Category Archives: Department of Homeland Security

Russia’s Move to Own Citgo, Rosneft is Sanctioned

Posted on by

Primer:

From the gasoline that helps your family take vacations to the advanced medical equipment at your community hospital, CITGO is fueling good.

Image result for cities service signs Image result for cities service signs

It’s amazing the difference petroleum-based products make in our everyday lives. Based in Houston, Texas, CITGO is a refiner and marketer of transportation fuels, lubricants, petrochemicals and other industrial products. In addition to these products, there’s probably a CITGO in your neighborhood, a convenient place to fill up with gas and grab a quick snack.

The story of CITGO Petroleum Corporation as an enduring American success story began back in 1910 when pioneer oilman, Henry L. Doherty, created the Cities Service Company.

When Cities Service determined that it needed to change its marketing brand, it introduced the name CITGO in 1965, retaining the first syllable of its long-standing name and ending with “GO” to imply power, energy and progressiveness. The now familiar and enduring CITGO “trimark” logo was born.

Occidental Petroleum bought Cities Service in 1982, and CITGO was incorporated as a wholly owned refining, marketing and transportation subsidiary in the spring of the following year. Then, in August, 1983, CITGO was sold to The Southland Corporation to provide an assured supply of gasoline to Southland’s 7-Eleven convenience store chain.

In September, 1986, Southland sold a 50 percent interest in CITGO to Petróleos de Venezuela, S.A., (PDVSA), the national oil company of the Bolivarian Republic of Venezuela. PDVSA acquired the remaining half of CITGO in January, 1990 and the company is owned by CITGO Holding, Inc., an indirect, wholly owned subsidiary. With a secure and ample supply of crude oil, CITGO quickly became a major force in the energy arena.

Russia To Become Second-Largest Foreign Owner Of U.S. Domestic Refineries, If Venezuela Defaults

Venezuela’s state-owned oil company, Petroleos de Venezuela (PDVSA), has owned Citgo, an American refiner with headquarters in Houston, Texas, since the 1980s. At the end of 2016, cash-strapped Venezuela, in the throes of a combined economic and political crisis,[1] put up a large stake (49.9%) in Citgo as collateral in exchange for a loan from the Russian state-owned oil company Rosneft. Should PDVSA default on the loan, Rosfnet will gain control over Citgo. It is noteworthy that the U.S. imposed sanctions on Rosfnet following Russia’s seizure of Crimea in 2014.

On May 3, a bipartisan group of U.S. Senators introduced a wide-ranging bill calling for sanctions against the Venezuelan government and demanding President Donald Trump to prevent a deal struck by PDVSA and Rosfnet. CBS News reported: “The bill calls for the [U.S.] State Department to coordinate an international response to the crisis in Venezuela… In addition, a section of the bill highlights a Nov. 30 loan given by Russia’s state-owned oil company, Rosneft, to Venezuela’s state-owned oil company PDVSA. The deal would allow the Russian company to take control of nearly half of the U.S. oil company Citgo, which PDVSA owns, if Venezuela defaults on its debts.

“Influential senators from both parties sponsored the bill, including Senators Ben Cardin, D-Md.; Marco Rubio, R-Fla.; John Cornyn, R-TX; Dick Durbin, D-Ill.; John McCain, R-Ariz.; Bill Nelson, D-Fla.; Tim Kaine. D-Va.; Chris Van Hollen, D-Md. and Bob Menendez, D-NJ.”[2]

Earlier, Republican Congressman Jeff Duncan and Democratic Congressman Albio Sires sent a letter to U.S. Secretary of Treasury Steven Mnuchin, asking him to undertake an “immediate review of a recent asset transfer between Venezuela’s state-owned oil company. PDVSA, and Rosneft, which is under U.S. sanctions. The situation, if left unchecked, could severely undermine U.S. national security and energy independence.”[3]

On April 14, the Russian media outlet Vestifinance.ru, published an article titled “Rosneft And Citgo: Risk Or Anti-Russian Hysteria?” The article stated that U.S. lawmakers’ actions against The PDVSA-Rosneft deal are prompted by anti-Russian “hysteria.” Vestifinance.ru wrote: “By an amazing coincidence, a letter to Mnuchin was written just before U.S. Secretary of State Rex Tillerson’s visit to Moscow. And as long as relations between Moscow and Washington are not improved significantly, politicians will keep finding new pretexts to incite fears.”

