Moscow’s Igor Sergun: Cong. Rohrabacher to your ‘Like Button’

Posted on May 19, 2017May 19, 2017 by Denise Simon

One part of this Moscow mess began in 2012, when the FBI held a private session with Congressman Dana Rohrahacher, (CA), Mike Rogers, Michigan, and according to one former official, Representative C. A. Dutch Ruppersberger, telling them they were the targets of Russian influence and possible targets of recruiting.

Of note, Igor Sergun died in January of 2016, but his operations were already underway.

Image result for igor sergun

Sergun is credited as an important figure in the renaissance of the GRU, which had suffered deep staff and budget cuts prior to his arrival. Under Sergun, the agency regained political power within the Russian government as well as control over the Spetsnaz special forces, making it “crucial in the seizure of Crimea and operations in the Donbas,” as well as “as the lead agency for dealing with violent non-state actors.”

Perhaps the United States should take a hard look at the actions Ukraine has taken regarding Russian intrusion.

Poroshenko this week ordered Ukrainian Internet providers to block Vkontakte and Odnoclassniki. The sites are similar to Facebook and are two of the most popular social networking sites in the former Soviet space.

More than 25 million Ukrainians, in a country of about 43 million people, use the Russian sites to connect with friends, join groups and use the online messaging systems.

Poroshenko said the new restrictions were necessary to further protect Ukraine from Kremlin hybrid warfare, including disinformation campaigns, propaganda and military attacks. The two neighbors and former Soviet republics have been embroiled in a brutal, three-year war that has killed more than 10,000 people and displaced about 1.7 million eastern Ukrainians.

Supporters of the ban said it would also protect Ukrainians from the Russian security services’ ability to monitor and gather metadata from the sites’ users. Ukrainian government officials said the sites are closely monitored by Russia’s FSB, the successor agency to the KGB. More here from LATimes.

One must take the time to see the evidence the domestic intelligence agencies and private cyber companies along with data analysis experts are uncovering and studying. Further, since we citizens cannot attend meetings, some in classified settings that are held in Congress and we don’t get any information from the investigations, there are some interviews with professionals that are sounding the alarm bells.

Are you sick of Russia and hearing about Putin? Sure you are, but so is our government and other global leaders, rightly so. You are going to have to understand some facts and buckle in….there is more to come. Until the United States crafts a policy, decides on responses and pass legislation, Russia has nothing to stop their actions. What actions?

In part from Time: On March 2, a disturbing report hit the desks of U.S. counterintelligence officials in Washington. For months, American spy hunters had scrambled to uncover details of Russia’s influence operation against the 2016 presidential election. In offices in both D.C. and suburban Virginia, they had created massive wall charts to track the different players in Russia’s multipronged scheme. But the report in early March was something new.

It described how Russia had already moved on from the rudimentary email hacks against politicians it had used in 2016. Now the Russians were running a more sophisticated hack on Twitter. The report said the Russians had sent expertly tailored messages carrying malware to more than 10,000 Twitter users in the Defense Department. Depending on the interests of the targets, the messages offered links to stories on recent sporting events or the Oscars, which had taken place the previous weekend. When clicked, the links took users to a Russian-controlled server that downloaded a program allowing Moscow’s hackers to take control of the victim’s phone or computer–and Twitter account.

As they scrambled to contain the damage from the hack and regain control of any compromised devices, the spy hunters realized they faced a new kind of threat. In 2016, Russia had used thousands of covert human agents and robot computer programs to spread disinformation referencing the stolen campaign emails of Hillary Clinton, amplifying their effect. Now counterintelligence officials wondered: What chaos could Moscow unleash with thousands of Twitter handles that spoke in real time with the authority of the armed forces of the United States? At any given moment, perhaps during a natural disaster or a terrorist attack, Pentagon Twitter accounts might send out false information. As each tweet corroborated another, and covert Russian agents amplified the messages even further afield, the result could be panic and confusion.

***

Americans generate a vast trove of data on what they think and how they respond to ideas and arguments–literally thousands of expressions of belief every second on Twitter, Facebook, Reddit and Google. All of those digitized convictions are collected and stored, and much of that data is available commercially to anyone with sufficient computing power to take advantage of it.

That’s where the algorithms come in. American researchers have found they can use mathematical formulas to segment huge populations into thousands of subgroups according to defining characteristics like religion and political beliefs or taste in TV shows and music. Other algorithms can determine those groups’ hot-button issues and identify “followers” among them, pinpointing those most susceptible to suggestion. Propagandists can then manually craft messages to influence them, deploying covert provocateurs, either humans or automated computer programs known as bots, in hopes of altering their behavior.

That is what Moscow is doing, more than a dozen senior intelligence officials and others investigating Russia’s influence operations tell TIME. The Russians “target you and see what you like, what you click on, and see if you’re sympathetic or not sympathetic,” says a senior intelligence official. Whether and how much they have actually been able to change Americans’ behavior is hard to say. But as they have investigated the Russian 2016 operation, intelligence and other officials have found that Moscow has developed sophisticated tactics.

In May 2016, a Russian military intelligence officer bragged to a colleague that his organization, known as the GRU, was getting ready to pay Clinton back for what President Vladimir Putin believed was an influence operation she had run against him five years earlier as Secretary of State. The GRU, he said, was going to cause chaos in the upcoming U.S. election.

