The Homeland Security report is based on unclassified information from Justice Department press releases on terrorism-related convictions and attackers killed in the act, State Department visa statistics, the 2016 Worldwide Threat Assessment from the U.S. intelligence community and the State Department Country Reports on Terrorism 2015.
The three-page report challenges Trump’s core claims. It said that of 82 people the government determined were inspired by a foreign terrorist group to carry out or try to carry out an attack in the United States, just over half were U.S. citizens born in the United States. The others were from 26 countries, led by Pakistan, Somalia, Bangladesh, Cuba, Ethiopia, Iraq and Uzbekistan. Of these, only Somalia and Iraq were among the seven nations included in the ban.
Of the other five nations, one person each from Iran, Sudan and Yemen was also involved in those terrorism cases, but none from Syria. It did not say if any were Libyan.
The report also found that terrorist organizations in Iran, Libya, Somalia and Sudan are regionally focused, while groups in Iraq, Syria and Yemen do pose a threat to the U.S.
The seven countries were included in a law President Barack Obama signed in 2015 that updated visa requirements for foreigners who had traveled to those countries. More here from Associated Press.
Then we have the gullible Prime Minister of Canada, Justin Trudeau who has invited Middle Eastern migrants, asylees and refugees in a welcome to Canada. Yet the intelligence and security authorities in Canada have a different position.
Terrorism
The principal terrorist threat to Canada remains that posed by violent extremists who could be inspired to carry out an attack in Canada. Violent extremist ideologies espoused by terrorist groups like Daesh and Al Qaeda (AQ) continue to appeal to certain individuals in Canada.
Long description of infographic: Terrorism timeline
The principal terrorist threat to Canada remains that posed by violent extremists who could be inspired to carry out an attack in Canada. Violent extremist ideologies espoused by terrorist groups like Daesh and Al Qaeda (AQ) continue to appeal to certain individuals in Canada.
As in recent years, the Government of Canada has continued to monitor and respond to the threat of extremist travellers, that is, individuals who are suspected of travelling abroad to engage in terrorism-related activity. The phenomenon of extremist travellers—including those abroad, those who return, and even those prevented from travelling—poses a range of security concerns for Canada. As of the end of 2016, the Government was aware of approximately 180 individuals with a nexus to Canada who were abroad and who were suspected of engaging in terrorism-related activities. The Government was also aware of a further 60 extremist travellers who had returned to Canada.
The threat environment has also evolved beyond Canada’s borders. Daesh has continued to dominate the landscape in the Middle East, where other terrorist groups such as Jabhat al-Nusra and Hizballah also operate. Elsewhere in the Middle East, Al Qaeda in the Arabian Peninsula (AQAP) has taken advantage of the civil conflict in Yemen to capture territory there and strengthen itself. In addition, 2016 saw Daesh’s expansion in Africa, and Boko Haram (now rebranded as a Daesh affiliate in West Africa) continues to pose a major threat to regional stability. In South and Southeast Asia, Daesh expansionism and entrenched regional groups shaped the threat environment.
Canadians and Canadian interests are also affected. Canadian Armed Forces (CAF) personnel, government officials and private citizens are under constant threat in certain regions. In September 2015, two Canadians were kidnapped in the Philippines. Both were killed by their captors in the spring of 2016. In January 2016, an AQ-affiliated group based in Mali attacked a hotel in Burkina Faso, killing six Canadians. That same month, attackers linked to Daesh targeted a coffee shop in Jakarta, Indonesia, killing one Canadian. In June 2016, a Somali government minister with Canadian citizenship was killed in an Al-Shabaab terrorist attack on a hotel in Mogadishu, Somalia. Also in June, 15 Nepalese security guards who protected the Embassy of Canada to Afghanistan in Kabul were killed when terrorists targeted the bus that was transporting them to work.
International Cooperation
The international security environment continues to result in increased threats to Canada and its interests, both domestically and abroad. Ongoing conflicts in several regions of Africa, the Middle East, Asia, Eastern Europe and elsewhere show no signs of abating and continue to have serious national and international security implications. Worldwide incidents of terrorism, espionage, weapons proliferation, illegal migration, cyber-attacks and other acts targeting Canadians—directly or indirectly—remain ever present. Since the bulk of such threats originate from (or have a nexus to) regions beyond Canada’s borders, CSIS needs to be prepared and equipped to investigate the threat anywhere.
Additionally, certain security threats continue to evolve. Over the past several years, the globalization of terrorism, fueled by elaborate online propaganda videos by extremist groups, has expanded the breadth of radicalization. In some instances, individuals influenced by extremist ideology and driven by a need to feed their sense of belonging have travelled (or attempted to travel) abroad to participate in terrorist activity. Others may continue to support their extremist ideology through training, fundraising, recruitment and attack planning within Canada. As the threat posed by ‘foreign fighters’ is international in scope, a global reach is an absolute necessity in efforts to track and thwart threats to Canada and its allies posed by such individuals.
Furthermore, while the international focus has been on countering terrorism, espionage threats remain ever present and have become far more complex due to continuing advancements in technology and the globalization of communications. On the cyber front, foreign governments and hackers continue to exploit the Internet and other means to target critical infrastructure and information systems of other countries.
