Category Archives: Citizens Duty

FBI Working to Stop Massive Russian Malware Network

Posted on by

Sofacy Cyber-Espionage Group Resurfaces with New Backdoors ...  photo

Cisco’s Talos research unit yesterday reported its discovery of VPNFilter, a modular and stealthy attack that’s assembled a botnet of some five-hundred-thousand devices, mostly routers located in Ukraine. There’s considerable code overlap with the Black Energy malware previously deployed in attacks against Ukrainian targets, and the US Government has attributed the VPNFilter campaign to the Sofacy threat group, a.k.a. Fancy Bear, or Russia’s GRU military intelligence service.
Ukrainian cybersecurity authorities think, and a lot of others agree with them, that Russia was gearing up a major cyberattack to coincide with a soccer League Championship match scheduled this Saturday in Kiev as part of the run-up to the World Cup. They also think it possible an attack could be timed for Ukraine’s Constitution Day, June 28th.
The US FBI has seized a key website used for VPNFilter command-and-control, which US authorities hope will cripple the campaign. The Justice Department says that VPNFilter could be used for “intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities.”

***

FBI agents armed with a court order have seized control of a key server in the Kremlin’s global botnet of 500,000 hacked routers, The Daily Beast has learned. The move positions the bureau to build a comprehensive list of victims of the attack, and short-circuits Moscow’s ability to reinfect its targets.

The FBI counter-operation goes after  “VPN Filter,” a piece of sophisticated malware linked to the same Russian hacking group, known as Fancy Bear, that breached the Democratic National Committee and the Hillary Clinton campaign during the 2016 election. On Wednesday security researchers at Cisco and Symantec separately provided new details on the malware, which has turned up in 54 countries including the United States.

VPN Filter uses known vulnerabilities to infect home office routers made by Linksys, MikroTik, NETGEAR, and TP-Link. Once in place, the malware reports back to a command-and-control infrastructure that can install purpose-built plug-ins, according to the researchers. One plug-in lets the hackers eavesdrop on the victim’s Internet traffic to steal website credentials; another targets a protocol used in industrial control networks, such as those in the electric grid. A third lets the attacker cripple any or all of the infected devices at will.

The FBI has been investigating the botnet since at least August, according to court records, when agents in Pittsburgh interviewed a local resident whose home router had been infected with the Russian malware. “She voluntarily relinquished her router to the agents,” wrote FBI agent Michael McKeown, in an affidavit filed in federal court. “In addition, the victim allowed the FBI to utilize a network tap on her home network that allowed the FBI to observe the network traffic leaving the home router.”

FBI working to disrupt massive malware network linked to Russia

The FBI is working to disrupt a massive, sophisticated Russia-linked hacking campaign that officials and security researchers say has infected hundreds of thousands of network devices across the globe.

The Justice Department late Wednesday announced an effort to disrupt a botnet known as “VPNFilter” that compromised an estimated 500,000 home and office (SOHO) routers and other network devices. Officials explicitly linked the botnet to the cyber espionage group known as APT 28, or Sofacy, believed to be connected to the Russian government.

Officials said that the U.S. attorney’s office for the western district of Pennsylvania has obtained court orders allowing the FBI to seize a domain that is part of the malware’s command-and-control infrastructure. This will allow officials to redirect attempts by the malware to reinfect devices to an FBI-controlled server, thereby protecting devices from being infected again after rebooting.

Assistant Attorney General for National Security John C. Demers in a statement described the effort as the “first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities.”

Cybersecurity researchers first began warning of the destructive, sophisticated malware threat on Wednesday. Cisco’s Talos threat intelligence group said in a blog post Wednesday that VPNFilter had infected at least 500,000 devices in 54 or more countries.

The researchers had been tracking the hacking threat for several months and were not ready to publish their findings, but when the malware began infecting devices in Ukraine at an “alarming rate,” they decided to publish their research early.

