Category Archives: FBI

Subpoena Tim Geithner About the Uranium One Deal for Starters

Posted on by
Ever wonder where any Hillary emails are with regard to this case both as Secretary of State or through the Clinton Foundation? Perhaps Huma knows all…did Obama’s OFA take any kickbacks? What else is out there that the Obama administration hid from congress and oversight? Anyway read on for context and the people line-up.
Under the Treasury Department is also the responsibility of sanctions and where waivers to those sanctions occur.

The Secretary of the Treasury is the Chairperson of CFIUS, and notices to CFIUS are received, processed, and coordinated at the staff level by the Staff Chairperson of CFIUS, who is the Director of the Office of Investment Security in the Department of the Treasury.

The members of CFIUS include the heads of the following departments and offices:

  1. Department of the Treasury (chair)
  2. Department of Justice
  3. Department of Homeland Security
  4. Department of Commerce
  5. Department of Defense
  6. Department of State
  7. Department of Energy
  8. Office of the U.S. Trade Representative
  9. Office of Science & Technology Policy

The following offices also observe and, as appropriate, participate in CFIUS’s activities:

  1. Office of Management & Budget
  2. Council of Economic Advisors
  3. National Security Council
  4. National Economic Council
  5. Homeland Security Council

The Director of National Intelligence and the Secretary of Labor are non-voting, ex-officio members of CFIUS with roles as defined by statute and regulation.

Of note for the Uranium One transaction to happen, unless there was a waiver:

What steps can be taken with respect to information required by § 800.402 to further facilitate CFIUS review?

Suggestions include:

  1. Section 800.402(j)(1) requires submission of organizational charts showing control and ownership of the foreign person that is a party to the transaction.  CFIUS’s review would be aided if the parties provide such charts for the U.S. business and if the charts for the U.S. business and the foreign person diagram the ownership chains for the acquirer and target before and after the transaction being notified to CFIUS.  These should be as extensive and detailed as possible.
  2. Sections 800.402(c)(1)(iii) and (v) require submission of information related to the foreign person and its parents.  CFIUS’s review would be aided if the notice identifies whether the actual party in interest is the party to the transaction or one of the parents of the party to the transaction.  CFIUS does not consider special purpose vehicles, wholly-owned subsidiaries established for the sole purpose of the transaction, or other shell companies to be the actual parties in interest in a transaction.
  3. Sections 800.402(c)(3)(iii) and (iv) require information regarding certain United States Government contracts.  Parties are advised to update and verify United States Government contact information for such contracts. Private sector entities not party to the notice are not acceptable points-of-contact for contracts in question.
  4. Filers should ensure that all files in the electronic version of a notice are less than five megabytes (5MB) in size.

What steps, though not required for a notice to be determined complete, may facilitate CFIUS review?

  1. CFIUS agencies have found it very helpful in the past for filing companies to provide the following additional information, even if the activity is not the primary focus of their commercial operations.  CFIUS often requests this information after a voluntary notice has been accepted if it was not included in the initial filing.
    1. Cyber systems, products, services:  Identify whether the U.S. business being acquired develops or provides cyber systems, products, or services, including:
      • Business systems used to manage or support common business processes and operations (for example, enterprise resource planning, e-commerce, email, and database systems); control systems used to monitor, assess, and control sensitive processes and physical functions (for example, supervisory control, data acquisition, process and distributed control systems); safety, security, support, and other specialty systems (for example, fire, intrusion detection, access control, people mover, and heating, ventilating, and air conditioning systems); or
      • (ii) Telecommunications and/or Internet or similar systems, products or services.
    2. Natural resources:  Identify whether the U.S. business being acquired processes natural resources and material or produces and transports energy, and the amount processed, produced, or transported annually.
  2. Discussion in the notice of the business rationale for the transaction may be useful.
  3. The regulations require parties to provide information regarding any other applicable national security-related regulatory authorities, such as the ITAR, EAR, and NISPOM.  Some of the regulatory review processes under these authorities may have longer deadlines than the CFIUS process, and parties to transactions affected by these other reviews may wish to start or complete these processes prior to submitting a voluntary notice to CFIUS under section 721.

