After Trump’s Saudi Arabia Speech, Iran Responds

Posted on May 25, 2017May 25, 2017 by Denise Simon

After President Trump delivered his speech in Saudi Arabia that included harsh words, rightly so regarding Iran, it was predicted by the owner of this site that Tehran would respond. Responses are beginning to surface and militant operations are probable.

Primer:

Iran’s Motivations for Supporting Terrorist and Militant Groups

In part from Byman: Iran has supported terrorist and militant groups in the Islamic world since the 1979 revolution. In his 2016 testimony, Director of National Intelligence (DNI) James Clapper warned: “Iran—the foremost state sponsor of terrorism—continues to exert its influence in regional crises in the Middle East through the Islamic Revolutionary Guard Corps—Qods Force (IRGC-QF), its terrorist partner Lebanese Hizballah, and proxy groups” – an assessment that has stayed roughly constant for many years.

Iran has long sought to “try hard to export our revolution to the world,” in the words of Ayatollah Khomeini, the clerical regime’s dominant revolutionary leader. This goal is embedded in Iran’s constitution and in the missions of organizations such as the Islamic Revolutionary Guard Corps (IRGC), a military and paramilitary organization that oversees Iran’s relationships with many substate groups. More here.

*** ArmControl.org

Iranian President: ‘We Need Missiles’ to Confront Trump Admin, Enemies
Recently re-elected Rouhani takes aim at Trump administration as Congress passes new sanctions

Recently re-elected Iranian President Hassan Rouhani lashed out at the Trump administration this week, describing it as ignorant and saying that Iran “needs missiles” to confront the United States and its allies, according to recent remarks certain to rile leaders in Washington, D.C.

Just days after President Donald Trump blasted the Islamic Republic for its illicit ballistic missile program and support of terrorism in the Middle East, Rouhani confirmed that Iran would not cease its missile activity, despite repeated calls by U.S. officials.

“We need missiles and the enemy should know that we make everything we need and we don’t pay an iota of attention to your words,” Rouhani was quoted as saying on Wednesday during a meeting with Iranian cabinet members. “The remarks by the enemies of the Iranian nation against Iran’s missile power are out of ignorance.”

The Iranian leaders remarks support recent comments by senior military leaders in the country, who have repeatedly declared that Iran will “never stop” developing ballistic missiles, a program that has raised concerns with the U.S. intelligence community, which assesses that Iran’s missile program could be used to carry a nuclear weapon.

The remarks came as Iran announced the construction of a third underground ballistic missile production factory, helmed by Iran’s Revolutionary Guard Corps, or IRGC.

Iranian General Amir Ali Hajizadeh, and IRGC leader, said the factory is meant to boosts Tehran’s “missile power” and intimidate the United States and “Zionist regime,” or Israel.

“We will increase our missile power. Our enemies, the United States, and the Zionist regime (Israel) are naturally upset and get angry at our missile production, tests and underground missile facilities because they want Iran to be in a weak position,” Hajizadeh announced on Thursday.

The facility was built in the last few years, according to the IRGC. Iranian military leaders also are working on building Iran’s first “ground-to-ground” ballistic missile.

Iran’s repeated test firing of ballistic missiles, as well as its multiple space launches—which are believed to be cover for an intercontinental ballistic missile program—have riled the Trump administration and leaders of both parties on Capitol Hill.

A bipartisan delegation of nearly 50 senators announced on Thursday that it is moving forward with new legislation to increase economic sanctions on Iran as a result of its missile program, as well as the Islamic Republic’s support for terrorism and illegal weapons trade.

Sen. Robert Menendez (D., N.J.), a chief sponsor of the legislation, said that it is part of a larger effort to ensure that “Iran’s leaders understand they do not enjoy blanket impunity as the United States continues to live up to its commitments under the” nuclear agreement.

“Independent of the nuclear portfolio, and as President Rouhani starts his second presidential term, our broader policy towards Iran must be one that holds Tehran accountable for their destabilizing efforts in the region, illegal and dangerous missile technology development, and nefarious activities as the world’s leading sponsor of terrorism,” Menendez said. “As the administration continues to review its Iran policy, Congress must set out clear markers that impose real consequences to Iran’s illicit behavior that runs counter to our national security and that of our allies in the region.”

The legislation would impose mandatory sanctions on all individuals associated with Iran’s ballistic missile program, as well as those who perform transactions with them.

Sanctions also would be applied to those who support Iran’s terror operations, including the IRGC, which is not currently designated as a terror organization by the United States.

