Category Archives: Cyber War

Huma Abedin Shared Official Passwords

Posted on by

A grand jury in the Northern District of California has indicted four defendants, including two officers of the Russian Federal Security Service (FSB), for computer hacking, economic espionage and other criminal offenses in connection with a conspiracy, beginning in January 2014, to access Yahoo’s network and the contents of webmail accounts. The defendants are Dmitry Aleksandrovich Dokuchaev, 33, a Russian national and resident; Igor Anatolyevich Sushchin, 43, a Russian national and resident; Alexsey Alexseyevich Belan, aka “Magg,” 29, a Russian national and resident; and Karim Baratov, aka “Kay,” “Karim Taloverov” and “Karim Akehmet Tokbergenov,” 22, a Canadian national and a resident of Canada.

The defendants used unauthorized access to Yahoo’s systems to steal information from about at least 500 million Yahoo accounts and then used some of that stolen information to obtain unauthorized access to the contents of accounts at Yahoo, Google and other webmail providers, including accounts of Russian journalists, U.S. and Russian government officials and private-sector employees of financial, transportation and other companies. One of the defendants also exploited his access to Yahoo’s network for his personal financial gain, by searching Yahoo user communications for credit card and gift card account numbers, redirecting a subset of Yahoo search engine web traffic so he could make commissions and enabling the theft of the contacts of at least 30 million Yahoo accounts to facilitate a spam campaign.

***

An international flight risk

Enter Hillary Clinton, Sidney Blumenthal and Huma Abedin….

Image result for huma abedin photo

Huma Abedin forwarded sensitive State Department emails, including passwords to government systems, to her personal Yahoo email account before every single Yahoo account was hacked, a Daily Caller News Foundation analysis of emails released as part of a lawsuit brought by Judicial Watch shows.

Abedin, the top aide to former Secretary of State Hillary Clinton, used her insecure personal email provider to conduct sensitive work. This guarantees that an account with high-level correspondence in Clinton’s State Department was impacted by one or more of a series of breaches — at least one of which was perpetrated by a “state-sponsored actor.”

The U.S. later charged Russian intelligence agent Igor Sushchin with hacking 500 million Yahoo email accounts. The initial hack occurred in 2014 and allowed his associates to access accounts into 2015 and 2016 by using forged cookies. Sushchin also worked for the Russian investment bank Renaissance Capital, which paid former President Bill Clinton $500,000 for a June 2010 speech in Moscow.

A separate hack in 2013 compromised three billion accounts across multiple Yahoo properties, and the culprit is still unclear. “All Yahoo user accounts were affected by the August 2013 theft,” the company said in a statement.

Abedin, Clinton’s deputy chief of staff, regularly forwarded work emails to her personal [email protected] address. “She would use these accounts if her (State) account was down or if she needed to print an email or document. Abedin further explained that it was difficult to print from the DoS system so she routinely forwarded emails to her non-DoS accounts so she could more easily print,” an FBI report says.

Abedin sent passwords for her government laptop to her Yahoo account on Aug. 24, 2009, an email released by the State Department in September 2017 shows.

Huma sends laptop password to Yahoo / Source: State Department

Long-time Clinton confidante Sid Blumenthal sent Clinton an email in July 2009 with the subject line: “Important. Not for circulation. You only. Sid.” The message began “CONFIDENTIAL… Re: Moscow Summit.” Abedin forwarded the email to her Yahoo address, potentially making it visible to hackers.

The email was deemed too sensitive to release to the public and was redacted before being published pursuant to the Judicial Watch lawsuit. The released copy says “Classified by DAS/ A/GIS, DoS on 10/30/2015 Class: Confidential.” The unredacted portion reads: “I have heard authoritatively from Bill Drozdiak, who is in Berlin…. We should expect that the Germans and Russians will now cut their own separate deals on energy, regional security, etc.”

The three email accounts Abedin used were [email protected], [email protected], and [email protected]. Though the emails released by the State Department partially redact personal email addresses, the Yahoo emails are displayed as humamabedin[redacted].

Clinton forwarded Abedin an email titled “Ambassadors” in March 2009 from Denis McDonough, who served as foreign policy adviser to former President Barack Obama’s campaign and later as White House chief of staff. The email was heavily redacted before being released to the public.

Stuart Delery, chief of staff to the deputy attorney general, sent a draft memo titled “PA/PLO Memo” in May 2009, seemingly referring to two Palestinian groups. The content was withheld from the public with large letters spelling “Page Denied.” Abedin forwarded it to her Yahoo account.

Abedin routed sensitive information through Yahoo multiple times, such as notes on a call with the U.N. secretary-general, according to messages released under the lawsuit.

