Threat: Immigration/Visa Waiver to U.S. From Europe

This is the second major attack in Paris in less than a year, but not the only 2 by any means. The Charlie Hebdo attack gave us wider connections to jihadis from Belgium and Germany as well as a spotlight on functional cells in France. This recent attack in France is no different, where the same countries are the same once again.

The FBI has declared they cannot keep up with the flow of refugees and immigrants into the United States, not enough resources and there are more than 900 actives ISIS domestic cases currently being worked by the FBI.

Many in Washington DC and even some Republican candidates are calling for closing the borders and full suspension of visa programs, which this blogger has been calling for at least 2 years long.

Now, more chilling, The Visa Waiver Program (VWP) allows citizens of participating countries* to travel to the United States without a visa for stays of 90 days or less.

A partial list of the countries as declared and managed by the U.S. State Department includes in the visa waiver program:

BFlag of Belgium BelgiumFlag of Brunei Brunei

CFlag of Chile ChileFlag of Czech Republic Czech Republic

DFlag of Denmark Denmark

EFlag of Estonia Estonia

FFlag of Finland FinlandFlag of  France France

GFlag of Germany GermanyFlag of Greece Greece

It is worse as reported by the CTC, counter-terrorism center.

CTC Perspectives – The French Foreign Fighter Threat in Context

November 14, 2015

In the immediate aftermath of the multi-pronged terrorist assault in Paris, policymakers, practitioners, and the press began to focus on the possibility that returnees from Iraq and Syria had participated in carrying out the tragic attacks. This possibility of a connection was further strengthened by the discovery of a Syrian passport on one of the suicide bombers and a number of witnesses to the attacks who claimed that the attackers referenced Iraq and Syria, with one account claiming that one of the terrorists shouted, “This is for Syria.”[1]

While the exact role that foreign fighters may have played in these attacks will likely remain unclear for the near future, the threat posed by returning fighters has been a central focus of counterterrorism efforts for some time. By utilizing a unique source of open-source data on foreign fighters that the Combating Terrorism Center (CTC) at West Point has been collecting over the past year, which has resulted in the collection of 182 detailed records of French foreign fighters (as part of a much larger set of Western foreign fighters), this CTC Perspectives endeavors to offer a bit of context regarding the French foreign fighter threat.

One of the claims made by a number of witnesses of the Paris attacks was the relatively youthful appearance of some of the attackers. Indeed, early indications about one of the individuals is that he was a 29-year-old French national.[2] This seems consistent with what we see among French fighters in the CTC dataset, in which the average age was approximately 25. In other words, young individuals seem to form a large portion of the French foreign fighter contingent. The appeal of organizations like the Islamic State among youth is not particularly surprising given their slick propaganda campaign and social media outreach, but the involvement of younger fighters in the Paris attack, if proven to be the case, may raise additional questions about the implications of such a youthful appeal.

French_AgeDistro

Another way in which foreign fighters could contribute to an attack similar to what occurred in Paris is if they carried knowledge of the streets and terrain above and beyond that which would be attained through weeks or months of pre-operation surveillance. The 29-year-old individual mentioned earlier is said to be from Courcouronnes, a location 20 miles south of Paris. In our data of French foreign fighters, we were able to ascertain the hometown of 145 of the fighters. Approximately 25 percent of the French fighters in our dataset came from the Paris-metro area. As would be expected given the large population of the city and its suburbs, this number represents one of the largest concentrations of foreign fighters. It is worth noting that the southern region of France accounts for 42 percent of fighters in our dataset, although they are spread throughout a number of smaller towns and locations across the southern part of the country.

One of the most difficult things for security services to assess is what kinds of skills and training foreign fighters receive while in Iraq and Syria. The fact that they could have acquired sufficient training to plan and execute the Paris attacks seems self-evident after the fact, but is also evident from examining the limited data we were able to collect in this project. We were only able to assess the operational role filled by foreign fighters for 84 of our French foreign fighters. Of that limited number, however, we found evidence that at least 50 of them served as foot soldiers, gaining valuable front-line experience in carrying out operations under pressure. Of course, as shown in the still shots from the Islamic State propaganda videos below, the Islamic State operates a number of training camps in Iraq and Syria where incoming fighters receive training tactics and weapons that could be applied in a number of settings, whether on the battlefield or when they return to their home countries.

