Deep Panda, the Hacker of OPM Employee Files

Personnel records held at the Office of Personnel Management going back 35 years on people who worked for government as employees or contractors are for sale on the Darknet.

Government records stolen in a sweeping data breach that was reported last week are popping up for sale on the so-called “darknet,” according to a tech firm that monitors the private online network used by criminals and creeps throughout the world.

Credentials to log into the Office of Personnel Management are being offered just days after the announcement the agency’s records, including extremely personal information of 4.1 million federal government employees dating back to the 1980s, had been compromised, said Chris Roberts, founder and CTO of the Colorado-based OneWorldLabs (OWL), a search engine that checks the darknet daily for data that could compromise security for its corporate and government clients, including government IDs and passwords.

The FBI has identified the operation. The hackers likely used Chinese associates already inside government for access. In classified briefings to members of Congress in recent days, intelligence officials have described what appears to be a systematic Chinese effort to build databases that explain the inner workings of the United States government. The information includes friends and relatives, around the world, of diplomats, of White House officials and of officials from government agencies, like nuclear experts and trade negotiators. Read more here.

FBI Alert Reveals ‘Groups’ Behind OPM Hack

President says cyber attack threat ‘accelerating’

The FBI has disclosed that multiple hacker groups carried out the cyber attack that compromised the records of 4 million government workers in the networks of the Office of Personnel Management.

“The FBI has obtained information regarding cyber actors who have compromised and stolen sensitive business information and personally identifiable information (PII),” states a Flash alert dated June 5. “Information obtained from victims indicates that PII was a priority target.”

Security analysts familiar with the OPM breach, disclosed in a notice last week, said two groups of Chinese state-sponsored hackers appear to be behind the cyber attacks, including one linked to the Chinese military that has been dubbed “Deep Panda.”

Deep Panda is a highly sophisticated Chinese military hacker unit that has been gathering data on millions of Americans. The group was linked in the past to the hacking of the health care provider Anthem that compromised the personal data of some 80 million customers.

The FBI did not directly link its warning to the OPM hacking. But it said cyber investigators have “high confidence” about the threat posed by the cyber attackers based on its investigation into the data breach.

According to the alert, the stolen personal data “has been used in other instances to target or otherwise facilitate various malicious activities such as financial fraud though the FBI is not aware of such activity by these groups.”

The groups were not identified by name or by country.

However, the alert revealed that the software used by the hackers is called Sakula, which security analysts say was the Root Access Tool, or RAT, that was used by the Chinese in both the OPM and Anthem hacks.

Sakula software employs stolen, signed security certificates to gain unauthorized network access and analysts said the use of that technique requires cyber sophistication that is not known to be used outside of nation-state cyber forces.

The software allows remote users to gain computer network administrator access, which permits the theft of large amounts of data.

The FBI warned in the notice that any entity that discovers the Sakula malware and other signatures should seek cyber security assistance and notify the FBI.

“Any activity related to these groups detected on a network should be considered an indication of a compromise requiring extensive mitigation and contact with law enforcement,” the notice said.

The groups involved were observed “across a variety of intrusions leveraging a diverse selection of tools and techniques to attempt to gain initial access to a victim including using credentials acquired during previous intrusions.”

President Obama was asked after the G-7 summit in Germany on Tuesday about the Chinese role in the OPM cyber attacks and declined to name Beijing as the perpetrator.

“We haven’t publicly unveiled who we think may have engaged in these cyber attacks,” Obama said. “But I can tell you that we have known for a long time that there are significant vulnerabilities and that these vulnerabilities are going to accelerate as time goes by, both in systems within government and within the private sector.”

Obama said part of the problem is “very old systems” used in government computer networks.

“And we discovered this new breach in OPM precisely because we’ve initiated this process of inventorying and upgrading these old systems to address existing vulnerabilities,” he said.

“[W]e’re going to have to keep on doing it, because both state and non-state actors are sending everything they’ve got at trying to breach these systems,” the president said.

“In some cases, it’s non-state actors who are engaging in criminal activity and potential theft,” Obama said. “In the case of state actors, they’re probing for intelligence or, in some cases, trying to bring down systems in pursuit of their various foreign policy objectives. In either case, we’re going to have to be much more aggressive, much more attentive than we have been.”

The problem of cyber attacks is “going to accelerate,” he said. “And that means that we have to be as nimble, as aggressive, and as well-resourced as those who are trying to break into these systems.”

The administration has rejected calls by senior U.S. security officials to engage in more aggressive, offensive cyber retaliation against states such as China as a way to develop cyber deterrence.

