Category Archives: al Qaida al Nusra Boko Haram

Will Mohammed Haydar Zammar be Sent to Gitmo?

Posted on by

Mohammed Haydar Zammar is obviously still an enemy combatant and under President Trump’s pledge, he would make full use of the detention center. Mohamed Atta photo

Kurdish forces in Syria have detained a man who is believed to be a Syrian-born German jihadist suspected of recruiting some of the 9/11 hijackers to Al Qaeda, a senior Kurdish commander said.

The detainee, identified as Mohammed Haydar Zammar, who is his mid-fifties, was apprehended in northern Syria and was being interrogated, the commander told Agence France-Presse on Wednesday. His fate remained unclear.

The jihadist is best known for allegedly helping plan the Sept. 11, 2001, attacks in the U.S., the report said, including recruiting some of the hijackers to the terror group.

Zammar fled Germany after the attacks and relocated to Morocco, where he was soon arrested in an operation involving CIA agents.

He was later handed to Syrian authorities who, in 2007, sentenced him to 12 years in prison for being a member of the Muslim Brotherhood, according to German state broadcaster Deutsche Welle.

He was released from prison after the Syrian civil war broke out in the region and most hardline jihadists and Islamists were released. Zammar, among many others, is believed to have joined the Islamic State group.

The Kurdish official didn’t say if Zammar has been actively engaged in fighting for the terror group in Syria.

The Pentagon hasn’t yet confirmed the suspect’s capture, but reportedly said it was looking into it.

***

Zammar, a German citizen, was born in Syria. At ten he moved to Germany with his family. Even among his very religiously conservative family, Mohammed Zammar impressed many with his extreme devotion at an early age. He became well-known at many of the mosques in Hamburg, Germany. While still in high school, Zammar began to be associated with Jihadists through Mamoun Darkazanli, a fellow Syrian and al-Qaeda financier.

Zammar attended a metalworking college and planned to work for Mercedes-Benz. He worked as a translator in Saudi Arabia, and then took a job as a truck-driver back in Hamburg. But in 1991, he decided to make jihad his full-time job.

He flew to Afghanistan by way of Pakistan and underwent a training program for mujahideen fighters. His training included weapons knowledge, use of explosives, and advanced tactics. He performed well and was moved to an elite training camp near Jalalabad. By the end of the year, he had “graduated” and returned to Hamburg.

Zammar travelled extensively over the next few years. While working as a mechanic, he took long trips to Syria, Jordan, Turkey, and Sweden. In 1995, he traveled to Bosnia to fight there. And in 1996, Zammar visited Afghanistan for a second time, this time to become a formal member of the group called al-Qaeda. He was reported to have been personally invited by Osama bin Laden. More here.

Meanwhile, beyond al Qaeda and Islamic State in Syria, a new terror group is finally named and identified. The original AUMF still applies.

A new and dangerous extremist group spawned from al Qaeda is consolidating power in northwestern Syria, while the U.S. has focused on fighting remnants of Islamic State elsewhere in the country and striking the Assad regime’s chemical-weapons facilities.

Since surfacing as the country’s most potent militant group, Hayat Tahrir al-Sham has battled Western-backed rebel groups to extend its control across Idlib province, enforcing its version of Shariah and raising funds by taxing flows of people and goods.

The group’s leader, Abu Mohammad al-Julani, a former al Qaeda fighter, has vowed to conquer Damascus and impose Islamic rule across Syria. in a January speech, he exhorted followers to engage in “a war of ideas, a war of minds, a war of wills, a war of perseverance,” according to the SITE Intel Group.

Abu Mohammad al-Julani, leader of Hayat Tahrir al-Sham, in a photo from 2016, when he headed a predecessor group, the Nusra Front.

Abu Mohammad al-Julani, leader of Hayat Tahrir al-Sham, in a photo from 2016, when he headed a predecessor group, the Nusra Front. Photo: Associated Press

Thousands of fighters with the group—an offshoot of the Nusra Front, al Qaeda’s former Syrian affiliate—have dug in around Idlib, analysts say, as the U.S. concentrates on Syria’s other battles and moves toward what President Donald Trump has said would be a quick exit from Syria.

“The area seems to be out of focus for Western powers,” said Hassan Hassan, a Washington-based analyst with the Tahrir Institute for Middle East Policy, a think tank. “The jihadis are having a honeymoon there.”

Hayat Tahrir al-Sham Declares Start Of Offensive Operation ... photo

The group has also fought fiercely against adversaries. In February, after four months of fighting, it announced the surrender of Islamic State cells it defeated in Idlib. In March, it claimed the capture of about 25 villages in Aleppo and Idlib provinces, capturing tanks and armored vehicles.

This month, the group has been fighting Syrian government forces with artillery and snipers in Homs, Hama and Aleppo.

In areas under its control, Hayat Tahrir al-Sham has set up a religious police force similar to that of Islamic State, residents say. It initially rewarded children with sweets for memorizing the Quran, but soon moved to breaking hookah pipes as part of a smoking ban and ordering clothes shops to cover heads of mannequins. Beauty salons were told to ditch makeup, Idlib residents say.

In its propaganda, the group likens Syria to a frail ship that can be kept afloat only by Islamic rule of law. Shariah ensures that “the ship doesn’t sink,” goes a slogan of the group. Griping of shortages under its rule, residents retort: “There is no water, so the ship can’t sink.”

The group has jailed men and women who socialize without being related, residents say, and closed a university in the town of al-Dana late last year because it held mixed-gender classes. In the town of Saraqeb, where residents last year faced down threats from extremists and held the first direct elections in Syria since 1953, the group has seized control of the local council.

