Foreign Spies on our College Campuses

International Espionage on Campus

Bishop/CB: The idyllic American university campus conjures the image of a safe and open academic environment where students spend four or more years learning new ideas and preparing for future careers.  Professors challenge eager students to open their minds to old and new perspectives in science, mathematics, business, and of course, the arts and humanities.  Universities nurture an atmosphere where academics and scientists can engage in groundbreaking research, make advances in technology, and publish on novel theories and discoveries.

For many students, college may be the first time they are living on their own, allowing them to explore not only academic freedom but personal freedom. For parents coping with their children leaving home, some comfort is found in the expectation that while students are on campus the university will be actively taking measures to protect them from physical harm and risks that could affect their future.  Parents don’t realize that for some students, college may be the first time students are exposed to the clandestine world of international espionage.

Espionage knows no boundaries.  Foreign intelligence officers and spies lurk wherever there is information of value to be had or people with access to it. Information does not have to be a government secret for a foreign intelligence service to want to steal it.  Nation states play the Great Game to gain an advantage, whether political or economic, over their adversaries.  And there is plenty of information of value on American college campuses to attract the attention of adversary nations.  From advanced research in sciences and technology to professors with access to U.S. government officials, American universities are a target-rich environment for intelligence collection, intellectual property theft, and the illicit transfer of research and technology.   The welcoming nature of American universities—from unlocked entrances to university facilities, minimal investigation into the backgrounds of students enrolling in classes, and open admission to conferences, seminars, and other campus events—creates the perfect opportunity for undercover foreign intelligence officers or their human sources to slip onto campus and search for students who have potential for entering sensitive positions in the U.S. government or landing jobs with American companies engaged in the development and production of emerging and advanced technologies.

While the threat of espionage may not be apparent to parents and students, American universities have little excuse for not knowing about it.  Federal law enforcement agencies like the FBI regularly attempt to advise universities of the potential espionage threats on campus, and the media also has reported extensively on them.  The risks are real, knowable, and preventable, and universities that ignore the threats could face potentially devastating consequences to their reputations, relationships, and financial well being.  For students who do not fully appreciate the risk and get wrapped up on the wrong side of the clandestine world, the impact on their futures can be tremendous and irreversible.  Espionage on campus and the often-related illicit transfer of research and technology from school laboratories also contribute to immediate and long-term decline of U.S. national security interests and the competitive advantage the United States possesses in sciences and technology.  The university campus has been part of the Great Game chessboard for years. This is nothing new and not much has changed.

In 1930s Great Britain, five college students with communist sympathies came under the spell of espionage at the University of Cambridge.  Donald MacLean, Guy Burgess, Anthony Blunt, John Cairncross, and Kim Philby were in their undergraduate years when the NKVD, the Soviet precursor to the KGB, recruited them to serve the communist cause.  At the time, none of the students had access to information of value or persons of interest, but the NKVD believed these men, who came from the right social class, would find their way into positions of influence and access. They all did.

MacLean landed key positions in the UK’s foreign office, the equivalent of the U.S. Department of State.  Burgess held positions with the foreign office, the BBC, and MI6.  Blunt spent some time in MI5, served as the Surveyor of the King’s Pictures, and used his standing in academic and social circles to spot other potential Soviet spies. Cairncross made the rounds at MI6 and Bletchley Park, the precursor to the UK’s Government Communication Headquarters (GCHQ).  Kim Philby was the prize of the five.  While starting his espionage as a freelance journalist in the Spanish Civil War, which gave him access to pro-Franco forces—the ideological enemies of the Soviet Union—Philby returned to the UK and entered MI6.  There, he steadily rose through the ranks, eventually overseeing MI6’s counterintelligence operations against the Soviet Union. The Cambridge spies, most notably Philby, are still considered to be some of the most damaging spies in UK espionage history. The notoriety of these men is well known in England, and their association with the University of Cambridge as the Cambridge Ring or Cambridge Five will forever be remembered.

American universities have not been immune to the espionage efforts of foreign intelligence services.  In 1984, a student-spy working for the Cuban intelligence service and studying at Johns Hopkins University “spotted” Ana Montes as a potential Cuban recruit.  After being introduced to Cuban intelligence officers, Montes agreed to spy for Cuba while still a graduate student at Johns Hopkins.  She later became an intelligence analyst at the Defense Intelligence Agency (DIA), focusing on Cuban issues.  She was arrested in 2001 and sentenced to 20 years in prison.

Other known espionage or technology/research theft cases affecting the American university community include:

