Category Archives: Department of Homeland Security

Counterfeit Operations, Iran and North Korea

Posted on by

Image result for counterfeit operations irgc

photo

It is a globally business and a nasty one.

U.S. officials have long accused Iran of supplying arms to rebel Houthi forces battling for control of Yemen. But Monday’s sanctions help highlight the scope of what Western officials commonly describe as the IRGC’s far-reaching and malign activities.

“Iran itself, together with its proxy, Lebanese Hezbollah, is knee-deep and has been knee-deep in the counterfeit business for quite some time,” said Matthew Levitt with the Washington Institute for Near East Policy. “Exposing this is kind of a two-for one, both exposing the organization’s terrorist activity and also exposing the nature of the criminal activity that it engages in.” More here.

Image result for counterfeit money yemen photo

Treasury Designates Large-Scale IRGC-QF Counterfeiting Ring

11/20/2017

Iranian Network Prints Counterfeit Yemeni Bank Notes for IRGC-Qods Force

WASHINGTON – Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) designated a network of individuals and entities involved in a large-scale scheme to help Iran’s Islamic Revolutionary Guard Corps-Qods Force (IRGC-QF) counterfeit currency to support its destabilizing activities.  This network employed deceptive measures to circumvent European export control restrictions and procured advanced equipment and materials to print counterfeit Yemeni bank notes potentially worth hundreds of millions of dollars for the IRGC-QF.  The IRGC-QF was designated pursuant to the global terrorism Executive Order (E.O.) 13224.

“This scheme exposes the deep levels of deception the IRGC-Qods Force is willing to employ against companies in Europe, governments in the Gulf, and the rest of the world to support its destabilizing activities.  Counterfeiting strikes at the heart of the international financial system, and the fact that elements of the government of Iran are involved in this behavior is completely unacceptable,” said Treasury Secretary Steven Mnuchin.  “This counterfeiting scheme exposes the serious risks faced by anyone doing business with Iran, as the IRGC continues to obscure its involvement in Iran’s economy and hide behind the façade of legitimate businesses to perpetrate its nefarious objectives.”

Reza Heidari and Pardazesh Tasvir Rayan Co.

Reza Heidari (Heidari) is being designated today for having acted for or on behalf of the IRGC-QF and having assisted in, sponsored, or provided financial, material, or technological support for, or financial or other services to or in support of, the IRGC-QF.

Pardavesh Tasvir Rayan Co. (Rayan Printing) is being designated today for being controlled by Heidari; for having acted for or on behalf of the IRGC-QF; having assisted, sponsored, or provided financial, material, or technological support for, or financial or other services to or in support of, the IRGC-QF; and being owned by Tejarat Almas Mobin Holding, another Iranian company also being designated today.

Heidari played a key role in procuring secure printing equipment and materials for the IRGC-QF in support of the group’s currency counterfeiting scheme.  Heidari served as the managing director of Iran-based Rayan Printing, a company involved in printing counterfeit Yemeni rial bank notes potentially worth hundreds of millions of dollars for the IRGC-QF, as of late 2016.  Heidari used front companies to obfuscate the actual end user and facilitate deceptive transactions when dealing with European suppliers of secure printing equipment and materials.

ForEnt Technik and Printing Trade Center

ForEnt Technik GmbH is being designated today for being owned or controlled by Heidari, while Printing Trade Center GmbH (PTC) is being designated for having acted for or on behalf of, and assisted in, sponsored, or provided financial, material, or technological support for, or financial or other services to or in support of, Heidari.

Heidari used German-based ForEnt Technik GmbH and PTC as front companies to deceive European suppliers, circumvent export restrictions, and acquire advanced printing machinery, security printing machinery, and raw materials in support of the IRGC-QF’s counterfeit currency capabilities.  These raw materials included watermarked paper and specialty inks from European suppliers.  Heidari is the Managing Director and sole shareholder of ForEnt Technik Gmbh.

Mahmoud Seif and Tejarat Almas Mobin

Mahmoud Seif is being designated today for having assisted, sponsored, or provided financial, material, or technological support for, or other services to or in support of, the IRGC-QF.  Tejarat Almas Mobin Holding is being designated today for being controlled by Seif.

