Category Archives: Department of Homeland Security

Russian Hacking, We knew Because we had an Inside Operative(s)

Posted on by

This Executive Order is in draft form and does not include Russia, which is quite curious. The question of ‘why’ must be asked based on information noted below.

The Trump administration’s draft of the executive order on cybersecurity obtained by the Washington Post by April Glaser on Scribd

Those people involved in internet forensics and that track hackers, malicious code, malware, ransomware and intrusions are all dedicated to finding the cracks in code and even more finding the hackers while further understanding their code and patterns. I get emails about this topic every day that include a variety of global companies operating in this realm.

Back in December of 2015, ODNI James Clapper announced Russian intrusions into several American infrastructure locations. This was before the announcement of Russian intrusions into the U.S. political apparatus. In can be presumed the United States has long had the help of operatives inside adversarial countries, most of all Russia. Spies are out there and further, it is estimated there are 100,000 foreign spies inside the United States as of this moment. Heh, before Barack Obama left his presidency, he did expelled many Russians and closed two Russian compounds.

IN 2014, U.S. Cyber operations quietly penetrated Russian systems without declaring in specific language the exact operations.

In 2014, National Security Agency chief Adm. Mike Rogers told Congress that U.S. adversaries are performing electronic “reconnaissance” on a regular basis so that they can be in a position to disrupt the industrial control systems that run everything from chemical facilities to water treatment plants.

“All of that leads me to believe it is only a matter of when, not if, we are going to see something dramatic,” he said at the time.

Rogers didn’t discuss the U.S.’s own penetration of adversary networks. But the hacking undertaken by the NSA, which regularly penetrates foreign networks to gather intelligence, is very similar to the hacking needed to plant precursors for cyber weapons, said Gary Brown, a retired colonel and former legal adviser to U.S. Cyber Command, the military’s digital war fighting arm. More here.

It is unclear if we have recruited people inside Russia to work on the behalf of the United States, but clues tell us we did, with success.

In part from RFEL: At the simplest level, two FSB officers working in cyberdefense, Sergei Mikhailov and Dmitry Dokuchayev, as well as Ruslan Stoyanov, a former Interior Ministry official who works for the cyber security company Kaspersky Lab, are reportedly being charged with espionage.

According to Russian media reports, Mikhailov is suspected of alerting U.S. intelligence to the FSB’s connection to a Russian server-rental company called King Servers.

Last year, the U.S.-based cybersecurity firm ThreatConnect had identified King Servers as the nexus for hacking attacks against the United States.

If U.S. intelligence did indeed have a highly placed source like Mikhailov, it would explain why it was able to conclude with such a high degree of confidence that Russia was behind the cyberattacks during the election campaign.

The timing of the arrests and the timing of the decision by former U.S. President Barack Obama to declassify and make public parts of the U.S. intelligence report on the alleged Russian hacking also makes sense.

Mikhailov was arrested in December. And the U.S. released the intelligence report a month later, in January.

If Mikhailov was indeed a source, then Washington would have been reluctant to declassify its intelligence for fear of compromising him.

After he was arrested, this, of course, would no longer be an issue.

So far, so straightforward. Until it isn’t.

Leaks to the Russian media have also connected Mikhailov and his subordinate Dokuchayev to a hacker group known as Shaltai-Boltai, or Humpty Dumpty, which in the past has released embarrassing material about top Russian officials.

Vladimir Anikeyev, the founder of Shaltai-Boltai, has also been arrested, but is not being charged with espionage.

Moreover, Russian media reports claim that Dokuchayev is actually a former hacker known as Forb, who was serving a prison sentence for credit-card theft when he was recruited by the FSB, where he held the rank of major.

As Leonid Bershidsky notes in his column for Bloomberg, “parallel to their official duties, officers often run private security operations involving blackmail and protection. If Mikhailov ran such a business out of the FSB’s Information Security Center, he wouldn’t stand out among his colleagues.”

And it’s also not unusual for the FSB to recruit former hackers. In fact, it’s pretty much standard practice.

This is where the story diverts into the murky world of FSB officers and their civilian collaborators monetizing their positions and forming protection rackets.

“An FSB officer, recruited from the hacking community, can use his rank and position to obtain compromising material and sell it to wealthy clients. A team profiting from these opportunities can include both officers and civilians,” Bershidsky writes.

