US Treasury to Publish Russian Oligarch Corruption Index

Image result for GRU cyber operations

In December of 2015, Obama took aggressive action expelling Russian diplomats over hacking and political intrusion.

Image result for GRU cyber operations photo

“In addition, the Russian Government has impeded our diplomatic operations by, among other actions — forcing the closure of 28 American corners which hosted cultural programs and English-language teaching; blocking our efforts to begin the construction of a new, safer facility for our Consulate General in St Petersburg; and rejecting requests to improve perimeter security at the current, outdated facility in St Petersburg.” Some additional actions and those expelled include:

Two Russian intelligence agencies, the GRU and the FSB, four GRU officers and three companies “that provided material support to the GRU’s cyber operations”.

The White House named Igor Valentinovich Korobov, the current chief of the GRU; Sergey Aleksandrovich Gizunov, deputy chief of the GRU; Igor Olegovich Kostyukov, a first deputy chief of the GRU; and Vladimir Stepanovich Alexseyev, also a first deputy chief of the GRU. The Obama Executive Order is here.

Image result for GRU cyber operations

White House Fact Sheet on Russian malicious behavior

Slide presentation on Fancy Bear, hacking

Russia’s Oligarchs Brace for U.S. List of Putin Friends

(Bloomberg) — The U.S. Treasury Department is finishing its first official list of “oligarchs” close to President Vladimir Putin’s government, setting off a flurry of moves by wealthy Russians to shield their fortunes and reputations.

Some people who think they’re likely to land on the list have stress-tested the potential impact on their investments, two people with knowledge of the matter said. Others are liquidating holdings, according to their U.S. advisers.

Russian businessmen have approached former Treasury and State Department officials with experience in sanctions for help staying off the list, said Dan Fried, who previously worked at the State Department and said he turned down such offers.

Some Russians sent proxies to Washington in an attempt to avoid lobbying disclosures, according to one person that was contacted.

The report is expected to amount to a blacklist of Russia’s elite. It was mandated by a law President Donald Trump reluctantly signed in August intended to penalize the Kremlin for its alleged meddling in the 2016 election.

A rare piece of legislation passed with a bipartisan veto-proof margin, the law gave Treasury, the State Department and intelligence agencies 180 days to identify people by “their closeness to the Russian regime and their net worth.”

That deadline is Jan. 29.

Shamed Oligarchs

The list has also become a headache within Treasury, where some officials are concerned it will be conflated with sanctions, a person familiar with the matter said.

Treasury officials are considering keeping some portions of the report classified — which the law allows — and issuing it in the form of a letter from a senior official, Sigal Mandelker, instead of releasing it through the Office of Foreign Assets Control, which issues sanctions.

That would help distinguish it from separate lists of Russians subject to U.S. economic penalties, said the person, who spoke on condition of anonymity.

“You’re going to have people getting shamed. It’s a step below a sanction because it doesn’t actually block any assets, but has the same optics as sanctions — you’re on a list of people who are engaged in doing bad things,” said Erich Ferrari, who founded Ferrari & Associates in Washington and has helped people get removed from the sanctions designation list.

Corruption Index

The report must include “indices of corruption” with the oligarch’s names and list any foreign assets they may own. Lawmakers expect the list to provide a basis for future punitive actions against Russia.

“Because of the nervousness that the Russian business community is facing, a number of oligarchs are already beginning to wind back businesses, treating them as if they are already designated, to stay ahead of it,” said Daniel Tannebaum, head of Pricewaterhousecoopers LLP’s global financial sanctions unit.

He advises a handful of wealthy Russian individuals and some businesses who he declined to identify.

Treasury’s terrorism and financial intelligence unit is working with the State Department and Office of National Intelligence to complete the report, said a spokesman who declined to elaborate on the criteria for the list or whether it would be made public.

“It should be released in the near future,” Treasury Secretary Steve Mnuchin said at a White House briefing. ‘It’s something we’re very focused on.”

‘Allows Mischief’

The list’s impact will depend on how it’s released, said Adam Smith, a former senior adviser in Treasury’s sanctions unit and now a partner at Gibson, Dunn & Crutcher LLP in Washington.

The law is “written in a way that it allows mischief if the administration wanted to go a different way,” Smith said. “If the president wanted to provide little or a lot and be very selective, he has the ability to do that.”

That discretion partly flows from the criteria used to assemble the list, which Congress left up to Treasury.

Senator Ben Cardin of Maryland, the ranking Democrat on the committee on foreign relations, said he would like to see “as much transparency as possible” from Treasury when it finishes the list.

Russia has sought to defend its elites. Putin warned of worsening U.S. sanctions last month and introduced a capital amnesty program to encourage wealthy nationals to repatriate some of their overseas assets.

He also approved a plan to issue special bonds designed to give the wealthy a way to hold their dollar assets out of reach of the U.S. Treasury.

‘Disgusting’ Relations

While compilation of the list doesn’t mean there’ll be a new round of tit-for-tat sanctions, Russia will react to any punitive measures against its business people, Kremlin spokesman Dmitry Peskov told reporters on a conference call Friday.

“The principle of reciprocity remains,” and it would be for Putin to decide on the best response, he said.

Prime Minister Dmitry Medvedev, a Putin lieutenant for two decades, called the state of the relationship “disgusting” in November.

