Category Archives: Failed foreign policy

Chinese Intelligence at Center of OPM Hack

Posted on by

First reported there was Anthem, one of the largest healthcare providers that was hacked. 80 million personal records were compromised. What is notable is Anthem is part of the Blue Cross Blue Shield health coverage network and even more concerning is BCBS provides coverage to more that half of the federal government workforce.

Take note of the following fro Threatconnect.com:

“Anthem Themed Infrastructure & Signed Malware:
In September 2014, the ThreatConnect Intelligence Research Team (TCIRT) observed a variant of the Derusbi APT malware family, MD5: 0A9545F9FC7A6D8596CF07A59F400FD3, which was signed by a valid digital signature from the Korean company DTOPTOOLZ Co. Derusbi is a family of malware used by multiple actor groups but associated exclusively with Chinese APT. TCIRT began tracking the DTOPTOOLZ signature for additional signed malware samples and memorialized them within our Threat Intelligence Platform over time.
Analyst Comment: The DTOPTOOLZ signature has also been observed in association with Korean Adware that is affiliated with the actual DTOPTOOLZ Co. This adware should not be confused with the APT malware that is abusing the same digital signature.
Later, in mid-November we discovered another implant that was digitally signed with the DTOPTOOLZ signature. This implant, MD5: 98721c78dfbf8a45d152a888c804427c, was from the “Sakula” (aka. Sakurel) family of malware, a known variant of the Derusbi backdoor, and was configured to communicate with the malicious command and control (C2) domains extcitrix.we11point[.]com and www.we11point[.]com. Through our Farsight  Security passive DNS integration, we uncovered that this malicious infrastructure was likely named in such a way to impersonate the legitimate Wellpoint IT infrastructure.”

This brings us to the hack or rather simply sign-on as a root user of the 14 million personnel records of Office of Personnel Management (OPM) located in Colorado.

From Reuters:

U.S. employee data breach tied to Chinese intelligence

The Chinese hacking group suspected of stealing sensitive information about millions of current and former U.S. government employees has a different mission and organizational structure than the military hackers who have been accused of other U.S. data breaches, according to people familiar with the matter.

While the Chinese People’s Liberation Army typically goes after defense and trade secrets, this hacking group has repeatedly accessed data that could be useful to Chinese counter-intelligence and internal stability, said two people close to the U.S. investigation.

Washington has not publicly accused Beijing of orchestrating the data breach at the U.S. Office of Personnel Management (OPM), and China has dismissed as “irresponsible and unscientific” any suggestion that it was behind the attack.

Sources told Reuters that the hackers employed a rare tool to take remote control of computers, dubbed Sakula, that was also used in the data breach at U.S. health insurer Anthem Inc last year.

The Anthem attack, in turn, has been tied to a group that security researchers said is affiliated with China’s Ministry of State Security, which is focused on government stability, counter-intelligence and dissidents. The ministry could not immediately be reached for comment.

In addition, U.S. investigators believe the hackers registered the deceptively named OPM-Learning.org website to try to capture employee names and passwords, in the same way that Anthem, formerly known as Wellpoint, was subverted with spurious websites such as We11point.com, which used the number “1” instead of the letter “l”.

Both the Anthem and OPM breaches used malicious software electronically signed as safe with a certificate stolen from DTOPTOOLZ Co, a Korean software company, the people close to the inquiry said. DTOPTOOLZ said it had no involvement in the data breaches.

The FBI did not respond to requests for comment. People familiar with its investigation said Sakula had only been seen in use by a small number of Chinese hacking teams.

“Chinese law prohibits hacking attacks and other such behaviors which damage Internet security,” China’s Foreign Ministry said in a statement. “The Chinese government takes resolute strong measures against any kind of hacking attack. We oppose baseless insinuations against China.”

MANY UNKNOWNS

Most of the biggest U.S. cyber attacks blamed on China have been attributed, with varying degrees of certitude, to elements of the Chinese army. In the most dramatic case two years ago, the U.S. Justice Department indicted five PLA officers for alleged economic espionage.

Far less is known about the OPM hackers, and security researchers have differing views about the size of the group and what other attacks it is responsible for.

People close to the OPM investigation said the same group was behind Anthem and other insurance breaches. But they are not yet sure which part of the Chinese government is responsible.

“We are seeing a group that is only targeting personal information,” said Laura Gigante, manager of threat intelligence at FireEye Inc, which has worked on a number of the high-profile network intrusions.

CrowdStrike and other security companies, however, say the Anthem hackers also engaged in stealing defense and industry trade secrets. CrowdStrike calls the group “Deep Panda,” EMC Corp’s RSA security division dubs it “Shell Crew,” and other firms have picked different names.