The legislation also requires President Trump to block the property of all individuals and entities involved in supplying, selling, and transferring prohibited arms and other weaponry to Iran.

A State Department official, speaking on background, told the Washington Free Beacon that the Trump administration is moving closer to finishing its comprehensive review of the Iran deal and dealing with Iran’s provocative actions in the region.

“As Secretary [Rex] Tillerson said, the Trump administration is currently conducting a comprehensive review of our Iran policy,” the official said. “Once we have finalized our conclusions, we will meet the challenges Iran poses with clarity and conviction.”

One veteran foreign policy adviser who is close to the White House told the Free Beacon that the Trump administration would not stand by as Iranian leaders mock and threaten the United States.

“The Obama administration treated the Iranians with kid gloves because that was to get the nuclear deal,” the source said. “That ended last January but the Iranians are still acting as if they have a friend in the White House. They threaten and mock the United States, our leaders, and our allies, and they expect us to roll with it. This president is not going to roll with it, and neither is Congress.”

Meanwhile, senior Iranian military leaders continue to criticize the Trump administration for its efforts to stop Iran’s missile program.

Iranian Armed Forces Brigadier General Massoud Jazzayeri offered harsh words for Secretary of State Tillerson following his call for Iran to cease its ballistic missile work.

“The U.S. secretary of state’s expectations of the Iranian president indicate the U.S. officials’ non-understanding of the Islamic Republic of Iran,” Jazzayeri was quoted as saying in the country’s state-controlled press.

2010: Remember When Obama Pulled U.S. Spies From China

Posted on May 22, 2017May 22, 2017 by Denise Simon

Of course you don’t, one had to be quite the investigator of journalism to know it much less remember it.

So….why you ask? Hold on….there is a pattern and story here.

Image result for u.s. spies in china Image result for trump with jinping

2010: The White House National Security Council recently directed U.S. spy agencies to lower the priority placed on intelligence collection for China, amid opposition to the policy change from senior intelligence leaders who feared it would hamper efforts to obtain secrets about Beijing’s military and its cyber-attacks.

The downgrading of intelligence gathering on China was challenged by Director of National Intelligence Dennis C. Blair and CIA Director Leon E. Panetta after it was first proposed in interagency memorandums in October, current and former intelligence officials said.

The decision downgrades China from “Priority 1” status, alongside Iran and North Korea, to “Priority 2,” which covers specific events such as the humanitarian crisis after the Haitian earthquake or tensions between India and Pakistan.

The National Security Council staff, in response, pressed ahead with the change and sought to assure Mr. Blair and other intelligence chiefs that the change would not affect the allocation of resources for spying on China or the urgency of focusing on Chinese spying targets, the officials told The Washington Times.

White House National Security Council officials declined to comment on the intelligence issue. Mike Birmingham, a spokesman for Mr. Blair, declined to comment. A CIA spokesman also declined to comment.

*** Image result for u.s. spies in china Cyberwarzone

Directors of CIA in that time frame:

Leon Panetta 2010

Mike Morrell (acting) 2011

David Petraeus 2011

Mike Morrell (acting) 2012

John Brennan 2013

Mike Pompeo, current director

***

Killing C.I.A. Informants, China Crippled U.S. Spying Operations

NYT/WASHINGTON — The Chinese government systematically dismantled C.I.A. spying operations in the country starting in 2010, killing or imprisoning more than a dozen sources over two years and crippling intelligence gathering there for years afterward.

Current and former American officials described the intelligence breach as one of the worst in decades. It set off a scramble in Washington’s intelligence and law enforcement agencies to contain the fallout, but investigators were bitterly divided over the cause. Some were convinced that a mole within the C.I.A. had betrayed the United States. Others believed that the Chinese had hacked the covert system the C.I.A. used to communicate with its foreign sources. Years later, that debate remains unresolved.

But there was no disagreement about the damage. From the final weeks of 2010 through the end of 2012, according to former American officials, the Chinese killed at least a dozen of the C.I.A.’s sources. According to three of the officials, one was shot in front of his colleagues in the courtyard of a government building — a message to others who might have been working for the C.I.A.

Still others were put in jail. All told, the Chinese killed or imprisoned 18 to 20 of the C.I.A.’s sources in China, according to two former senior American officials, effectively unraveling a network that had taken years to build.

