Category Archives: DOJ, DC and inside the Beltway

US Treasury to Publish Russian Oligarch Corruption Index

Posted on by

Image result for GRU cyber operations

In December of 2015, Obama took aggressive action expelling Russian diplomats over hacking and political intrusion.

Image result for GRU cyber operations photo

“In addition, the Russian Government has impeded our diplomatic operations by, among other actions — forcing the closure of 28 American corners which hosted cultural programs and English-language teaching; blocking our efforts to begin the construction of a new, safer facility for our Consulate General in St Petersburg; and rejecting requests to improve perimeter security at the current, outdated facility in St Petersburg.” Some additional actions and those expelled include:

Two Russian intelligence agencies, the GRU and the FSB, four GRU officers and three companies “that provided material support to the GRU’s cyber operations”.

The White House named Igor Valentinovich Korobov, the current chief of the GRU; Sergey Aleksandrovich Gizunov, deputy chief of the GRU; Igor Olegovich Kostyukov, a first deputy chief of the GRU; and Vladimir Stepanovich Alexseyev, also a first deputy chief of the GRU. The Obama Executive Order is here.

Image result for GRU cyber operations

White House Fact Sheet on Russian malicious behavior

Slide presentation on Fancy Bear, hacking

Russia’s Oligarchs Brace for U.S. List of Putin Friends

(Bloomberg) — The U.S. Treasury Department is finishing its first official list of “oligarchs” close to President Vladimir Putin’s government, setting off a flurry of moves by wealthy Russians to shield their fortunes and reputations.

Some people who think they’re likely to land on the list have stress-tested the potential impact on their investments, two people with knowledge of the matter said. Others are liquidating holdings, according to their U.S. advisers.

Russian businessmen have approached former Treasury and State Department officials with experience in sanctions for help staying off the list, said Dan Fried, who previously worked at the State Department and said he turned down such offers.

Some Russians sent proxies to Washington in an attempt to avoid lobbying disclosures, according to one person that was contacted.

The report is expected to amount to a blacklist of Russia’s elite. It was mandated by a law President Donald Trump reluctantly signed in August intended to penalize the Kremlin for its alleged meddling in the 2016 election.

A rare piece of legislation passed with a bipartisan veto-proof margin, the law gave Treasury, the State Department and intelligence agencies 180 days to identify people by “their closeness to the Russian regime and their net worth.”

That deadline is Jan. 29.

Shamed Oligarchs

The list has also become a headache within Treasury, where some officials are concerned it will be conflated with sanctions, a person familiar with the matter said.

Treasury officials are considering keeping some portions of the report classified — which the law allows — and issuing it in the form of a letter from a senior official, Sigal Mandelker, instead of releasing it through the Office of Foreign Assets Control, which issues sanctions.

That would help distinguish it from separate lists of Russians subject to U.S. economic penalties, said the person, who spoke on condition of anonymity.

“You’re going to have people getting shamed. It’s a step below a sanction because it doesn’t actually block any assets, but has the same optics as sanctions — you’re on a list of people who are engaged in doing bad things,” said Erich Ferrari, who founded Ferrari & Associates in Washington and has helped people get removed from the sanctions designation list.

Corruption Index

The report must include “indices of corruption” with the oligarch’s names and list any foreign assets they may own. Lawmakers expect the list to provide a basis for future punitive actions against Russia.

“Because of the nervousness that the Russian business community is facing, a number of oligarchs are already beginning to wind back businesses, treating them as if they are already designated, to stay ahead of it,” said Daniel Tannebaum, head of Pricewaterhousecoopers LLP’s global financial sanctions unit.

He advises a handful of wealthy Russian individuals and some businesses who he declined to identify.

Treasury’s terrorism and financial intelligence unit is working with the State Department and Office of National Intelligence to complete the report, said a spokesman who declined to elaborate on the criteria for the list or whether it would be made public.

“It should be released in the near future,” Treasury Secretary Steve Mnuchin said at a White House briefing. ‘It’s something we’re very focused on.”