The OPM breach gave hackers access to U.S. government job applicants’ security clearance forms detailing past drug use, love affairs, and foreign contacts that officials fear could be used for blackmail or recruiting.

In contrast to hacking outfits associated with the Chinese army, “Deep Panda” appears to be affiliated with the Ministry of State Security, said CrowdStrike co-founder Dmitri Alperovitch.

Information about U.S. spies in China would logically be a top priority for the ministry, Alperovitch said, adding that “Deep Panda’s” tools and techniques have also been used to monitor democracy protesters in Hong Kong.

An executive at one of the first companies to connect the Anthem and OPM compromises, ThreatConnect, said the disagreements about the boundaries of “Deep Panda” could reflect a different structure than that in top-down military units.

“We think it’s likely a cohort of Chinese actors, a bunch of mini-groups that are handled by one main benefactor,” said Rich Barger, co-founder of ThreatConnect, adding that the group could get software tools and other resources from a common supplier.

“We think this series of activity over time is a little more distributed, and that is why there is not a broad consensus as to the beginning and end of this group.”

Mexican Gulf Cartels Surveillance Systems

Posted on by

From Breitbart:

The former Tamaulipas governor Eugenio Hernandez Flores was charged on May 27, 2015 on two counts, money laundering and crimes against the United States.

MCALLEN, Texas — The U.S. federal government has formally announced that yet another former governor from Mexico has now become a fugitive sought by the U.S. Drug Enforcement Administration.
The U.S. Attorney’s Office for the Southern District Of Texas announced Friday morning that former Tamaulipas governor Eugenio Hernandez Flores has been charged with money laundering and money laundering conspiracy charges.

As previously reported by Breitbart Texas, Hernandez has been implicated in money laundering through a series of civil forfeiture cases accusing him of laundering bribe money that he received for government favors, as well as from Mexican drug traffickers including Los Zetas.

Hernandez, who was the governor from 2005 to 2010, is the second Tamaulipas governor to be criminally charged in the U.S. on money laundering charges connected to taking money from Mexican drug cartels. Tomas Yarrington Ruvalcaba, who served as governor before Hernandez, is currently facing money laundering and drug trafficking charges for his alleged role in helping the Gulf Cartel, Los Zetas and other Mexican cartels.

It gets worse as Breitbart publishes the following:

Mexican authorities take down a complex surveillance system made up of a range of <a href=home security cameras, set up by the Gulf Cartel in the border city of Reynosa” width=”398″ height=”359″ />

REYNOSA, Tamaulipas – Once again, Mexican authorities have dismantled a complex video surveillance system set up by the Gulf Cartel in order to keep tabs on authorities, their rivals and their future victims.  Breitbart Texas reported on the discovery and destruction of a similar system in May.

This time, authorities seized 39 video surveillance cameras set up around the city under orders from the criminal organization, information provided to Breitbart Texas by the Tamaulipas government revealed.

The seizure began on Tuesday evening, when state police officers spotted two men setting up one of the cameras in the Doctores (Doctor’s) neighborhood. Once in police custody, the two men told authorities that they had just finished setting up another 38 cameras around the city, the information provided by authorities revealed.

Under police guard, the two men took the authorities to the various spots where they had set up the cameras so that officers could take them down. The police did not release the names of the two suspects because the investigation into the cameras remains ongoing.

As previously reported by Breitbart Texas, last month Mexican authorities had discovered a sophisticated surveillance network in which the Gulf cartel placed video cameras in at least 52 different spots around the city. Some of the cameras worked wirelessly and would be controlled remotely.

At the time, Mexican officials confirmed to Breitbart Texas that the Gulf Cartel used the surveillance network in an effort to try to stay one step ahead of law enforcement, as well as to track their victims.

America Recovery Reinvestment Act, NOT SO Much

Posted on by

When one visits the government website www.recovery.gov, these description reads that the board is a non-partisan, non-political agency and then in bold letter in a heading it also reads ‘The Recovery Accountability and Transparency Board’.

Additionally the site mission statement reads: “To promote accountability by coordinating and conducting oversight of Recovery funds to prevent fraud, waste, and abuse and to foster transparency on Recovery spending by providing the public with accurate, user-friendly information.”

Sheesh note the one particular case below and then ask yourself if there is a violation.

From Watchdog.org:

Company that got millions from U.S. taxpayers now profits Chinese owners

The good news is electric car battery maker A123 Systems is finally on track to turn a profit.