Picture2

It also emerged that at least 7 of the 8 Paris attackers died by detonating suicide devices, bringing for the first time in France’s history the phenomenon of suicide bombing to its homeland.[3] Despite the newness of this tactic in the French homeland, our data also show that a number of French foreign fighters that traveled to Iraq and Syria set the precedent of dying for the cause. Indeed, at least 14 of the French fighters in our data either died in suicide bombings in Iraq and Syria or expressed a willingness to do so. Beyond suicide bombings alone, we were able to confirm that 23 percent of the French foreign fighters in our dataset died in Iraq and Syria. In other words, the expectation of being willing to die for the cause has been set for French fighters to emulate.

To be clear, the fact that such an expectation is perpetuated among fighters in Syria is not a supposition, but something that they themselves have confirmed in interviews. In the words of Abu Mariam, a 24-year old foreign fighter for France:

Martyrdom is probably the shortest way to paradise, which is not something I was told. I did witness my martyred friends, noticing contentment on their faces and the smell of musk coming out of their corpses, unlike those of the dead disbelievers, the enemies of Allah, whose faces only exhibit ugliness, and whose corpses smell worse than pigs.[4]

Although our data focuses mainly on Western foreign fighters in Syria and Iraq, we also collected a number of records, 32 to be precise, of French individuals deemed to be facilitators of foreign fighter travel. While those who carry out violence tend to garner the most attention, it important to remember that the same networks that facilitate travel may very well also be used by the organization to help returnees carry out attacks, or to do so on their own. It is too soon to say whether such a facilitation network played a role in the Paris attacks, but the sheer size, scale, and complexity of the attacks would suggest the participation of a network larger than just a couple of returned foreign fighters. The possibility of a broader facilitation network reaches beyond France. Reports of arrests related to the Paris attacks have emerged from Germany and Belgium.

Within the next month, the CTC will be publishing the first of a series of reports related to the broader issue of foreign fighters that examines the question of foreign fighter radicalization. It is our hope that this collection and analysis effort will contribute to understanding the enduring threat posed by foreign fighters.

Daniel Milton is an Assistant Professor at the Combating Terrorism Center at the United States Military Academy at West Point.

The views presented are those of the authors and do not necessarily represent the views of the Department of Defense, the U.S. Army, or any of its subordinate commands.

[1] Rose Troup Buchanan, “Paris terror attacks: Syrian passport found on body of suicide bomber at Stade de France,” Independent, 14 November 2015; Andrew C. McCarthy, “This is for Syria…Allahu Akbar,” National Review, November 13, 2015.

[2] Adam Nossiter, Aurelien Breeden, and Katrin Bennhold, “Three Teams of Coordinated Attackers Carried Out Assault on Paris, Officials Say; Hollande Blames ISIS,” New York Times, November 14, 2015.

[3] Of course, the French people have dealt with this type of terrorism before, having been targeted alongside American military personnel on October 23, 1983 in a twin truck bombing in Beirut, Lebanon.

[4] Loubna Mrie, Vera Mironova, and Sam Whitt, “I am only looking up to paradise,” Foreign Policy, October 2, 2014.

 

 

 

How Emwazi, the ISIS Be-header Met his Demise

Score one for the intelligence community and the drone strike…

How the US and UK tracked down and killed Jihadi John

The killing of Mohammed Emwazi, also known as Jihadi John, was the culmination of 15 months of intensive intelligence work by MI6, GCHQ and the CIA

By Gordon Rayner, Chief Reporter

5:46PM GMT 13 Nov 2015

For Jihadi John, death could not have been more different than that of his victims. While his hostages suffered unimaginable horror as he beheaded them, for him the end came instantaneously and without warning.

For more than a year British and US intelligence agencies had been trying to gain live information on the whereabouts of the masked man whose first victim, the American journalist James Foley, was murdered in a video posted on YouTube in August 2014.

Their efforts finally paid off shortly before midnight on Thursday, when intelligence pinpointed him to a car in the centre of Raqqa, Syria, within a short walk of the Islamic State of Iraq and the Levant’s headquarters in the old governorate building.

Mohammed Emwazi – his real name was finally confirmed by David Cameron for the first time today – is understood to have been located by either MI6 or GCHQ, either through a human source on the ground or by monitoring his communications.

