Author Archives: Denise Simon

Iran’s Cyber Forces under IRGC Target Dissenters/Enemies

Posted on by

NIN is not Nine Inch Nails but rather the Supreme Leader’s tightly controlled internet platform known as the National Internet Network. It operates somewhat like an fee based system, those that can afford and pay more for access and usage get the best speed and less government oversight. The poorer class and the dissenters are controlled by the regime and not only vulnerable to the throttling of service but are subject to phishing operations, hacks and DDoS outages, all at the direction of the regime.

Image result for iran cyber unit irgc photo

It almost sounds like a marriage between the U.S. version/marriage of Google, Facebook and NSA, right? Well it is.

The NIN can filter key words and phrases and send users only to the sites it approved, according to the CHRI report. The government has also limited access to thousands of sites and platforms, including Facebook and YouTube. It is attempting to replace search engines like Google with its own state-approved versions.

Iran has also been able to influence how people use the internet through pricing. While there are private internet service providers (ISPs), they are still under government control, allowing state-run infrastructure companies to set up a tiered plan where access to international internet sites costs more than domestic. This drives traffic away from the global internet and to the NIN.

It’s not just internet censorship that Iranians are facing. The report also highlights state-sponsored cyberattacks and phishing schemes. State security agencies like the Islamic Revolutionary Guard Corps, a branch of the armed forces meant to protect the Islamic system, have hacked into individual and private online communications and arrested people on the basis of their content, which is technically illegal under Iranian law.

DDoS attacks, which aim to make specific websites unavailable or limit access to information by flooding them with illegitimate traffic, have become more prominent during politically sensitive times as well, according to the report. During the election in 2016, reformist and centrist candidates like Gaam-e Dovvom faced multiple attacks. The report said many of these are also internal attacks through the government.

Meanwhile, Iranians are not blind to the extensive surveillance they are facing online. As we’ve reported, many internet users use VPNs and other apps to try and circumvent the censorship. And millions of Iranians have turned to the Toronto-born Psiphon app to use the internet during the protests in December and this month. More here.

***  Image result for iran cyber unit irgc photo

Tehran has become increasingly adept at conducting cyber espionage and disruptive attacks against opponents at home and abroad, ranging from Iranian civil society organizations to governmental and commercial institutions in Israel, Saudi Arabia, and the United States.

A new report by carnegiendowment.org evaluates Iran’s Cyber threat environment. Just as Iran uses proxies to project its regional power, Tehran often masks its cyber operations using proxies to maintain plausible deniability. Yet such operations can frequently be linked to the country’s security apparatus, namely the Ministry of Intelligence and Islamic Revolutionary Guard Corps.

While Iran does not have a public strategic policy with respect to cyberspace, its history demonstrates a rationale for when and why it will engage in attacks. Iran uses its capabilities in response to domestic and international events. As conflict between Tehran and Washington subsided after the 2015 nuclear deal, so too did the cycle of disruptive attacks. However, Iran’s decisionmaking process is obscured and its cyber capabilities are not controlled by the presidency, as evident in cases of intragovernmental hacking.

The report claims that the United States is reliant on an inadequately guarded cyberspace and should anticipate that future conflicts, online or offline, could trigger cyber attacks on U.S. infrastructure. The first priority should be to extend efforts to protect infrastructure and the public, including increased collaboration with regional partners and nongovernmental organizations targeted by Iran. More details here.

The U.S. Army War College recently included this concern: In late-2011, the executive chairman of Google stated, “The Iranians are unusually talented in cyber war for some reason we don’t fully understand.”3 Stopping a cyber adversary from disrupting activity or stealing intellectual property has been the primary concern of government and private sector organizations, but in the military and intelligence communities, there are other concerns about Iran.

