9 Iranians Charged in Hacking 176 Universities, Intellectual Property

Nine Iranians Charged With Conducting Massive Cyber Theft Campaign On Behalf Of The Islamic Revolutionary Guard Corps

Mabna Institute Hackers Penetrated Systems Belonging to Hundreds of Universities, Companies, and Other Victims to Steal Research, Academic Data, Proprietary Data, and Intellectual Property

Rod J. Rosenstein, the Deputy Attorney General of the United States, Geoffrey S. Berman, the United States Attorney for the Southern District of New York, William F. Sweeney Jr., the Assistant Director-in-Charge of the New York Field Division of the Federal Bureau of Investigation (“FBI”), and John C. Demers, Assistant Attorney General for National Security, announced today the unsealing of an indictment charging GHOLAMREZA RAFATNEJAD, EHSAN MOHAMMADI, ABDOLLAH KARIMA, a/k/a “Vahid Karima,” MOSTAFA SADEGHI, SEYED ALI MIRKARIMI, MOHAMMED REZA SABAHI, ROOZBEH SABAHI, ABUZAR GOHARI MOQADAM, and SAJJAD TAHMASEBI.  The defendants were each leaders, contractors, associates, hackers-for-hire, and affiliates of the Mabna Institute, an Iran-based company that was responsible for a coordinated campaign of cyber intrusions that began in at least 2013 into computer systems belonging to 144 U.S.-based universities, 176 universities across 21 foreign countries, 47 domestic and foreign private sector companies, the United States Department of Labor, the Federal Energy Regulatory Commission, the State of Hawaii, the State of Indiana, the United Nations, and the United Nations Children’s Fund.  Through the activities of the defendants, the Mabna Institute conducted these intrusions to steal over 30 terabytes of academic data and intellectual property from universities, and email inboxes from employees of victim private sector companies, government victims, and non-governmental organizations.  The defendants conducted many of these intrusions on behalf of the Islamic Republic of Iran’s (“Iran”) Islamic Revolutionary Guard Corps (“IRGC”), one of several entities within the government of Iran responsible for gathering intelligence, as well as other Iranian government clients.  In addition to these criminal charges, today the Department of Treasury’s Office of Foreign Assets Control (OFAC) designated the Mabna Institute and the nine defendants for sanctions for the malicious cyber-enabled activity outlined in the Indictment.

Deputy Attorney General Rod J. Rosenstein said:  “These nine Iranian nationals allegedly stole more than 31 terabytes of documents and data from more than 140 American universities, 30 American companies, five American government agencies, and also more than 176 universities in 21 foreign countries.  For many of these intrusions, the defendants acted at the behest of the Iranian government and, specifically, the Iranian Revolutionary Guard Corps.  The Department of Justice will aggressively investigate and prosecute hostile actors who attempt to profit from America’s ideas by infiltrating our computer systems and stealing intellectual property.  This case is important because it will disrupt the defendants’ hacking operations and deter similar crimes.”

Manhattan U.S. Attorney Geoffrey S. Berman said:  “Today, in one of the largest state-sponsored hacking campaigns ever prosecuted by the Department of Justice, we have unmasked criminals who normally hide behind the ones and zeros of computer code.  As alleged, this massive and brazen cyber-assault on the computer systems of hundreds of universities in 22 countries, including the United States, and dozens of private sector companies and governmental organizations was conducted on behalf of Iran’s Islamic Revolutionary Guard.  The hackers targeted innovations and intellectual property from our country’s greatest minds.  These defendants are now fugitives from American justice, no longer free to travel outside Iran without risk of arrest.  The only way they will see the outside world is through their computer screens, but stripped of their greatest asset – anonymity.”

FBI Assistant Director William F. Sweeney Jr. said:  “The numbers alone in this case are staggering, over 300 universities and 47 private sector companies both here in the United States and abroad were targeted to gain unauthorized access to online accounts and steal data.  An estimated 30 terabytes was removed from universities’ accounts since this attack began, which is roughly equivalent of 8 billion double-sided pages of text.  It is hard to quantify the value on the research and information that was taken from victims but it is estimated to be in the billions of dollars. The nine Iranians indicted today now find themselves wanted by the FBI and our partner law enforcement agencies around the globe – and like other cyber criminals they will soon learn their ability to freely move was just limited to the virtual world only.”

According to the allegations contained in the Indictment[1] unsealed today in Manhattan federal court:

Background on the Mabna Institute

GHOLAMREZA RAFATNEJAD and EHSAN MOHAMMADI, the defendants, founded the Mabna Institute in approximately 2013 to assist Iranian universities and scientific and research organizations in stealing access to non-Iranian scientific resources.  In furtherance of its mission, the Mabna Institute employed, contracted, and affiliated itself with hackers-for-hire and other contract personnel to conduct cyber intrusions to steal academic data, intellectual property, email inboxes and other proprietary data, including ABDOLLAH KARIMA, a/k/a “Vahid Karima,” MOSTAFA SADEGHI, SEYED ALI MIRKARIMI, MOHAMMED REZA SABAHI, ROOZBEH SABAHI, ABUZAR GOHARI MOQADAM, and SAJJAD TAHMASEBI.  The Mabna Institute contracted with both Iranian governmental and private entities to conduct hacking activities on their behalf, and specifically conducted the university spearphishing campaign on behalf of the IRGC.  The Mabna Institute is located at Tehran, Sheikh Bahaii Shomali, Koucheh Dawazdeh Metri Sevom, Plak 14, Vahed 2, Code Posti 1995873351.