Seif is the managing director of Tejarat Almas Mobin, the parent company of Rayan Printing.  Heidari and Seif coordinated on the procurement of raw supplies and equipment that enabled the IRGC-QF counterfeiting capabilities.  Seif was involved with the logistics of importing materials for the counterfeiting project into Iran.  Additionally, Seif has previously been involved in the procurement of weapons for the IRGC-QF.

For identifying information on the individuals and entities listed today, click here: https://www.treasury.gov/resource-center/sanctions/OFAC-Enforcement/Pages/20171120.aspx

*** So, did Iran teach North Korea to counterfeit or was it the other way around? North Korea has been counterfeiting and participating in illicit activities going back decades. North Korea is not especially fretful over the newly applied sanctions or being listed again as a terror state by President Trump. While it should be done, the regime has proven methods to finesse the system.

Ri Jong Ho had simply had enough. He’d seen too many executions.

Ri, a high-profile North Korean defector, spent years working for what is essentially a slush fund for one of the most notorious regimes on the planet, Kim Jong Un and his compatriots.
Life was good. Ri helped bring in somewhere between $50 million and $100 million for North Korean elites, and was handsomely rewarded with luxuries most North Koreans couldn’t dream of in years past: a car, a color TV and some extra cash on the side, once rarities in the communist state but more commonplace now in the capital, Pyongyang.
But he watched the regime kill his peers and their families, even children.
“It was not just high level officers, officials, but their families, their children (and) their followers,” Ri told CNN in his first interview to a major US broadcast network. “It was not just once or twice a year — it was ongoing throughout the year, thousands of people being executed or purged.”
Ri said the final straw came in late 2013, when Kim Jong Un executed his own uncle, Jang Song Thaek, with an anti-aircraft gun.
“It was a cruel and crude method of execution,” he said. “After all these years living in the socialist system, I never witnessed anything like that.”
Ri was living in China at the time, and in 2014 was able to safely defect with his family.
And just like that, Kim lost one of his top money makers.

Office 39

Ri said he worked for decades in what’s known as “Office 39.”
The office is in charge of bringing in hard currency for the regime. Ri calls it a “slush fund for the leader and the leadership.”
Ri told CNN “Office 39” is not engaged in illicit activities, but the US Treasury Department says otherwise.
The US government accused the office of engaging in “illicit economic activities” to support the North Korean government. It has branches throughout the nation that raise and manage funds and is responsible for earning foreign currency for North Korea’s Korean Workers’ Party senior leadership through illicit activities such as narcotics trafficking.
North Korea has been accused of crimes like hacking banks, counterfeiting currency, dealing drugs and even trafficking endangered species.
Workers who help bring in cash for the regime are granted access to the outside world — especially China — in order to establish networks that are crucial to making money, analysts say. They often have diplomatic privileges that allow them to evade their host country’s domestic laws, experts say.
Ri said he was not involved in illegal activities and that they were not under the purview of Office 39, but did not deny they occurred. He said much of North Korea’s hard cash is earned through exporting labor — the country sends workers across the globe and collects much of their pay, according to the UN — and exporting natural resources like coal, which China used to buy but has since stopped.
Illicit activities make a lot of money, though. The Congressional Research Service estimated in 2008 that North Korea could earn anywhere from $500 million to $1 billion from these types of illicit activities.
That money helps fund the lavish lifestyles of the North Korean elites while sanctions limit the country’s ability to make money. That keeps North Korea’s leadership happy and helps Kim prevent coup attempts, analysts say.
“They (North Korean leaders) are focused on maintaining their ruling power, and they are working on making this dynasty-like system lasting for a long time,” Ri said. “So instead of focusing on their economic development or better life, they are more focused on maintaining their system.
Some of Office 39’s profits also go to the country’s nuclear and missile programs, which crossed an important threshold this month with the testing of two intercontinental ballistic missiles, weapons that experts say likely put the United States homeland in North Korea’s range.
CNN reached out to the North Korean mission at the United Nations for a response to the interview with Ri. An official at the mission said Ri was lying to “make money and save his own life.”

