Category Archives: Department of Homeland Security

WikiLeaks Releases CIA Cyber Docs, Problem?

Posted on by

Primer: Steve Bannon works for President Trump in the White House.

Steve Bannon is a star – for Al-Qaeda, that featured him on the cover of their newspaper

steve-bannon-is-a-star---for-al-qaeda-that-featured-him-on-the-cover-of-their-paper

Then this headline….

The new scandal headlines for today is WikiLeaks, telling us they published the largest cache of secret CIA documents relating to the CIA’s ability to hack, break encryption and install malware. This is a problem? The problem is not the tools the CIA has, the problem is that someone inside the agency stole them and delivered them to WikiLeaks.

It is a good thing that the agency has these resources, why you ask?

Well….try this…The threat is real from Russians, Chinese, North Korea, Iran, Syria, Ukraine, al Qaeda and Islamic State…

Image result for stuxnet

Remember Stuxnet? This was a successful joint program under the Bush presidency with Israel to infect the Iranian nuclear program and it was to forces the centrifuges to spin out of control, which they did. Ultimately, it caused the progress of the Iranian infrastructure to be delayed substantially. It was in fact later uncovered by cyber scientists working for Siemens, the hardware and software platform used as the operating system. Good right? Yes.

Image result for u.s. cyber command

Well, there is more…

In recent years, Iran and North Korea have been sharing nuclear scientists and engineers, parts, testing and missile collaboration. So far, the missiles launched by North Korea for the most part have been unsuccessful, or at least did not achieve the ultimate objective and that is an official target strike. Why? Because of the United States. How so you ask?

Over the weekend, North Korea fired off 4 missiles in succession toward Japan. They did not reach the mainland but did reach the waterway that is part of the Japanese economic zone for maritime operations. We have American cyberwarriors that are doing effective work causing the missiles to fly off course or to technically fail. The objective is to use non-explosive weaponry to foul the North Korea and hence Iran’s missile program and while North Korea is not especially connected to the internet, some related systems are connected and then there is electronic warfare.

Image result for foreign hacking omb

We know that Islamic State is a terror operation that has militant cells in an estimated 30 countries. While they have depraved methods of murder, rape and terror, they too have a cyber operation.

The Will to Act

One question is whether ISIS will be consumed with the protection and continued expansion of its immediate fighting fronts, i.e., the “near enemy,” or whether its scope of vision includes America’s homeland. The Economist advances a strong case that desire for such expansion not only exists but will be exercised: “With its ideological ferocity, platoons of Western passport holders, hatred of America and determination to become the leader of global jihadism, ISIS will surely turn, sooner or later, to the ‘far enemy’ of America and Europe.”

And perhaps any doubt the militant’s sights are on America was removed by ISIS leader Abu Bakr al-Baghdadi’s Sept. 22 call for jihadists to not wait for the order but to rise, take up arms, and “kill Americans and other infidels” wherever they are. Clearly the group is showing no hesitancy in its desire to strike the U.S. heartland on a personal scale.

Cyber Operations Capability?

As to whether ISIS will have the capability to mount cyber operations against the U.S., David DeWalt, head of cybersecurity firm FireEye, believes that ISIS will follow in the footsteps of the Syrian Electronic Army and the Iran-based Ajax Security Team to target the United States and other Western nations.

“We’ve begun to see signs that rebel terrorist organizations are attempting to gain access to cyber weaponry,” DeWalt stated recently. He added that booming underground markets dealing in malicious software make offensive cyber weapons just an “Internet transaction” away for groups such as ISIS. More here.

Is there more to this that we should know? Yes…

There is the Middle East and we have a major vested interest in the region.

***

Cybersecurity in the Gulf: The Middle East’s Virtual Frontline

Cybersecurity is often discussed in relation to the major global powers: China’s economic espionage, Russian influence operations, and U.S. dragnet global surveillance to thwart terrorism.

However, as other countries move to digitize their economies, cybercriminals are zeroing in on these new and lucrative targets while regional players are quickly incorporating cyber capabilities into their own arsenals for achieving strategic ends.

The Middle East, particularly the Gulf states, are quickly recognizing the urgent need for better cybersecurity, while regional adversaries such as Iran have begun weaponizing code as an extension of broader strategic goals within the region. What, though, is the Gulf’s current cybersecurity atmosphere, and how does Iran’s emerging use of offensive cyber capabilities fit into its broader strategy in the Middle East?

Wajdi Al Quliti, the Director of Information Technology at the Organization of Islamic Cooperation, notes that “the region’s dramatic strides towards digitization—expected to add over $800 billion to GDP and over 4 million jobs by 2020—is making the Gulf a major target for fast evolving cyber threats.” Much like other regions, the Gulf is finding it difficult to sufficiently create criminal deterrence due to segmented laws and difficulties in attribution. Al Quliti argues “cross-border cooperation and common cybersecurity structures could prove to be a game-changing advantage in the fight against cybercrime.” However, “the elephant in the room,” according to Al Quliti, “is the issue of state-sponsored hacking, in which case harmonized laws are unlikely to make a difference.”

A critical point in nation-state hacking in the Middle East begins with the Stuxnet worm. Discovered in 2010 burrowed deep in Iranian networks, the worm had slowly been sabotaging Iran’s nuclear ambitions. Then in 2011 CrySyS Lab discovered Duqu, a cyber espionage tool tailored to gather information from industrial control systems, and in 2012, Kaspersky Labs identified Flame, another espionage tool, targeting various organizations in the Middle East. Both Duqu and Flame are associated with Stuxnet and attributed back to the Equation Group, widely considered an arm of the National Security Agency.

In 2012, Iranian officials found a wiper virus erasing files in the network of the Oil Ministry headquarters in Tehran, leading the ministry to disconnect all oil terminals from the Internet to prevent the virus from spreading. It is uncertain who was behind the attacks, but a mere four months later, Saudi Arabia’s largest oil company, Saudi Aramco, was hit with a similar wiper virus known as Disttrack—possibly coopted from the previous attack on Iran’s oil industry.

The data-erasing malware sabotaged three-quarters, some 35,000 of the company’s computers while branding screens with an image of a burning American flag. A few months later, another wiper virus attacked Qatar’s RasGas.

Al Quliti identifies “the region’s heavy dependence on oil and gas—as well as the oil and gas-powered desalination plants that provide much of the region’s fresh water”—as “a source of cyber vulnerability,” adding that “any cyber attack on these installations could prove catastrophic and might result in a humanitarian disaster.”

The sabotage operations against the Gulf’s oil industry have been attributed by various cybersecurity firms—but not officially by any government—to a group called Shamoon, thought to be an arm of the Iranian government.