“The Russian government can hire such a team through intermediaries if it needs something sensitive done — but so can foreign intelligence services. It’s a murky world in which actors are both predator and prey. The Kremlin enjoys access to brilliant and unscrupulous people; the downside, of course, is that they may be hard to control.”

If you follow this line of logic, then it’s easy to imagine that Mikhailov and Dokuchayev inadvertently or unwittingly sold information exposing King Server’s FSB connections to a front for U.S. intelligence.

But the fact of the matter is we simply don’t know.

And if things aren’t confusing enough yet, there is also the matter of the bitter personal and clan rivalries in the shadow world of the Russian security services.

In a recent post on his blog KrebsOnSecurity, Brian Krebs, author of the book Spam Nation: The Inside Story Of Organized Cybercrime, suggested the whole affair might be traced to a personal rivalry between Mikhailov and Pavel Vrublevsky, an Internet businessman whose partner owns King Servers.

Mark Galeotti, an expert on Russia’s security services and a senior research fellow at the Institute of International Relations in Prague, notes that the FSB’s Information Security Center, which Mikhailov headed and where Dokuchayev was his subordinate, has emerged as “a pivotal agency” and “a source of power.”

And this makes it a prime arena for fierce rivalries and power plays.

“This is probably an intelligence leak that is being cleared up. But the question is: why now? And I wonder if domestic politics explains the leaking of the information now. It could be a rebuke to the FSB for having messed up,” Galeotti said on last week’s Power Vertical Podcast.

 

 

High Risk: National Security Personnel in Foreign Own Buildings

Posted on by

 FBI St. Louis  Little Rock

Oh Donald, Mr. President sir…you’re the expert here….need an immediate executive order on this one. By the way, don’t stay in the Waldorf Astoria any more, perhaps don’t go to movie theaters either if you’re concerned for personal reasons.

First on CNN: Report finds national security agencies at risk in foreign-owned buildings

Washington (CNN)US law-enforcement agencies are at risk of being spied on and hacked because some of their field offices are located in foreign-owned buildings without even knowing it, according to a new government report.

The report by the Government Accountability Office, which was obtained by CNN and is due to be released later Monday, reveals that a number of FBI, Homeland Security, Secret Service and Drug Enforcement Agency offices across the country are housed in space leased from firms based in China and other nations.
Experts told the GAO that the agencies could be vulnerable to espionage and cyber intrusions because the foreign owners could gain unauthorized access to the properties, be able to secretly install surveillance equipment, and have knowledge of building systems like heating, ventilation and electronics which could facilitate hacking.
The General Services Administration, which handles leasing for many federal agencies, is renting space in 20 buildings from foreign owners — and its investigators were unable to identify who the property owners for about one-third of the government’s more than 1,400 “high-security leases.”
Nine of the 14 agencies the GAO contacted were unaware the building space they were using was foreign owned.
“It’s an eye opener,” Rep. Jason Chaffetz, R-Utah, told CNN about the report. “Certainly our security professionals should know who owns the piping in the buildings that they occupy.”
Chaffetz, along with Sen. Tammy Duckworth, D-Illinois, and Rep. Elijah Cummings, D-Maryland, called for the GAO review.
The chairman of the House Oversight and Government Reform Committee said he doesn’t necessarily think the agencies should be barred from leasing office space from foreign owners, but added that he would feel “much more comfortable if they’re at least aware.”
Currently, the GSA is not required to determine whether a building is foreign owned when it is considering whether to lease space.
Among the report’s findings were that DEA, Homeland Security and Secret Service offices in Little Rock, Arkansas, Jacksonville, Florida, and Shreveport, Louisiana, along with an FBI office in St. Louis, Missouri, were leased from “Gemini Investments” — a company based in China.
The GAO report noted that Chinese-owned properties were of particular concern because the country has been linked to numerous instances of hacking.
After the Waldorf-Astoria Hotel in Manhattan was sold to Chinese investors, then-President Barack Obama didn’t stay there, as had long been the custom of US presidents, with security concerns being one of the factors.
Other federal offices listed in the study are located in buildings owned by companies in Canada, Israel, the United Kingdom, Germany, South Korea and Japan.
GAO investigators talked to officials who assess foreign investments in the US, as well as real estate representatives, who warned about the potential danger.
” … (L)easing space in foreign-owned buildings could present security risks such as espionage, unauthorized cyber and physical access to the facilitates, and sabotage,” the report said. “For example, a DHS foreign investment official said that potential threat actors could coerce owners into collecting intelligence about the personnel and activities of the facilities when maintaining the property.”
The report also noted other possible “insider threats,” referring to “disgruntled employees, contractors, or other persons abusing their position of trust” who pose a “significant threat” to building access.
But this doesn’t mean that the threats have materialized. Chaffetz said he was unaware of any specific instances where sensitive information had been compromised. The report also said two real estate representatives determined it wasn’t a security risk to lease foreign-owned space.
“One of the representatives said that access at high-security facilities is strictly controlled, including access by the owners, and that passive investors in properties do not have access to the buildings,” the report said.
In addition to hacking and espionage, the report also cautioned that renting from foreign owners presented the possibility of the US agencies becoming unwittingly involved in money laundering, since real estate purchases are often used to conceal the criminal source of the investment funds.
The report recommended that the GSA should start informing the agencies if their space is foreign owned, so they can put the necessary security precautions in place. The GSA said it agreed with the recommendation.
“I hope this is a wake-up call,” Chaffetz said.