‘Allows Mischief’

The list’s impact will depend on how it’s released, said Adam Smith, a former senior adviser in Treasury’s sanctions unit and now a partner at Gibson, Dunn & Crutcher LLP in Washington.

The law is “written in a way that it allows mischief if the administration wanted to go a different way,” Smith said. “If the president wanted to provide little or a lot and be very selective, he has the ability to do that.”

That discretion partly flows from the criteria used to assemble the list, which Congress left up to Treasury.

Senator Ben Cardin of Maryland, the ranking Democrat on the committee on foreign relations, said he would like to see “as much transparency as possible” from Treasury when it finishes the list.

Russia has sought to defend its elites. Putin warned of worsening U.S. sanctions last month and introduced a capital amnesty program to encourage wealthy nationals to repatriate some of their overseas assets.

He also approved a plan to issue special bonds designed to give the wealthy a way to hold their dollar assets out of reach of the U.S. Treasury.

‘Disgusting’ Relations

While compilation of the list doesn’t mean there’ll be a new round of tit-for-tat sanctions, Russia will react to any punitive measures against its business people, Kremlin spokesman Dmitry Peskov told reporters on a conference call Friday.

“The principle of reciprocity remains,” and it would be for Putin to decide on the best response, he said.

Prime Minister Dmitry Medvedev, a Putin lieutenant for two decades, called the state of the relationship “disgusting” in November.

Congress has also requested that Treasury submit an impact analysis of potential sanctions on Russian sovereign bonds. A Treasury spokesman said its international affairs office is working on the analysis.

U.S. sanctions on the bonds would deal a major blow to Russia’s finances, raising the prospect of a selloff in the bond market, posing a risk to the ruble and the potential for higher borrowing costs.

The Russian Finance Ministry relies on debt to cover budget shortfalls and is seeking to borrow $18 billion domestically in 2018.

APT 28 Fancy Bear Espionage Target US Senate

Posted on by

While Robert Mueller continues his robust investigation into all things Russia and his team is under critical pushback, one must consider that his work could and should produce a report on the constant and critical threat of cyber hacking by Russia. The United States does not have a cyber policy but it does have a CyberCommand. Congress cannot draft any legislation on global cyber policy and consequence.

Image result for u.s. cyber command

Beginning in June 2017, phishing sites were set up mimicking the ADFS (Active Directory Federation Services) of the U.S. Senate. By looking at the digital fingerprints of these phishing sites and comparing them with a large data set that spans almost five years, we can uniquely relate them to a couple of Pawn Storm incidents in 2016 and 2017. The real ADFS server of the U.S. Senate is not reachable on the open internet, however phishing of users’ credentials on an ADFS server that is behind a firewall still makes sense. In case an actor already has a foothold in an organization after compromising one user account, credential phishing could help him get closer to high profile users of interest. More here from:

Update on Pawn Storm: New Targets and Politically Motivated Campaigns

 

PARIS (AP) — The same Russian government-aligned hackers who penetrated the Democratic Party have spent the past few months laying the groundwork for an espionage campaign against the U.S. Senate, a cybersecurity firm said Friday.

The revelation suggests the group often nicknamed Fancy Bear, whose hacking campaign scrambled the 2016 U.S. electoral contest, is still busy trying to gather the emails of America’s political elite.

“They’re still very active — in making preparations at least — to influence public opinion again,” said Feike Hacquebord, a security researcher at Trend Micro Inc., which published the report . “They are looking for information they might leak later.”

The Senate Sergeant at Arms office, which is responsible for the upper house’s security, declined to comment.

Hacquebord said he based his report on the discovery of a clutch of suspicious-looking websites dressed up to look like the U.S. Senate’s internal email system. He then cross-referenced digital fingerprints associated with those sites to ones used almost exclusively by Fancy Bear, which his Tokyo-based firm dubs “Pawn Storm.”