“Yes, we are a conservative society, but these actions are very extreme,” one young resident of Idlib said.

Compounding the anarchy in Idlib has been the recent arrival of nearly 50,000 people, including rebels, from Eastern Ghouta outside Damascus, the scene of a brutal crackdown by the regime of Bashar al-Assad.

The new arrivals have exacerbated a humanitarian crisis in Idlib, already home to about a million internally displaced Syrians. The poor conditions and lack of jobs has proved fertile ground for the recruiting efforts of extremist groups, which promise to pay anyone willing to fight for a living wage.

For now, the Syrian regime has been fixated on crushing smaller pockets of fighters, including with the suspected use of chemical weapons in Eastern Ghouta on April 7, an attack that killed dozens of civilians. But Damascus is now expected to eventually turn its attention to the high concentration of militants in Idlib in what could be as bloody a fight as the battle for Aleppo, which fell in 2016.

A week after the apparent chemical-weapons strike, U.S. President Donald Trump ordered military strikes on several regime targets alongside British and French allies. The attack hit facilities connected with Syria’s chemical-weapons program and was unlikely to diminish the regime’s conventional capabilities.

Mr. Trump had days before vowed a drawdown of U.S. troops, with Islamic State on the verge of defeat. After the weekend’s strikes his administration stepped up efforts to replace the U.S. military’s 2,000-strong contingent in Syria with troops from allied Middle Eastern countries.

Meanwhile, some U.S. officials have expressed worries over the resilience of other extremist groups now supplanting Islamic State. Brett McGurk, presidential envoy to the international coalition fighting Islamic State, has called Idlib “the largest al Qaeda safe haven since 9/11.”

U.S. troops in Syria are mostly focused on eastern Syria, joining Kurdish and other fighters battling the shrinking pockets of Islamic State militants. Turkey has been fixated on preventing a Kurdish militia that it considers terrorists from expanding on its southern border.

As a result, a hodgepodge of armed groups, many with extremist agendas, have thrived in Idlib, to the detriment of other forces opposing the Assad regime. “The space for moderate opposition continues to close in the northwest,” said a senior Western official who tracks Syria closely.

Hayat Tahrir al-Sham now seeks to control important administrative sectors across Idlib through a body it calls the Salvation Government, which generates revenue by charging residents for electricity and water. HTS also controls the Bab al-Hawa border crossing with Turkey.

Members of HTS couldn’t be reached for comment.

“The Salvation Government tries to win people’s hearts by providing services,” one 27-year-old man in Idlib said. “At the same time, they try to dominate people.” Some have pushed back cautiously. University students attend classes in the open. Hospitals have threatened to close if the group interferes in their work. Among its many critics, Hayat Tahrir al-Sham is privately known as “Hitish,” an echo of the pejorative acronym “Daesh” that people disdainfully use for Islamic State.

 

Yes, Secretary Mattis, there IS a Land Bridge

Posted on by

So, all terror roads in the Middle East still lead to Tehran. At the direction of Tehran, Hezbollah, the Iranian militias and the Iranian Revolutionary Guard Corp operations is selection regions across the globe with wild abandon.

January 2018, in a question and answer session: Q: On Iran’s role in Iraq and Syria, do you believe that a land bridge exists between Iran and Syria through Iraq? And, if so, are you concerned about it? Is there anything the United States can do about it?

SEC. MATTIS: No, I don’t — I don’t think there’s a land bridge right now. There’s still enough rough times — you know, rough terrain, rough enemy units that haven’t been cleaned up, and all the usual cleanup going on, and — plus you’ve got the combination of where the people we’re fighting — advising and that sort of thing in Syria are abutting, in some cases, the Russian forces who are helping the regime, abutting the Turkish elements. There’s — I don’t think there’s a land bridge right now.

*** So, while the United States along with France and Britain delivered 105 missiles to take out three chemical weapons locations in Syria, other locations remain in addition to the Assad air assets. Russia, North Korea, and Tehran were all watching for weeks the actions of the West. Russia declares the most recent chemical weapons attack was at the hand of the White Helmets, then it was a ploy by Britain, then it was a CIA operation. Meanwhile, the chemical weapons inspection envoy arriving in Douma, the suburb of Damascus had to find cover after being fired upon.

http://www.thetruthseeker.co.uk/wordpress/wp-content/uploads/2017/08/Iran-Iraq-Syria-Lebanon-corridor.jpg

That brings us back to domestic threats and the strategy as developed by the Trump administration in dealing with Iran and Russia, much less Iraq. Is there one other than the threat of exiting the JCPOA? Not so far it seems. The increasing threat? Satellite land bridges perhaps….from Latin America to covert cells across our homeland.

***

Iranian-backed militants are operating across the United States mostly unfettered, raising concerns in Congress and among regional experts that these “sleeper cell” agents are poised to launch a large-scale attack on the American homeland, according to testimony before lawmakers.

Iranian agents tied to the terror group Hezbollah have already been discovered in the United States plotting attacks, giving rise to fears that Tehran could order a strike inside America should tensions between the Trump administration and Islamic Republic reach a boiling point.

Intelligence officials and former White House officials confirmed to Congress on Tuesday that such an attack is not only plausible, but relatively easy for Iran to carry out at a time when the Trump administration is considering abandoning the landmark nuclear deal and reapplying sanctions on Tehran.

There is mounting evidence that Iran poses “a direct threat to the homeland,” according to Rep. Peter King (R., N.Y.), a member of the House Homeland Security Committee and chair of its subcommittee on counterterrorism and intelligence.

