Category Archives: Failed foreign policy

Russia Expels Western Diplomats then Announces High Tech Weapons

Posted on by

“U.S. ambassador to Russia Jon Huntsman has been summoned to our ministry, where my deputy Sergei Ryabkov is briefing him on the tit-for-tat steps against the U.S.,” Lavrov said, according to the state-run Tass Russian News Agency.

“They include the expulsion of the same number of diplomats and our decision to withdraw consent to the work of the Consulate General in St. Petersburg.” More here.

Russia to Expel U.S. Diplomats, Close St. Petersburg ... photo

Meanwhile….

Robotics, artificial intelligence, and a willingness to strike the enemy’s non-military targets will figure in the country’s future strategies.

The U.S. military isn’t alone in its plans to pour money into drones, ground robots, and artificially intelligent assistants for command and control. Russia, too, will be increasing investment in these areas, as well as space and information warfare, Russian Army Gen. Valery Gerasimov told members of the Russian Military Academy of the General Staff last Saturday. In the event of war, Russia would consider economic and non-military government targets fair game, he said.

The comments are yet another sign that the militaries of the United States and Russia are coming more and more to resemble one another in key ways — at least in terms of hyping future capabilities. The chief of the General Staff said the Russian military is already developing new drones that could perform strike as well as reconnaissance missions. On the defensive side, the military is investing in counter-drone tech and electromagnetic warfare kits for individual troops.

The Russians are building an “automated reconnaissance and strike system,” he said, describing an AI-drive system that sounds a bit like the Maven and Data to Decision projects that the United States Air Force is pursuing. The goal, according to Gerasimov, was to cut down on the time between reconnaissance for target collection and strike by a factor of 2.5, and to improve the accuracy of strike by a factor of two. The Russian government is developing new, high-precision strike weapons for the same purpose. “In the future, precision weapons, including advanced hypersonics, will allow for the transfer the fundamental parts of strategic deterrence to non-nuclear weapons,” he said.

Sam Bendett, a research analyst at the Center for Naval Analyses, says the moves signal that the Russian military is trying to push fighting further away from its borders, thus growing the area to which it can deny access, or at least appear to do so. “Russia’s current force composition is aiming at short-range, short-duration conflict where its forces can overwhelm the adversary close to Russian borders. The new technology Gerasimov discusses would allow Russia to conduct deep-strikes within enemy territory, thus ‘pushing’ the actual fighting far from Russian borders and Russian vulnerability to Western precision-guided weapons,” he said.

What would Gerasimov hit with those weapons? In his talk, the Russian general said that enemy economic and non-military aspects of government could be on the list of potential targets. “The objects of the economy and the state administration of the enemy will be subject to immediate destruction, in addition to the traditional spheres of armed struggle, the information sphere and space will be actively involved,” he told the audience.

Says Bendett, “the use of such technologies is especially important given the type of war Moscow intends to fight. Gerasimov stated that potential adversary’s economic targets, as well as government’s ability to govern, will be fair game. Striking deep into enemy territory can be accomplished more easily by unmanned systems—whether armed with EW, various sensors or strike components … All this also depends on the Russian military-industrial complex’s ability to properly marshal the needed resources in an organized fashion in order to field this technology.”

One other explanation for the tough talk: Russia is hardly an even match for the United States in terms of either military spending or capability. The recently announced $61 billion increase in the U.S. military budget over last year’s budget (bringing the total to $700 billion) is greater than the entire Russian military budget, which sits around $46 billion. That number represents about 2.86 percent of Russian GDP. In December, Putin said that the government would “reduce” future expenditures.

“Gerasimov is, like anyone in a senior military post, a lobbyist as much as a soldier, and at a time when the Russian defense budget is going to continue to shrink, he is doing what he can both to maintain it as high as possible and also to tilt procurement away from older-fashioned metalwork — which is really a way for the Kremlin to subsidise the defence industries rather than what the military want — and towards advanced communications, reconnaissance and targeting capabilities,” said Mark Galeotti, the head of the Center for European Security at UMV, the Institute of International Relations, Prague.

