Rubio Wants DoJ to Investigate Kerry and Logan Act/FARA


U.S. Senator Marco Rubio (R-FL) today urged the Department of Justice (DOJ) to investigate whether former Secretary of State John F. Kerry’s actions since leaving office related to the Iran nuclear deal violate the Logan Act or the Foreign Agents Registration Act (FARA).

Rubio previously urged Attorney General Jeff Sessions to investigate the matter.

The full text of the letter is below.

Dear Attorney General Barr:

I write to make you aware of a September 18, 2018 letter I sent to your predecessor regarding potential violations of the Logan Act (18 U.S.C. § 953) and the Foreign Agents Registration Act (22 U.S.C. § 611 et seq.) by former Secretary of State John F. Kerry.  As you know, former Secretary Kerry’s actions since leaving office have come under scrutiny as they related to the Iran nuclear deal, known formally as the Joint Comprehensive Plan of Action (JCPOA).

The full letter to your predecessor is attached.

The American people deserve to know that U.S. laws are enforced regardless of any individual’s past position. The Department of Justice should therefore make a determination on whether or not former Secretary of State John F. Kerry’s recent actions related to the Joint Comprehensive Plan of Action with Iran potentially violate the Logan Act or the Foreign Agents Registration Act.

Thank you for your prompt attention to this matter.


*** The Boston Globe reported factually that John Kerry had met with Javad Zarif at least 3-4 times since leaving his post as Secretary of State. In fact, this is not news by any means, calls for attention to John Kerry working against the Trump administration goes back to at least May of 2018. Did John Kerry bother to announce his activity to anyone in the Trump administration? Nah…

Kerry’s Iran diplomacy in cross hairs of partisan battle ...

In fact, Democrats in Congress knew about the activities of John Kerry because he called them trying to get their help too.

Kerry’s little team (called Diplomacy Works) of people included Wendy Sherman, Jon Finer, Jen Psaki, David Wade, Chuck Schumer, Robert Menendez, Susan Rice, Angela Merkel, Frank-Walter Steinmeier, Fedrica Mogherini, Emmanuel Macron, Ernest Moniz and Wendy Sherman. This Kerry organization has been writing articles, op-eds, producing and airing television and radio ads and blasting them to policy-makers as well as foreign policy experts.

Now this is shadow government and policy…right?

But don’t believe John Kerry’s mission is just exclusive the Iran nuclear deal. Indeed, it also deals with North Korea and China.

On the Board of Directors of ‘Diplomacy Works’ are names such as Tony Blinken, Nicolas Burns, Michele Flournoy, Matt Olsen, Nancy Soderberg and yikes Robert Malley.

Robert Malley is fully anti-Israel. His biography/resume demonstrates that as well as his concocted campaign to defeat ISIS while he worked for the Obama White House. His family considered Yassir Arafat to be a close and reliable friend. He was a trusted advisor to Susan Rice. In 2001 Malley moved over to the policy and think tank world, continuing his involvement with Middle East issues. He was Senior Policy Advisor at the Center for Middle East Peace and Economic Cooperation, and is now with the Soros-funded International Crisis Group, where he serves as Middle East and North Africa Program Director.


Oh yeah, Kerry’s organization has a legislative agenda that includes climate change, democracy and human rights, gender equality, global health, refugees, trade and the United Nations. He and his staff clearly advise only Democrats in both chambers of Congress after reviewing the names listed on the website.

Someone tell Hannity, Laura Ingraham or Peter Schweizer to give all this some airtime…please…



Iran continues to Take Over Syria

Based on how al Qaeda operated and then how Islamic State operated, it appears the winning the hearts of minds of the locals essentially through humanitarian extortion was originally created by Iran.

