Category Archives: DOJ, DC and inside the Beltway

Russian Hacking, We knew Because we had an Inside Operative(s)

Posted on by

This Executive Order is in draft form and does not include Russia, which is quite curious. The question of ‘why’ must be asked based on information noted below.

The Trump administration’s draft of the executive order on cybersecurity obtained by the Washington Post by April Glaser on Scribd

Those people involved in internet forensics and that track hackers, malicious code, malware, ransomware and intrusions are all dedicated to finding the cracks in code and even more finding the hackers while further understanding their code and patterns. I get emails about this topic every day that include a variety of global companies operating in this realm.

Back in December of 2015, ODNI James Clapper announced Russian intrusions into several American infrastructure locations. This was before the announcement of Russian intrusions into the U.S. political apparatus. In can be presumed the United States has long had the help of operatives inside adversarial countries, most of all Russia. Spies are out there and further, it is estimated there are 100,000 foreign spies inside the United States as of this moment. Heh, before Barack Obama left his presidency, he did expelled many Russians and closed two Russian compounds.

IN 2014, U.S. Cyber operations quietly penetrated Russian systems without declaring in specific language the exact operations.

In 2014, National Security Agency chief Adm. Mike Rogers told Congress that U.S. adversaries are performing electronic “reconnaissance” on a regular basis so that they can be in a position to disrupt the industrial control systems that run everything from chemical facilities to water treatment plants.

“All of that leads me to believe it is only a matter of when, not if, we are going to see something dramatic,” he said at the time.

Rogers didn’t discuss the U.S.’s own penetration of adversary networks. But the hacking undertaken by the NSA, which regularly penetrates foreign networks to gather intelligence, is very similar to the hacking needed to plant precursors for cyber weapons, said Gary Brown, a retired colonel and former legal adviser to U.S. Cyber Command, the military’s digital war fighting arm. More here.

It is unclear if we have recruited people inside Russia to work on the behalf of the United States, but clues tell us we did, with success.

In part from RFEL: At the simplest level, two FSB officers working in cyberdefense, Sergei Mikhailov and Dmitry Dokuchayev, as well as Ruslan Stoyanov, a former Interior Ministry official who works for the cyber security company Kaspersky Lab, are reportedly being charged with espionage.

According to Russian media reports, Mikhailov is suspected of alerting U.S. intelligence to the FSB’s connection to a Russian server-rental company called King Servers.

Last year, the U.S.-based cybersecurity firm ThreatConnect had identified King Servers as the nexus for hacking attacks against the United States.

If U.S. intelligence did indeed have a highly placed source like Mikhailov, it would explain why it was able to conclude with such a high degree of confidence that Russia was behind the cyberattacks during the election campaign.

The timing of the arrests and the timing of the decision by former U.S. President Barack Obama to declassify and make public parts of the U.S. intelligence report on the alleged Russian hacking also makes sense.

Mikhailov was arrested in December. And the U.S. released the intelligence report a month later, in January.

If Mikhailov was indeed a source, then Washington would have been reluctant to declassify its intelligence for fear of compromising him.

After he was arrested, this, of course, would no longer be an issue.

So far, so straightforward. Until it isn’t.

Leaks to the Russian media have also connected Mikhailov and his subordinate Dokuchayev to a hacker group known as Shaltai-Boltai, or Humpty Dumpty, which in the past has released embarrassing material about top Russian officials.

Vladimir Anikeyev, the founder of Shaltai-Boltai, has also been arrested, but is not being charged with espionage.

Moreover, Russian media reports claim that Dokuchayev is actually a former hacker known as Forb, who was serving a prison sentence for credit-card theft when he was recruited by the FSB, where he held the rank of major.

As Leonid Bershidsky notes in his column for Bloomberg, “parallel to their official duties, officers often run private security operations involving blackmail and protection. If Mikhailov ran such a business out of the FSB’s Information Security Center, he wouldn’t stand out among his colleagues.”

And it’s also not unusual for the FSB to recruit former hackers. In fact, it’s pretty much standard practice.

This is where the story diverts into the murky world of FSB officers and their civilian collaborators monetizing their positions and forming protection rackets.

“An FSB officer, recruited from the hacking community, can use his rank and position to obtain compromising material and sell it to wealthy clients. A team profiting from these opportunities can include both officers and civilians,” Bershidsky writes.