  • In 2002, Qingqiang Yin, a former Cornell University researcher was arrested before boarding a flight to Shanghai from New York.  He was carrying numerous bacteria samples and yeast cultures belonging to the university.  The FBI investigation revealed Yin was seeking a job with a research facility in China and offered to bring the bacteria and yeast cultures to China for commercial enzyme production.  He was sentenced to 12 months’ imprisonment for conspiracy to defraud the U.S. government.
  • In 2006, Carlos Alvarez, a psychology professor at Florida International University, admitted during a plea hearing that he had been a Cuban spy for nearly 30 years, gathering and transmitting information about Cuban exile groups to Cuban intelligence agents.  His wife Elsa, also a professor, admitted knowing of her husband’s conduct.  They were sentenced to five and three years’ imprisonment, respectively.  
  • In 2012, the FBI arrested 12 deep-cover Russian SVR intelligence officers who were engaged in espionage against various American targets.  One of the SVR officers was Cynthia Murphy, a.k.a. Lydia Guryeva, who while studying for a master’s degree at Columbia University, was tasked by the SVR to develop relationships with classmates and professors who have or will acquire access to secret information and to report on their backgrounds and characteristics, providing assessments on their vulnerability for recruitment as spies. The SVR also directed Guryeva to collect information on students seeking employment with the CIA.  After pleading guilty to failing to register as an agent of a foreign government, the United States returned Guryeva (and the other deep-cover officers) to Russia in exchange for prisoners held there. 
  •  
  • In 2013, Hua Jun Zhao, a Chinese research assistant at the Medical College of Wisconsin, was arrested and charged with economic espionage after stealing cancer research compounds and shipping them to China, where he allegedly planned to take them to a Chinese university for further development.  He pleaded guilty to the lesser charge of illegally downloading research data and was sentenced to time served (four-and-a-half months).
  •    Image result for Hua Jun Zhao
  • Since 2004, the Chinese government has opened numerous Confucius Institutes at universities across the world, including approximately 64 institutes at American universities.  While the stated mission of the institutes is to promote the study of Chinese language and culture abroad, concerns have been raised about the ulterior motives of these institutes.  Allegations have also surfaced that the institutes may be Trojan Horses used by the Chinese government to conduct espionage activities. Regardless of the public evidence available on the alleged intelligence function of these institutes, from this former intelligence officer’s perspective, they are the perfect front for penetrating American universities and targeting their students.  

Again, these are only examples of the espionage threats facing American universities.  These incidents and others have been well documented in the public domain, and American universities dedicated to risk management should know about them, if not for their own protection, then for the benefit of their donors and students and U.S. national security.

Today’s American university receives funding from a variety of sources, including alumni, businesses, philanthropic organizations, and federal and state governments.  Research grants from the public and private sectors are a significant source of income for universities, and donors want the university to reap the benefits of their contributions.  No donor wants to see years of research and funding illegally diverted to a foreign government or competitor.  A university that does not take this risk seriously could begin to see expected research grants and contributions being provided to other schools or facilities, especially when the U.S. government is the funding source.

Universities should also consider the disruption a law enforcement investigation into espionage on campus can have on its day-to-day operations, reputation, and ability to maintain investor (philanthropic) confidence.  The media will undoubtedly provide thorough coverage of an espionage investigation, the accuracy of which is not guaranteed.

Investigators will be removing and combing through files and records.  Computers may be seized, and electronic files of all kinds will be requested.  Interviews of those with knowledge of the incident or perpetrators will be required, and if a public trial takes place, there will be more disruption and publicity.  A university wanting to maintain or salvage its reputation after the uncovering of espionage on its campus will find it advantageous if it can truthfully state it has been cooperating with law enforcement on the investigation rather than have a story surface that the university was one of the obstacles law enforcement had to overcome in order to put an end to the espionage. Having the university’s name negatively associated with a foreign espionage investigation is not the kind of publicity a university will find easy to overcome.
For students, the consequences of becoming entangled in espionage could be severe.   Students make easy targets, and their idealism and naiveté can often get in the way of their judgment.  Once a student is recruited as a spy, his opportunities for reversing course without consequence are limited.  One only needs to look at the choices made by Glenn Duffie Shriver, an American just out of college and living in China, who was slowly manipulated by Chinese intelligence to seek employment with the CIA.  Shriver was arrested and sentenced to four years’ imprisonment after pleading guilty to conspiracy to commit unlawful conveyance of national defense information.  Shriver was released from prison in 2013, but he will be forever remembered as a Chinese spy.  Not a great resume builder.

From a national security perspective, espionage on campus also contributes to the perpetual and long-term decline of the United States’ competitive advantage over its adversaries.  The technology and research lost to other countries through espionage and theft robs the American economy of the commercial and economic benefits it would have derived in terms of jobs, profits, and scientific and technological advancement.  The stolen knowledge increases the commercial and economic standing of the countries that committed the theft to the detriment of the United States.  If the stolen technologies and research have military, defense, or security applications, then the losses also contribute to the threats the United States faces from countries and adversaries who seek to challenge or harm its national security interests.

Universities are a soft target for espionage and offer potentially lucrative rewards for our adversaries’ intelligence targeting efforts.  Every loss resulting from espionage or foreign theft at an American university is a gain for the adversaries of the United States. These risks and potential consequences transcend the inerrant concept of the open, academic environment.

Eastern Europe Readiness for War with Russia

NATO puts 300,000 troops on ‘high alert’ in readiness for a confrontation with Russia as fears grow Putin is preparing to attack the West

  • Nato chief Jens Stoltenberg putting 300,000 troops on ‘high alert’ 
  • Military intelligence are worried about Putin’s new Armata battle tank  
  • UK stalled new tank design as heavy armour is not useful against jihadis

Nato chiefs, thrown into a panic by fears that Russian President Vladimir Putin might attack the West, are scrambling to put together a force of 300,000 troops which they can put on ‘high alert’.

Relations between Russia and the West have plunged in the last year, with Moscow’s insistence on backing its Syrian ally, President Bashar al-Assad, at all costs leading to serious tension with the US, Britain and France.

Most Nato members cut their defence spending dramatically since the Soviet Union collapsed in 1991 but Russia has been bolstering its military capabilities, holding parades involving more than 100,000 troops each year.

