Category Archives: #StopIran

2 Iranians Indicted for Conducting Surveillance in Chicago

Posted on by

Two Individuals Charged for Acting as Illegal Agents of the Government of Iran

An indictment was returned today charging Ahmadreza Mohammadi-Doostdar, 38, a dual U.S.-Iranian citizen, and Majid Ghorbani, 59, an Iranian citizen and resident of California, with allegedly acting on behalf of the government of the Islamic Republic of Iran by conducting covert surveillance of Israeli and Jewish facilities in the United States, and collecting identifying information about American citizens and U.S. nationals who are members of the group Mujahedin-e Khalq (MEK).

mujahedin-e-khalq

Indictment for Ghorbani

Indictment for Doostdar

The charges were announced by Assistant Attorney General for National Security John Demers, U.S. Attorney Jessie K. Liu for the District of Columbia, and Acting Executive Assistant Director Michael McGarrity of the FBI’s National Security Branch.

“The National Security Division is committed to protecting the United States from individuals within our country who unlawfully act on behalf of hostile foreign nations,” said Assistant Attorney General Demers.  “Doostdar and Ghorbani are alleged to have acted on behalf of Iran, including by conducting surveillance of political opponents and engaging in other activities that could put Americans at risk.  With their arrest and these charges, we are seeking to hold the defendants accountable.”

“This indictment demonstrates the commitment of the Department of Justice to hold accountable agents of foreign governments who act illegally within the United States, especially where those agents are conducting surveillance of individuals and Constitutionally-protected activities in this country,” said Jessie K. Liu, United States Attorney for the District of Columbia.

“This alleged activity demonstrates a continued interest in targeting the United States, as well as potential opposition groups located in the United States,” said Acting Executive Assistant Director McGarrity. “The FBI will continue to identify and disrupt those individuals who seek to engage in unlawful activity, on behalf of Iran, on US soil.”

The indictment charged Doostdar and Ghorbani with knowingly acting as agents of the government of Iran without prior notification to the Attorney General, providing services to Iran in violation of U.S. sanctions, and conspiracy.  Both defendants were arrested on Aug. 9, pursuant to criminal complaints issued by the U.S. District Court for the District of Columbia.  Those complaints were unsealed today.

According to the indictment, in or about July 2017, Doostdar traveled to the United States from Iran in order to collect intelligence information about entities and individuals considered by the government of Iran to be enemies of that regime, including Israeli and Jewish interests, and individuals associated with the MEK, a group that advocates the overthrow of the current Iranian government.

On or about July 21, 2017, Doostdar is alleged to have conducted surveillance of the Rohr Chabad House, a Jewish institution located in Chicago, including photographing the security features surrounding the facility.

On or about Sept. 20, 2017, Ghorbani is alleged to have attended a MEK rally in New York City, during which he photographed individuals participating in the protest against the current Iranian regime.  In or about December 2017, Doostdar returned to the United States from Iran and made contact with Ghorbani in the Los Angeles area.  During the meeting, Doostdar paid Ghorbani approximately $2,000 in cash and Ghorbani delivered to him 28 photographs taken at the September 2017 MEK rally, many of which contained hand-written annotations identifying the individuals who appeared in the photos.  These photographs, along with a hand-written receipt for $2000, were found concealed in Doostdar’s luggage as he transited a U.S. airport on his return to Iran in December 2017.

The indictment also alleges that Ghorbani traveled to Iran in or about March 2018, after informing Doostdar that he would be going to Iran to conduct an “in-person briefing.”  Thereafter, on or about May 4, Ghorbani attended the MEK-affiliated 2018 Iran Freedom Convention for Human Rights in Washington, D.C.  During the course of the conference, Ghorbani appeared to photograph certain speakers and attendees, which included delegations from across the United States.  On May 14, Doostdar called Ghorbani to discuss clandestine methods Ghorbani should use in order to provide this information to Iran.

Ghorbani is scheduled to appear for a detention hearing in the U.S. District Court for the District of Columbia at 9:30 a.m. on Tuesday, Aug. 21, before the Honorable G. Michael Harvey.

