US has Recovered Ransom Payment of the Colonial Pipeline Hack

Just last month, this site posted a detailed article about the fallout of DarkSide, the hackers of the Colonial Pipeline. In short, U.S. officials seized at least two servers.

Now there is more….like the ransom payment, not all of it, but $2.3 million in real dollars, remember it was paid in cryptocurrency. (Remember, money was paid out to all the dark actors of the DarkSide)

“In addition, a couple of hours after the seizure, funds from the payment server (belonging to us and our clients) were withdrawn to an unknown account,” the DarkSide ransomware operation told its affiliates.

DarkSide: New targeted ransomware demands million dollar ...

****

(AP) — The Justice Department has recovered the majority of a multimillion-dollar ransom payment to hackers after a cyberattack that caused the operator of the nation’s largest fuel pipeline to halt its operations last month, officials said Monday.

The operation to recover the cryptocurrency from the Russia-based hacker group is believed to be the first of its kind, and reflects what U.S. officials say is an increasingly aggressive approach to deal with a ransomware threat that in the last month has targeted critical industries around the world.

“By going after an entire ecosystem that fuels ransomware and digital currency, we will continue to use all of our tools and all of our resources to increase the costs and the consequences of ransomware attacks and other cyber-enabled attacks,” Deputy Attorney General Lisa Monaco said at a news conference announcing the operation.

Georgia-based Colonial Pipeline, which supplies roughly half the fuel consumed on the East Coast, temporarily shut down its operations on May 7 after a gang of criminal hackers known as DarkSide broke into its computer system.

Colonial officials have said they took their pipeline system offline before the attack could spread to its operating system, and decided to pay a roughly $4.4 million ransom in an effort to bring itself back online as soon as it could.

The FBI generally discourages the payment of ransom, fearing it could encourage additional hacks.

But What is NOT in Fauci’s Emails?

That is the question(s)…

While many are calling for the resignation of Dr. Anthony Fauci, I say hold on. Why? Often, in fact most often, former government employees rarely are investigated, charged or prosecuted. I say just suspend him without pay until a full commission is launched.

There are all kinds of people reading through all the released Fauci emails and rightly so. While reading through many articles and posts relating to the emails where so appear to be smoking guns…we must consider what is not in the emails.

As Joe Biden has ordered the intelligence agencies to go through a full review and report back, a long application of strategic thinking is also in order. The reader is invited to ask their own questions in the comments section of this post.

For some context and courtesy of Bloomberg News in part:

No matter where the inquiry leads, the history of lab safety shows, at the very least, that leaks of pathogens have happened in the past — sometimes with deadly consequences. It also shows that even transparent, thorough investigations into the origins of an outbreak can end in uncertainty.

By the late 1970s, smallpox had been eradicated in nature, but work on it continued in a handful of labs around the world, including a facility in Birmingham, England, which had access to a particularly virulent strain. In the summer of 1978, a medical photographer working there named Janet Parker fell ill. When pustules spread across her upper body, a local doctor diagnosed it as a bad case of chickenpox.

It was the third leak of smallpox that decade from a British lab. The British government moved aggressively to contain the outbreak, quarantining hundreds of people and vaccinating many more. Thanks to their efforts, only one other person — Parker’s mother — developed the disease. But Parker died an excruciating, lonely death in an isolation ward — the last known victim of smallpox.

But there were other victims. At the time, the newspapers covering the episode fixated on the director of the laboratory, an expert on pox viruses named Henry Bedson. Despite an absence of evidence, the press blamed him for the outbreak. Quarantined at home and despondent, Bedson went out to his garden shed and slit his own throat; he died soon afterward.

The British government commissioned a thorough investigation into the outbreak. It turned up evidence that Bedson may not have observed sufficient safety protocols and speculated that Parker must have somehow contracted smallpox through contamination in the air ducts. Later, a lawsuit effectively refuted this explanation, leading to the unsettling possibility that Parker herself may have entered one of the work spaces without proper protection. The debate continues to this day.

When lab leaks take place in a secretive society, the difficult job of confirming the source of an outbreak gets much harder. A good case in point was the infamous anthrax outbreak in Sverdlovsk, an isolated city in the Soviet Union.

In 1979, rumors of anthrax killing dozens — or even thousands — began trickling out to the West. Later that year, Soviet journals confirmed some of these reports, noting that upward of a hundred people had contracted anthrax after ingesting contaminated meat; over 60 had died. A tragedy, yes, but perhaps inevitable: Anthrax was endemic in local animal populations.

Intelligence officials in the U.S. weren’t convinced. Satellite imagery showed what looked like decontamination trucks around the city, with considerable activity focused on a mysterious military facility known as Compound 19. CIA analysts hypothesized that the Soviets had mistakenly released a weaponized form of anthrax. More here.