Nato soldiers stand on a pontoon bridge constructed across the Vistula river in Poland during the NATO Anaconda-16 exercise earlier this year

Nato soldiers stand on a pontoon bridge constructed across the Vistula river in Poland during the NATO Anaconda-16 exercise earlier this year

DailyMail: Moscow has been throwing its weight around in recent years – in 2008 Russian troops humiliated the Georgians and in turn the White House by invading South Ossetia and Abkhazia in support of pro-Moscow rebels.

Nato members like Estonia, Poland and Romania, who are feeling increasingly threatened by Moscow, are now being promised a rapid deployment force.

Nato Secretary General Jens Stoltenberg told The Times this week: ‘We have also seen Russia using propaganda in Europe among Nato allies and that is exactly the reason why Nato is responding. We are responding with the biggest reinforcement of our collective defence since the end of the Cold War.

‘We have seen Russia being much more active in many different ways.

‘We have seen a more assertive Russia implementing a substantial military build-up over many years; tripling defence spending since 2000 in real terms; developing new military capabilities; exercising their forces and using military force against neighbours,’ added Mr Stoltenberg. More here.

****

Russia’s hybrid war actions:

Montenegro says “nationalists from Russia” planned to kill prime minister

IanAllen: Authorities in the former Yugoslav Republic of Montenegro say that “nationalists from Russia” and Serbia were behind a failed plot to kill the country’s prime minister and spark a pro-Russian coup in the country. As intelNews reported last week, the coup allegations surfaced on October 16, after 20 Serbians and Montenegrins were arrested by authorities for allegedly planning a military coup against the government of Montenegro. The arrests took place on election day, as Montenegrins were voting across the Balkan country of 650,000 people.

On Sunday, at a press conference in Montenegro’s capital and largest city, Podgorica, the country’s Chief Special Prosecutor, Milivoje Katnić, reiterated claims that the failed coup aimed to prevent the reelection of Prime Minister Milo Đukanović, whose push for Montenegro to join the North Atlantic Treaty Organization has prompted strong objections from Moscow. Katnić told journalists that the plotters had hired a “long-distance sharpshooter” who was “a professional killer”, for the task of killing Đukanović. After killing the Prime Minister, the plotters had planned to storm the parliament and prompt a pro-Russian coup in the former Yugoslav Republic, said the special prosecutor. He added that authorities had confiscated weapons, military uniforms and nearly $140,000 in cash that were found in the possession of the alleged coup plotters.

Asked about the fate of the 20 alleged coup plotters, Katnić said that 14 of them remained in custody in Podgorica, while six others had been extradited to Serbia. The Serbian government of Prime Minister Vučić has accepted Montenegro’s allegations that the coup was hatched in Serbia and has offered to help investigate alleged links between the plotters and the Russian state. However, said Katnić, his team of investigators had no evidence of direct involvement by Russia in the alleged coup plot. But, he said, “two nationalists from Russia”, whom he did not name, were among the leaders of the plot. In a press statement, Katnić’s office said that other coup plotters in addition to the 20 men arrested, remained at large, having escaped from Serbia. They could now be in Russia, he said. Moscow has not responded to the claims by the Montenegrin authorities.

*** Denise has interview Nolan Peterson on Ukraine

Back to Ukraine, ready for the Russian Invasion

Nolan Peterson: Kiev, Ukraine—The young man never told anyone he was going to war.

The 20-year-old student at Kiev’s Taras Shevchenko National University slipped away in June 2014 to join a civilian paramilitary group fighting in eastern Ukraine.

The young man, whose name was Sviatoslav Horbenko, was a star pupil at the university’s Institute of Philology, where he studied Japanese. When he transferred from a university in Kharkiv, a city in eastern Ukraine, during his third year, he had to retake 17 exams.

He aced them all.

“There was no bellicose air about him,” said Serhiy Yanchuk, an associate professor at Taras Shevchenko University and coordinator of the university’s Students Guard, a volunteer militia comprising students and faculty.

“He never acted or behaved aggressively for his personal cause,” Yanchuk said. “He was friendly, warm hearted, and an easy-going person. One would surely want to be a friend of such a guy.”

At his father’s behest, the younger Horbenko moved to Kiev and settled into life and his studies at Taras Shevchenko National University.

And then, a few months after the war began in the summer of 2014, Sviatoslav Horbenko disappeared. Without telling his friends, family, or teachers, he joined Right Sector, a civilian volunteer battalion, to fight at the battle for the Donetsk airport.

Olexander Horbenko ultimately was able to track Sviatoslav down at boot camp. The father tried to dissuade his son from going to war. But Sviatoslav was determined.

“That was my last meeting with him alive, our unforgettable conversation,” Olexander Horbenko later said. “Sviatoslav considered defending his fatherland as his duty, and he developed the strong bonds of military comradeship.” Read the full story here.

 

Nadhmi Auchi is Back, Preventing War Crimes on Assad?

-الأنبار-629x330.jpg Militant fighters of the Islamic State. File photo
As we witness tragedy beyond definition in Syria, it is becoming clear why Barack Obama has been largely absent on a policy in Syria. He has an old Chicago friend in the mix.

WikiLeaks: 29 Feb 1960 Foreign Service Dispatch from the US Embassy in Baghdad to the US Department of State, six scanned pages, declassified.

The document reports the terms of imprisonment and other sentences, imposed as a result of the 7 Oct 1959 Baath party assassination plot against the then Iraqi Prime Minister, Abdul al-Karim Qassim.

Notable figures sentenced include Saddam Hussien (“Saddam Husayn al-Tikriti”, Trial Group I) and the British-based Iraqi billionaire, Nadhmi Auchi, who was sentenced to three years “rigorous imprisonment” (“Nadhmi Shakir Awji”, Trial Group IV). More here. 

