Category Archives: FBI

Visa Overstays are a Bigger Issue then the Border Wall

Posted on by

Primer: If you overstay your visa for 180 days or more (but less than one year), when you depart the U.S. you will be barred from reentering the U.S. for three years. If you overstay your visa for one year or more, when you depart the U.S. you will be barred from reentering the U.S. for ten years.

Image result for visa overstay

Related reading: Rep. Henry Cuellar (D-TX), reports on 30 countries that refuse to take back their criminals. He appeared on CSpan and Full Measure explaining the issue. The Washington Times reports under federal law, the U.S. government can refuse to issue visas to nationals of countries that refuse to take back their citizens who have been ordered deported from the United States. But according to Cuellar, the government is not enforcing the law.
***

TruthRevolt reports in part: The Center for Migration Studies reports that “two-thirds of those who arrived in 2014 did not illegally cross a border, but were admitted (after screening) on non-immigrant (temporary) visas, and then overstayed their period of admission or otherwise violated the terms of their visas.” This is a trend, far above illegal crossings, which is anticipated to continue climbing from now on.

“That’s because, incredibly, the U.S. doesn’t have an adequate system to assure the foreigners leave when they’re supposed to,” Judical Watch reports. “This has been a serious problem for years and in fact some of the 9/11 hijackers overstayed their visa to plan the worst terrorist attack on U.S. soil. More than a decade and a half later little has changed. Securing the famously porous southern border is essential to national security but so is a reliable system that cracks down on visa overstays.”

According to the CMS study, there have been 600,000 more overstays than illegal border crossings since 2007. Mexico leads in both overstays and EWIs, or entries without inspection. Here are the breakdowns:

  • California has the largest number of overstays (890,000), followed by New York (520,000), Texas (475,000), and Florida (435,000).
  • Two states had 47 percent of the 6.4 million EWIs in 2014: California (1.7 million) and Texas (1.3 million).
  • The percentage of overstays varies widely by state: more than two-thirds of the undocumented who live in Hawaii, Massachusetts, Connecticut, and Pennsylvania are overstays. By contrast, the undocumented population in Kansas, Arkansas, and New Mexico consists of fewer than 25 percent overstays. More here.

*** So who is responsible for control of this? ICE holds all accountability, which reports to the Department of Homeland Security. What about Congress you ask?

Check this out…

Well, there was a bill introduced in 2013, 2015 and again in January of 2017. Yup. The current bill was only introduced and has a 1% chance of passing. It is only a 2 page bill to amend current law noted as H.R. 643. This bill would make it a crime for visa overstays with defined penalties. It is the U.S. State Department, Bureau of Consular Affairs that is responsible for issuing visas and waivers in the case of denials. If you can stand reading the steps and caveats to this process, go here.

Related reading: DHS Releases Entry/Exit Overstay Report For Fiscal Year 2015

For context on how DHS under Secretary Jeh Johnson at the time packaged the report, here is a sample:

DHS conducts the overstay identification process by examining arrival, departure and immigration status information, which is consolidated to generate a complete picture of an individual’s travel to the United States.  The Department identifies two types of overstays – those individuals for whom no departure has been recorded (Suspected In-Country Overstay) and those individuals whose departure was recorded after their lawful admission period expired (Out-of-Country Overstay).

This report focuses on foreign nationals who entered the United States as nonimmigrant visitors for business (i.e., B1 and WB visas) or pleasure (i.e., B2 and WT visas) through an air or sea port of entry, which represents the vast majority of annual nonimmigrant admissions.  In FY 2015, of the nearly 45 million nonimmigrant visitor admissions through air or sea ports of entry that were expected to depart in FY 2015, DHS determined that 527,127 individuals overstayed their admission, for a total overstay rate of 1.17 percent.  In other words, 98.83 percent had left the United States on time and abided by the terms of their admission.

The report breaks the overstay rates down further to provide a better picture of those overstays that remain in the United States beyond their period of admission and for whom CBP has no evidence of a departure or transition to another  immigration status. At the end of FY 2015, the overall Suspected In-Country Overstay number was 482,781 individuals, or 1.07 percent.

Due to further continuing departures by individuals in this population, by January 4, 2016, the number of Suspected In-Country overstays for FY 2015 had dropped to 416,500, rendering the Suspected In-Country Overstay rate as 0.9 percent.  In other words, as of January 4, DHS was able to confirm the departures of over 99 percent of nonimmigrant visitors scheduled to depart in FY 2015 via air and sea POEs, and that number continues to grow.

This report separates Visa Waiver Program (VWP) country overstay numbers from non-VWP country numbers.  For VWP countries, the FY 2015 Suspected In-Country overstay rate is 0.65 percent of the 20,974,390 expected departures. For non-VWP countries, the FY 2015 Suspected In-Country Overstay rate is 1.60 percent of the 13,182,807 expected departures. DHS is in the process of evaluating whether and to what extent the data presented in this report will be used to make decisions on the VWP country designations.

Overall, CBP has improved the collection of data on all admissions to the United States by foreign nationals, biometric data on most foreign travelers to the United States, and processes to check data against criminal and terrorist watchlists.  CBP has also made tremendous progress in accurately reporting data on overstays to better centralize the overall mission in identifying overstays.  CBP will continue to roll out additional pilot programs during FY 2016 that will further improve the ability of CBP to accurately report this data.