Emwazi beheaded (clockwise, from top left) David Haines, James Foley, Alan Henning, Peter Kassig and Steven Sotloff

The intelligence was passed on to the Pentagon, enabling the operators of an armed Predator drone already in the sky above Raqqa to spot the car in which he was travelling.

At 11.40pm Syrian time (8.40pm GMT) the order to kill was passed to the drone operators at Creech Air Force Base in Nevada.

Controlling their drone via a satellite link, and using a second Reaper as a “spotter” plane, they selected their target and released a Hellfire missile from 10,000ft.

Experts say the Predator may have been several miles away at the time, invisible in the night sky. Its missile, travelling at Mach 1.3 (995mph) arrived at such speed that Emwazi would have known nothing before it struck. At 11.51pm the car, and its four occupants, were blown to pieces.

The result was described by one US official as a “flawless” strike, a “clean hit” that would have “evaporated” Emwazi, with no collateral damage. “We are 99 per cent sure we got him,” the official said.

Unconfirmed reports suggested another of those killed was another of the four British jihadis nicknamed “The Beatles” by their captives because of their English accents. Emwazi, 27, was given the nickname John after John Lennon.

Emwazi’s death, if confimed, was doubly symbolic for the allied forces that hunted him down. Not only was Isil’s main propaganda tool neutralised, but the location of the strike was within sight of two of the locations most strongly identified with the terrorist group.

The missile strike happened in or next to Clocktower Square, the roundabout chosen by Isil to carry out public executions.

In 2012, the roundabout was the location of the city’s first protests against Bashar al-Assad, the Syrian president, as a popular uprising spread across the country. By the summer of 2013, Isil had seized control of the city, and video footage from May of that year shows three rebel soldiers, blindfolded with a green rag reminiscent of the colours of the revolution, before being shot dead.

Emwazi is understood to have been travelling from the Isil headquarters, inside what was once the office of Raqqa’s city governor. He may also have been living in the building.

The Syrian Observatory for Human Rights said its own sources had confirmed that a British jihadi had been killed in the strike. Rami Abdulrahman, director of the British-based group, said: “All the sources there are saying that the body of an important British Jihadi is lying in the hospital of Raqqa. All the sources are saying it is of Jihadi John but I cannot confirm it personally.”

A senior U.S. official said the drone strike was the result of “persistent surveillance” and that the Pentagon knew it was Emwazi when the shot was taken.

Drones routinely fly for 16 hours or more, and the drone that killed Emwazi could have been circling overhead for several hours, waiting for an opportunity, and is likely to have stayed overhead afterwards to see if anyone got out of the car alive.

Britain and America had always maintained they were working around the clock to find Emwazi, but the apparent extent of its surveillance capabilities over Raqqa had not been clear until now.

The strike suggests he was under tight surveillance, combining human informants with sophisticated technology.

 

The hunt for Mohammed Emwazi began at the end of 2012, when the security services first suspected he was in Syria. He had been reported missing by his family in August of that year, having left the family home in Queen’s Park, north London and lied about where he was going.

Jihadi John, the then unidentified Isil executioner, became a top priority for MI6 after his video of Foley’s beheading, titled A Message to America, was posted last year.

The first step was to identify the masked, black-clad figure in the footage. With only his eyes visible, intelligence officers on both sides of the Atlantic examined other clues, primarily his voice and accent, but also his skin colour, height, physique and vein patterns on his hands. By September 14 last year his name was known to the UK and US governments.

British and American special forces operating in Syria for the past year have been gathering human intelligence on senior jihadists, paying informers and carrying out snatch raids on low-level commanders who can then be interrogated.

Raqqa, however, has proved impossible for them to infiltrate, so instead an RAF Rivet Joint spy plane, based at Al Udeid Air Base in Qatar, has been crisscrossing Syria for more than a year, “hoovering up” calls and messages for analysis by spies.

Much of the communications chatter was analysed at Ayios Nikolaos, a top secret listening station in Cyprus and the largest UK overseas spy base.

Manned by UK military intelligence officers working for GCHQ, its highly sensitive dome shaped radars have the capability to “look out” over the horizon for up to 400 miles and pull in information from UK warships and submarines deployed in the region.

Despite reports that he had fled to Libya or had been expelled from Isil, the intelligence agencies remained confident he was still in Raqqa, even though he went quiet after his last beheadings, of two Japanese hostages in January.

An air strike targeting a German colleague of Emwazi last month may have been the first sign that Britain and America were hot on his trail, according to security expert Neil Doyle.

