Hey FBI, the Investigation into the DNC Hacking is Over Here

Posted on July 26, 2016July 26, 2016 by Denise Simon

Anyone ever see that Jack Ryan movie ‘Shadow Recruit’? It is playing out in a more nefarious form in real time.

May 2016: Director of National Intelligence James Clapper said today that presidential campaigns are a target for cyber intruders and that this political season has already seen some attempted hacks.

“We have already had some indications of that,” he said in response to a question about campaign website hacking, after speaking at the Center for Bipartisan Policy in Washington, D.C.

“I anticipate as the campaigns intensify, we will probably have more of it,” he added. He did not provide specifics about any attacks, but it has been reported that some hacking groups, such as Anonymous, have threatened to launch “total war” against Donald Trump‘s presidential campaign. Read more from ABC here.

**** So –>> Director of National Intelligence James Clapper says the FBI is helping campaigns tighten up to protect against the threat and how has that worked out so far?

*****

Via ThreatConnect: In our initial Guccifer 2.0 analysis, ThreatConnect highlighted technical and non-technical inconsistencies in the purported DNC hacker’s story as well as a curious theme of French “connections” surrounding various Guccifer 2.0 interactions with the media. We called out these connections as they overlapped, albeit minimally, with FANCY BEAR infrastructure identified in CrowdStrike’s DNC report.

Now, after further investigation, we can confirm that Guccifer 2.0 is using the Russia-based Elite VPN service to communicate and leak documents directly with the media. We reached this conclusion by analyzing the infrastructure associated with an email exchange with Guccifer 2.0 shared with ThreatConnect by Vocativ’s Senior Privacy and Security reporter Kevin Collier. This discovery strengthens our ongoing assessment that Guccifer 2.0 is a Russian propaganda effort and not an independent actor.

Analyzing the Headers from Guccifer 2.0 Emails

On June 21, 2016, TheSmokingGun reported they communicated with Guccifer 2.0 via a French AOL account. We examined the French language settings observed in Guccifer 2.0’s Twitter metadata as well as a pattern of Twitter follows that suggested Guccifer 2.0’s account was created from a French IP address. We hypothesized at the time that Guccifer 2.0 might be using French infrastructure to interact with the media.

During the Email Import process ThreatConnect analyzes an email message header and highlights indicators of interest with a color code that reveals if the indicators already exist within the platform. This helps overburdened eyes or greenhorn analysts quickly understand what they are seeing. At the same time ThreatConnect excludes legitimate or benign details that are not of value to our investigation.

As we can see here within ThreatConnect, Guccifer 2.0’s AOL email message reveals the originating IP address as 95.130.15[.]34 (DigiCube SaS – France). This is the IP address of the host which authenticated into AOL’s web user interface and sent the email. We can also tell this IP was not spoofed because the metadata was added by AOL when sent from within their infrastructure with appropriate DomainKeys Identified Mail (DKIM) configurations.

The fact that Guccifer 2.0 is indeed leveraging a French AOL account stands out from a technical perspective. Very few hackers with Guccifer 2.0’s self-acclaimed skills would use a free webmail service that would give away a useful indicator like the originating IP address. Most seasoned security professionals will be familiar with email providers that are more likely to cooperate with law enforcement and how much metadata a provider might reveal about their users. Taken together with inconsistencies in Guccifer 2.0’s remarks that make his technical claims sound implausible, this detail makes us think the individual(s) operating the AOL account are not really hackers or even that technically savvy. Instead, propagandist or public relations individuals who are interacting with journalists.

Drilling into Guccifer 2.0 Infrastructure: Picture of a VPN Starts to Emerge

As we focused in on IP Address 95.130.15[.]34 we queried public sources such as Shodan as well as Censys to discover what services might be enabled on this host. The goal of this was to better understand if this infrastructure is owned and operated, leased or co-opted by Guccifer 2.0 and how the infrastructure might be used to create space between an originating “source” network and investigators, or curious journalists.

According to Shodan, OpenSSH (TCP/22), DNS (UDP/53) and Point-to-Point Tunneling Protocol (PPTP) (TCP/1723) services have been enabled on this host. Secure shell (SSH) and point-to-point tunneling protocol services strongly suggest a VPN and/or a proxy, both of which would allow the Guccifer 2.0 persona to put distance between his originating network and those with whom he is communicating.