Such threats cannot be countered in isolation, and CSIS must remain adaptable in order to keep abreast of developments in both the domestic and international spheres. Despite differences in mandate, structure or vision, security intelligence agencies around the globe are all faced with very similar priorities and challenges. To meet the Government of Canada’s priority intelligence requirements, CSIS maintains a well-established network of relationships with foreign agencies. In accordance with s.17(1)(b) of the CSIS Act, all such arrangements are authorized by the Minister of Public Safety and supported by the Minister of Foreign Affairs. These arrangements provide CSIS access to timely information linked to a number of threats and allow the Service (and, in turn, the Government of Canada) to obtain information which might otherwise not be available.
As of March 31, 2016, CSIS had established over 300 foreign arrangements in some 150 countries. Of those, 69 remain defined as ‘Dormant’ (due to a lack of need for engagement or exchanges for a period of one year or more), while nine remained defined as ‘Restricted’ due to concerns over the affected agencies’ respect for human rights or its reliability. The human rights reputations of foreign agencies with which CSIS engages is not something which the Service takes lightly. In order to mitigate potential risks of sharing information, CSIS regularly assesses its foreign relationships and reviews various government and non-government human rights reports for all countries with which the Service has implemented ministerially approved arrangements, always cognizant of the fact that our first responsibility is to the Canadian people and their safety. CSIS opposes in the strongest possible terms the mistreatment of any individual by a foreign agency. The Service must and does comply with Canada’s laws and legal obligations in sharing information with foreign entities, and expects the same from its foreign counterparts.
Terrorist Group Profiles
The Cyber Threat
Cyber threats from hostile actors continue to evolve. State-sponsored entities and terrorists alike are using Computer Network Operations (CNO) directed against Canadian interests, both domestically and abroad. Canada remains both a target for malicious cyber activities, and a platform from which these hostile actors conduct CNO against entities in other countries.
Long description of infographic: Canadian sectors at risk
These state-sponsored and terrorist CNO actors are increasing in number, capability and aggression, and have access to a growing range of tools and techniques that they can employ to accomplish their mission. As these tools and techniques evolve and become more complex, so too do the challenges of detecting and attributing CNO.Moreover, despite the fact that they originate in the virtual realm, the consequences of CNO can be very real. For example, in December 2015, a cyber-attack conducted against three Ukrainian power companies resulted in a power outage that left hundreds of thousands of people in the dark. The type of systems the actors exploited in this attack is used by energy companies worldwide. Should such destructive cyber-operations be targeted against similar systems in Canada, they could potentially affect any and all areas of its critical infrastructure.
Unfortunately, CNOs are not uncommon and agencies at all levels of government in Canada have faced this threat. The Government of Canada witnesses serious attempts to penetrate its networks on a daily basis.
CSIS is also aware of state-sponsored cyber-espionage and influence activities targeting the private sector in Canada and abroad. The targets of these attacks often fall within Canada’s advanced technology sector and throughout the critical infrastructure spectrum. Universities engaged in advanced research and development have also been subjected to CNO. In addition to stealing intellectual property, one of the objectives of state-sponsored CNO is to obtain information which will give their own companies a competitive edge over Canadian firms. This could impact investment or acquisition negotiations involving Canadian companies and the Government of Canada, and, in turn, lead to lost jobs, revenue, and market share. Ultimately, cyber-espionage negatively impacts Canada’s economy as a whole.
In responding to these threats, CSIS relies on specialized collection techniques to report on state-sponsored cyber-espionage or cyber-terrorism activity. For instance, by analyzing networks or malware behind CNOs, the Service can uncover clues that help identify the origins of the cyber-attacks (known as “attribution”).
The Service also maintains relationships with domestic and foreign agencies to provide the Government of Canada with the most up-to-date intelligence regarding the cyber threats facing Canada and who is behind them.
Security Screening program
The CSIS Security Screening program represents one of the most visible of the Service’s operational sectors. It helps defend Canada and Canadians from threats to national security emanating from terrorism and extremism, espionage, and the proliferation of weapons of mass destruction. Security screening prevents persons who pose these threats from entering or obtaining status in Canada, or from obtaining access to sensitive sites, government assets or information. In addition, through its government screening program, CSIS assists the RCMP with the accreditation process for Canadians and foreign nationals seeking access to or participating in major events in Canada.
Note: Figures have been rounded
**Individuals claiming refugee status in Canada or at ports of entryLong description of infographic: Statistics from the security screening program
Long description of infographic: Statistics for the 2015 Pan Am Games
Read more about the CSIS Security Screening program
The CSIS Security Screening program also played a key role in achieving the Government of Canada’s goal to resettle 25,000 refugees from Syria by February 29, 2016. Between November 2015 and February 2016, CSIS conducted screening investigations on the applicants selected for resettlement in Canada. CSIS continues to work closely with the Canada Border Services Agency (CBSA) and Immigration, Refugees, and Citizenship Canada (IRCC) to provide timely security advice regarding permanent resident applicants who could represent a threat to Canada’s national security, while ensuring legitimate refugees are screened and resettled in a timely manner.
A Unique Workplace
The people of CSIS are committed to ensuring a Service that is nimble, flexible and innovative, and takes responsible risks in the delivery of its mandate and in the pursuit of its strategic outcome.
