Category Archives: Department of Homeland Security

N Korean, Park Jin hyok Charged with Global Cyber Attacks

Posted on by

U.S. CHARGES NORTH KOREAN HACKER

Federal prosecutors charged a North Korean man, Park Jin-hyok, with crimes in connection with a series of costly cyberattacks around the globe, including the WannaCry ransomware attack in 2018, the heist of Bangladesh’s central bank in 2017, and the hack of Sony Pictures in 2014. It is the first time the Justice Department has explicitly charged a North Korean hacker backed by the government. Park was allegedly working as a programmer for a North Korean front company in China called Chosun Expo, which had ties to North Korea’s military intelligence.

Legal analysts say the complaint is the most detailed public accounting yet of North Korea’s cyberattacks against foreign adversaries. The Justice Department has now brought hacking-related charges against North Korea, China, Iran, and Russia. (WSJ, NYT, Reuters, DOJ)

Park Jin Hyok, named by officials as a member of the so-called Lazarus Group hacking team behind last year’s WannaCry global ransomware attack and the 2014 digital attack on Sony, apparently used not only advanced technology, but elaborate reconnaissance work to digitally steal money and sensitive information.

First, Park would obtain a number of email addresses of people affiliated with target businesses from traders dealing in large amounts of personal information. Then he would use the emails to gain an understanding of company employees’ fields of interest and personal relationships.

That would let him craft emails that could pass as genuine messages from major companies in content and style, a tactic known as spear phishing. After spending some time building trust, he would send the malicious links to websites that would infect a target’s computer.

In one case, Park apparently masqueraded as a human resources official at a U.S. defense-linked company to exchange messages with workers at one of the company’s competitors.

Last week’s charges were said to be the first in years against a North Korean hacker related to high-profile attacks linked to the state. The attack on Sony came as the company was preparing to release a movie called “The Interview,” which depicted the assassination of a character resembling North Korean leader Kim Jong Un. The group also allegedly stole $81 million from the central bank of Bangladesh in 2016.

A North Korean suspect is wanted by U.S. authorities on suspicion of hacking. (Courtesy of the U.S. Federal Bureau of Investigation)

“We stand with our partners to name the North Korean government as the force behind this destructive global cyber campaign,” Christopher Wray, director of the Federal Bureau of Investigation, said in a statement on Sept. 6.

The U.S. Treasury also imposed sanctions on Park and a Chinese business he was affiliated with. “We will not allow North Korea to undermine global cybersecurity to advance its interests and generate illicit revenues in violation of our sanctions,” Treasury Secretary Steven Mnuchin said in his own statement.

Under Kim, the North has consolidated its cyber forces under its Reconnaissance General Bureau, which handles overseas spying. The state has a team of 6,800, according to the South Korean government, and is counted as one of the five cyber powers along with the U.S., Russia, China and Israel.

The core of cyber operations is a team known as “Bureau 121,” established in 1998 by Kim’s father, then-leader Kim Jong Il. Bureau 121 is known for its willingness to commit crimes for the sake of bringing in cash.

“The technology behind North Korea’s cybercrimes is some of the most advanced in the world,” said a source with the U.S. State Department.

Governments and businesses around the world are hurrying to guard themselves from the North’s attacks even as its methods grow more sophisticated. Further cooperation between countries’ cyberdefense authorities may be key to finding effective solutions.

British Airways: The airline said a “very sophisticated” hacker stole credit card details of hundreds of thousands of its customers in recent days. Anyone who lost out financially as a result of the breach would be compensated, BA officials said. (Reuters)

JPMorgan Hacker: A Russian man, Andrei Tyurin, has been extradited by Georgia to the United States on charges that he participated in the 2014 hack of JPMorgan Chase and other U.S. companies. (Reuters)

