Former KGB Officer Hired for US Embassy Moscow Security

Posted on November 15, 2017November 15, 2017 by Denise Simon

Synopsis:

Added: Oct 27, 2017 1:51 pm

Local Guard Services for US Mission Russia. Contract was awarded in accordance with FAR 6.302-2, Unusual and compelling urgency.

Contract is in accordance with 52.216-25 CONTRACT DEFINITIZATION.

The 4 page contract is here, it appears it was an emergency choice and hire.

US_Mission_Russia_17R0554_-_J&A_FBO

Are there any people left in the contract office that have any brains? Is there anyone at the State Department providing guidance or final approvals with brains?

photo

US embassy hires security firm of former Russian spy who worked with Putin

The US embassy in Moscow is to be guarded by a company owned by a former head of KGB counter-intelligence who worked with British double agent Kim Philby and young Vladimir Putin, after cuts to US staff demanded by Russia.

Elite Security Holdings was awarded a $2.83 million contract to provide “local guard services for US mission Russia,” which includes the Moscow embassy and consulates in St Petersburg, Yekaterinburg and Vladivostok, according to a post on a US state procurement website.

The contract and background of the firm came to light in a Kommersant newspaper report on Friday.

Elite Security, a private company and the oldest part of the eponymous holding, was founded in 1997 by Viktor Budanov and his son Dmitry, according to a Russian business registry.

A 2002 article posted on the site of Russia’s foreign intelligence service identified Mr Budanov as a major general in the agency who became a Soviet spy in 1966 and retired a year after the collapse of the USSR.

His long work in Soviet and Russian intelligence could raise questions about whether the guard services contract poses a security or intelligence risk to the US mission.

The US embassy referred The Telegraph to the state department, which did not respond to requests for comment.

Moscow forced Washington to cut its diplomatic staff in Russia from more than 1,200 to 455 in response to sanctions adopted against Russia in August.

Before his work in foreign intelligence Mr Budanov was the director of the KGB’s counter-intelligence division, he has told Russian media.

He also was head of the KGB branch in East Germany in the late 1980s, where a young Mr Putin served under him. In a 2007 interview, Mr Budanov lamented the collapse of the USSR, praised Mr Putin’s leadership and warned that Russia “can’t constantly act as (the Americans) want” or it would be destroyed.

He has also said he worked with Britain’s most infamous Soviet double agent after Philby defected to the USSR in 1963 and was once a guest at a private lunch given in Philby’s honour by Yury Andropov, the KGB head who became leader of the Soviet Union.

In the 1990s, Mr Budanov became acquainted with high-level US intelligence officials while providing business intelligence and security to foreign companies.

He formed a joint venture with the former assistant director of the National Security Agency and said in 2007 he personally knew the head of security at the US embassy in Moscow.

International Risk and Information Services, a company Mr Budanov founded in 1992 that later became part of Elite Security Holdings, says on its website it employs staff with experience in “state security organs”.

In testimony before a UK court in 1993, Oleg Gordievsky, a KGB bureau chief in London who became a British agent, said Mr Budanov had drugged and interrogated him after he was recalled to Moscow under suspicion.

Mr Budanov also handled sensitive operations like teaching Bulgarian agents how to use a poisonous umbrella to kill dissidents, Mr Gordievsky said.

Simpson/Dossier Testimony and Why these Wire Transfers?

Posted on November 15, 2017November 15, 2017 by Denise Simon

photo

Primer: FNC: The co-founder of the firm behind the anti-Trump ‘dossier’ told House investigators Tuesday that he personally discussed with members of the media allegations of Trump-Russia collusion, though he did not speak to the sources behind the claims, a source told Fox News.

According to a source familiar with the matter, Fusion GPS co-founder Glenn Simpson refused to answer key questions during his seven-hour, closed-door appearance before the House Intelligence Committee. The source said he would not answer questions on his relationship with specific journalists or ties to the Democratic National Committee and Hillary Clinton campaign, which financed the anti-Trump research via the law firm Perkins Coie.