***

Remember, Dr. Fauci has the Director of the NIAID since 1984. He not only knows the history of super bugs and pandemics but he also has access to the files and documentation of global laboratories and scientists.

Can we quit saying ‘lab leaks’, which infers an accident? Perhaps ‘released’ should replace ‘leak’. Anyway, moving on.

Exactly why was the CIA not called in by Fauci or the suggestion of that in 2019 or earlier like around the time of the warning cables that were sent by U.S. Embassy officials back to the State Department in 2018?

How come Dr. Fauci’s emails did not include communication exchanges with other countries that provided big financial aid to the Wuhan Lab like France and Canada?

As the Public Health Agency of Canada refuses to release uncensored internal documents, a Conservative MP says he wants to know how far Canada’s collaboration with China on Level-4 pathogens went — and why two federal scientists were let go by the National Microbiology Lab in Winnipeg in January.

“We need these documents. We need to know what the Government of Canada was doing through the National Microbiology Lab in Winnipeg with respect to cooperating with the Wuhan Institute of Virology in Wuhan, China,” Conservative foreign affairs critic Michael Chong said during a special parliamentary committee hearing on Canada-China relations Monday night.

The special committee has demanded to know why two federal government scientists were escorted out of Canada’s only Level 4 Lab in July 2019, just four months after one of them shipped samples of the Ebola and Henipah viruses to the Wuhan Institute of Virology in China — stories first published by CBC News.

Two months after that shipment, on May 24, 2019, the Public Health Agency of Canada (PHAC) referred an “administrative matter” to RCMP that resulted in the removal of two Chinese research scientists — Xiangguo Qiu and her husband, Keding Cheng — and several international students on July 5.

No where in the Fauci emails is the request for the medical files of ‘patient zero’ or of any Chinese scientists that fell ill or died. Why?

Did Dr. Fauci reach out to the Galveston National Laboratory which is part of the University of Texas for any pandemic details? Not so much, why?

Galveston bio lab explains connections to Wuhan | Local ...

How come Dr. Fauci only had Dr. Deborah Birx as an addition to the White House Virus Task Force and other virology experts were not called on like other world health leaders?

How about any references to expert white papers that Dr. Fauci made? He only said data…what data?

There are hundreds of questions and standing up a full commission is past due. Meanwhile, suspect the doctor and start the real interviews and subpoenas. There are likely hundreds if not thousands more across the world that know more with evidence….Dr. Fauci makes no email inquiries and the same goes for the intelligence agencies, unless they have and that is being embargoed too.

SCOTUS Unanimous Decision on Temporary Protective Status

There have been several unanimous decisions out of the Supreme Court lately and this one is curious. The progressive Jurist Elena Kagan wrote this on regarding immigrants obtaining a green cards status….simple description….NO, they can’t have one.

Sounds good…but hold on.

And remember –> The Trump administration has ordered an end to TPS benefits for nearly all immigrants who had them, stating that the program is meant to provide temporary rather than long-term relief. But a series of lawsuits challenging the administration’s decision have blocked those orders from taking effect, giving the vast majority of these immigrants a reprieve until early 2021.

Immigrants from 10 nations have Temporary Protected Status

LATimes:

The Supreme Court on Monday dealt a setback to hundreds of thousands of immigrants who have so-called temporary protected status, ruling they can’t have a green card if they entered the country illegally.

That means TPS recipients who entered the county legally as students or tourists, and stayed under TPS may obtain a green card, said Justice Elena Kagan. But the same is not true of those who entered illegally.

“Because a grant of TPS does not come with a ticket of admission,” she wrote in Sanchez vs. Mayorkas, “it does not eliminate the disqualifying effect of an unlawful entry.”

Temporary protected status has been extended to about 320,000 immigrants from El Salvador, Haiti, Honduras, Nepal, Nicaragua and Sudan.

But lower courts had been divided over whether these migrants, many of whom have lived here for decades, may apply for and receive lawful permanent status. Four years ago, the 9th Circuit Court in California ruled that TPS recipients were eligible for green cards even if they entered the country illegally.

The case decided by the Supreme Court began when Jose Sanchez and his wife, Sonia Gonzalez, sought green cards. They arrived from El Salvador in the late 1990s, established lives and careers in New Jersey and had four sons. But they were not lawfully admitted.

Kagan said Congress is considering legislation that would allow such TPS recipients to obtain lawful permanent resident status, but only Congress, not the court, can change the law in this respect.

“Sanchez was not lawfully admitted, and his TPS does not alter that fact,” she wrote. “He therefore cannot become a permanent resident of this country.”