U.S. Immigration and Customs Enforcement’s (ICE) Counterterrorism and Criminal Exploitation Unit (CTCEU) is the program dedicated to the enforcement of nonimmigrant visa violations.  Each year, ICE analyzes records of hundreds of thousands of potential status violators from various investigative databases and DHS entry/exit registration systems. The goal is to identify, locate, prosecute when appropriate, and remove overstays consistent with DHS’s immigration enforcement priorities, which prioritize those who pose a risk to national security or public safety.

Read more here.

The Counterterrorism and Criminal Exploitation Unit prevents terrorists and other criminals from exploiting the nation’s immigration system. Really? Yup, that is what the website reads. In a hearing from 2012, you may be interested in reading the testimony on the matter of visa overstays delivered by DHS Deputy Counterterrorism Coordinator John Cohen and ICE Homeland Security Investigations Deputy Executive Associate Director Peter Edge.

DOJ Moves to Remove U.S. Citizenship of AQ Operative

Posted on by
Department of Justice                                 The official criminal complaint is here.
Office of Public Affairs
FOR IMMEDIATE RELEASE
Monday, March 20, 2017

Denaturalization Lawsuit Filed Against Convicted Al Qaeda Conspirator Residing In Illinois

The United States has filed a civil action in the Southern District of Illinois against a 47-year-old naturalized citizen, formerly of Cleveland, Ohio, accused of unlawfully procuring his U.S. citizenship, announced Acting Assistant Attorney General Chad A. Readler of the Justice Department’s Civil Division and U.S. Attorney Donald S. Boyce for the Southern District of Illinois.

Image result for Iyman Faris

Iyman Faris, a native of Pakistan, is currently serving a criminal sentence at the U.S. Penitentiary at Marion, Illinois for conspiracy to provide material support to a designated foreign terrorist organization, namely, al Qaeda, and for providing material support to al Qaeda. In October 2003, the U.S. District Court for the Eastern District of Virginia sentenced Faris to 20 years in prison. The civil complaint alleges that Faris entered the United States fraudulently by using another’s passport that he willfully misrepresented the circumstances under which he entered the United States on subsequent applications for immigration benefits, and that he twice testified falsely to obtain immigration benefits. Additionally, the complaint alleges Faris lacked the required attachment to the principles of the U.S. Constitution at the time of his naturalization, as proven by his 2003 federal conviction for providing material support to al Qaeda, a designated terrorist organization. Faris was naturalized as a U.S. citizen on Dec. 16, 1999.

“The Department’s Office of Immigration Litigation will continue to pursue denaturalization proceedings against known or suspected terrorists who procured their citizenship by fraud,” said Acting Assistant Attorney General Readler. “The U.S. government is dedicated to strengthening the security of our nation and preventing the exploitation of our nation’s immigration system by those who would do harm to our country.

“The prosecution of this case demonstrates the commitment of the Department of Justice to preventing immigration fraud,” said U.S. Attorney Boyce. “It is important to ensure the path to legal naturalization remains secure and free of fraud. When people enter the United States, immigrate, and later become citizens, all done through fraud and misrepresentation, their unlawful actions harm the integrity of our immigration system.”

Under the Immigration and Nationality Act, a naturalized U.S. citizen’s citizenship may be revoked, and his certificate of naturalization canceled, if the naturalization was illegally procured or procured by concealment of a material fact or by willful misrepresentation.

This case was investigated by the Civil Division’s Office of Immigration Litigation, District Court Section and U.S. Immigration and Customs Enforcement. The litigation is being handled by Trial Attorney Edward S. White of the Office of Immigration Litigation and Assistant U.S. Attorney Nicholas J. Biersbach of the U.S. Attorney’s Office for the Southern District of Illinois.

The claims made in the complaint are allegations only, and there has been no determination of liability.

*** On background, here is the basis of the case from 2003:

IYMAN FARIS SENTENCED FOR PROVIDING MATERIAL SUPPORT
TO AL QAEDA

WASHINGTON, D.C. – Attorney General John Ashcroft, Assistant Attorney General Christopher A. Wray of the Criminal Division, and U.S. Attorney Paul McNulty of the Eastern District of Virginia announced today that Iyman Faris was sentenced to 20 years in prison for providing material support and resources to al Qaeda and conspiracy for providing the terrorist organization with information about possible U.S. targets for attack.

Faris, a/k/a Mohammad Rauf, 34, of Columbus, Ohio, was sentenced this afternoon by U.S. District Court Judge Leonie M. Brinkema, at federal court in Alexandria, Virginia. Before sentencing Faris, Judge Brinkema denied Faris’ request that he be allowed to withdraw his guilty plea.

Faris, a naturalized U.S. citizen born in Kashmir, pleaded guilty on May 1, 2003, to casing a New York City bridge for al Qaeda, and researching and providing information to al Qaeda regarding the tools necessary for possible attacks on U.S. targets.  More here.

 

WTH: Siphoning off Cellphone Data in DC is Real

Posted on by

First

An IMSIcatcher (International Mobile Subscriber Identity) is a telephony eavesdropping device used for intercepting mobile phone traffic and tracking movement of mobile phone users. Essentially a “fake” mobile tower acting between the target mobile phone(s) and the service provider’s real towers, it is considered a man-in-the-middle (MITM) attack.