Trend Micro previously drew international attention when it used an identical technique to uncover a set of decoy websites apparently set up to harvest emails from the French presidential candidate Emmanuel Macron’s campaign in April 2017. The sites’ discovery was followed two months later by a still-unexplained publication of private emails from several Macron staffers in the final days of the race.

Hacquebord said the rogue Senate sites — which were set up in June and September of 2017 — matched their French counterparts.

“That is exactly the way they attacked the Macron campaign in France,” he said.

Attribution is extremely tricky in the world of cybersecurity, where hackers routinely use misdirection and red herrings to fool their adversaries. But Tend Micro, which has followed Fancy Bear for years, said there could be no doubt.

“We are 100 percent sure that it can attributed to the Pawn Storm group,” said Rik Ferguson, one of the Hacquebord’s colleagues.

Like many cybersecurity companies, Trend Micro refuses to speculate publicly on who is behind such groups, referring to Pawn Storm only as having “Russia-related interests.” But the U.S. intelligence community alleges that Russia’s military intelligence service pulls the hackers’ strings and a months-long Associated Press investigation into the group, drawing on a vast database of targets supplied by the cybersecurity firm Secureworks, has determined that the group is closely attuned to the Kremlin’s objectives.

If Fancy Bear has targeted the Senate over the past few months, it wouldn’t be the first time. An AP analysis of Secureworks’ list shows that several staffers there were targeted between 2015 and 2016.

Among them: Robert Zarate, now the foreign policy adviser to Florida Senator Marco Rubio; Josh Holmes, a former chief of staff to Senate Majority Leader Mitch McConnell who now runs a Washington consultancy; and Jason Thielman, the chief of staff to Montana Senator Steve Daines. A Congressional researcher specializing in national security issues was also targeted.

Fancy Bear’s interests aren’t limited to U.S. politics; the group also appears to have the Olympics in mind.

Trend Micro’s report said the group had set up infrastructure aimed at collecting emails from a series of Olympic winter sports federations, including the International Ski Federation, the International Ice Hockey Federation, the International Bobsleigh & Skeleton Federation, the International Luge Federation and the International Biathlon Union.

The targeting of Olympic groups comes as relations between Russia and the International Olympic Committee are particularly fraught. Russian athletes are being forced to compete under a neutral flag in the upcoming Pyeongchang Olympics following an extraordinary doping scandal that has seen 43 athletes and several Russian officials banned for life. Amid speculation that Russia could retaliate by orchestrating the leak of prominent Olympic officials’ emails, cybersecurity firms including McAfee and ThreatConnect have picked up on signs that state-backed hackers are making moves against winter sports staff and anti-doping officials.

On Wednesday, a group that has brazenly adopted the Fancy Bear nickname began publishing what appeared to be Olympics and doping-related emails from between September 2016 and March 2017. The contents were largely unremarkable but their publication was covered extensively by Russian state media and some read the leak as a warning to Olympic officials not to press Moscow too hard over the doping scandal.

Whether any Senate emails could be published in such a way isn’t clear. Previous warnings that German lawmakers’ correspondence might be leaked by Fancy Bear ahead of last year’s election there appear to have come to nothing.

On the other hand, the group has previously dumped at least one U.S. legislator’s correspondence onto the web.

One of the targets on Secureworks’ list was Colorado State Senator Andy Kerr, who said thousands of his emails were posted to an obscure section of the website DCLeaks — a web portal better known for publishing emails belonging to retired Gen. Colin Powell and various members of Hillary Clinton’s campaign — in late 2016.

Kerr said he was still bewildered as to why he was targeted. He said that while he supported transparency, “there should be some process and some system to it.

“It shouldn’t be up to a foreign government or some hacker to say what gets released and what shouldn’t.”

Jeff Sessions’ DoJ and Operation Janus

Posted on by

A Department of Homeland Security initiative, Operation Janus, identified about 315,000 cases where some fingerprint data was missing from the centralized digital fingerprint repository. Among those cases, some may have sought to circumvent criminal record and other background checks in the naturalization process. These cases are the result of an ongoing collaboration between the two departments to investigate and seek denaturalization proceedings against those who obtained citizenship unlawfully. USCIS dedicated a team to review these Operation Janus cases, and the agency has stated its intention to refer approximately an additional 1,600 for prosecution.