***

When can the Secretary designate a country for TPS?

The Secretary can designate a country for TPS due to:

  • Ongoing armed conflict (such as civil war),
  • An environmental disaster (such as earthquake or hurricane), or an epidemic, or
  • Other extraordinary and temporary conditions.

Who is eligible for TPS?

TPS can be granted to an individual who is a national of a designated country, has filed for status during a specified registration period, and who has been continuously physically present in the U.S. since a designated date.

What are the benefits of TPS?

During a designated period, TPS holders are:

  • Not removable from the U.S. and not detainable by DHS on the basis of his or her immigration status,
  • Eligible for an employment authorization document (EAD), and
  • Eligible for travel authorization.

How many individuals are currently granted TPS?

The U.S. currently provides TPS to over 400,000 foreign nationals from the following countries, not including individuals from Venezuela and Burma as they were just recently designated:

Country Estimated Number
Venezuela 323,000 eligible
El Salvador 251,567
Honduras 80,709
Haiti 56,453
Nepal 14,575
Syria 7,010
Nicaragua 4,526
Yemen 1,465
Sudan 805
Somalia 465
South Sudan 83
Burma N/A

Where do TPS holders live?

TPS holders reside all over the United States. The largest populations of TPS holders live in California (17.95%), Florida (13.75%), Texas (12.88%), New York (12.33%), and Virginia (6.75%). Most TPS holders from El Salvador live in the Washington, DC (32,359), Los Angeles (30,415) and New York (23,168) metropolitan areas. Honduran TPS holders live mostly in the New York (8,818), Miami (7,467) and Houston (6,060) metropolitan areas. Haitian TPS holders live mainly in the Miami (16,287), New York (9,402) and Boston (4,302) metropolitan areas. source

We have no idea how many people have been granted TPS, there are only estimates as noted here.

(From uscis.gov website)

Schumer and Dark Money Called Majority Forward Investigation

Points back again to that pesky Marc Elias –>

Majority Forward was incorporated in June by Perkins Coie lawyer Marc Elias, who represents Senate Majority PAC.

Elias, who is also general counsel for the campaign of Democratic presidential candidate Hillary Clinton, said Friday night he could not immediately comment.

Forward Majority | Millennial Politics

FNC: A dark money group aligned with Senate Majority Leader Chuck Schumer, D-N.Y., is facing an Internal Revenue Service complaint from a liberal watchdog group for concealing their political activity where they attempted to damper GOP election turnout for certain races in 2018.

Recently released tax records from the liberal nonprofit Majority Forward showed the dark money group gave $2.7 million to a different nonprofit, the Coalition for a Safe and Secure America (CSSA), in 2018, according to Axios.

Majority Forward is part of the Senate Majority PAC, serving as its nonprofit arm. The $2.7 million it gave made up the majority of the $4 million raised by CSSA that year.

CSSA converted that money into multiple direct-mailing campaigns and digital advertisements during the 2018 midterm cycle targeting Republican lawmakers, including Sens. Josh Hawley, R-Mo., and Mike Braun, R-Ind.

The ads were deceptive in their nature, claiming the candidates had changed their position on central conservative tenets, and were posted to state-specific Facebook pages.

The ads led to the liberal watchdog group Citizens for Responsibility and Ethics in Washington (CREW) to file an IRS complaint against CSSA. Majority Forward also recently admitted it left off legally required disclosures from direct-mail pieces in the 2018 midterm cycle.

“Coalition for a Safe Secure America appears to have falsely told the IRS they were not involved in politics. Dark money groups too often bypass the law in their efforts to secretly and improperly influence who is elected,” CREW president Noah Bookbinder said in a statement published last month. “We urge the IRS to open an investigation into Coalition for a Safe Secure America and take swift and appropriate action for any potential violations.”

CSSA’s ad targeting Hawley accused him of siding “with Washington liberals against gun owners.” Braun was labeled “Tax-Hike-Mike.”

Additionally, former Sen. Dean Heller, R-Nev., and Rep. Matt Rosendale, R-Mont., were targeted by its ads during the 2018 cycle. Heller and Rosendale both lost their races.

Heller was charged with allowing “almost 200,000 foreign workers a backdoor entry into our country.” Rosendale was accused of supporting “drone monitoring” while running for a Montana Senate seat.

Some of the ads also promoted Libertarian Party candidates to siphon votes away from the targeted Republicans.

Majority Forward was able to finance the ads while hiding its true reasons behind the ads through loopholes in campaign finance laws that allowed limited political activity from nonprofits.