Below are excerpts from the Vestifinance.ru article:[4]

(Source: Rt.com)

PDVSA Still Owes Russia $62 billion

“PDVSA, the Venezuelan state-owned oil company, has paid off its [Russian] loan along with interest in the amount of $2.2 billion. This is good news as PDVSA avoided a default. However, the Vice President [of Venezuela] Tarik El Aissami characterized the situation as ‘a merciless economic war’ being waged against the Maduro government. The bad news is that PDVSA still owes [Russia] $62 billion.

“It is well-known that some members of the U.S. Congress are quite concerned about a possible default by Venezuela, since Russian-owned Rosneft can then get access to the American company Citgo. Citgo owns 48 oil terminals in 20 U.S. states as well as 3 oil refineries. It is the control of Rosneft over the American refineries that worries lawmakers the most.

“‘The Russian government could readily become the second-largest foreign owner of U.S. domestic refinery capacity. Such a development would give the Russians more control over oil and gas prices worldwide, inhibit U.S. energy security, and undermine broader U.S. geopolitical efforts’, [U.S. congressmen] wrote in a letter to Treasury Secretary Steve Mnuchin. ‘We remain deeply concerned over the implications for U.S. national security.’

How Rosneft Can Take Over CITGO

“Venezuela has been desperate for cash lately. Petroleos de Venezuela (PDVSA), the Venezuelan state-owned oil company, has owned Citgo since the 1980s. In exchange for obtaining a loan from Rosneft in December, the Venezuelan oil company put up a large stake (49.9%) in Citgo as collateral. If PDVSA is unable to pay off the loan on time, Rosneft will almost certainly gain control over Citgo. All Rosneft would need for a majority share would be to buy a few more PDVSA bonds, thus clearing the 50% threshold of ownership.

[Rosneft] Is Not Going To Waste Money For The Illusory Opportunity To Harm The U.S.’

“The concerns expressed by [the U.S] congressmen are rather strange. What exactly is Rosneft going to do with three oil refineries? U.S. politicians believe that the Russian company will be able to take part in a conspiracy that will lead to a restriction of gasoline production, raise gas prices and thus cause damage to the U.S. national security or the American economy. This is plain silly. Even though Rosneft is a state-owned company, its purpose is still making profit, and it is not going to waste money for the illusory opportunity to harm the U.S. And the scenario offered by congressmen has no bearing on reality whatsoever. “Three refineries is a mere drop in the ocean compared to the rest of the U.S. oil assets. Even assuming that production could be reduced at these refineries, this may at most affect one region in the short term, but then other producers will quickly capture the market and stabilize it. And so if Rosneft takes over Citgo, it will simply produce and sell gasoline in the U.S., making money on it, rather than making insane plans to threaten the U.S. national security.

“Reports in the U.S. media treat the lawmakers’ letter with a healthy dose of irony and that is why it is difficult to avoid the conclusion that the congressmen are deliberately trying to incite anti-Russian fears. By an amazing coincidence, a letter to Mnuchin was written just before U.S. Secretary of State Rex Tillerson’s visit to Moscow. And as long as relations between Moscow and Washington are not improved significantly, politicians will keep finding new pretexts to incite fears.

“As far as Venezuela is concerned, yielding control of Citgo is a good way to reduce its debt burden. Most likely, this will happen no later than in the fall of 2017, since there is very little chance its economy will stabilize. Most likely, Venezuela will default and begin to restructure its debt this year. According to the credit-default swaps market, investors estimate the chances of Venezuela’s default in the next six months at 41%. And in March that indicator was below 34%.”

(Source: Latinamericapost.com)

 

 

[1] See MEMRI Special Dispatch N. 6903, Russia’s Support For The Venezuelan Regime – An Update, May 2, 2017.

[2] Cbsnews.com, May 3, 2017.

