Hat tip to NSA FBI for Cracking Drovorub

The National Security Agency and the FBI are jointly exposing malware that they say Russian military hackers use in cyber-espionage operations.

Hackers working for Russia’s General Staff Main Intelligence Directorate’s 85th Main Special Service Center, military unit 26165, use the malware, which the Russians themselves call “Drovorub,” to target Linux systems, the NSA and FBI said Thursday in a detailed report.

The hackers, also known as APT28 or Fancy Bear, allegedly hacked the Democratic National Committee in 2016 and frequently target defense, government, and aerospace entities. The Russian military agency is also known as the GRU.

FBI e NSA descobrem novo malware Linux chamado Drovorub ...

While the alert does not include specific details about Drovorub victims, U.S. officials did say they published the alert Thursday to raise awareness about state-sponsored Russian hacking and possible defense sector vulnerabilities. The disclosure comes just months before American voters will conduct a presidential election.

“Information in this Cybersecurity Advisory is being disclosed publicly to assist National Security System owners and the public to counter the capabilities of the GRU, an organization which continues to threaten the United States and U.S. allies as part of its rogue behavior, including their interference in the 2016 U.S. Presidential Election,” the NSA and FBI said in the report.

The U.S. intelligence community has assessed that multiple foreign governments may “seek to compromise our election infrastructure.” It was not clear if the Russian hackers were using Drovorub malware in any ongoing interference efforts related to the 2020 presidential elections.

The NSA and FBI urged national security personnel, including the U.S. Department of Defense, to be on the alert for Drovorub attacks.

“The malware represents a threat because Linux systems are used pervasively throughout National Security Systems, Department of Defense, and the Defense Industrial Base,” the statement said. “All stakeholders should take action as appropriate.”

The announcement comes nearly one year after the NSA stood up a new cybersecurity directorate aimed at sharing more adversary threat intelligence with the public, and in recent weeks the NSA has worked to expose a spate of Russian campaigns, including Russian hackers’ efforts to target coronavirus research.

Senior Vice President of Intelligence at CrowdStrike, Adam Meyers, told CyberScoop the release shows these hackers are not easily deterred.

“Most importantly it demonstrates that FANCY BEAR has more tools and capabilities that are still being identified. This actor didn’t pack up and go home, they still have tricks up their sleeve,” Meyers told CyberScoop, adding that the news should raise alarm bells about Linux security. “Another important take away is that Linux is an area that organizations need to keep in mind from a malware perspective, many have not invested in similar security tools for this platform as they have for user platforms.”

Attacks employing Drovorub may be linked with previous Russian military efforts against connected devices, according to the NSA and the FBI. An APT28 attack that Microsoft security researchers identified last year against devices such as an office printer or a VOIP phone, for instance, was linked with an IP address that has also been used to access the Drovorub command and control IP address, the NSA and FBI said.

In such attacks, the hackers appeared interested in exploiting so-called internet of things devices in order to gain access to broader networks, other insecure accounts, and sensitive data, according to Microsoft.

The joint NSA and FBI release also has the effect of alerting the Russian government that U.S. officials are capable of tracking some of their work. The 780th Military Intelligence Brigade, which currently works with the Pentagon’s offensive cyber arm, Cyber Command, tweeted information out about the malware, and tagged a state-funded media outlet, RT, to flag the news for them.

The Drovorub malware consists of several components, the NSA and the FBI said, including an implant, a kernel module rootlet, a file transfer tool, and an attacker-controlled command and control server.

“When deployed on a victim machine, the Drovorub implant (client) provides the capability for direct communications with actor-controlled C2 infrastructure; file download and upload capabilities; execution of arbitrary commands as ‘root’; and port forwarding of network traffic to other hosts on the network,” the NSA and FBI said.

More detail for zdnet:

“Technical details released today by the NSA and FBI on APT28’s Drovorub toolset are highly valuable to cyber defenders across the United States.”

To prevent attacks, the agency recommends that US organizations update any Linux system to a version running kernel version 3.7 or later, “in order to take full advantage of kernel signing enforcement,” a security feature that would prevent APT28 hackers from installing Drovorub’s rootkit.

The joint security alert [PDF] contains guidance for running Volatility, probing for file hiding behavior, Snort rules, and Yara rules — all helpful for deploying proper detection measures.