“Both the scale and the capability of this operation are concerning. Working with our partners, we estimate the number of infected devices to be at least 500,000 in at least 54 countries,” the researchers wrote.

The malware targets home and office routers and what are known as network-access storage (NAS) devices, hardware devices that store data in one, single location but can be accessed by multiple individuals — creating a massive system of infected devices, commonly known as a botnet.

VPNFilter also uses two stages of malware, an unusual set up that makes it more difficult to prevent a device from being re-infected after it is rebooted. The FBI on Wednesday urged individuals whose devices may have been infected to reboot them as soon as possible.

The FBI is also also soliciting help from a nonprofit known as the Shadowserver Foundation, which will pass the IP addresses to internet service providers, foreign computer emergency teams and others to help stem the damage.

The malware is the latest sign of the growing cyber threat from Russia. News of the outbreak comes roughly a month after senior U.S. and British officials blamed the Russian government for coordinated cyberattacks on network devices in an effort to conduct espionage and intellectual property theft.

The U.S. has also blamed Moscow for the global cyberattack known as notPetya that ravaged computers across the globe last summer, calling it the most destructive and costly cyberattack in history.

The code of VPNFilter has similarities with version of another malware known as BlackEnergy, which was used in an attack on Ukraine’s power grid in late 2015. The Department of Homeland Security has linked the malware to the Russian government.

President Trump Withdraws from North Korea Nuclear Summit

Posted on by

A letter from President Donald Trump to North Korean dictator Kim Jong Un canceling their planned meeting.  There are several things in play. China, Iran and Russia and North Korea are watching all U.S. positions and it began with the Pompeo demands announced of Iran since exiting the JCPOA, nuclear deal. Iran has not only responded with several nasty grams but Iran is putting threats towards Europe on many of their demands to stay in the deal.

National Security Counsel chair John Bolton is also being blamed by North Korea for the breakdowns due to the reference of the Libya model. That is an excuse as the Libya model for removing the nuclear program was far in advance of the removal of Maummar Gaddafi and his eventual death.

Further, there is the matter of China injecting itself into the preparations and talks between North Korea and the United States. North Korea follows all advise and leads from President Xi. Now, where are those pesky nuclear weapons in North Korea since the nuclear test site collapsed and was further blown up in a gesture move for selected outside media?

There is also the issue of the other locations of interest in North Korea that the United States is well aware of that proves China has aided and assisted in the military sites and nuclear program as had Iran and Russia. China does not want to be confronted with that proof.

Further, there is the matter of the ‘nuclear umbrella’.  Japan, South Korea, and the United States Nuclear Umbrella

In this book, Terence Roehrig provides a detailed and comprehensive look at the nuclear umbrella in northeast Asia in the broader context of deterrence theory and U.S. strategy. He examines the role of the nuclear umbrella in Japanese and South Korean defense planning and security calculations, including the likelihood that either will develop its own nuclear weapons. Roehrig argues that the nuclear umbrella is most important as a political signal demonstrating commitment to the defense of allies and as a tool to prevent further nuclear proliferation in the region. While the role of the nuclear umbrella is often discussed in military terms, this book provides an important glimpse into the political dimensions of the nuclear security guarantee. As the security environment in East Asia changes with the growth of North Korea’s capabilities and China’s military modernization, as well as Donald Trump’s early pronouncements that cast doubt on traditional commitments to allies, the credibility and resolve of U.S. alliances will take on renewed importance for the region and the world.

The U.S. nuclear umbrella in the region is not focused on North Korea but also incorporates planning against potential Chinese aggression. Nullifying or weakening the umbrella over the Peninsula, some would argue, might leave South Korea open to potential Chinese coercion and send the wrong signal at a time when China is seem by some as trying to pressure Taiwan and reassert its influence in the region.

