Arkady Babchenko was Assassinated until he Wasn’t

Hat tip to Ukraine officials, they have fully embraced Russian tactics and used them against the Kremlin’s normal hit job assignments on journalists.

Related reading: Journalistic death and Critics toll in Putin’s Russia

Babchenko wrote a chilling book, titled One Soldier’s War in 2009. In 1995,  he was forced into the Russian military and sent to Chechnya. He has a history with the brutality of Putin.

***

Before ushering Babchenko into the room, Gritsak said investigators had identified a Ukrainian citizen who allegedly was paid $40,000 by the Russian security service to organize and carry out the hit. The unidentified Ukrainian man in turn allegedly hired an acquaintance to be the gunman, Gritsak said.

The man allegedly paid to organize Banchenko’s killing was detained Wednesday, he said, showing a video of the arrest.

Gritsak said killing Babchenko was part of a larger alleged plot by Russian security services. The Ukrainian man was also supposed to procure large quantities of weapons and explosives, including 300 AK-47 rifles and “hundreds of kilos of explosives,” to perpetrate acts of terror in Ukraine, he said.

Babchenko said he was not allowed to go into the details of the sting operation, but said Ukrainian law enforcement had been aware of a contract on his head for two months. He said he was approached by the Ukrainian Security Service, the SBU, a month ago.

KYIV — Ukrainian security officials said they faked the death of a dissident Russian journalist in an effort to catch people it says were involved in a Russian plot to kill him.

Vasyl Hrytsak, the head of Ukraine’s Security Service (SBU), shocked reporters at the SBU headquarters in Kyiv on May 30 when he announced that journalist and Kremlin critic Arkady Babchenko was still alive, a day after Ukrainian authorities announced he had been killed by a gunman outside of his Kyiv apartment.

Hrytsak told reporters that Ukrainian intelligence sources learned that Russia’s security services had ordered the killing of Babchenko several months earlier.

ALSO READ: Transcript Of Babchenko’s Remarks

Hrytsak also said a suspected organizer of an attempted murder plot against Babchenko, identified as a Ukrainian national, was detained as a result of a “special operation” by the SBU.

“We have prevented an attempted murder of Babchenko by carrying out a special operation,” Hrytsak said on May 30. “Thanks to this operation, we were able to foil a cynical plot and document how the Russian security service was planning for this crime.”

Babchenko made a dramatic appearance at the live May 30 television briefing after Hrytsak’s announcement, saying the fictitious reports of his death were part of an SBU operation that had been prepared for two months.

** Babchenko reacts during the news conference in Kyiv on May 30.Babchenko reacts during the news conference in Kyiv on May 30.

“As far as I know, this operation was prepared for two months. A result of that was this special operation,” Babchenko told the briefing. “They saved my life. I want to say thanks. Larger terrorist attacks were prevented.”

Babchenko did not specify what those other planned attacks were. But Hrytsak said the SBU had received information about a plot to kill 30 people in Ukraine, including Babchenko. The security service declined to say who the other 29 people were.

Hrytsak said the detained Ukrainian citizen in the case — a former separatist fighter in eastern Ukraine — had been recruited by Russia to find someone to kill Babchenko. The SBU said the Ukrainian suspect was given $40,000 to organize the killing of Babchenko — $30,000 for the killer and $10,000 for being an intermediary.

“It is known that once the killing was done, [the suspect] was planning to leave Ukraine…He was planning to travel to Russia via a third country,” Hrytsak said.

“We managed not only to break this cynical provocation but also to document the preparation of this shameful crime by Russian special services,” he added.

Prosecutor-General Yuriy Lutsenko, who appeared alongside Babchenko at the May 30 press briefing, said it was necessary to fake the journalist’s death so that the organizers of the plot to kill him would believe they had succeeded.

Babchenko said he had no choice but to take part in the operation.

“I did my job. I’m still alive,” Babchenko said.