The president and his advisers are said to fear that offensive cyber attacks will lead to a major conflict. Supporters of taking more aggressive responses to hacking have said demonstrations of U.S. cyber retaliatory strikes will deter future attacks.

The administration has favored using law enforcement and diplomatic policies to deal with the problem.

One private sector cyber security specialist familiar with the OPM hack said that in addition to the government’s personnel database, other major cyber attacks believed to be carried out by Chinese hackers include clandestine intrusions into the networks of a major telecommunications company and a major aviation industry firm.

The hackers’ use of several domain names in the OPM hacking also are similar to domains used by Chinese cyber attackers in the past. The domains were identified as OPMsecurity.org and opm-learning.org.

Another signature linking the OPM hack to China was the hackers’ use of a program called Mimikatz that is used to gain high-level remote access to networks.

“Mimikatz is a classic of Deep Panda” in terms of tactics, techniques, and procedures, said a security analyst familiar with details of the attack. “This allows the actors to dump password hashes, perform pass the hash and ‘golden ticket’ attacks in the victim environment.”

The private security company CrowdStrike first identified Deep Panda and has called the group among the most sophisticated state-sponsored hackers.

China’s main military intelligence service that has been linked to cyber attacks is the Third Department of the General Staff, or 3PLA, which conducts cyber warfare.

General Flynn on Iran and 450 to Al-Taqaddum Air Base

The original request for additional U.S. troops to Iraq was 1000, yet the White House authorized 450 for purposes of intelligence gathering and training as well as some ground surveillance.

al Taqaddum is 74 kilometers from Baghdad and the ultimate mission is to retake Ramadi and Fallujah. This was a Marine base comprised of The airfield is served by two runways 13,000 and 12,000 feet (3,700 m) long. that was eventually turned over to the Iraqi military in 2009.

Meanwhile, today, June 10, 2015, General Flynn gave testimony before the Joint Foreign Affairs and HASC Subcommittees on Iran’s hegemony in the region.

Retired Lt. Gen. Michael Flynn was director of the Defense Intelligence Agency until August 2014
He testified Wednesday in a congressional hearing that the administration doesn’t have ‘a permanent fix but merely a placeholder’ for the Iran crisis
Flynn said the notion that the U.S. can ‘snap back’ sanctions on Tehran if it breaks an agreement is ‘fiction’
Warned that ‘Iran’s nuclear program has significant – and not fully disclosed – military dimensions’
Obama administration has less than three weeks to finalize a nuclear agreement that would pare back Iran’s ability to build a nuclear weapon.

His full written presentation is found here. In part however, his situation report is not only chilling but demonstrates what the future predictions include.

Wishful Thinking:

In lengthy written remarks, Flynn asserted that Iran has “every intention” of building a nuclear weapon, and their desire to destroy Israel is “very real.”

“Iran has not once (not once) contributed to the greater good of the security of the region,” he said in his remarks, noting their fighters “killed or maimed thousands of Americans and Iraqis” in Iraq.

The administration is working alongside five other world powers to try and strike a nuclear deal – which would aim to curb Tehran’s nuclear program in exchange for sanctions relief – by the end of the month. But Flynn said Iran already has made it clear they will put limits on inspections, making for “incomplete verification.” Plus he said it’s “unreasonable” to believe international sanctions could be resumed once lifted.

He also echoed concerns of some other analysts in saying the “perceived acceptance” of Iran’s program will likely “touch off a dangerous domino effect in the region” as Saudi Arabia and other nations seek nuclear capability.

As for the rising threat posed by the Islamic State in Iraq and Syria, Flynn voiced concern that the U.S. is not keeping up with the crisis. He said there is “absolutely no end in sight,” and “no clear U.S. policy” for dealing with it.

 

ISIS Tactics Include Taxes and Treasures

With a multi-country coalition, air strikes, ground intelligence gathering, surveillance drones and up to 1000 more troops being deployed to Iraq, the White House has no strategy and blames the Pentagon.

The Pentagon has a division that is assigned to war-gaming and planning in all conditions across the globe that is based on human intelligence, information gathered from diplomatic staff in all embassies, use of software, estimations, locations of military assets, threats from the enemy, money, transportation, secret deals, ordnance positioning and more. The Pentagon always has several strategies that are current and nimble that require dynamic alterations as even minor conditions change. For Obama to blame the Pentagon is childish and misguided.

Despite nine months and $2.44 billion in U.S. airstrikes against the fighters and their oil facilities and smuggling networks, the self-proclaimed Islamic State has proven to be as resilient financially as it’s been militarily.