University Hacking Campaign

The Mabna Institute, through the activities of the defendants, targeted over 100,000 accounts of professors around the world.  They successfully compromised approximately 8,000 professor email accounts across 144 U.S.-based universities, and 176 universities located in foreign countries, including Australia, Canada, China, Denmark, Finland, Germany, Ireland, Israel, Italy, Japan, Malaysia, Netherlands, Norway, Poland, Singapore, South Korea, Spain, Sweden, Switzerland, Turkey, and the United Kingdom.  The campaign started in approximately 2013, and has continued through at least December 2017, and broadly targeted all types of academic data and intellectual property from the systems of compromised universities, including, among other things, academic journals, theses, dissertations, and electronic books.  Through the course of the conspiracy, U.S.-based universities spent over approximately $3.4 billion to procure and access such data and intellectual property.

The hacking campaign against universities was conducted across multiple stages.  First, the defendants conducted online reconnaissance of university professors, including to determine these professors’ research interests and the academic articles they had published.  Second, using the information collected during the reconnaissance phase, the defendants created and sent spearphishing emails to targeted professors, which were personalized and created so as to appear to be sent from a professor at another university.  In general, those spearphishing emails indicated that the purported sender had read an article the victim professor had recently published, and expressed an interest in several other articles, with links to those additional articles included in the spearphishing email.  If the targeted professor clicked on certain links in the email, the professor would be directed to a malicious Internet domain named to appear confusingly similar to the authentic domain of the recipient professor’s university.  The malicious domain contained a webpage designed to appear to be the login webpage for the victim professor’s university.  It was the defendants’ intent that the victim professor would be led to believe that he or she had inadvertently been logged out of his or her university’s computer system, prompting the victim professor for his or her login credentials.  If a professor then entered his or her login credentials, those credentials were then logged and captured by the hackers.

Finally, the members of the conspiracy used stolen account credentials to obtain unauthorized access to victim professor accounts, through which they then exfiltrated intellectual property, research, and other academic data and documents from the systems of compromised universities, including, among other things, academic journals, theses, dissertations, and electronic books.  The defendants targeted data across all fields of research and academic disciplines, including science and technology, engineering, social sciences, medical, and other professional fields.  At least approximately 31.5 terabytes of academic data and intellectual property from compromised universities were stolen and exfiltrated to servers under the control of members of the conspiracy located in countries outside the United States.

In addition to stealing academic data and login credentials for university professors for the benefit of the Government of Iran, the defendants also sold the stolen data through two websites, Megapaper.ir (“Megapaper”) and Gigapaper.ir (“Gigapaper”).  Megapaper was operated by Falinoos Company (“Falinoos”), a company controlled by ABDOLLAH KARIMA, a/k/a “Vahid Karima,” the defendant, and Gigapaper was affiliated with KARIMA.  Megapaper sold stolen academic resources to customers within Iran, including Iran-based public universities and institutions, and Gigapaper sold a service to customers within Iran whereby purchasing customers could use compromised university professor accounts to directly access the online library systems of particular United States-based and foreign universities.

Prior to the unsealing of the Indictment, the FBI provided foreign law enforcement partners with detailed information regarding victims within their jurisdictions, so that victims in foreign countries could be notified and so that foreign partners could assist in remediation efforts.

Private Sector Hacking Victims

In addition to targeting and compromising universities, the Mabna Institute defendants targeted and compromised employee email accounts for at least approximately 36 United States-based private companies, and at least approximately 11 private companies based in Germany, Italy, Switzerland, Sweden, and the United Kingdom, and exfiltrated entire email mailboxes from compromised employees’ accounts.  Among the United States-based private sector victims were three academic publishers, two media and entertainment companies, one law firm, 11 technology companies, five consulting firms, four marketing firms, two banking and/or investment firms, two online car sales companies, one healthcare company, one employee benefits company, one industrial machinery company, one biotechnology company, one food and beverage company, and one stock images company.

In order to compromise accounts of private sector victims, members of the conspiracy used a technique known as “password spraying,” whereby they first collected lists of names and email accounts associated with the intended victim company through open source Internet searches.  Then, they attempted to gain access to those accounts with commonly-used passwords, such as frequently used default passwords, in order to attempt to obtain unauthorized access to as many accounts as possible.  Once they obtained access to the victim accounts, members of the conspiracy, among other things, exfiltrated entire email mailboxes from the victims.  In addition, in many cases, the defendants established automated forwarding rules for compromised accounts that would prospectively forward new outgoing and incoming email messages from the compromised accounts to email accounts controlled by the conspiracy.

In connection with the unsealing of the Indictment, today the FBI issued a FBI Liaison Alert System (FLASH) message, providing detailed information regarding the vulnerabilities targeted and the intrusion vectors used by the Mabna Institute in their campaign against private sector companies, to provide the public with information to assist in detecting and remediating the threat.

U.S. Government and NGO Hacking Victims

In the same time period as the university and private sector hacking campaigns described above, the Mabna Institute also conducted a computer hacking campaign against various governmental and non-governmental organizations within the United States.  During the course of that campaign, employee login credentials were stolen by members of the conspiracy through password spraying.  Among the victims were the following, all based in the United States:  the United States Department of Labor, the Federal Energy Regulatory Commission, the State of Hawaii, the State of Indiana, the State of Indiana Department of Education, the United Nations, and the United Nations Children’s Fund.  As with private sector victims, the defendants targeted for theft email inboxes of employees of these organizations.

*                *                *

GHOLAMREZA RAFATNEJAD, EHSAN MOHAMMADI, ABDOLLAH KARIMA, a/k/a “Vahid Karima,” MOSTAFA SADEGHI, SEYED ALI MIRKARIMI, MOHAMMED REZA SABAHI, ROOZBEH SABAHI, ABUZAR GOHARI MOQADAM, and SAJJAD TAHMASEBI, the defendants, are citizens and residents of Iran.  Each is charged with one count of conspiracy to commit computer intrusions, which carries a maximum sentence of five years in prison; one count of conspiracy to commit wire fraud, which carries a maximum sentence of 20 years in prison; two counts of unauthorized access of a computer, each of which carries a maximum sentence of five years in prison; two counts of wire fraud, each of which carries a maximum sentence of 20 years in prison; and one count of aggravated identity theft, which carries a mandatory sentence of two years in prison.  The maximum potential sentences in this case are prescribed by Congress and are provided here for informational purposes only, as any sentencings of the defendants will be determined by the assigned judge.

