Category Archives: Gangs and Crimes

The Russians Hacked the NSA? Ah…What?

Posted on by

This is bad bad bad….and panic has struck Washington DC ….payment is to be in Bitcoins…

Graphics of files below courtesy of Arstechnica.

    

More here in further detail.

*****

Most outside experts who examined the posts, by a group calling itself the “Shadow Brokers,” said they contained what appeared to be genuine samples of the code — though somewhat outdated — used in the production of the NSA’s custom-built malware. Most of the code was designed to break through network firewalls and get inside the computer systems of competitors like Russia, China and Iran. That, in turn, allows the NSA to place “implants” in the system, which can lurk unseen for years and be used to monitor network traffic or enable a debilitating computer attack.  More here.

NSA and the No Good, Very Bad Monday

LawFare: Monday was a tough day for those in the business of computer espionage. Russia, still using the alias Guccifer2.0, dumped even more DNC documents. And on Twitter, Mikko Hypponen noted an announcement on Github that had gone overlooked for two days, a group is hosting an auction for code from the “Equation Group,” which is more commonly known as the NSA. The auctioneer’s pitch is simple, brutal, and to the point:

How much you pay for enemies cyber weapons? Not malware you find in networks. Both sides, RAT + LP, full state sponsor tool set? We find cyber weapons made by creators of stuxnet, duqu, flame. Kaspersky calls Equation Group. We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files.

This release included two encrypted files, and the password to one was provided as proof while the other remains encrypted. The attackers claim that they will provide the password to the second file to the winner of a Bitcoin auction.

The public auction part is nonsense. Despite prevailing misconceptions on cryptocurrency, Bitcoin’s innate traceability means that no one could really expect to launder even $1M out of a high profile Bitcoin wallet like this one without risking detection, let alone the $500M being requested for a full public release. The auction is the equivalent of a criminal asking to be paid in new, marked, sequential bills. Because the actors here are certainly not amateurs, the auction is presumably a bit of “Doctor Evil” theater—the only bids will be $20 investments from Twitter jokesters.

But the proof itself appears to be very real. The proof file is 134 MB of data compressed, expanding out to a 301 MB archive. This archive appears to contain a large fraction of the NSA’s implant framework for firewalls, including what appears to be several versions of different implants, server side utility scripts, and eight apparent exploits for a variety of targets.

The exploits themselves appear to target Fortinet, Cisco, Shaanxi Networkcloud Information Technology (sxnc.com.cn) Firewalls, and similar network security systems. I will leave it to others to analyze the reliability, versions supported, and other details. But nothing I’ve found in either the exploits or elsewhere is newer than 2013.

Because of the sheer volume and quality, it is overwhelmingly likely that this data is authentic. And it does not appear to be information taken from compromised targets. Instead, the exploits, binaries with help strings, server configuration scripts, 5 separate versions of one implant framework, and all sort of other features indicate that this is analyst-side code—the kind that probably never leaves the NSA.

It is also unlikely that this data is from the Snowden cache. Those documents focused on PowerPoint slides and shared data, not detailed exploits. Besides NSA, the only plausible candidate for ownership is GCHQ—and the implications of stealing Top Secret data from GCHQ and modifying it to frame the NSA would themselves be startling.

All this is to say that there is relatively high confidence that these files contain genuine NSA material.

From an operational standpoint, this is not a catastrophic leak. Nothing here reveals some special “NSA magic.” Instead, this is evidence of good craftsmanship in a widely modular framework designed for ease of use. The immediate consequence is probably a lot of hours of work down the drain.

But the big picture is a far scarier one. Somebody managed to steal 301 MB of data from a TS//SCI system at some point between 2013 and today. Possibly, even probably, it occurred in 2013. But the theft also could have occurred yesterday with a simple utility run to scrub all newer documents. Relying on the file timestamps—which are easy to modify—the most likely date of acquisition was June 11, 2013 (see Update, however). That is two weeks after Snowden fled to Hong Kong and six days after the first Guardian publication. That would make sense, since in the immediate response to the leaks, as the NSA furiously ran down possible sources, it may have accidentally or deliberately eliminated this adversary’s access.

As with other recent cyber conflicts, the  espionage aspect is troubling but not entirely new. It’s very, very bad that someone was able to go rummaging through a TS//SCI system—or even an unclassified Internet staging system where the NSA operator unwisely uploaded all this data—and to steal 300 MB of data. But whoever stole this data now wants the world to know—and that has much graver implications. The list of suspects is short: Russia or China. And in the context of the recent conflict between the US and Russia over election interference, safe money is on the former.

