State Dept: Country Reports on Terrorism 2015

Cuba, Mexico, Venezuela, all in our hemisphere get major passes from the State Department.

Related reading: The 50 most violent cities in the world

Related reading: The world’s most dangerous and safest countries revealed  Interactive map for rankings is found here.

 

Country Reports on Terrorism 2015 is submitted in compliance with Title 22 of the United States Code, Section 2656f (the “Act”), which requires the Department of State to provide to Congress a full and complete annual report on terrorism for those countries and groups meeting the criteria of the Act.

Beginning with the report for 2004, it replaced the previously published Patterns of Global Terrorism.

 

Chapters

Chapter 1. Strategic Assessment
Chapter 2. Country Reports: Africa Overview
Chapter 2. Country Reports: East Asia and Pacific Overview
Chapter 2. Country Reports: Europe Overview
Chapter 2. Country Reports: Middle East and North Africa Overview
Chapter 2. Country Reports: South and Central Asia Overview
Chapter 2. Country Reports: Western Hemisphere Overview
Chapter 3: State Sponsors of Terrorism Overview
Chapter 4: The Global Challenge of Chemical, Biological, Radiological, or Nuclear (CBRN) Terrorism
Chapter 5: Terrorist Safe Havens (Update to 7120 Report)
Chapter 6. Foreign Terrorist Organizations
Chapter 7. Legislative Requirements and Key Terms

Annexes

National Consortium for the Study of Terrorism and Responses to Terrorism: Annex of Statistical Information [Get Acrobat Reader PDF version   ]
Terrorism Deaths, Injuries and Kidnappings of Private U.S. Citizens Overseas in 2015

Full Report

Country Reports on Terrorism 2015 (PDF)

Related reading: SUMMARY: Wilayat Sinai, an organization identified with the Islamic State, has recently suffered a series of serious blows from the Egyptian army. 

Iran’s Cuba and Latin American Tours and Trouble Ahead

While the United States attempted to normalize relations with both Iran and Cuba, it appears the real result is a renewed friendliness between Iran and Cuba at the cost of the U.S. taxpayer, that $1.7 billion or more.

It also must be noted that Cuban refugees continue to appear on American shores but now we must question how many of them are terrorists and what are they bringing with them. Iceberg ahead.

It is also important to note that the Cuban military runs all tourism and the hospitality industry as the United States has opened those travel channels.

****

Related reading: Breaking Sanctions with Cuba?

Cuba is a state sponsor of terrorism, that is until the White House decided it was no longer.

Cuba supports Iran’s nuclear ambitions and opposed IAEA rebukes of secret Iranian enrichment sites. The two countries have banking agreements (Islamic Republic News Agency), economic cooperation and lines of credit ( FNA), and three-way energy-focused treaties with Bolivia (CSMonitor). Cuba and Iran hold regular ‘Joint Economic Commission’ meetings; the latest, in November 2009, further expanded bilateral trade and economic ties.

Related reading: The U.S. has had a Russian Problem of Espionage for Decades

One of Cuba’s largest and long-term industries is spying and selling intelligence and secrets globally.

**** Image result for javad zarif 

Iran says will open new chapter in relations with Cuba

Reuters: Kicking off a six-day tour of Latin America, Iranian Foreign Minister Mohammad Javad Zarif said on Monday in Havana his visit would open a new chapter in the Islamic Republic’s relations with Communist-ruled Cuba.

Iran, which has long been friendly with Cuba, is on a drive to improve foreign commerce after the removal in January of international sanctions against the Islamic Republic.

“We will start a new chapter in the bilateral relations with Cuba on the basis of a big (business) delegation accompanying me on this visit,” Zarif said at a meeting with his Cuban counterpart, Bruno Rodriguez.

The international community lifted sanctions on Iran as part of the deal under which Tehran curbed its nuclear program.

Rodriguez congratulated Iran on the “success of its foreign policy” while reiterating its longstanding support for “all countries to develop nuclear energy with pacific ends”.

Cuba and Iran have in common a long stand-off with the United States. They were both on the U.S. State Department’s list of terrorism sponsoring countries until Havana was removed last year as part of a detente with Washington.