The SSH fingerprint can be used as an identifier, linking other IP addresses that use the same SSH encryption key. The SSH fingerprint for 95.130.15[.]34 (DigiCube SaS – France) is Fingerprint: 80:19:eb:c8:80:a1:c6:ea:ea:37:ba:c0:26:c6:7f:61. Searching for other servers that share this fingerprint at the time of writing, we discovered six additional IP Addresses over the course of our research (95.130.9[.]198; 95.130.15[.]36; 95.130.15[.]37; 95.130.15[.]38; 95.130.15[.]40; 95.130.15[.]41).

Each IP address falls within the 95.130.8.0/21 network range. This range is assigned to Digicube SAS, a French hosting provider which is assigned the Autonomous System AS196689. An IP address is analogous to the apartment numbers in an apartment building. The entire building is owned and operated by AS196689, but certain IP addresses may be let out to other companies and organizations.

The fact that Guccifer 2.0 would use a proxy service is not surprising, and our first stop was to check with various TOR proxy registration sites. None of these seven IP addresses are part of reported TOR infrastructure from what we were able to uncover. Read the full comprehensive detailed cyber investigation as published here by ThreatConnect.

*****

Meanwhile: FAS: The headquarters complex of the Foreign Intelligence Service (SVR) of the Russian Federation has expanded dramatically over the past decade, a review of open source imagery reveals.

Since 2007, several large new buildings have been added to SVR headquarters, increasing its floor space by a factor of two or more. Nearby parking capacity appears to have quadrupled, more or less.

The compilation of open source imagery was prepared by Allen Thomson. See Expansion of Russian Foreign Intelligence Service HQ (SVR; Former KGB First Main Directorate) Between 2007 and 2016, as of July 11, 2016.

Whether the expansion of SVR headquarters corresponds to changes in the Service’s mission, organizational structure or budget could not immediately be learned.

Russian journalist and author Andrei Soldatov, who runs the Agentura.ru website on Russian security services, noted that the expansion “coincides with the appointment of the current SVR director, Mikhail Fradkov, in 2007.” He recalled that when President Putin introduced Fradkov to Service personnel, he said that the SVR should endeavor to help Russian corporations abroad, perhaps indicating a new mission emphasis.

Russian intel buildings Russian intel from air Photos courtesy of FAS

The Desperation of Syrian Refugees

Posted on July 26, 2016July 26, 2016 by Denise Simon

While reading this post, consider that world leaders and mostly pointing to Barack Obama, Hillary Clinton and John Kerry, the declared baton carriers of human rights have done nothing to stop the genocide of Bashir al Assad noting that any case of war crimes and or removal as a leader of Syria has gone no where.

There is no end in sight for this civil war to be over, yet it speaks nothing of refugees ever to return to a war torn country where there is no country left in which to return. This is now a generational condition. The next question is when does it end for the United States, for Europe and for Syrians?

Syrian refugee’s trek from Colombia to Texas stalls in limbo

PEARSALL, Texas (AP) – To reach the U.S. and claim asylum, all Maissoun Hanaa Halawi had to do was cross a continent by foot.

Her one choice: Traverse the remote, roadless, impenetrable Darien Gap, a 10,000-square-mile tropical forest and swampland along the border of Colombia and Panama that separates the two continents.

Halawi, her husband and a group of about 20 Indian, Middle Eastern and other asylum seekers faced a harsh reality. Not only do jaguars, scorpions, poisonous frogs and insects lie crouched in the shadows, paramilitary groups, traffickers and guerillas hide under the thick canopy’s shelter in this dangerous jungle.

“In the jungle, the fear – you can’t imagine it,” Halawi, a Syrian, told the Houston Chronicle (http://bit.ly/29iZfj3 ) in her accented but fluent English. “You don’t want anything except to get out. There’s no food. It’s a savage, wild jungle. We took our chances.”

She and her husband, a Syrian surgeon, knew the risks. But as refugees fleeing a war-torn country infiltrated by violent militant groups, the six-day journey wasn’t a choice. Halawi, her husband and the other desperate men and women paid the smuggler $500 a head. Before they set off into the Darien Gap, he gave them a final warning.

“Every time I’ve made this trip, I must lose one person,” Halawi remembered him saying as she wiped back tears.

There was no going back.