An air strike last month targeting a Denis Cuspert, a German associate of Emwazi who mixed in the same circles as him, may have been the first sign that Britain and America were hot on his trail.

David Cameron said Britain and the US had been working “literally around the clock to track him down”. He added: “This was a combined effort. And the contribution of both our countries was essential.”

Col Steve Warren, a spokesman for the US-led military coalition fighting Isil, said: “This is significant. He was somewhat of an Isil celebrity, somewhat the face of the organisation…he was a prime recruitment tool for the organisation. This guy was a human animal and killing him does probably make the world a little bit of a better place.”

He said coalition forces had been following Emwazi “for some time” and commanders had “great confidence” it was him before they gave the order to kill. The strike had been captured on video and there was no reason to believe any civilian casualties had been caught in the blast, Col Warren said.

Drills on Homeland Have a Reason

We are always suspicious and question what law enforcement is doing and why. We ask the same when it comes to the Department of Homeland Security and we do the same regarding the military. There were huge questions and theories when Operation Jade Helm was held in 5 Southern states this past summer.

Okay, it is good we question government, it is a duty yet there are reasons why events and activities do occur. Here are two reasons why which may help us come to understand motivations for exercises and training even in either rural or urban areas.

The fuel for a nuclear bomb is in the hands of an unknown black marketeer from Russia, U.S. officials say

The presence of identical fissile materials in three smuggling incidents indicates someone has a larger cache and is hunting for a buyer

With so many nuclear explosives held by governments around the world, US officials have long worried about the possibility of a terrorist-engineered nuclear or radiological blast within the United States. Multiple federal agencies have held almost 1,400 drills in cities around the country over the last decade to train local police and emergency personnel in how to behave after such a nightmare unfolds, according to a spokeswoman for the National Nuclear Security Administration.

CHISINAU, MoldovaThe sample of highly-enriched uranium, of a type that could be used in a nuclear bomb, arrived here on a rainy summer day four years ago, in a blue shopping bag carried by a former policeman.

According to court documents, the bag quickly passed through the hands of three others on its way to a prospective buyer. It was not the first time such material had passed through this city, raising international alarms: It had happened twice before. And mysteriously, in all three cases, spanning more than a decade, the nuclear material appeared to have the same origin – a restricted military installation in Russia.

This news would quickly reach Washington. But that day, the first to pick up the blue bag was the wife of a former Russian military officer, who handed it off to a friend while she went shopping in this former Soviet city’s ragged downtown.

Not long afterward, a 57-year old lawyer named Teodor Chetrus, from a provincial town near the Ukrainian border, retrieved it and brought it to a meeting with a man named Ruslan Andropov. According to an account by Moldovan police, the two men had, earlier in the day, visited a local bank, where Chetrus confirmed that Andropov had deposited more than $330,000 as an initial payment.

Andropov next examined the contents of the bag: a lead-lined cylinder, shaped like a thermos. It was meant to be the first of several shipments of highly-enriched uranium totaling 10 kilograms (22 lbs), a senior investigator here said. That’s about a fifth of what might be needed to fuel a Hiroshima-sized nuclear explosion — but almost enough to power a more technically-advanced “implosion-style” nuclear bomb. The full story is a MUST read in its entirety and exceptional work from Public Integrity.

*** Then last week, there was yet another event off the coast of California that forced air traffic to be halted and re-routed as well as some automobile traffic. A peculiar set of beams of light were noted in the sky. Bigger questions were asked. Some thought the U.S. military was training to bomb the homeland. Ah….not so much.

There Is a Secret U.S. Spy Plane Flying Over the Pacific

Here’s what we know … and what we don’t

In 2013, the U.S. Air Force sent a secret spy plane out over the Pacific region. The unknown aircraft – possibly a drone – flew “national collection missions” – a euphemism for strategic intelligence against states like North Korea or China.

It was one of five different types of aircraft flying these missions. The Pentagon’s top headquarters asked the flying branch to use its U-2 Dragon Ladies and RC-135V/W Rivet Joints to take high resolution pictures and scoop up radio chatter, according to an official history of the Air Force’s Intelligence, Surveillance and Reconnaissance Agency – a.k.a. AFISRA – for that year.

“Other USAF aircraft flying national collection missions included the RC-135U Combat Sent, the RC-135S Cobra Ball and the aforementioned [redacted],” the history stated.