Congress has also requested that Treasury submit an impact analysis of potential sanctions on Russian sovereign bonds. A Treasury spokesman said its international affairs office is working on the analysis.

U.S. sanctions on the bonds would deal a major blow to Russia’s finances, raising the prospect of a selloff in the bond market, posing a risk to the ruble and the potential for higher borrowing costs.

The Russian Finance Ministry relies on debt to cover budget shortfalls and is seeking to borrow $18 billion domestically in 2018.

APT 28 Fancy Bear Espionage Target US Senate

While Robert Mueller continues his robust investigation into all things Russia and his team is under critical pushback, one must consider that his work could and should produce a report on the constant and critical threat of cyber hacking by Russia. The United States does not have a cyber policy but it does have a CyberCommand. Congress cannot draft any legislation on global cyber policy and consequence.

Image result for u.s. cyber command

Beginning in June 2017, phishing sites were set up mimicking the ADFS (Active Directory Federation Services) of the U.S. Senate. By looking at the digital fingerprints of these phishing sites and comparing them with a large data set that spans almost five years, we can uniquely relate them to a couple of Pawn Storm incidents in 2016 and 2017. The real ADFS server of the U.S. Senate is not reachable on the open internet, however phishing of users’ credentials on an ADFS server that is behind a firewall still makes sense. In case an actor already has a foothold in an organization after compromising one user account, credential phishing could help him get closer to high profile users of interest. More here from:

Update on Pawn Storm: New Targets and Politically Motivated Campaigns

 

PARIS (AP) — The same Russian government-aligned hackers who penetrated the Democratic Party have spent the past few months laying the groundwork for an espionage campaign against the U.S. Senate, a cybersecurity firm said Friday.

The revelation suggests the group often nicknamed Fancy Bear, whose hacking campaign scrambled the 2016 U.S. electoral contest, is still busy trying to gather the emails of America’s political elite.

“They’re still very active — in making preparations at least — to influence public opinion again,” said Feike Hacquebord, a security researcher at Trend Micro Inc., which published the report . “They are looking for information they might leak later.”

The Senate Sergeant at Arms office, which is responsible for the upper house’s security, declined to comment.

Hacquebord said he based his report on the discovery of a clutch of suspicious-looking websites dressed up to look like the U.S. Senate’s internal email system. He then cross-referenced digital fingerprints associated with those sites to ones used almost exclusively by Fancy Bear, which his Tokyo-based firm dubs “Pawn Storm.”

Trend Micro previously drew international attention when it used an identical technique to uncover a set of decoy websites apparently set up to harvest emails from the French presidential candidate Emmanuel Macron’s campaign in April 2017. The sites’ discovery was followed two months later by a still-unexplained publication of private emails from several Macron staffers in the final days of the race.

Hacquebord said the rogue Senate sites — which were set up in June and September of 2017 — matched their French counterparts.

“That is exactly the way they attacked the Macron campaign in France,” he said.

Attribution is extremely tricky in the world of cybersecurity, where hackers routinely use misdirection and red herrings to fool their adversaries. But Tend Micro, which has followed Fancy Bear for years, said there could be no doubt.

“We are 100 percent sure that it can attributed to the Pawn Storm group,” said Rik Ferguson, one of the Hacquebord’s colleagues.

Like many cybersecurity companies, Trend Micro refuses to speculate publicly on who is behind such groups, referring to Pawn Storm only as having “Russia-related interests.” But the U.S. intelligence community alleges that Russia’s military intelligence service pulls the hackers’ strings and a months-long Associated Press investigation into the group, drawing on a vast database of targets supplied by the cybersecurity firm Secureworks, has determined that the group is closely attuned to the Kremlin’s objectives.

If Fancy Bear has targeted the Senate over the past few months, it wouldn’t be the first time. An AP analysis of Secureworks’ list shows that several staffers there were targeted between 2015 and 2016.

Among them: Robert Zarate, now the foreign policy adviser to Florida Senator Marco Rubio; Josh Holmes, a former chief of staff to Senate Majority Leader Mitch McConnell who now runs a Washington consultancy; and Jason Thielman, the chief of staff to Montana Senator Steve Daines. A Congressional researcher specializing in national security issues was also targeted.

Fancy Bear’s interests aren’t limited to U.S. politics; the group also appears to have the Olympics in mind.

Trend Micro’s report said the group had set up infrastructure aimed at collecting emails from a series of Olympic winter sports federations, including the International Ski Federation, the International Ice Hockey Federation, the International Bobsleigh & Skeleton Federation, the International Luge Federation and the International Biathlon Union.

The targeting of Olympic groups comes as relations between Russia and the International Olympic Committee are particularly fraught. Russian athletes are being forced to compete under a neutral flag in the upcoming Pyeongchang Olympics following an extraordinary doping scandal that has seen 43 athletes and several Russian officials banned for life. Amid speculation that Russia could retaliate by orchestrating the leak of prominent Olympic officials’ emails, cybersecurity firms including McAfee and ThreatConnect have picked up on signs that state-backed hackers are making moves against winter sports staff and anti-doping officials.

