Category Archives: Gangs and Crimes

Iran Behind the Bombing of the Jews in Argentina

Posted on by

In Secret Recordings, Former Argentine FM Admits Iran Behind Massive 1994 Terror Attack

TheTower: Former Argentine Foreign Minister Héctor Timerman knew that Iran was responsible for the 1994 bombing of the AMIA Jewish center in Buenos Aires even as he negotiated with the regime in Tehran, secretly-recorded telephone conversations released on Friday reveal.

The previously unknown recordings of conversations between Timerman and leaders of the Argentine Jewish community confirm what has long been suspected. While negotiating the infamous “Memorandum of Understanding” in 2013 aimed at setting up a joint commission with Iran to supposedly investigate the bombing, Timerman had no doubt that Tehran was behind the atrocity that claimed the lives of 85 people and injured hundreds more.

The conversations took place in 2012. In the first recording, Timerman is speaking with Guillermo Borger, the then president of the AMIA Jewish community organization. He attempts to persuade Borger to support the negotiations with Iran that would in due course lead to the signing of the Memorandum.

Borger: We don’t regard Iran as valid [as a negotiating partner].

Timerman: And who do you want me to negotiate with, Switzerland?

Borger: I will just say that Iran lies, is not credible and denies the Holocaust.

Timerman: But we don’t have anyone else to negotiate with […] Well, tell me who you want me to negotiate with?

Borger: I understand, I wish there was someone else to negotiate with.

Timerman: If there was someone else, they [the Iranians] wouldn’t have planted the bomb. So we are back to the beginning. Do you have someone else for me to negotiate with?

The second conversation is between Timerman and José Scaliter, the Vice President of the AMIA at the time:

Timerman: Eighteen years ago they [the Iranians] planted the bomb. You don’t tell me who I should negotiate with, you tell me who I shouldn’t negotiate with. What a smartass you are, so who do you want me to negotiate with?

Scaliter: The Prosecutor [Alberto Nisman, found dead in suspicious circumstances in January 2015] working on this case, who wasn’t appointed by us, carried out a serious and important investigation and says Iran did it.

Timerman: Great! Fantastic! So how do you want me to bring them [the Iranian fugitives to Argentina]. You never know what should be done.

It’s not clear who made the recordings or why they were leaked just now. Timerman himself just made a sudden reappearance on Twitter to complain that they were made in secret by Borger and that indeed seems the likeliest explanation. (Timerman did not, notably, claim that the recordings were fake, or that they distorted his views.) By the sound of the recordings, it seems that Borger and Scaliter simply put Timerman on the speaker in their office and recorded the conversations without mentioning that they were doing so.

Considering the track record of the previous government of President Cristina Fernández de Kirchner, whom Timerman served, in publicly hounding those who crossed it, Borger and Scaliter may have wished to have a guarantee that their conversation was recorded faithfully. The recent election of Mauricio Macri as President, a completely unexpected outcome for Fernández de Kirchner and her allies, may have emboldened the AMIA leaders to leak the recordings now.

There may be others with secrets to reveal, now that they can do so without harassment from Fernández de Kirchner’s government. The mother of Alberto Nisman, the late federal prosecutor investigating the AMIA bombing, told a journalist in recent days that she has a digital copy of “all” of her son’s formal complaint against Timerman and Fernández de Kirchner over their deal with Iran, along with “all” the evidence he collected to support it.

It’s not clear whether Nisman, who was found dead in January 2015 hours before he was to present his complaint, would have had access to the recordings. As Scaliter pointed out in his conversation with Timerman, Nisman was working for the government and not AMIA, and in any case had access to other sources of information about the negotiations with Iran.

The revelation of these recordings confirms Nisman’s thesis that the Memorandum was a sham, designed to protect those guilty of the AMIA Massacre. The Argentine government, despite knowing that Iran’s responsibility was beyond doubt, agreed to let the murderers “investigate” themselves through an Orwellian “Truth Commission,” and led Iran to believe that simply signing the Memorandum would lead to Interpol dropping the arrest warrants against its citizens, which seems to have been Tehran’s initial if not principal motivation in negotiating the pact. As a result, trade relations between the two countries would flourish, allowing enormous sums to be made by Argentine officials in state-body-to-state-body deals free from market pressures or scrutiny, the preferred kirchnerista business model. Elsewhere on the recordings, Timerman speaks of the negotiations being a “great opportunity for Argentina.” It’s not difficult to imagine what kind of opportunity he had in mind and which Argentines he thought might benefit.

