Category Archives: FBI

Hizbollah is Out of Control

Posted on by

By New Jersey DHS

Hizballah

Hizballah is an Islamic militant group based in Lebanon and allied with Iran. Its primary goal is the destruction of Israel.

  • Since 2013, Hizballah has plotted attacks against Israeli citizens and institutions in Europe, South America, Southeast Asia, the Middle East, and Africa. In January, five Palestinians were arrested on suspicion of joining a Hizballah cell and planning a suicide bombing and shooting in the West Bank. In June 2015, a Hizballah member pled guilty to acquiring nine tons of ammonium nitrate in Cyprus, which was intended for attacks against Israelis.
  • Although Hizballah possesses the capability to attack the United States and Western interests, the group is focused on supporting Bashar al-Assad’s regime in Syria. Hizballah receives training, weaponry, and about $200 million per year from Iran.
  • In 2013, Hizballah’s involvement in the Syrian conflict shifted from an advisory to a combat role. The group’s commitment is demonstrated by the number of personnel it has dispatched to Syria—Western media estimate 6,000 to 8,000 fighters, or roughly one-quarter of its assessed fighting force.

Threat to New Jersey: Low

The terror threat from Hizballah to New Jersey is low because the group’s resources and efforts are focused on supporting the Assad regime in Syria. Nonetheless, group supporters and sympathizers are active in the New Jersey region, primarily in fundraising. 

  • In February, the Drug Enforcement Administration (DEA)—to include its Newark office—and international agencies across seven countries uncovered a global Hizballah drug and money-laundering scheme. In October 2015, federal authorities in New York—acting in concert with the Newark DEA office—arrested two Hizballah associates for conspiring to launder narcotics proceeds and international arms trafficking.
  • In July 2013, Moussa Ali Hamdan, a former New Jersey resident, was sentenced in Philadelphia for providing proceeds from counterfeit goods sales to Hizballah.

US Nexus

  • Since 2005, approximately 20 Hizballah-related cases have been prosecuted in the United States. Half of the cases were along the East Coast, including in New York and Pennsylvania. None were in New Jersey.
  • Hizballah has never conducted an attack on US soil, but it has targeted the US military in Lebanon, including the bombing of a US Marine compound in 1983 in Beirut, which killed 241 US personnel.

DEA: Hizballah Drug Trafficking and Money Laundering Arrests

In January, the Drug Enforcement Administration (DEA), along with its European counterparts, arrested members of Hizballah’s External Security Organization Business Affairs Component in Europe for drug trafficking and money laundering, the proceeds of which transited through Lebanon to support Hizballah operations in Syria. The DEA operation, known as Project Cassandra, involved law enforcement agencies from seven countries and targeted Hizballah’s cocaine trafficking in the United States and Europe.

  • Hizballah developed business relationships with South American drug cartels supplying cocaine to the US and European markets. According to the DEA, Hizballah laundered the drug revenue through the acquisition and sale of high-valued vehicles, sometimes concealing money inside vehicles shipped internationally.
  • In February 2015, European authorities launched an investigation based on DEA leads and discovered a network of couriers collecting and transporting drug proceeds—in the form of euros—from Europe to the Middle East. The revenue was then transferred to Colombian cartels using the hawala disbursement system, a payment network based on trust and the use of family and regional connections.
  • US agencies participating in Project Cassandra include the Newark DEA office, US Customs and Border Protection, the US Treasury’s Financial Crimes Enforcement Network, and the US Treasury Office of Foreign Assets Control. Officials did not specify the number of individuals arrested nor the location of arrests in Europe. The investigation is ongoing.

Exploiting Outbound Cargo Vulnerabilities

Hizballah continues to launder narcotics proceeds through US maritime ports by leveraging the inundated outbound cargo shipment process and concealing contraband in otherwise legal outbound vehicle shipments. Since October 2015, Customs and Border Protection (CBP) in the Port of New York and New Jersey has processed more than 25,000 export vehicle titles per month in accordance with current regulations and performed, on average, more than 500 physical vehicle examinations per month.