“We have always been on the side of the great Cuban people in view of atrocities and unjust sanctions,” Zarif said.

“The government and Cuban people have also always shown us solidarity with regards to the atrocities committed by the empire.”

Zarif’s tour will also take him to Chile, Nicaragua, Bolivia and Venezuela.

Just last week, Cuba’s new Economy Minister Ricardo Cabrisas made a trip to Tehran where he met with President Hassan Rouhani.

German exports to Iran, mostly machines and equipment, jumped in the first half of the year following the removal of international sanctions against the Islamic Republic, official trade data showed on Monday

New Color-coded Cyber Threats

Remember when the Democrats and lobby groups ridiculed George W. Bush for using a color coded threat matrix? Carry on….

The White House now has a color-coded scale for cyber-security threat

TheVerge:  As the Obama administration nears its final months, the White House has released a framework for handling cyberattacks. The Presidential Policy Directive on United States Cyber Incident Coordination builds on the action plan that Obama laid out earlier this year, and it’s intended to create a clear standard of when and how government agencies will handle incidents. It also comes with a new threat level scale, assigning specific colors and response levels to the danger of a hack.

The cyberattack severity scale is somewhat vague, but it’s supposed to make sure that the agencies involved in cybersecurity — the Department of Justice, Department of Homeland Security, and Office of the Director of National Intelligence — respond to threats with the same level of urgency and investment. A Level One incident is “unlikely to impact public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence,” while a red Level Four one is “likely to result in a significant impact to public health or safety, national security, economic security, foreign relations, or civil liberties.” One final designation — Level Five, or black — covers anything that “poses an imminent threat to the provision of wide-scale critical infrastructure services, national government stability, or to the lives of US persons.”

The upshot of this is that anything at Level Three or above will trigger a coordination effort to address the threat. In addition to the groups above, this effort will include the company, organization, or agency that was attacked.

Cybersecurity is a growing concern, and both Congress and the White House have spent the past several years pushing various frameworks for shoring it up. This includes a series of hotly debated bills that culminated in the Cyber Information Sharing Act, which has raised privacy questions as it’s been put into practice. At the same time, high-profile hacks have led to serious consequences for companies like Sony Pictures, Target, and Ashley Madison. Most recently, an unknown hacker or hackers — potentially linked to Russia — breached the Democratic National Committee’s servers, releasing large numbers of embarrassing documents and emails. This announcement doesn’t tell us exactly how the federal government will handle future cyberattacks, but along with everything else, it does signal that they’re becoming a more and more standard part of the security equation.

*****

From the White House FACT SHEET: Presidential Policy Directive

The PPD builds on these lessons and institutionalizes our cyber incident coordination efforts in numerous respects, including:

  • Establishing clear principles that will govern the Federal government’s activities in cyber incident response;
  • Differentiating between significant cyber incidents and steady-state incidents and applying the PPD’s guidance primarily to significant incidents;
  • Categorizing the government’s activities into specific lines of effort and designating a lead agency for each line of effort in the event of a significant cyber incident;
  • Creating mechanisms to coordinate the Federal government’s response to significant cyber incidents, including a Cyber Unified Coordination Group similar in concept to what is used for incidents with physical effects, and enhanced coordination procedures within individual agencies;
  • Applying these policies and procedures to incidents where a Federal department or agency is the victim; and,
  • Ensuring that our cyber response activities are consistent and integrated with broader national preparedness and incident response policies, such as those implemented through Presidential Policy Directive 8-National Preparedness, so that our response to a cyber incident can seamlessly integrate with actions taken to address physical consequences caused by malicious cyber activity.

We also are releasing today a cyber incident severity schema that establishes a common framework within the Federal government for evaluating and assessing the severity of cyber incidents and will help identify significant cyber incidents to which the PPD’s coordination procedures would apply.