ARANews: Raqqa – A top security official in the ranks of the Islamic State (ISIS) radical group was reported dead on Sunday, after a US-led coalition hit his car with an airstrike in the western countryside of Raqqa Governorate, in northeastern Syria.

“The airstrike killed at least five ISIS members, including al-Othman who used to lead the ISIS security department in Tabqa,” local media activist Abdulkarim al-Yousef told ARA News.

The raid comes as part of the coalition’s policy to target and hunt ISIS jihadi leaders.

“The drone attack was carried out based on information from local sources trusted by the Syrian Democratic Forces,” an SDF spokesman told ARA News.

The strike coincided with the announcement of the battle for Raqqa by the Kurdish-Arab alliance of the Syrian Democratic Forces (SDF).

Raqqa is deemed a de-facto capital for the ISIS’ self-declared Caliphate.

The US-backed SDF has established a new operations room to coordinate the battle for Raqqa against the Islamic State (ISIS). “On November 5th, the SDF established a new operations room known as the Euphrates Wrath to intensify coordination between the various military factions participating in the battle for Raqqa.”

Reporting by: Jamil Mukarram | Source: ARA News

Syrian propagandists have found the ideal launderers for their message: Western journalists

Tablet: Bashar al-Assad’s regime has pulled off a grotesque PR coup by corralling a number of prominent American journalists from outlets like The New York Times, National Public Radio, The Washington Post, and The New Yorker to participate in a conference designed to legitimize the rule of Syria’s genocidal head of state. The conference held Sunday and Monday in Damascus, was organized by the British Syrian Society, a “foundation” chaired by Assad’s father-in-law, the London-based physician Fawaz Ahkras. The larger purpose of the conference appears to be raising money for the regime and its war effort, in part by relieving sanctions against major regime figures.

Many of the participants (here is a partial list of attendees) are British journalists, like Christina Lamb of The Sunday Times, and other UK figures drawn from Akhras’ London contacts. Indeed, the conference is meant to have something of a British ambiance, which is why it’s being conducted according to “Chatham House rules”—a phrase that misleadingly (and hilariously) suggests that the British foreign office is convening the panels. It seems unlikely that the Syrian intelligence officers speaking at the event, like Col. Samer, know Chatham House Rules from Hama Rules, nor do they care. The point is to legitimize the regime’s message with a vague atmosphere of Western ideas and methods—which is why having Western journalists in the audience, and even on panels, is important to the regime. Attending a conference that features at least four Syrian regime officials who are currently sanctioned for their role in Assad’s war crimes, are, among others, the New York Times’ Beirut correspondent Anne Barnard, NPR’s Alison Meuse, and Dexter Filkins of The New Yorker

The stated purpose of the Damascus conference is to “facilitate a better understanding of a very complicated crisis.” And presumably journalists in attendance have rationalized their participation to their editors along those exact lines: Since we’re covering the other side of a war, they’re no doubt explaining, it’s a good thing to hear the Assad regime’s side of the story. And since we can’t get into Damascus safely otherwise, it’s fine if we go under the protection of the regime. How else could we get in there?

There’s a simple test for whether such excuses are valid: Will the Assad government provide access to non-regime figures, like the citizens that Assad and his allies have starved in the town of Madaya? Will the regime provide them access to the countless opposition figures, including peaceful activists, the regime has put in prison and tortured? The answers are “of course not” and “under no circumstances.”

So, why go? For the camaraderie? For the sheer joy of doing journalism with other journalists in comfortable surroundings, while 200,000 Syrians are trapped, starving and under military assault, in the ruined city of Aleppo? For the great Middle Eastern food?

To get a sense of what attending a conference put on by a genocidal regime is like, here are some pictures from the twitter feed of Suzan Haidamous of The Washington Post, one of the journalists attending the Damascus conference. She deleted them after posting the pictures Sunday, the first day of the conference, perhaps after one of the subjects expressed concern that pictures of journalists being fed lavishly in the middle of Damascus—perhaps courtesy of the Syrian regime—as Assad and his allies starved Syrian civilians close by might damage the reputations of those depicted in the photos.

In the first picture, from left to right, are Dexter Filkins of The New Yorker; Haidamous; Nour Samaha, who has written for Foreign Policy and The Atlantic, Rania Abouzeid, who has contributed to TIME and The New Yorker; and Nabih Bulos, a special correspondent with the Los Angeles Times. Hashtags for this picture included #Goodtimes and #journalism.

*** Suzan Haidamous, who was enthusiastically promoting her participation in the Assad whitewash “conference” in Damascus, deleted these pics 1/

So, here they are, for the record: with Dexter Filkins, Haidamous, Nour Samaha, Rania Abouzeid, and Nabih Bulos. 2/

In the second picture, from left to right, are Anne BarnardThe New York Times Beirut bureau chief, Heba Saleh of the Financial Times; Hwaida Saad of The New York Times; and Haidamous. Hashtags here included #news and #reporting

That one was posted with the hashtags and . A couple more appropriate ones were left out: 3/

And here’s the second deleted pic, with Haidamous, Hwaida Saad, Heba Saleh, and Anne Barnard. For the record. 4/4 pic.twitter.com/82fxmJ0lXu

That one was posted with the hashtags and . A couple more appropriate ones were left out: 3/

Slaughter in the playground: Six young children are killed on a break between lessons as ‘President Assad’s troops’ bomb a Syrian nursery school
A boy winces as he receives treatment at a hospital in Ghouta, an opposition-controlled suburb of the capital, Damascus, on Sunday

A boy winces as he receives treatment at a hospital in Ghouta, an opposition-controlled suburb of the capital, Damascus, on Sunday
The White Helmets volunteer group posted this photo on social media purportedly showing a victim of the nursery attack on Sunday 

The White Helmets volunteer group posted this photo on social media purportedly showing a victim of the nursery attack on Sunday

More here from DailyMailUK.