Right now, I’d imagine that the folks at NSA are having rather unpleasant conversations about what the other encrypted file might contain, and what other secrets this attacker may have gained access to. Even if they were aware of the attack that resulted in this leak, there’s no way of knowing what is in the other archive. Is there evidence of another non-Snowden insider who went silent three years ago? Was a TS//SCI system remotely compromised? Was there some kind of massive screw-up at an agency which prides itself on world class OPSEC? Some combination of the three?

And—most chillingly—what else might be released before this war of leaks is over?

 

Update:  Thanks to @botherder for pointing out that a couple files have a newer date:  One file has a date of June 17th, 2013; another has a date of July 5th, 2013; three setup strips are dated September 4th, 2013; and two have dates of October 18th 2013.  One of those files (which I’m currently investigating) is the database of allocated Ethernet MAC addresses, which may be able to identify a later minimum date of compromise.  If the latter date of October 18th, 2013 is correct, this is even more worrysome, as this suggests that the compromise happened four months after the initial Snowden revelations—a period of time when the NSA’s systems should have been the most secure.

Update 2: Looking at the dates again, it now does seem somewhat likely that this was data copied on June 11th, 2013 with a few updates with a compromise after October 18th.  This does make it more likely that this was taken from a set of files deliberately moved onto a system on the Internet used for attacking others.  To my mind, this is actually an even scarier possibility than the NSA internal system compromise: This scenario would have the NSA, after the Snowden revelations, practicing some incredibly awful operational security.  Why should the NSA include five different versions of the same implant on a system used to attack other systems on the Internet?  Let alone implants which still have all the debugging strings, internal function names, and absolutely no obfuscation?

Update 3: Kaspersky confirms that the particular use of RC6 matches the unique design present in other Equation Group malcode.  XORcat apparently confirmed that the Cisco exploit works and, due to the versions it can attack, was a zero day at the time.  This exploit would generally work to take over a firewall from the inside of a target network since it did require limited access that is almost always blocked from the outside.

*****

In part from the WashingtonPost:

A cache of hacking tools with code names such as Epicbanana, Buzzdirection and Egregiousblunder appeared mysteriously online over the weekend, setting the security world abuzz with speculation over whether the material was legitimate.

The file appeared to be real, according to former NSA personnel who worked in the agency’s hacking division, known as Tailored Access Operations (TAO).

“Without a doubt, they’re the keys to the kingdom,” said one former TAO employee, who spoke on the condition of anonymity to discuss sensitive internal operations. “The stuff you’re talking about would undermine the security of a lot of major government and corporate networks both here and abroad.”

Said a second former TAO hacker who saw the file: “From what I saw, there was no doubt in my mind that it was legitimate.”

“Faking this information would be monumentally difficult, there is just such a sheer volume of meaningful stuff,” Nicholas Weaver, a computer security researcher at the University of California at Berkeley, said in an interview. “Much of this code should never leave the NSA.”

The tools were posted by a group calling itself the Shadow Brokers using file-sharing sites such as BitTorrent and DropBox.

At the same time, other spy services, like Russia’s, are doing the same thing to the United States.

It is not unprecedented for a TAO operator to accidentally upload a large file of tools to a redirector, one of the former employees said. “What’s unprecedented is to not realize you made a mistake,” he said. “You would recognize, ‘Oops, I uploaded that set’ and delete it.”

Critics of the NSA have suspected that the agency, when it discovers a software vulnerability, frequently does not disclose it, thereby putting at risk the cybersecurity of anyone using that product. The file disclosure shows why it’s important to tell software-makers when flaws are detected, rather than keeping them secret, one of the former agency employees said, because now the information is public, available for anyone to employ to hack widely used Internet infrastructure. Read the full article here.

Private Contractors Left without Escape Plan in Afghanistan

Posted on by

The next Benghazi? State Department leaves contractors in Afghanistan without escape plan

Circa: The concerns are heightened by the fact that many of those civilians doing the security and nation-building work of the U.S. government hold sensitive security clearances, making them an attractive target for the enemy.

And the situation could become even more precarious after the U.S. military in Afghanistan draws down to just 8,400 troops by year’s end.