Contemporaneous news reports documented the security weaknesses of Yahoo while Abedin continued to use it.  Credentials to 450,000 Yahoo accounts had been posted online, a July 2012 CNN article reported. Five days later, Abedin forwarded sensitive information to her personal Yahoo email.

Abedin received an email “with the subject ‘Re: your yahoo acct.’ Abedin did not recall the email and provided that despite the content of the email she was not sure that her email account had ever been compromised,” on Aug. 16, 2010,  an FBI report says.

The FBI also asked her about sending other sensitive information to Yahoo. “Abedin was shown an email dated October 4, 2009 with the subject ‘Fwd: US interest in Pak Paper 10-04’ which Abedin received from [redacted] and then forwarded to her Yahoo email account…. At the time of the email, [redacted] worked for Richard Holbrooke who was the Special Representative for Afghanistan and Pakistan (SRAP). Abedin was unaware of the classification of the document and stated that she did not make judgments on the classification of materials that she received,” the report said.

The U.S. charged Sushchin with hacking half a billion Yahoo accounts in March 2017, in one of the largest cyber-breaches in history, the Associated Press reported. Sushchin was an intelligence agent with Russia’s Federal Security Service — the successor to the KGB — and was also working as security director for Renaissance Capital, Russian media said.

“It is unknown to the grand jury whether [Renaissance] knew of his FSB affiliation,” the indictment says.

Renaissance Capital paid Bill Clinton $500,000 for a speech in 2010 that was attended by Russian officials and corporate leaders. The speech received a thank-you note from Russian President Vladimir Putin. Renaissance Capital is owned by Russian oligarch Mikhail Prokhorov, who also owned the Brooklyn Nets basketball team. He unsuccessfully ran for Russian president against Putin in 2012.

Sushchin’s indictment says “the conspirators sought access to the Yahoo, Inc. email accounts of Russian journalists; Russian and U.S. government officials,” and others. Information about the accounts such as usernames and password challenge questions and answers were stolen for 500 million accounts, the indictment says. The indictment does not mention Abedin’s account.

A hacker called “Peace” claimed to be selling data from 200 million Yahoo users.

The user data also included people’s alternate email addresses, that were often work accounts tying a Yahoo user to an organization of interest. The hackers were able to generate “nonces” that allowed them to read emails “via external cookie minting” for some accounts.

The New York Times reported that in the 2013 hack, which affected all Yahoo accounts, “Digital thieves made off with names, birth dates, phone numbers and passwords of users that were encrypted with security that was easy to crack. The intruders also obtained the security questions and backup email addressed used to reset lost passwords — valuable information for someone trying to break into other accounts owned by the same user, and particularly useful to a hacker seeking to break into government computers around the world.”

Yahoo published a notification on Sept. 22, 2016, saying: “Yahoo has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor.”

Clinton downplayed the risks of her email use days later, saying it was simply a matter of convenience.

“After a year-long investigation, there is no evidence that anyone hacked the server I was using and there is no evidence that anyone can point to at all, anyone who says otherwise has no basis, that any classified materials ended up in the wrong hands. I take classified materials very seriously and always have,” Clinton said on Oct. 9, 2016, at the second presidential debate,

Abedin’s use of Yahoo email is consistent with the determination by the FBI that Clinton associates’ emails were, in fact, compromised. “We do assess that hostile actors gained access to the private email accounts of individuals with whom Secretary Clinton was in regular contact from her private account,” then-FBI director Jim Comey  said in 2016.

Remember, Obama Removed Iran/Hezbollah from Terror List

Posted on by

In February of 2015, yup the Obama administration instructed the intelligence community to remove Iran and it’s proxies such as Hezbollah from the terror list mostly due to the Iran nuclear deal and the assistance Iran was providing the Baghdad government in fighting Islamic State…..ahem….sure thing.

“Islamic Revolutionary Guard Corps-Qods Force (IRGC-QF) and Lebanese Hezbollah are instruments of Iran’s foreign policy and its ability to project power in Iraq, Syria, and beyond,” that assessment, also submitted to the Senate of February 26, said in its section on terrorism. “Hezbollah continues to support the Syrian regime, pro-regime militants and Iraqi Shia militants in Syria. Hezbollah trainers and advisors in Iraq assist Iranian and Iraqi Shia militias fighting Sunni extremists there. Select Iraqi Shia militant groups also warned of their willingness to fight US forces returning to Iraq.” More here.