“I would like to apologize for what you have all had to go through,” said Babchenko, who broke into tears at times. “I’m sorry, but there was no other way of doing it. Separately, I want to apologize to my wife for the hell that she has been through.”

Ukrainian President Petro Poroshenko said his government would provide round-the-clock protection to Babchenko and his family and called the security services’ effort a “brilliant operation.”

“Ukrainian law enforcement agencies are becoming stronger every day in countering Russian aggression,” Poroshenko said on Twitter. “It is unlikely that Moscow will calm down — I’ve given an order to provide Arkady and his family with protection.”

**

Вітаю з блискучою операцією зі збереження життя російському журналістові Аркадію Бабченку. Українські правоохоронні органи з кожним днем стають сильнішими у протидії російській агресії. Навряд чи Москва заспокоїться – доручив надати Аркадієві та його родині охорону

Translated from Ukrainian by

Congratulations with a brilliant operation on preserving the life of the Russian journalism Arcadia Babenku. Ukrainian law enforcement agencies are becoming stronger in counteraction to the Russian aggression. Hardly Moscow will calm down-commissioned to give the arcade and his Family Protection

Meanwhile, the Reporters Without Borders media watchdog criticized Ukrainian authorities for staging Babchenko’s death, saying it “would not help the cause of press freedom.”

“It is pathetic and regrettable that the Ukrainian police have played with the truth, whatever their motive…for the stunt,” Christophe Deloire, the head of the group, said.

“All it takes is one case like this to cast doubt on all the other political assassinations,” he said, referring to the deaths and attempted assassinations of several Kremlin critics outside of Russia in recent years.

Russian Foreign Ministry spokeswoman Maria Zakharova said after Babchenko’s reappearance on May 30 that officials in Moscow were glad Babchenko was still alive.

But Zakharova said Ukrainian officials had circulated a false story as “propaganda.”

Transcript: Arkady Babchenko’s Remarks After SBU Sting Operation (Edited)

“First, I’d like to apologize for everything you’ve had to go through. I’ve been at the funeral of many friends and colleagues, and I know this nauseous feeling. Sorry for imposing this upon you, but there was no other way.

“Special apologies to my wife for the hell she’s been through these two days. Olya, excuse me, please, but there was no other option.

“I’d also like to thank the Ukrainian Security Service (SBU) for saving my life. … This operation has been prepared for two months. I was told about this a month ago. …

“A week or two ago, Russia announced that [Islamic State] were preparing terrorist attacks before the Champions League [final in Kyiv]. I think it was going to be my [assassination]. …

“What else to say? As I said, two months ago I was approached and told that my assassination has been commissioned and money allocated. Forty-thousand dollars. It turns out I’m quite valuable!”

Kremlin spokesman Dmitry Peskov said that he had only seen media reports so far and otherwise had “no information on the matter.”

He said he did not know “who is doing the accusing and what the accusations are…I cannot say anything,” Peskov said.

Kyiv police and officials from Ukraine’s Interior Ministry had announced on May 29 that Babchenko had died in an ambulance on the way to a hospital after being shot in the back at his Kyiv apartment, where he has lived in exile since August 2017.

Reports of the 41-year-old’s supposed death had stunned colleagues and added to tension between Moscow and Kyiv, whose ties have been badly damaged by Russia’s seizure of Crimea and backing for separatist militants in a devastating war in eastern Ukraine.

In a post to Facebook just hours after news of Babchenko’s death emerged, Prime Minister Volodymyr Hroysman said, “I am convinced that the Russian totalitarian machine could not forgive his honesty and principled position.”

Before Babchenko’s dramatic reappearance on May 30, Peskov said allegations of a Russian assassination plan were part of an anti-Russia smear campaign.

Aleksandr Bortnikov, the head of Russia’s Federal Security Service (FSB), said Ukrainian allegations of an FSB plot were nonsense and a provocation.

Babchenko is well-known for his criticism of the Kremlin.

