Category Archives: FBI

Mueller, Zebley, Quarles Named Special Counsel, Russia Probe

Posted on by

It is important to note, this is not a special prosecution team, it is a legal investigative team. All three lawyers have formally resigned their positions, which is required from the law firm Wilmer Cutler Pickering Hale and Dorr.

Image result for robert mueller Robert Mueller

From the National Law Journal in part: Zebley was Mueller’s former chief of staff at the FBI and Quarles worked as an assistant special prosecutor for the Watergate investigation. Mueller worked on a range of issues including cybersecurity, criminal litigation and internal investigations. Last year, he was appointed to oversee settlement negotiations in class action lawsuits over Volkswagen A.G.’s emissions scandal.

The task of this team is solely to investigate the matter of Trump’s campaign operatives having any cooperation or interaction with any Russian entities into the campaign infrastructure in 2016.

Mueller served as U.S. Attorney for the Northern District of California prior to joining the FBI. He graduated from Princeton University in 1966 and went on to receive his J.D. from the University of Virginia. Mueller has gained the approval of the ACLU, former Attorney General and head of Main Justice, Eric Holder as well as many democrats in both chambers of Congress.

Another partner at the law firm, is Reginald Brown, who worked in the Bush White House and runs the firm’s financial institutions group and congressional investigations practice, is advising Paul Manafort as of this spring. Manafort, who ran Trump’s presidential campaign for six months, may be ensnared in the Russia investigation because of a consulting client he represented in Ukraine who had ties to the Kremlin.

Top Clinton administration alumni at Wilmer include former Solicitor General Seth Waxman and former Deputy Attorney General Jamie Gorelick, who’s boosted her own resume in recent months by advising Ivanka Trump and Jared Kushner on government ethics.

“I determined that it is in the public interest for me to exercise my authorities and appoint a special counsel to assume responsibility for this matter,” Mr. Rosenstein said in a statement. “My decision is not a finding that crimes have been committed or that any prosecution is warranted. I have made no such determination.”

While a special counsel would remain ultimately answerable to Mr. Rosenstein — and by extension, the president — he would have greater autonomy to run an investigation than a United States attorney would. Mr. Mueller will be able to choose to what extent to consult with or inform the Justice Department about his investigation as it goes forward.

“He’s an absolutely superb choice,” said Kathryn Ruemmler, a former prosecutor and White House counsel under Mr. Obama. “He will just do a completely thorough investigation without regard to public pressure or political pressure.”

She added: “I cannot think of a better choice.”

John S. Pistole, who served as the F.B.I.’s deputy director under Mr. Mueller, also praised the appointment.

“You need an independent assessment of what the president has done, how he has done it and perhaps why he has done it,” said Mr. Pistole, who is now president of Anderson University in Indiana. “The appointment of Director Mueller is exactly what is needed to attempt to bring credibility to the White House when there are so many questions about the president’s actions and motives.”

The order to appoint Mr. Mueller was signed by Mr. Rosenstein on Wednesday, drawing on a regulation granting the attorney general the authority to appoint a special counsel for only the second time in history. The first time it was used was in 1999 by Janet Reno, who appointed Jack Danforth, a former Republican senator from Missouri, to lead an investigation into the botched federal raid on the Branch Davidian compound in Waco, Tex., in 1993 that killed 76 people.

In his capacity as special counsel, Mr. Mueller will be able to request additional resources for the investigation. Those requests will be reviewed by Lee Lofthus, assistant attorney general for administration. More here.

The Trump White House only had this response to the naming of this team:

There is no information that has been released how this legal team will address matters relating to Hillary Clinton, John Podesta or other related issues. It should be noted that only last week, did the Senate Democrats that are also part of a Senate Intelligence Committee investigation on similar Russian probes hired April Doss. Doss held an early career at the NSA and just resigned also from her law firm of Saul Ewing.

Image result for april doss saul

Both Mueller’s law firm and Doss’ law firm each has legal specialties in the cyber industry.

One last item, since Paul Manafort was mentioned above:

Former Trump campaign manager Paul Manafort took out a $3.5 million mortgage through a shell company just after leaving the campaign, but the mortgage document that explains how he would pay it back was never filed — and Manafort’s company never paid $36,000 in taxes that would be due on the loan.

Image result for paul manafort

On August 19, 2016, Manafort left the Trump campaign amid media reports about his previous work for a pro-Russian political party in Ukraine, including allegations he received millions of dollars in payments.