***

But Hezbollah’s more recent moves in Latin America are very much a matter of interest for investigators, too. In October, a joint FBI-NYPD investigation led to the arrest of two individuals who were allegedly acting on behalf of Hezbollah’s terrorist wing, the Islamic Jihad Organization (IJO). At the direction of their Hezbollah handlers, one person allegedly “conducted missions in Panama to locate the U.S. and Israeli Embassies and to assess the vulnerabilities of the Panama Canal and ships in the Canal,” according to a Justice Department press release. The other allegedly “conducted surveillance of potential targets in America, including military and law enforcement facilities in New York City.” In the wake of these arrests, the director of the National Counterterrorism Center warned: “It’s our assessment that Hezbollah is determined to give itself a potential homeland option as a critical component of its terrorism playbook, and that is something that those of us in the counterterrorism community take very, very seriously.” These cases, one official added, are “likely the tip of the iceberg.”

The administration’s counter-Hezbollah campaign is an interagency effort that includes leveraging diplomatic, intelligence, financial and law enforcement tools to expose and disrupt the logistics, fundraising and operational activities of Iran, the Qods Force and the long list of Iranian proxies from Lebanese Hezbollah to other Shia militias in Iraq and elsewhere. But in the words of Ambassador Nathan Sale, the State Department coordinator for counterterrorism, “Countering Hezbollah is a top priority for the Trump administration.” Since it took office, the Trump administration has taken a series of actions against Hezbollah in particular — including indictmentsextraditions, public statements and rewards for information on wanted Hezbollah terrorist leaders — and officials are signaling that more actions are expected, especially in Latin America. Congress has passed a series of bills aimed at Hezbollah as well. The goal, according to an administration official quoted by Politico, is to “expose them for their behavior.” The thinking goes: Hezbollah cannot claim to be a legitimate actor even as it engages in a laundry list of illicit activities that undermine stability at home in Lebanon, across the Middle East region and around the world.

To support this policy, the administration has issued a broad RFI — a request for information — requiring departments and agencies to scour their files and collect new information that could be used to identify targets and help direct and inform the implementation of forthcoming actions. Though it is unclear if it is a result of that RFI, it appears new information is coming in, as evidenced most recently by a little-noticed FBI “Seeking Information” bulletin issued by the Bureau’s Miami Field Office. More here.

***

Image result for iran terror networks photo

All of this has turned quite political on The Hill due in part to recent investigative report published by Politico on how Obama gave Iran, a state sponsor of terror networks worldwide a major pass. In part from Congressional testimony in June of 2017:

Hezbollah has experienced a series of financial setbacks, leading U.S.
officials to describe the group being in the “worst financial shape in decades.”
Indeed, Hezbollah has in recent months resorted to launching an online fundraising crowdsourcing campaign entitled “Equip a Mujahid Campaign” which calls for donations, large or small, payable all at once or in installments, to equip Hezbollah fighters.
Hezbollah has also promoted a fundraising campaign on billboards and posters promoting a program through which supporters whereby supporters can avoid recruitment into Hezbollah’s militia forces for a payment of about $1,000.
These are desperate measures for a group suffering tough financial times.
And yet, Hezbollah continues to collect sufficient funds to deploy a significant militia
at home and next door in Syria, to send smaller groups of operatives to Iraq and Yemen,
and to operate an international terrorist network with deadly effect.
To effectively counter Hezbollah’s financing, the U.S. must lead an international effort to target the group’s illicit financial conduct both at home in Lebanon and around the world. More here.
***
Meanwhile to fully comprehend the full construction of Iranian terror networks globally and the historical facts, go here.
In day 5 of the Iranian people protesting the Iran government, at least a dozen have been killed.

Initially, state TV said that 10 people had been killed overnight, but that figure was later raised to 13 by a regional governor:

  • Six died after shots were fired in the western town of Tuyserkan, 300km (185 miles) south-west of Tehran
  • Later, Hamadan province’s governor told the ISNA agency that another three people had also been killed in the city
  • Two people died in the south-western town of Izeh, an official said
  • Two died in clashes in Dorud in Lorestan province

This has the makings of the conflict seen in Syria as the genesis is the same. Where will this put militant Islamist groups in the mix is an open question. Islamic State did launch a terror attack in June of 2017.

There are other moving parts to the building civil conflicts in Iran and they include Israel, Saudi Arabia, North Korea, Syria, Lebanon, Iraq and the United States.

Image result for protests in iran photo

In part from Reuters: Hundreds have been arrested, according to officials and social media. Online video showed police in the capital Tehran firing water cannon to disperse demonstrators, in footage said to have been filmed on Sunday.

Protests against economic hardships and alleged corruption erupted in Iran’s second city of Mashhad on Thursday and escalated across the country into calls for the religious establishment to step down.

Some of the anger was directed at Ayatollah Ali Khamenei, breaking a taboo surrounding the man who has been supreme leader of Iran since 1989.