[3] See letter sent by Congressmen Jeff Duncan and Albio Sires.

[4] Vestifinance.ru, April 14, 2017.

With GPS, Drug Cartels Move Shipments to Europe Until

Posted on by

Drug cartels heavily rely on GPS devices to track shipments, feds say

The GPS has increasingly become a drug dealer’s new partner in crime.

Drug-smuggling groups are relying on the device to keep tabs on drug packages as they wind their way through Central America to the United States, according to published reports.

The criminals attach the drug shipments to buoys, send them off in the Pacific Ocean, and use signals they give off to track a package’s location by using special codes, InSight Crimes reports.

The GPS gives dealers the advantage of having drug shipments picked up by others monitoring their movements without being detected by authorities.

GPS devices are also allowing drug cartels to keep track of lower-level smugglers to ensure they are doing what they were told, say U.S. officials.

Barbara L. Carreno, public affairs officer for the U.S. Drug Enforcement Administration, said drug dealers have been using the tracking device for years. But recently, as the once bulky devices have become smaller and cheaper, their use has increased, she said.

“Traffickers need to know that their mules are doing what they are supposed to do and delivering their very valuable shipments where they are supposed to go,” Carreno said. “We often find GPS devices in shipments we seize.”

Traffickers won’t use a computerized system that would lead law enforcement back to them or create records that would implicate them.

– Barbara L. Carreno, spokeswoman, U.S. Drug Enforcement Administration

The GPS is simple enough, the DEA says, that it actually eludes more sophisticated tools used for drug interdictions by government agencies of various countries.

“Traffickers wouldn’t use a computerized system that would lead law enforcement back to them or create records that would implicate them,” Carreno said. “They want something cheap, unsophisticated and untraceable.”

Salvadoran officials say that Ecuadorean boatmen have become a core part of the criminal activity. They move the shipments to places off coasts of El Salvador, Guatemala and Costa Rica.

Once the shipments are left at certain locations in the Pacific, traffickers use the GPS to alert those waiting for them by sending information to mobile telephones and computers, the website said, citing the Salvadoran national police’s anti-narcotics division.

One of the most notorious drug kingpins, Ecuador’s Washington Prado Alava, was said by Colombian authorities to have run a highly sophisticated trafficking operation. But his operation, which moved 250 metric tons of cocaine to the United States over a four-year span, was dependent on GPS locators, Insight Crime reported. More here from FNC.

***

Anti-drug forces from several European and American countries intercepted a total of eight tons of cocaine in a double bust that is being dubbed as one of the largest in history.

In the larger one, Spanish authorities cooperated with Ecuadorean police to intercept a ship off that Latin American country bringing more than 5.5 metric tons of cocaine to Spain.

The ship was loaded with Colombian cocaine in the Pacific and planned to travel through the Panama Canal and across the Atlantic to Europe, officials said in a statement.

Una operación de la junto a la de Ecuador ha permitido interceptar un buque con 5.529 kilos de cocaína y detener a 24 personas.

 

In a separate drug seizure, Spanish police stopped a Venezuela-flagged fishing vessel carrying 2.5 metric tons of cocaine near Martinica.

The ship was intercepted on May 4 and was towed to Las Palmas in Spain’s Canary Islands.

The U.S. Drug Enforcement Agency and Britain’s National Crime Agency also took part in the joint operation.

The cargo seized off the coast of Ecuador has an estimated value of $250 million. Ecuadorean agents boarded it when it was almost three nautical miles off Santa Elena province.

Spain’s Interior Minister Juan Ignocio Zoido said to El Pais that the first operation resulted in the capture of 24 suspected drug traffickers.

“It is one of the largest cocaine seizures in history and it takes apart a large drug-trafficking organization between South America and Spain,” he said.

The massive operation began after Spain found out in January that a South American ring with links in Spain was organizing a large shipment.

That information was corroborated by intelligence also gathered by the U.S., Britain and Portugal, the statement said.

Since the beginning of 2017, Ecuador has confiscated about 30 tons of cocaine.

Large seizures of cocaine and cannabis aren’t uncommon in the Iberian Peninsula, which is seen as a drug gateway to Europe.

