Category Archives: DOJ, DC and inside the Beltway

Iraq Parliament Vote to Remove US Forces, Symbolic So Far

Posted on by

The vote hardly is final and the United States military forces would likely not begin to exit Iraq for a year or more. In the meantime, the U.S. military has suspended all consular operations at the embassy in Baghdad and suspended all training operations of the Iraqi military.

Iraq parliament passes resolution to expel US troops

For the details of the Iraq parliamentary vote, read on.

Key Takeaway: Iraq’s Parliament, the Council of Representatives (CoR), passed a non-binding resolution to cancel the request for military aid from the government of Iraq to the U.S.-led anti-ISIS coalition. The resolution does not require a U.S. withdrawal, which only the Prime Minister can order by rescinding the Status of Forces Agreement with the U.S. It is unclear whether caretaker Iraqi Prime Minister Adel Abdul Mehdi has the authority to do so. The CoR resolution sets political conditions to justify subsequent Iranian proxy attacks on U.S. forces and installations, however. Nationalist Shi’a Cleric Muqtada al Sadr also called for the mobilization of new “resistance” groups to support such attacks.

Iraq’s parliament passed a non-binding resolution rejecting the presence of U.S. and coalition forces in Iraq. 172 members of the Iraqi Council of Representatives (CoR) convened on Sunday, January 5 in an “extraordinary session” to discuss the U.S. airstrike that killed Iranian IRGC Quds Force Commander Qassem Soleimani and Iraqi Popular Mobilization Committee Deputy Chief and Kata’ib Hezbollah commander Abu Mehdi al-Muhandis on January 3, 2020. Kurdish political parties boycotted the session, as did many Sunni political parties. Caretaker Prime Minister (PM) Adel Abdul Mehdi submitted the resolution. It passed with 170 votes.[1]

The resolution does not require an immediate withdrawal of U.S. forces. The CoR’s resolution asks the Government of Iraq (GoI) to cancel the 2014 military aid request from the GoI to coalition forces. The resolution does not explicitly ask the GoI to revoke the State of Forces Agreement (SOFA) between the U.S. and Iraq.[2] It does, however, say the GoI “must work to end the presence of any foreign troops on Iraqi soil and prohibit them from using its land, airspace or water for any reason.” [3] It also calls on the Iraqi government to establish a timetable for the withdrawal of all foreign troops. The CoR cannot itself cancel the 2014 request for coalition support or the SOFA, which requires executive action from the PM. It is unclear if PM Mehdi has the legal authority to do so given his status as a caretaker PM. Mehdi resigned on November 29, 2019 during mass protests.

Nationalist Cleric Muqtada al-Sadr may participate in attacks on US forces and installations. The leader of Sadr’s Toward Reform bloc issued a statement to the CoR on Sadr’s behalf that included demands for an even greater response. In addition to withdrawing from U.S. security agreements, Sadr called for the immediate closure of the “Embassy of American Evil in Iraq,” the closure of U.S. bases in the country, the “humiliating expulsion” of U.S. troops, the “criminalization” of any communication with the U.S. government, and the boycott of American products.[4] In a tweet following the session, Sadr condemned the CoR resolution as insufficient and called on “the Iraqi resistance factions in particular and the factions outside of Iraq for an immediate meeting to announce the formation of “international resistance groups.”[5]

Implications: This resolution renders the maintenance of a U.S. or coalition military presence in Iraq politically difficult but does not yet legally require a U.S. withdrawal. However, it solidifies the Iranian narrative of a U.S. “occupation” of Iraq and sets political conditions to justify subsequent attacks on U.S. forces across the Middle East. These escalations will likely come not only from Iran’s direct proxy militias, but also from a pan-Shi’a resistance movement that Muqtada al-Sadr is now attempting to generate. The Iraqi Security Forces have up until this point depended on coalition military support to sustain pressure on the Islamic State (ISIS). Any withdrawal of coalition forces from Iraq offers ISIS increased freedom of movement and improves conditions for ISIS to reconstitute itself inside of Iraq and Syria.