What the officer didn’t know, senior intelligence officials tell TIME, was that U.S. spies were listening. They wrote up the conversation and sent it back to analysts at headquarters, who turned it from raw intelligence into an official report and circulated it. But if the officer’s boast seems like a red flag now, at the time U.S. officials didn’t know what to make of it. “We didn’t really understand the context of it until much later,” says the senior intelligence official. Investigators now realize that the officer’s boast was the first indication U.S. spies had from their sources that Russia wasn’t just hacking email accounts to collect intelligence but was also considering interfering in the vote. Like much of America, many in the U.S. government hadn’t imagined the kind of influence operation that Russia was preparing to unleash on the 2016 election. Fewer still realized it had been five years in the making.

Putin publicly accused then Secretary of State Clinton of running a massive influence operation against his country, saying she had sent “a signal” to protesters and that the State Department had actively worked to fuel the protests. The State Department said it had just funded pro-democracy organizations. Former officials say any such operations–in Russia or elsewhere–would require a special intelligence finding by the President and that Barack Obama was not likely to have issued one.

After his re-election the following year, Putin dispatched his newly installed head of military intelligence, Igor Sergun, to begin repurposing cyberweapons previously used for psychological operations in war zones for use in electioneering. Russian intelligence agencies funded “troll farms,” botnet spamming operations and fake news outlets as part of an expanding focus on psychological operations in cyberspace.

One particularly talented Russian programmer who had worked with social media researchers in the U.S. for 10 years had returned to Moscow and brought with him a trove of algorithms that could be used in influence operations. He was promptly hired by those working for Russian intelligence services, senior intelligence officials tell TIME. “The engineer who built them the algorithms is U.S.-trained,” says the senior intelligence official.

Soon, Putin was aiming his new weapons at the U.S. Following Moscow’s April 2014 invasion of Ukraine, the U.S. considered sanctions that would block the export of drilling and fracking technologies to Russia, putting out of reach some $8.2 trillion in oil reserves that could not be tapped without U.S. technology. As they watched Moscow’s intelligence operations in the U.S., American spy hunters saw Russian agents applying their new social media tactics on key aides to members of Congress. Moscow’s agents broadcast material on social media and watched how targets responded in an attempt to find those who might support their cause, the senior intelligence official tells TIME. “The Russians started using it on the Hill with staffers,” the official says, “to see who is more susceptible to continue this program [and] to see who would be more favorable to what they want to do.”

Finish reading this remarkable report here. There is much more detail, including cyber operations, candidates, analysis and concocted political scandals. If one wonders why there is yet no evidence presented yet by the FBI and what the members of Congress are told, you now have a clue. This investigative process is a very long one and attributions as well as analysis is cumbersome and heavy on expert resources.

Cyber-code, Oilrig, Iran hires Russian Hackers

Posted on May 18, 2017May 18, 2017 by Denise Simon

Update and unrelated to OilRig and reported May 18: Russia tried to take over Pentagon Twitter accounts: report

SCMedia: Attacks believed to be Iranian in origin were fended off for more than two weeks in April, but security experts examining the code detected snippets of code from an underground Russian marketplace.

Iranian hackers targeting critical infrastructure

Attacks believed to be Iranian in origin were fended off for more than two weeks in April, but security experts examining the code detected something they’d never seen before: snippets of code baring similarities to a known Russian toolkit available on the underground Russian marketplace.

The code had previously been used in a damaging cyber-attack on the Ukraine’s infrastructure in 2015.

Carl Wright, general manager and executive vice president of worldwide sales at TrapX Security, the San Mateo, California-based security firm that blocked the hackers last month, told an interviewer it was the first time his firm had detected an attack where hackers based in Iran were collaborating with Russian hackers-for-hire, according to an article in the New York Times.

Wright could not reveal the target of the attack owing to a confidentiality arrangement. But other security experts said the attackers could have purchased the Russian toolkit from an online forum and customised it for their campaign.

This hypothesis is countered by TrapX researchers, however, who noted that a number of “web domains used in the attack had been registered to a Russian alias, and that three email addresses continue to be used by a hacker in Russian hacking forums and in the underground web.”

The Iranian attackers behind the latest campaign, dubbed OilRig for their previous attacks on oil companies in Saudi Arabia and Israel, have been expanding their geographical range with hundreds of new attacks targeting a number of military, financial and energy companies in Europe as well as the United States, the Times reported.

Nearly three-quarters of the code employed in the latest campaign was previously used by OilRig in hundreds of attacks on other enterprises, including government agencies and oil companies.

But, as the defences of the newest target became more robust and the attackers evolved their tactics, the security researchers noted new weapons in their arsenal: a typical hacker’s kit, used to siphon out data, such as to steal usernames and passwords; but, more revealing, a tool never before detected in an OilRig campaign.

This was obfuscated with encryption to evade security investigators. After weeks spent decrypting the code, the researchers at TrapX determined that besides code similar to that used by OilRig in prior attacks, the bad actors were employing malware called BlackEnergy, also used previously, specifically by the Russian hackers who attacked the Ukraine power grid. Further, data was being transferred from the target to a server also used in the Ukraine attack.

