Category Archives: Department of Homeland Security

DHS Website Hacked with Pro-Iranian Messages

Posted on by

Seems with the timing, that as I was publishing an article yesterday about Iran’s robust cyber operations, they or proxies were at work taking down our own Department of Homeland Security website. Another thought is a domestic Iranian sympathizer took down the site.

A website within the Department of Homeland Security was offline Sunday after a hacker uploaded photos onto the site that included an Iranian flag and an image depicting a bloodied President Donald Trump being punched in the face.

 

The images appeared on the Federal Depository Library Program program’s website late Saturday before the site was taken offline. The Cybersecurity and Infrastructure Security Agency, a division of the Department of Homeland Security, said it was monitoring the situation.

“We are aware the website of the Federal Depository Library Program was defaced with pro-Iranian, anti-US messaging,” the cybersecurity agency said in a statement. “At this time, there is no confirmation that this was the action of Iranian state-sponsored actors. The website was taken offline and is no longer accessible.”

The statement added that “in these times of increased threats” all organizations should increase cyber monitoring, back up IT systems, implement secure authentication and have an incident response plan ready should a hack take place.

DHS also issued a two-week National Terrorism System advisory noting the U.S. drone strike in Iraq last week that killed Iran commander Qassem Soleimani. That spurred Iran and several affiliated extremist organizations to state publicly they intend to retaliate against the U.S.

“Iran maintains a robust cyber program and can execute cyber attacks against the United States,” DHS warned. “Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.”

The library program website essentially had been replaced with a page exclaiming “Iranian Hackers!” An image of Iran’s supreme leader Ayatollah Ali Khamenei also was posted, along with a message that “martyrdom was (Soleimani’s) reward for years of implacable efforts.

A graphic showed Trump being punched by a fist from Iran amid a flurry of missiles.

“With his departure and with God’s power, his work and path will not cease and severe revenge awaits those criminals who have tainted their filthy hands with his blood and blood of the other martyrs,” a message on the website read.

Another message claimed the hack was the work of an Iranian “security group,” adding that “this is only small part of Iran’s cyber ability!”

Iran has promised a military response to Soleimani’s killing. Trump has vowed that if Iran attacks an American base or any American, “which I would strongly advise them not to do, we will hit them harder than they have ever been hit before!”

I also received the following bulletin yesterday from the DHS email system.

Image

 

 

A Look Back at the Last Decade

Posted on by

Sadly, so much of the domestic and world events have affected our daily lives while other events have carried into this new decade. This is hardly a complete look back and readers are encouraged to leave comments with additional major events of the last decade. Congratulations for surviving and prevailing the last decade.