According to Bendett, Russian government leaders are “hedging against impending geopolitical and economic uncertainty by trying to keep their military budget within certain parameters. The [Ministry of Defense] has been talking repeatedly about the rising share of new military tech in service of the Russian military, slowly phasing out older systems in favor of new ones. So the high-tech approach that Gerasimov outlined — space-based weapons, ‘military robots’ — is the next evolutionary stage in Russian military’s evolution to a more high-tech, sophisticated forces capable of rapid strike.”

Gerasimov also took a moment to denounce what he claimed were Western attempts to destabilize the Russian government through information and influence warfare and other subtle tactics. The charge may strike Western audiences as brazenly hypocritical given the Kremlin’s on-going attempts to sow misinformation to global audiences through social media, email theft and propaganda campaigns. But it’s an old talking point for Gerasimov.

Said UMV’s Galeotti: “At a time when the Kremlin is demonstrably worried about what it sees as Western ‘gibridnaya voina‘ [or hybrid war] being waged against it — we don’t have to accept their premises to acknowledge that the Russians genuinely believe this — he is staking out the military’s claims to being relevant in this age. And his answer, as in his infamous 2013 article, and as played out in the first stage of Zapad [the major wargame Russia executed in Belarus last summer] is that the military will deploy massive firepower to smash any foreign incursions meant to instigate risings against Moscow.”

U.S. Caps Money at 25% of UN Peacekeeping

Posted on by

PeaceKeeping Operations - United Nations for the World

photo

For the most part, peacekeepers do not achieve the standards of their home country for military or humanitarian positions, so they are dispatched to the United Nations.

Conflicts where peacekeepers are deployed are also near countries at the top of the list.

The UN’s peacekeepers currently have operations in Western Sahara, Central African Rebpublic, Mali, Haiti, Democratic Republic of the Congo, Darfur, Syria, Cyprus, Lebanon, Abyei, South Sudan, Ivory Coast, Kosovo, Liberia and India and Pakistan.

China’s peacekeepers will form part of the “Peacekeeping Capability Readiness System”, a rapid-deployment standby force.

Its move to become one of the largest forces in the UN’s peacekeepers indicates its growing presence on the world stage, while also saying that China is a responsible power.

The UN’s current peacekeeping budget stands at £5.25bn, and its force has been implemented in 69 missions over the past 68 years. Click here to see the personnel donations from listed countries.

File:United Nations (UN) peacekeepers from Sri Lanka are ... photo

US: Won’t pay over 25 percent of UN peacekeeping anymore

UNITED NATIONS — The United States will no longer shoulder more than a quarter of the multibillion-dollar costs of the United Nations’ peacekeeping operations, Washington’s envoy said Wednesday.

“Peacekeeping is a shared responsibility,” U.S. Ambassador Nikki Haley said at a Security Council debate on peacekeeping reform. “All of us have a role to play, and all of us must step up.”

The U.S. is the biggest contributor to the U.N.’s 15 peacekeeping missions worldwide. Washington is paying about 28.5 percent of this year’s $7.3 billion peacekeeping budget, though Haley said U.S. law is supposed to cap the contribution at 25 percent.

The second-biggest contributor, China, pays a bit over 10 percent.

U.S. President Donald Trump’s administration has complained before that the budget and Washington’s share are too high and pressed to cut this year’s budget. It is $570 million below last year’s, a smaller decrease than the U.S. wanted.

“We’re only getting started,” Haley said when the cut was approved in June. It followed a $400 million trim the prior year, before Trump’s administration.

Haley said Wednesday that the U.S. will work to make sure cuts in its portion are done “in a fair and sensible manner that protects U.N. peacekeeping.”

The General Assembly sets the budget and respective contributions by vote. Spokesmen for Assembly President Miroslav Lajcak and U.N. Secretary-General Antonio Guterres declined to comment on Haley’s remarks, noting that the 193 U.N. member states will decide the budget.

Drawing over 105,000 troops, police and other personnel from countries around the world, the peacekeeping missions operate in places from Haiti to parts of India and Pakistan. Most are in African countries. The biggest is in Congo, where the Security Council agreed just Tuesday to keep the 16,000-troop force in place for another year.

Some missions have been credited with helping to protect civilians and restore stability, but others have been criticized for corruption and ineffectiveness.

In Mali, where 13,000 peacekeepers have been deployed since 2013, residents in a northern region still “don’t feel safe and secure,” Malian women’s rights activist Fatimata Toure told the Security Council on Wednesday. She said violence remains pervasive in her section of a country that plunged into turmoil after a March 2012 coup created a security vacuum.