His reporting about Moscow’s support for pro-Russia separatist fighters in eastern Ukraine brought him severe criticism by Russian state media and from Russian officials.

Babchenko told RFE/RL in December 2016 that “all of the elements” of Russia’s state “propaganda machine” were engaged against him after he posted comments to Facebook about the crash of a Russian military plane in the Black Sea.

All 92 people on board were killed, including members of the Russian Army’s renowned choir, the Aleksandrov Ensemble, who were traveling to give a performance for Russian troops in Syria.

Babchenko said the reaction by state officials and state media to his remarks was intended to send a signal to Russian society that “we must be in one line; we must express sadness; we must appear sad — and anyone who doesn’t must be destroyed.”

‘Forced To Flee’

Babchenko told RFE/RL in late 2016 that State Duma Deputy Vitaly Milonov, Federation Council member Frants Klintsevich, and Russian media like Channel One and Life News were “stitching together some fake news” about him.

Babchenko said: “A major effort is being organized. They aren’t investigating why the plane crashed but instead are persecuting me.”

In February 2017, writing for Britain’s The Guardian newspaper, Babchenko said: “I can tell you what political harassment feels like in [President Vladimir] Putin’s Russia. Like many dissidents I am used to abuse, but a recent campaign against me was so personal, so scary, that I was forced to flee.”

Babchenko served in the Russian Army during the first separatist war in Chechnya in the 1990s before he became a journalist.

He worked as a military correspondent and wrote for several Russian media organizations, including the Moskovsky Komsomolets daily newspaper and Novaya Gazeta, as well as TV Tsentr, and Channel One TV.

He had been scathingly critical of the Kremlin in recent years. He moved to Kyiv in the autumn of 2017, where he worked as a host for the Crimean Tatar TV station, ATR.

Trump Admin Imposes More Sanctions on Iran

I can think of a few that are missing, but this is a good start.

Primer: For context on Iranian activities/ Azadeh deplaned, exited customs and collected her bags. Suddenly, according to Azadeh, she was encircled by five agents of Iran’s Revolutionary Guard (IRGC), who informed her of her arrest on national security grounds. Her belongings were confiscated. She was handcuffed, blindfolded and pushed into the back seat of a car, where a female IRGC agent forced her to rest her head in the agent’s lap to avoid detection. “Where are we going?” Azadeh asked, as they sped through Tehran. “Evin Prison,” her captor replied. And here began Azadeh’s months-long nightmare in the fetid dungeons of the Islamic Republic. Read more here. (It is a must read)

Barbaric attack on Iran’s political prisoners draws ... photo

Washington – Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) designated two Iranian entities for committing serious human rights abuses on behalf of the Government of Iran, as well as three leaders of one of these entities, the Ansar-e Hizballah organization.  Additionally, OFAC designated an entity that has operated information or communications technology that facilitates monitoring or tracking that could assist or enable serious human rights abuses by or on behalf of the Government of Iran.  Finally, OFAC designated two individuals for engaging in censorship activities that prohibit, limit, or penalize the exercise of freedom of expression or assembly by citizens of Iran, and one individual for acting for or on behalf of an entity engaged in such censorship activities.  These designations come in the wake of recent protests by the Iranian people and the regime’s subsequent brutal crackdown.

“Iran not only exports terrorism and instability across the world, it routinely violates the rights of its own people.  The Iranian regime diverts national resources that should belong to the people to fund a massive and expensive censorship apparatus and suppress free speech,” said Treasury Secretary Steven T. Mnuchin.  “Those who speak out against the regime’s mismanagement and corruption are subject to abuse and mistreatment in Iran’s prisons.  America stands with the people of Iran, and Treasury is taking action to hold the Iranian regime accountable for ongoing human rights abuses, censorship, and other despicable acts it commits against its own citizens.”