The bad news is taxpayers don’t figure to see any of the $133 million the federal government spent and the estimated $141 million in tax credits and subsidies secured from Michigan to help the company take off in 2009, only to see A123 Systems crash, declare bankruptcy in 2012 and then get purchased by a privately held Chinese conglomerate.

“In the case of A123, they created some jobs and a year or two later those jobs were gone, so taxpayers weren’t getting that money back,” said Jarret Skorup, a policy analyst at Michigan’s Mackinac Center, a free-market think tank .

Earlier this month, CEO Jason Forcier announced that A123 Systems’ parent company, the China-based Wanxiang Group, will spend $200 million to double the capacity of three lithium-ion battery plants, including two in suburban Detroit.

Forcier told Crain’s Detroit Business that A123 Systems is expected to generate $300 million in revenue this year and plans to double that amount by 2018. The company, Forcier said, will turn a profit for the first time in its history in 2015.

“The strength of A123 has never been greater and we are honored to be expanding our existing customer relationships and establishing new ones at the same time,” Forcier said in a company news release.

It would mark a dramatic turnaround for the company that was on the verge of collapse when Wanxiang bought it a little more than two years ago at a stripped-down price of $256.6 million. 

But finding out if taxpayers will ever see any of their money back is another matter.

Watchdog.org sent an email and left two voicemail messages with A123 Systems, asking whether any refunds are coming or if — under the terms of the bankruptcy — Wanxiang is under no financial obligation to do so.

The one-sentence response from Paulette Spagnuolo, A123’s marketing and communications manager: “A123 continues to meet and exceed all of the terms of the state and federal grants including all job creation, repayment and investment requirements.”

Spagnuolo did not respond to inquiries asking her to elaborate.

Skorup says the money is gone for good.

“There are a lot of local and state rebates and they are largely upfront costs, so yes, taxpayers are sunk on those,” Skorup told Watchdog.org in a telephone interview. “They’re not going to be getting money back from them … Michigan doesn’t require (A123 Systems) to pay them back anyway.”

How much money?

On the federal level, A123 Systems was originally slated to receive $249 million in grants from the U.S. Department of Energy in 2009 to build production facilities in the towns of Romulus and Livonia, Michigan — just $7.6 million less than Wanxiang eventually bought the entire company for four years later.

But A123 Systems ran into trouble early on. After some of its batteries were involved in a recall for the company’s biggest customer, the electric car company Fisker Automotive, the company’s federal grant was cut off after A123 received $133 million. 

Figuring out how much Michigan passed out has been more difficult.

The Detroit Free Press and the Mackinac Center have been rebuffed in attempts to see how much of an investment the state made in A123 Systems because the Michigan Economic Development Corporation will not disclose specifics.

Skorup estimates Michigan approved A123 Systems for $100 million in a tax credit program and another $41 million in subsidies.

“How much they actually cashed in those we don’t know,” Skorup said. “We’ve tried to find out, but the state won’t give it to us … they say it’s a private contract.”

The federal money was part of the stimulus package and a green-tech initiative the Obama administration touted would spur economic success.

A123 Systems was one of a number of Michigan battery companies that received a surge of tax credits from the state in 2009, but the incentives did not spur the jobs and dollars that were promised.

Detroit Free Press estimated $861 million in Obama administration grants were awarded in the fledgling Michigan battery industry and another $543 million in state tax credits were awarded during the administration of then-Gov. Jennifer Granholm, a Democrat.

Most of the Michigan business tax credit program was eliminated by current Gov. Rick Snyder, a Republican. However, companies that had already secured the tax incentives were allowed to keep them.

“The general lesson for policy makers is that they make very poor venture capitalists because they’re not spending their own money,” said Skorup. “They’re spending other people’s money and those politicians weren’t putting their own stock portfolios into A123 Systems. They were putting taxpayer money into them.

“And the lesson for taxpayers should be, when politicians are making these claims about job projections they should be extremely skeptical. In Michigan, almost none of those — we’ve done multiple studies, other news organizations have done multiple studies — reach the actual projections that they promise.”

“Just because the jobs haven’t happened ‘yet,’ it doesn’t mean that cracking the code to vehicle batteries was the wrong strategy,” Granholm told the Free Press in March 2014.

President Obama appeared by remote broadcast for the grand opening of the A123 Systems Livonia plant in the fall of 2010, an event hosted by Granholm.

“Thanks to the Recovery Act, you guys are the first American factory to start high-volume production of advanced vehicle batteries,” Obama said at the time.