Low-cost IMSI catcher for 4G/LTE networks tracks phones’ precise locations

$1,400 device can track users for days with little indication anything is amiss.

The researchers have devised a separate class of attacks that causes phones to lose connections to LTE networks, a scenario that could be exploited to silently downgrade devices to the less secure 2G and 3G mobile specifications. The 2G, or GSM, protocol has long been known to be susceptible to man-in-the-middle attacks using a form of a fake base station known as an IMSI catcher (like the Stingray). 2G networks are also vulnerable to attacks that reveal a phone’s location within about 0.6 square mile. 3G phones suffer from a similar tracking flaw. The new attacks, described in a research paper published Monday, are believed to be the first to target LTE networks, which have been widely viewed as more secure than their predecessors.

“The LTE access network security protocols promise several layers of protection techniques to prevent tracking of subscribers and ensure availability of network services at all times,” the researchers wrote in the paper, which is titled “Practical attacks against privacy and availability in 4G/LTE mobile communication systems.”

Second

ESD Overwatch:

Generate a continuously updated national situation report by means of distributed detection and localization of a multitude of baseband attacks as well as the manipulation of cellular signaling.

Detect and monitor cellular attacks in real-time

  • IMSI Catchers

    IMSI Catchers

  • Baseband Attacks

    Baseband Processor Attacks

  • Rogue Basestation

    Rogue Basestations

  • Cellular Jamming

    Cellular Jamming

Third

Suspected Hack Attack Snagging Cell Phone Data Across D.C.

Malicious entity could be tracking phones of domestic, foreign officials

FreeBeacon: An unusual amount of highly suspicious cellphone activity in the Washington, D.C., region is fueling concerns that a rogue entity is surveying the communications of numerous individuals, likely including U.S. government officials and foreign diplomats, according to documents viewed by the Washington Free Beacon and conversations with security insiders.

A large spike in suspicious activity on a major U.S. cellular carrier has raised red flags in the Department of Homeland Security and prompted concerns that cellphones in the region are being tracked. Such activity could allow pernicious actors to clone devices and other mobile equipment used by civilians and government insiders, according to information obtained by the Free Beacon.

It remains unclear who is behind the attacks, but the sophistication and amount of time indicates it could be a foreign nation, sources said.

Mass amounts of location data appear to have been siphoned off by a third party who may have control of entire cell phone towers in the area, according to information obtained by the Free Beacon. This information was compiled by a program that monitors cell towers for anomalies supported by DHS and ESD America and known as ESD Overwatch.

Cell phone information gathered by the program shows major anomalies in the D.C.-area indicating that a third-party is tracking en-masse a large number of cellphones. Such a tactic could be used to clone phones, introduce malware to facilitate spying, and track government phones being used by officials in the area.

“The attack was first seen in D.C. but was later seen on other sensors across the USA,” according to one source familiar with the situation. “A sensor located close to the White House and another over near the Pentagon have been part of those that have seen this tracking.”

The data gathered by the ESD Overwatch program indicates the U.S. cell carrier has experienced “unlawful access to their network for the purpose of large scale subscriber tracking,” according to a report prepared by ESD Overwatch, a contractor working on behalf of DHS, and viewed by the Free Beacon.

Information gathered by the program shows a massive uptick in efforts to identify and track cellphones. The third-party hacker appears to be identifying phones as they connect with local cellphone towers and recording this information.

This method of hacking could permit a malicious actor to track an individual’s cellphone and pinpoint phones that may be of importance, such as government entities.

The cellular network involved in the attack is being abused in order to track phones subscribed to the carrier, according to one source familiar with the situation.

DHS’s Office of Public Affairs confirmed that the ESD Overwatch program has been operating under a 90-day pilot program that began Jan. 18. Before the surveillance program was initiated the federal government did not have a method to detect intrusions of the nature seen over the past several months.

The attack on this network is still underway, according to sources monitoring the situation.

An official with ESD Overwatch acknowledged the existence of the DHS program, but would not comment further on the matter.

The issue of cellphone vulnerabilities has been a top concern in Congress, where lawmakers petitioned DHS on Wednesday to outline steps the government is taking to prevent foreign governments from performing the type of attacks observed by Overwatch.

“For several years, cyber security experts have repeatedly warned that U.S. cellular communications networks are vulnerable to surveillance by foreign governments, hackers, and criminals exploiting vulnerabilities in Signaling System 7,” which is used by cellular phones and text messaging applications, according to a letter set by Sen. Ron Wyden (D., Ore.) and Rep. Ted Lieu (D., Calif.).

“U.S. cellular phones can be tracked, tapped, and hacked—by adversaries thousands of miles away—through SS7-enabled surveillance,” the lawmakers write. “We are deeply concerned that the security of America’s telecommunications infrastructure is not getting the attention it deserves.”

“We suspect that most Americans simply have no idea how easy it is for a relatively sophisticated adversary to track their movements, tap their calls, and hack their smartphones,” the lawmakers write.

Concerns continue to mount that the government is not adequately taking steps to secure cellular networks.

The lawmakers request that DHS outline specific steps being taken to insulate networks from attacks and ensure that U.S. cell carriers are doing the same.

