Category Archives: Cyber War

Yup, Even More on Hillary EmailGate

Posted on by

Oh…a housekeeping matter, check this out also:

“It’s time for the U.S. to start thinking of Iraq as a business opportunity.” – Hillary Clinton

Hillary Clinton has been outed by her right-hand lady, Huma Abedin. Emails from the assistant have revealed Clinton Foundation donors received special access to the State Department. Judicial Watch has published the documents. Check out just how bad this is.

Judicial Watch today released 725 pages of new State Department documents, including previously unreleased email exchanges in which former Hillary Clinton’s top aide Huma Abedin provided influential Clinton Foundation donors special, expedited access to the secretary of state. In many instances, the preferential treatment provided to donors was at the specific request of Clinton Foundation executive Douglas Band.

The new documents included 20 Hillary Clinton email exchanges not previously turned over to the State Department, bringing the known total to date to 191 of new Clinton emails (not part of the 55,000 pages of emails that Clinton turned over to the State Department).  These records further appear to contradict statements by Clinton that, “as far as she knew,” all of her government emails were turned over to the State Department.

The Abedin emails reveal that the longtime Clinton aide apparently served as a conduit between Clinton Foundation donors and Hillary Clinton while Clinton served as secretary of state. In more than a dozen email exchanges, Abedin provided expedited, direct access to Clinton for donors who had contributed from $25,000 to $10 million to the Clinton Foundation. In many instances, Clinton Foundation top executive Doug Band, who worked with the Foundation throughout Hillary Clinton’s tenure at State, coordinated closely with Abedin. In Abedin’s June deposition to Judicial Watch, she conceded that part of her job at the State Department was taking care of “Clinton family matters.”

Included among the Abedin-Band emails is an exchange revealing that when Crown Prince Salman of Bahrain requested a meeting with Secretary of State Clinton, he was forced to go through the Clinton Foundation for an appointment. Abedin advised Band that when she went through “normal channels” at State, Clinton declined to meet. After Band intervened, however, the meeting was set up within forty-eight hours. According to the Clinton Foundation website, in 2005, Salman committed to establishing the Crown Prince’s International Scholarship Program (CPISP) for the Clinton Global Initiative. And by 2010, it had contributed $32 million to CGI. The Kingdom of Bahrain reportedly gave between $50,000 and $100,000 to the Clinton Foundation. And Bahrain Petroleum also gave an additional $25,000 to $50,000.

From: Doug Band

To: Huma Abedin

Sent: Tue Jun 23 1:29:42 2009

Subject:

Cp of Bahrain in tomorrow to Friday

Asking to see her

Good friend of ours

From: Huma Abedin

To: Doug Band

Sent: Tue Jun 23 4:12:46 2009

Subject: Re:

He asked to see hrc thurs and fri thru normal channels. I asked and she said she doesn’t want to commit to anything for thurs or fri until she knows how she will feel. Also she says that she may want to go to ny and doesn’t want to be committed to stuff in ny…

From: Huma Abedin [[email protected]]

Sent: Thursday, June 25, 2009 10:35:15 AM

To: Doug Band

Subject:

Offering Bahrain cp 10 tomorrow for meeting woith [sic] hrc

If u see him, let him know

We have reached out thru official channels

Also included among the Abedin-Band emails is an exchange in which Band urged Abedin to get the Clinton State Department to intervene in order to obtain a visa for members of the Wolverhampton (UK) Football Club, one of whose members was apparently having difficulty because of a “criminal charge.” Band was acting at the behest of millionaire Hollywood sports entertainment executive and President of the Wasserman Foundation Casey Wasserman. Wasserman has donated between $5 million and $10 million to the Clinton Foundation through the Wasserman Foundation.

From: Tim Hoy [VP Wasserman Media Group]

Date: Tue. 5 May 2009 10:45:55 – 0700

To: Casey Wasserman

Subject: [Redacted] Wolverhampton FC/visa matter

Casey: Paul Martin’s [popular English footballer] client [Redacted] needs to get an expedited appointment at the US Embassy in London this week and we have hit some road blocks. I am writing to ask for your help.

The Wolverhampton FC is coming to Las Vegas this Thursday for a “celebration break.” [Redacted] so he cannot get a visa to the US without first being “interviewed” in the visa section of the US Embassy in London …

I contacted Senator Boxer’s office in SF for help … They balked at the criminal charge and said they “couldn’t help.”