Today’s actions target the Iranian regime’s repression of its own people and the suppression of their freedoms of speech, expression, and peaceful assembly.  As President Trump emphasized in his May 8, 2018 announcement of his decision to cease the United States’ participation in the Joint Comprehensive Plan of Action (JCPOA), the United States will not allow Iran’s malign behavior to go unchecked.  These actions show a desire to hold malicious actors accountable for their actions even as they try to hide from international scrutiny.

Ansar-e Hizballah and Associated Individuals

OFAC is designating Ansar-e Hizballah for its role in serious human rights abuses in Iran.  Additionally, OFAC designated three individuals for acting for or on behalf of the organization. Ansar-e Hizballah was designated pursuant to Executive Order (E.O.) 13553 for being an official of the Government of Iran or a person acting on behalf of the Government of Iran (including members of paramilitary organizations) who is responsible for or complicit in, or responsible for ordering, controlling, or otherwise directing, the commission of serious human rights abuses against persons in Iran or Iranian citizens or residents, or the family members of the foregoing.

Ansar-e Hizballah has been involved in the violent suppression of Iranian citizens and has collaborated with the Basij to violently attack Iranian students with knives, tear gas, and electric batons.  The Basij Resistance Force was designated pursuant to E.O. 13553 on June 9, 2011 for committing serious human rights abuses in Iran.

An organization supported by the Iranian regime that harasses and attacks the Iranian people, Ansar-e Hizballah has been linked to acid attacks against women in the city of Isfahan.  Multiple women who were not dressed in accordance with the regime’s standards had acid thrown at them, severely injuring them and creating a climate of fear.

Abdolhamid Mohtasham is being designated pursuant to E.O. 13553 for acting for or on behalf of Ansar-e Hizballah.  As a founding member and key leader of the group, Abdolhamid Mohtasham plays a significant role in overseeing the group’s actions.  He has threatened to use Ansar-e Hizballah to patrol Iranian streets and attack women whom he deems to be unvirtuous.

Hossein Allahkaram is being designated pursuant to E.O. 13553 for acting for or on behalf of Ansar-e Hizballah.  In 2011 the European Union sanctioned Hossein Allahkaram for co-founding and leading Ansar-e Hezbollah, noting that under his leadership the group used extreme violence during multiple crackdowns on student protestors.

Lastly, Hamid Ostad is being designated pursuant to E.O. 13553 for acting for or on behalf of Ansar-e Hizballah.  Hamid Ostad, who founded the Mashhad branch of Ansar-e Hizballah, was implicated in a mob attack against the Saudi Arabia Consulate in Mashhad.

Evin Prison

OFAC is designating Evin Prison pursuant to Executive Order (E.O.) 13553 for being a person acting on behalf of the Government of Iran (including members of paramilitary organizations) who is responsible for or complicit in, or responsible for ordering, controlling, or otherwise directing, the commission of serious human rights abuses against persons in Iran or Iranian citizens or residents, or the family members of the foregoing.

Prisoners held at Evin Prison are subject to brutal tactics inflicted by prison authorities, including sexual assaults, physical assaults, and electric shock.  Iran’s Ministry of Intelligence and Security (MOIS) and Islamic Revolutionary Guard Corps (IRGC) maintain permanent wards in Evin Prison where they hold political prisoners.  And while senior regime officials regularly downplay the torture and abuse that occurs in Evin Prison, the abuse of prisoners, including political prisoners, continues once sham inspections into the prison conditions end.

Iran’s MOIS was designated pursuant to E.O. 13553 on February 16, 2012 for committing serious human rights abuses in Iran.  The IRGC was designated pursuant to Executive Order 13553 on June 9, 2011 for committing serious human rights abuses in Iran.

Hanista Programming Group

OFAC is designating Iran-based Hanista Programing Group pursuant to E.O. 13606 for having operated, or having directed the operation of, information and communications technology that facilitates computer or network disruption, monitoring, or tracking that could assist in or enable serious human rights abuses by or on behalf of the Government of Iran.

Hanista Programing Group is responsible for creating and distributing alternative versions of the popular messaging and social media application Telegram that facilitate the Iranian regime’s monitoring and tracking of Iranian and international users.