The FBI has a network of informants domestically and it did the job it is tasked to do, that is until the Holder Justice Department ensured it could no longer do the job with regard to the Uranium One Case.

Before the Obama administration approved a controversial deal in 2010 giving Moscow control of a large swath of American uranium, the FBI had gathered substantial evidence that Russian nuclear industry officials were engaged in bribery, kickbacks, extortion and money laundering designed to grow Vladimir Putin’s atomic energy business inside the United States, according to government documents and interviews.

Federal agents used a confidential U.S. witness working inside the Russian nuclear industry to gather extensive financial records, make secret recordings and intercept emails as early as 2009 that showed Moscow had compromised an American uranium trucking firm with bribes and kickbacks in violation of the Foreign Corrupt Practices Act, FBI and court documents show.

They also obtained an eyewitness account — backed by documents — indicating Russian nuclear officials had routed millions of dollars to the U.S. designed to benefit former President Bill Clinton’s charitable foundation during the time Secretary of State Hillary Clinton served on a government body that provided a favorable decision to Moscow, sources told The Hill.

The racketeering scheme was conducted “with the consent of higher level officials” in Russia who “shared the proceeds” from the kickbacks, one agent declared in an affidavit years later.

When this sale was used by Trump on the campaign trail last year, Hillary Clinton’s spokesman said she was not involved in the committee review and noted the State Department official who handled it said she “never intervened … on any [Committee on Foreign Investment in the United States] matter.”

In 2011, the administration gave approval for Rosatom’s Tenex subsidiary to sell commercial uranium to U.S. nuclear power plants in a partnership with the United States Enrichment Corp. Before then, Tenex had been limited to selling U.S. nuclear power plants reprocessed uranium recovered from dismantled Soviet nuclear weapons under the 1990s Megatons to Megawatts peace program.

Vadim Mikerin was a director of Rosatom’s Tenex in Moscow since the early 2000s, where he oversaw Rosatom’s nuclear collaboration with the United States under the Megatons to Megwatts program and its commercial uranium sales to other countries. In 2010, Mikerin was dispatched to the U.S. on a work visa approved by the Obama administration to open Rosatom’s new American arm called Tenam.

The kickbacks were known by the FBI, they had to happen to advance the case and to allow them as evidence of wrong-doing.

His, Mikerin’s, illegal conduct was captured with the help of a confidential witness, an American businessman, who began making kickback payments at Mikerin’s direction and with the permission of the FBI. The first kickback payment recorded by the FBI through its informant was dated Nov. 27, 2009, the records show.

In evidentiary affidavits signed in 2014and 2015, an Energy Department agent assigned to assist the FBI in the case testified that Mikerin supervised a “racketeering scheme” that involved extortion, bribery, money laundering and kickbacks that were both directed by and provided benefit to more senior officials back in Russia. More here.

Mikerin indictment document here.

The plea deal and 2 associated cases here.

Mikerin was sentenced to 4 years and forfeited $2,126,622.36  :

According to court documents, Mikerin was the director of the Pan American Department of JSC Techsnabexport (TENEX), a subsidiary of Russia’s State Atomic Energy Corporation and the sole supplier and exporter of Russian Federation uranium and uranium enrichment services to nuclear power companies worldwide, and the president of TENAM Corporation, a wholly owned subsidiary and the official representative of TENEX. Court documents show that between 2004 and October 2014, conspirators agreed to make corrupt payments to influence Mikerin and to secure improper business advantages for U.S. companies that did business with TENEX, in violation of the Foreign Corrupt Practices Act (FCPA). Mikerin admitted that he conspired with Daren Condrey, Boris Rubizhevsky and others to transmit approximately $2,126,622 from Maryland and elsewhere in the United States to offshore shell company bank accounts located in Cyprus, Latvia and Switzerland with the intent to promote the FCPA violations. Mikerin further admitted that the conspirators used consulting agreements and code words to disguise the corrupt payments.

Condrey, 50, of Glenwood, Maryland, pleaded guilty on June 17, 2015, to conspiracy to violate the FCPA and conspiracy to commit wire fraud. Rubizhevsky, 64, of Closter, New Jersey, pleaded guilty on June 15, 2015, to conspiracy to commit money laundering. Condrey and Rubizhevsky await sentencing.

