Grid Hacking Tool Found, Have a Generator Yet?

Researchers Found a Hacking Tool that Targets Energy Grids on the Dark Web

Motherboard: A sophisticated piece of government-made malware, designed to do reconnaissance on energy grid’s system ahead of an eventual cyberattack on critical infrastructure, was found on a dark web hacking forum.

Cybersecurity researchers usually catch samples of malicious software like spyware or viruses when a victim who’s using their software such as an antivirus, gets infected. But at times, they find those samples somewhere else. Such was the case for Furtim, a newly discovered malware, caught recently by researchers from the security firm SentinelOne.

SentinelOne’s researchers believe the malware was created by a team of hackers working for a government, likely from eastern Europe, according to a report published on Tuesday.

Hacking forums, of course, are home to a lot of malicious data and software. But they are usually not places where sophisticated government-made hacking tools get exchanged.

Udi Shamir, chief security officer at SentinelOne, said that it’s normal to find reused code and malware on forums because “nobody tries to reinvent the wheel again and again and again.” But in this case, “it was very surprising to see such a sophisticated sample” appear in hacking forums, he told Motherboard in a phone interview.

“This was not the work of a kid. […] It was cyberespionage at its best.”

Shamir said that the malware, dubbed Furtim, was “clearly not” made by cybercriminals to make some money but for a government spying operations.

Furtim is a “dropper tool,” a platform that infects a machine and then serves as a first step to launch further attacks. It was designed to target specifically European energy companies using Windows, was released in May, and is still active, according to SentinelOne.

Another interesting characteristic is that Furtim actively tries to avoid dozens of common antivirus products, as well as sandboxes and virtual machines, in an attempt to evade detection and stay hidden as long as possible. The goal is “to remove any antivirus software that is installed on the system and drop its final payload,” SentintelOne’s report reads.

Security experts believe that critical infrastructure, such as the energy grid, is highly vulnerable to cyberattacks, and believe a future conflict might start with taking down the power using malware. While it might sound far-fetched, at the end of last year, hackers believed to be working for the Russian government caused a blackout in parts of Ukraine after gaining access to the power grid using malware.

It’s unclear who’s behind this cyberespionage operation, but Shamir said it’s likely a government from Eastern Europe, with a lot of resources and skills. The malware’s developers were very familiar with Windows; they knew it “to the bone,” according to him.

“This was not the work of a kid,” he said. “It was cyberespionage at its best.”

****

The dropper’s principle mission is to avoid detection; it will not execute if it senses it’s being run in a virtualized environment such as a sandbox, and it also can bypass antivirus protection running on compromised machines.

The sample also includes a pair of privilege escalation exploits for patched Windows vulnerabilities (CVE-2014-4113 and CVE-2015-1701), as well as a bypass for Windows User Account Control (UAC), which limits user privileges.

“It escalates privileges after all these checks and registers a hidden binary that it drops onto the hard drive that runs early in the boot process,” SentinelOne senior security researcher Joseph Landry said. “It will go through and systematically remove any AV on the machine that it targets. Then it drops another payload to the Windows directory and runs it during login time.” More from ThreatPost

Yikes, FBI Director Comey’s Connections

In 1996, Comey acted as deputy special counsel to the Senate Whitewater Committee.

 

HSBC Holdings Plc. and HSBC Bank USA N.A. Admit to Anti-Money Laundering and Sanctions Violations, Forfeit $1.256 Billion in Deferred Prosecution Agreement
Bank Agrees to Enhanced Compliance Obligations, Oversight by Monitorin Connection with Five-year Agreement

Comey was appointed to the board of directors of the London-based financial institution HSBC Holdings, to improve the company’s compliance program after its $1.9 billion settlement with the Justice Department for failing to comply with basic due diligence requirements for money laundering regarding Mexican drug cartels and terrorism financing. Banks too big to fail? Summary is here from Bloomberg.

James Brien Comey, Jr. (52), former United States Deputy Attorney General, has been appointed a Director of HSBC Holdings plc with effect from 4 March 2013. He will be an independent non-executive Director and a member of the Financial System Vulnerabilities Committee.