****

RCP: A British citizen of Iraqi descent, Mr. Auchi, 70, is a billionaire, the 279th richest man in the world, according to a Forbes magazine survey last year. A great deal of Mr. Auchi’s money was made doing business with the regime of Saddam Hussein, much of it under the table. In 1987, Mr. Auchi helped French and Italian firms win a huge oil pipeline contract in Iraq, chiefly by paying off Iraqi officials, according to testimony given by an Italian banker to prosecutors in Milan. In 2003, he was convicted for his role in what was then the largest scandal in French history, involving payoffs from executives of the oil company now known as Total to political figures in Spain, Germany and Africa.

“‘He has been able to collect British politicians the way other people collect stamps,’ wrote Nick Cohen in a 2003 profile of Mr. Auchi in the left wing British newspaper the Observer.

“Mr. Auchi was a leading supplier of arms to Saddam’s regime. A former Belgian ambassador to Luxembourgcharged that a bank in Luxembourg owned principally by Mr. Auchi laundered funds — including Oil-For-Food money — for Saddam and other Islamic dictators.

“‘The name Nadhmi Auchi was just another name for Saddam’s intelligence service, or so we thought,’ said Nibras Kazimi, a former Iraqi dissident who is now a visiting scholar at the Hudson Institute in WashingtonD.C.

“Mr. Auchi is a business partner of Syrian-born businessman Antoin ‘Tony’ Rezko, who has supported Mr. Obama financially since his first run for the Illinois state senate in 1996.

“Mr. Rezko currently is in jail awaiting trial on charges he extorted money from firms seeking to do business with the state of Illinois…. Rezko’s bail was revoked Jan. 28 when the trial judge learned that he, friends and relatives had been wired $3.5 million [in May 2005] from firms in Lebanon controlled by Mr. Auchi. The judge feared Mr. Rezko was about to flee the country….

“Mr. Rezko has described Mr. Auchi as a ‘close friend.’ Mr. Auchi says they have only a business relationship. They’ve been partners in a chain of pizza restaurants in Wisconsin and in a major real estate development inRiverside Park in Chicago.

“The connection between Mr. Auchi and Sen. Obama is tenuous. But given Mr. Auchi’s shady past, his history of bribing politicians, it’s not unreasonable to ask if [he], through Mr. Rezko, was trying to buy influence with a rising political star [Obama].”

 

 

U.S. Military ‘Inside’ and Prepared for Cyber Wars

U.S. Govt. Hackers Ready to Hit Back If Russia Tries to Disrupt Election

American officials have long said publicly that Russia, China and other nations have probed and left hidden malware on parts of U.S critical infrastructure, “preparing the battlefield,” in military parlance, for cyber attacks that could turn out the lights or turn off the internet across major cities.

It’s been widely assumed that the U.S. has done the same thing to its adversaries. The documents reviewed by NBC News — along with remarks by a senior U.S. intelligence official — confirm that, in the case of Russia.

U.S. officials continue to express concern that Russia will use its cyber capabilities to try to disrupt next week’s presidential election. U.S. intelligence officials do not expect Russia to attack critical infrastructure — which many believe would be an act of war — but they do anticipate so-called cyber mischief, including the possible release of fake documents and the proliferation of bogus social media accounts designed to spread misinformation.

On Friday the hacker known as “Guccifer 2.0” — which U.S. officials say is a front for Russian intelligence — tweeted a threat to monitor the U.S. elections “from inside the system.”

As NBC News reported Thursday, the U.S. government is marshaling resources to combat the threat in a way that is without precedent for a presidential election.

The cyber weapons would only be deployed in the unlikely event the U.S. was attacked in a significant way, officials say.

***

U.S. military officials often say in general terms that the U.S. possesses the world’s most advanced cyber capabilities, but they will not discuss details of highly classified cyber weapons.

James Lewis, a cyber expert at the Center for Strategic and International Studies, says that U.S. hacks into the computer infrastructure of adversary nations such as China, Russia, Iran and North Korea — something he says he presumes has gone on for years — is akin to the kind of military scouting that is as old as human conflict.

“This is just the cyber version of that,” he said.

In 2014, National Security Agency chief Adm. Mike Rogers told Congress that U.S. adversaries are performing electronic “reconnaissance” on a regular basis so that they can be in a position to disrupt the industrial control systems that run everything from chemical facilities to water treatment plants.

“All of that leads me to believe it is only a matter of when, not if, we are going to see something dramatic,” he said at the time.

Rogers didn’t discuss the U.S.’s own penetration of adversary networks. But the hacking undertaken by the NSA, which regularly penetrates foreign networks to gather intelligence, is very similar to the hacking needed to plant precursors for cyber weapons, said Gary Brown, a retired colonel and former legal adviser to U.S. Cyber Command, the military’s digital war fighting arm.

“You’d gain access to a network, you’d establish your presence on the network and then you’re poised to do what you would like to do with the network,” he told NBC News. “Most of the time you might use that to collect information, but that same access could be used for more aggressive activities too.”