The charges in an indictment are merely allegations, and every defendant is presumed innocent unless and until proven guilty beyond a reasonable doubt.  The maximum penalty for conspiracy is five years; the maximum penalty for acting as an agent of a foreign power is ten years; and the maximum penalty for a violation of the International Emergency Economic Powers Act is 20 years.  The maximum statutory sentence is prescribed by Congress and is provided here for informational purposes.  If convicted of any offense, a defendant’s sentence will be determined by the court based on the advisory Sentencing Guidelines and other statutory factors.

The investigation into this matter was conducted by the FBI’s Washington Field Office and Los Angeles Field Office. The case is being prosecuted by the National Security Section of the U.S. Attorney’s Office for the District of Columbia and the Counterintelligence and Export Control Section of the National Security Division of the Department of Justice.

 

Turkey is Holding Pastor Brunson Because of a Bank

Posted on by

Pastor Andrew Brunson faces life in prison in Turkey for fraudulent charges of supporting a terror organization and political espionage. Brunson has lived in Turkey for 23 years. He even filed an application to renew his visa application in October of 2016. More details here.

Meanwhile, as the Turkish currency tanked due to sanctions and trade issues, the lira value held for about a week until investors got in the game due to interest and enticements by the Turkish Finance Minister and President Erdogan.

So, what is the reason for detaining and the charges on the Pastor? Seems, Erdogan is using the Pastor as a tool for two reasons. One includes an anti-Erdogan activist that has lived in the United States 1999. He was/is a preacher himself and has an estimate 5 million followers. Erdogan included Gulen as one of the reasons for the attempted/alleged coup.

But the other reason is Iran. Seems Eli Lake an investigative journalist understands it better than all the rest. Why? During the Obama administration, nothing else mattered but to get an Iran nuclear deal. Those rogue governments, foreign leaders and financial institutions helping Iran evade sanctions were purposely ignored and overlooked by the Obama White House.

It was last week that the Erdogan government made an offer to the United States to release Pastor Brunson if the United States would drop charges and the investigation of the Halkbank.

President Trump gave Turkey an answer….NO.

The Trump administration rebuffed Turkey’s offer to release detained American pastor Andrew Brunson if the U.S. halts the investigation into Turkish bank Halkbank, The Wall Street Journal reported Sunday.

The Turkish government agreed to drop terrorism charges against the pastor in exchange of the U.S. government dropping fines totaling billions of dollars against the bank. A senior White House official said the offer was rejected.

Image result for Mehmet Hakan Atilla

So, there is this bank and the gold. Happened earlier this year, stemming from a 2012-2013 case:

Mehmet Hakan Atilla, an executive at Turkey’s majority state-owned Halkbank (HALKB.IS), was convicted on five of six counts he faced, including bank fraud and conspiracy to violate U.S. sanctions law, in Manhattan federal court.

Image result for Mehmet Hakan Atilla photo

Atilla was also found not guilty on a money laundering charge.

Prosecutors had accused Atilla of conspiring with gold trader Reza Zarrab and others to help Iran escape sanctions using fraudulent gold and food transactions. Zarrab pleaded guilty and testified for the prosecutors.

In several days on the witness stand, Zarrab had described a sprawling scheme that he said included bribes to Turkish government officials and was carried out with the blessing of current President Tayyip Erdogan.

Halkbank had no immediate comment. Attempts to reach Erdogan’s spokesman for comment on the allegations at the trial have been unsuccessful. Erdogan has publicly dismissed the case as a politically motivated attack on his government.

U.S. prosecutors have criminally charged nine people, though only Zarrab, 34, and Atilla, 47, have been arrested by U.S. authorities.

BANKERS’ CHOICE

“Foreign banks and bankers have a choice: you can choose willfully to help Iran and other sanctioned nations evade U.S. law, or you can choose to be part of the international banking community transacting in U.S. dollars,” Joon Kim, the acting U.S. Attorney in Manhattan, said in a statement after the verdict was read. “But you can’t do both.”

