Category Archives: Department of Homeland Security

Locked Shields Versus Iran

Posted on by

Since the death of several Iranian warlords including Qassim Soleimani, the United States has dispatched more military personnel to the Middle East. The Patriot missile batteries scattered in the region including in Bahrain are now at the ready. When it comes to cyber operations inside Iran, little is being discussed as a means of retribution against the United States. Iran does have cyber warfare capabilities and does use them.

It has been mentioned in recent days that President Trump has been quite measured in responding to Iran’s various attacks including striking Saudi oil fields, hitting oil tankers and shooting down one of the drones operated by the United States. In fact, the United States did respond directly after the downing of our drone by inserting an effective cyber-attack against Iran’s weapons systems by targeting the controls of the missile systems.

APT33 phishing Read details from Security Affairs.

Iran has an estimated 100,000 volunteer cyber trained operatives that has been expanding for the last ten years led by the Basij, a paramilitary network. The cyber unit known for controlling the Iranian missile launchers is Sepehr 110 is a large target of the United States and Israel. Iran also mobilizes cyber criminals and proxy networks including another one known as OilRig.

In 2018, the United States charged 9 Iranians (Mabna Hackers) for conducting massive cyber theft, wire fraud and identity theft that affected hundreds of universities, companies and other proprietary entities.

Due to a more global cyber threat by Iran known to collaborate with North Korea, China and Russia, NATO has been quite aggressive in cyber defense operations via the Cooperative Cyber Defense Center of Excellence applying the Locked Shields Program.

Not too be lost in the cyber threat conditions, Iran also uses their cyber team to blast out propaganda using social media platforms. If this sounds quite familiar, it is. The Russian propaganda operations manual is also being used by Iran. The bots and trolls are at work in Europe to keep France, Britain and Germany connected to the Iranian nuclear deal and to maintain trade operations with Iran including diplomatic operations. There are fake Iranian and Russian accounts still today all over Twitter and Facebook for which Europe is slow to respond if at all.

Meet APT33, which the West calls the Iranian hacking crew(s), the other slang name is Elfin. APT33 is not only hacking, but it is performing cyber-espionage as well. There are many outside government organizations researching and decoding Iran’s cyber operations that cooperate with inside U.S. government cyber operations located across the globe that also cooperate with NATO.

Recorded Future is one such non-government pro-active cyber operation working on Iran. These include attributions of cyber attacks by Iran against Saudi Arabia as well as the West by decoding phishing campaigns, relationships, malware and webshells and security breeches.

Recent published results include in part:

Nasr Institute and Kavosh Redux

In our previous report, “Iran’s Hacker Hierarchy Exposed,” we concluded that the exposure of one APT33 contractor, the Nasr Institute, by FireEye in 2017, along with our intelligence on the composition and motivations of the Iranian hacker community, pointed to a tiered structure within Iran’s state-sponsored offensive cyber program. We assessed that many Iranian state-sponsored operations were directed by the Iranian Revolutionary Guard Corps (IRGC) or the Ministry of Intelligence and Security (MOIS).

According to a sensitive Insikt Group source who provided information for previous research, these organizations employed a mid-level tier of ideologically aligned task managers responsible for the compartmentalized tasking of over 50 contracting organizations, who conducted activities such as vulnerability research, exploit development, reconnaissance, and the conducting of network intrusions or attacks. Each of these discrete components, in developing an offensive cyber capability, were purposefully assigned to different contracting groups to protect the integrity of overarching operations and to ensure the IRGC and/or MOIS retained control of operations and mitigated the risk from rogue hackers. Read more here in detail from a published summary of 6 months ago.

That Russian Spy Ship is Back to Lurking off our Coast

Posted on by

The speculation for this ship is:

There are new indications that the spying target this time also included SpaceX’s space launch capability.

On Monday, the private space launch company founded by tech entrepreneur Elon Musk conducted the 13th successful launch of its Falcon 9 booster from Cape Canaveral, Florida. The launcher placed a communications satellite into orbit and then returned to Earth by landing on a barge in the Atlantic eight minutes later.