Security Behind the Scenes at the Super Bowl

Posted on by

Super Bowl Security

Super Bowl LI Command Post at Houston Emergency Center
During the 10 days of festivities leading up to Super Bowl LI on February 5, the FBI will be working closely with the Houston Police Department and other local, state, and federal agencies to keep the city safe. At the Houston Emergency Center, a command post will monitor and coordinate law enforcement and public safety activities.

Behind the Scenes Look at Game Day Preparations

When tens of thousands of fans stream into NRG Stadium in Houston for the Super Bowl this Sunday, they will understandably be thinking more about the big game than the behind-the-scenes preparations that have gone into ensuring their safety—and that’s just the way law enforcement officials want it to be.

The Super Bowl will put Houston squarely in the international spotlight, and the FBI and its local, state, and federal law enforcement partners have been working hard to make sure the game and the events leading up to it in Houston are without incident.

“We’ve been working for several years with our partners to make sure appropriate security is in place,” said Perrye Turner, special agent in charge of the FBI’s Houston Division. “We’re going to do everything in our power to make sure it’s a safe event.”

“On the day of the big game, we will be here, but our presence may not necessarily be seen,” said Mark Webster, an FBI assistant special agent in charge in Houston who is coordinating the Bureau’s Super Bowl security efforts. “We will have multiple elements in place onsite as well as offsite.”

Working with the Houston Police Department—which has the lead role in security planning—and other local, state, and federal agencies, the FBI’s primary role is to provide intelligence about possible terror threats. But because the Super Bowl is a major national event, just about every aspect of the Bureau’s expertise will be called into play.

“We are using all the elements within our office,” Webster said. From SWAT teams and cyber squads to intelligence analysts and surveillance specialists, FBI personnel will be on the ground at the stadium and will also be staffing command posts set up for the 10-day operational period that includes a variety of festivities leading up to the game on February 5.

“Today is called a rehearsal of concept,” said George Buenik, an executive assistant chief with the Houston Police Department responsible for Super Bowl security and police operations. “We invite everybody here to check the equipment, check the hookups, to see where they’re going to be sitting, and to also meet some of the other folks that they’re going to be working with. We have a great security plan in place,” Buenik said.

Matt Slinkard, an assistant chief with the Houston Police Department also involved with Super Bowl security preparations, noted that this will be the third Super Bowl the city has hosted, along with many other national-level events. “Our city and our counterparts both locally and federally are well prepared and well equipped to deal with these types of events.”

He added that even with all the law enforcement coordination, “the community has to be our eyes and ears. We cannot do it by ourselves. If you see something—if something doesn’t seem right to you, it’s probably not right to us either—say something about it.”

Mark Webster on Field at NRG Stadium

Mark Webster, an assistant special agent in charge of the FBI’s Houston Division, stands on the 50-yard line at NRG Stadium, where the Super Bowl will be played.

Highway Patrol Officer at Houston Super Bowl LI Command Post
At the Super Bowl command post, a Texas Highway Patrol officer takes part in a “rehearsal of concept” exercise several weeks prior to the command post going operational.
NRG Stadium Prepares for Super Bowl LI
  In the weeks leading up to the big game, as law enforcement agencies work behind the scenes, the stadium gets a very public fresh look.

