vulnerable Afghans... including Afghan refugees in neighboring countries,” Horne said.
The announcement comes just days after a stark U.N. World Food Program and U.N. Food and Agriculture Organization report projected that more than half of Afghanistan’s people would see “high levels of acute food insecurity” in the next five months. The new assistance “brings total U.S. humanitarian aid in Afghanistan and for Afghan refugees in the region to nearly $474 million in 2021, the largest amount of assistance from any nation,” according to Horne.

America’s Afghan war watchdog just issued another quarterly report to Congress. And it won’t be the last we hear from John Sopko and his team at Special Inspector General for Afghanistan Reconstruction.
Among the findings: 

• The day before the government collapsed on August 14, there were 112,924 Afghan National Police who had reported for duty—or more than 93% of the force. 
• The U.S. recouped about $141 million of about $356 million in training contracts for the year, which of course was cut short when Kabul fell and the Taliban took control.
• The U.S. transferred Bagram and Kandahar Air Bases to the (now defunct) Afghan National Defense and Security Forces, which was among more than a billion dollars in property given over to the Afghans in 2021. Bagram alone was valued at over $565.84 million, and KAF was listed at $130.19 million. 

Said Sopko: “We owe all who served in Afghanistan—as well as the American taxpayer—an accurate accounting of why the 20-year U.S. mission in Afghanistan ended so abruptly, with so little to show for it.” And that’s his next assignment, with five specific goals Congress has tasked him with, including uncovering: 

1. “the factors leading to the collapse of the Afghan government”; 
2. “the factors leading to the collapse of the ANDSF”;
3. “the status of U.S. funding appropriated or obligated for reconstruction programs”;
4. “the extent of Taliban access to U.S. assistance, equipment, or weapons provided to the Afghan government”; 
5. and “The status of potential risks to the Afghan people and civil society...resulting from the Taliban’s return to power.” Read over SIGAR’s latest report in full (PDF), here.

A 38-year-old Russian hacker was extradited from South Korea to Ohio where he had his first day in court Thursday as an alleged cyber criminal. His name is Vladimir Dunaev, and he’s accused of participating in a range of intrusions over a nearly five-year period beginning in November 2015. If convicted, he could face as many as 60 years in prison.
Dunaev is alleged to have been a developer for what’s called Trickbot malware, which operated out of Russia, Belarus, Ukraine, and Suriname. It was a job that saw Dunaev “managing the malware’s execution, developing popular browser modifications and helping to conceal the malware from detection by security software,” according to the Department of Justice. The group’s victims spanned the U.S., U.K., Belgium, Germany, Australia, Canada, Italy, Spain, India, Mexico, and Russia.
Several public schools across Vermont and Ohio were even hit in a series of operations that frequently yielded payouts of more than $100,000; in almost half a dozen instances, the payouts were closer to $500,000. 
Helping inform this case: A 55-year-old Latvian woman in the Trickbot Group who was arrested in Miami this past February and served with a 47-count indictment four months later.
About their malware: It “was designed to capture online banking login credentials and harvest other personal information, including credit card numbers, emails, passwords, dates of birth, social security numbers, and addresses from infected computers through the use of web injects and keystroke logging,” the Justice Department said in its statement. “The defendants used these stolen login credentials and other personal information to gain access to online bank accounts, execute unauthorized electronic funds transfers, and launder the money through U.S. and foreign beneficiary accounts.” More here.

And lastly this week: Hats off to German authorities and journalists who this week were seemingly able to identify a key member of the ransomware group REvil, formerly known as Gandcrab and also known as Sodinokibi. His name is Nikolay K., and his yacht and a particularly expensive watch were among the items that helped journalists identify Nikolay from his social media posts.
What’s going on: “Criminals can apply with the group to use [its] software for a fee to be paid in cryptocurrency, a model called ‘ransomware as a service.’ And Nikolay K. is apparently among those to whom such criminal rental payments are made.”
Why would German authorities even talk about this case? In part because some are reportedly “frustrated by the lack of cooperation from other countries and believe that more political pressure is necessary to finally change the situation.”
Now what? “An arrest warrant has already been prepared” in Germany. “But Nikolay K. apparently no longer travels outside of [Russia, his home country] and seems to have spent his last vacation in Crimea.” Full story at Die Zeit (in English), here.

Have a safe weekend, everyone. And we’ll see you again on Monday!