Analysts speculate that the ship may have been observing the launch to gather data that could benefit reusable Russian space launchers.

U.S. Northern Command and the Coast Guard have been tracking a Russian spy ship equipped with electronic surveillance gear that has been lurking off the East Coast of the United States.

On Monday, the Coast Guard sent out a Maritime Safety Information Bulletin warning boaters of reports of the Viktor Leonov operating in an “unsafe manner” off the coast of South Carolina and Georgia.

On Tuesday, the Coast Guard said the Russian ship was operating in USCG’s Jacksonville, Florida, area of responsibility, which encompasses roughly 40,000 square miles of ocean and stretches nearly 190 miles of coast from Kings Bay, Georgia, to Port Malabar, Florida.

“This unsafe operation includes not energizing running lights while in reduced visibility conditions, not responding to hails by commercial vessels attempting to coordinate safe passage and other erratic movements,” the Coast Guard posted on its bulletin.

“Vessels transiting these waters should maintain a sharp lookout and use extreme caution when navigating in proximity to this vessel. Mariners should make reports of any unsafe situations to the United States Coast Guard,” the Coast Guard said in its safety message.

Adm. James Foggo III, the commander of U.S. Naval Forces Europe and U.S. Naval Forces Africa, told reporters Dec. 18 that the Russian spy ship was operating a “couple hundred” miles off the East Coast.

North American Aerospace Defense Command and U.S. Northern Command told Military Times that they were tracking the Russian ship.

“We are aware of Russia’s naval activities, including the deployment of these intelligence collection ships in the region,” Maj. Mark R. Lazane, a spokesman with NORTHCOM, told Military Times in an emailed statement.

Image result for Russian warship Viktor Leonov

It’s not the first time the Viktor Leonov has conducted intelligence operations off the East Coast off the U.S.

In 2017, the Pentagon announced the Leonov was being trailed by a Coast Guard vessel but was operating in international waters.

“They routinely deploy intelligence vessels worldwide to monitor the activities and particularly naval activities of other nations, but then again conducted lawfully in international waters and not unlike operations we conduct ourselves,” Davis said in 2017 about the Leonov operating near the East Coast of the U.S.

Foggo said that the Coast Guard reported that the Russian ship was not responding to signals or “bridge to bridge” radio communications and was running without lights on at sea.

Those actions, Foggo said Wednesday, are risky. More here.

This ship is part of Project 864. The Project 864, also known as the Vishnya and Meridian, is an electronic surveillance and intelligence gathering ship built by Stocznia Polnocna shipyard in Gdansk (Poland) for the Soviet Union’s Navy in the 1980s. The ship’s capabilities are built around the Communication Intelligence (COMINT) and Signals Intelligence (SIGINT) concepts. The Project 864 are equipped with two satellite communications antennas inside a radome. The propulsion system consists of two diesel engines developing 4,400-bhp and a top speed of 16 knots. The Project 864 weapon system is intended to counter airborne threats using two AK-630 30mm guns and two SA-N-8 surface-to-air missile systems. The Russian Navy operates seven Meridian-class vessels to be replaced by the Project 18280 intelligence ship by 2020.

FISA, Horowitz v. FBI

Posted on by

The second hearing in the Senate where Inspector General Horowitz delivered more testimony to the Senate Homeland Security and Governmental Affairs Committee was quite chilling and revealing.
There was a particular exchange between Senator Josh Hawley (R-Mo.) and Horowitz that explains the bias or perhaps even the plotting.

Sen. Josh Hawley, R-Mo., was blunt in trying to get to the bottom of what happened during Wednesday’s Senate Homeland Security and Governmental Affairs Committee hearing.

“Were they just all incompetent?” he asked. Hawley then noted that due to the complexities involved, “it doesn’t sound like they’re very stupid to me.”

Hawley ultimately asked why the members of the FBI would commit such failures to mislead a court multiple times.

“That was precisely the concern we had,” Horowitz said. The inspector general made clear that he did not reach any conclusions regarding intent, but he did not necessarily accept the reasons people gave him during his investigation.