I’m now trying to get help from Sherrod Brown’s office but that’s not going well either. So do you have any ideas/contacts that could contact the US Embassy in London and ask that they see [Redacted] tomorrow?

From: Casey Wasserman

To: Doug Band; Trista Schroeder [Wasserman Media Group executive]

Sent: Tue May 05 2:23:50 2009 [PT]

Subject: FW [Redacted] Wolverhampton FC/visa matter

Can you help with the below [Hoy email], or maybe Huma??? I am copying trista as I am on the plane in case I lose connection … thx.

From: Doug Band

Sent: Tue May 05 7:08:21 2009 [ET]

To: Casey Wasserman; Trista Schroeder

Subject: Re: [Redacted] Wolverhampton FC/visa matter

Will email her.

From: Doug Band

To: Huma Abedin

Sent: Tue May 5 7:26:49 2009

Subject: Fw: [Redacted] Wolverhampton FC/visa matter

[As per subject line, Band apparently forwarded Abedin material sent to him by Casey.]

From: Huma Abedin [[email protected]]

Sent: Tuesday, May 05, 2009 7:39:38 PM

To: Doug Band

Subject: Re: [Redacted] Wolverhampton FC/visa matter

I doubt we can do anything but maybe we can help with an interview. I’ll ask.

From: Huma Abedin

To: Doug Band

Sent: Tue May 05 5:50:09 2009

Subject: Re: [Redacted] Wolverhampton FC/visa matter

I got this now, makes me nervous to get involved but I’ll ask.

From: Doug Band

To: Huma Abedin

Sent: Tuesday, May 05, 2009 7:43:30 PM

Subject:  Re: [Redacted] Wolverhampton FC/visa matter

Then don’t

The Abedin emails also reveal that Slimfast tycoon S. Daniel Abraham was granted almost immediate access to then-Secretary of State Clinton, with Abedin serving as the facilitator. According to the Clinton Foundation website, Abraham, like the Wasserman Foundation, has given between $5 million and $10 million to the Clinton Foundation. The emails indicate that Abraham was granted almost immediate access to Clinton upon request:

From: Huma Abedin

To: H

Sent: Mon May 04 4:40:34 2009

Subject: Danny

Danny abraham called this morning. He is in dc today and tomorrow and asked for 15 min with you. Do u want me to try and fit him in tomorrow?

From: H

To Huma Abedin

Sent: Mon May 04 5:14:00 2009

Subject: Re: Danny

Will the plane wait if I can’t get there before 7-8?

From: Huma Abedin

Sent: Monday, May 04, 2009 5:15:30 PM

Subject: Re: Danny

Yes of course

Additional Abedin emails in which the top Clinton aide intervenes with the State Department on behalf of Clinton Foundation donors include the following:

  • On Friday, June 26, 2009, Clinton confidant Kevin O’Keefe wrote to Clinton saying that “Kevin Conlon is trying to set up a meeting with you and a major client.” Clinton wrote to Abedin, “Can you help deliver these for Kevin?” Abedin responded, “I’ll look into it asap” Kevin O’Keefe donated between $10,000 and $25,000 to the Clinton Foundation. Kevin Conlon is a Clinton presidential campaign “Hillblazer”who has raised more than $100,000 for the candidate.
  • On Tuesday, June 16, 2009, Ben Ringel wrote to Abedin, “I’m on shuttle w Avigdor Liberman. I called u back yesterday. I want to stop by to see hrc tonite for 10 mins.” Ringel donated between $10,000 and $25,000 to the Clinton Foundation.
  • On Monday, July 6, 2009, Maureen White wrote to Abedin, “I am going to be in DC on Thursday. Would she have any time to spare?” Abedin responded, “Yes I’ll make it work.” White donated $75,000 to the Clinton Foundation.
  • In June 2009, prominent St. Louis political power broker Joyce Aboussie exchanged a series of insistent emails with Abedin concerning Aboussie’s efforts to set up a meeting between Clinton and Peabody Energy VP Cartan Sumner. Aboussie wrote, “Huma, I need your help now to intervene please. We need this meeting with Secretary Clinton, who has been there now for nearly six months. This is, by the way, my first request. I really would appreciate your help on this. It should go without saying that the Peabody folks came to Dick [Gephardt] and I because of our relationship with the Clinton’s.” After further notes from Aboussie, Abedin responded, “We are working on it and I hope we can make something work… we have to work through the beauracracy [sic] here.” Aboussie donated between $100,000 and $250,000 to the Clinton Foundation.
  • On Saturday, May 16, 2009, mobile communications executive and political activist Jill Iscol wrote to Clinton, “Please advise to whom I should forward Jacqueline Novogratz’s request [for a meeting with the secretary of state]. I know you know her, but honestly, she is so far ahead of the curve and brilliant I believe she could be enormously helpful to your work.” Clinton subsequently sent an email to Abedin saying, “Pls print.” Jill and husband Ken Iscol donated between $500,000 and $1 million to the Clinton Foundation. Clinton subsequently appointed Novogratz to the State Department’s Foreign Affairs Policy Board.