CPC Green Initiative

… million has been committed to NELP from CPC, Deutsche Bank, HSBC, Goldman Sachs, and Morgan Stanley. In 2009, Deutsche … City of New York Pratt Institute HSBC Holdings Amalgamated Bank …

Scaling Rainwater Harvesting for 21st Century Mexico

… to install rainwater harvesting systems. With funding from HSBC, Isla Urbana is developing and testing different implementation strategies … Without Borders Temo Foundation HSBC Philanthropic Programs …

Building the Corporate Coalition

… and government leaders that includes the leaders of BP and HSBC (the world’s second largest bank). Its core coalition quickly grew to … BSkyB, British Telecom, Catalyst, Cheyne Capital Management, HSBC Holdings Plc, Interface, Johnson & Johnson, Munich Re Group, Starbucks, …

Clinton foundation received up to $81m from clients of controversial HSBC bank

  • Leaked files reveal identities of wealthy donors with accounts in Geneva
  • Donors gave as much as $81m to Bill, Hillary and Chelsea Clinton Foundation
  • Hillary Clinton expected to make inequality a key issue of any 2016 campaign

The charitable foundation run by Hillary Clinton and her family has received as much as $81m from wealthy international donors who were clients of HSBC’s controversial Swiss bank.

Leaked files from HSBC’s Swiss banking division reveal the identities of seven donors to the Bill, Hillary and Chelsea Clinton Foundation with accounts in Geneva.

They include Frank Giustra, a Canadian mining magnate and one of the foundation’s biggest financial backers, and Richard Caring, the British retail magnate who, the bank’s internal records show, used his tax-free Geneva account to transfer $1m into the New York-based foundation.

Hillary Clinton has expressed concern over growing economic inequality in the US and is expected to make the issue a cornerstone of her widely anticipated presidential campaign in 2016. However, political observers are increasingly asking whether the former secretary of state’s focus on wealth inequality sits uncomfortably with the close relationships she and her husband have nurtured with some of the world’s richest individuals.

Giustra’s Swiss HSBC account, created in 2002, contained up to $10m in the 2006-2007 period. Lawyers for the mining magnate said that he held the account for investment purposes, and that it was in compliance with Canadian laws that required disclosure of foreign assets. More from Guardian

U.S. Ambassador says he’s sorry but Poles want apology from FBI chief over offensive Holocaust remarks, DailyMail

  • FBI director James Comey suggested in remarks last week that Poles were accomplices during the holocaust
  • Comey’s comments are offensive to Poles as they had no role in running death camps and were themselves victims of the Third Reich
  • Poles see themselves as heroes of the war who have never been properly recognized, making the comments yet more hurtful
  • The remarks came shortly before the 72nd anniversary of the Warsaw Ghetto Uprising, which was commemorated on Sunday 
  • The U.S. ambassador to Poland, Stephen Mull, was called to the Foreign Ministry in a formal act of protest
  • The incident echoes a gaffe by President Obama in 2012 when he referred to ‘a Polish death camp’ – he offered his regrets for the error 

State Dept Purged the Emails, Anti Israel

State Department Purged Emails About Secret Anti-Netanyahu Campaign

Key emails deleted despite requirement to archive

FreeBeacon: A State Department official deleted emails that included information about a secret campaign to oust Prime Minister Benjamin Netanyahu during the country’s last election, according to a Senate investigatory committee that determined the Obama administration transferred tax funds to anti-Netanyahu groups.

The Senate Permanent Subcommittee on Investigations disclosed in a massive report on Tuesday that the Obama administration provided U.S. taxpayer dollars to the OneVoice Movement, a liberal group that waged a clandestine campaign to smear and oust Netanyahu from office.

OneVoice, which was awarded $465,000 in U.S. grants through 2014, has been under congressional investigation since 2015, when it was first accused of funneling money to partisan political groups looking to unseat Netanyahu. This type of behavior by non-profit groups is prohibited under U.S. tax law.