Related reading: Japan Under the US Nuclear Umbrella

Related reading: The US Nuclear Umbrella Over South Korea

Russia’s 53rd Missile Brigade Did Shoot Down MH17

Posted on by

Now the question is why? Could it have been a single message to Ukraine to not mess with Russia as it was invading Ukraine?And directly after this attack, the President of Petro Poroshenko fled to Russia.

The other question is, what is the consequence for Russia? MH17, a passenger jet was flying from Amsterdam to Kuala Lampur and was blown out of the sky over Ukraine. Communications intercepts show that pro-Russian rebels had called for the launch of a surface to air missile weapon.

Buk-Rakete traf Flugzeug: Ermittler: MH17 mit russischer ...
Fred Westerbeke, Chief Prosecutor of the Dutch Prosecutor’s office, presents interim results in the ongoing investigation of the 2014 MH17 crash that killed 298 people over eastern Ukraine, during a news conference in Bunnik, Netherlands, May 24, 2018. REUTERS/Francois Lenoir

BUNNIK, Netherlands (Reuters) – Prosecutors investigating the downing of Malaysia Airlines Flight 17 over eastern Ukraine in 2014 said on Thursday they had identified the missile used to shoot down the plane as coming from a Russian military unit. The airliner was hit by a Russian-made missile on July 17, 2014, with 298 people on board, two-thirds of them Dutch, over territory held by pro-Russian separatists. All aboard died.

Wilbert Paulissen, head of the crime squad of the Netherlands’ national police, said the missile had been fired from a carrier belonging to Russia’s 53rd Anti-Aircraft Brigade.

“All the vehicles in a convoy carrying the missile were part of the Russian armed forces,” he told a televised news conference.

Russia has denied involvement in the incident. There was no immediate comment from Moscow on the investigative development.

In an interim update on their investigation, prosecutors said they had trimmed their list of possible suspects from more than a hundred to several dozen.

“We have a lot of proof and a lot of evidence, but we are not finished,” said chief prosecutor Fred Westerbeke. “There is still a lot of work to do.”

He said investigators were not yet ready to identify individual suspects publicly or to issue indictments. The question of whether members of the 53rd Brigade were actively involved in the downing of the plane remains under investigation, he said.

Westerbeke called on witnesses, including members of the public, to help identify members of the crew that was operating the missile system. He also asked for tip-offs in determining what their orders were and in identifying the officials in charge of the brigade.

A Joint Investigation Team, drawn from Australia, Belgium, Malaysia, the Netherlands and Ukraine, is gathering evidence for a criminal prosecution in the downing of the plane.

The Dutch Safety Board concluded in an October 2015 report that the Boeing 777 was struck by a Russian-made Buk missile.

Westerbeke called on witnesses, including members of the public, to help identify members of the crew that was operating the missile system. He also asked for tip-offs in determining what their orders were and in identifying the officials in charge of the brigade.

A Joint Investigation Team, drawn from Australia, Belgium, Malaysia, the Netherlands and Ukraine, is gathering evidence for a criminal prosecution in the downing of the plane.

The Dutch Safety Board concluded in an October 2015 report that the Boeing 777 was struck by a Russian-made Buk missile.

Dutch prosecutors said in September 2016 that 100 “persons of interest” had been identified in the investigation, while Australian and Malaysian officials had initially expressed hope that suspects’ names would be made public in 2017.

Eventual suspects are likely to be tried in absentia in the Netherlands after Russia used its veto to block a U.N. Security Council resolution seeking to create an international tribunal to oversee criminal complaints stemming from the incident.

Deep Throat, Deep State and #SpyGate is Old News

Posted on by

C’mon remember the Watergate break-in? Former CIA operatives were part of that. But wait, Nixon himself was being surveilled by the FBI. Anna Chennault, a GOP operative had interesting connections all throughout Asia. Those relationships were of big concern to the FBI and the Bureau was tracking those connections. That was all related to the Paris Peace talks on North and South Vietnam. Due to FBI eavesdropping and collections of diplomatic cables, Lyndon Johnson knew all about Nixon’s subterfuge. Have we forgotten the secret Nixon tapes? Too bad we can’t ask Mark Felt questions, dead men tell no tales.