For at least 3-4 years, Iran has been buying up land in worn torn areas of Syria and real bargain prices. Iran is transferring construction workers into Syria to rebuild designated areas. At a minimum, 5 million homes in Syria have been destroyed due to the civil war. While Iranians are struggling to make a living in their home country, they have at least a chance of working for an income in and around Damascus. Not to be left out, Afghan nationals are also traveling to Syria to take up construction jobs. Most of the community rebuilds, media and businesses are being watched and managed by the Iranian Revolutionary Guard Corps, a known terror group that the United States is still considering listing as such formally. By the way, it was the IRGC that kidnapped our sailors and held them hostage during the Obama regime.

Meanwhile, as we have known, Bashir al Assad has been a puppet of Tehran. Assad himself is part of the Alawite Sect, which is part of Shia Islam. Iran is moving relentlessly to install hegemony of the Shiite sect in Syria expanding their territory by using the land bridge from Iran to Iraq to Syria and Lebanon.

By using humanitarian bait, military tactics and economic tools, Syrians are being forced to move from being Sunni to Shiite just to live and survive. This is all under the guise of goodwill….yeah sure. So, police stations scattered across the Deir Ezzour province are staffed by the Iranian Revolutionary Guard Corps. It is at these locations that food, medicine , education and basic life necessities are distributed but not before the conversion takes place from Sunni to Shiite and then people receive a ID card and stipend of $200 per month. This is essentially forcing Syrians to work for Iran.

IRGC-controlled Iraqi militia deploys to eastern Damascus ...

Iran is taking full control of key mosques and what is taught in schools is designed and implemented by the Iranian regime. Bashir al Assad appears to be an advocate of this hearts and minds operation as he owes Tehran for his own survival of power.

There is some resistance from the local Syrians, yet if this continues, the civil war will continue.

Enter the Hussein Organization, an alleged charity that provides water and pockets of electricity. Key areas where all this is occurring in regions along that pesky land bridge where military supply lines continue to flow.

As Turkey, Lebanon, Jordan have hundreds of refugee camps for displaced Syrians, it appears there is no hope or will to return home for them under the growing threat of Iran formally taking power in pockets of Syria.

Late last year, Iran signed a deal to build a major power plant in Latakia. Latakia is a port city that is home to the largest Russian foreign eavesdropping facility. There is also a large airbase in Latakia that is operated by Russia known as the Khmeimim Air Base. Reconnaissance flights take place on a frequent basis under a Russian-Syria treaty.

Syria conflict: First pictures of Russian warplanes ...

This airbase was built in 2015 and is adjacent to the Bassel al Assad International Airport while Russia maintains a permanent navy base not far away in Tartus.

President Trump has a mission to remove all U.S. forces from Syria, however that has been somewhat altered in recent months where an estimate 1000 U.S. forces will remain for a term. Complicating matters in recent days is the Golan Heights.

Syria is demanding a UN Security Council meeting regarding the full declaration of Israeli sovereignty over the Golan Heights region. This region has been under Israeli control going back to 1967 in what was known then as the 6-day war. An armistice line was created and a few times since, Syria has attempted to retake the Golan Heights. Another armistice was signed in 1974 and since that time, the UN has only an observer force as Golan was formally annexed by Israel.

Currently, there are thousands of Jews living in the Golan along with Syrians of the Druze sect. The Golan is a mountainous region that provides the Israeli military and intelligence a good view and buffer of militant activities in Syria.


Monica Elfriede Witt, former U.S. service member, Treason?

She once lived in Falls Church, Virginia. She speaks Farsi and in 2013 was known to be in either Afghanistan or Tajikistan teaching English….sure…..teaching….
Wednesday, February 13, 2019

Former U.S. Counterintelligence Agent Charged With Espionage on Behalf of Iran; Four Iranians Charged With a Cyber Campaign Targeting Her Former Colleagues

Indictment Unsealed as U.S. Treasury Department Announces Economic Sanctions

Monica Elfriede Witt, 39, a former U.S. service member and counterintelligence agent, has been indicted by a federal grand jury in the District of Columbia for conspiracy to deliver and delivering national defense information to representatives of the Iranian government.  Witt, who defected to Iran in 2013, is alleged to have assisted Iranian intelligence services in targeting her former fellow agents in the U.S. Intelligence Community (USIC).  Witt is also alleged to have disclosed the code name and classified mission of a U.S. Department of Defense Special Access Program. An arrest warrant has been issued for Witt, who remains at large.