Skorup told Watchdog.org  the video of the event was taken down by the Michigan Economic Development Corporation, but the Mackinac Center, a sharp critic of the battery plan from the start, retained a copy of it:

 

What has Stopped Detention and Deportation

Posted on by

Barack Obama has selectively issued waivers on countless laws, one with real consequences is deportations. Then in August of 2013, the federal court, noted the 9th circuit ruled in a case Rodrigues v. Robbins that long-term detention without due process required immediate bond hearings. As a result, detention and deportations laws and procedures have been turned upside down.

Enforcement? What Enforcement?

by Mark Krikorian
Three recent items highlight the continuing collapse of interior immigration enforcement under Obama.
The first is information pried out of DHS by Senators Grassley and Sessions: One hundred twenty-one convicted criminals who faced deportation orders between 2010 and 2014 were never removed from the country and now face murder charges, according to Immigration and Customs Enforcement (ICE). Just to be clear, these were convicted criminals, in ICE custody, who had been ordered deported but were instead released back into U.S. communities, and then went on to murder Americans. Most were released simply because the administration didn’t want to detain them. Only for two dozen does the administration have any excuse at all, saying that they had to be released because their home countries wouldn’t take them back. And even that’s no excuse, for two reasons: the Supreme Court decision Obama’s people point to (Zadvydas v. Davis) limiting open-ended detention beyond six months of any criminal aliens whose countries won’t take them back has significant wiggle room in it – wiggle room the administration refuses, in this one and only instance, to take advantage of.
And second, the law requires the State Department to impose visa sanctions on countries that won’t take their own citizens back, a requirement Secretaries Clinton and Kerry have simply ignored. Some of the blood of these 121 murdered Americans (whose names we don’t know, presumably because ICE is protecting their murders’ privacy rights) is on the hands of this administration, which chose to release the convicted criminal aliens back into the United States rather than keep them in detention.
If that’s not depressing enough, Maria Sachetti at the Boston Globe has done yeoman’s work in uncovering hundreds of immigrant sex criminals whom ICE let go because of the same Supreme Court ruling – without even making sure they were registered with local authorities as sex offenders. Here’s what happened in several instances after their release by ICE: Immigration officials tried to deport Luis-Leyva Vargas, 47, to Cuba after he served three years in a Florida prison for unlawful sex with a teen. In 2008, officials released him. Two years later, he kidnapped an 18-year-old in Rockingham County, Va., at knifepoint and raped her. Now he is serving a 55-year prison sentence. Felix Rodriguez, a 67-year-old sex offender convicted of raping children as young as 4 in the 1990s, was freed in 2009, also because Cuba would not take him back. Months later, he fatally shot his girlfriend in Kansas City. He pleaded guilty and is serving 10 years in a Missouri prison. Andrew Rui Stanley, convicted in 2000 of multiple counts of sodomizing a child when Stanley was 14, was released in 2009 after Brazil failed to provide a passport needed to send him home. For the next two years, he viciously abused three children in St. Louis and now, at age 31, will be in prison for the rest of his life. None of these sickening crimes should have been allowed to occur. An administration that took public safety seriously would find ways to detain criminals until they could be deported, and apply whatever pressure was needed to get their native countries to comply. But this is not that administration. And finally, on a less grisly note, my colleague Jessica Vaughan has uncovered data showing a collapse in worksite enforcement.
In effect, as the Washington Times headline put it, “Obama gives free pass to businesses that hire illegals.” From 2013 to 2015, the number of ICE audits of employer records (to check the work eligibility of employees) dropped 86 percent; arrests of crooked employers dropped 73 percent; and fines collected dropped 51 percent. It seems that once it became clear that Sen. Rubio’s amnesty/immigration-surge bill was not going to reach his desk, Obama called a halt to the (limited) show of worksite enforcement he had ordered up to persuade skeptical Republican House members that he could be trusted to enforce the provisions of Rubio’s amnesty/immigration-surge bill. The fact that he cut back so drastically on enforcement when it was no longer politically useful is proof that such skepticism was warranted.
And finally, as evidence of this administration’s true priorities, USCIS is broadcasting “DACA Renewal Tips” out of a concern that some recipients of Obama’s lawless version of the DREAM Act amnesty may not renew their two-year work permits (presumably to avoid paying the fee, since they that there won’t be any enforcement consequences from reverting to illegal status).

State Dept. Breaking Laws for the Sake of Iran

Posted on by

At least on 2 tracks the State Department is breaking the law when it comes to Iran.

Sanctions

The State Department (State) is three years late in slapping certain sanctions on Iran, prompting new allegations that the Barack Obama administration is deliberately skirting US law in its quest for a nuclear deal.

Under the Iran, North Korea and Syria Nonproliferation Act (INKSNA), State is supposed to inform Congress every six months of attempts to help the three countries obtain weapons of mass destruction and certain missile technology. The law requires the agency to sanction violators or justify its decision not to.

