Category Archives: FBI

DNI/Grenell Gives Adam Schiff Ultimatum

Posted on by

Hey Adam….the transcripts are ready….are you? Release the documents.

Transcripts of closed-door interviews from Russia probe ... source

EXCLUSIVE — DNI TO SCHIFF: THE TRANSCRIPTS ARE READY TO RELEASE. A big development in the fight over 53 secret interviews the House Intelligence Committee conducted during its Trump-Russia investigation. Acting Director of National Intelligence Richard Grenell has sent a letter to chairman Adam Schiff notifying him that transcripts of all 53 interviews, over 6,000 pages in all, have been cleared for public release. “All of the transcripts, with our required redactions, can be released to the public without any concerns of disclosing classified material,” Grenell wrote to Schiff in a letter dated May 4.

The Intel Committee did the first probe into Russia’s 2016 campaign interference and allegations of Trump-Russia collusion. Even today, its findings make up most of what we know about the affair. As part of that investigation — it was run by then-majority Republicans — the committee interviewed some key witnesses in the Trump-Russia matter: Donald Trump Jr., Steve Bannon, Andrew McCabe, Sally Yates, Michael Cohen, Hope Hicks, and many more.

list2

The interviews were conducted in secret. But by September 2018, with the committee’s report long finished and made public, the Republicans who still controlled the committee decided the interview transcripts should be released to the public. In a rare moment of comity, Democrats agreed, and on September 26, 2018, the committee voted unanimously to release the transcripts. But there was a catch: The documents would have to first be checked for classified information by the Intelligence Community. So off they went to the IC — never to be seen again.

Now, in May 2020, they’re still secret. Two weeks ago, the Wall Street Journal editorial board reported that the IC had finished its review of 43 of the transcripts, but Schiff was refusing to release them. The paper said Schiff was also preventing declassification of the remaining ten transcripts.

In the letter, Grenell revealed that the 43 transcripts have been finished since June 2019. Schiff has been sitting on them all that time. Grenell said the final ten have just been finished as well. “I urge you to honor your previous public statements, and your committee’s unanimous vote on this matter, to release all 53 cleared transcripts to Members of Congress and the American public as soon as possible,” Grenell said. Just in case Schiff is still not interested, Grenell added, “I am also willing to release the transcripts directly from the Office of the Director of National Intelligence, as to ensure we comply with the unanimous and bipartisan vote to release the transcripts.”

One more thing. In March 2019 — that was when Democrats were newly in charge of the House and considering impeaching President Trump over the Russia matter — Schiff requested that the DNI “under no circumstances…share House Intelligence Committee transcripts with the White House, President Trump, or any persons associated with the White House or President.” Some Republicans viewed that as a dubious request, since some of the witnesses came from the White House. Nevertheless, Grenell complied. “Pursuant to your guidance, these transcripts have not been shared with the White House,” he wrote to Schiff.

The next move is up to Schiff. The chairman has shown no hesitation to keep secrets even when they involve non-classified information of great national interest. For example, Schiff is still concealing the committee’s impeachment inquiry interview with Michael Atkinson, at the time the Intelligence Community Inspector General, in the Ukraine matter. As for the Trump-Russia interviews, Republicans remember when Schiff claimed he had “direct evidence” of collusion — a charge special counsel Robert Mueller was never able to establish. Some GOP lawmakers believe the transcripts will help show that Schiff was making it up all along. It’s time for the public to learn that, too.

***

When Schiff continues to lie —> update: Schiff is moving to release them but not without trying to place blame.

Schiff accused the White House of “hijacking” the process during an interview with Politico in September. The outlet reported at the time that “Schiff still intends to release the bulk of the Russia transcripts in the near future.” Nearly a year later, he had not done so.

“All of the transcripts, with required redactions can be released to the public without any concerns of disclosing classified material,” Grenell’s letter said. “In the interests of transparency and accountability, I urge you to honor your previous public statements, and your Committee’s unanimous vote on this matter, to release all 53 cleared transcripts to all Members of Congress and the American public as soon as possible.”

The acting spy chief added: “I am also willing to release the transcripts directly from the ODNI, as to ensure we comply with the unanimous and bipartisan vote to release the transcripts.”

The declassification process by the ODNI was expected to take just a few weeks or months. Nearly two years later, GOP lawmakers and Trump administration officials blamed Schiff for the delay.