Prior to 2009, much of Iran’s cyber efforts were focused internally on countering government dissidence. The influential Iranian Revolutionary Guard Corp (IRGC) proposed the development of an Iranian Cyber Army in 2005 to combat internal threats. It sought out professional hackers through voluntary means or by using blackmail and threats to boost its ranks. In early March 2012, Supreme Leader of Iran Ayatollah Ali Khameni publicly announced to state media the creation by decree of a new Supreme Council of Cyberspace charged “to oversee the defense of the Islamic Republic’s computer networks and develop new ways of infiltrating or attacking the computer networks of its enemies.”7 It included heads of intelligence, militia, security, media chiefs, and the IRGC. It has its own budget and offices along with the power to enact laws. Additionally, the IRGC stated that a secure internal network for high-level command and control called “Basir” (Persian for perceptive) was created to counter outside threats to online activities.8 However, it is clear from its actions against opposition influences and dissident groups that the regime continues internal censorship and monitoring as well. Furthermore, Reporters Without Borders, in its 2012 annual report of countries that restrict internet access, filter content, and imprison bloggers, “ranked Iran the number one enemy of the Internet…ahead of 11 other countries—including Saudi Arabia, Bahrain, Syria, China, and Belarus.”9

In late-2011, Iran invested at least $1 billion dollars in cyber technology, infrastructure, and expertise.10 In March 2012, the IRGC claimed it had recruited around 120,000 personnel over the past 3 years to combat “a soft cyber war against Iran.”11 In early-2013, an IRGC general publically claimed Iran had the “fourth biggest cyber power among the world’s cyber armies.”12 Regardless of the numbers, the fact is that Iran’s cyber capability continues to mature. The IRGC has its own Cyber Defense Command which recruits and trains cyber warriors to spy on dissidents on the internet and spread Iranian government propaganda.13 The IRGC also now owns and controls Iran’s largest communication company and manages the skilled cyber technicians and specialists of Iran’s Cyber Army trained to hack into opposition websites and conduct other types of offensive cyber operations. On the law enforcement side, the FETA police (in Persian it literally means Police of the Space of Creating and Exchanging Information) handle typical internet crimes as well as more opaque enforcement activities such as political and security crimes. There are other Iranian organizations and companies recruited and/or affiliated with Iran’s cyber capabilities, either knowingly or by loose association. The full summary is here.

Space X Zuma Launched Failed, or did it?

Posted on by

Could this have been a classified payload to destroy North Korea’s own spy satellite or their next ICBM launch or Iran’s or Russia’s such that the real answers will never be forthcoming, meaning it is a ploy? Maybe even China?

Image result for zuma payload photo and more information here.

Space-Track has cataloged the Zuma payload as USA 280, international designation 2018-001A. Catalog number 43098. No orbit details given. No reentry date given, but for a secret payload it might not be. Implication is Space-Track thinks it completed at least one orbit.

Related reading: Did SpaceX’s secret Zuma mission actually fail?

SpaceX’s latest rocket may have launched successfully – but the mission didn’t end as a win. The Zuma payload it was carrying, a mysterious classified piece of cargo for the U.S. government believed to be a spy satellite, was lost after it failed to separate from the second stage of the rocket after the first stage of the Falcon 9 separated as planned and returned to Earth.

The WSJ reports, and we’ve confirmed separately, that the payload is thought to have fallen back through the Earth’s atmosphere after reaching space, because of the failure to separate. The failure is one that can happen when cargo doesn’t properly detach as planned, since the second stage is designed to fall back to Earth and burn up in re-entry.

SpaceX had launched as planned on January 7 in its target window, and recovered the first stage of the booster with a landing at its Cape Canaveral facility. Because of the nature of the mission, coverage and information regarding the progress of the rocket and its payload from then on was not disclosed.

The payload, codenamed Zuma, was contracted for launch by Northrop Grumman by the U.S. government, and Northrop selected SpaceX as the launch provider. SpaceX had previously launched the U.S. Air Force’s X-37B spacecraft, and was approved for flying U.S. government payloads with national security missions.

The satellite was likely worth billions, according to the WSJ, which makes this the second billion-dollar plus payload that SpaceX has lost in just over two years; the last was Facebook’s internet satellite, which was destroyed when the Falcon 9 it was supposed to launch on exploded during preflight preparations in September 2016.