Video posted on social media showed crowds of people walking through the streets, some chanting “Death to the dictator!” Reuters was not immediately able to verify the footage. The Fars news agency reported “scattered groups” of protesters in Tehran on Monday and said a ringleader had been arrested.

“The government will show no tolerance for those who damage public property, violate public order and create unrest in society,” Rouhani said in his address on Sunday.

Unsigned statements on social media urged Iranians to continue to demonstrate in 50 towns and cities.

The government said it was temporarily restricting access to the Telegram messaging app and Instagram. There were reports that internet mobile access was blocked in some areas.

 

The Plotting Begins to Surface at FBI/DoJ

Posted on by

Primer:

(Washington, DC)Judicial Watch today released Justice Department records showing that FBI Deputy Director Andrew McCabe did not recuse himself from the investigation into former Secretary of State Hillary Clinton’s unsecure, non-government email server until Tuesday, November 1, 2016, one week prior to the presidential election. The Clinton email probe was codenamed “Midyear Exam.”

While working as Assistant Director in Charge of the Washington Field Office, McCabe controlled resources supporting the investigation into former Secretary of State Hillary Clinton’s email scandal. An October 2016 internal FBI memorandum labeled “Overview of Deputy Director McCabe’s Recusal Related To Dr. McCabe’s Campaign for Political Office,” details talking points about McCabe’s various potential conflicts of interest, including the FBI’s investigation of Clinton’s illicit server, which officially began in July 2015:

While at [Washington Field Office] did Mr. McCabe provide assistance to the Clinton investigation?

Related reading: Nunes blasts DOJ, FBI for ‘failure’ to produce records relating to anti-Trump dossier

After the referral was made, FBI Headquarters asked the Washington Field Office for personnel to conduct a special investigation. McCabe was serving as [Assistant Director] and provided personnel resources. However, he was not told what the investigation was about. In February 2016 McCabe became Deputy Director and began overseeing the Clinton investigation.

The Overview also shows if asked whether McCabe played any role in his wife’s campaign, the scripted response was: “No. Then-[Assistant Director] McCabe played no role, attended no events and did not participate in fundraising or support of any kind.” More here.

Related reading: Russia never stopped its cyberattacks on the United States

Wider context:

Why do heads seem to be rolling—or at least tilting—at the Department of Justice and FBI?

Eight high ranking Department of Justice and FBI officials have been removed, reassigned or are rumored to be leaving. They include the top FBI agents who worked on two of the agency’s most high-profile investigations in the past two years: the probe into Hillary Clinton’s mishandling of classified information as secretary of state, and the Trump-Russia collusion investigation.

There’s been a great deal of news coverage about allegations of collusion between President Trump and Russia; much of the reporting apparently accurate and some of it not.

Less attention has been given to concurrent investigations that seem to be claiming scalps even if indirectly.

The investigations into the investigators include Congressional inquiries and a multi-faceted probe launched by Department of Justice Inspector General Michael Horowitz surrounding the FBI decision not to prosecute Clinton. Specifically, Horowitz—who was appointed by President Obama—said he’s reviewing:

  • Allegations that FBI Deputy Director Andrew McCabe and Assistant Attorney General Peter Kadzik should have recused themselves.
  • Allegations of improper political contacts by Kadzik.
  • Allegations that Justice Department and FBI employees improperly disclosed non-public information and were influenced by improper considerations in releasing certain documents just before the 2016 election.

Below are some of the players. Their inclusion in this article does not imply any wrongdoing. None of those mentioned are formally accused of any improper activities. Their past or pending job status may not be related to the controversies discussed. To the extent that any have commented, they firmly deny any misconduct and are staunchly defended by supporters and colleagues.

Fired: Sally Yates, Deputy Attorney General

Sally Yates, former Deputy Attorney General

Alleged philosophical mutiny for failing to defend presidential order on immigration; alleged politically-motivated “unmaskings.”

Under questioning from Congress, Yates admitted that as Deputy Attorney General under Loretta Lynch, she engaged in the sensitive practice of unmasking and reviewing classified documents from “Trump, his associates or any member of Congress.” Later, as Acting Attorney General, Yates ordered Justice Department attorneys not to defend President Trump’s ban on certain Muslim visitors from entering the U.S.

Latest: President Trump fired Yates in January 2017. She was both praised and criticized for her stance on the travel ban. Since her firing, Yates has attacked President Trump in public referring to him as as “shamelessly unpatriotic,” saying he has “indifference to truth,” and claiming his “respect for the rule of law” is “in tatters.”

Departed: Peter Kadzik, Department of Justice liaison to Congress, Assistant Attorney General for Legislative Affairs.