“Adam Schiff is thwarting the will of the House Intelligence Committee as expressed in the bipartisan vote in September 2018 to make these transcripts public,” one senior intelligence official told the Washington Examiner late last month. “He has appointed himself arbiter of what the public should see and has refused to allow the White House to review its own equities, making declassification of 10 of the transcripts impossible. It’s difficult to imagine any motive other than Schiff is still trying to control the narrative on Russia collusion.”

Schiff’s spokesperson said Wednesday, “We are now reviewing the proposed redactions from ODNI based on classification, law enforcement sensitivity, or items ODNI requests be for official-use only.” The official also cast doubt on the trustworthiness of the redactions, claiming that, “given the overtly political role now played by the Acting DNI, including the leak of his letter, this committee and the public can have little confidence that his determinations are made on the merits.”

The spokesperson added: “Our review of ODNI’s newly proposed redactions will be as expeditious as possible given the constraints of the pandemic, and we look forward to releasing these transcripts, which relate to misconduct by the Trump campaign and the president himself.”

Special counsel Robert Mueller’s 448-page report, released in April 2019, said his investigation found the Russians had interfered in the 2016 election in a “sweeping and systematic fashion” but that it “did not establish” any criminal conspiracy between the Trump campaign and Russia.

Led by Rep. Jim Jordan of Ohio, the ranking member on the House Oversight Committee, 27 GOP lawmakers said in a Tuesday letter that the delay was Schiff’s fault.

“We understand now that Chairman Schiff is blocking the release of these transcripts. This news, if accurate, is disturbing — especially in light of Chairman Schiff’s cries in 2019 for transparency regarding allegations that the Trump campaign colluded with Russia,” the congressmen said.

The 10 transcripts that Schiff successfully blocked the White House from viewing are from interviews of Trump son-in-law and White House senior adviser Jared Kushner, former chief executive for the Trump campaign Steve Bannon, former Obama deputy national security adviser Ben Rhodes, former Attorney General Loretta Lynch, former Deputy Attorney General Sally Yates, former U.S. Ambassador to the United Nations Samantha Power, former Obama national security adviser Susan Rice, former Trump campaign manager Corey Lewandowski, former White House deputy assistant Keith Schiller, and Mary McCord, a former assistant attorney general for national security who was involved in the FBI’s Russia investigation.

Among the 43 other witness interviews was testimony by former Director of National Intelligence James Clapper, Donald Trump Jr., White House adviser Hope Hicks, longtime Trump friend and recently convicted “fixer” Roger Stone, former Clinton campaign chairman John Podesta, and former FBI Deputy Director Andrew McCabe. Perkins Coie lawyers Michael Sussman, a former DOJ lawyer who passed along alleged details about Russian interference to former FBI general counsel James Baker, and Marc Elias, the chairman who was the Clinton campaign’s general counsel and who hired Fusion GPS on behalf of the campaign, were also among them.

 

 

GWB was Obsessed with Pandemic Preparations in 2005

Posted on by

The efforts of the Bush administration was intense over the ensuing three years, including exercises where cabinet officials gamed out their responses, but it was not sustained. Large swaths of the ambitious plan were either not fully realized or entirely shelved as other priorities and crises took hold.

“There was a realization that it’s no longer fantastical to raise scenarios about planes falling from the sky, or anthrax arriving in the mail,” said Tom Bossert, who worked in the Bush White House and went on to serve as a homeland security adviser in the Trump administration. “It was not a novel. It was the world we were living.”

According to Bossert, who is now an ABC News contributor, Bush did not just insist on preparation for a pandemic. He was obsessed with it.

“He was completely taken by the reality that that was going to happen,” Bossert said. In a November 2005 speech at the National Institutes of Health, Bush laid out proposals in granular detail — describing with stunning prescience how a pandemic in the United States would unfold. Among those in the audience was Dr. Anthony Fauci, the leader of the current crisis response, who was then and still is now the director of the National Institute of Allergy and Infectious Diseases.

Bush told the gathered scientists that they would need to develop a vaccine in record time.

“If a pandemic strikes, our country must have a surge capacity in place that will allow us to bring a new vaccine on line quickly and manufacture enough to immunize every American against the pandemic strain,” he said.

Bush set out to spend $7 billion building out his plan. His cabinet secretaries urged their staffs to take preparations seriously. The government launched a website, www.pandemicflu.gov, that is still in use today. But as time passed, it became increasingly difficult to justify the continued funding, staffing and attention, Bossert said.