This could be a significant setback for SpaceX, since these kinds of contracts can be especially lucrative, and it faces fierce competition from existing launch provider ULA, jointly operated by Boeing and Lockheed Martin.

We’ve reached out to SpaceX and will update if they provide additional comment.

Update – SpaceX provided the following statement regarding the mission, which could suggest the fault lies with something provided by launch partner Northrop Grumman or the payload itself:

“We do not comment on missions of this nature; but as of right now reviews of the data indicate Falcon 9 performed nominally.“

Iran’s Supreme Leader, the Nuclear Deal, Protests and Boeing

Posted on by

It is the conglomerate that the Supreme Leader, the Ayatollah Khamenei owns exclusively. “Setad Ejraiye Farmane Hazrate Emam,” or Setad.

Image result for Setad Ejraiye Farmane Hazrate Emam

Setad was originally sanctioned by the U.S. Treasury in June 2013. The conglomerate “produces billions of dollars in profits for the Iranian regime each year,” said David Cohen, then the Treasury’s under secretary for terrorism and financial intelligence, at a Senate banking committee hearing that year.

Setad, Cohen said at the time, controls “massive off-the-books investments” hidden from the Iranian people and regulators.

All entities sanctioned for being part of the Iranian government are being taken off the SDN list as part of the nuclear deal, also called the Joint Comprehensive Plan of Action (JCPOA), though U.S. persons and entities will still be banned from dealing with them.

In January of 2017, a review by Reuters noted: But a Reuters review of business accords reached since then shows that the Iranian winners so far are mostly companies owned or controlled by the state, including Iran’s Supreme Leader, Ayatollah Ali Khamenei.

Of nearly 110 agreements worth at least $80 billion that have been struck since the deal was reached in July 2015, 90 have been with companies owned or controlled by Iranian state entities, the Reuters analysis shows.

In December of 2017: Treasury Department officials must publish a report chronicling the financial assets of Iran’s top leaders, under a bill that passed the House on Wednesday.

The legislation, which passed 289-135, must still clear the Senate before President Trump can sign it into law. It’s a potential boon to Iranian dissidents against the regime, who stand to gain insight into corruption by top officials.

Related:

Podcast – Upheaval in Iran: Causes and Consequences

Meanwhile, as the protests continue in Iran against the regime and rightly so, questions arise due to not only Senate votes on sanctions but staying with the Joint Comprehensive Plan of Action, meaning the Iran nuclear deal.

Image result for Setad Ejraiye Farmane Hazrate Emam photo

Why is there even a question based on additional facts surfacing in the last year? Well, the left and those that remain with John Kerry and Barack Obama are adding new pressures to stay in the JCPOA. Further, complications arise from those countries that are also part of the deal. They too want the deal sustained.

In a story titled “U.S. security experts back Iran nuclear deal, as Trump faces deadlines,” Reuters reports that a coalition of national security experts want the president to continue the Iran deal. The report claims, without any context, that all of the people who signed a letter in favor of the deal are “national security experts.” Additionally, these “experts” are from an organization called the “National Coalition to Prevent an Iranian Nuclear Weapon.”

It turns out, however, that some of those listed on the document have severe conflicts of interests, none of which were disclosed in the letter.

It also turns out that the National Coalition to Prevent an Iranian Nuclear Weapon is not an actual organization. A Google search of the group turned up nothing before Monday. The group was created this week with the apparent purpose of garnering support for the nuclear deal. None of this is reported in the Reuters article. It is only revealed through the group’s statement provided on The National Interest website.

The outfit’s title also presumes its members are national security hawks, when this is far from the case.

Members of the “National Coalition” include a who’s who of the prominent organizers of the campaign to rally support for the Obama administration’s nuclear deal with Tehran.

Included on the list is Joseph Cirincione, who served as the money man for President Obama’s Iran “echo chamber.” Cirincione has admitted to paying off a “network of 85 organizations and 200 individuals” who were “decisive in the battle for public opinion” over the Iran deal.

Gary Sick, another signee, was one of the chief organizers of the Iran echo chamber. According to the Washington Free Beacon, Sick created an invite-only listserv to distribute pro-Tehran talking points to Obama-friendly journalists and influential figures.