“Through these doors enter the finest ICE, DHS & GEO staff in the nation.”

Those words are posted at the entrance of the South Texas Detention Complex in Pearsall, just 60 miles southwest of San Antonio. The complex is owned by The GEO Group Inc. under contract by the U.S. Immigration and Customs Enforcement and the Department of Homeland Security.

Behind the barbed wire fence and through security checks at the entrance is a sprawling 238,000-square-foot complex that houses up to 1,904 men and women. Some are awaiting deportation. Others are stuck in limbo, counting the days for their asylum cases to be processed by ICE agents and the courts.

That’s where Halawi has been detained since Dec.??22, almost six months after turning herself over to border patrol agents at an international pedestrian bridge in Eagle Pass, two hours south of Pearsall. She was taken into custody alone.

The average length of stay in the Pearsall detention facility is, at most, 65 days, according to ICE.

A detention officer unlocks a heavy metal door. A slight woman with short brown hair and bright eyes enters the white cinder block room. Though she wears a hopeful smile, her face is creased with anxiety. A 46-year-old Halawi takes a seat at the metal table, yellow legal pad papers in one hand and a thick, brown accordion folder in the other.

“When the revolution started, I was first happy because I thought we would finally change the government that was ruling the country,” Halawi said of the Syrian government headed by President Bashar Al-Assad. “I didn’t know it would end in a sea of blood. Even today, I can’t believe what’s happened in Syria.”

An immigration judge will have the last word on whether to grant asylum or hand down a deportation order, and Halawi said she can’t face the thought of returning to Syria.

“I came here asking for help,” Halawi said. “I’m not a criminal.”

In a post-Paris attack world, European and U.S. governments are wary of refugees flowing from areas where the self-proclaimed Islamic State of Iraq and Syria, also known as ISIS, is active. U.S. governors of 31 states released public statements to the White House in November refusing to accept refugees, including Gov. Greg Abbott, who has been vocal about refugee vetting protocols and has publicly said that any incoming Syrians “could be connected to terrorism.”

Even with Abbott’s refusal of Syrian refugees, 152 were resettled in Texas between October and May????31 of the 1,865 Syrian refugees across the country, according to the U.S. Office of Refugee Resettlement. Between October 2014 and Sept. 30, 185 Syrian refugees were resettled in Texas.

Since the U.S. requires refugees to be outside of the states when filing a claim, Halawi is considered an asylum seeker. She is one of more than 1,000 Syrian nationals who have attempted to claim asylum since 2011, according to the U.S. Department of Justice. Only 248 of those cases were granted asylum by the end of the 2015 fiscal year.

Asylum seekers must prove they have a “credible fear” to be granted asylum, which includes a “significant possibility” of torture or a “well-founded” fear of persecution based on race, religion, nationality, political opinion or membership in a social group if returned to their country of origin.

“There are no words to describe the pain and fear we were living under. We hoped we would change the government, but then (ISIS) came into Aleppo, and there was no food or water,” Halawi said, recounting the years in an increasingly hostile Syria.

Halawi is also a Druze, which is an ethnic and a religious minority in Syria.

As the conflict in Syria has spread, Druze civilians have increasingly been under fire by radical militants. At least 20 were fatally shot by the al-Qaida affiliate Nusra Front in Idlib province in June 2015.

The casualties of the Syrian war are high. An estimated 400,000 Syrians were killed, according to the U.N. special envoy to Syria, Staffan de Mistura. In addition, 4.8 million Syrians were registered as refugees in the Middle East and North Africa, and more than 1 million have sought asylum in Europe, according to the United Nations High Commissioner for Refugees.

After fleeing violence and bombardment in Aleppo, Syria, Halawi and her husband moved to Libya in late 2013. The plan was to put Halawi on a boat across the Mediterranean to Europe, and her husband would fly to Europe and meet her on the other side, since he had a German passport.

They called it “the boat to death.” Since the start of 2016, at least 2,510 refugees and migrants drowned in the Mediterranean, according to the International Organization for Migration. Those who attempt to cross the sea have usually done so on small boats or dinghies packed beyond capacity.

“When I saw the boat, I couldn’t do it. I’m scared of water too much,” Halawi said.

She backed out as she was making arrangements with the smuggler. So the couple lived for a year in Libya, where she taught English at a local school. She said she was later kidnapped from the doors of that school. When she was let go by her assailants, she was treated by Doctors Without Borders. The incident prompted the couple’s decision to leave Libya.