***

Mikerin

 

Officials Potentially Influenced (Name; Title; Organization): 

  • Vadim Mikerin; President; TENAM Corporation
  • Vadim Mikerin; Director of the Pan American Department; JSC Techsnabexport (“TENEX”)

Defendant-Related Entities Involved in the Misconduct:    N/A

Third-Party Intermediary:   

  • Cypriot shell company , Shell Company
  • Latvian shell company , Shell Company
  • Swiss shell company , Shell Company
  • Vadim Mikerin , Agent/Consultant/Broker

 

DG Parker MI5 Declares Terror Threats Worst Yet

Posted on by

MI5 Director General (DG) Andrew Parker addressed an audience  in Central London today, in which he spoke about the international counter terrorism threat that we are facing and how MI5 works with partners to tackle it.  This marks the first time that a DG has given a speech on-camera.

MI5 also continues to counter threats from terrorism in Northern Ireland and the actions of hostile states seeking to carry out damaging espionage activity.

  MI5 photo

Mr Parker said MI5 remains a multi-dimensional organisation that is constantly evolving and continues to be innovative in order to meet the changing threat.

He added:

Day in and day out we are identifying and disrupting threats: stopping terrorism. Our response is unrelenting. Those that wish our country harm can expect to meet MI5 and the police. And they will face the full force of the law and be brought to justice.

We face this new order of challenge from a position of strength. The UK has world-class intelligence agencies and counter terrorism policing. We are developing, growing and sharpening our capabilities all the time.

Throughout our history MI5 has been all about innovating to meet the changing threat and the shifting technological environment. We review every major operation and learn from our successes. And when an attack happens we are determined, using the harsh light of hindsight, to squeeze out every last drop of learning so that we can be the very best we can be, now and in the future.

…the challenge that we face is undoubtedly a stark one. More threat, coming at us more quickly, and sometimes harder to detect. But it is a challenge that we and our partners are rising to and are facing down. We are committed to this for the long haul. Our unrelenting focus will remain on doing everything in our power every day to keep Britain safe.

Andrew Parker, director general of the security service, gave a rare public speech, calling the threat “multi-dimensional, evolving rapidly and operating at a scale and pace we’ve not seen before”.

Another 20 terrorist attacks on the UK were foiled over the past four years and “many more” were prevented, he said.

The intelligence chief said there has been a “dramatic upshift” this year, which resulted in the London and Manchester attacks which killed a total of 36 people. He said continental Europe has faced a similar surge, particularly in France, Belgium, Germany and Spain.

  photo

Mr Parker said MI5 has more than 500 live investigations involving roughly 3,000 people known to be involved in extremist activities.

In addition, he said, more than 20,000 individuals have been scrutinized in the past for possible terror ties and there are undoubtedly “violent extremists” who have thus far not been detected by the Security Service.

The director called on technology companies to work with the government on preventing their social media platforms from being used by extremists for communications that cannot be monitored.

When asked if Facebook and Google were doing enough on this front, Mr Parker declined to discuss specific companies.

He praised advancements in communications technology, but said an “unintended side effect” has been to make it easier for extremists to avoid legal monitoring by using apps, including many that provide encryption, to avoid detection. He said companies should to more to prevent this abuse of their communications systems. More here

For the FBI Haters, Check out Operation Cross Country

Posted on by

FBI Announces Results of Operation Cross Country XI

Underage Sex Trafficking Crackdown Leads to Recovery of 84 Minors

The Federal Bureau of Investigation, along with the National Center for Missing & Exploited Children (NCMEC), announced today that 84 minors were recovered and 120 traffickers were arrested as part of Operation Cross Country XI, a nationwide effort focusing on underage human trafficking that ran from October 12-15, 2017.

This is the 11th iteration of the FBI-led Operation Cross Country (OCC), which took place this year in 55 FBI field offices and involved 78 state and local task forces, consisting of hundreds of law enforcement partners. This year’s coordinated operations took place with several international partners, including Canada (Operation Northern Spotlight), the United Kingdom (Aident 8), Thailand, Cambodia, and the Philippines.