Incident Response Principles

The PPD outlines five principles that will guide the Federal government during any cyber incident response:

  • Shared Responsibility – Individuals, the private sector, and government agencies have a shared vital interest and complementary roles and responsibilities in protecting the Nation from malicious cyber activity and managing cyber incidents and their consequences.
  • Risk-Based Response – The Federal government will determine its response actions and  resource needs based on an assessment of the risks posed to an entity, national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people.
  • Respecting Affected Entities – Federal government responders will safeguard details of the incident, as well as privacy and civil liberties, and sensitive private sector information.
  • Unity of Effort – Whichever Federal agency first becomes aware of a cyber incident will rapidly notify other relevant Federal agencies in order to facilitate a unified Federal response and ensure that the right combination of agencies responds to a particular incident.
  • Enabling Restoration and Recovery – Federal response activities will be conducted in a manner to facilitate restoration and recovery of an entity that has experienced a cyber incident, balancing investigative and national security requirements with the need to return to normal operations as quickly as possible.

Significant Cyber Incidents

While the Federal government will adhere to the five principles in responding to any cyber incident, the PPD’s policies and procedures are aimed at a particular class of cyber incident: significant cyber incidents.  A significant cyber incident is one that either singularly or as part of a group of related incidents is likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people.

When a cyber incident occurs, determining its potential severity is critical to ensuring the incident receives the appropriate level of attention.  No two incidents are the same and, particularly at the initial stages, important information, including the nature of the perpetrator, may be unknown.

Therefore, as part of the process of developing the incident response policy, the Administration also developed a common schema for describing the severity of cyber incidents, which can include credible reporting of a cyber threat, observed malicious cyber activity, or both.  The schema establishes a common framework for evaluating and assessing cyber incidents to ensure that all Federal departments and agencies have a common view of the severity of a given incident, the consequent urgency of response efforts, and the need for escalation to senior levels.

The schema describes a cyber incident’s severity from a national perspective, defining six levels, zero through five, in ascending order of severity.  Each level describes the incident’s potential to affect public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence.  An incident that ranks at a level 3 or above on this schema is considered “significant” and will trigger application of the PPD’s coordination mechanisms.

Lines of Effort and Lead Agencies

To establish accountability and enhance clarity, the PPD organizes Federal response activities into three lines of effort and establishes a Federal lead agency for each:

  • Threat response activities include the law enforcement and national security investigation of a cyber incident, including collecting evidence, linking related incidents, gathering intelligence, identifying opportunities for threat pursuit and disruption, and providing attribution.   The Department of Justice, acting through the Federal Bureau of Investigation (FBI) and the National Cyber Investigative Joint Task Force (NCIJTF), will be the Federal lead agency for threat response activities.
  • Asset response activities include providing technical assets and assistance to mitigate vulnerabilities and reducing the impact of the incident, identifying and assessing the risk posed to other entities and mitigating those risks, and providing guidance on how to leverage Federal resources and capabilities.   The Department of Homeland Security (DHS), acting through the National Cybersecurity and Communications Integration Center (NCCIC), will be the Federal lead agency for asset response activities.  The PPD directs DHS to coordinate closely with the relevant Sector-Specific Agency, which will depend on what kind of organization is affected by the incident.
  • Intelligence Support and related activities include intelligence collection in support of investigative activities, and integrated analysis of threat trends and events to build situational awareness and to identify knowledge gaps, as well as the ability to degrade or mitigate adversary threat capabilities.  The Office of the Director of National Intelligence, through the Cyber Threat Intelligence Integration Center, will be the Federal lead agency for intelligence support and related activities.

In addition to these lines of effort, a victim will undertake a wide variety of response activities in order to maintain business or operational continuity in the event of a cyber incident.  We recognize that for the victim, these activities may well be the most important.  Such efforts can include communications with customers and the workforce; engagement with stakeholders, regulators, or oversight bodies; and recovery and reconstitution efforts.   When a Federal agency is a victim of a significant cyber incident, that agency will be the lead for this fourth line of effort.  In the case of a private victim, the Federal government typically will not play a role in this line of effort, but will remain cognizant of the victim’s response activities consistent with these principles and coordinate with the victim.

Coordination Architecture

In order to facilitate the more coordinated, integrated response demanded by significant cyber incidents, the PPD establishes a three-tiered coordination architecture for handling those incidents:

National Policy Level:  The PPD institutionalizes the National Security Council-chaired interagency Cyber Response Group (CRG).  The CRG will coordinate the development and implementation of United States Government policy and strategy with respect to significant cyber incidents affecting the United States or its interests abroad.