Hanista Programing Group developed two social media applications called Mobogram and MoboPlus and embedded malicious content in them that facilitates the monitoring and tracking of Iranian citizens.  This monitoring and tracking functionality could assist or enable serious human rights abuses by the Government of Iran, including the IRGC and MOIS.

Designation of Two Iranian Regime Officials for Censorship Activities

OFAC is designating Abolhassan Firouzabadi and Abdolsamad Khoramabadi pursuant to E.O. 13628 for having engaged in censorship or other activities with respect to Iran that prohibit, limit, or penalize the exercise of freedom of expression or peaceful assembly by citizens of Iran, or that limit access to print or broadcast media.

Abolhassan Firouzabadi is responsible for the Iranian government’s efforts to block social media applications like Telegram and to force Iranians to use state-run applications that are monitored by the regime.  As the Secretary of Iran’s Supreme Council of Cyberspace, Abolhassan Firouzabadi heads the country’s top Internet policymaking body and oversees the regime’s attempts to censor speech and media.

The Supreme Council of Cyberspace was designated pursuant to E.O. 13628 on January 12, 2018.

As the Secretary of the Committee to Determine Instances of Criminal Content, Abdolsamad Khoramabadi has overseen the filtering and blocking of political content during elections.  In 2017, Abdolsamad Khoramabadi tasked the Basij to lead the regime’s crackdown on cyber activity, and claimed that the country had thousands of monitors to report violations of websites and social media networks.

The Committee to Determine Instances of Criminal Content was designated pursuant to E.O. 13628 on May 30, 2013.

Designation of the Director of Islamic Republic of Iran Broadcasting (IRIB)

Lastly, OFAC is designating Abdulali Ali-Asgari pursuant to E.O. 13628 for acting for or on behalf of IRIB.

Abdulali Ali-Asgari is the current Director General of IRIB and has acted on behalf of the organization, including representing the organization in international for a.

The IRIB was designated pursuant to E.O. 13628 on February 6, 2013 for restricting or denying the free flow of information to or from the Iranian people.  IRIB was implicated in censoring multiple media outlets and airing forced confessions from political detainees.

As a result of these actions, all property and interests in property of the persons designated today that are in the United States or in the possession or control of U.S. persons must be blocked and reported to OFAC, and U.S. persons are generally prohibited from engaging in transactions with such persons.  In addition, foreign financial institutions that knowingly facilitate significant transactions for, or persons that provide material or certain other support to, the individuals and entities designated today risk exposure to sanctions that could sever their access to the U.S. financial system or block their property and interests in property subject to U.S. jurisdiction.

Identifying information on the individuals and entities designated today.

####

Chinese Spy Networks in Britain and United States

The agents are thought to have handed over secrets while still in service for France’s external DGSE intelligence agency, similar to Britain’s MI6 and America’s CIA, Ms Parly told CNews television. The third person – believed to be the wife – has been indicted for “concealment of treasonable crimes” and placed under “judicial control”, meaning judges keep close tabs on her pending trial. More here.

France arrests two spies for passing secrets to China photo

France has confirmed the arrest of two French intelligence officers who are accused of spying for the Chinese government. It appears that the two officers were captured and charged in December. However, their arrests were not publicized at the time, because French counterintelligence officials wanted to avoid alerting more members of a possible spy ring, which some say may include up to five French citizens. It was only last Friday, a day after French media published leaked reports of the arrests, that the French government spoke publicly about the case.

France’s Minister of the Armed Forces, Florence Parly, told France’s CNews television on Friday that two French intelligence officers were “accused of extremely serious acts of treason” against the French state. The two officers had been charged with delivering classified information to a foreign power”, she said. Parly added that the spouse of one of the officers was also being investigated for participating in acts of espionage on behalf of a foreign country. When asked to identify the country that the two officers are accused of spying for, the minister refused to respond. But the Agence France Presse news agency cited an anonymous “security source”, who said that the two intelligence officers were being suspected of spying for China and that they had been captured following a sting operation by French counterintelligence officers.