As of March 31, 2016
Long description of infographic: Statistics related to CSIS’ workforce and awards received
Recruiting
Recruiting the right talent to deliver on our mandate remains a key priority for the Service and the CSIS recruiting website, csiscareers.ca represents the cornerstone of our efforts. During 2014-2016, there were over 2 million hits to the site resulting in close to 90,000 applications being submitted.
Long description of infographic: Statistics from the CSIS recruiting site
The Service prioritizes a diverse workforce which allows us to better understand the demographics of the Canadian communities we protect, therefore better equipping us to collect relevant and accurate intelligence. Our recruiting team includes a diversity recruiter who liaises with a variety of community leaders across the country, and attends diversity job fairs and networking events in an effort to attract applicants from designated groups such as visible minorities, Aboriginal peoples and persons with disabilities.In addition, a partnership has been established with Public Safety, the Royal Canadian Mounted Police (RCMP), Canada Border Services Agency (CBSA), Correctional Service Canada (CSC), Communication Security Establishment (CSE) and Department of National Defence to share best recruiting practices and hold joint initiatives.
Academic Outreach
The Academic Outreach (AO) program at CSIS seeks to promote conversations with experts from a variety of disciplines and cultural backgrounds working in universities, think tanks and other research institutions in Canada and abroad.
Long description of infographic: Academic Outreach statistics
Long description of infographic: Publications from Academic Outreach
In 2014-2015, AO hosted a conference that brought together multi-disciplinary experts from several countries. The conference was entitled “A Brave New World: Exploring the Evolving Nature of Cyber-conflict” and examined cyber threats facing Canada and its Western allies, our adversaries and their intent, as well as countermeasures that could help mitigate the proliferation of cyber conflict. In 2015-2016, we hosted another conference, “Brittle Might? Testing China’s Success”, which explored the challenges facing modern China, assessed the strengths and weaknesses of the country’s leadership, examined Beijing’s involvement in global affairs and debated China’s trajectory in the coming years.The international conferences, however, represent only one component of the AO program. We also hosted a number of in-depth briefings on other topics of interest. For instance, one reviewed the global banking sector’s experience at identifying money laundering and terrorist financing activity. Another expert explored the phenomenon of radicalization in Western countries, while another guest specialist assessed the capabilities of Shia militias operating in Iraq and Syria.
During the period of review, outside experts engaged CSIS staff on discussions covering a range of security and strategic issues, including Russia’s strategy towards the Arctic; the uses and limitations of ‘big data’ for intelligence analysis; Boko Haram’s campaign of violence in Nigeria; and the regional consequences of the conflict in Iraq and Syria on Lebanon.
Checks and Balances
The Security Intelligence Review Committee (SIRC) is an external independent review body that reports to Parliament on CSIS’ operations. It does so through its three core functions: certifying the CSIS Director’s annual report to the Minister of Public Safety, carrying out in-depth reviews of CSIS activities and conducting investigations into public complaints about CSIS. CSIS’ External Review and Liaison Unit (ER&L) manages the Service’s relationship with SIRC, ensuring that it receives all of the necessary information required to fulfil its mandate.
Long description of infographic: SIRC reviews and complaints 2014-2015 and 2015-2016
Each year, SIRC provides a research plan identifying the reviews it plans to undertake. For each review, ER&L works closely with SIRC to ensure it has the documents it needs and to arrange briefings by CSIS employees. ER&L manages the correspondence between SIRC and the Service during a review as well as the Service’s response to the resulting report. These reviews, reflected in SIRC’s Annual Public Report, provide comprehensive assurance to Parliament and the Canadian public about the Service’s exercise of its authorities.ER&L is also the primary point of contact for all stakeholders on public complaints made to SIRC and ensures that SIRC’s legal counsel has the information required for complaint investigations. When an investigation involves a hearing, ER&L assists Department of Justice legal counsel in preparing the CSIS case, including preparation of submissions, exhibits and arranging witnesses to testify at hearings.
ER&L coordinates CSIS responses to SIRC on questions, requests, recommendations, and correspondence. While CSIS is not required to accept all SIRC recommendations, they are reviewed carefully and CSIS responds in writing and these responses are reflected in SIRC’s Annual Report. In ensuring continuity and transparency, ER&L tracks progress and reports to SIRC on CSIS’ implementation of actions recommended by SIRC.
CSIS Internal Audit Branch / Disclosure of Wrongdoing and Reprisal Protection
The Internal Audit (IA) Branch is led by the Chief Audit Executive (CAE), who reports to the CSIS Director and to the CSIS External Audit Committee (AC). The IA Branch is subject to the Treasury Board Policy on Internal Audit, the Internal Auditing Standards for the Government of Canada as well as the International Standards for the Professional Practice of Internal Auditing.
The CAE provides assurance services to the Director, Senior Management and the AC, as well as independent, objective advice and guidance on the Service’s risk management practices, control framework, and governance processes. The CAE is also the Senior Officer for Disclosure of Wrongdoing.
The AC examines CSIS’ performance in the areas of risk management, control and governance processes relating to both operational activities and administrative services. By maintaining high standards in relation to its review function in particular following-up on the implementation of management action plans derived from audit recommendations, the AC supports and enhances the independence of the audit function.
