Category Archives: NSA Spying

Schiff Never Complained when Obama Normalized Relations with Putin

Posted on by

Remember, under the Obama administration, rogue nations such as Iran and Cuba were placed as among the world’s good actors. Hillary went to Russia with a ‘reset button’ and gave Moscow more authority and power in regions of major conflict. Yet it is Congressman Adam Schiff and his friendly democrat friends that are continuing to whine about Trump’s interactions with Russia or Russians.

So, Obama set the table on the friendly approach to Medvedev and Putin and Russian aggression around the world has more than threatened equilibrium, it is deadly.

Have you wondered why Bashir al Assad has not been brought before a global tribunal for war crimes?

UNITED NATIONS – Russia and China on Thursday vetoed a U.N. Security Council resolution referring the Syrian crisis to the International Criminal Court for investigation of possible war crimes, prompting angry responses from the proposal’s supporters who said the two countries should be ashamed.

This is the fourth time Russia and China have used their veto power as permanent council members to deflect action against the government of President Bashar Assad. The 13 other council members voted in favor of the resolution.

More than 60 countries signed on to support the French-drafted measure, in a dramatic demonstration of international backing for justice in the conflict which has sent millions fleeing and killed more than 160,000, according to activists. More here.

*** That is right, Russia has veto power and they have used it since at least 2014. Does it even make sense that Russia is part of the Security Council in the first place? Nope…

As the United States continues to fight against the Taliban in Afghanistan, who has been supplying the Taliban with weapons? Yup…Russia. You see, Russia has training operations with real fighting equipment and when the training is complete, they leave the high tech equipment behind and tell the Taliban to come get it.

Did Adam Schiff or Maxine Waters get on TV and demand impeachment over Obama’s relationship with Moscow? Nah….

While not a fan at all of MSNBC, Richard Engle however did an exceptional reporting piece on Putin including who else was to be assassinated by poison, including Christopher Steele of the Trump dossier.

So, in solidarity with Britain, the Trump administration took aggressive action in expelling several Russian diplomats (read spies) as did at least almost three dozen other countries. Trump also closed the Russian diplomatic post in Seattle. What was going on there was terrifying and it is questionable on why Obama did not order it closed in December of 2016. Read below for what the FBI knew and yet was unable to take action due to the Obama White House.

Escalating tit for tat, US orders Russian consulate closed ... Russian post in Seattle

Among the 27 countries that have retaliated for what is believed to be a Kremlin-ordered chemical-weapon attack on an ex-Russian intelligence officer and his daughter in Britain earlier this month, the United States took by far the most dramatic steps: ousting 60 diplomats in total, including 15 suspected intelligence operatives based at Russia’s United Nations Mission alone—the most significant action of its type since the Reagan administration. (The move prompted Russia, on Thursday, to announce the expulsion of 60 U.S. diplomats and the closure of the U.S. consulate in Saint Petersburg.) But it was the Trump administration’s announcement of the shuttering of Russia’s consulate in Seattle that turned heads. Why Seattle? What was going on there? Would the closure matter?

While Seattle is an important city for Russian intelligence collection efforts domestically, its consulate’s profile has generally been quieter than San Francisco’s or New York’s, according to two former U.S. intelligence officials who asked to remain anonymous but have knowledge of Russian activities in these areas. But the closure of the consulate is noteworthy nonetheless: Along with the administration’s shuttering of the San Francisco consulate in 2017, Russia will now lack a diplomatic facility west of Houston, or any diplomatic presence on the West Coast for the first time since 1971. Russian intelligence officers—at least those under diplomatic cover—will no longer operate in easy proximity to America’s two great tech capitals. Indeed, at least in Seattle, suspected Russia spies have already been caught attempting to infiltrate local tech companies.

“Certainly, there were enough issues that were important to the Russians in Seattle—the naval bases, Microsoft, Boeing, Amazon,” says John Sipher, a former CIA officer who worked closely with the FBI on counterespionage issues. “There was always nervousness within the national security agencies that the sheer number of ethnic Russians in these industries was something the Russians could take advantage of. I don’t know if closing Seattle was a strategic choice; nonetheless, the concentration of high-tech and military resources makes it a sensible target.”

After the closure of the Russian consulate in San Francisco, former senior U.S. intel officials told me that facility had, for decades, functioned as the primary hub for Russian intelligence-gathering in the Western United States. It featured key classified communications systems, and was a crucial collection center in Russia’s long-running effort to map out America’s fiber-optic cable network.

One of the two anonymous former intelligence officials I spoke with called Seattle a top-five U.S. city for Russian counterintelligence work, but a “smaller operation” than San Francisco. Seattle did not have the same type of communications facilities as San Francisco, the two former officials said. In fact, Russian diplomats used to regularly drive a van with protected diplomatic information from San Francisco to Seattle, said a second official, though the frequency of those trips decreased over time, when U.S. officials suspected the Russians had begun to move their communications to encrypted channels online.

Still, the Seattle area has some rich espionage targets. Firms like Boeing and Microsoft have long been of interest to Russian operatives, the former intel officials said. So have the many military bases in the area, including, pre-eminently, Naval Base Kitsap, located just across the Puget Sound from Seattle and home to eight nuclear-armed submarines. Administration officials have openly cited the Seattle consulate’s proximity to Boeing, and sensitive military bases, as reasons for its closure.