In December of 2017, the Turkish Justice Minister Abdulhamit Gul demanded in a letter to U.S. Attorney General Jeff Sessions that Korkmaz be returned to Turkey, calling him “a fugitive, a terror suspect facing serious allegations.”

The Turkish government has said that followers of the U.S.-based cleric Fethullah Gulen were behind both the Turkish investigation and the U.S. case, as well as the 2016 failed coup in Turkey. Gulen has denied the accusations. More here.

 

 

Trouble Ahead After DPRK’s FM Visit to Tehran

Posted on by

So, it appears there is more to the teaming up between Tehran and Pyongyang.

The Iranian President Rouhani told the North Korean Foreign Minister in a recent confab to NOT trust the United States.

Meanwhile, SecState, Mike Pompeo issued a proposal to North Korea calling for a timeline Pompeo that would mandate North Korea hand over 60 to 70 percent of its nuclear warheads to a third party within six to eight months, according to the report.

North Korea has reportedly rejected a formal timeline for its denuclearization proposed by Secretary of State Mike Pompeo.

Vox reported Wednesday that Pyongyang has rejected the timeline several times over the past two months amid continued negotiations over North Korea’s nuclear program.

The timeline Pompeo proposed would mandate North Korea hand over 60 to 70 percent of its nuclear warheads to a third party within six to eight months, according to the report.

However, it is unclear how many warheads North Korean leader Kim Jong Un has, making it difficult to verify that Pyongyang has actually turned over an agreed-upon percentage.

Trump administration officials in recent weeks have expressed frustration with North Korea’s efforts to denuclearize despite President Trump hailing his June summit with Kim in Singapore as a success.

“The ultimate timeline for denuclearization will be set by Chairman Kim, at least in part,” Pompeo told Channel NewsAsia in an interview last week.

“The decision is his. He made a commitment, and we’re very hopeful that over the coming weeks and months we can make substantial progress towards that and put the North Korean people on a trajectory towards a brighter future very quickly.”

White House national security adviser John Bolton told Fox News on Tuesday that “North Korea that has not taken the steps we feel are necessary to denuclearize.”

Iran fires attack on Trump as it tells North Korea: ‘US ... photo

Then we have yet another emerging hacking warning from CERT.

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have identified a Trojan malware variant—referred to as KEYMARBLE—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

US-CERT encourages users and administrators to review Malware Analysis Report (MAR) MAR-10135536-17 and the US-CERT page on HIDDEN COBRA – North Korean Malicious Cyber Activity for more information.

Not to leave out Iran’s cyber attack warnings.

Iranian hackers have laid the groundwork to carry out extensive cyber attacks against private U.S. and European companies, U.S. officials warn, according to NBC News. Although experts don’t believe any such attack is imminent, the preparations could enable denial-of-service attacks on infrastructure including electric grids and water plants, plus health care and technology companies across the U.S., Europe, and Middle East, say U.S. officials at the 2018 Aspen Security Forum.

A spokesperson for the Iranian mission to the United Nations, Alireza Miryousefi, told NBC News that the U.S. is more aggressive in terms of cyber attacks, and Iran’s moves are merely defensive.

***

As sanctions reimposed in response to its nuclear program begin to bite, Iran seems poised to follow the trail North Korea blazed in cyberspace: state-directed hacking that aims at direct theft to redress economic pain. Accenture researchers have been tracking ransomware strains, many of them requiring payment in Bitcoin or other cryptocurrencies, and they’ve concluded that they represent an incipient Iranian campaign against targets of opportunity that offer the prospect of quick financial gain. Tehran’s state-directed hackers have a reputation as being relatively less sophisticated than those run by Russia and China (and indeed those run by major Western powers, the Five Eyes and their closest friends) but they also have a reputation as determined fast-learners.

CCN: As the US gets ready to impose sanctions on Iran, hackers in that country are working on ransomware to secure bitcoin, according to cybersecurity experts interviewed by The Wall Street Journal.

Accenture PLC’s cybersecurity intelligence group has followed five Iranian built ransomware variations in the last two years. The hackers are hoping to secure payments in cryptocurrencies, according to Jim Guinn, who oversees the industrial cybersecurity business at Accenture.