On Wednesday, a group that has brazenly adopted the Fancy Bear nickname began publishing what appeared to be Olympics and doping-related emails from between September 2016 and March 2017. The contents were largely unremarkable but their publication was covered extensively by Russian state media and some read the leak as a warning to Olympic officials not to press Moscow too hard over the doping scandal.

Whether any Senate emails could be published in such a way isn’t clear. Previous warnings that German lawmakers’ correspondence might be leaked by Fancy Bear ahead of last year’s election there appear to have come to nothing.

On the other hand, the group has previously dumped at least one U.S. legislator’s correspondence onto the web.

One of the targets on Secureworks’ list was Colorado State Senator Andy Kerr, who said thousands of his emails were posted to an obscure section of the website DCLeaks — a web portal better known for publishing emails belonging to retired Gen. Colin Powell and various members of Hillary Clinton’s campaign — in late 2016.

Kerr said he was still bewildered as to why he was targeted. He said that while he supported transparency, “there should be some process and some system to it.

“It shouldn’t be up to a foreign government or some hacker to say what gets released and what shouldn’t.”

Jeff Sessions’ DoJ and Operation Janus

A Department of Homeland Security initiative, Operation Janus, identified about 315,000 cases where some fingerprint data was missing from the centralized digital fingerprint repository. Among those cases, some may have sought to circumvent criminal record and other background checks in the naturalization process. These cases are the result of an ongoing collaboration between the two departments to investigate and seek denaturalization proceedings against those who obtained citizenship unlawfully. USCIS dedicated a team to review these Operation Janus cases, and the agency has stated its intention to refer approximately an additional 1,600 for prosecution.

In 2009, CBP provided the results of Operation Targeting Groups of Inadmissible
Subjects, now referred to as Operation Janus, to DHS. In response, the DHS
Counterterrorism Working Group coordinated with multiple DHS components
to form a working group to address the problem of aliens from special interest
countries receiving immigration benefits after changing their identities and
concealing their final deportation orders. In 2010, DHS’ Office of Operations
Coordination (OPS) began coordinating the Operation Janus working group.

***

The Office of the Inspector General report on Operation Janus. So, we have our first case…appears more to come.

Image result for operation janus immigration photo

VOA: A federal judge last week stripped an Indian national of his U.S. citizenship in what officials described as the first case to grow out of an Obama-era federal investigation that exposed rampant fraud among citizenship applicants.

Federal prosecutors had sought the denaturalization of Baljinder Singh in September, arguing that the 43-year-old native of India had fraudulently obtained his citizenship.

According to prosecutors, Singh first entered the U.S. under a false name in 1991 and subsequently faced deportation, but he failed to disclose that information in his 2004 citizenship application.

Under U.S. law, naturalization can be revoked if it was obtained through fraud.

On January 5, Federal Judge Stanley Chesler of the District of New Jersey, where Singh lives, granted the government’s request to revoke Singh’s citizenship, reverting his status to a green card holder and potentially subjecting him to deportation, the Justice Department announced Tuesday.

The judge’s order came after Singh failed to respond to the Justice Department’s denaturalization complaint and subsequent request for a summary judgment, according to court documents.

Singh could not be immediately reached.

Operation Janus

The Justice Department said the case was the first to result from Operation Janus, a Department of Homeland Security probe that identified 315,000 immigrants whose fingerprints were missing from government databases. The immigrants faced deportation or were criminal fugitives and “some may have sought to circumvent criminal record and other background checks in the naturalization process,” the Department said.

A 2016 audit by the Homeland Security Department’s inspector general first disclosed the missing fingerprint data and found that the U.S. Citizenship and Immigration Services had mistakenly granted citizenship to at least 858 immigrants facing deportation.

The immigrants used different names and birth dates to apply for citizenship, according to the audit.

The inspector general criticized Immigration and Customs Enforcement for failing to investigate the apparently fraudulently naturalized citizens but said the agency was “now taking steps to increase the number of cases to be investigated, particularly those who hold positions of public trust and who have security clearances.”

The pace of the investigations appears to have picked up over the past year, with the U.S. Citizenship and Immigration Services reporting a “growing body of cases” to the Justice Department.

Last year, the Justice Department filed 25 civil denaturalization cases and 57 criminal cases, according to a department spokesman.

The U.S. immigration agency said it plans to refer about 1,600 additional cases uncovered by Operation Janus for possible denaturalization.

“I hope this case, and those to follow, send a loud message that attempting to fraudulently obtain U.S. citizenship will not be tolerated,” USCIS Director Francis Cissna said in a statement. “Our nation’s citizens deserve nothing less.”

Denaturalization

Singh faces certain deportation, according to Amanda Frost, a professor at the American University Washington School of Law.

“Now that they’ve denaturalized him, their next move is to take away his green card and deport him,” Frost said. “If they don’t do that, I’m not sure what the purpose of this entire proceeding was.”

Chad Readler, the acting head of the Justice Department’s Civil Division, said Singh had “exploited our immigration system and unlawfully secured the ultimate immigration benefit of naturalization.”

“The Justice Department will continue to use every tool to protect the integrity of our nation’s immigration system, including the use of civil denaturalization,” Readler added.

The government is also seeking the denaturalization of two Pakistani nationals who are accused of concealing deportation orders from immigration officials.

In recent years, the number of denaturalization cases has been in the dozens, according to Frost. But Operation Janus suggests that the government is “putting more resources into this than it did before,” Frost said.