But the source said Simpson acknowledged he did not personally look into certain aspects of the dossier — which was authored by former British intelligence officer Christopher Steele and contained salacious allegations about the Trump team’s ties to Russia.

Simpson told investigators he never spoke to the underlying sources of the document, never traveled to Russia and did not verify the dossier beyond comparing the claims to “open source” media reporting.

The source said Simpson also told investigators he was “upset” when then FBI Director James Comey re-opened the Hillary Clinton email investigation in late October 2016, and Simpson wanted to push back.

Simpson’s appearance was arranged last week in coordination with his attorneys.

The committee initially sought to subpoena Simpson, but withdrew it in exchange for his voluntary testimony.

“Throughout this entire year, the White House and its allies on the Hill and elsewhere have attempted at every turn to smear Fusion GPS because of its connection to the Steele Dossier,” Simpson’s attorney Joshua Levy said Tuesday.

He said Steele and Simpson briefed reporters on the dossier, but neither Simpson nor Fusion GPS paid members of the media to publish stories of any kind. The House Intelligence Committee is back in court Wednesday as Fusion tries to prevent the release of its bank records.

Levy, however, said the dossier is solid.

“What they did do is they contracted with Christopher Steele. … This experienced British intelligence official came back with a report. That now in hindsight looks quite accurate,” Levy said.

Fox News reported earlier this month that Simpson met with Russian lawyer Natalia Veselnitskaya before and after the June 2016 Trump Tower meeting with Donald Trump Jr. and others.

Fox News reported that, during that period, bank records show Fusion GPS was paid by a law firm for work on behalf of a Kremlin-linked oligarch while also paying Steele to dig up dirt on Trump.

But Levy said his client was “shocked and surprised” when he learned in media accounts about the Trump Tower meeting and her presence.

The FBI is examining why Russia transferred nearly $400,000 to its embassies ‘to finance’ the ‘election campaign of 2016’

The FBI is reviewing a series of wire transfers totaling more than $380,000 sent in August and September of last year by the Russian government to its embassies around the world — most with the memo “to finance election campaign of 2016” — BuzzFeed News reported on Tuesday.

It is unclear which “election campaign” the money was for — the US campaign was in full swing, but Russia’s lower house of Parliament was also set to hold an election on September 18.

The funds were transferred to about 60 embassies worldwide from August 3 to September 20, 2016, according to BuzzFeed News. At least one transaction originated from VTB Bank, the report said.

VTB, which is majority-owned by the Kremlin and was sanctioned by the US in 2014, transferred $30,000 to the Citibank account of Russia’s Washington, DC, embassy on August 3, prompting the bank to examine VTB’s other transactions over the same period.

Citibank would then have been required to inform the Treasury’s Financial Crimes Enforcement Network, or FinCEN, if it noticed any suspicious activity.

The Senate Intelligence Committee, which BuzzFeed News says has been made aware of the wire transfers, asked the Treasury for its FinCEN records in April, The Wall Street Journal reported at the time. It received over 2,000 documents from the financial-crimes unit, which monitors over 200 million Bank Secrecy Act records involving more than 80,000 financial institutions.

A dossier compiled by the former British spy Christopher Steele alleging ties between President Donald Trump’s campaign and Moscow claimed that Russian “diplomatic staff” paid “relevant assets” to provide “a two-way flow of intelligence and other useful information.”

“Source E claimed that Russian diplomatic staff in key cities such as New York, Washington DC and Miami were using the emigre ‘pension’ distribution system as cover,” the dossier reads. “The operation therefore depended on key people in the US Russian emigre community for its success. Tens of thousands of dollars were involved.”

The congressional intelligence committees have been examining the dossier’s claims as part of their investigations into whether the Trump campaign colluded with Moscow to influence the outcome of the election.

The special counsel Robert Mueller is leading a parallel investigation into Russia’s election interference. Mueller began hiring lawyers in June with extensive experience in dealing with fraud, racketeering, and other financial crimes. Late last month, the Trump campaign chairman, Paul Manafort, and his longtime business associate Rick Gates were indicted by a grand jury as a result of charges stemming from the investigation.