Some interesting details we gathered from the 45-page-long security alert:

  • The name Drovorub is the name that APT28 uses for the malware, and not one assigned by the NSA or FBI.
  • The name comes from drovo [дрово], which translates to “firewood”, or “wood” and rub [руб], which translates to “to fell”, or “to chop.”
  • The FBI and NSA said they were able to link Drovorub to APT28 after the Russian hackers reused servers across different operations. For example, the two agencies claim Drovorub connected to a C&C server that was previously used in the past for APT28 operations targeting IoT devices in the spring of 2019. The IP address had been previously documented by Microsoft.

Seizure of Three Terror Finance Cyber-Enabled Campaigns

Global Disruption of Three Terror Finance Cyber-Enabled Campaigns

Largest Ever Seizure of Terrorist Organizations’ Cryptocurrency Accounts

The Justice Department today announced the dismantling of three terrorist financing cyber-enabled campaigns, involving the al-Qassam Brigades, Hamas’s military wing, al-Qaeda, and Islamic State of Iraq and the Levant (ISIS).  This coordinated operation is detailed in three forfeiture complaints and a criminal complaint unsealed today in the District of Columbia.  These actions represent the government’s largest-ever seizure of cryptocurrency in the terrorism context.

These three terror finance campaigns all relied on sophisticated cyber-tools, including the solicitation of cryptocurrency donations from around the world.  The action demonstrates how different terrorist groups have similarly adapted their terror finance activities to the cyber age.  Each group used cryptocurrency and social media to garner attention and raise funds for their terror campaigns.  Pursuant to judicially-authorized warrants, U.S. authorities seized millions of dollars, over 300 cryptocurrency accounts, four websites, and four Facebook pages all related to the criminal enterprise.

Funds successfully forfeited with a connection to a state sponsor of terrorism may in whole or in part be directed to the United States Victims of State Sponsored Terrorism Fund (http://www.usvsst.com/) after the conclusion of the case.

“It should not surprise anyone that our enemies use modern technology, social media platforms and cryptocurrency to facilitate their evil and violent agendas,” said Attorney General William P. Barr.   “The Department of Justice will employ all available resources to protect the lives and safety of the American public from terrorist groups.  We will prosecute their money laundering, terrorist financing and violent illegal activities wherever we find them.  And, as announced today, we will seize the funds and the instrumentalities that provide a lifeline for their operations whenever possible.  I want to thank the investigators from the Internal Revenue Service, Department of Homeland Security, Federal Bureau of Investigation, and the prosecutors from the D.C. United States Attorney’s Office and National Security Division for their hard and innovative work in attacking the networks that allow these terrorists to recruit for and fund their dangerous actions.”

“Terrorist networks have adapted to technology, conducting complex financial transactions in the digital world, including through cryptocurrencies. IRS-CI special agents in the DC cybercrimes unit work diligently to unravel these financial networks,” said Secretary of the Treasury Steven T. Mnuchin.  “Today’s actions demonstrate our ongoing commitment to holding malign actors accountable for their crimes.”

“The Department of Homeland Security was born after the September 11, 2001 terrorist attacks and, nearly 20 years later, we remain steadfast in executing our critical mission to safeguard the American people, our homeland, and our values,” said Acting Secretary of Homeland Security Chad F. Wolf.  “Today’s announcement detailing these enforcement actions targeting foreign terrorist organizations is yet another example of the Department’s commitment to our mission. After launching investigations that identified suspected online payments being funneled to and in support of terrorist networks, Homeland Security Investigations skillfully leveraged their cyber, financial, and trade investigative expertise to disrupt and dismantle cyber-criminal networks that sought to fund acts of terrorism against the United States and our allies.  Together with our federal law enforcement partners, the Department will utilize every resource available to ensure that our Homeland is and remains secure.”

“These important cases reflect the resolve of the D.C. United States Attorney’s Office to target and dismantle these sophisticated cyber-terrorism and money laundering actors across the globe,” stated Acting United States Attorney Michael R. Sherwin.  “While these individuals believe they operate anonymously in the digital space, we have the skill and resolve to find, fix and prosecute these actors under the full extent of the law.”