Assessing the fallout from an exposed spy operation can be difficult, but the episode was considered particularly damaging. The number of American assets lost in China, officials said, rivaled those lost in the Soviet Union and Russia during the betrayals of both Aldrich Ames and Robert Hanssen, formerly of the C.I.A. and the F.B.I., who divulged intelligence operations to Moscow for years.

The previously unreported episode shows how successful the Chinese were in disrupting American spying efforts and stealing secrets years before a well-publicized breach in 2015 gave Beijing access to thousands of government personnel records, including intelligence contractors. The C.I.A. considers spying in China one of its top priorities, but the country’s extensive security apparatus makes it exceptionally hard for Western spy services to develop sources there.

At a time when the C.I.A. is trying to figure out how some of its most sensitive documents were leaked onto the internet two months ago by WikiLeaks, and the F.B.I. investigates possible ties between President Trump’s campaign and Russia, the unsettled nature of the China investigation demonstrates the difficulty of conducting counterespionage investigations into sophisticated spy services like those in Russia and China.

The C.I.A. and the F.B.I. both declined to comment.

Details about the investigation have been tightly held. Ten current and former American officials described the investigation on the condition of anonymity because they did not want to be identified discussing the information.

Investigators still disagree how it happened, but the unsettled nature of the China investigation demonstrates the difficulty of conducting counterespionage investigations into sophisticated spy services. Credit Carolyn Kaster/Associated Press..Photo by: Carolyn Kaster/Associated Press..

The first signs of trouble emerged in 2010. At the time, the quality of the C.I.A.’s information about the inner workings of the Chinese government was the best it had been for years, the result of recruiting sources deep inside the bureaucracy in Beijing, four former officials said. Some were Chinese nationals who the C.I.A. believed had become disillusioned with the Chinese government’s corruption.

But by the end of the year, the flow of information began to dry up. By early 2011, senior agency officers realized they had a problem: Assets in China, one of their most precious resources, were disappearing.

The F.B.I. and the C.I.A. opened a joint investigation run by top counterintelligence officials at both agencies. Working out of a secret office in Northern Virginia, they began analyzing every operation being run in Beijing. One former senior American official said the investigation had been code-named Honey Badger.

As more and more sources vanished, the operation took on increased urgency. Nearly every employee at the American Embassy was scrutinized, no matter how high ranking. Some investigators believed the Chinese had cracked the encrypted method that the C.I.A. used to communicate with its assets. Others suspected a traitor in the C.I.A., a theory that agency officials were at first reluctant to embrace — and that some in both agencies still do not believe.

Their debates were punctuated with macabre phone calls — “We lost another one” — and urgent questions from the Obama administration wondering why intelligence about the Chinese had slowed.

The mole hunt eventually zeroed in on a former agency operative who had worked in the C.I.A.’s division overseeing China, believing he was most likely responsible for the crippling disclosures. But efforts to gather enough evidence to arrest him failed, and he is now living in another Asian country, current and former officials said.

There was good reason to suspect an insider, some former officials say. Around that time, Chinese spies compromised National Security Agency surveillance in Taiwan — an island Beijing claims is part of China — by infiltrating Taiwanese intelligence, an American partner, according to two former officials. And the C.I.A. had discovered Chinese operatives in the agency’s hiring pipeline, according to officials and court documents.

But the C.I.A.’s top spy hunter, Mark Kelton, resisted the mole theory, at least initially, former officials say. Mr. Kelton had been close friends with Brian J. Kelley, a C.I.A. officer who in the 1990s was wrongly suspected by the F.B.I. of being a Russian spy. The real traitor, it turned out, was Mr. Hanssen. Mr. Kelton often mentioned Mr. Kelley’s mistreatment in meetings during the China episode, former colleagues say, and said he would not accuse someone without ironclad evidence.

Those who rejected the mole theory attributed the losses to sloppy American tradecraft at a time when the Chinese were becoming better at monitoring American espionage activities in the country. Some F.B.I. agents became convinced that C.I.A. handlers in Beijing too often traveled the same routes to the same meeting points, which would have helped China’s vast surveillance network identify the spies in its midst.

Some officers met their sources at a restaurant where Chinese agents had planted listening devices, former officials said, and even the waiters worked for Chinese intelligence.

This carelessness, coupled with the possibility that the Chinese had hacked the covert communications channel, would explain many, if not all, of the disappearances and deaths, some former officials said. Some in the agency, particularly those who had helped build the spy network, resisted this theory and believed they had been caught in the middle of a turf war within the C.I.A.