So who is Doug Band? Per his own website:

Douglas J. Band Douglas J. Band

President, Teneo Holdings

Douglas J. Band is a co-founder and President of Teneo.

Mr. Band began working in the White House in 1995, serving in the White House Counsel’s office for four years and later in the Oval Office as the President’s Aide. In 1999, he was appointed by President Clinton as a Special Assistant to the President before he was made one of the youngest Deputy Assistants ever to serve a President.

Mr. Band served as President Clinton’s chief advisor from 2002 until 2012, advising him as the Counselor to the President, and was the key architect of Clinton’s post-Presidency. He created and built the Clinton Global Initiative, which to date, has raised $69 billion for 2,100 philanthropic initiatives around the world and impacted over 400 million people in 180 countries. On March 1, 2012, President Clinton said of Doug: “I couldn’t have achieved half of what I have in my post-presidency without Doug Band. Doug is my Counselor and a board member of the Clinton Global Initiative, which was created at his suggestion. He tirelessly works to support the expansion of CGI’s activities and my other foundation work around the world. In our first ten years, Doug’s strategic vision and fund-raising made it possible for the foundation to survive and thrive. I hope and believe he will continue to advise me and build CGI for another decade.”

Mr. Band has traveled to 125 countries and to over 2,000 cities. In the Summer of 2009, he traveled to North Korea with President Clinton to orchestrate and secure the release of two American journalists.

Additionally, he has been involved in other negotiations to free and help Americans held around the world. He has assisted in the rebuilding of nations and regions after some of the worst natural disasters in the past two decades, including New Orleans, Haiti, Southeast Asia, and Gujarat, India.

Mr. Band has advised several heads of state, governors and mayors transition out of public office into private life. He was part of the negotiation team that handled all aspects of Hillary Clinton’s becoming Secretary of State. He continues to serve his country in assisting various domestic agencies and advising foreign governments on nation-building, infrastructure creation and democratic governance structure.

Doug Band graduated from the University of Florida in 1995 and while working at the White House for six years, he simultaneously obtained a masters and a law degree from Georgetown University by attending both programs in the evenings.

Doug lives in New York City with his wife Lily and their three children, Max (5), Sophie (4) and Elle (2).

Pelosi’s Saturday Night Call over Russia Hacked Ploys

Posted on by

Seems there is some talking point being launched that whatever Russia did do with regard to hacking the Democrats…watch out because the actual text could be altered and false…seems Politico is carrying the water for that talking point as well.

Admittedly, Russia does publish false propaganda for sure and the use of Russia Today (RT) and Sputnik News are the go to methods…but in this case….does Russia need to do this? Okay, read on as the Democrats are in fear and setting the table to promote an early new warning.

Democrats’ new warning: Leaks could include Russian lies

 Photo: CBS

The move could help inoculate Hillary Clinton against an October cyber surprise.

Politico: Democratic leaders are putting out a warning that could help inoculate Hillary Clinton against an October cyber surprise: Any future mass leaks of embarrassing party emails might contain fake information inserted by Russian hackers.

House Minority Leader Nancy Pelosi is among those sounding that alarm, echoing security experts who say Russian security services have been known to doctor documents and images or bury fictitious, damaging details amid genuine information. For hackers to resort to such tactics would be highly unusual, but security specialists say it’s a realistic extension of Moscow’s robust information warfare efforts.

Pelosi aired her concerns during a Saturday night conference call with Democratic lawmakers and aides who had been stung by a dump of their emails and phone numbers, according to a source on the call.

Democratic strategists say the party would be wise to trumpet warnings about faked leaks as it braces for the possibility of hackers releasing damaging information about Clinton or other candidates close to Election Day. Preemptively casting doubt on the leaks may be easier now than trying to mount a full response days before voters go to the polls.