Middleweight Boxing Champion Led a Crime Syndicate

Posted on by

The Shulaya Enterprise was an organized criminal group operating under the direction and protection of Razhden Shulaya, a/k/a “Brother,” a/k/a “Roma,” a “vor v zakone” or “vor,” which are Russian phrases translated roughly as “Thief-in-Law” or “Thief,” and which refer to an order of elite criminals from the former Soviet Union who receive tribute from other criminals, offer protection, and use their recognized status as vor to adjudicate disputes among lower-level criminals.  As a vor, Shulaya had substantial influence in the criminal underworld and offered assistance to and protection of the members and associates of the Shulaya Enterprise.  Those members and associates, and Shulaya himself, engaged in widespread criminal activities, including acts of violence, extortion, the operation of illegal gambling businesses, fraud on various casinos, identity theft, credit card frauds, trafficking in large quantities of stolen goods, money laundering through a fraudulently established vodka import-export company, payment of bribes to local law enforcement officers, and the operation of a Brooklyn-based brothel.

The Shulaya Enterprise operated through groups of individuals, often with overlapping members or associates, dedicated to particular criminal tasks.  While many of these crews were based in New York City, the Shulaya Enterprise had operations in various locations throughout the United States (including in New Jersey, Pennsylvania, Florida, and Nevada) and abroad.  Most members and associates of the Shulaya Enterprise were born in the former Soviet Union and many maintained substantial ties to Georgia, Ukraine, and the Russian Federation, including regular travel to those countries, communication with associates in those countries, and the transfer of criminal proceeds to individuals in those countries.

Avtandil Khurtsidze VS Tommy Langford - ITS OFFICIAL - YouTube Not too sure he was not a spy either frankly.

Georgian former boxing champion Avtandil Khurtsidze has been sentenced to 10 years in prison for working as the “chief enforcer” for an “elite” criminal enterprise.

He was convicted in June in New York of racketeering and wire fraud conspiracy.

Prosecutors said the 38-year-old boxer had “substantial influence” in the criminal underworld as part of a Soviet Union crime gang.

They said Khurtsidze used violence in service of the group’s activities.

He and his associates, known as the Shulaya Enterprise, were blamed for crimes across the US including extortion, wire fraud, illegal gambling and operating a brothel in Brooklyn.

Many of the crew’s activities were based in New York but they also operated in other major cities as well as abroad, a justice department statement said.

Officials say most of its members were born in the former Soviet Union, with strong ties to Georgia, where the boxer was born.

Khurtsidze was caught on film twice carrying out assaults, with prosecutors describing him as a “heavyweight enforcer” for the group’s members and leadership.

He was also accused of participating in a complex fraud scheme to predict casino slot machines algorithms, which involved kidnapping a software engineer in Las Vegas in 2014.

Khurtsidze on shoulders with a belt above head
Getty Image
Image caption Khurtsidze was arrested in 2017, scuppering his chances at the WBO middleweight title

On top of his decade federal jail sentence, the Georgian boxer was given two further years supervision on release.

“Thanks to our dedicated law enforcement partners around the globe, Khurtsidze’s reign of extortion and violence has been halted,” US attorney Geoffrey Berman said in a statement.

‘Just a waste’

Khurtsidze held the interim WBO middleweight title in 2017.

His last professional fight was against British boxer Tommy Langford in April 2017, which he won.

A later bout against Billy Joe Sanders was cancelled after Khurtsidze was arrested along with more than 30 others in a swoop against the organised crime syndicate.

Following his conviction, his former promoter Lou DiBella criticised the boxer for squandering his career.

“He let many people down who believed in him, but no one more than himself. Just a waste, and it’s all on him for choosing the dark side,” Mr DiBella told ESPN.

Hey, the Mayor of Atlanta has Joined the anti-ICE Movement

Posted on by

Mayor Keisha Lance Bottoms on Thursday signed an executive order for transferring all remaining U.S. Immigration and Customs Enforcement detainees out of the city jail and declaring that Atlanta will no longer hold anyone for the federal agency.

The Democratic mayor’s move follows a separate executive order from June that blocked the jail from taking in any new ICE detainees amid enforcement of the Trump administration’s “zero-tolerance” immigration policy on the southwest border, which split up many immigrant families. Bottoms has vigorously objected to that federal policy.