Peter Kadzik, former Justice Dept. Asst. Attorney General

Alleged conflicts of interest with the Hillary Clinton campaign and alleged disclosure of nonpublic information for political reasons.

During the FBI investigation of Hillary Clinton, Kadzik appeared to tip off Clinton presidential campaign chairman John Podesta about two issues: an upcoming hearing where a Justice Department official would be asked about the Clinton emails, and the timing of the release of some Clinton emails. Kadzik previously worked for Podesta as an attorney. He denied any wrongdoing.

Latest: Kadzik left the Justice Department in January 2017 and works in private practice.

“Retiring”: Andrew McCabe, FBI Deputy Director

Failure to exclude himself from leading the Hillary Clinton email probe despite alleged conflicts of interest.

Appointed by James Comey, McCabe led the FBI investigation that determined Hillary Clinton should not be prosecuted for her mishandling of classified emails. McCabe’s wife had reportedly received $700,000 for her unsuccessful Virginia senate campaign from close Clinton ally Virginia Governor Terry McAuliffe. (McAuliffe was also said to be under FBI investigation regarding campaign contributions from a Chinese businessman. He has not been charged and has denied any wrongdoing.)

Latest: News reports say McCabe will retire in early March when he’s eligible for his full pension.

Andrew McCabe, FBI Deputy Director

“Reassigned”: James Baker, FBI General Counsel

James Baker, FBI General Counsel

Reportedly under IG investigation for allegedly improperly leaking information.

Baker also served as counsel for McCabe during Congressional questioning. Separately, Baker was allegedly in contact with a reporter who published the first story about an anti-Trump “dossier” alleging ties between Trump and Russia. (The reporter denies Baker was a source.) The dossier was presented shortly before the election as if it were an intelligence investigative file. But it turned out to be political opposition research funded by the Hillary Clinton campaign and the Democratic National Committee. Congress is investigating whether the FBI improperly used the dossier to convince a secret court to authorize wiretaps to surveil Trump associates. The FBI reportedly secretly offered to pay the author of the dossier to keep pursuing leads after the election, but the deal wasn’t ultimately consummated.

Latest: Baker has reportedly been reassigned. His supporters have told reporters the reassignment is unrelated to the investigations and that he did nothing wrong.

“Transferred”: Peter Strzok, the top FBI agent on Special Counsel Robert Mueller’s team

Peter Strzok, FBI official

Alleged anti-Trump political bias.

Strzok is identified as the FBI official who softened language and watered down key findings in the Clinton email probe. He was the top FBI agent on Special Counsel Robert Mueller’s team investigating alleged Trump-Russia collusion and number two in FBI Counterintelligence office during Hillary Clinton email investigation. Strzok oversaw FBI interviews with Trump National Security Adviser Lt. Gen. Michael Flynn (who plead guilty to lying to the FBI).

While Strzok worked on the Trump-Russia investigation, the Inspector General unearthed anti-Trump text messages Strzok had exchanged with FBI attorney Lisa Page, a fellow member of Mueller’s team with whom Strzok was reportedly having an illicit affair.

Latest: Strzok was ousted from Mueller’s team and transferred to human resources in August after the controversial anti-Trump text messages were discovered.

Shifted: Lisa Page, FBI lawyer and McCabe senior adviser

Alleged anti-Trump political bias. 

Page was on the FBI Mueller team investigating alleged Trump-Russia collusion. She had exchanged anti-Trump text messages with Strzok, the top FBI agent on Mueller’s team, with whom she was reportedly having an illicit affair.

Latest: Page left the Mueller team last summer. Reports say the move was unrelated to the controversy.

Excerpts from text exchanges between FBI couple Strzok and Page who served on the Mueller team investigating Trump:Page: “I cannot believe Donald Trump is likely to be an actual, serious candidate for president” and “God(,) Trump is a loathsome human.”

Page: “I just saw my first Bernie Sander [sic] bumper sticker. Made me want to key the car.”

Strzok: “He’s an idiot like Trump. Figure they cancel each other out.”

Strzok called Trump “awful” and “an idiot” and said Clinton should win “100,000,000-0.’’

Strzok on Election Day when he learned Trump could win: “f*****g terrifying.”

Strzok: “I want to believe the path you threw out for consideration in Andy’s [believed to refer to McCabe] office that there’s no way he gets elected — but I’m afraid we can’t take that risk. It’s like an insurance policy in the unlikely event you die before you’re 40.’’

Page texted that she hoped Republican House Speaker Paul Ryan “fails and crashes in a blaze of glory.” Strzok replied that Republicans need “to pull their head out of that *ss. Shows no sign of occurring any time soon.”