Mr. Berman praised the outstanding investigative work of the FBI, the assistance of the United Kingdom’s National Crime Agency (NCA), and the support of the OFAC.  The case is being handled by the Office’s Complex Frauds and Cybercrime Unit.  Assistant United States Attorneys Timothy T. Howard, Jonathan Cohen, and Richard Cooper are in charge of the prosecution, with assistance provided by Heather Alpino and Jason McCullough of the National Security Division’s Counterintelligence and Export Control Section.

The charges contained in the Indictment are merely accusations and the defendants are presumed innocent unless and until proven guilty.


[1] As the introductory phrase signifies, the entirety of the text of the Indictment, and the description of the Indictment set forth herein, constitute only allegations, and every fact described should be treated as an allegation.

Topic(s):
Cyber Crime
Press Release Number:
18-089

Why Did Trump Hire McMaster in the First Place?

Much has been written about Trump’s now former National Security Counsel advisor H.R. McMaster who at one time was General Petraeus’ ‘go-to’ tank operations expert in Iraq. The 3-star general from the outset never really gelled in a cohesive policy relationship with President Trump and the chatter for months in DC was that his time at the White House was going to be short.

McMaster Worked at Think Tank Backed by Soros-Funded Group ...

Question is who recommended McMaster to Trump in the first place and who did the background investigation such that Trump accepted and confirmed him to lead the National Security Council?

“After 34 years of service to our nation,” the lieutenant general said, “I am requesting retirement from the U.S. Army effective this summer, after which I will leave public service.” A White House official told VOA that the president and McMaster had mutually agreed upon McMaster’s resignation, after discussing it for some time. The official said the president asked McMaster to stay on until mid-April to ensure a smooth transition, and McMaster agreed. A graduate of the U.S. Military Academy, known as West Point, McMaster earned a Silver Star for leadership during the Persian Gulf War when, as a cavalry commander, he led a small contingent of U.S. tanks to destroy 80 Iraqi tanks and other vehicles. More here.

Well, the Daily Caller did some remarkable deeper work on McMaster spelling out how Trump never should have brought him on board in the first place. The other question remains on why the Pentagon did not advise McMaster on terminating his outside relationship especially with some rogue nations.

  • Outgoing National Security Advisor H.R. McMaster worked for a foreign-based think tank for 11 years before assuming his post
  • The think tank has ties to Russia, China, the Uranium One deal and Bahrain
  • Career armed forces officers spoke out against the arrangement

Outgoing National Security Advisor Lt. Gen. H.R. McMaster served for more than a decade as a consultant to the London-based International Institute for Strategic Studies, a foreign-based think-tank that has received funding from hostile foreign governments to include Russia and China, according to a Daily Caller News Foundation investigation.

The career soldier ended his employment at the International Institute for Strategic Studies (IISS) in February 2017 after President Donald Trump tapped him to serve as his national security adviser following the resignation of former National Security Adviser Michael Flynn.

McMaster is planning to leave the NSC in April, to be replaced by former U.N. Ambassador John Bolton, according to The Wall Street Journal.

The outgoing NSC official said in a statement, he was “requesting retirement from the U.S. Army effective this summer after which I will leave public service.”

The general, who did not leave the Army to assume his NSC post, was one of only two White House national security chiefs who retained active duty status while working at the White House. The other general was Gen. Colin Powell.

McMaster never publicized his decade-long outside consultant work with the foreign-based think tank that often supported a globalist agenda opposed by Trump. IISS often espoused foreign and military policies that served as the centerpiece of the Obama presidency, including support for the former president’s Iran nuclear deal.

While his 11 years at the institute were never part of his official military biography, former military officers who learned of it were harshly critical of his unusual moonlighting.

Veteran military officers expressed disbelief at McMaster’s consulting work at a foreign-based think tank that receives funding from hostile governments. They called the arrangement “unethical” and “unprecedented.”

IISS operates offices in the Bahrain, Singapore and Washington, D.C. It generally reflects a globalist “realist” Eurocentric view of foreign and military postures that’s at odds with Trump’s foreign policy. The think-tank was a major advocate of former President Barack Obama’s nuclear deal with Iran.

IISS receives funding from friendly Western sources such as aerospace firms and even the British army, but is also has received funding from the Russian Federation, China’s Ministry of Foreign Affairs, as well as the governments of Azerbaijan, Turkey, Qatar, Pakistan, Saudi Arabia and Bahrain, according to the IISS website.

During McMaster’s time at IISS, the think tank also received $700,000 from George Soros’s Open Society and $140,000 from Ploughshares, the pacifist organization that aggressively pushed for Obama’s Iran nuclear deal.

The organization’s council — its board of directors — also is filled with people who have ties to the Kremlin, to the Qatari emir who has been accused of supporting terrorists, to people associated with the Uranium One scandal, and with a Russian investment bank that paid former President Bill Clinton $500,000 for a single speech.

“This is bizarre,” retired Army Lt. Gen. William “Jerry” Boykin said in an interview with TheDCNF. “If that kind of information was available to The Trump administration before they selected him, the question is: Would they have selected him for this very job?”

The Army told TheDCNF that from 2006 when he first joined IISS as a “senior research associate” until he left in 2017, he did file annual financial disclosure forms notifying the Army of payments he received from the institute.

McMaster’s office did not respond to a DCNF request for his current financial disclosure form, which he was required to submit in 2017 as a White House employee.

Retired Rear Adm. James “Ace” Lyons, who served 35 years in the Navy, including a stint as commander of the Pacific Fleet, told TheDCNF McMaster’s consulting role at the think tank was “absurd.”