TrapX lured the miscreants to inject their malware onto a server, which was then analysed by the TrapX team who were able to then shut the attackers out of their client’s system.

Forbes

*** There is more:

Iranian hackers which previously targeted organizations in Saudi Arabia are now targeting organizations in other countries, including the US, as part of a campaign identified as OilRig campaign.

In addition to expanding its reach, the group has been enhancing its malware tools.

Researchers at Palo Alto Networks have been monitoring the group for some time and have

reported observing attacks launched by a threat actor against financial institutions and technology companies in Saudi Arabia and on the Saudi defense industry. This campaign referred to as “ OilRig,” by Palo Alto Networks, entails weaponized Microsoft Excel spreadsheets tracked as

“Clayslide” and a backdoor called “Helminth.” More here.

More: Last month

The Israeli Cyber Defense Authority yesterday announced that it believes Iran was behind the a series of targeted attacks against some 250 individuals between April 19 and 24 in government agencies, high-tech companies, medical organizations, and educational institutions including the renowned Ben-Gurion University. The attackers – whom security experts say are members of the so-called OilRig aka Helix Kitten aka NewsBeef nation-state hacking group in Iran — used stolen email accounts from Ben-Gurion to send their payload to victims.

“This is the largest and most sophisticated attack they’ve [OilRig] ever performed,” says Michael Gorelik, vice president of R&D for Morphisec, who studied the attacks and confirms that the final stage was thwarted for the most part. “It was a major information-gathering [operation],” he says.

OilRig has been rapidly maturing since it kicked off operations around 2015. The attack campaign against Israeli targets employed the just-patched Microsoft CVE-2017-0199 remote code execution vulnerability in the Windows Object Linking and Embedding (OLE) application programming interface. This flaw had been weaponized in attacks prior to the patch, including Dridex banking Trojan and botnet attacks, and in at least one other cyber espionage campaign.

Forbes has more on corporate and individual hack operations in the United States by OilRig including other countries.

Turkey Evicting U.S. from Base Incirlik, Turkey?

Posted on May 16, 2017May 16, 2017 by Denise Simon

Incirlik Air Base, NATO

Primer: Last year with the attempted coup and the declining relationship between the United States and Turkey, a report to Congress weighed the alternatives to stationing nuclear weapons at Incirlik. Moving the warheads could possibly encourage Russia to cooperate more and possibly reduce their nuclear stockpile, though nothing guarantees that. More here.

Germany likely to pull troops out of Incirlik air base

The Berlin government is mulling moving its troops out of Turkey’s Incirlik air base after a second snub by Ankara. A German political delegation was denied approval to visit Bundeswehr soldiers at the military facility.

Wolfgang Hellmich, the chairman of the Bundestag Defense Committee, told the German news agency dpa “we’re not going to be blackmailed” by the Ankara government after a second German parliamentary delegation was prevented from visiting Turkey’s Incirlik facility. The air base is being used in the international fightback against so-called “Islamic State” (IS) militants.

Go here for video.

A decision on where to move the Tornado units is likely to be made in the next few weeks, with Jordan seen as a favorite, sources from the Bundestag committee said.

New tensions

Turkey’s latest snub follows Germany’s decision to grant asylum to a number of Turkish military officers, who faced persecution following Turkey’s failed coup on July 15 last year, according to dpa.

German Chancellor Angela Merkel called Turkey’s latest move “unfortunate” in remarks to reporters in Berlin earlier in the day.

“The Bundeswehr is a parliamentary army and this makes it absolutely necessary for our lawmakers to have access to our soldiers,” Merkel said.

Turkey refused last year to grant German MPs access to the air base, only relenting in October after months of waiting.

The reason given then was that Germany had recognized the crimes committed by Ottoman Turks against Armenians in 1915 as constituting genocide.

Relations between Turkey and Germany have been in a downward spiral in recent months, with many German lawmakers outraged at what they see as flagrant repression of freedoms during Ankara’s post-coup crackdown. Dozens of journalists have been imprisoned – including the German-Turkish writer Deniz Yucel-and authorities have carried out mass sackings and arrests of public officials.

Ankara was also incensed by Berlin’s refusal to allow Turkish ministers permission to attend political rallies aimed at Turkish voters living in Germany in support of a referendum granting President Recep Tayyip Erdogan greatly extended powers. Many observers see Erdogan’s referendum success as a further step toward establishing an autocracy in Turkey.

Bundeswehr is key partner

Germany currently has several Tornado surveillance aircraft and a refueling plane deployed at the Incirlik military base in southwestern Turkey. The jets are part of the international coalition carrying out aerial attacks on IS positions in Iraq and Syria. Some 260 German military personnel are stationed there.

BusinessInsider

Meanwhile,

WASHINGTON (AP) — President Donald Trump will hold his first face-to-face meeting with Turkey’s president Tuesday amid accusations that Trump gave Russian officials classified intelligence from a foreign ally.

Trump and Turkish President Recep Tayyip Erdogan are expected to address the Syrian civil war, refugee crisis and the fight against the Islamic State group, including the U.S. decision to arm Syrian Kurdish fighters despite Turkey’s vehement objections. More here from AP.

*** As such, there is a move to evict the United States from Incirlik due to the matter of the Kurds being in full support by the United States.