“We at the FBI have no greater mission than to protect our nation’s children from harm. Unfortunately, the number of traffickers arrested—and the number of children recovered—reinforces why we need to continue to do this important work,” said FBI Director Christopher Wray. “This operation isn’t just about taking traffickers off the street. It’s about making sure we offer help and a way out to these young victims who find themselves caught in a vicious cycle of abuse.”

Operation Cross Country XI

Story and Videos

Operation Cross Country XI

The 11th iteration of Operation Cross Country, the FBI’s annual law enforcement action focused on recovering underage victims of prostitution, concluded with the recovery of 84 sexually exploited juveniles.

As part of Operation Cross Country XI, FBI agents and task force officers staged operations in hotels, casinos, and truck stops, as well as on street corners and Internet websites. The youngest victim recovered during this year’s operation was 3 months old, and the average age of victims recovered during the operation was 15 years old. Minors recovered during Cross Country Operations are offered assistance from state protective services and the FBI’s Victim Services Division. Depending on the level of need, victims are offered medical and mental health counseling, as well as a number of other services.

“Child sex trafficking is happening in every community across America, and at the National Center for Missing & Exploited Children, we’re working to combat this problem every day,” said NCMEC President and CEO John Clark. “We’re proud to work with the FBI on Operation Cross Country to help find and recover child victims. We hope OCC generates more awareness about this crisis impacting our nation’s children.”

Operation Cross Country XI is part of the FBI’s Innocence Lost National Initiative, which began in 2003 and has yielded more than 6,500 child identifications and locations. For additional information on Operation Cross Country XI and the Innocence Lost initiative, please visit www.fbi.gov.

Examples of stories from various cities that took part in Operation Cross Country XI:

  • On October 13, FBI Denver recovered two minor girls—one 3-month-old and one five-year-old. The subject, a friend of the children’s family, offered an undercover officer access to the two children for sexual purposes in exchange for $600. The FBI is working with Child Protective Services to conduct a forensic interview and secure safe placement of the children. The subject was placed under arrest.
  • Also on October 13, a 16-year old female victim was recovered by FBI El Paso after an undercover agent called an online advertisement for entertainment. Shortly thereafter, the agent met with a 21-year-old female, who offered a fee of $200 to engage in sexual intercourse with her and another female, the 16-year-old victim. Further investigations revealed that a second adult female drove the minor and the 21-year-old to the undercover agent’s location. Both female subjects have been arrested on federal charges.

Note to Editors: B-Roll and interviews associated with Operation Cross Country can be downloaded at www.fbi.gov.

Resources

Videos

N Korean Hackers’ Heist from Taiwan Bank

Posted on by

Taiwan Bank Heist Linked to North Korean Hackers

A recent cyber-heist that targeted a bank in Taiwan has been linked by security researchers to an infamous threat group believed to be operating out of North Korea.

Hackers exploited the SWIFT global financial network to steal roughly $60 million from Taiwan’s Far Eastern International Bank. The money was transferred to several countries, but bank officials claimed they had managed to recover most of it. Two individuals were arrested earlier this month in Sri Lanka for their role in the operation.

Researchers at BAE Systems have identified some of the tools used in the attack and found connections to the North Korean threat actor known as Lazarus. This group is also believed to be behind the 2014 attack on Sony Pictures and campaigns targeting several banks, including Bangladesh’s central bank.

The attack on the Bangladesh bank, which resulted in the theft of $81 million, also involved the SWIFT system. Similar methods were also used to target several other banks, but SWIFT said some of the operations failed due to the new security measures implemented by the company.

While it’s still unclear how attackers gained access to the systems of Far Eastern International Bank, an analysis of various malware samples apparently involved in the attack suggests that the hackers may have used a piece of ransomware as a distraction.

The ransomware involved in the attack is known as Hermes. According to Bleeping Computer, the threat surfaced in February and its latest version has an encryption mechanism that makes it impossible to recover files without paying the ransom.

However, researchers at McAfee discovered that the Hermes variant used in the attack on the Taiwanese bank did not display a ransom note, which led them to believe it may have been only a distraction.

“Was the ransomware used to distract the real purpose of this attack? We strongly believe so,” McAfee researchers said. “Based on our sources, the ransomware attack started in the network when the unauthorized payments were being sent.”