“The Russian government can hire such a team through intermediaries if it needs something sensitive done — but so can foreign intelligence services. It’s a murky world in which actors are both predator and prey. The Kremlin enjoys access to brilliant and unscrupulous people; the downside, of course, is that they may be hard to control.”

If you follow this line of logic, then it’s easy to imagine that Mikhailov and Dokuchayev inadvertently or unwittingly sold information exposing King Server’s FSB connections to a front for U.S. intelligence.

But the fact of the matter is we simply don’t know.

And if things aren’t confusing enough yet, there is also the matter of the bitter personal and clan rivalries in the shadow world of the Russian security services.

In a recent post on his blog KrebsOnSecurity, Brian Krebs, author of the book Spam Nation: The Inside Story Of Organized Cybercrime, suggested the whole affair might be traced to a personal rivalry between Mikhailov and Pavel Vrublevsky, an Internet businessman whose partner owns King Servers.

Mark Galeotti, an expert on Russia’s security services and a senior research fellow at the Institute of International Relations in Prague, notes that the FSB’s Information Security Center, which Mikhailov headed and where Dokuchayev was his subordinate, has emerged as “a pivotal agency” and “a source of power.”

And this makes it a prime arena for fierce rivalries and power plays.

“This is probably an intelligence leak that is being cleared up. But the question is: why now? And I wonder if domestic politics explains the leaking of the information now. It could be a rebuke to the FSB for having messed up,” Galeotti said on last week’s Power Vertical Podcast.

 

 

High Risk: National Security Personnel in Foreign Own Buildings

Posted on by

 FBI St. Louis  Little Rock

Oh Donald, Mr. President sir…you’re the expert here….need an immediate executive order on this one. By the way, don’t stay in the Waldorf Astoria any more, perhaps don’t go to movie theaters either if you’re concerned for personal reasons.

First on CNN: Report finds national security agencies at risk in foreign-owned buildings

Washington (CNN)US law-enforcement agencies are at risk of being spied on and hacked because some of their field offices are located in foreign-owned buildings without even knowing it, according to a new government report.

The report by the Government Accountability Office, which was obtained by CNN and is due to be released later Monday, reveals that a number of FBI, Homeland Security, Secret Service and Drug Enforcement Agency offices across the country are housed in space leased from firms based in China and other nations.
Experts told the GAO that the agencies could be vulnerable to espionage and cyber intrusions because the foreign owners could gain unauthorized access to the properties, be able to secretly install surveillance equipment, and have knowledge of building systems like heating, ventilation and electronics which could facilitate hacking.
The General Services Administration, which handles leasing for many federal agencies, is renting space in 20 buildings from foreign owners — and its investigators were unable to identify who the property owners for about one-third of the government’s more than 1,400 “high-security leases.”
Nine of the 14 agencies the GAO contacted were unaware the building space they were using was foreign owned.
“It’s an eye opener,” Rep. Jason Chaffetz, R-Utah, told CNN about the report. “Certainly our security professionals should know who owns the piping in the buildings that they occupy.”
Chaffetz, along with Sen. Tammy Duckworth, D-Illinois, and Rep. Elijah Cummings, D-Maryland, called for the GAO review.
The chairman of the House Oversight and Government Reform Committee said he doesn’t necessarily think the agencies should be barred from leasing office space from foreign owners, but added that he would feel “much more comfortable if they’re at least aware.”
Currently, the GSA is not required to determine whether a building is foreign owned when it is considering whether to lease space.
Among the report’s findings were that DEA, Homeland Security and Secret Service offices in Little Rock, Arkansas, Jacksonville, Florida, and Shreveport, Louisiana, along with an FBI office in St. Louis, Missouri, were leased from “Gemini Investments” — a company based in China.
The GAO report noted that Chinese-owned properties were of particular concern because the country has been linked to numerous instances of hacking.
After the Waldorf-Astoria Hotel in Manhattan was sold to Chinese investors, then-President Barack Obama didn’t stay there, as had long been the custom of US presidents, with security concerns being one of the factors.
Other federal offices listed in the study are located in buildings owned by companies in Canada, Israel, the United Kingdom, Germany, South Korea and Japan.
GAO investigators talked to officials who assess foreign investments in the US, as well as real estate representatives, who warned about the potential danger.
” … (L)easing space in foreign-owned buildings could present security risks such as espionage, unauthorized cyber and physical access to the facilitates, and sabotage,” the report said. “For example, a DHS foreign investment official said that potential threat actors could coerce owners into collecting intelligence about the personnel and activities of the facilities when maintaining the property.”
The report also noted other possible “insider threats,” referring to “disgruntled employees, contractors, or other persons abusing their position of trust” who pose a “significant threat” to building access.
But this doesn’t mean that the threats have materialized. Chaffetz said he was unaware of any specific instances where sensitive information had been compromised. The report also said two real estate representatives determined it wasn’t a security risk to lease foreign-owned space.
“One of the representatives said that access at high-security facilities is strictly controlled, including access by the owners, and that passive investors in properties do not have access to the buildings,” the report said.
In addition to hacking and espionage, the report also cautioned that renting from foreign owners presented the possibility of the US agencies becoming unwittingly involved in money laundering, since real estate purchases are often used to conceal the criminal source of the investment funds.
The report recommended that the GSA should start informing the agencies if their space is foreign owned, so they can put the necessary security precautions in place. The GSA said it agreed with the recommendation.
“I hope this is a wake-up call,” Chaffetz said.