“We have still not felt (the peacekeeping mission) deliver on its protection-of-civilians mandate,” though it has helped in some other ways, Toure said. “We feel, as civilians, that we’ve been abandoned, left to our fate.”

Peacekeeping also has been clouded by allegations of sexual abuse and exploitation. An Associated Press investigative series last year uncovered roughly 2,000 claims of such conduct by peacekeepers and other U.N. personnel around the world during a 12-year period.

Maintaining peace has become increasingly deadly work. Some 59 peacekeepers were killed through “malicious acts” last year, compared to 34 in 2016, Guterres said Wednesday. A U.N. report in January blamed many of the deaths on inaction in the field and “a deficit of leadership” from the world body’s headquarters to remote locations.

Guterres said Wednesday that the U.N. is improving peacekeepers’ training, has appointed a victims’ rights advocate for victims of sexual abuse and is reviewing all peacekeeping operations.

Still, he said, more needs to be done to strengthen peacekeeping forces and ensure they are deployed in tandem with political efforts, not instead of them. They also shouldn’t be overloaded with unrealistic expectations, he said.

“Lives and credibility are being lost,” he said. “A peacekeeping operation is not an army or a counterterrorist force or a humanitarian agency.”

Representatives from many countries also stressed a need for more focused, better prepared peacekeeping missions and more robust political peace processes.

The U.N., its member states and countries that host peacekeeping missions all “need to shoulder our responsibilities,” said Dutch Prime Minister Mark Rutte, whose country arranged the debate as this month’s Security Council president.

2 Russians May not Survive Poison, but What about Lesin’s Murder?

Posted on by

As of the time this article is published, the Kremlin is turning the blame of the attempted assassination in Britain on the Brits themselves. There is overwhelming evidence that the poisoning was in fact done at the hands of thugs at the behest of Moscow.

Russia has denied any involvement in the attack and has said it suspects the British secret services of using the Novichok nerve agent, which was developed by the Soviet military, to frame Russia and stoke anti-Russian hysteria.

Sergei and Yulia Skripal poisoned with nerve agent by ... photo

“We believe the Skripals first came into contact with the nerve agent from their front door,” said Dean Haydon, Britain’s’ senior national coordinator for counter terrorism policing. More here from Reuters.

Noisy Room has an excellent summary on Skripal and his daughter, that sadly are not expected to survive the assassination attempt by novichok. In part:

Sergei Skripal, 66, and his daughter, Yulia, are still hospitalized and are in critical condition in Britain after being exposed to the Russian nerve agent called novichok. Authorities now believe it was applied to their front door and that is how they came into contact with it. This is a military grade nerve agent that has no cure.

Skripal’s niece, Viktoria Skripal, told the BBC that the two have about a one percent chance of surviving. If they do, they will be crippled physically and mentally for the rest of their lives. The effects are debilitating and the pain continues to grow. It is prolonged torture until the victim succumbs and dies. She said the prognosis “really isn’t good.” The attack took place on March 4th in Salisbury. “Out of 99 percent, I have maybe 1 percent hope,” she said. “Whatever [nerve agent] was used, it has given them a very small chance of survival. But they’re going to be invalids for the rest of their lives.” More here.

*** But the United States is not without a successful assassination that happened in Washington DC, that seems to continue to be a major coverup. Further, the Obama administration did nothing to Moscow regarding the case.

BuzzFeed News has uncovered new information in its ongoing investigation into the strange death of Russia Today founder and Vladimir Putin’s former media czar Mikhail Lesin on Nov. 5, 2015, thanks – in part – to a report by Christopher Steele.

photo

The [FBI] received his report while it was helping the Washington, DC, Metropolitan Police Department investigate the Russian media baron’s death, the sources said.

(…)

Now BuzzFeed News has established:

• Steele’s report says that Lesin was bludgeoned to death by enforcers working for an oligarch close to Putin, the four sources said.

• The thugs had been instructed to beat Lesin, not kill him, but they went too far, the sources said Steele wrote.

• Three of the sources said that the report described the killers as Russian state security agents moonlighting for the oligarch.