The investigation determined that OneVoice redirected State Department funds to anti-Netanyahu efforts and that U.S. officials subsequently erased emails containing information about the administration’s relationship with the non-profit group.

Related reading: March 2015/ Netanyahu Prevailed Against EU/USA Anti-Semitism

The disclosure comes amid a massive effort by Congress to reform the State Department’s email practices in light of former Secretary of State and Democratic presidential frontrunner’s Hillary Clinton’s mishandling of classified materials.

The Washington Free Beacon revealed early Tuesday that new legislation would ban all State Department officials from using private email accounts and servers, as well as mandate annual reports about the leak of classified information.

A senior State Department official admitted to congressional investigators that he deleted several emails pertaining to the administration’s coordination with OneVoice.

“The State Department was unable to produce all documents responsive to the Subcommittee’s requests due to its failure to retain complete email records of Michael Ratney, who served as U.S. Consul General in Jerusalem during the award and oversight of the OneVoice grants,” the report states.

Related reading: Jeremy Bird in Violation of the Logan Act?

Investigators “discovered this retention problem because one important email exchange between OneVoice and Mr. Ratney … was produced to the Subcommittee only by OneVoice,” the report continues. “After conducting additional searches, the Department informed the Subcommittee that it was unable to locate any responsive emails from Mr. Ratney’s inbox or sent mail.”

Ratney was ultimately forced to tell investigators that “[a]t times I deleted emails with attachments I didn’t need in order to maintain my inbox under the storage limit.”

While Ratney had the option to archive emails—as required by the department—he did not do this. Ratney claimed he was not aware of the rule, stating he “did not know [he] was required to archive routine emails.”

The deletion of the email chains appears to be a violation of the Federal Records Act, which mandates official records be archived for future disclosure purposes.

One source with intimate knowledge of the situation told the Free Beacon that the deletion of these emails is highly suspicious given the seriousness of the claims about the administration’s behavior.

Related reading: Obama’s War on Israel

“The Obama administration had the money, skills, and personnel to build a gigantic campaign infrastructure that was used to try to defeat the prime minister of an ally,” the source said. “But apparently they didn’t have what they needed to store the emails in which they did all of those things. That’s certainly a lucky break for the State Department.”

State Department officials did not immediately respond to a request for further information about the investigation and the deletion of emails.

****

Sens. Rob Portman (R-Ohio) and Claire McCaskill (D-Mo.) each signed off on the investigation, which was conducted by Portman’s Permanent Subcommittee on Investigations. In releasing the report, Portman criticized the State Department for lax oversight and for undermining a U.S. ally.

“The State Department ignored warning signs and funded a politically active group in a politically sensitive environment with inadequate safeguards,” Portman said. “It is completely unacceptable that U.S. taxpayer dollars were used to build a political campaign infrastructure that was deployed — immediately after the grant ended — against the leader of our closest ally in the Middle East.”

The investigation is notable for its bipartisan sheen. McCaskill highlighted the conclusion that it showed “no wrongdoing” by President Barack Obama’s administration but said the report “certainly highlights deficiencies in the Department’s policies that should be addressed in order to best protect taxpayer dollars.” Read more from Politico

Beijing Defiant After Ruling on S. China Sea Claims

Hague Court Strikes Down Beijing’s South China Sea Claims

Venezuela, Chaos in our Hemisphere, Inflation Skyrockets

Venezuelans flee to Mexico to escape economic crisis


Kimberly-Clark: Venezuela seizes and re-opens US-owned factory

BBC: The government of Venezuela has said it has seized a factory owned by the US firm Kimberly-Clark.

The firm had said it was halting operations in Venezuela as it was unable to obtain raw materials.

But the labour minister said on Monday that the factory closure was illegal and it had re-opened “in the hands of the workers”.

Kimberly-Clark, which makes hygiene products including tissues and nappies, said it had acted appropriately.

Over the weekend it became the latest multinational to close or scale back operations in the country, citing strict currency controls, a lack of raw materials and soaring inflation.