Image result for arab spring tunisia

2010: The Arab Spring

Deepwater Horizon Oil Spill

Apple introduces first iPad

President Obama signed the Affordable Care Act into law

7.0 Earthquake strike Haiti

Instagram Debuts

Image result for abbottabad raid

2011:  Abbottabad Raid Killing Osama bin Ladin

8.9 Earthquake Hits Japan

Prince William Marries Catherine Middleton

Casey Anthony Acquitted of Killing her Daughter

Syrian Civil War Began

2012: Baumgartner’s Stratosphere Jump

Benghazi attack

Super Hurricane Sandy

Aurora, Colorado Theater Shooting

Sandy Hook Elementary School Shooting

2013: IRS Targeting

Boston Marathon Bombing

Edward Snowden NSA leaks

Pope Benedict Resignation, First Ever

Black Lives Matter Activist Movement Originates

Failed Government Launch of Healthcare.gov

Image result for malaysia flight 370

2014: Malaysia Flight #370 Goes Missing

Actor Robin Williams Dies by Suicide

Bowe Bergdahl Taliban Prisoner Swap

Ebola Virus Outbreak

Boko Harem Kidnaps 200 Schoolgirls

Uber Launches Rideshare

Obama Normalizes Relations with Cuba

Islamic State (ISIL-ISIS) Battle Begins in Mosul

Image result for bataclan terror attack

2015:  San Bernardino Terror Attack

Pope Francis Speech to Joint Session of Congress

Hillary Clinton Email Scandal

Charlie Hebdo Terror Attack

Paris Stade de France Bombing

Bataclan Terror Attack

Syrian European Refugee Crisis

2016: Rio Olympic Games, Ryan Lochte scandal

U.S. Supreme Court Legalizes Gay Marriage

Singer Prince Found Dead from Fentanyl Overdose

Colin Kaepernick Began Kneeling Protest

Brexit Vote for Withdraw of United Kingdom from European Union

Russia Hacks U.S. Obama Expels Russian Diplomats and Spies

2017: Rare Coast to Coast Full Solar Eclipse

#MeToo Movement Begins

Las Vegas Mandalay Bay Hotel Shooting Killing 58 Wounding 413

Arianna Grande Manchester Bombing

Robert Mueller Named Special Council to Investigate Donald Trump and Russian Collusion

Hurricane Harvey, Category 4 Hits Leaving $125 Billion in Damage

Hurricane Irma, Category 5

Hurricane Maria, Category 5

President Trump Launches #FakeNews

ANTIFA Launches National Activist Operations

Image result for thailand soccer team cave

2018: Thailand Soccer Team Rescued from Cave

North Korea Agrees to Trump to Denuclearize

Cambridge Analytica-Facebook Scandal

Christine Blasey Ford v. Brett Kavanugh (Supreme Court Nominee)

Prince Harry Marries American Meghan Markle

Stoneman Douglas High School Shooting, Killing 17

Image result for u.s immigration crisis southern border

2019:  Robert Mueller Special Council Investigation Ends

U.S. House of Representatives Votes on Two Articles of Impeachment of President Trump

Trump Installs Sweeping Immigration Enforcement Measures

U.S. China Trade Pact Finalizes First Agreement

Boeing Jets Grounded

Hong Kong Freedom Fighters Protest China for Freedom

Locked Shields Versus Iran

Posted on by

Since the death of several Iranian warlords including Qassim Soleimani, the United States has dispatched more military personnel to the Middle East. The Patriot missile batteries scattered in the region including in Bahrain are now at the ready. When it comes to cyber operations inside Iran, little is being discussed as a means of retribution against the United States. Iran does have cyber warfare capabilities and does use them.

It has been mentioned in recent days that President Trump has been quite measured in responding to Iran’s various attacks including striking Saudi oil fields, hitting oil tankers and shooting down one of the drones operated by the United States. In fact, the United States did respond directly after the downing of our drone by inserting an effective cyber-attack against Iran’s weapons systems by targeting the controls of the missile systems.

APT33 phishing Read details from Security Affairs.

Iran has an estimated 100,000 volunteer cyber trained operatives that has been expanding for the last ten years led by the Basij, a paramilitary network. The cyber unit known for controlling the Iranian missile launchers is Sepehr 110 is a large target of the United States and Israel. Iran also mobilizes cyber criminals and proxy networks including another one known as OilRig.

In 2018, the United States charged 9 Iranians (Mabna Hackers) for conducting massive cyber theft, wire fraud and identity theft that affected hundreds of universities, companies and other proprietary entities.

Due to a more global cyber threat by Iran known to collaborate with North Korea, China and Russia, NATO has been quite aggressive in cyber defense operations via the Cooperative Cyber Defense Center of Excellence applying the Locked Shields Program.

Not too be lost in the cyber threat conditions, Iran also uses their cyber team to blast out propaganda using social media platforms. If this sounds quite familiar, it is. The Russian propaganda operations manual is also being used by Iran. The bots and trolls are at work in Europe to keep France, Britain and Germany connected to the Iranian nuclear deal and to maintain trade operations with Iran including diplomatic operations. There are fake Iranian and Russian accounts still today all over Twitter and Facebook for which Europe is slow to respond if at all.

Meet APT33, which the West calls the Iranian hacking crew(s), the other slang name is Elfin. APT33 is not only hacking, but it is performing cyber-espionage as well. There are many outside government organizations researching and decoding Iran’s cyber operations that cooperate with inside U.S. government cyber operations located across the globe that also cooperate with NATO.