The U.S. government used denaturalization throughout the first half of the 20th century to take away the citizenship of people suspected of Communist sympathies or fighting in foreign wars.

But a landmark Supreme Court decision in 1967, Afroyim v. Rusk, put an end to the practice, said Frost, who researches denaturalization.

“The court made it clear that denaturalization was limited,” Frost said.

Last year, the Supreme Court handed down a decision in another denaturalization case, barring the government from denaturalizing citizens for making “non-material” false statements on their citizenship applications.

“It served to remind the government that there are many constitutional protections in this area and that denaturalization must be done carefully,” she said.

 

Anyone Interested in FBI Director Wray’s Cyber Concerns?

New York City, New York
January 9, 2018

Raising Our Game: Cyber Security in an Age of Digital Transformation

Remarks prepared for delivery.

Good morning. It’s great to be here with you, and great to be back here in my hometown. Thank you all for joining us. I want to thank Father McShane and Fordham for continuing to help us bring people together to focus on cyber security.

Let me start by saying how honored I feel to be here representing the men and women of the FBI. The almost 37,000 agents, analysts, and staff I get to work with at Headquarters, in our field offices, and around the world are an extraordinary, dedicated, and quite frankly, inspiring bunch. Not a day goes by that I’m not struck by countless examples of their patriotism, courage, professionalism, and integrity. And I could not be more proud, but also humbled, to stand with them as we face the formidable challenges of today—and tomorrow.

The work of the FBI is complex and hits upon nearly every threat facing our country. Today, I’d like to focus on the cyber threat.

Most of you have been thinking about the challenges in this particular arena for a long time. Before taking this job a few months ago, the last time I had to think seriously about cyber security through a law enforcement or national security lens was 12 years ago. Back then, I was head of the Justice Department’s Criminal Division, which included the Computer Crimes and Intellectual Property Section and handled cyber investigations.

It’s safe to say that no area has evolved more dramatically since then, particularly given the blistering pace of technological change. And I’ve spent much of the past few months getting caught up on all things cyber. So maybe the most useful thing I can do today is to offer the viewpoint of someone who’s looking at this world with fresh eyes. I’d like to talk to you about what the cyber threat picture looks like today; what the FBI is doing about it; and most important of all, what’s the way forward? Where’s the threat going? And where do we need to be to meet that threat? And then if we have time, I hope to answer a few questions.

* * *

The cyber threat has evolved dramatically since I left DOJ in 2005. Back then, social media didn’t really exist as we know it today, and “tweeting” was something only birds did. Now…well, let’s just say it’s something that’s a little more on my radar. Today, we live much of our lives online, and everything that’s important to us lives on the Internet—and that’s a scary thought for a lot of people. What was once a minor threat—people hacking for fun or for bragging rights—has turned into full-blown economic espionage and lucrative cyber crime.

This threat now comes at us from all sides. We’re worried about a range of threat actors, from multi-national cyber syndicates and insider threats to hacktivists. We’re seeing an increase in nation-state sponsored computer intrusions. And we’re also seeing a “blended threat”—nation-states using criminal hackers to carry out their dirty work. We’re also concerned about a wide gamut of methods, from botnets to ransomware.

So what’s the FBI doing about the cyber threat? Realistically, we know we can’t prevent every attack, or punish every hacker. But we can build on our capabilities. We can strengthen our partnerships and our defenses. We can get better at exchanging information to identify the telltale signs that may help us link cyber criminals to their crimes. We can impose a variety of costs on criminals who think they can hide in the shadows of cyber space.

We can do all these things—and we are doing all these things.

We’re improving the way we do business, blending traditional investigative techniques with technical capabilities. We’re now assigning work based on cyber experience and ability, rather than on jurisdiction. We now have Cyber Action Teams of agents and experts who can deploy at a moment’s notice, much like our Counterterrorism Fly Teams. We also now have Cyber Task Forces in every field office—much like our Joint Terrorism Task Forces—that respond to breaches, conduct victim-based investigations, and collect malware signatures and other actionable intelligence.

So we’ve strengthened our investigative capabilities, but we need to do our best to actually lay hands on the culprits and lock them up. And even where we can’t reach them, we’re now using all the tools at our disposal—we’re “naming and shaming” them with indictments, and we’re seeking sanctions from the Treasury Department.

We’re also building on our partnerships. We’re working more closely with our federal partners, because this threat is moving so quickly that there’s no time for turf battles. It doesn’t matter if you call us, or DHS, or any other agency—we all work together, so your information will get where it needs to go and you’ll get the help you need. We care less about who you call than that you call, and that you call as promptly as possible.

We’re also working more closely with our foreign partners. We now have cyber agents embedded with our international counterparts in strategic locations worldwide, helping to build relationships and coordinate investigations.

We’re also trying to work better with our private sector partners. We’re sharing indicators of compromise, tactics cyber criminals are using, and strategic threat information whenever we can. I’m sure you can appreciate there are times when we can’t share as much as we’d like to, but we’re trying to get better and smarter about that.