A chief concern is “Iranian support for Hezbollah, which is active in the Middle East, Latin America, and here in the U.S., where Hezbollah operatives have been arrested for activities conducted in our own country,” King said, referring the recent arrest of two individuals plotting terror attacks in New York City and Michigan.

“Both individuals received significant weapons training from Hezbollah,” King said. “It is clear Hezbollah has the will and capability.”

After more than a decade of receiving intelligence briefs, King said he has concluded that “Hezbollah is probably the most experienced and professional terrorist organization in the world,” even more so than ISIS and Al Qaeda.

Asked if Iran could use Hezbollah to conduct strikes on the United States, a panel of experts including intelligence officials and former White House insiders responded in the affirmative.

“They are as good or better at explosive devices than ISIS, they are better at assassinations and developing assassination cells,” said Michael Pregent, a former intelligence officer who worked to counter Iranian influence in the region. “They’re better at targeting, better at looking at things,” and they can outsource attacks to Hezbollah.

“Hezbollah is smart,” Pregent said. “They’re very good at keeping their communications secure, keeping their operational security secure, and, again, from a high profile attack perspective, they’d be good at improvised explosive devices.”

Others testifying before Congress agreed with this assessment.

“The answer is absolutely. We do face a threat,” said Emanuele Ottolenghi, a senior fellow at the Foundation for Defense of Democracies who has long tracked Iran’s militant efforts. “Their networks are present in the Untied States.”

Iran is believed to have an auxiliary fighting force or around 200,000 militants spread across the Middle East, according to Nader Uskowi, a onetime policy adviser to U.S. Central Command and current visiting fellow at the Washington Institute for Near East Policy.

At least 50 to 60 thousand of these militants are “battle tested” in Syria and elsewhere.

“It doesn’t take many of them to penetrate this country and be a major threat,” Uskowi said. “They can pose a major threat to our homeland.”

While Iran is currently more motivated to use its proxies such as Hezbollah regionally for attacks against Israel or U.S. forces, “those sleeper cells” positioned in the United States could be used to orchestrate an attack, according to Brian Katulis, a former member of the White House National Security Council under President Bill Clinton.

“The potential is there, but the movement’s center of focus is in the region,” said Katulis, a senior fellow at the Center for American Progress.

Among the most pressing threats to the U.S. homeland is Hezbollah’s deep penetration throughout Latin America, where it finances its terror activities by teaming up with drug cartels and crime syndicates.

“Iran’s proxy terror networks in Latin America are run by Tehran’s wholly owned Lebanese franchise Hezbollah,” according to Ottolenghi. “These networks are equal part crime and terror” and have the ability to provide funding and logistics to militant fighters.

“Their presence in Latin America must be viewed as a forward operating base against America’s interest in the region and the homeland itself,” he said.

These Hezbollah operatives exploit loopholes in the U.S. immigration system to enter America under the guise of legitimate business.

Operatives working for Hezbollah and Iran use the United States “as a staging ground for trade-based and real estate-based money laundering.” They “come in through the front door with a legitimate passport and a credible business cover story,” Ottolenghi said.

The matter is further complicated by Iran’s presence in Syria, where it has established not only operating bases, but also weapons factories that have fueled Hezbollah’s and Hamas’s war on Israel.

Iran’s development of advanced ballistic missile and rocket technology—which has continued virtually unimpeded since the nuclear deal was enacted—has benefitted terror groups such as Hezbollah.

“Iran is increasing Hezbollah’s capability to target Israel with more advanced and precision guided rockets and missiles,” according to Pregent. “These missiles are being developed in Syria under the protection of Syrian and Russian air defense networks.”

In Iraq, Iranian forces “have access to U.S. funds and equipment in the Iraqi Ministry of Defense and Iraq’s Ministry of Interior,” Pregent said.

The Trump administration has offered tough talk on Iran, but failed to take adequate action to dismantle its terror networks across the Middle East, as well as in Latin American and the United States itself, according to CAP’s Katulis.

“The Trump administration has talked a good game and has had strong rhetoric, but I would categorize its approach vis-à-vis Iran as one of passive appeasement,” said Katulis. “We simply have not shown up in a meaningful way.”

U.S. Caps Money at 25% of UN Peacekeeping

Posted on by

PeaceKeeping Operations - United Nations for the World

photo

For the most part, peacekeepers do not achieve the standards of their home country for military or humanitarian positions, so they are dispatched to the United Nations.

Conflicts where peacekeepers are deployed are also near countries at the top of the list.

The UN’s peacekeepers currently have operations in Western Sahara, Central African Rebpublic, Mali, Haiti, Democratic Republic of the Congo, Darfur, Syria, Cyprus, Lebanon, Abyei, South Sudan, Ivory Coast, Kosovo, Liberia and India and Pakistan.

China’s peacekeepers will form part of the “Peacekeeping Capability Readiness System”, a rapid-deployment standby force.

Its move to become one of the largest forces in the UN’s peacekeepers indicates its growing presence on the world stage, while also saying that China is a responsible power.

The UN’s current peacekeeping budget stands at £5.25bn, and its force has been implemented in 69 missions over the past 68 years. Click here to see the personnel donations from listed countries.

File:United Nations (UN) peacekeepers from Sri Lanka are ... photo

US: Won’t pay over 25 percent of UN peacekeeping anymore

UNITED NATIONS — The United States will no longer shoulder more than a quarter of the multibillion-dollar costs of the United Nations’ peacekeeping operations, Washington’s envoy said Wednesday.

“Peacekeeping is a shared responsibility,” U.S. Ambassador Nikki Haley said at a Security Council debate on peacekeeping reform. “All of us have a role to play, and all of us must step up.”