Foreign Service Personnel Dissent Letter to Pres. Trump

Posted on by

We heard last week that several top policy people at the State Department left their positions. The State Department has a culture of very lenient diplomacy where few governments are ever disciplined or rebuked for decisions and actions that counter agreements, treaties, human rights and more. Iran is the topic example.

Now we have the next level of State Department personnel that are pushing back hard on President Trump’s Executive Order on suspension of travel visas and travel bans from listed countries. Secretary of State nominee, Rex Tillerson when confirmed will have a rank and file challenge on his hands.

Perhaps those behind the signatures on this dissent letter could answer some questions on the recommendations made by the 9/11 Commission Report where the entire chapter was dedicated to immigration of which every member of Congress, both sides of the aisle signed in approval to accept the recommendations and work to implement. (Pre 9/11 status quo has infected diplomacy again)

Countless foreign service officers have drafted a memo to the White House.

LawFareBlog: Numerous Foreign Service officers and other diplomats have drafted a dissent memo expressing opposition to President Donald Trump’s executive order banning refugees and immigrants from Iran, Iraq, Libya, Somalia, Sudan, Syria, and Yemen from entering the United States. ABC reported this morning on the draft, which is likely to be submitted today.

Here’s a copy of the actual draft. We are hearing that literally hundreds of foreign service officers are planning to be party to the dissent memo; it’s still unclear exactly how many. We have redacted all names and personally identifiable information from this document.

**

(First page on the left) The State Department’s Dissent Channel is a mechanism for employees to confidentially express policy disagreement, created in 1971 as a response to concerns within the Department over the government’s handling of the Vietnam War. Authors of a memo submitted through the Channel, which is open to all regular employees of the State Department and USAID, may not be subject to any penalty or disciplinary action in response. Once a memo is submitted, the Secretary of State’s Policy Planning Staff must acknowledge its receipt within two working days and will usually distribute it to the Secretary of State, the Deputy Secretary of State, the Under Secretary for Political Affairs, the Chairperson of the Open Forum, and, if the memo’s author is employed by USAID, by the head of that agency as well. Taking into account the wishes of the author, the memo may also be distributed more broadly within the State Department and may be done so anonymously.

The ultimate significance of the channel is that memos must receive a substantive response within 30-60 working days

The First call and Next Putin/Trump Phone Call?

Posted on by

President Trump spoke with Vladimir Putin on Saturday and the readouts of the calls from both sides don’t quite match. Notwithstanding, is this the real reason for the call?  

News has been circulating on the internet since Friday[27 Jan]stating that Syrian President Bashar al-Assad is experiencing serious health problems. Some media outlets said that Assad had suffered a stroke; while others said that he was shot and has been taken to Damascus Hospital for treatment.  

France’s Le Point, speculated that Assad might have been assassinated by his personal Iranian Bodyguard Mehdi al-Yaacoubi, going so far as to say that he shot him in the head.  

Lebanese newspaper, al-Mustaqbal, quoted “reliable sources” as saying that Assad suffered from a cerebral infraction and was transferred to Damascus Hospital where he is being treated under high security.  

As for the Saudi newspaper Okaz, Assad is suffering from a “brain tumor.” He tried to cover up his illness through short and frequent appearances.  According to its sources, Assad is being treated by a Russian-Syrian medical team on a weekly basis, adding that he has undergone medical tests when he was in Moscow in October.  