“It is certainly a valid issue to raise, because clearly the people who are doing these attacks have a political agenda that’s against the Democratic Party,” said Anita Dunn, who was White House communications director in the early part of President Barack Obama’s first term.

If Russia is indeed attempting to destabilize Clinton’s candidacy through the widespread digital assault on Democratic institutions — as many researchers believe, and Democrats are alleging, but Moscow strongly denies — “why wouldn’t you want to raise the potential [for tampering]?” asked Dunn, now a partner at communications firm SKDKnickerbocker. “I think it’s only prudent for people to raise that possibility.”

Republicans say Democrats are just trying to distract the public from the most important issue: the content of the leaks. They say the Democrats already tried to do that with the first batch of 20,000 Democratic National Committee emails that leaked in July, which forced the resignation of Chairwoman Debbie Wasserman Schultz after showing that some DNC staffers had favored Clinton over primary rival Sen. Bernie Sanders.

“First, they made it all about Russia instead of the substance of what was actually in the emails,” said Matt Mackowiak, a veteran Republican strategist. Now, he added, “If there is a massive trove of emails or documents relating to the Clinton campaign or the Clinton Foundation … they may just say, ‘Look, the authenticity of the emails hasn’t been confirmed.’”

Intelligence officials — including NSA Director Adm. Michael Rogers and Director of National Intelligence James Clapper — have long argued that data manipulation more broadly is a disturbing possibility, and potentially the next front in both cybercrime and the budding digital warfare between countries.

Last month, a bipartisan group of 32 national security experts at the Aspen Institute Homeland Security Group warned of a specific type of fakery following the DNC hack, arguing that the suspected Russian hackers who struck the DNC and the Democratic Congressional Campaign Committee could “salt the files they release with plausible forgeries.”

In Saturday’s call, Pelosi was underlining a point made by cyber experts at CrowdStrike, the firm the party has hired to investigate the breaches at the DNC and the DCCC. The conference call was prompted by the late Friday release of DCCC spreadsheets containing nearly all House Democrats’ and staffers’ personal emails and phone numbers, which led to a flood of harassing emails and phone calls over the weekend.

In total, the hackers have reportedly infiltrated more than 100 party officials and groups, leaving progressives fearful that the entire Democratic Party apparatus is potentially compromised. During Saturday’s call, House members in competitive races voiced concerns about what damning information might be out there.

But hacking specialists say the most harmful information might not even be genuine.

“You may have material that’s 95 percent authentic, but 5 percent is modified, and you’ll never actually be able to prove a negative, that you never wrote what’s in that material,” CrowdStrike co-founder Dmitri Alperovitch told POLITICO. “Even if you released the original email, how will you prove that it’s not doctored? It’s sort of damned if you do, damned if you don’t.”

Several Democratic operatives said they even expect fake information, though mixed with enough truth to cause damage.

“The most powerful lie contains truth,” said Craig Varoga, a D.C.-based Democratic strategist. “Whether it’s the devil or it’s Russian intelligence services, they traffic in things that are true in order to put across a greater lie.”

Historically, it’s not unprecedented for intelligence agencies — including those in the U.S. — to release fake reports for propaganda purposes. The FBI’s COINTELPRO program infamously used forged documents and false news reports to discredit or harass dissenters during the 1950s and 1960s, including civil rights leaders, anti-war protesters and alleged communist organizations.

Hackers have adopted similar strategies.

In 2013, Syrian hackers backing embattled President Bashar Assad hijacked The Associated Press’ Twitter account, tweeting out falsified reports of two explosions at the White House that had injured Obama. The Dow plummeted in minutes, wiping out $136 billion in market value, according to Bloomberg. It stabilized shortly thereafter, once the report was revealed to be a hoax.

Russia has long been known for engaging in such propaganda warfare, going back to the days of the Soviet Union, when the KGB spread conspiracy theories about the FBI and CIA’s involvement in President John F. Kennedy’s assassination. In the 1980s, the KGB planted newspaper articles alleging that the U.S. had invented HIV during a biological weapons research project.

The security agency also secretly helped an East German journalist write a book, “Who’s Who in the CIA,” that accurately outed numerous undercover CIA agents but also intentionally included a raft of people who were simply American officials stationed overseas, according to a former top Soviet security official.

In the weeks since the DNC email leaks, cyber specialists on Twitter have been circulating a passage from the memoirs of a former East German spymaster who wrote about the “creative” use of forgeries in conjunction with genuine leaks.