The same indictment charges four Iranian nationals, Mojtaba Masoumpour, Behzad Mesri, Hossein Parvar and Mohamad Paryar (the “Cyber Conspirators”), with conspiracy, attempts to commit computer intrusion and aggravated identity theft, for conduct in 2014 and 2015 targeting former co-workers and colleagues of Witt in the U.S. Intelligence Community.  The Cyber Conspirators, using fictional and imposter social media accounts and working on behalf of the Iranian Revolutionary Guard Corps (IRGC), sought to deploy malware that would provide them covert access to the targets’ computers and networks.  Arrest warrants have been issued for the Cyber Conspirators, who also remain at large.

The announcement was made by Assistant Attorney General for National Security John Demers, U.S. Attorney Jessie K. Liu for the District of Columbia, Executive Assistant Director for National Security Jay Tabb of the FBI, U.S. Treasury Secretary Steven Mnuchin, Special Agent Terry Phillips of the Air Force Office of Special Investigations, and Assistant Director in Charge Nancy McNamara of the FBI’s Washington Field Office.

“Monica Witt is charged with revealing to the Iranian regime a highly classified intelligence program and the identity of a U.S. Intelligence Officer, all in violation of the law, her solemn oath to protect and defend our country, and the bounds of human decency,” said Assistant Attorney General Demers.  “Four Iranian cyber hackers are also charged with various computer crimes targeting members of the U.S. intelligence community who were Ms. Witt’s former colleagues. This case underscores the dangers to our intelligence professionals and the lengths our adversaries will go to identify them, expose them, target them, and, in a few rare cases, ultimately turn them against the nation they swore to protect.  When our intelligence professionals are targeted or betrayed, the National Security Division will relentlessly pursue justice against the wrong-doers.”

“This case reflects our firm resolve to hold accountable any individual who betrays the public trust by compromising our national security,” said U.S. Attorney Liu.  “Today’s announcement also highlights our commitment to vigorously pursue those who threaten U.S. security through state-sponsored hacking campaigns.”

“The charges unsealed today are the result of years of investigative work by the FBI to uncover Monica Witt’s betrayal of the oath she swore to safeguard America’s intelligence and defense secrets” said Executive Assistant Director for National Security Tabb.  “This case also highlights the FBI’s commitment to disrupting those who engage in malicious cyber activity to undermine our country’s national security. The FBI is grateful to the Department of Treasury and the United States Air Force for their continued partnership and assistance in this case.”

Treasury is taking action against malicious Iranian cyber actors and covert operations that have targeted Americans at home and overseas as part of our ongoing efforts to counter the Iranian regime’s cyber-attacks,” said Treasury Secretary Steven Mnuchin.  “Treasury is sanctioning New Horizon Organization for its support to the IRGC-QF.  New Horizon hosts international conferences that have provided Iranian intelligence officers a platform to recruit and collect damaging information from attendees, while propagating anti-Semitism and Holocaust denial.  We are also sanctioning an Iran-based company that has attempted to install malware to compromise the computers of U.S. personnel.”

“The alleged actions of Monica Witt in assisting a hostile nation are a betrayal of our nation’s security, our military, and the American people,” said Special Agent Phillips. “While violations like this are extremely rare, her actions as alleged are an affront to all who have served our great nation.”

“This investigation exemplifies the tireless work the agents and analysts of the FBI do each and every day to bring a complex case like this to fruition,’ said Assistant Director in Charge McNamara.  “Witt’s betrayal of her country and the actions of the cyber criminals – at the behest of the IRGC – could have brought serious damage to the United States, and we will not stand by and allow that to happen.  The efforts by the Iranian government to target and harm the U.S. will not be taken lightly, and the FBI will continue our work to hold those individuals or groups accountable for their actions.”