The U.S. is the biggest contributor to the U.N.’s 15 peacekeeping missions worldwide. Washington is paying about 28.5 percent of this year’s $7.3 billion peacekeeping budget, though Haley said U.S. law is supposed to cap the contribution at 25 percent.

The second-biggest contributor, China, pays a bit over 10 percent.

U.S. President Donald Trump’s administration has complained before that the budget and Washington’s share are too high and pressed to cut this year’s budget. It is $570 million below last year’s, a smaller decrease than the U.S. wanted.

“We’re only getting started,” Haley said when the cut was approved in June. It followed a $400 million trim the prior year, before Trump’s administration.

Haley said Wednesday that the U.S. will work to make sure cuts in its portion are done “in a fair and sensible manner that protects U.N. peacekeeping.”

The General Assembly sets the budget and respective contributions by vote. Spokesmen for Assembly President Miroslav Lajcak and U.N. Secretary-General Antonio Guterres declined to comment on Haley’s remarks, noting that the 193 U.N. member states will decide the budget.

Drawing over 105,000 troops, police and other personnel from countries around the world, the peacekeeping missions operate in places from Haiti to parts of India and Pakistan. Most are in African countries. The biggest is in Congo, where the Security Council agreed just Tuesday to keep the 16,000-troop force in place for another year.

Some missions have been credited with helping to protect civilians and restore stability, but others have been criticized for corruption and ineffectiveness.

In Mali, where 13,000 peacekeepers have been deployed since 2013, residents in a northern region still “don’t feel safe and secure,” Malian women’s rights activist Fatimata Toure told the Security Council on Wednesday. She said violence remains pervasive in her section of a country that plunged into turmoil after a March 2012 coup created a security vacuum.

“We have still not felt (the peacekeeping mission) deliver on its protection-of-civilians mandate,” though it has helped in some other ways, Toure said. “We feel, as civilians, that we’ve been abandoned, left to our fate.”

Peacekeeping also has been clouded by allegations of sexual abuse and exploitation. An Associated Press investigative series last year uncovered roughly 2,000 claims of such conduct by peacekeepers and other U.N. personnel around the world during a 12-year period.

Maintaining peace has become increasingly deadly work. Some 59 peacekeepers were killed through “malicious acts” last year, compared to 34 in 2016, Guterres said Wednesday. A U.N. report in January blamed many of the deaths on inaction in the field and “a deficit of leadership” from the world body’s headquarters to remote locations.

Guterres said Wednesday that the U.N. is improving peacekeepers’ training, has appointed a victims’ rights advocate for victims of sexual abuse and is reviewing all peacekeeping operations.

Still, he said, more needs to be done to strengthen peacekeeping forces and ensure they are deployed in tandem with political efforts, not instead of them. They also shouldn’t be overloaded with unrealistic expectations, he said.

“Lives and credibility are being lost,” he said. “A peacekeeping operation is not an army or a counterterrorist force or a humanitarian agency.”

Representatives from many countries also stressed a need for more focused, better prepared peacekeeping missions and more robust political peace processes.

The U.N., its member states and countries that host peacekeeping missions all “need to shoulder our responsibilities,” said Dutch Prime Minister Mark Rutte, whose country arranged the debate as this month’s Security Council president.

9 Iranians Charged in Hacking 176 Universities, Intellectual Property

Posted on by

Nine Iranians Charged With Conducting Massive Cyber Theft Campaign On Behalf Of The Islamic Revolutionary Guard Corps

Mabna Institute Hackers Penetrated Systems Belonging to Hundreds of Universities, Companies, and Other Victims to Steal Research, Academic Data, Proprietary Data, and Intellectual Property

Rod J. Rosenstein, the Deputy Attorney General of the United States, Geoffrey S. Berman, the United States Attorney for the Southern District of New York, William F. Sweeney Jr., the Assistant Director-in-Charge of the New York Field Division of the Federal Bureau of Investigation (“FBI”), and John C. Demers, Assistant Attorney General for National Security, announced today the unsealing of an indictment charging GHOLAMREZA RAFATNEJAD, EHSAN MOHAMMADI, ABDOLLAH KARIMA, a/k/a “Vahid Karima,” MOSTAFA SADEGHI, SEYED ALI MIRKARIMI, MOHAMMED REZA SABAHI, ROOZBEH SABAHI, ABUZAR GOHARI MOQADAM, and SAJJAD TAHMASEBI.  The defendants were each leaders, contractors, associates, hackers-for-hire, and affiliates of the Mabna Institute, an Iran-based company that was responsible for a coordinated campaign of cyber intrusions that began in at least 2013 into computer systems belonging to 144 U.S.-based universities, 176 universities across 21 foreign countries, 47 domestic and foreign private sector companies, the United States Department of Labor, the Federal Energy Regulatory Commission, the State of Hawaii, the State of Indiana, the United Nations, and the United Nations Children’s Fund.  Through the activities of the defendants, the Mabna Institute conducted these intrusions to steal over 30 terabytes of academic data and intellectual property from universities, and email inboxes from employees of victim private sector companies, government victims, and non-governmental organizations.  The defendants conducted many of these intrusions on behalf of the Islamic Republic of Iran’s (“Iran”) Islamic Revolutionary Guard Corps (“IRGC”), one of several entities within the government of Iran responsible for gathering intelligence, as well as other Iranian government clients.  In addition to these criminal charges, today the Department of Treasury’s Office of Foreign Assets Control (OFAC) designated the Mabna Institute and the nine defendants for sanctions for the malicious cyber-enabled activity outlined in the Indictment.