“It’s not just a political nightmare for somebody, it’s people’s lives at stake,” said Kevin Ofchus, head of Georgia-based firm Host Nations Perspectives Southwest Asia (HNPSWA) that has security contracts in Afghanistan.

The current situation

“The State Department says there’s a lack of infrastructure to support an emergency response after we’ve spent 15 years and billions of dollars on infrastructure,” he added.

Ofchus’s company is a member of the State Department’s Overseas Security Advisory Committee, and it chairs the Crisis Management Advisory Subcommittee in Kabul, which advises companies about security working in hot-zones.

And his sentiments are widely shared by a dozen other federal contractors in theater interviewed by Circa, some of whom would only talk on condition of anonymity because they feared reprisal from Washington.

“I was told ‘don’t bother going to Kabul, grab your weapon and fight your way through until you can reach an aircraft’ or whatever,” said one contractor working in Afghanistan, who spoke on condition of anonymity.

“I don’t think any of us count on State Department to have their shit together. I’ve never seen, heard or prepared for any evacuation plan.”

— -Anonymous contractor

So is there a plan?

State Department officials told Circa that there is an evacuation plan, but they could not release any details about it because it was classified.

Mike Warren, a security director for the USAID-backed Mining Investment and Development for Afghanistan Sustainability Project, known as MIDAS, says he believes State has a very remedial plan but it fails on almost every security protocol.

“The Department of State, in close coordination with the Department of Defense, has a crisis response plan for Afghanistan that encompasses civilians and contractors. U.S. Forces-Afghanistan, in close coordination with the U.S. Embassy in Kabul, maintains a classified Non-Combatant Evacuation Operations plan to support the chief of mission,” the department wrote in an email.

“I know the U.S. Embassy was working on a plan, but it’s a shell of what they need,” Warren said in a phone interview from Kabul. “There appears to be a lack of coordinated effort between the U.S. Embassy and the American companies and personnel here in Afghanistan.”

“I know the U.S. Embassy was working on a plan, but it’s a shell of what they need.”

— Mike Warren, security director for MIDAS

Circa obtained a Memorandum of Understanding (MOU) between the State Department and Department of Defense governing the protection and evacuation of U.S. citizens and nationals from threatened areas overseas. The document specifically outlines the duties and requirements of the various agencies.

The Secretary of State “will prepare the plans for the protection and evacuation of all U.S. citizens and nationals and designated other persons abroad, including the Department of Defense (non-combatants).” More terrifying details here from Circa.

*****

In part: Now, as President Obama prepares to hand off combat operations in Iraq, Afghanistan, Syria, and elsewhere, to his successor, he’s also bequeathing a way of war that relies on large numbers of guns-for-hire while, at least formally, restricting the number of American “troops” sent overseas. Since 2009, the ratio of contractors to troops in war zones has increased from 1 to 1 to about 3 to 1.

Private military contractors perform tasks once thought to be inherently governmental, such as raising foreign armies, conducting intelligence analysis and trigger-pulling. During the Iraq and Afghanistan wars, they constituted about 15 percent of all contractors. But don’t let the numbers fool you. Their failures have an outsized impact on U.S. strategy. When a squad of Blackwater contractors killed 17 civilians at a Bagdad traffic circle in 2007, it provoked a firestorm in Iraq and at home, marking one of the nadirs of that war.

Contractors also encourage mission creep, because contractors don’t count as “boots on the ground.” Congress does not consider them to be troops, and therefore contractors do not count again troop-level caps in places like Iraq. The U.S. government does not track contractor numbers in war zones. As a result, the government can put more people on the ground than it reports to the American people, encouraging mission creep and rendering contractors virtually invisible.

For decades now, the centrality of contracting in American warfare—both on the battlefield and in support of those on the battlefield—has been growing. During World War II, about 10 percent of America’s armed forces were contracted. During the wars in Iraq and Afghanistan, that proportion leapt to 50 percent. This big number signals a disturbing trend: the United States has developed a dependency on the private sector to wage war, a strategic vulnerability. Today, America can no longer go to war without the private sector. More here from DefenseOne.