Every word spoken by the former Argentine government and its supporters in defense of the Memorandum has now been proven to be a lie – not that there was ever much doubt about that. As soon as her husband and predecessor Nestor Kirchner died in October 2010, Cristina Fernández de Kirchner could not wait to launch negotiations with Iran, hoping to bury the AMIA issue once and for all.

And the worst of it is that none of this should come as a shock. Shortly after Timerman’s appointment as Foreign Minister in 2010, I wrote this satire on his complaisant attitude to the Iranians on a blog sponsored by the American Jewish Committee. Looking back, it’s clear that Cristina Fernández de Kirchner’s handling of the AMIA case was, in fact, far worse than I imagined it was going to be. Deeper details on the Iranian mission to kill Jews in Argentina.

Forget the EMP, It’s the Hack, You’re at Risk

Posted on by

Iranian hackers infiltrated computers of small dam in NY

WASHINGTON (Reuters) – Iranian hackers breached the control system of a dam near New York City in 2013, an infiltration that raised concerns about the security of the country’s infrastructure, the Wall Street Journal reported on Monday, citing former and current U.S. officials.

Two people familiar with the breach told the newspaper it occurred at the Bowman Avenue Dam in Rye, New York. The small structure about 20 miles from New York City is used for flood control.

The hackers gained access to the dam through a cellular modem, the Journal said, citing an unclassified Department of Homeland Security summary of the incident that did not specify the type of infrastructure.

The dam is a 20-foot-tall concrete slab across Blind Brook, about five miles from Long Island Sound.

“It’s very, very small,” Rye City Manager Marcus Serrano told the newspaper. He said FBI agents visited in 2013 to ask the city’s information-technology manager about a hacking incident.

The dam breach was difficult to pin down, and federal investigators at first thought the target was a much larger dam in Oregon, the Journal said.

The breach came as hackers linked to the Iranian government were attacking U.S. bank websites after American spies damaged an Iranian nuclear facility with the Stuxnet computer worm.

It illustrated concerns about many of the old computers controlling industrial systems, and the White House was notified of the infiltration, the Journal said.

The newspaper said the United States had more than 57,000 industrial control systems connected to the Internet, citing Shodan, a search engine that catalogs each machine.

Homeland Security spokesman S.Y. Lee would not confirm the breach to Reuters. He said the department’s 24-hour cybersecurity information-sharing hub and an emergency response team coordinate responses to threats to and vulnerabilities in critical infrastructure.

***

Cant Sleep, You are at Risk

In part from Wired: If you want to keep yourself up at night, spend some time reading about the latest developments in cybersecurity. Airplanes hacked, cars hacked, vulnerabilities in a breathtaking range of sensitive equipment from TSA locks to voting booths to medical devices.

The big picture is even scarier. Former NSA Director Mike McConnell suspects China has hacked “every major corporation” in the US. Edward Snowden’s NSA leaks revealed the US government has its own national and international hacking to account for. And the Ponemon Institute says 110 million Americans saw their identities compromised in 2014. That’s one in two American adults.

The system is broken. It isn’t keeping us, our companies, or our government safe. Worse yet, no one seems to know how to fix it.

How Did We Get Here?

One deceptive truth seems to drive much of the cybersecurity industry down a rabbit hole: If you keep bad actors and bad software out of your system, you have nothing to worry about.

Malicious actors target “endpoints”—any device or sensor connected to a network—to break into that network. Network security seeks to protect those endpoints with firewalls, certificates, passwords, and the like, creating a secure perimeter to keep the whole system safe.

This wasn’t difficult in the early days of the Internet and online threats. But today, most private networks have far too many endpoints to properly secure. In an age of “Bring Your Own Device,” the cloud, remote access, and the Internet of Things, there are too many vulnerabilities hackers can exploit. As Ajay Arora, CEO of file security company Vera, notes, there is no perimeter anymore. It’s a dream of the past.