According to the allegations contained in the indictment unsealed today:

Monica Witt’s Espionage

Monica Witt, a U.S. citizen, was an active duty U.S. Air Force Intelligence Specialist and Special Agent of the Air Force Office of Special Investigations, who entered on duty in 1997 and left the U.S. government in 2008.  Monica Witt separated from the Air Force in 2008 and ended work with DOD as a contractor in 2010.  During her tenure with the U.S. government, Witt was granted high-level security clearances and was deployed overseas to conduct classified counterintelligence missions.

In Feb. 2012, Witt traveled to Iran to attend the Iranian New Horizon Organization’s “Hollywoodism” conference, an IRGC-sponsored event aimed at, among other things, condemning American moral standards and promoting anti-U.S. propaganda.  Through subsequent interactions and communications with a dual United States-Iranian citizen referred to in the indictment as Individual A, Witt successfully arranged to re-enter Iran in Aug. 2013.  Thereafter, Iranian government officials provided Witt with a housing and computer equipment.  She went on to disclose U.S. classified information to the Iranian government official.  As part of her work on behalf of the Iranian government, she conducted research about USIC personnel that she had known and worked with, and used that information to draft “target packages” against these U.S. agents.

Iranian Hacking Efforts Targeting Witt’s Former Colleagues

Beginning in late 2014, the Cyber Conspirators began a malicious campaign targeting Witt’s former co-workers and colleagues.  Specifically, Mesri registered and helped manage an Iranian company, the identity of which is known to the United States, which conducted computer intrusions against targets inside and outside the United States on behalf of the IRGC.  Using computer and online infrastructure, in some cases procured by Mesri, the conspiracy tested its malware and gathered information from target computers or networks, and sent spearphishing messages to its targets.  Specifically, between Jan. and May 2015, the Cyber Conspirators, using fictitious and imposter accounts, attempted to trick their targets into clicking links or opening files that would allow the conspirators to deploy malware on the target’s computer.  In one such instance, the Cyber Conspirators created a Facebook account that purported to belong to a USIC employee and former colleague of Witt, and which utilized legitimate information and photos from the USIC employee’s actual Facebook account. This particular fake account caused several of Witt’s former colleagues to accept “friend” requests.

Iranian Revolution at 40 Years Old

Jimmy Carter unavailable for comment…..

DUBAI (Reuters) – Hundreds of thousands of Iranians marched and some burned U.S. flags to mark the revolution’s 40th anniversary on Monday as Tehran showed off ballistic missiles in defiance of U.S. efforts to curb its military power.

Soldiers, students, clerics and black-clad women holding small children thronged streets across Iran, many with portraits of Ayatollah Ruhollah Khomeini, the Shi’ite cleric who toppled the Shah in an Islamic uprising that still haunts the West.

On Feb. 11, 1979 Iran’s army declared its neutrality, paving the way for the fall of U.S.-backed Shah Mohammad Reza Pahlavi.

State television showed crowds defying cold rainy weather and carrying Iranian flags while shouting “Death to Israel, Death to America” – trademark chants of the revolution.

After decades of hostility with the United States, the Islamic Republic vowed to increase its military strength despite mounting pressure from Western countries.

Ballistic missile capabilities were on display during the main march, including the Qadr F, a ground-to-ground missile with a 1,950-km (1,220-mile) range, Tasnim news agency said.

“We have not asked and will not ask for permission to develop different types of … missiles and will continue our path and our military power,” President Hassan Rouhani said in a speech at Tehran’s Azadi (Freedom) square.


U.S. President Donald Trump tweeted on Monday that the Iranian government had let down its people.

“40 years of corruption. 40 years of repression. 40 years of terror. The regime in Iran has produced only #40YearsofFailure. The long-suffering Iranian people deserve a much brighter future,” he posted in both English and Farsi.