In the capacity of Senior Officer for Disclosure of Wrongdoing, the CAE is responsible for administering the Internal Disclosure of Wrongdoing and Reprisal Protection Policy. The Policy provides a confidential mechanism for employees to come forward if they believe that serious wrongdoing has taken place. It also provides protection against reprisal when employees come forward, and ensures a fair and objective process for those against whom allegations are made.
Access to Information and Privacy
The mandate of the Access to Information and Privacy (ATIP) Unit is to fulfill the Service’s obligations under the Access to Information Act and the Privacy Act. The Service’s Chief, ATIP is entrusted with the delegated authority from the Minister of Public Safety Canada to exercise and perform the duties of the Minister as head of the institution.
Long description of infographic: ATIP statistics
As the custodian of expertise related to the Service’s obligations under the Access to Information Act and the Privacy Act, the ATIP Unit processes all requests made under the relevant legislation and responds to informal requests for information. In doing so, the unit must balance the need for transparency and accountability in government institutions while ensuring the protection of the Service’s most sensitive information and assets.
Financial Resources
The Financial Resources table below provides a snapshot of CSIS expenditures over the last 6 years (from 2010-2011 to 2015-2016).
Long description of infographic: CSIS expenditures from 2010-2016
Category Archives: Legislation
California Secede from United States, Courtesy of Russia
In our view, the United States of America represents so many things that conflict with Californian values, and our continued statehood means California will continue subsidizing the other states to our own detriment, and to the detriment of our children.
Although charity is part of our culture, when you consider that California’s infrastructure is falling apart, our public schools are ranked among the worst in the entire country, we have the highest number of homeless persons living without shelter and other basic necessities, poverty rates remain high, income inequality continues to expand, and we must often borrow money from the future to provide services for today, now is not the time for charity.
However, this independence referendum is about more than California subsidizing other states of this country. It is about the right to self-determination and the concept of voluntary association, both of which are supported by constitutional and international law.
It is about California taking its place in the world, standing as an equal among nations. We believe in two fundamental truths: (1) California exerts a positive influence on the rest of the world, and (2) California could do more good as an independent country than it is able to do as just a U.S. state.
In 2016, the United Kingdom voted to leave the international community with their “Brexit” vote. Our “Calexit” referendum is about California joining the international community. You have a big decision to make.
****
He’s the founder of a Californian independence movement. Just don’t ask him why he lives in Russia.
WaPo: Louis J. Marinelli is a man on a quixotic mission: to help California secede from the United States and become an independent country.
Surprisingly, this quest has been going relatively well of late. Marinelli’s group, Yes California, is attempting to collect 585,000 signatures necessary to place a secessionist question on the 2018 ballot. Buoyed by California’s already tense relationship with President Trump, the campaign has received a large amount of press coverage and support over the past few months.
But for the 30-year-old Yes California president, there remains one annoying problem: People keep asking him why he lives in Russia.
In the wake of Yes California’s recently acquired momentum, a lot of people have taken note of Marinelli’s unusual home base. Numerous articles have appeared in the Californian media noting Marinelli’s choice of residence. On social media, discussions about Marinelli often take on a deeply conspiratorial tone.
“Hands off California, Putin,” a rival secessionist movement, the California National Party, tweeted in January. “We won’t take orders from your puppet Moscow Marinelli.”
Marinelli has perhaps compounded the issue by making numerous appearances on Russian state media (approximately once a week, by his own estimation), at times offering a political viewpoint that seems to line up neatly with the Kremlin’s. In late December, the Russian media gave widespread coverage to Marinelli as his group opened a “Californian Embassy” in Moscow.
Speaking via video chat from his home in Yekaterinburg earlier this month, Marinelli seemed exasperated when quizzed about his decision to live in Russia.
“And Barack Obama was born in Kenya, right?” he said incredulously.
“The fact that I’m an English teacher in Yekaterinburg doesn’t mean there’s some Russian government conspiracy or support for our campaign,” Marinelli said. “The fact that I studied Russian language courses at Saint Petersburg State University in 2007 or ’08 doesn’t mean that I know Vladimir Putin, who graduated from there in 1975.”
He offered an explanation for his circumstances that went into more detail than one posted in a FAQ section on the Yes California website. It presented a reasonable — though unusual — set of events that had resulted in him leading a Californian independence movement from half a world away.
It goes like this: Buffalo-born Marinelli moved to California in 2006. A year later, he upped sticks and went to Saint Petersburg State University to study Russian. He lived “on and off” in Russia between 2007 and 2011, during which time he met his wife, a Russian citizen. The pair moved back to San Diego, but Marinelli’s partner ran into problems with the U.S. immigration system.
“Her visa had expired and there was really no way for us to easily adjust her status,” Marinelli said. “If she had left the country, she’d be banned for 10 years, and so that wasn’t an option.”
Marinelli said they received a “glimmer of hope” last August that would allow his wife, who has been unable to leave the country until her legal status in the United States was secured, a chance to return home. She was desperate to visit her family, he said, so Marinelli found an apartment in Yekaterinburg and a job teaching English for a semester that provided him a visa. But then, according to his telling, “the immigration thing kind of fell through,” and his wife was unable to travel.
The end result was that Marinelli was obliged to go to Russia, he said, while his Russian wife was stuck in San Diego. “We’re still working on resolving the problem,” Marinelli said, adding that his wife was in the process of getting a green card. “Hopefully that goes well and we can end this chapter of our lives.”