The Steele report is not the FBI’s only source for this account of Lesin’s death: Three other people, acting independently from Steele, said they also told the FBI that Lesin had been bludgeoned to death by enforcers working for the same oligarch named by Steele.

DC police said Lesin died from a series of drunken falls, which just happened to take place the evening before Lesin was scheduled to meet with U.S. Justice Department officials to discuss the inner workings of RT.

BuzzFeed News has been out front on the issue of questionable deaths under Putin’s regime, and in the wake of the poisoning of former spy Sergei Skripal and his daughter Yulia in Salisbury, England on March 4th, the British government says it is taking another look at 14 incidents BuzzFeed has flagged as suspicious.

Meanwhile, the way authorities claim Lesin died in a Dupont Circle hotel in the heart of Washington, DC defies logic.

“What I can tell you is that there isn’t a single person inside the bureau who believes this guy got drunk, fell down, and died,” an FBI agent told BuzzFeed News last year. “Everyone thinks he was whacked and that Putin or the Kremlin were behind it.”

In December, DC police released 58 pages of its case file on Lesin’s death. While many parts are blacked out, what was released says nothing about the blunt force injuries that killed Lesin — or even about him falling down, which is how he is supposed to have died.

(…)

For his report to the FBI about Lesin, Steele gathered intelligence from high-level sources in Moscow, according to the two sources who read the whole report.

All four of the people who read Steele’s report said it pins Lesin’s murder on a professional relationship gone lethally awry. According to the report, they said, Lesin fell out with a powerful oligarch close to Putin. Wanting to intimidate Lesin, the oligarch then contracted with Russian state security agents to beat up Lesin, the report states, according to three of the sources. The goal was not to kill Lesin, all four sources said Steele wrote, but Lesin died from the attack.

The sources could not recall what, if anything, the report said about whether Putin knew of or sanctioned the attack.

Full story: Christopher Steele’s Other Report: A Murder In Washington (BuzzFeed News)

The British Government Will Review Allegations Of Russian Involvement In 14 Suspicious Deaths Exposed By BuzzFeed News (BuzzFeed News)

Related: More Mystery in Russia-Connected DC Death

From CIR’s Human Rights Abuses page:

Eight high-profile Russians have died since the November 8, 2016 U.S. presidential election. Buzzfeed has been investigating 14 suspicious deaths on British soil with ties to Russia that have taken place under Putin’s regime. The news site also has filed a lawsuit to speed up the FBI’s possible release of information pertaining to the suspicious death of Putin’s former media czar, Mikhail Lesin, in a DC hotel the night before he was scheduled to meet with the U.S. Department of Justice back in November 2015.

 

Trump and Allies Expel Russian Diplomats/Operatives

Posted on by

President Donald Trump ordered 60 Russian diplomats the U.S. considers spies to leave the country and closed Russia’s consulate in Seattle. The closure of the Russian consulate in Seattle due to its proximity to one of our submarine bases and Boeing.” The U.S. officials said more than 100 Russian intelligence agents work under cover as diplomats in the U.S. and described the number as unacceptable. They said the U.S. could take further action in the future. The 60 people expelled from the U.S. include 48 attached to the Russian embassy and 12 at the country’s mission to the United Nations. They have seven days to leave the country, the officials said. More here.

US expels 60 Russian diplomats, shutters Seattle consulate | Ap | tulsaworld.com Russian consulate, Seattle

London (CNN)It’s the biggest collective expulsion of alleged Russian intelligence officers in history, according to British Prime Minister Theresa May.

Diplomats are being kicked out of at least 21 countries16 European Union states, the United States, Canada, Ukraine, Norway and Albania in a coordinated effort that represents a significant diplomatic victory for the UK, which blames Russia for poisoning Sergei Skripal and his daughter, Yulia.
The UK has already expelled 23 Russian diplomats. Moscow retaliated by sending the same number of UK diplomats back, and by shuttering British cultural institutions in the country.
Here’s what each country is doing: 