But the department has fallen way behind in recent years, according to a government watchdog report obtained by Al-Monitor. Delays have kept on getting longer, with Congress receiving an update on violations committed in 2011 only in December 2014.

“Our analysis demonstrates that State is falling further and further behind in providing the reports and is now juggling a backlog of draft reports at different stages of that process,” the US Government Accountability Office (GAO) report concludes. “The imposition of sanctions no sooner than 3 or more years after the transfer occurred may diminish the credibility of the threatened sanction.”

The State Department acknowledges the delays but faults a complex web of agency reviews to make sure allegations of violations are substantiated. Republicans, however, are jumping on the report as further evidence of the Obama administration bending over backwards to placate Tehran.

“How many overtures of good will are we sending to these guys? How many times do we have to bend over to look like we’re good people?” Rep. Ileana Ros-Lehtinen, R-Fla., told Al-Monitor ahead of her Middle East subcommittee’s hearing on the issue the afternoon of June 17. “It’s unbelievable. Iran keeps demanding more of us, and we keep on giving them more kind signals.”

The GAO report is but the latest example of questionable sanctions enforcement that has raised congressional ire in recent months.

Earlier this year, according to Israel, the United States allowed Iran to purchase used airplanes for an airline that the United States has blacklisted for its ties to Hezbollah and the Iranian National Guard. More details here from al Monitor.


Human Rights Report

Via Free Beacon: Sen. Ted Cruz, R-Texas, is seeking to fine the State Department for illegally withholding the release of a key report on Iranian human rights abuses that was supposed to be released earlier this year, but was withheld, according to sources, in order to appease Iran as negotiations over its nuclear program approach a June 30 deadline.

The Obama administration was legally obligated to release a full report outlining the state of Iranian human rights by Feb. 25 but has so far declined to do so.

Cruz and other senators petitioned the State Department in May to comply with federal law compelling the report’s public release.

“That report was due by law on February 25,” Cruz told the Washington Free Beacon in an interview. “The Obama State Department simply ignored the law. They refused to produce the report. Months have gone by and they continue to refuse to produce the report.”

Angered by this delay, Cruz is gearing up to file legislation this week that would fine the State Department 5 percent of its budget for every 30 days it postpones releasing the report, according to a copy of the bill viewed by the Free Beacon.

“It is a penalty for willfully violating federal law,” Cruz explained. “This is also a policy decision that is profoundly counterproductive.”

“This simply puts a financial bite into the obligation because the Obama administration has demonstrated a willingness over and over again to violate federal law,” Cruz added.

Iran has long been a leading violator of human rights, carrying out hundreds of state-sanctioned executions and abusing the human rights of its citizens. Iran also continues to imprison several American citizens who human rights advocates report are being abused.

Cruz said the report is likely being delayed in order to avoid upsetting the Iranians and potentially harming ongoing nuclear discussion.

“It appears that both President Obama and Secretary of State Kerry are trying to sweep under the rug Iran’s horrific human rights record because, presumably, acknowledging that fact would be inconvenient” for the ongoing diplomacy with Iran, Cruz said.

The policy, he added, appears to be “surrender everything to the Iranian mullahs in a hope they will accede to a [nuclear deal that only accelerates their acquiring nuclear weapons.”

The lawmaker and current presidential candidate went on to accuse the administration of ignoring Iranian human rights abuses.

“This administration has consistently refused to address the human rights violations” committed by Iran, including the imprisonment of Americans such as Saeed Abedini and Washington Post reporter Jason Rezaian, Cruz said.

“The Obama administration seems more focused on swilling Chardonnay with Iranian despots then on securing the release of American citizens wrongly imprisoned,” he said.

In a June 9 letter to Cruz, the State Department claimed the report’s release had been delayed due to Kerry’s intense travel schedule and need to present the report in person.

“The secretary’s participation in the report rollout, even if it must be delayed by his travel, elevates the report,” the State Department said, according to a copy of the letter. “The secretary has needed to travel abroad for extended periods, often on short notice, during the past three months to address a variety of pressing foreign policy concerns.”

“We intend to release the report as soon as possible and will keep you informed,” the letter states.

Cruz criticized the State Department’s response.

“It has been 115 days since the expiration of the statutory deadline” to release the report, he said. “Secretary Kerry has not been on the road continuously for 115 days.”

Kerry, though recently injured and still recovering, phoned in via video link to the State Department’s daily briefing on Tuesday. He did not use to the opportunity to present the Iran report, sources pointed out.

A State Department official would not comment on record about when the report would finally be released.