Chicago Mayor Sues DoJ/Sessions, Sanctuary City Money

Primer:

Jamie Gorelick — a partner at Wilmer Hale who also represents Ivanka Trump and Jared Kushner on non-Russia related legal issues, is one of the many attorneys who is listed as pro bono counsel on the suit. Last year Chicago received $2.3 million in JAG funds. Over the years, the city has purchased SWAT equipment, police vehicles, radios and Tasers with the money.

The suit revolves around specific conditions Sessions announced in July for a federal program, the Edward Byrne Memorial Justice Assistance Grant, or Bryne JAG, which provides federal funding to support local law enforcement efforts.
“(The executive branch) may not unilaterally concoct and import into the Byrne JAG program sweeping new policy conditions that were never approved (and indeed were considered and rejected) by Congress and that would federalize local jails and police stations, mandate warrantless detentions in order to investigate for federal civil infractions, sow fear in local immigrant communities, and ultimately make the people of Chicago less safe,” attorneys for the city wrote in Monday’s filing. More here.

‘Sanctuary city’ Chicago sues Trump administration

Chicago (AFP) – The city of Chicago filed suit Monday against the Donald Trump administration for withholding funds from so-called “sanctuary cities” that fail to cooperate with tougher federal efforts cracking down on undocumented immigrants.

The lawsuit, the first of its kind, challenges the Trump administration’s requirement that cities detain suspects for questioning by federal immigration authorities or see their grant funding for municipal police departments withheld.

Chicago Mayor Rahm Emanuel on Monday called the policy counterproductive.

“By forcing us, or the police department, to choose between the values of the city and the philosophy of the police department… I think it’s a false choice, and it undermines our actual safety agenda,” Emanuel told CNN.

“We will always be a welcoming city,” he continued, adding that local police departments rely on the cooperation of the immigrant community — both documented and undocumented.

“Our police department is part of a neighborhood, part of a community, built on the premise of trust,” the mayor said.

“We want you to come to Chicago if you believe in the American dream,” he added.

The federal grant at the center of the lawsuit provided $2.3 million to Chicago last year to purchase police equipment, such as cars, computers, radios and Tasers, Emanuel said.

The federal government’s new rules would tie the grant to requirements that, among other things, cities give federal immigration authorities unlimited access to local police stations to interrogate arrestees, Chicago officials said.

The city is asking a federal court to declare such requirements unlawful.

Trump has targeted sanctuary cities as part of his promised crackdown on illegal immigration, and the Department of Justice implemented the new funding requirement last month.

Supporters of “sanctuary city” policies say requiring local police to fully cooperate with immigration enforcement erodes with the communities they serve and frustrate law enforcement efforts.

The Department of Justice (DOJ) criticized the lawsuit in a statement that accused Emanuel of “protecting criminal aliens and putting Chicago’s law enforcement at greater risk.”

The head of the DOJ, US Attorney General Jeff Sessions, last week said the policy would improve safety for immigration officers who now have to track down suspects who already had been detained and released by local police.

“By forcing police to go into more dangerous situations to re-arrest the same criminals, these policies endanger law enforcement officers more than anyone,” Sessions said.

Loretta Lynch used an Alias in Govt Emails

Using an alias was a common practice under the Obama administration when we first learned about Lisa Jackson doing so while at the EPA, calling herself Richard Windsor….weird huh? Eric Holder used an alias. Not to be forgotten, the top law enforcement officer, Eric Holder while heading the Department of Justice did the same thing, he was Lew Alcindor.

Not too be outdone….here comes Loretta Lynch doing the same thing on official government email communications, she was none other than Elizabeth Carlisle. Sheesh…

Loretta Lynch used the alias “Elizabeth Carlisle” for official emails as attorney general, including those related to her infamous tarmac meeting last summer with former President Clinton.

The emails were included in 413 pages of Justice Department documents provided to conservative watchdog groups Judicial Watch and American Center for Law and Justice.

Top federal officials using email aliases is not illegal or new, considering others in the former Obama administration also used them, arguing security concerns and spam to their official email addresses swamping their in-boxes. More here.