“Embarrassed by the publication of genuine but suppressed information, the targets were badly placed to defend themselves against the other, more damaging accusations that had been invented,” wrote Markus Wolf, who had headed East Germany’s foreign intelligence division for more than three decades. (On the other hand, he added that, “my principle was to stick as close to the truth as possible, especially when there was so much of it that could easily further the department’s aims.”)

In recent years, the Kremlin has adapted these tactics for a digital age.

The Kremlin was caught in 2014 manipulating satellite images to produce “proof” that Ukraine had shot down the Malaysia Airlines flight that was downed over Ukraine, killing 298 passengers. Last year, a Russian lawmaker’s staffer was exposed filming a fake war report, pretending to be near the front line in eastern Ukraine, where Moscow has seized territory.

“Standard Russian modus operandi,” said James Lewis, an international cyber policy expert at the Center for Strategic and International Studies, via email. “They’ve done it before in the Baltics and other parts of Europe: Leak a lot of real data and slip in some fakes (or more often, things that have been subtly modified rather than a complete fake).”

Digital forensics experts even noted that the metadata on some of the early documents leaked from the DNC — which included opposition research files — had been altered, although it didn’t appear that any content was compromised. But the discovery showed how easy such an edit would be.

“They have information warfare as a core tenet of what they do form a geopolitical perspective,” said Steve Ward, director of communications for digital security firm FireEye, which tracks many Russian hacking groups. “It’s really in their wheelhouse.”

But Ward and other digital security experts acknowledge that the exact scenario Pelosi was discussing would be novel, and that so far, hackers have had little incentive to manipulate leaked data. As anonymous digital actors, hackers already have the deck stacked against them when trying to expose information.

“You’ve got to suspend disbelief and trust the bad guys when you’re looking at this stuff,” Ward said. If they make just one discredited leak, hackers are “effectively losing the value of the operation by creating distrust with the data,” he added.

This leads many cyber experts to suspect that any release of faked emails, if it comes at all, would probably not come until days before the Nov. 8 election. At that point, the Democrats wouldn’t have time to definitively prove a forgery.

So it makes sense, strategists said, for Democrats to put the concept in the public’s mind now.

“What Pelosi is doing is making the response now,” said Brad Bannon, a longtime Democratic consultant. “Democrats do have their antenna up over this thing. They are anticipating.”

Eric Geller, Martin Matishak and Heather Caygle contributed to this report.

 

 

 

 

 

The Russians Hacked the NSA? Ah…What?

Posted on by

This is bad bad bad….and panic has struck Washington DC ….payment is to be in Bitcoins…

Graphics of files below courtesy of Arstechnica.

    

More here in further detail.

*****

Most outside experts who examined the posts, by a group calling itself the “Shadow Brokers,” said they contained what appeared to be genuine samples of the code — though somewhat outdated — used in the production of the NSA’s custom-built malware. Most of the code was designed to break through network firewalls and get inside the computer systems of competitors like Russia, China and Iran. That, in turn, allows the NSA to place “implants” in the system, which can lurk unseen for years and be used to monitor network traffic or enable a debilitating computer attack.  More here.

NSA and the No Good, Very Bad Monday

LawFare: Monday was a tough day for those in the business of computer espionage. Russia, still using the alias Guccifer2.0, dumped even more DNC documents. And on Twitter, Mikko Hypponen noted an announcement on Github that had gone overlooked for two days, a group is hosting an auction for code from the “Equation Group,” which is more commonly known as the NSA. The auctioneer’s pitch is simple, brutal, and to the point:

How much you pay for enemies cyber weapons? Not malware you find in networks. Both sides, RAT + LP, full state sponsor tool set? We find cyber weapons made by creators of stuxnet, duqu, flame. Kaspersky calls Equation Group. We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files.

This release included two encrypted files, and the password to one was provided as proof while the other remains encrypted. The attackers claim that they will provide the password to the second file to the winner of a Bitcoin auction.

The public auction part is nonsense. Despite prevailing misconceptions on cryptocurrency, Bitcoin’s innate traceability means that no one could really expect to launder even $1M out of a high profile Bitcoin wallet like this one without risking detection, let alone the $500M being requested for a full public release. The auction is the equivalent of a criminal asking to be paid in new, marked, sequential bills. Because the actors here are certainly not amateurs, the auction is presumably a bit of “Doctor Evil” theater—the only bids will be $20 investments from Twitter jokesters.