“There are so many errors, we couldn’t reach a conclusion or make a determination on what motivated those failures other than we did not credit what we lay out here were the explanations we got,” Horowitz said.

This echoed what Horowitz said in his opening statement, where he made clear that “although we did not find documentary or testimonial evidence of intentional misconduct, we also did not receive satisfactory explanations for the errors or the missing information and the failures that occurred.”

Horowitz previously appeared before the Senate Judiciary Committee in the aftermath of his report on the subject, but Wednesday’s hearing before the Senate homeland security panel comes a day after the Foreign Intelligence Surveillance Court (FISC) sharply criticized the FBI in a rare public order that referenced his findings.

Horowitz said that both Justice Department attorneys and the Foreign Intelligence Surveillance Court “should have been given complete and accurate information,” adding, “that did not occur and as a result, the surveillance of Carter Page continued even as the FBI gathered evidence and information that weakened the assessment of probable cause and made the FISA applications less accurate.”

So, the Democrats along with the media prepackaged the headlines prior to the Horowitz testimony that the IG report found NO bias. We are now getting more concise and factual information that says otherwise. Seems those on the top floor of the J. Edgar Hoover building opened some old history books on the former Director of the FBI and used several of Hoover’s tactics for all things Crossfire Hurricane and the 4 FISA warrants.

 

Image result for fisa courtThe IG report is teeming with deceit and clandestine maneuvers at the hands of the SSA’s (Special Agents) on the top floor and not those of 7 levels down from the Director level as Comey and McCabe have declared.

The first FISA application: “contained seven significant inaccuracies and omissions.”. None of these were corrected with an addendum or with the 3 renewals.  Contrary to Comey’s constant testimony, the dossier played the largest role in the warrant application and the FBI knew that Carter Page worked as an agent for the CIA to collect and share information on his Russian interactions, yet that was stripped out of the hundreds of pages in the warrant applications. By the way, both the FBI and the CIA as a matter of practice use civilian informants and even top leaders of global corporations to gather intelligence during foreign travels and interactions.

Now, where is the outrage of the pesky now very loyal and dedicated pro-Constitutional Democrats and where is the media on all this? In fact, with the top judge, Rosemary Collyer at the FISA court issuing a demand letter after the IG report and testimony to the FBI, what will the all the clean up measures include and will there be legal consequences for those who lied, cheated and deceived the court? Beware, much of our media, TV and print operates with wild abandon by applying propaganda….the Kremlin would be proud.

Time to Place a Terror Status on Drug Cartels

Posted on by

President Trump has long pledged to sign off on declaring drug cartels as terror organizations going back to at least March of 2019.

Mexican security forces on Sunday killed seven more members of a presumed cartel assault force that rolled into a town near the Texas border and staged an hour-long attack, officials said, putting the overall death toll at 20.

The Coahuila state government said in a statement that lawmen aided by helicopters were still chasing remnants of the force that arrived in a convoy of pickup trucks and attacked the city hall of Villa Union on Saturday.

The reason for the military-style attack remained unclear. Cartels have been contending for control of smuggling routes in northern Mexico, but there was no immediate evidence that a rival cartel had been targeted in Villa Union.

Earlier Sunday, the state government had issued a statement saying seven attackers were killed Sunday in addition to seven who died Saturday. It had said three other bodies had not been identified, but its later statement lowered the total deaths to 20.

Death toll put at 20 for Mexico cartel attack near US ...

The governor said the armed group — at least some in military style garb — stormed the town of 3,000 residents in a convoy of trucks, attacking local government offices and prompting state and federal forces to intervene. Bullet-riddled trucks left abandoned in the streets were marked C.D.N. — Spanish initials of the Cartel of the Northeast gang.

Given the recent deaths in two attacks, momentum is building and what is taking so long? Frankly, it comes down to the trade deal(s) between the United States and Mexico which has been approved by Mexico, Canada and the Unites States but not ratified yet by our own Congress.