“You need to have annual budget commitment. You need to have institutions that can survive any one administration. And you need to have leadership experience,” Bossert said. “All three of those can be effected by our wonderful and unique form of government in which you transfer power every four years.”

***

Then in 2006, enter Senator Burr:

The Pandemic and All-Hazards Preparedness and Advancing Innovation Act (PAHPAI) is legislation introduced and passed by the U.S. Congress in 2019 that aims to improve the nation’s preparation and response to public health threats, including both natural threats and deliberate man-made threats.[1]

A previous bill (with a near-identical name), the Pandemic and All-Hazards Preparedness Act (PAHPA), was signed into law in 2006 and reauthorized in 2013 in order to create a system that prepares for, and responds to, public health threats that could turn into emergencies.

The 2019 bill (PAHPAI) was introduced by U.S. Senators Richard Burr (R-NC), Bob Casey (D-PA), Lamar Alexander (R-TN), and Patty Murray (D-WA).[1] Congress passed the bill and sent it to President Trump for his signature in June 2019. (The bill number is S. 1379).

What went on at the State level during all this time? Well in recent years, there was an exercise called Crimson Contagion.

Crimson Contagion 2019 was/is a Functional Exercise, a national level exercise series conducted to detect gaps in mechanisms, capabilities, plans, policies, and procedures in the event of a pandemic influenza.  Current strategies include the Biological Incident Annex to the Response and Recovery Federal Interagency Operational Plans (2018), Pandemic Influenza Plan (2017 Update), Pandemic Crisis Action Plan Version 2.0, and CDC’s Pandemic Influenza Appendix to the Biological Incident Annex of the CDC All-Hazard Plan (December 2017). These plans, updated over the last few years, were tested by the functional exercise with emphasis on the examination of strategic priorities set by the NSC. Specifically, examined priorities include operational coordination and communications, stabilization and restoration of critical lifelines, national security emergencies, public health emergencies, and continuity. The Crimson Contagion 2019 Functional Exercise included participation of almost 300 entities – 19 federal departments and agencies, 12 states, 15 tribal nations and pueblos, 74 local health departments and coalition regions, 87 hospitals, 40 private sector organizations, and 35 active operations centers. The scenario was a large-scale outbreak of H7N9 avian influenza, originating in China but swiftly spreading to the contiguous US with the first case detected in Chicago, Illinois. Continuous human-to-human transmission of the H7N9 virus encourages its spread across the country and, unfortunately, the stockpiles of H7N9 vaccines are not a match for the outbreak’s strain; however, those vaccines are serviceable as a priming dose. Also, the strain of virus is susceptible to Relenza and Tamiflu antiviral medications. The exercise was intended to deal with a virus outbreak that starts overseas and migrates to the US with scant allocated resources for outbreak response and management, thereby forcing the Department of Health and Human Services (HHS) to include other agencies in the response. To do so, the exercise began 47 days after the identification of the first US case of H7N9 in Chicago, otherwise known as STARTEX conditions. Then, the HHS declared the outbreak as a Public Health Emergency (PHE), the World Health Organization (WHO) declared a pandemic, and the President of the United States declared a National Emergency under the National Emergencies Act. As was the case in the 1918 Great Influenza, transmissibility is high and cases are severe. At STARTEX, there are 2.1 million illnesses and 100 million forecasted illnesses as well as over half a million forecasted deaths. As the pandemic progresses along the epidemiological curve, the overarching foci of the federal-level response adjusts across four phases:

  1. Operational coordination with public messaging and risk communication
  2. Situational awareness, information sharing, and reporting
  3. Financing
  4. Continuity of operations

The outcome of the Crimson Contagion is that vaccine development is the silver bullet to such an outbreak, but there are complications beyond its formulation. Namely, the minimization of outbreak impact prior to vaccine development and dispersal, strategy for efficient dissemination of the vaccine across the country, allocation of personal protective equipment (PPE), and high expense of vaccine development and PPE acquisitions. The exercise concluded that HHS requires about $10 billion in additional funding immediately following the identification of a novel strain of pandemic influenza. The low inventory levels of PPE and other countermeasures are a result of insufficient domestic manufacturing in the US and a lack of raw materials maintained within US borders.  Additionally, the exercise revealed six key findings:

  1. Existing statutory authorities, policies, and funding of HHS are insufficient for a federal response to an influenza pandemic
  2. Current planning fails to outline the organizational structure of the federal government response when HHS is the designated lead agency; planning also varies across local, state, territorial, tribal, and federal entities
  3. There is a lack of clarity in operational coordination regarding the roles and responsibility of agencies as well as in the coordination of information, guidance, and actions of federal agencies, state agencies, and the health sector
  4. Situation assessment is inefficient and incomplete due to the lack of clear guidance on the information required and confusion in the distribution of recommended protocols and products
  5. The medical countermeasures supply chain and production capacity are currently insufficient to meet the needs of the country in the event of pandemic influenza
  6. There is clear dissemination of public health and responder information from the CDC, but confusion about school closures remains.