The good news is, we’ve made progress on a number of important fronts. Just this past summer, we took down AlphaBay—the largest marketplace on the DarkNet. Hundreds of thousands of criminals were anonymously buying and selling drugs, weapons, malware, stolen identities, and all sorts of other illegal goods and services through AlphaBay. We worked with the DEA, the IRS, and Europol, and with partners around the globe, to dismantle the illicit business completely. But we were strategic about the takedown—we didn’t want to rush it and lose these criminals. So, we waited patiently and we watched. When we struck, AlphaBay’s users flocked to another DarkNet marketplace, Hansa Market, in droves—right into the hands of our Dutch law enforcement partners who were there waiting for them, and they shut down that site, too.

So we’re adapting our strategy to be more nimble and effective. But the bad news is, the criminals do that too.

I mentioned the “blended threat” earlier. Recently we had the Yahoo matter, where hackers stole information from more than 500 million Yahoo users. In response, last February we indicted two Russian Federal Security Service officers and two well-known criminal hackers who were working for them. That’s the “blended threat”—you have intelligence operatives from nation-states like Russia now using mercenaries to carry out their crimes.

In March, our partners in the Royal Canadian Mounted Police arrested one of the hackers in Canada. The other three are Russian citizens living in Russia, but we made the judgment that it was worth calling them out, so now they’re also fugitives wanted by the FBI—so their vacation destinations are more limited.

So we’re making strides and we’ve had a number of successes—but the FBI still needs to do more to adapt to meet the cyber challenge.

For example, we want to do more to mitigate emerging threats as they spread. While we may not be able to stop all threats before they begin, we can do more at the beginning to stop threats before they get worse. We can share information, identify signatures, and stop similar attacks from happening elsewhere. But to do that, we need the private sector to work with us. At the FBI, we treat victim companies as victims. So, please: When an intrusion affects critical infrastructure; when there’s a potential for impact to national security, economic security, or public health and safety; when an attack results in a significant loss of data, systems, or control of systems; or when there are indications of unauthorized access to—or malware present on—critical IT systems, call us. Because we want to help you, and our focus will be on doing everything we can to help you.

Another thing driving the FBI’s work is that at some point, we’ll have to stop referring to all technical and digital challenges as “cyber.” Sophisticated intrusions and cyber policy issues are very much at the forefront of the conversation. But we also have to recognize that there’s a technology and digital component to almost every case we have now.

Transnational crime groups, sexual predators, fraudsters, and terrorists are transforming the way they do business as technology evolves. Significant pieces of these crimes—and our investigations of them—have a digital component or occur almost entirely online. And new technical trends are making the investigative environment a lot more complex. The Internet of Things, for example, has led to phenomena like the Mirai botnet—malware that uses all these connected devices to overwhelm websites, like the attacks that took down Netflix and Twitter last year.

The digital environment also presents new challenges that the FBI has to address—all kinds of twists for us in terms of what’s coming down the pike. Advances like artificial intelligence or crypto currencies have implications not only for the commercial sector, but for national security. Encrypted communications are changing the way criminals and terrorists plan their crimes—I’ll have more to say on that in a moment. And the avalanche of data created by our use of technology presents a huge challenge for every organization.

I’m convinced that the FBI—like a lot of other organizations—hasn’t fully gotten our arms around these new technologies and their implications for our national security and cyber security work. On our end, we know we need to be working with the private sector to get a clearer understanding of what’s coming around the bend. We need to put our heads together, in conferences like this and in other ways, so we’re better prepared, not just to face current threats, but the threats that will come at us five, 10, and 15 years from now.

When I was last in government, I saw how the 9/11 attacks spurred the FBI to fundamentally transform itself into a more intelligence-based national security organization. In the same way, I believe the new digital environment demands further fundamental transformation from us.

Over the years, FBI investigators have made huge strides in responding to the investigative challenges posed by the digital realm. We have pockets of excellence and talent that we’ve relied on to tackle our most complex technical challenges. But with the wholesale rise of digital challenges, this model won’t work for us anymore. As a big organization spread across 56 field offices and over 80 international offices, we need a new approach. We’ve got to increase our digital literacy across the board.

Some of our smartest people are looking at these challenges and thinking strategically about how the entire FBI can evolve in this rapidly changing environment. We’re focused on building our digital capabilities. We’re also focusing on our people, making sure we continue to attract the right skills and talent—and develop the right talent internally.

One issue I’m fixated on is whether we’re recruiting, hiring, and training now the kind of tech-savvy people we’ll need in five or 10 years. We know that we need more cyber and digital literacy in every program throughout the Bureau—organized crime, crimes against children, white-collar crime, just to name a few. Raising the average digital proficiency across the organization will allow all of our investigators to counter threats more efficiently and effectively, while freeing our true cyber “black belts” to focus on the most vexing attacks, like nation-state cyber intrusions.

We also need to focus more on innovation, approaching problems in new ways, with new ideas—which isn’t something, to be honest, that always comes naturally in government. We can’t just rely on the way we’ve always done things. And I don’t mean just technological innovation; I mean innovation in how we approach challenges, innovation in partnerships, innovation in who we hire, innovation in how we train, and innovation in how we build our workforce for the future.

So we need more innovation, and more of the right people. But the FBI can’t navigate the digital landscape alone. We also need to build stronger partnerships—with our counterparts in federal agencies, with our international counterparts, with the cyber research community, and with the private sector. And we need to do a better job of focusing our combined resources—trying to get our two together with your two to have it somehow equal more than four; to make it five or six or seven.

