Turkey Hacks Library of Congress During Coup

Primer:

In part from Time: Kerry raised the question of Turkey’s NATO membership, suggesting that anti-democratic behavior by Erdogan could imperil the country’s place in the alliance. “NATO also has a requirement with respect to democracy,” Kerry said, and added said NATO would “measure” Turkey’s actions in days to come. “Obviously, a lot of people have been arrested and arrested very quickly,” Kerry said. “The level of vigilance and scrutiny is obviously going to be significant in the days ahead. Hopefully we can work in a constructive way that prevents a backsliding.”

Turkey’s membership in the NATO alliance is a matter of major strategic importance to the U.S., and talk of the country being ousted caught some experts by surprise in the U.S. Amb. Bryza of the Atlantic Council said Kerry’s comments were being taken as threats in Turkey, and that it was an “extreme misinterpretation that we would kick them out of NATO.” Much more detail here.

Turkish hackers claim credit for Library of Congress attack

FCW: A hacking group called the Turk Hack Team is taking credit for a shutdown of the Library of Congress website and hosted systems including Congress.gov, the Copyright Office, Congressional Research Service and other sites.

The group claimed credit on an online message board where users go for updates on the availability of websites.

The attack was launched July 17, in the midst of Turkey’s response to the military coup targeting the elected government of President Recep Tayyip Erdogan. Prominent Turkish officials have accused the U.S. of fomenting the coup; Secretary of State John Kerry issued a stern denial of such accusations.

The Turk Hack Team is not considered at the level of a nation-state sponsored group or an advanced persistent threat, former U.S. CERT director Ann Barron-DiCamillo told FCW. They’re more of a “middle-tier, hacktivist” type group, she said. They’ve gone after targets for perceived slights to Turkey’s honor in the past, including an April 2015 hack on the Vatican website made in response to comments from Pope Francis characterizing the 1915 massacres of Turkish Armenians as a genocide.

The group has not gone after U.S. targets in the past, but Baron-DiCamillo, currently partner and CTO at Strategic Cyber Ventures, said U.S. officials would likely be on the lookout for more hacktivist activity emanating from Turkey. “This is the first kind of visible activity generated post-coup, but it doesn’t mean it’s going to be the last,” she said.

Library of Congress CIO Bernard Barton said on July 20 that the attack had been successfully thwarted.

“This was a massive and sophisticated DNS assault, employing multiple forms of attack, adapting and changing on the fly,” he wrote in a blog post. “We’ve turned over key evidence to the appropriate authorities who will investigate and hopefully bring the instigators of this assault to justice.”

 

 

Congress is not covered by the Federal Information Security Management Act and is not required to report cyber incidents to the Department of Homeland Security.

Spokesperson Gayle Osterberg told FCW that the Library of Congress reports all cyber-related criminal activity to the FBI.

DHS is aware of the incident but is not involved in the investigation or mitigation of the attacks, according to an agency source.

DDOS attacks can be expensive to deal with, requiring network operators to obtain specialized routing services from their internet service providers. They can also potentially front for other attacks, or test systems to see what kind of defenses are in place.

Related reading: Turkey blocks access to WikiLeaks after ruling party email dump

Mostly, Barron-DiCamillo said, they are “distracting, causing pain to both users and customers, but not impacting back-end systems and more critical data.”

It is possible the hackers imagined that the Congress.gov and LOC.gov domains represented a more critical target than they actually are. Congress.gov is mostly a public-facing information warehouse that is not integral to the legislative function of the House and Senate. Most of the complaints about the site being down came from librarians and researchers looking to execute catalog searches.

The outage also affected the Congressional Research Service, the in-house think tank for Congress. CRS reports, available only to members and staff, are not published elsewhere except on an ad hoc basis legislators and public interest groups that obtain the odd document. A bill introduced by Rep. Mike Quigley (D-Ill.) just days before the hack would open up CRS reports to the public, and have the effect of creating a backup site for the material on the Government Publishing Office website.

Obama/DoJ Allowing Foreigners to Serve Warrants

This sounds like selective investigations, prosecutions and collaborated witch hunts which all add up to an offshore shadow NSA and new type of Interpol. Is this something else that also will be under the purview of the United Nations? Hello Google?

 Photo: Leaksource

 Photo: Security Affairs

WSJ: The Obama administration is working on a series of agreements with foreign governments that would allow them for the first time to serve U.S. technology companies with warrants for email searches and wiretaps—a move that is already stirring debates over privacy, security, crime and terrorism.