But the security paradigm remains focused on perimeter defense because, frankly, no one knows what else to do. To address threats, security experts should assume compromise – that hackers and malware already have breached their defenses, or soon will – and instead classify and mitigate threats.

The CIA Triad

The information security community has a model to assess and respond to threats, at least as a starting point. It breaks information security into three essential components: confidentiality, integrity, and availability.

Confidentiality means protecting and keeping your secrets. Espionage and data theft are threats to confidentiality.

Availability means keeping your services running, and giving administrators access to key networks and controls. Denial of service and data deletion attacks threaten availability.

Integrity means assessing whether the software and critical data within your networks and systems are compromised with malicious or unauthorized code or bugs. Viruses and malware compromise the integrity of the systems they infect.

The Biggest Threat

Of these, integrity is the least understood and most nebulous. And what many people don’t realize is it’s the greatest threat to businesses and governments today.

Meanwhile, the cybersecurity industry remains overwhelmingly focused on confidentiality. Its mantra is “encrypt everything.” This is noble, and essential to good security. But without integrity protection, the keys that protect encrypted data are themselves vulnerable to malicious alteration. This is true even of authenticated encryption algorithms like AES-GCM.

In the bigger picture, as cybercrime evolves, it will become clear that loss of integrity is a bigger danger than loss of confidentiality. One merely has to compare different kinds of breaches to see the truth of this:

A confidentiality breach in your car means someone learns your driving habits. An integrity breach means they could take over your brakes. In a power grid, a confidentiality breach exposes system operating information. An integrity breach would compromise critical systems, risking failure or shutdown. And a confidentiality breach in the military would mean hackers could obtain data about sensitive systems. If they made an integrity beach, they could gain control over these weapons systems. Full details and actions you can take to protect yourself, go here.

FBI Prevented from Using Open Source?

Posted on by

‘ISIS Supporters’ Twitter Accounts Traced To UK Government Department’: Report

NDTV: London:  Hackers in Britain have claimed that a number of ISIS supporters’ social media accounts are being run from internet addresses linked to the UK government’s Department for Work and Pensions (DWP).

A group of four young computer experts, who call themselves VandaSec, have unearthed evidence indicating that at least three ISIS-supporting accounts can be traced back to the DWP’s London offices, the ‘Daily Mirror’ reported.

Every computer and mobile phone logs onto the internet using an IP address, which is a type of identification number. The hacking collective showed the newspaper details of the IP addresses used by three separate so-called “digital jihadis” to access Twitter accounts, which were then used to carry out online recruitment and propaganda campaigns.

At first glance, the IP addresses seem to be based in Saudi Arabia, but upon further inspection using specialist tools they appeared to link back to the DWP.

The newspaper learned that the British government had sold on a large number of IP addresses to two Saudi Arabian firms.

After the sale completed in October of this year, they were used by extremists to spread their message of hate.

A Cabinet Office spokesperson said: “The government owns millions of unused IP addresses which we are selling to get a good return for hardworking taxpayers.

“We have sold a number of these addresses to telecoms companies both in the UK and internationally to allow their customers to connect to the internet. We think carefully about which companies we sell addresses to, but how their customers use this internet connection is beyond our control.”

The UK government has not revealed how much money it has made from the sale of IP addresses.

Now we have learned that DHS has an edit to not use social media or open source for reasons of profiling, which likely has handicapped the FBI from sourcing and connecting intelligence when it comes to cultivating data on would-be jihadists.

Jihadists are making their plans public. Why hasn’t the FBI caught on?

Each week, In Theory takes on a big idea in the news and explores it from a range of perspectives. This week we’re talking about Internet encryption. Need a primer? Catch up here.

WaPo: Rita Katz is the director of the SITE Intelligence Group and has spent nearly two decades tracking, studying and reporting on jihadists. She has testified before Congress and in terrorism trials, briefed the White House, and is the author of the book “Terrorist Hunter: The Extraordinary Story of a Woman who Went Undercover to Infiltrate the Radical Islamic Groups Operating in America.”

Following the terrorist attacks in Paris and San Bernardino, Calif., FBI Director James Comey revealed to the Senate Judiciary Committee that one of the two Islamic State-inspired shooters in the May 3 attack in Garland, Tex., “exchanged 109 messages with an overseas terrorist” the morning of the attack. He followed up by saying that the FBI was unable to read those messages. His implication? Better regulation of message-disguising encryption technology could have revealed the shooters’ plans earlier and could help prevent attacks.