[1] DO NOT GO TO SITE: “Shiite MPs draft legislation seeking to expel US troops from Iraq” Rudaw, 05 January 2020. https://www.rudaw.net/english/middleeast/iraq/05012020

[2]“Iraqi Lawmakers Urge End U.S. Troop Presence as Iran Mourns a Slain General,” New York Times, 05 January 2020. https://www.nytimes.com/2020/01/05/world/middleeast/iran-general-soleimani-iraq.html

[3] “Iraqi Parliament Passes Resolution to End Foreign Troop Presence,” Voice of America, 05 January 2020. https://www.voanews.com/middle-east/voa-news-iran/iraqi-parliament-passes-resolution-end-foreign-troop-presence

[4] DO NOT GO TO SITE: Iraqi Council of Representatives Readout of CoR Session, 05 January 2020. http://ar.parliament.iq/2020/01/05/%d9%85%d8%ac%d9%84%d8%b3-%d8%a7%d9%84%d9%86%d9%88%d8%a7%d8%a8-%d9%8a%d8%b5%d9%88%d8%aa-%d8%b9%d9%84%d9%89-%d9%82%d8%b1%d8%a7%d8%b1-%d9%86%d9%8a%d8%a7%d8%a8%d9%8a-%d8%a8%d8%a5%d9%86%d9%87%d8%a7%d8%a1/

[5] Muqtada al-Sadr Twitter 05 January, 2020: @Mu_AlSadr https://twitter.com/Mu_AlSadr/status/1213829592789782529

 

Iran Announces No More Compliance to Nuclear Deal

Posted on by

Let’s begin with some side deals made that John Kerry, Barack Obama and Europe never admitted to shall we? Check the date of that tweet…I have been calling for President Trump to declassify documents related to all the years of negotiations since early 2017.

 

At least three media sources are reporting:

*Iran Says Will No Longer Comply With Nuclear Enrichment Limits Under 2015 Deal – Iran Media

*Iran Says Won’t Respect Nuclear Deal Commitments on Enrichment Uranium Stockpile, Purity, Research – Iran Media

*Iran Says Will Continue to Work with U.N. Atomic Agency Inspectors – Iran Media

There are written steps Iran must take to make changes to the JCPOA. There is no indication of what the steps are and when the steps will be taken. Iran is at the 5th and final step regarding non-compliance/commitment. Of particular note, since May, Iran has been reducing its nuclear commitments with a series of steps every 60 days already. Last November, Iran gave Britain, France and Germany yet another 60 day extension to salvage the deal or face further non-compliance. The deadline came and went.

The European Union has continued attempts for a diplomatic salvage, so far to no avail. Now, leaders are meeting in Brussels to discuss the nuclear deal and how to de-escalate tension since the strike to kill General Qasim Soleimani.

France is especially committed to the Iran nuclear deal and is urging Iran to stay with the landmark 2015 agreement.

Iran’s President Rouhani made a state television appearance stating it remains open to negotiations with European partners. Iran is desperate to sell its oil to Europe and to maintain trade with Europe as the Iranian economy is in a financial free-fall. Watch for epic smuggling directed by Iran….

The International Atomic Energy Agency has not yet responded regarding Iran’s assertion. Iranian officials are to meet in the coming days to discuss that final 5th step in separating from the nuclear deal. Iran has already previously broken limits of enrichment, stockpiles and centrifuges.

Meanwhile to further complicate tensions in the Middle East, Iran is pulling out the whole cultural protections law noted in the 1954 Hague Convention.

The 1954 Hague Convention, of which the U.S. is a party, bars any military from “direct hostilities against cultural property.” However, such sites can be targeted if they have been re-purposed and turned into a legitimate “military objective,” according to the International Committee of the Red Cross.

Iran, home to 24 UNESCO World Heritage sites, has in the past reportedly guarded the sprawling tomb complex of the Islamic Republic’s founder, Ayatollah Ruhollah Khomeini, with surface-to-air missiles.

This past November:

The head of Iran’s nuclear program said that Tehran was now operating double the amount of advanced centrifuges than was previously known in violation of its atomic deal with world powers.

The announcement came as Iranians marked the 40th anniversary of the 1979 U.S. Embassy takeover and start of the 444-day hostage crisis.

The decision to operate 60 IR-6 advanced centrifuges means that the country can produce enriched uranium 10 times as fast as the first-generation IR-1s allowed under the accord.

The nuclear deal limited Iran to using only 5,060 first-generation IR-1 centrifuges to enrich uranium by rapidly spinning uranium hexafluoride gas. Salehi also said Tehran was working on a prototype centrifuge that’s 50 times faster than those allowed under the deal.

By starting up these advanced centrifuges, Iran further cuts into the one-year time limit that experts estimate Tehran would need to have enough material to build a nuclear weapon, if it chose to pursue one.

DHS Website Hacked with Pro-Iranian Messages

Posted on by

Seems with the timing, that as I was publishing an article yesterday about Iran’s robust cyber operations, they or proxies were at work taking down our own Department of Homeland Security website. Another thought is a domestic Iranian sympathizer took down the site.

