The Secrets and Aliases of Obama Admin

Thank you Kimberley but it appears to the rest of the country, the secreted Obama administration goes way beyond emails and aliases. We can start with Fast and Furious and the IRS scandal is by no means the end.

The Obama Secrets Regime

Republicans ban the IRS from private email. But why not all federal employees?

By KIMBERLEY A. STRASSEL

WSJ: Some scandals come on fast, and some creep up on Washington. The slow-rolling outrage of 2015—Obama administration secrecy—received a small correction in this week’s omnibus budget bill, but it deserves far more attention. It’s time for the federal government to come back on the grid.

A steady drip of news has shown that for seven years now, the highest (and lowest) echelons of the Obama administration have conducted the people’s business in secret, via private email addresses and other hidden electronic means. They’ve been doing so in contravention of department guidelines, executive orders and statutes that require record-keeping and public accountability. Since those rules are well known and understood, it has to be assumed that they’ve been doing it purposely, to hide their actions.

The New York Times on Thursday revealed the latest email-hider: Defense Secretary Ash Carter. Mr. Carter was confirmed in February, and from the start used a private account to correspond with aides about everything from legislation to media appearances. He may well have discussed far more serious, classified matters, but we don’t know. That’s because we must rely on Mr. Carter’s word that he turned all his work correspondence over to the Defense Department. Just as we must trust that Hillary Clinton didn’t delete anything official from the private server she used as secretary of state.

Speaking of the Democratic front-runner, it seems that Mr. Carter continued to use his private email account for two full months after the news broke about Mrs. Clinton’s ether escapades. So the defense secretary either a) doesn’t read the news; b) thinks rules apply to him even less than they do Mrs. Clinton; or c) felt the secrecy afforded was worth the risk of getting caught. It seems Mr. Carter didn’t stop until White House Chief of Staff Denis McDonough—who was watching the Hillary explosion—told him in May to cut it out.

Secrecy aside, this marks the second top Obama national-security official to be caught winging around potentially sensitive information on unsecured email. Mr. Carter has presumably sat in on a few briefings about the growing threat from hackers and the urgent need for better cybersecurity.

One irony of these scandals is that, in seeking to keep government business secret from Americans, officials make it more available to foreign enemies.

Former EPA Administrator Lisa Jackson used private email accounts. She and Agriculture Secretary Tom Vilsack also used email aliases, making it harder for Freedom of Information Act filers to track down correspondence. Former Health and Human Services Secretary Kathleen Sebelius used private email. As did former Acting Labor Secretary Seth Harris, who had three private accounts.

The head of the Chemical Safety Board used a private account and didn’t preserve the correspondence. High-ranking Justice Department officials—including the former head of the criminal division—were off the government grid. Disgraced former IRS official Lois Lerner used two off-reservation email addresses, as well as an internal instant-messaging service that didn’t archive conversations.

When the folks at the top routinely break the rules, the folks lower down figure they get to as well. Mrs. Clinton’s aides conducted business off government servers. A former EPA official strategized over private email with environmental groups about how to shut down the proposed Pebble Mine in Alaska. Attorney Chris Horner, of the Energy and Environment Legal Institute, recently unearthed emails showing an EPA official working with outside groups over private email to draft Mr. Obama’s climate regulations.

The Government Business Council this year interviewed 412 “high-level” federal executives about private email. A full one-third admitted it is used at least “sometimes” for government work. (The number was 41% at the Defense Department.) Only 18% said private email is “never” used. And 31% admitted these emails aren’t archived—meaning a big chunk of government business has been deleted from the public record.

Republicans this week included in the omnibus bill a rider that bars IRS employees from using private email for work. The question is why they stopped there. Conservatives complain ceaselessly about the Obama administration’s extralegal or abusive practices, and the record shows a main conduit for these shenanigans is private email. Since we can have no confidence they will provide a full record of their private correspondence, the wiser course is to bar it entirely. For every federal employee.