The coalition also includes Ambassador Thomas Pickering, who is a paid lobbyist for Boeing. The aviation company is attempting to secure a multi-billion-dollar jetliner deal with the Iranian regime. If the Iran deal falls through, so does Boeing’s deal.

Paul Pillar, a disgraced former CIA officer who was also on the letter, once drafted talking points arguing that it’s not a big deal if Iran is able to develop a nuclear weapon. “If Iran develops a nuclear weapon, the United States and the West could live with it, without important compromise to U.S. interests,” he wrote, according to Eli Lake of Bloomberg News.

It remains a mystery what President Trump will decide this time around. He has been troubled by Iran’s violent response to countrywide protests. The president has leveraged social media and several executive departments to raise awareness about the plight of Iranian protesters. He has also mulled enacting further sanctions against the regime.

As an aside, there too is pressure from Boeing, they want to protect the sale agreements of planes to Iran such that they have offered to ‘finance’ the payments, essentially layaway. Iran is looking for a method to make payments of $44B to both Air Bus and Boeing. Humm….but that Supreme leader has a major conglomerate remember?

 

 

DoJ’s Bruce Ohr Demoted Again, Project Cassandra?

Posted on by

Image result for Hezbollah Business Affairs Component

That’s it? On second thought, keep him employed to cough up the goods on Project Cassandra. More on that below. As an aside, in late December, Jeff Sessions ordered a complete review of Project Cassandra.

FNC: A Justice Department official demoted late last year for concealing his meetings with the men behind the anti-Trump “dossier” has been stripped of yet another title, Fox News has learned.

Bruce Ohr is no longer head of the Organized Crime Drug Enforcement Task Force.

Separately, sources familiar with the discussions tell Fox News that the Justice Department is expected to comply with demands from the House Intelligence Committee to provide Ohr for an interview. He is scheduled to visit the committee on Jan. 17, sources said.

Fox News first reported in December that Ohr had been demoted from the position of associate deputy attorney general, after it was revealed he had conducted undisclosed meetings with dossier author Christopher Steele and Glenn Simpson of Fusion GPS, the opposition research firm that produced the salacious document.

Fox News also reported that his wife Nellie Ohr worked for Fusion GPS, specifically on research related to the dossier.

At the time of his demotion, DOJ officials told Fox News that Bruce Ohr had been “wearing two hats,” and would fall back to his other title and portfolio – as head of OCDETF.

Now, Ohr has been stripped of that role as well; former deputy director Thomas Padden is now acting director.  It is unclear where Ohr has landed, only that he is still an employee with the Department of Justice.

One DOJ insider joked that Ohr might end up in “one of those offices without a phone.”

Fox News has also confirmed that Bruce Ohr, as the head of OCDETF, was directly involved with Project Cassandra, the interagency investigation spearheaded by the DEA that tracked a massive international drug and money laundering scheme allegedly run by Hezbollah.

The project recently was the subject of a critical and lengthy Politico report looking at how the Obama administration may have hampered the investigation. Those closest to Project Cassandra, including Derek Maltz, the now-retired supervisory DEA agent who was a major player in the operation, claim the project and its potential prosecutions were sidelined by senior Obama administration officials who didn’t want to upset Iran in the lead-up to the historic nuclear deal with Tehran in 2015.

Attorney General Jeff Sessions has promised to look into what happened with the investigation.

He said in a statement last month: “While I am hopeful that there were no barriers constructed by the last admission to allowing DEA agents to fully bring all appropriate cases under Project Cassandra, this is a significant issue for the protection of Americans. We will review these matters and give full support to investigations of violent drug trafficking organizations.”

Sources close to the attorney general told Fox News that he was recently made aware of Ohr’s role in Project Cassandra and that Sessions is personally involved in the review and frequently asks for updates.

Image result for Hezbollah Business Affairs Component photo

The 76 page criminal complaint for Project Cassandra is here.