Brad Wiegmann, a senior official at the Justice Department, discussed the administration’s efforts during a public forum on Friday at a congressional office building in Washington, D.C. The first such agreement is being assembled with the U.K., he said.

Word of the plans came one day after a federal appeals court ruled that federal warrants couldn’t be used to search data held overseas by Microsoft Corp. MSFT -0.07 % , dealing the agency a major legal defeat.

The court’s decision in favor of Microsoft could prove to be a major barrier to the Obama administration’s proposed new rules to share data with other nations in criminal and terrorism probes, which would be sharply at odds with the ruling. It might lead some companies to reconfigure their networks to route customer data away from the U.S., putting it out of the reach of federal investigators if the administration’s plan fails.

The Justice Department has indicated it is considering appealing the Microsoft ruling to the Supreme Court.

Meanwhile, Justice Department officials are pressing ahead with their own plan for cross-border data searches.

Under the proposed agreements described by Mr. Wiegmann, foreign investigators would be able to serve a warrant directly on a U.S. firm to see a suspect’s stored emails or intercept their messages in real time, as long as the surveillance didn’t involve U.S. citizens or residents.

Such deals would also give U.S. investigators reciprocal authority to search data in other countries.

“They wouldn’t be going to the U.S. government, they’d be going directly to the providers,’’ said Mr. Wiegmann. Any such arrangement would require that Congress pass new legislation, and lawmakers have been slow to update electronic privacy laws.

That U.K. agreement, which must be approved by the legislatures of both countries, could become a template for similar deals with other countries, U.S. officials said.

Mr. Wiegmann said the U.S. would strike such deals only with nations that have clear civil liberties protections to ensure that the search orders aren’t abused.

“These agreements will not be for everyone. There will be countries that don’t meet the standards,’’ he said.

Greg Nojeim, a privacy advocate at the Center for Democracy and Technology, criticized the plan. He said it would be “swapping out the U.S. law for foreign law’’ and argued that U.K. search warrants have less stringent judicial protections than U.S. law.

British diplomat Kevin Adams disputed that, saying the proposal calls for careful judicial scrutiny of such warrants. Privacy concerns over creating new legal authorities are overblown, he added.

“What is really unprecedented is that law enforcement is not able to access the data they need,’’ Mr. Adams said. The ability to monitor a suspect’s communications in real time “is really an absolutely vital tool to protect the public.’’

While Thursday’s court decision represented a victory for Microsoft, which strives to keep data physically near its customers, it may not be viewed as a positive development for all internet companies, said University of Kentucky law professor Andrew Woods. Yahoo Inc., YHOO -0.63 % Facebook Inc. FB -0.37 % and Alphabet Inc. GOOGL -0.02 % ’s Google operate more centralized systems. They didn’t file briefs in support of Microsoft’s position in the case, he noted.

Mr. Woods warned that increased localization of data could have the unintended consequence of encouraging governments to become more intrusive.

“If you erect barriers needlessly to states getting data in which they have a legitimate interest, you make this problem worse,’’ he said. “You increase the pressure that states feel to introduce backdoors into encryption.”

Microsoft President and Chief Legal Officer Brad Smith said the company shares concerns about the “unintended consequences” of excessive data localization requirements.

“But rather than worry about the problem, we should simply solve it” through legislation, Mr. Smith said. Microsoft supports the proposed International Communications Privacy Act. That legislation would, among other provisions, create a framework for law enforcement to obtain data from U.S. citizens, regardless of where the person or data was located.

Companies and governments generally agree that the current legal framework for cross-border data searches is far too slow and cumbersome. Though major tech firms don’t always agree on the particular changes they would like to see, the industry has long sought to get clearer rules from the U.S. and other governments about what their legal obligations are.

A coalition of the country’s largest tech companies, including Microsoft, Facebook and Google, created a group called Reform Government Surveillance that is pushing for updating data-protection laws. The group has said it was “encouraged by discussions between the U.S. and the U.K.”

Thursday’s ruling could lead some Microsoft rivals that offer email, document storage, and other data storage services, but which haven’t designed systems to store data locally, to alter their networks, said Michael Overly, a technology lawyer at Foley & Lardner in Los Angeles.

Google, for example, stores user data across data centers around the world, with attention on efficiency and security rather than where the data is physically stored. A given email message, for instance, may be stored in several data centers far from the user’s location, and an attachment to the message could be stored in several other data centers. The locations of the message, the attachment and copies of the files may change from day to day.