For some context on how easy it is to apply sanctions regarding ‘countering narcotics trafficking’ there is a law titled the King Pin Act. Recently updated this past June, The Foreign Narcotics King Pin Designation Act has 32 pages, two columns of named individuals or organizations.

In part of this law for reference includes:

THE KINGPIN ACT

On December 3, 1999, the President signed into law the Kingpin Act (21 U.S.C. §§
1901-1908 and 8 U.S.C § 1182), providing authority for the application of
sanctions to significant foreign narcotics traffickers and their organizations
operating worldwide. Section 805(b) of the Kingpin Act blocks all property and
interests in property within the United States, or within the possession or
control of any U.S. person, which are owned or controlled by significant foreign
narcotics traffickers, as identified by the President, or foreign persons
designated by the Secretary of the Treasury, after consultation with the
Attorney General, the Director of Central Intelligence, the Director of the
Federal Bureau of Investigation, the Administrator of the Drug Enforcement
Administration, the Secretary of Defense, the Secretary of Homeland Security,
and the Secretary of State, as meeting the criteria as identified in the Kingpin
Act.

On July 5, 2000, OFAC issued the Foreign Narcotics Kingpin Sanctions
Regulations, 31 C.F.R. Part 598, which implement the Kingpin Act and block all
property and interests in property within the United States, or within the
possession or control of any U.S. person, which are owned or controlled by
specially designated narcotics traffickers, as identified by the President, or
foreign persons designated by the Secretary of the Treasury, after consultation
with the Attorney General, the Director of Central Intelligence, the Director of
the Federal Bureau of Investigation, the Administrator of the Drug Enforcement
Administration, the Secretary of Defense, the Secretary of Homeland Security and
the Secretary of State, as meeting the following criteria:

• Materially assists in, or provides financial or technological support for or
to, or provides goods or services in support of, the international narcotics
trafficking activities of a specially designated narcotics trafficker;

• Owned, controlled, or directed by, or acts for or on behalf of, a specially
designated narcotics trafficker; or

• Plays a significant role in international narcotics trafficking.

III. PROHIBITED TRANSACTIONS

E.O. 12978

E.O. 12978 blocks the property and interests in property in the United States,
or in the possession or control of U.S. persons, of the persons listed in the
Annex to E.O. 12978, as well as of any foreign person determined by the
Secretary of the Treasury, after consultation with the Attorney General and the
Secretary of State, to be a specially designated narcotics trafficker.

The names of persons and entities listed in the Annex to E.O. 12978 or
designated pursuant to E.O. 12978, whose property and interests in property are
therefore blocked, are published in the Federal Register and incorporated into
OFAC’s list of Specially Designated Nationals and Blocked Persons (SDN List)
with the OFAC program tag “[SDNT].” The SDN List is available through OFAC’s web
site: http://www.treasury.gov/sdn.

THE KINGPIN ACT

The Kingpin Act blocks all property and interests in property within the United
States, or within the possession or control of any U.S. person, of the persons,
identified by the President, or foreign persons designated by the Secretary of
the Treasury, after consultation with the previously identified federal
agencies.

So, what is the problem? Actually it is likely the top government officials of Mexico would be sanctioned and the government itself would fall. The other suggestion is U.S. domestic banks would be implicated as well as some city officials in the United States including Los Angeles, Chicago, New York, Newark and Miami.

The consequences are huge but it is time.

Thousand Talents = J Visa = Espionage = Stupid

Posted on by

It was just this morning that I sent a text to a former CIA operative asking if he was comfortable with the FBI being the lone government agency tracking foreign spies operating in the United States. His reply was NO. Sigh…My gut was telling me that espionage in the United States is out of control and while performing some research for about an hour, it IS out of control. Understand foreign operatives come from several countries into the United States using several visa methods and for the sake of this article, the concentration will be on China. It is a sure bet however, the same techniques are used by other rogue countries that just are for sure either best described as adversaries or enemies of our homeland.