The best excuse any Obama official has been able to come up with for these accounts is “convenience”—and that’s a hoot in today’s world of easy-to-use technology. More to the point, who ever said federal employees are due “convenience”? They aren’t the average American. Quite the opposite. They serve the average American, and a core duty is to create a public record of their work. If Republicans want a 2016 issue that will resonate with the public, here’s one: End the Obama Secrets Regime.

One last thing….a new release of some Hillary emails and she was told her Blackberry was not an acceptable means of communication by officials at her State Department. She ignored it all.

foia black

A Money Trail: Iran to Hamas to Islamic State

For Hamas and Islamic State, the common enemy is Egypt. Prime Minister Netanyahu of Israel spoke truth to power on this relationship months ago.

Analysis: Money Trail Leads From Iran to ISIS, by Way of Hamas

TheTower: A report published Monday in Ynet that documents ties between Hamas and the Sinai-based branch of ISIS also shows Iran’s role in supporting ISIS.

Israel’s security establishment has pointed out a clear paradox in this dangerous collaboration: the bulk of Hamas’ financial support comes from Iran, which is persistently fighting ISIS in Syria and Iraq. Many Iranians have already been killed on the frontline of this battle. Furthermore, the Iranians are specifically funding the Gaza front against ISIS’s Sinai branch – via Hamas.

The Times of Israel reported in September that Iran, in expectation of the sanctions relief it would receive under terms of the nuclear deal, was smuggling “suitcases of cash” to Hamas so that the terror group could upgrade its arsenal.

Since the deal was signed, Iran has significantly increased its financial support for two of the largest terror groups in the region that have become political players, Hamas and Hezbollah. In the years before the deal was signed, the crippling sanctions limited this support, which had significantly diminished along with Iran’s economy. But Tehran’s belief that tens, or hundreds, of billions of dollars will flow into the country in the coming years as a result of sanctions relief has led to a decision to boost the cash flow to these terror organizations.

At around the same time, Major General Ataollah Salehi, the commander-in-chief of Iran’s armed forces, boasted of the support Iran was giving to terror groups such as Hamas and Hezbollah to help them fight terror wars against Israel.

The Ynet article, coming a week after the leader of ISIS’s Sinai branch was reported in Gaza, highlighted the operational cooperation between Hamas and ISIS. Hamas has been giving funds, received from Iran, to ISIS to finance its operations. Hamas has also provided training to ISIS and treated ISIS terrorists in Gaza hospitals. In return, ISIS has helped Hamas smuggle weapons into Gaza.

Because Hamas has a clear hierarchy and command structure, it is highly unlikely that funds would go to ISIS without approval from both the highest echelons of Hamas and their funders in Iran.

  • Hamas’ military wing in the Gaza Strip has been transferring tens of thousands of dollars a month to the Islamic State group’s Sinai branch over the past year, via one of its emissaries.
  • The transfer of cash is just one part of the military and strategic cooperation between the two groups. The finances of Hamas’ military arm, the Izz ad-Din al-Qassam Brigades, are independent of those of the organization’s political bureau. Hamas is paying the Islamic State militants in Egypt to secure weapons shipments being smuggled through the Sinai to Gaza. More details here.

Juniper Hacked, Several Govt Agencies at Risk

Backdoor Code Found in Firewall

Engadget: One of the reasons corporate users and the privacy-minded rely on VPNs is to control access to their networks and (hopefully) not expose secrets over insecure connections. Today Juniper Networks revealed that some of its products may not have been living up to that standard, after discovering “unauthorized code” in the software that runs on its NetScreen firewalls during a code review. Pointed out by security researcher “The Grugq,” the backdoor has been present since late 2012 and can only be fixed by upgrading to a new version of software just released today.

Telnet / ssh exposes a backdoor added by attackers to ScreenOS source code. This has been there since August 2012. Noted code here.