French television station TFI1 said on Friday that both spy suspects are officers in the General Directorate of External Security (DGSE), France’s primary external intelligence agency. The station added that at least one of the two suspects was stationed at the embassy of France in Beijing when French counterintelligence became aware of the alleged espionage. According to some reports, the two suspects had retired from the DGSE by the time they were arrested, but committed their alleged espionage while still in the service of the spy agency. French government officials have refused to provide information about the length of the alleged espionage or the nature of the classified information believed to have been compromised. Additionally, no information is available about whether the two alleged spies were working in cooperation with each other. The BBC asked China last week about the arrests in France, but the Chinese Ministry of Foreign Affairs said it was not aware of the incident.

*** As a reminder, the United States has it’s own Chinese spy network. Jerry Chun Shing Lee was charged with aiding China dismantle a U.S. informant network in China in exchange for money. He has plead not guilty.

a man smiling for the camera © Provided by South China Morning Post Publishers Limited

It was this past February that FBI Director Chris Wray provided testimony to the Senate Intelligence Committee that Chinese spies have fully infiltrated U.S. universities. Additionally, China continues to gain access and in many cases successfully, of U.S. technologies and intellectual properties through telecommunications companies, academia and most especially with joint business adventures.

China has launched an ‘all society’ approach to gain access to intellectual property and some universities are pushing back on the warnings put forth by Director Wray as there are an estimated 400,000 Chinese students studying in the United States, many attending cash strapped colleges.

China Annexed the DPRK, C’mon Admit it, China is an Adversary

Primer: The Fiscal 2019 NDAA includes impose a ban on technology products from Chinese firms such as ZTE and Huawei. Yet, North Korea has it courtesy of China.

And:

The Financial Crimes Enforcement Network (FinCEN) is issued this advisory to further alert financial institutions to North Korean schemes being used to evade U.S. and United Nations (UN) sanctions, launder funds, and finance the North Korean regime’s weapons of mass destruction (WMD) and ballistic
missile programs.

Private companies in China are not private at all. The Chinese state holds at least some stock and often a larger voting block. Private Chinese companies invests all over the world including Venezuela, United States, Britain as well as regions such as Latin America and Africa.

You can bet most of those companies in North Korea are actually owned by the Chinese State.

China does bad things and yet no world leader publicly states that fact nor declares China is an adversary while China has declared the United States as an adversary. President Xi, the now eternal ruler quotes a dynasty cliche ‘Tǒngzhì yīqiè zài yángguāng xià’, translation is rule everything under the sun.

So now we have ZTE: ZTE, once the scourge of U.S. authorities for its violations of Iran sanctions, has become a key source of evidence about North Korea’s use of the American financial system to launder money, said the people, who gave details about the confidential investigations on the condition of anonymity. Federal investigators have been poring through data supplied by ZTE to find links to companies that North Korea has used to tap into the U.S. banking system, the people said.

Using evidence from ZTE, prosecutors on June 14 filed a case seeking $1.9 million held in six U.S. bank accounts in the name of China’s Mingzheng International Trading Limited. Prosecutors allege that Mingzheng is a front company for a covert Chinese branch of North Korea’s state-run Foreign Trade Bank. Between October and November 2015, Mingzheng was a counterparty to 20 illicit wire transfers in violation of the International Emergency Economic Powers Act, according to prosecutors.

On Aug. 22, prosecutors in Washington filed a lawsuit seeking more than $4 million in funds tied to China’s Dandong Chengtai Trading Limited and a network of companies owned by Chi Yupeng, a Chinese national with close ties to North Korea’s military. That same day, the Treasury Department added Dandong Chengtai Trading and several of its business affiliates, as well as Mingzheng, to the sanctions list. More here.

