Deep Panda, the Hacker of OPM Employee Files

Personnel records held at the Office of Personnel Management going back 35 years on people who worked for government as employees or contractors are for sale on the Darknet.

Government records stolen in a sweeping data breach that was reported last week are popping up for sale on the so-called “darknet,” according to a tech firm that monitors the private online network used by criminals and creeps throughout the world.

Credentials to log into the Office of Personnel Management are being offered just days after the announcement the agency’s records, including extremely personal information of 4.1 million federal government employees dating back to the 1980s, had been compromised, said Chris Roberts, founder and CTO of the Colorado-based OneWorldLabs (OWL), a search engine that checks the darknet daily for data that could compromise security for its corporate and government clients, including government IDs and passwords.

The FBI has identified the operation. The hackers likely used Chinese associates already inside government for access. In classified briefings to members of Congress in recent days, intelligence officials have described what appears to be a systematic Chinese effort to build databases that explain the inner workings of the United States government. The information includes friends and relatives, around the world, of diplomats, of White House officials and of officials from government agencies, like nuclear experts and trade negotiators. Read more here.

FBI Alert Reveals ‘Groups’ Behind OPM Hack

President says cyber attack threat ‘accelerating’

The FBI has disclosed that multiple hacker groups carried out the cyber attack that compromised the records of 4 million government workers in the networks of the Office of Personnel Management.

“The FBI has obtained information regarding cyber actors who have compromised and stolen sensitive business information and personally identifiable information (PII),” states a Flash alert dated June 5. “Information obtained from victims indicates that PII was a priority target.”

Security analysts familiar with the OPM breach, disclosed in a notice last week, said two groups of Chinese state-sponsored hackers appear to be behind the cyber attacks, including one linked to the Chinese military that has been dubbed “Deep Panda.”

Deep Panda is a highly sophisticated Chinese military hacker unit that has been gathering data on millions of Americans. The group was linked in the past to the hacking of the health care provider Anthem that compromised the personal data of some 80 million customers.

The FBI did not directly link its warning to the OPM hacking. But it said cyber investigators have “high confidence” about the threat posed by the cyber attackers based on its investigation into the data breach.

According to the alert, the stolen personal data “has been used in other instances to target or otherwise facilitate various malicious activities such as financial fraud though the FBI is not aware of such activity by these groups.”

The groups were not identified by name or by country.

However, the alert revealed that the software used by the hackers is called Sakula, which security analysts say was the Root Access Tool, or RAT, that was used by the Chinese in both the OPM and Anthem hacks.

Sakula software employs stolen, signed security certificates to gain unauthorized network access and analysts said the use of that technique requires cyber sophistication that is not known to be used outside of nation-state cyber forces.

The software allows remote users to gain computer network administrator access, which permits the theft of large amounts of data.

The FBI warned in the notice that any entity that discovers the Sakula malware and other signatures should seek cyber security assistance and notify the FBI.

“Any activity related to these groups detected on a network should be considered an indication of a compromise requiring extensive mitigation and contact with law enforcement,” the notice said.

The groups involved were observed “across a variety of intrusions leveraging a diverse selection of tools and techniques to attempt to gain initial access to a victim including using credentials acquired during previous intrusions.”

President Obama was asked after the G-7 summit in Germany on Tuesday about the Chinese role in the OPM cyber attacks and declined to name Beijing as the perpetrator.

“We haven’t publicly unveiled who we think may have engaged in these cyber attacks,” Obama said. “But I can tell you that we have known for a long time that there are significant vulnerabilities and that these vulnerabilities are going to accelerate as time goes by, both in systems within government and within the private sector.”

Obama said part of the problem is “very old systems” used in government computer networks.

“And we discovered this new breach in OPM precisely because we’ve initiated this process of inventorying and upgrading these old systems to address existing vulnerabilities,” he said.

“[W]e’re going to have to keep on doing it, because both state and non-state actors are sending everything they’ve got at trying to breach these systems,” the president said.