WASHINGTON — A prominent Turkish newspaper has demanded the eviction of U.S. troops and warplanes from Incirlik Air Base as fallout there worsens from the Trump administration’s controversial move to arm a Kurdish militia fighting the Islamic State in neighboring Syria.

In a front-page editorial published Friday, the newspaper Sozcu called for Incirlik’s complete closure. It’s an unlikely outcome, military officials and observers say, but a clear sign of how dramatically relations have deteriorated between the NATO allies. The blustery display of anti-Americanism comes as the U.S.-backed coalition in Syria, which is poised to launch a long-awaited offensive to liberate the ISIS stronghold of Raqqa, faces widespread criticism across the border for its dependence on the YPG. The Kurdish militia force has emerged as America’s most capable proxy there, but Turkey maintains it’s a terrorist organization and has actively targeted the group’s fighters in recent weeks.

The editorial is noteworthy, too, because Sozcu’s coverage has been deeply critical of the Turkish government under President Recep Tayyip Erdogan, who expressed similar outrage when Washington’s new arms deal with the YPG was announced last week and warned that supporting the Kurds would elicit blow-back. Erdogan is likely to vent his frustration to President Donald Trump when the two leaders meet this week at the White House. Turkey approved the U.S. to fly attack and strike aircraft from Incirlik beginning in 2015, including for close-air support missions conducted by A-10 Thunderbolts. Additionally, the U.S. bases EA-6B Prowlers there, which can jam ISIS communications and improvised explosive detonators, and the KC-135 Stratotankers responsible for aerial refueling.

In May 2016, aircraft based at Incirlik accounted for nearly one-third of the international coalition’s refueling operations and one-fifth of its close-air support. Today, those numbers are likely much higher as the war’s tempo has intensified.

At the same time, Incirlik has become increasingly less hospitable for the 2,500 U.S. troops assigned there. Citing security concerns, commanders first locked down the base two years ago, prohibiting personnel and their families from venturing beyond its gates. Then, in March 2016, all 700 family members who remained there were ordered to evacuate. Inside the Pentagon, arming the YPG is seen as a calculated gamble. To facilitate its air campaign against ISIS, the U.S. relies on Incirlik’s proximity to Syria and Iraq — so there is some risk in alienating the Turks. Yet following last summer’s coup attempt, Erdogan remains unpopular among large segments of Turkish society and, despite his rhetoric, most assuredly sees advantages to keeping the U.S. close.

Retired Adm. James Stavridis, NATO’s supreme allied commander from 2009 to 2013, said Turkey is unlikely to close the base to U.S. operations because Ankara benefits significantly from associated economic incentives and intelligence sharing. “Turkey,” he added, “still values the NATO alliance, which brings prestige and a measure of security in a dangerous neighborhood.”

Consider Operation Nomad, which since 2011 has provided Turkey with intelligence gathered by U.S. drones and beamed into joint fusion centers operating out of Ankara and Incirlik. Those feeds have supplied vital information about terrorists’ movement across northern Syria and Iraq, intelligence Turkey is unlikely to surrender.

Officials at U.S. European Command echoed those sentiments. “Turkey closing their base, that would be hard to believe,” said Capt. Daniel Hernandez, a spokesman. Incirlik, he added, is “strategically important to them and the coalition.”

There would be painful political costs, too, said Aaron Stein, an expert on U.S.- Turkish relations at the Atlantic Council, a Washington think tank. “They would be blamed internationally for slowing the war against the Islamic State,” he said.

No, “Turkey has concluded it is better to be on the in than the out,” Stein added. “At least on the in, you have a say at every coalition meeting.”

North Korea and Friends, Cyber War, Nerve Gas and WMD

Posted on May 15, 2017May 15, 2017 by Denise Simon

Hey, look over there –>

WikiLeaks Reveals ‘AfterMidnight’ & ‘Assassin’ CIA Windows Malware Frameworks

When the world was dealing with the threat of the self-spreading WannaCry ransomware, WikiLeaks released a new batch of CIA Vault 7 leaks, detailing two apparent CIA malware frameworks for the Microsoft Windows platform. Dubbed “AfterMidnight” and “Assassin,” both malware programs are designed to monitor and report back actions on the infected remote host computer running the Windows operating system and execute malicious actions specified by the CIA. Since March, WikiLeaks has published hundreds of thousands of documents and secret hacking tools that the group claims came from the US Central Intelligence Agency (CIA). This latest batch is the 8th release in the whistleblowing organization’s ‘Vault 7’ series.

‘AfterMidnight’ Malware Framework

According to a statement from WikiLeaks, ‘AfterMidnight’ allows its operators to dynamically load and execute malicious payload on a target system. The main controller of the malicious payload, disguised as a self-persisting Windows Dynamic-Link Library (DLL) file and executes “Gremlins” – small payloads that remain hidden on the target machine by subverting the functionality of targeted software, surveying the target, or providing services for other gremlins. Once installed on a target machine, AfterMidnight uses an HTTPS-based Listening Post (LP) system called “Octopus” to check for any schedu led events. If found one, the malware framework downloads and stores all required components before loading all new gremlins in the memory. According to a user guide provided in the latest leak, local storage related to AfterMidnight is encrypted with a key which is not stored on the target machine. A special payload, called “AlphaGremlin,” contains a custom script language which even allows operators to schedule custom tasks to be executed on the targeted system. More detail here.