**

Brown and others have noted that the Obama administration has been extremely reluctant to take action in cyberspace, even in the face of what it says is a series of Russian hacks and leaks designed to manipulate the U.S. presidential election.

Administration officials did, however, deliver a back channel warning to Russian against any attempt to influence next week’s vote, officials told NBC News.

The senior U.S. intelligence official said that, if Russia initiated a significant cyber attack against critical infrastructure, the U.S. could take action to shut down some Russian systems — a sort of active defense.

Retired Adm. James Stavridis, who served as NATO commander of Europe, told NBC News’ Cynthia McFadden that the U.S. is well equipped to respond to any cyber attack.

“I think there’s three things we should do if we see a significant cyber-attack,” he said. “The first obviously is defending against it. The second is reveal: We should be publicizing what has happened so that any of this kind of cyber trickery can be unmasked. And thirdly, we should respond. Our response should be proportional.”

**

The U.S. use of cyber attacks in the military context — or for covert action — is not without precedent.

During the 2003 Iraq invasion, U.S spies penetrated Iraqi networks and sent tailored messages to Iraqi generals, urging them to surrender, and temporarily cut electronic power in Baghdad.

In 2009 and 2010, the U.S., working with Israel, is believed to have helped deploy what became known as Stuxnet, a cyber weapon designed to destroy Iranian nuclear centrifuges.

Today, U.S. Cyber Command is engaged in cyber operations against the Islamic State, including using social media to expose the location of militants and sending spoof orders to sow confusion, current and former officials tell NBC News.

One problem, officials say, is that the doctrine around cyber conflict — what is espionage, what is theft, what is war — is not well developed.

“Cyber war is undefined,” Brown said. “There are norms of behavior that we try to encourage, but people violate those.”

*****

UK Announces New Policy on Cyber Attacks: ‘We Will Strike Back in Kind’

The interactions of the Active Cyber Defence program

In recognition of the risk cyber attacks pose, the government’s 2015 Strategic Defence and Security Review classified cyber as a Tier One threat to the UK – that’s the same level as terrorism, or international military conflict. …

AtlanticCouncil: [W]e must keep up with the scale and pace of the threat we face. So today I am launching the government’s National Cyber Security Strategy for the next 5 years. The new strategy is built on three core pillars: defend, deter and develop, underpinned by £1.9 billion of transformational investment.

First of all Defend. We will strengthen the defences of government, our critical national infrastructure sectors like energy and transport, and our wider economy. We will work in partnership with industry to apply technologies that reduce the impact of cyber-attacks, while driving up security standards across both public and private sectors. We will ensure that our most sensitive information and networks, on which our government and security depend, are protected.

In practice, that means government taking a more active cyber defence approach – supporting industry’s use of automated defence techniques to block, disrupt and neutralise malicious activity before it reaches the user. The public have much to gain from active cyber defence and, with the proper safeguards in place to protect privacy, these measures have the potential to be transformational in ensuring that UK internet users are secure by default.

We are already deploying active cyber defence in government and we know it works: we’ve already successfully reduced the ability of attackers to spoof government e-mails as a key example. Until 6 weeks ago we were seeing faking of some @gov.uk addresses, such as ‘[email protected] ’. Criminals have been using these fake addresses to defraud people, by impersonating government departments. 50,000 spoof emails using the [email protected] address were being sent a everyday – now, thanks to our interventions, there are none.

The second pillar is deterrence. We will deter those who seek to steal from us, threaten us or otherwise harm our interests in cyberspace. We’re strengthening our law enforcement capabilities to raise the cost and reduce the reward of cyber criminality – ensuring we can track, apprehend and prosecute those who commit cyber crimes. And we will continue to invest in our offensive cyber capabilities, because the ability to detect, trace and retaliate in kind is likely to be the best deterrent. A small number of hostile foreign actors have developed and deployed offensive cyber capabilities, including destructive ones. These capabilities threaten the security of the UK’s critical national infrastructure and our industrial control systems.

If we do not have the ability to respond in cyberspace to an attack which takes down our power networks leaving us in darkness, or hits our air traffic control system, grounding our planes, we would be left with the impossible choice of turning the other cheek and ignoring the devastating consequences, or resorting to a military response. That is a choice that we do not want to face – and a choice we do not want to leave as a legacy to our successors. That is why we need to develop a fully functioning and operational cyber counter-attack capability. There is no doubt in my mind that the precursor to any future state-on-state conflict would be a campaign of escalating cyber-attacks, to break down our defences and test our resolve before the first shot is fired. Kinetic attacks carry huge risk of retaliation and may breach international law.

But in cyber space those who want to harm us appear to think they can act both scalably and deniably. It is our duty to demonstrate that they cannot act with impunity. So we will not only defend ourselves in cyberspace; we will strike back in kind when we are attacked.

And thirdly development. We will develop the capabilities we need in our economy and society to keep pace with the threat in the future. To make sure we’ve got a pipeline talented of people with the cyber skills we need, we will increase investment in the next generation of students, experts and companies.

I can announce we’re creating our latest cyber security research institute – a virtual network of UK universities dedicated to technological research and supported by government funding. The new virtual institute will focus on hardware and will look to improve the security of smart phone, tablets and laptops through innovative use of novel technology. We’re building cyber security into our education systems and are committed to providing opportunities for young people to pursue a career in this dynamic and exciting sector. And we’re also making sure that every young person learns the cyber life-skills they need to use the internet safely, confidently and successfully.