Spanish police captured almost eight metric tons of cocaine from four vessels in 2015 and 2016 and arrested 80 people, the police statement said.

 

Trump Orders Emergency Meeting After Global Cyber-attack

Posted on by

Primer: Investigators launched a far-reaching hunt for the perpetrator, as institutions around the world worked to mitigate damage from the highest-profile computer-worm outbreak in nearly a decade. More here from the WSJ.

Image result for wannacry ransomware

President Trump reportedly ordered an emergency meeting over the weekend after an unprecedented cyberattack hit at least 100,000 organizations in 150 countries.

Senior security staffers with Homeland Security, the FBI and the National Security Agency met on Friday and Saturday in the White House to assess the threat from the “ransomware” attack, Reuters reported.

Trump ordered Homeland Security adviser Tom Bossert to hold the meeting, CBS News reported. Details of the meeting were not immediately disclosed.

The attack that began Friday is believed to be the biggest online extortion attack ever recorded, spreading chaos by locking computers that run Britain’s hospital network, Germany’s national railway and scores of other companies, factories and government agencies worldwide.

Steven Wilson, Head of Europol’s European Cybercrime Centre, told Sky News on Sunday that it was now important that IT departments checked their systems on Monday morning to ensure they had not been compromised.

Security experts warned that further cyberattacks are likely.

“The global reach is unprecedented and beyond what we have seen before,” Rob Wainwright, director of the Netherlands-based Europol said Sunday “The latest count is over 200,000 victims in at least 150 countries, and those victims, many of those will be businesses, including large corporations.”

“At the moment, we are in the face of an escalating threat. The numbers are going up,” he added. “I am worried about how the numbers will continue to grow when people go to work and turn on their machines on Monday morning.”

The Europol spokesman said it was too early to say who is behind the onslaught and what their motivation was. The main challenge for investigators was the fast-spreading capabilities of the malware, he said, adding that so far not many people have paid the ransoms that the virus demands.

Had it not been for a young cybersecurity researcher’s accidental discovery of a so-called “kill switch,” the malicious software likely would have spread much farther and faster. Security experts say this attack should wake up every corporate board room and legislative chamber around the globe.

***

The long-expected US Executive Order is out, and giving prominence to the NIST Framework, DHS,and OMB. Eternal Blue is used to spread WannaCry ransomware, and the UK’s NHS is hard hit. Fancy Bear prances in NATO costume. US Intelligence Community leaders warn the Senate that the Russian cyber threat is large, growing, and not going away. And spamming celebrates its thrity-ninth birthday—no happy returns for you, spammers.

In today’s podcast, we hear about the long-expected US Executive Order, with commentary from Politico’s Eric Geller. It was signed yesterday, and gives prominence to the NIST Framework, DHS,and OMB. Eternal Blue is used to spread WannaCry ransomware, and the UK’s NHS is hard hit. Fancy Bear prances in NATO costume. US Intelligence Community leaders warn the Senate that the Russian cyber threat is large, growing, and not going away. The University of Maryland’s Jonathan Katz explains some potential browser protocol vulnerabilities. And spamming celebrates its thirty-ninth birthday—no happy returns for you, spammers.  Go here for the podcast, see WannaCry ransomware title.  It is key to note that cyber experts saw chatter in hack chat rooms about this worm in April.

57,000 Detections, 74 Countries Affected by Global Ransomware

Posted on by

 

Go here for more information on malware affections.

Further, US-CERT, by DHS has this information.

 

 

Older machines running XP do not appear to be affected. Meanwhile, about a month ago:

Microsoft responds to NSA’s Windows exploits, urges customers to upgrade to supported versions

Remember, this NSA vault toolkit was stolen, leaked and published by WikiLeaks, Julian Assange. In some cases, it could be a deadly threat to life considering the intrusions into hospitals. The other blame goes to the Russian cyber gang, ShadowBrokers.