Pro-Syrian regime Lebanese newspaper al-Diyar reported on Friday that Assad suffered from a stroke, but denied the news today.  

There were also rumors that Assad is at the American University Hospital

(AUH) in Beirut. However, Al Arabiya contacted the hospital and no information on the issue was given. Al Arabiya has also tried to contact Damascus Hospital, but there has been no response. On the other hand, in a statement carried by the Presidency of the Syrian Arab Republic page on Facebook, Syrian authorities said that such rumors were incorrect.

***

Meanwhile, not being able yet to add credibility to the rumors above, on to the next call and when….

***

Arab no more: Russia plans Syria name change in draft constitution

A draft Syrian constitution prepared by Russia suggests that the word “Arab” will be removed from the official name of the Syrian Arab Republic, currently ruled by a faction of the pan-Arab nationalist Baath Party.

Russia’s constitutional proposals were revealed during the Astana peace talks this week, according to Sputnik.

As far back as June 2016, the state-owned Russian news agency reported: “Russia suggested that Syria should change its official name from the Syrian Arab Republic to the Republic of Syria, in order to appeal to ethnic minorities such as Kurds and Turkmen.”

Pre-war Syria had a 74 percent majority Arab population; nine percent were Kurds and there were about 100,000 Turkmen. More here.

Russia to Hand over Large Number of Armored Vehicles to Syrian Army

The activists released several images in social networks showing several groups of the Russian armored vehicles of Vodnik in Tartus port in Mediterranean Sea.
The activists also said that the Syrian army will receive the Russian armored vehicles soon. Military journalists underlined that deployment of high-speed Vodnik armored vehicles along with T90 tanks will help the Syrian army in the war on terrorism.
The Arabic desk of massdar news said it seems that these armored vehicles have been imported to equip Faylaq al-Khames forces that were formed by the Syrian army and Russia’s full military back up.
Media sources disclosed on Saturday that the Russian Armed Forces would likely send back a number of soldiers and military hardware to Humeimim base in Lattakia province to reinvigorate their forces’ combat capabilities again. The Russian language Nezavisimaya Gazeta daily said Russia seemed to redeploy its forces and equipment to the Humeimim base after the Astana peace talks.
The daily opined that liberation of Aleppo had not been a turning point in war on ISIL terrorists in Syria and Moscow made a hurried decision when started to withdraw a part of its forcers and equipment from Syria.

***

In part from Newsweek: Buried within the U.S. intelligence community’s report on Russian activities in the presidential election is clear evidence that the Kremlin is financing and choreographing anti-fracking propaganda in the United States. By targeting fracking, Putin hopes to increase oil and gas prices, destabilize the U.S. economy and threaten America’s energy independence.

Fracking, or hydraulic fracturing, is a decades-old drilling technique in which water and sand is pumped through rock at a high pressure to release previously unreachable deposits of oil and natural gas.

Thanks to new technologies which are making the process more efficient and environmentally friendly, fracking now supports 4.3 million jobs and generates about half a trillion dollars in economic benefit to the United States every year. Additionally, natural gas prices have dropped in half thanks to the corresponding boost in supply, saving American families an average of $200 a year.

Fracking is the major reason why the United States is on pace to become completely energy independent by 2020. America relies on fracking to produce more than 1.5 billion barrels of oil a year — over half of the total U.S. oil output.

Russia sees all this as a threat. More here from Newsweek.

Or could the next conversation include Afghanistan?

Challenging the U.S., Moscow Pushes Into Afghanistan

WSJ: Russia is making fresh inroads into Afghanistan that could complicate U.S. efforts to strengthen the fragile Kabul government, stamp out the resilient Taliban insurgency and end America’s longest war.

Moscow last month disclosed details of contacts with the Taliban, saying that it is sharing information and cooperating with the radical movement on strategy to fight the local affiliate of Islamic State.

 

Trump Approved CT al Qaeda Operation in Yemen, 1 Dead

Posted on by
 FoxNews  NYMag

In part from the Defense Department press release: The raid is one in a series of aggressive moves against terrorist planners in Yemen and worldwide, according to the Centcom release. Similar operations have produced intelligence on al-Qaida logistics, recruiting and financing efforts. 

A US commando died and three others were wounded in a deadly dawn raid on the al-Qaeda militant group in southern Yemen, which was the first military operation authorised by US President Donald Trump.