Since Halawi speaks four languages, including Spanish, the couple flew in late 2014 to Ecuador, one of a few countries that don’t require a visa for Syrian citizens. Then, they emigrated to Venezuela and, finally, arrived in Colombia in September. That’s when they attempted to cross the Darien Gap into Panama, where they initially hoped to settle down.

On the second day of her journey in the gap, Halawi was prepared to die. She was terrified, tired and hungry. Her legs were giving out as she struggled to push herself forward through the unrelenting jungle. That morning in September, Halawi asked her husband to carry their belongings. She didn’t want to be left behind, but if she did, at least her husband would have what little was left.

As the smuggler led his 20-person group up the mountain, she focused on pushing herself forward. One moment, her husband was behind her. The next moment, he was gone.

“I heard him shouting behind me,” Halawi said, unable to hold back tears. “He fell on the rocks. I could see from above the blood on the rocks. I think his head was broken.”

He fell to his death from a mountaintop in the Colombian jungle. There was no way to go back for her husband. And he had carried almost all of their belongings.

Halawi was too distraught to go any farther. She pleaded with them to send her back to the mainland because she didn’t have the strength to go on. The smuggler put her on a boat, fearing that she might report the group to authorities in Panama, Halawi said. But she would return to the Darien Gap to make the journey again with another group. After two days, one woman was left behind. On the fifth day, Halawi couldn’t keep up.

“The group wanted to leave me, but the smuggler said he would get me there even if he had to carry me. He could have raped me and killed me, but he didn’t, and thank God, I reached Panama,” Halawi said in a declaration that was compiled by attorneys in support of her parole.

After Panamanian authorities detained and interrogated her, she filed for asylum there but discovered that refugees are ineligible for work permits.

“How could I eat if I could not work?” Halawi said.

Knowing that she’d be dependent on the government and unable to care for herself, she decided to keeping going north.

She crossed through Costa Rica, Nicaragua, Honduras, Guatemala and Mexico, mostly by bus. While in Honduras, she was detained in November for illegally entering the country, according to several news reports. Her journey from Colombia to Texas spanned about three months. Halawi applied for asylum in Mexico, Ecuador and Panama before finally making it to the U.S.

Though Halawi is far from the daily bombardment and violence in Syria, she thought that if she reached America, the war would be behind her. She couldn’t predict the intense political climate and debate surrounding Syrian refugees in the U.S and abroad.

Halawi was denied parole twice by ICE officials, once on Feb. 17 and finally on May 18. Both times, she said she was not given a parole interview to discuss the merits of her case. ICE declined to comment on the case “due to privacy concerns.”

“ICE makes civil enforcement determinations on a case-by-case basis with a priority given to serious criminal offenders, recent border entrants and other individuals who meet the threshold set in the following civil immigration enforcement priorities memo issued by DHS Secretary Johnson in November 2014,” ICE said in a statement to the Houston Chronicle.

According to the denial letter she received, Halawi was rejected based on four factors: She did not establish her identity “to the satisfaction of ICE.” She did not establish that she was not a flight risk. She did not establish that she’s not a danger to the community or to U.S. security. And lastly, her case was denied because there were no additional documentation or changes in circumstance that would alter ICE’s initial decision to deny parole.

“We’ve had cases where ICE in their definition someone is a national security risk, whereas in reality, they’re not. We’ve had the same problem with the Central American families for a year-and-a-half,” said Mohammad Abdollahi, the advocacy director at San Antonio-based nonprofit RAICES, Refugee and Immigrant Center for Education and Legal Services, which has taken her case.

Halawi believes ICE is purposely detaining her because of her nationality. ICE declined to comment on agency policies for processing and detaining Syrian nationals.

“If they have something against me, then show it to me,” she said. “I have done nothing wrong, so you don’t have to keep me here.”

Fleeing violence and losing her husband have taken a toll on Halawi. She takes a handful of medications, two of which are used to treat anxiety, depression and, potentially, post-traumatic stress disorder, according to ICE records released by her attorney to the Chronicle.

At the detention facility, Halawi has voluntarily spent the last four months in segregation, which is similar to solitary confinement. She stays in her room 23 hours each day with just one hour to enjoy the sun and fresh air.