Russian-linked cyber gang Shadow Brokers blamed for NHS computer hack 

Ransom message found on NHS computersCourtesy: TelegraphUK: Ransom message found on NHS computers

CyberScoop: Large organizations on every continent are being hit by a global campaign of ransomware attacks on Friday, unfortunately, average ransomware demand has increased significantly. Machines are being infected using exploits developed by the U.S. National Security Agency and leaked by the group known as ShadowBrokers, according to authorities.

More than 57,000 detections in 74 countries have been recorded. Russia appears to be the most infected country by far, according to cybersecurity firms Kaspersky and Avast.

The “number [is] still growing fast,” according to Costin Raiu, Kaspersky’s director of research.

Hospitals across England were forced to divert emergency patients, according to the National Health Service. Other hospitals are asking patients to avoid coming in except for emergencies, news reports said.

In Spain, victims including the telecommunications company Telefónica told employees to shut down machines and networks in an effort to stop the spread of the malware. Other victims include Gas Natural and Iberdrola, an electric utility firm.

The ransomware campaign is caused by “exploiting the vulnerability described in bulletin MS17-010 using EternalBlue / DoublePulsar,”Spain’s Computer Emergency Readiness Team explained on Friday. “Infection of a single computer can end up compromising the entire corporate network.”

EternalBlue and DoublePulsar are code names for NSA hacking tools used to infect thousands of machines around the world since the NSA tools leaked in April.

That description from Spanish authorities and the work of several researchers point directly to NSA tools hacked and leaked by ShadowBrokers. The patch that Microsoft published in March assigned the designation MS17-010 to the vulnerability.

A widespread “bloodbath” from criminals has been expected by experts since the leak.

The ransomware “infects the machine by encrypting all its files and, using a remote command execution vulnerability through SMB, is distributed to other Windows machines on the same network. Microsoft published the vulnerability on March 14 in its bulletin and a few days ago a proof of concept was released that seems to have been the trigger of the campaign.” SMB is Microsoft’s Server Message Block protocol for network file sharing.

The attacks in different countries have been linked to the same group, according to the Financial Times.

The U.S. Department of Homeland Security is “coordinating with our international cyber partners” in Europe and Asia, a spokesperson told CyberScoop. “The Department of Homeland Security stands ready to support any international or domestic partner’s request for assistance. We routinely provide cybersecurity assistance upon request, including technical analysis and support.  Information shared with DHS as part of these efforts, including whether a request has been made, is confidential.”

Security researcher Kevin Beaumont advised patching machines immediately:

** Kevin Beaumont?Verified account @GossiTheDog5h5 hours ago 

Confirmed – wcry ransomware spreading across Europe uses EternalBlue/MS17-010/SMB. PATCH NOW EVERYWHERE.

Spanish authorities confirmed the ransomware is a version of WannaCry (also known as WannaCrypt0r), according to the National Cryptology Center. In Spain, the newspaper El Mundo is reporting that “early indications point to an attack originating in China.”

“Given the rapid, prolific distribution of this ransomware, we consider this activity poses high risks that all organizations using potentially vulnerable Windows machines should address,” a spokesperson from the cybersecurity firm FireEye told CyberScoop. “Organizations seeking to take risk management steps related to this campaign can implement patching for the MS17-010 Microsoft Security bulletin and leverage the indicators of compromise identified as associated with this activity.”

FireEye has yet to see a U.S.-based company be affected by the ransomware worm.

An estimated 25 health facilities in London and across England have been hit, according to the NHS. St Bartholomew’s Hospital in London, one of the victims, received warnings earlier this year that computers using Windows XP were vulnerable, reported the technology news site the Inquirer. Increasingly, some infected hospitals are not accepting phone calls or internet communications. The Derbyshire Community Health Services NHS Trust has reportedly shut down all of its IT systems.

“At this stage we do not have any evidence that patient data has been accessed,” an NHS statement said. “We will continue to work with affected organizations to confirm this.”

East and North Hertfordshire NHS trust, a hospital just north of London, publicly acknowledged “a major IT problem” that is “believed to be caused by a cyber attack.”