So, when a Freedom of Information request comes in asking for documents relating to an event using government official’s real names, the reply from FOIA officers can then be: “no documents responsive to your request” that is until outside organizations and investigative journals are on to the plots. Such is the case regarding the tarmac meeting between Loretta Lynch and Bill Clinton. The FBI responded with ‘no documents to the request, but the now Trump Department of Justice responded with 400 pages of documents. Much blame is being placed on James Comey controlling the FBI FOIA requests, however, let us remember he reported to the Justice Department….remember that?

In ‘some’ fairness, Comey in congressional testimony stated he was angry and lost faith in the Justice investigation as it related to the Hillary Clinton affair(s).

The common posture of the people on the Trump team is to regarding Comey as a Hillary loyalist and compromised. This is especially true regarding the offered information on a meeting to his friend and law professor, who later called the New York Times and read the newspaper a personal journal entry of Comey’s at Comey’s behest. Now, this for sure sounds as it is a questionable tactic, and it is.

We cant know how much more background there is or all the facts and context, but we are in the core o a building government crisis, past and present.

So, let’s go a little deeper, shall we?

“No records responsive to your request were located,” FBI Chief of Record/Information David Hardy wrote a letter responding to ACLJ’s Freedom of Information Act request.

“For your information, Congress excluded three discrete categories of law enforcement and national security records from the requirements of the FOIA.”

(Exemptions may apply in cases of classified information relating to foreign policy or national defense, trade secrets, and personnel and medical files.)

The released emails include several exchanges between FBI media official Richard Quinn and DOJ’s Office of Public Affairs Director Melanie Newman.

The video is here.

One of those emails, sent by Newman under the subject line “FLAG”, said she wanted to “flag a story that is gaining some traction” about the “casual, unscheduled meeting” between Lynch and President Clinton.

She instructed Quinn to “let me know if you get any questions about this.”

Newman in the email also provide Quinn with some talking points. Although they are supposedly public statements – and separate emails indicate that they had been sent to reporters of major media outlets – the talking points, as well as many other parts of the release, were redacted.

An email sent by Newman to another staff member on July 1, titled “FBI just called,” shows that the agency was “asking for guidance” in responding to media questions about reports stating FBI agents had ordered ‘No photos, no picture, no cell phones’ at the Clinton-Lynch meeting.

ABC Breaking News | Latest News Videos

The conversation then continued via phone calls. One hour later, Carolyn Pokomy from the Office of the Attorney General said in an email reply, “I will let Rybicki know.” Jim Rybicki was then the FBI’s chief of staff and senior counselor to Comey.

The information she sent to Rybicki was also redacted. Read more here.

 

2 Congressmen Watched Voting Machines Being Hacked

Primer

33 states accepted DHS aid to secure elections

The Department of Homeland Security (DHS) provided cybersecurity assistance to 33 state election offices and 36 local election offices leading up to the 2016 presidential election, according to information released by Democratic congressional staff.

During the final weeks of the Obama administration, the DHS announced that it would designate election infrastructure as critical, following revelations about Russian interference in the 2016 election.

Since January, two states and six local governments have requested cyber hygiene scanning from the DHS, according to a memo and DHS correspondence disclosed Wednesday by the Democratic staff of the Senate Homeland Security and Governmental Affairs Committee.

The information is related to the committee’s ongoing oversight of the DHS decision to designate election infrastructure.

The intelligence community said back in January that in addition to directing cyberattacks on the Democratic National Committee and top Democratic officials, Russia also targeted state and local electoral systems not involved in vote tabulating.

In June, DHS officials told senators investigating Russian interference that there was evidence that Russia targeted election-related systems in 21 states, none of them involved in vote tallying.

Officials have previously confirmed breaches in Arizona and Illinois, though it remains unclear whether other systems were successfully breached. Lawmakers such as Sen. Mark Warner (D-Va.) have demanded more information on the specific states targeted.

Homeland Security and Government Affairs ranking member Claire McCaskill (D-Mo.) wrote then-Secretary of Homeland Security John Kelly back in March, asking for more information on his plans for the critical infrastructure designation. The information released Wednesday is drawn from his response on June 13. Kelly has since left his post to serve as President Trump’s chief of staff.