In segregation, she’s alone with her thoughts and inner turmoil.

“I’ve started to feel like I’m a burden,” Halawi said. “I can’t get out.”

“There’s been no time to stop and grieve. She hasn’t been given that time in detention,” Abdollahi said.

Her asylum case will be heard in the courtroom of San Antonio immigration judge Meredith Tyrakoski, who was appointed by U.S. Attorney General Loretta Lynch in January.

If Tyrakoski denies Halawi’s asylum claim, she could appeal the decision within 30 days or face deportation. But the Board of Immigration Appeals, the first of three appellate bodies for asylum claims, could take up to a year to render a decision. Without parole, Halawi would remain indefinitely detained while in legal limbo.

“This is my only hope now,” Halawi said.

ISIS Beheaded the Priest, France

Posted on July 26, 2016July 26, 2016 by Denise Simon

Daesh is no longer a small extremist group fighting in Syria and Iraq. It has become the most globalised Islamist terror group. Any world leaders willing to declare this including the White House or the U.S. State Department?

One of the nuns stated the Priest was forced to kneel before the terrorist.

Yesterday #Isis affiliated channels were disseminating under the hashtag #TheArmyOfLoneWolves simple, but lethal ways & methods to kill.

French President Hollande says attack at church outside Rouen carried out by “terrorists who claimed allegiance to ISIS.” According to French media Le Figaro, the two attackers slit the throat of a priest in the Church. Besides the slain priest, two nuns and two churchgoers had been taken hostage, CNN French affiliate BFMTV reported.

“today a church tomorrow a hospital…there are no red lines, it’s tit 4 tat 4m Isis.We deal back in kind.”

The hostage killed in the Saint Etiennedu Rouvray church attack was a priest: Rev. Jacques Hamel, age 84.

The attacker who spent time in French jail was under electronic bracelet surveillance after trying to go to Syria in 2015. The Pope is ‘pain and horror’ at France church hostage-taking according to a statement by the Vatican.

Anti-terrorism judges are to probe French church hostage-taking per the prosecutor, and both attackers are dead, shot by police.

There were reports the attackers shouted ‘Allahu Akbar’ as they ran outof the church while at least one of the men was dressed in Islamic clothing. It comes as it emerged that the building was one of a number of Catholic churches on a terrorist ‘hit list’ found on a suspected ISIS extremist last April.

Official statement by Francois Hollande:

The most recent travel warning issued by the U.S. State Department due to recent terror attacks was for Turkey, nothing for France. As of the posting of this article, there have been no official statements from John Kerry or the White House.

Hillary’s VP, Kaine and the Muslim Brotherhood

Posted on July 25, 2016July 25, 2016 by Denise Simon

Clinton VP Pick Tim Kaine’s Islamist Ties

Democratic presidential nominee Hillary Clinton’s newly-announced running mate, Virginia Senator Tim Kaine, has a history of embracing Islamists.

Clarion: Democratic presidential nominee Hillary Clinton’s newly-announced running mate, Virginia Senator Tim Kaine, has a history of embracing Islamists. He appointed a Hamas supporter to a state immigration commission; spoke at a dinner honoring a Muslim Brotherhood terror suspect and received donations from well-known Islamist groups.

A worldwide Islamist organization founded in Egypt in 1928 by Hassan al-Banna that seeks to implement Sharia-based governance globally.

Appointing a Muslim Brotherhood Front Leader Who Supports Hamas

In 2007, Kaine was the Governor of Virginia and, of all people chose Muslim American Society (MAS) President Esam Omeish to the state’s Immigration Commission. A Muslim organization against Islamism criticized the appointment and reckless lack of vetting.

The interpretation of Islam as a governmental system in which strict Sharia law must be enforced; synonymous with Political Islam.

Federal prosecutors said in a 2008 court filing that MAS was “founded as the overt arm of the Muslim Brotherhood in America.” A Chicago Tribune investigation in 2004 confirmed this, as well as MAS’ crafty use of deceptive semantics to appear moderate. Convicted terrorist and admitted U.S. Muslim Brotherhood member Abdurrahman Alamoudi testified in 2012, “Everyone knows that MAS is the Muslim Brotherhood.”

Read our fully-documented profile of MAS here.