During the negotiations for the talks between Kim Jung Un and President Trump, ZTE was thrown in the mix. Why? China made some demands during recent trade talks. It was just announced that Trump imposed a $1.5 billion fine on ZTE and relayed that to President Xi. More negotiations and the final fine was $1.3 billion and alter the Board members of ZTE, which means that China state cannot have any management or vote. China will skirt that too. How so?

AEI explained it for us and quite well.

One of the substantial challenges in curtailing North Korea’s nuclear program is preventing Chinese companies from doing business with their pals in Pyongyang. Usually, Chinese companies in North Korea operate through networks of shell companies to avoid falling afoul of US and international sanctions. And most of these companies are small in scope and can easily rebrand themselves if caught. Enter Zhongxing Telecommunications Equipment (ZTE), not a small, expendable subsidiary, but instead a large PRC state-owned enterprise (SOE) with over 74,000 employees.

ZTE has transferred US technology to North Korea, supplying the Kim regime with US telecommunications tech that strengthens its defense capabilities by allowing it indirect access to US semiconductors (dual use technology for communications).  For that and other transgressions — including violating US Iran sanctions — ZTE paid a monster fine and entered into an agreement with the US to cease and desist. It was caught violating that agreement and banned from business with the United States as a result.

But President Trump offered China’s state-owned ZTE a lifeline via a May 13 tweet. Apparently, all that it took was for Chinese President Xi to dangle access for US agriculture exports to China in exchange for allowing ZTE to continue to do business with American firms. For what it’s worth, the president denied intending to lift the sales ban, but then followed up to describe a punishment that includes lifting the sales ban.

What’s Donald Trump’s message to Beijing (and Pyongyang and Tehran)? Companies that matter to China’s top leadership can violate US sanctions with impunity. All it takes is the will to blackmail the US and large Chinese SOEs will have carte blanche to supply the rogue regimes of the world.

Remember, Chinese SOEs that do business with North Korea are not motivated merely by profit. Instead, they are motivated by policy directives that originate in the Chinese Communist Party. Historically, China’s position on North Korea has been fairly opaque, yet its continued trade with the regime indicates Beijing has an interest in its wellbeing, in direct opposition to US interests and overall security in Asia.

At the end of the day, President Trump says he wants to cripple North Korea’s nuclear program. If North Korean dictator Kim Jong Un won’t denuclearize voluntarily, the US will have to rely on “maximum pressure,” including aggressive sanctions. Forgiving ZTE for violating US law is yet another example of the US shooting itself in the foot in dealing with North Korea. And probably not the last.

Meanwhile, as North Korea blew up the tunnels leading to the already destroyed nuclear test site, no one has asked where are those nuclear weapons now? No one has mentioned other possible military dimension sites or missile locations. Just as a reminder:

 

 

FBI Working to Stop Massive Russian Malware Network

Sofacy Cyber-Espionage Group Resurfaces with New Backdoors ...  photo

Cisco’s Talos research unit yesterday reported its discovery of VPNFilter, a modular and stealthy attack that’s assembled a botnet of some five-hundred-thousand devices, mostly routers located in Ukraine. There’s considerable code overlap with the Black Energy malware previously deployed in attacks against Ukrainian targets, and the US Government has attributed the VPNFilter campaign to the Sofacy threat group, a.k.a. Fancy Bear, or Russia’s GRU military intelligence service.
Ukrainian cybersecurity authorities think, and a lot of others agree with them, that Russia was gearing up a major cyberattack to coincide with a soccer League Championship match scheduled this Saturday in Kiev as part of the run-up to the World Cup. They also think it possible an attack could be timed for Ukraine’s Constitution Day, June 28th.
The US FBI has seized a key website used for VPNFilter command-and-control, which US authorities hope will cripple the campaign. The Justice Department says that VPNFilter could be used for “intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities.”

***

FBI agents armed with a court order have seized control of a key server in the Kremlin’s global botnet of 500,000 hacked routers, The Daily Beast has learned. The move positions the bureau to build a comprehensive list of victims of the attack, and short-circuits Moscow’s ability to reinfect its targets.