Still, the Chinese picked off more and more of the agency’s spies, continuing through 2011 and into 2012. As investigators narrowed the list of suspects with access to the information, they started focusing on a Chinese-American who had left the C.I.A. shortly before the intelligence losses began. Some investigators believed he had become disgruntled and had begun spying for China. One official said the man had access to the identities of C.I.A. informants and fit all the indicators on a matrix used to identify espionage threats.

After leaving the C.I.A., the man decided to remain in Asia with his family and pursue a business opportunity, which some officials suspect that Chinese intelligence agents had arranged.

Officials said the F.B.I. and the C.I.A. lured the man back to the United States around 2012 with a ruse about a possible contract with the agency, an arrangement common among former officers. Agents questioned the man, asking why he had decided to stay in Asia, concerned that he possessed a number of secrets that would be valuable to the Chinese. It’s not clear whether agents confronted the man about whether he had spied for China.

The man defended his reasons for living in Asia and did not admit any wrongdoing, an official said. He then returned to Asia.

By 2013, the F.B.I. and the C.I.A. concluded that China’s success in identifying C.I.A. agents had been blunted — it is not clear how — but the damage had been done.

The C.I.A. has tried to rebuild its network of spies in China, officials said, an expensive and time-consuming effort led at one time by the former chief of the East Asia Division. A former intelligence official said the former chief was particularly bitter because he had worked with the suspected mole and recruited some of the spies in China who were ultimately executed.

China has been particularly aggressive in its espionage in recent years, beyond the breach of the Office of Personnel Management records in 2015, American officials said. Last year, an F.B.I. employee pleaded guilty to acting as a Chinese agent for years, passing sensitive technology information to Beijing in exchange for cash, lavish hotel rooms during foreign travel and prostitutes.

In March, prosecutors announced the arrest of a longtime State Department employee, Candace Marie Claiborne, accused of lying to investigators about her contacts with Chinese officials. According to the criminal complaint against Ms. Claiborne, who pleaded not guilty, Chinese agents wired cash into her bank account and showered her with gifts that included an iPhone, a laptop and tuition at a Chinese fashion school. In addition, according to the complaint, she received a fully furnished apartment and a stipend.

*** Just to be sure China had a real handle on all CIA operatives in country, what came next? The OPM hack, remember that one?

Enter China’s Unit 61398

The program used by China:

In part from Wired: The US-CERT team moved into OPM’s sub-basement and among the first moves was to analyze the malware that Saulsbury had found attached to mcutil.dll. The program turned out to be one they knew well: a variant of PlugX, a remote-access tool commonly deployed by Chinese-speaking hacking units. The tool has also shown up on computers used by foes of China’s government, including activists in Hong Kong and Tibet. The malware’s code is always slightly tweaked between attacks so firewalls can’t recognize it.

By Tuesday the 21st, having churned through a string of nearly sleepless days and nights, the investigators felt satisfied that they’d done their due diligence. Their scans had identified over 2,000 individual pieces of malware that were unrelated to the attack in question (everything from routine adware to dormant viruses). The PlugX variant they were seeking to annihilate was present on fewer than 10 OPM machines; unfortunately, some of those machines were pivotal to the entire network. “The big one was what we call the jumpbox,” Mejeur says. “That’s the administrative server that’s used to log in to all the other servers. And it’s got malware on it. That is an ‘Oh feces’ moment.”

By controlling the jumpbox, the attackers had gained access to every nook and cranny of OPM’s digital terrain. The investigators wondered whether the APT had pulled off that impressive feat with the aid of the system blueprints stolen in the breach discovered in March 2014. If that were the case, then the hackers had devoted months to laying the groundwork for this attack.

Leaping forward in details:

Once established on the agency’s network, they used trial and error to find the credentials necessary to seed the jumpbox with their PlugX variant. Then, during the long Fourth of July weekend in 2014, when staffing was sure to be light, the hackers began to run a series of commands meant to prepare data for exfiltration. Bundles of records were copied, moved onto drives from which they could be snatched, and chopped up into .zip or .rar files to avoid causing suspicious traffic spikes. The records that the attackers targeted were some of the most sensitive imaginable.

The hackers had first pillaged a massive trove of background-check data. As part of its human resources mission, OPM processes over 2 million background investigations per year, involving everyone from contractors to federal judges. OPM’s digital archives contain roughly 18 million copies of Standard Form 86, a 127-page questionnaire for federal security clearance that includes probing questions about an applicant’s personal finances, past substance abuse, and psychiatric care. The agency also warehouses the data that is gathered on applicants for some of the government’s most secretive jobs. That data can include everything from lie detector results to notes about whether an applicant engages in risky sexual behavior.