According to Omeish’s website, he was also president of the National Muslim Students Association (click there to read our profile about its Muslim Brotherhood origins) and served for two years on the national board of the Islamic Society of North America (ISNA), which the Justice Department also labeled as a U.S. Muslim Brotherhood entity and unindicted co-conspirator in a Hamas-financing trial.

His website says he was the vice president of Dar al-Hijrah Islamic Center, a radical mosque known for its history of terror ties, including having future Al-Qaeda operative Anwar Al-Awlaki as its imam and being frequented by two of the 9/11 hijackers and Nidal Hasan, the perpetrator of the Fort Hood shooting. Omeish’s website says he remains a board member.

Omeish’s website also says he was chairman of the board of Islamic American University, which had Hamas financier and Muslim Brotherhood spiritual leader Yousef Al-Qaradawi chairman of its board until at least 2006.

Omeish was also chairman of the board for the Islamic Center of Passaic County, a New Jersey mosque with heavy terrorist ties and an imam that the Department of Homeland Security wants to deport for having links to Hamas.

Omeish directly expressed extremism before Kaine appointed him. He claimed the Brotherhood is “moderate” and admitted that he and MAS are influenced by the Islamist movement.

In 2004, Omeish praised the Hamas spiritual leader as “our beloved Sheikh Ahmed Yassin.” Videotape from 2000 also surfaced where Omeish pledged to help Palestinians who understand “the jihad way is the way to liberate your land” (he denied this was an endorsement of violence).

A holy war waged against non-Muslims on behalf of Islam considered to be a religious duty; also, a personal struggle in devotion to Islam.

When a state delegate wrote a letter to then-Governor Kaine warning him that the MAS has “questionable origins,” a Kaine spokesperson said the charge was bigotry.

Kaine obviously failed to do any kind of basic background checking in Omeish.

Omeish resigned under heavy pressure, and Kaine acknowledged that his statements “concerned” him. But, apparently, they didn’t concern him enough to actually learn about the Muslim Brotherhood network in his state and to take greater precautions in the future.

Speaking at a Dinner Honoring Muslim Brotherhood Terror Suspect

In September 2011, Kaine spoke at a “Candidates Night” dinner organized by the New Dominion PAC that presented a Lifetime Achievement Award for Jamal Barzinji, who the Global Muslim Brotherhood Watch describes as a “founding father of the U.S. Muslim Brotherhood.”

He first came on to the FBI’s radar in 1987-1988 when an informant inside the Brotherhood identified Barzinji and his associated groups as being part of a network of Brotherhood fronts to “institute the Islamic Revolution in the United States.” The source said Barzinji and his colleagues were “organizing political support which involves influencing both public opinion in the United States as well as the United States Government” using “political action front groups with no traceable ties.”

Barzinji had his home searched as part of a terrorism investigation in 2003. U.S. Customs Service Senior Special Agent David Kane said in a sworn affidavit that Barzinji and the network of entities he led were investigated because he “is not only closed associated with PIJ [Palestinian Islamic Jihad]…but also with Hamas.” Counter-terrorism reporter Patrick Poole broke the story that Barzinji was nearly prosecuted but the Obama Justice Department dropped plans for indictment.

Barzinji played a major role in nearly every Brotherhood front in the U.S. and was vice president of the International Institute of Islamic Thought (IIIT), which came under terrorism investigation also. Barzinji’s group was so close to Palestinian Islamic Jihad operative Sami Al-Arian that IIIT’s President considered his group and Al-Arian’s to be essentially one entity.

The indictment of Al-Arian and his colleagues says that they “would and did seek to obtain support from influential individuals, in the United States under the guise of promoting and protecting Arab rights (emphasis mine).”

The quotes about Brotherhood operative Barzinji’s aspirations to use civil rights advocacy as a means to influence politicians are especially relevant when you consider that video from the event honoring Barzinji shows Kaine saying that it was his fourth time at the annual dinner and thanked his “friends” that organized it for helping him in his campaign for lieutenant-governor and governor and asked them to help his Senate campaign.

Islamist Financial Support

Barzinji’s organization, IIIT, donated $10,000 in 2011 to the New Dominion PAC, the organization that held the event honoring Barzinji that Kaine spoke at. The Barzinji-tied New Dominion PAC donated $43,050 to Kaine’s gubernatorial campaign between 2003 and 2005. That figure doesn’t even include other political recipients that assisted Kaine’s campaign.