“IRS-CI’s ability to trace funds used by terrorist groups to their source and dismantle these radical group’s communication and financial networks directly prevents them from wreaking havoc throughout the world,” said Don Fort, Chief, IRS Criminal Investigation.  “Today the world is a safer place.”

“As the primary law enforcement agency charged with defeating terrorism, the FBI will continue to combat illicit terrorist financing regardless of platform or method employed by our adversaries,” said FBI Director Christopher Wray. “As demonstrated by this recent operation, the FBI remains committed to cutting off the financial lifeblood of these organizations that seek to harm Americans at home and abroad.”

“Homeland Security Investigations continues to demonstrate their investigative expertise with these enforcement actions,” said ICE Deputy Director and Senior Official Performing the Duties of the Director Matthew T. Albence.  “Together with law enforcement partners, HSI has utilized their unique authorities to bring to justice those cyber-criminal networks who would do us harm.”

Al-Qassam Brigades Campaign

The first action involves the al-Qassam Brigades and its online cryptocurrency fundraising efforts.  In the beginning of 2019, the al-Qassam Brigades posted a call on its social media page for bitcoin donations to fund its campaign of terror.  The al-Qassam Brigades then moved this request to its official websites, alqassam.net, alqassam.ps, and qassam.ps.

al_qassam_1

The al-Qassam Brigades boasted that bitcoin donations were untraceable and would be used for violent causes.  Their websites offered video instruction on how to anonymously make donations, in part by using unique bitcoin addresses generated for each individual donor.

al_qassam_2

 

However, such donations were not anonymous.  Working together, IRS, HSI, and FBI agents tracked and seized all 150 cryptocurrency accounts that laundered funds to and from the al-Qassam Brigades’ accounts.  Simultaneously, law enforcement executed criminal search warrants relating to United States-based subjects who donated to the terrorist campaign.

With judicial authorization, law enforcement seized the infrastructure of the al-Qassam Brigades websites and subsequently covertly operated alqassam.net.   During that covert operation, the website received funds from persons seeking to provide material support to the terrorist organization, however, they instead donated the funds bitcoin wallets controlled by the United States.

The United States Attorney’s Office for the District of Columbia also unsealed criminal charges for two Turkish individuals, Mehmet Akti and Hüsamettin Karataş, who acted as related money launderers while operating an unlicensed money transmitting business.

Al-Qaeda Campaign

The second cyber-enabled terror finance campaign involves a scheme by al-Qaeda and affiliated terrorist groups, largely based out of Syria.  As the forfeiture complaint details, these terrorist organizations operated a bitcoin money laundering network using Telegram channels and other social media platforms to solicit cryptocurrency donations to further their terrorist goals.  In some instances, they purported to act as charities when, in fact, they were openly and explicitly soliciting funds for violent terrorist attacks.  For example, one post from a charity sought donations to equip terrorists in Syria with weapons:

al_qaeda

Undercover HSI agents communicated with the administrator of Reminder for Syria, a related charity that was seeking to finance terrorism via bitcoin donations.  The administrator stated that he hoped for the destruction of the United States, discussed the price for funding surface-to air missles, and warned about possible criminal consequences from carrying out a jihad in the United States.

Posts from another Syrian charity similarly explicitly referenced weapons and extremist activities:

al_qaeda_2
al_qaeda_3.

Al-Qaeda and the affiliated terrorist groups together created these posts and used complicated obfuscation techniques, uncovered by law enforcement, to layer their transactions so to conceal their actions.  Today’s complaint seeks forfeiture of the 155 virtual currency assets tied to this terrorist campaign.

ISIS Campaign

The final complaint combines the Department’s initiatives of combatting COVID-19 related fraud with combatting terrorism financing.  The complaint highlights a scheme by Murat Cakar, an ISIS facilitator who is responsible for managing select ISIS hacking operations, to sell fake personal protective equipment via FaceMaskCenter.com (displayed below)

isis_1.

The website claimed to sell FDA approved N95 respirator masks, when in fact the items were not FDA approved.  Site administrators claimed to have near unlimited supplies of the masks, in spite of such items being officially-designated as scarce.  The site administrators offered to sell these items to customers across the globe, including a customer in the United States who sought to purchase N95 masks and other protective equipment for hospitals, nursing homes, and fire departments.