Deputy Attorney General Rod J. Rosenstein said:  “These nine Iranian nationals allegedly stole more than 31 terabytes of documents and data from more than 140 American universities, 30 American companies, five American government agencies, and also more than 176 universities in 21 foreign countries.  For many of these intrusions, the defendants acted at the behest of the Iranian government and, specifically, the Iranian Revolutionary Guard Corps.  The Department of Justice will aggressively investigate and prosecute hostile actors who attempt to profit from America’s ideas by infiltrating our computer systems and stealing intellectual property.  This case is important because it will disrupt the defendants’ hacking operations and deter similar crimes.”

Manhattan U.S. Attorney Geoffrey S. Berman said:  “Today, in one of the largest state-sponsored hacking campaigns ever prosecuted by the Department of Justice, we have unmasked criminals who normally hide behind the ones and zeros of computer code.  As alleged, this massive and brazen cyber-assault on the computer systems of hundreds of universities in 22 countries, including the United States, and dozens of private sector companies and governmental organizations was conducted on behalf of Iran’s Islamic Revolutionary Guard.  The hackers targeted innovations and intellectual property from our country’s greatest minds.  These defendants are now fugitives from American justice, no longer free to travel outside Iran without risk of arrest.  The only way they will see the outside world is through their computer screens, but stripped of their greatest asset – anonymity.”

FBI Assistant Director William F. Sweeney Jr. said:  “The numbers alone in this case are staggering, over 300 universities and 47 private sector companies both here in the United States and abroad were targeted to gain unauthorized access to online accounts and steal data.  An estimated 30 terabytes was removed from universities’ accounts since this attack began, which is roughly equivalent of 8 billion double-sided pages of text.  It is hard to quantify the value on the research and information that was taken from victims but it is estimated to be in the billions of dollars. The nine Iranians indicted today now find themselves wanted by the FBI and our partner law enforcement agencies around the globe – and like other cyber criminals they will soon learn their ability to freely move was just limited to the virtual world only.”

According to the allegations contained in the Indictment[1] unsealed today in Manhattan federal court:

Background on the Mabna Institute

GHOLAMREZA RAFATNEJAD and EHSAN MOHAMMADI, the defendants, founded the Mabna Institute in approximately 2013 to assist Iranian universities and scientific and research organizations in stealing access to non-Iranian scientific resources.  In furtherance of its mission, the Mabna Institute employed, contracted, and affiliated itself with hackers-for-hire and other contract personnel to conduct cyber intrusions to steal academic data, intellectual property, email inboxes and other proprietary data, including ABDOLLAH KARIMA, a/k/a “Vahid Karima,” MOSTAFA SADEGHI, SEYED ALI MIRKARIMI, MOHAMMED REZA SABAHI, ROOZBEH SABAHI, ABUZAR GOHARI MOQADAM, and SAJJAD TAHMASEBI.  The Mabna Institute contracted with both Iranian governmental and private entities to conduct hacking activities on their behalf, and specifically conducted the university spearphishing campaign on behalf of the IRGC.  The Mabna Institute is located at Tehran, Sheikh Bahaii Shomali, Koucheh Dawazdeh Metri Sevom, Plak 14, Vahed 2, Code Posti 1995873351.

University Hacking Campaign

The Mabna Institute, through the activities of the defendants, targeted over 100,000 accounts of professors around the world.  They successfully compromised approximately 8,000 professor email accounts across 144 U.S.-based universities, and 176 universities located in foreign countries, including Australia, Canada, China, Denmark, Finland, Germany, Ireland, Israel, Italy, Japan, Malaysia, Netherlands, Norway, Poland, Singapore, South Korea, Spain, Sweden, Switzerland, Turkey, and the United Kingdom.  The campaign started in approximately 2013, and has continued through at least December 2017, and broadly targeted all types of academic data and intellectual property from the systems of compromised universities, including, among other things, academic journals, theses, dissertations, and electronic books.  Through the course of the conspiracy, U.S.-based universities spent over approximately $3.4 billion to procure and access such data and intellectual property.

The hacking campaign against universities was conducted across multiple stages.  First, the defendants conducted online reconnaissance of university professors, including to determine these professors’ research interests and the academic articles they had published.  Second, using the information collected during the reconnaissance phase, the defendants created and sent spearphishing emails to targeted professors, which were personalized and created so as to appear to be sent from a professor at another university.  In general, those spearphishing emails indicated that the purported sender had read an article the victim professor had recently published, and expressed an interest in several other articles, with links to those additional articles included in the spearphishing email.  If the targeted professor clicked on certain links in the email, the professor would be directed to a malicious Internet domain named to appear confusingly similar to the authentic domain of the recipient professor’s university.  The malicious domain contained a webpage designed to appear to be the login webpage for the victim professor’s university.  It was the defendants’ intent that the victim professor would be led to believe that he or she had inadvertently been logged out of his or her university’s computer system, prompting the victim professor for his or her login credentials.  If a professor then entered his or her login credentials, those credentials were then logged and captured by the hackers.

Finally, the members of the conspiracy used stolen account credentials to obtain unauthorized access to victim professor accounts, through which they then exfiltrated intellectual property, research, and other academic data and documents from the systems of compromised universities, including, among other things, academic journals, theses, dissertations, and electronic books.  The defendants targeted data across all fields of research and academic disciplines, including science and technology, engineering, social sciences, medical, and other professional fields.  At least approximately 31.5 terabytes of academic data and intellectual property from compromised universities were stolen and exfiltrated to servers under the control of members of the conspiracy located in countries outside the United States.