A few years go, DHS published the National Response Framework Second Edition May 2013 and later,  FEMA published a 143 page report known as the Biological Incident Annex to the Response and Recovery Federal Interagency Operational Plans Final – January 2017

as a follow up to the work that began in 2008.

Many things certainly were going on that otherwise have not received media attention and the above is by no means a full accounting. The above is only referenced for perspective and context.

So while so many are working to find a single solution to Covid 19, there is not one cure but more in the realm of hundreds or perhaps thousands. Furthermore, while so many want to place blame, that too is misguided to point to U.S. politicians and medical experts. When it comes to Dr. Fauci or Bill Gates and his Event 201, understand that every medical counter-measure to pandemics call for growing viruses in laboratories and getting patents for the work each does including pharmaceutical companies and universities. We of course have the bureaucracy of clinical trials and they do take lots of time to launch and process.

Slow down readers, stop with the blame games, stop with finding fault, let’s deal with the here and now to get this behind us, never to repeat. If anything, blame the Communist Party of China, begin and end there and re-examine national policy with Beijing.

Vendors Return in Wuhan as China Prepares COVID-19 ... source

While Pelosi and Schiff have a new oversight commission led by Congressman Clyburn, which was in the $2T stimulus bill, so what? You say it is just another plot to go for another impeachment of President Trump? Nah…it is only the Democrats and media’s plot and wont happen. A full investigation of all things Covid 19 would hardly be completed by 2024.

Oh yeah, for those of you angry at Senator Burr for selling stock, we dont know how many in congress did sell stock. Remember, Senator Burr authored that pandemic bill in 2006….and it was signed into law.

Senators did receive a closed-door briefing on the virus on Jan. 24, which was public knowledge. A separate briefing was held Feb. 12 by the Senate Health, Education, Labor and Pensions Committee, which Burr is a member of. It’s unclear if he attended either session.

One must ask if the Senate Intelligence Committee received the briefing, who gave the briefing and did that same briefing happen in the House? That is always the policy. If so, how come the Chairman of the House Intelligence Committee, you know, Adam Schiff never said a thing about it. Inquiring minds want to know.

Meanwhile….

Just follow hygiene rules and let’s get America into full restoration mode…FAST.

 

 

 

Zoom Bombing, don’t be Fooled

Posted on by

So, there are several online conference video chat platforms now being used while businesses continue to operate even while doing the stay at home thing. We are aware of course of the common Skype platform, Uber Conference and gaining huge popularity is Zoom.

Warning to the healthcare industry: Since the United States has launched full tele-health platforms, all parties involved in the session(s) should watch carefully the platform(s) for cyber weirdness. All the same warnings and watchful eyes should be applied to the military across the spectrum as forces too are working from remote locations.

How to Record Zoom Meeting on PC, iPhone

In recent days, I have seen reports of Zoom conference/meeting events getting bombed by rogue players. Every nation while struggling to overcome the pandemic, governments and companies are quite vulnerable to breaches of cyber security due to limited employee resources. What better time for bad actors (read China) to attack?

Zoom has also seen a sharp increase in usage, but the attention the teleconferencing solution is receiving continues to be decidedly mixed. TechCrunch reports that researcher Patrick Wardle has found two local security flaws in Zoom’s macOS client.

***

While Zoom has certainly drawn investors’ eyes in a good way, it’s also attracted the ministrations of white hat researchers, cybercriminals, the plaintiffs’ bar, and state attorneys general. The platform’s encryption isn’t really end-to-end, the Intercept reports. Instead, it uses familiar transport encryption, which gives Zoom itself the potential to access its users’ traffic. The FBI’s Boston Field Office has issued a detailed warning about the ways in which criminals (conventional criminals out for gain, sleazy hacktivists, and skids out for the lulz) have been able to meddle with Zoom sessions. Check Point describes the ways in which criminals have registered domains that include the name “zoom;” these domains are of course up to no good at all. Zoom was also discovered to have been sharing analytic data with Facebook, a practice Zoom halted after it came to public attention, but not in time to forestall a class action suit under California’s Unfair Competition Law, Consumers Legal Remedies Act, and Consumer Privacy Act. And the New York Times reports that all of this news has prompted New York State’s Attorney General to ask Zoom for an explanation of its privacy and security policies.