The unsealed forfeiture complaint seized Cakar’s website as well as four related Facebook pages used to facilitate the scheme.  With this third action, the United States has averted the further victimization of those seeking COVID-19 protective gear, and disrupted the continued funding of ISIS.

The claims made in these three complaints are only allegations and do not constitute a determination of liability.  The burden to prove forfeitability in a civil forfeiture proceeding is upon the government.  Further, charges contained in criminal complaint are merely allegations, and the defendants are presumed innocent unless and until proven guilty beyond a reasonable doubt in a court of law.

IRS-CI Cyber Crimes Unit (Washington, D.C.), HSI’s Philadelphia Office, and FBI’s Washington D.C., New York, and Los Angeles field offices are investigating the case. Assistant U.S Attorneys Jessi Camille Brooks and Zia M. Faruqui, and National Security Division Trial Attorneys Danielle Rosborough and Alexandra Hughes are litigating the case, with assistance from Paralegal Specialists Brian Rickers and Bria Cunningham, and Legal Assistant Jessica McCormick.  Additional assistance has been provided by Chainalysis and Excygent.

ACLU Calls for Dissolving DHS

Any of these organizations calling for a restoration of law and order yet? Biden or Harris? Nah, but read on….

Primer:

A judge in Portland, Ore., is proposing that the uniforms of federal agents responding to long-running protests and unrest in that city be emblazoned with easily visible numbers so officers can be easily identified if they commit abuses.

U.S. District Court Judge Michael Simon aired the suggestion Friday in connection with a lawsuit he’s overseeing that accuses city police and federal law enforcement officers of unjustified use of force against journalists and legal observers monitoring the protests, which have centered in recent weeks on the main federal courthouse in Portland.

“I do think it might be appropriate to require any federal law enforcement officer who steps out of the federal courthouse building to wear a unique identifying code,” Simon said during a 90-minute teleconference with lawyers involved in the case. “I’m taking this very, very seriously.”

The judge said he was considering ordering that federal agents — including scores of officers the Trump administration dispatched to the city from across the country — wear numbers about 8 inches high that would make it easier to assess whether some officers are violating a temporary restraining order the court issued last week.

Simon said he was thinking of something like the jerseys professional sports players wear, minus the names, which he said would expose law enforcement officers to the threat of doxing by the public.

The judge’s restraining order bars law enforcement from targeting journalists or legal observers and also gives those categories of individuals the right to remain in areas even if authorities require the general public to disperse because of riotlike conditions. More here.

*** https://s.abcnews.com/images/US/portland-protest-officer-rt-jt-200718_1595087284472_hpMain_16x9_992.jpg Note police on the uniforms

So, we now have judges that condemn the actions of law enforcement while the judges never seem to ask questions of Soros DA’s not prosecuting the militants in these cities. And the ACLU is for the most part taking the same position without consideration to all the work and departments within DHS.

*** https://pyxis.nymag.com/v1/imgs/103/7d8/36268f7317b3d89f028b34d88ac4725d66-portland-troops.1x.rsocial.w1200.jpg Note here he has identifiers.

The American Civil Liberties Union on Monday called for the dissolution of the Department of Homeland Security, calling it a “fail[ed] experiment” that has become a “badge of shame” under President Trump.

“Nearly 20 years of abuse, waste, and corruption demonstrate the failure of the DHS experiment. Many knew DHS to be an ineffective superagency, but President Trump has converted DHS into our government’s most notable badge of shame,” the organization said in a series of tweets Monday.

“Dismantling DHS, breaking it apart into various federal agencies, and shrinking its federal budget will allow for more effective oversight, accountability and public transparency,” it added.

The organization linked to a USA Today op-ed by executive director Anthony Romero that specifically cites the “unlawful and shocking” deployment of DHS personnel to Portland, Ore.

In the op-ed, Romero noted several former DHS and national security officials who have expressed dismay at the recent trajectory of the department.

Former Secretaries Tom Ridge and Michael Chertoff have both criticized the Portland deployment, while former White House counterterrorism adviser Richard Clarke has called for DHS to be dismantled.

In addition, Romero wrote that DHS is an “ineffective superagency” made up of 22 different agencies with contradictory mandates.