Because there is a seven-hour float from Kitsap to these nuclear-armed submarines’ dive point, the two former officials said, there are numerous opportunities to track the subs’ movements—a longstanding concern for U.S. intelligence and military officials. Knowing when a submarine is headed out to sea or how many submarines are running patrols at a given time, and potentially identifying new technologies on these vessels, are all valuable pieces of intelligence, these officials said. Moreover, U.S. intel officials have worried that in a worst-case-scenario—actual armed hostilities between the two countries—information gleaned from Russian operatives in the Pacific Northwest could be used to identify “choke points.” For instance, they might know the ideal places to fire a rocket-propelled grenade at a fishing boat in a narrow channel, which could prevent military vessels from deploying.

In the past, suspected intel operatives based at Russia’s Seattle consulate were observed engaging in the same sorts of behavior as their counterparts in San Francisco, the two former intel officials said, including tracking down potential fiber-optic nodes (as part of Russia’s long-term effort to map where data were being transferred), or Cold War-era intelligence-collection sites, in Northwestern forests. U.S. officials also believed Russian operatives were traveling to remote beaches in the area in order to “signal,” or cryptically transmit and receive data, with interlocutors offshore. (There was a specific beach in Oregon these individuals would favor, the two former officials said.)

More recently, however, these activities appeared to die down, these individuals said, an event one of the former intel officials attributes to Edward Snowden’s 2013 disclosures, which some in the intelligence community believe led Russia to overhaul its strategies for domestic intelligence-gathering. Generally, this person said, Seattle seemed like a “proving ground” for junior Russian intelligence officers, a place to send less-experienced operatives to acclimate them to the United States. After Snowden, U.S. intel officials started seeing more “travelers” in the Seattle area—suspected intelligence operatives working under both diplomatic and nonofficial cover—flying in remotely to meet with individuals, the two former officials said.

The biggest Russia-related concern in Seattle was “cyber-related activities,” which were separate from the consulate, the two former officials said—including those of the local Kaspersky Labs affiliate. In July 2017, U.S. officials banned Moscow-based Kaspersky, which produces anti-virus software, from being used on any government computers, over fears about the company’s connections to Russian intelligence. U.S. counterintelligence officials were concerned that Kaspersky was being used as a tool for Russian covert communications, the two former officials said, and were also examining whether individuals affiliated with Kaspersky were actual engaging in cyber-espionage domestically. “As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the company has never helped, nor will help, any government in the world with its cyber espionage efforts,” a spokesperson for Kaspersky said. “The U.S. government actions against Kaspersky Lab lack sufficient basis, are unconstitutional, have been taken without any evidence of wrongdoing by the company, and rely upon subjective, non-technical public sources, such as uncorroborated and often anonymously sourced media reports, related claims, and rumors, which is why the company has challenged the validity of these actions in federal court.“

“Was Kaspersky looking at Microsoft or Boeing as opportunities to exploit? Was it just business development? Or were they actually engaged in trying to penetrate these enterprises?” asked one of the former officials. “The suspicions on Kaspersky have pretty much been borne out … when you look at the recent U.S. government decision, and what has been publicly reported on what the Israelis have been able to find out.” In 2017 the New York Times reported that Israeli intelligence had hacked into a Russian espionage operation, observing Russian operatives using back doors in Kaspersky software to scan for, and purloin, U.S. intelligence documents.

Russia’s interest in Microsoft is also well-documented. In 2010, U.S. officials deported Alexey Karetnikov, a 23-year-old Russian national, from the Seattle area, where he had been working at Microsoft as a software tester. U.S. officials believed he was actually a Russian intelligence officer, and linked him to the ring of 10 “illegals”—Russian deep-cover operatives who had been living in the United States—that U.S. officials had arrested and deported earlier that year. Two of those undercover operatives, Michael Zottoli and Patricia Mills (whose real names are Mikhail Kutsik and Natalia Pereverzeva), had lived in Seattle for years, even starting a family there. In Seattle, Kutsik worked at a telecommunications firm, and both operatives took finance classes at the University of Washington. In a 2017 article in Seattle Met Magazine, Kutsik and Pereverzeva’s former investments professor said he believed the Russians were interested in his class because many of his students went on to work for Amazon, Boeing or Microsoft. Kutsik, Pereverzeva and Karetnikov were not known to have been coordinating their activities with the Seattle consulate, one of the former officials said.

Even as Russian espionage continues to migrate outside consular facilities—to travelers, and individuals working locally under nonofficial cover—it is “no coincidence” that both shuttered diplomatic outposts were on the West Coast, said one of the former officials. No matter when—or if—these two consulates are reopened, Russian interest in the West Coast is likely to continue far into the foreseeable future.

Where is Adam Schiff now?

 

Russia Expels Western Diplomats then Announces High Tech Weapons

Posted on by

“U.S. ambassador to Russia Jon Huntsman has been summoned to our ministry, where my deputy Sergei Ryabkov is briefing him on the tit-for-tat steps against the U.S.,” Lavrov said, according to the state-run Tass Russian News Agency.

“They include the expulsion of the same number of diplomats and our decision to withdraw consent to the work of the Consulate General in St. Petersburg.” More here.