Several clues link the ransomware to Iran. Samples include messages in Farsi that are connected to Iran based computers.

A recent Accenture report noted the ransomware could be driven by Iranian government supported parties, criminals, or both.

Scourge Continues

Ransomware has plagued both businesses and governments for years, having disabled payment systems at the San Francisco Municipal Transportation Agency, U.K hospitals and cargo shipments. Government supported hackers in some instances have obtained cryptocurrency payments from victims.

One variant of ransomware that iDefense discovered has been linked to Iran’s government, according to CrowdStrike Inc., another cybersecurity firm. The software, called Tyrant, was developed to discourage Iranian citizens from downloading software designed to discourage government snooping, CrowdStrike noted.

Palo Alto Networks Inc. and Symantec Corp. issued reports last month that described a pair of data stealing operations connected to Iran.

Crypto Mining Linked To Iran

Crypto mining software, which robs computers of their processing power to mine cryptocurrencies, has also been linked to Iran.

Accenture cited crypto mining software installed on Middle Eastern customer networks equipped with digital clues to Iran.

Crypto mining software has created problems in gas and oil facilities in the Middle East, Guinn said. He estimated millions of dollars of compute cycles have been stolen in the last year.

Iran Denies Culpability

Iran has claimed it has not been involved in cyber attacks, and that it has been a hacking victim.

A cyber attack called Stuxnet initiated by the U.S. and Israel about a decade ago disabled uranium-enrichment centrifuges for Iran’s nuclear program. Iran has since focused on enhancing its own cyber capabilities, according to government officials and security researchers.

Keith Alexander, chief executive of IronNet Cybersecurity Inc. and former director of the U.S. Cyber Command and the National Security Agency said crypto mining and theft is a way for cash-strapped countries to make fast profits.

Guinn said hackers have also stolen intellectual property.

Iran’s Boiling Point, About to Get Worse

Posted on by

For 6 days in a row, demonstrators against the Iran regime are demanding regime change. There is hardly any gas for 6000 bus drivers in Tehran. There are curfews, people being shot while others are being arrested. The country currency, the rial has continued to plunge in value and food is being rationed.

After passing a 90-day mark on Aug. 6, the following sanctions will snap back on Iran, according to the Treasury Department:

  • Sanctions on Iran buying or acquiring U.S. dollars
  • Sanctions on Iran trading gold and other precious metals
  • Sanctions on Iran’s sale, supply or trade of metals such as aluminum and steel, as well as graphite, coal and certain software for “integrating industrial processes”
  • Sanctions on “significant” sales or purchases of Iranian rials, or the maintenance of significant funds or accounts outside the country using Iranian rials
  • Sanctions on issuing Iranian debt
  • Iranian auto sanctions

The U.S. will also revoke certain permissions, granted to Iran under the deal, on Aug. 6. These include halting Iran’s ability to export its carpets and foods into the U.S., as well as ending certain licensing-related transactions.

At the end of the 180-day interval on Nov. 4, another set of sanctions will once again be clamped down on Iran:

  • Sanctions on Iran’s ports, as well as the country’s shipping and shipping sectors
  • Sanctions on buying petroleum and petrochemical products with a number of Iranian oil companies
  • Sanctions on foreign financial institutions transacting with the Central Bank of Iran and other Iranian financial institutions
  • Sanctions on the provision of certain financial messaging services to Iran’s central bank and other Iranian financial institutions
  • Sanctions on the provision of underwriting services, insurance, or reinsurance
  • Sanctions on Iran’s energy sector

The following day, on Nov. 5, the Trump administration will disallow U.S.-owned foreign entities from being allowed to engage in certain transactions with Iran. Sanctions on certain Iranian individuals will also be re-imposed on Nov. 5.

Read the Treasury’s full guide to the re-imposition of Iran nuclear deal sanctions here.

Meanwhile:

LONDON/ANKARA(Reuters) – An English court has cleared the way to consider whether it will allow the families of some of those killed in the Sept. 11, 2001 attacks on the United States to make a claim on Iranian assets in Britain.