Michael Eisenstadt, the Director of the Military and Security Studies Program at the Washington Institute for Near East Policy, notes that “cyber allows Iran to strike at adversaries globally, instantaneously, and on a sustained basis, and to potentially achieve strategic effects in ways it cannot in the physical domain.” For example, in March 2016, the Justice Department indicted seven Iranian Revolutionary Guard members for distributed denial of service attacks against U.S. banks in 2012 in retaliation for Iran sanctions imposed the previous year, as well as for infiltrating the systems of a small New York dam in 2013—a possible testing ground for penetrating larger pieces of U.S. critical infrastructure. In 2014, the same year North Korea set its sights on Sony Pictures, Iran’s cyber capabilities again reached into the United States, using another wiper virus to sabotage the operations of the Las Vegas Sands casino, whose chief executive, a staunch supporter of Israel, had suggested detonating a nuclear bomb in the heart of Tehran.

Last November, right before a major OPEC meeting, a variation of the Disttrack wiper used against Saudi Aramco struck again, now fitted with a picture of Alan Kurdi, the drowned Syrian toddler who washed up in Turkey in 2015. The virus targeted six Saudi organizations, most notably the Saudi General Authority of Civil Aviation, delivering its payload at the close of business on a Thursday, the start of the Islamic weekend, for maximum impact. Some experts speculate the November attack could have also been a false-flag operation to derail the Iranian nuclear deal.

Interestingly, for both the 2012 and 2016 Shamoon attacks, the wiper came fitted with stolen login credentials that Symantec now believes could have been gleaned from a cyber espionage tool, known as Greenbug, found on one of the administrator computers of a Saudi organization targeted in November. The potential link between Greenbug and the Shamoon group opens up possible investigations into the group’s involvement in a host of other Greenbug attacks throughout the Middle East, including breaches in Saudi Arabia, Bahrain, Iraq, Qatar, Kuwait, Turkey, and even Iran—though likely for domestic surveillance on dissidents. Just last week, another wiper virus hit 15 Saudi organizations, including the Ministry of Labor, prompting the government to issue an urgent warning of pending Shamoon attacks.

Eisenstadt points out that “Iran’s cyber activities show that a third-tier cyber power can carry out significant nuisance and cost-imposing attacks,” and “its network reconnaissance activities seem to indicate that it is developing contingency plans to attack its enemies’ critical infrastructure.” According to Eisentadt, is now seems that “in the past decade, Iran’s cyber toolkit has evolved from a low-tech means of lashing out at its enemies by defacing websites and conducting DDoS attacks, to a central pillar of its national security concept.”

Beginning to understand why the CIA and the other agencies are building cyber command war-rooms?

 

Terrorists in U.S. Several Years Before Being Radicalized, then Canada

Posted on by

The Homeland Security report is based on unclassified information from Justice Department press releases on terrorism-related convictions and attackers killed in the act, State Department visa statistics, the 2016 Worldwide Threat Assessment from the U.S. intelligence community and the State Department Country Reports on Terrorism 2015.

The three-page report challenges Trump’s core claims. It said that of 82 people the government determined were inspired by a foreign terrorist group to carry out or try to carry out an attack in the United States, just over half were U.S. citizens born in the United States. The others were from 26 countries, led by Pakistan, Somalia, Bangladesh, Cuba, Ethiopia, Iraq and Uzbekistan. Of these, only Somalia and Iraq were among the seven nations included in the ban.

Of the other five nations, one person each from Iran, Sudan and Yemen was also involved in those terrorism cases, but none from Syria. It did not say if any were Libyan.

The report also found that terrorist organizations in Iran, Libya, Somalia and Sudan are regionally focused, while groups in Iraq, Syria and Yemen do pose a threat to the U.S.

The seven countries were included in a law President Barack Obama signed in 2015 that updated visa requirements for foreigners who had traveled to those countries. More here from Associated Press.

Then we have the gullible Prime Minister of Canada, Justin Trudeau who has invited Middle Eastern migrants, asylees and refugees in a welcome to Canada. Yet the intelligence and security authorities in Canada have a different position.

Terrorism

The principal terrorist threat to Canada remains that posed by violent extremists who could be inspired to carry out an attack in Canada. Violent extremist ideologies espoused by terrorist groups like Daesh and Al Qaeda (AQ) continue to appeal to certain individuals in Canada.

Infographic: A terrorism timeline of incidents involving Canadians between October 20, 2014 and September 30, 2016. Long description below.

Long description of infographic: Terrorism timeline

Terrorism Timeline

As of December 31, 2016

  • October 20, 2014
    CAF member killed in a ramming attack in Saint-Jean-Sur-Richelieu
  • October 22, 2014
    CAF member fatally shot at the Canadian War Memorial in Ottawa
  • January 14, 2016
    Canadian killed in an attack on a Starbucks in Jakarta, Indonesia
  • January 16, 2016
    6 Canadians killed during an attack on their hotel in Burkina Faso
  • March 14, 2016
    2 CAF members stabbed at a CAF recruiting centre in Toronto
  • April 25, 2016
    Canadian beheaded by the Abu Sayyaf group in the Philippines
  • June 12, 2016
    Canadian beheaded by the Abu Sayyaf group in the Philippines
  • June 25, 2016
    Canadian killed in an attack on the Somali parliament, Somalia
  • December 18, 2016
    Canadian killed in an attack in Karak, Jordan
2016 Public Report on the Terrorist Threat to CanadaThe principal terrorist threat to Canada remains that posed by violent extremists who could be inspired to carry out an attack in Canada. Violent extremist ideologies espoused by terrorist groups like Daesh and Al Qaeda (AQ) continue to appeal to certain individuals in Canada.

As in recent years, the Government of Canada has continued to monitor and respond to the threat of extremist travellers, that is, individuals who are suspected of travelling abroad to engage in terrorism-related activity. The phenomenon of extremist travellers—including those abroad, those who return, and even those prevented from travelling—poses a range of security concerns for Canada. As of the end of 2016, the Government was aware of approximately 180 individuals with a nexus to Canada who were abroad and who were suspected of engaging in terrorism-related activities. The Government was also aware of a further 60 extremist travellers who had returned to Canada.

The threat environment has also evolved beyond Canada’s borders. Daesh has continued to dominate the landscape in the Middle East, where other terrorist groups such as Jabhat al-Nusra and Hizballah also operate. Elsewhere in the Middle East, Al Qaeda in the Arabian Peninsula (AQAP) has taken advantage of the civil conflict in Yemen to capture territory there and strengthen itself. In addition, 2016 saw Daesh’s expansion in Africa, and Boko Haram (now rebranded as a Daesh affiliate in West Africa) continues to pose a major threat to regional stability. In South and Southeast Asia, Daesh expansionism and entrenched regional groups shaped the threat environment.