That same day, Manafort created a holding company called Summerbreeze LLC. Several weeks later, a document called a UCC filed with the state of New York shows that Summerbreeze took out a $3.5 million loan on Manafort’s home in the tony beach enclave of Bridgehampton.

Manafort’s name does not appear on the UCC filing, but Summerbreeze LLC gives his Florida address as a contact, and lists his Bridgehampton home as collateral.

1000+ Officers Raid, 44 Arrests

Posted on by

Image result for ms-13 raid los angeles NY Daily News

Primer: The LATimes reports:

Shortly after 4 a.m. Wednesday, heavily-armed ATF agents — wearing helmets and bulletproof gear and carrying rifles — forced their way into a storefront and a back building near Exposition Boulevard and Western Avenue in Exposition Park. Agents approached in an armored vehicle down a narrow alleyway behind the small business.

Once inside, federal agents and police detectives found what they described as gang members involved in human trafficking, as well as possible victims. The storefront, which appeared to be locked from the outside, was full of garbage.

A few of the people detained were handcuffed and lined up facing a metal fence in the alleyway next to the armored vehicle.

The indictment names the former leader of the gang and a dozen people who acted as a joint council of leaders, Brown said.

The lead defendant in the indictment is 43-year-old Jose Balmore Romero, known as “Porky.” Romero called the shots for the gang in Los Angeles in 2013 and 2014 and oversaw the gang’s drug-trafficking activities and coordinated the collection of extortion money, some of which was distributed to the Mexican Mafia, according to the U.S. attorney’s office in Los Angeles. Romero has been in custody since 2015, charged with ordering a gang-related slaying.

Three men were charged with murder in connection with the gang’s activities, authorities said. Carlos Alfredo Cardoza Lopez, 23, known as “Little Boy,” faces a violent crime in aid of racketeering murder charge in the fatal shooting of a innocent bystander inside the gang-controlled Little San Salvador Nightclub and Restaurant on Western Avenue, federal prosecutors said in a statement. A friend of the victim also was stabbed. More here.

Associated Press

Indictment document is here.

Dozens of MS-13 gang members nabbed in 50 Los Angeles raids

Los Angeles (CNN)Hundreds of federal and local authorities stormed homes and storefronts across Los Angeles early Wednesday, targeting dozens of high-ranking members of the notorious MS-13 street gang.

The 50 pre-dawn raids, aimed at catching suspects asleep or off guard, also focused on nabbing members of MS-13’s core leadership, the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) said.
“Today we disrupted this gang’s command and control,” said Eric Harden, special agent in charge of the ATF’s Los Angeles field division.
Los Angeles is the US base for MS-13, which has tens of thousands of members worldwide. Authorities count the gang among the largest criminal organizations in the US.
More than half of the 44 people arrested Wednesday are undocumented immigrants, acting US Attorney Sandra Brown said.
But the raids aimed to curb violent crime — not immigration violations, Los Angeles Police Chief Charlie Beck said. He said MS-13 often “preys on” undocumented immigrants.
The suspects face a wide range of charges, including federal racketeering and narcotics conspiracy. If convicted, Brown said, most of those arrested Wednesday could face decades in federal prison — and three could face the death penalty.
About 1,000 officers from the ATF, the FBI, the Drug Enforcement Administration, US Immigration and Customs Enforcement, the Los Angeles Police Department and the Los Angeles County Sheriff’s Department took part worked on the massive effort.
And they had to execute their plan in the dark of night.

An inside look into a raid

Authorities conduct one of 50 simultaneous raids targeting MS-13 gang members.

Authorities conduct one of 50 simultaneous raids targeting MS-13 gang members.
CNN’s was the only TV crew that accompanied authorities during the raids.
At 4 a.m., a dozen ATF agents poured out of an armored vehicle, preparing to break open the front and back doors of an inconspicuous store just outside downtown. The storefront they hit was a suspected hub for MS-13.
Rifle-wielding officers suited in body armor and helmets appeared ready for combat. With the element of surprise on their side, agents peacefully took half a dozen people into custody.
One by one, they came out in handcuffs. Some were suspected gang members; some may be victims of human trafficking, authorities said.
A storefront might seem like an odd place to find notorious gang suspects. But MS-13 members have been known to live in storefronts and have been suspected of using them as a cover for drug activity, prostitution and human trafficking.