However, regulation of encryption is unlikely to provide the government with the counterterrorism benefit it says it will.  Jihadists’ main tool for planning and executing attacks in recent years has been social media — to which the government has full access — not encrypted messaging. In addition, regulation of one messaging technology will lead to immediate adaptation and the creation of ways to circumvent it.

In recent years, smartphones and social media have enabled users from around the world to communicate easily, safely and free of charge. Programs facilitating such communications sprouted, and jihadists — the Islamic State in particular — quickly adopted them as their main means of communication. For over three years, Twitter has been the Islamic State’s most important platform. High-level operatives within the group have used Twitter’s unencrypted direct messaging to recruit, give instructions for donating and plan attacks. Jihadists even rely on Twitter to promote their channels on other platforms, such as Telegram, which supporters would otherwise have difficulty finding.

Jihadists’ presence on social media has also spread the Islamic State around the world, with people of all ages, sexes and ethnicities leaving their families and friends to join the group. Social media use has been linked to executed and attempted lone-wolf attacks in the United StatesCanadaAustraliaFranceDenmark and other Western nations.

The Garland, Tex., shooting — the only example Comey used  as an impetus to regulate encrypted technology — in fact makes the opposite point. Attacker Elton Simpson, who was under previous FBI terror-related investigations, used Twitter to openly follow and communicate with high-profile terrorists. His account was followed by prominent English-speaking Islamic State fighters and recruiters Abu Rahin Aziz and Junaid Hussain — both of whom for a long time were known to provide manuals on how to carry out lone-wolf attacks from Raqqa, Syria, before they were killed. Simpson also followed and communicated with Mohamed Abdullahi Hassan, a known American jihadist in Somalia who pledged allegiance to the Islamic State.

Relatedly, the incitement for the Texas shooting came from Hassan’s 31st Twitter account. Simpson, a friend and follower of Hassan, retweeted the call and later requested that Hassan send him a direct message. We at SITE, using only open-source information, reported on the call before the attack took place, and the FBI had a week to investigate the matter before the shooting. Though only nine Twitter users retweeted the call for attack, the FBI failed to prevent it.

The encrypted messages Comey mentioned before the Judiciary Committee were discovered by the FBI only after the attack took place, but Simpson’s open-source communication was available far in advance. There is in fact no evidence that this or any of these other lone-wolf attacks could have been prevented by regulation of encryption technology.

In stark contrast, a proper, targeted open-source investigation could have. Yet the FBI is reluctant to recognize open-source as an important — arguably the most important — tool to track jihadists online.

It’s also important to note that jihadists are very quick to adapt online. In the past year alone, the Islamic State and al-Qaeda fighters have moved quickly from WhatsApp to Kik, Wickr, Surespot, then to Telegram – all different encryption programs created to give smartphone users safe and free text messaging available across multiple devices.  Jihadists are constantly ranking, debating and explaining which of the services is the safest and most effective. Regulation of these programs will take jihadists next to no time to circumvent; the U.S. government would be the one taking years to catch up. And even if successful, they may be able to regulate companies based in the United States, but such programs would appear everywhere else, from Russia to India to China

SITE’s leadership and continued success do not stem from access to secret databases. Our research, investigations and reporting are based on open-source information — social media, forums, websites, blogs, IP addresses — which can be immensely powerful if used wisely. Government agencies, however, seem blind to this bountiful intelligence resource, and too often rely solely on classified documents and back-end access to websites.

Rather than try to create backdoors to encrypted communication services, or use the lack thereof as an excuse to intelligence failures, the U.S. government must first know how to utilize the mass amount of data it has been collecting and to improve its monitoring of jihadist activity online. A focused approach of this sort is much more likely to lead to success in the war on terrorism.

 

Russian Cyber Attacks on America

Posted on by

Russian cybersecurity intelligence targets critical U.S. infrastructure

By Bill Gertz

U.S. intelligence agencies recently identified a Russian cybersecurity firm, which has expertise in testing the network vulnerabilities of the electrical grid, financial markets and other critical infrastructure, as having close ties to Moscow’s Federal Security Service, the civilian intelligence service.