It’s a strange situation — and not exactly how some of Marinelli’s partners in Yes California describe it (Marcus Ruiz Evans, the group’s vice president, told The Washington Post that Marinelli’s wife also lived in Russia).
But it is a plausible scenario.
Marinelli’s ties to Alexander Ionov are perhaps bigger conspiracy fodder. Ionov is the founder of the Anti-Globalization Movement of Russia, a group that supports various secessionist movements around the world. Last September, he put on a Kremlin-sponsored event in Moscow for Western secessionists that Marinelli and other representatives of Yes California attended.
Reached via email, Ionov said that about 30 percent of the funding for the event came from the Russian government. But he said none of that money was given to any U.S. groups, including Yes California. Marinelli also pushed back on the idea that this represents a link with the Russian government.
“We don’t have any communication with or contact with or receive any support of any kind from the Russian government or any Russian government officials,” Marinelli said.
“We’re not actively pursuing a dialogue with Vladimir Putin here in Russia even though I’m in Russia,” he added.
Would Putin want a dialogue? Some experts said that while Ionov and his group may have some limited ties to the Kremlin, they are ultimately small fry in Moscow.
Simon Saradzhyan, the founding director of the Russia Matters Project at Harvard’s Belfer Center for Science and International Affairs, said that the Russian government probably wasn’t taking the Yes California project very seriously, “if only because that chances that this movement can eventually win independence for that state are close to zero.” But Saradzhyan also noted that Russia could well be interested in getting revenge on Washington for what it saw as U.S. support for Chechen separatism in the 1990s.
Fiona Hill, a Russia expert with Brookings Institution, said in an email that historical Russian links to California added further intrigue to the situation.
“Russia had a major early-19th century colony in California and there has been quite a lot of interest in promoting this from circle’s close to the Kremlin,” Hill said, pointing to Kremlin-connected oligarch Viktor Vekselberg and his interest in Fort Ross, the former colony in what is now Sonoma County.
It sounds outlandish, but after an election in which Russian interference supposedly helped a former reality television star with no political experience gain entry to the White House — well, perhaps it doesn’t seem that outlandish. Marinelli didn’t sound like a fan of the way that election turned out. He repeatedly criticized Trump during his interview with WorldViews, noting how the U.S. president had threatened to defund California.
Marinelli also admitted that he voted for Trump — a tactical decision, he explained. “We need things that we can use to promote the cause, and I think Donald Trump is a daily advertisement for that cause,” he said, noting that his vote didn’t matter much in California, anyway.
When it comes to Marinelli’s thoughts on the other president in his life, Putin, he keeps his cards closer to his chest. He said he doesn’t have an emotional connection to Russia in the same way he does the United States, which is actually “a great thing” about living in Yekaterinburg.
Back home, he said, he was often frustrated by what he saw as America’s failings.
“I think every country has progress to make on some fronts. People say, for example, that Russia has progress to make when it comes to civil rights and human rights,” he said. “And the United States doesn’t? In Russia, police aren’t shooting people because of their skin color. There’s pros and cons.”
Read more:
‘California is a nation, not a state’: This movement wants a break from the U.S.
What did Google Know, When did The Know it?
Techviral
A Glimpse Into How Much Google Knows About Russian Government Hackers
A 2014 leaked private report from Google shows how much the internet giant knows about government hacking groups.
Motherboard: In October of 2014 an American security company revealed that a group of hackers affiliated with the Russian government, dubbed APT28, had targeted Georgia and other Eastern European countries in a wide-ranging espionage campaign. Two and a half years later, APT28—also known as “Fancy Bear” or “Sofacy”—is a household name not just in the cybersecurity industry, but in the mainstream too, thanks to its attack on the US Democratic party and the ensuing leaks of documents and emails.
Before that report by FireEye, APT28 was a well-kept secret within the cybersecurity industry. At the time, several companies were willing to share information about the hacking group. Even Google investigated the group, and penned a 40-page technical report on the hacking group that has never been published before.
This sort of document, which Motherboard obtained from two independent sources, may be a common sight in the threat intelligence industry, but the public rarely gets to see what such a report from Google looks like. The report draws from one of Google’s most interesting sources of data when it comes to malware and cybersecurity threats: VirusTotal, a public malware repository that the internet giant acquired in 2012.
Sofacy and X-Agent, the report read, referring to the malware used by APT28, “are used by a sophisticated state-sponsored group targeting primarily former Soviet republics, NATO members, and other Western European countries.”
“It looks like Google researchers were well aware of Sofacy before it was publicly disclosed.”
While Google security researchers don’t dwell into who’s really behind these operations, they do hint that they agree with the now widespread belief that APT28 works for the Russian government in a clever, indirect, way—in the very title of the report: “Peering into the Aquarium.”
While that might seem like an obscure title, for those who follow Russian espionage activities, it’s a clear reference to the headquarters of the military intelligence agency known as GRU or Glavnoye Razvedyvatel’noye Upravleniye, which are popularly known as “The Aquarium.”
“It looks like Google researchers were well aware of Sofacy before it was publicly disclosed,” Matt Suiche, a security researcher and the founder of Comae Technologies and the OPCDE conference, told Motherboard in an online chat after reviewing the report. “And also attributed Sofacy and X-Agent to Russia before it was publicly done by FireEye, ESET or CrowdStrike.”