Russia to Expel U.S. Diplomats, Close St. Petersburg ... photo

Meanwhile….

Robotics, artificial intelligence, and a willingness to strike the enemy’s non-military targets will figure in the country’s future strategies.

The U.S. military isn’t alone in its plans to pour money into drones, ground robots, and artificially intelligent assistants for command and control. Russia, too, will be increasing investment in these areas, as well as space and information warfare, Russian Army Gen. Valery Gerasimov told members of the Russian Military Academy of the General Staff last Saturday. In the event of war, Russia would consider economic and non-military government targets fair game, he said.

The comments are yet another sign that the militaries of the United States and Russia are coming more and more to resemble one another in key ways — at least in terms of hyping future capabilities. The chief of the General Staff said the Russian military is already developing new drones that could perform strike as well as reconnaissance missions. On the defensive side, the military is investing in counter-drone tech and electromagnetic warfare kits for individual troops.

The Russians are building an “automated reconnaissance and strike system,” he said, describing an AI-drive system that sounds a bit like the Maven and Data to Decision projects that the United States Air Force is pursuing. The goal, according to Gerasimov, was to cut down on the time between reconnaissance for target collection and strike by a factor of 2.5, and to improve the accuracy of strike by a factor of two. The Russian government is developing new, high-precision strike weapons for the same purpose. “In the future, precision weapons, including advanced hypersonics, will allow for the transfer the fundamental parts of strategic deterrence to non-nuclear weapons,” he said.

Sam Bendett, a research analyst at the Center for Naval Analyses, says the moves signal that the Russian military is trying to push fighting further away from its borders, thus growing the area to which it can deny access, or at least appear to do so. “Russia’s current force composition is aiming at short-range, short-duration conflict where its forces can overwhelm the adversary close to Russian borders. The new technology Gerasimov discusses would allow Russia to conduct deep-strikes within enemy territory, thus ‘pushing’ the actual fighting far from Russian borders and Russian vulnerability to Western precision-guided weapons,” he said.

What would Gerasimov hit with those weapons? In his talk, the Russian general said that enemy economic and non-military aspects of government could be on the list of potential targets. “The objects of the economy and the state administration of the enemy will be subject to immediate destruction, in addition to the traditional spheres of armed struggle, the information sphere and space will be actively involved,” he told the audience.

Says Bendett, “the use of such technologies is especially important given the type of war Moscow intends to fight. Gerasimov stated that potential adversary’s economic targets, as well as government’s ability to govern, will be fair game. Striking deep into enemy territory can be accomplished more easily by unmanned systems—whether armed with EW, various sensors or strike components … All this also depends on the Russian military-industrial complex’s ability to properly marshal the needed resources in an organized fashion in order to field this technology.”

One other explanation for the tough talk: Russia is hardly an even match for the United States in terms of either military spending or capability. The recently announced $61 billion increase in the U.S. military budget over last year’s budget (bringing the total to $700 billion) is greater than the entire Russian military budget, which sits around $46 billion. That number represents about 2.86 percent of Russian GDP. In December, Putin said that the government would “reduce” future expenditures.

“Gerasimov is, like anyone in a senior military post, a lobbyist as much as a soldier, and at a time when the Russian defense budget is going to continue to shrink, he is doing what he can both to maintain it as high as possible and also to tilt procurement away from older-fashioned metalwork — which is really a way for the Kremlin to subsidise the defence industries rather than what the military want — and towards advanced communications, reconnaissance and targeting capabilities,” said Mark Galeotti, the head of the Center for European Security at UMV, the Institute of International Relations, Prague.

According to Bendett, Russian government leaders are “hedging against impending geopolitical and economic uncertainty by trying to keep their military budget within certain parameters. The [Ministry of Defense] has been talking repeatedly about the rising share of new military tech in service of the Russian military, slowly phasing out older systems in favor of new ones. So the high-tech approach that Gerasimov outlined — space-based weapons, ‘military robots’ — is the next evolutionary stage in Russian military’s evolution to a more high-tech, sophisticated forces capable of rapid strike.”

Gerasimov also took a moment to denounce what he claimed were Western attempts to destabilize the Russian government through information and influence warfare and other subtle tactics. The charge may strike Western audiences as brazenly hypocritical given the Kremlin’s on-going attempts to sow misinformation to global audiences through social media, email theft and propaganda campaigns. But it’s an old talking point for Gerasimov.

Said UMV’s Galeotti: “At a time when the Kremlin is demonstrably worried about what it sees as Western ‘gibridnaya voina‘ [or hybrid war] being waged against it — we don’t have to accept their premises to acknowledge that the Russians genuinely believe this — he is staking out the military’s claims to being relevant in this age. And his answer, as in his infamous 2013 article, and as played out in the first stage of Zapad [the major wargame Russia executed in Belarus last summer] is that the military will deploy massive firepower to smash any foreign incursions meant to instigate risings against Moscow.”

What Should Congress Ask Facebook, Google and Twitter?

Posted on by

Okay, check this out. This is essentially a whole unique type of cyber war, this time it is the user vs. the tech companies.