Meanwhile….

North Korean hacking group is thought to be behind cyber attack which wreaked havoc across the globe

Technical clues suggest North Korean hacking group is behind cyber attack

Ransomware left the NHS crippled with operations cancelled over the weekend

The virus is now thought to have been released by the Lazarus Group

It has already been blamed for a string of hacks dating back to at least 2009

It includes the 2014 attack on Sony that left its network offline for weeks

Okay maybe….while other IT cyber professionals point to Russian thug hackers….

Rex Tillerson last month spoke about a quasi red line with North Korea….when is enough, enough? Well his answer was, ‘we will know it when we see it’.

Nonetheless, what more needs to be known about North Korea that the media is not reporting? Plenty…..

‘Unrestricted Warfare’ (超限战, literally “warfare beyond bounds”) is a book on military strategy written in 1999 by two colonels in the People’s Liberation Army, Qiao Liang (乔良) and Wang Xiangsui (王湘穗). Its primary concern is how a nation such as China can defeat a technologically superior opponent (such as the United States) through a variety of means. Rather than focusing on direct military confrontation, this book instead examines a variety of other means. Such means include using International Law (see Lawfare) and a variety of economic means to place one’s opponent in a bad position and circumvent the need for direct military action.[1] Go here for more information.

This already tells us and the Pentagon, to not trust China….right? So how can we place trust and the burden of dealing with North Korea on Beijing? We cant.

The RGB is the KGB….

The RGB is the North Korean Reconnaissance General Bureau….much like that of the KGB, now in Russia known as the FSB.

In 2015, North Korea spies infiltrated the United Nations agencies including the World Food Program which is a major supplier of food aid to North Korea. Somehow, the Obama White House and other government agencies neglected to take real action on that or even earnestly report it. Prior to that little event, in 2010, the U.S. Treasury via and Obama Executive Order targeted North Korea for proliferation and other illicit activities including arms trafficking, money laundering and smuggling narcotics.

Barack Obama, simply annexed a GW Bush Executive Order adding a few new items noted below:

President Obama also identified the following entities and individual for sanctions by listing them on the Annex to the Order:

·   The Reconnaissance General Bureau (RGB), North Korea’s premiere intelligence organization involved in North Korea’s conventional arms trade;

·       RGB commander Lieutenant General Kim Yong Chol;

·   Green Pine Associated Corporation, a North Korean conventional arms dealer subordinated to the control of the RGB; and

·   Office 39 of the Korean Workers’ Party, which provides critical support to North Korean leadership in part through engaging in illicit economic activities and managing the leadership’s slush funds.

The U.S. government has longstanding concerns regarding North Korea’s involvement in a range of illicit activities conducted through government agencies and associated front companies. North Korea’s nuclear and missile proliferation activity and other illicit conduct violate UN Security Council Resolutions 1718 and 1874, and these activities and their other illicit conduct violate international norms and destabilize the Korean Peninsula and the entire region. In signing this Order, President Obama has frozen the property and interests in property of the three entities and one individual listed on the Annex. This Order provides the United States with new tools to disrupt illicit economic activity conducted by North Korea.

As a matter of note, in recent days, Russia has stepped in to offer some diplomatic assistance dealing with North Korea as it appears China is dragging the diplomatic and political anchor dealing with the DPRK. Ah Russia again right? The in depth study is here on North Korea, It includes, history, terror attacks, cyber attacks, assassination attempts, raids and details on unrestricted warfare.

Just for some context, Russia and China have been aiding North Korea for decades…..but has the media done their work to expose this or the State Department? Nope…

Image result for north korea general o kuk ryol Courtesy

You see, General O Kuk ryol and Kim Jong Un both manage Unit 121. Unit 121, is part of the RGB and did the Sony hack, remember that? Well General O, is a graduate of the Mangyongdae Revolutionary School and the Kim Il sung University….but most importantly, he graduated also from Frunze Military Academy in 1962….where is that? Ah….Moscow, and at the time, it was the Soviet Union.

Frunze Military Academy in Devichie pole, Moscow

Strategy: Integrate their cyber forces into an overall battle strategy as part of a combined arms campaign. Additionally they wish to use cyber weapons as a limited non-war time method to project their power and influence.

Experience: Hacked into the South Korea and caused substantial damage; hacked into the U.S. Defense Department Systems. More here.

Meanwhile, we also have the Korea Computer Center…there are 9 production facilities and 11 regional centers. However, the KCC also has offices in China, Germany and Syria..further it should be noted that an estimated 10,000 North Korean IT developers operate in China, where it is common that $500.00 of their monthly salary goes back to the North Korean state.

So, we have Syria, Russia, China all colluding with North Korea….Iran is as well but the United Nations too? Yup…

FNC: For more than a year, a United Nations agency in Geneva has been helping North Korea prepare an international patent application for production of sodium cyanide — a chemical used to make the nerve gas Tabun — which has been on a list of materials banned from shipment to that country by the U.N. Security Council since 2006.