“The trust is postponing all non-urgent activity for today and is asking people not to come to A&E – please ring NHS111 for urgent medical advice or 999 if it is a life-threatening emergency,” according to a statement. “To ensure that all back-up processes and procedures were put in place quickly, the trust declared a major internal incident to make sure that patients already in the trust’s hospitals continued to receive the care they need.”

News of the English hospitals being hit with ransomware spread quickly among doctors and hospital employees, including in a widely shared message from an English doctor now making the rounds on social media.

**

If.ra? @asystoly6h6 hours ago  Why would you cyber attack a hospital and hold it for ransom? The state of the world ?

“So our hospital is down,” the doctor wrote. “We got a message saying your computers are now under their control and pay a certain amount of money. And now everything is gone.”

2008, the Russians Hacked Obama’s Campaign Too

Posted on by

Why are we learning this now? It is a dereliction of duty to advise the American electorate, campaign operators and all later political candidates, regardless of the kind of race. Further, should we be blaming Obama on this and did he invite the FBI to investigate? If so, the matters of phishing operations and Russia should have been a clarion call.

Further, why would Obama and Hillary even consider ‘resetting’ relations with Russia? Oh yeah……’cut it out Vladimir’..remember that?

Okay read on….the anger mounts.

Exclusive: Russian Hackers Attacked the 2008 Obama Campaign

Jeff Stein: Russian hackers targeted the 2008 Barack Obama campaign and U.S. government officials as far back as 2007 and have continued to attack them since they left their government jobs, according to a new report scheduled for release Friday.

The targets included several of the 2008 Obama campaign field managers, as well as the president’s closest White House aides and senior officials in the Defense, State and Energy Departments, the report says.

It names several officials by title, but not by name, including “several officials involved in Russian policy, including a U.S. ambassador to Russia,” according to a draft version of the report, authored by Area 1 Security, a Redwood City, California, company founded by former National Security Agency veterans.

“They’re still getting fresh attacks,” the company says.

The attacks on their email accounts have continued as the officials migrated to think tanks, universities and private industry, the company says. The favored weapon of the Russians and other hackers is the so-called “phishing” email, in which the recipient is invited to click on a innocent-looking link, which opens a door to the attackers.

Michael McFaul, Obama’s ambassador to Russia from 2011 to 2014, tells Newsweek that he gets “frequent” warnings of phishing attacks by an unnamed “foreign government” from both his Google email service and Stanford University, where he is now a professor of political science. He says his “colleagues, assistants and people like that” at Stanford also get attacked “on a fairly regular basis.”

“I have not been successfully penetrated, to the best of my knowledge,” McFaul says, speaking Thursday in a brief telephone interview. So far as he knows, “I have not been compromised.” There were three other U.S. ambassadors to Russia during Obama’s eight years in office who could not immediately be reached for comment.

The role of Russia in attacks on the 2008 campaigns of Obama and his Republican rival, Senator John McCain of Arizona, has not been previously reported.  On the eve of a U.S.-China summit meeting in 2013, U.S. intelligence officials told NBC News that Beijing alone was responsible for a 2008 cyberattack on the Obama and McCain campaigns.

China can’t be excluded as a perpetrator in those attacks, Area 1 Security’s report says, but its new data “show that Russia tried to hack several members of the Obama campaign and could have done so at the same time as someone that achieved massive data exfiltration.”

Blake Darché, a former NSA technical analyst who co-founded Area 1 Security, tells Newsweek that “state-sponsored Russian hackers have been targeting United States officials and politicians since at least 2007 through phishing attacks.” Russian hackers reportedly breached the Joint Chiefs of Staff email system in 2015.

The company says one of the Russian targets was a “deputy campaign manager” in the 2008 Obama campaign, but was otherwise unidentified in its report. There were a number of them over a period of time. One was Steve Hildebrand. Reached in Sioux Falls, South Dakota, where he now runs a specialty bakery and coffee shop, Hildebrand says he was “not aware” that he might have been a Russian target and didn’t remember being warned about cyberattacks of any kind during the campaign. Another senior 2008 campaign aide (and later White House National Security Council spokesman), Tommy Vietor, tells Newsweek he had “no knowledge” of Russian hacking at the time.