That whole thing about presumed privacy and data protection is a myth…no it is a lie. Question is how long has this been going on and is it all explained in terms of service? Is privacy a human right? Nah, not when it comes to tech companies. Congress should also include Microsoft in this hearing. We just need facts to make independent decisions about how we interact on the internet and individuals must practice information hygiene when using a keyboard be it on a computer, a Mac or a smart phone. Facebook has already made some changes but are they real and effective?

Mobile Advertising Market: Google, Facebook, Twitter ...

Are you ready? This is all the data Facebook and Google have on you

The harvesting of our personal details goes far beyond what many of us could imagine. So I braced myself and had a look.

A slice of the data that Facebook keeps on the author: ‘This information has millions of nefarious uses.’
A slice of the data that Facebook keeps on the author: ‘This information has millions of nefarious uses.’ Photograph: Dylan Curran

Want to freak yourself out? I’m going to show just how much of your information the likes of Facebook and Google store about you without you even realising it.

Google knows where you’ve been

Google stores your location (if you have location tracking turned on) every time you turn on your phone. You can see a timeline of where you’ve been from the very first day you started using Google on your phone.

Click on this link to see your own data: google.com/maps/timeline?…

Here is every place I have been in the last 12 months in Ireland. You can see the time of day that I was in the location and how long it took me to get to that location from my previous one.

A Google map of every place I’ve been in Ireland this year.
Pinterest
‘A Google map of every place I’ve been in Ireland this year.’ Photograph: Dylan Curran

Google knows everything you’ve ever searched – and deleted

Google stores search history across all your devices. That can mean that, even if you delete your search history and phone history on one device, it may still have data saved from other devices.

Click on this link to see your own data: myactivity.google.com/myactivity

Google has an advertisement profile of you

Google creates an advertisement profile based on your information, including your location, gender, age, hobbies, career, interests, relationship status, possible weight (need to lose 10lb in one day?) and income.

Click on this link to see your own data: google.com/settings/ads/

Google knows all the apps you use

Google stores information on every app and extension you use. They know how often you use them, where you use them, and who you use them to interact with. That means they know who you talk to on Facebook, what countries are you speaking with, what time you go to sleep.

Click on this link to see your own data: security.google.com/settings/secur…

Google has all of your YouTube history

Google stores all of your YouTube history, so they probably know whether you’re going to be a parent soon, if you’re a conservative, if you’re a progressive, if you’re Jewish, Christian, or Muslim, if you’re feeling depressed or suicidal, if you’re anorexic …

Click on this link to see your own data: youtube.com/feed/history/s…

The data Google has on you can fill millions of Word documents

Google offers an option to download all of the data it stores about you. I’ve requested to download it and the file is 5.5GB big, which is roughly 3m Word documents.

This link includes your bookmarks, emails, contacts, your Google Drive files, all of the above information, your YouTube videos, the photos you’ve taken on your phone, the businesses you’ve bought from, the products you’ve bought through Google …

They also have data from your calendar, your Google hangout sessions, your location history, the music you listen to, the Google books you’ve purchased, the Google groups you’re in, the websites you’ve created, the phones you’ve owned, the pages you’ve shared, how many steps you walk in a day …

Click on this link to see your own data: google.com/takeout

Facebook has reams and reams of data on you, too

Facebook offers a similar option to download all your information. Mine was roughly 600MB, which is roughly 400,000 Word documents.

This includes every message you’ve ever sent or been sent, every file you’ve ever sent or been sent, all the contacts in your phone, and all the audio messages you’ve ever sent or been sent.

Click here to see your data: https://www.facebook.com/help/131112897028467

A snapshot of the data Facebook has saved on me.
Pinterest
‘A snapshot of the data Facebook has saved on me.’ Photograph: Dylan Curran

Facebook stores everything from your stickers to your login location

Facebook also stores what it thinks you might be interested in based off the things you’ve liked and what you and your friends talk about (I apparently like the topic “girl”).

Somewhat pointlessly, they also store all the stickers you’ve ever sent on Facebook (I have no idea why they do this. It’s just a joke at this stage).

They also store every time you log in to Facebook, where you logged in from, what time, and from what device.

And they store all the applications you’ve ever had connected to your Facebook account, so they can guess I’m interested in politics and web and graphic design, that I was single between X and Y period with the installation of Tinder, and I got a HTC phone in November.

(Side note, if you have Windows 10 installed, this is a picture of just the privacy options with 16 different sub-menus, which have all of the options enabled by default when you install Windows 10)

Privacy options in Facebook.
Pinterest
Privacy options in Facebook. Photograph: Dylan Curran

They can access your webcam and microphone

The data they collect includes tracking where you are, what applications you have installed, when you use them, what you use them for, access to your webcam and microphone at any time, your contacts, your emails, your calendar, your call history, the messages you send and receive, the files you download, the games you play, your photos and videos, your music, your search history, your browsing history, even what radio stations you listen to.

Here are some of the different ways Google gets your data

I got the Google Takeout document with all my information, and this is a breakdown of all the different ways they get your information.