The relationship between the company and the FSB, as the spy agency is known, has heightened fears among U.S. cyberintelligence officials that Moscow is stepping up covert efforts to infiltrate computer networks that control critical U.S. infrastructure such as oil and gas pipelines and transportation.

The effort appears to be part of FSB and Russian military cyberwarfare reconnaissance targeting, something the Pentagon calls preparation of the battlefield for future cyberattacks. The Russian company is taking steps to open a U.S. branch office as part of the intelligence-gathering, said officials familiar with reports of the effort who spoke on background.

Officials familiar with reports about the company did not identify it by name. However, security officials are quietly alerting government security officials and industry cybersecurity chiefs about the Russian firm and its covert plans for operations in the United States.

The Russian firm is said to have extensive technical experience in security vulnerabilities of supervisory control and data acquisition systems that are used to remotely control critical infrastructure.

These systems are employed by both government and private-sector system controllers for equipment running water treatment and distribution, wastewater collection and treatment, oil and gas pipelines, electrical power grids, wind farms and large communication systems.
In September, Director of National Intelligence James R. Clapper told Congress that Russian hackers have penetrated U.S. industrial control networks operating critical infrastructure. The objective of the hackers is to develop the capability to remotely access the control systems that “might be quickly exploited for disruption if an adversary’s intent became hostile,” Mr. Clapper said.

“Unknown Russian actors successfully compromised the product-supply chains of at least three [industrial control system] vendors so that customers downloaded malicious software designed to facilitate exploitation directly from the vendors’ websites along with legitimate software updates,” Mr. Clapper stated in Sept. 10 testimony to the House Permanent Select Committee on Intelligence.

Russian hackers also were linked to cyberpenetrations of U.S. industrial control networks used for water and energy systems in 2014.

The Russian connection was identified through the use of malware called BlackEnergy that has been linked to Russian government cyberoperations dubbed Sandworm by security researchers.

Mr. Clapper also testified that the Russian Defense Ministry has created a military cybercommand for offensive attacks. Additionally, the Russian military is setting up a specialized branch for computer network attacks.
RUSSIAN GENERAL ISSUES THREAT

Gen. Valery Gerasimov, chief of the General Staff of the Armed Forces of Russia, told foreign military attaches in Moscow on Monday that increased military activities by NATO and the development of global missile defenses were “creating a threat of new conflicts and escalation of existent conflicts,” the official Interfax news agency reported.

“The NATO military policy unfriendly towards Russia is a source of concern,” Gen. Gerasimov said. “The alliance continues to expand its military presence and is stepping up the activity of the bloc’s armed forces along the perimeter of borders of the Russian Federation.”

Because of the deployment of a global missile defense network and the development of new means of armed struggle, including hypersonic weapons, “the problem of upsetting the existent strategic balance of force has been growing,” said the general, referring to high-speed strike weapons.
The Pentagon is developing a conventional rapid-attack capability called “prompt global strike,” which can target any spot on Earth in 30 minutes.

Russia has stepped up nuclear threats against the United States and NATO in response to deployment of missile defenses in Europe.

In recent months, Russian President Vladimir Putin has issued an unprecedented number of threats to use nuclear weapons, most notably after the Russian military annexation of Ukraine’s Crimea last year. On Dec. 11, Mr. Putin said he hoped nuclear weapons would not be needed during operations in Syria.

“Particular attention must be paid to the consolidation of the combat potential of the strategic nuclear forces and the execution of space-based defense programs,” Mr. Putin was quoted as saying at the meeting with his defense chiefs. “We need, as our plans specify, to equip all components of the nuclear triad with new arms.”

Lt. Gen. Ben Hodges, commander of U.S. Army forces in Europe, told reporters last week that Russian nuclear threats are troubling in the current security environment.

“The way that senior Russian officials have talked about Denmark as a nuclear target, Sweden as a nuclear target, Romania as a nuclear target, sort of an irresponsible use of the nuclear word, if you will, you can understand why our allies on the eastern flank of NATO — particularly in the Baltic region — are nervous, are uneasy,” Gen. Hodges said.

Additionally, the Russian military has conducted “large snap exercises without announcement,” which also has increased fears of a Moscow threat, he said.