 Employees outside closed Kimberly-Clark gates in Maracay on 10 July 2016 Reuters: No to the closure” read graffiti on the firm’s gates over the weekend

General Mills, Procter & Gamble and other corporations have reduced operations in Venezuela as the country is gripped by economic crisis and widespread shortages of basic household goods.

What has gone wrong in Venezuela?

Labour Minister Oswaldo Vera, from the ruling Socialist Party (PSUV), visited the factory in Maracay and said it was illegal.

Almost 1,000 workers had asked him to re-start production, he said.

Mr Vera said: “Kimberly-Clark will continue producing, now in the hands of the workers.

“We’ve just turned on the first engine.”

The Texas-based company said in a statement: “If the Venezuelan government takes control of Kimberly-Clark facilities and operations, it will be responsible for the well-being of the workers and the physical asset, equipment and machinery in the facilities going forward.”

In just 12 hours, more than 35K Venezuelans cross Colombian border to buy food, medicine

In just 12 hours, more than 35,000 Venezuelans crossed the border into Colombia on Sunday to buy food and medicines in the city of Cucuta, when the Venezuelan government agreed to opened border crossings for one day only.

People began crossing the Simon Bolivar international bridge at 5:00 a.m. to purchase products that are scarce in Venezuela.

“We’re from here in San Antonio (and), honestly, we don’t have any food to give our children, so I don’t think it’s fair that the border is still closed,” a Venezuelan woman told EFE in Cucuta.

The woman, who preferred to not give her name, crossed the international bridge with her husband and children ages 5 and 2.

The border crossings between Tachira state and Norte de Santander province were closed on Aug. 19, 2015, by Venezuelan President Nicolas Maduro, who said he took the measure to fight smuggling and prevent members of paramilitary groups from entering Venezuela.

Maduro later ordered all crossings along the 1,378-mile border closed.

Tachira Gov. Jose Gregorio Vielma Mora said Saturday that the border would be opened on Maduro’s orders.

After the announcement, hundreds of Venezuelans began lining up to cross the Simon Bolivar international bridge.

“A second entry by Venezuelans into Colombia was planned by the Venezuelan right, with the pretext of buying food and medicines,” Vielma Mora said.

The governor was apparently referring to an incident last Tuesday, when about 500 Venezuelans from the city of Ureña crossed the closed Francisco de Paula Santander international bridge and went into Cucuta to buy food.

Norte de Santander Gov. William Villamizar, for his part, said in a Twitter post after visiting the border crossings that the humanitarian corridor “has benefited 25,000 people” who were able to buy “food and medicines.”

Villamizar spoke with some of the people streaming across the border and posed for photos with a family carrying a poster that read, “Colombia, gracias por su solidaridad con Venezuela” (Colombia, Thanks for Your Solidarity with Venezuela).

“This is super nice on Colombia’s part, very good,” Rosalba Jaimes, a San Antonio resident, told EFE.

Betty Rojas, a Venezuelan already heading home, said she and others planned to cross whenever the border was open.

“We bought rice, pasta, sugar, toilet paper, butter, everything we could bring back. We had enough for lots of stuff,” Rojas told EFE, adding that she wanted to tell the Colombian government “thank you.”

Cucuta police chief Col. Jaime Barrera said officers would “guarantee security in Cucuta’s business districts for the thousands of people coming from Venezuela.

Officers have been posted at the border crossings and at businesses across the border city, the provincial police chief said.

Colombian President Juan Manuel Santos and Foreign Minister Maria Angela Holguin visited Cucuta on Wednesday.

The president said he would try to negotiate with Maduro in an effort to reopen the border crossings.

Venezuela: Decree Grants New Powers To President, Defense Minister

Stratfor: Venezuelan President Nicolas Maduro issued a presidential decree July 11 granting new, sweeping powers to himself and Defense Minister Vladimir Padrino Lopez, Sumarium reported. Maduro said the decree establishes a new program that concentrates economic and political power at the very top of government, which will enable the country to correct its economic woes and get production back on track. Moreover, all government institutions and ministries in the country will now fall under the direct control of the president and the defense minister. The president said that he will provide more information about the decree, which effectively makes Padrino Lopez a second head of state in Venezuela, within the coming days.