My Google Takeout document.
Pinterest
‘My Google Takeout document.’ Photograph: Dylan Curran

Here’s the search history document, which has 90,000 different entries, even showing the images I downloaded and the websites I accessed (I showed the Pirate Bay section to show how much damage this information can do).

data
Pinterest
‘My search history document has 90,000 different entries.’ Photograph: Dylan Curran

Google knows which events you attended, and when

Here’s my Google Calendar broken down, showing all the events I’ve ever added, whether I actually attended them, and what time I attended them at (this part is when I went for an interview for a marketing job, and what time I arrived).

data
Pinterest
‘Here is my Google calendar showing a job interview I attended.’ Photograph: Dylan Curran

And Google has information you deleted

This is my Google Drive, which includes files I explicitly deleted including my résumé, my monthly budget, and all the code, files and websites I’ve ever made, and even my PGP private key, which I deleted, that I use to encrypt emails.

data
Pinterest

Google can know your workout routine

This is my Google Fit, which shows all of the steps I’ve ever taken, any time I walked anywhere, and all the times I’ve recorded any meditation/yoga/workouts I’ve done (I deleted this information and revoked Google Fit’s permissions).

data
Pinterest

And they have years’ worth of photos

This is all the photos ever taken with my phone, broken down by year, and includes metadata of when and where I took the photos

data
Pinterest

Google has every email you ever sent

Every email I’ve ever sent, that’s been sent to me, including the ones I deleted or were categorised as spam.

data
Pinterest

And there is more

I’ll just do a short summary of what’s in the thousands of files I received under my Google Activity.

First, every Google Ad I’ve ever viewed or clicked on, every app I’ve ever launched or used and when I did it, every website I’ve ever visited and what time I did it at, and every app I’ve ever installed or searched for.

data
Pinterest
‘They have every single Google search I’ve made since 2009.’

They also have every image I’ve ever searched for and saved, every location I’ve ever searched for or clicked on, every news article I’ve ever searched for or read, and every single Google search I’ve made since 2009. And then finally, every YouTube video I’ve ever searched for or viewed, since 2008.

This information has millions of nefarious uses. You say you’re not a terrorist. Then how come you were googling Isis? Work at Google and you’re suspicious of your wife? Perfect, just look up her location and search history for the last 10 years. Manage to gain access to someone’s Google account? Perfect, you have a chronological diary of everything that person has done for the last 10 years.

This is one of the craziest things about the modern age. We would never let the government or a corporation put cameras/microphones in our homes or location trackers on us. But we just went ahead and did it ourselves because – to hell with it! – I want to watch cute dog videos.

  • Dylan Curran is a data consultant and web developer, who does extensive research into spreading technical awareness and improving digital etiquette

Trump and Allies Expel Russian Diplomats/Operatives

Posted on by

President Donald Trump ordered 60 Russian diplomats the U.S. considers spies to leave the country and closed Russia’s consulate in Seattle. The closure of the Russian consulate in Seattle due to its proximity to one of our submarine bases and Boeing.” The U.S. officials said more than 100 Russian intelligence agents work under cover as diplomats in the U.S. and described the number as unacceptable. They said the U.S. could take further action in the future. The 60 people expelled from the U.S. include 48 attached to the Russian embassy and 12 at the country’s mission to the United Nations. They have seven days to leave the country, the officials said. More here.

US expels 60 Russian diplomats, shutters Seattle consulate | Ap | tulsaworld.com Russian consulate, Seattle

London (CNN)It’s the biggest collective expulsion of alleged Russian intelligence officers in history, according to British Prime Minister Theresa May.

Diplomats are being kicked out of at least 21 countries16 European Union states, the United States, Canada, Ukraine, Norway and Albania in a coordinated effort that represents a significant diplomatic victory for the UK, which blames Russia for poisoning Sergei Skripal and his daughter, Yulia.
The UK has already expelled 23 Russian diplomats. Moscow retaliated by sending the same number of UK diplomats back, and by shuttering British cultural institutions in the country.
Here’s what each country is doing: 

European Union nations

Croatia: Prime Minister Andrej Plenkovic said Croatia will expel one diplomat.
Czech Republic: The Czech Republic will expel three diplomats, Prime Minister Andrej Babis and Foreign Minister Martin Stropnicky announced a press conference. The Czech Foreign Ministry tweeted that it declared the diplomats “personae non gratae.”
The UK had already expelled 23 Russian diplomats. People were seen hugging at the Russian Embassy in London on March 20.
Denmark: The Foreign Ministry announced two diplomats would be expelled. “We stand shoulder to shoulder with Britain and clearly say no to Russia at a time when Russia is also in threatening and seeking to undermine Western values and the rule-based international order in other areas,” Foreign Minister Anders Samuelsen said.
Estonia: Estonia Foreign Ministry told CNN one Russian diplomat, a Russian defense attaché, will be expelled.
Finland: Finland will expel one diplomat, the Foreign Ministry said.
France: French Foreign Minister Jean-Yves Le Drian announced the expulsion of four diplomats, who must leave the country within a week. He said that the decision followed the European Council’s conclusions that the attack “posed a serious threat to our collective security” and that France was acting “in solidarity with our British partners.”
Germany: The German Foreign Ministry said Monday it would expel four diplomats. “In close coordination within the European Union and with NATO allies, the Federal Government has decided to ask four Russian diplomats to leave Germany within seven days. The request was sent to the Russian Embassy today,” the ministry said in a statement.
Hungary: The Foreign Ministry said Hungary would expel one diplomat over “what has been discussed at the European Council meeting,” adding that the diplomat was “also conducting intelligence activities.”
Italy: The Italian Foreign Ministry says it will expel two Russian diplomats from the embassy in Rome “as a sign of solidarity with the United Kingdom and in coordination with the European partners and NATO.”
Latvia: The Foreign Ministry told CNN it would expel one diplomat and one private citizen who runs the office of a Russian company in the capital, Riga.
Lithuania: Foreign Affairs Minister Linas Linkevicius said on Twitter the country would expel three diplomats “in solidarity with the UK over #SalisburyAttack.” Lithuania would also sanction an additional 21 individuals and ban 23 more from entering the country.
Netherlands: Prime Minister Mark Rutte announced the expulsion of two diplomats, saying the use of chemical weapons was unacceptable.
Poland: Poland’s Ministry of Foreign Affairs said it would expel four diplomats and said the attack showed how “a similar immediate threat to the territory and citizens of EU and NATO member states can happen anywhere.”
Romania: Romania’s Foreign Ministry said on Twitter that one diplomat would be expelled.
Spain: The Foreign Ministry said Spain will expel two diplomats. “From the outset, we have considered the nerve agent attack in Salisbury to be an extremely serious development that represents a significant threat to our collective security and to international law,” the ministry said on Twitter.
Sweden: The Foreign Ministry told CNN it will expel one diplomat.