In addition to stealing academic data and login credentials for university professors for the benefit of the Government of Iran, the defendants also sold the stolen data through two websites, Megapaper.ir (“Megapaper”) and Gigapaper.ir (“Gigapaper”).  Megapaper was operated by Falinoos Company (“Falinoos”), a company controlled by ABDOLLAH KARIMA, a/k/a “Vahid Karima,” the defendant, and Gigapaper was affiliated with KARIMA.  Megapaper sold stolen academic resources to customers within Iran, including Iran-based public universities and institutions, and Gigapaper sold a service to customers within Iran whereby purchasing customers could use compromised university professor accounts to directly access the online library systems of particular United States-based and foreign universities.

Prior to the unsealing of the Indictment, the FBI provided foreign law enforcement partners with detailed information regarding victims within their jurisdictions, so that victims in foreign countries could be notified and so that foreign partners could assist in remediation efforts.

Private Sector Hacking Victims

In addition to targeting and compromising universities, the Mabna Institute defendants targeted and compromised employee email accounts for at least approximately 36 United States-based private companies, and at least approximately 11 private companies based in Germany, Italy, Switzerland, Sweden, and the United Kingdom, and exfiltrated entire email mailboxes from compromised employees’ accounts.  Among the United States-based private sector victims were three academic publishers, two media and entertainment companies, one law firm, 11 technology companies, five consulting firms, four marketing firms, two banking and/or investment firms, two online car sales companies, one healthcare company, one employee benefits company, one industrial machinery company, one biotechnology company, one food and beverage company, and one stock images company.

In order to compromise accounts of private sector victims, members of the conspiracy used a technique known as “password spraying,” whereby they first collected lists of names and email accounts associated with the intended victim company through open source Internet searches.  Then, they attempted to gain access to those accounts with commonly-used passwords, such as frequently used default passwords, in order to attempt to obtain unauthorized access to as many accounts as possible.  Once they obtained access to the victim accounts, members of the conspiracy, among other things, exfiltrated entire email mailboxes from the victims.  In addition, in many cases, the defendants established automated forwarding rules for compromised accounts that would prospectively forward new outgoing and incoming email messages from the compromised accounts to email accounts controlled by the conspiracy.

In connection with the unsealing of the Indictment, today the FBI issued a FBI Liaison Alert System (FLASH) message, providing detailed information regarding the vulnerabilities targeted and the intrusion vectors used by the Mabna Institute in their campaign against private sector companies, to provide the public with information to assist in detecting and remediating the threat.

U.S. Government and NGO Hacking Victims

In the same time period as the university and private sector hacking campaigns described above, the Mabna Institute also conducted a computer hacking campaign against various governmental and non-governmental organizations within the United States.  During the course of that campaign, employee login credentials were stolen by members of the conspiracy through password spraying.  Among the victims were the following, all based in the United States:  the United States Department of Labor, the Federal Energy Regulatory Commission, the State of Hawaii, the State of Indiana, the State of Indiana Department of Education, the United Nations, and the United Nations Children’s Fund.  As with private sector victims, the defendants targeted for theft email inboxes of employees of these organizations.

*                *                *

GHOLAMREZA RAFATNEJAD, EHSAN MOHAMMADI, ABDOLLAH KARIMA, a/k/a “Vahid Karima,” MOSTAFA SADEGHI, SEYED ALI MIRKARIMI, MOHAMMED REZA SABAHI, ROOZBEH SABAHI, ABUZAR GOHARI MOQADAM, and SAJJAD TAHMASEBI, the defendants, are citizens and residents of Iran.  Each is charged with one count of conspiracy to commit computer intrusions, which carries a maximum sentence of five years in prison; one count of conspiracy to commit wire fraud, which carries a maximum sentence of 20 years in prison; two counts of unauthorized access of a computer, each of which carries a maximum sentence of five years in prison; two counts of wire fraud, each of which carries a maximum sentence of 20 years in prison; and one count of aggravated identity theft, which carries a mandatory sentence of two years in prison.  The maximum potential sentences in this case are prescribed by Congress and are provided here for informational purposes only, as any sentencings of the defendants will be determined by the assigned judge.

Mr. Berman praised the outstanding investigative work of the FBI, the assistance of the United Kingdom’s National Crime Agency (NCA), and the support of the OFAC.  The case is being handled by the Office’s Complex Frauds and Cybercrime Unit.  Assistant United States Attorneys Timothy T. Howard, Jonathan Cohen, and Richard Cooper are in charge of the prosecution, with assistance provided by Heather Alpino and Jason McCullough of the National Security Division’s Counterintelligence and Export Control Section.

The charges contained in the Indictment are merely accusations and the defendants are presumed innocent unless and until proven guilty.

[1] As the introductory phrase signifies, the entirety of the text of the Indictment, and the description of the Indictment set forth herein, constitute only allegations, and every fact described should be treated as an allegation.

Attachment(s):
Download U.S. v. Rafatnejad et al Indictment
Topic(s):
Cyber Crime
Component(s):
USAO – New York, Southern
Press Release Number:
18-089

Why Did Trump Hire McMaster in the First Place?

Posted on by

Much has been written about Trump’s now former National Security Counsel advisor H.R. McMaster who at one time was General Petraeus’ ‘go-to’ tank operations expert in Iraq. The 3-star general from the outset never really gelled in a cohesive policy relationship with President Trump and the chatter for months in DC was that his time at the White House was going to be short.

McMaster Worked at Think Tank Backed by Soros-Funded Group ...

Question is who recommended McMaster to Trump in the first place and who did the background investigation such that Trump accepted and confirmed him to lead the National Security Council?