The hackers next delved into the complete personnel files of 4.2 million employees, past and present. Then, just weeks before OPM booted them out, they grabbed approximately 5.6 million digital images of government employee fingerprints.

Then comes, a little too late and thin on substance in February 2015:

President Obama Speaks at the White House Summit on Cybersecurity and Consumer Protection

Is all this fix yet? Hah…not even close. Then we need to ask why are we trusting China with North Korea’s nuclear weapons and missile program? Do we have spies in Iran? North Korea? Any new operatives in China?

Scary eh?

President Trump in Saudi Arabia, Joined the Culture

Posted on May 21, 2017May 21, 2017 by Denise Simon

Stephen Miller, Trump’s senior adviser for policy and speechwriter, is the principal aide in charge of writing both the speech on Islam and Trump’s later speech on the future of the North Atlantic Treaty Organization. The speech appeared to be well received, yet there were a few flaws. The word ‘genocide’ should have been included applying it to Jews and Christians. Another persecuted sect is the Yazidi. They are a Kurdish people living chiefly in Iraq, Syria, Armenia, and Georgia and adhering to an ancient monotheistic religion. Calling out Iran, Hezbollah and Hamas was a perfect moment and raising the issue of women’s rights in the region was spot on.

Placing the accountability and responsibility on all Islamic countries to defeat militancy within Islam needed to be said, and Trump repeated this often in his speech.

When it comes to this ‘sword dance’, many questions should be raised. Trump’s speech rightly included the notion that the United States did not come to Saudi Arabia to dictate how to live, who to worship or pass judgment, however, joining in the sword dance was over the top. The State Department and the CIA has Islamic experts that likely told the Trump White House to not participate. Wilbur Ross and Rex Tillerson also joined in. Why was this a screw up? Saudi Arabia, as with other Islamic countries is steeped in history and tradition. This dance is known as Ardha. The nomadic Bedouins (indigenous people of Saudi Arabia) have great influence on Saudi folk music. The music varies in every region, for instance, in the Hijaz, the music of al-sihba combines poetry and songs of Arab Andalusia, while the folk music of Makkah and Madinah incorporates both local and music influences from other Islamic countries.

The national dance, Ardha, is an ancient tradition with its roots in the country’s central area known as the Najd. The Ardha used to be performed before a battle by soldiers and involves singing, dancing with swords and poetry. In summary, the dance and the sword are symbolic to submission to Allah. Hummm, right?

To formally open the new counter terrorism center in Riyadh, leaders touched the glowing light. This project actually began two years ago, about the time the CIA operations were forced out of Yemen and had to relocate in Saudi Arabia. It is a state of the art center.

Image result for counter terrorism center in saudi arabia More here.

The glowing light in the orb is calling to the Madhi to return in the text of the Hadith. “The Mahdi will conquer the world; at that time the world will be illuminated by the light of Allah, and everywhere in which those other than Allah are worshipped will become places where Allah is worshiped; and even if the polytheists do not wish it, the only faith on that day will be the religion of Allah.”

The Mahdi will not be (from any tribe) other than from Quraish. The Caliphate is not (from any tribe) other than from Quraish. However, he has an origin (roots) and kinship in Yemen.” ( Nuaim bin Hammad’s Kitab Al-Fitan, Jalal-uddine AsSuyuti’s Al-Urf Al-Wardi fi Akhbar Al-Mahdi, a part of Al-Hawi li Al-Fatawa)

His name will be Muhammad and his father’s name will be Abdullah. Ibn Masood reported that the Prophet صلى الله عليه وسلم said, “Even if there remains only a day before the World ends, the almighty Allah will greatly prolong that day to send a man from me (my progeny), from members of my House (family). His name will be similar to my name and his father’s name similar to my father’s name.” (Abu Dawud)

Al-Abdal (pious individuals) and those seeking the Mahdi like them will come to him (the Mahdi) from Syria. Al-Nujaba (pious individuals) from the dwellers of Egypt will come to him (the Mahdi). Groups of dwellers from the East and those seeking the Mahdi like them will come until they all gather together in Mecca. So, they will pledge their allegiance to him (the Mahdi) between Al-Rukn (corner of the Ka’ba containing the Black Stone) and Al-Maqam (Place) of (Prophet) Abraham عليه السلام (located on a side of the Ka’ba).