The large turnout in state-sponsored rallies, in which U.S. and Israeli flags were burned, came as Iranians face mounting economic hardships many blame on the country’s clerical leaders.

Pictures on social media showed some people also demonstrating against corruption, unemployment and high prices.

“Our presence in the 40th anniversary of the revolution is to show our support for the Islamic Republic,” said one sign held by a protester. “But it does not mean we support corruption of some officials and their betrayal of the oppressed people.”

Reuters could not independently verify the pictures. Photo collection found here.

Last year, Iran cracked down on protests over poor living standards that posed the most serious challenge to its clerical elite since a 2009 uprising over disputed elections.

Prices of basic foodstuffs have soared since President Donald Trump withdrew Washington from world powers’ 2015 nuclear deal with Iran last year and reimposed sanctions on Tehran.

“I bow in admiration to Iran’s resilient people who – despite hardships and grievances – today poured into streets by the millions to mark 40th anniv of their Islamic Revolution, which some in the US wished would never come,” Iranian Foreign Minister Mohammad Javad Zarif tweeted.

“US should take note: REAL Iranians never succumb to diktats.”

In January, Rouhani said Iran was dealing with its worst economic crisis since the Shah was toppled.

But he remained defiant on Monday as Iranians recalled the end of a monarch who catered to the rich. “The Iranian people have and will have some economic difficulties but we will overcome the problems by helping each other,” he said.


Yadollah Javani, the Iranian Revolutionary Guards’ deputy head for political affairs, said Iran would demolish cities in Israel if the United States attacked.

“The United States does not have the courage to fire a single bullet at us despite all its defensive and military assets. But if they attack us, we will raze Tel Aviv and Haifa to the ground,” Javani told the state news agency IRNA.

Israeli Prime Minister Benjamin Netanyahu dismissed the threat. “I am not ignoring the threats of the Iranian regime, but nor I am impressed by them,” he said.

“Were this regime to make the terrible mistake of trying to destroy Tel Aviv and Haifa, it would not succeed, but it would mean that they had celebrated their last Revolution Day. They would do well to take that into account.”

Washington and the Arab world have viewed Iran with great suspicion since the Islamic Revolution, fearing Khomeini’s radical ideology would inspire militants across the Middle East.

Today, the United States, its Arab allies and Israel are trying to counter Tehran’s growing influence in the Middle East, where it has proxies in Syria, Lebanon and Yemen.

Iran also has vast clout in Iraq, where Major-General Qassem Soleimani, head of the overseas arm of the Revolutionary Guards, was frequently photographed guiding Shi’ite militias in the war against Sunni Islamic State militants.


U.S. President Donald Trump tweeted on Monday that the Iranian government had let down its people.

“40 years of corruption. 40 years of repression. 40 years of terror. The regime in Iran has produced only #40YearsofFailure. The long-suffering Iranian people deserve a much brighter future,” he posted in both English and Farsi.


Back. during post revolution:

Source: Documents of the U.S. Espionage Den (Tehran: Muslim Students Following the Line of the Imam, c. 1981)
This fascinating analysis of the political and social force that would come to dominate the revolution is one indication that line officers in Iran were well aware of the Shiite phenomenon in the country at an earlier time than is sometimes assumed.  Ayatollah Khomeini is specifically named as the “symbolic leader” of the revolution.  The Embassy’s staff admits they have been “laboring” to get a better understanding of the “renascent Shi’ite religious movement” and they make plain that part of the problem is that Iranians within and outside of the government have consistently “peddled” the view that “Khomeini’s followers are for the most part crypto Communists or leftists of Marxist stripe.”  The telegram goes on to give a brief survey of Shiism and Iranian monarchical mistreatment of the “Islamic establishment,” presumably in an attempt to educate non-specialists higher up in the Department.  The telegram specifically advises that “it has become obvious that Islam is deeply imbedded in the lives of the vast majority of the Iranian people.”
Source: “The Carter Administration and the Arc of Crisis: Iran, Afghanistan and the Cold War in Southern Asia, 1977-1981,” briefing book for conference prepared by the National Security Archive
The Defense Intelligence Agency, whose primary audience consisted of the secretary of defense, the Joint Chiefs of Staff, and military commanders, produced this unclassified primer on Shiism in Iran.  The DIA had its own HUMINT sources overseas but this document clearly derives its information from open sources and indeed contains nothing that an interested citizen could not easily have found in a public library.  But the topic indicates at least a basic recognition of the importance of one of the key dynamics at work in Iranian society. The extract posted here, all that appears to exist (and one of the few available DIA documents from the period), does not attempt to forecast the course of events in the country.
Iran Vaunts Military, Exults at US 'Dismay' as Revolution ...
Source: Freedom of Information Act request
As late as October 1978, there is still little sense in Washington or other Western capitals that things are heading in a dangerous direction in Iran.  In a meeting with British counterparts earlier in the month, State Department Iran specialist Henry Precht gave a lugubrious forecast for the Shah and for Western interests but according to records of the session (click here) the British – and even Precht’s superiors – thought he was well off target.  In this telegram from the U.S. Embassy in Tehran, an equally dire report directs the State Department’s attention to a visible change in attitudes across many sectors of public opinion.  Pro-Shah and anti-Shah elements alike reportedly agree that his apparent lack of firm action is making the situation worse and he is in danger of losing control of events.
Just a few days after the previous cable expressing a general sense of a worsening atmosphere in the capital, the Embassy in Tehran focuses this report on the specific question of a “military option.” The general sense seems to be that a military takeover is inevitable and many Embassy contacts – especially senior military officers – are actively supporting the idea. Many Iranians evidently believed later that the Carter administration eventually backed a military coup, which never took place. Noting that the Shah told Ambassador Sullivan personally that he was considering a military government, the telegram assesses that such a move could succeed but stops short of supporting it, concluding “the long-term costs would be heavy.” Go here for the full menu of documents.

US Treasury’s Evidence Iran and Russia Cooperating in Syria

The U.S. Treasury Department sanctioned nine targets last week related to an illicit oil network between Iran and Russia.

“We are acting against a complex scheme Iran and Russia have used to bolster the [Bashar] Assad regime and generate funds for Iranian malign activity,” said Treasury Secretary Steven Mnuchin. “Central Bank of Iran officials continue to exploit the international financial system, and in this case even used a company whose name suggests a trade in humanitarian goods as a tool to facilitate financial transfers supporting this oil scheme.

“The United States is committed to imposing a financial toll on Iran, Russia and others for their efforts to solidify Assad’s authoritarian rule, as well as disrupt the Iranian regime’s funding of terrorist organizations,” he added.

Experts said this move was crucial in combating the Iranian threat.

“The scheme uncovered by the Treasury Department shows just how closely Iran and Russia are cooperating to not only help prop up the Assad regime financially, but to help finance the leading players in Iran’s global terrorism,” Boris Zilberman of the Foundation for Defense of Democracies told JNS. “So when Russia talks about cooperating with the United States to counter-terrorism this is empty rhetoric plain and simple.”

“As this scheme shows, Russia works hand in hand with some of the very terror groups we seek to counter,” he continued. “Russia is not a partner in our counter-terrorism efforts, but is, in fact, an adversary.”

“There are already sanctions on Russian arms exporters, but the United States should continue to uncover and sanction schemes such as this,” added Zilberman. “The administration could also consider, in conjunction with Israel, striking destabilizing arms transfers by Hezbollah.

“It’s an important step, and highlights just how much [Russian President Vladimir] Putin has supported Iran, Hezbollah and Assad, and how committed he is, despite hopes that Putin’s partnership with Iran is skin-deep short-lived,” the Washington Institute for Near East Policy’s Anna Borshchevskaya told JNS.