Fired: James Comey, FBI Director under President Obama

Comey originally served under George W. Bush and briefly under President Trump. Once he was fired by Trump in May 2017, Comey secretly leaked a memo to the press to engineer the appointment of a special counsel to investigate alleged Trump-Russia collusion.

James Comey, former FBI Director

“Demoted”: Bruce Ohr, Associate Deputy Attorney General at the Department of Justice

Bruce Ohr, Justice Dept. official; Photo courtesy C-SPAN

Alleged improper political conflicts.

Bruce Ohr arranged to meet with the co-founder Fusion GPS, the political opposition research firm that compiled the anti-Trump “dossier,” according to court filings. Fusion GPS also hired Ohr’s wife, Nellie.

Latest: Ohr still works at the Justice Department, but was reportedly recently removed as associate deputy attorney general.

Investigator: Robert Mueller

Special Counsel investigating alleged Trump-Russia collusion in 2016 US election. Former FBI Director 2001-2013 under Bush and Obama. Mueller served as FBI Director under Comey when Comey was a top Bush Justice Department official.

Robert Mueller, former FBI Director, Special Counsel investigating alleged Trump-Russia collusion

Investigator: Michael Horowitz

Obama-appointed Department of Justice Inspector General investigating a wide range of alleged misconduct within FBI and Department of Justice.

Michael Horowitz, Department of Justice Inspector General

Romanians Hacked Surveillance Cameras in DC

Posted on by

Image result for washington dc surveillance cameras photo and more information here

Washington (CNN) Two Romanian hackers infiltrated nearly two-thirds of the outdoor surveillance cameras in Washington, DC, as part of an extortion scheme, according to federal court documents.

In a criminal complaint filed last week in the US District Court for the District of Columbia, the US government alleges that the two Romanian hackers operating outside the United States infiltrated 65% of the outdoor surveillance cameras operated by DC city police — that’s 123 cameras out of 187 in the city. The alleged hacking occurred during a four-day period in early January.
Side bar: Seems Mihai Alexandru Isvanca and Eveline Cismaru once had an operation in London. There is also an address where it seems lots of people lived.
The hacking suspects, Mihai Alexandru Isvanca and Eveline Cismaru, are also accused of using the computers behind the surveillance cameras to distribute ransomware through spam emails, according to an affidavit by Secret Service agent James Graham in support of the government’s criminal complaint. The affidavit alleges the hackers meant to use the malware to lock victims’ computers and then extort payments from them to regain access.
In the affidavit, the Romanians are accused of “intent to extort from persons money and other things of value, to transmit in interstate and foreign commerce communications containing threats to cause damage to protected computers.”
They were traced through their registered email addresses, one of which roughly translates into “selling souls” in Romanian, according to the affidavit.
*** But hold on, how bad was it? Don’t you love it when the matter is minimized or has lies attached?

WaPo: Hackers infected 70 percent of storage devices that record data from D.C. police surveillance cameras eight days before President Trump’s inauguration, forcing major citywide reinstallation efforts, according to the police and the city’s technology office.

City officials said ransomware left police cameras unable to record between Jan. 12 and Jan. 15. The cyberattack affected 123 of 187 network video recorders in a closed-circuit TV system for public spaces across the city, the officials said late Friday.

Brian Ebert, a Secret Service official, said the safety of the public or protectees was never jeopardized.

Archana Vemulapalli, the city’s Chief Technology Officer, said the city paid no ransom and resolved the problem by taking the devices offline, removing all software and restarting the system at each site.

An investigation into the source of the hack continues, said Vemulapalli, who said the intrusion was confined to the police CCTV cameras that monitor public areas and did not extend deeper into D.C. computer networks.

Ransomware is malware that is said to be proliferating. It infects computers, often when users click on a link or open an attachment in an email. It then encrypts files or otherwise locks users out until they pay.

The D.C. hack appeared to be an extortion effort that”was localized” and did not affect criminal investigations, city officials said.

On Jan. 12 D.C. police noticed four camera sites were not functioning properly and told OCTO. The technology office found two forms of ransomware in the four recording devices and launched a citywide sweep of the network where they found more infected sites, said Vemulapalli.

The network video recorders are connected to as many as four cameras at each site, she said.

“There was no access from these devices into our environment,” Vemulapalli said.

Interim Police Chief Peter Newsham said that police worked with OCTO but that the incident was limited to about 48 hours He said there was “no significant impact” overall.

City officials declined to say who they suspected in the attack.

The Post Obama Iran Report

Posted on by

 

Former Mossad Chief explains, it is all about the Iran threat. Clearly, the Obama administration including is National Security Council and both Secretaries of State focused more on Israel and accusatory ‘occupier’ status than on Iran.