Canadians and Canadian interests are also affected. Canadian Armed Forces (CAF) personnel, government officials and private citizens are under constant threat in certain regions. In September 2015, two Canadians were kidnapped in the Philippines. Both were killed by their captors in the spring of 2016. In January 2016, an AQ-affiliated group based in Mali attacked a hotel in Burkina Faso, killing six Canadians. That same month, attackers linked to Daesh targeted a coffee shop in Jakarta, Indonesia, killing one Canadian. In June 2016, a Somali government minister with Canadian citizenship was killed in an Al-Shabaab terrorist attack on a hotel in Mogadishu, Somalia. Also in June, 15 Nepalese security guards who protected the Embassy of Canada to Afghanistan in Kabul were killed when terrorists targeted the bus that was transporting them to work.

International Cooperation

The international security environment continues to result in increased threats to Canada and its interests, both domestically and abroad. Ongoing conflicts in several regions of Africa, the Middle East, Asia, Eastern Europe and elsewhere show no signs of abating and continue to have serious national and international security implications. Worldwide incidents of terrorism, espionage, weapons proliferation, illegal migration, cyber-attacks and other acts targeting Canadians—directly or indirectly—remain ever present. Since the bulk of such threats originate from (or have a nexus to) regions beyond Canada’s borders, CSIS needs to be prepared and equipped to investigate the threat anywhere.

Additionally, certain security threats continue to evolve. Over the past several years, the globalization of terrorism, fueled by elaborate online propaganda videos by extremist groups, has expanded the breadth of radicalization. In some instances, individuals influenced by extremist ideology and driven by a need to feed their sense of belonging have travelled (or attempted to travel) abroad to participate in terrorist activity. Others may continue to support their extremist ideology through training, fundraising, recruitment and attack planning within Canada. As the threat posed by ‘foreign fighters’ is international in scope, a global reach is an absolute necessity in efforts to track and thwart threats to Canada and its allies posed by such individuals.

Furthermore, while the international focus has been on countering terrorism, espionage threats remain ever present and have become far more complex due to continuing advancements in technology and the globalization of communications. On the cyber front, foreign governments and hackers continue to exploit the Internet and other means to target critical infrastructure and information systems of other countries.

Such threats cannot be countered in isolation, and CSIS must remain adaptable in order to keep abreast of developments in both the domestic and international spheres. Despite differences in mandate, structure or vision, security intelligence agencies around the globe are all faced with very similar priorities and challenges. To meet the Government of Canada’s priority intelligence requirements, CSIS maintains a well-established network of relationships with foreign agencies. In accordance with s.17(1)(b) of the CSIS Act, all such arrangements are authorized by the Minister of Public Safety and supported by the Minister of Foreign Affairs. These arrangements provide CSIS access to timely information linked to a number of threats and allow the Service (and, in turn, the Government of Canada) to obtain information which might otherwise not be available.

As of March 31, 2016, CSIS had established over 300 foreign arrangements in some 150 countries. Of those, 69 remain defined as ‘Dormant’ (due to a lack of need for engagement or exchanges for a period of one year or more), while nine remained defined as ‘Restricted’ due to concerns over the affected agencies’ respect for human rights or its reliability. The human rights reputations of foreign agencies with which CSIS engages is not something which the Service takes lightly. In order to mitigate potential risks of sharing information, CSIS regularly assesses its foreign relationships and reviews various government and non-government human rights reports for all countries with which the Service has implemented ministerially approved arrangements, always cognizant of the fact that our first responsibility is to the Canadian people and their safety. CSIS opposes in the strongest possible terms the mistreatment of any individual by a foreign agency. The Service must and does comply with Canada’s laws and legal obligations in sharing information with foreign entities, and expects the same from its foreign counterparts.

Terrorist Group Profiles

The Cyber Threat

Cyber threats from hostile actors continue to evolve. State-sponsored entities and terrorists alike are using Computer Network Operations (CNO) directed against Canadian interests, both domestically and abroad. Canada remains both a target for malicious cyber activities, and a platform from which these hostile actors conduct CNO against entities in other countries.

Infographic: Graphic depicting Canadian sectors vulnerable to cyber threats. Long description below.

Long description of infographic: Canadian sectors at risk

The Cyber Threat

  • Energy and utilities
  • Information and communication technology
  • Finance
  • Health
  • Food
  • Water
  • Transportation
  • Safety
  • Government
  • Manufacturing
These state-sponsored and terrorist CNO actors are increasing in number, capability and aggression, and have access to a growing range of tools and techniques that they can employ to accomplish their mission. As these tools and techniques evolve and become more complex, so too do the challenges of detecting and attributing CNO.

Moreover, despite the fact that they originate in the virtual realm, the consequences of CNO can be very real. For example, in December 2015, a cyber-attack conducted against three Ukrainian power companies resulted in a power outage that left hundreds of thousands of people in the dark. The type of systems the actors exploited in this attack is used by energy companies worldwide. Should such destructive cyber-operations be targeted against similar systems in Canada, they could potentially affect any and all areas of its critical infrastructure.

Unfortunately, CNOs are not uncommon and agencies at all levels of government in Canada have faced this threat. The Government of Canada witnesses serious attempts to penetrate its networks on a daily basis.

CSIS is also aware of state-sponsored cyber-espionage and influence activities targeting the private sector in Canada and abroad. The targets of these attacks often fall within Canada’s advanced technology sector and throughout the critical infrastructure spectrum. Universities engaged in advanced research and development have also been subjected to CNO. In addition to stealing intellectual property, one of the objectives of state-sponsored CNO is to obtain information which will give their own companies a competitive edge over Canadian firms. This could impact investment or acquisition negotiations involving Canadian companies and the Government of Canada, and, in turn, lead to lost jobs, revenue, and market share. Ultimately, cyber-espionage negatively impacts Canada’s economy as a whole.

In responding to these threats, CSIS relies on specialized collection techniques to report on state-sponsored cyber-espionage or cyber-terrorism activity. For instance, by analyzing networks or malware behind CNOs, the Service can uncover clues that help identify the origins of the cyber-attacks (known as “attribution”).

The Service also maintains relationships with domestic and foreign agencies to provide the Government of Canada with the most up-to-date intelligence regarding the cyber threats facing Canada and who is behind them.

Security Screening program

The CSIS Security Screening program represents one of the most visible of the Service’s operational sectors. It helps defend Canada and Canadians from threats to national security emanating from terrorism and extremism, espionage, and the proliferation of weapons of mass destruction. Security screening prevents persons who pose these threats from entering or obtaining status in Canada, or from obtaining access to sensitive sites, government assets or information. In addition, through its government screening program, CSIS assists the RCMP with the accreditation process for Canadians and foreign nationals seeking access to or participating in major events in Canada.

2014-2015 2015-2016

Note: Figures have been rounded
**Individuals claiming refugee status in Canada or at ports of entry

Infographic: Statistics on the security screening program at CSIS for the 2014-2015 and 2015-2016 fiscal years. Long description below.