Non-EU countries

Albania: The Ministry of Foreign Affairs told CNN it will expel two Russian diplomats. In a statement, the ministry said called each diplomat a “persona non grata” and said the pair’s activities were “not compliant to their diplomatic status.”
Canada: Ottawa said it was expelling four Russian diplomats alleged to be intelligence officers “or individuals who have used their diplomatic status to undermine Canada’s security or interfere in our democracy.” Additionally it was refusing three applications by Moscow for additional diplomatic staff. “The nerve agent attack represents a clear threat to the rules-based international order and to the rules that were established by the international community to ensure chemical weapons would never again destroy human lives,” Foreign Minister Chrystia Freeland said.
Norway: The Ministry of Foreign Affairs told CNN it would expel one Russian diplomat in response to the attack. “The use of a nerve agent in Salisbury is a very serious matter,” Norwegian Foreign Minister Ine Eriksen Soreide said in a statement. “Such an incident must have consequences.”
Ukraine: President Petro Poroshenko said Ukraine, which has experienced years of hostility from Russia, including the annexation of Crimea, would expel 13 diplomats. “Russia has again reconfirmed its disdainful attitude to the sovereignty of independent states and the value of human life.”
United States: The White House said it was expelling 60 Russian diplomats identified as intelligence agents and also announced the closure of the Russian consulate in Seattle. It represents the most forceful action Trump has taken against Russia to date. Of those being expelled, 48 of the alleged intelligence agents work at the Russian embassy in Washington and 12 are posted at the United Nations in New York, senior administration officials said.

9 Iranians Charged in Hacking 176 Universities, Intellectual Property

Posted on by

Nine Iranians Charged With Conducting Massive Cyber Theft Campaign On Behalf Of The Islamic Revolutionary Guard Corps

Mabna Institute Hackers Penetrated Systems Belonging to Hundreds of Universities, Companies, and Other Victims to Steal Research, Academic Data, Proprietary Data, and Intellectual Property

Rod J. Rosenstein, the Deputy Attorney General of the United States, Geoffrey S. Berman, the United States Attorney for the Southern District of New York, William F. Sweeney Jr., the Assistant Director-in-Charge of the New York Field Division of the Federal Bureau of Investigation (“FBI”), and John C. Demers, Assistant Attorney General for National Security, announced today the unsealing of an indictment charging GHOLAMREZA RAFATNEJAD, EHSAN MOHAMMADI, ABDOLLAH KARIMA, a/k/a “Vahid Karima,” MOSTAFA SADEGHI, SEYED ALI MIRKARIMI, MOHAMMED REZA SABAHI, ROOZBEH SABAHI, ABUZAR GOHARI MOQADAM, and SAJJAD TAHMASEBI.  The defendants were each leaders, contractors, associates, hackers-for-hire, and affiliates of the Mabna Institute, an Iran-based company that was responsible for a coordinated campaign of cyber intrusions that began in at least 2013 into computer systems belonging to 144 U.S.-based universities, 176 universities across 21 foreign countries, 47 domestic and foreign private sector companies, the United States Department of Labor, the Federal Energy Regulatory Commission, the State of Hawaii, the State of Indiana, the United Nations, and the United Nations Children’s Fund.  Through the activities of the defendants, the Mabna Institute conducted these intrusions to steal over 30 terabytes of academic data and intellectual property from universities, and email inboxes from employees of victim private sector companies, government victims, and non-governmental organizations.  The defendants conducted many of these intrusions on behalf of the Islamic Republic of Iran’s (“Iran”) Islamic Revolutionary Guard Corps (“IRGC”), one of several entities within the government of Iran responsible for gathering intelligence, as well as other Iranian government clients.  In addition to these criminal charges, today the Department of Treasury’s Office of Foreign Assets Control (OFAC) designated the Mabna Institute and the nine defendants for sanctions for the malicious cyber-enabled activity outlined in the Indictment.