Hezbollah Business Affairs Component 85 tons of cocaine was sold to Los Zetas one of the most violent Mexican cartels. Bruce Ohr was head of the teams assigned to Project Cassandra.

The United States Drug Enforcement Administration (DEA) (2016) announced significant enforcement activity including arrests targeting Lebanese Hizballah’s External Security Organization Business Affairs Component (BAC), which is involved in international criminal activities such as drug trafficking and drug proceed money laundering. These proceeds are used to purchase weapons for Hizballah for its activities in Syria. This ongoing investigation spans the globe and involves numerous international law enforcement agencies in seven countries, and once again highlights the dangerous global nexus between drug trafficking and terrorism.

This effort is part of DEA’s Project Cassandra, which targets a global Hizballah network responsible for the movement of large quantities of cocaine in the United States and Europe. This global network, referred to by law enforcement as the Lebanese Hizballah External Security Organization Business Affairs Component (BAC), was founded by deceased Hizballah Senior Leader Imad Mughniyah and currently operates under the control of Abdallah Safieddine and recent U.S.-designated Specially Designated Global Terrorist (SDGT) Adham Tabaja. Members of the Hizballah BAC have established business relationships with South American drug cartels, such as La Oficina de Envigado, responsible for supplying large quantities of cocaine to the European and United States drug markets. Further, the Hizballah BAC continues to launder significant drug proceeds as part of a trade based money laundering scheme known as the Black Market Peso Exchange.

“These drug trafficking and money laundering schemes utilized by the Business Affairs Component provide a revenue and weapons stream for an international terrorist organization responsible for devastating terror attacks around the world,” said DEA Acting Deputy Administrator Jack Riley.  “DEA and our international partners are relentless in our commitment to disrupt any attempt by terrorists and terrorist organizations to leverage the drug trade against our nations. DEA and our partners will continue to dismantle networks who exploit the nexus between drugs and terror using all available law enforcement mechanisms.”

Beginning in February 2015, based on DEA investigative leads, European authorities initiated an operation targeting the network’s criminal activities in that region. Since then, law enforcement authorities, closely supported by DEA, have uncovered an intricate network of money couriers who collect and transport millions of euros in drug proceeds from Europe to the Middle East. The currency is then paid in Colombia to drug traffickers using the Hawala disbursement system. A large portion of the drug proceeds was found to transit through Lebanon, and a significant percentage of these proceeds are benefitting terrorist organizations, namely Hizballah.

This investigation is a result of leads developed during the investigation into the Lebanese Canadian Bank.

The combination of aggressive international law enforcement investigations and Treasury’s ongoing sanctions (see below) pressure shows the scope of the global commitment to diminish the ability of Hizballah and its financial supporters to move funds worldwide.

Enforcement Action

With DEA and Customs and Border Protection (CBP) working closely with foreign counterparts in France, Germany, Italy and Belgium, authorities arrested top leaders of the European cell of this Lebanese Hizballah External Security Organization BAC last week. The most significant arrest was of the U.S.-designated SDGT Mohamad Noureddine, a Lebanese money launderer who has worked directly with Hizballah’s financial apparatus to transfer Hizballah funds via his Lebanon-based company Trade Point International S.A.R.L. and maintained direct ties to Hizballah commercial and terrorist elements in both Lebanon and Iraq.

The CPB National Targeting Center partnered with DEA and international counterparts such as Europol in this investigation. CBP’s continued cooperation with the DEA , and European law enforcement counterparts is a vital component in dismantling complex global drug trafficking and money laundering networks as well as enhancing the security of the United States border.

U.S. Treasury Sanctions

Separately, the U.S. Department of the Treasury announced sanctions last week targeted Hizballah’s financial support network by designating Hizballah-affiliated money launderers Noureddine and Hamdi Zaher El Dine, as well as Trade Point International S.A.R.L, a company owned or controlled by Noureddine, pursuant to Executive Order 13224. This order targets terrorists and those providing support to terrorists or acts of terrorism.  Noureddine and El Dine were designated for providing financial services to or in support of Hizballah, a Specially Designated Global Terrorist.  Trade Point International S.A.R.L. was designated for being owned or controlled by Noureddine. As a result of Treasury’s action, all assets of the designated individuals or entities that are located in the United States or in the possession or control of U.S. persons are frozen, and U.S. persons are generally prohibited from engaging in transactions with them.