“Atlanta will no longer be complicit in a policy that intentionally inflicts misery on a vulnerable population without giving any thought to the horrific fallout,” Bottoms told reporters moments before signing her executive order. “As the birthplace of the civil rights movement we are called to be better than this.”

Secretary of State Brian Kemp, Georgia’s Republican nominee for governor, criticized the mayor’s move in a statement he released Thursday afternoon.

“The City of Atlanta should focus on cleaning up corruption and stopping crime — not creating more of it,” he said.

So….how about it Atlanta…what say you about her oath of office?

ORGANIZATIONAL MEETING; OATH OF OFFICE; MANDATORY TRAINING
.
(As taken from the Atlanta City Code of Ordinances)
Section 2-301.-
Organizational meeting; oath of office; mandatory training
.
(a) Organizational meeting.
The council shall meet for organization in the council chamber, or any
other designated public place, on the first Monday in January following each regular election, or, if such Monday is a legal holiday, then on the next following day not a legal holiday.
(b) Oath of office.
At such organizational meeting, the mayor, president of the council, and
council members shall take and subscribe before a judge of the superior court, or any official authorized to administer oaths, the following oath of office: “I do solemnly swear (or affirm) that I will faithfully discharge the duties of the [mayor, president of the council, council member] City Council of the City of Atlanta, Georgia. I will not knowingly permit my vote to be influenced by fear, favor, affection, or reward, and in all things pertaining to my office. I will be governed by the public good
and the interests of the City. I will observe the provisions of the Charter, ordinances, and regulations of the City of Atlanta, and I will support and defend the Constitutions of the State of Georgia and the United States of America. I am not the holder of any office of trust under the government of the United States, any other state, or any foreign state which I am prohibited from holding by the laws of the State of Georgia; I am not the holder of any unaccounted-for public money due this state or any
political subdivision or authority thereof; I have been a resident of the City of Atlanta [and Council District] and am otherwise qualified to hold this office by the Constitution and laws of this State and the Charter and ordinances of the City of Atlanta, so help me God.” More here.
So….Atlanta, (an international city/hub) how about challenging this Mayor on this topic of which Atlanta was part of for starters?

WASHINGTON – Law enforcement officials from the United States and the United Kingdom wrapped up Friday a “week of action” during which they conducted outreach at major international airports with the goal of education about and prevention of female genital mutilation/cutting (FGM/C). This outreach, called “Operation Limelight”, was conducted at four international airports in the U.S.—John F. Kennedy International Airport, Newark Liberty International Airport, Hartsfield-Jackson Atlanta International Airport, and Los Angeles International Airport—and at Heathrow Airport and train stations throughout the UK.

On August 30, law enforcement from the two nations also gathered at the U.S. embassy in London to sign a proclamation affirming their commitment to end the practice of FGM/C in both countries and around the world. The proclamation reads, in part:

“Female genital mutilation/cutting is a global issue that transcends our borders. FGM/C is a culturally-based, gender-specific form of violence and when performed on girls under the age of 18, it is child abuse. The top priorities of the U.K. and U.S. are safeguarding girls through prevention, multi-agency partnership and education. These efforts require that we learn and share our experiences and cooperate through both our informal and formal engagements. Through existing police to police and mutual assistance agreements and arrangements, the U.S. and U.K. law enforcement intend to share intelligence to enhance our knowledge of, and response to female genital mutilation. This collaboration seeks to build our intelligence capacity to identify those involved in perpetrating or facilitating FGM/C offences whilst safeguarding potential victims.”

Signatories of the proclamation include representatives from U.S. Immigration and Customs Enforcement’s Homeland Security Investigations, the U.S. Federal Bureau of Investigation, U.S. Customs and Border Protection, London Metropolitan Police Service, UK National Police Chiefs Council, UK Border Force, UK Crown Prosecution Service, and British Transport Police.

“Our agency is committed to pursuing those who commit or allow female genital mutilation. Through outreach and investigations, we will work to eradicate this form of abuse,” said Louis A. Rodi, III, Deputy Assistant Director, National Security Investigation Division, U.S. Homeland Security Investigations.  “We value our partnerships with UK law enforcement as well as with other U.S. federal agencies, including the FBI and U.S. Customs and Border Protection. This collaboration strengthens our resolve to carry out this important work to protect women and girls and investigate crimes against them.”