“In some cases, it’s non-state actors who are engaging in criminal activity and potential theft,” Obama said. “In the case of state actors, they’re probing for intelligence or, in some cases, trying to bring down systems in pursuit of their various foreign policy objectives. In either case, we’re going to have to be much more aggressive, much more attentive than we have been.”

The problem of cyber attacks is “going to accelerate,” he said. “And that means that we have to be as nimble, as aggressive, and as well-resourced as those who are trying to break into these systems.”

The administration has rejected calls by senior U.S. security officials to engage in more aggressive, offensive cyber retaliation against states such as China as a way to develop cyber deterrence.

The president and his advisers are said to fear that offensive cyber attacks will lead to a major conflict. Supporters of taking more aggressive responses to hacking have said demonstrations of U.S. cyber retaliatory strikes will deter future attacks.

The administration has favored using law enforcement and diplomatic policies to deal with the problem.

One private sector cyber security specialist familiar with the OPM hack said that in addition to the government’s personnel database, other major cyber attacks believed to be carried out by Chinese hackers include clandestine intrusions into the networks of a major telecommunications company and a major aviation industry firm.

The hackers’ use of several domain names in the OPM hacking also are similar to domains used by Chinese cyber attackers in the past. The domains were identified as OPMsecurity.org and opm-learning.org.

Another signature linking the OPM hack to China was the hackers’ use of a program called Mimikatz that is used to gain high-level remote access to networks.

“Mimikatz is a classic of Deep Panda” in terms of tactics, techniques, and procedures, said a security analyst familiar with details of the attack. “This allows the actors to dump password hashes, perform pass the hash and ‘golden ticket’ attacks in the victim environment.”

The private security company CrowdStrike first identified Deep Panda and has called the group among the most sophisticated state-sponsored hackers.

China’s main military intelligence service that has been linked to cyber attacks is the Third Department of the General Staff, or 3PLA, which conducts cyber warfare.

Hillary’s State Dept: Prostitution and Drug Ring

Shall we start with U.S. Ambassador to Belgium, Howard Gutman, who solicited minors and prostitutes?

And the cover-up? A detailed summary is here along with a 36 page report.

Hillary cant play stupid on this one…if she would even get close to media, some would perhaps ask her some epic questions. There is no spin on this, read on to learn why. There are two whistleblowers with the ‘goods’.

State Department Inspector General officials edited out passages of a high-profile report in 2013 that could have embarrassed Hillary Clinton just days before she quit President Obama’s Cabinet.

The officials excised details of a cover up of misconduct by Clinton’s security team.

The edits raise concerns that investigators were subjected to “undue influence” from agency officials.

The Washington Examiner obtained earlier drafts of the report which differ markedly from the final version. References to specific cases in which high-level State officials intervened and descriptions of the extent and frequency of those interventions appear in several early drafts but were later eliminated.

The unexplained gaps in the final version, and the removal of passages that would have damaged the State Department, call into question the independence of Harold Geisel, who was State’s temporary inspector general throughout Clinton’s four years at the head of the department. More detail here.

*** Yet in 2013, it was common knowledge around the agency and in the media.

The US state department failed to fully investigate allegations against its officials involving prostitution, a drug ring and assault, media report.

A leaked internal document obtained by CBS News said staff protecting ex-Secretary of State Hillary Clinton regularly solicited sex workers.

The reports also allege a drug ring may have provided narcotics to state department contractors in Iraq.

But it is suggested officials may have tried to cover up the misconduct.

According to CBS, a draft copy of a state department inspector general’s report alleges eight specific examples of improper behaviour by US officials.

‘Criminal behavior’

Some allegations were suppressed, according to CBS, such as an investigation into an unnamed ambassador who was said to be visiting prostitutes in a public park.

The document cites allegations that the envoy “routinely ditched his protective security detail in order to solicit sexual favors from both prostitutes and minor children”.

It went on to say that the ambassador’s security team and other colleagues “were well aware of the behavior”, according to the reports.

CBS reports that attempts to look into the allegations were stopped in their tracks.