“Prior to the election, DHS offered voluntary, no-cost cybersecurity services and assistance to election officials across all 50 states. By Election Day, 33 state election offices and 36 local election offices requested and received these cyber hygiene assessments of their internet-facing infrastructure,” Kelly wrote.

“In addition, one state election office requested and received a more in-depth risk and vulnerability assessment of their election infrastructure.”

Given the critical infrastructure designation, the DHS is providing cyber hygiene assessments, which include vulnerability scanning of election-related systems excluding voting machines and tallying systems, which the department recommends being disconnected from the internet.

The department also offers risk and vulnerability assessments, which include penetration testing, social engineering, wireless discovery and identification, and database and operating systems scanning. The DHS is also responsible for sharing threat information with owners and operators of critical infrastructure, which now include state and local election officials.

“Following the establishment of election infrastructure as critical infrastructure, several state and local governments requested new or expanded cybersecurity services from DHS,” Kelly disclosed in June, according to the letter. “Specifically, an additional two states and six local governments requested to begin cyber hygiene scanning (one state has, however, ended its service agreement). DHS also received one request for the risk and vulnerability assessment service.”

Many state and local election officials have opposed the designation, saying that the DHS has not offered enough information about what it means. The department has insisted that assistance will be given only to states that request it.

In the letter, Kelly, who has acknowledged objections, said there are “no plans to make any changes to the designation of election infrastructure as a critical infrastructure subsector.”

All of the Democratic members of the Senate Homeland Security and Governmental Affairs Committee have called for a full investigation into Russian election interference. The matter is already under investigation by the House and Senate Intelligence committees. The memo issued by Democratic staff on Wednesday was sent to the full committee.

Background at a Las Vegas Convention:

LAS VEGAS—For the first time in the 25 years of the world’s largest hacker convention, DefCon, two sitting U.S. Congressmen trekked here from Washington, D.C., to discuss their cybersecurity expertise on stage.

Rep. Will Hurd, a Texas Republican, and Rep. Jim Langevin, a Rhode Island Democrat, visited hacking villages investigating vulnerabilities in cars, medical devices, and voting machines; learned about how security researchers plan to defend quantum computers from hacks; and met children learning how to hack for good.

On Sunday, the last day of the conference, Hurd and Langevin delivered their own message: We come in peace. Please help us.

During a fireside chat-style conversation moderated by Joshua Corman, director of the Cyber Statecraft Initiative at the Atlantic Council, Hurd, chairman of the House Subcommittee on Information Technology, and Langevin, co-founder and co-chair of the Congressional Cybersecurity Caucus, called for the more than 2,000 hackers in the audience to “develop a dialogue” with their local representative in Congress.

“Never underestimate the value that you can bring to the table in helping to educate members and staff of what the best policies are, what’s going to work, and what’s not going to work,” Langevin said, pointing to Luta Security CEO and bug bounty expert Katie Moussouris’ ongoing advocacy for changes to the Wassenaar Arrangement, a decades-old international accord on how countries can transport “intrusion software” and other weapons across international borders.

Moussouris and Iain Mulholland of VMware have effectively convinced Wassenaar member countries to delay their adoption of proposed revisions to the agreement, as they’ve pushed for new language to better protect security researchers’ work.

The conversation between hackers and Congress has never been monosyllabic. But it has been frosty for decades, as federal prosecutors have used American antihacking laws such as the Computer Fraud and Abuse Act and Electronic Communication Privacy Act to punish people conducting legitimate security research.

As many security researchers continue to worry about how these laws might affect them, some have begun to use their expertise to influence the laws—and the lawmakers behind them.

Langevin and Hurd’s plea for hacker-legislator collaboration follows calls by hackers at last year’s DefCon for greater government regulation of software security.

“We don’t have voluntary minimum safety standards for cars; we have a mandatory minimum,” Corman told The Parallax at the time. “What tips the equation [for software] is the Internet of Things, because we now have bits and bytes meeting flesh and blood.”