Long description of infographic: Statistics from the security screening program

Statistics from the security screening program

Immigration and Citizenship Screening Programs
Requests received* 2014-2015 2015-2016
Permanent resident applications 33,900 56,500
Refugees (front-end screening)** 10,200 13,500
Citizenship applications 185,600 124,000
Temporary resident applications 46,600 56,700
Total 276,300 250,700

*Note: Figures have been rounded
** Individuals claiming refugee status in Canada or at ports of entry

Government Screening Programs
Requests received* 2014-2015 2015-2016
Federal government departments 53,700 51,200
Site access
Free and Secure Trade (FAST) 10,700 21,400
Transport Canada (Marine and Airport) 40,400 43,700
Parliamentary precinct 1,200 4,300
Nuclear facilities 8,700 12,700
Provinces 210 220
Others 3,400 4,600
Foreign screening 610 580
Special events accreditation 35,600 87,400
Total 154,520 226,100

* Figures have been rounded

Long description of infographic: Statistics for the 2015 Pan Am Games

Statistics for the 2015 Pan Am Games

In fiscal years 2014-2015 and 2015-2016, CSIS completed 119,000 requests for the accreditation of applicants to the Toronto 2015 Pan Am/Parapan Am Games.

Read more about the CSIS Security Screening program

The CSIS Security Screening program also played a key role in achieving the Government of Canada’s goal to resettle 25,000 refugees from Syria by February 29, 2016. Between November 2015 and February 2016, CSIS conducted screening investigations on the applicants selected for resettlement in Canada. CSIS continues to work closely with the Canada Border Services Agency (CBSA) and Immigration, Refugees, and Citizenship Canada (IRCC) to provide timely security advice regarding permanent resident applicants who could represent a threat to Canada’s national security, while ensuring legitimate refugees are screened and resettled in a timely manner.

A Unique Workplace

The people of CSIS are committed to ensuring a Service that is nimble, flexible and innovative, and takes responsible risks in the delivery of its mandate and in the pursuit of its strategic outcome.

As of March 31, 2016
Infographic: the make-up of CSIS workforce and awards received. Long description below.

Long description of infographic: Statistics related to CSIS’ workforce and awards received

A Unique Workplace

Service population

  • 3,200+ employees
  • women 48%
  • men 52%

Employment equity

  • member of visible minorities 15%
  • women 48%
  • aboriginal peoples 2%
  • persons with disabilities  4%

Language

  • foreign language 18%
  • unilingual 32%
  • bilingual 69%

Awards and recognition

  • Canada’s top 100 employers – 8th consecutive year
  • National Capital Region’s top employers – 9th consecutive year
  • Canada’s top employers for young people – 1st year

Recruiting

Recruiting the right talent to deliver on our mandate remains a key priority for the Service and the CSIS recruiting website, csiscareers.ca represents the cornerstone of our efforts. During 2014-2016, there were over 2 million hits to the site resulting in close to 90,000 applications being submitted.

Infographic: Statistics from csiscareers.ca and the total applications received during 2014-2015 and 2015-2016. Long description below.

Visit the CSIS recruiting site(External link)

Long description of infographic: Statistics from the CSIS recruiting site

Statistics from the CSIS recruiting site

Hits to csiscareers.ca
Hits to website Applications received
2014-2015 1,116,335 44,598
2015-2016 916,379 45,166

CSIS. smart career choice visit our website

The Service prioritizes a diverse workforce which allows us to better understand the demographics of the Canadian communities we protect, therefore better equipping us to collect relevant and accurate intelligence. Our recruiting team includes a diversity recruiter who liaises with a variety of community leaders across the country, and attends diversity job fairs and networking events in an effort to attract applicants from designated groups such as visible minorities, Aboriginal peoples and persons with disabilities.

In addition, a partnership has been established with Public Safety, the Royal Canadian Mounted Police (RCMP), Canada Border Services Agency (CBSA), Correctional Service Canada (CSC), Communication Security Establishment (CSE) and Department of National Defence to share best recruiting practices and hold joint initiatives.

Academic Outreach

The Academic Outreach (AO) program at CSIS seeks to promote conversations with experts from a variety of disciplines and cultural backgrounds working in universities, think tanks and other research institutions in Canada and abroad.

Infographic: Statistics related to the Academic Outreach program for 2014-2015 and 2015-2016. Long description below.

Long description of infographic: Academic Outreach statistics

Academic Outreach statistics

Academic Outreach statistics
2014-2015 2015-2016
Expert briefings 46 38
Visiting experts 101 110
Workshops and seminars 12 17
Conferences 2 1
Publications 2 3

Infographic: Academic Outreach publications from 2014-2016. Long description below.

Political Stability in West and North Africa - Highlights from the Conference Pitfalls and Promises: Security Implications of a Post-revolutionary Middle East - Highlights from the Conference Russia and the West: The Consequences of Renewed Rivalry - Highlights from the Workshop Brittle Might? Testing China's Success - Highlights from the Conference Foreign Fighters Phenomenon and Related Security Trends in the Middle East - Highlights from the Workshop

Long description of infographic: Publications from Academic Outreach

Publications from Academic Outreach

Academic Outreach publications 2014–2016

In 2014-2015, AO hosted a conference that brought together multi-disciplinary experts from several countries. The conference was entitled “A Brave New World: Exploring the Evolving Nature of Cyber-conflict” and examined cyber threats facing Canada and its Western allies, our adversaries and their intent, as well as countermeasures that could help mitigate the proliferation of cyber conflict. In 2015-2016, we hosted another conference, “Brittle Might? Testing China’s Success”, which explored the challenges facing modern China, assessed the strengths and weaknesses of the country’s leadership, examined Beijing’s involvement in global affairs and debated China’s trajectory in the coming years.

The international conferences, however, represent only one component of the AO program. We also hosted a number of in-depth briefings on other topics of interest. For instance, one reviewed the global banking sector’s experience at identifying money laundering and terrorist financing activity. Another expert explored the phenomenon of radicalization in Western countries, while another guest specialist assessed the capabilities of Shia militias operating in Iraq and Syria.

During the period of review,  outside experts engaged CSIS staff on discussions covering a range of security and strategic issues, including Russia’s strategy towards the Arctic; the uses and limitations of ‘big data’ for intelligence analysis; Boko Haram’s campaign of violence in Nigeria; and the regional consequences of the conflict in Iraq and Syria on Lebanon.

Checks and Balances

The Security Intelligence Review Committee (SIRC) is an external independent review body that reports to Parliament on CSIS’ operations. It does so through its three core functions: certifying the CSIS Director’s annual report to the Minister of Public Safety, carrying out in-depth reviews of CSIS activities and conducting investigations into public complaints about CSIS. CSIS’ External Review and Liaison Unit (ER&L) manages the Service’s relationship with SIRC, ensuring that it receives all of the necessary information required to fulfil its mandate.

Infographic: Statistics related to SIRC reviews and complaints made to SIRC. Long description below.