According to the broadcaster, the copy of the draft report said: “Hindering such cases calls into question the integrity of the investigative process, can result in counterintelligence vulnerabilities and can allow criminal behavior to continue.”

CNN also reports that the inspector general found an attempt to investigate claims that a drug ring near the US embassy in Baghdad was supplying illegal substances to state department security contractors was stopped.

It was also alleged that a state department security official in Beirut “engaged in sexual assaults” against foreign nationals hired as embassy guards. The same person was accused of similar attacks during previous foreign postings, according to CNN.

Meanwhile, members of Mrs Clinton’s security detail solicited prostitutes on official trips, a problem the leaked report is said to have described as “endemic”.

Aurelia Fedenisn, who was an investigator with the state department’s inspector general, told CBS: “We also uncovered several allegations of criminal wrongdoing in cases, some of which never became cases.”

The inspector general’s office has reportedly asked external law enforcement experts to look at the way the state department handles complaints of serious misconduct by its senior staff.

Findings are expected later in the summer.

State department spokeswoman Jen Psaki said: “We take allegations of misconduct seriously and we investigate thoroughly.

“All cases mentioned in the CBS report were thoroughly investigated and under investigation, and the department continues to take action.”

*** Enter the real details of key Wikileaks cables. Hillary got the goods on everyone, including her own staff. Cheryl Mills, who actually has power of attorney for both Clintons likely has an interesting file stored on that pesky server.

What makes Clinton’s sleuthing unique is the paper trail that documents her spying-on-their-diplomats-with-our-diplomat orders, a paper trail that is now being splashed around the world on the Web and printed in top newspapers. No matter what sort of noises Clinton makes about how the disclosures are “an attack on America” and “the international community,” as she did today, she’s become the issue. She’ll never be an effective negotiator with diplomats who refuse to forgive her exuberances, and even foreign diplomats who do forgive her will still regard her as the symbol of an overreaching United States. Diplomacy is about face, and the only way for other nations to save face will be to give them Clinton’s scalp.

How embarrassing are the WikiLeaks leaks? A secret cable from April 2009 that went out under Clinton’s name instructed State Department officials to collect the “biometric data,” including “fingerprints, facial images, DNA, and iris scans,” of African leaders. Another secret cable directed American diplomats posted around the world, including the United Nations, to obtain passwords, personal encryption keys, credit card numbers, frequent flyer account numbers, and other data connected to diplomats. As the Guardian puts it, the cables “reveal how the US uses its embassies as part of a global espionage network.”

Additionally, Clinton’s State Department specifically targeted United Nations officials and diplomats posted to the United Nations. Among the targeted were Secretary-General Ban Ki-moon and permanent security-council representatives from China, Russia, France, and the United Kingdom, as this secret cable from July 2009 lays out. The State Department also sought biometric information on North Korean diplomats, security-council permanent representatives, “key UN officials,” and other diplomats at the United Nations.

Of course, U.S. diplomats have always collected information, no matter where posted. And, as the New York Times reports today, the United States has routinely placed intelligence officers abroad under the diplomatic cover of a State Department posting. But the price of a diplomat (or undercover intelligence officer) overstepping to engage in what the host nation considers to be spying has always been expulsion or, as illustrated earlier this month in Norway, a demand that the U.S. ambassador explain the “spying.”

As the Times and other publications report, international treaties make the United Nations a spy-free zone—or at least they’re supposed to make it spy-free. “In one 2004 episode, a British official revealed that the United States and Britain eavesdropped on Secretary General Kofi Annan in the weeks before the invasion of Iraq in 2003,” the Times reports. Anne Applebaum writes in Slate today that nobody should be honestly horrified at the image of the United States spying in the United Nations. Nobody in the diplomatic community is. But that doesn’t mean that they’re not going to take advantage of the moment to demand retribution that will shame the high-and-mighty United States.

There is no way that the new WikiLeaks leaks don’t leave Hillary Clinton holding the smoking gun. The time for her departure may come next week or next month, but sooner or later, the weakened and humiliated secretary of state will have to pay.

******

Permanent disclosure: Slate is owned by the Washington Post Co.)