Mueller’s team is reportedly scrutinizing a meeting in December between Jared Kushner, Trump’s son-in-law, and Sergey Gorkov, the CEO of another sanctioned Russian bank, Vnesheconombank.

Secret Planes, Russia, China and the United States oh My

Posted on November 14, 2017November 14, 2017 by Denise Simon

Primer:

Navigator Holdings Ltd., the shipping firm part-owned by U.S. Commerce Secretary Wilbur Ross, doubled the number of contracts it had with Sibur Holding PJSC just months after the U.S. imposed sanctions on a major shareholder of the Russian petrochemical company in 2014.

Sibur itself wasn’t subject to the restrictions, which the U.S. imposed over the Ukraine crisis, but they led to a broad chill in business ties between the two countries. Sibur’s shareholders have particularly close ties to the Kremlin. Gennady Timchenko, a billionaire energy trader, was cited as a member of the “inner circle” by the U.S. Treasury when it imposed a visa ban and asset freeze on him in March 2014, held a stake of as much as 32 percent by September of that year. Kirill Shamalov, who is married to Russian President Vladimir Putin’s younger daughter isn’t subject to U.S. restrictions, raised his Sibur stake to 21 percent in late 2014. He later sold all but 3.9 percent. More here.

*** photo

Mikhelson is the founder and chairman of natural gas producer Novatek. He is also chairman of gas processing and petrochemical company Sibur; Billionaire Gennady Timchenko is his partner in both; Putin’s reported son-in-law, Kirill Shamalov, is a partner in Sibur. Over 2015 and 2016, Mikhelson sold a 16% stake in Sibur to China’s state-owned Sinopec and China’s Silk Road Fund for $2.1 billion. An avid art collector, he has sponsored museum exhibits in Russia and the U.S. His father headed the largest pipeline construction trust in the Soviet Union, and Mikhelson began his career as foreman for a construction company building a gas pipeline in Russia’s Tyumen region.

*** Related reading: The New Silk Road Will Go Through Syria

China and Syria have already begun discussing post-war infrastructure investment with a ‘Matchmaking Fair for Syria Reconstruction’ held in Beijing

From Utah, Secretive
Help for a Russian
Oligarch and His Jet

Records leaked from an offshore law firm show how
the wealthy elite sidestep prohibitions on foreigners
registering private planes in the United States.

SALT LAKE CITY — Bank of Utah has that all-American feel. Founded in the 1950s by a veteran of both world wars, it offers affordable mortgages and savings accounts, sponsors children’s festivals and collects coats for the poor.

But in addition to its mom-and-pop customers, the bank has a lesser-known clientele that includes Russia’s richest oligarch, Leonid Mikhelson, an ally of the country’s president, Vladimir V. Putin. The bank served as a stand-in so Mr. Mikhelson could secretly register a private jet in the United States, which requires American citizenship or residency.

The work on behalf of Mr. Mikhelson, whose gas company is under United States sanctions, is part of a discreet niche business for Bank of Utah that allows wealthy foreigners to legally obtain American registrations for their aircraft while shielding their identities from public view. The bank does this through trust accounts, in its own name, that take the place of owners on plane registration records.

Bank of Utah manages more than 1,390 aircraft trust accounts, most of them for foreigners, generating millions of dollars in fees and making it the second-largest holder of such accounts in the country. A trove of records leaked from an offshore law firm, Appleby, shows that the services offered by Bank of Utah, Wells Fargo and other American companies were sought after by rich jet owners in Russia, Africa and the Middle East.

The files were obtained by a German newspaper, Süddeutsche Zeitung, which shared them with the International Consortium of Investigative Journalists and other news organizations, including The New York Times. Among other things, the records reveal how Appleby often packaged trust arrangements with a tax avoidance scheme on the Isle of Man, a British crown dependency that serves as a haven for aircraft owners to sidestep taxes in the European Union. Together, businesses like Bank of Utah and Appleby provide a suite of money-saving tricks for the wealthy elite around the world.

Members of Congress and federal auditors have grown increasingly concerned that the opaque aircraft trust arrangements, which are not closely tracked by the Federal Aviation Administration, could allow terrorists and criminals a back door for evading sanctions, intelligence officials or law enforcement. Some 10,000 private planes are registered in the United States to noncitizen trusts.