Long description of infographic: SIRC reviews and complaints 2014-2015 and 2015-2016

SIRC reviews and complaints 2014-2015 and 2015-2016

Reviews

N0 of SIRC reviews

  • 2014-2015: 8
  • 2015-2016: 10

Average n0 of documents per review

  • 5,000 short review
  • 15,000 thematic review

Briefings by Service employees per review

  • 5-10 briefings

Average duration of a review

  • 3-6 months

Complaints

N0 of new complaints to SIRC

  • 2014-2015: 11
  • 2015-2016: 17

Average n0 of documents per complaint

  • 100-1,000 simple cases
  • 3,000-13,000 complex cases

Average n0 of service witnesses providing testimony to SIRC

  • 3-5 witnesses
Each year, SIRC provides a research plan identifying the reviews it plans to undertake. For each review, ER&L works closely with SIRC to ensure it has the documents it needs and to arrange briefings by CSIS employees. ER&L manages the correspondence between SIRC and the Service during a review as well as the Service’s response to the resulting report. These reviews, reflected in SIRC’s Annual Public Report, provide comprehensive assurance to Parliament and the Canadian public about the Service’s exercise of its authorities.

ER&L is also the primary point of contact for all stakeholders on public complaints made to SIRC and ensures that SIRC’s legal counsel has the information required for complaint investigations. When an investigation involves a hearing, ER&L assists Department of Justice legal counsel in preparing the CSIS case, including preparation of submissions, exhibits and arranging witnesses to testify at hearings.

ER&L coordinates CSIS responses to SIRC on questions, requests, recommendations, and correspondence. While CSIS is not required to accept all SIRC recommendations, they are reviewed carefully and CSIS responds in writing and these responses are reflected in SIRC’s Annual Report. In ensuring continuity and transparency, ER&L tracks progress and reports to SIRC on CSIS’ implementation of actions recommended by SIRC.

CSIS Internal Audit Branch / Disclosure of Wrongdoing and Reprisal Protection

The Internal Audit (IA) Branch is led by the Chief Audit Executive (CAE), who reports to the CSIS Director and to the CSIS External Audit Committee (AC). The IA Branch is subject to the Treasury Board Policy on Internal Audit, the Internal Auditing Standards for the Government of Canada as well as the International Standards for the Professional Practice of Internal Auditing.

The CAE provides assurance services to the Director, Senior Management and the AC, as well as independent, objective advice and guidance on the Service’s risk management practices, control framework, and governance processes. The CAE is also the Senior Officer for Disclosure of Wrongdoing.

The AC examines CSIS’ performance in the areas of risk management, control and governance processes relating to both operational activities and administrative services. By maintaining high standards in relation to its review function in particular following-up on the implementation of management action plans derived from audit recommendations, the AC supports and enhances the independence of the audit function.

In the capacity of Senior Officer for Disclosure of Wrongdoing, the CAE is responsible for administering the Internal Disclosure of Wrongdoing and Reprisal Protection Policy. The Policy provides a confidential mechanism for employees to come forward if they believe that serious wrongdoing has taken place. It also provides protection against reprisal when employees come forward, and ensures a fair and objective process for those against whom allegations are made.

Access to Information and Privacy

The mandate of the Access to Information and Privacy (ATIP) Unit is to fulfill the Service’s obligations under the Access to Information Act and the Privacy Act. The Service’s Chief, ATIP is entrusted with the delegated authority from the Minister of Public Safety Canada to exercise and perform the duties of the Minister as head of the institution.

Infographic: ATIP statistics for the 2014-2015 and 2015-2016 fiscal years. Long description below.

Long description of infographic: ATIP statistics

ATIP statistics

98+% on-time completion rate

Privacy Act requests

  • 2014-2015: 486
  • 2015-2016: 1,212

Access to Information Act requests

  • 2014-2015: 366
  • 2015-2016: 669

Informal requests

  • 2014-2015: 298
  • 2015-2016: 329
As the custodian of expertise related to the Service’s obligations under the Access to Information Act and the Privacy Act, the ATIP Unit processes all requests made under the relevant legislation and responds to informal requests for information. In doing so, the unit must balance the need for transparency and accountability in government institutions while ensuring the protection of the Service’s most sensitive information and assets.

Financial Resources

The Financial Resources table below provides a snapshot of CSIS expenditures over the last 6 years (from 2010-2011 to 2015-2016).

Infographic: Bar graph of CSIS expenditures over the last six years. Long description below.

Long description of infographic: CSIS expenditures from 2010-2016

 

Russian Ambo Kislyak also Met with WH’s John Holdren

Posted on by

Who is this Russian ambassador anyway? It is likely no coincidence that the Russian spy ship is presently off the coast of Florida as this post is about to be published either. We are watching this vessel as they are watching us. Moving on…

Ambassador Sergey Kislyak is a long time English speaking operative from the Kremlin who is called back to Moscow at any moment’s notice to confer with the Russian intelligentsia. Meanwhile, Ambassador Kislyak has been cultivating a network in Washington DC for many years and he makes the social government scene with regularity. In fact, Kislyak often made visits to the Obama White House where most recently he met with the former czar and still Obama advisor, John Holdren.

Image result for sergey kislyak on the sofa bu.edu

The logs include which White House official hosted Kislyak each time he was cleared to visit. The hosts included are: Gary Samore, who was the senior National Security Council official on weapons of mass destruction during Obama’s first term (four visits); Robert Malley, who was Obama’s senior adviser on defeating the Islamic State (three visits); Lawrence Summers, who was Obama’s economic adviser (one visit); Michael Froman, Obama’s trade representative; Holdren (two visits); and the visitor’s office (four visits).

Kislyak was also listed in the logs an additional 12 times, but that was when there were between 180 and 3,000 other visitors also listed, such as for an event like a “holiday open house” or the “diplomatic corps reception.” More here.

***

Kislyak is an expert on arms control negotiations with a degree from the Moscow Engineering Physics Institute, Mr. Kislyak first served in the Washington embassy from 1985 to 1989 during the late Soviet period. He became the first Russian representative to NATO and was ambassador to Belgium from 1998 to 2003. He returned to Moscow, where he spent five years as a deputy foreign minister. He has told associates that he will leave Washington soon, likely to be replaced by a hard-line general. His name recently surfaced at the United Nations as a candidate for a new post responsible for counterterrorism, diplomats there said. Vitaly I. Churkin, the Russian ambassador to the United Nations, died last month and that post remains vacant. More here.

While we are in somewhat of a scandal due to several within the Trump team and later his administration as having meetings with Russian officials, there is quite a lot of hypocrisy in the matter as noted by the countless democrats who too have been in the frequent company of the ambassador. But to several wrongs go right when the republicans do the same? Actually, there should be more vetting and control along with messaging for the republicans as they are in full power of government. Why you ask?

Image result for sergey kislyak trump speech democrats

It is said that Sergey Kislyak is not just the ambassador of record, but he is also the top boss and manager of the Russian diplomatic architecture in the United States as well as the marshal of the intelligence wing and espionage operations across our homeland as well. It is questionable as to why he too was not expelled last December by Obama or perhaps that would have caused even more relational strain between the two countries. Kislyak was born in Ukraine and he declares he is not Ukrainian but rather a Russian. Could he have been quite busy with passing intelligence during the time Russia annexed Crimea and is presently continuing military aggressions against Ukraine? Yes. There is a war in Ukraine.