The World Intellectual Property Organization, or WIPO, has made no mention of the application to the Security Council committee monitoring North Korea sanctions, nor to the U.N. Panel of Experts that reports sanctions violations to the committee, even while concerns about North Korean weapons of mass destruction, and the willingness to use them, have been on a steep upward spiral.

Fox News told both U.N. bodies of the patent application for the first time late last week, after examining the application file on a publicly available WIPO internal website.

Information on the website indicates that North Korea started the international patent process on Nov. 1, 2015 — about two months before its fourth illegal nuclear test. The most recent document on the website is a “status report,” dated May 14, 2017 (and replacing a previous status report of May 8), declaring the North Korean applicants’ fitness “to apply for and be granted a patent.”

CLICK HERE FOR THE STATUS REPORT

During all that time, however, the U.N.’s Panel of Experts on North Korea “has no record of any communication from WIPO to the Committee or the Panel regarding such a serious patent application,” said Hugh Griffiths, coordinator of the international U.N. expert team, in response to a Fox News question.

The Panel of Experts has now officially “opened an investigation into this matter,” he said.

“This is a disturbing development that should be of great concern to the U.S. administration and to Congress, as well as the U.S. Representative to the U.N.,” William Newcomb, a member of the U.N. Panel of Experts for nearly three years ending in 2014, told Fox News.

Said an expert familiar with the sanctions regime: “It undermines sanctions to have this going on. The U.N. agencies involved should have been much more alert to checking these programs out.”

Questions sent last week to the U.S. State Department about WIPO’s patent dealings with North Korea had not been answered before this story was published.

For its part, a WIPO spokesperson told Fox News by email, in response to the question of whether it had reported the patent application to the U.N. sanctions committee, only that the organization “has strict procedures in place to ensure that it fully complies with all requirements in relation to U.N. Security Council sanction regimes.”

The spokesperson added that “we communicate with the relevant U.N. oversight committees as necessary.”

But apparently, help with preparing international patent applications for a sanctioned nerve gas “chemical precursor” does not necessarily count as grounds for such communication, if the Panel of Experts records are correct.

This is by no means the first time that WIPO, led by its controversial director general, Francis Gurry, has flabbergasted other parts of the U.N. and most Western nations with its casual and undeclared assistance, with potential WMD implications, to the bellicose and unstable North Korean regime.

And, as before, how the action is judged may depend upon razor-thin, legalistic interpretations of U.N. sanctions law on the one side vs. staggering violations of, at a minimum, common sense in dealing with the unstable North Korean regime, which among other things has never signed the international convention banning the development, production, stockpiling and use of chemical weapons.

While the patent process went on at WIPO, that regime has conducted five illegal nuclear tests — two in the past year, while the patent process was under way — and at least ten illegal ballistic missile launches since 2016, while issuing countless threats of mass destruction against its neighbors and the U.S.

In 2012, Fox News reported that WIPO had shipped U.S.-made computers and sophisticated computer servers to North Korea, and also to Iran, without informing sanctions committee officials.

The shipments were ostensibly part of a routine technology upgrade. Neither country could obtain the equipment on the open market, and much of it would have required special export licenses if shipped from the U.S.

The report kicked off an uproar, but after a lengthy investigation, the U.N. sanctions committee decided that the world organization’s porous restrictions had not been violated, while also noting WIPO’s defense that as an international organization, it was not subject to the rules aimed at its own member states.

Nonetheless, the investigators declared that “we simply cannot fathom how WIPO could have convinced itself that most Member States would support the delivery of equipment to countries whose behavior was so egregious it forced the international community to impose embargoes.”

The investigators also declared that “WIPO, as a U.N. agency, shares the obligation to support the work of other U.N. bodies, including the Sanctions Committees,” and that in response to the furor, WIPO had “implemented new requirements to check on sanctions compliance in advance of program implementation.”

There is no doubt about the banned nature of sodium cyanide — which can also be used to produce deadly cyanide gas, another weapon of mass destruction.

The chemical appears on a Security Council list of “items, materials, equipment, goods and technology” related to North Korea’s “other weapons of mass destruction programs” beyond nuclear weapons, which first appeared after U.N. Security Council resolution 1718 was approved in 2006.

CLICK HERE FOR THE LIST

That resolution, voted after North Korea conducted its first nuclear test, ordained that member states “prevent the direct or indirect supply, sale or transfer” to the regime known as the Democratic People’s Republic of Korea, or DPRK, of the listed items “which could contribute to DPRK’s nuclear-related, ballistic missile-related or other weapons of mass destruction-related programs.”

It also declared that “all member states shall prevent any transfers to the DPRK by their nationals or from their territories, or from the DPRK by its nationals or from its territory, of technical training, advice, services or assistance related to the provision, manufacture, maintenance or use of the items” listed.

Additionally, it demanded a freeze by U.N. member states or all “funds, other financial assets and economic resources” that could be used in the mass destruction-related programs.

CLICK HERE FOR RESOLUTION 1718

A subsequent Security Council resolution, 2270, in 2016 broadened things by declaring that “economic resources” referred to in Resolution 1718 “includes assets of every kind, whether tangible or intangible, movable or immovable, accrual or potential, which potentially may be used to obtain funds, goods or services” by DPRK.