“After 34 years of service to our nation,” the lieutenant general said, “I am requesting retirement from the U.S. Army effective this summer, after which I will leave public service.” A White House official told VOA that the president and McMaster had mutually agreed upon McMaster’s resignation, after discussing it for some time. The official said the president asked McMaster to stay on until mid-April to ensure a smooth transition, and McMaster agreed. A graduate of the U.S. Military Academy, known as West Point, McMaster earned a Silver Star for leadership during the Persian Gulf War when, as a cavalry commander, he led a small contingent of U.S. tanks to destroy 80 Iraqi tanks and other vehicles. More here.

Well, the Daily Caller did some remarkable deeper work on McMaster spelling out how Trump never should have brought him on board in the first place. The other question remains on why the Pentagon did not advise McMaster on terminating his outside relationship especially with some rogue nations.

  • Outgoing National Security Advisor H.R. McMaster worked for a foreign-based think tank for 11 years before assuming his post
  • The think tank has ties to Russia, China, the Uranium One deal and Bahrain
  • Career armed forces officers spoke out against the arrangement

Outgoing National Security Advisor Lt. Gen. H.R. McMaster served for more than a decade as a consultant to the London-based International Institute for Strategic Studies, a foreign-based think-tank that has received funding from hostile foreign governments to include Russia and China, according to a Daily Caller News Foundation investigation.

The career soldier ended his employment at the International Institute for Strategic Studies (IISS) in February 2017 after President Donald Trump tapped him to serve as his national security adviser following the resignation of former National Security Adviser Michael Flynn.

McMaster is planning to leave the NSC in April, to be replaced by former U.N. Ambassador John Bolton, according to The Wall Street Journal.

The outgoing NSC official said in a statement, he was “requesting retirement from the U.S. Army effective this summer after which I will leave public service.”

The general, who did not leave the Army to assume his NSC post, was one of only two White House national security chiefs who retained active duty status while working at the White House. The other general was Gen. Colin Powell.

McMaster never publicized his decade-long outside consultant work with the foreign-based think tank that often supported a globalist agenda opposed by Trump. IISS often espoused foreign and military policies that served as the centerpiece of the Obama presidency, including support for the former president’s Iran nuclear deal.

While his 11 years at the institute were never part of his official military biography, former military officers who learned of it were harshly critical of his unusual moonlighting.

Veteran military officers expressed disbelief at McMaster’s consulting work at a foreign-based think tank that receives funding from hostile governments. They called the arrangement “unethical” and “unprecedented.”

IISS operates offices in the Bahrain, Singapore and Washington, D.C. It generally reflects a globalist “realist” Eurocentric view of foreign and military postures that’s at odds with Trump’s foreign policy. The think-tank was a major advocate of former President Barack Obama’s nuclear deal with Iran.

IISS receives funding from friendly Western sources such as aerospace firms and even the British army, but is also has received funding from the Russian Federation, China’s Ministry of Foreign Affairs, as well as the governments of Azerbaijan, Turkey, Qatar, Pakistan, Saudi Arabia and Bahrain, according to the IISS website.

During McMaster’s time at IISS, the think tank also received $700,000 from George Soros’s Open Society and $140,000 from Ploughshares, the pacifist organization that aggressively pushed for Obama’s Iran nuclear deal.

The organization’s council — its board of directors — also is filled with people who have ties to the Kremlin, to the Qatari emir who has been accused of supporting terrorists, to people associated with the Uranium One scandal, and with a Russian investment bank that paid former President Bill Clinton $500,000 for a single speech.

“This is bizarre,” retired Army Lt. Gen. William “Jerry” Boykin said in an interview with TheDCNF. “If that kind of information was available to The Trump administration before they selected him, the question is: Would they have selected him for this very job?”

The Army told TheDCNF that from 2006 when he first joined IISS as a “senior research associate” until he left in 2017, he did file annual financial disclosure forms notifying the Army of payments he received from the institute.

McMaster’s office did not respond to a DCNF request for his current financial disclosure form, which he was required to submit in 2017 as a White House employee.

Retired Rear Adm. James “Ace” Lyons, who served 35 years in the Navy, including a stint as commander of the Pacific Fleet, told TheDCNF McMaster’s consulting role at the think tank was “absurd.”

“It is really absurd that an active duty military officer, particularly one of flag rank, is a consultant to a foreign organization that is taking money and contributions from questionable countries that are known enemies of the United States,” Lyons told TheDCNF in an interview. “This to me seems to be outside the bounds of what we’re committed to. This is atrocious.”

“I’ve never seen this kind of thing before,” said Boykin, a 36-year veteran who served as under secretary for defense intelligence for President George W. Bush.

Boykin said he was convinced any commanding officer would have rejected McMaster’s proposed consulting work at IISS. “I cannot believe that the ethics people of the U.S. Army would approve of him doing that, and I can’t believe that any responsible person he worked for in the Army would have agreed to that.”

William J. Sharp, a public affairs civilian attached to U.S. Army Headquarters, told TheDCNF the Army accepted McMaster’s proposed consulting work at IISS without any prior approval because they regarded the think tank as not falling under the category of a “prohibited source.”

The term “prohibited source” relates to a company that seeks a business or other formal contractual relationship from the Department of Defense. Using that limited standard, the Army concluded IISS was not a prohibited source and McMaster did not need to obtain prior approval from military superiors.

“IISS is not a prohibited source for Army personnel,” Sharp told TheDCNF in an email. “Therefore, LTG McMaster was not required to obtain approval prior to consulting for IISS.”

“I’m surprised at this,” Boykin said. “I find this in my view and in my experience of 36 years to be unprecedented, and I would love to see an authorization. And if it’s an open-ended authorization — if there’s one at all — then I would be willing to bet you it was an error on the part of whoever provided that authorization. You just can’t do this on your own,” he told TheDCNF.