The FBI counter-operation goes after  “VPN Filter,” a piece of sophisticated malware linked to the same Russian hacking group, known as Fancy Bear, that breached the Democratic National Committee and the Hillary Clinton campaign during the 2016 election. On Wednesday security researchers at Cisco and Symantec separately provided new details on the malware, which has turned up in 54 countries including the United States.

VPN Filter uses known vulnerabilities to infect home office routers made by Linksys, MikroTik, NETGEAR, and TP-Link. Once in place, the malware reports back to a command-and-control infrastructure that can install purpose-built plug-ins, according to the researchers. One plug-in lets the hackers eavesdrop on the victim’s Internet traffic to steal website credentials; another targets a protocol used in industrial control networks, such as those in the electric grid. A third lets the attacker cripple any or all of the infected devices at will.

The FBI has been investigating the botnet since at least August, according to court records, when agents in Pittsburgh interviewed a local resident whose home router had been infected with the Russian malware. “She voluntarily relinquished her router to the agents,” wrote FBI agent Michael McKeown, in an affidavit filed in federal court. “In addition, the victim allowed the FBI to utilize a network tap on her home network that allowed the FBI to observe the network traffic leaving the home router.”

FBI working to disrupt massive malware network linked to Russia

The FBI is working to disrupt a massive, sophisticated Russia-linked hacking campaign that officials and security researchers say has infected hundreds of thousands of network devices across the globe.

The Justice Department late Wednesday announced an effort to disrupt a botnet known as “VPNFilter” that compromised an estimated 500,000 home and office (SOHO) routers and other network devices. Officials explicitly linked the botnet to the cyber espionage group known as APT 28, or Sofacy, believed to be connected to the Russian government.

Officials said that the U.S. attorney’s office for the western district of Pennsylvania has obtained court orders allowing the FBI to seize a domain that is part of the malware’s command-and-control infrastructure. This will allow officials to redirect attempts by the malware to reinfect devices to an FBI-controlled server, thereby protecting devices from being infected again after rebooting.

Assistant Attorney General for National Security John C. Demers in a statement described the effort as the “first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities.”

Cybersecurity researchers first began warning of the destructive, sophisticated malware threat on Wednesday. Cisco’s Talos threat intelligence group said in a blog post Wednesday that VPNFilter had infected at least 500,000 devices in 54 or more countries.

The researchers had been tracking the hacking threat for several months and were not ready to publish their findings, but when the malware began infecting devices in Ukraine at an “alarming rate,” they decided to publish their research early.

“Both the scale and the capability of this operation are concerning. Working with our partners, we estimate the number of infected devices to be at least 500,000 in at least 54 countries,” the researchers wrote.

The malware targets home and office routers and what are known as network-access storage (NAS) devices, hardware devices that store data in one, single location but can be accessed by multiple individuals — creating a massive system of infected devices, commonly known as a botnet.

VPNFilter also uses two stages of malware, an unusual set up that makes it more difficult to prevent a device from being re-infected after it is rebooted. The FBI on Wednesday urged individuals whose devices may have been infected to reboot them as soon as possible.

The FBI is also also soliciting help from a nonprofit known as the Shadowserver Foundation, which will pass the IP addresses to internet service providers, foreign computer emergency teams and others to help stem the damage.

The malware is the latest sign of the growing cyber threat from Russia. News of the outbreak comes roughly a month after senior U.S. and British officials blamed the Russian government for coordinated cyberattacks on network devices in an effort to conduct espionage and intellectual property theft.

The U.S. has also blamed Moscow for the global cyberattack known as notPetya that ravaged computers across the globe last summer, calling it the most destructive and costly cyberattack in history.

The code of VPNFilter has similarities with version of another malware known as BlackEnergy, which was used in an attack on Ukraine’s power grid in late 2015. The Department of Homeland Security has linked the malware to the Russian government.