In 2009, CBP provided the results of Operation Targeting Groups of Inadmissible
Subjects, now referred to as Operation Janus, to DHS. In response, the DHS
Counterterrorism Working Group coordinated with multiple DHS components
to form a working group to address the problem of aliens from special interest
countries receiving immigration benefits after changing their identities and
concealing their final deportation orders. In 2010, DHS’ Office of Operations
Coordination (OPS) began coordinating the Operation Janus working group.

***

The Office of the Inspector General report on Operation Janus. So, we have our first case…appears more to come.

Image result for operation janus immigration photo

VOA: A federal judge last week stripped an Indian national of his U.S. citizenship in what officials described as the first case to grow out of an Obama-era federal investigation that exposed rampant fraud among citizenship applicants.

Federal prosecutors had sought the denaturalization of Baljinder Singh in September, arguing that the 43-year-old native of India had fraudulently obtained his citizenship.

According to prosecutors, Singh first entered the U.S. under a false name in 1991 and subsequently faced deportation, but he failed to disclose that information in his 2004 citizenship application.

Under U.S. law, naturalization can be revoked if it was obtained through fraud.

On January 5, Federal Judge Stanley Chesler of the District of New Jersey, where Singh lives, granted the government’s request to revoke Singh’s citizenship, reverting his status to a green card holder and potentially subjecting him to deportation, the Justice Department announced Tuesday.

The judge’s order came after Singh failed to respond to the Justice Department’s denaturalization complaint and subsequent request for a summary judgment, according to court documents.

Singh could not be immediately reached.

Operation Janus

The Justice Department said the case was the first to result from Operation Janus, a Department of Homeland Security probe that identified 315,000 immigrants whose fingerprints were missing from government databases. The immigrants faced deportation or were criminal fugitives and “some may have sought to circumvent criminal record and other background checks in the naturalization process,” the Department said.

A 2016 audit by the Homeland Security Department’s inspector general first disclosed the missing fingerprint data and found that the U.S. Citizenship and Immigration Services had mistakenly granted citizenship to at least 858 immigrants facing deportation.

The immigrants used different names and birth dates to apply for citizenship, according to the audit.

The inspector general criticized Immigration and Customs Enforcement for failing to investigate the apparently fraudulently naturalized citizens but said the agency was “now taking steps to increase the number of cases to be investigated, particularly those who hold positions of public trust and who have security clearances.”

The pace of the investigations appears to have picked up over the past year, with the U.S. Citizenship and Immigration Services reporting a “growing body of cases” to the Justice Department.

Last year, the Justice Department filed 25 civil denaturalization cases and 57 criminal cases, according to a department spokesman.

The U.S. immigration agency said it plans to refer about 1,600 additional cases uncovered by Operation Janus for possible denaturalization.

“I hope this case, and those to follow, send a loud message that attempting to fraudulently obtain U.S. citizenship will not be tolerated,” USCIS Director Francis Cissna said in a statement. “Our nation’s citizens deserve nothing less.”

Denaturalization

Singh faces certain deportation, according to Amanda Frost, a professor at the American University Washington School of Law.

“Now that they’ve denaturalized him, their next move is to take away his green card and deport him,” Frost said. “If they don’t do that, I’m not sure what the purpose of this entire proceeding was.”

Chad Readler, the acting head of the Justice Department’s Civil Division, said Singh had “exploited our immigration system and unlawfully secured the ultimate immigration benefit of naturalization.”

“The Justice Department will continue to use every tool to protect the integrity of our nation’s immigration system, including the use of civil denaturalization,” Readler added.

The government is also seeking the denaturalization of two Pakistani nationals who are accused of concealing deportation orders from immigration officials.