This may open up another controversial aspect of the cyanide patent application, since, along with its mass-destructive uses, the chemical is considered the most common agent in the extraction of gold from ores and concentrates.

Further, according to the North Korean application to WIPO, the new process it wants to make ready for international patenting is a lower-cost process that produces ultra-high-grade product.

CLICK HERE FOR THE PROCESS APPLICATION DESCRIPTION

In WIPO’s response to Fox News, the agency’s spokesperson emphasized that “WIPO is not a patent-granting authority. Its role in handling these applications is to ensure that they conform to the procedural requirements” of the 152-member Patent Cooperation Treaty, or PCT, “and to publish them in accordance with the provisions of the treaty.” North Korea is a PCT signatory.

Translation: WIPO is merely a neutral, technical pass-through mechanism. As the spokesperson put it: “The decisions concerning whether or not to ultimately grant the patent are the sole purview of each jurisdiction where protection is being sought, in accordance with national law.”

While that may be true, it is also true, according to the WIPO website, that the U.N. agency gives those who use its services a lot of financially meaningful help.

That starts with the fact that by filing an international filing application with the agency, you have to pay only one fee rather than more than 150 to get an application acceptable in all PCT countries (which include the U.S. as one of the treaty’s biggest users).

WIPO also provides one-stop research on whether a patent overlaps with those elsewhere, and offers the possibility of widespread dissemination and publicity — i.e., stimulating demand, and thus at least the potential for sanctions-breaking in any subsequent licensing the North Korean patent.

Igniting controversy has been a characteristic of Director General Gurry’s reign — indeed, even before he first took WIPO’s top executive office in 2008.

In 2015, the U.N.’s watchdog Office of Internal Oversight Services (OIOS) was asked by WIPO’s own General Assembly chair to investigate Gurry for allegedly ordering, in 2008, break-ins of the offices of staffers to seek DNA evidence that they wrote anonymous letters against him. Gurry was WIPO’s No. 2 at the time.

A year later, after much byzantine maneuvering, a heavily redacted version of the report declared that “while there were indications that Mr. Gurry had a direct interest in the outcome of the DNA analysis, there is no evidence that he was involved in the taking of DNA samples.”

But the same document also found that Gurry had bent the organization’s rules and steered a sensitive cyber-security contract to a business acquaintance, , something alleged by one of Gurry’s former top deputies, James Pooley.

Under Gurry, WIPO also has been the only U.N. agency ever sanctioned by the U.S. State Department, on the grounds that it failed to adopt “best practices” in ethics and whistle-blower standards — a punishment first meted out by the pro-U.N. Obama administration in September 2015.

Among the whistle-blowers who say they were forced to leave WIPO during Gurry’s tenure for drawing attention to the agency’s previous computer shipments to North Korea is Miranda Brown, formerly Gurry’s senior strategic advisor.

Brown has repeatedly asked for her reinstatement at the WIPO, and just as often has been turned down by Gurry’s office.

2008, the Russians Hacked Obama’s Campaign Too

Posted on May 12, 2017May 12, 2017 by Denise Simon

Why are we learning this now? It is a dereliction of duty to advise the American electorate, campaign operators and all later political candidates, regardless of the kind of race. Further, should we be blaming Obama on this and did he invite the FBI to investigate? If so, the matters of phishing operations and Russia should have been a clarion call.

Further, why would Obama and Hillary even consider ‘resetting’ relations with Russia? Oh yeah……’cut it out Vladimir’..remember that?

Okay read on….the anger mounts.

Exclusive: Russian Hackers Attacked the 2008 Obama Campaign

Jeff Stein: Russian hackers targeted the 2008 Barack Obama campaign and U.S. government officials as far back as 2007 and have continued to attack them since they left their government jobs, according to a new report scheduled for release Friday.

The targets included several of the 2008 Obama campaign field managers, as well as the president’s closest White House aides and senior officials in the Defense, State and Energy Departments, the report says.

It names several officials by title, but not by name, including “several officials involved in Russian policy, including a U.S. ambassador to Russia,” according to a draft version of the report, authored by Area 1 Security, a Redwood City, California, company founded by former National Security Agency veterans.

“They’re still getting fresh attacks,” the company says.

The attacks on their email accounts have continued as the officials migrated to think tanks, universities and private industry, the company says. The favored weapon of the Russians and other hackers is the so-called “phishing” email, in which the recipient is invited to click on a innocent-looking link, which opens a door to the attackers.

Michael McFaul, Obama’s ambassador to Russia from 2011 to 2014, tells Newsweek that he gets “frequent” warnings of phishing attacks by an unnamed “foreign government” from both his Google email service and Stanford University, where he is now a professor of political science. He says his “colleagues, assistants and people like that” at Stanford also get attacked “on a fairly regular basis.”

“I have not been successfully penetrated, to the best of my knowledge,” McFaul says, speaking Thursday in a brief telephone interview. So far as he knows, “I have not been compromised.” There were three other U.S. ambassadors to Russia during Obama’s eight years in office who could not immediately be reached for comment.

The role of Russia in attacks on the 2008 campaigns of Obama and his Republican rival, Senator John McCain of Arizona, has not been previously reported. On the eve of a U.S.-China summit meeting in 2013, U.S. intelligence officials told NBC News that Beijing alone was responsible for a 2008 cyberattack on the Obama and McCain campaigns.