Besides top officials in the Energy, Defense and State departments, the Area 1 Security report cites a half-dozen positions in the Obama White House that were targeted from 2008 through 2016, including the president’s deputy assistant, special assistant, the special assistant to the political director, advance team leaders for first lady Michelle Obama, and the White House deputy counsel. None of them could immediately be reached for comment.

Among the State Department targets named by Area 1 Security were three top offices dealing with Russia and Europe. Evelyn Farkas, who served as the Obama administration’s deputy assistant secretary of defense for Russia/Ukraine/Eurasia from 2012 to 2015, says she could not discuss matters that remain classified, but says “the biggest impact” she remembered offhand was the Russian hack of the Joint Chiefs.

Among the three top, unnamed targets at the Energy Department was the director of the Office of Nuclear Threat Science, which is responsible for overseeing the U.S. Nuclear Counterterrorism Program.

The Area 1 Security report names the “Dukes,” also known as “Cozy Bear” and APT-29, for the Obama attacks, the same Russian actors named in the 2015 and 2016 hacking of the Democratic National Committee (DNC) and the State Department.

In an interview, Darché calls the Dukes a front for Russia’s “premier intelligence-gathering arm,” which would be the SVR, or External Intelligence Service, the Kremlin equivalent to the CIA, although he declined to specifically name it. As opposed to the DNC hacks launched to steal and publicize information damaging to the campaign of Hillary Clinton, he says, the Russian offensives that Area 1 Security uncovered were clandestine “intelligence gathering operations” designed to secretly penetrate a wide variety of institutions and industry.

Clinton had harshly criticized the Kremlin’s suppression of human rights and seizure of the Crimea, while her rival Donald Trump had repeatedly said he wanted to be “friends” with Russian President Vladimir Putin.

Oren Falkowitz, a former analyst at the National Security Agency who co-founded Area 1 Security, says he launched the company to stop phishing attacks, which until then was thought to be impossible because so many employees continue to click on risky links in emails. The key to the company’s success was persuading clients to let it monitor its servers, he told The New York Times in a 2016 interview.

In Friday’s report, Area 1 Security says it uses a “vast active sensor network” to detect and trace phishing attacks. It says it could imagine the Dukes “operating a giant spreadsheet where new targets are added, but never leave.” It “moves quickly, compromising a server or service to send out phishing emails from it, and then leaves, never returning to check for  bounced email messages to cull from its list.”

Most ex-officials don’t realize they are carrying “the blemish of being a Russian target into their new workplace,” the Area 1 Security report says.  As a result, “they give the Dukes beachheads in companies and organizations they never even planned on or imagined hacking,” such as Washington think tanks, defense contractors, lobbyist offices,  financial institutions and pharmaceutical companies stocked with high ranking former political, military and intelligence  officials.

Russia is “notoriously persistent in pursuing targets,” the report says. “It’s a lesson on why every organization needs great security.”

***

FireEye CEO: Russians are at Work in Election Hacking

FireEye CEO Kevin Mandia said Thursday that strengthening U.S. cybersecurity defenses begins with protecting the country’s own systems first, and he is hopeful the Trump administration will implement a strategy to defend from cyber threats, during an interview on FOX Business’ “Countdown to the Closing Bell.”

“You gotta protect critical infrastructure and under times of duress, you have to be able to have shields up as a nation, and I think this order is going to move toward that,” he said, referring to the executive order President Trump signed Thursday, aimed at strengthening the America’s infrastructure to help prevent cyberattacks.

Cyber hacking has been in the forefront of an FBI investigation over Russia’s alleged involvement in the 2016 presidential election. Mandia said he believes acting FBI Director Andrew McCabe will continue the investigation into these claims.

“When you awake the sleeping giant, they get the job done and I think the FBI, whenever they apply the resources at their disposal and their capability, they can get the job done as they see fit,” he said.

Mandia believes the Russians are at work in election hacking and thinks it will continue to happen.

“The tool in every emerging nation’s tool box now [is] a cyber component,” he said.

The FireEye CEO added that the risks from cyberattacks can’t be eliminated because persistent hackers are exploiting human trust and not exploiting systems.