“It is really absurd that an active duty military officer, particularly one of flag rank, is a consultant to a foreign organization that is taking money and contributions from questionable countries that are known enemies of the United States,” Lyons told TheDCNF in an interview. “This to me seems to be outside the bounds of what we’re committed to. This is atrocious.”

“I’ve never seen this kind of thing before,” said Boykin, a 36-year veteran who served as under secretary for defense intelligence for President George W. Bush.

Boykin said he was convinced any commanding officer would have rejected McMaster’s proposed consulting work at IISS. “I cannot believe that the ethics people of the U.S. Army would approve of him doing that, and I can’t believe that any responsible person he worked for in the Army would have agreed to that.”

William J. Sharp, a public affairs civilian attached to U.S. Army Headquarters, told TheDCNF the Army accepted McMaster’s proposed consulting work at IISS without any prior approval because they regarded the think tank as not falling under the category of a “prohibited source.”

The term “prohibited source” relates to a company that seeks a business or other formal contractual relationship from the Department of Defense. Using that limited standard, the Army concluded IISS was not a prohibited source and McMaster did not need to obtain prior approval from military superiors.

“IISS is not a prohibited source for Army personnel,” Sharp told TheDCNF in an email. “Therefore, LTG McMaster was not required to obtain approval prior to consulting for IISS.”

“I’m surprised at this,” Boykin said. “I find this in my view and in my experience of 36 years to be unprecedented, and I would love to see an authorization. And if it’s an open-ended authorization — if there’s one at all — then I would be willing to bet you it was an error on the part of whoever provided that authorization. You just can’t do this on your own,” he told TheDCNF.

Retired Special Forces Col. James Williamson told TheDCNF he considered it “very unusual” for an active duty officer to serve for a decade at any educational institution. “It’s very unusual for a general officer on active duty to have that type of affiliation over that timespan,” he said. “I’ve had friends that have gone to Harvard or the Fletcher School at Tufts, but they’re U.S.-based.” He said most terms were for a short duration — usually six months to a year.

In fact, the military approves and even encourages active duty officers to seek temporary assignments with American educational institutions and think tanks. But those assignments are very short and rarely extend for more than a year.

Williamson said active duty military officers have plenty of private sector and think tank opportunities after they leave military service. “We have other people who served in London, but they’re not on active duty. They’re retired officers and there’s no problem with that,” he said.

Williamson, a counter terrorism specialist who served with NATO and U.S. Southern Command, said he regarded McMaster’s work as posing a basic “conflict of interest” in light of funding from hostile governments. That funding “would almost make it a de facto conflict of interest in my eyes.”

Retired U.S. Air Force Col. James Waurishuk, who also worked at the NSC, agreed. “I would be concerned about the work he’s doing and how it applies in relation to a think-tank that’s taking money from perhaps adversarial foreign governments. That would be of concern to me,” he said.

Williamson also shared the same view and added that even working at a London think tank poses problems. “Even our closest allies don’t have the same agendas and priorities that we do,” he said.

During his 11 years with IISS, the group promoted McMaster’s activities. A review of previous IISS websites by TheDCNF shows he was highlighted between six and 10 times each year.

IISS praised McMaster when he joined the Trump White House. Jonathan Stevenson, an Obama NSC official who also is a senior fellow at IISS, wrote a fawning opinion piece about McMaster in The New York Times. He called him a “compelling choice: a scholar-warrior” and “both a proven cavalry officer and a formidable defense intellectual.” Stevenson wrote McMaster could save Trump, and the general’s appointment, “should augur at least a fleeting period of stability at the dysfunctional National Security Council.”

Igor Yurgen has been on the IISS Council since 2010. He is chairman of Rennaissance Capital Group, which awarded Bill Clinton $500,00 in speaking fees.

Russia Today, a pro-Kremlin news organization, once described Yurgen as “one of Russia’s most influential experts close to [former] President Dmitry Medvedev.”

“He is remarkably skilled at combining public, business and political careers,” according to RT.

Another council member is Michael Rich, an executive vice president of the RAND Corp. But significantly, he is co-chair of the board of overseers of a project called the RAND Qatar Policy Institute.

The Qatar Policy Institute is also part of the Qatar Foundation, started by Qatar’s former emir, Sheikh Hamad Bin Khalifa Al Thani, and his wife, Sheikha Moza bint Nasser.

Saudi Arabia and the Persian Gulf states accuse Qatar of supporting Islamic terrorism. Al Thani has supported the Taliban in Afghanistan, Hamas in the Gaza Strip, militias in Libya, and the Muslim Brotherhood, The New York Times reported in 2014. The Emir personally traveled in 2012 to the Gaza Strip, where he received a hero’s welcome as he pledged to work with the terrorist group Hamas. Al Thani also founded Al Jazeera, the pro-Muslim Brotherhood television news channel.

Badr Jafar, another current council member, is the son of Hamid Jafar, who founded the biggest private equity firm in the Middle East, North Africa and South Asia. Badr is the CEO of Crescent Enterprises who, with his father Hamid Jafar, engineered an oil exploration partnership between their Emirates-based company, Crescent Petroleum with the Boris Kovalchuk, CEO of the Russian company of Inter Rao UES.

News agencies in the United Arab Emirates hailed the 2010 financial deal between Crescent and Moscow. “Russian state news agencies began their coverage of the recent high-level meeting in Moscow between Crescent officials, the Russian prime minister, Vladimir Putin, and the Iraqi former prime minister Dr Ayad Allawi by linking the names of Hamid Jafar and Mr Putin,” according to the National Business report.

Russian President Vladimir Putin decreed that all shares of Inter Rao UES be transferred to the Russian state-owned atomic energy agency called Rosatom. Kovalchuk is a Kremlin confidant who served as a vice president of Rosatom. Americans know about Rosatom because of its purchase of Uranium One, which was made possible by then Secretary of State Hillary Clinton’s support for the Russian acquisition.