“There are serious national security risks when the F.A.A. approves an aircraft registration but does not have all the information, particularly if an aircraft is owned by a shell corporation or a foreign entity,” Representative Stephen F. Lynch, a Massachusetts Democrat, said when he introduced legislation in July that would require the F.A.A. to obtain and regularly update records on the ultimate owners behind aircraft trusts.

An inspector general report in 2013 found that more than half of noncitizen trusts registered with the F.A.A. “lacked important information such as the identity of the trusts’ owners and aircraft operators.” As a result, the report said, the agency “has been unable to provide information on these aircraft to foreign authorities upon request when U.S. registered aircraft are involved in accidents or incidents.”

Another inspector general report, in 2014, cited specific cases that it said demonstrated the potential for national-security or legal problems. Among them was an episode in which an unnamed American bank had to cancel an aircraft trust after learning that its beneficiary, a Lebanese politician, had ties to a terrorist group. Another involved a jet registered to Wells Fargo that made an unscheduled landing in Libya in 2011 just as a no-fly zone was imposed by the United Nations.

In 2014, a plane registered to Bank of Utah was spotted at an airport in Iran, raising questions about whether its presence violated American sanctions. Credit Thomas Erdbrink/The New York

Back Channel Communications Between Wikileaks/Donald Jr.

Posted on November 14, 2017November 14, 2017 by Denise Simon

CIA Director Mike Pompeo has called WikiLeaks a hostile agent bent on taking down America. Meanwhile, Julian Assange continues to inject himself and WikiLeaks into all political affairs in the United States, to what end has not been determined.

Meanwhile, Congress has all the direct message communications between someone at WikiLeaks and Donald Trump Jr. that was apparently leading the Twitter communications during the campaign season. Many of those communications from WikiLeaks had a response from Donald Jr.

Image result for donald trump jr twitter photo

Immediately after this became public, Julian Assange took to twitter to push back.

He posted on Twitter the following:

I cannot confirm the alleged DM’s from @DonaldJTrumpJr to @wikileaks. @wikileaks does not keep such records and the Atlantic’s presentation is edited and clearly does not have the full context. However, even those published by the Atlantic show that: 1/

WikiLeaks loves its pending publications and ignores those who ask for details. Trump Jr. was rebuffed just like Cambridge Analytica. In both cases WikiLeaks had publicly teased the publications. Thousands of people asked about them. 2/

WikiLeaks can be very effective at convincing even high profile people that it is their interest to promote links to its publications. 3/

WikiLeaks has such chutzpah that it allegedly tried to convince Trump Jr to leak his father’s tax returns & his own “Russian lawyer meeting” emails (he did). WikiLeaks appears to beguile some people into transparency by convincing them that it is in their interest. 4/

He also asked to be the U.S. ambassador to Australia…sheesh. Anyway….Assange was referring to the Atlantic article about those communications of which Congressional committees have copies provided by his lawyer. Here is that summary:

Just before the stroke of midnight on September 20, 2016, at the height of last year’s presidential election, the WikiLeaks Twitter account sent a private direct message to Donald Trump Jr., the Republican nominee’s oldest son and campaign surrogate. “A PAC run anti-Trump site putintrump.org is about to launch,” WikiLeaks wrote. “The PAC is a recycled pro-Iraq war PAC. We have guessed the password. It is ‘putintrump.’ See ‘About’ for who is behind it. Any comments?” (The site, which has since become a joint project with Mother Jones, was founded by Rob Glaser, a tech entrepreneur, and was funded by Progress for USA Political Action Committee.)

The next morning, about 12 hours later, Trump Jr. responded to WikiLeaks. “Off the record I don’t know who that is, but I’ll ask around,” he wrote on September 21, 2016. “Thanks.”