 

UN Report: Sex Exploitations in Haiti

In June of 2004, the United Nations created a Stabilization Mission in Haiti. This was due in part to the armed conflict when Bertrand Aristide departed the country.

In January of 2010, a devastating earthquake struck and an estimated death rate as pegged at 220,000. The UN deployed 96 peacekeepers.

What came next is disgusting.

UN: Sex exploitation by peacekeepers strongly underreported

UNITED NATIONS (AP) — Members of a U.N. peacekeeping mission engaged in “transactional sex” with more than 225 Haitian women who said they needed to do so to obtain things like food and medication, a sign that sexual exploitation remains significantly underreported in such missions, according to a new report obtained by The Associated Press.

 

The draft by the Office of Internal Oversight Services looks at the way U.N. peacekeeping, which has about 125,000 people in some of the world’s most troubled areas, deals with the persistent problem of sexual abuse and exploitation.

The report, expected to be released this month, says major challenges remain a decade after a groundbreaking U.N. report first tackled the issue.

Among its findings: About a third of alleged sexual abuse involves minors under 18. Assistance to victims is “severely deficient.” The average investigation by OIOS, which says it prioritizes cases involving minors or rape, takes more than a year.

And widespread confusion remains on the ground about consensual sex and exploitation. To help demonstrate that, investigators headed to the poorest country in the Western Hemisphere.

A year ago, the report says, investigators interviewed 231 people in Haiti who said they’d had transactional sexual relationships with U.N. peacekeepers. “For rural women, hunger, lack of shelter, baby care items, medication and household items were frequently cited as the ‘triggering need,'” the report says. Urban and suburban women received “church shoes,’ cell phones, laptops and perfume, as well as money.

“In cases of non-payment, some women withheld the badges of peacekeepers and threatened to reveal their infidelity via social media,” the report says. “Only seven interviewees knew about the United Nations policy prohibiting sexual exploitation and abuse.” None knew about the mission’s hotline to report it.

Each of those instances of transactional sex, the report says, would be considered prohibited conduct, “thus demonstrating significant underreporting.” It was not clear how many peacekeepers were involved.

For all of last year, the total number of allegations of sexual abuse and exploitation against members of all U.N. peacekeeping missions was 51, down from 66 the year before, according to the secretary-general’s latest annual report on the issue.

The draft report doesn’t say over what time frame the “transactional sex” in Haiti occurred. The peacekeeping mission there was first authorized in 2004 and, as of the end of March, had more than 7,000 uniformed troops. It is one of four peacekeeping missions that have accounted for the most allegations of sexual abuse and exploitation in recent years, along with those in Congo, Liberia and South Sudan.

One of the U.N. staffers who produced the report would not comment Tuesday, saying it was better to wait until it was released publicly. A spokesman for the peacekeeping office didn’t immediately respond to a request for comment.

The U.N. doesn’t have a standing army and relies on troops contributed by member states. The states are responsible for investigating alleged misconduct by their troops, though the U.N. can step in if there’s no action.

In their response to the report’s findings, which is included in the draft, U.N. peacekeeping chief Herve Ladsous and field support chief Atul Khare point out that while the number of peacekeepers has increased dramatically over the past decade, the number of allegations of sexual abuse and exploitation have gone down.

The U.N. prohibits “exchange of money, employment, goods or services for sex,” and it strongly discourages sexual relationships between U.N. staff and people who receive their assistance, saying they are “based on inherently unequal power dynamics” and undermine the world body’s credibility.

But that has led to some confusion on the ground, the new report says, with some members of peacekeeping missions seeing that guidance as a ban on all sexual relationships with local people. The report says the guidelines need to be clarified.

“Staff with long mission experience states that was a ‘general view that people should have romantic rights’ and raised the issue of sexuality as a human right,” the report says.

Let the investigation begin:

The U.N. has been shaken by revelations that a year after staffers first heard children’s accounts of sexual abuse by French soldiers supporting a U.N. peacekeeping mission, no one has been punished. Ban Ki-moon on Wednesday ordered an external inquiry into how that was handled. French authorities last month opened a formal judicial inquiry into the allegations.