 

Gen. Flynn Worked for Several Russian Companies

Posted on by

 Image result for general flynn

WSJ: President Trump’s former national security adviser, Mike Flynn, was paid tens of thousands of dollars by Russian companies shortly before he became a formal adviser to the then-candidate, according to documents obtained by a congressional oversight committee that revealed business interests that hadn’t been previously known.

Mr. Flynn was paid $11,250 each by a Russian air cargo company that had been suspended as a vendor to the United Nations following a corruption scandal, and by a Russian cybersecurity company that was then trying to expand its business with the U.S. government, according to the documents, which were reviewed by The Wall Street Journal.

The speaking engagements took place in the summer and fall of 2015, a year after Mr. Flynn had been fired as the director of the Defense Intelligence Agency and while he continued to maintain a top-secret level security clearance.

In December 2015, the Kremlin-backed news organization RT also paid Mr. Flynn $33,750 to speak about U.S. foreign policy and intelligence matters at a conference in Moscow.

In February 2016, Mr. Flynn became an official adviser to the presidential campaign of Donald Trump, who at the time was taking a softer stance toward Moscow than his Republican rivals.

Mike Flynn resigned Monday as Trump’s national security adviser. He came under fire for making conflicting statements on whether he discussed sanctions with a Russian official before the president’s inauguration. Photo: Reuters (Originally published Feb., 14, 2017)

Price Floyd, a spokesman for Mr. Flynn, said he reported his RT appearance to the Defense Intelligence Agency, as required. Mr. Floyd didn’t immediately respond to questions about the other fees.

The new details about Mr. Flynn’s speaking engagements are contained in emails and documents provided to congress by his speaker’s bureau, Leading Authorities, and shed light on a continuing inquiry into Mr. Flynn’s and other Trump associates’ ties to Moscow.

On Monday, FBI Director James Comey and other current and former U.S. officials are scheduled to testify about possible Russian interference in the 2016 presidential election before a congressional committee that is also probing Trump associates’ ties to Russia.

Attorney General Jeff Sessions has recused himself from any investigation related to the 2016 presidential campaign after he failed to disclose the extent of his own contacts with the Russian ambassador to the U.S., Sergei Kislyak.

Mr. Flynn resigned under pressure in February after he failed to tell White House officials about phone calls he had with Mr. Kislyak, in which the two discussed the potential lifting of U.S. sanctions on Russia, according to U.S. officials familiar with the contents of the conversations.

While the documents from Mr. Flynn’s speaker’s bureau provide the most detail to date on his business dealings with Russia, they don’t show what other work he may have been doing outside his role as a paid speaker. Mr. Flynn commanded high fees for speaking on the state of global security and talking about his role as one of the most senior intelligence officials in the Obama administration.

Mr. Flynn was removed from his post as DIA chief after complaints of poor management and organization, not because of a policy dispute, according to people who worked with him at the time.

Last week, Mr. Flynn filed papers with the Justice Department disclosing that his firm was paid $530,000 to work in the U.S. on behalf of the interests of the Turkish government. Mr. Flynn had performed those services while he was advising Mr. Trump, then a presidential candidate.

Little additional information has become public about other clients the former military intelligence chief’s private consulting firm, Flynn Intel Group, may have had before the retired general’s appointment as national security adviser.

In a letter sent Thursday by Rep. Elijah Cummings (D., Md.) to Mr. Trump, Defense Secretary Jim Mattis and Mr. Comey, Mr. Cummings wrote that by taking the RT speaking fee, Mr. Flynn had “accepted funds from an instrument of the Russian government.”

Mr. Cummings, the top Democrat on the House Oversight and Government Reform Committee, pointed to a Central Intelligence Agency analysis written in 2012, while Mr. Flynn was running the DIA, that said RT was “created and financed by the Russian government,” which spent hundreds of millions of dollars a year to help the network create and disseminate programming that is broadcast in English around the world, including in the U.S.

Mr. Cummings said that by taking the fee, Mr. Flynn had violated the emoluments clause of the Constitution, which prohibits people in public office from accepting money from foreign governments. Some analysts have said this prohibition may apply to retired officers as well, because they could be recalled to service.

“I cannot recall anytime in our nation’s history when the president selected as his national security adviser someone who violated the Constitution by accepting tens of thousands of dollars from an agent of a global adversary that attacked our democracy,” Mr. Cummings wrote.

Though Mr. Flynn’s RT appearance had been reported, the documents provided new details about how he came to speak at the RT conference in December 2015, an event marking the network’s 10th anniversary.

While Mr. Flynn’s speakers’ bureau acted as a middleman, email communications indicate that RT sought to orchestrate the event and the content of his remarks.

“Using your expertise as an intelligence professional, we’d like you to talk about the decision-making process in the White House—and the role of the intelligence community in it,” an official from RT TV-Russia wrote in an email on Nov. 20, 2015, the month before Mr. Flynn’s appearance in Moscow.

In an earlier email in October, an RT official described the event as a networking opportunity for Mr. Flynn and an occasion to meet “political influencers from Russia and around the world.” At a gala dinner during the event, Mr. Flynn sat at the head table next to Russian President Vladimir Putin.

“It was something of a surprise to see General Flynn there,” said Ray McGovern, a former CIA officer and political activist who also attended.

Before the dinner, Mr. Flynn gave an interview on stage with an RT correspondent and chastised the Obama administration for objecting to Russia’s intervention in Syria.