Recorded Future is one such non-government pro-active cyber operation working on Iran. These include attributions of cyber attacks by Iran against Saudi Arabia as well as the West by decoding phishing campaigns, relationships, malware and webshells and security breeches.

Recent published results include in part:

Nasr Institute and Kavosh Redux

In our previous report, “Iran’s Hacker Hierarchy Exposed,” we concluded that the exposure of one APT33 contractor, the Nasr Institute, by FireEye in 2017, along with our intelligence on the composition and motivations of the Iranian hacker community, pointed to a tiered structure within Iran’s state-sponsored offensive cyber program. We assessed that many Iranian state-sponsored operations were directed by the Iranian Revolutionary Guard Corps (IRGC) or the Ministry of Intelligence and Security (MOIS).

According to a sensitive Insikt Group source who provided information for previous research, these organizations employed a mid-level tier of ideologically aligned task managers responsible for the compartmentalized tasking of over 50 contracting organizations, who conducted activities such as vulnerability research, exploit development, reconnaissance, and the conducting of network intrusions or attacks. Each of these discrete components, in developing an offensive cyber capability, were purposefully assigned to different contracting groups to protect the integrity of overarching operations and to ensure the IRGC and/or MOIS retained control of operations and mitigated the risk from rogue hackers. Read more here in detail from a published summary of 6 months ago.

That Russian Spy Ship is Back to Lurking off our Coast

Posted on by

The speculation for this ship is:

There are new indications that the spying target this time also included SpaceX’s space launch capability.

On Monday, the private space launch company founded by tech entrepreneur Elon Musk conducted the 13th successful launch of its Falcon 9 booster from Cape Canaveral, Florida. The launcher placed a communications satellite into orbit and then returned to Earth by landing on a barge in the Atlantic eight minutes later.

Analysts speculate that the ship may have been observing the launch to gather data that could benefit reusable Russian space launchers.

U.S. Northern Command and the Coast Guard have been tracking a Russian spy ship equipped with electronic surveillance gear that has been lurking off the East Coast of the United States.

On Monday, the Coast Guard sent out a Maritime Safety Information Bulletin warning boaters of reports of the Viktor Leonov operating in an “unsafe manner” off the coast of South Carolina and Georgia.

On Tuesday, the Coast Guard said the Russian ship was operating in USCG’s Jacksonville, Florida, area of responsibility, which encompasses roughly 40,000 square miles of ocean and stretches nearly 190 miles of coast from Kings Bay, Georgia, to Port Malabar, Florida.

“This unsafe operation includes not energizing running lights while in reduced visibility conditions, not responding to hails by commercial vessels attempting to coordinate safe passage and other erratic movements,” the Coast Guard posted on its bulletin.

“Vessels transiting these waters should maintain a sharp lookout and use extreme caution when navigating in proximity to this vessel. Mariners should make reports of any unsafe situations to the United States Coast Guard,” the Coast Guard said in its safety message.

Adm. James Foggo III, the commander of U.S. Naval Forces Europe and U.S. Naval Forces Africa, told reporters Dec. 18 that the Russian spy ship was operating a “couple hundred” miles off the East Coast.

North American Aerospace Defense Command and U.S. Northern Command told Military Times that they were tracking the Russian ship.

“We are aware of Russia’s naval activities, including the deployment of these intelligence collection ships in the region,” Maj. Mark R. Lazane, a spokesman with NORTHCOM, told Military Times in an emailed statement.

Image result for Russian warship Viktor Leonov

It’s not the first time the Viktor Leonov has conducted intelligence operations off the East Coast off the U.S.

In 2017, the Pentagon announced the Leonov was being trailed by a Coast Guard vessel but was operating in international waters.

“They routinely deploy intelligence vessels worldwide to monitor the activities and particularly naval activities of other nations, but then again conducted lawfully in international waters and not unlike operations we conduct ourselves,” Davis said in 2017 about the Leonov operating near the East Coast of the U.S.

Foggo said that the Coast Guard reported that the Russian ship was not responding to signals or “bridge to bridge” radio communications and was running without lights on at sea.

Those actions, Foggo said Wednesday, are risky. More here.