European Union nations

Croatia: Prime Minister Andrej Plenkovic said Croatia will expel one diplomat.
Czech Republic: The Czech Republic will expel three diplomats, Prime Minister Andrej Babis and Foreign Minister Martin Stropnicky announced a press conference. The Czech Foreign Ministry tweeted that it declared the diplomats “personae non gratae.”
The UK had already expelled 23 Russian diplomats. People were seen hugging at the Russian Embassy in London on March 20.
Denmark: The Foreign Ministry announced two diplomats would be expelled. “We stand shoulder to shoulder with Britain and clearly say no to Russia at a time when Russia is also in threatening and seeking to undermine Western values and the rule-based international order in other areas,” Foreign Minister Anders Samuelsen said.
Estonia: Estonia Foreign Ministry told CNN one Russian diplomat, a Russian defense attaché, will be expelled.
Finland: Finland will expel one diplomat, the Foreign Ministry said.
France: French Foreign Minister Jean-Yves Le Drian announced the expulsion of four diplomats, who must leave the country within a week. He said that the decision followed the European Council’s conclusions that the attack “posed a serious threat to our collective security” and that France was acting “in solidarity with our British partners.”
Germany: The German Foreign Ministry said Monday it would expel four diplomats. “In close coordination within the European Union and with NATO allies, the Federal Government has decided to ask four Russian diplomats to leave Germany within seven days. The request was sent to the Russian Embassy today,” the ministry said in a statement.
Hungary: The Foreign Ministry said Hungary would expel one diplomat over “what has been discussed at the European Council meeting,” adding that the diplomat was “also conducting intelligence activities.”
Italy: The Italian Foreign Ministry says it will expel two Russian diplomats from the embassy in Rome “as a sign of solidarity with the United Kingdom and in coordination with the European partners and NATO.”
Latvia: The Foreign Ministry told CNN it would expel one diplomat and one private citizen who runs the office of a Russian company in the capital, Riga.
Lithuania: Foreign Affairs Minister Linas Linkevicius said on Twitter the country would expel three diplomats “in solidarity with the UK over #SalisburyAttack.” Lithuania would also sanction an additional 21 individuals and ban 23 more from entering the country.
Netherlands: Prime Minister Mark Rutte announced the expulsion of two diplomats, saying the use of chemical weapons was unacceptable.
Poland: Poland’s Ministry of Foreign Affairs said it would expel four diplomats and said the attack showed how “a similar immediate threat to the territory and citizens of EU and NATO member states can happen anywhere.”
Romania: Romania’s Foreign Ministry said on Twitter that one diplomat would be expelled.
Spain: The Foreign Ministry said Spain will expel two diplomats. “From the outset, we have considered the nerve agent attack in Salisbury to be an extremely serious development that represents a significant threat to our collective security and to international law,” the ministry said on Twitter.
Sweden: The Foreign Ministry told CNN it will expel one diplomat.

Non-EU countries

Albania: The Ministry of Foreign Affairs told CNN it will expel two Russian diplomats. In a statement, the ministry said called each diplomat a “persona non grata” and said the pair’s activities were “not compliant to their diplomatic status.”
Canada: Ottawa said it was expelling four Russian diplomats alleged to be intelligence officers “or individuals who have used their diplomatic status to undermine Canada’s security or interfere in our democracy.” Additionally it was refusing three applications by Moscow for additional diplomatic staff. “The nerve agent attack represents a clear threat to the rules-based international order and to the rules that were established by the international community to ensure chemical weapons would never again destroy human lives,” Foreign Minister Chrystia Freeland said.
Norway: The Ministry of Foreign Affairs told CNN it would expel one Russian diplomat in response to the attack. “The use of a nerve agent in Salisbury is a very serious matter,” Norwegian Foreign Minister Ine Eriksen Soreide said in a statement. “Such an incident must have consequences.”
Ukraine: President Petro Poroshenko said Ukraine, which has experienced years of hostility from Russia, including the annexation of Crimea, would expel 13 diplomats. “Russia has again reconfirmed its disdainful attitude to the sovereignty of independent states and the value of human life.”
United States: The White House said it was expelling 60 Russian diplomats identified as intelligence agents and also announced the closure of the Russian consulate in Seattle. It represents the most forceful action Trump has taken against Russia to date. Of those being expelled, 48 of the alleged intelligence agents work at the Russian embassy in Washington and 12 are posted at the United Nations in New York, senior administration officials said.