So, as I was researching for this piece, I received an email from a distant buddy that read in part:

The government has sought the assistance of outside software experts to move online meetings. In one particular instance, my email buddy noted the following”

I have a Zoom warning. We had a Council meeting this afternoon and it had to end immediately. Fortunately, the Council was 99% finished with the meeting. The reason for ending the meeting is because we were Zoom Bombed (yup this is really the name for it). A participant joined the meeting late and his name was Mr. Off. His first name was Jack and he had a middle name “Me”. You can imaging the video. It was horrible. There were three hosts of the meeting that could control participants. The hosts could not see this participant so they didn’t think anything was wrong. Clearly, the hack knows how to enter a meeting without the controlling hosts knowing what is going on. I saw it and ordered the meeting end immediately. The Chair couldn’t see it and was wondering what to heck was wrong with me. It took about 5 more long seconds for me to yell at people to leave the meeting. We all jumped back on the meeting in five minutes and Mr. Off joined the meeting again.

I will add that only half the participants actually saw the act. We also caught it in time to not have it go live on cable or YouTube. Another participant actually viewed video of three other participants that no one else could see and were likely ready to Bomb the meeting.

In the future, we will use passwords for participants. This is unfortunate for the public because they wont be able to join the Zoom part of the meeting. They will still be able to watch it live on local cable and YouTube. We will set up an email and telephone for public comment if the agenda item requires public comment.

I highly recommend you use passwords for future meetings.

Seems we have a new kind of cyber terrorism going on here….espionage at a silent/covert level. Perhaps we can get some kind of press release from the NSA or something.

 

 

FBI Abuse of FISA Much Worse per New Report

Posted on by

FBI problems with FISA warrants extend beyond Russia case, DOJ watchdog warns

The Justice Department’s chief watchdog issued an extraordinary warning Tuesday that the FBI is failing to follow its own rules when pursuing surveillance warrants in sensitive intelligence and terrorism cases, confirming that problems first exposed in the Russia collusion probe extend to other cases.

Among the problems cited was a failure by agents to substantiate allegations submitted to courts, similar to the missteps the FBI made in failing to ensure allegations in the Steele dossier back in 2016 were verified before securing a FISA warrant targeting the Trump campaign and former adviser Carter Page.

The report found that investigators:

  • could not review original Woods Files for four of the 29 selected FISA applications because the FBI has not been able to locate them and, in 3 of these instances, did not know if they ever existed;
  • identified apparent errors or inadequately supported facts in all of the 25 applications we reviewed;
  • identified deficiencies in documentary support and application accuracy;
  • interviewed FBI officials who indicated to us that there were no efforts by the FBI to use existing FBI and National Security Division oversight mechanisms to perform comprehensive, strategic assessments of the efficacy of the Woods Procedures or FISA accuracy.

Sen. Charles Grassley, R-Iowa, a senior member of the Judiciary Committee who played a key role in exposing FISA abuses during the Russia probe, said Horowitz’s memo show the problems first exposed with the faulty Carter Page warrant were “just the tip of the iceberg.”

“Not a single application from the past five years reviewed by the inspector general was up to snuff. That’s alarming and unacceptable,” Grassley said.

“The FBI has an important job to protect our national security, but it does not have carte blanche to routinely erode the liberties of Americans without proper justification. Oversight mechanisms like the Woods Procedures exist for a reason, and if the FBI wants to restore its reputation among the American people, it had better start taking them seriously,” he added.

Sally Moyer not ‘Agent 5’ in IG report on FBI source

The final report just issued in .pdf is found here.

Additionally, NR has this summary in part:

Horowitz’s office said in a report released Tuesday that of the 29 applications — all of which involved U.S. citizens – that were pulled from “8 FBI field offices of varying sizes,” the FBI could not find Woods Files for four of the applications, while the other 25 all had “apparent errors or inadequately supported facts.”

“While our review of these issues and follow-up with case agents is still ongoing—and we have not made materiality judgments for these or other errors or concerns we identified—at this time we have identified an average of about 20 issues per application reviewed, with a high of approximately 65 issues in one application and less than 5 issues in another application,” the report reveals.