*** Image result for iran kitten hacking photo

Behzad Mesri, the Iranian national the US has accused of hacking HBO this year, is part of an elite Iranian cyber-espionage unit known in infosec circles as Charming Kitten, according to a report released yesterday by Israeli firm ClearSky Cybersecurity.

Known as an APT (Advanced Persistent Threat), this group has been active since 2013 and is believed to be operating under the protection of the local Iranian government.

The group’s activities have been first exposed in March 2014, when US cyber-security firm FireEye published a report entitled “Operation Saffron Rose.”

Charming Kitten —also tracked under various codenames such as Newscaster, NewsBeef, Flying Kitten, and the Ajax Security Team— was one of the most active Iran-based cyber-espionage units at the time, but once the FireEye report went public, the group dismantled its infrastructure and went dormant.

Subsequent research published by Iran Threats and ClearSky show that parts of the old Charming Kitten infrastructure, such as malware and credential theft resources, have been reused by another Iranian cyber-espionage unit named Rocket Kittens, and possibly more.

Various experts have pointed out that most of these groups are most likely operating under the protection and guidance of Iranian military, hence the reason why some resources are used not by one or two, but multiple APTs.

According to the official indictment, US officials said Mesri worked for the Iranian military, but that he also lived a separate life as a hacker. Evidence shows that Mesri defaced hundreds of websites and most likely carried out the HBO hack outside of his role in the Charming Kittens operations, most of which have targeted Iranian dissidents.

Mesri had connections to other Charming Kitten members

The 59-page ClearSky report released yesterday shows a web of connections between Mesri and other members of the Charming Kitten espionage unit, including connections to a hacktivist group known as the Turk Black Hat Security hacking group, where Mesri operated under the pseudonym of “Skote Vahshat,” together with other persons linked to Iranian APTs.

Besides Charming Kitten and the subsequent Rocket Kitten incarnation, Iran is home to other APT groups such as OilRig [1, 2], CopyKittens, and Magic Hound (Cobalt Gypsy, Timberworm), all very active.

In fact, Iranian actors are some of the most active groups around, albeit far from the most sophisticated. Their usual targets are businesses, human rights groups, individuals, and nearby governments of interest or at odds with the Iranian government — such as Saudi Arabian companies and government agencies, or Israeli military and government targets.

According to multiple reports, the Charming Kittens group of which Mesri is suspected of being a member, operated using mundane spear-phishing and watering hole attacks, and targeted individuals using made-up organizations and people, fake news sites, or by impersonating real companies.

The group was not sophisticated like US, Chinese, or Russian counterparts, but persisted with attacks until they got access to their targets’ email inbox and social media accounts, most likely to gather information on a person’s past or upcoming plans. More details here.

***

Image result for iran kitten hacking photo

Is Iran a cyber threat? Yes and gaining hacking abilities quickly.

Tehran poses an increasing cyber threat to the U.S., in light of the Trump administration’s allegations that Iran is violating United Nations Security Council resolutions tied to the nuclear agreement. Iran-sponsored hackers—dismissively referred to as “kittens” for their original lack of sophistication—are bolstering their cyber warfare capabilities as part of their rivalry with Saudi Arabia. But should President Donald Trump take further steps to scrap the nuclear deal, it could mean an uptick in Iranian state-sponsored cyber intrusions into American and allied systems, with the goals of espionage, subversion, sabotage and possibly coercion.

  • Since 2011, Iran has worked to establish itself as a prominent aggressor in cyberspace, alongside China, Russia and North Korea. Evolving from mere website defacement and crude censorship domestically in the early 2000s, Iran has become a player in sustained cyber espionage campaigns, disruptive denial of service (DDoS) attacks and the probing of networks for critical infrastructure facilities.
  • Iran wasn’t pursuing cyber capabilities with much urgency, experts say, until it was revealed  in 2010 that a joint Israeli-U.S. Stuxnet worm sabotaged nuclear centrifuges at Iran’s facility in Natanz. As the first-known instance of virtual intrusions resulting in physical effects, the operation demonstrated the potential effectiveness of such an attack and has informed much of Iranian cyber operations since.
  • Iran often has conducted disruptive cyber operations loosely in response to actions taken by others. It sees offensive cyber operations as an asymmetric but proportional tool for retaliation. For example, following the Stuxnet attack and the imposition of new sanctions on Iran’s oil and financial sectors in 2011, Tehran was suspected of retaliating in 2012 by releasing the Shamoon disk-wiping malware into the networks of Saudi oil giant Saudi Aramco and Qatar’s natural gas authority, RasGas. It also launched volleys of DDoS attacks against at least 46 major U.S. financial systems.
  • Iran commonly conducts its state-sponsored cyber operations behind a thin veil of hacktivism. From 2011 to 2013, a group calling itself the Qassam Cyber Fighters launched DDoS attacks that flooded the servers of U.S. banks with artificial traffic until they became inaccessible. In March 2016, the Justice Department unsealed indictments of seven individuals—employees of the Iran-based computer companies ITSecTeam and Mersad Company—for conducting the DDoS attacks — and intrusions into a small dam in upstate New York—on behalf of the Islamic Revolutionary Guard Corps (IRGC), the arm of Iran’s military formed in the aftermath of the 1979 Iranian revolution.