These three pillars that I’ve outlined – deter, defend and develop – are all supported by our new National Cyber Security Centre, based in Victoria in central London.

For the first time the government will have a dedicated, outward-facing authority on cyber – making it much simpler for business to get advice on cyber security and to interact with government on cyber security issues. Allowing us to deploy the high level skills that government has, principally in GCHQ, to support the development of commercial applications to enhance cyber security.

The Centre subsumes CERT UK and will provide the next generation of cyber security incident management. This means that when businesses or government bodies, or academic organisations report a significant incident, the Centre will bring together the full range of technical skills from across government and beyond to respond immediately. They will link up with law enforcement, help mitigate the impact of the incident, seek to repair the damage and assist in the tracing and prosecution of those responsible.

Across all its strands, the National Cyber Security Strategy we’re publishing today represents a major step forward in the fight against cyber attack.

Excerpts from “Speech Launching the National Cyber Security Strategy,” by Chancellor of the Exchequer Philip Hammond, Nov. 1, 2016.

Twitter War Report Describes Spamming the Election Tweets

And Twitter users believed….

****

Twitter Election Bots Hide Tons of Reply Spam Behind Boring Themed Accounts

Motherboard: A much-discussed research paper out of Oxford this month concluded that millions of tweets about the presidential election are generated by highly automated Twitter accounts. According to the authors’ analysis, about a third of pro-Trump traffic, and one fifth of pro-Clinton tweets, is “driven by bots and highly automated accounts.”

The Oxford study pegged Twitter accounts as highly automated if they posted at least 50 times a day using any one of a group of election hashtags—such as #MAGA, #TrumpTrain, #ImWithHer, and #StrongerTogether—over a three-day period.

The paper conceded that “extremely active” humans might post 50 or more times per day on one of the 52 hashtags they selected, “especially if they are simply retweeting the content they find in their social media feed.”

At the Electome, a project of the Media Lab at MIT, we use complex machine learning algorithms to analyze the election conversation on Twitter. The Oxford paper made us curious about the possibility of spotting bots in the dashboard we recently built for journalists covering the election.

Read more: How Mexican Twitter Bots Shut Down Dissent

Bot detection can be challenging, partly because they come in different varieties. Some are purely automated accounts, while others layer some manual curation on top of automated tweets.

Last week, we noticed a spike while searching our Twitter data on the keyword “rigged.”

In early September, the “rigged” discussion on Twitter, which previously had revolved around a variety of issues including economic inequality and the electoral process, shifted suddenly toward immigration—that is, tweets containing the word “rigged” also used terms connected to immigration.

Digging into the data, we found one verbatim tweet showing up across a dozen or so handles, each of which posted the same message over and over each day: “Immigration Policy is RIGGED against American Workers #Trump2016 #FeelTheBern.”

Beyond using identical phrasing—including idiosyncratic capitalization—the tweets coming from these accounts all linked to the same video, which compares statements by Donald Trump and Bernie Sanders about immigration policy. Each video, in turn, linked to the same anti-Clinton Twitter account.

Although the accounts don’t have the telltale bot profile image—the egg—based on their characteristics and activity, including breakneck output of strikingly similar content, these are clearly spam handles, and apparently at least somewhat automated.

Wading in further, we found that each account puts out a stream of photos and GIFs on a given theme, on top of a common rotation of anti-Clinton videos and memes.

The bots follow the same playbook: Publicly they tweet the same innocuous content fitting their theme, while simultaneously flooding the replies of public figures and media outlets—essentially piggybacking on famous tweets to influence users who see those tweets’ replies—with campaign-driven videos and memes.

One apparent bot account has pumped out more than 27,000 tweets since its creation in March, with content that tends to mix videos of Clinton advisor John Podesta with memes from the 1970s film A Clockwork Orange:

          TheTweetest @TheTweetest

you found out…

Hillary killed Osama bin Laden

..WITH HER EYES

@HillaryClinton

A zombie-themed account boasts 30,000 tweets since April: Podesta mingled with the undead:

Then there’s the seeming food porn handle that has put out 21,000 tweets since March: Podesta plus photogenic snacks:

In the last few days, these three accounts have tweeted thousands of times, sometimes hundreds of posts in a single hour. Most went entirely dark on October 30, for some reason, then geared up early on October 31 to put out hundreds more by noon.

Other apparently automated accounts pay homage to burgers, the Doge meme, geese, Hydrox cookies, knights, pigs, pulp science fiction, Putin, trains, and Transformers. They vary in frequency of activity, but each circulates the same videos with identical accompanying text.

Spambots like these have been spotted at other points in this election. In April, a conservative activist noticed a few hundred accounts frantically tweeting an identical call to file federal complaints against Ted Cruz for robocalls.

In June, a reporter for New York magazine mined the feeds of three pro-Trump, alt-right accounts, noting that they consistently replied to Trump’s tweets within mere seconds and with memes attached. Like the accounts we’ve identified here, many of their replies lacked any connection to the subject of Trump’s original tweet.

Last week, one of those three accounts circulated a hoax image of immigration officers arresting Hispanic voters, according to ProPublica’s Electionland.

Difficult as it is to track down accounts like these or gauge their prevalence, it’s even harder to discern how they might affect the overall Twitter discussion about the election. Whether or not the Oxford analysis proves accurate, its authors performed a service merely by raising public awareness of election bots.  More here including additional tweets.