The Larger Covert Actions by Soros, Access, Policy, Chaos

Posted on by
Go here for communications regarding the United StatesGo here for global actions by Soros.
The manipulation is epic as is his influence on policy, money and mandates. His access to powerbrokers can never fully be known or understood. Bottom-line is chaos. Below should help.
Full list of Soros NGOs manipulating elections in all EU member states

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

National Guard Activated in Milwaukee, it Began this Way

Posted on by

Sylville Smith: 5 Fast Facts You Need to Know, Courtesy of Heavy
sylville smith, syville smith, sylville smith milwaukee, sylville smith police shooting, sylville smith photos, sylville smith pictures, sylville smith facebook

Sylville Smith was fatally shot by police in Milwaukee, Wisconsin, leading to riots in the city’s North Side. (Facebook)

A 23-year-old black man armed with a stolen gun was fatally shot Saturday afternoon by police in Milwaukee during a foot pursuit, authorities say.

The man has been identified as Sylville Smith, police said. Smith was shot in the chest and arm, Milwaukee Mayor Tom Barrett said.

He fled from a car during a traffic stop Saturday about 2:30 p.m. in the Wisconsin city’s North Side, police said in a press release. He was chased by two officers and was shot during the foot pursuit, according to police.

Peaceful protests turned to violent unrest Saturday night. One police officer was hospitalized after a brick was thrown through his windshield. Three others were hospitalized with unspecified injuries, but all were released by Sunday morning. Six buildings and several vehicles were burned, including a police car. Seventeen arrests were made, officials said.

The scene was calm Sunday morning, with community members gathering to cleanup and hold a prayer service. Governor Scott Walker activated the state’s National Guard as a precaution. They will be available to assist police Sunday if needed.

The investigation into the shooting is being conducted by the Wisconsin Department of Justice’s Division of Criminal Investigation. The Milwaukee County District Attorney’s Office will then review the findings of that investigation.

The officer who shot Smith has been placed on administrative leave. His name has not been released, but police say he is a 24-year-old man who has been with the department for six years. He has worked as an officer for three years.

The officer is black, Police Chief Edward Flynn said Sunday at a press conference.

1. The Officers at the Scene of the Shooting Were Wearing Body Cameras, the Mayor Says

Milwaukee Police say the incident began when two uniformed officers stopped a car with two people inside in the 3200 block of North 44th Street about 3:30 p.m. Saturday.

“Shortly after stopping the suspects, both occupants fled from the car on foot. The officers pursued the suspects, and during the foot pursuit one officer shot one suspect, armed with a semiautomatic handgun,” police said in a press release.”

Sylville Smith died at the scene, police said.

The shooting happened in a yard in the 3200 block of North 44th Street, police said.

Police said the other suspect, who has not been named, was taken into custody and is facing charges.

Mayor Tom Barrett said the two officers involved in the chase and shooting were wearing body cameras, WISN-TV reports. The cameras were operational, Barrett said.

He said the officer ordered the man to drop his gun twice and then fired several times when he refused. Barrett said a photo from the body camera clearly shows Smith had the gun in his hand when he was killed.

2. A Loaded Gun Stolen From a Home During a Burglary Was Found After the Shooting

Police said the semiautomatic handgun recovered at the scene was stolen in a burglary from a home in Waukesha, Wisconsin, in March 2016. The burglary victim said 500 rounds of ammunition were also taken.

Mayor Tom Barrett told reporters the gun was loaded, according to The Associated Press.

“This stop took place because two officers … saw suspicious activity,” Barrett said. “There were 23 rounds in that gun that that officer was staring at. I want to make sure we don’t lose any police officers in this community, either.”

Milwaukee Police Assistant Chief Bill Jessup told the Journal Sentinel it has not been determined if the gun was pointed at the officer or if shots were fired by the suspect.

“That officer had to make a split-second decision when the person confronted him with a handgun,” Jessup said. “This is a risk they take every day on behalf of our community.”

The shooting came after five fatal shootings during a nine-hour stretch from Friday night to Saturday morning. It occurred just blocks from three of those homicides, police told the Journal Sentinel.

“As everyone knows, this was a very, very violent 24 hours in the city of Milwaukee,” Jessup said. “Our officers are out here taking risks on behalf of the community and making split-second decisions.”

3. Smith’s Criminal Record, Which Police Called ‘Lengthy,’ Included a Misdemeanor Conviction for Carrying a Concealed Weapon & Traffic Offenses

Police said in a press release that the 23-year-old man who was fatally shot had a “lengthy arrest record.”

A search of Wisconsin court records revealed several arrests, but only one misdemeanor conviction for Sylville Smith. His record also included traffic offenses. No felony convictions were found.