China can’t be excluded as a perpetrator in those attacks, Area 1 Security’s report says, but its new data “show that Russia tried to hack several members of the Obama campaign and could have done so at the same time as someone that achieved massive data exfiltration.”

Blake Darché, a former NSA technical analyst who co-founded Area 1 Security, tells Newsweek that “state-sponsored Russian hackers have been targeting United States officials and politicians since at least 2007 through phishing attacks.” Russian hackers reportedly breached the Joint Chiefs of Staff email system in 2015.

The company says one of the Russian targets was a “deputy campaign manager” in the 2008 Obama campaign, but was otherwise unidentified in its report. There were a number of them over a period of time. One was Steve Hildebrand. Reached in Sioux Falls, South Dakota, where he now runs a specialty bakery and coffee shop, Hildebrand says he was “not aware” that he might have been a Russian target and didn’t remember being warned about cyberattacks of any kind during the campaign. Another senior 2008 campaign aide (and later White House National Security Council spokesman), Tommy Vietor, tells Newsweek he had “no knowledge” of Russian hacking at the time.

Besides top officials in the Energy, Defense and State departments, the Area 1 Security report cites a half-dozen positions in the Obama White House that were targeted from 2008 through 2016, including the president’s deputy assistant, special assistant, the special assistant to the political director, advance team leaders for first lady Michelle Obama, and the White House deputy counsel. None of them could immediately be reached for comment.

Among the State Department targets named by Area 1 Security were three top offices dealing with Russia and Europe. Evelyn Farkas, who served as the Obama administration’s deputy assistant secretary of defense for Russia/Ukraine/Eurasia from 2012 to 2015, says she could not discuss matters that remain classified, but says “the biggest impact” she remembered offhand was the Russian hack of the Joint Chiefs.

Among the three top, unnamed targets at the Energy Department was the director of the Office of Nuclear Threat Science, which is responsible for overseeing the U.S. Nuclear Counterterrorism Program.

The Area 1 Security report names the “Dukes,” also known as “Cozy Bear” and APT-29, for the Obama attacks, the same Russian actors named in the 2015 and 2016 hacking of the Democratic National Committee (DNC) and the State Department.

In an interview, Darché calls the Dukes a front for Russia’s “premier intelligence-gathering arm,” which would be the SVR, or External Intelligence Service, the Kremlin equivalent to the CIA, although he declined to specifically name it. As opposed to the DNC hacks launched to steal and publicize information damaging to the campaign of Hillary Clinton, he says, the Russian offensives that Area 1 Security uncovered were clandestine “intelligence gathering operations” designed to secretly penetrate a wide variety of institutions and industry.

Clinton had harshly criticized the Kremlin’s suppression of human rights and seizure of the Crimea, while her rival Donald Trump had repeatedly said he wanted to be “friends” with Russian President Vladimir Putin.

Oren Falkowitz, a former analyst at the National Security Agency who co-founded Area 1 Security, says he launched the company to stop phishing attacks, which until then was thought to be impossible because so many employees continue to click on risky links in emails. The key to the company’s success was persuading clients to let it monitor its servers, he told The New York Times in a 2016 interview.

In Friday’s report, Area 1 Security says it uses a “vast active sensor network” to detect and trace phishing attacks. It says it could imagine the Dukes “operating a giant spreadsheet where new targets are added, but never leave.” It “moves quickly, compromising a server or service to send out phishing emails from it, and then leaves, never returning to check for bounced email messages to cull from its list.”

Most ex-officials don’t realize they are carrying “the blemish of being a Russian target into their new workplace,” the Area 1 Security report says. As a result, “they give the Dukes beachheads in companies and organizations they never even planned on or imagined hacking,” such as Washington think tanks, defense contractors, lobbyist offices, financial institutions and pharmaceutical companies stocked with high ranking former political, military and intelligence officials.

Russia is “notoriously persistent in pursuing targets,” the report says. “It’s a lesson on why every organization needs great security.”

***

FireEye CEO: Russians are at Work in Election Hacking

FireEye CEO Kevin Mandia said Thursday that strengthening U.S. cybersecurity defenses begins with protecting the country’s own systems first, and he is hopeful the Trump administration will implement a strategy to defend from cyber threats, during an interview on FOX Business’ “Countdown to the Closing Bell.”

“You gotta protect critical infrastructure and under times of duress, you have to be able to have shields up as a nation, and I think this order is going to move toward that,” he said, referring to the executive order President Trump signed Thursday, aimed at strengthening the America’s infrastructure to help prevent cyberattacks.

Cyber hacking has been in the forefront of an FBI investigation over Russia’s alleged involvement in the 2016 presidential election. Mandia said he believes acting FBI Director Andrew McCabe will continue the investigation into these claims.

“When you awake the sleeping giant, they get the job done and I think the FBI, whenever they apply the resources at their disposal and their capability, they can get the job done as they see fit,” he said.

Mandia believes the Russians are at work in election hacking and thinks it will continue to happen.

“The tool in every emerging nation’s tool box now [is] a cyber component,” he said.

The FireEye CEO added that the risks from cyberattacks can’t be eliminated because persistent hackers are exploiting human trust and not exploiting systems.