The group that President Barack Obama dismissed in January 2014 as a junior varsity team last year seized an estimated $675 million from banks, plus $145 million in oil sales and ransom payments and tens of millions more from other commercial enterprises, looting and extortion, according to U.S. Treasury and United Nations figures.

“This isn’t your average terrorist group operating from your average safe haven,” said Juan Zarate, a former assistant secretary of Treasury for terrorist financing and financial crimes who spent years targeting al-Qaeda funding. “They have access to oil in Iraq and Syria; access to major population centers; access to banks, antiquities and smuggling groups — all of that allows them to be more agile and have access to more capital and resources than your average terrorist group.”

“The truth is nobody really knows how much they’re making now,” said Daveed Gartenstein-Ross, a senior fellow at the Foundation for Defense of Democracies. “The U.S. government is getting closer to pegging the group’s finances because of things like last month’s raid in eastern Syria. But no one knows how much they’re getting versus their spending.”

Islamic State “is in some ways a proto-state, in some ways a terrorist organization, in some ways an insurgency and in some ways a transnational criminal group,” he said. Like drug cartels in Colombia and Mexico and al-Qaeda offshoots in Somalia, northern Mali and Yemen, the group is extorting taxes, plundering local resources and taking a cut of commercial enterprises, he said. Read much more detail here.

ISIS has published their objectives on the internet for the world to see and yet operates with unhindered. ISIS is fully functional in an estimated 12 countries while the Obama administration is in neutral to lead the coalition in both offensive and defensive measures. The impact of the coalition is inert.

Egypt, a country working to recover from a power revolution is at particular risk.

From Oren Kessler in part: Egypt’s once-foundering economy is slowly rising from the abyss. President Abdel-Fattah al-Sisi has cut costly fuel and food subsidies, cut red tape on investments, instructed the Central Bank to tackle the black market in foreign currencies and vowed to bring unemployment under 10 percent.

His efforts are beginning to bear fruit. In May, the ratings agency Standard & Poor’s revised Egypt’s country outlook from stable to positive, predicting real GDP growth over the next three years of 4.3 percent – double the average of the four years since the revolution. Meanwhile, the government’s suspension of the capital gains tax sent stocks soaring 6.5 percent in a single day.

Still, no economic turnaround will be complete without a recovery in tourism. The U.S. State Department currently urges citizens to exercise caution in traveling to the country, and advises against any non-essential travel in Sinai, where an insurgency by Islamic State-linked militants has raged since the military ouster of Muslim Brotherhood president Mohamed Morsi in July 2013. At the same time, shadowy pro-Brotherhood groups calling themselves Ajnad Misr (“Soldiers of Egypt”) and the “Popular Resistance Movement” are increasingly targeting the populous mainland, including Cairo, Alexandria and the cities of the Nile Delta. The government accuses the now-banned Brotherhood of responsibility for virtually every attack, but the extent to which the group is actually orchestrating the violence remains unclear.

What is clear is that continued terrorism, particularly against tourists, has the capacity to set back the fragile gains Cairo has made in restoring stability and reviving its economy. For Egypt, persuading visitors to come soak up the country’s sights and sun will require convincing them beyond a reasonable doubt that traveling to the land of the Pharaohs will not be a one-way ticket. More detail here.

Explaining Relations with Cuba, Prisoners and Debt

Repaying $15 billion in debt default:

The Cuban government has agreed that it owes $15 billion to the exclusive group of nations known as the Paris Club, after Cuba declared itself in default in 1986, according to a report from Reuters quoting diplomatic sources.

The figure agreed to includes principal, service charges, interest and fines that Cuba owes 16 Paris Club nations from its 1986 default, Reuters reported on Monday. However, it does not include compensation fees levied by the United States for private properties confiscated by the Cuban government since 1959.

The Paris Club is an informal group of creditor governments and institutions composed of 20 permanent member countries: Australia, Austria, Belgium, Canada, Denmark, Finland, France, Germany, Ireland, Israel, Italy, Japan, the Netherlands, Norway, Russia, Spain, Sweden, Switzerland, United Kingdom and the United States.

The agreement reached with the Paris Club advances negotiations on the terms of payment, the first since negotiations failed in 2001, in part due to a $35 billion debt owed to the former Soviet Union, Cuba’s primary benefactor before its collapse in 1991. In July, President Vladimir Putin agreed to forgive nearly all of that debt and pledged to reinvest payments made by the Cuban government toward development projects on the island.

“This agreement is another sign of the political will of the Cuban government to rejoin a reasonable credit system at the normal level of the world economy, in accordance with the norms of international financial standards,” said José Oro, director of research division of Cuba at Thomas J. Herzfeld Advisors Inc. investment firm in Miami Beach.  Read more here.