The PAC has very strong ties to the Democratic Party in Virginia, with the Virginia Public Access Project tallying almost $257,000 in donations. This likely explains why Barzinji’s grandson served in Governor McAuliffe’s administration and then became the Obama Administration’s liaison to the Muslim-American community.

The Middle East Forum’s Islamist Money in Politics database shows another $4,300 donated to Kaine’s Senate campaign in 2011-2012 by officials from U.S. Muslim Brotherhood entities Islamic Society of North America (ISNA) and the Council on American-Islamic Relations (CAIR). Another $3,500 came from Hisham Al-Talib, a leader from Barzinji’s IIIT organization.

It’s worth noting that Barzinji’s IIIT donated $3,500 to Esam Omeish’s 2009 campaign delegate campaign, tying together the cadre of Muslim Brotherhood-linked leaders who got into Kaine’s orbit.

Conclusion

Kaine has no excuse. If he has an Internet connection, then he and his staff should have known about their backgrounds. They were either extremely careless (something Kaine would have in common with the top of the ticket) or knew and looked the other way in the hopes of earning donations and votes.

Clinton’s choice of Kaine is widely seen as a way of strengthening her campaign’s national security credentials. Yet, Clinton is asking us to trust a candidate on national security who appoints a Hamas supporter to an immigration commission and speaks at a dinner honoring a Muslim Brotherhood terror suspect.

DNC Email Hacks: GRU, Russian Military Intelligence

Posted on July 25, 2016July 25, 2016 by Denise Simon

In part from Motherboard: In the wee hours of June 14, the Washington Postrevealed that “Russian government hackers” had penetrated the computer network of the Democratic National Committee. Foreign spies, the Post claimed, had gained access to the DNC’s entire database of opposition research on the presumptive Republican nominee, Donald Trump, just weeks before the Republican Convention. Hillary Clinton said the attack was “troubling.”

It began ominously. Nearly two months earlier, in April, the Democrats had noticed that something was wrong in their networks. Then, in early May, the DNC called in CrowdStrike, a security firm that specializes in countering advanced network threats. After deploying their tools on the DNC’s machines, and after about two hours of work, CrowdStrike found“two sophisticated adversaries” on the Committee’s network. The two groups were well-known in the security industry as “APT 28” and “APT 29.” APT stands for Advanced Persistent Threat—usually jargon for spies.

CrowdStrike linked both groups to “the Russian government’s powerful and highly capable intelligence services.” APT 29, suspected to be the FSB, had been on the DNC’s network since at least summer 2015. APT 28, identified as Russia’s military intelligence agency GRU, had breached the Democrats only in April 2016, and probably tipped off the investigation. CrowdStrike found no evidence of collaboration between the two intelligence agencies inside the DNC’s networks, “or even an awareness of one by the other,” the firm wrote.

This was big. Democratic political operatives suspected that not one but two teams of Putin’s spies were trying to help Trump and harm Clinton. The Trump campaign, after all, was getting friendly with Russia. The Democrats decided to go public.

Digitally exfiltrating and then publishing possibly manipulated documents disguised as freewheeling hacktivism is crossing a big red line and setting a dangerous precedent

The DNC knew that this wild claim would have to be backed up by solid evidence. A Post story wouldn’t provide enough detail, so CrowdStrike had prepared a technical report to go online later that morning. The security firm carefully outlined some of the allegedly “superb” tradecraft of both intrusions: the Russian software implants were stealthy, they could sense locally-installed virus scanners and other defenses, the tools were customizable through encrypted configuration files, they were persistent, and the intruders used an elaborate command-and-control infrastructure. So the security firm claimed to have outed two intelligence operations.

Then, the next day, the story exploded.

On June 15 a WordPress blog popped up out of nowhere. And, soon, a Twitter account, @GUCCIFER_2. The first post and tweet were clumsily titled: “DNC’s servers hacked by a lone hacker.” The message: that it was not hacked by Russian intelligence. The mysterious online persona claimed to have given “thousands of files and mails” to Wikileaks, while mocking the firm investigating the case: “I guess CrowdStrike customers should think twice about company’s competence,” the post said, adding “Fuck CrowdStrike!!!!!!!!!”