So, back to the question of the FBI being the lone tracking government agency. One of the first Reuters articles had this headline: FBI wishes it had acted quicker as China stole intellectual property

The admission by John Brown, assistant director of the Counterintelligence Division at the FBI, backed up a Senate subcommittee report that found federal agencies had responded too slowly as China recruited the researchers, leaving U.S. taxpayers unwittingly funding the rise of China’s economy and military. Despite China’s announcement in 2008 of the Thousand Talents Plan – for which China had originally hoped to recruit 2,000 people but ended up recruiting more than 7,000 by 2017 – the FBI did not respond strongly until last year, the report released on Monday by the Senate’s Permanent Subcommittee on Investigations found. 

Just a few days before that Reuters’ article there was this headline: U.S. charges Chinese national with stealing trade secrets

Haitao Xiang, 42, an employee of Monsanto and its Climate Corp subsidiary from 2008 to 2017, was stopped by federal officials at a U.S. airport before he could board a flight to China carrying proprietary farming software, the department said in a statement.

“The indictment alleges another example of the Chinese government using Talent Plans to encourage employees to steal intellectual property from their U.S. employers,” Assistant Attorney General John Demers said.

Notice 9 years of employment above. Sigh. Read on, there is more.

US prosecutors have accused a tour guide of picking up US security secrets and delivering them cloak-and-dagger-style to Beijing. From October 2015 to July 2018, an FBI double agent conducted “dead drops,” in which, authorities say, Peng fetched information in the San Francisco Bay Area and Columbus, Georgia. Authorities say the double agent, identified only as “the Source,” went to the FBI in 2015, after the State Security Ministry tried to recruit him as a spy by telling him that he could rely on “Ed,” who had family and business dealings in China. As officials grapple with the threat of infiltrators trying to steal information from US companies, prosecutors have opened multiple cases against people suspected of spying for China. Last October, prosecutors charged a spy with attempting to steal trade secrets from several US aviation and aerospace companies.

Just last week in the Senate, the Homeland Security Committee Chairman, Portman held a hearing. Finding a summary from the hearing on the FBI website was the following:

Time and time again, the Communist government of China has proven that it will use any means necessary to advance its interests at the expense of others, including the United States, and pursue its long-term goal of being the world’s superpower by 2049. Among its many ways of collecting information, prioritized in national strategies such as the Five-Year Plan, the Chinese government oversees expert recruitment programs known as talent plans. Through these programs, the Chinese government offers lucrative financial and research benefits to recruit individuals working and studying outside of China who possess access to, or expertise in, high-priority research fields. These talent recruitment programs include not only the well-known Thousand Talents Plan but also more than 200 similar programs, all of which are overseen by the Chinese government and designed to support its goals, sometimes at U.S. taxpayers’ expense. Read on here.

Senate report accuses China of technology theft | NHK ...

200 similar programs? WHAT?

The Thousand Talents program is nothing more than a espionage recruiting operation. This past September, the FBI arrested Zhongsan Liu who was operating a front operation in New Jersey called the China Association for International Exchange of Personnel. According to the criminal complaint, Liu beginning in 2017 used the company to fraudulently procure U.S. visas for for many Chinese officials under J-1 research. Liu has actually led this front group however for 26 years. The program among others were created and directed by the Chinese government’s State Administration of Foreign Expert Affairs. Liu is a senior official of that agency. He also worked at the Chinese embassy in Washington and at the consulate in New York while this recruiting operation was going on.

“Chinese government sources claim over 44,000 highly skilled Chinese personnel have returned to China since 2009 through talent plans,” the report said. “As noted by China Daily, which is owned by the Chinese Communist Party: ‘China has more than 300 entrepreneurial parks for students returned from overseas. More than 24,500 enterprises have been set up in the parks by over 67,000 overseas returnees.'”

According to the Pentagon’s latest annual report on the Chinese military, the Thousand Talents Plan is used to bolster the People’s Liberation Army military buildup.

“China uses various incentive strategies to attract foreign personnel to work on and manage strategic programs and fill technical knowledge gaps, including the ‘Thousand Talents Program,’ which prioritizes recruiting people of Chinese descent or recent Chinese emigrants whose recruitment the Chinese government views as necessary to Chinese scientific and technical modernization, especially with regard to defense technology,” the report said.