“Dismantling DHS, breaking it apart into various federal agencies, and shrinking its allocation of federal dollars will allow for more effective oversight, accountability and public transparency,” he wrote.

DHS was set up by Congress after the Sept. 11, 2001, attacks. The idea at the time was to increase the importance of homeland security by unifying various parts of the government under one umbrella.

But criticism of DHS has increased over the years, and particularly over the last few months amid reports of federal police in unmarked vans detaining people in Portland.

“The spun-off agencies will have clearer missions and more limited functions,” Romero wrote. “A behemoth of a federal agency too easily hides its problems and failings. Congressional oversight can be more readily divided among various congressional committees. Smaller agencies with clearer mandates will make the Cabinet-level jobs more attractive to top-notch professionals.”

The ACLU in July sued DHS and the U.S. Marshals Service over the Portland deployment. Plaintiffs in the case include the Portland Mercury as well as several journalists and legal observers who claim agents assaulted them.

Lawsuit Alleges Violations of Media Matters and Hillary in 2016

Primer:

Media Matters raked in as much as $2 million in coronavirus relief loans as the left-wing blog slammed the Trump administration’s coronavirus response, according to federal records released on Monday.

Records show that Media Matters, the progressive activist group founded by Clinton loyalist David Brock in 2004, received between $1 million and $2 million from the government’s Paycheck Protection Program. The loan represents a significant portion of the group’s annual income, which was listed as $11 million in 2017, according to tax records. Media Matters is bankrolled by the Democracy Alliance, one of the largest progressive donor groups in the country. The deep-pocketed philanthropy network has steered hundreds of millions of dollars to liberal groups since it was founded in 2005—and pledged to distribute $100 million in 2020 alone. More here.

*** David Brock it appears needed (needs) the funds to fight of one of many lawsuits and not for keeping his employees on the payroll.

How David Brock Built an Empire to Put Hillary in the ...

RCI:

David Brock, the onetime anti-Clinton journalist turned Hillary Clinton ally and aggressive promoter of Democratic media narratives in recent decades, faces legal actions and disclosures portraying his organizations as working so closely with the Clinton campaign in 2016 that they broke the law.

The conservative Patriots Foundation alleges in a lawsuit being filed today in U.S. District Court for the District of Columbia that an improperly porous relationship among four Brock-founded organizations amounted to illegal coordination with the Clinton campaign in violation of Federal Election Commission regulations. The best known of the four groups is Media Matters for America, which highlights what it calls media bias from the right. The other three are the American Bridge 21st Century PAC; the American Bridge 21st Century Foundation; and the Correct the Record PAC.

“American Bridge 21st Century PAC claimed that it was independent of the Clinton campaign so that it could make independent expenditures,” the Patriots Foundation said in a statement provided to RealClearInvestigations. “American Bridge is run by the same people who run Media Matters and Correct the Record, however, which we know coordinated with the Clinton campaign.

“They all work from the same offices,” the statement continued, “Brock was paid by all of them, American Bridge and Correct the Record shared at least 6 employees, and Correct the Record made in-kind contributions to American Bridge PAC. American Bridge’s supposedly independent activity was just as coordinated as Media Matters’ and Correct the Record’s activity – meaning that American Bridge’s [expenditures] were really excessive and illegal contributions to Hillary Clinton’s campaign.”

Representatives for the organizations did not respond to requests for comment (Correct the Record is now inactive).  Nor did Brock himself or the Clinton campaign.

This past April, the Patriots Foundation filed an FEC complaint against Brock’s organizations. Since the agency hasn’t acted on it within a requisite 120 days, the Patriots Foundation is now suing the FEC as allowed under campaign finance laws. The Patriots Foundation also filed complaints with the IRS last spring regarding Media Matters and the American Bridge Foundation, but there is no legal remedy to force the IRS’s hand in court as with the FEC.