The messages, obtained by The Atlantic, were also turned over by Trump Jr.’s lawyers to congressional investigators. They are part of a long—and largely one-sided—correspondence between WikiLeaks and the president’s son that continued until at least July 2017. The messages show WikiLeaks, a radical transparency organization that the American intelligence community believes was chosen by the Russian government to disseminate the information it had hacked, actively soliciting Trump Jr.’s cooperation. WikiLeaks made a series of increasingly bold requests, including asking for Trump’s tax returns, urging the Trump campaign on Election Day to reject the results of the election as rigged, and requesting that the president-elect tell Australia to appoint Julian Assange ambassador to the United States.

“Over the last several months, we have worked cooperatively with each of the committees and have voluntarily turned over thousands of documents in response to their requests,” said Alan Futerfas, an attorney for Donald Trump Jr. “Putting aside the question as to why or by whom such documents, provided to Congress under promises of confidentiality, have been selectively leaked, we can say with confidence that we have no concerns about these documents and any questions raised about them have been easily answered in the appropriate forum.” WikiLeaks did not respond to requests for comment.

The messages were turned over to Congress as part of that body’s various ongoing investigations into Russian meddling in the 2016 presidential campaign. American intelligence services have accused the Kremlin of engaging in a deliberate effort to boost President Donald Trump’s chances while bringing down his Democratic rival, Hillary Clinton. That effort—and the president’s response to it—has spawned multiple congressional investigations, and a special counsel inquiry that has led to the indictment of Trump’s former campaign chair, Paul Manafort, for financial crimes.

It’s not clear what investigators will make of the correspondence, which represents a small portion of the thousands of documents Donald Trump Jr.’s lawyer says he turned over to them. The stakes for the Trump family, however, are high. Trump Jr.’s June 2016 meeting with Natalia Veselnitskaya, a Russian lawyer with connections to Russia’s powerful prosecutor general, is already reportedly a subject of interest in Special Counsel Robert Mueller’s investigation, as is the White House statement defending him. (Trump Jr. was emailed an offer of “information that would incriminate Hillary,” and responded in part, “If it’s what you say I love it.”) The messages exchanged with WikiLeaks add a second instance in which Trump Jr. appears eager to obtain damaging information about Hillary Clinton, despite its provenance.

Though Trump Jr. mostly ignored the frequent messages from WikiLeaks, he at times appears to have acted on its requests. When WikiLeaks first reached out to Trump Jr. about putintrump.org, for instance, Trump Jr. followed up on his promise to “ask around.” According to a source familiar with the congressional investigations into Russian interference with the 2016 campaign, who requested anonymity because the investigation is ongoing, on the same day that Trump Jr. received the first message from WikiLeaks, he emailed other senior officials with the Trump campaign, including Steve Bannon, Kellyanne Conway, Brad Parscale, and Trump son-in-law Jared Kushner, telling them WikiLeaks had made contact. Kushner then forwarded the email to campaign communications staffer Hope Hicks. At no point during the 10-month correspondence does Trump Jr. rebuff WikiLeaks, which had published stolen documents and was already observed to be releasing information that benefited Russian interests.

WikiLeaks played a pivotal role in the presidential campaign. In July 2016, on the first day of the Democratic National Convention, WikiLeaks released emails stolen from the Democratic National Committee’s servers that spring. The emails showed DNC officials denigrating Bernie Sanders, renewing tensions on the eve of Clinton’s acceptance of the nomination. On October 7, less than an hour after the Washington Post released the Access Hollywood tape, in which Trump bragged about sexually assaulting women, Wikileaks released emails that hackers had pilfered from the personal email account of Clinton’s campaign manager John Podesta.

On October 3, 2016, WikiLeaks wrote again. “Hiya, it’d be great if you guys could comment on/push this story,” WikiLeaks suggested, attaching a quote from then-Democratic nominee Hillary Clinton about wanting to “just drone” WikiLeaks founder, Julian Assange.

“Already did that earlier today,” Trump Jr. responded an hour-and-a-half later. “It’s amazing what she can get away with.”

Two minutes later, Trump Jr. wrote again, asking, “What’s behind this Wednesday leak I keep reading about?” The day before, Roger Stone, an informal advisor to Donald Trump, had tweeted, “Wednesday@HillaryClinton is done. #WikiLeaks.”