Deputy Attorney General Rod J. Rosenstein said:  “These nine Iranian nationals allegedly stole more than 31 terabytes of documents and data from more than 140 American universities, 30 American companies, five American government agencies, and also more than 176 universities in 21 foreign countries.  For many of these intrusions, the defendants acted at the behest of the Iranian government and, specifically, the Iranian Revolutionary Guard Corps.  The Department of Justice will aggressively investigate and prosecute hostile actors who attempt to profit from America’s ideas by infiltrating our computer systems and stealing intellectual property.  This case is important because it will disrupt the defendants’ hacking operations and deter similar crimes.”

Manhattan U.S. Attorney Geoffrey S. Berman said:  “Today, in one of the largest state-sponsored hacking campaigns ever prosecuted by the Department of Justice, we have unmasked criminals who normally hide behind the ones and zeros of computer code.  As alleged, this massive and brazen cyber-assault on the computer systems of hundreds of universities in 22 countries, including the United States, and dozens of private sector companies and governmental organizations was conducted on behalf of Iran’s Islamic Revolutionary Guard.  The hackers targeted innovations and intellectual property from our country’s greatest minds.  These defendants are now fugitives from American justice, no longer free to travel outside Iran without risk of arrest.  The only way they will see the outside world is through their computer screens, but stripped of their greatest asset – anonymity.”

FBI Assistant Director William F. Sweeney Jr. said:  “The numbers alone in this case are staggering, over 300 universities and 47 private sector companies both here in the United States and abroad were targeted to gain unauthorized access to online accounts and steal data.  An estimated 30 terabytes was removed from universities’ accounts since this attack began, which is roughly equivalent of 8 billion double-sided pages of text.  It is hard to quantify the value on the research and information that was taken from victims but it is estimated to be in the billions of dollars. The nine Iranians indicted today now find themselves wanted by the FBI and our partner law enforcement agencies around the globe – and like other cyber criminals they will soon learn their ability to freely move was just limited to the virtual world only.”

According to the allegations contained in the Indictment[1] unsealed today in Manhattan federal court:

Background on the Mabna Institute

GHOLAMREZA RAFATNEJAD and EHSAN MOHAMMADI, the defendants, founded the Mabna Institute in approximately 2013 to assist Iranian universities and scientific and research organizations in stealing access to non-Iranian scientific resources.  In furtherance of its mission, the Mabna Institute employed, contracted, and affiliated itself with hackers-for-hire and other contract personnel to conduct cyber intrusions to steal academic data, intellectual property, email inboxes and other proprietary data, including ABDOLLAH KARIMA, a/k/a “Vahid Karima,” MOSTAFA SADEGHI, SEYED ALI MIRKARIMI, MOHAMMED REZA SABAHI, ROOZBEH SABAHI, ABUZAR GOHARI MOQADAM, and SAJJAD TAHMASEBI.  The Mabna Institute contracted with both Iranian governmental and private entities to conduct hacking activities on their behalf, and specifically conducted the university spearphishing campaign on behalf of the IRGC.  The Mabna Institute is located at Tehran, Sheikh Bahaii Shomali, Koucheh Dawazdeh Metri Sevom, Plak 14, Vahed 2, Code Posti 1995873351.

University Hacking Campaign

The Mabna Institute, through the activities of the defendants, targeted over 100,000 accounts of professors around the world.  They successfully compromised approximately 8,000 professor email accounts across 144 U.S.-based universities, and 176 universities located in foreign countries, including Australia, Canada, China, Denmark, Finland, Germany, Ireland, Israel, Italy, Japan, Malaysia, Netherlands, Norway, Poland, Singapore, South Korea, Spain, Sweden, Switzerland, Turkey, and the United Kingdom.  The campaign started in approximately 2013, and has continued through at least December 2017, and broadly targeted all types of academic data and intellectual property from the systems of compromised universities, including, among other things, academic journals, theses, dissertations, and electronic books.  Through the course of the conspiracy, U.S.-based universities spent over approximately $3.4 billion to procure and access such data and intellectual property.

The hacking campaign against universities was conducted across multiple stages.  First, the defendants conducted online reconnaissance of university professors, including to determine these professors’ research interests and the academic articles they had published.  Second, using the information collected during the reconnaissance phase, the defendants created and sent spearphishing emails to targeted professors, which were personalized and created so as to appear to be sent from a professor at another university.  In general, those spearphishing emails indicated that the purported sender had read an article the victim professor had recently published, and expressed an interest in several other articles, with links to those additional articles included in the spearphishing email.  If the targeted professor clicked on certain links in the email, the professor would be directed to a malicious Internet domain named to appear confusingly similar to the authentic domain of the recipient professor’s university.  The malicious domain contained a webpage designed to appear to be the login webpage for the victim professor’s university.  It was the defendants’ intent that the victim professor would be led to believe that he or she had inadvertently been logged out of his or her university’s computer system, prompting the victim professor for his or her login credentials.  If a professor then entered his or her login credentials, those credentials were then logged and captured by the hackers.

Finally, the members of the conspiracy used stolen account credentials to obtain unauthorized access to victim professor accounts, through which they then exfiltrated intellectual property, research, and other academic data and documents from the systems of compromised universities, including, among other things, academic journals, theses, dissertations, and electronic books.  The defendants targeted data across all fields of research and academic disciplines, including science and technology, engineering, social sciences, medical, and other professional fields.  At least approximately 31.5 terabytes of academic data and intellectual property from compromised universities were stolen and exfiltrated to servers under the control of members of the conspiracy located in countries outside the United States.