The tactics of Media Matters are generally acknowledged as politically aggressive in a way many see at odds with the organization’s 501(c)(3) nonprofit tax status, which stipulates nonpartisanship. In 2008, The New York Times described Media Matters as a “nonprofit, highly partisan research organization.” The Patriots Foundation alleges that in 2016 Media Matters ceased merely appearing to be partisan — it acted openly as an arm of the Hillary Clinton campaign. A December 2016 report in the liberal-leaning magazine the New Republic, highlighted by the group, substantiates this assessment:

The organization [Media Matters] had long ceased to be a mere watchdog, having positioned itself at the center of a group of public relations and advocacy outfits whose mission was to help put Clinton in the White House. … In our numerous conversations with past Media Matters staff, there was a consensus that in the lead-up to Clinton’s announcement of her candidacy in 2015, the organization’s priority shifted away from the mission stated on its website — “comprehensively monitoring, analyzing, and correcting conservative misinformation” — and towards running defense for Clinton. The former staffers we spoke to largely felt that this damaged Media Matters’ credibility and hurt the work it did in other areas. “The closer we got to the 2016 election the less it became about actually debunking conservative misinformation and more it became about just defending Hillary Clinton from every blogger in their mother’s basement,” one former staffer told us. This was, moreover, a repeat of what Media Matters did in 2008, when there was a rift between staffers and management over the favoring of Clinton in her race against then-Senator Barack Obama.

Media Matters staffers recounted internal fights over the group’s devotion to Clinton. Employees were ordered to critique NPR’s Terry Gross for asking Clinton some questions about why it took her so long to support same-sex marriage.

But the staff reportedly felt Gross’ questions were fair, and according to the New Republic, “nearly everyone we spoke to who worked there at the time felt that a similar article would not have been written about a different politician.” Media Matters’ research director, Jeremy Holden ended up writing the story because other staffers were unwilling to put their name on it. Holden did not respond to a request for comment.

Media Matters employees were also reportedly frustrated by the organization’s obsession with defending Clinton at the expense of other liberal causes. “Former staffers pointed out several stories that fell within Media Matters’ ambit that should have been better covered. … On the site, there are 1,468 posts tagged with ‘Hillary Clinton’ as opposed to just 26 tagged ‘Bernie Sanders,’” according to the New Republic.

In addition to media reports, internal communications at the Clinton campaign further reveal that it was treating Media Matters as a campaign surrogate and coordinating with the group.

Internal communications at the Clinton campaign released by WikiLeaks reveal that the Brock groups Media Matters (MMFA) and Correct the Record (CTR) were treated as campaign surrogates.

campaign strategy memo released by WikiLeaks notes that the Clinton campaign reported using the Brock group to “muddy the waters” when it came to issues where Clinton was vulnerable by “working with MMFA to highlight examples of when the press won’t cover the same issues with Republicans.” Another email released by WikiLeaks has Clinton’s press secretary, Nick Merrill, planning to push back on a Vanity Fair story about Clinton campaign vice chair Huma Abedin, which hadn’t been published yet, saying, “We have MMFA, CtR, and core surrogates lined up, which we can expand on tomorrow.” Media Matters published a piece criticizing the Vanity Fair story the following day.

“CtR” in Merrill’s email refers to the Correct the Record PAC. The PAC has been dormant since the 2016 election cycle, but “coordinat[ed] directly with Clinton’s campaign,” Politico reported. The CTR PAC even took money directly from the Clinton campaign – during the 2016 election cycle CTR took in $8.5 million in donations, including a donation of $275,615 in 2015 from Hillary for America. From its inception, the PAC skirted rules that prevent such entities and campaigns from directly coordinating with campaigns by claiming all its activities were covered by an FEC exemption regarding public communications.

“Correct the Record believes it can avoid the coordination ban by relying on a 2006 Federal Election Commission regulation that declared that content posted online for free, such as blogs, is off limits from regulation,” notes a 2015 Washington Post report. “The ‘Internet exemption’ said that such free postings do not constitute campaign expenditures, allowing independent groups to consult with candidates about the content they post on their sites.” The Patriots Foundation FEC complaint strongly disputes that the operations of the CTR PAC were defensible under this interpretation, noting that the PAC spent money on polling and other activities that don’t constitute communications.

Organizationally, there also appears to have been not much separation between CTR and Brock’s other PAC, American Bridge. “During the 2016 election, Brock claimed that AB PAC remained independent of both the Clinton campaign and CTR PAC so that it could make independent expenditures in support of Clinton,” notes the Patriots Foundation FEC complaint. “However, he continued to collect a salary from both PACs, and disclosure reports show that the committees shared at least seven overlapping staff members at various times during 2016. Moreover, AB PAC reported making in-kind disbursements to CTR PAC in 2016.” (In addition to getting paid by both PACs, Brock drew a salary of $278,566 from Media Matters as well, 2017 tax records show.