Ban raised the earlier allegations Thursday with Gen. Pierre de Villiers, France’s chief of defense staff, in a meeting that Ban’s spokesman said France had requested. Spokesman Stephane Dujarric told The Associated Press that Ban brought up the issue during a wider conversation about peacekeeping operations and told the general that he hopes “the French investigation will be completed as soon as possible.”

 

General Flynn on Iran and 450 to Al-Taqaddum Air Base

The original request for additional U.S. troops to Iraq was 1000, yet the White House authorized 450 for purposes of intelligence gathering and training as well as some ground surveillance.

al Taqaddum is 74 kilometers from Baghdad and the ultimate mission is to retake Ramadi and Fallujah. This was a Marine base comprised of The airfield is served by two runways 13,000 and 12,000 feet (3,700 m) long. that was eventually turned over to the Iraqi military in 2009.

Meanwhile, today, June 10, 2015, General Flynn gave testimony before the Joint Foreign Affairs and HASC Subcommittees on Iran’s hegemony in the region.

Retired Lt. Gen. Michael Flynn was director of the Defense Intelligence Agency until August 2014
He testified Wednesday in a congressional hearing that the administration doesn’t have ‘a permanent fix but merely a placeholder’ for the Iran crisis
Flynn said the notion that the U.S. can ‘snap back’ sanctions on Tehran if it breaks an agreement is ‘fiction’
Warned that ‘Iran’s nuclear program has significant – and not fully disclosed – military dimensions’
Obama administration has less than three weeks to finalize a nuclear agreement that would pare back Iran’s ability to build a nuclear weapon.

His full written presentation is found here. In part however, his situation report is not only chilling but demonstrates what the future predictions include.

Wishful Thinking:

In lengthy written remarks, Flynn asserted that Iran has “every intention” of building a nuclear weapon, and their desire to destroy Israel is “very real.”

“Iran has not once (not once) contributed to the greater good of the security of the region,” he said in his remarks, noting their fighters “killed or maimed thousands of Americans and Iraqis” in Iraq.

The administration is working alongside five other world powers to try and strike a nuclear deal – which would aim to curb Tehran’s nuclear program in exchange for sanctions relief – by the end of the month. But Flynn said Iran already has made it clear they will put limits on inspections, making for “incomplete verification.” Plus he said it’s “unreasonable” to believe international sanctions could be resumed once lifted.

He also echoed concerns of some other analysts in saying the “perceived acceptance” of Iran’s program will likely “touch off a dangerous domino effect in the region” as Saudi Arabia and other nations seek nuclear capability.

As for the rising threat posed by the Islamic State in Iraq and Syria, Flynn voiced concern that the U.S. is not keeping up with the crisis. He said there is “absolutely no end in sight,” and “no clear U.S. policy” for dealing with it.

 

The Carnage and Weapons in Sudan, UN Ignores

If there is an historical failure by the United Nations, it is Sudan. The global body publishes a report demonstrating the destruction. It is not a new condition, so one must ask where was Susan Rice when she was the UN ambassador? Where was Hillary Clinton when she was Secretary of State and where is now John Kerry? How about the White House who is so concerned with human rights? Or, is the matter of rogue nations need weapons and Sudan is the source?

Syrian rebels, frustrated by the West’s reluctance to provide arms, have found a supplier in an unlikely source: Sudan, a country that has been under international arms embargoes and maintains close ties with a stalwart backer of the Syrian government, Iran.

In deals that have not been publicly acknowledged, Western officials and Syrian rebels say, Sudan’s government sold Sudanese- and Chinese-made arms to Qatar, which arranged delivery through Turkey to the rebels.

The shipments included antiaircraft missiles and newly manufactured small-arms cartridges, which were seen on the battlefield in Syria — all of which have helped the rebels combat the Syrian government’s better-armed forces and loyalist militias.

Emerging evidence that Sudan has fed the secret arms pipeline to rebels adds to a growing body of knowledge about where the opposition to President Bashar al-Assad of Syria is getting its military equipment, often paid for by Qatar, the United Arab Emirates, Jordan, Saudi Arabia or other sympathetic donors.