“Hard to tell if this pressure will succeed without being incorporated into a broader strategy,” she continued. “It comes as no surprise that the Kremlin said earlier this month it will continue to help Iran trade oil. It’s possible to imagine Moscow setting up another intermediary to continue shipping oil to the Syrian regime, but nonetheless, this is an important step.”

The State Department joined Treasury in sending a message to the Islamic Republic.

Islamic State crisis: US hits IS oil targets in Syria ...

“The sanctions levied today directly target the Iranian regime’s exploitation of the international financial system to hide revenue streams it uses to fund terrorist activity, provide support for sectarian militias responsible for abuses against civilian populations and destabilize the region,” said the department in a statement. “The Iranian regime, Iranian-commanded forces inside Syria and the proxy terrorist groups it supports such as those targeted today continue to foment instability to extend their malign influence. These actions by the Iranian and Assad regimes undermine the legitimate processes to resolve the conflict in Syria.”

This development preceded Secretary of State Pompeo blasting Iranian President Hassan Rouhani on Monday for calling Israel a “cancerous tumor” and a “fake regime.”

“This is a dangerous and irresponsible step that will further deepen Iran’s isolation,” warned Pompeo.

“The Iranian regime is no friend of America or Israel when they repeatedly call for the death of millions, including Muslims,” he added. “The Iranian people know better and do not agree with their government, which has badly represented them to the world for 39 years. The people have suffered under this tyranny for far too long.”

*** It is quite right that Iran is no friend of the United States or Israel. That Obama/Kerry nuclear deal was supposed to lay the groundwork for Iran to be a good citizen of the world….read on…not so much.


Two Iranian Men Indicted for Deploying Ransomware to Extort Hospitals, Municipalities, and Public Institutions, Causing Over $30 Million in Losses

A federal grand jury returned an indictment unsealed today in Newark, New Jersey charging Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, both of Iran, in a 34-month-long international computer hacking and extortion scheme involving the deployment of sophisticated ransomware, announced Deputy Attorney General Rod J. Rosenstein, Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division, U.S. Attorney Craig Carpenito for the District of New Jersey and Executive Assistant Director Amy S. Hess of the FBI.

The six-count indictment alleges that Savandi and Mansouri, acting from inside Iran, authored malware, known as “SamSam Ransomware,” capable of forcibly encrypting data on the computers of victims.  According to the indictment, beginning in December 2015, Savandi and Mansouri would then allegedly access the computers of victim entities without authorization through security vulnerabilities, and install and execute the SamSam Ransomware on the computers, resulting in the encryption of data on the victims’ computers.  These more than 200 victims included hospitals, municipalities, and public institutions, according to the indictment, including the City of Atlanta, Georgia; the City of Newark, New Jersey; the Port of San Diego, California; the Colorado Department of Transportation; the University of Calgary in Calgary, Alberta, Canada; and six health care-related entities: Hollywood Presbyterian Medical Center in Los Angeles, California; Kansas Heart Hospital in Wichita, Kansas; Laboratory Corporation of America Holdings, more commonly known as LabCorp, headquartered in Burlington, North Carolina; MedStar Health, headquartered in Columbia, Maryland; Nebraska Orthopedic Hospital now known as OrthoNebraska Hospital, in Omaha, Nebraska and Allscripts Healthcare Solutions Inc., headquartered in Chicago, Illinois.

According to the indictment, Savandi and Mansouri would then extort victim entities by demanding a ransom paid in the virtual currency Bitcoin in exchange for decryption keys for the encrypted data, collecting ransom payments from victim entities that paid the ransom, and exchanging the Bitcoin proceeds into Iranian rial using Iran-based Bitcoin exchangers.  The indictment alleges that, as a result of their conduct, Savandi and Mansouri have collected over $6 million USD in ransom payments to date, and caused over $30 million USD in losses to victims.