National Operational Level:  The PPD directs agencies to take two actions at the national operational level in the event of a significant cyber incident.

  • Activate enhanced internal coordination procedures.  The PPD instructs agencies that regularly participate in the Cyber Response Group to develop these procedures to ensure that they can surge effectively when confronted with an incident that exceeds their day-to-day operational capacity.
  • Create a Unified Coordination Group.  In the event of a significant cyber incident, the PPD provides that the lead agencies for each line of effort, along with relevant Sector-Specific Agencies (SSAs), state, local, tribal and territorial governments, international counterparts, and private sector entities, will form a Cyber Unified Coordination Group (UCG) to coordinate response activities.  The Cyber UCG shall coordinate the development, prioritization, and execution of cyber response efforts, facilitate rapid information sharing among UCG members, and coordinate communications with stakeholders, including the victim entity.

Field Level:  The PPD directs the lead agencies for each line of effort to coordinate their interaction with each other and with the affected entity.

Integration with Existing Response Policy

The PPD also integrates U.S. cyber incident coordination policy with key aspects of existing Federal preparedness policy to ensure that the Nation will be ready to manage incidents that include both cyber and physical effects, such as a significant power outage resulting from malicious cyber activity.  The PPD will be implemented by the Federal government consistent with existing preparedness and response efforts.

Implementation tasks

The PPD also directs several follow-on tasks in order to ensure its full implementation.  In particular, it requires that the Administration develop and finalize the National Cyber Incident Response Plan – in coordination with State, Local, Territorial, and Tribal governments, the private sector, and the public – to further detail how the government will manage cyber incidents affecting critical infrastructure.  It also directs DHS and DOJ to develop a concept of operations for how a Cyber UCG will operate and for the NSC to update the charter for the CRG.

Passionatepolka, TreasureMap and FLATLIQUID?

I read one of his books several years ago….

The summary below is not classified material. The Intelligence Community  including the NSA has declassified a lot of material such as:

Chinese Cyber Espionage in the U.S.

August 10, 2015

China Read Emails of Top U.S. Officials – NBC News

NSA slide showing China hacking units

Commentary: The world’s best cyber army doesn’t belong to Russia

by: Bamford

Reuters: National attention is focused on Russian eavesdroppers’ possible targeting of U.S. presidential candidates and the Democratic Congressional Campaign Committee. Yet, leaked top-secret National Security Agency documents show that the Obama administration has long been involved in major bugging operations against the election campaigns — and the presidents — of even its closest allies.

The United States is, by far, the world’s most aggressive nation when it comes to cyberspying and cyberwarfare. The National Security Agency has been eavesdropping on foreign cities, politicians, elections and entire countries since it first turned on its receivers in 1952. Just as other countries, including Russia, attempt to do to the United States. What is new is a country leaking the intercepts back to the public of the target nation through a middleperson.

There is a strange irony in this. Russia, if it is actually involved in the hacking of the computers of the Democratic National Committee, could be attempting to influence a U.S. election by leaking to the American public the falsehoods of its leaders. This is a tactic Washington used against the Soviet Union and other countries during the Cold War.

In the 1950s, for example, President Harry S Truman created the Campaign of Truth to reveal to the Russian people the “Big Lies” of their government. Washington had often discovered these lies through eavesdropping and other espionage.

Today, the United States has morphed from a Cold War, and in some cases a hot war, into a cyberwar, with computer coding replacing bullets and bombs. Yet the American public manages to be “shocked, shocked” that a foreign country would attempt to conduct cyberespionage on the United States.

NSA operations have, for example, recently delved into elections in Mexico,  targeting its last presidential campaign. According to a top-secret PowerPoint presentation leaked by former NSA contract employee Edward Snowden, the operation involved a “surge effort against one of Mexico’s leading presidential candidates, Enrique Peña Nieto, and nine of his close associates.” Peña won that election and is now Mexico’s president.