Then, he (the Mahdi) will lead (an army) towards Syria, with (angel) Gabriel at the fore front and (angel) Michael in the middle. The dwellers of Heaven and Earth will be joyful because of him. Water will be plentiful in his country (Syria) and the River (Euphrates) will spread and treasures will be found ( gold or treasures of religious significance ) .

When he (the Mahdi) reaches Syria, he will slay the Sufyani under a tree, the branches of which grow in the direction of Lake Tiberias and he will defeat Kalb (tribe). On that Day (battle) of Kalb, disappointed will be whoever does not get some (of the treasures).”

Cyber-code, Oilrig, Iran hires Russian Hackers

Posted on May 18, 2017May 18, 2017 by Denise Simon

Update and unrelated to OilRig and reported May 18: Russia tried to take over Pentagon Twitter accounts: report

SCMedia: Attacks believed to be Iranian in origin were fended off for more than two weeks in April, but security experts examining the code detected snippets of code from an underground Russian marketplace.

Iranian hackers targeting critical infrastructure

Attacks believed to be Iranian in origin were fended off for more than two weeks in April, but security experts examining the code detected something they’d never seen before: snippets of code baring similarities to a known Russian toolkit available on the underground Russian marketplace.

The code had previously been used in a damaging cyber-attack on the Ukraine’s infrastructure in 2015.

Carl Wright, general manager and executive vice president of worldwide sales at TrapX Security, the San Mateo, California-based security firm that blocked the hackers last month, told an interviewer it was the first time his firm had detected an attack where hackers based in Iran were collaborating with Russian hackers-for-hire, according to an article in the New York Times.

Wright could not reveal the target of the attack owing to a confidentiality arrangement. But other security experts said the attackers could have purchased the Russian toolkit from an online forum and customised it for their campaign.

This hypothesis is countered by TrapX researchers, however, who noted that a number of “web domains used in the attack had been registered to a Russian alias, and that three email addresses continue to be used by a hacker in Russian hacking forums and in the underground web.”

The Iranian attackers behind the latest campaign, dubbed OilRig for their previous attacks on oil companies in Saudi Arabia and Israel, have been expanding their geographical range with hundreds of new attacks targeting a number of military, financial and energy companies in Europe as well as the United States, the Times reported.

Nearly three-quarters of the code employed in the latest campaign was previously used by OilRig in hundreds of attacks on other enterprises, including government agencies and oil companies.

But, as the defences of the newest target became more robust and the attackers evolved their tactics, the security researchers noted new weapons in their arsenal: a typical hacker’s kit, used to siphon out data, such as to steal usernames and passwords; but, more revealing, a tool never before detected in an OilRig campaign.

This was obfuscated with encryption to evade security investigators. After weeks spent decrypting the code, the researchers at TrapX determined that besides code similar to that used by OilRig in prior attacks, the bad actors were employing malware called BlackEnergy, also used previously, specifically by the Russian hackers who attacked the Ukraine power grid. Further, data was being transferred from the target to a server also used in the Ukraine attack.

TrapX lured the miscreants to inject their malware onto a server, which was then analysed by the TrapX team who were able to then shut the attackers out of their client’s system.

Forbes

*** There is more:

Iranian hackers which previously targeted organizations in Saudi Arabia are now targeting organizations in other countries, including the US, as part of a campaign identified as OilRig campaign.

In addition to expanding its reach, the group has been enhancing its malware tools.

Researchers at Palo Alto Networks have been monitoring the group for some time and have

reported observing attacks launched by a threat actor against financial institutions and technology companies in Saudi Arabia and on the Saudi defense industry. This campaign referred to as “ OilRig,” by Palo Alto Networks, entails weaponized Microsoft Excel spreadsheets tracked as

“Clayslide” and a backdoor called “Helminth.” More here.

More: Last month

The Israeli Cyber Defense Authority yesterday announced that it believes Iran was behind the a series of targeted attacks against some 250 individuals between April 19 and 24 in government agencies, high-tech companies, medical organizations, and educational institutions including the renowned Ben-Gurion University. The attackers – whom security experts say are members of the so-called OilRig aka Helix Kitten aka NewsBeef nation-state hacking group in Iran — used stolen email accounts from Ben-Gurion to send their payload to victims.