Retired Special Forces Col. James Williamson told TheDCNF he considered it “very unusual” for an active duty officer to serve for a decade at any educational institution. “It’s very unusual for a general officer on active duty to have that type of affiliation over that timespan,” he said. “I’ve had friends that have gone to Harvard or the Fletcher School at Tufts, but they’re U.S.-based.” He said most terms were for a short duration — usually six months to a year.

In fact, the military approves and even encourages active duty officers to seek temporary assignments with American educational institutions and think tanks. But those assignments are very short and rarely extend for more than a year.

Williamson said active duty military officers have plenty of private sector and think tank opportunities after they leave military service. “We have other people who served in London, but they’re not on active duty. They’re retired officers and there’s no problem with that,” he said.

Williamson, a counter terrorism specialist who served with NATO and U.S. Southern Command, said he regarded McMaster’s work as posing a basic “conflict of interest” in light of funding from hostile governments. That funding “would almost make it a de facto conflict of interest in my eyes.”

Retired U.S. Air Force Col. James Waurishuk, who also worked at the NSC, agreed. “I would be concerned about the work he’s doing and how it applies in relation to a think-tank that’s taking money from perhaps adversarial foreign governments. That would be of concern to me,” he said.

Williamson also shared the same view and added that even working at a London think tank poses problems. “Even our closest allies don’t have the same agendas and priorities that we do,” he said.

During his 11 years with IISS, the group promoted McMaster’s activities. A review of previous IISS websites by TheDCNF shows he was highlighted between six and 10 times each year.

IISS praised McMaster when he joined the Trump White House. Jonathan Stevenson, an Obama NSC official who also is a senior fellow at IISS, wrote a fawning opinion piece about McMaster in The New York Times. He called him a “compelling choice: a scholar-warrior” and “both a proven cavalry officer and a formidable defense intellectual.” Stevenson wrote McMaster could save Trump, and the general’s appointment, “should augur at least a fleeting period of stability at the dysfunctional National Security Council.”

Igor Yurgen has been on the IISS Council since 2010. He is chairman of Rennaissance Capital Group, which awarded Bill Clinton $500,00 in speaking fees.

Russia Today, a pro-Kremlin news organization, once described Yurgen as “one of Russia’s most influential experts close to [former] President Dmitry Medvedev.”

“He is remarkably skilled at combining public, business and political careers,” according to RT.

Another council member is Michael Rich, an executive vice president of the RAND Corp. But significantly, he is co-chair of the board of overseers of a project called the RAND Qatar Policy Institute.

The Qatar Policy Institute is also part of the Qatar Foundation, started by Qatar’s former emir, Sheikh Hamad Bin Khalifa Al Thani, and his wife, Sheikha Moza bint Nasser.

Saudi Arabia and the Persian Gulf states accuse Qatar of supporting Islamic terrorism. Al Thani has supported the Taliban in Afghanistan, Hamas in the Gaza Strip, militias in Libya, and the Muslim Brotherhood, The New York Times reported in 2014. The Emir personally traveled in 2012 to the Gaza Strip, where he received a hero’s welcome as he pledged to work with the terrorist group Hamas. Al Thani also founded Al Jazeera, the pro-Muslim Brotherhood television news channel.

Badr Jafar, another current council member, is the son of Hamid Jafar, who founded the biggest private equity firm in the Middle East, North Africa and South Asia. Badr is the CEO of Crescent Enterprises who, with his father Hamid Jafar, engineered an oil exploration partnership between their Emirates-based company, Crescent Petroleum with the Boris Kovalchuk, CEO of the Russian company of Inter Rao UES.

News agencies in the United Arab Emirates hailed the 2010 financial deal between Crescent and Moscow. “Russian state news agencies began their coverage of the recent high-level meeting in Moscow between Crescent officials, the Russian prime minister, Vladimir Putin, and the Iraqi former prime minister Dr Ayad Allawi by linking the names of Hamid Jafar and Mr Putin,” according to the National Business report.

Russian President Vladimir Putin decreed that all shares of Inter Rao UES be transferred to the Russian state-owned atomic energy agency called Rosatom. Kovalchuk is a Kremlin confidant who served as a vice president of Rosatom. Americans know about Rosatom because of its purchase of Uranium One, which was made possible by then Secretary of State Hillary Clinton’s support for the Russian acquisition.

While McMaster was a consultant at IISS the organization was a strong, unwavering supporter of President Obama’s nuclear deal with Iran.

Mark Fitzpatrick, its director for non-proliferation and disarmament was the most outspoken IISS director for the nuclear deal calling it in 2015 a “a potential game changer in many ways, opening a path to better relations with Iran that has been closed for more than 35 years.” Fitzpatrick said the deal “makes it demonstrably less likely Iran will become nuclear-armed now and in the future.”

IISS also entered domestic American politics by defending the Democratic Party during the 2016 presidential campaign. It flatly stated following the release of emails from the Democratic National Committee it “revealed no evidence of significant wrongdoing within the Democratic Party.”

IISS also has been criticized for the secrecy of its activities and its routine denial of visas for reporters seeking to attend its overseas events, particularly its annual event in Bahrain where human right groups accuse the government of silencing critics and keeping journalists away.

BahrainWatch, a human rights group published an investigation in December 2016 claiming that even well known American journalists have been barred from its Bahrain conferences called the “Manama Dialogue.”

“New York Times journalist Nicholas Kristof has openly called for an invitation since 2011, though his media visa was once again rejected last year. Wall Street Journal journalist Yaroslav Trofimov was also denied a visa.

Waurishuk concluded that McMaster’s relationship with IISS raises too many alarms.

“There’s too many red flags that kind of go up,” he said.

Neither IISS Washington nor IISS London returned repeated queries about McMaster.