“The United States can’t sit there and say, ‘Russia, you’re bad,’” Mr. Flynn said, according to a video of the interview, noting that both countries had shared global interests and were “in a marriage, whether we like it or not.” The countries should “stop acting like two bullies in a playground” and “quit acting immature with each other,” Mr. Flynn said.

Mr. Flynn attended with his son, Michael Flynn Jr., who worked as the chief of staff to his consulting firm. Records show that RT paid for travel and lodging expenses for both Flynns, including business-class airfare, accommodations at Moscow’s Hotel Metropol, and meals and incidental expenses while in Russia.

Mr. Putin entered the dinner late with two body guards, Mr. McGovern said. He waved and took his seat at the table, where he remained for about 20 minutes. After a fifteen-minute speech, Mr. Putin sat down, listened to a performance by the Russian Army chorus and then left, Mr. McGovern said.

It isn’t clear what Mr. Flynn said during speeches to the other two companies, computer security firm Kaspersky and Russian airliner Volga-Dnepr.

Mr. Flynn appears to have to spoken to Kaspersky at a conference the company sponsored in Washington, D.C., in October 2015. It wasn’t clear where Mr. Flynn spoke to Volga-Dnepr, but records from his speaker’s bureau show the engagement took place on August 19, 2015.

Kaspersky sponsors a number of events world-wide and in recent years has been trying to expand its business in the U.S., looking to supply government clients with antivirus products for industrial control systems.

Kaspersky said in a statement that its U.S. subsidiary paid Mr. Flynn a speaker fee for remarks at the 2015 Government Cyber Security Forum in Washington, D.C.

“As a private company, Kaspersky Lab has no ties to any government, but the company is proud to collaborate with the authorities of many countries, as well as international law enforcement agencies in the fight against cybercrime,” the company said.

Volga-Dnepr didn’t respond to a request for comment. The Russian cargo air firm is known for operating one of the largest military transport aircraft in the world, the An-124, which the U.S. has contracted in the past to lift military equipment, including Russian helicopters, into Afghanistan. The plane has a larger capacity than the U.S. military’s biggest cargo plane.

***

In part from Associated Press: Flynn’s sparkling military resume had included key assignments at home and abroad, and high praise from superiors.

The son of an Army veteran of World War II and the Korean war, Flynn was commissioned as a second lieutenant in May 1981 after graduating from the University of Rhode Island. He started in intelligence, eventually commanding military intelligence units at the battalion and then brigade level. In the early years of the Iraq war, he was intelligence chief for Joint Special Operations Command, the organization in charge of secret commando units like SEAL Team 6 and Delta Force. He then led intelligence efforts for all U.S. military operations in the Middle East and then took up the top intelligence post on the Joint Staff in the Pentagon.

Ian McCulloh, a Johns Hopkins data science specialist, became an admirer of Flynn while working as an Army lieutenant colonel in Afghanistan in 2009. At the time, Flynn ran intelligence for the U.S.-led international coalition in Kabul and was pushing for more creative approaches to targeting Taliban networks, including use of data mining and social network analysis, according to McCulloh.

“He was pushing for us to think out of the box and try to leverage technology better and innovate,” McCulloh said, crediting Flynn for improving the effectiveness of U.S. targeting. “A lot of people didn’t like it because it was different.”

It was typical of the determined, though divisive, approach Flynn would adopt at the Defense Intelligence Agency, which provides military intelligence to commanders and defense policymakers. There, he quickly acquired a reputation as a disruptive force. While some applauded Flynn with forcing a tradition-bound bureaucracy to abandon old habits and seek out new, more effective ways of collecting and analyzing intelligence useful in the fight against extremist groups, others saw his efforts as erratic and his style as prone to grandstanding.

In the spring of 2014, after less than two years on the job, he was told to pack his bags.

According to Flynn’s telling, it was his no-nonsense approach to fighting Islamic extremist groups that caused the rift.

A former senior Obama administration official who was consulted during the deliberations disputed that account. Flynn was relieved of his post for insubordination after failing to follow guidance from superiors, including James Clapper, Obama’s director of national intelligence, said the official, who asked for anonymity to discuss personnel matters.

Plunged into civilian life for the first time in 33 years, Flynn moved quickly to capitalize on his military and intelligence world connections and experience. He did so in an unorthodox way.

“I didn’t walk out like a lot of guys and go to big jobs in Northrup Grumman or Booz Allen or some of these other big companies,” Flynn told Foreign Policy magazine in 2015.

Instead, he opened his own consulting firm, Flynn Intelligence Group, in Alexandria, Va. He brought in his son, Michael G. Flynn as a top aide, and began assembling a crew of former armed forces veterans with expertise in cyber, logistics and surveillance, and sought out ties with lesser-known figures and companies trying to expand their profiles as contractors in the military and intelligence spheres.

One “team” member listed on the firm’s site was James Woolsey, President Bill Clinton’s former CIA director. Woolsey briefly joined Flynn on Trump’s transition team as a senior adviser, but quit in January. Another was lobbyist Robert Kelley.

Kelley proved a central player in the Flynn Group’s decision to help a Turkish businessman tied to Turkey’s government. At the same time that Flynn was advising Trump on national security matters, Kelley was lobbying legislators on behalf of businessman Ekim Alptekin’s firm between mid-September and December last year, lobbying documents show.