Overall, the American Bridge Foundation was the largest donor to the AB PAC in the 2016 and 2018 election cycles. As a 501(c)4 nonprofit, the AB Foundation is not required to disclose its own donors. Other notable donors to the AB PAC include George Soros, who gave AB PAC $2 million between 2015 and 2016. Some of America’s biggest unions – the SEIU, AFL-CIO, NEA, AFT, and AFSCME – all made six-figure donations in the 2016 election cycle. And Win McCormack, the owner and publisher of the New Republic, gave $100,000 to the AB PAC five months before his publication ran the story on Media Matters’ troubles.

Not the First Time

The Patriots Foundation alleges that the legally required separation between the groups did not exist. The two organizations shared staff, office space, and equipment, but the AB Foundation stated in IRS filings the “two entities have entered into a cost-sharing agreement to allocate shared overhead costs so that neither entity is financially supporting the activities of the other.”

But other audited financial statements from the AB Foundation note they did “not have a formal agreement relating to the allocation of expenses between the two entities” and “allocations were made based on management and budget estimates.” Those estimates varied wildly. The AB Foundation gave the PAC some $2.9 million “for salary, rent, and expenses” in 2015; $720,000 in 2016; $4.5 million in 2017; and $3.3 million in 2018. In many of those years, the AB Foundation also claimed to owe AB PAC more than it paid, also by varying amounts.

This is not the first time one of Brock’s organizations has been challenged for running afoul of FEC regulations. Last year, the Campaign Legal Center filed a complaint regarding the Correct the Record PAC’s claim that it could coordinate with the Clinton campaign under the public Internet communications exemption. FEC attorneys agreed with the Campaign Legal Center but the FEC, which has been understaffed during the Trump administration, only had four of six members on the commission. The complaint was dismissed when the two GOP commissioners sided with the CTR PAC, leaving the commission deadlocked. The Campaign Legal Center is still litigating the matter.

The Patriots Foundation complaint is different in that it addresses the coordination across all of the Brock organizations, as well as the allegations American Bridge PAC inaccurately reported the operational costs it shares with the American Bridge Foundation.

The Patriots Foundation told RealClearInvestigations it is not seeking remedies from the FEC beyond what was outlined in its original complaint. That complaint asks the FEC to “elicit admission of the violations from each of the respondents, conduct a robust investigation to determine the scope of the alleged violations, bar respondents from continuing violative activities, and collect civil penalties in amounts commensurate with the gravity of these serious ongoing violations.”

The IRS action filed by the Patriots Foundation seeks to revoke the tax-exempt status of Media Matters and the AB PAC, and calls for both to be compelled to pay applicable taxes while improperly operating as tax exempt, plus applicable financial penalties, while referring both to the Justice Department for criminal prosecution.

 

Looming Military Conflict in S China Sea?

Chinese military journalists are publicly urging the People’s Liberation Army (PLA) to prepare immediately for an attack by U.S. forces in the South China Sea. One expert at Zhejiang University’s National Institute for South China Sea Studies, Shi Xiaoqin, claims that the U.S. is deliberately trying to provoke China. They also suggest the regime reinforce Chinese installations on reefs claimed by China.

If this analysis gains traction by Chinese political and military leaders, U.S. military commanders in the South China Sea should plan for the possibility that China might initiate hostilities in keeping with its doctrine of preemptive retaliation, a seeming attempt falsely to claim “self-defense.”

One writer suggests that the PLA should immediately move fighter aircraft to Chinese air bases in the Spratly Islands at Fiery Cross, Subi Reef, and Mischief Reef. He also boldly claims that the augmented presence of U.S. naval and air assets in the South China Sea is no longer just a show of force by America.