This ship is part of Project 864. The Project 864, also known as the Vishnya and Meridian, is an electronic surveillance and intelligence gathering ship built by Stocznia Polnocna shipyard in Gdansk (Poland) for the Soviet Union’s Navy in the 1980s. The ship’s capabilities are built around the Communication Intelligence (COMINT) and Signals Intelligence (SIGINT) concepts. The Project 864 are equipped with two satellite communications antennas inside a radome. The propulsion system consists of two diesel engines developing 4,400-bhp and a top speed of 16 knots. The Project 864 weapon system is intended to counter airborne threats using two AK-630 30mm guns and two SA-N-8 surface-to-air missile systems. The Russian Navy operates seven Meridian-class vessels to be replaced by the Project 18280 intelligence ship by 2020.

FISA, Horowitz v. FBI

Posted on by

The second hearing in the Senate where Inspector General Horowitz delivered more testimony to the Senate Homeland Security and Governmental Affairs Committee was quite chilling and revealing.
There was a particular exchange between Senator Josh Hawley (R-Mo.) and Horowitz that explains the bias or perhaps even the plotting.

Sen. Josh Hawley, R-Mo., was blunt in trying to get to the bottom of what happened during Wednesday’s Senate Homeland Security and Governmental Affairs Committee hearing.

“Were they just all incompetent?” he asked. Hawley then noted that due to the complexities involved, “it doesn’t sound like they’re very stupid to me.”

Hawley ultimately asked why the members of the FBI would commit such failures to mislead a court multiple times.

“That was precisely the concern we had,” Horowitz said. The inspector general made clear that he did not reach any conclusions regarding intent, but he did not necessarily accept the reasons people gave him during his investigation.

“There are so many errors, we couldn’t reach a conclusion or make a determination on what motivated those failures other than we did not credit what we lay out here were the explanations we got,” Horowitz said.

This echoed what Horowitz said in his opening statement, where he made clear that “although we did not find documentary or testimonial evidence of intentional misconduct, we also did not receive satisfactory explanations for the errors or the missing information and the failures that occurred.”

Horowitz previously appeared before the Senate Judiciary Committee in the aftermath of his report on the subject, but Wednesday’s hearing before the Senate homeland security panel comes a day after the Foreign Intelligence Surveillance Court (FISC) sharply criticized the FBI in a rare public order that referenced his findings.

Horowitz said that both Justice Department attorneys and the Foreign Intelligence Surveillance Court “should have been given complete and accurate information,” adding, “that did not occur and as a result, the surveillance of Carter Page continued even as the FBI gathered evidence and information that weakened the assessment of probable cause and made the FISA applications less accurate.”

So, the Democrats along with the media prepackaged the headlines prior to the Horowitz testimony that the IG report found NO bias. We are now getting more concise and factual information that says otherwise. Seems those on the top floor of the J. Edgar Hoover building opened some old history books on the former Director of the FBI and used several of Hoover’s tactics for all things Crossfire Hurricane and the 4 FISA warrants.

 

Image result for fisa courtThe IG report is teeming with deceit and clandestine maneuvers at the hands of the SSA’s (Special Agents) on the top floor and not those of 7 levels down from the Director level as Comey and McCabe have declared.

The first FISA application: “contained seven significant inaccuracies and omissions.”. None of these were corrected with an addendum or with the 3 renewals.  Contrary to Comey’s constant testimony, the dossier played the largest role in the warrant application and the FBI knew that Carter Page worked as an agent for the CIA to collect and share information on his Russian interactions, yet that was stripped out of the hundreds of pages in the warrant applications. By the way, both the FBI and the CIA as a matter of practice use civilian informants and even top leaders of global corporations to gather intelligence during foreign travels and interactions.

Now, where is the outrage of the pesky now very loyal and dedicated pro-Constitutional Democrats and where is the media on all this? In fact, with the top judge, Rosemary Collyer at the FISA court issuing a demand letter after the IG report and testimony to the FBI, what will the all the clean up measures include and will there be legal consequences for those who lied, cheated and deceived the court? Beware, much of our media, TV and print operates with wild abandon by applying propaganda….the Kremlin would be proud.