  • This year, the Drug Enforcement Administration’s Project Cassandra targeted a Hizballah network selling narcotics in the United States and Europe and laundering the proceeds through the acquisition and sale of high-end vehicles, sometimes concealing money inside vehicles shipped internationally.
  • In 2011, US authorities filed a civil money-laundering suit against three Lebanese financial organizations and two Beirut-based money exchange houses, accusing them of wiring at least $329 million in drug proceeds to 30 used car dealerships in the United States—one located in North Arlington (Bergen County).
  • In 2010, the FBI disrupted two Hizballah-linked schemes—one in Virginia where money was hidden in tires of used vehicles being shipped via maritime vessels to Lebanon, and another in Ohio where authorities arrested a couple for attempting to conceal $200,000 in a vehicle they planned to ship to Lebanon.

The Port of New York and New Jersey has implemented mitigation strategies to stop the movement of contraband through outbound cargo in New Jersey. For example, in 2005, CBP, US Immigration and Customs Enforcement, Homeland Security Investigations, and other federal, state, local, and international law enforcement agencies created the Border Enforcement Security Task Force—more commonly known as BEST—to coordinate information sharing between agencies. In addition, CBP’s Customs Trade Partnership Against Terrorism encourages private-sector companies to provide information about suspicious activity related to cargo shipments.

Interwoven Money Laundering and Smuggling Systems

Hizballah’s profits from narcotics and other criminal activity are transferred via multiple forms of money laundering and illicit enterprises, including hawala money exchanges, the Black Market Peso Exchange (BMPE), and bulk cash smuggling. In March, the Director of the Stein Program on Counterterrorism and Intelligence at the Washington Institute for Near East Policy reported to Congress that despite receiving up to $200 million from Iran each year, Hizballah uses various criminal methods to generate additional revenue and fund its involvement in Syria.

  • Hizballah operatives can transfer cash quickly and without an audit trail by using the hawala remittance system, an informal currency transfer system operating outside or parallel to traditional banking and financial channels.
  • In February, the Drug Enforcement Administration revealed—as part of its Project Cassandra investigation—Hizballah leverages the BMPE, which uses trade-based money laundering to disguise proceeds from illegal activity.
  • Hizballah smuggles large sums of money from the United States, South America, and Europe via couriers and airport employees. The arrest of a ground services coordinator at Chicago’s O’Hare International Airport in 2007 demonstrates Hizballah supporters have bypassed airport security to transport packages of cash—in this case up to $100,000—intended to finance Hizballah operations in Lebanon.

Hey State Dept. What’s the Hurry?

Posted on by
Office of the Spokesperson
Washington, DC
May 19, 2016

Terrorist Designations of ISIL-Yemen, ISIL-Saudi Arabia, and ISIL-Libya

U.S. State Department: The Department of State has announced the designation of the Islamic State of Iraq and the Levant’s (ISIL’s) branch in Libya (ISIL-Libya) as a Foreign Terrorist Organization under section 219 of the Immigration and Nationality Act (INA). Today, the Department is also simultaneously designating ISIL-Libya, along with the ISIL branches in Yemen and Saudi Arabia, as Specially Designated Global Terrorists under Section 1(b) of Executive Order (E.O.) 13224, which imposes sanctions and penalties on foreign persons that have committed, or pose a serious risk of committing, acts of terrorism that threaten the security of U.S. nationals or the national security, foreign policy, or economy of the United States.

The consequences of the FTO and E.O. 13224 designations include a prohibition against knowingly providing, or attempting or conspiring to provide, material support or resources to, or engaging in transactions with, these organizations, and the freezing of all property and interests in property of these organizations that is in the United States, or come within the United States or the control of U.S. persons. The Department of State took these actions in consultation with the Departments of Justice and the Treasury.

ISIL-Yemen, ISIL-Saudi Arabia, and ISIL-Libya all emerged as official ISIL branches in November 2014 when U.S. Department of State-designated Specially Designated Global Terrorist and ISIL leader Abu Bakr al-Baghdadi announced that he had accepted the oaths of allegiance from fighters in Yemen, Saudi Arabia, and Libya, and was thereby creating ISIL “branches” in those countries.