It was an odd match. Flynn has stirred controversy with dire warnings about Islam, calling it a “political ideology” that “definitely hides behind being a religion” and accusing Obama of preventing the U.S. from “discrediting” radical Islam. But his alarms apparently didn’t extend to Turkish President Recep Tayyip Erdogan’s government as it cracked down on dissent and jailed thousands of opponents after a failed coup last summer. Erdogan’s power base is among Turkey’s conservative Muslim voters and many affected by his crackdown are secularists. More here.

Russian FSB Officers Charged in Yahoo Hack and More

Posted on by
 NBC, Washington

Yahoo announced on Thursday that the account information of at least 500 million users was stolen by hackers two years ago, in the biggest known intrusion of one company’s computer network.

In a statement, Yahoo said user information — including names, email addresses, telephone numbers, birth dates, encrypted passwords and, in some cases, security questions — was compromised in 2014 by what it believed was a “state-sponsored actor.” More here from NYT’s.

U.S. Charges Russian FSB Officers and Their Criminal Conspirators for Hacking Yahoo and Millions of Email Accounts

FSB Officers Protected, Directed, Facilitated and Paid Criminal Hackers

Image result for Dmitry Aleksandrovich Dokuchaev Image result for Igor Anatolyevich Sushchin Image result for Alexsey Alexseyevich Belan

Image result for Karim Akehmet Tokbergenov Karim Taloverov, arrested in Canada

A grand jury in the Northern District of California has indicted four defendants, including two officers of the Russian Federal Security Service (FSB), for computer hacking, economic espionage and other criminal offenses in connection with a conspiracy, beginning in January 2014, to access Yahoo’s network and the contents of webmail accounts. The defendants are Dmitry Aleksandrovich Dokuchaev, 33, a Russian national and resident; Igor Anatolyevich Sushchin, 43, a Russian national and resident; Alexsey Alexseyevich Belan, aka “Magg,” 29, a Russian national and resident; and Karim Baratov, aka “Kay,” “Karim Taloverov” and “Karim Akehmet Tokbergenov,” 22, a Canadian and Kazakh national and a resident of Canada.

The defendants used unauthorized access to Yahoo’s systems to steal information from about at least 500 million Yahoo accounts and then used some of that stolen information to obtain unauthorized access to the contents of accounts at Yahoo, Google and other webmail providers, including accounts of Russian journalists, U.S. and Russian government officials and private-sector employees of financial, transportation and other companies. One of the defendants also exploited his access to Yahoo’s network for his personal financial gain, by searching Yahoo user communications for credit card and gift card account numbers, redirecting a subset of Yahoo search engine web traffic so he could make commissions and enabling the theft of the contacts of at least 30 million Yahoo accounts to facilitate a spam campaign.

The charges were announced by Attorney General Jeff Sessions of the U.S. Department of Justice, Director James Comey of the FBI, Acting Assistant Attorney General Mary McCord of the National Security Division, U.S. Attorney Brian Stretch for the Northern District of California and Executive Assistant Director Paul Abbate of the FBI’s Criminal, Cyber, Response and Services Branch.

“Cyber crime poses a significant threat to our nation’s security and prosperity, and this is one of the largest data breaches in history,” said Attorney General Sessions. “But thanks to the tireless efforts of U.S. prosecutors and investigators, as well as our Canadian partners, today we have identified four individuals, including two Russian FSB officers, responsible for unauthorized access to millions of users’ accounts. The United States will vigorously investigate and prosecute the people behind such attacks to the fullest extent of the law.”

“Today we continue to pierce the veil of anonymity surrounding cyber crimes,” said Director Comey. “We are shrinking the world to ensure that cyber criminals think twice before targeting U.S. persons and interests.”

“ The criminal conduct at issue, carried out and otherwise facilitated by officers from an FSB unit that serves as the FBI’s point of contact in Moscow on cybercrime matters, is beyond the pale,” said Acting Assistant Attorney General McCord. “Once again, the Department and the FBI have demonstrated that hackers around the world can and will be exposed and held accountable. State actors may be using common criminals to access the data they want, but the indictment shows that our companies do not have to stand alone against this threat. We commend Yahoo and Google for their sustained and invaluable cooperation in the investigation aimed at obtaining justice for, and protecting the privacy of their users.”

“This is a highly complicated investigation of a very complex threat. It underscores the value of early, proactive engagement and cooperation between the private sector and the government,” said Executive Assistant Director Abbate. “The FBI will continue to work relentlessly with our private sector and international partners to identify those who conduct cyber-attacks against our citizens and our nation, expose them and hold them accountable under the law, no matter where they attempt to hide.”

“Silicon Valley’s computer infrastructure provides the means by which people around the world communicate with each other in their business and personal lives. The privacy and security of those communications must be governed by the rule of law, not by the whim of criminal hackers and those who employ them. People rightly expect that their communications through Silicon Valley internet providers will remain private, unless lawful authority provides otherwise. We will not tolerate unauthorized and illegal intrusions into the Silicon Valley computer infrastructure upon which both private citizens and the global economy rely,” said U.S. Attorney Stretch. “Working closely with Yahoo and Google, Department of Justice lawyers and the FBI were able to identify and expose the hackers responsible for the conduct described today, without unduly intruding into the privacy of the accounts that were stolen. We commend Yahoo and Google for providing exemplary cooperation while zealously protecting their users’ privacy.”