“This is the largest and most sophisticated attack they’ve [OilRig] ever performed,” says Michael Gorelik, vice president of R&D for Morphisec, who studied the attacks and confirms that the final stage was thwarted for the most part. “It was a major information-gathering [operation],” he says.

OilRig has been rapidly maturing since it kicked off operations around 2015. The attack campaign against Israeli targets employed the just-patched Microsoft CVE-2017-0199 remote code execution vulnerability in the Windows Object Linking and Embedding (OLE) application programming interface. This flaw had been weaponized in attacks prior to the patch, including Dridex banking Trojan and botnet attacks, and in at least one other cyber espionage campaign.

Forbes has more on corporate and individual hack operations in the United States by OilRig including other countries.

Russia’s Move to Own Citgo, Rosneft is Sanctioned

Posted on May 16, 2017May 16, 2017 by Denise Simon

Primer:

From the gasoline that helps your family take vacations to the advanced medical equipment at your community hospital, CITGO is fueling good.

Image result for cities service signs

It’s amazing the difference petroleum-based products make in our everyday lives. Based in Houston, Texas, CITGO is a refiner and marketer of transportation fuels, lubricants, petrochemicals and other industrial products. In addition to these products, there’s probably a CITGO in your neighborhood, a convenient place to fill up with gas and grab a quick snack.

The story of CITGO Petroleum Corporation as an enduring American success story began back in 1910 when pioneer oilman, Henry L. Doherty, created the Cities Service Company.

When Cities Service determined that it needed to change its marketing brand, it introduced the name CITGO in 1965, retaining the first syllable of its long-standing name and ending with “GO” to imply power, energy and progressiveness. The now familiar and enduring CITGO “trimark” logo was born.

Occidental Petroleum bought Cities Service in 1982, and CITGO was incorporated as a wholly owned refining, marketing and transportation subsidiary in the spring of the following year. Then, in August, 1983, CITGO was sold to The Southland Corporation to provide an assured supply of gasoline to Southland’s 7-Eleven convenience store chain.

In September, 1986, Southland sold a 50 percent interest in CITGO to Petróleos de Venezuela, S.A., (PDVSA), the national oil company of the Bolivarian Republic of Venezuela. PDVSA acquired the remaining half of CITGO in January, 1990 and the company is owned by CITGO Holding, Inc., an indirect, wholly owned subsidiary. With a secure and ample supply of crude oil, CITGO quickly became a major force in the energy arena.

Russia To Become Second-Largest Foreign Owner Of U.S. Domestic Refineries, If Venezuela Defaults

Venezuela’s state-owned oil company, Petroleos de Venezuela (PDVSA), has owned Citgo, an American refiner with headquarters in Houston, Texas, since the 1980s. At the end of 2016, cash-strapped Venezuela, in the throes of a combined economic and political crisis,[1] put up a large stake (49.9%) in Citgo as collateral in exchange for a loan from the Russian state-owned oil company Rosneft. Should PDVSA default on the loan, Rosfnet will gain control over Citgo. It is noteworthy that the U.S. imposed sanctions on Rosfnet following Russia’s seizure of Crimea in 2014.

On May 3, a bipartisan group of U.S. Senators introduced a wide-ranging bill calling for sanctions against the Venezuelan government and demanding President Donald Trump to prevent a deal struck by PDVSA and Rosfnet. CBS News reported: “The bill calls for the [U.S.] State Department to coordinate an international response to the crisis in Venezuela… In addition, a section of the bill highlights a Nov. 30 loan given by Russia’s state-owned oil company, Rosneft, to Venezuela’s state-owned oil company PDVSA. The deal would allow the Russian company to take control of nearly half of the U.S. oil company Citgo, which PDVSA owns, if Venezuela defaults on its debts.

“Influential senators from both parties sponsored the bill, including Senators Ben Cardin, D-Md.; Marco Rubio, R-Fla.; John Cornyn, R-TX; Dick Durbin, D-Ill.; John McCain, R-Ariz.; Bill Nelson, D-Fla.; Tim Kaine. D-Va.; Chris Van Hollen, D-Md. and Bob Menendez, D-NJ.”[2]

Earlier, Republican Congressman Jeff Duncan and Democratic Congressman Albio Sires sent a letter to U.S. Secretary of Treasury Steven Mnuchin, asking him to undertake an “immediate review of a recent asset transfer between Venezuela’s state-owned oil company. PDVSA, and Rosneft, which is under U.S. sanctions. The situation, if left unchecked, could severely undermine U.S. national security and energy independence.”[3]

On April 14, the Russian media outlet Vestifinance.ru, published an article titled “Rosneft And Citgo: Risk Or Anti-Russian Hysteria?” The article stated that U.S. lawmakers’ actions against The PDVSA-Rosneft deal are prompted by anti-Russian “hysteria.” Vestifinance.ru wrote: “By an amazing coincidence, a letter to Mnuchin was written just before U.S. Secretary of State Rex Tillerson’s visit to Moscow. And as long as relations between Moscow and Washington are not improved significantly, politicians will keep finding new pretexts to incite fears.”