While ISIL’s presence is limited to specific geographic locations in each country, all three ISIL branches have carried out numerous deadly attacks since their formation. Among ISIL-Yemen’s attacks, the group claimed responsibility for a pair of March 2015 suicide bombings targeting two separate mosques in Sana’a, Yemen, that killed more than 120 and wounded over 300. Separately, ISIL-Saudi Arabia has carried out numerous attacks targeting Shia mosques in both Saudi Arabia and Kuwait, leaving over 50 people dead. Finally, ISIL-Libya’s attacks have included the kidnapping and execution of 21 Egyptian Coptic Christians, as well as numerous attacks targeting both government and civilian targets that have killed scores of people.

After today’s action, the U.S. Department of State has now sanctioned eight ISIL branches, having previously designated ISIL-Khorasan, ISIL-Sinai, Jund al-Khilafah in Algeria, Boko Haram, and ISIL-North Caucasus. Terrorism designations are one of the ways the United States can expose and isolate organizations and individuals engaged in terrorism, impose serious sanctions on them, and enable coordinated action across the U.S. Government and with our international partners to disrupt the activities of terrorists. This includes denying them access to the U.S. financial system and enabling U.S. law enforcement actions.

Debris Found for EgyptAir #804

Posted on by

Missing EgyptAir Flight Likely Downed by Terror Attack, Minister Says
Airbus A320 carrying 66 passengers, 10 crew lost by radar while flying at 37,000 feet above the Mediterranean; EgyptAir vice president tells CNN wreckage found.

 Previous flights for the same day.
Haaretz: An EgyptAir jet carrying 66 passengers and crew from Paris to Cairo disappeared from radar over the Mediterranean south of Greece on Thursday, with Athens saying the plane swerved in mid-air before plunging from cruising height and vanishing.
Egypt’s aviation minister said a terrorist attack was more likely to have taken down the aircraft than a technical failure.
EgyptAir Vice President Ahmed Adel has since said in an interview with CNN that the wreckage of the missing plane has been found.

“There are so many reasons why a plane can fall from the sky and crash. We have no explanations at this stage. We need more investigation,” he said.
Egypt’s envoy to France said Greek authorities had informed his counterpart in Athens that they had found blue and white debris corresponding to EgyptAir’s colors.
Later, Egypt’s Civil Aviation Ministry said that Greek authorities have found “floating material” that is likely to be debris from the missing aircraft.

Greece deployed aircraft and a frigate to search for the missing Airbus and officials said they had found pieces of plastic and two life vests that appeared to have come from an aircraft in the sea 370 kilometers (230 miles) south of Crete.
Egyptian Prime Minister Sherif Ismail said it was too early to rule out any explanation, including an attack like the one blamed for bringing down a Russian airliner over Egypt’s Sinai Peninsula last year.

Egypt said it would lead the investigation and that France would participate. Other countries also offered to help, including Britain and the United States.
In Washington, U.S. President Barack Obama received a briefing on the disappearance from his adviser for homeland security and counter-terrorism, the White House said.
Greek Defense Minister Panos Kammenos said the Airbus had first swerved 90 degrees to the left, then spun through 360 degrees to the right. After plunging from 37,000 feet to 15,000, it vanished from Greek radar screens.
According to Greece’s civil aviation chief, calls from Greek air traffic controllers to flight MS804 went unanswered just before it left Greek airspace, and it disappeared from radar screens soon afterwards.
There was no official indication of a possible cause, whether technical failure or sabotage by hard-line Islamists who have targeted airports, airliners and tourist sites in Europe, Egypt, Tunisia and other Middle Eastern countries over the past few years.
The aircraft was carrying 56 passengers — with one child and two infants among them — and 10 crew, EgyptAir said. They included 30 Egyptian and 15 French nationals, along with citizens of 10 other countries.


Asked if he could rule terrorist involvement, Prime Minister Ismail told reporters: “We cannot exclude anything at this time or confirm anything. All the search operations must be concluded so we can know the cause.”