Summary of Allegations

According to the allegations of the Indictment:

The FSB officer defendants, Dmitry Dokuchaev and Igor Sushchin, protected, directed, facilitated and paid criminal hackers to collect information through computer intrusions in the U.S. and elsewhere. In the present case, they worked with co-defendants Alexsey Belan and Karim Baratov to obtain access to the email accounts of thousands of individuals.

Belan had been publicly indicted in September 2012 and June 2013 and was named one of FBI’s Cyber Most Wanted criminals in November 2013. An Interpol Red Notice seeking his immediate detention has been lodged (including with Russia) since July 26, 2013. Belan was arrested in a European country on a request from the U.S. in June 2013, but he was able to escape to Russia before he could be extradited.

Instead of acting on the U.S. government’s Red Notice and detaining Belan after his return, Dokuchaev and Sushchin subsequently used him to gain unauthorized access to Yahoo’s network. In or around November and December 2014, Belan stole a copy of at least a portion of Yahoo’s User Database (UDB), a Yahoo trade secret that contained, among other data, subscriber information including users’ names, recovery email accounts, phone numbers and certain information required to manually create, or “mint,” account authentication web browser “cookies” for more than 500 million Yahoo accounts.

Belan also obtained unauthorized access on behalf of the FSB conspirators to Yahoo’s Account Management Tool (AMT), which was a proprietary means by which Yahoo made and logged changes to user accounts. Belan, Dokuchaev and Sushchin then used the stolen UDB copy and AMT access to locate Yahoo email accounts of interest and to mint cookies for those accounts, enabling the co-conspirators to access at least 6,500 such accounts without authorization.

Some victim accounts were of predictable interest to the FSB, a foreign intelligence and law enforcement service, such as personal accounts belonging to Russian journalists; Russian and U.S. government officials; employees of a prominent Russian cybersecurity company; and numerous employees of other providers whose networks the conspirators sought to exploit. However, other personal accounts belonged to employees of commercial entities, such as a Russian investment banking firm, a French transportation company, U.S. financial services and private equity firms, a Swiss bitcoin wallet and banking firm and a U.S. airline.

 

During the conspiracy, the FSB officers facilitated Belan’s other criminal activities, by providing him with sensitive FSB law enforcement and intelligence information that would have helped him avoid detection by U.S. and other law enforcement agencies outside Russia, including information regarding FSB investigations of computer hacking and FSB techniques for identifying criminal hackers. Additionally, while working with his FSB conspirators to compromise Yahoo’s network and its users, Belan used his access to steal financial information such as gift card and credit card numbers from webmail accounts; to gain access to more than 30 million accounts whose contacts were then stolen to facilitate a spam campaign; and to earn commissions from fraudulently redirecting a subset of Yahoo’s search engine traffic.

 

When Dokuchaev and Sushchin learned that a target of interest had accounts at webmail providers other than Yahoo, including through information obtained as part of the Yahoo intrusion, they tasked their co-conspirator, Baratov, a resident of Canada, with obtaining unauthorized access to more than 80 accounts in exchange for commissions. On March 7, the Department of Justice submitted a provisional arrest warrant to Canadian law enforcement authorities, requesting Baratov’s arrest. On March 14, Baratov was arrested in Canada and the matter is now pending with the Canadian authorities.

 

An indictment is merely an accusation, and a defendant is presumed innocent unless proven guilty in a court of law.

 

The FBI, led by the San Francisco Field Office, conducted the investigation that resulted in the charges announced today. The case is being prosecuted by the U.S. Department of Justice National Security Division’s Counterintelligence and Export Control Section and the U.S. Attorney’s Office for the Northern District of California, with support from the Justice Department’s Office of International Affairs.

Defendants: At all times relevant to the charges, the Indictment alleges as follows:

    • Dmitry Aleksandrovich Dokuchaev, 33, was an officer in the FSB Center for Information Security, aka “Center 18.” Dokuchaev was a Russian national and resident.
    • Igor Anatolyevich Sushchin, 43, was an FSB officer, a superior to Dokuchaev within the FSB, and a Russian national and resident. Sushchin was embedded as a purported employee and Head of Information Security at a Russian investment bank.
    • Alexsey Alexseyevich Belan, aka “Magg,” 29, was born in Latvia and is a Russian national and resident. U.S. Federal grand juries have indicted Belan twice before, in 2012 and 2013, for computer fraud and abuse, access device fraud and aggravated identity theft involving three U.S.-based e-commerce companies and the FBI placed Belan on its “Cyber Most Wanted” list.  Belan is currently the subject of a pending “Red Notice” requesting that Interpol member nations (including Russia) arrest him pending extradition. Belan was also one of two criminal hackers named by President Barack Obama on Dec. 29, 2016, pursuant to Executive Order 13694, as a Specially Designated National subject to sanctions.
    • Karim Baratov, aka “Kay,” “Karim Taloverov” and “Karim Akehmet Tokbergenov,” 22. He is a Canadian and Kazakh national and a resident of Canada.