Finally, in some cases we may need lawmakers to update our laws to keep pace with technology. In some ways, it’s as if we still had traffic laws that were written for the days of the horse-and-carriage. The digital environment means we don’t simply need improved technical tools; we also need legal clarifications to address gaps.

* * *

I want to wrap up by talking about two challenges connected to the digital revolution. The first is what we call the “Going Dark” problem. This challenge grows larger and more complex every day. Needless to say, we face an enormous and increasing number of cases that rely on electronic evidence. We also face a situation where we’re increasingly unable to access that evidence, despite lawful authority to do so.

Let me give you some numbers to put some meat on the bones of this problem. In fiscal year 2017, we were unable to access the content of 7,775 devices—using appropriate and available technical tools—even though we had the legal authority to do so. Each one of those nearly 7,800 devices is tied to a specific subject, a specific defendant, a specific victim, a specific threat.

I spoke to a group of chief information security officers recently, and someone asked about that number. They basically said, “What’s the big deal? There are millions of devices out there.” But we’re not interested in the millions of devices used by everyday citizens. We’re only interested in those devices that have been used to plan or execute criminal or terrorist activities.

Some have argued that having access to the content of communications isn’t necessary—that we have a great deal of other information available outside of our smart phones and our devices; information including transactional information for calls and text messages, or metadata. While there’s a certain amount we can glean from that, for purposes of prosecuting terrorists and criminals, words can be evidence, while mere association between subjects isn’t evidence.

Being unable to access nearly 7,800 devices is a major public safety issue. That’s more than half of all the devices we attempted to access in that timeframe—and that’s just at the FBI. That’s not even counting a lot of devices sought by other law enforcement agencies—our state, local, and foreign counterparts. It also doesn’t count important situations outside of accessing a specific device, like when terrorists, spies, and criminals use encrypted messaging apps to communicate.

This problem impacts our investigations across the board—human trafficking, counterterrorism, counterintelligence, gangs, organized crime, child exploitation, and cyber. And this issue comes up in almost every conversation I have with leading law enforcement organizations, and with my foreign counterparts from most countries—and typically in the first 30 minutes.

Let me be clear: The FBI supports information security measures, including strong encryption. But information security programs need to be thoughtfully designed so they don’t undermine the lawful tools we need to keep this country safe.

While the FBI and law enforcement happen to be on the front lines of this problem, this is an urgent public safety issue for all of us. Because as horrifying as 7,800 in one year sounds, it’s going to be a lot worse in just a couple of years if we don’t find a responsible solution.

The solution, I’ll admit, isn’t so clear-cut. It will require a thoughtful and sensible approach, and may vary across business models and technologies, but—and I can’t stress this enough—we need to work fast.

We have a whole bunch of folks at FBI Headquarters devoted to explaining this challenge and working with stakeholders to find a way forward. But we need and want the private sector’s help. We need them to respond to lawfully issued court orders, in a way that is consistent with both the rule of law and strong cybersecurity. We need to have both, and can have both.

I recognize this entails varying degrees of innovation by the industry to ensure lawful access is available. But I just don’t buy the claim that it’s impossible.

For one thing, many of us in this room use cloud-based services. You’re able to safely and securely access your e-mail, your files, and your music on your home computer, on your smartphone, or at an Internet café in Tokyo. In fact, if you buy a smartphone today, and a tablet in a year, you’re still able to securely sync them and access your data on either device. That didn’t happen by accident. It’s only possible because tech companies took seriously the real need for both flexible customer access to data and cyber security. We at the Bureau are simply asking that law enforcement’s lawful need to access data be taken just as seriously.

Let me share just one example of how we might strike this balance. Some of you might know about the chat and messaging platform called Symphony, used by a group of major banks. It was marketed as offering “guaranteed data deletion,” among other things. That didn’t sit too well with the regulator for four of these banks, the New York State Department of Financial Services. DFS was concerned that this feature could be used to hamper regulatory investigations on Wall Street.

In response to those concerns, the four banks reached an agreement with the Department to help ensure responsible use of Symphony. They agreed to keep a copy of all e-communications sent to or from them through Symphony for seven years. The banks also agreed to store duplicate copies of the decryption keys for their messages with independent custodians who aren’t controlled by the banks. So the data in Symphony was still secure and encrypted—but also accessible to regulators, so they could do their jobs.

I’m confident that with a similar commitment to working together, we can find solutions to the Going Dark problem. After all, America leads the world in innovation. We have the brightest minds doing and creating fantastic things. If we can develop driverless cars that safely give the blind and disabled the independence to transport themselves; if we can establish entire computer-generated virtual worlds to safely take entertainment and education to the next level, surely we should be able to design devices that both provide data security and permit lawful access with a court order.

We’re not looking for a “back door”—which I understand to mean some type of secret, insecure means of access. What we’re asking for is the ability to access the device once we’ve obtained a warrant from an independent judge, who has said we have probable cause.

We need to work together—the government and the technology sector—to find a way forward, quickly.

In other parts of the world, American industry is encountering requirements for access to data—without any due process—from governments that operate a little differently than ours, to put it diplomatically. It strikes me as odd that American technology providers would grant broad access to user data to foreign governments that may lack all sorts of fundamental process and rule of law protections—while at the same time denying access to specific user data in countries like ours, where law enforcement obtains warrants and court orders signed by independent judges.