Image result for sergey kislyak

Most places in eastern Ukraine are still overwhelmed with Russian propaganda, which is as much of a threat to Ukraine’s overall war effort as the tanks and artillery. In some places, there is still not a single Ukrainian broadcast TV channel available—they’re all beamed in from Russia and the two separatist territories.

The diffuse Russian propaganda taps into attitudes leftover from the Soviet era, including deeply held, latent fears about fascism, and distrust for the central government in Kyiv. Conspiracy theories about the intentions of the U.S., NATO, and western Ukrainians are also pervasive. More here.

Some within the CIA say that Kislyak is both a diplomat and a spy. It is important to add the fact that diplomats have immunity and it is great cover when the FBI is tasked with tracking communications and movement. This is for sure the reason that Barack Obama did not expel him last December. Russia has issued a complete denial he is a spy. Uh huh…

He is in fact a hardliner but has any government official outside of CIA paid attention?

Kislyak: Why do we need to provide assurances to the U.S. Congress? We provide assurances to the Russian parliament. So if the United States is interested in working with us in nuclear energy cooperation, that is fine. It is for the United States to decide what it is that it wants. If it wants to cooperate with us, the doors [for cooperation] are open. If we are asked to make our actions, our policies, reportable to the [U.S.] Congress in order for the U.S. to make decisions on cooperating with us, we are not interested in that kind of scheme. We are fully in compliance with our obligations, with our commitments. We have not violated any agreement with the United States or anybody else. Our cooperation with Iran is limited in the nuclear field to Bushehr. By the way, your president has welcomed the way we cooperate on Bushehr because a scheme for the project that was developed with the Iranians that is very reliable and provides an alternative, a visible alternative, to the need to develop an indigenous enrichment capability. Because we build the reactor, we provide the fuel, and we take it back.[18] This is the best way to provide access to nuclear energy and electricity derived from nuclear energy. It was also supported by Europe.

When it comes to the defense supplies you seem to be referring to, there are no inconsistencies with our obligations or the resolutions of the Security Council, because we do show restraint, and whatever we do is purely defensive and for deterrence. It is our policy, and it is reportable the Russian parliament and Russian people and not anybody else. If the United States is interested in working with us [in the field of nuclear energy], we will be more than ready to work together, but it needs to be based on mutual respect and the mutual respect of interests. I think there are all sorts of reasons why we could and should cooperate in this field because both of us can do a lot in order to promote nuclear energy. That is something that most probably for the coming 20-30 years will be the alternative of choice to fossil fuel, and I do not know of any other [alternative] source of energy that can be employable in the foreseeable future but nuclear energy. All other renewable energies are either in scarce supply or the technology has yet to be developed to the point where it becomes competitive.

So we will see, all of us, significant development of nuclear energy in a lot of countries, in yours as well. We also embarked on an ambitious program to expand nuclear energy production. Currently we have, I think, 16 or 17 percent of electricity produced in my country from nuclear energy sources, and we will expand it to 25 [percent] within maybe 15 or more years. It is an ambitious program. We are going to make it. At the same time, we have a lot of things that are of interest to your industries.

You might be interested in [our]technologies, so we are very much mutually complementary. But unless we have a bigger [legal] framework for that, there can be no reliable interaction between our respective businesses. If the United States wants to work with us, we would be more than willing to do so.

There is another initiative by the two presidents, and that is to develop alternative sources of nuclear energy for the rest of the world that are less prone to proliferation. We are offering the multilateral enrichment center and your president has launched the idea of the GNEP [Global Nuclear Energy Partnership].[19]  

The full interview is here.

 

Democrats Version of Vetting, Ethics Violations and Terror

Posted on by

The Federalist Papers reports that Imran Awan, ringleader of the group that includes his brothers Abid and Jamal, has provided IT services since 2005 for Florida Democrat Rep. Debbie Wasserman Schultz, the former Democratic National Committee (DNC) chairwoman. The brothers are from Pakistan. The Daily Caller reports that Jamal handled IT for Rep. Joaquin Castro, a Texas Democrat who serves on both the intelligence and foreign affairs panels.

“As of 2/2, his employment with our office has been terminated,” Castro spokeswoman Erin Hatch told TheDCNF Friday.

Jamal also worked for Louisiana Democrat Rep. Cedric Richmond, who is on the Committee on Homeland Security.

Imran worked for Reps. Andre Carson, an Indiana Democrat, and Jackie Speier, a California Democrat. Both are members of the intelligence committee, and their spokesmen did not respond to TheDCNF’s requests for comment. Imran also worked for the House office of Wasserman Schultz.

Then-Rep. Tammy Duckworth, an Illinois Democrat, employed Abid for IT work in 2016. She was a member of House committees dealing with the armed services, oversight, and Benghazi. Duckworth was elected to the Senate in November, 2016. Abid has a prior criminal record and a bankruptcy.

Abid also worked for Rep. Lois Frankel, a Florida Democrat who is member of the foreign affairs committee. To actually see all the representatives that shared the salary expense or Imran Awan, go here. Sheesh, seems lots of democrats have some REAL explaining to do.

Imran Awan, a current staffer, earned an estimated salary of $165,130 as a Shared Employee through the most recent House pay period. This was 2.4 times greater than the median for a House staff.

Awan has been employed in Congress since at least Q3 ’09 (employment information is not available prior to ‘Q3 2009 for House staffers and ‘Q3 2011 for Senate staffers, so Awan’s actual start date may be earlier), and has also been a staffer for Rep. Jackie Speier (D-CA14) and Rep. Yvette Clarke (D-NY9).

*** There is a formal investigation by Congress.

Congressional Aides in Criminal Probe Owed Money to Hezbollah-Connected Fugitive

Congressional aides suspected of criminally misusing their access to House computer systems owed $100,000 to an Iraqi politician who is wanted by U.S. authorities and has been linked to Hezbollah, the Iranian-backed Middle Eastern terrorist outfit.

Imran Awan and four of his relatives were employed as information technology aides by dozens of House Democrats, including members of the intelligence, foreign affairs, and homeland security committees.

The aides’ administrator-level IT access was terminated earlier this month amid a criminal probe by U.S. Capitol Police of a suspected security breach, including an off-site server housing congressional data.
dcnf-logo

The Daily Caller News Foundation Investigative Group has reported that while working for Congress, the Pakistani brothers controlled a limited liability corporation called Cars International A, a car dealership with odd finances, which took—and was unable to repay—a $100,000 loan from Dr. Ali Al-Attar.