A website within the Department of Homeland Security was offline Sunday after a hacker uploaded photos onto the site that included an Iranian flag and an image depicting a bloodied President Donald Trump being punched in the face.

 

The images appeared on the Federal Depository Library Program program’s website late Saturday before the site was taken offline. The Cybersecurity and Infrastructure Security Agency, a division of the Department of Homeland Security, said it was monitoring the situation.

“We are aware the website of the Federal Depository Library Program was defaced with pro-Iranian, anti-US messaging,” the cybersecurity agency said in a statement. “At this time, there is no confirmation that this was the action of Iranian state-sponsored actors. The website was taken offline and is no longer accessible.”

The statement added that “in these times of increased threats” all organizations should increase cyber monitoring, back up IT systems, implement secure authentication and have an incident response plan ready should a hack take place.

DHS also issued a two-week National Terrorism System advisory noting the U.S. drone strike in Iraq last week that killed Iran commander Qassem Soleimani. That spurred Iran and several affiliated extremist organizations to state publicly they intend to retaliate against the U.S.

“Iran maintains a robust cyber program and can execute cyber attacks against the United States,” DHS warned. “Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.”

The library program website essentially had been replaced with a page exclaiming “Iranian Hackers!” An image of Iran’s supreme leader Ayatollah Ali Khamenei also was posted, along with a message that “martyrdom was (Soleimani’s) reward for years of implacable efforts.

A graphic showed Trump being punched by a fist from Iran amid a flurry of missiles.

“With his departure and with God’s power, his work and path will not cease and severe revenge awaits those criminals who have tainted their filthy hands with his blood and blood of the other martyrs,” a message on the website read.

Another message claimed the hack was the work of an Iranian “security group,” adding that “this is only small part of Iran’s cyber ability!”

Iran has promised a military response to Soleimani’s killing. Trump has vowed that if Iran attacks an American base or any American, “which I would strongly advise them not to do, we will hit them harder than they have ever been hit before!”

I also received the following bulletin yesterday from the DHS email system.

Image

 

 

A Look Back at the Last Decade

Posted on by

Sadly, so much of the domestic and world events have affected our daily lives while other events have carried into this new decade. This is hardly a complete look back and readers are encouraged to leave comments with additional major events of the last decade. Congratulations for surviving and prevailing the last decade.

Image result for arab spring tunisia

2010: The Arab Spring

Deepwater Horizon Oil Spill

Apple introduces first iPad

President Obama signed the Affordable Care Act into law

7.0 Earthquake strike Haiti

Instagram Debuts

Image result for abbottabad raid

2011:  Abbottabad Raid Killing Osama bin Ladin

8.9 Earthquake Hits Japan

Prince William Marries Catherine Middleton

Casey Anthony Acquitted of Killing her Daughter

Syrian Civil War Began

2012: Baumgartner’s Stratosphere Jump

Benghazi attack

Super Hurricane Sandy

Aurora, Colorado Theater Shooting

Sandy Hook Elementary School Shooting

2013: IRS Targeting

Boston Marathon Bombing

Edward Snowden NSA leaks

Pope Benedict Resignation, First Ever

Black Lives Matter Activist Movement Originates

Failed Government Launch of Healthcare.gov

Image result for malaysia flight 370

2014: Malaysia Flight #370 Goes Missing

Actor Robin Williams Dies by Suicide

Bowe Bergdahl Taliban Prisoner Swap

Ebola Virus Outbreak

Boko Harem Kidnaps 200 Schoolgirls

Uber Launches Rideshare

Obama Normalizes Relations with Cuba

Islamic State (ISIL-ISIS) Battle Begins in Mosul

Image result for bataclan terror attack

2015:  San Bernardino Terror Attack

Pope Francis Speech to Joint Session of Congress

Hillary Clinton Email Scandal

Charlie Hebdo Terror Attack

Paris Stade de France Bombing

Bataclan Terror Attack

Syrian European Refugee Crisis

2016: Rio Olympic Games, Ryan Lochte scandal

U.S. Supreme Court Legalizes Gay Marriage

Singer Prince Found Dead from Fentanyl Overdose

Colin Kaepernick Began Kneeling Protest

Brexit Vote for Withdraw of United Kingdom from European Union

Russia Hacks U.S. Obama Expels Russian Diplomats and Spies

2017: Rare Coast to Coast Full Solar Eclipse

#MeToo Movement Begins

Las Vegas Mandalay Bay Hotel Shooting Killing 58 Wounding 413

Arianna Grande Manchester Bombing

Robert Mueller Named Special Council to Investigate Donald Trump and Russian Collusion