BAE Systems has seen samples that drop a ransom note in each encrypted folder, but even they believe Hermes may have been used to distract the bank’s security team.

Another malware sample linked by BAE Systems to this attack is a loader named Bitsran, which spreads a malicious payload on the targeted network. This threat contained what appeared to be hardcoded credentials for Far Eastern International’s network, which suggests the threat group may have conducted previous reconnaissance.

Some pieces of malware discovered by BAE Systems are known to have been used by the Lazarus group, including in attacks aimed at financial organizations in Poland and Mexico. The malware includes commands and other messages written in Russia, which experts believe is likely a false flag designed to throw off investigators.

It’s worth noting that the Hermes ransomware samples checked the infected machine’s language settings and stopped running if Russian, Ukrainian or Belarusian was detected. This is common for malware created by Russian and Ukrainian hackers who often avoid targeting their own country’s citizens. However, this could also be a false flag.

Another piece of evidence linking the Taiwan bank attacks to Lazarus is the fact that money was transferred to accounts in Sri Lanka and Cambodia, similar to other operations attributed to the group.

Some experts believe that these bank heists and the WannaCry attack, which has also been linked by some to Lazarus, are campaigns launched by North Korea for financial gain. However, many of these operations don’t appear to have been very successful on this front.

“Despite their continued success in getting onto payment systems in banks, the Lazarus group still struggle getting the cash in the end, with payments being reversed soon after the attacks are uncovered,” BAE Systems researchers explained.

“The group may be trying new tricks to disrupt victims and delay their ability to respond – such as different message formats, and the deployment of ransomware across the victim’s network as a smokescreen for their other activity. It’s likely they’ll continue their heist attempts against banks in the coming months and we expect they will evolve their modus operandi to incorporate new ways of disrupting victims (and possibly the wider community) from responding,” they added.

photo

*** Related reading: The Lazarus (aka DarkSeoul group) is allegedly controlled by Bureau 121, a division of the Reconnaissance General Bureau, a North Korean intelligence agency. Bureau 121 is responsible for conducting military cyber campaigns.

*** By the way, some of the North Korean hackers not only operate in China but many of those hackers are from India….

6,000 is the number of hackers working for North Korea, traced by American and British security officials.
Once scoffed at, North Korea’s cyber technology has now developed to a brink where it can create a havoc in the world’s cybersecurity. From theft to political agenda, North Korea now launches attacks in the form of ransomware, digital bank heists, online video game cracks and Bitcoin exchanges.

In the first week of October, India’s Ministry of External Affairs issued a strongly-worded statement condemning North Korea for conducting a powerful nuclear test. Few weeks down the line, a stunning report from the New York Times claims that India serves as a base for North Korea’s cyber warfare.

Citing a report by the Recorded Future, the American publication said nearly a fifth of the Pyongang’s attacks originate from India.

The report claims that most of North Korean cyber operations are carried out from foreign countries like India, Malaysia, New Zealand, Nepal, Kenya, Mozambique, and Indonesia. While in some cases, the North Korean hackers route their attacks through their computers from abroad, in cases like that in India, hackers are physically stationed to carry out attacks.

The cyber mission as envisaged by Kim Jong-il in the 1990s was expanded by his dictator son Kim Jong-Un after he took power in 2011.

On of the most successful cyber attacks carried out by North Korea dates back to 2014 on Sony pictures to prevent them from releasing a comedy film that was based on the assassination of Kim Jong Un.

Last May, a widespread global ransomware attack caused panic and briefly stalled the Britain’s National Health Services.

The digital bank heists in Philippines in 2015 and in Vietnam in the same year also earned them some hard cash from cyber attacks.

The report by Recorded Future also indicates that India, despite serving as a base for North Korea’s cyberwar, also remains at a potential threat from similar attacks. While the world lives under the fear of North Korea emerging as a nuclear superpower, the country is silently building a strong brigade of hackers.