****

Then there was that weird FBI release on Twitter:

FBI to Conduct Internal Probe of Election-Season Tweets

GovernmentExec: Suddenly renewed activity on an FBI Twitter account publicizing Freedom of Information Act releases has prompted an internal bureau review of the propriety of such activity so close to the Nov. 8 election, according to a source involved in the matter.

In emails obtained by Government Executive sent to an ex-investigative reporter who filed complaints, the deputy at the FBI’s Office of Professional Responsibility on Tuesday revealed that the complaint about possible political favoritism in tweeting has been referred to the FBI’s Inspection Division.

“Upon the completion of its investigation, the matter will be referred to my office for adjudication,” wrote Candice Will, assistant director of the Office of Professional Responsibility to Jonathan Hutson, a former investigative reporter and now a media consultant. He received a similar email from Nancy McNamara, assistant director of the FBI’s Inspection Division, with two more FBI employees copied.

An FBI official told Government Executive that on Oct. 30, electronic patches were sent through the FBI’s content management system to fix the automatic feed of information that goes through the FOIA Twitter account.

First reported on Thursday by the liberal-leaning news service Think Progress, the new probe comes days after questions were raised about the FBI FOIA office’s release on Monday of 129 pages of documents pertaining to the 2001-2005 investigation of President Bill Clinton’s last-minute pardon of fugitive financier Marc Rich, whose wife was a longtime Clinton donor.

That probe, led for a time by current FBI Director James Comey as a U.S. attorney, ended with no prosecutions, which is why the Hillary Clinton campaign immediately complained that its timing seemed questionable. “Absent a (Freedom of Information Act) deadline, this is odd,” Clinton campaign spokesman Brian Fallon tweeted. “Will FBI be posting docs on Trumps’ housing discrimination in ‘70s?”

It also comes less than a week after Comey shook up the presidential race with his letter to lawmakers and FBI staff suggesting that newly uncovered emails in an unrelated probe might be “pertinent” to the bureau’s suspended investigation Hillary Clinton’s mishandling of State Department emails.

The FBI responded to this week’s complaints with a statement outlining its FOIA policies:

“The FBI’s Records Management Division receives thousands of FOIA requests annually which are processed on a first in, first out basis,” it said. “By law, FOIA materials that have been requested three or more times are posted electronically to the FBI’s public reading room shortly after they are processed. Per the standard procedure for FOIA, these materials became available for release and were posted automatically and electronically to the FBI’s public reading room in accordance with the law and established procedures.”

But critics have now zeroed in on the bureau’s Twitter account at the FBI Records Vault. As noted by ex-investigative reporter Hutson, who first filed a complaint with the Justice Department inspector general, the FBI’s FOIA Twitter account had been silent for the past year.  “For the first few years after its 2011 launch, most of its tweets produced only 10 re-tweets, the most being 122,” Hutson said. “But suddenly, at 4:00 a.m. on Sunday, Oct. 30, it roared to life, not for business and not usual.”

The Tweet on Bill Clinton’s Marc Rich pardon, which was part of a probe on the Clinton Foundation, “was highly negative for Hillary Clinton” because it didn’t mention that no charges were brought, while another recent FBI tweet, announcing new documents pertaining to Republican candidate Donald Trump’s father’s past housing industry activities, favored Trump by “calling him a philanthropist,” which in Hutson’s view is “editorial shading.”

Also, Hutson said, “it is significant and telling” that the FBI FOIA people also recently tweeted the FBI’s ethics manual. “That shows they know full well that is it illegal for bureau employees to influence or effect the outcome of an election.” Hutson believes there may be violations of the Hatch Act, Justice Department guidelines and the FBI ethics manual. The FBI vault item on the Clinton Foundation, he pointed out, now has 9,000 re-tweets.

FOIA specialists consulted by Government Executive had mixed evaluations of this turn of events, both for the release of the FOIA documents and the related tweeting. “It’s nothing abnormal,” said Ronald Kessler, an author and longtime investigative journalist who has written on the FBI. “People don’t understand that it would be improper for the FBI to withhold a release of material to try to manipulate media coverage simply because agents happen to finish their work on it late Friday afternoon or just before an election. Like all of us humans, agents try to work extra hard to finish a project that is close to completion before a long weekend.”

Anne Weismann, executive director of the Campaign for Accountability, said after all her years of sending FOIA requests to the FBI, she found it “astonishing” that the FBI is tweeting, saying it “adds to the unprecedented nature” of this fall’s FBI’s intervention in the presidential race. She also found it odd that the FBI released what appears to be a “first round, partial” file of documents in the Marc Rich case, “with no context.” “Unless you knew they were talking about a major, very serious investigation of a former president, you wouldn’t know that the FBI never prosecuted Clinton,” she said. “I’ve pushed the FBI in litigation for release of documents on a rolling basis, and they always say no.”

Alex Howard, a senior analyst at the Sunlight Foundation, said the FBI has some flexibility in releasing documents. “Agencies are mandated to acknowledge a FOIA request in 20 days, although many in practice do not. Unless an agency is under instruction by a judge to release records responsive to a FOIA lawsuit on a specified timeline or by a given deadline, however, agencies can have some discretion in when they disclose records to a requester, unless their FOIA regulations specify otherwise. The “first in, first out” standard is one such rule: some agencies have pending FOIA requests going back over a decade.”

Daniel Schuman, policy director for Demand Progress, said, “There’s not enough information to make a judgment, which is why we would welcome an independent investigation, but on its face it is unusual.”