“FGM is a barbaric and violent crime enacted on girls who suffer the results for the rest of their lives. It is child abuse, and no religion, culture or tradition should be allowed to mitigate or make an excuse for such appalling crimes. It is even more traumatic because it is generally committed or facilitated by their families who they should look to for love and protection,” said United Kingdom’s National Police Chiefs’ Council Lead on Female Genital Mutilation Commander Ivan Balhatchet. “FGM is hugely complex to investigate and prosecute. Frequently, the survivor is unwilling to give evidence against those closest to them, and some cases of FGM occur prior to the arrival of the survivor in the UK.

Belhatchet continued, “the US shares the same goal but also the same challenges. This proclamation will mean both the UK and US learn more about FGM, the routes taken by perpetrators and when and where it is committed; this is particularly important because we know that perpetrators continue to adapt to evade detection. We also want this agreement and our joint operation to send a signal to those planning to commit FGM that we will do everything we can to protect girls and prosecute offenders.

“FGM is not something we can eradicate alone. We need everyone who works with children and young people to be alert to signs of FGM and tell [law enforcement] about them. We also need the public and other support groups to speak out and share information with us.”

For more information about the practice of female genital mutilation/cutting, view this video from the U.S. Department of State or visit the United Nations’ Zero Tolerance Day website.

Female genital mutilation/cutting is a federal crime in the United States, and any involvement in committing this crime is a serious human rights violation which may result in imprisonment and potential removal from the U.S. Individuals suspected of female genital mutilation/cutting, including sending girls overseas to be cut, may be investigated by the Human Rights Violators and War Crimes Center (HRVWCC) and prosecuted accordingly.

Established in 2009, the HRVWCC furthers ICE’s efforts to identify, locate and prosecute human rights abusers in the United States, including those who are known or suspected to have participated in persecution, war crimes, genocide, torture, extrajudicial killings, FGM/C, and the use or recruitment of child soldiers. The HRVWCC leverages the expertise of a select group of agents, lawyers, intelligence and research specialists, historians and analysts who direct the agency’s broader enforcement efforts against these offenders.

Since 2003, ICE has arrested more than 410 individuals for human rights-related violations of the law under various criminal and/or immigration statutes. During that same period, ICE obtained deportation orders against and physically removed 908 known or suspected human rights violators from the United States.  Additionally, ICE has facilitated the departure of an additional 122 such individuals from the United States.

Currently, ICE has more than 135 active investigations into suspected human rights violators and is pursuing more than 1,750 leads and removals cases involving suspected human rights violators from 95 different countries. Since 2003, the HRVWCC has issued more than 75,000 lookouts for individuals from more than 110 countries and stopped over 260 human rights violators and war crimes suspects from entering the U.S.

Securing the Elections, FBI Investigating Hacks

Posted on by

Securing the vote.

The states, which under the US system are responsible for conducting elections, remain concerned about the integrity of the ballot. Thirty-six  states have now deployed Albert sensors on their voting infrastructure to allow the Department of Homeland Security to observe state systems that manage either voter information or voting devices (Reuters).

The states also want the Feds to share more threat intelligence. Forty-four states and the District of Columbia took part in a Department of Homeland Security exercise this week  (US Department of Homeland Security). The states appear to have gained enough insight into the value of threat intelligence to decide that they want more of it (Reuters). Some advocate Federal standards for the conduct of elections, perhaps even mandatory standards (Atlantic Council). More here.

Meanwhile:

Then there is the matter the FBI is investigating in California.

The FBI launched investigations after two Southern California Democratic U.S. House candidates were targeted by computer hackers, though it’s unclear whether politics had anything to do with the attacks.

A law enforcement official told The Associated Press the FBI looked into hacks involving David Min in the 45th Congressional District and Hans Keirstead in the adjacent 48th District. Both districts are in Orange County and are seen as potential pickups as the Democratic Party seeks to win control of the Congress in November.