The pair of issues that created the backdoor would allow anyone who knows about it to remotely log in to the firewall as an administrator, decrypt and spy on supposedly secure traffic, and then remove any trace of their activity. Obviously this is a Very Bad Thing, although Juniper claims it has not heard of any exploitation in the wild (which would be difficult, since no one knew it existed and attackers could hide their traces) so far.

Beyond sending IT people sprinting to patch and test their setups, now we can all speculate about which friendly group of state-sponsored attackers is responsible. US government officials have recently been pushing for mandated backdoor access to secure networks and services, but the Edward Snowden saga made clear that even our own country’s personnel aren’t always going to ask permission before snooping on any information they want to check out. I contacted Juniper Networks regarding the issue, but have not received a response at this time.

Update: A Juniper Networks spokesperson told us:

During a recent internal code review, Juniper discovered unauthorized code in ScreenOS® that could allow a knowledgeable attacker to gain administrative access and if they could monitor VPN traffic to decrypt that traffic. Once we identified these vulnerabilities, we launched an investigation and worked to develop and issue patched releases for the impacted devices. We also reached out to affected customers, strongly recommending that they update their systems and apply the patched releases with the highest priority.

The patched releases also address an SSH bug in ScreenOS that could allow an attacker to conduct DoS attacks against ScreenOS devices. These two issues are independent of each other.

Newly discovered hack has U.S. fearing foreign infiltration

Washington (CNN) A major breach at computer network company Juniper Networks has U.S. officials worried that hackers working for a foreign government were able to spy on the encrypted communications of the U.S. government and private companies for the past three years.

The FBI is investigating the breach, which involved hackers installing a back door on computer equipment, U.S. officials told CNN. Juniper disclosed the issue Thursday along with an emergency security patch that it urged customers to use to update their systems “with the highest priority.”

The concern, U.S. officials said, is that sophisticated hackers who compromised the equipment could use their access to get into any company or government agency that used it.

One U.S. official described it as akin to “stealing a master key to get into any government building.”

The breach is believed to be the work of a foreign government, U.S. officials said, because of the sophistication involved. The U.S. officials said they are certain U.S. spy agencies themselves aren’t behind the back door. China and Russia are among the top suspected governments, though officials cautioned the investigation hasn’t reached conclusions.

It’s not yet clear what if any classified information could be affected, but U.S. officials said the Juniper Networks equipment is so widely used that it may take some time to determine what damage was done.

A senior administration official told CNN, “We are aware of the vulnerabilities recently announced by Juniper. The Department of Homeland Security has been and remains in close touch with the company. The administration remains committed to enhancing our national cybersecurity by raising our cyber defenses, disrupting adversary activity, and effectively responding to incidents when they occur.”

Juniper Networks’ security fix is intended to seal a back door that hackers created in order to remotely log into commonly used VPN networks to spy on communications that were supposed to be among the most secure. A free trial vpn has been helpful for those new to the VPN world to decide if it is right for them.

Juniper said that someone managed to get into its systems and write “unauthorized code” that “could allow a knowledgeable attacker to gain administrative access.”

Such access would allow the hacker to monitor encrypted traffic on the computer network and decrypt communications.

Juniper sells computer network equipment and routers to big companies and to U.S. government clients such as the Defense Department, Justice Department, FBI and Treasury Department. On its website, the company boasts of providing networks that “US intelligence agencies require.”

Its routers and network equipment are widely used by corporations, including for secure communications. Homeland Security officials are now trying to determine how many such systems are in use for U.S. government networks.

Juniper said in its security alert that it wasn’t aware of any “malicious exploitation of these vulnerabilities.” However, the alert also said that attackers would leave behind no trace of their activity by removing security logs that would show a breach.

“Note that a skilled attacker would likely remove these entries from the log file, thus effectively eliminating any reliable signature that the device had been compromised,” the Juniper security alert said. If encrypted communications were being monitored, “There is no way to detect that this vulnerability was exploited,” according to the Juniper security alert.