WikiLeaks didn’t respond to that message, but on October 12, 2016, the account again messaged Trump Jr. “Hey Donald, great to see you and your dad talking about our publications,” WikiLeaks wrote. (At a rally on October 10, Donald Trump had proclaimed, “I love WikiLeaks!”)

“Strongly suggest your dad tweets this link if he mentions us,” WikiLeaks went on, pointing Trump Jr. to the link wlsearch.tk, which it said would help Trump’s followers dig through the trove of stolen documents and find stories. “There’s many great stories the press are missing and we’re sure some of your follows [sic] will find it,” WikiLeaks went on. “Btw we just released Podesta Emails Part 4.”

Trump Jr. did not respond to this message. But just 15 minutes after it was sent, as The Wall Street Journal’s Byron Tau pointed out, Donald Trump himself tweeted, “Very little pick-up by the dishonest media of incredible information provided by WikiLeaks. So dishonest! Rigged system!”

Two days later, on October 14, 2016, Trump Jr. tweeted out the link WikiLeaks had provided him. “For those who have the time to read about all the corruption and hypocrisy all the @wikileaks emails are right here: http://wlsearch.tk/,” he wrote.

After this point, Trump Jr. ceased to respond to WikiLeaks’s direct messages, but WikiLeaks escalated its requests.

“Hey Don. We have an unusual idea,” WikiLeaks wrote on October 21, 2016. “Leak us one or more of your father’s tax returns.” WikiLeaks then laid out three reasons why this would benefit both the Trumps and WikiLeaks. One, The New York Times had already published a fragment of Trump’s tax returns on October 1; two, the rest could come out any time “through the most biased source (e.g. NYT/MSNBC).”

It is the third reason, though, WikiLeaks wrote, that “is the real kicker.” “If we publish them it will dramatically improve the perception of our impartiality,” WikiLeaks explained. “That means that the vast amount of stuff that we are publishing on Clinton will have much higher impact, because it won’t be perceived as coming from a ‘pro-Trump’ ‘pro-Russia’ source.” It then provided an email address and link where the Trump campaign could send the tax returns, and adds, “The same for any other negative stuff (documents, recordings) that you think has a decent chance of coming out. Let us put it out.”

Trump Jr. did not respond to this message.

WikiLeaks didn’t write again until Election Day, November 8, 2016. “Hi Don if your father ‘loses’ we think it is much more interesting if he DOES NOT conceed [sic] and spends time CHALLENGING the media and other types of rigging that occurred—as he has implied that he might do,” WikiLeaks wrote at 6:35pm, when the idea that Clinton would win was still the prevailing conventional wisdom. (As late as 7:00pm that night, FiveThirtyEight, a trusted prognosticator of the election, gave Clinton a 71 percent chance of winning the presidency.) WikiLeaks insisted that contesting the election results would be good for Trump’s rumored plans to start a media network should he lose the presidency. “The discussion can be transformative as it exposes media corruption, primary corruption, PAC corruption, etc.,” WikiLeaks wrote.

Shortly after midnight that day, when it was clear that Trump had beaten all expectations and won the presidency, WikiLeaks sent him a simple message: “Wow.”

Trump Jr. did not respond to these messages either, but WikiLeaks was undeterred. “Hi Don. Hope you’re doing well!” WikiLeaks wrote on December 16 to Trump Jr., who was by then the son of the president-elect. “In relation to Mr. Assange: Obama/Clinton placed pressure on Sweden, UK and Australia (his home country) to illicitly go after Mr. Assange. It would be real easy and helpful for your dad to suggest that Australia appoint Assange ambassador to [Washington,] DC.”

WikiLeaks even imagined how Trump might put it: “‘That’s a real smart tough guy and the most famous australian [sic] you have!’ or something similar,” WikiLeaks wrote. “They won’t do it but it will send the right signals to Australia, UK + Sweden to start following the law and stop bending it to ingratiate themselves with the Clintons.” (On December 7, Assange, proclaiming his innocence, had released his testimony in front of London investigators looking into accusations that he had committed alleged sexual assault.)