But the proof itself appears to be very real. The proof file is 134 MB of data compressed, expanding out to a 301 MB archive. This archive appears to contain a large fraction of the NSA’s implant framework for firewalls, including what appears to be several versions of different implants, server side utility scripts, and eight apparent exploits for a variety of targets.

The exploits themselves appear to target Fortinet, Cisco, Shaanxi Networkcloud Information Technology (sxnc.com.cn) Firewalls, and similar network security systems. I will leave it to others to analyze the reliability, versions supported, and other details. But nothing I’ve found in either the exploits or elsewhere is newer than 2013.

Because of the sheer volume and quality, it is overwhelmingly likely that this data is authentic. And it does not appear to be information taken from compromised targets. Instead, the exploits, binaries with help strings, server configuration scripts, 5 separate versions of one implant framework, and all sort of other features indicate that this is analyst-side code—the kind that probably never leaves the NSA.

It is also unlikely that this data is from the Snowden cache. Those documents focused on PowerPoint slides and shared data, not detailed exploits. Besides NSA, the only plausible candidate for ownership is GCHQ—and the implications of stealing Top Secret data from GCHQ and modifying it to frame the NSA would themselves be startling.

All this is to say that there is relatively high confidence that these files contain genuine NSA material.

From an operational standpoint, this is not a catastrophic leak. Nothing here reveals some special “NSA magic.” Instead, this is evidence of good craftsmanship in a widely modular framework designed for ease of use. The immediate consequence is probably a lot of hours of work down the drain.

But the big picture is a far scarier one. Somebody managed to steal 301 MB of data from a TS//SCI system at some point between 2013 and today. Possibly, even probably, it occurred in 2013. But the theft also could have occurred yesterday with a simple utility run to scrub all newer documents. Relying on the file timestamps—which are easy to modify—the most likely date of acquisition was June 11, 2013 (see Update, however). That is two weeks after Snowden fled to Hong Kong and six days after the first Guardian publication. That would make sense, since in the immediate response to the leaks, as the NSA furiously ran down possible sources, it may have accidentally or deliberately eliminated this adversary’s access.

As with other recent cyber conflicts, the  espionage aspect is troubling but not entirely new. It’s very, very bad that someone was able to go rummaging through a TS//SCI system—or even an unclassified Internet staging system where the NSA operator unwisely uploaded all this data—and to steal 300 MB of data. But whoever stole this data now wants the world to know—and that has much graver implications. The list of suspects is short: Russia or China. And in the context of the recent conflict between the US and Russia over election interference, safe money is on the former.

Right now, I’d imagine that the folks at NSA are having rather unpleasant conversations about what the other encrypted file might contain, and what other secrets this attacker may have gained access to. Even if they were aware of the attack that resulted in this leak, there’s no way of knowing what is in the other archive. Is there evidence of another non-Snowden insider who went silent three years ago? Was a TS//SCI system remotely compromised? Was there some kind of massive screw-up at an agency which prides itself on world class OPSEC? Some combination of the three?

And—most chillingly—what else might be released before this war of leaks is over?

 

Update:  Thanks to @botherder for pointing out that a couple files have a newer date:  One file has a date of June 17th, 2013; another has a date of July 5th, 2013; three setup strips are dated September 4th, 2013; and two have dates of October 18th 2013.  One of those files (which I’m currently investigating) is the database of allocated Ethernet MAC addresses, which may be able to identify a later minimum date of compromise.  If the latter date of October 18th, 2013 is correct, this is even more worrysome, as this suggests that the compromise happened four months after the initial Snowden revelations—a period of time when the NSA’s systems should have been the most secure.

Update 2: Looking at the dates again, it now does seem somewhat likely that this was data copied on June 11th, 2013 with a few updates with a compromise after October 18th.  This does make it more likely that this was taken from a set of files deliberately moved onto a system on the Internet used for attacking others.  To my mind, this is actually an even scarier possibility than the NSA internal system compromise: This scenario would have the NSA, after the Snowden revelations, practicing some incredibly awful operational security.  Why should the NSA include five different versions of the same implant on a system used to attack other systems on the Internet?  Let alone implants which still have all the debugging strings, internal function names, and absolutely no obfuscation?