French President Francois Hollande also said the cause was unknown. “No hypothesis can be ruled out, nor can any be favored over another.”
With its archaeological sites and Red Sea resorts, Egypt is a traditional destination for Western tourists. But the industry has been badly hit by the downing of a Russian Metrojet flight last October, in which all 224 people on board were killed, as well as by an Islamist insurgency and a string of bomb attacks.
No response
Greek air traffic controllers spoke to the pilot as the jet flew over the island of Kea, in what was thought to be the last broadcast from the aircraft, and no problems were reported.
But just ahead of the handover to Egyptian controllers, calls to the plane went unanswered.
“About seven miles before the aircraft entered the Cairo airspace, Greek controllers tried to contact the pilot but he was not responding,” said Kostas Litzerakis, head of Greece’s civil aviation department. Shortly after exiting Greek airspace, it disappeared from radars, he said.
Greek authorities were searching the sea south of the island of Karpathos, Greece’s Defense Minister Kammenos told a news conference.
“At 3:39 A.M., the course of the aircraft was south and southeast of Kassos and Karpathos (islands),” he said. “Immediately after, it entered Cairo flight information region and made swerves and a descent I describe: 90 degrees left and then 360 degrees to the right.”
The Airbus plunged from a height of 37,000 feet (11,280 meters) to 15,000 feet before vanishing from radar, he added.

Egyptian Civil Aviation Minister Sherif Fathi said authorities had tried to resume contact but without success.
‘No one knows anything’
At Cairo airport, authorities ushered families of the passengers and crew into a closed-off waiting area.
Two women and a man, who said they were related to a crew member, were seen leaving the VIP hall where families were being kept. Asked for details, the man said: “We don’t know anything, they don’t know anything. No one knows anything.”
Ayman Nassar, from the family of one of the passengers, also walked out of the passenger hall with his daughter and wife in a distressed state. “They told us the plane had disappeared, and that they’re still searching for it and not to believe any rumors,” he said.
The mother of a flight attendant rushed out of the hall in tears. She said the last time her daughter called her was Wednesday night. “They haven’t told us anything,” she said.
In Paris, a police source said investigators were now interviewing officers who were on duty at Roissy airport on Wednesday evening to find out whether they heard or saw anything suspicious. “We are in the early stage here,” the source said.
Airbus said the missing A320 was delivered to EgyptAir in November 2003 and had operated about 48,000 flight hours.
The missing flight’s pilot had clocked up 6,275 hours of flying experience, including 2,101 hours on the A320, while the first officer had 2,766 hours, EgyptAir said.
At one point, EgyptAir said the plane had sent an emergency signal at 04:26 A.M., two hours after it disappeared from radar screens. However, Fathi said later that further checks found that no SOS was received.
Egypt and France to cooperate
The weather was clear at the time the plane disappeared, according to Eurocontrol, the European air traffic network.
Under UN aviation rules, if the aircraft is found to have crashed in international or Egyptian waters, Egypt will automatically lead an investigation into the accident, assisted by countries including France, where the jet was assembled, and the United States, where engine maker Pratt & Whitney is based.
Russia and Western governments have said the Metrojet plane that crashed on October 31 was probably brought down by a bomb, and ISIS said it had smuggled an explosive device on board.
That crash called into question Egypt’s campaign to contain Islamist violence. Militants have stepped up attacks on Egyptian soldiers and police since Egypt’s President Abdel-Fattah al-Sissi, then serving as army chief, toppled elected President Mohamed Mursi, an Islamist, in 2013 after mass protests against his rule.
In March, an EgyptAir plane flying from Alexandria to Cairo was hijacked and forced to land in Cyprus by a man with what authorities said was a fake suicide belt. He was arrested after giving himself up.
EgyptAir has a fleet of 57 Airbus and Boeing jets, including 15 of the Airbus A320 family of aircraft, according to airfleets.com.