Victims: Yahoo; more than 500 million Yahoo accounts for which account information about was stolen by the defendants; more than 30 million Yahoo accounts for which account contents were accessed without authorization to facilitate a spam campaign; and at least 18 additional users at other webmail providers whose accounts were accessed without authorization.

 

Time Period: As alleged in the Indictment, the conspiracy began at least as early as 2014 and, even though the conspirators lost their access to Yahoo’s networks in September 2016, they continued to utilize information stolen from the intrusion up to and including at least December 2016.

 

Crimes:

Count(s) Defendant(s) Charge Statute                 18 U.S.C. Conduct Maximum Penalty
1 All Conspiring to commit computer fraud and abuse § 1030(b) Defendants conspired to hack into the computers of Yahoo and accounts maintained by Yahoo, Google and other providers to steal information from them.

 

First, Belan gained access to Yahoo’s servers and stole information that allowed him, Dokuchaev, and Sushchin to gain unauthorized access to individual Yahoo user accounts.

Then, Dokuchaev and Sushchin tasked Baratov with gaining access to individual user accounts at Google and other Providers (but not Yahoo) and paid Baratov for providing them with the account passwords. In some instances, Dokuchaev and Sushchin tasked Baratov with targeting accounts that they learned of through access to Yahoo’s UDB and AMT (e.g., Gmail accounts that served as a Yahoo user’s secondary account).

 10 years
2 Dokuchaev

Sushchin

Belan

 Conspiring to engage in economic espionage § 1831(a)(5) Starting on Nov. 4, 2014, Belan stole, and the defendants thereafter transferred, received and possessed the following Yahoo trade secrets:

  • the Yahoo UDB, which was proprietary and confidential Yahoo technology and information, including subscriber names, secondary accounts, phone numbers, challenge questions and answers;
  • the AMT, Yahoo’s interface to the UDB; and
  • Yahoo’s cookie “minting” source code, which enabled the defendants to manufacture account cookies to then gain access to individual Yahoo user accounts.
 15 years
3 Dokuchaev

Sushchin

Belan

 Conspiring to engage in theft of trade secrets § 1832(a)(5) See Count 2 10 years
4-6 Dokuchaev

Sushchin

Belan

 Economic espionage §§ 1831(a)(1), (a)(4), and 2 See Count 2 15 years (each count)
7-9 Dokuchaev

Sushchin

Belan

 Theft of trade secrets §§ 1832(a)(1), and 2 See Count 2 10 years (each count)
10 Dokuchaev

Sushchin

Belan

 Conspiring to commit wire fraud § 1349 The defendants fraudulently schemed to gain unauthorized access to Yahoo’s network through compromised Yahoo employee accounts and then used the Yahoo trade secrets to gain unauthorized access to valuable non-public information in individual Yahoo user accounts. 20 years
11-13 Dokuchaev

Sushchin

Belan

 Accessing (or attempting to access) a computer without authorization to obtain information for the purpose of commercial advantage and private financial gain. §§ 1030(a)(2)(C), 1030(c)(2)(B)(i)-(iii), and 2 The defendants gained unauthorized access to Yahoo’s corporate network and obtained information regarding Yahoo’s network architecture and the UDB. 5 years

(each count)
14-17 Dokuchaev

Sushchin

Belan

 Transmitting code with the intent to cause damage to computers. §§ 1030(a)(5)(A), 1030(c)(4)(B), and 2 During the course of their unauthorized access to Yahoo’s network, the defendants transmitted code on Yahoo’s network in order to maintain a persistent presence, to redirect Yahoo search engine users and to mint cookies for individual Yahoo accounts. 10 years (each count)
18-24 Dokuchaev

Sushchin

Belan

 Accessing (or attempting to access) a computer without authorization to obtain information for the purpose of commercial advantage and private financial gain. §§ 1030(a)(2)(C), 1030(c)(2)(B)(i)-(iii), and 2 Defendants obtained unauthorized access to individual Yahoo user accounts. 5 years

(each count)
25-36 Dokuchaev

Sushchin

Belan

 Counterfeit access device fraud §§ 1029(a)(1), 1029(b)(1), and 2 Defendants used minted cookies to gain unauthorized access to individual Yahoo user accounts. 10 years (each count)
37 Dokuchaev

Sushchin

Belan

 Counterfeit access device making equipment §§ 1029(a)(4) Defendants used software to mint cookies for unauthorized access to individual Yahoo user accounts. 15 years
38 Dokuchaev

Sushchin

Baratov

 Conspiring to commit access device fraud §§ 1029(b)(2) Defendants Dokuchaev and Sushchin tasked Baratov with gaining unauthorized access to individual user accounts at Google and other Providers and then paid Baratov for providing them with the account passwords. In some instances, Dokuchaev and Sushchin tasked Baratov with targeting accounts that they learned of through access to Yahoo’s UDB and AMT (e.g., Gmail accounts that served as a Yahoo user’s secondary account). 7 ½ years.
39 Dokuchaev

Sushchin

Baratov

 Conspiring to commit wire fraud § 1349 See Count 38 20 years
40-47 Dokuchaev

Baratov

 Aggravated identity theft § 1028A(a)(1) See Count 38 2 years

Dmitri Dokuchae et al Indictment Redacted

17-278

National Security Division (NSD)

USAO – California, Northern

Topic:

Counterintelligence and Export Control

Updated March 15, 2017