Philip Giraldi, a former CIA officer, wrote that Al-Attar “was observed in Beirut, Lebanon, conversing with a Hezbollah official” in 2012—shortly after the loan was made. Al-Attar has also been accused of helping provoke the 2003 U.S. invasion of Iraq as a leader of Iraqi dissidents opposed to Saddam Hussein.

After moving to the U.S., Al-Attar made his money practicing medicine in Maryland and Virginia and defrauding Medicare, Medicaid, and insurance companies by billing for nonexistent medical procedures. The FBI raided his offices in 2009 and the Department of Health and Human Services sued his business partner in 2011.

Al-Attar was indicted in March 2012 on separate tax fraud charges after the IRS and FBI found he used multiple bank accounts to hide income. He fled back to Iraq to avoid prison.

“He’s a fugitive. I am not aware of any extradition treaty with Iraq,” Marcia Murphy, spokesman for federal prosecutors in Maryland, told The Daily Caller News Foundation Tuesday. “If or when he returns to the U.S., the prosecution will continue.”

Brothers Imran, Abid, and Jamal Awan, as well as their wives Natalia Sova and Hina Alvi, were all on the congressional payroll.

Not long before the indictment, Pakistani-born Virginia resident Nasir Khattak, who co-owned Cars International A with Abid, still had access to some bank accounts holding Al-Attar’s assets.

Khattak was a realtor, and with Al-Attar’s permission, “acquired the money through adjustments to the accounts that he controlled as the realtor for Al-Attar,” court documents say.

Abid managed the car dealership’s daily operations, even though he was also employed full time running computers for representatives that have included Emanuel Cleaver of Missouri, Tammy Duckworth of Illinois, and Yvette Clarke of New York. But the car dealership was hemorrhaging money. Customers were often shown cars borrowed from a dealership next door.

“It was very bad record-keeping in Cars International … it is close to impossible to make any sense out of all the transactions that happened,” Khattak said in court documents.

The dealership’s finances interwove with the House’s. A car-dealing associate who was owed money by the brothers, Rao Abbas, was placed on the congressional payroll.

Khattak said Cars International A was a “family business” and by 2010 Imran was its primary manager instead of Abid.

Abid filed for personal bankruptcy in 2012 because the dealership was in his name, listing $1 million in liabilities. Bankruptcies are a major security red flag in background checks for employees in sensitive positions.

The loan from Al-Attar was never repaid, leading to a lawsuit over the dealership’s future. Al-Attar claimed the loan default meant the dealership became his, but refused to testify in person, giving power of attorney to someone else to give evidence on his behalf.

Khattak said in court documents that was because “Ali Al-Attar was out of the country as he was involved in politics and the formation of the Iraqi government.” Though he was fugitive, that was also true.

Giraldi, the former CIA officer, wrote in The American Conservative in 2013 that Al-Attar advised President George W. Bush’s key Iraq policy advisers that U.S. forces would be “greeted as liberators.”

“In late 2002 and early 2003, [then-Deputy Secretary of Defense Paul] Wolfowitz regularly met secretly with a group of Iraqi expatriates, consisting mostly of Shias but also including several Sunnis, who resided in the Washington area,” Giraldi wrote. “The Iraqis were headed by one Dr. Ali A. Al-Attar.”

Al-Attar’s prediction was wrong, and his qualifications for making it—supposedly based on what the D.C.-area Iraqis were hearing from relatives—were questionable because, although Al-Attar was born in Iraq, his parents were Iranian.

But the U.S.-backed regime change served Al-Attar well, as in 2003, he told The New York Times that “he was one of four people chosen by Gen. Jay Garner to re-establish the Iraq Ministry of Health, and that he expected to be called to Baghdad next week.”

That stay in Iraq apparently did not last long, as in 2009, his medical license was suspended by Maryland for separate instances of billing patients and insurance companies for unneeded services.

In November 2010, the Maryland State Board of Physicians brought still more charges of “unprofessional conduct in the practice of medicine and failure to cooperate in a lawful investigation.”

Al-Attar’s attorney said the board was a “Trojan horse” for the FBI. The board said Al-Attar’s “failure to cooperate with the board investigation was deliberate, longstanding, and defiant,” and in March 2012 revoked his license.

The Awan brothers worked for members including Andre Carson of Indiana, one of two Muslims in Congress, and a member of the ultra-sensitive intelligence committee.

ATF is an Agency with Rogue Operations on Cigarettes?

Posted on by

Primer: In deference to the ATF, it is known with historical cases that tobacco smuggling does fund terror, see document at end of post)

In 2013, Sixteen Palestinian men, some with ties to convicted terrorists, were indicted in a scheme of cigarette smuggling that spanned New York, Maryland, Delaware, Virginia and New Jersey states. Some of them had ties to known terrorist organizations. See the official case here.

A.T.F. Filled Secret Bank Account With Millions From Shadowy Cigarette Sales

Charlie Batten, a fifth-generation tobacco farmer and U.S. Tobacco Cooperative Inc. board member, at his farm in Four Oaks, N.C. The co-op negotiated a deal to buy a tobacco distribution company whose owners had secret ties to the Bureau of Alcohol, Tobacco, Firearms and Explosives. Jeremy M. Lange for The New York Times

NYT’s/WASHINGTON— Working from an office suite behind a Burger King in southern Virginia, operatives used a web of shadowy cigarette sales to funnel tens of millions of dollars into a secret bank account. They weren’t known smugglers, but rather agents from the Bureau of Alcohol, Tobacco, Firearms and Explosives.

The operation, not authorized under Justice Department rules, gave agents an off-the-books way to finance undercover investigations and pay informants without the usual cumbersome paperwork and close oversight, according to court records and people close to the operation.

The secret account is at the heart of a federal racketeering lawsuit brought by a collective of tobacco farmers who say they were swindled out of $24 million. A pair of A.T.F. informants received at least $1 million each from that sum, records show.

The scheme relied on phony shipments of snack food disguised as tobacco. The agents were experts: Their job was to catch cigarette smugglers, so they knew exactly how it was done.

Government records and interviews with people involved reveal an operation that existed on a murky frontier — between investigating smuggling and being complicit in it. After The New York Times began asking about the operation last summer, the Justice Department disclosed it to the department’s inspector general’s office, which is investigating. The inspector general “expressed serious concerns,” court records show.

The investigation and the looming racketeering trial will bring renewed scrutiny to the A.T.F., which has been buffeted in recent years by the botched gun-tracking operation known as Fast and Furious and its mismanagement of undercover investigations. Members of Congress, particularly Republicans, have heaped criticism on the agency for decades, and the National Rifle Association has lobbied to limit the agency’s authority and funding.

While government auditors have previously cited problems with A.T.F.’s tobacco investigations, this operation went beyond what was identified in that audit, released in 2013. The A.T.F. and the Justice Department declined to comment.

Documents in the racketeering lawsuit outline the A.T.F. operation. The tobacco cooperative is suing a former employee and a consultant who, according to court documents, both worked as A.T.F. informants. The informants have denied all wrongdoing.