***** Other details include:

  1. Plane went through full maintenance less than a week ago.
  2. Plane departed about 25 minutes late.
  3. MS804 stopped in Tunisia, Cairo, Brussels, Eritrea prior to Paris.
  4. Passenger list included: 15French 30Egyptian 1British 1Belgian 2Iraqis 1Kuwaiti 1Saudi 1Sudanese 1Chadians 1Portuguese 1Algerian 1Canadian

Final summary: Debris has been spotted some 210 miles southeast of Crete in the Eastern Mediterranean that is believed to have been from EgyptAir Flight MS804. The passenger jet, an Airbus 320, left the Charles De Gaulle Airport in Paris, France at about 9:30pm local time. On board were 56 passengers, 7 crew and 3 air marshals. At around 2:30am Cario-time, Flight 804 was crossing into Egyptian airspace and being handed off from Greek air controllers. The last radio traffic indicated that there were no problems. At an altitude of some 37,000 feet, the Airbus 320 suddenly dove some 22,000 feet and began to swerve and turn, then, disappeared from radar. Search efforts were launched immediately.

Russia’s Other War, Cyber

Posted on by

 

Finding weakness and exploiting it in the cyber realm is hidden warfare, few speak about. For the West, Russia tops the list. China, Iran and North Korea are also on the short list. For Russia’s other targets, the Baltic States are in the Russian target list.

CBS: The U.S. has elevated its appraisal of the cyber threat from Russia, the U.S. intelligence chief said Thursday, as he delivered the annual assessment by intelligence agencies of the top dangers facing the country.

“While I can’t go into detail here, the Russian cyber threat is more severe than we had previously assessed,” James Clapper, the director of national intelligence, told the Senate Armed Services Committee, as he presented the annual worldwide threats assessment.

As they have in recent years, U.S. intelligence agencies once again listed cyber attacks as the top danger to U.S. national security, ahead of terrorism. Saboteurs, spies and thieves are expanding their computer attacks against a vulnerable American internet infrastructure, chipping away at U.S. wealth and security over time, Clapper said.

Russia ‘was behind German parliament hack’

BBC: Germany’s domestic intelligence agency has accused Russia of being behind a series of cyber attacks on German state computer systems.

The BfV said a hacker group thought to work for the Russian state had attacked Germany’s parliament in 2015.

This week it emerged that hackers linked to the same group had also targeted the Christian Democratic Union party of Chancellor Angela Merkel.

Russia has yet to respond publicly to the accusations made by the BfV.

Sabotage threat

BfV head Hans-Georg Maassen said Germany was a perennial target of a hacker gang known as Sofacy/APT 28 that some other experts also believe has close links with the Russian state. This group is believed by security experts to be affiliated with the Pawn Storm group that has been accused of targeting the CDU party.

The Russian Cyber Threat: Views from Estonia

Tensions between Russia and its adversaries in the West are escalating. In recent years, Russia has undermined the security of its neighbors by violating their land borders, crossing into their airspace unannounced and harassing them above and below sea level. Less noticed or understood, however, are Moscow’s aggressive actions in cyberspace. The small Baltic country of Estonia—a global leader in digital affairs—is well-placed to shed light on the tactical and strategic aspects of Russia’s offensive computer network operations.

In fact, three civilian and intelligence agencies responsible for cyber security—the Estonian Information System Authority, Internal Security Service and Information Board—recently issued reports that help put together different pieces of the puzzle. The conclusion is that “in cyberspace, Russia is the source of the greatest threat to Estonia, the European Union and NATO.” Now policymakers on both sides of the Atlantic must decide what to do about it.

Russia has been developing and employing offensive cyber capabilities for years. Russian cyber threat groups consist of professional, highly skilled practitioners whose daily jobs are to prepare and carry out attacks. And they don’t go after low-hanging fruit; instead, they receive specific orders on which institutions to target and what kind of information is needed. Criminals, hacktivists, spies and others linked to Russian strategic interests are usually well-financed, persistent and technologically advanced. They have a wide range of tools and resources, including the ability to carry out denial-of-service attacks, develop sophisticated malware and exploit previously unknown software vulnerabilities. Russian threat actors cloak their identities by using remote servers and anonymizing services. They target everything from the mobile devices of individuals to the IT infrastructure of entire government agencies.

Often, Russian threat actors map target networks for vulnerabilities and conduct test attacks on those systems. After carrying out reconnaissance, they conduct denial-of-service attacks or try to gain user access. Common techniques include sending emails with malicious attachments, modifying websites to infect visitors with malware and spreading malware via removable media devices like USB drives. Once inside, they continue to remotely map networks, attempt to gain administrator-level access to the entire network and extract as much sensitive data as possible. Such access also lets them change or delete data if that’s what the mission requires. They’ll often go after the same targets for years to get what they need. They have the confidence that comes from perceived anonymity and impunity; if they make a mistake or fail, they’ll simply try again.