“[Internet companies] themselves can’t tell where the data is minute from minute because it’s moving dynamically,” Mr. Overly said.

The ruling could encourage tech companies to redesign their systems so that the data, as it courses through networks, never hits America servers.

A person familiar with Google’s networks said that such a move wouldn’t be easy for the company.

Julian Castro was a Hillary VP Pick, What Happened?

Julian Castro is an Obama cabinet official. Yet no consequence.

Obama won’t punish HUD chief Castro for giving partisan interview

Special Counsel Finds Hatch Act Violations by HUD Chief, Others

With the electoral campaigns in full swing, the Office of Special Counsel in recent days has announced a series of findings of Hatch Act violations, including one by Housing and Urban Development Secretary Julian Castro.

On Monday, the independent investigative and prosecutorial agency sent the White House a report saying that Castro violated the act during an April 4 interview with Yahoo News anchor Katie Couric. His statements “impermissibly mixed his personal political views with official agency business despite his efforts to clarify that some answers were being given in his personal capacity,” OSC said. “Federal employees are permitted to make partisan remarks when speaking in their personal capacity, but not when using their official title or when speaking about agency business.”

The questionable comments came late in an interview that dealt mostly with HUD policy. Couric asked Castro what makes him most fearful about Donald Trump being president, to which he responded that “Mr. Trump is not prepared for the office of president because Mr. Trump does not understand what leadership or being president is about, or the basic functions of our government or its relationships with other countries.”

Couric then asked Castro whether he wanted to be the vice presidential nominee on a ticket with Hillary Clinton, to which he replied that he did not think that would happen. “What I am interested in, though, is trying to do a great job here at HUD and serving the people that we do serve, folks that are of modest means but who deserve our attention and our efforts,” he said. “And so I don’t believe that is going to happen, but I am supportive of Secretary Clinton and I believe she is going to make a great president.”

The OSC investigated after receiving a complaint. Its report included details such as the preparations the HUD public affairs staff executed in arranging the interview and the fact that Castro had received four briefings on the Hatch Act since arriving at HUD. “Although he stated during the interview that he was ‘taking off my HUD hat for a second and just speaking individually,’ to indicate he was answering questions in his personal capacity,” OSC wrote, “that disclaimer could not negate the fact that he was appearing in his official capacity for the rest of the interview.”

In response, Castro sent Special Counsel Carolyn Lerner a letter acknowledging error. “I offered my opinion to the interviewer after making it clear that I was articulating my personal view and not an official position,” he said. “At the time, I believed that this disclaimer was what was required by the Hatch Act. However, your analysis provides that it was not sufficient. Thank you for bringing this matter to my attention. When an error is made — even an inadvertent one — the error should be acknowledged.”

Castro commended the OSC staff’s “professionalism” and said he was tasking HUD’s executives with enhancing training in compliance with the Hatch Act.

Separately, the OSC on Friday announced it had filed a petition for discipline against a Commerce Department GS-15 employee for sending “several emails, while on duty, in support of the Montgomery County (Md.) Republican Party and to assist candidates running for local and state office.” That employee, it added, also invited—while at work– more than 100 individuals to attend an annual “Lincoln and Reagan” Republican Party fundraiser and asked them to send him a check if they wanted to attend.

The Commerce employee had previously received guidance from a senior ethics official warning him not to solicit or receive political contributions or engage in local political activity while at work.

OSC is seeking disciplinary action from the Merit Systems Protection Board.  “As the presidential election approaches,” Lerner said in a statement, “it is important for federal employees to remember the Hatch Act’s restrictions on engaging in partisan political activities while at work and the ban on soliciting contributions for partisan political candidates or groups at any time.”

Last week, OSC announced that it had obtained disciplinary settlements with three other federal employees for Hatch Act violations.

At the Labor Department, a wage and hour investigator was found to have circulated a nominating petition for a mayoral candidate, obtaining signatures from three co-workers and retweeting one of the candidate’s requests for political contributions. She received a three-day unpaid suspension and a letter of reprimand.

At the U.S. Postal Service this May, a letter carrier admitted to displaying a congressional candidate’s campaign sticker on his official vehicle while delivering mail in his official uniform. He will be suspended for five days without pay.