Using intelligence agencies is an old habit yet Obama appears to have made an art of that exploitation. Obama spied on journalists including James Rosen of Fox News. Obama likely approved of John Brennan’s operation to spy on the senate staffers working on the enhanced interrogation techniques report headed by Senator Dianne Feinstein. Heck, Obama spied on Angela Merkel of Germany. Enter the NSA, they have everything. Edward Snowden proved that right? Not too sure FISA warrants were ever really needed in the first place, think about that.

Spies, informants and operatives come in many forms. They can be staffers, hired ladies, lawyers, lobbyists, policy wonks, people having cocktails at conventions, summits or conferences where business cards are exchanged for later email/phone call follow-up.

It is all old news. Old news and old tactics that get refined to due electronic communications, apps and encryption.

So, how do we know about these activities? Follow the money for starters. Remember the DNC and Hillary law firm, Perkins Coie.

The Obama for America committee paid Perkins Coie around $3 million during the 2012 election cycle, according to filings with the Federal Election Commission, A vast majority of the payments were earmarked for “Legal Services.”

Was Fusion GPS hired by Obama to surveil on Romney for opposition research? Was the media involved? Oh yeah, remember that debate and the advanced questions?  Then of course we have Fusion GPS and Trump.

Okay, this brings us to the current #Spygate and the names bubbling to the surface.

One such name is Stefan Halper. During the presidential transition, Donald Trump’s top trade advisor Peter Navarro, recommended Halper for an ambassadorship. Heck Halper was in the White House Executive Office wing last summer to discuss Asia with particular emphasis on China.

Stefan Halper goes all the way back to the Reagan/Carter days. Oh, wait, even Gerald Ford and George HW Bush were included in Halper’s political history. Is there a difference between spying, intelligence collection and being a political operative? You decide.

There is more, How about Paul Corbin? He was a communist. And yes, he was an campaign operative too. He worked on the John F. Kennedy campaign. There was also ‘Debategate‘.

 

 

Moving on and do NOT hang your hat on Carter Page. Remember the Washington Post editorial board doing an early interview with Trump and a question arose about his foreign policy team? Well, Trump threw out 2 names from the hip, Carter Page and George Stephanopoulos. In fact neither had any quality role in the Trump operation. Another was Zalmay Khalilzad, former U.S. ambassador to Afghanistan, Iraq and the United Nations. Heck Trump never met Khalilzad. He remains a back channel fella with concerns still with Pakistan, Afghanistan and Iraq. Khalilzad was part of a money laundering investigation in 2014. Could he be an operative too?

Now take a moment and see the issue of Russian operatives and spies in the United States to understand how the FBI tails these people. In 2010, there was a spy swap (10 operatives) that included 2 key people. One such person was Anna Chapman who was assigned to get inside the Hillary State Department operation(s) and she did. The other is Sergei Skripal. He is the former Russian military officer and double agent that Russia just attempted to kill with Novichok, a nerve agent. Then there was this other double agent in New York that was captured in a counter-intelligence operation as a result of spy operations that work out of the Russian Mission to the United Nations.

Are you beginning to understand the other work of the FBI? President Bush expelled 50 Russians, Reagan expelled 55 Soviets and both Obama and Trump have expelled 35 and 60 respectively.

With those facts, does it stand to reason that the FBI rank and file agents are very concerned about foreign operatives in politics and campaigns? There is for sure an argument to be made that informants and plants are not only used by required.

Will we ever know all the puzzle parts to these cases? NO

Is #Spygate a one off with regard to President Trump? NO

Perhaps there is something yet to be discovered in Hillary’s missing emails or Peter and Lisa’s text messages. Hello IG report by Michael Horowitz.