In the winter and spring, WikiLeaks went largely silent, only occasionally sending Trump Jr. links. But on July 11, 2017, three days after The New York Times broke the story about Trump Jr.’s June 2016 meeting with Natalia Veselnitskaya, a Russian lawyer with connections to Russia’s powerful prosecutor general, WikiLeaks got in touch again.

“Hi Don. Sorry to hear about your problems,” WikiLeaks wrote. “We have an idea that may help a little. We are VERY interested in confidentially obtaining and publishing a copy of the email(s) cited in the New York Times today,” citing a reference in the paper to emails Trump Jr had exchanged with Rob Goldstone, a publicist who had helped set up the meeting. “We think this is strongly in your interest,” WikiLeaks went on. It then reprised many of the same arguments it made in trying to convince Trump Jr. to turn over his father’s tax returns, including the argument that Trump’s enemies in the press were using the emails to spin an unfavorable narrative of the meeting. “Us publishing not only deprives them of this ability but is beautifully confounding.”

The message was sent at 9:29 am on July 11. Trump Jr. did not respond, but just hours later, he posted the emails himself, on his own Twitter feed.

Hacking Public Schools, 757’s and the Defense Dept

Posted on November 13, 2017November 13, 2017 by Denise Simon

Hack-O-Matic…some good ones and others not so much.

800 Schools

“Unless we have irrefutable evidence to suggest otherwise, we need to assume confidential data has been compromised,” Hamid Karimi, vice president of business development and the security expert at Beyond Security. “That should be a cause for concern. To remedy the situation, all schools and institutions that serve minors must submit to (a) stricter set of cybersecurity rules.”

photo

The breached school websites, which spanned nationwide from New Jersey to Arizona and Virginia to Connecticut, are all powered by a company called SchoolDesk. The company since has handed over its server — which runs out of Georgia — to the FBI for investigation and also has hired external security firms to trace the hackers. The Atlanta-based company said after the hack that technicians detected that a small file had been injected into the root of one of its websites.

“The websites were redirected to an iframed YouTube video. No data was lost or altered in any way. Because we’re currently working with the FBI in an active investigation of this incident, as well as forensic team from Microsoft, we cannot yet discuss any technical details or exact methods of access to SchoolDesk’s network or software,” a spokesperson for SchoolDesk told Fox News.

The company has insisted that no personal or student information was exposed, but some security experts say the matter should be closely monitored, especially as minors are involved.

“In most hacks, organizations do not have full visibility into what happened or what information was compromised,” surmised Eric Cole, who served as commissioner on cyber security for President Barack Obama, and was formally a senior vice president at MacAfee and the chief scientist at Lockheed Martin. “In almost every breach, what is initially reported is usually extremely conservative and over the weeks following a breach, it is always worse than what was originally reported.”

The proud culprits of the hack? A shadowy pro-ISIS hacktivist outfit known as “Team System DZ.” Barely reported by Fox News, while other media outlets did nothing about about.

***

Pentagon Hackers for Hire

Just over a year ago, following the success of the pilot, we announced the U.S. Department of Defense was expanding its “Hack the Pentagon,” initiatives. To date, HackerOne and DoD have run bug bounty challenges for Hack the Pentagon, Hack the Army and Hack the Air Force.

The success of these programs has been undeniable and our amazing community of hackers continues to impress even us!

DoD has resolved nearly 500 vulnerabilities in public facing systems with bug bounty challenges and hackers have earned over $300,000 in bounties for their contributions — exceeding expectations and saving the DoD millions of dollars. You can read more in our recent case study “Defending the Federal Government from Cyber Attacks.”

2,837 Bugs Resolved With DoD’s Vulnerability Disclosure Policy

The DoD’s Vulnerability Disclosure Policy (VDP) is another essential, likely less talked about, part of the Hack the Pentagon initiative pioneered by DoD’s Defense Digital Service team.

A VDP is the, “see something say something of the internet”. DoD’s policy, and others like it, provide clear guidance for any hacker anywhere in the world to safely report a potential vulnerability so it can be resolved. Maintaining the security of the DoD’s networks is a top priority and their VDP is another proven way to resolve unknown security issues.