Criminal illegals that Cuba wont take back:

Havana won’t take them back

Hundreds with ‘Zadvydas cases’ refused by their home countries

Hundreds of Cuban criminals are released onto the streets of the U.S. every year because that nation won’t take them back — even though the Obama administration is trying to broker a more open relationship with the communist island nation.

It’s a quirk of immigration law known as “Zadvydas cases,” after a 2001 Supreme Court ruling that said the government cannot detain immigrants indefinitely if their home countries won’t take them back.

Cuba, China and Vietnam regularly top the list, but even some countries that are supposed to be closer partners, such as Guatemala, El Salvador and Honduras, are refusing to quickly accept some of their citizens whom the U.S. is trying to deport.

Cuba refused to take back 878 criminals last year and rejected nearly 400 through the first eight months of the current fiscal year, according to statistics that U.S. Immigration and Customs Enforcement provided to the House Judiciary Committee. Vietnam is second, having refused 331 criminals in 2014, though it has rejected the return of only 44 criminals so far this year.

All told, the government released 2,457 criminals and 461 non-criminal illegal immigrants onto the streets last year because of the Zadvydas strictures, ICE said. This year, the totals through May 9 were 1,107 criminals and 344 noncriminals.

“The Zadvydas problem is an urgent one, considering that a large percentage of the most serious criminal alien releases are Zadvydas,” said Jessica Vaughan, policy studies director at the Center for Immigration Studies. “Given the obvious public safety risks, the administration should be more aggressive in seeking a solution or in using the tools available to them.”

In the Zadvydas ruling, the Supreme Court said immigration detention cannot extend beyond six months unless there is a compelling national security or public safety interest. If home countries won’t cooperate in taking back their citizens, the U.S. government must release them.

Republicans in Congress have proposed a number of fixes and have pushed for tools such as withholding visas from countries that refuse to accept their scofflaws, but the George W. Bush and Obama administrations have been reluctant to take those steps.

The issue is even more acute given that Cuba is the biggest offender and President Obama is trying to normalize relations with that nation. Analysts said it would be the perfect time to raise the issue of Zadvydas refusals.

The State Department didn’t respond to multiple requests for comment, but there is no indication that it has raised the issue as part of the talks.

Ms. Vaughan said that is a missed opportunity.

“It’s the best chance in decades to push Cuba to be more cooperative,” she said.

Beyond Cuba, the government faces problems returning citizens to a number of countries. Twelve nations refused the return of at least 70 of their citizens in 2014, including a number of countries that received generous U.S. aid.

One of those, Liberia, refused 85 criminals’ return, even as the U.S. was providing extensive help to combat an Ebola outbreak.

Three other Central American countries are poised to receive hundreds of millions of dollars in aid among them to try to stem a surge of their citizens entering the U.S. illegally for life in the shadows.  Read more here.

Among them, Guatemala, Honduras and El Salvador refused 127 criminals and 145 noncriminals in 2014.

The Guatemalan and Honduran embassies didn’t respond to repeated messages requesting comment, but El Salvador’s embassy in Washington said it does what it can while guaranteeing that its citizens go through legal due process.

“We want to make clear that there’s no policy that allows refusing deportations. On the contrary, our consulates give assistance to all Salvadoran prisoners in the United States seeking to facilitate their return to the country, where many of them won’t be in prison,” said Ana Virginia Guardado, an embassy spokeswoman.

She said her country refused return in cases in which the individuals rejected El Salvador’s consular help. She said El Salvador is still working on those cases and that individuals will be given travel documents allowing their deportation once they have exhausted all of their legal avenues in the U.S.

She said El Salvador has worked to accept nearly 8,000 deportees so far this year.

ICE said the Central American countries provide good cooperation and that the relationships have grown stronger with the surge of illegal immigrant children in the U.S. that peaked last summer.

“Through relationship-building, consular pilot programs and regular engagement, timely issuance of travel documents has risen, as has the host governments’ willingness and capacity to accept an increased amount of ICE air charter flights,” spokeswoman Sarah Rodriguez said.

Ms. Rodriguez said the number of refusals from the Central American countries is low compared with the total number of deportations. El Salvador’s 2014 refusal rate was less than half of a percent of the total number who were accepted back.

She said the cases that are refused often have special circumstances that make them tougher to complete. Even after they are released, however, the Zadvydas cases are still in the system and ICE is still working to deport them as soon as possible.

 

Relying on the U.S. for an Iraq Strategy is Suicidal

The US does not yet have a “complete strategy” for helping Iraq regain territory from Islamic State (IS), President Barack Obama has said.

He said the Pentagon was reviewing ways to help Iraq train and equip its forces.