The Woods Procedure dictates that the Justice Department verify the accuracy and provide evidentiary support for all facts stated in its FISA application. The FBI is required to share with the FISA Court all relevant information compiled in the Woods File when applying for a surveillance warrant.

“FBI and NSD officials we interviewed indicated to us that there were no efforts by the FBI to use existing FBI and NSD oversight mechanisms to perform comprehensive, strategic assessments of the efficacy of the Woods Procedures or FISA accuracy, to include identifying the need for enhancements to training and improvements in the process, or increased accountability measures,” the report states.

The OIG concludes by recommending that the FBI “systematically and regularly examine the results of past and future accuracy reviews to identify patterns or trends in identified errors” relating to the Woods Procedure, as well as double-checking “that Woods Files exist for every FISA application submitted to the FISC in all pending investigations.”

In a letter acknowledging the audit, FBI Associate Deputy Director Paul Abbate said that the issues “will be addressed” by the Bureau’s already-issued correctives after the Carter Page review, and added that “the FBI fully accepts the two recommendations.”

McCabe admitted in January that the FBI has an “inherent weakness in the process” of obtaining FISA warrants.

Google Sent Users 40,000 Warnings

Posted on by

Primer questions: Did other tech companies do the same and if so, how many? What does Congress know and where are they with a real cyber policy?

Google’s threat analysis group, which counters targeted and government-backed hacking against the company and its users, sent account holders almost 40,000 warnings in 2019, with government officials, journalists, dissidents, and geopolitical rivals being the most targeted, team members said on Thursday.

The number of warnings declined almost 25 percent from 2018, in part because of new protections designed to curb cyberattacks on Google properties. Attackers have responded by reducing the frequency of their hack attempts and being more deliberate. The group saw an increase in phishing attacks that impersonated news outlets and journalists. In many of these cases, attackers sought to spread disinformation by attempting to seed false stories with other reporters. Other times, attackers sent several benign messages in hopes of building a rapport with a journalist or foreign policy expert. The attackers, who most frequently came from Iran and North Korea, would later follow up with an email that included a malicious attachment.

Color-coded Mercator projection of the world.

“Government-backed attackers regularly target foreign policy experts for their research, access to the organizations they work with, and connection to fellow researchers or policymakers for subsequent attacks,” Toni Gidwani, a security engineering manager in the threat analysis group, wrote in a post.

Top targets

Countries with residents that collectively received more than 1,000 warnings included the United States, India, Pakistan, Japan, and South Korea. Thursday’s post came eight months after Microsoft said it had warned 10,000 customers of nation-sponsored attacks over the 12 previous months. The software maker said it saw “extensive” activity from five specific groups sponsored by Iran, North Korea, and Russia.

Thursday’s post also tracked targeted attacks carried out by Sandworm, believed to be an attack group working on behalf of the Russian Federation. Sandworm has been responsible for some of the world’s most severe attacks, including hacks on Ukrainian power facilities that left the country without electricity in 2015 and 2016, NATO and the governments of Ukraine and Poland in 2014, and according to Wired journalist Andy Greenberg, the NotPetya malware that created worldwide outages, some that lasted weeks.

The following graph shows Sandworm’s targeting of various industries and countries from 2017 to 2019. While the targeting of most of the industries or countries was sporadic, Ukraine was on the receiving end of attacks throughout the entire three-year period:

Sandworm’s targeting efforts (mostly by sector) over the last three years.
Enlarge / Sandworm’s targeting efforts (mostly by sector) over the last three years.
Google

Tracking zero-days

In 2019, the Google group discovered zero-day vulnerabilities affecting Android, iOS, Windows, Chrome, and Internet Explorer. A single attack group was responsible for exploiting five of the unpatched security flaws. The attacks were used against Google, Google account holders, and users of other platforms.

“Finding this many zeroday exploits from the same actor in a relatively short time frame is rare,” Gidwani wrote.

The exploits came from legitimate websites that had been hacked, links to malicious websites, and attachments embedded in spear-phishing emails. Most of the targets were in North Korea or were against individuals working on North Korea-related issues.

The group’s policy is to privately inform developers of the affected software and give them seven days to release a fix or publish an advisory. If the companies don’t meet that deadline, Google releases its own advisory.

One observation that Google users should note: of all the phishing attacks the company has seen in the past few years, none has resulted in a takeover of accounts protected by the account protection program, which among other things makes multifactor authentication mandatory. Once people have two physical security keys from Yubi or another manufacturer, enrolling in the program takes less than five minutes.