I just cannot believe that any of us in this room thinks that paradox is the right way to go. That’s no way to run a railroad, as the old saying goes.

A responsible solution will incorporate the best of two great American traditions—the rule of law and innovation. But for this to work, the private sector needs to recognize that it’s part of the solution. We need them to come to the table with an idea of trying to find a solution, as opposed to trying to find a way to build systems to prevent a solution. I’m open to all kinds of ideas, because I reject this notion that there could be such a place that no matter what kind of lawful authority you have, it’s utterly beyond reach to protect innocent citizens. I also can’t accept that anyone out there reasonably thinks the state of play as it exists now—and the direction it’s going—is acceptable.

Finally, let me briefly mention another issue that has a huge effect on the FBI’s national security work, including cyber—the re-authorization of Section 702 of the Foreign Intelligence Surveillance Act, or FISA.

The speed and scope of the cyber threat demands that we use every lawful, constitutional tool we’ve got to fight it. Section 702 is one of those tools.

I want to stress once again how vital this program is for the FBI’s national security mission. Section 702 is an essential foreign intelligence authority that permits the targeted surveillance of non-U.S. persons overseas. It’s especially valuable to the FBI, because it gives us the agility we need to stay ahead of today’s rapidly changing global threats.

I bring all this up today because unless renewed by Congress, Section 702 is set to expire later this month. Without 702, we would open ourselves up to intelligence gaps that would make it easier for bad cyber actors and terrorists to attack us and our allies—and make it harder for us to detect these threats.

We simply can’t afford for that to happen. So the FBI has spent an enormous amount of time, as have our partners in the intelligence community, working together with Congress to find a way to re-authorize Section 702 while addressing their concerns. My fervent hope is that before the extension expires, Congress will re-authorize Section 702 in a manner that doesn’t significantly affect our operational use of the program, or endanger the security of the American people.

* * *

So that’s a perspective on cyber from the new guy back on the block.

If one thing’s become clear to me after immersing myself again in this world for the past few months, it’s the urgency of the task we all face. High-impact intrusions are becoming more common; the threats are growing more complex; and the stakes are higher than ever.

That requires all of us to raise our game—whether we’re in law enforcement, in government, in the private sector or the tech industry, in the security field, or in academia. We need to work together to stay ahead of the threat and to adapt to changing technologies and their consequences—both expected and unexpected. Because at the end of the day, we all want the same thing: To protect our innovation, our systems, and, above all, our people.

Thank you all for everything you’re doing to make the digital world safer and more secure, and for joining us here in New York. I look forward to working with you in the years to come.

**** Image result for fbi cyber unit operations photo

The FBI’s mission in cybersecurity is to counter the threat by investigating
intrusions to determine criminal, terrorist, and nation-state actor identities, and engaging in activities
to reduce or neutralize these threats. At the same time, the FBI collects and disseminates information significant to those responsible for defending networks, including information regarding threat actor targets and techniques.
The FBI’s jurisdiction is not defined by network boundaries; rather, it includes all territory governed by
U.S. law, whether domestic or overseas, and spans individual citizens, private industry, critical
infrastructure, U.S. government, and other interests alike. Collectively, the FBI and its federal partners
take a whole-of-government approach to help deter future threats and bring closure to current threats
that would otherwise continue to infiltrate and harm our network defenses.
In July 2015, the FBI, in coordination with foreign law enforcement partners, dismantled a computer
hacking forum known as Darkode, which was a one-stop, high-volume shopping venue for some of the
world’s most prolific cyber criminals. This underground, password-protected online forum was a
meeting place for those interested in buying, selling, and trading malware, botnets, stolen personally
identifiable information, and other pieces of data and software that facilitated complex global cyber
crimes. As the result of this multi-year investigation, called Operation Shrouded Horizon, the FBI’s
Cyber Division and international partner agencies took down Darkode through coordinated law
enforcement action.
This international takedown involved Europol and 20 cooperating countries and is
believed to be the largest coordinated law enforcement operation to date against a forum based criminal
enterprise. Operation Shrouded Horizon resulted in charges, arrests, and searches of 70 Darkode
members and associates including indictments in the United States against 12 individuals associated
with the forum including the administrator. As part of the law enforcement action, the FBI seized
Darkode’s domain name and servers. This operation highlighted the FBI Cyber Division’s mission to
identify, pursue, and defeat cyber adversaries targeting global U.S. interests through collaborative
international partnerships. More here.

Iran’s Cyber Forces under IRGC Target Dissenters/Enemies

NIN is not Nine Inch Nails but rather the Supreme Leader’s tightly controlled internet platform known as the National Internet Network. It operates somewhat like an fee based system, those that can afford and pay more for access and usage get the best speed and less government oversight. The poorer class and the dissenters are controlled by the regime and not only vulnerable to the throttling of service but are subject to phishing operations, hacks and DDoS outages, all at the direction of the regime.

Image result for iran cyber unit irgc photo

It almost sounds like a marriage between the U.S. version/marriage of Google, Facebook and NSA, right? Well it is.

The NIN can filter key words and phrases and send users only to the sites it approved, according to the CHRI report. The government has also limited access to thousands of sites and platforms, including Facebook and YouTube. It is attempting to replace search engines like Google with its own state-approved versions.