Mr Obama also said a full commitment to the process was needed by the Iraqis themselves. Much more here.

Meanwhile, Qatar and Saudi Arabia are blaming the White House for the fall of Ramadi. In May 2015, despite airstrikes by the U.S.-led international coalition, the Islamic State (ISIS) won another strategic victory when it captured the city of Al-Ramadi, the capital of Al-Anbar governorate, which is home to a Sunni majority. Articles in Saudi Arabia and Qatar, which are both members of the anti-ISIS coalition, expressed fear and concern regarding the fall of Al-Ramadi and ISIS’s advance towards the Saudi and Jordanian borders.

‘Al-Quds Al-Arabi’: The Fall Of Al-Ramadi Has Proven That Continuing To Rely On The U.S. Is Suicidal  and Former ‘Al-Sharq Al-Awsat’ Editor: U.S. Has Given Iran Free Reign In Iraq

Iran is taking over Assad’s fight in crucial parts of Syria

Iranian commanders overseeing the Assad regime’s fighting efforts on the frontlines south of Idlib have reportedly executed three Syrian army officers.

London-based Al-Quds al-Arabi said that the three officers were Sunnis who were among the regime troops that withdrew from the Mahmbel and Bsanqoul checkpoints following rebel advances in the southern Idlib province area on Saturday.

The three officers, who were also accompanied by several soldiers, were accused deserting their duty and “betraying the homeland,” the daily reported Sunday.

According to the report, none of the other Syrian officers or soldiers present at the time were able to prevent the execution as “officers responsible for military operations in the Jourin area are under the command of Iranian officers.”

A Free Syrian Army (FSA) commander told the paper that “the regime has handed over the operations room to Iranian officers and leadership.”

“The recent execution has caused a state of fear and terror among remaining regime troops,” the FSA commander added, saying he expected “more defections and more field executions.”

syria map

There are still Sunni soldiers and officers bearing arms in the ranks of the regime’s army who will receive humiliating treatment during the coming period.”

Activists in the Latakia region also spoke to the paper about the impact the Iranian takeover of the operations room has had on morale among regime troops.

“Morale is very low among regime soldiers; in fact, it has become non-existent since the Iranian officers took over the operations room,” according to an activist identifying himself as Abu Said.

“Syrian officers, among them Alawites, have become secondary members, whose tasks can sometimes be reduced to handing out tea and coffee.”

Iran Navy commanderREUTERS/Fars News/Hamed JafarnejadIranian officers have imposed strict rule in the Syrian army, and morale is suffering.

Iranian command

The reported handover of power to Iranian officers follows the visit Revolutionary Guards Quds Force commander Qassem Soleimani paid to the Jourin area in late

May, after which he announced that a “surprise” was in the works in Syria.

The Iraqi Kurdish Bas News outlet on Monday reported that major command changes have been conducted on the Latakia-Hama-Idlib front following Soleimani’s trip.

A Hama-based media activist said that the Syrian regime’s chief of operations in the area, General Jamal Younis, had been removed from his post and replaced by an Iranian general known only by his moniker Iffari, who set up his headquarters in Jourin.

Sarmad Khalil, an activist and member of the Hama Media Center, said in press statements that the IRGC’s military operations command is located in Hama Airbase.

Rebel-IRGC lines stretch from military checkpoints in the town of Maharda, north of Hama, through the towns of Helfaya, Tel al-Nasiriyah and Rohbet Khattab to Taybet al-Imam and the international highway connecting the Hama and Aleppo provinces, according to the activist.

The IRGC has also established a military base on Zein al-Abideen Mountain north of Hama city, Khalil said.

A top pro-Assad daily in Lebanon said last week that Iran has deployed troops into northwest Syria in preparation for a counterattack in Idlib.

“During the last [few] days, and through a joint Syrian-Iranian-Iraqi decision, more than 20,000 Iranian, Iraqi, and Lebanese fighters have poured into the area,” As-Safir reported in a dramatic article published Tuesday.

ISIS Islamic State Iraq Syria controlReuters

The report said that the new troops had been sent to the regime’s front lines in the northern Hama province village of Jourin and areas in the southern part of the Idlib province, which rebels seized last week following months of sweeping advances.

AFP later reported that thousands of Iraqi and Iranian fighters have been deployed to Syria in a bid to secure the capital and recapture the Idlib province’s Jisr al-Shughur, which lies on a highway leading into the regime’s coastal stronghold of Latakia.

Read more: https://now.mmedia.me/lb/en/NewsReports/565401-iran-commanders-reportedly-execute-syrian-officers#ixzz3cUExiwsZ