‘Hundreds of fishing boats’

Analysts say Office 39 is likely now in the cross hairs of US President Donald Trump’s administration.
The Trump team has made it clear that one of the ways it plans to deal with North Korea is to squeeze its revenue streams across the globe in order to pressure them into negotiations over their weapons programs.
Who speaks for the United States on North Korea? Contradictions emerge
Ri is not sure if the tactic will work, as he says it’s easy to side-step sanctions and believes the international community has made strategic mistakes that could come back to bite them.
North Korean companies can just change their names once sanctioned, he says. North Korean leaders don’t keep much money abroad, so the sanctions against them are pointless, according to Ri. Smugglers are difficult to catch.
“Smuggling is conducted by any and every means you could imagine. Mostly larger items are done using ships, for example by filing a cargo list … where what’s written on the (list) is different from what is really being shipped,” he said. “On the open sea, the Yellow Sea, there are hundreds of fishing boats — both from China and North Korea — and all the smuggling is done by these so-called fishing boats.

Going after China

Ri believes that secondary sanctions — targeting those who do business with North Korea, like the United States did to China’s Bank of Dandong in June — is the way to go, especially in China.
Beijing accounts for about 85% of North Korean imports in 2015, according to UN data, though Ri revealed that Pyongyang does import some oil from Russia.
North Korean economist Ri Gi Song told CNN in February that China accounts for 70% of trade and that trade with Russia is increasing. More here from CNN.

Foreign Agent Registry, in U.S. and Russia for Media

Posted on by

FARA is the most broken system we have when it comes to checks and balances…we cant begin to determine foreign media operations in the U.S. that are really espionage networks much less ad agencies or lobbyists. Scary right? How about foreign students that are operatives or foreign workers with jobs in government roles or in government contractor positions…we dont even know what we dont know….

Senator Chuck Grassley has called for some changes to FARA.

This is getting testier by the day….the United States is requiring RT to register as a foreign agent. Likewise, Moscow is requiring the same…so thinking about WikiLeaks or Fusion GPS, is there enough evidence they should be registered as foreign agents? Sheesh…here is the rub…

Russian Lawmakers: 9 US-Funded News Outlets Could Be Forced to Register as ‘Foreign Agents’

Russia said Thursday it has warned nine United States government-funded news operations they will probably be designated “foreign agents” under new legislation in retaliation to a U.S. demand that Kremlin-supported television station RT register as such in the United States.

The Russian Justice Ministry said Thursday it had notified the Voice of America (VOA), Radio Free Europe/Radio Liberty (RFE/RL) and seven separate regional outlets active in Russia they could be affected.

The ministry published a list of the outlets on its website, including a statement that said the changes were likely to become law “in the near future.”

Expands 2012 law

Russia’s lower house of parliament approved amendments Wednesday to expand a 2012 law that targets non-governmental organizations to include foreign media. A declaration as a foreign agent would require foreign media to regularly disclose their objectives, full details of finances, funding sources and staffing.

Media outlets also may be required to disclose on their social platforms and internet sites visible in Russia that they are “foreign agents.” The amendments also would allow the extrajudicial blocking of websites the Kremlin considers undesirable.

“We can’t say at this time what effect this will have on our news gathering operations within Russia,” said VOA Director Amanda Bennett. “All we can say is that Voice of America is, by law, an independent, unbiased, fact-based newsorganization, and we remain committed to those principles.”

RFE/RL President Tom Kent said until the legislation becomes law, “we do not know how the Ministry of Justice will use this law in the context of our work.”

No access to cable in Russia

Kent said unlike Sputnik and other Russian media operating in the U.S., U.S. media outlets operating in Russia do not have access to cable television and radio frequencies.

“Russian media in the U.S. are distributing their programs on American cable television. Sputnik has its own radio frequency in Washington. This means that even at the moment there is no equality,” he said.

The speaker of Russia’s lower house, the Duma, said Tuesday that foreign-funded media outlets that refused to register as foreign agents under the proposed legislation would be prohibited from operating in the country.