The program of China’s Thousand Talents is really an unadvertised method to facilitate the legal and illicit transfer of U.S. technology, intellectual property and know-how as summarized by the National Intelligence Council.The NIC is a midterm and long term strategic thinking center formed in 1979. That report is found here. It is dated 2018 and titled: How China’s Economic Aggression Threatens the Technologies and Intellectual Property of the United States and the World

Do we really want a trade deal after all this with China? It can be argued that the trade has already taken place by China’s theft. This all complicates the bi-lateral signing of a trade deal between the United States and China or does it in the end?

Basic qualifications for the Thousand Talents program include the following:

1. Basic Qualifications for Candidates

The Recruitment Program for Innovative Talents (Long Term) targets people under 55 years of age who are willing to work in China on a full-time basis, with full professorships or the equivalent in prestigious foreign universities and R&D institutes, or with senior titles from well-known international companies or financial institutions.

2. Preferential Policies and Treatments

Awardees will be conferred the title of “National Distinguished Experts” and be provided with enabling working and living conditions.

(1) Enabling working conditions

Awardees are entitled to assume some leadership, professional or technical positions in universities, R&D institutes, central SOEs as well as state-owned commercial and financial institutions; to serve as project principals of the National Key Scientific and Technological Projects, “863 Program”(or the National High-tech R&D Program), “973 Program”(or the National Program on Key Basic Research Project), the National Nature Science Fund Projects; to apply for S&T funds and industrial development funds from government to support scientific research as well as production and operating activities in China; to participate in the consultation and demonstration of China’s major projects, the formulation of key scientific research plans and national standards, the construction of major projects, etc; to determine the expenditure and employment within the prescribed scope of responsibilities as project principals; to be engaged in various domestic academic organizations and the election of academicians of the Chinese Academy of Sciences and the Chinese Academy of Engineering(foreign academicians) and become the candidates of a wide range of government rewards.

(2) Special living benefits

Awardees as well as their spouses and minor children with alien nationality may apply for “Permanent Residence for Aliens” and/or multiple entry visas, the validity of which lasts 2-5 years. Awardees with Chinese citizenship will be free to settle down in any city of their choice and will not be restricted by his or her original residence registry. Each awardee shall receive a one-off, start-up package of RMB 1 million yuan from the nation’s central budget; be entitled to medical care, social insurance including pensions, medical insurance and work-related injury insurance; and may purchase one residential apartment for personal use. The housing and meal allowance, removing indemnity, home-leave-subsidy, and children-education-allowance in the wage income in Chinese territory within 5 years shall be deducted before taxes in accordance with relevant laws and regulations. Employers have to offer job opportunities to spouses, and children will have guaranteed admission to schools. The income level should be decided on their previous jobs overseas through negotiation with due living allowances.

(3) Key points of the Recruitment Program of Global Experts in the Field of Liberal Arts and Social Science

By the end of 2010, overseas high-level scholars in fields of liberal arts and social sciences, particularly urgently needed professionals specialized in Intellectual Property Law, Environment and Resources Protection Law, International Law, Diplomacy, Psychology etc. are eligible to apply for the Key National Innovative Projects. People who are introduced by this program shall support the Communist Party of China and the socialist system, maintaining compliance with the Constitution, laws, regulations and policies of the People’s Republic of China, with full professorships or the equivalent in prestigious foreign universities, R&D institutes and other institutions of art and culture, enjoying a high global reputation and being influential in their academic fields which are urgently needed in China; they shall be within 60 years of age, andd willing to work in China on a full-time basis.

With regard to application procedures, the “Liberal Arts and Social Sciences” plan is a subdivision of “The Recruitment Program for Key Disciplines”. Overseas talents are required to sign an employment contract or a letter of intention for talent recruitment with employers before applying for the Program. Please refer to the application procedures of “The Recruitment Program for Innovative Talents (Long Term)”.