Feds Seized 2 Cyber Domains of Hackers/SolarWinds

DOJ:

Domain Names Were in Part Used to Control a Cobalt Strike Software Tool that the Actors Implanted on Victim Networks

WASHINGTON – On May 28, pursuant to court orders issued in the Eastern District of Virginia, the United States seized two command-and-control (C2) and malware distribution domains used in recent spear-phishing activity that mimicked email communications from the U.S. Agency for International Development (USAID). This malicious activity was the subject of a May 27 Microsoft security alert, titled “New sophisticated email-based attack from Nobelium,” and a May 28 FBI and Cybersecurity and Infrastructure Security Agency joint cybersecurity advisory.

The Department’s seizure of the two domains was aimed at disrupting the malicious actors’ follow-on exploitation of victims, as well as identifying compromised victims. However, the actors may have deployed additional backdoor accesses between the time of the initial compromises and last week’s seizures.

“Last week’s action is a continued demonstration of the Department’s commitment to proactively disrupt hacking activity prior to the conclusion of a criminal investigation,” said Assistant Attorney General John C. Demers for the Justice Department’s National Security Division. “Law enforcement remains an integral part of the U.S. government’s broader disruption efforts against malicious cyber-enabled activities, even prior to arrest, and we will continue to evaluate all possible opportunities to use our unique authorities to act against such threats.”

“Cyber intrusions and spear-phishing email attacks can cause widespread damage throughout affected computer networks, and can result in significant harm to individual victims, government agencies, NGOs, and private businesses,” said Acting U.S. Attorney Raj Parekh for the Eastern District of Virginia. “As demonstrated by the court-authorized seizure of these malicious domains, we are committed to using all available tools to protect the public and our government from these worldwide hacking threats.”

“Friday’s court-authorized domain seizures reflect the FBI Washington Field Office’s continued commitment to cyber victims in our region,” said Assistant Director in Charge Steven M. D’Antuono of the FBI’s Washington Field Office. “These actions demonstrate our ability to quickly respond to malicious cyber activities by leveraging our unique authorities to disrupt our cyber adversaries.”

“The FBI remains committed to disrupting this type of malicious cyber activity targeting our federal agencies and the American public,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division. “We will continue to use all of the tools in our toolbelt and leverage our domestic and international partnerships to not only disrupt this type of hacking activity but to impose risk and consequences upon our adversaries to combat these threats.”

On or about May 25, malicious actors commenced a wide-scale spear-phishing campaign leveraging a compromised USAID account at an identified mass email marketing company. Specifically, the compromised account was used to send spear-phishing emails, purporting to be from USAID email accounts and containing a “special alert,” to thousands of email accounts at over one hundred entities. More here.

Solarwinds Management Tools - Full Control Networks source

More details on the backstory of SolarWinds

“This release includes bug fixes, increased stability and performance improvements.”

The routine software update may be one of the most familiar and least understood parts of our digital lives. A pop-up window announces its arrival and all that is required of us is to plug everything in before bed. The next morning, rather like the shoemaker and the elves, our software is magically transformed.

Last spring, a Texas-based company called SolarWinds made one such software update available to its customers. It was supposed to provide the regular fare — bug fixes, performance enhancements — to the company’s popular network management system, a software program called Orion that keeps a watchful eye on all the various components in a company’s network. Customers simply had to log into the company’s software development website, type a password and then wait for the update to land seamlessly onto their servers.

The routine update, it turns out, is no longer so routine.

Hackers believed to be directed by the Russian intelligence service, the SVR, used that routine software update to slip malicious code into Orion’s software and then used it as a vehicle for a massive cyberattack against America.

“Eighteen thousand [customers] was our best estimate of who may have downloaded the code between March and June of 2020,” Sudhakar Ramakrishna, SolarWinds president and CEO, told NPR. “If you then take 18,000 and start sifting through it, the actual number of impacted customers is far less. We don’t know the exact numbers. We are still conducting the investigation.”

On Thursday, the Biden administration announced a roster of tough sanctions against Russia as part of what it characterized as the “seen and unseen” response to the SolarWinds breach.

NPR’s months-long examination of that landmark attack — based on interviews with dozens of players from company officials to victims to cyber forensics experts who investigated, and intelligence officials who are in the process of calibrating the Biden administration’s response — reveals a hack unlike any other, launched by a sophisticated adversary who took aim at a soft underbelly of digital life: the routine software update.

By design, the hack appeared to work only under very specific circumstances. Its victims had to download the tainted update and then actually deploy it. That was the first condition. The second was that their compromised networks needed to be connected to the Internet, so the hackers could communicate with their servers.

For that reason, Ramakrishna figures the Russians successfully compromised about 100 companies and about a dozen government agencies. The companies included Microsoft, Intel and Cisco; the list of federal agencies so far includes the Treasury, Justice and Energy departments and the Pentagon.