While McMaster was a consultant at IISS the organization was a strong, unwavering supporter of President Obama’s nuclear deal with Iran.

Mark Fitzpatrick, its director for non-proliferation and disarmament was the most outspoken IISS director for the nuclear deal calling it in 2015 a “a potential game changer in many ways, opening a path to better relations with Iran that has been closed for more than 35 years.” Fitzpatrick said the deal “makes it demonstrably less likely Iran will become nuclear-armed now and in the future.”

IISS also entered domestic American politics by defending the Democratic Party during the 2016 presidential campaign. It flatly stated following the release of emails from the Democratic National Committee it “revealed no evidence of significant wrongdoing within the Democratic Party.”

IISS also has been criticized for the secrecy of its activities and its routine denial of visas for reporters seeking to attend its overseas events, particularly its annual event in Bahrain where human right groups accuse the government of silencing critics and keeping journalists away.

BahrainWatch, a human rights group published an investigation in December 2016 claiming that even well known American journalists have been barred from its Bahrain conferences called the “Manama Dialogue.”

“New York Times journalist Nicholas Kristof has openly called for an invitation since 2011, though his media visa was once again rejected last year. Wall Street Journal journalist Yaroslav Trofimov was also denied a visa.

Waurishuk concluded that McMaster’s relationship with IISS raises too many alarms.

“There’s too many red flags that kind of go up,” he said.

Neither IISS Washington nor IISS London returned repeated queries about McMaster.

Russia Investigation, Sanctions and Military Readiness

President Donald Trump may not have realized on Monday that his executive order would step on Russia’s toes. Its official target was Venezuela, specifically the country’s plan to create the world’s first state-backed cryptocurrency, the petro, which went on sale Tuesday.

But behind the scenes, the petro was in fact a collaboration—a half-hidden joint venture between Venezuelan and Russian officials and businessmen, whose aim was to erode the power of U.S. sanctions, sources familiar with the effort told TIME.

Trump’s executive order did not mention the petro’s Russian backers, whose role has not previously been reported. Citing economic sanctions that the U.S. imposed against Venezuela in August, the order simply made clear that anyone who buys or uses the new cryptocurrency would be in breach of those sanctions, as would anyone under U.S. jurisdiction who helps Venezuela develop the petro. “Any conspiracy formed to violate any of the prohibitions set forth in this order is prohibited,” the document states. More here.

***

Meanwhile the House Intelligence Committee released the Russia report.

https://intelligence.house.gov/uploadedfiles/russia_report_findings_and_recommendations.pdf?platform=hootsuite

 
Is the United States doing enough to respond to Russia? Still curious? Given the dramatic increase in military spending in the Omnibus, we are not prepared yet to take on the alleged star war weapons Putin advertises.

In his address to the parliament earlier this month the Russian president unveiled a small zoo of strategic programs that are supposed to counter U.S. missile defense (or make it “impotent and obsolete”). Some of these systems were not entirely new – we knew about the ejection test of the Sarmat missile, the Status-6 underwater drone, and, of course, about the Avangard hypersonic glider that was known as Project 4202 or Yu-71. A number of people pointed out that the Kinzhal “hypersonic” missile appears to be an air-launched modification of the Iskander ballistic missile and that there were reports about something like that in the past. The only genuinely new system seems to be the nuclear-powered cruise missile, which doesn’t have a name yet.

With the exception of Kinzhal, none of these systems appear to be close to operational capability. Yes, it’s been said that tests were successful, but for Sarmat it was only the first ejection test; Status-6 and the cruise missile seem to be at the point of proof-of-principle tests of their nuclear reactors and propulsion systems. As for Avangard, it probably had two successful test flights, but is not clear if it is fully ready for deployment. On the other hand, there is no reason to believe that these systems cannot become operational in the next few years, now that they are likely to be treated as priority programs.

It is not surprising that the defense industry used the specter of missile defense to get support for its programs. In fact, we have seen this before. In 1985, the Soviet defense industry put together a series of programs that were supposed to counter U.S. Strategic Defense Initiative. I described the history of these programs in my “Did Star Wars Helped End the Cold War?” paper last year. But I thought that the list of those programs may be of some interest as well. That list comes from Vitaly Katayev’s notes – he compiled a table of the programs that were included in the four anti-SDI programs at the time. Here is the document:

Программы противодействия ПРО

The table contains some interesting entries. For example, the hypersonic glider is there – it was known as Albatross then. A few other programs survived to this day as well, but most were abandoned. One word of caution – most of the anti-SDI systems existed before SDI, but of course the missile defense presented a perfect excuse for the industry to put everything in one package to ensure that they get the support they wanted. The current list of anti-missile defense programs seems to be much shorter, but the basic idea is the same.

*** Lots of questions are being asked in congressional hearings. The summary is such:

The nation’s nuclear deterrence enterprise remains as important as ever in light of the return of superpower competition and rogue nation threats presented by North Korea and Iran, senior Defense Department officials told the House Armed Services Committee’s strategic forces subcommittee here today.

The officials discussed national security policies with regard to DoD’s fiscal year 2019 budget request and within context of the country’s nuclear force posture.

John C. Rood, undersecretary of defense for policy; Air Force Gen. Robin Rand, commander of Air Force Global Strike Command; Navy Vice Adm. Terry Benedict, director of the Navy Strategic Systems Program; and Lisa Gordon-Hagerty, administrator of the Energy Department’s National Nuclear Security Administration, each presented testimony on the importance of the nuclear force.