These tactical activities are carried out in pursuit of strategic objectives. In the long term, this includes undermining and, if possible, helping to dissolve the EU and NATO. Moscow also aims to foster politically divided, strategically vulnerable and economically weak societies on its periphery in order to boost its own ability to project power and influence on those countries’ decisions. Russian cyber threat actors help by stealing military, political or economic data that gives Russia advantages in what it sees as the zero-sum game of foreign relations. The exfiltrated data can be used to recruit intelligence agents or provide economic benefits to its companies. Cyber capabilities can also be used to carry out influence operations that undermine trust between the citizens and the state. Telling examples of that strategy include its multi-week distributed-denial-of-service (DDoS) attacks against Estonia in 2007, its coordinated attacks against Ukraine’s 2014 presidential elections and the false-flag operation against a French telecommunication provider in 2015.

Most worryingly, today’s intelligence operations can enable tomorrow’s military actions. Influence operations, including the use of propaganda and social media, can create confusion and dissatisfaction among the population. Denial-of-service attacks can inhibit domestic and international communication. Coordinated, plausibly deniable attacks on multiple critical national infrastructure sectors can disrupt the provision of vital services such as energy, water, or transportation. This can provide a context for the emergence of “little green men”. Malicious code can be weaponized to hinder military and law enforcement responses. Clearly, cyber capabilities have the potential to be a powerful new tool in the Kremlin’s not-so-new “hybrid warfare” toolbox. With enough resources and preparation, they can be used in attempts to cause physical destruction, loss of life and even to destabilize entire countries and alliances. Such operations could be but a decision or two away in terms of planning, and perhaps several months or years before implementation. What can be done about it?

Preventive and countermeasures exist at the personal, organizational, national and international levels. Individuals should take “cyber hygiene” seriously, since Russian threat actors target both personal and work devices. This includes employing basic security technologies, backing up data, not visiting dubious websites and not opening suspicious emails. Organizations that handle sensitive information should adopt stricter security policies, including for handling of work-related data on personal devices. Information systems managers must be especially vigilant since they are primary targets, and weak personal security on their part may compromise national security. For their part, governments must enact the basics: computer security laws, national cyber strategies, a police focus on cybercrime, national CERTs, public-private partnerships and capable intelligence agencies. They also need continuous training and exercises to keep relevant agencies prepared for their missions. Finally, global cooperation and expeditious exchange of information among cyber security firms, national computer security incident response teams (CSIRTs) and security services are key to identifying Russian attack campaigns and taking defensive countermeasures.

All such countermeasures comprise elements of a deterrence-by-denial strategy that aims to raise the cost of carrying out malicious operations. States have also undertaken diplomatic initiatives to manage the potential instability that could result from the use of weaponized code—namely confidence-building measures, norms of responsible state behavior and attempts to agree on international law. While laudable, none of these have curbed Russian cyber aggression in the short term. For example, Russia’s coordinated December 2015 attack on the Ukrainian electrical grid—highlighted in all three agencies’ reports—was clearly an attack on critical national infrastructure that violated tentative international norms signed by Russia, possibly even while the campaign was being prepared. Defensive and diplomatic countermeasures must be complemented by a cohesive strategy of deterrence-by-punishment by individual countries as well as like-minded allies.

Cyber threat actors with links to Russia (APT28/Sofacy/Pawn Storm, the Dukes/APT29, Red October/Cloud Atlas, Snake/Turla/Uroburos, Energetic Bear/DragonFly, Sandworm Team and others) target NATO members on a daily basis—mainly for espionage and influence operations. But a recent SCMagazineUK article claims that the FSB plans to spend up to $250 million per year on offensive cyber capabilities. “Particular attention is to be paid to the development and delivery of malicious programs which have the ability to destroy the command and control systems of enemy armed forces, as well as elements of critical infrastructure, including the banking system, power supply and airports of an opponent.” Clearly, we had better be prepared.