While a bounty or cash incentives are not awarded for vulnerabilities reported through the VDP, that has not stopped hackers eager to do their part to help protect the DoD’s assets. Nearly 650 hackers from more than 50 countries have successfully reported valid vulnerabilities through the VDP.

Thanks to these hackers and the pioneering team at DoD, 2,837 security vulnerabilities have been resolved in nearly 40 DoD components. Of these vulnerabilities, over 100 have been high or critical severity issues, including remote code executions, SQL injections, and ways to bypass authentication.

While the majority of participating hackers have been from United States, the top contributing countries include India, Great Britain, Pakistan, Philippines, Egypt, Russia, France, Australia and Canada. More here, at least this was a positive objective, we think.

Hacking Through Aircraft Wi-Fi

A Department of Homeland Security official admitted that a team of experts remotely hacked a Boeing 757 parked at an airport.

During a keynote address on Nov. 8 at the 2017 CyberSat Summit, a Department of Homeland Security (DHS) official admitted that he and his team of experts remotely hacked into a Boeing 757.

This hack was not conducted in a laboratory, but on a 757 parked at the airport in Atlantic City, N.J. And the actual hack occurred over a year ago. We are only now hearing about it thanks to a keynote delivered by Robert Hickey, aviation program manager within the Cyber Security Division of the DHS Science and Technology (S&T) Directorate.

“We got the airplane on Sept. 19, 2016. Two days later, I was successful in accomplishing a remote, non-cooperative, penetration,” Hickey said in an article in Avionics Today. “[That] means I didn’t have anybody touching the airplane; I didn’t have an insider threat. I stood off using typical stuff that could get through security, and we were able to establish a presence on the systems of the aircraft.”

While the details of the hack are classified, Hickey admitted that his team of industry experts and academics pulled it off by accessing the 757’s “radio frequency communications.”

We’ve been hearing about how commercial airliners could be hacked for years.

You might remember when a governmental watchdog admitted that the interconnectedness of modern commercial airliners could “potentially provide unauthorized remote access to aircraft avionics systems.” The concern was that a hacker could go through the Wi-Fi passenger network to hijack a plane while it was in flight.

And in a 2015 report by the U.S. Government Accountability Office (pdf), the agency warned, “Internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world, which includes potential malicious actors.”

At the time, U.S. Rep. Peter DeFazio (D-Ore.) said, the “FAA must focus on aircraft certification standards that would prevent a terrorist with a laptop in the cabin or on the ground from taking control of an airplane through the passenger Wi-Fi system.”

The same year, security researcher Chris Roberts ended up in hot water with the feds after tweeting about hacking the United Airlines plane he was traveling on. The FBI claimed Roberts said he took control of the navigation.

A Hack In The Box presentation by Hugo Teso in 2013 suggested that thanks to the lack of authentication features in the protocol Aircraft Communications Addressing and Report System (ACARS), an airliner could be controlled via an Android app. Flight management software companies, as well as the FAA, disputed Teso’s claims.

All of that means that airline pilots have heard of those vulnerabilities before, too. Yet at a technical meeting in March 2017, several shocked airline pilot captains from American Airlines and Delta were briefed on the 2016 Boeing 757 hack. Hickey said, “All seven of them broke their jaw hitting the table when they said, ‘You guys have known about this for years and haven’t bothered to let us know because we depend on this stuff to be absolutely the bible.’”

As CBS News pointed out, Boeing stopped producing 757s in 2004, but that aircraft is still used by major airlines, such as American, Delta and United. President Trump has a 757, and Vice President Pence also uses one. In fact, Avionics Today claimed 90 percent of commercial planes in the sky are legacy aircraft that were not designed with security in mind.

Boeing told CBS that it firmly believes the test “did not identify any cyber vulnerabilities in the 757, or any other Boeing aircraft.”

Furthermore, an unnamed official briefed on the test told CBS the results of the hack on an older aircraft was good information to have, adding, “but I’m not afraid to fly.” (Not feeling good about this aircraft hack at all, dont we have a missing plane or one that crashed where it was suspected there may have been a hack involved?)

Category Archives: Russia