In its report Google security researcher note that APT28 attacks a large number of targets with its first-stage malware Sofacy, but only uses the more tailored and sophisticated X-Agent, which was recently used against Ukraine’s military units, for “high-priority targets.”
“Sofacy was three times more common than X-Agent in the wild, with over 600 distinct samples,” Google’s report stated.
Asked for comment, a Google spokesperson said via email that the company’s “security teams are constantly monitoring potential threats to internet users, and regularly publish information to better protect them.”
The report noted that Georgia had the highest ratio of submissions of Sofacy malware, followed by Romania, Russia and Denmark.
While this report is now a bit dated, it shows that for all its sophistication, APT28 has been often caught in the act of hacking politically interesting targets, betraying the origin of the hackers behind the dry nickname. It also reveals how much a company like Google, which doesn’t have software installed on thousands of customers computers like other antivirus and security vendors that is designed to specifically detect malware, can still learn a lot about government hacking groups thanks to the other data it has access to.
*** Related reading:
State-sponsored hackers targeting prominent journalists, Google warns
Politico: Google has warned a number of prominent journalists that state-sponsored hackers are attempting to steal their passwords and break into their inboxes, the journalists tell POLITICO.
Jonathan Chait of New York Magazine said he received several messages from Google warning him about an attack from a government-backed hacker starting shortly after the election. He said the most recent warning came two to three weeks ago.
Julia Ioffe, who recently started at The Atlantic and has covered Russia for years, said she got warnings as recently as two weeks ago. (See one of the warnings: http://bit.ly/2kMUyRb)
Some journalists getting the warnings say they suspect the hackers could be Russians looking to find incriminating emails they could leak to embarrass journalists, either by revealing alleged liberal bias or to expose the sausage-making of D.C. journalism.
“The fact that all this started right after the election suggests to me that journalists are the next wave to be targeted by state-sponsored hackers in the way that Democrats were during it,” said one journalist who got the warning. “I worry that the outcome is going to be the same: Someone, somewhere, is going to get hacked, and then the contents of their gmail will be weaponized against them — and by extension all media.”
The Russian embassy did not respond to a request for comment.
Russian embassy Washington DC
Google cautioned that the warnings did not mean the accounts had been compromised already and were sent due to “an abundance of caution.”
“Since 2012, we’ve notified users when we believe their Google accounts are being targeted by government-backed attackers,” said a Google spokesperson in a statement. “We send these warnings out of an abundance of caution — they do not indicate that a user’s account has already been compromised or that a more widespread attack is occurring when they receive the notice.”
Ezra Klein, the founder of Vox, said he had received the warning as recently as a few days back. CNN senior media reporter Brian Stelter said he has been getting the alerts for the past few months.
Other journalists who confirmed they’ve recently gotten the warnings include New York Times national security correspondent David Sanger, Times columnist Paul Krugman and Yahoo Washington bureau chief Garance Franke-Ruta.
GQ special contributor Keith Olbermann said the warnings started a few weeks after the election, and he received the most recent alert earlier this week, a “big bright red bar” across the top of his Gmail. Some of the reporters say they are tightening up their email security to try to prevent the hackers from getting in.
Chait also said he was “contacted over email by a stranger who offered to help me by giving me an encryption key to protect me from hackers. He would not give me his name, meet me or talk on the phone, despite repeated requests.”
The stranger also emailed The Atlantic’s David Frum, James Fallows and Adam Serwer, Andrew Sullivan and Ars Technica’s Dan Goodin.
Stanford professor Michael McFaul, the former U.S. ambassador to Russia, said he also received hacking warnings from Google. He added: “Given my background, one would have to guess that it’s the Russians.”
Trump’s Aggressive Immigration Plan Released
When it comes to asylum seekers, a person under the Obama administration only needed to say they were seeking asylum. Trump’s plan raises the bar where conditions for being granted asylum must be proven.
WHAT IS “CREDIBLE FEAR”?
Under the Immigration and Nationality Act, an applicant must generally demonstrate “a well-founded fear of persecution on account of race, religion, nationality, membership in a particular social group, or political opinion.”
Immigration lawyers say any applicants who appear to meet that criteria in their initial interviews should be allowed to make their cases in court. They oppose encouraging asylum officers to take a stricter stance on questioning claims and rejecting applications.
Interviews to assess credible fear are conducted almost immediately after an asylum request is made, often at the border or in detention facilities by immigration agents or asylum officers, and most applicants easily clear that hurdle. Between July and September of 2016, U.S. asylum officers accepted nearly 88 percent of the claims of credible fear, according to U.S. Citizenship and Immigration Services data.
Asylum seekers who fail the credible fear test can be quickly deported unless they file an appeal. Currently, those who pass the test are eventually released and allowed to remain in the United States awaiting hearings, which are often scheduled years into the future because of a backlog of more than 500,000 cases in immigration courts.
Between October 2015 and April 2016, nearly 50,000 migrants claimed credible fear, 78 percent of whom were from Honduras, El Salvador, Guatemala or Mexico, according to statistics from USCIS.
The number of migrants from those three countries who passed credible fear and went to court to make their case for asylum rose sharply between 2011 and 2015, from 13,970 claims to 34,125, according to data from the Justice Department. More here from Reuters.