Discarded cigarettes at a U.S. Tobacco manufacturing plant in Timberlake, N.C. The U.S. Tobacco co-op is made up of about 700 tobacco farmers who pool their crops and share the profits. Jeremy M. Lange for The New York Times

Part of their defense, records show, is that they acted on behalf of the government. In response, a judge recently added the United States government as a defendant.

Since last summer, The Times has fought to make all the documents public, but the Justice Department has argued successfully in court to keep them secret. Crucial details, however, have been revealed through poor redaction, documents that were filed publicly by mistake and the sheer difficulty of keeping so much a secret for so long.

Buying Into an Operation

In spring 2011, U.S. Tobacco Cooperative was looking to expand its distribution network. The co-op is made up of about 700 tobacco farmers — from Virginia to Florida — who pool their crops and share the profits. Based in Raleigh, N.C., the company is a major exporter to China and produces discount-brand cigarettes including Wildhorse, Traffic and 1839.

“These are really, really good people,” said Stuart D. Thompson, the cooperative’s chief executive. “Every year, they take all their chips. They put them on the table, and they hope they get them all back.”

They also had an existing secret relationship with the A.T.F., records show.

The two men have filed court documents acknowledging “participation in undercover law enforcement activities.” And a judge’s sealed order, which is publicly available online, revealed that the two men worked “on behalf of various government agencies, primarily the Bureau of Alcohol, Tobacco, Firearms and Explosives.”

Jason Carpenter and Christopher Small, who owned Big South Wholesale in Bristol, Va., have acknowledged participating in undercover law enforcement operations.

The basics of cigarette smuggling are simple. Each state sets its tobacco taxes. Buying cigarettes in low-tax states, like Virginia, and secretly selling them in higher-tax states, like New York, generates large profits. More complicated schemes have shipped cigarettes to Indian reservations, where they are not taxed, then rerouted them for sale on the black market.

A.T.F. agents try to disrupt these networks. Often that means working with informants to buy and sell tobacco on the black market, much the way agents pose as drug dealers to investigate cartels.

Because so much of the case remains sealed, Mr. Carpenter and Mr. Small are prohibited from answering questions about nearly every aspect of the case. “Everything we did that is being attacked now in litigation, we did in good faith,” they said in a statement.

Stuart D. Thompson, chief executive of U.S. Tobacco, on the manufacturing floor of the plant in Timberlake, N.C. Jeremy M. Lange for The New York Times

Exactly who at U.S. Tobacco knew about their A.T.F. ties and what they knew are a matter of dispute. But there were signs that Big South was not a simple tobacco distributor. Its assets included more than two dozen vehicles, including expensive S.U.V.s and a fleet of Mercedes, B.M.W., Audi, Lexus and Jaguar sports cars.

Early 2011 was a time of intense pressure inside the A.T.F. The agency was under fire from Congress over the Fast and Furious operation, in which agents allowed gun traffickers to buy weapons and ship them to Mexico, hoping the shipments could lead them to major weapons dealers. Justice Department auditors began scrutinizing how A.T.F. agents managed their tobacco smuggling investigations.

With that audit continuing, the A.T.F. issued new rules to tightly monitor undercover investigations. Soon after those rules went into effect, U.S. Tobacco completed its purchase of Big South for $5.5 million, a deal that gave Big South the authority to buy and sell cigarettes on behalf of the cooperative. Almost immediately, the farmers say, Mr. Carpenter and Mr. Small began defrauding them.

It worked like this: An export company working with the A.T.F. placed an order for cigarettes to be shipped internationally — thus not subject to American taxes. Big South would instead ship bottled water and potato chips, making it look as if cigarettes had been exported. Mr. Carpenter and Mr. Small would then buy the tobacco at a slight markup through a private bank account. Lastly, they would sell the tobacco to Big South, again at a markup.

“It’s what I saw with my own eyes,” said Brandon Moore, the warehouse manager and one of the people who discussed the transactions in the case. Their accounts fit with descriptions in court records.

Mr. Moore said he was aware of the A.T.F. operation but became troubled by it as he learned more. “It shouldn’t be going on, even if it is the A.T.F.,” he said.

In one deal described in the lawsuit, the informants bought tobacco at $15 a carton and sold it to U.S. Tobacco at $17.50. The profit, about $519,000, went into what was known as a “management account.” That account, while controlled by Mr. Carpenter and Mr. Small, helped pay for A.T.F. investigations.

Mr. Moore, the warehouse manager, said agents often told him what to buy on the company’s credit card. For instance, he recalled spending tens of thousands of dollars at Best Buy on iPads, televisions and other gifts to curry favor with potential criminal targets.

A testing room at U.S. Tobacco’s Timberlake facilities, where buyers can sample types of tobacco. Jeremy M. Lange for The New York Times

Mr. Carpenter and Mr. Small have also acknowledged in court documents receiving more than $1 million each, though it is not clear from public documents whether that was profit or reimbursement for expenses paid on behalf of the government.

How that arrangement began is unclear. Ryan Kaye, an A.T.F. supervisor, testified that the management account was created “as a result of verbal directives from the A.T.F. program office and other headquarters officials.” Mr. Kaye’s full statement is sealed, but excerpts are cited in one publicly available document.

The defendants in the lawsuit contend that U.S. Tobacco got a good deal on the cigarettes, even at the prices they paid. The farmers tell a different story, saying they never would have purchased Big South if they understood that Mr. Carpenter and Mr. Small had a side arrangement that involved selling them tobacco at inflated values.

The arrangement began to break down in late 2012, when Mr. Thompson joined U.S. Tobacco as the chief financial officer. He was curious why his warehouse was placing so many orders for a brand of cigarette that competes against U.S. Tobacco. He could not get a straight answer, the company said in court documents.

In March 2013, Mr. Moore picked up the phone, called Mr. Thompson and explained what was happening. “I did what I did because of the ethics of it,” Mr. Moore said recently. “What was happening there was wrong.”

Once U.S. Tobacco discovered the bookkeeping irregularities, it reported them to the Justice Department, which investigates white-collar crime and government misconduct. Records show that the Justice Department, which includes the A.T.F., investigated some aspects of the case but no charges were filed.

“We voted unanimously to give everything we had to the government,” said Charlie Batten, a U.S. Tobacco board member whose family has worked the same North Carolina soil for generations. “We thought they would take it and run with it. What happened was, they’ve fought us tooth and nail.”

Because of the sealing order, Mr. Thompson, Mr. Batten and others are prohibited from discussing what happened to the money — even with their own farmers.

Three years into its lawsuit, U.S. Tobacco still cannot disentangle itself from the government. The cooperative recently told a judge that it was under investigation by the Treasury Department.

All those secret tobacco sales, it turns out, should have been taxed. And the government wants its money.

****

House Homeland Security Committee: Tobacco and Terror: How Cigarette Smuggling is Funding our Enemies Abroa… by stoptobaccosmuggling on Scribd