The misdemeanor conviction, for carrying a concealed weapon, came in July 2014. He pleaded guilty to the charge and was fined $443 and ordered to serve one day in jail.

His record also included guilty findings on traffic offenses for speeding, operating a motor vehicle without insurance, possession of open intoxicants in a motor vehicle and operating a motor vehicle with a suspended license.

Smith was arrested in 2015 on a charge of intimidating a witness by a person charged with a felony, which is itself a felony offense. The case was dropped later that year by the prosecutor.

He was also charged with first-degree recklessly endangering safety, a felony, and misdemeanor possession of THC earlier in 2015. Those charges were dismissed by a judge based on a motion by the defense.

According to the Journal Sentinel, both cases stemmed from a February 2015 shooting in which he was a suspect.

Smith was accused of calling his girlfriend from jail to tell her to call the victim in the shooting case to get him to fill out a sworn affidavit saying Smith didn’t commit the crime, according to court documents obtained by the Journal Sentinel.

The victim recanted his identification of Smith and the case was dropped after the victim did not show up to court and was uncooperative, the newspaper reports.

In 2013, Smith was charged with retail theft, but that case as also dropped by the prosecutor. Go here for more details, facts and videos from Heavy.

 

Who in Govt is Whistleblowing on Immigration/Asylum Detention?

Posted on by
This event was hosted by Jones Day Law firm in Washington DC. The policies currently being applied by DHS, ICE and Customs and Border Patrol have officially been challenged as noted in this video of the The U.S. Commission on International Religious Freedom and Human Rights First hosted a discussion on removal and detention of refugees seeking asylum in the U.S.

See the video here. While the session was almost 4 hours, please take the time to listen to the first two panelists…that will explain their mission and the links below. Moving forward, you will be able to better understand Barack Obama’s presentation next month at the United Nations, Jeh Johnson’s position and that of presidential candidate Hillary Clinton. Note that at no time is there a discussion about creating conditions by which globally migrants, refugees, asylum seekers would not have to leave their home countries in the first place.

Note also that the real human rights violations are happening in home countries yet no country leadership be it Mexico, El Salvador, Honduras, Syria, Iraq or Sudan has been brought before any tribunal for violations or war crimes.

2015 Annual Report

Click here to view USCIRF’s 2015 Annual Report

Click here to view USCIRF’s 2015 Annual Report Transmission Letters

2015 Annual Report Introduction

2015 Annual Report Overview

2015 Annual Report Prisoner Lists

It is a division of the State Department called United States Commission on International Religious FreedomUnited States Commission on International Religious Freedom

The Office of International Religious Freedom has the mission of promoting religious freedom as a core objective of U.S. foreign policy. The office is headed by the Ambassador-at-Large for International Religious Freedom, David N. Saperstein. We monitor religious persecution and discrimination worldwide, recommend and implement policies in respective regions or countries, and develop programs to promote religious freedom.

Given the U.S. commitment to religious freedom, and to the international covenants that guarantee it as the inalienable right of every human being, the United States seeks to:

  • Promote freedom of religion and conscience throughout the world as a fundamental human right and as a source of stability for all countries;
  • Assist emerging democracies in implementing freedom of religion and conscience;
  • Assist religious and human rights NGOs in promoting religious freedom;
  • Identify and denounce regimes that are severe persecutors on the basis of religious belief.

The office carries out its mission through:

  • The Annual Report on International Religious Freedom. The report contains an introduction, executive summary, and a chapter describing the status of religious freedom in each of 195 countries throughout the world. Mandated by, and presented to, the U.S. Congress, the report is a public document available online and in book form from the U.S. Government Printing Office.
  • The designation by the Secretary of State (under authority delegated by the President) of nations guilty of particularly severe violations of religious freedom as “Countries of Particular Concern” under the International Religious Freedom Act of 1998 (H.R. 2431) and its amendment of 1999 (Public Law 106-55). Nations so designated are subject to further actions, including economic sanctions, by the United States.
  • Meetings with foreign government officials at all levels, as well as religious and human rights groups in the United States and abroad, to address problems of religious freedom.
  • Testimony before the United States Congress on issues of international religious freedom.
  • Close cooperation with the independent United States Commission on International Religious Freedom.
  • Sponsorship of reconciliation programs in disputes which divide groups along lines of religious identity. The office seeks to support NGOs that are promoting reconciliation in such disputes.
  • Programs of outreach to American religious communities.