So what is the mystery aircraft? The blacked-out portion of the document suggests the missing portion is five to seven characters long. With that in mind, the super secret RQ-170 Sentinel – a six character designation that would fit in the redacted segment – is one possibility.

Lockheed built an estimated 20 to 30 RQ-170s – also known as Wraiths– for the Air Force sometime in the early 2000s. The 30th Reconnaissance Squadron at Creech Air Force Base in Nevada owns all of these bat-winged pilotless spies.

In 2007, journalists first spotted the Wraith at Kandahar Air Field in Afghanistan, earning the nickname “the Beast of Kandahar.” On Dec. 4, 2009, the Air Force formally announced the Sentinel to the world … and little else.

That same year, the drones were flying missions in the Pacific from Andersen Air Force Base on Guam and Kunsan Air Base in South Korea, according to previous Air Force histories we obtained through FOIA. During the latter deployment, the Wraiths likely gathered information about North Korea’s nuclear, ballistic missile and space programs.

In December 2011, one RQ-170 crashed in Iran.

And as of April 2014, at least one of these stealthy flying wings was still on duty, according to an accident report in Combat Edge, Air Combat Command’s official safety magazine. ACC owns the bulk of the Air Force’s combat aircraft, including its spy planes and the RQ-170s.

If the RQ-170s are still in service, the flying branch would have every incentive to keep using them. And the Sentinels and their crews already had experience in the Asia-Pacific theater.

Of course, the censored plane could be something entirely new. For decades, the Pentagon and the CIA have repeatedly acknowledged advanced aircraft projects — after the fact — only to decline to release any significant information about them. Hat tip to War is Boring for doing the investigative work, the rest of the work is found here.

FBI: Hillary and Gross Negligence

We cant officially know at the point who on Hillary’s team has met with the FBI and made statements or answered questions, Conversations with the FBI are not under oath, but still making false statements or responses is a felony. It must also be noted that even Barack Obama said he was NOT aware of a private server but did know and in fact the White House did communicate with Hillary and her team via private, non-governmental email addresses.

It is noteworthy that this snippet of news of the FBI widening their investigation is even in the public domain. The FBI is reviewing all emails to determine themselves which should be classified and those that are not deemed so. If Hillary never revealed to Obama himself that she was using a private server and providing him notice is itself a standard to prosecute her.

Documents and information includes: any material in written form, books, sketches, photographs, blueprints, maps, notes documents, plans or comments.

FBI expands probe of Clinton emails, launches independent classification review

FNC: The FBI has expanded its probe of Hillary Clinton’s emails, with agents exploring whether multiple statements violate a federal false statements statute, according to intelligence sources familiar with the ongoing case.

Fox News is told agents are looking at U.S. Code 18, Section 1001, which pertains to “materially false” statements given either in writing, orally or through a third party. Violations also include pressuring a third party to conspire in a cover-up. Each felony violation is subject to five years in prison.

This phase represents an expansion of the FBI probe, which is also exploring potential violations of an Espionage Act provision relating to “gross negligence” in the handling of national defense information.

“The agents involved are under a lot of pressure and are busting a–,” an intelligence source, who was not authorized to speak on the record, told Fox News.

The section of the criminal code being explored is known as “statements or entries generally,” and can be applied when an individual makes misleading or false statements causing federal agents to expend additional resources and time. In this case, legal experts as well as a former FBI agent said, Section 1001 could apply if Clinton, her aides or attorney were not forthcoming with FBI agents about her emails, classification and whether only non-government records were destroyed. It is not publicly known who may have been interviewed.

Fox News judicial analyst Judge Andrew Napolitano said the same section got Martha Stewart in trouble with the FBI. To be a violation, the statements do not need to be given under oath.

“This is a broad, brush statute that punishes individuals who are not direct and fulsome in their answers,” former FBI intelligence officer Timothy Gill told Fox News. Gill is not connected to the email investigation, but spent 16 years as part of the bureau’s national security branch, and worked the post 9/11 anthrax case where considerable time was spent resolving discrepancies in Bruce Ivins’ statements and his unusual work activities at Fort Detrick, Md.

“It is a cover-all. The problem for a defendant is when their statements cause the bureau to expend more time, energy, resources to de-conflict their statements with the evidence,” he said.