At the Houston Emergency Center recently, where the main command post is located, specialists gathered from more than a dozen partner agencies.

The FBI’s Turner agreed. “We all have to work together to make this a safe event,” he said, expressing confidence that with the extensive planning and resources that have gone into Super Bowl security preparations, “people will be able to come to Houston, be safe, and have a great time cheering on their favorite football team.”

Foreign Service Personnel Dissent Letter to Pres. Trump

Posted on by

We heard last week that several top policy people at the State Department left their positions. The State Department has a culture of very lenient diplomacy where few governments are ever disciplined or rebuked for decisions and actions that counter agreements, treaties, human rights and more. Iran is the topic example.

Now we have the next level of State Department personnel that are pushing back hard on President Trump’s Executive Order on suspension of travel visas and travel bans from listed countries. Secretary of State nominee, Rex Tillerson when confirmed will have a rank and file challenge on his hands.

Perhaps those behind the signatures on this dissent letter could answer some questions on the recommendations made by the 9/11 Commission Report where the entire chapter was dedicated to immigration of which every member of Congress, both sides of the aisle signed in approval to accept the recommendations and work to implement. (Pre 9/11 status quo has infected diplomacy again)

Countless foreign service officers have drafted a memo to the White House.

LawFareBlog: Numerous Foreign Service officers and other diplomats have drafted a dissent memo expressing opposition to President Donald Trump’s executive order banning refugees and immigrants from Iran, Iraq, Libya, Somalia, Sudan, Syria, and Yemen from entering the United States. ABC reported this morning on the draft, which is likely to be submitted today.

Here’s a copy of the actual draft. We are hearing that literally hundreds of foreign service officers are planning to be party to the dissent memo; it’s still unclear exactly how many. We have redacted all names and personally identifiable information from this document.

**

(First page on the left) The State Department’s Dissent Channel is a mechanism for employees to confidentially express policy disagreement, created in 1971 as a response to concerns within the Department over the government’s handling of the Vietnam War. Authors of a memo submitted through the Channel, which is open to all regular employees of the State Department and USAID, may not be subject to any penalty or disciplinary action in response. Once a memo is submitted, the Secretary of State’s Policy Planning Staff must acknowledge its receipt within two working days and will usually distribute it to the Secretary of State, the Deputy Secretary of State, the Under Secretary for Political Affairs, the Chairperson of the Open Forum, and, if the memo’s author is employed by USAID, by the head of that agency as well. Taking into account the wishes of the author, the memo may also be distributed more broadly within the State Department and may be done so anonymously.

The ultimate significance of the channel is that memos must receive a substantive response within 30-60 working days

For Trump: Inter arma enim silent leges

Posted on by

Translation: For among times of arms, the laws fall mute. But is this true?

Much opposition was forced on President GW Bush for his actions by executive order and presidential findings directly after the 9/11 attack. Bush ordered countless legal authorities inside and outside government for legal decisions on every step he took including that of ‘enhanced interrogation techniques’.

We have a major debate that will not be solved any time soon on the legality of the President Trump executive order on the refugee question which has caused major protests and legal action already as we see detentions of foreign nationals at airports. All executive orders are subject to judicial review. Presidents have been given the option of using extraordinary power and in many cases that is a good condition, yet in the matter of law, there have been without question many abuses.

This post is not meant to form any conclusion on the legal veracity of this executive order, rather it is designed to add it more facts and additional questions moving forward. President Trump has a mess to clean up left by Barack Obama, of this, there is no dispute. The White House did take action at the stroke of the pen to begin to make America safer, however was this action taken too soon and without legal opinions including that of the Office of Legal Council? That has not been answered.

So, here are some items that must be included in this debate that extends the whole view and argument.

These are not in any specific order so the reader can individually prioritize.