Chen Hu, a Chinese military journalist, also asserts that the U.S. is now intent on provoking a conflict and is preparing for battle. Chen claims that the return of B1 bombers to Guam and continued deployment of two U.S. aircraft carrier groups in the South China Sea, despite the conclusion of military exercises, is supposedly a sign of Washington’s aggressive intent. Chen suggests that recent U.S. “Freedom of Navigation” maneuvers and the high number of U.S. surveillance collection missions along the Chinese coast is additional proof of American attack planning. Former PLA officer Wang Yunfei and naval equipment expert suggests that flights by American RC-135, E-8c, and RC-12X surveillance aircraft equate to “pre-battle strategic technical surveillance.” As the joke goes from the children’s playground: “It all started when he hit me back.”

Wang further warns that U.S. President Donald J. Trump is likely to initiate a military conflict in the South China Sea region before the November 3 U.S. presidential election, speculating that “stirring up external frictions, especially military conflicts with China, will help the incumbent president for his re-election campaign.”

The leaders of China’s Communist Party (CCP) also see that nothing was done by anyone, including the U.S., to stop China’s grab of Hong Kong this year — 27 years early. This paralysis of the West must have looked to the CCP like a green light to keep on grabbing.

Wang even lays out his analysis on particular avenues of approach by which U.S. bombers might attack their Chinese targets. Wang, now a Chinese naval specialist, writes that the U.S. will probably ship-launch Tomahawk Cruise against Chinese bases in the South China Sea. He further specifies that the PLA should deploy China’s own aircraft carriers in the south central region of the sea, as the best strategy to counter any U.S. assault. He adds that China must also deploy fighter jets and air defense missiles on various Chinese reefs.

Scarborough Shoal could become a flashpoint for a South ...

Wang singled out the Scarborough Shoal in the South China Sea’s Paracel Island Chain as the most likely initial piece of real estate that the U.S. might seek to seize. The Scarborough (Huangyan) Shoal/Reef is claimed by both China and the Republic of the Philippines. Perhaps one reason why China might expect that Scarborough Shoal is a likely target is that the U.S. wants to re-cement military agreements with the Philippines that would allow American military assets access to Clark Air Force Base, Subic Bay Naval Base and other newer facilities. U.S. support for Manila’s claim to the Scarborough Shoal against China’s might be sufficient to convince the mercurial president of the Philippines, Rodrigo Duterte, to patch up relations with the U.S.

Chinese writer Zheng Hao, who assesses that it is possible that U.S.-Chinese tensions in the South China Sea could escalate into a “hot war,” cites U.S. Secretary of State Mike Pompeo’s July 13 statement that the South China Sea is “not China’s maritime empire” as indicative of the Trump Administration’s hostile intent. Zheng appears to be especially concerned about the July 7 U.S.-Japan naval exercise, which included an operation by the U.S. aircraft carrier Ronald Reagan and two warships of the Japanese Maritime Defense Forces. Zheng laments that the 2018 draft of the Code of Conduct in the South China Sea has not yet been signed by the Association of South East Asian Nations (ASEAN) and China.

One hope to avoid or at least postpone an imminent clash in the South China Sea is for China and the U.S. to activate the crisis prevention apparatus established in November 2014. This diplomatic device includes a Memorandum of Understanding on notification of military activities and rules of behavior designed to keep air and naval encounters peaceful. So far, there is no public acknowledgement that either China or the U.S. is employing the crisis prevention mechanism. One recent sign of efforts by both sides to avoid a military incident was the Pentagon’s August 7 announcement that U.S. Secretary of Defense Mark Esper and his Chinese counterpart, Minister of Defense Wei Fenghe, held a 90-minute teleconference last week.

China, however, has been the party with the hostile intent, not only with Hong Kong, but also with an attack on northern India, an extensive military base build-up in the South China Sea, an attempted appropriation of the Japan-administered Senkaku Islands and a “fishing fleet” of 250 vessels showing up near the Galapagos Islands, off Ecuador. Another recent move from Beijing was to conduct live-fire targeting drills in the South China Sea from July 25 through August 2. The announcement of this exercise was promulgated by the PLA and not, as is usual, by the Chinese government’s maritime administration. If China continues its aggressive posture toward the U.S.-allied free states of Asia, especially Taiwan, a direct confrontation between the Chinese and U.S. militaries in the South China may indeed be necessary.

Author: Dr. Lawrence A. Franklin was the Iran Desk Officer for Secretary of Defense Rumsfeld. He also served on active duty with the U.S. Army and as a Colonel in the Air Force Reserve.