Hurd said security researchers could play an important role in addressing increasingly alarming vulnerabilities in the nation’s voting apparatus. DefCon’s first voting machine-hacking village this weekend hosted a voting machine from Shelby County, Tenn., that unexpectedly contained personal information related to more than 600,000 voters. Village visitors managed to hack the machine, along with 29 others.

“We have to ensure that the American people can trust the vote-tabulating process,” Hurd said, acknowledging that DefCon attendees were able to hack each machine in the village. “The work that has been done out here is important in educating the secretaries of state all around the country, as well as the election administrators,” about secure technologies and practices.

Langevin and Hurd’s comments seemed to strike the right notes with hackers in attendance. Following Edward Snowden’s leaking of NSA documents and Apple’s refusal to create an encryption backdoor for law enforcement to the iPhone, relations between the hacking community and Washington have been strained at best, notes Herb Lin, a computer security policy expert and research fellow at Stanford University’s Center for International Security and Cooperation. But markedly improving the relationship will require more than a plea for collaboration, he warns.

“It’s better than what’s happened in the past, which is both nothing and active hostility,” he says. “One act by itself is not a game changer.”

The chat ended with assurances of more action from both sides. Corman said he’d like to see members of Congress attend more hacker conferences, such as ShmooCon in Washington, and Hurd promised that he wouldn’t let his experiences this past weekend go to waste.

“These conversations are going to lead me to hold hearings on many of these topics in the subcommittee that I chair,” Hurd said.

***  More details that were recorded at the convention:

DEF CON 2017 –  Are voting systems secure? In August 2016, the FBI issued a “flash” alert to election officials across the country confirming that foreign hackers have compromised state election systems in two states.

Although the US largely invested in electronic voting systems their level of security appears still not sufficient against a wide range of cyber attacks.

During an interesting session at the DEF CON hacking conference in Las Vegas, experts set up 30 computer-powered ballot boxes used in American elections simulating the Presidential election.  Welcome in the DEF CON Voting Village!

At the 1st ever Voting Village at , attendees tinker w/ election systems to find vulnerabilities. I’m told they found some new flaws

The organization asked the participant to physically compromise the system and hack into them, and the results were disconcerting.

“We encourage you to do stuff that if you did on election day they would probably arrest you.” John Hopkins computer scientist Matt Blaze said,

Most of the voting machines in the DEF CON Voting Village were purchased via eBay (Diebold, Sequoia and Winvote equipment), others were bought from government auctions.

voting machines hacking

In less than 90 minutes hackers succeeded in compromising the voting machines, one of them was hacker wirelessly.

“Without question, our voting systems are weak and susceptible. Thanks to the contributions of the hacker community today, we’ve uncovered even more about exactly how,” said Jake Braun, cybersecurity lecturer at the University of Chicago.

The analysis of the voting machines revealed that some of them were running outdated OS like Windows XP and Windows CE and flawed software such as unpatched versions of OpenSSL.

Some of them had physical ports open that could be used by attackers to install malicious applications to tamper with votes.

Even if physical attacks are easy to spot and stop, some voting machines were using poorly secured Wi-Fi connectivity.

The experts Carsten Schurmann at the DEF CON Voting Village hacked a WinVote system used in previous county elections via Wi-Fi, he exploited the MS03-026 vulnerability in Windows XP to access the voting machine using RDP.

Greetings from the Defcon voting village where it took 1:40 for Carsten Schurmann to get remote access to this WinVote machine.

Another system could be potentially cracked remotely via OpenSSL bug CVE-2011-4109, it is claimed.

huge cheer just went up in @votingvilllagedc as hackers managed to load Rick Astley video onto a voting machine

The good news is that most of the hacked equipment is no longer used in today’s election.

 

Pentagon Recommends Suspension of MAVNI, Foreign Infiltration

It does not take but just a few to go AWOL or to flee the program to create a domestic national security disaster. Further, was the original vetting and background procedure watered down in recent years such that the vulnerability to this growing security risk manifested?

What the heck is really going on here? Remember in October of 2016 when Reuters reported this?