At the Internal  Revenue Service in June, OSC confirmed allegations that an employee, while on official travel to perform site visits with her subordinates, canceled a site visit and asked a subordinate to drop her off at the location of a presidential candidate’s campaign rally. The employee did not return to her place of duty for over four hours and did not request leave, OSC found. The employee agreed to serve an unpaid 14-day suspension.

OSC’s annual report, released last week, showed that its Hatch Act Unit had better focused its activity since a 2012 law relieved its staff of responsibility for state and local government officials who run for political office. In fiscal 2015, the Hatch Act Unit received 106 complaints while resolving 131 complaints, and issued 1,023 total advisory opinions, a drop of 359 from the previous year.

Why Florida AG Pam Bondi Supports Trump…

Thanks to Sunlight Foundation who does remarkable work.

Donald Trump’s history of paying to sway attorneys general

by  
Donald Trump speaking at a rally
Donald Trump in Reno, Nevada. (Photo credit: Darron Birgenheier/Flickr)

Donald Trump defends his past political donations as a means to further his business endeavors. He frames his contributions as good business. What better way to close such loopholes than to elect someone who knew how to exploit them best?

“I was a businessman, I give to everybody,” Trump said at the first Republican debate. “When they call, I give. And you know what? When I need something from them, two years later, three years later, I call them, and they are there for me.”

Questions about Trump University

In March of this year, Citizens for Responsibility and Ethics in Washington (CREW) filed a complaint with the IRS against the Donald Trump Foundation, alleging it violated its tax status. The foundation, a 501(c)(3) that is barred from political activities, donated $25,000 to “And Justice for All,” a 527 political organization associated with supporting Florida GOP Attorney General Pam Bondi’s re-election.

In 2013, the Florida Attorney General’s Office — led by Bondi — reportedly contemplated suing Trump University alongside New York Attorney General Eric Schneiderman in a multi-state lawsuit over complaints by former students. Three days after the Orlando Sentinel wrote about the Floridians who felt scammed by Trump University, the Trump Foundation contributed money to And Justice for All. And just days after that, Bondi rescinded the investigation, citing insufficient grounds to proceed.

Trump University now connotes a Ponzi scheme more than an educational institution. Due to the inflated tuition, former employees labeling the school as a “scheme” or a “lie” and a lack of return on investment for the students, the university is now mired in controversy. Some former students say the system was a con and many claim the classes they enrolled in were either worthless or nonexistent. The Better Business Bureau gave Trump University a D-minus in 2010.

Take the state of Texas as an example: According to the Dallas Morning News, “267 Texans paid more than $425,000 to attend Trump University’s three-day seminar, 39 purchased Trump’s “Gold Elite” package of additional classes and other perks costing $35,000 each, and 150 others spent more than $826,000 on other goods and services.”

The Orlando Sentinel obtained 8,491 documents from Bondi’s office which detailed her staff urging those affected by Trump University to hire their own attorneys if they wanted their money back – deflecting any need for her office to take action.

“Visit an Internet search engine such as http://www.yahoo.com or http://www.google.com to search for information on any class action lawsuits you may benefit from,” according to page 5,449 of Bondi’s document dump. Several discrepancies were made by Bondi’s staff, including the number of complaints received (her office originally said they only received one complaint) and a lack of effort to investigate the claims.

While Trump never detailed his motivations for the political donations, he called Bondi “a fabulous representative of the people” and Schneiderman, who didn’t back down from the suit, “a political hack.” While Schneiderman recently decried Trump University as an example of “straight-up fraud,” he still received $12,500 from Trump six years ago.

Bondi now says she personally solicited the money from Trump after complaints to her office had been filed. If this is the case, then it seems plausible to view Florida’s decision not to investigate Trump University as a possible quid pro quo exchange.

CREW recently issued a statement doubling down. “Attorney General Bondi’s admission that she personally solicited a donation from Donald Trump directly contradicts the Trump camp’s version of events. … This reaffirms the need for an immediate and thorough investigation.”

Spitzer, Cuomo, Pirro took Trump cash

Map of state contributions
Trump’s political donations to state candidates top $800,000 in nearly 15 states. Graphic credit: National Institute on Money in State Politics)

Bondi’s not the only attorney general who’s received Trump’s money. According to the National Institute on Money in State Politics, Trump collectively gave to attorneys general nine times in Florida, California and New York for a total of $134,015.