Below are excerpts from the Vestifinance.ru article:[4]

(Source: Rt.com)

PDVSA Still Owes Russia $62 billion

“PDVSA, the Venezuelan state-owned oil company, has paid off its [Russian] loan along with interest in the amount of $2.2 billion. This is good news as PDVSA avoided a default. However, the Vice President [of Venezuela] Tarik El Aissami characterized the situation as ‘a merciless economic war’ being waged against the Maduro government. The bad news is that PDVSA still owes [Russia] $62 billion.

“It is well-known that some members of the U.S. Congress are quite concerned about a possible default by Venezuela, since Russian-owned Rosneft can then get access to the American company Citgo. Citgo owns 48 oil terminals in 20 U.S. states as well as 3 oil refineries. It is the control of Rosneft over the American refineries that worries lawmakers the most.

“‘The Russian government could readily become the second-largest foreign owner of U.S. domestic refinery capacity. Such a development would give the Russians more control over oil and gas prices worldwide, inhibit U.S. energy security, and undermine broader U.S. geopolitical efforts’, [U.S. congressmen] wrote in a letter to Treasury Secretary Steve Mnuchin. ‘We remain deeply concerned over the implications for U.S. national security.’

How Rosneft Can Take Over CITGO

“Venezuela has been desperate for cash lately. Petroleos de Venezuela (PDVSA), the Venezuelan state-owned oil company, has owned Citgo since the 1980s. In exchange for obtaining a loan from Rosneft in December, the Venezuelan oil company put up a large stake (49.9%) in Citgo as collateral. If PDVSA is unable to pay off the loan on time, Rosneft will almost certainly gain control over Citgo. All Rosneft would need for a majority share would be to buy a few more PDVSA bonds, thus clearing the 50% threshold of ownership.

[Rosneft] Is Not Going To Waste Money For The Illusory Opportunity To Harm The U.S.’

“The concerns expressed by [the U.S] congressmen are rather strange. What exactly is Rosneft going to do with three oil refineries? U.S. politicians believe that the Russian company will be able to take part in a conspiracy that will lead to a restriction of gasoline production, raise gas prices and thus cause damage to the U.S. national security or the American economy. This is plain silly. Even though Rosneft is a state-owned company, its purpose is still making profit, and it is not going to waste money for the illusory opportunity to harm the U.S. And the scenario offered by congressmen has no bearing on reality whatsoever. “Three refineries is a mere drop in the ocean compared to the rest of the U.S. oil assets. Even assuming that production could be reduced at these refineries, this may at most affect one region in the short term, but then other producers will quickly capture the market and stabilize it. And so if Rosneft takes over Citgo, it will simply produce and sell gasoline in the U.S., making money on it, rather than making insane plans to threaten the U.S. national security.

“Reports in the U.S. media treat the lawmakers’ letter with a healthy dose of irony and that is why it is difficult to avoid the conclusion that the congressmen are deliberately trying to incite anti-Russian fears. By an amazing coincidence, a letter to Mnuchin was written just before U.S. Secretary of State Rex Tillerson’s visit to Moscow. And as long as relations between Moscow and Washington are not improved significantly, politicians will keep finding new pretexts to incite fears.

“As far as Venezuela is concerned, yielding control of Citgo is a good way to reduce its debt burden. Most likely, this will happen no later than in the fall of 2017, since there is very little chance its economy will stabilize. Most likely, Venezuela will default and begin to restructure its debt this year. According to the credit-default swaps market, investors estimate the chances of Venezuela’s default in the next six months at 41%. And in March that indicator was below 34%.”

(Source: Latinamericapost.com)

[1] See MEMRI Special Dispatch N. 6903, Russia’s Support For The Venezuelan Regime – An Update, May 2, 2017.

[2] Cbsnews.com, May 3, 2017.

[3] See letter sent by Congressmen Jeff Duncan and Albio Sires.

[4] Vestifinance.ru, April 14, 2017.