The US military said 14 militants died in the attack on a powerful al-Qaeda branch that has been a frequent target of US drone strikes.

Medics at the scene, however, said around 30 people, including 10 women and children, were killed.

The gunbattle in the rural Yakla district of al-Bayda province killed a senior leader in Yemen’s al-Qaeda branch, Abdulraoof al-Dhahab, along with other militants, al-Qaeda said.

Eight-year-old Anwar al-Awlaki, the daughter of US-born Yemeni preacher and al-Qaeda ideologue Anwar al-Awlaki, was among the children who died in the raid, according to her grandfather. Her father was killed in a US drone strike in 2011.

“She was hit with a bullet in her neck and suffered for two hours,” Nasser al-Awlaki told Reuters. “Why kill children? This is the new (US) administration – it’s very sad, a big crime,”

The US military said in a statement that the raid netted “information that will likely provide insight into the planning of future terror plots”.

The American elite forces did not seize any militants or take any prisoners offsite, said a US military official who spoke on condition of anonymity.

The three commandos who were injured were hurt when a military aircraft experienced a hard landing and was “intentionally destroyed in place,” the Pentagon said.

“The operation began at dawn when a drone bombed the home of Abdulraoof al-Dhahab and then helicopters flew up and unloaded paratroopers at his house and killed everyone inside,” said one resident, who spoke on condition of anonymity.

“Next, the gunmen opened fire at the US soldiers who left the area, and the helicopters bombed the gunmen and a number of homes and led to a large number of casualties.”

A Yemeni security officer and a local official corroborated that account. Fahd, a local resident who asked that only his first name be used, said several bodies remained under debris and that houses and the local mosque were damaged in the attack.

In a message on its official Telegram messaging account, al Qaeda mourned al-Dhahab as a “holy warrior” and other slain militants, without specifying how many of its fighters were killed.

***

Related reading: Ex-Guantanamo detainee now al Qaeda leader in Yemen

***

Commandos from the Navy’s SEAL Team 6 carried out the surprise dawn attack in Bayda Province in a ground raid that lasted a little less than an hour. A military aircraft assisting in the operation crash-landed nearby, leaving two more service members injured, the statement said. That aircraft, identified by a senior American official as an MV-22 Osprey sent to evacuate the troops wounded in the raid, was unable to fly after the landing and was intentionally destroyed by American airstrikes. More here from NYT’s.

****

From 2009 and it is germane today:

Al‐Qa’ida represents itself as the vanguard of the Muslim community, committed to upholding Islamic values and defending Muslim people against Western forces, but its behavior represents a callous attitude toward the lives of those the group claims to protect. Al‐ Qa’ida absolves responsibility for the deaths of Muslims by claiming that they are either martyrs or apostates. The definition of apostate, however, varies considerably. Al‐ Qa’ida considers any Muslim that impedes their struggle by working with the West or an unfriendly regime as an apostate, and therefore a legitimate target. This includes Muslims serving in the armed forces, serving as police officers, and even those occupying civilian jobs. Al‐Qa’ida makes convenient use of this designation to justify its indiscriminate use of violence.
To justify the killing of innocent Muslims, or martyrs, al‐Qa’ida references a shari’a rule called al‐tatarrus. Al‐tatarrus refers to the use of human shields, the practice of avoiding hostility by hiding behind others. Muslims are not supposed to kill other Muslims, and historically, enemies used this prohibition against Muslim military forces by surrounding themselves with other Muslims. Muslims found the al‐tatarrus rule was a strategic liability and looked for ways to circumvent the ban. The notion that it is okay to kill Muslims being used as human shields, is not widely invoked or discussed in other contemporary circles. Al‐Qa’ida resurrected the term to justify the killing of innocents, arguing that these people were essentially human shields, and if innocent, they died martyrs. Among the only justifications for this obscure rule is Abu Yahya al‐ Libi’s book entitled “Al‐Tatarrus in the Modern Jihad,” and Ayman al‐Zawhiri cited this source during his open forum referenced above.15 Al‐Qa’ida has acknowledged that assailants should be patient and wait for the right time to carry out attacks (in martyr videos and announcements), but this report shows there is scant evidence of prudence or effort to limit violence. Irrespective of al‐Qa’ida’s justifications, if history provides a glimpse into the future, the group and its associates will pose the greatest threat to fellow Muslims. Read more here.