Update 3: Kaspersky confirms that the particular use of RC6 matches the unique design present in other Equation Group malcode.  XORcat apparently confirmed that the Cisco exploit works and, due to the versions it can attack, was a zero day at the time.  This exploit would generally work to take over a firewall from the inside of a target network since it did require limited access that is almost always blocked from the outside.

*****

In part from the WashingtonPost:

A cache of hacking tools with code names such as Epicbanana, Buzzdirection and Egregiousblunder appeared mysteriously online over the weekend, setting the security world abuzz with speculation over whether the material was legitimate.

The file appeared to be real, according to former NSA personnel who worked in the agency’s hacking division, known as Tailored Access Operations (TAO).

“Without a doubt, they’re the keys to the kingdom,” said one former TAO employee, who spoke on the condition of anonymity to discuss sensitive internal operations. “The stuff you’re talking about would undermine the security of a lot of major government and corporate networks both here and abroad.”

Said a second former TAO hacker who saw the file: “From what I saw, there was no doubt in my mind that it was legitimate.”

“Faking this information would be monumentally difficult, there is just such a sheer volume of meaningful stuff,” Nicholas Weaver, a computer security researcher at the University of California at Berkeley, said in an interview. “Much of this code should never leave the NSA.”

The tools were posted by a group calling itself the Shadow Brokers using file-sharing sites such as BitTorrent and DropBox.

At the same time, other spy services, like Russia’s, are doing the same thing to the United States.

It is not unprecedented for a TAO operator to accidentally upload a large file of tools to a redirector, one of the former employees said. “What’s unprecedented is to not realize you made a mistake,” he said. “You would recognize, ‘Oops, I uploaded that set’ and delete it.”

Critics of the NSA have suspected that the agency, when it discovers a software vulnerability, frequently does not disclose it, thereby putting at risk the cybersecurity of anyone using that product. The file disclosure shows why it’s important to tell software-makers when flaws are detected, rather than keeping them secret, one of the former agency employees said, because now the information is public, available for anyone to employ to hack widely used Internet infrastructure. Read the full article here.

That $1.3 Billion to Iran was Paid, How? Classified…

Posted on by

How was it delivered? Classified. How do you put $1.3 billion on pallets and shrink wrap it and get it to Iran? Classified. We thought the $400 million was for ransom but now it appears it was ALL of it, $1.7 billion and Iran along with Russia coupled with the Iranian militia and Hezbollah will enjoy it all.

Related reading: United States is Buying Nuclear Material from Iran

US paid Iran $1.3 billion in cash to settle old dispute

NYP: WASHINGTON — The Obama administration’s $400 million payoff to Iran was followed by a second transfer of $1.3 billion, it was reported Tuesday.

President Obama took considerable flak for the first payment, which coincided with the release in January of four Americans being held by Tehran.

Critics charged that the move smacked of ransom, which the US has pledged never to pay.

The $400 million was the first installment of a $1.7 billion settlement with Iran to resolve a dispute over a failed arms deal signed before the 1979 fall of the shah.

But there was no word about what happened to the rest of the debt — $1.3 billion.

On Tuesday, The Weekly Standard reported that the second payment was also quietly delivered.

Assistant Secretary of State for Legislative Affairs Julia Frifield sent a letter to Congress on March 17, 2016, stating, “Iran received the balance of $400 million in the Trust Fund as well as roughly $1.3 billion representing a compromise on the interest,” according to the magazine.

This payment was likely made in cash, since the US has no banking relationship with Tehran.

Wooden pallets stacked with euros, Swiss francs and other currencies were flown into Iran in an unmarked cargo plane to cover the first $400 million.

“The reason that we had to give them cash is precisely because we are so strict in maintaining sanctions — and we don’t have a banking relationship with Iran — that we couldn’t send them a check,” Obama said in an Aug. 4 press conference.

Although he insisted there was no connection to the hostages, one of them described waiting for “another plane” to land before being freed from Iran.

“I just remember the night at the airport sitting for hours and hours there, and I asked police, ‘Why are you not letting us go?’” former hostage Pastor Saeed Abedini told Fox Business.

“He said, ‘We are waiting for another plane, so if that plane doesn’t come, we never let [you] go.’”

In part from Reuters:

The White House announced on Jan. 17, a day after the prisoner exchange, it was releasing $400 million in funds frozen since 1981, plus $1.3 billion in interest owed to Iran. The remaining interest has since been fully paid from the U.S. Treasury-administered Judgment Fund, according to a U.S. official.