Implementing the President’s Border Security and Immigration Enforcement Improvements Policies by USA TODAY on Scribd
FNC: Homeland Security Secretary John Kelly moved Tuesday to implement a host of immigration enforcement changes ordered by President Trump, directing agency heads to hire thousands more officers, end so-called “catch-and-release” policies and begin work on the president’s promised U.S.-Mexico border wall.
“It is in the national interest of the United States to prevent criminals and criminal organizations from destabilizing border security,” Kelly wrote in one of two memos released Tuesday by the department.
The memos follow up on Trump’s related executive actions from January and, at their heart, aim to toughen immigration enforcement.
The changes would spare so-called “dreamers.” On a conference call with reporters, a DHS official stressed that the directives would not affect Obama-era protections for illegal immigrants who came to the U.S. as children and others given a reprieve in 2014. But outside those exemptions, Kelly wrote that DHS “no longer will exempt classes or categories of removable aliens from potential enforcement.”
A DHS official said the agencies are “going back to our traditional roots” on enforcement.
The memos cover a sprawling set of initiatives including:
- Prioritizing criminal illegal immigrants and others for deportation, updating guidance from previous administration
- Expanding the 287(g) program, which allows participating local officers to act as immigration agents – and had been rolled back under the Obama administration
- Starting the planning, design and construction of a U.S.-Mexico border wall
- Hiring 10,000 Immigration and Customs Enforcement agents and officers
- Hiring 5,000 Border Patrol agents
- Ending “catch-and-release” policies under which illegal immigrants subject to deportation potentially are allowed to “abscond” and fail to appear at removal hearings
It’s unclear what timelines the secretary is setting for some of these objectives, and what budgetary and other constraints the department and its myriad agencies will face. In pursuing an end to “catch-and-release,” one memo called for a plan with the Justice Department to “surge” immigration judges and asylum officers to handle additional cases.
While congressional Republicans have vowed to work with Trump to fund the front-end costs associated with his promised border wall, the same memo also hints at future efforts to potentially use money otherwise meant for Mexico – following on Trump’s repeated campaign vow to make Mexico pay for the wall. The secretary called for “identifying and quantifying” sources of aid to Mexico, without saying in the memo how that information might be used.
Mexican officials repeatedly have said they will not pay for a border barrier. DHS said it has identified initial locations to build a wall where current fencing is not effective, near El Paso, Texas; Tucson, Ariz.; and El Centro, Calif.
The DHS directives come as the Trump White House continues to work on rewriting its controversial executive order suspending the U.S. refugee program as well as travel from seven mostly Muslim countries. The order was put on hold by a federal court, and Trump’s team is said to be working on a new measure.
The directives also come as the Trump administration faces criticism from Democratic lawmakers and immigration advocacy groups for recent ICE raids of illegal immigrants.
DHS officials on Tuesday’s conference call stressed that they are operating under existing law and once again shot down an apparently erroneous news report from last week claiming National Guard troops could be utilized to round up illegal immigrants. That will not happen, an official said.
“We’re going to treat everyone humanely and with dignity, but we are going to execute the laws of the United States,” a DHS official said on the conference call.
Congress to Formally Investigate Spooky Dude, Soros
When it comes to left-wing political objectives, none other than George Soros is part of the discussion. The Obama White House hosted Soros and Tom Steyer often to pursue funding of climate change initiatives. Soros had access to the Obama operatives on a whim. The internet is full of posts, articles and documents regarding Soros and his involvement in successful financial plots against the United States, but it goes far beyond that, all the way to Europe and former Soviet states. We wait, as the new Secretary of State Rex Tillerson gains control of Foggy Bottom with terminations and continues the clean up process, it will be interesting to see all the collusion by Soros with our government, especially USAID and policy.
CNBC
If there is any question about the collusion, on the State Department website was this document on international training and job sources including Open Society and many others including the Clinton Foundation.
Coming from the U.S. State Department and Members of Congress:
Lawmakers probe US funding for Soros groups, left-wing causes in Europe
FNC: George Soros’ alleged meddling in European politics has caught the attention of Congress.
Concerns about Soros’ involvement most recently were raised by the Hungarian prime minister, who last week lashed out at the Soros “empire” and accused it of deploying “tons of money and international heavy artillery.”
But days earlier, Republican lawmakers in Washington started asking questions about whether U.S. tax dollars also were being used to fund Soros projects in the small, conservative-led country of Macedonia.
Rep. Christopher Smith, R-N.J., led a group of House lawmakers in writing to Ambassador Jess Baily — an Obama appointee — demanding answers. Sen. Mike Lee, R-Utah, also expressed concerns about USAID money going to Soros’ Open Society Foundations as part of a broader concern that the U.S. Embassy has been taking sides in party politics.
“I have received credible reports that, over the past few years, the US Mission to Macedonia has actively intervened in the party politics of Macedonia, as well as the shaping of its media environment and civil society, often favoring groups of one political persuasion over another,” Lee said in his letter.
Together, the concerns reflect growing conservative pushback against Soros’ operations in Europe.
Hungarian Prime Minister Viktor Orban last week ripped the Hungary-born billionaire’s “trans-border empire.” Orban has been one of the central European voices speaking out against the push by E.U. leaders to absorb Syrian refugees and has been criticized for his hardline stance.