In recent years, the number of denaturalization cases has been in the dozens, according to Frost. But Operation Janus suggests that the government is “putting more resources into this than it did before,” Frost said.

The U.S. government used denaturalization throughout the first half of the 20th century to take away the citizenship of people suspected of Communist sympathies or fighting in foreign wars.

But a landmark Supreme Court decision in 1967, Afroyim v. Rusk, put an end to the practice, said Frost, who researches denaturalization.

“The court made it clear that denaturalization was limited,” Frost said.

Last year, the Supreme Court handed down a decision in another denaturalization case, barring the government from denaturalizing citizens for making “non-material” false statements on their citizenship applications.

“It served to remind the government that there are many constitutional protections in this area and that denaturalization must be done carefully,” she said.

 

Space X Zuma Launched Failed, or did it?

Posted on by

Could this have been a classified payload to destroy North Korea’s own spy satellite or their next ICBM launch or Iran’s or Russia’s such that the real answers will never be forthcoming, meaning it is a ploy? Maybe even China?

Image result for zuma payload photo and more information here.

Space-Track has cataloged the Zuma payload as USA 280, international designation 2018-001A. Catalog number 43098. No orbit details given. No reentry date given, but for a secret payload it might not be. Implication is Space-Track thinks it completed at least one orbit.

Related reading: Did SpaceX’s secret Zuma mission actually fail?

SpaceX’s latest rocket may have launched successfully – but the mission didn’t end as a win. The Zuma payload it was carrying, a mysterious classified piece of cargo for the U.S. government believed to be a spy satellite, was lost after it failed to separate from the second stage of the rocket after the first stage of the Falcon 9 separated as planned and returned to Earth.

The WSJ reports, and we’ve confirmed separately, that the payload is thought to have fallen back through the Earth’s atmosphere after reaching space, because of the failure to separate. The failure is one that can happen when cargo doesn’t properly detach as planned, since the second stage is designed to fall back to Earth and burn up in re-entry.

SpaceX had launched as planned on January 7 in its target window, and recovered the first stage of the booster with a landing at its Cape Canaveral facility. Because of the nature of the mission, coverage and information regarding the progress of the rocket and its payload from then on was not disclosed.

The payload, codenamed Zuma, was contracted for launch by Northrop Grumman by the U.S. government, and Northrop selected SpaceX as the launch provider. SpaceX had previously launched the U.S. Air Force’s X-37B spacecraft, and was approved for flying U.S. government payloads with national security missions.

The satellite was likely worth billions, according to the WSJ, which makes this the second billion-dollar plus payload that SpaceX has lost in just over two years; the last was Facebook’s internet satellite, which was destroyed when the Falcon 9 it was supposed to launch on exploded during preflight preparations in September 2016.

This could be a significant setback for SpaceX, since these kinds of contracts can be especially lucrative, and it faces fierce competition from existing launch provider ULA, jointly operated by Boeing and Lockheed Martin.

We’ve reached out to SpaceX and will update if they provide additional comment.

Update – SpaceX provided the following statement regarding the mission, which could suggest the fault lies with something provided by launch partner Northrop Grumman or the payload itself:

“We do not comment on missions of this nature; but as of right now reviews of the data indicate Falcon 9 performed nominally.“

Iran’s Supreme Leader, the Nuclear Deal, Protests and Boeing

Posted on by

It is the conglomerate that the Supreme Leader, the Ayatollah Khamenei owns exclusively. “Setad Ejraiye Farmane Hazrate Emam,” or Setad.

Image result for Setad Ejraiye Farmane Hazrate Emam

Setad was originally sanctioned by the U.S. Treasury in June 2013. The conglomerate “produces billions of dollars in profits for the Iranian regime each year,” said David Cohen, then the Treasury’s under secretary for terrorism and financial intelligence, at a Senate banking committee hearing that year.

Setad, Cohen said at the time, controls “massive off-the-books investments” hidden from the Iranian people and regulators.

All entities sanctioned for being part of the Iranian government are being taken off the SDN list as part of the nuclear deal, also called the Joint Comprehensive Plan of Action (JCPOA), though U.S. persons and entities will still be banned from dealing with them.