  1. Should President Trump have set an effective date of this Executive Order?
  2. How was TSA, DHS and all other associated agencies briefed on those already in transit and with validated travel documents in hand?
  3. Did the White House consider exemptions or waivers for those that have been vetted previously that worked or work for the USG in some capacity?
  4. Why were some countries on this list while others were not? The San Bernardino shooters were from Pakistan, but do we need Pakistan for the war in Afghanistan?
  5. The majority of the terrorists on 9/11 were from Saudi Arabia and yet Saudi was omitted from the list, why? Could it be that Trump had/has business interests there or because some that were formally in the Kingdom did aide often the United States when it came to terror like in the case of kidnapped CIA operative William Buckley in Beirut of which the Saudis helped finance his recovery? It is without question the Saudis dislike Iran as much as the United States.
  6. We have seen millions of refugees enter all parts of Europe in recent years and yet they can enter the United States under the ‘visa waiver’ program. Did the Trump White House take this under full consideration? The answer is a ‘kinda, yes’ they did but that review has been ordered and not yet deployed.
  7. We have countless refugees and asylees entering the United States from our southern border, but was Mexico on the list? No, yet we don’t know either if the phone discussion President Trump had with President Nieto, this topic was addressed.
  8. There are in fact limitations to who can be accepted into the United States under 8 U.S. Code S 1182 and applying those restrictions remain in the authority of the President while waivers can be issued and it is germane to ask if this law has been considered.
  9. Refugees too have rights and legal protections which was in fact determined after WW II and we have witnessed millions in the Middle East that are forced to live outside their homeland in camps that are simply inhumane. So when it comes to the ‘huddle masses’, the United States does have a responsibility however, the genesis of the current refugee/asylee issue remains with Susan Rice, Barack Obama and Hillary Clinton. The solution in the long term is almost impossible for President Trump and his team to solve unless the hostilities and conflicts in the Middle East are solved.
  10. The protests of those standing against the Trump executive order was not spontaneous, nor were those immediate lawsuits against this temporary refugee ban. Following the money and the continued chaos will not soon go away. What is the proper counter-measure going forward? A question that remains without an answer.
  11. In 2011, Obama did ban Iraqis wanting to enter the United States and this was in fact the exact year the United States pulled out in total from Iraqi. Obama did however issue some selective waivers. The concern for Obama at the time was the matter of two people in Kentucky plotting a terror attack. This alone is a single great argument for Trump’s action and Senator Schumer should be reminded as should Nancy Pelosi. But it is not the full argument as noted by the items above.
  12. It should be noted the actions of President Carter who ordered all Iranians to leave the United States and cut all interactions with Iran with few exceptions.

There are historical events that do offer President Trump great legal standing that is unless courts will rule otherwise in upcoming cases.

ABC: Over the veto of President Woodrow Wilson, Congress passed the 1917 Immigration Act amid social outcry over national security during World War I. According to the Office of the Historian of the U.S. Department of State, the legislation extended to barring most Asian nation immigration overall, with the exception of Japan, which was protected by a prior bilateral diplomatic agreement, and the Philippines, then a U.S. colony.

The act was officially repealed by the Magnuson Act in 1943, in the context of the U.S. alliance with China against Japan during World War II. Still, actual Chinese immigration to the U.S. remained capped at 105 persons a year until 1965.

National Origins Formula

For the first time in the 1920s — through the Emergency Quota Act of 1921 and the Immigration Act of 1924, or the Johnson-Reed Act — the U.S. further restricted immigration by establishing a wide-scale quota system based on national origins. According to the Office of the Historian of the U.S. Department of State, in addition to putting a blanket ban on immigration from Asian countries, now including Japan in the case of the Johnson-Reed Act, the national origins immigration policies also had the effect of reducing immigration from southern and eastern Europe.

According to a 2015 report by the Pew Research Center about 20th century U.S. immigration, the impact of the system was intended to “try to restore earlier immigration patterns by capping total annual immigration and imposing numerical quotas based on immigrant nationality that favored northern and western European countries.”

The U.S. immigration system remained based on the national origin of would-be immigrants until the passage of the Immigration Act of 1965 during the presidency of Lyndon B. Johnson.

“It was designed for racist reasons,” said Steve Legomsky, professor of law at the Washington University School of Law in St. Louis, referring to the national origins system as well as the prior exclusion of Asian immigrants. “Today, I don’t think that’s what’s driving the immigration ban [proposed by Trump]. I think it’s more a fear of terrorism and a concern for national security.”

Legomsky, who was also formerly the chief counsel of U.S. Citizenship and Immigration Services, added that “the impulses are different [now], but the effect is the same.”

In summary, this article is hardly complete with all the facts and laws, rather it is meant for the reader to consider a wider range of moving parts while inviting the reader to individually research more before an ‘all in’ as full support of Trump’s executive action be assumed.

Your comments are invited and encouraged.

In closing, it was in 2014 that now deceased Justice Scalia said, in times of war, laws fall silent.