The relatives want the English High Court to enforce a 2012 decision by a U.S. court which found there was evidence to show that Iran provided “material support and resources to al Qaeda for acts of terrorism”. The militant group carried out the attacks.

The New York court awarded the plaintiffs damages of over $7 billion. Iran denies any links to Al Qaeda or any involvement in the 9/11 attacks.

If the English court agrees to enforce the ruling, it could clear the way for assets in England and Wales to be frozen or seized. Iranian assets in England include a central London building and funds held by two subsidiaries of state-owned banks. This could add to Tehran’s troubles as it tries to stave off a financial crisis.

The June 8 ruling by a judge after a hearing in the English High Court removed an obstacle that was holding up the process.

The law requires the UK’s Foreign Office (FCO) to formally serve the legal papers to Iran’s Ministry of Foreign Affairs (MFA) before the enforcement proceedings can begin. A British official said it was routinely difficult to deliver papers to the MFA, according to FCO correspondence seen by Reuters. An FCO official declined to comment.

The judge ruled it was sufficient to try to notify them through other communication such as email or post.

That decision has unblocked the process. The plaintiffs will now ask a judge at the High Court in the next few months to consider whether the New York ruling can be entered as a judgment in English law, said their lawyer Natasha Harrison, a partner at the London office of Boies Schiller Flexner. The judgment could then be enforced, she said. This would mean assets could be frozen or seized.

An Iranian official said: “Iran will take all the necessary measures to stop it.”

An Iranian foreign ministry official said the June ruling was “fabricated” and “politically motivated”.

U.S. is on the Offensive, Espionage and Cyber

Posted on by

In the last few weeks, there was the Aspen Security Forum, a 3 day event. Then there was a DNI report. Then came 2 separate nationwide conference calls hosted by CERT, the cyber division of DHS.

A remarkable White House press briefing included the heads of intelligence agencies explaining the condition of cyber/espionage and the countermeasures against Russia.

Then there is the military side, a division frankly not well known, the Defense Security Services.

 

See the whole 2 page release here.

 

 

 

 

 

 

 

 

 

 

And there is more:

FBI Releases Article on Securing the Internet of Things

The Federal Bureau of Investigation (FBI) has released an article on the risks associated with internet-connected devices, commonly referred to as the Internet of Things (IoT). FBI warns that cyber threat actors can use unsecured IoT devices as proxies to anonymously pursue malicious cyber activities.

As our reliance on IoT becomes an important part of everyday life, being aware of the associated risks is a key part of keeping your information and devices secure. NCCIC encourages users and administrators to review the FBI article for more information and refer to the NCCIC Tip Securing the Internet of Things.

*** IOT?

The internet of things, at its simplest level, is a network of smart devices – from refrigerators that warn you when you’re out of milk to industrial sensors – that are connected to the internet so they can share data, but IoT is far from a simple challenge for IT departments.

Related reading: Five IoT Predictions For 2019

For many companies, it represents a vast influx of new devices, many of which are difficult to secure and manage. It’s comparable to the advent of BYOD, except the new gizmos are potentially more difficult to secure, aren’t all running one of three or four basic operating systems, and there are already more of them.

A lot more, in fact – IDC research says that there are around 13 billion connected devices in use worldwide already, and that that number could expand to 30 billion within the next three years. (There were less than 4 billion smartphone subscriptions active around the world in Ericsson’s most recent Mobility Report.)

With a huge number of companies “doing IoT” – most big-name tech companies, including Google, Microsoft, Apple, Cisco, Intel, and IBM have various types of IoT play – all working to bring as many users as possible into their respective ecosystems, motivation to make sure IoT systems and devices from different companies all work with each other is sometimes lacking.

Internet of Things photo

The problem, of course, is that nobody’s willing to give up on the idea of their own ecosystem becoming a widely accepted standard – think of the benefits to the company whose system wins out! – and so the biggest players in the space focus on their own systems and development of more open technologies lags behind. More here.