Separately, two U.S. government officials told Fox News that the FBI is doing its own classification review of the Clinton emails, effectively cutting out what has become a grinding process at the State Department. Under Secretary for Management Patrick Kennedy has argued to both Director of National Intelligence James Clapper and Congress that the “Top Secret” emails on Clinton’s server could have been pulled from unclassified sources including news reports.

“You want to go right to the source,” Gill said. “Go to the originating, not the collateral, authority. Investigative protocol would demand that.”

On Friday, Clapper spokesman Brian Hale confirmed that no change has been made to the two “Top Secrets” emails after a Politico report said the intelligence community was retreating from the finding.

“ODNI has made no such determination and the review is ongoing,” Hale said. Andrea G. Williams, spokeswoman for the intelligence community inspector general, said she had the same information. Kennedy is seeking an appeal, but no one can explain what statute or executive order would give Clapper that authority.

A U.S. government official who was not authorized to speak on the record said the FBI is identifying suspect emails, and then going directly to the agencies who originated them and therefore own the intelligence — and who, under the regulations, have final say on the classification.

As Fox News previously reported, at least four classified Clinton emails had their markings changed to a category that shields the content from Congress and the public, in what State Department whistleblowers believed to be an effort to hide the true extent of classified information on the former secretary of state’s server.

One State Department lawyer involved in the alleged re-categorization was Kate Duval. Duval once worked in the same law firm as Clinton’s current and long-time lawyer David Kendall and at the IRS during the Lois Lerner email controversy. Duval left government service for private practice in mid-September.

 

Why is Rocket Kitten Important?

Security firm says it shut down extensive Iranian cyber spy program

A security firm with headquarters in Israel and the United States says it detected and neutralized an extensive cyber espionage program with direct ties to the government of Iran. The firm, called Check Point Software, which has offices in Tel Aviv and California, says it dubbed the cyber espionage program ROCKET KITTEN. In a media statement published on its website on Monday, Check Point claims that the hacker group maintained a high-profile target list of 1,600 individuals. The list reportedly includes members of the Saudi royal family and government, American and European officials, North Atlantic Treaty Organization officers and nuclear scientists working for the government of Israel. The list is said to include even the names of spouses of senior military officials from numerous nations.

News agency Reuters quoted Check Point Software’s research group manager Shahar Tal, who said that his team was able to compromise the ROCKET KITTEN databases and acquire the list of espionage targets maintained by the group. Most targets were from Saudi Arabia, Israel, and the United States, he said, although countries like Turkey and Venezuela were also on the list. Tal told Reuters that the hackers had compromised servers in the United Kingdom, Germany and the Netherlands, and that they were using these and other facilities in Europe to launch attacks on their unsuspecting targets. According to Check Point, the hacker group was under the command of Iran’s Revolutionary Guards Corps, a branch of the Iranian military that is ideologically committed to the defense of the 1979 Islamic Revolution.

Reuters said it contacted the US Federal Bureau of Investigation and Europol, but that both agencies refused comment, as did the Iranian Ministry of Foreign Affairs. However, an unnamed official representing the Shin Bet, Israel’s domestic security agency, said that ROCKET KITTEN “is familiar to us and is being attended to”. The official declined to provide further details. Meanwhile, Check Point said it would issue a detailed report on the subject late on Monday.

*** In part from SCMagazine:

The researchers uncovered more thorough indicators of compromise, along with new malware strains, including a Remote Access Trojan (RAT) the group apparently favored.

Further down the Rocket Kitten rabbit hole, the researchers appeared to identify the mastermind behind the operation, who goes by “Wool3n.H4t,” as Yaser Balaghi.

The company found references to his alias and real name on various developer forums, within the server itself, and eventually, in an online tutorial he posted on SQL injection.

Additionally, a reported resume for Balaghi has listed “designing a phishing system” as ordered by a “cyber-organization.”

Saying technical evidence can be forged, or information be planted, Tal said he backs his company’s findings because of “overwhelming evidence.”

“All evidence fits the same story and same narrative,” he said. “The probability that this is a false lead is extremely nonexistent in my opinion.”

Given that Balaghi resides in Iran, there will likely not be any repercussions or extradition. However, Tal said the findings have been passed along to European and U.S. search bodies, as well as service providers who hosted the malicious servers.

Most infrastructure has been taken down since then, Tal said, and continued, “don’t expect to see them attacking any time soon.”