Along with the abuse, the Guccifer 2.0 account started publishing stolen DNC documents on the WordPress blog, on file sharing sites, and by giving“a few docs from many thousands” to at least two US publications, The Smoking Gun and Gawker. Mainstream media outlets quickly picked up the story and covered the Clinton campaign’s opposition research on Trump in hundreds of news items that revealed pre-rehearsed arguments against the presumptive Republican nominee: that “Trump has no core”; that he is a “bad businessman;” and that he should be branded “misogynist in chief.” Donor lists were leaked along with personal contact details and juicy dollar amounts.

The Guccifer 2.0 account also claimed that it had given an unknown number of documents containing “election programs, strategies, plans against Reps, financial reports, etc” to Wikileaks. Two days later, Wikileaks published a massive 88 gigabyte encrypted file as “insurance.” This file, which Julian Assange could unlock by simply tweeting a key, is widely suspected to contain the DNC cache. On 13 July, almost a month after the hack became public, the intruders leaked selected files exclusively to The Hill, a Washington outlet for Congressional and political news, and then made the original files available later.

Nine days later, on July 22, just after Trump was officially nominated and before the Democratic National Convention got under way, Wikileaks published more than 19,000 DNC emails with more than 8,000 attachments—“i sent them emails, i posted some files in my blog,” Guccifer confirmed by DM, when asked if he shared all files with Julian Assange. Two days later, on July 24, Debbie Wasserman Schultz, chair of Democratic National Committee, announced her resignation—the extraordinary hack and leak had helped force out the head of one of America’s political parties and threatened to disrupt Hillary Clinton’s nominating convention.

This tactic and its remarkable success is a game-changer: exfiltrating documents from political organisations is a legitimate form of intelligence work. The US and European countries do it as well. But digitally exfiltrating and thenpublishing possibly manipulated documents disguised as freewheeling hacktivism is crossing a big red line and setting a dangerous precedent: an authoritarian country directly yet covertly trying to sabotage an American election.

***

So how good is the evidence? And what does all this mean?

The forensic evidence linking the DNC breach to known Russian operations is very strong. On June 20, two competing cybersecurity companies, Mandiant (part of FireEye) and Fidelis, confirmed CrowdStrike’s initial findings that Russian intelligence indeed hacked Clinton’s campaign. The forensic evidence that links network breaches to known groups is solid: used and reused tools, methods, infrastructure, even unique encryption keys. For example: in late March the attackers registered a domain with a typo—misdepatrment[.]com—to look suspiciously like the company hired by the DNC to manage its network, MIS Department. They then linked this deceptive domain to a long-known APT 28 so-called X-Tunnel command-and-control IP address, 45.32.129[.]185.

One of the strongest pieces of evidence linking GRU to the DNC hack is the equivalent of identical fingerprints found in two burglarized buildings: a reused command-and-control address—176.31.112[.]10—that was hard coded in a piece of malware found both in the German parliament as well as on the DNC’s servers. Russian military intelligence was identified by the German domestic security agency BfV as the actor responsible for the Bundestag breach. The infrastructure behind the fake MIS Department domain was also linked to the Berlin intrusion through at least one other element, a shared SSL certificate.

The evidence linking the Guccifer 2.0 account to the same Russian operators is not as solid, yet a deception operation—a GRU false flag, in technical jargon—is still highly likely. Intelligence operatives and cybersecurity professionals long knew that such false flags were becoming more common. One noteworthy example was the sabotage of France’s TV5 Monde station on 9/10 April 2015, initially claimed by the mysterious “CyberCaliphate,” a group allegedly linked to ISIS. Then, in June, the French authorities suspected the same infamous APT 28 group behind the TV5 Monde breach, in preparation since January of that year. But the DNC deception is the most detailed and most significant case study so far. The technical details are as remarkable as its strategic context.

The metadata in the leaked documents are perhaps most revealing: one dumped document was modified using Russian language settings, by a user named“Феликс Эдмундович,” a code name referring to the founder of the Soviet Secret Police, the Cheka, memorialised in a 15-ton iron statue in front of the old KGB headquarters during Soviet times. The original intruders made other errors: one leaked document included hyperlink error messages in Cyrillic, the result of editing the file on a computer with Russian language settings. After this mistake became public, the intruders removed the Cyrillic information from the metadata in the next dump and carefully used made-up user names from different world regions, thereby confirming they had made a mistake in the first round. More comprehensive details here from Motherboard.