Rood’s opening remarks quoted Defense Secretary James N. Mattis: “[The Nuclear Posture Review] rests on a bedrock truth. Nuclear weapons have, and will continue to play, a critical role in deterring a nuclear attack, and in preventing large-scale conventional warfare between nuclear armed states for the foreseeable future. U.S. nuclear weapons not only defend our allies against conventional nuclear threats, they also help them avoid the need to develop their own nuclear arsenals. This, in turn, furthers global security.”

Sustaining Modernization Efforts

According to Rood, the 2018 Nuclear Posture Review reflects DoD’s strategic priority to maintain a safe, secure, survivable and effective nuclear deterrent. While the diverse capabilities of the current nuclear triad provide necessary flexibility and resilience, each leg of the triad has surpassed its intended operating lifecycle.

While the U.S. remains the strongest military in the world, the advantages are eroding as adversaries continue to modernize conventional and nuclear forces, now fielding broad arsenals of nuclear missiles capable of reaching the American homeland, Rood said.

“Weakness invites challenge and provocation,” he said. “Our task at the Defense Department is to ensure that the U.S. military advantages endure, and in combination with other elements of national power, we are able to fully meet the increasing challenges to our national security.”

At the direction of U.S. Strategic Command, a recent reorganization of authority took place within Air Force Global Strike Command, Rood said. In September, Rand became dual-hatted, assuming the duties of Joint Force Air Component Command, Air Forces Strategic-Air, a position created to streamline authorizations for bomber and intercontinental ballistic missile forces under one line of authority. This, along with other current and future initiatives, are a priority for Rand and Global Strike Command in the continued defense of the nation.

“Modernization of [America’s] nuclear force is absolutely critical,” Rand said. “The key to Global Strike Command’s continued success will remain on our ability to modernize, sustain, and recapitalize our force.”

Looking Toward the Future

The Navy is currently in the process of implementing life-extension programs for defense weapons. Benedict said those programs are on track and within budget constraints. Benedict said existing efforts will ensure effective and credible sea-based deterrents until the 2040s, and the Navy is also taking steps to provide credible weapons systems beyond the 2040s.

The Nuclear Posture Review directs the Navy to begin studies in 2020 to define a cost-effective, credible and effective sea-launched ballistic missile that can be deployed beyond the life of the Columbia-class submarine nuclear weapons system, Benedict said. The first of the Columbia-class submarines, which are to replace the present Ohio-class Trident nuclear submarines, is slated to come into service in 2021.

Benedict added that budget requests included funding for modernization efforts in partnership with the National Nuclear Security Administration to bolster the U.S. deterrence posture.

The NNSA, according to Gordon-Hargerty, has three main objectives, to maintain the safety, security and reliability of the U.S. nuclear weapons stockpile, reduce the threat of nuclear proliferation and nuclear terrorism around the world and provide nuclear propulsion for the Navy’s fleet of aircraft carriers and submarines.

To meet those objectives, Gordon-Hargerty said the president’s fiscal year 19 budget request included increased spending in areas such as weapons activities, defense nuclear nonproliferation and naval reactors.

“This request moves us forward to a deterrent that is modern, robust, flexible, resilient, ready and appropriately tailored to meet current and future uncertainties as outlined in the 2018 Nuclear Posture Review,” she said.

Gordon-Hagerty said this added funding will also provide the resources required to ensure protection of the U.S. and its allies and partners.

“In an increasingly complex and threatening security environment, the DoD must sustain the capabilities needed to deter and defend against attacks on our homeland,” Rood said. “Along with our allies and partners, we must ensure we have the capabilities now, and into the future, to protect our people and the freedoms we so cherish, and are able to engage our adversaries, diplomatically, from a position of strength.”

POTUS and Omnibus, No Line Item Veto?

2232 pages of stupid and everyone should take the time to just scan the $1.3 trillion spending bill. I got to page 184 last night and went to bed mad. There is no line item veto but there should be. President Trump can veto the whole truck load of crap and should. In place of the line item veto, he can wield his pen and sign an Executive Order eliminating countless crazy spending things or suspend some of the acts for the rest of his term. Something like the Food for Progress Act. And we are still bailing out the healthcare insurance companies…. anyway…there is also $687 million to address Russian interference. Just what is that plan?

  1. How about the Cloud Act? Foreign governments get access to our data? WHAT?   2. Okay how about Trump’s “wall funding.” It’s not a wall. It’s repairs, drones and pedestrian fencing – no construction. 3. Then we have the House Freedom Caucus with their letter to President Trump:   So…need more?  Conservative Review has these 10 items for your consideration.Here are the top 10 problems with the bill:

    1) Eye-popping debt: This bill codifies the $143 billion busting of the budget caps, which Congress adopted in February, for the remainder of this fiscal year. This is on top of the fact that government spending already increased $130 billion last year over the final year of Obama’s tenure. Although the Trump administration already agreed to this deal in February, the OMB put out a memo suggesting that Congress appropriate only $10 billion of the extra $63 billion in non-defense discretionary spending. Now it’s up to Trump to follow through with a veto threat. It’s not just about 2018. This bill paves the road to permanently bust the budget caps forever, which will lead to trillions more in spending and cause interest payments on the debt to surge past the cost of the military or even Medicaid in just eight years.

    Keep in mind that all the additional spending will be stuffed into just six months remaining to the fiscal year, not a 12-month period. A number of onerous bureaucracies will get cash booster shots instead of the cuts President Trump wanted.

    Remember when Mick Mulvaney said the fiscal year 2017 budget betrayal was needed so that he could do great things with the fiscal year 2018 budget? Good times.

    2) Bait and switch on the wall: Since this bill increases spending for everything, one would think that at least the president would get the $15 billion or so needed for the wall. No. The bill includes only $641 million for 33 miles of new border fencing but prohibits that funding for being used for concrete barriers. My understanding is that President Trump already has enough money to begin construction for roughly that much of the fence, and pursuant to the Secure Fence Act, he can construct any barrier made from any This actually weakens current law.