The funds were part of a trust fund Iran used before its 1979 Islamic Revolution to buy U.S. military equipment that was tied up for decades in litigation at the tribunal.

The Treasury Judgment Fund?

The Judgment Fund was established to pay court judgments and Justice Department compromise settlements of actual or imminent lawsuits against the government.

It is administered by the Judgment Fund Branch, which is a part of the United States Department of the Treasury, Bureau of the Fiscal Service. The Judgment Fund Internet Claims System (JFICS) is the application used to process all Judgment Fund claims.

The Judgment Fund is a permanent, indefinite appropriation available to pay judicially and administratively ordered monetary awards against the United States. The Judgment Fund is also available to pay amounts owed under compromise agreements negotiated by the U.S. Department of Justice in settlement of claims arising under actual or imminent litigation, if a judgment on the merits would be payable from the Judgment Fund. The statutory authority for the Judgment Fund is 31 U.S.C. 1304.

If funds for paying an award are otherwise provided for in the appropriations of the defendant agency, the Judgment Fund may not pay an award. A federal agency may request that payment of an award be made on its behalf from the Judgment Fund only in those instances where funds are not legally available to pay the award from the agency’s own appropriations.

Amounts paid vary significantly from year-to-year. Federal agencies are not required to reimburse the Judgment Fund except when cases are filed under the Contract Disputes Act (CDA) or the No FEAR Act (Notification and Federal Employee Antidiscrimination and Retaliation Act).

 

The Authority of the Internet is Turned Over in 2 Months

Posted on by

This is surrender of the one place in the world where there is some freedom, the internet. The transfer date is September 30, 2016. Is this a big deal? Yes…..China and Russia don’t have a 1st amendment and it appears only one senator is waging the war to stop the transfer, Ted Cruz.

“From the very first days of the internet, the American government has maintained domain names and ensured equal access to everyone with no censorship whatsoever,” Cruz says in the video. “Obama wants to give that power away.”

That move poses a “great threat” to national security, Cruz said. Starting on the transfer date of Sept. 30, ICANN control could allow foreign governments to prohibit speech that they don’t agree with, he added.

Cruz has added an amendment to the Senate’s Highway Bill that would require an up-or-down vote on the administration’s plan to give ICANN control over names and numbers. And Cruz’s Protecting Internet Freedom Act, proposed with Republican Rep. Sean Duffy (Wis.), would prevent the transfer of authority to the global group. More from The Blaze.

*****

Twenty-five advocacy groups and some individuals have told leaders in the Senate and the House of Representatives that key issues about the transition are “not expected to be fully resolved until summer 2017.”

“Without robust safeguards, Internet governance could fall under the sway of governments hostile to freedoms protected by the First Amendment,” wrote the groups, which include TechFreedom, Heritage Action for America and Taxpayers Protection Alliance. “Ominously, governments will gain a formal voting role in ICANN for the first time when the new bylaws are implemented.” Read more here from PCWorld.

America to hand off Internet in under two months

WashingtonExaminer: The Department of Commerce is set to hand off the final vestiges of American control over the Internet to international authorities in less than two months, officials have confirmed.

The department will finalize the transition effective October 1, Assistant Secretary Lawrence Strickling wrote on Tuesday, barring what he called “any significant impediment.”

The move means the Internet Assigned Numbers Authority, which is responsible for interpreting numerical addresses on the Web to a readable language, will move from U.S. control to the Internet Corporation for Assigned Names and Numbers, a multistakeholder body that includes countries like China and Russia.

Critics of the move, most prominently Texas Republican Sen. Ted Cruz, have pointed out the agency could be used by totalitarian governments to shut down the Web around the globe, either in whole or in part.

Opponents similarly made the case that Congress has passed legislation to prohibit the federal government from using tax dollars to allow the transition, and pointed out that the feds are constitutionally prohibited from transferring federal property without approval from Congress. A coalition of 25 advocacy groups like Americans for Tax Reform, the Competitive Enterprise Institute, and Heritage Action sent a letter to Congress making those points last week.

While those issues could, in theory, lead to a legal challenge being filed in the days following the transfer, the administration has expressed a desire to finish it before the president leaves office, a position that Strickling reiterated.

“This multistakeholder model is the key reason why the Internet has grown and thrived as a dynamic platform for innovation, economic growth and free expression,” Strickling wrote. “We appreciate the hard work and dedication of all the stakeholders involved in this effort and look forward to their continuing engagement.”