Hurricane Harvey, Category 4 Hits Leaving $125 Billion in Damage

Hurricane Irma, Category 5

Hurricane Maria, Category 5

President Trump Launches #FakeNews

ANTIFA Launches National Activist Operations

Image result for thailand soccer team cave

2018: Thailand Soccer Team Rescued from Cave

North Korea Agrees to Trump to Denuclearize

Cambridge Analytica-Facebook Scandal

Christine Blasey Ford v. Brett Kavanugh (Supreme Court Nominee)

Prince Harry Marries American Meghan Markle

Stoneman Douglas High School Shooting, Killing 17

Image result for u.s immigration crisis southern border

2019:  Robert Mueller Special Council Investigation Ends

U.S. House of Representatives Votes on Two Articles of Impeachment of President Trump

Trump Installs Sweeping Immigration Enforcement Measures

U.S. China Trade Pact Finalizes First Agreement

Boeing Jets Grounded

Hong Kong Freedom Fighters Protest China for Freedom

Locked Shields Versus Iran

Posted on by

Since the death of several Iranian warlords including Qassim Soleimani, the United States has dispatched more military personnel to the Middle East. The Patriot missile batteries scattered in the region including in Bahrain are now at the ready. When it comes to cyber operations inside Iran, little is being discussed as a means of retribution against the United States. Iran does have cyber warfare capabilities and does use them.

It has been mentioned in recent days that President Trump has been quite measured in responding to Iran’s various attacks including striking Saudi oil fields, hitting oil tankers and shooting down one of the drones operated by the United States. In fact, the United States did respond directly after the downing of our drone by inserting an effective cyber-attack against Iran’s weapons systems by targeting the controls of the missile systems.

APT33 phishing Read details from Security Affairs.

Iran has an estimated 100,000 volunteer cyber trained operatives that has been expanding for the last ten years led by the Basij, a paramilitary network. The cyber unit known for controlling the Iranian missile launchers is Sepehr 110 is a large target of the United States and Israel. Iran also mobilizes cyber criminals and proxy networks including another one known as OilRig.

In 2018, the United States charged 9 Iranians (Mabna Hackers) for conducting massive cyber theft, wire fraud and identity theft that affected hundreds of universities, companies and other proprietary entities.

Due to a more global cyber threat by Iran known to collaborate with North Korea, China and Russia, NATO has been quite aggressive in cyber defense operations via the Cooperative Cyber Defense Center of Excellence applying the Locked Shields Program.

Not too be lost in the cyber threat conditions, Iran also uses their cyber team to blast out propaganda using social media platforms. If this sounds quite familiar, it is. The Russian propaganda operations manual is also being used by Iran. The bots and trolls are at work in Europe to keep France, Britain and Germany connected to the Iranian nuclear deal and to maintain trade operations with Iran including diplomatic operations. There are fake Iranian and Russian accounts still today all over Twitter and Facebook for which Europe is slow to respond if at all.

Meet APT33, which the West calls the Iranian hacking crew(s), the other slang name is Elfin. APT33 is not only hacking, but it is performing cyber-espionage as well. There are many outside government organizations researching and decoding Iran’s cyber operations that cooperate with inside U.S. government cyber operations located across the globe that also cooperate with NATO.

Recorded Future is one such non-government pro-active cyber operation working on Iran. These include attributions of cyber attacks by Iran against Saudi Arabia as well as the West by decoding phishing campaigns, relationships, malware and webshells and security breeches.

Recent published results include in part:

Nasr Institute and Kavosh Redux

In our previous report, “Iran’s Hacker Hierarchy Exposed,” we concluded that the exposure of one APT33 contractor, the Nasr Institute, by FireEye in 2017, along with our intelligence on the composition and motivations of the Iranian hacker community, pointed to a tiered structure within Iran’s state-sponsored offensive cyber program. We assessed that many Iranian state-sponsored operations were directed by the Iranian Revolutionary Guard Corps (IRGC) or the Ministry of Intelligence and Security (MOIS).

According to a sensitive Insikt Group source who provided information for previous research, these organizations employed a mid-level tier of ideologically aligned task managers responsible for the compartmentalized tasking of over 50 contracting organizations, who conducted activities such as vulnerability research, exploit development, reconnaissance, and the conducting of network intrusions or attacks. Each of these discrete components, in developing an offensive cyber capability, were purposefully assigned to different contracting groups to protect the integrity of overarching operations and to ensure the IRGC and/or MOIS retained control of operations and mitigated the risk from rogue hackers. Read more here in detail from a published summary of 6 months ago.