Investigation goes deep

Federal agents say the probe, which began in June 2014, targeted the leadership and the most violent members of MS-13 in Los Angeles and the gang’s links to the Mexican mafia.
“We believe the most impact is made by targeting the mid- to upper-level hierarchy of the gang and removing them,” Harden said.
“Once removed, it causes a disorganization of the gang, where it suppresses their activity for an extensive amount of time until another leader is developed or steps up.”
MS-13 makes money from extortions, kidnappings, drug and weapons trafficking and human trafficking, the ATF said. Killings for the protection of the gang are common, federal authorities say, and sometimes are carried out with machetes.
Harden has faced off with MS-13 for decades, dating back to his days as a street agent.
“They’ve been here since the ’80s and have thrived to this date,” said Harden. “They’re a transnational or international gang. Their level of brutality is extreme and high, similar to what we read about and hear with the drug-trafficking cartels in Mexico.” More here from CNN.

With GPS, Drug Cartels Move Shipments to Europe Until

Posted on by

Drug cartels heavily rely on GPS devices to track shipments, feds say

The GPS has increasingly become a drug dealer’s new partner in crime.

Drug-smuggling groups are relying on the device to keep tabs on drug packages as they wind their way through Central America to the United States, according to published reports.

The criminals attach the drug shipments to buoys, send them off in the Pacific Ocean, and use signals they give off to track a package’s location by using special codes, InSight Crimes reports.

The GPS gives dealers the advantage of having drug shipments picked up by others monitoring their movements without being detected by authorities.

GPS devices are also allowing drug cartels to keep track of lower-level smugglers to ensure they are doing what they were told, say U.S. officials.

Barbara L. Carreno, public affairs officer for the U.S. Drug Enforcement Administration, said drug dealers have been using the tracking device for years. But recently, as the once bulky devices have become smaller and cheaper, their use has increased, she said.

“Traffickers need to know that their mules are doing what they are supposed to do and delivering their very valuable shipments where they are supposed to go,” Carreno said. “We often find GPS devices in shipments we seize.”

Traffickers won’t use a computerized system that would lead law enforcement back to them or create records that would implicate them.

– Barbara L. Carreno, spokeswoman, U.S. Drug Enforcement Administration

The GPS is simple enough, the DEA says, that it actually eludes more sophisticated tools used for drug interdictions by government agencies of various countries.

“Traffickers wouldn’t use a computerized system that would lead law enforcement back to them or create records that would implicate them,” Carreno said. “They want something cheap, unsophisticated and untraceable.”

Salvadoran officials say that Ecuadorean boatmen have become a core part of the criminal activity. They move the shipments to places off coasts of El Salvador, Guatemala and Costa Rica.

Once the shipments are left at certain locations in the Pacific, traffickers use the GPS to alert those waiting for them by sending information to mobile telephones and computers, the website said, citing the Salvadoran national police’s anti-narcotics division.

One of the most notorious drug kingpins, Ecuador’s Washington Prado Alava, was said by Colombian authorities to have run a highly sophisticated trafficking operation. But his operation, which moved 250 metric tons of cocaine to the United States over a four-year span, was dependent on GPS locators, Insight Crime reported. More here from FNC.

***

Anti-drug forces from several European and American countries intercepted a total of eight tons of cocaine in a double bust that is being dubbed as one of the largest in history.

In the larger one, Spanish authorities cooperated with Ecuadorean police to intercept a ship off that Latin American country bringing more than 5.5 metric tons of cocaine to Spain.

The ship was loaded with Colombian cocaine in the Pacific and planned to travel through the Panama Canal and across the Atlantic to Europe, officials said in a statement.

Una operación de la junto a la de Ecuador ha permitido interceptar un buque con 5.529 kilos de cocaína y detener a 24 personas.

 

In a separate drug seizure, Spanish police stopped a Venezuela-flagged fishing vessel carrying 2.5 metric tons of cocaine near Martinica.

The ship was intercepted on May 4 and was towed to Las Palmas in Spain’s Canary Islands.

The U.S. Drug Enforcement Agency and Britain’s National Crime Agency also took part in the joint operation.

The cargo seized off the coast of Ecuador has an estimated value of $250 million. Ecuadorean agents boarded it when it was almost three nautical miles off Santa Elena province.

Spain’s Interior Minister Juan Ignocio Zoido said to El Pais that the first operation resulted in the capture of 24 suspected drug traffickers.

“It is one of the largest cocaine seizures in history and it takes apart a large drug-trafficking organization between South America and Spain,” he said.

The massive operation began after Spain found out in January that a South American ring with links in Spain was organizing a large shipment.

That information was corroborated by intelligence also gathered by the U.S., Britain and Portugal, the statement said.