However, since the law’s language is so broad, it potentially could be used to target any foreign media group, especially if it is in conflict with the Kremlin. Comparatively, the U.S. law targets only state-funded groups. The privately owned American television channel CNN and the German public broadcaster Deutsche Welle also have been mentioned as potential targets.

The amendments, which Amnesty International said would inflict a “serious blow” to media freedom in Russia if they become law, were approved in response to a U.S. accusation that RT executed a Russian-mandated influence campaign on U.S. citizens during the 2016 presidential election, a charge the television channel denies.

Putin has last word

The amendments must next be approved by the Russian Senate and then signed into law by President Vladimir Putin.

RT, which is funded by the Kremlin to provide Russia’s perspective on global issues, confirmed Monday it met the Justice Department’s deadline by registering as a foreign agent in the U.S.

The United States considers RT a propaganda arm of Russia, and told it to register its foreign operation under the Foreign Agents Registration Act aimed at attorneys and lobbyists representing political interests.

About that FBI Uranium One Informant, Mr. Campbell

Posted on by

His name is William Douglas Campbell and he was a former lobbyist for Tenex, the US-based arm of Rosatom, the Russian government’s nuclear agency. Guy Benson had it right on Tucker Carlson’s show…this Uranium One deal is not quite what the conservative media is telling you.

So when AG Jeff Sessions says he will have the Justice Department look at ‘certain aspects’ of the case, reading below, you will be to understand why his words matter.

We have this trucking company that was hired. Transport Logistics International, Inc. provides transportation management services to front-end and back-end sectors of the nuclear power industry. The company manages domestic and international movements of radioactive materials between North America, South America, Europe, Asia, Africa, and Australia. It also offers DOT-compliant training and consulting services associated with transportation feasibility studies, export licensing activities, package validations, and antidumping order compliance. In addition, the company provides professional support for the packaging and transportation of isotopes and related products for commercial and research sectors, as well as for spent fuel transportation. Key executives include:

Co-President and Managing Partner
Co-President and Managing Partner
Director of Operations
Director of TLI Russia
Consultant

Anyway, moving on….

The full criminal complaint is here.

The U.S., meaning Obama and Hillary did not exactly selling 20% of the U.S. inventory of uranium to Russia. Actually, Uranium One USA, LLC, a wholly owned subsidiary to Uranium One, Inc. actually owned the rights to a uranium mine in Casper, Wyoming. And while Hillary is being blamed, she never cast a vote on the transaction at the CFIUS committee. The real question is not selling the uranium but selling the mining location to Uranium One…who authorized that?

Uranium One, at the time the deal was made, controlled land equal to about 20 percent of the United States’ uranium capacity.

 ***
At the time of the sale, Campbell was a confidential source for the FBI in a Maryland bribery and kickback investigation of the head of a U.S. unit of Rosatom, the Russian state-owned nuclear power company. Campbell was identified as an FBI informant by prosecutors in open court and by himself in a publicly available lawsuit he filed last year.
 Also, although both Uranium One and the bribery cases involved Rosatom, the two cases involved different business units, executives and allegations, with little other apparent overlap, Reuters found in a review of the court records of the bribery case.
Campbell countered those who dismiss his knowledge of the Uranium One deal. “I have worked with the Justice Department undercover for several years, and documentation relating to Uranium One and political influence does exist and I have it,” Campbell said. He declined to give details of those documents.

BRIBERY SCHEME

Campbell worked as an informant for federal authorities investigating Vadim Mikerin, a Russian official in charge of U.S. operations for Tenex, a unit of Rosatom. Authorities later accused Mikerin of taking bribes from a shipping company in exchange for contracts to transport Russian uranium into the United States. He pleaded guilty in federal court in Maryland and was sentenced to prison for four years.

The Justice Department had also initially charged Mikerin with extorting kickbacks from Campbell after hiring him as a $50,000-a-month lobbyist.

Prosecutors alleged Mikerin had demanded Campbell pay between one-third and half of that money back to him each month under threat of losing the contract and veiled warnings of violence from the Russians. The demand prompted Campbell to turn to the FBI in 2010, which gave its blessing for him to remain part of the scheme.