Iran has also been able to influence how people use the internet through pricing. While there are private internet service providers (ISPs), they are still under government control, allowing state-run infrastructure companies to set up a tiered plan where access to international internet sites costs more than domestic. This drives traffic away from the global internet and to the NIN.

It’s not just internet censorship that Iranians are facing. The report also highlights state-sponsored cyberattacks and phishing schemes. State security agencies like the Islamic Revolutionary Guard Corps, a branch of the armed forces meant to protect the Islamic system, have hacked into individual and private online communications and arrested people on the basis of their content, which is technically illegal under Iranian law.

DDoS attacks, which aim to make specific websites unavailable or limit access to information by flooding them with illegitimate traffic, have become more prominent during politically sensitive times as well, according to the report. During the election in 2016, reformist and centrist candidates like Gaam-e Dovvom faced multiple attacks. The report said many of these are also internal attacks through the government.

Meanwhile, Iranians are not blind to the extensive surveillance they are facing online. As we’ve reported, many internet users use VPNs and other apps to try and circumvent the censorship. And millions of Iranians have turned to the Toronto-born Psiphon app to use the internet during the protests in December and this month. More here.

***  Image result for iran cyber unit irgc photo

Tehran has become increasingly adept at conducting cyber espionage and disruptive attacks against opponents at home and abroad, ranging from Iranian civil society organizations to governmental and commercial institutions in Israel, Saudi Arabia, and the United States.

A new report by carnegiendowment.org evaluates Iran’s Cyber threat environment. Just as Iran uses proxies to project its regional power, Tehran often masks its cyber operations using proxies to maintain plausible deniability. Yet such operations can frequently be linked to the country’s security apparatus, namely the Ministry of Intelligence and Islamic Revolutionary Guard Corps.

While Iran does not have a public strategic policy with respect to cyberspace, its history demonstrates a rationale for when and why it will engage in attacks. Iran uses its capabilities in response to domestic and international events. As conflict between Tehran and Washington subsided after the 2015 nuclear deal, so too did the cycle of disruptive attacks. However, Iran’s decisionmaking process is obscured and its cyber capabilities are not controlled by the presidency, as evident in cases of intragovernmental hacking.

The report claims that the United States is reliant on an inadequately guarded cyberspace and should anticipate that future conflicts, online or offline, could trigger cyber attacks on U.S. infrastructure. The first priority should be to extend efforts to protect infrastructure and the public, including increased collaboration with regional partners and nongovernmental organizations targeted by Iran. More details here.

The U.S. Army War College recently included this concern: In late-2011, the executive chairman of Google stated, “The Iranians are unusually talented in cyber war for some reason we don’t fully understand.”3 Stopping a cyber adversary from disrupting activity or stealing intellectual property has been the primary concern of government and private sector organizations, but in the military and intelligence communities, there are other concerns about Iran.

Prior to 2009, much of Iran’s cyber efforts were focused internally on countering government dissidence. The influential Iranian Revolutionary Guard Corp (IRGC) proposed the development of an Iranian Cyber Army in 2005 to combat internal threats. It sought out professional hackers through voluntary means or by using blackmail and threats to boost its ranks. In early March 2012, Supreme Leader of Iran Ayatollah Ali Khameni publicly announced to state media the creation by decree of a new Supreme Council of Cyberspace charged “to oversee the defense of the Islamic Republic’s computer networks and develop new ways of infiltrating or attacking the computer networks of its enemies.”7 It included heads of intelligence, militia, security, media chiefs, and the IRGC. It has its own budget and offices along with the power to enact laws. Additionally, the IRGC stated that a secure internal network for high-level command and control called “Basir” (Persian for perceptive) was created to counter outside threats to online activities.8 However, it is clear from its actions against opposition influences and dissident groups that the regime continues internal censorship and monitoring as well. Furthermore, Reporters Without Borders, in its 2012 annual report of countries that restrict internet access, filter content, and imprison bloggers, “ranked Iran the number one enemy of the Internet…ahead of 11 other countries—including Saudi Arabia, Bahrain, Syria, China, and Belarus.”9

In late-2011, Iran invested at least $1 billion dollars in cyber technology, infrastructure, and expertise.10 In March 2012, the IRGC claimed it had recruited around 120,000 personnel over the past 3 years to combat “a soft cyber war against Iran.”11 In early-2013, an IRGC general publically claimed Iran had the “fourth biggest cyber power among the world’s cyber armies.”12 Regardless of the numbers, the fact is that Iran’s cyber capability continues to mature. The IRGC has its own Cyber Defense Command which recruits and trains cyber warriors to spy on dissidents on the internet and spread Iranian government propaganda.13 The IRGC also now owns and controls Iran’s largest communication company and manages the skilled cyber technicians and specialists of Iran’s Cyber Army trained to hack into opposition websites and conduct other types of offensive cyber operations. On the law enforcement side, the FETA police (in Persian it literally means Police of the Space of Creating and Exchanging Information) handle typical internet crimes as well as more opaque enforcement activities such as political and security crimes. There are other Iranian organizations and companies recruited and/or affiliated with Iran’s cyber capabilities, either knowingly or by loose association. The full summary is here.