A person with knowledge of the Min investigation told the AP on Monday that two laptops used by senior staffers for the candidate were found infected with malware in March. It’s not clear what, if any, data was stolen, and there is no evidence the breach influenced the contest.

The CEO of a biomedical research company, Keirstead last summer was the victim of a broad “spear-phishing” attack, in which emails that appear to come from a friend or familiar source are designed to help hackers snatch sensitive or confidential information, the law enforcement official said. There is no evidence Keirstead lost valuable information.

The investigations so far have not turned up evidence the two candidates in Orange County were political targets.

The official and the knowledgeable person were not authorized to discuss the cases publicly and spoke only on condition of anonymity.

Keirstead was narrowly defeated in the June primary for the seat held by Republican Rep. Dana Rohrabacher. Min came in third in the contest to unseat Republican Rep. Mimi Walters.

Min’s staff was alerted to a potential cyberattack by a facility manager in the software incubator where his campaign rented space. It was later found the computers were infected with software that records and sends keystrokes, with additional software that concealed it from conventional anti-virus tools used by the campaign.

Hackers also used a broad spear-phishing attack in an attempt to gain access, and FBI investigators are still piecing together additional details, the official said.

The two laptops were replaced, and Min’s computer was not infected. The attack on the computers was first reported by Reuters.

Keirstead campaign officials detected repeated attempts to access the campaign’s website.

Rolling Stone magazine, which first reported that cyberattack, said hackers or bots tried different username-password combinations in a rapid-fire sequence over a two-and-a-half-month period to get inside the campaign’s WordPress-hosted website.

According to the campaign, there were also more than 130,000 so-called brute force attempts over a monthlong period to gain access to the campaign’s server through the cloud-server company that hosted the Keirstead campaign’s website, Rolling Stone said.

Computer security experts say that many attempts to gain access to a site hosted with the popular and free WordPress software is not unusual.

“Every WordPress hosted website sees 130,000 brute force attempts over a monthlong period, regardless whether it’s Bohemian basket weaving, a blog about furry costume construction, or a politician website,” said Robert Graham, a cybersecurity expert who created the BlackICE personal firewall.

“Hackers don’t know or care who you are: they only care that you use WordPress,” Graham said in a text message.

Min finished third behind fellow Democrat Katie Porter, who faces Walters in November. In the 48th District, Rohrabacher will face Democrat Harley Rouda, who snagged the second runoff spot by defeating Keirstead by 125 votes.

Iran Sleeper Cells Parked Around the U.S.

Posted on by

Primer: Two Individuals Charged for Acting as Illegal Agents of the Government of Iran

Could it be that law enforcement officials are working the cases diligently? This adds a deeper dimension to the work of the FBI, ICE and Border Patrol as well as all diplomatic posts in Central America and Latin America. Iran’s economy is in a free-fall, so money/revenue is most important and illicit activities, including attacks are the easiest method to raise operational funds.

Israel and Stuff » Report: Obama WH obstructed Hezbollah ...

Related reading: DoJ’s Bruce Ohr Demoted Again, Project Cassandra?

Iranian-backed militants are operating across the United States mostly unfettered, raising concerns in Congress and among regional experts that these “sleeper cell” agents are poised to launch a large-scale attack on the American homeland, according to testimony before lawmakers.

Iranian agents tied to the terror group Hezbollah have already been discovered in the United States plotting attacks, giving rise to fears that Tehran could order a strike inside America should tensions between the Trump administration and Islamic Republic reach a boiling point.

Intelligence officials and former White House officials confirmed to Congress on Tuesday that such an attack is not only plausible, but relatively easy for Iran to carry out at a time when the Trump administration is considering abandoning the landmark nuclear deal and reapplying sanctions on Tehran.

There is mounting evidence that Iran poses “a direct threat to the homeland,” according to Rep. Peter King (R., N.Y.), a member of the House Homeland Security Committee and chair of its subcommittee on counterterrorism and intelligence.