The NSA identified Peña’s cellphone and those of his associates using advanced software that can filter out specific phones from the swarm around the candidate. These lines were then targeted. The technology, one NSA analyst noted, “might find a needle in a haystack.” The analyst described it as “a repeatable and efficient” process.

The eavesdroppers also succeeded in intercepting 85,489 text messages, a Der Spiegel article noted.

Another NSA operation, begun in May 2010 and codenamed FLATLIQUID, targeted Pena’s predecessor, President Felipe Calderon. The NSA, the documents revealed, was able “to gain first-ever access to President Felipe Calderon’s public email account.”

At the same time, members of a highly secret joint NSA/CIA organization, called the Special Collection Service, are based in the U.S. embassy in Mexico City and other U.S. embassies around the world. It targets local government communications, as well as foreign embassies nearby. For Mexico, additional eavesdropping, and much of the analysis, is conducted by NSA Texas, a large listening post in San Antonio that focuses on the Caribbean, Central America and South America.

Unlike the Defense Department’s Pentagon, the headquarters of the cyberspies fills an entire secret city. Located in Fort Meade, Maryland, halfway between Washington and Baltimore, Maryland, NSA’s headquarters consists of scores of heavily guarded buildings. The site even boasts its own police force and post office.

And it is about to grow considerably bigger, now that the NSA cyberspies have merged with the cyberwarriors of U.S. Cyber Command, which controls its own Cyber Army, Cyber Navy, Cyber Air Force and Cyber Marine Corps, all armed with state-of-the-art cyberweapons. In charge of it all is a four-star admiral, Michael S. Rogers.

Now under construction inside NSA’s secret city, Cyber Command’s new $3.2- billion headquarters is to include 14 buildings, 11 parking garages and an enormous cyberbrain — a 600,000-square-foot, $896.5-million supercomputer facility that will eat up an enormous amount of power, about 60 megawatts. This is enough electricity to power a city of more than 40,000 homes.

In 2014, for a cover story in Wired and a PBS documentary, I spent three days in Moscow with Snowden, whose last NSA job was as a contract cyberwarrior. I was also granted rare access to his archive of documents. “Cyber Command itself has always been branded in a sort of misleading way from its very inception,” Snowden told me. “It’s an attack agency. … It’s all about computer-network attack and computer-network exploitation at Cyber Command.”

The idea is to turn the Internet from a worldwide web of information into a global battlefield for war. “The next major conflict will start in cyberspace,” says one of the secret NSA documents. One key phrase within Cyber Command documents is “Information Dominance.”

The Cyber Navy, for example, calls itself the Information Dominance Corps. The Cyber Army is providing frontline troops with the option of requesting “cyberfire support” from Cyber Command, in much the same way it requests air and artillery support. And the Cyber Air Force is pledged to “dominate cyberspace” just as “today we dominate air and space.”

Among the tools at their disposal is one called Passionatepolka, designed to “remotely brick network cards.” “Bricking” a computer means destroying it – turning it into a brick.

One such situation took place in war-torn Syria in 2012, according to Snowden, when the NSA attempted to remotely and secretly install an “exploit,” or bug, into the computer system of a major Internet provider. This was expected to provide access to email and other Internet traffic across much of Syria. But something went wrong. Instead, the computers were bricked. It took down the Internet across the country for a period of time.

While Cyber Command executes attacks, the National Security Agency seems more interested in tracking virtually everyone connected to the Internet, according to the documents.

One top-secret operation, code-named TreasureMap, is designed to have a “capability for building a near real-time interactive map of the global Internet. … Any device, anywhere, all the time.” Another operation, codenamed Turbine, involves secretly placing “millions of implants” — malware — in computer systems worldwide for either spying or cyberattacks.

Yet, even as the U.S. government continues building robust eavesdropping and attack systems, it looks like there has been far less focus on security at home. One benefit of the cyber-theft of the Democratic National Committee emails might be that it helps open a public dialogue about the dangerous potential of cyberwarfare. This is long overdue. The possible security problems for the U.S. presidential election in November are already being discussed.

Yet there can never be a useful discussion on the topic if the Obama administration continues to point fingers at other countries without admitting that Washington is engaged heavily in cyberspying and cyberwarfare.