Since the beginning of 2017, Ecuador has confiscated about 30 tons of cocaine.

Large seizures of cocaine and cannabis aren’t uncommon in the Iberian Peninsula, which is seen as a drug gateway to Europe.

Spanish police captured almost eight metric tons of cocaine from four vessels in 2015 and 2016 and arrested 80 people, the police statement said.

 

Trump Orders Emergency Meeting After Global Cyber-attack

Posted on by

Primer: Investigators launched a far-reaching hunt for the perpetrator, as institutions around the world worked to mitigate damage from the highest-profile computer-worm outbreak in nearly a decade. More here from the WSJ.

Image result for wannacry ransomware

President Trump reportedly ordered an emergency meeting over the weekend after an unprecedented cyberattack hit at least 100,000 organizations in 150 countries.

Senior security staffers with Homeland Security, the FBI and the National Security Agency met on Friday and Saturday in the White House to assess the threat from the “ransomware” attack, Reuters reported.

Trump ordered Homeland Security adviser Tom Bossert to hold the meeting, CBS News reported. Details of the meeting were not immediately disclosed.

The attack that began Friday is believed to be the biggest online extortion attack ever recorded, spreading chaos by locking computers that run Britain’s hospital network, Germany’s national railway and scores of other companies, factories and government agencies worldwide.

Steven Wilson, Head of Europol’s European Cybercrime Centre, told Sky News on Sunday that it was now important that IT departments checked their systems on Monday morning to ensure they had not been compromised.

Security experts warned that further cyberattacks are likely.

“The global reach is unprecedented and beyond what we have seen before,” Rob Wainwright, director of the Netherlands-based Europol said Sunday “The latest count is over 200,000 victims in at least 150 countries, and those victims, many of those will be businesses, including large corporations.”

“At the moment, we are in the face of an escalating threat. The numbers are going up,” he added. “I am worried about how the numbers will continue to grow when people go to work and turn on their machines on Monday morning.”

The Europol spokesman said it was too early to say who is behind the onslaught and what their motivation was. The main challenge for investigators was the fast-spreading capabilities of the malware, he said, adding that so far not many people have paid the ransoms that the virus demands.

Had it not been for a young cybersecurity researcher’s accidental discovery of a so-called “kill switch,” the malicious software likely would have spread much farther and faster. Security experts say this attack should wake up every corporate board room and legislative chamber around the globe.

***

The long-expected US Executive Order is out, and giving prominence to the NIST Framework, DHS,and OMB. Eternal Blue is used to spread WannaCry ransomware, and the UK’s NHS is hard hit. Fancy Bear prances in NATO costume. US Intelligence Community leaders warn the Senate that the Russian cyber threat is large, growing, and not going away. And spamming celebrates its thrity-ninth birthday—no happy returns for you, spammers.

In today’s podcast, we hear about the long-expected US Executive Order, with commentary from Politico’s Eric Geller. It was signed yesterday, and gives prominence to the NIST Framework, DHS,and OMB. Eternal Blue is used to spread WannaCry ransomware, and the UK’s NHS is hard hit. Fancy Bear prances in NATO costume. US Intelligence Community leaders warn the Senate that the Russian cyber threat is large, growing, and not going away. The University of Maryland’s Jonathan Katz explains some potential browser protocol vulnerabilities. And spamming celebrates its thirty-ninth birthday—no happy returns for you, spammers.  Go here for the podcast, see WannaCry ransomware title.  It is key to note that cyber experts saw chatter in hack chat rooms about this worm in April.

57,000 Detections, 74 Countries Affected by Global Ransomware

Posted on by

 

Go here for more information on malware affections.

Further, US-CERT, by DHS has this information.

 

 

Older machines running XP do not appear to be affected. Meanwhile, about a month ago:

Microsoft responds to NSA’s Windows exploits, urges customers to upgrade to supported versions

Remember, this NSA vault toolkit was stolen, leaked and published by WikiLeaks, Julian Assange. In some cases, it could be a deadly threat to life considering the intrusions into hospitals. The other blame goes to the Russian cyber gang, ShadowBrokers.

Russian-linked cyber gang Shadow Brokers blamed for NHS computer hack 

Ransom message found on NHS computersCourtesy: TelegraphUK: Ransom message found on NHS computers

CyberScoop: Large organizations on every continent are being hit by a global campaign of ransomware attacks on Friday, unfortunately, average ransomware demand has increased significantly. Machines are being infected using exploits developed by the U.S. National Security Agency and leaked by the group known as ShadowBrokers, according to authorities.