A chief concern is “Iranian support for Hezbollah, which is active in the Middle East, Latin America, and here in the U.S., where Hezbollah operatives have been arrested for activities conducted in our own country,” King said, referring the recent arrest of two individuals plotting terror attacks in New York City and Michigan.

“Both individuals received significant weapons training from Hezbollah,” King said. “It is clear Hezbollah has the will and capability.”

After more than a decade of receiving intelligence briefs, King said he has concluded that “Hezbollah is probably the most experienced and professional terrorist organization in the world,” even more so than ISIS and Al Qaeda.

Asked if Iran could use Hezbollah to conduct strikes on the United States, a panel of experts including intelligence officials and former White House insiders responded in the affirmative.

“They are as good or better at explosive devices than ISIS, they are better at assassinations and developing assassination cells,” said Michael Pregent, a former intelligence officer who worked to counter Iranian influence in the region. “They’re better at targeting, better at looking at things,” and they can outsource attacks to Hezbollah.

“Hezbollah is smart,” Pregent said. “They’re very good at keeping their communications secure, keeping their operational security secure, and, again, from a high profile attack perspective, they’d be good at improvised explosive devices.”

Others testifying before Congress agreed with this assessment.

“The answer is absolutely. We do face a threat,” said Emanuele Ottolenghi, a senior fellow at the Foundation for Defense of Democracies who has long tracked Iran’s militant efforts. “Their networks are present in the Untied States.”

Iran is believed to have an auxiliary fighting force or around 200,000 militants spread across the Middle East, according to Nader Uskowi, a onetime policy adviser to U.S. Central Command and current visiting fellow at the Washington Institute for Near East Policy.

At least 50 to 60 thousand of these militants are “battle tested” in Syria and elsewhere.

“It doesn’t take many of them to penetrate this country and be a major threat,” Uskowi said. “They can pose a major threat to our homeland.”

While Iran is currently more motivated to use its proxies such as Hezbollah regionally for attacks against Israel or U.S. forces, “those sleeper cells” positioned in the United States could be used to orchestrate an attack, according to Brian Katulis, a former member of the White House National Security Council under President Bill Clinton.

“The potential is there, but the movement’s center of focus is in the region,” said Katulis, a senior fellow at the Center for American Progress.

Among the most pressing threats to the U.S. homeland is Hezbollah’s deep penetration throughout Latin America, where it finances its terror activities by teaming up with drug cartels and crime syndicates.

“Iran’s proxy terror networks in Latin America are run by Tehran’s wholly owned Lebanese franchise Hezbollah,” according to Ottolenghi. “These networks are equal part crime and terror” and have the ability to provide funding and logistics to militant fighters.

“Their presence in Latin America must be viewed as a forward operating base against America’s interest in the region and the homeland itself,” he said.

These Hezbollah operatives exploit loopholes in the U.S. immigration system to enter America under the guise of legitimate business.

Operatives working for Hezbollah and Iran use the United States “as a staging ground for trade-based and real estate-based money laundering.” They “come in through the front door with a legitimate passport and a credible business cover story,” Ottolenghi said.

The matter is further complicated by Iran’s presence in Syria, where it has established not only operating bases, but also weapons factories that have fueled Hezbollah’s and Hamas’s war on Israel.

Iran’s development of advanced ballistic missile and rocket technology—which has continued virtually unimpeded since the nuclear deal was enacted—has benefitted terror groups such as Hezbollah.

“Iran is increasing Hezbollah’s capability to target Israel with more advanced and precision guided rockets and missiles,” according to Pregent. “These missiles are being developed in Syria under the protection of Syrian and Russian air defense networks.”

In Iraq, Iranian forces “have access to U.S. funds and equipment in the Iraqi Ministry of Defense and Iraq’s Ministry of Interior,” Pregent said.

The Trump administration has offered tough talk on Iran, but failed to take adequate action to dismantle its terror networks across the Middle East, as well as in Latin American and the United States itself, according to CAP’s Katulis.

“The Trump administration has talked a good game and has had strong rhetoric, but I would categorize its approach vis-à-vis Iran as one of passive appeasement,” said Katulis. “We simply have not shown up in a meaningful way.”