9 Iranians Charged in Hacking 176 Universities, Intellectual Property

Posted on by

Nine Iranians Charged With Conducting Massive Cyber Theft Campaign On Behalf Of The Islamic Revolutionary Guard Corps

Mabna Institute Hackers Penetrated Systems Belonging to Hundreds of Universities, Companies, and Other Victims to Steal Research, Academic Data, Proprietary Data, and Intellectual Property

Rod J. Rosenstein, the Deputy Attorney General of the United States, Geoffrey S. Berman, the United States Attorney for the Southern District of New York, William F. Sweeney Jr., the Assistant Director-in-Charge of the New York Field Division of the Federal Bureau of Investigation (“FBI”), and John C. Demers, Assistant Attorney General for National Security, announced today the unsealing of an indictment charging GHOLAMREZA RAFATNEJAD, EHSAN MOHAMMADI, ABDOLLAH KARIMA, a/k/a “Vahid Karima,” MOSTAFA SADEGHI, SEYED ALI MIRKARIMI, MOHAMMED REZA SABAHI, ROOZBEH SABAHI, ABUZAR GOHARI MOQADAM, and SAJJAD TAHMASEBI.  The defendants were each leaders, contractors, associates, hackers-for-hire, and affiliates of the Mabna Institute, an Iran-based company that was responsible for a coordinated campaign of cyber intrusions that began in at least 2013 into computer systems belonging to 144 U.S.-based universities, 176 universities across 21 foreign countries, 47 domestic and foreign private sector companies, the United States Department of Labor, the Federal Energy Regulatory Commission, the State of Hawaii, the State of Indiana, the United Nations, and the United Nations Children’s Fund.  Through the activities of the defendants, the Mabna Institute conducted these intrusions to steal over 30 terabytes of academic data and intellectual property from universities, and email inboxes from employees of victim private sector companies, government victims, and non-governmental organizations.  The defendants conducted many of these intrusions on behalf of the Islamic Republic of Iran’s (“Iran”) Islamic Revolutionary Guard Corps (“IRGC”), one of several entities within the government of Iran responsible for gathering intelligence, as well as other Iranian government clients.  In addition to these criminal charges, today the Department of Treasury’s Office of Foreign Assets Control (OFAC) designated the Mabna Institute and the nine defendants for sanctions for the malicious cyber-enabled activity outlined in the Indictment.

Deputy Attorney General Rod J. Rosenstein said:  “These nine Iranian nationals allegedly stole more than 31 terabytes of documents and data from more than 140 American universities, 30 American companies, five American government agencies, and also more than 176 universities in 21 foreign countries.  For many of these intrusions, the defendants acted at the behest of the Iranian government and, specifically, the Iranian Revolutionary Guard Corps.  The Department of Justice will aggressively investigate and prosecute hostile actors who attempt to profit from America’s ideas by infiltrating our computer systems and stealing intellectual property.  This case is important because it will disrupt the defendants’ hacking operations and deter similar crimes.”

Manhattan U.S. Attorney Geoffrey S. Berman said:  “Today, in one of the largest state-sponsored hacking campaigns ever prosecuted by the Department of Justice, we have unmasked criminals who normally hide behind the ones and zeros of computer code.  As alleged, this massive and brazen cyber-assault on the computer systems of hundreds of universities in 22 countries, including the United States, and dozens of private sector companies and governmental organizations was conducted on behalf of Iran’s Islamic Revolutionary Guard.  The hackers targeted innovations and intellectual property from our country’s greatest minds.  These defendants are now fugitives from American justice, no longer free to travel outside Iran without risk of arrest.  The only way they will see the outside world is through their computer screens, but stripped of their greatest asset – anonymity.”

FBI Assistant Director William F. Sweeney Jr. said:  “The numbers alone in this case are staggering, over 300 universities and 47 private sector companies both here in the United States and abroad were targeted to gain unauthorized access to online accounts and steal data.  An estimated 30 terabytes was removed from universities’ accounts since this attack began, which is roughly equivalent of 8 billion double-sided pages of text.  It is hard to quantify the value on the research and information that was taken from victims but it is estimated to be in the billions of dollars. The nine Iranians indicted today now find themselves wanted by the FBI and our partner law enforcement agencies around the globe – and like other cyber criminals they will soon learn their ability to freely move was just limited to the virtual world only.”