While much of Iran’s cyber operations have been attempts at asymmetric disruption against its Gulf rivals, Israel and the United States, it has recalculated since the 2015 negotiation of the Joint Comprehensive Plan of Action (JCPOA), the Iran nuclear deal.

  • Under scrutiny by the international community, Iran has largely reined in disruptive attacks against the U.S., with some operations still deployed against Saudi Arabia. In November 2016, a variant of the disk-wiping malware Shamoon was deployed against Saudi aviation and transportation authorities.

Rather than relying on disruptive attacks against the West, Iran has pursued cyber-enabled information warfare against its regional competitors, namely Saudi Arabia. By utilizing cyber proxies to access and weaponize privileged information, Iran has subtly sought to undermine Saudi Arabia’s political standing in the region and in the eyes of international allies. This kind of grey-zone offensive—an act short of war—is a page right out of the Russian intelligence playbook of active measures in Europe and the U.S.

  • In April 2015, the pro-Saudi newspaper Al Hayat was hacked by a group calling itself the Yemen Cyber Army, which experts say has loose ties to Iran. The attack replaced the media outlet’s front page with threatening messages aimed at dissuading the Saudis from getting involved in the civil unrest bubbling across their southern border. The hack was followed quickly by stories on Iran’s state-run FARS news agency and Russia’s RT network, citing the Yemen Cyber Army for breaching the Saudi foreign ministry and its threats to release personal information on Saudi officials and expose diplomatic correspondence that allegedly suggested Saudi support of Islamist groups in the region. One month later, WikiLeaks published material likely taken from the trove of stolen correspondence.
  • In another example, an Iran-linked Hezbollah hacktivist group known as the Islamic Cyber Resistance leaked sensitive material related to the Saudi army, the Saudi Binladin Group and the Israeli Defense Forces, following the December 2013 assassination of Hezbollah leader Hassan al-Laqis, according to Matthew McInniss, an AEI scholar now working on Iran in the Trump State Department. Ties also have been detected between Iran and the Syrian Electronic Army, the hacking wing of the regime of Bashar al-Assad, according to Cipher Brief expert and former CIA and NSA chief Michael Hayden.
  • The link between Iranian government support and the cyber proxy actors is difficult to prove. But it would follow the pattern of Iranian military assistance given to other types of proxy forces in Lebanon, Syria and Yemen.
  • The governmental structure in Iran that oversees cyber-related activities is the Supreme Council of Cyberspace, established by Ayatollah Ali Khamenei in March 2012. It consists of representatives from various Iranian intelligence and security services. However, the direct command-and-control structure for engaging in cyber operations remains a mystery, particularly when it comes to cyber proxies. While it could be the responsibility of Iran’s Quds Force, the external wing of the IRGC, the lack of a clear command-and-control system could be intentional. Similar to Iran’s “mosaic defense” military structure, cyber operations appear more decentralized and fluid than other countries with advanced cyber capabilities—Russia and China, for example—complicating the tracking and attribution of attacks.

The Iranian nuclear deal may have had some cyber-deterrent value, in that it reined in Iranian disruptive attacks against the West, but this could be short-lived. Rhetoric from the Trump administration is stoking the fire, including recent statements by U.S. Ambassador to the United Nations Nikki Haley that Iran is violating the nuclear agreement.

  • Iran, as a result, is likely to engage in broad-spectrum cyber espionage to alleviate that uncertainty. For example, Operation Cleaver in 2012-14 hit U.S. military targets, as well as systems in critical industries such as energy and utilities, oil and gas, chemicals, airlines and transportation hubs, global telecommunications, healthcare, aerospace, education and the defense industrial base. Earlier this month, reports surfaced of a new Iranian state-sponsored actor—referred to as APT 34—conducting reconnaissance of critical infrastructure in the Middle East.
  • While the probing of such essential systems is alarming, it is expected as a contingency plan, should relations with adversaries escalate. The New York Times reported that the U.S. had similar plans – known as Operation Nitro Zeus – to disrupt Iranian critical services should the nuclear negotiations have gone sideways during the Obama administration. It is likely the Trump administration is devising similar contingency plans. Learn more about the contributors here.