    3) Funds sanctuary cities: When cities and states downright violate federal law and harbor illegal aliens, Congress’ silence in responding to it is deafening. Cutting off block grants to states as leverage against this dangerous crisis wasn’t even under discussion, even as many other extraneous and random liberal priorities were seriously considered.

    4) Doesn’t fund interior enforcement: Along with clamping down on sanctuary cities, interior enforcement at this point is likely more important than a border wall. After Obama’s tenure left us with a criminal alien and drug crisis, there is an emergency to ramp up interior enforcement. Trump requested more ICE agents and detention facilities, but that call was ignored in this bill. Trump said that the midterms must focus on Democrats’ dangerous immigration policies. Well, this bill he is supporting ensures that they will get off scot-free.

    5) Doesn’t defund court decisions: Some might suggest that this bill was a victory because at least it didn’t contain amnesty. But we have amnesty right now, declared, promulgated, and perpetuated by the lawless judiciary. For Congress to pass a budget bill and not defund DACA or defund the issuance of visas from countries on Trump’s immigration pause list in order to fight back against the courts is tantamount to Congress directly passing amnesty.

    6) Funds Planned Parenthood: We have no right to a border wall or more ICE funding, but somehow funding for a private organization harvesting baby organs was never in jeopardy or even under discussion as a problem.

    7) Gun control without due process: Some of you might think I’m being greedy, demanding that “extraneous policies” be placed in a strict appropriations bill. Well, gun control made its way in. They slipped in the “Fix NICS” bill, which pressures and incentivizes state and federal agencies to add more people to the system even though there is already bipartisan recognition that agencies are adding people who should not be on the list, including veterans, without any due process in a court of law. They are passing this bill without the House version of the due process protections and without the promised concealed carry reciprocity legislation. Republicans were too cowardly to have an open debate on such an important issue, so they opted to tack it onto a budget bill, which is simply unprecedented. The bill also throws more funding at “school violence” programs when they refuse to repeal the gun-free zone laws that lie at the root of the problem.

    8) More “opioid crisis funding” without addressing the problem: The bill increases funding for “opioid addiction prevention and treatment” by $2.8 billion relative to last year, on top of the $7 billion they already spent in February. This is the ultimate joke of the arsonist pretending to act as the firefighter, because as we’ve chronicled in detail, these funds are being used to clamp down on legitimate prescription painkillers and create a de facto national prescription registry so that government can violate privacy and practice medicine. Meanwhile, the true culprits are illicit drugs and Medicaid expansion, exacerbated by sanctuary cities, as the president observed himself. Yet those priorities are jettisoned from the bill.

    9) Student loan bailout: The bill offers $350 million in additional student loan forgiveness … but only for graduates who take “lower-paid” government jobs or work for some non-profits! This was a big priority of Sen. Elizabeth Warren.  Government created this problem of skyrocketing student debt by fueling it with subsidies and giving the higher education cartel a monopoly of accreditation, among other things. Indeed, this very same bill increases Pell grants by $2 billion. But more money is always the solution, especially when it helps future government workers.

    10) Schumer’s Gateway projects earmark: Conservatives had a wish list of dozens of items, but it’s Schumer’s local bridge and tunnel project that got included. While the bill didn’t contain as much as Schumer asked for (remember the tactic of starting off high), the program would qualify for up to $541 million in new transportation funding. Also, the bill would open up $2.9 billion in grants through the Federal Transit Administration for this parochial project that should be dealt with on a state level. New York has high taxes for a reason.

 

FB’s Zuckerberg Apologizes, Privacy Protection not Solved

Just how literate are you about social media platforms and the use of your keystrokes/interaction on Facebook?

Zuckerberg hopes you are not too literate regarding your data on Facebook and he says he is sorry, wont happen again….really? Media even uses the trending hashtags for their headlines and lead news items applying their own political twist. How about those apps you keep installing? Danger zone? yup…

Everything you do on Facebook is sold elsewhere and other platforms such as Twitter or Instagram is a database and being analyzed. The revenue for these social media companies comes from selling you and you cannot opt out unless you divorce yourself from the relationship and go back to old fashioned communications. Well sorta…

Paul Ford penned an interesting solution below that should begin an interesting debate…

Silicon Valley Has Failed to Protect Our Data. Here’s How to Fix It

It’s time for a digital protection agency. It’s clear ethics don’t scale, and it’s not just Facebook’s problem.
Illustration: Sally Thurer for Bloomberg Businessweek

Over and over in the last 20 years we’ve watched low-cost or free internet communications platforms spring from the good intentions or social curiosity of tech folk. We’ve watched as these platforms expanded in power and significance, selling their influence to advertisers. Twitter, Facebook, LinkedIn, Google—they grew so fast. One day they’re a lovable new way to see kid pix, next thing you know they’re reconfiguring democracy, governance, and business.

Facebook’s recent debacle is illustrative. It turns out that the company let a researcher spider through its social network to gather information on 50 million people. Then the Steve Bannon-affiliated, Robert Mercer-backed U.K. data analysis firm Cambridge Analytica used that data to target likely Trump voters. Facebook responded that, no, this was not a “breach.”

OK, sure, let’s not call it a breach. It’s how things were designed to work. That’s the problem.

For years we’ve been talking and thinking about social networks as interesting tools to model and understand human dynamics. But it’s no longer academic—Facebook has reached a scale where it’s not a model of society as much as an engine of culture. A researcher gained legitimate access to the platform and then just … kept going, and Cambridge Analytica ended up with those 50 million profiles. The “hack” was a true judo move that used the very nature of the platform against itself—like if you gave MacGyver a phone book and he somehow made it into a bomb.

What’s been unfolding for a while now is a rolling catastrophe so obvious we forget it’s happening. Private data are spilling out of banks, credit-rating providers, email providers, and social networks and ending up everywhere.