In January of 2017, a review by Reuters noted: But a Reuters review of business accords reached since then shows that the Iranian winners so far are mostly companies owned or controlled by the state, including Iran’s Supreme Leader, Ayatollah Ali Khamenei.

Of nearly 110 agreements worth at least $80 billion that have been struck since the deal was reached in July 2015, 90 have been with companies owned or controlled by Iranian state entities, the Reuters analysis shows.

In December of 2017: Treasury Department officials must publish a report chronicling the financial assets of Iran’s top leaders, under a bill that passed the House on Wednesday.

The legislation, which passed 289-135, must still clear the Senate before President Trump can sign it into law. It’s a potential boon to Iranian dissidents against the regime, who stand to gain insight into corruption by top officials.

Related:

Podcast – Upheaval in Iran: Causes and Consequences

Meanwhile, as the protests continue in Iran against the regime and rightly so, questions arise due to not only Senate votes on sanctions but staying with the Joint Comprehensive Plan of Action, meaning the Iran nuclear deal.

Image result for Setad Ejraiye Farmane Hazrate Emam photo

Why is there even a question based on additional facts surfacing in the last year? Well, the left and those that remain with John Kerry and Barack Obama are adding new pressures to stay in the JCPOA. Further, complications arise from those countries that are also part of the deal. They too want the deal sustained.

In a story titled “U.S. security experts back Iran nuclear deal, as Trump faces deadlines,” Reuters reports that a coalition of national security experts want the president to continue the Iran deal. The report claims, without any context, that all of the people who signed a letter in favor of the deal are “national security experts.” Additionally, these “experts” are from an organization called the “National Coalition to Prevent an Iranian Nuclear Weapon.”

It turns out, however, that some of those listed on the document have severe conflicts of interests, none of which were disclosed in the letter.

It also turns out that the National Coalition to Prevent an Iranian Nuclear Weapon is not an actual organization. A Google search of the group turned up nothing before Monday. The group was created this week with the apparent purpose of garnering support for the nuclear deal. None of this is reported in the Reuters article. It is only revealed through the group’s statement provided on The National Interest website.

The outfit’s title also presumes its members are national security hawks, when this is far from the case.

Members of the “National Coalition” include a who’s who of the prominent organizers of the campaign to rally support for the Obama administration’s nuclear deal with Tehran.

Included on the list is Joseph Cirincione, who served as the money man for President Obama’s Iran “echo chamber.” Cirincione has admitted to paying off a “network of 85 organizations and 200 individuals” who were “decisive in the battle for public opinion” over the Iran deal.

Gary Sick, another signee, was one of the chief organizers of the Iran echo chamber. According to the Washington Free Beacon, Sick created an invite-only listserv to distribute pro-Tehran talking points to Obama-friendly journalists and influential figures.

The coalition also includes Ambassador Thomas Pickering, who is a paid lobbyist for Boeing. The aviation company is attempting to secure a multi-billion-dollar jetliner deal with the Iranian regime. If the Iran deal falls through, so does Boeing’s deal.

Paul Pillar, a disgraced former CIA officer who was also on the letter, once drafted talking points arguing that it’s not a big deal if Iran is able to develop a nuclear weapon. “If Iran develops a nuclear weapon, the United States and the West could live with it, without important compromise to U.S. interests,” he wrote, according to Eli Lake of Bloomberg News.

It remains a mystery what President Trump will decide this time around. He has been troubled by Iran’s violent response to countrywide protests. The president has leveraged social media and several executive departments to raise awareness about the plight of Iranian protesters. He has also mulled enacting further sanctions against the regime.

As an aside, there too is pressure from Boeing, they want to protect the sale agreements of planes to Iran such that they have offered to ‘finance’ the payments, essentially layaway. Iran is looking for a method to make payments of $44B to both Air Bus and Boeing. Humm….but that Supreme leader has a major conglomerate remember?