More than 57,000 detections in 74 countries have been recorded. Russia appears to be the most infected country by far, according to cybersecurity firms Kaspersky and Avast.

The “number [is] still growing fast,” according to Costin Raiu, Kaspersky’s director of research.

Hospitals across England were forced to divert emergency patients, according to the National Health Service. Other hospitals are asking patients to avoid coming in except for emergencies, news reports said.

In Spain, victims including the telecommunications company Telefónica told employees to shut down machines and networks in an effort to stop the spread of the malware. Other victims include Gas Natural and Iberdrola, an electric utility firm.

The ransomware campaign is caused by “exploiting the vulnerability described in bulletin MS17-010 using EternalBlue / DoublePulsar,”Spain’s Computer Emergency Readiness Team explained on Friday. “Infection of a single computer can end up compromising the entire corporate network.”

EternalBlue and DoublePulsar are code names for NSA hacking tools used to infect thousands of machines around the world since the NSA tools leaked in April.

That description from Spanish authorities and the work of several researchers point directly to NSA tools hacked and leaked by ShadowBrokers. The patch that Microsoft published in March assigned the designation MS17-010 to the vulnerability.

A widespread “bloodbath” from criminals has been expected by experts since the leak.

The ransomware “infects the machine by encrypting all its files and, using a remote command execution vulnerability through SMB, is distributed to other Windows machines on the same network. Microsoft published the vulnerability on March 14 in its bulletin and a few days ago a proof of concept was released that seems to have been the trigger of the campaign.” SMB is Microsoft’s Server Message Block protocol for network file sharing.

The attacks in different countries have been linked to the same group, according to the Financial Times.

The U.S. Department of Homeland Security is “coordinating with our international cyber partners” in Europe and Asia, a spokesperson told CyberScoop. “The Department of Homeland Security stands ready to support any international or domestic partner’s request for assistance. We routinely provide cybersecurity assistance upon request, including technical analysis and support.  Information shared with DHS as part of these efforts, including whether a request has been made, is confidential.”

Security researcher Kevin Beaumont advised patching machines immediately:

** Kevin Beaumont?Verified account @GossiTheDog5h5 hours ago 

Confirmed – wcry ransomware spreading across Europe uses EternalBlue/MS17-010/SMB. PATCH NOW EVERYWHERE.

Spanish authorities confirmed the ransomware is a version of WannaCry (also known as WannaCrypt0r), according to the National Cryptology Center. In Spain, the newspaper El Mundo is reporting that “early indications point to an attack originating in China.”

“Given the rapid, prolific distribution of this ransomware, we consider this activity poses high risks that all organizations using potentially vulnerable Windows machines should address,” a spokesperson from the cybersecurity firm FireEye told CyberScoop. “Organizations seeking to take risk management steps related to this campaign can implement patching for the MS17-010 Microsoft Security bulletin and leverage the indicators of compromise identified as associated with this activity.”

FireEye has yet to see a U.S.-based company be affected by the ransomware worm.

An estimated 25 health facilities in London and across England have been hit, according to the NHS. St Bartholomew’s Hospital in London, one of the victims, received warnings earlier this year that computers using Windows XP were vulnerable, reported the technology news site the Inquirer. Increasingly, some infected hospitals are not accepting phone calls or internet communications. The Derbyshire Community Health Services NHS Trust has reportedly shut down all of its IT systems.

“At this stage we do not have any evidence that patient data has been accessed,” an NHS statement said. “We will continue to work with affected organizations to confirm this.”

East and North Hertfordshire NHS trust, a hospital just north of London, publicly acknowledged “a major IT problem” that is “believed to be caused by a cyber attack.”

“The trust is postponing all non-urgent activity for today and is asking people not to come to A&E – please ring NHS111 for urgent medical advice or 999 if it is a life-threatening emergency,” according to a statement. “To ensure that all back-up processes and procedures were put in place quickly, the trust declared a major internal incident to make sure that patients already in the trust’s hospitals continued to receive the care they need.”

News of the English hospitals being hit with ransomware spread quickly among doctors and hospital employees, including in a widely shared message from an English doctor now making the rounds on social media.

**

If.ra? @asystoly6h6 hours ago  Why would you cyber attack a hospital and hold it for ransom? The state of the world ?

“So our hospital is down,” the doctor wrote. “We got a message saying your computers are now under their control and pay a certain amount of money. And now everything is gone.”