Forty-four Afghan troops visiting the United States for military training have gone missing in less than two years, presumably in an effort to live and work illegally in America, Pentagon officials said.

Although the number of disappearances is relatively small — some 2,200 Afghan troops have received military training in the United States since 2007 — the incidents raise questions about security and screening procedures for the programs.

There was yet another very similiar AWOL event in 2010 in Texas. 17 involved there.

The MAVNI program was limited to 5,200 people in Fiscal Year 2016. The fact sheet is here.

 

FNC/EXCLUSIVE: Defense Department investigators have discovered “potential security risks” in a Pentagon program that has enrolled more than 10,000 foreign-born individuals into the U.S. armed forces since 2009, Fox News has learned exclusively, with sources on Capitol Hill and at the Pentagon expressing alarm over “foreign infiltration” and enrollees now unaccounted for.

After more than a year of investigation, the Pentagon’s inspector general recently issued a report – its contents still classified but its existence disclosed here for the first time – identifying serious problems with Military Accessions Vital to the National Interest (MAVNI), a DOD program that provides immigrants and non-immigrant aliens with an expedited path to citizenship in exchange for military service.

Defense Department officials said the program is still active but acknowledged that new applications have been suspended.

Created in the final weeks of the Bush-Cheney administration and launched under then-President Barack Obama, MAVNI was designed to recruit individuals with foreign-language and other skills the Pentagon deems useful and in short supply. The program has had many success stories – most notably the Army’s Soldier of the Year in 2012, Sgt. Saral Shrestha, originally of Nepal – and independent analyses have found MAVNI recruits out-perform non-MAVNI soldiers in critical areas.

Yet concern over management of the program has grown over recent months.

“The lack of discipline in implementation of this program has created problems elsewhere,” said Rep. Steve Russell, R-Okla., a retired Army officer who sits on the House Armed Services subcommittee on military personnel. It was Russell who first publicly sounded alarms. During the markup of the latest defense authorization bill, on June 28, Russell noted: “The program has been replete with problems, to include foreign infiltration – so much so that the Department of Defense is seeking to suspend the program due to those concerns.”

Another lawmaker, whose committee does not enjoy jurisdiction over MAVNI – but whose panel could well come to focus on these problems, depending on their severity – told Fox News that the program had been “compromised” and that DOD officials have not presented answers to his questions about missing enrollees: “Where are they? What do they know? Where are they serving? What are their numbers?”

Contacted by Fox News, Army Lt. Col. Paul Haverstick, a Pentagon spokesman, said in a statement: “The Department of Defense is conducting a review of the MAVNI pilot program due to potential security risks associated with the program.” Beyond that, however, Haverstick declined to comment, citing “pending litigation.”

Defense Secretary James Mattis, whom sources said had developed his own concerns about MAVNI, was named as the sole defendant in a lawsuit filed in February by seven foreign-born MAVNI enrollees. The lawsuit alleged that a decision by top brass in September to tighten up access to security clearances issued through MAVNI had had the effect of “crippling their military careers.”

Sources said MAVNI’s problems included a vetting backlog that led to enrollment of many soldiers prior to completion of their background checks, and an attendant “drift” in the program’s criteria, with MAVNI being used as a vehicle for the hiring of workers – like cooks, drivers and mechanics – who did not possess the specialized skills the program was created to exploit.

The title of the inspector general’s classified report – “Evaluation of Military Services’ Compliance with Military Accessions Vital to the National Interest Program Security Reviews and Monitoring Programs” – hints at the problems, with its references to “security reviews” and “monitoring” of enrolled individuals.

Some lawmakers have received classified briefings on the matter. Sources said some of the countries of origin for MAVNI enrollees are “of concern,” but as of yet there is no evidence in the public domain that ISIS, Al Qaeda, or any other terrorist groups have penetrated the MAVNI program. Still, such a development remains an active concern.

“ISIS has always had desire to use migration as way to penetrate into countries,” said retired U.S. Army General Jack Keane, a Fox News military analyst. “They have done that successfully in Europe because of open borders, mass immigration with no vetting. In the U.S., we haven’t had any record of their penetration. And certainly if this program is compromised and there’s a possibility of that kind of penetration, it’s got to be thoroughly investigated.”