According to the allegations contained in the Indictment[1] unsealed today in Manhattan federal court:

Background on the Mabna Institute

GHOLAMREZA RAFATNEJAD and EHSAN MOHAMMADI, the defendants, founded the Mabna Institute in approximately 2013 to assist Iranian universities and scientific and research organizations in stealing access to non-Iranian scientific resources.  In furtherance of its mission, the Mabna Institute employed, contracted, and affiliated itself with hackers-for-hire and other contract personnel to conduct cyber intrusions to steal academic data, intellectual property, email inboxes and other proprietary data, including ABDOLLAH KARIMA, a/k/a “Vahid Karima,” MOSTAFA SADEGHI, SEYED ALI MIRKARIMI, MOHAMMED REZA SABAHI, ROOZBEH SABAHI, ABUZAR GOHARI MOQADAM, and SAJJAD TAHMASEBI.  The Mabna Institute contracted with both Iranian governmental and private entities to conduct hacking activities on their behalf, and specifically conducted the university spearphishing campaign on behalf of the IRGC.  The Mabna Institute is located at Tehran, Sheikh Bahaii Shomali, Koucheh Dawazdeh Metri Sevom, Plak 14, Vahed 2, Code Posti 1995873351.

University Hacking Campaign

The Mabna Institute, through the activities of the defendants, targeted over 100,000 accounts of professors around the world.  They successfully compromised approximately 8,000 professor email accounts across 144 U.S.-based universities, and 176 universities located in foreign countries, including Australia, Canada, China, Denmark, Finland, Germany, Ireland, Israel, Italy, Japan, Malaysia, Netherlands, Norway, Poland, Singapore, South Korea, Spain, Sweden, Switzerland, Turkey, and the United Kingdom.  The campaign started in approximately 2013, and has continued through at least December 2017, and broadly targeted all types of academic data and intellectual property from the systems of compromised universities, including, among other things, academic journals, theses, dissertations, and electronic books.  Through the course of the conspiracy, U.S.-based universities spent over approximately $3.4 billion to procure and access such data and intellectual property.

The hacking campaign against universities was conducted across multiple stages.  First, the defendants conducted online reconnaissance of university professors, including to determine these professors’ research interests and the academic articles they had published.  Second, using the information collected during the reconnaissance phase, the defendants created and sent spearphishing emails to targeted professors, which were personalized and created so as to appear to be sent from a professor at another university.  In general, those spearphishing emails indicated that the purported sender had read an article the victim professor had recently published, and expressed an interest in several other articles, with links to those additional articles included in the spearphishing email.  If the targeted professor clicked on certain links in the email, the professor would be directed to a malicious Internet domain named to appear confusingly similar to the authentic domain of the recipient professor’s university.  The malicious domain contained a webpage designed to appear to be the login webpage for the victim professor’s university.  It was the defendants’ intent that the victim professor would be led to believe that he or she had inadvertently been logged out of his or her university’s computer system, prompting the victim professor for his or her login credentials.  If a professor then entered his or her login credentials, those credentials were then logged and captured by the hackers.

Finally, the members of the conspiracy used stolen account credentials to obtain unauthorized access to victim professor accounts, through which they then exfiltrated intellectual property, research, and other academic data and documents from the systems of compromised universities, including, among other things, academic journals, theses, dissertations, and electronic books.  The defendants targeted data across all fields of research and academic disciplines, including science and technology, engineering, social sciences, medical, and other professional fields.  At least approximately 31.5 terabytes of academic data and intellectual property from compromised universities were stolen and exfiltrated to servers under the control of members of the conspiracy located in countries outside the United States.

In addition to stealing academic data and login credentials for university professors for the benefit of the Government of Iran, the defendants also sold the stolen data through two websites, Megapaper.ir (“Megapaper”) and Gigapaper.ir (“Gigapaper”).  Megapaper was operated by Falinoos Company (“Falinoos”), a company controlled by ABDOLLAH KARIMA, a/k/a “Vahid Karima,” the defendant, and Gigapaper was affiliated with KARIMA.  Megapaper sold stolen academic resources to customers within Iran, including Iran-based public universities and institutions, and Gigapaper sold a service to customers within Iran whereby purchasing customers could use compromised university professor accounts to directly access the online library systems of particular United States-based and foreign universities.

Prior to the unsealing of the Indictment, the FBI provided foreign law enforcement partners with detailed information regarding victims within their jurisdictions, so that victims in foreign countries could be notified and so that foreign partners could assist in remediation efforts.