  • 1998
    • Dennis Vacco, R-N.Y., $27,965
  • 2002
    • Eliot Spitzer, D-N.Y., $11,000 Spitzer resigned one year after serving as governor of New York in 2008
  • 2006
    • Walter Campbell Jr., D-Calif., $1,000
    • Edmund Brown Jr., D-Calif., $1,000 Brown now serves as the governor of California
    • Andrew Cuomo, D-N.Y., $20,000 Cuomo now serves as the governor of New York
    • Jeanine Pirro, R-N.Y., $10,000 Pirro is currently a television personality on Fox News
  • 2010
    • Kathleen Rice, D-N.Y., $19,050 Rice now serves as Representative to New York’s 4th district
    • Eric Schneiderman, D-N.Y., $12,500
    • Daniel Donovan, R-N.Y., $5,000 Donovan now serves as Representative to New York’s 11th district
  • 2014
    • Pamela Bondi, R-Fla., $500
    • Kamala Harris, D-Calif., $6,000
    • John Cahill, R-N.Y., $20,000

Current Texas Gov. Greg Abbott, a Republican, investigated Trump University when Abbott served as Texas attorney general. After Abbott dropped the investigation, Trump donated $35,000 to his gubernatorial campaign.

According to The Huffington Post, former Deputy Chief of Consumer Protection John Owens, who worked closely with the Trump University investigation, called the probe “an extremely strong case” — only to have the case dropped.

Abbott’s successor, Ken Paxton (who remains in the spotlight for a number of other fraudulent charges), issued a cease-and-desist letter to Owens after he made copies of a 14-page internal summary detailing Trump University scamming millions of dollars from Texas students. “The decision not to sue was political,” Owens later told the Dallas Morning News. The scheduled meeting between Texas officials and Trump representatives for the $5.4 million settlement never even occurred.

Larger legal issues

501(c)(3) charitable organizations, such as the Donald Trump Foundation, are barred from any and all political activities. In exchange, they are tax exempt from the IRS. 527 organizations, such as Bondi’s And Justice for All group, are vehicles specifically for political activities.

A larger problem, aside from the illegal donations, is linking attorneys general (which are elected officials in 43 states) to lobbyists, gifts and other forms of non-quid pro quo arrangements, more or less, blatant bribes. Attorneys general are essentially the main legal advisor to the government, issuing formal opinions to state agencies, proposing legislation, instituting civil suits on behalf of the state and representing the public’s interests in charitable trust and solicitations.

Whether or not the two cases of Bondi and Abbott are illegal, the dubious timing of the donations and their actions to halt their investigations give off the appearance of a quid pro quo arrangement. These officials are voted by their constituents and are responsible for representing the public. Their interests should never be questioned.

Both Bondi and Abbott have endorsed Donald Trump for president.

Terror at the Olympics in Brazil?

Brazil police arrest 10 men pleading ISIS allegiance, search for two more

WashingtonTimes: RIO DE JANEIRO (AP)— Federal police in Brazil have ordered the detention of 12 people who allegedly pledged allegiance to the Islamic State group via social media.

Justice Minister Alexandre de Moraes told journalists in Brasilia on Thursday that 10 had been arrested and two more were being sought.

Moraes says police acted because the group had been discussing the use of weapons and guerrilla tactics to potentially launch an attack during the Olympics, which begin Aug. 5.

The arrests were made in the southern states of Sao Paulo and Parana. Moraes says there were no specific targets for attack.

Last week, Brazil’s interim government’s top military aide said the concerns with terrorism had “reached a higher level” after the attacks of six days ago in Nice, France.

Previously, this website predicted these conditions at the Olympics.

****

In part from the NYT’s: The Federal Police said in a statement that the suspects belonged to a group called the Defenders of Sharia. Agents from an antiterrorism unit are investigating the group’s activities in the several states, including Rio de Janeiro, where the Games will take place.

In part from the NewYorkDailyNews: The arrests were made in 10 different states, including Sao Paulo and Parana in the southern part of the country, and it was not clear whether the suspects knew each other beyond their online contacts. Moraes said there were no specific targets for an attack.

Moraes said they had all been “baptized” as Islamic State sympathizers online and that none had actually traveled to Syria or Iraq, the group’s stronghold, or received any training. Several were allegedly trying to secure financing from the group, known by the acronym ISIS.

The justice minister added that one of the suspects communicated with a Brazilian store in an alleged attempt to by an AK-47  assault rifle, apparently the most concrete action taken toward a possible attack.

Last week, Brazil’s interim government’s top military aide said the concerns with terrorism had “reached a higher level” after the attacks of six days ago in Nice, France.