Federal prosecutors were ready to use Campbell as a star witness against Mikerin, but they backed away after defense attorneys raised questions about Campbell’s credibility and whether he was a victim or had “entered into a business arrangement with eyes wide open,” according to court records.

Before it was taken down last year, the website of Campbell’s company, Sigma Transnational, did not suggest his firm was a lobbying powerhouse. The website listed four other employees and advisers, although one had died years earlier. A second employee listed said in a court document that she never worked for the company but had agreed in 2014 to pay Campbell to list her as an employee and allow her to use the Sigma name in a business deal. Campbell declined to comment on the staffing or his lobbying contract with Tenex.

Prosecutors dropped the extortion charges against Mikerin and never mentioned Campbell again in any charging documents. A Justice Department spokeswoman declined to comment on the case. Campbell also declined to comment on the issue.

Reuters has been unable to learn why Tenex chose Campbell as its lobbyist. He acknowledged in lawsuit he filed in 2016 that he was hired despite the fact he “had no experience with nuclear fuel sales.” More here from Reuters.

Drug Cartels Upped the Game with Weaponized Drones

Posted on by

Image result for cartels weaponized drones

photo

Police in Mexico pulled over four men in a pickup truck near the city of Salamanca in Guanajuato state on October 20 and got a nasty surprise. Along with an AK-47 assault rifle, the men had in their possession an unmanned aerial vehicle fitted with a “large explosive device” and a remote detonator.

That’s right: a weaponized drone.

Police didn’t say whether they suspected the men of ties to drug cartels. But Guanajuato is currently contested by several drug gangs, including the Sinaloa cartel, Los Zetas, and Cártel Jalisco Nueva Generación, or CJNG, according to Dr. Robert Bunker, a fellow with Small Wars Journal, a military trade publication.

ISIS set up factories in Iraq and Syria to modify mortar bombs—basically, small artillery shells—to fit on small drones. During intensive fighting in the Iraqi city of Mosul in February, ISIS’s drones were “the main problem” for coalition troops, Captain Ali, an Iraqi officer, told War Is Boring.

The cartels, for their part, have been using so-called “potato bombs”—hand-grenade-size improvised explosive devices—in attacks on each other and authorities. Bunker said the explosive the police found alongside the drone in Guanajuato is “consistent” with a potato bomb.

The cartels could also draw inspiration from online-retailer Amazon and its delivery drones. “As both Islamic State and Amazon have shown, small drones are an efficient way of carrying a payload to a target,” said Nick Waters, a former British Army officer and independent drone expert. “Whether that payload is your new book or several hundred grams of explosive is up to the sender.”

But don’t panic, Waters and other experts said. Drug cartels were plenty dangerous before they weaponized flying robots. Potato bomb-hauling drones might just give narcos more options for perpetrating crimes they are perfectly capable of pulling off some other way. “Considering their already impressive traditional capability, I think this will probably be another tool rather than a game-changing capability,” Waters said.

You should be “no more worried than you should be by cartels also using machine guns, car bombs, machetes, etc,” Singer said. More here.

New report shows how Mexican cartels are infiltrating Texas

Mexican cartels smuggle more drugs into the U.S. than any other criminal group, the federal Drug Enforcement Administration said in a new report.

The 2017 National Drug Threat Assessment released in October lists six cartels as having major influences across the country and Texas.

Cartels’ influence in Texas is far-reaching, affecting cities hundreds of miles from the state’s border with Mexico.

San Antonio is the only city in the state with a drug trade controlled by the Cartel Jalisco Nueva Generacion, which deals mostly with methamphetamine, cocaine, heroin and marijuana, according to the DEA.

The Gulf Cartel has a hold on cities in Texas’ tip and coastal bend. McAllen, Brownsville, Corpus Christi, Galveston, Houston and Beaumont are impacted most by the Gulf Cartel which mostly brings marijuana and cocaine into the area, according to the DEA. Drugs smuggled through the Gulf Cartel are mostly brought in through the area between the Rio Grande Valley and South Padre Island.

Every week in Houston, a relative of a Gulf Cartel leader receives 100 kilograms of cocaine, according to the DEA.