Private Sector Hacking Victims

In addition to targeting and compromising universities, the Mabna Institute defendants targeted and compromised employee email accounts for at least approximately 36 United States-based private companies, and at least approximately 11 private companies based in Germany, Italy, Switzerland, Sweden, and the United Kingdom, and exfiltrated entire email mailboxes from compromised employees’ accounts.  Among the United States-based private sector victims were three academic publishers, two media and entertainment companies, one law firm, 11 technology companies, five consulting firms, four marketing firms, two banking and/or investment firms, two online car sales companies, one healthcare company, one employee benefits company, one industrial machinery company, one biotechnology company, one food and beverage company, and one stock images company.

In order to compromise accounts of private sector victims, members of the conspiracy used a technique known as “password spraying,” whereby they first collected lists of names and email accounts associated with the intended victim company through open source Internet searches.  Then, they attempted to gain access to those accounts with commonly-used passwords, such as frequently used default passwords, in order to attempt to obtain unauthorized access to as many accounts as possible.  Once they obtained access to the victim accounts, members of the conspiracy, among other things, exfiltrated entire email mailboxes from the victims.  In addition, in many cases, the defendants established automated forwarding rules for compromised accounts that would prospectively forward new outgoing and incoming email messages from the compromised accounts to email accounts controlled by the conspiracy.

In connection with the unsealing of the Indictment, today the FBI issued a FBI Liaison Alert System (FLASH) message, providing detailed information regarding the vulnerabilities targeted and the intrusion vectors used by the Mabna Institute in their campaign against private sector companies, to provide the public with information to assist in detecting and remediating the threat.

U.S. Government and NGO Hacking Victims

In the same time period as the university and private sector hacking campaigns described above, the Mabna Institute also conducted a computer hacking campaign against various governmental and non-governmental organizations within the United States.  During the course of that campaign, employee login credentials were stolen by members of the conspiracy through password spraying.  Among the victims were the following, all based in the United States:  the United States Department of Labor, the Federal Energy Regulatory Commission, the State of Hawaii, the State of Indiana, the State of Indiana Department of Education, the United Nations, and the United Nations Children’s Fund.  As with private sector victims, the defendants targeted for theft email inboxes of employees of these organizations.

*                *                *

GHOLAMREZA RAFATNEJAD, EHSAN MOHAMMADI, ABDOLLAH KARIMA, a/k/a “Vahid Karima,” MOSTAFA SADEGHI, SEYED ALI MIRKARIMI, MOHAMMED REZA SABAHI, ROOZBEH SABAHI, ABUZAR GOHARI MOQADAM, and SAJJAD TAHMASEBI, the defendants, are citizens and residents of Iran.  Each is charged with one count of conspiracy to commit computer intrusions, which carries a maximum sentence of five years in prison; one count of conspiracy to commit wire fraud, which carries a maximum sentence of 20 years in prison; two counts of unauthorized access of a computer, each of which carries a maximum sentence of five years in prison; two counts of wire fraud, each of which carries a maximum sentence of 20 years in prison; and one count of aggravated identity theft, which carries a mandatory sentence of two years in prison.  The maximum potential sentences in this case are prescribed by Congress and are provided here for informational purposes only, as any sentencings of the defendants will be determined by the assigned judge.

Mr. Berman praised the outstanding investigative work of the FBI, the assistance of the United Kingdom’s National Crime Agency (NCA), and the support of the OFAC.  The case is being handled by the Office’s Complex Frauds and Cybercrime Unit.  Assistant United States Attorneys Timothy T. Howard, Jonathan Cohen, and Richard Cooper are in charge of the prosecution, with assistance provided by Heather Alpino and Jason McCullough of the National Security Division’s Counterintelligence and Export Control Section.

The charges contained in the Indictment are merely accusations and the defendants are presumed innocent unless and until proven guilty.

[1] As the introductory phrase signifies, the entirety of the text of the Indictment, and the description of the Indictment set forth herein, constitute only allegations, and every fact described should be treated as an allegation.

Attachment(s):
Download U.S. v. Rafatnejad et al Indictment
Topic(s):
Cyber Crime
Component(s):
USAO – New York, Southern
Press Release Number:
18-089