The tactics are tried and true…however, when will the media much less the Republicans call out the abuse of power the Obama administration on all of this? In summary, the Trump administration should fight back and impeach those Obama operatives, what say you?

 

 

SecState Pompeo’s Note-taking During Hearing

Posted on by

This was a Congressional Budget Session for the State Department Fiscal year 2019.

The Latest: Pompeo hopeful N. Korea talks will take place

The Congressman Gregory Meeks got on his high horse about the commitment to diplomatic security. Meeks in his last comment proved to be an ass. Check out that little 3 minute snippet here.

Now, we can’t know if this is a ‘to-do’ list for himself or those of his staff but an Associated Press photographer captured an interesting photo.

So, let’s go down the list shall we?

#7 Meet IG.:There are several that have been published recently with regard to the State Department. They include: Operation Inherent Resolve and Operation Pacific Eagle, a Fraud Alert and Operation Freedom’s Sentinel. (The Freedom’s Sentinel is a quarterly report) Click here to see those IG reports.

#8 Jim Donovan: Last year, Donovan was on the short list to be Deputy Treasury Secretary and withdrew his name. He is a managing director and partner at Goldman Sachs and has close ties to Jeb Bush and Mitt Romney.

#9 Call Lavrov: Well we should all know him, he is the Minister of Foreign Affairs of Russia. Now this is an interesting call because Lavrov is on his way to visit the DPRK, you know lil Kim Jung Un and Lavrov has is nurturing a relationship with Zohrab Mnatsakanyan, the Foreign Minister of Armenia. Or how about telling Lavrov, ‘he dude, this meddling thing and propaganda gig against the U.S. comes with consequences‘.

#10 Mexico Ambassador: This could have a couple of options. a) Our National Guard on the border b) The U.S ambassador to Mexico resigned in March and we presently don’t have one. Under consideration is Edward Whitacre Jr., a former CEO at General Motors and AT&T. Whitacre has also worked previously with Carlos Slim, Mexico’s richest man.

This brings us to #11 Carlos Slim: Could this be some kind of NAFTA issue or regarding The Economic Coordinating Council in Mexico?

#12 Robert Reilly: Reilly has a long history at the State Department and in global media. He is a conservative and a senior policy fellow at the America Foreign Policy Council, The Claremont Institute. He was part of the Information Strategy Office at the Pentagon as well as a senior advisor on Operation Iraqi Freedom.

#13 Need help…no idea

#14 Diversity Data….hummm

Could bad math have us skipping to #20? Sam Feist: Well, perhaps Pompeo has a whole truck load of stuff to discuss with Sam. He is the Senior Vice President, Washington Bureau Chief for CNN.

#21 Help….no idea

#22 PC on Iran: After the Deal to a New Deal? Europe vs. U.S. on sanctions maybe?

Meanwhile: Pompeo says Singapore is “still” a go, cites “the preparations for our historic meeting with North Korea, still scheduled for June 12. We have a generational opportunity to solve a major national security challenge.” “We are clear-eyed about the regime’s history. It’s time to solve this once and for all. A bad deal is not an option. The American people are counting on us to get this right. If the right deal is not on the table, we will respectfully walk away.”

Pompeo assumed a similarly hard line on resuming talks with Iran, promising to “apply unprecedented financial pressure” and suggesting that economic sanctions are just one of several measures the United States will use against the regime in Tehran. To achieve a new nuclear deal, he added, Iran “simply needs to change its behavior.”

He did not back off the Trump administration’s threat to apply sanctions to European companies that do business with Iran, saying companies must wind down operations in Iran or else face penalties, and promised lawmakers that “we will come back to you seeking further authority” for additional measures to squeeze Tehran.

But the hearing turned combative as Democrats challenged Pompeo for presenting Congress with a State Department budget that maintains deep cuts to diplomatic and developmental activities — a budget that Rep. Eliot L. Engel (N.Y.), the ranking Democrat on the foreign affairs panel, called “insulting” and predicted that Congress would reject. More here.