In addition to stealing academic data and login credentials for university professors for the benefit of the Government of Iran, the defendants also sold the stolen data through two websites, Megapaper.ir (“Megapaper”) and Gigapaper.ir (“Gigapaper”).  Megapaper was operated by Falinoos Company (“Falinoos”), a company controlled by ABDOLLAH KARIMA, a/k/a “Vahid Karima,” the defendant, and Gigapaper was affiliated with KARIMA.  Megapaper sold stolen academic resources to customers within Iran, including Iran-based public universities and institutions, and Gigapaper sold a service to customers within Iran whereby purchasing customers could use compromised university professor accounts to directly access the online library systems of particular United States-based and foreign universities.

Prior to the unsealing of the Indictment, the FBI provided foreign law enforcement partners with detailed information regarding victims within their jurisdictions, so that victims in foreign countries could be notified and so that foreign partners could assist in remediation efforts.

Private Sector Hacking Victims

In addition to targeting and compromising universities, the Mabna Institute defendants targeted and compromised employee email accounts for at least approximately 36 United States-based private companies, and at least approximately 11 private companies based in Germany, Italy, Switzerland, Sweden, and the United Kingdom, and exfiltrated entire email mailboxes from compromised employees’ accounts.  Among the United States-based private sector victims were three academic publishers, two media and entertainment companies, one law firm, 11 technology companies, five consulting firms, four marketing firms, two banking and/or investment firms, two online car sales companies, one healthcare company, one employee benefits company, one industrial machinery company, one biotechnology company, one food and beverage company, and one stock images company.

In order to compromise accounts of private sector victims, members of the conspiracy used a technique known as “password spraying,” whereby they first collected lists of names and email accounts associated with the intended victim company through open source Internet searches.  Then, they attempted to gain access to those accounts with commonly-used passwords, such as frequently used default passwords, in order to attempt to obtain unauthorized access to as many accounts as possible.  Once they obtained access to the victim accounts, members of the conspiracy, among other things, exfiltrated entire email mailboxes from the victims.  In addition, in many cases, the defendants established automated forwarding rules for compromised accounts that would prospectively forward new outgoing and incoming email messages from the compromised accounts to email accounts controlled by the conspiracy.

In connection with the unsealing of the Indictment, today the FBI issued a FBI Liaison Alert System (FLASH) message, providing detailed information regarding the vulnerabilities targeted and the intrusion vectors used by the Mabna Institute in their campaign against private sector companies, to provide the public with information to assist in detecting and remediating the threat.

U.S. Government and NGO Hacking Victims

In the same time period as the university and private sector hacking campaigns described above, the Mabna Institute also conducted a computer hacking campaign against various governmental and non-governmental organizations within the United States.  During the course of that campaign, employee login credentials were stolen by members of the conspiracy through password spraying.  Among the victims were the following, all based in the United States:  the United States Department of Labor, the Federal Energy Regulatory Commission, the State of Hawaii, the State of Indiana, the State of Indiana Department of Education, the United Nations, and the United Nations Children’s Fund.  As with private sector victims, the defendants targeted for theft email inboxes of employees of these organizations.

*                *                *

GHOLAMREZA RAFATNEJAD, EHSAN MOHAMMADI, ABDOLLAH KARIMA, a/k/a “Vahid Karima,” MOSTAFA SADEGHI, SEYED ALI MIRKARIMI, MOHAMMED REZA SABAHI, ROOZBEH SABAHI, ABUZAR GOHARI MOQADAM, and SAJJAD TAHMASEBI, the defendants, are citizens and residents of Iran.  Each is charged with one count of conspiracy to commit computer intrusions, which carries a maximum sentence of five years in prison; one count of conspiracy to commit wire fraud, which carries a maximum sentence of 20 years in prison; two counts of unauthorized access of a computer, each of which carries a maximum sentence of five years in prison; two counts of wire fraud, each of which carries a maximum sentence of 20 years in prison; and one count of aggravated identity theft, which carries a mandatory sentence of two years in prison.  The maximum potential sentences in this case are prescribed by Congress and are provided here for informational purposes only, as any sentencings of the defendants will be determined by the assigned judge.

Mr. Berman praised the outstanding investigative work of the FBI, the assistance of the United Kingdom’s National Crime Agency (NCA), and the support of the OFAC.  The case is being handled by the Office’s Complex Frauds and Cybercrime Unit.  Assistant United States Attorneys Timothy T. Howard, Jonathan Cohen, and Richard Cooper are in charge of the prosecution, with assistance provided by Heather Alpino and Jason McCullough of the National Security Division’s Counterintelligence and Export Control Section.

The charges contained in the Indictment are merely accusations and the defendants are presumed innocent unless and until proven guilty.

[1] As the introductory phrase signifies, the entirety of the text of the Indictment, and the description of the Indictment set forth herein, constitute only allegations, and every fact described should be treated as an allegation.

Attachment(s):
Download U.S. v. Rafatnejad et al Indictment
Topic(s):
Cyber Crime
Component(s):
USAO – New York, Southern
Press Release Number:
18-089