Map of the Day: Hungry and Displaced in South Sudan

This map, from the UN Office for the Coordination of Humanitarian Affairs, succinctly shows the number people displaced by fighting in South Sudan and where they have fled.

Screen Shot 2015-06-10 at 10.20.32 AM

There is a deeper story to this map.

Over the last four weeks, fighting has intensified in South Sudan. Over 100,000 people have been displaced in this newest round of fighting. The prospect of mass starvation is very real. The International Committee for the Red Cross warned today that unless “urgent action” is taken, thousands of people may soon starve.

What is that ‘urgent action?’ Mostly, it’s securing more funding for the humanitarian relief effort. The ICRC needs an additional $23 million to provide food aid and help subsistence farmers make it through the lean season while also providing them seeds for the next planting season.

That money, though, is simply not materializing. Yesterday, UNICEF warned that it would have to shut down most of its operations in South Sudan by the end of the month because they are running out of money.  

The acute needs of children in Sudan are huge and go far beyond the impact of the South Sudan crisis. More than 3.2 million children require humanitarian assistance. To date UNICEF in Sudan has received generous support from a wide range of donors. Unfortunately, the funding received covers only 16% of the 117 million USD required. By the end of June, UNICEF will no longer have funding available to support children affected by the war in South Sudan.

UNICEF and ICRC’s funding difficulties in South Sudan are symptomatic of a larger problem facing the international community. The world’s humanitarian system is on the brink of collapse right now, with several ongoing complex emergencies stretching donors and relief agencies thin.  Between Iraq, Syria, Nepal, CAR and Mali these emergencies are essentially competing for the same donor dollars and donors have so far been unable or unwilling to fully fund the relief operations of each of these emergencies. Unless donors step up in a big way, it would seem that relief operations in South Sudan may be the next to fall.

The war no one is fighting or winning. An highly researched 4 part series is found here.

An in-depth timeline for Sudan is found here, but since 2012:

2012 June – Week-long student protests in Khartoum against austerity measures spread from to the wider public after the government cuts fuel and other subsidies in response to the drop in oil revenue after the independence of South Sudan.

2012 August – Some 655,000 have been displaced or severely affected by fighting between the army and rebels in states bordering on South Sudan, the UN reports.

Sudan and South Sudan strike a last-minute deal on the South’s export of oil via Sudan’s pipelines.

2012 September – The presidents of Sudan and South Sudan agree on plans for a demilitarised buffer zone and resuming oil sales after days of talks in Ethiopia, but fail to resolve border issues, including Abyei.

Clashes with rebels in Darfur and South Kordofan region.

2012 October – Explosions destroy an arms factory in Khartoum. Sudan accuses Israel of the attack on what is believed to be an Iranian-run plant making weapons for Hamas in Gaza. Israel declines to comment.

2013 March – Sudan and South Sudan agree to resume pumping oil, ending a shutdown caused by a dispute over fees more than a year ago, and to withdraw troops from their borders to create a demilitarised zone.

2013 September – Wave of demonstrations across the country over the government’s decision to cut fuel subsidies. Scores of people die in clashes with police.

Ruling party splits

2013 October – Dissident members of the ruling National Congress Party (NCP) announce plans for a breakaway party aimed at reaching out to secularists and leftists, in what is seen as the most serious split in the elite since Hassan al-Turabi went into opposition in 1999.

2013 December – President Bashir drops long-time ally and first vice president Ali Osman Taha from the cabinet in a major shake-up.

2014 May – A court in Khartoum prompts an international outcry by sentencing a pregnant woman born to a Muslim father but raised as a Christian to death for apostasy after failing to recant her Christianity.

2014 December – The chief prosecutor of the International Criminal Court halts investigations into war crimes in Darfur for lack of support from the UN Security Council.

2015 April – President Bashir is re-elected for another five year term. He wins nearly 95 percent of the vote in a poll marked by low turnout and boycotted by most opposition parties.