Moving West, Los Zetas control two cities and the Juarez Cartel has a hold on Alpine, Midland, El Paso and Lubbock.

While the arrests of two Los Zetas leaders has weakened the cartel’s influence on Eagle Pass and Laredo, its presence is still felt because of members who have assumed control, bringing cocaine, heroin, methamphetamine and marijuana into Texas.

The Sinaloa Cartel, formerly run by prison escape artist Joaquin “El Chapo” Guzman,” is most found in Dallas, Lubbock and Fort Worth, according to the DEA.

DEA map of Mexican cartels in the US photo

The FY 2017 OCDETF Program Budget Request comprises 2,975 positions, 2,902 FTE,
and $522.135 million in funding for the Interagency Crime and Drug Enforcement (ICDE)
Appropriation, to be used for investigative and prosecutorial costs associated with OCDETF cases targeting high-level criminal drug and money laundering networks as well as priority transnational poly-crime organizations whose primary criminal activity may not necessarily be drug-related. Go here to read the full report.
.

 

Hacking Public Schools, 757’s and the Defense Dept

Posted on by

Hack-O-Matic…some good ones and others not so much.

800 Schools

“Unless we have irrefutable evidence to suggest otherwise, we need to assume confidential data has been compromised,” Hamid Karimi, vice president of business development and the security expert at Beyond Security. “That should be a cause for concern. To remedy the situation, all schools and institutions that serve minors must submit to (a) stricter set of cybersecurity rules.”

photo

The breached school websites, which spanned nationwide from New Jersey to Arizona and Virginia to Connecticut, are all powered by a company called SchoolDesk. The company since has handed over its server —  which runs out of Georgia —  to the FBI for investigation and also has hired external security firms to trace the hackers. The Atlanta-based company said after the hack that technicians detected that a small file had been injected into the root of one of its websites.

“The websites were redirected to an iframed YouTube video. No data was lost or altered in any way. Because we’re currently working with the FBI in an active investigation of this incident, as well as forensic team from Microsoft, we cannot yet discuss any technical details or exact methods of access to SchoolDesk’s network or software,” a spokesperson for SchoolDesk told Fox News.

The company has insisted that no personal or student information was exposed, but some security experts say the matter should be closely monitored, especially as minors are involved.

“In most hacks, organizations do not have full visibility into what happened or what information was compromised,” surmised Eric Cole, who served as commissioner on cyber security for President Barack Obama, and was formally a senior vice president at MacAfee and the chief scientist at Lockheed Martin. “In almost every breach, what is initially reported is usually extremely conservative and over the weeks following a breach, it is always worse than what was originally reported.”

The proud culprits of the hack? A shadowy pro-ISIS hacktivist outfit known as “Team System DZ.” Barely reported by Fox News, while other media outlets did nothing about about.

***

Pentagon Hackers for Hire

Just over a year ago, following the success of the pilot, we announced the U.S. Department of Defense was expanding its “Hack the Pentagon,” initiatives. To date, HackerOne and DoD have run bug bounty challenges for Hack the Pentagon, Hack the Army and Hack the Air Force.

The success of these programs has been undeniable and our amazing community of hackers continues to impress even us!

DoD has resolved nearly 500 vulnerabilities in public facing systems with bug bounty challenges and hackers have earned over $300,000 in bounties for their contributions — exceeding expectations and saving the DoD millions of dollars. You can read more in our recent case study “Defending the Federal Government from Cyber Attacks.”

htp

2,837 Bugs Resolved With DoD’s Vulnerability Disclosure Policy

The DoD’s Vulnerability Disclosure Policy (VDP) is another essential, likely less talked about, part of the Hack the Pentagon initiative pioneered by DoD’s Defense Digital Service team.

A VDP is the, “see something say something of the internet”. DoD’s policy, and others like it, provide clear guidance for any hacker anywhere in the world to safely report a potential vulnerability so it can be resolved. Maintaining the security of the DoD’s networks is a top priority and their VDP is another proven way to resolve unknown security issues.