***

Since the FSB (KGB) company is un-named could it be: (RecordedFuture)

What is SORM?

Russia’s SORM (Система Оперативно-Розыскных Мероприятий, literally “System for Operative Investigative Activities”) is a lawful intercept system operated by the Federal Security Service (or FSB – the Russian successor to the KGB).

Russia SORM Timeline

SORM came to light recently during the Sochi Olympic Games where reports claimed that “all communications” were monitored. SORM differs from the US lawful intercept system, as once the FSB receives approval for access to a target’s communications they are able to unilaterally tap into the system without provider awareness.

Further, SORM is also lawfully used to target opposition parties within Russia. According to the World Policy Institute, on November 12, 2012, Russia’s Supreme Court upheld the right of authorities to eavesdrop on the opposition.

  • SORM-1 intercepts telephone traffic (including both landline (analog) and mobile networks).
  • SORM-2 targets internet traffic (including VoIP calls).
  • SORM-3 has the ability to target all forms of communication providing long-term storage of all information and data on subscribers, including actual recordings and locations.

Former Soviet States (Kazakhstan, Belarus, Uzbekistan and Ukraine) have installed SORM-standard equipment. According to research by Wired Magazine, Ukraine’s SORM is more advanced as the SBU (Ukraine’s Security Service) has the ability to interrupt a target’s communications.

In April 2011, Iskratel – which provides Ukraine’s sole telephone company Ukrtelekom with broadband equipment – announced its SORM device was tested successfully under the new requirements and had been approved by the SBU.

Analyzing SORM manufacturers within Recorded Future identified equipment suppliers including Juniper Networks (US), Cisco Systems (US), Huawei (China) and Alcatel-Lucent (France).

 

Introducing the New Terror Alert System

Posted on by

From the White House in 2011:

Homeland Security Secretary Janet Napolitano announces the launch of the new National Terrorism Advisory System, which will replace the old color-coded system with more detailed and more complete information for your safety. (Summary from the White House here)
Only 5 years later:

Feds Tweak Terror Alert System

The new “bulletin” alerts will describe developments and trends in “persistent and ongoing threats”

Time: Federal officials will begin issuing “bulletins” describing non-specific and ongoing terrorist threats to the U.S., according to a senior official at the Department of Homeland Security who spoke to the press Tuesday night

The idea is that these bulletins will add a third, more general threat level to the federal government’s current terror warning system, which the official said did not provide enough “flexibility.”

NTAS Guide in .pdf

The current National Terrorism Advisory System (NTAS) currently has only two levels. An “elevated” alert flags a credible terrorist threat to the U.S. and an “imminent” alert flags a “credible, specific, and impending” threat to the U.S., the official explained. Neither advisory has been used since the system was launched in 2011.

The new, “bulletin” alert level, which goes into effect Wednesday, will describe “current developments and trends” regarding “persistent and ongoing threats” to the U.S. or the American people, the official said. In some cases, a bulletin might include a description of the threat, what federal agencies are doing to address it, and what the American people can do to keep their families and communities safe.

“The secretary believes that he needs a more flexible way of communicating threats to the American people and will put in a third level of advisory, known as the bulletin,” the official said during a media phone call in which he spoke on background.

“We have witnessed constantly evolving threats across the world, from Garland to the streets of Paris, to San Bernardino,” he added. “We have also heard repeated calls from ISIL against our citizens, our military and our law enforcement personnel. In light of these persistent activities, the secretary thought it necessary to… share more information with our fellow citizens.”

The Homeland Security Department and other government agencies have been reviewing NTAS for the last nine months, the official said. The addition of the bulletin is not a direct response to any recent terrorist activity.

In 2011, former Homeland Security Secretary Janet Napolitano launched NTAS to replace the older, five-tiered, color-coded terror warning system created after the Sept. 11 attacks. The color-coded system was criticized for its vagueness, for never dropping below yellow, signifying “significant risk,” and for requiring that the alert color be reported, via automated recordings, at airports and other public spaces. It was widely mocked by comedians and political satirists.

NTAS was designed in 2010 to be more specific. Both “elevated” and “imminent” alert levels would include information about which geographic region, mode of transportation, or type of infrastructure is under threat. Both alert levels also include an expiration date, after which time the alert expires. The new bulletin alerts will be ongoing.