According to a Juniper Networks spokeswoman’s statement, “Once we identified these vulnerabilities, we launched an investigation and worked to develop and issue patched releases for the impacted devices. We also reached out to affected customers, strongly recommending that they update their systems.”

U.S. officials said it’s not clear how the Juniper source code was altered, whether from an outside attack or someone inside.

The work to alter millions of lines of source code is sophisticated. The system was compromised for three years before Juniper uncovered it in a routine review in recent weeks.

Juniper said it was also issuing a security fix for a separate bug that could allow a hacker to launch denial-of-service attacks on networks.

Saudi Led Coalition vs. Islamic States, Big Questions

Audio interviews of attitudes of the newly announced Saudi coalition against Islamic State and terrorism in the region.

BBC: Saudi Arabia is part of the US-led coalition against IS and is also leading a military intervention in Yemen against Shia Houthi rebels.
The list of 34 members: Saudi Arabia, Bahrain, Bangladesh, Benin, Chad, Comoros, Djibouti, Egypt, Gabon, Guinea, Ivory Coast, Jordan, Kuwait, Lebanon, Libya, Malaysia, Maldives, Mali, Morocco, Mauritania, Niger, Nigeria, Pakistan, the Palestinians, Qatar, Senegal, Sierra Leone, Somalia, Sudan, Togo, Tunisia, Turkey, United Arab Emirates and Yemen.
A joint operations centre is to be established in the Saudi capital, Riyadh, state media reported.
Countries from Asia, Africa and the Arab world are involved in the alliance but Saudi Arabia’s main regional rival Iran is not.
It comes amid international pressure for Gulf Arab states to do more in the fight against so-called Islamic State.
Saudi Defence Minister Mohammed bin Salman said the new alliance would co-ordinate efforts against extremists in Iraq, Syria, Libya, Egypt and Afghanistan.
Neither Iraq nor Syria, whose governments are close to Shia-ruled Iran, are in the coalition, nor is Afghanistan.


Two things stand out immediately about this new Saudi-based Islamic Coalition.
The Shia-majority nations of Iran and Iraq are noticeably absent, as is their ally Syria.
It is far from clear how, in practice, the coalition would conduct counter-terrorism operations in IS-plagued Iraq and Syria without the agreement of those governments.
Secondly, there is the question of the exact definition of terrorism. The Saudi authorities’ interpretation of it extends far beyond the violent actions of armed insurgents.
Recent legislation has branded peaceful opposition activists and reformers, whether online or in the street, as suspected “terrorists” and a security risk to the state.

***

CBC: Saudi Arabia’s defence minister gave a rare press conference on Tuesday to announce a new military coalition of 34 Muslim countries, led by Saudi Arabia, to fight terrorism in the region. The coalition includes a broad range of countries including the United Arab Emirates, Turkey, Egypt and Sudan.

The announcement was welcomed by some, and met with skepticism by others, given that Saudi Arabia has long been accused of turning a blind eye to support for terrorism coming from inside its own borders.

By Wednesday, several of the countries involved, including Pakistan and Malaysia, expressed confusion at having been named as members of a military coalition, and began distancing themselves from the commitment.

Aya Batrawy reports on the Arabian Peninsula for the Associated Press. She was in Riyadh, Saudi Arabia.

David A. Weinberg is skeptical of Saudi Arabia’s new military coalition. He is a senior fellow at the Foundation for Defence of Democracies in Washington.

For a sense of how the American government might be thinking, we were joined by James B. Smith. He was the U.S. ambassador to Saudi Arabia from 2009 to 2013. He’s now the president of the policy consulting firm C and M International in Washington.

We did make multiple requests for comment from the Saudi Arabian embassy in Canada, but we did not receive a response. The Saudi embassy to the United States declined our request for an interview.

Hagel: WH Worked to Destroy Me

Hagel: The White House Tried to ‘Destroy’ Me