While a bounty or cash incentives are not awarded for vulnerabilities reported through the VDP, that has not stopped hackers eager to do their part to help protect the DoD’s assets. Nearly 650 hackers from more than 50 countries have successfully reported valid vulnerabilities through the VDP.

Thanks to these hackers and the pioneering team at DoD, 2,837 security vulnerabilities have been resolved in nearly 40 DoD components. Of these vulnerabilities, over 100 have been high or critical severity issues, including remote code executions, SQL injections, and ways to bypass authentication.

While the majority of participating hackers have been from United States, the top contributing countries include India, Great Britain, Pakistan, Philippines, Egypt, Russia, France, Australia and Canada. More here, at least this was a positive objective, we think.

*** Related reading: Boeing 757 Testing Shows Airplanes Vulnerable to Hacking, DHS Says

Hacking Through Aircraft Wi-Fi

A Department of Homeland Security official admitted that a team of experts remotely hacked a Boeing 757 parked at an airport.

During a keynote address on Nov. 8 at the 2017 CyberSat Summit, a Department of Homeland Security (DHS) official admitted that he and his team of experts remotely hacked into a Boeing 757.

This hack was not conducted in a laboratory, but on a 757 parked at the airport in Atlantic City, N.J. And the actual hack occurred over a year ago. We are only now hearing about it thanks to a keynote delivered by Robert Hickey, aviation program manager within the Cyber Security Division of the DHS Science and Technology (S&T) Directorate.

“We got the airplane on Sept. 19, 2016. Two days later, I was successful in accomplishing a remote, non-cooperative, penetration,” Hickey said in an article in Avionics Today. “[That] means I didn’t have anybody touching the airplane; I didn’t have an insider threat. I stood off using typical stuff that could get through security, and we were able to establish a presence on the systems of the aircraft.”

While the details of the hack are classified, Hickey admitted that his team of industry experts and academics pulled it off by accessing the 757’s “radio frequency communications.”

We’ve been hearing about how commercial airliners could be hacked for years.

You might remember when a governmental watchdog admitted that the interconnectedness of modern commercial airliners could “potentially provide unauthorized remote access to aircraft avionics systems.” The concern was that a hacker could go through the Wi-Fi passenger network to hijack a plane while it was in flight.

And in a 2015 report by the U.S. Government Accountability Office (pdf), the agency warned, “Internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world, which includes potential malicious actors.”

At the time, U.S. Rep. Peter DeFazio (D-Ore.) said, the “FAA must focus on aircraft certification standards that would prevent a terrorist with a laptop in the cabin or on the ground from taking control of an airplane through the passenger Wi-Fi system.”

The same year, security researcher Chris Roberts ended up in hot water with the feds after tweeting about hacking the United Airlines plane he was traveling on. The FBI claimed Roberts said he took control of the navigation.

A Hack In The Box presentation by Hugo Teso in 2013 suggested that thanks to the lack of authentication features in the protocol Aircraft Communications Addressing and Report System (ACARS), an airliner could be controlled via an Android app. Flight management software companies, as well as the FAA, disputed Teso’s claims.

All of that means that airline pilots have heard of those vulnerabilities before, too. Yet at a technical meeting in March 2017, several shocked airline pilot captains from American Airlines and Delta were briefed on the 2016 Boeing 757 hack. Hickey said, “All seven of them broke their jaw hitting the table when they said, ‘You guys have known about this for years and haven’t bothered to let us know because we depend on this stuff to be absolutely the bible.’”

As CBS News pointed out, Boeing stopped producing 757s in 2004, but that aircraft is still used by major airlines, such as American, Delta and United. President Trump has a 757, and Vice President Pence also uses one. In fact, Avionics Today claimed 90 percent of commercial planes in the sky are legacy aircraft that were not designed with security in mind.

Boeing told CBS that it firmly believes the test “did not identify any cyber vulnerabilities in the 757, or any other Boeing aircraft.”

Furthermore, an unnamed official briefed on the test told CBS the results of the hack on an older aircraft was good information to have, adding, “but I’m not afraid to fly.” (Not feeling good about this aircraft hack at all, dont we have a missing plane or one that crashed where it was suspected there may have been a hack involved?)