So this is an era of breaches and violations and stolen identities. Big companies can react nimbly when they fear regulation is actually on the horizon—for example, Google, Facebook, and Twitter have agreed to share data with researchers who are tracking disinformation, the result of a European Union commission on fake news. But for the most part we’re dealing with global entities that own the means whereby politicians garner votes, have vast access to capital to fund lobbying efforts, and are constitutionally certain of their own moral cause. That their platforms are used for awful ends is just a side effect on the way to global transparency, and shame on us for not seeing that.

So are we doomed to let them take our data or that of our loved ones and then to watch as that same data is used against us or shared by hackers? Yes, frankly. We’re doomed. Equifax Inc. sure won’t save us. Do we trust Congress to bring change? Do we trust Congress to plug in a phone charger? I’ll be overjoyed to find out I’m wrong. In the meantime, turn on two-factor authentication everywhere (ideally using a hardware dongle like a YubiKey), invest in a password manager, and hold on tight.

The word “leak” is right. Our sense of control over our own destinies is being challenged by these leaks. Giant internet platforms are poisoning the commons. They’ve automated it. Take a non-Facebook case: YouTube. It has users who love conspiracy videos, and YouTube takes that love as a sign that more and more people would love those videos, too. Love all around! In February an ex-employee tweeted: “The algorithm I worked on at Google recommended [InfoWars personality and lunatic conspiracy-theory purveyor] Alex Jones’ videos more than 15,000,000,000 times, to some of the most vulnerable people in the nation.”

The head of YouTube, Susan Wojcicki, recently told a crowd at SXSW that YouTube would start posting Wikipedia’s explanatory text next to conspiracy videos (like those calling a teen who survived the Parkland, Fla., shooting a “crisis actor”). Google apparently didn’t tell Wikipedia about this plan.

The activist and internet entrepreneur Maciej Ceglowski once described big data as “a bunch of radioactive, toxic sludge that we don’t know how to handle.” Maybe we should think about Google and Facebook as the new polluters. Their imperative is to grow! They create jobs! They pay taxes, sort of! In the meantime, they’re dumping trillions of units of toxic brain poison into our public-thinking reservoir. Then they mop it up with Wikipedia or send out a message that reads, “We take your privacy seriously.”

Given that the federal government is currently one angry man with nuclear weapons and a Twitter account, and that it’s futile to expect reform or self-regulation from internet giants, I’d like to propose something that will seem impossible but I would argue isn’t: Let’s make a digital Environmental Protection Agency. Call it the Digital Protection Agency. Its job would be to clean up toxic data spills, educate the public, and calibrate and levy fines.

How might a digital EPA function? Well, it could do some of the work that individuals do today. For example, the website of Australian security expert Troy Hunt, haveibeenpwned.com (“pwned” is how elite, or “l33t,” hackers, or “hax0rs,” spell “owned”), keeps track of nearly 5 billion hacked accounts. You give it your email, and it tells you if you’ve been found in a data breach. A federal agency could and should do that work, not just one very smart Australian—and it could do even better, because it would have a framework for legally exploring, copying, and dealing with illegally obtained information. Yes, we’d probably have to pay Booz Allen or Accenture or whatever about $120 million to get the same work done that Troy Hunt does on his own, but that’s the nature of government contracting, and we can only change one thing at a time.

When it comes to toxic data spills, it’s hard to know just how exposed you are. Literally all of us have been hacked—hard and a lot and mostly behind our backs. At least we could start to understand how bad it is. We could teach high school students to check the DPA site, to manage their own breaches. You’d go to the website to get good information about recovering from identity theft or a new social security number (we should also get rid of social security numbers as identification, but that’s another subject). It would have the forms you need to restore your identity, assert that you’d been hacked, and protect yourself. A nice thing for a government to do.

Let’s keep going! Imagine ranking banks and services by the number of data breaches they’ve experienced. Or a national standard for disclosure of how our private information is shared. (These ideas have been floated before in lots of different forms; the point is, how nice would it be if there was one government agency insisting on it in the same way that we have nutrition labels and calorie counts on our packaged foods?) The Consumer Financial Protection Bureau was headed in this direction—if it can survive the current maelstrom, maybe its mandate could be expanded.

So: Lots of helpful information, plenty of infographics, a way to track just how badly you’ve been screwed, and, ideally, some teeth—the DPA needs to be able to impose fines. I’m sure there’d be some fuss and opposition, but, come on. The giants have so much money it would hardly matter. And consider this from their perspective: How much better will it be to have your lawyers negotiate with the DPA’s lawyers instead of being hauled before Congress every time someone blows a whistle on your breaches?

The EPA’s budget is more than $8 billion, a little on the high side for the digital version. You could pull this off with $15 million or $20 million for tech infrastructure and to support a team—four engineers to build the platform, some designers, and then a few dozen graphic artists to make the charts and tables. Add on $2 billion for management and lawyers, and you’ve got yourself a federal agency.

I know that when you think of a Superfund site, you think of bad things, like piles of dead wildlife or stretches of fenced-off, chemical-infused land or hospital wings filled with poisoned families. No one thinks about all the great chemicals that get produced, or the amazing consumer products we all enjoy. Nobody sets out to destroy the environment; they just want to make synthetic fibers or produce industrial chemicals. The same goes for our giant tech platforms. Facebook never expected to be an engine that destroys America. Lots of nice people work there. Twitter didn’t expect to become the megaphone of despots and white nationalists. But the simple principles of “more communication is better” and “let’s build community” and “we take your privacy seriously” didn’t stand a chance under the pressure of hypergrowth and unbelievable wealth creation.

Unfortunately, ethics don’t scale as well as systems. We’ve poisoned ourselves, and more than a little. Given the money and power at stake, it’s going to be hard to get everyone to admit we’re sick. But we owe ourselves—and, cliché though it may be, we owe our children—to be more pragmatic about treating the symptoms.