Soros’ Open Society Foundations — one of the billionaire’s biggest groups operating across the globe — fired back, saying Orban was trying to deflect attention from other issues.
“The Open Society Foundations for over 30 years have supported civil society groups in Hungary who are addressing profound problems in education, health care, media freedom and corruption,” Laura Silber, the organization’s chief communications officer, said in a statement to The Associated Press. “Any attacks on this work and those groups are solely an attempt to deflect attention from government inability to address these issues.”
The group’s stated goal is “to build vibrant and tolerant democracies whose governments are accountable to their citizens” but critics claim it’s a front for Soros’ hard-left political maneuverings.
Former Macedonian PM Nikola Gruevski says Soros has a “decisive influence” on his country’s politics.
“If it were not for George Soros behind it with all the millions he pours into Macedonia, the entire network of NGOs, media, politicians, inside and out … the economy would be stronger, we would have had more new jobs,” he said in a recent interview with Macedonia’s Republika newspaper.
Macedonia, while small, is a broadly conservative country. It has a flat rate tax of 10 percent, a small-government philosophy and a ruling conservative party (VMRO-DPMNE) that has greeted the election of President Trump warmly and pledged to work with him.
Lee’s staff recently met with Macedonia lawmakers, who also passed on a white paper from a citizen’s initiative called “Stop Operation Soros” which alleges U.S. money has been funding hard-left causes in the country — including violent riots in the streets, as well as a Macedonian version of Saul Alinsky’s far-left handbook “Rules for Radicals.”
In an extensive 40-page dossier, the group alleges USAID money is being used to fund activists and exclusively left-wing media groups as a way to sway the country’s politics.
The Open Society Foundations did not respond to a request for comment from Fox News.
On the Soros connection, Lee’s letter asked if the Mission has “selected the Open Society Foundations as the major implementer of USAID projects in Macedonia” and if the group has been perceived to have political bias in Macedonia.
In a reply dated Feb. 9, the State Department told Lee that the Mission in the country has worked to advance U.S. interests “in a non-biased, non-partisan, objective and transparent manner.” The letter claimed U.S. government assistance has not funded partisan political activities in Macedonia, but noted that from 2002 to the present, USAID had provided three grants to Foundation Open Society – Macedonia (FOSM).
One of these grants is outlined on the USAID website. Between 2012 and 2016, USAID gave almost $5 million in taxpayer cash to FOSM for “The Civil Society Project,”which “aims to empower Macedonian citizens to hold government accountable.” USAID’s website links to www.soros.org.mk, and says the project trained hundreds of young Macedonians “in youth activism and the use of new media instruments.”
The letter from the State Department to Lee said USAID also recently funded a new Civic Engagement Project which partners with four organizations, including FOSM. It was not clear how much this project would cost, but Smith put the figure at $9.5 million.
“The money is very significant, in fact there is still money in the pipeline, from 2017 to 2021, 9.5 million,” Smith said in a recent radio interview with the Family Research Council’s Tony Perkins. “It’s one thing to do election monitoring, which is a very noble cause to make sure there’s free and fair elections, but it’s quite another thing to be backing parties that Soros and his gang want to see in control of that country.”
It isn’t the only time Soros has worked with the State Department. Among the emails of Clinton campaign chairman John Podesta released by Wikileaks was one from 2011 in which Soros urged Hillary Clinton to take action in Albania over recent demonstrations in the capital of Tirana.
Soros asked Clinton to “bring the full weight of the international community to bear on Prime Minister Berisha and opposition leader Edi Rama to forestall further public demonstrations and to tone down public pronouncements” and appoint a senior European official as mediator.
Within a few days, an envoy was dutifully dispatched.
Former Macedonian PM Gruevski cited the WikiLeaks emails as proof “[Soros] can go visit top leading American officials whenever he wants to, arranges meetings day in day out and has significant influence.”
While Soros has often been a bogeyman for the American right, the liberal businessman has kept a steady pressure and funding of left-wing causes within America as well.
“This guy is a spider with lots of webs,” GOP strategist Brad Blakeman told Fox News’ “Strategy Room.” “He controls numerous third-party groups, where he uses his influence. We’ve seen it internally with Black Lives Matter, the demonstrations taken place after the inaugural — this is what he does.”
After violent left-wing activists rioted at Berkeley in protest of a lecture by Breitbart editor Milo Yiannopoulos, The Daily Caller reported that the main group behind the protests — Refuse Facism — was backed by The Alliance for Global Justice — which in turn is backed by The Tides Foundation, a Soros-funded group.
Soros also has donated to Media Matters and has been a major financial contributor to the Center for American Progress, a liberal think tank founded by Podesta.
*** Some of Soros political money donations:
Top Outside Group Donor Soros, George 2016 Overall Top Contributor George Soros 2008 Overall Top Contributor Soros, George 2016 Top Individual Contributors: Hard Money George Soros 2010 Top Individual Contributors: Hard Money Soros, George 2016 Top Contributor to 527s George Soros 2008 Top individual contributors to Super PACs SOROS, GEORGE 2014 Top individual contributors to Super PACs SOROS, GEORGE MR 2016 Obama Inaugural Donors SOROS, GEORGE