Scope of Russian Troll Operation Explained

Posted on by

Information warfare = Troll warfare

Russian journalists publish massive investigation into St. Petersburg troll factory’s U.S. operations

A day after Dozhd television published an interview with a former member of Russia’s infamous Internet Research Agency, the magazine RBC released a new detailed report on the same organization’s efforts to meddle in U.S. domestic politics. Meduza summarizes RBC’s new report here.

photo

The Internet Research Agency, Russia’s infamous “troll farm,” reportedly devoted up to a third of its entire staff to meddling in U.S. politics during the 2016 presidential election. At the peak of the campaign, as many as 90 people were working for the IRA’s U.S. desk, sources told RBC, revealing that the entire agency employs upwards of 250 people. Salaries for staff working in the U.S. department apparently range from 80,000 to 120,000 rubles ($1,400 to $2,100) per month.

The head of the IRA’s U.S. desk is apparently a man originally from Azerbaijan named Dzheikhun Aslanov (though he denies any involvement with the troll factory).

In August and September this year, Facebook, Instagram, and Twitter suspended 118 communities and accounts run by the St. Petersburg “troll factory,” disabling a network capable of reaching 6 million subscribers. In 2016, at the height of the U.S. presidential campaign, this network reportedly produced content that reached 30 million people each week.

A source also told RBC that the Internet Research Agency spent almost $80,000 over two years, hiring roughly 100 local American activists to stage about 40 rallies in different cities across the United States. The activists were hired over the Internet, communicating in English, without their knowledge that they were accepting money or organizing support from a Russian organization. According to RBC, internal records from the IRA verify its role in these activities.

The main activity in the troll factory’s U.S. desk was to incite racial animosity (playing both sides of the issue), and promoting the secession of Texas, objections to illegal immigration, and gun rights.

RBC estimates that the Internet Research Agency’s total salary expenses approach $1 million per year, with another $200,000 allocated to buying ads on social media and hiring local activists in the U.S.

According to RBC, the IRA still has a U.S. desk, though its staff has apparently dropped to 50 employees.

Note: Formally, the Internet Research Agency ceased to exist roughly two years ago, rebranding itself under different names, but sources say the organization continues to operate as before.

***

One part of the factory had a particularly intriguing name and mission: a “Department of Provocations” dedicated to sowing fake news and social divisions in the West, according to internal company documents obtained by CNN.

Prigozhin is one of the Kremlin’s inner circle. His company is believed to be a main backer of the St. Petersburg-based “Internet Research Agency” (IRA), a secretive technology firm, according to US officials and the documents reviewed by CNN. Prigozhin was sanctioned by the US Treasury Department in December of 2016 for providing financial support for Russia’s military occupation of Ukraine. Two of his companies, including his catering business, were also sanctioned by Treasury this year.
CNN has examined scores of documents leaked from Prigozhin’s companies that show further evidence of his links to the troll factory.
One contract provided IRA with ways to monitor social media and a “system of automized promotion in search engines.”
Prigozhin has a colorful past. He spent nine years in prison in the 1980s for fraud and robbery, according to Russian media reports. After his release, he went into the catering business — renovating a boat and opening New Island, one of a half-dozen upscale restaurants he owns in St. Petersburg. Putin turned to him to cater his birthday parties as well as dinners with visiting leaders, including President Bush and Jacques Chirac of France. A headline in The Moscow Times referred to Prigozhin as Putin’s “Personal Chef.”
Prigozhin subsequently won lucrative catering contracts for schools and Russia’s armed forces. He escorted Putin around his new food-processing factory in 2010. By then he was very much a Kremlin insider with a growing commercial empire. More here.
***
Trolling NATO? Yuppers

Seventy percent of Russian-language tweets targeting NATO military activities in Eastern Europe are generated by automated Russian trolls, according to a survey done by the military alliance.

“Two in three Twitter users who write in Russian about the NATO presence in Eastern Europe are robotic or ‘bot’ accounts,” the NATO Strategic Communications Centre of Excellence stated in a report made public this week.

The Russian bots sent 84 percent of all Russian language messages. English language tweets against the alliance also were found to be automated, with some 46 percent generated by automated Twitter accounts.

The report criticized the global social media platform for not doing enough to counter Russian bot activities on Twitter. “Our impression is that Twitter in Russian is policed less effectively than it is in English,” the report said.

A Twitter spokesman could not be reached for comment. Colin Crowell, Twitter’s vice president for public policy, stated in a recent post on the company website that “we strictly prohibit the use of bots and other networks of manipulation to undermine the core functionality of our service.” Read more here.