North Korea Kim Jung un, Cyber Theft of Currency

Going back to the 1970’s, North Korea was counterfeiting U.S. currency. In 2006, it was the super note, a perfect $100 dollar bill.

Training for such skills as counterfeiting, illicit drugs, weapons, cyber warfare and bootleg merchandise comes out of Office 39. Clandestine and fraudulent transactions including management operations flowing through Office 39 is estimate in the $6-8 billion range.

In 2014, one defector fleeing to Russia had $5 million of the Office 39 funds money with him.

Those highly selected North Koreans assigned to Office 39 arrive from having received an education in these specialties from elite universities or academies in China and Russia. Other highly selected North Koreans are also required to attend an in country school known as Mirim College. This school was founded by Kim Jong Il in 1986.

According to a defector:

this college has a highly confidential mission—education of world-class IT warriors—its security is so exhaustively kept that individual guard units are dispatched to the college solely for security. The security manual distributed to guards indicates that, “Without the permission of the college commander, no car should be allowed entrance to college grounds except for that of Kim Jong Il.”

Students of the college wear the same uniform as military officials, but on their shoulders they brandish special stars, on which hak (meaning is learning) is printed. A “Kim Il Political Military University” badge is worn on the left side of the chest.

Kim Jung Il lived the high life while his own people suffered to not only beatings but to death by starvation. His son, Kim Jung Un, taking over the country lives much the same yet due to sanctions and isolation by the international community, illicit activities continue.

Counterfeiting of currency is not so much a common practice in North Korea and the country has been dabbling in bitcoin fraud and now through cyber activity, they steal currency.

Just recently, Reuters published an item referring to a report analyzed suspected cyber attacks between 2015 and 2017 on South Korean government and commercial institutions, identified another Lazarus spinoff named Andariel.

“Bluenoroff and Andariel share their common root, but they have different targets and motives,” the report said. “Andariel focuses on attacking South Korean businesses and government agencies using methods tailored for the country.”

Pyongyang has been stepping up its online hacking capabilities as one way of earning hard currency under the chokehold of international sanctions imposed to stop the development of its nuclear weapons program.

North Korea has cooperated with China, Russia and Iran to improve their cyber capabilities. China is especially complicit in that cooperation by providing the communications network inside the DPRK and inside China. Additionally, China has provided hardware, servers, routers. Russia is not without major blame and shares the guilt by dispatching Russian professors from Frunze Military Academy to train North Koreans to be professional hackers.

Additionally, Russia has sold to North Korea GPS jamming equipment in the area of sea navigation and also provides financial aid to North Korea supporting it’s abilities to interfere and disrupt command and control systems.

North Korea operates yet another location known as Office 91. It has four units:

110= Technology Reconnaissance Team for DDoS attacks

35= External Offensive Cyber Operations

121= Strictly assigned for cyber attacks on South Korea

204= Enemy Secret Cyber Psychological Warfare Unit

In total, it is estimated that North Korea has close to 10,000 people assigned the the cyber and hacking operations in country. Additionally, North Korea maintains a force of up to 1000 in China performing cyber warfare.

While it is common for headlines to refer to Kim Jung Un as a nutcase, that is hardly a fitting description for him. While he may be militant and spontaneous, he is well educated. He attended Liebefeld-Steinhölzli Schule, a Swiss state school gaining access to Western culture, but had lousy grades. He has two degrees, one in physics from Kim il Sung University and another as an Army officer obtained from the Kim Il Sung Military University.

He does maintain an asymmetrical military strategy that has astounded the West and countries in the region with his advanced missile systems and launch abilities. All this is funded by cyber theft of currency and information and cooperation with Iran, China and Russia. North Korea does have IP proxy locations for operations that include New Zealand, Malaysia, Indonesia an several others. The ‘darknet’ is full of countries co-opting servers and jump points all doing the same thing.

 

 

 

The Frunze Military Academy Panorama