In fact, the United States is the only country ever to launch an actual cyberwar — when the Obama administration used a cyberattack to destroy thousands of centrifuges, used for nuclear enrichment, in Iran. This was an illegal act of war, according to the Defense Department’s own definition.

Given the news reports that many more DNC emails are waiting to be leaked as the presidential election draws closer, there will likely be many more reminders of the need for a public dialogue on cybersecurity and cyberwarfare before November.

 

(James Bamford is the author of The Shadow Factory: The Ultra-Secret NSA From 9/11 to the Eavesdropping on America. He is a columnist for Foreign Policy magazine.)

The U.S. has had a Russian Problem of Espionage for Decades

What is terrifying and pathetic is the Obama White House and both Secretaries of State Hillary Clinton and John Kerry have been stooges of Putin….groveling for normalcy just as they have with the regime of Iran. This is an administration that is normalizing relations with all terror regimes across the globe that include North Korea, Cuba and Venezuela. Hillary said that Bashir al Assad of Syria was a reformer when 400,000 Syrians are dead and 4-5 million have left their homes. Then, we all remember that the Obama White House negotiated with Qatar to released 5 Taliban commanders in exchange for one Army deserter. Talks have been ongoing with the Taliban for years until just recently.

But back to Russia….before the hacking, to sway and or interfere with U.S. elections.

Related reading: Hey FBI, the Investigation into the DNC Hacking is Over Here

No one is admitting that Russian in cadence with WikiLeaks has hacked Hillary’s campaign systems, DCC and the DNC as well as other government systems. Why? Perhaps diplomacy due to talks continued talks with Iran and ending the civil war in Syria. Remember that ‘red-line’ on chemical weapons use.

So, let’s go back a way, like over a decade and up to just a couple of years ago when it came to Russian spies in the United States, shall we? This is for perspective and how the Obama administration including his National Security Council and the State Department continue to ‘omit’ history…

Espionage continues and tactics have not changed for Russia where cyber intrusions have replaced in country operatives, however a look at those operatives’ skills and missions must not be overlooked or dismissed.

Image result for russian spies caught

Let’s begin with Anna Chapman, the Russian spy.

DailyNews: Sultry former Russian secret agent Anna Chapman ended an exchange with NBC News almost before it began when she was pressed about her playful Twitter marriage proposal to NSA leaker Edward Snowden.

Here is the official criminal complaint and summary of how the FBI tracked her actions filed in 2010. The file also includes an additional spy Mikhail Sememko. This actually began in 1990….yes 1990.

But actually there were 8 more Russian spies and this is the criminal complaint for that case. What is fascinating here is the many stopovers in Latin America…..

The spying spree finally came to its end in the summer of 2014, when the trio were propositioned by a self-described investor who wanted to develop casinos in Russia. The scheme immediately drew red flags among the group, with Sporyshev offering that the proposal felt “like some sort of set-up.”
But despite his misgivings, Sporyshev didn’t stop Buryakov from meeting with the supposed investor, who was, in fact, an FBI informant.
For six hours on Aug. 28, Buryakov and the informant met in the anemic gambling metropolis Atlantic City. The informant, who claimed he had a well-placed source in the U.S. government, handed Buryakov documents that were labeled “Internal Treasury Use Only” and contained a list of Russians who were essentially blacklisted from doing business with the United States.
The valuable document earned the informant another meeting that day, when he offered Buryakov another official document that contained “a list of Russian banks… on which to impose sanctions,” according to the criminal complaint. More from DailyBeast.

Then there was a dead Russian, Mikhail Lesin. found in a hotel in Dupont Circle, Washington DC. A story that came and went real fast.

Image result for russian Mikhail Lesin

Mr. Lesin was a major figure in Russian media after the fall of the Soviet Union, first as an advertising executive and later as a top government official and media executive.  

He had deep connections to the Russian state at the time Mr. Putin was reasserting his authority over the country’s rambunctious and freewheeling media. He was a crucial figure in that process, which began with the takeover of Russia’s first independent television channel, NTV, in the early 2000s, and was viewed with bitterness by many Russian journalists at that time.