“The Iranian defendants allegedly used hacking and malware to cause more than $30 million in losses to more than 200 victims,” said Deputy Attorney General Rosenstein.  “According to the indictment, the hackers infiltrated computer systems in 10 states and Canada and then demanded payment. The criminal activity harmed state agencies, city governments, hospitals, and countless innocent victims.”

“The allegations in the indictment unsealed today—the first of its kind—outline an Iran-based international computer hacking and extortion scheme that engaged in 21st-century digital blackmail,” said Assistant Attorney General Benczkowski.  “These defendants allegedly used ransomware to infect the computer networks of municipalities, hospitals, and other key public institutions, locking out the computer owners, and then demanded millions of dollars in payments from them. As today’s charges demonstrate, the Criminal Division and its law enforcement partners will relentlessly pursue cybercriminals who harm American citizens, businesses, and institutions, regardless of where those criminals may reside.”

“The defendants in this case developed and deployed the SamSam Ransomware in order to hold public and private entities hostage and then extort money from them,” said U.S. Attorney Carpenito.  “As the indictment in this case details, they started with a business in Mercer County and then moved on to major public entities, like the City of Newark, and healthcare providers, like the Hollywood Presbyterian Medical Center in Los Angeles and the Kansas Heart Hospital in Wichita—cravenly taking advantage of the fact that these victims depend on their computer networks to serve the public, the sick, and the injured without interruption.  The charges announced today show that the U.S. Attorney’s Office for the District of New Jersey will continue to act to disrupt such criminal acts, and identify those who are responsible for them, no matter where in the world they may seek to hide.”

“This indictment demonstrates the FBI’s continuous commitment to unmasking malicious actors behind the world’s most egregious cyberattacks,” said Executive Assistant Director Hess.  “By calling out those who threaten American systems, we expose criminals who hide behind their computer and launch attacks that threaten our public safety and national security.  The actions highlighted today, which represent a continuing trend of cyber criminal activity emanating from Iran, were particularly threatening, as they targeted public safety institutions, including U.S. hospital systems and governmental entities.  The FBI, with the assistance of our private sector and U.S. government partners, are sending a strong message that we will work together to investigate and hold all criminals accountable.”

Savandi and Mansouri are charged with one count of conspiracy to commit wire fraud, one count of conspiracy to commit fraud and related activity in connection with computers, two substantive counts of intentional damage to a protected computer and two substantive counts of transmitting a demand in relation to damaging a protected computer.

According to the indictment, Savandi and Mansouri created the first version of the SamSam Ransomware in December 2015, and created further refined versions in June and October 2017.  In addition to employing Iran-based Bitcoin exchangers, the indictment alleges that the defendants also utilized overseas computer infrastructure to commit their attacks.   Savandi and Mansouri would also use sophisticated online reconnaissance techniques (such as scanning for computer network vulnerabilities) and conduct online research in order to select and target potential victims, according to the indictment.  According to the indictment, the defendants would also disguise their attacks to appear like legitimate network activity.

To carry out their scheme, the indictment alleges that the defendants also employed the use of Tor, a computer network designed to facilitate anonymous communication over the internet.  According to the indictment, the defendants maximized the damage caused to victims by launching attacks outside regular business hours, when a victim would find it more difficult to mitigate the attack, and by encrypting backups of the victims’ computers.  This was intended to—and often did—cripple the regular business operations of the victims, according to the indictment.  The most recent ransomware attack against a victim alleged in the indictment took place on Sept. 25, 2018.

This case was investigated by the FBI’s Newark Field Office.  Senior Counsel William A. Hall Jr. of the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) and Assistant U.S. Attorney and Chief of the Cybercrimes Unit Justin S. Herring of the District of New Jersey are prosecuting the case.  The Department thanks its law enforcement colleagues at the National Crime Agency (UK), West Yorkshire Police (UK), Calgary Police Service (Canada), and the Royal Canadian Mounted Police.  Significant assistance was provided by the Justice Department’s National Security Division and the Criminal Division’s Office of International Affairs.