As part of its designation, Adam J. Szubin, Acting Under Secretary for Terrorism and Financial Intelligence, stated that, “Hizballah needs individuals like Mohamad Noureddine and Hamdi Zaher El Dine to launder criminal proceeds for use in terrorism and political destabilization.  We will continue to target this vulnerability, and expose and disrupt such enablers of terrorism wherever we find them.”

Participating offices and agencies:

DEA Philadelphia, DEA Miami, DEA Newark, DEA New York, DEA Special Operations Division, DEA Bilateral Investigative Unit, DEA country offices in Europe, as well as Bogota and Cartagena
U.S. Customs and Border Protection
U.S. Treasury Financial Crimes Enforcement Network (FinCEN)
U.S. Treasury Office of Foreign Assets Control (OFAC)
EUROPOL
EUROJUST

Brazil/Petrobras: $2.95 B Settlement, Operation Car Wash

Posted on by

In January of 2017, a plane crashed.

SAO PAULO (Reuters) – Brazilian Supreme Court Justice Teori Zavascki, who was overseeing a graft investigation into scores of powerful politicians, was killed in a plane crash on Thursday, raising questions about who will take over the country’s biggest ever corruption case.

Rescuers found three bodies in the wreckage of the small, twin-prop plane that crashed off the coast of Rio de Janeiro state amid heavy rains, firefighters said. Federal prosecutors and police said they would immediately open an investigation in addition to that of aviation authorities.

Zavascki, 68, had in recent weeks been reviewing explosive testimony from executives at engineering group Odebrecht, expected to implicate an array of politicians in a vast kickback scandal centering on state-run oil company Petrobras and other enterprises. More here.

*** Image result for operation car wash photo

Under the proposed settlement, Petrobras has agreed to pay US$ 2.95 billion to resolve claims in two installments of US$983 million and a last installment of US$984 million. The first installment will be paid within 10 days of preliminary approval of the settlement by the court. The second installment will be paid within 10 days of final approval of the settlement. The third installment will be paid by the later of (i) six months after final approval, or (ii) January 15, 2019. The total settlement amount will be recognized in the fourth quarter of 2017.

The agreement does not constitute any admission of wrongdoing or misconduct by Petrobras. In the agreement, Petrobras expressly denies liability. This reflects its status as a victim of the acts uncovered by Operation Car Wash, as recognized by Brazilian authorities including the Brazilian Supreme Court. As a victim of the scheme, Petrobras has already recovered R$1.475 billion in restitution in Brazil and will continue to pursue all available legal remedies from culpable companies and individuals.

*** Criminal complaint

Since the scheme was detected three years ago, prosecutors have yet to reach bottom in their investigation—and the total sum of payoffs may exceed $5 billion. The criminality may also cost Petrobras, South America’s largest corporation, $13 billion in contract losses and legal settlements, and it’s already resulted in the layoff of thousands of Petrobras workers. Meanwhile, Odebrecht, the Brazilian construction giant that led the bribery bacchanal, is a disgraced and crumbling conglomerate. Its boss, Marcelo Odebrecht, was sentenced last year to 19 years in prison. More here.

*** In 2014: Although President Dilma Rousseff has not been implicated in any wrongdoing related to “Operation Car Wash,” she did serve as the Chairwoman of Petrobras from 2003 to 2010, and having her name connected with a company mired in scandal likely won’t bode well for her reelection campaign. According to a recent poll, she is trailing opponent Marina Silva in Brazil’s October elections.

Rousseff has already been criticized for her role in the 2012 purchase of an extremely overpriced Texas oil refinery, a deal that began when Rousseff was still chairwoman. Brazilian investigators are looking into whether or not the purchase of the refinery could be linked to “Operation Car Wash,” although such a link would not necessarily mean Rousseff had any knowledge of the money laundering scheme. More here.