Category Archives: Treasury

Locked Shields Versus Iran

Posted on by

Since the death of several Iranian warlords including Qassim Soleimani, the United States has dispatched more military personnel to the Middle East. The Patriot missile batteries scattered in the region including in Bahrain are now at the ready. When it comes to cyber operations inside Iran, little is being discussed as a means of retribution against the United States. Iran does have cyber warfare capabilities and does use them.

It has been mentioned in recent days that President Trump has been quite measured in responding to Iran’s various attacks including striking Saudi oil fields, hitting oil tankers and shooting down one of the drones operated by the United States. In fact, the United States did respond directly after the downing of our drone by inserting an effective cyber-attack against Iran’s weapons systems by targeting the controls of the missile systems.

APT33 phishing Read details from Security Affairs.

Iran has an estimated 100,000 volunteer cyber trained operatives that has been expanding for the last ten years led by the Basij, a paramilitary network. The cyber unit known for controlling the Iranian missile launchers is Sepehr 110 is a large target of the United States and Israel. Iran also mobilizes cyber criminals and proxy networks including another one known as OilRig.

In 2018, the United States charged 9 Iranians (Mabna Hackers) for conducting massive cyber theft, wire fraud and identity theft that affected hundreds of universities, companies and other proprietary entities.

Due to a more global cyber threat by Iran known to collaborate with North Korea, China and Russia, NATO has been quite aggressive in cyber defense operations via the Cooperative Cyber Defense Center of Excellence applying the Locked Shields Program.

Not too be lost in the cyber threat conditions, Iran also uses their cyber team to blast out propaganda using social media platforms. If this sounds quite familiar, it is. The Russian propaganda operations manual is also being used by Iran. The bots and trolls are at work in Europe to keep France, Britain and Germany connected to the Iranian nuclear deal and to maintain trade operations with Iran including diplomatic operations. There are fake Iranian and Russian accounts still today all over Twitter and Facebook for which Europe is slow to respond if at all.

Meet APT33, which the West calls the Iranian hacking crew(s), the other slang name is Elfin. APT33 is not only hacking, but it is performing cyber-espionage as well. There are many outside government organizations researching and decoding Iran’s cyber operations that cooperate with inside U.S. government cyber operations located across the globe that also cooperate with NATO.

Recorded Future is one such non-government pro-active cyber operation working on Iran. These include attributions of cyber attacks by Iran against Saudi Arabia as well as the West by decoding phishing campaigns, relationships, malware and webshells and security breeches.

Recent published results include in part:

Nasr Institute and Kavosh Redux

In our previous report, “Iran’s Hacker Hierarchy Exposed,” we concluded that the exposure of one APT33 contractor, the Nasr Institute, by FireEye in 2017, along with our intelligence on the composition and motivations of the Iranian hacker community, pointed to a tiered structure within Iran’s state-sponsored offensive cyber program. We assessed that many Iranian state-sponsored operations were directed by the Iranian Revolutionary Guard Corps (IRGC) or the Ministry of Intelligence and Security (MOIS).

According to a sensitive Insikt Group source who provided information for previous research, these organizations employed a mid-level tier of ideologically aligned task managers responsible for the compartmentalized tasking of over 50 contracting organizations, who conducted activities such as vulnerability research, exploit development, reconnaissance, and the conducting of network intrusions or attacks. Each of these discrete components, in developing an offensive cyber capability, were purposefully assigned to different contracting groups to protect the integrity of overarching operations and to ensure the IRGC and/or MOIS retained control of operations and mitigated the risk from rogue hackers. Read more here in detail from a published summary of 6 months ago.

GOP War Room v. Pelosi’s Impeachment?

Posted on by

Do the Republicans in both Houses of Congress need to collaborate with the Department of Justice to create a war room to counter the Democrat’s impeachment operation? Yes, and there are several legal and factual avenues to explore. But one in particular is already in play. In fact, it has been in play since at least 2016, long before Former Vice President Joe Biden announced his candidacy for President of the United States.

The Democrats for months have been not only alleging President Trump for inviting a foreign power into our 2020 election process by asking a favor of the Ukraine President. They additionally charge President Trump for publicly asking China for the same thing. Remember, President Trump said in the phone call: can you do US a favor, OUR COUNTRY has been through a lot. That is not a personal favor for President Trump but rather a service to our nation as a whole. Given the decades of rampant corruption in Ukraine and frankly in our own country, you would think the Democrats would want the same favor right when it comes to money-laundering and interference into our election(s).

So, let us go back to that one avenue already in play since 2016 and that is Rosemont Seneca and Bohai Capital.

For example, one of the companies involved in the Henniges transaction was a billion dollar private investment fund called Bohai Harvest RST (BHR). BHR was formed in November of 2013 by a merger between the Chinese-government linked firm, Bohai Capital, and a company named Rosemont Seneca Partners. Rosemont Seneca was reportedly formed in 2009 by Hunter Biden, the son of then-Vice President Joe Biden, Chris Heinz, the stepson of former Secretary of State John Kerry, and others.3The direct involvement of Mr. Hunter Biden and Mr. Heinz in the acquisition of Henniges by the Chinese government creates a potential conflict of interest. Both are directly related to high-ranking Obama administration officials. The Department of State, then under Mr. Kerry’s leadership, is also a CFIUS member and played a direct role in the decision to approve the Henniges transaction. The appearance of potential conflicts in this case is particularly troubling given Mr. Biden’s and Mr. Heinz’s history of investing in and collaborating with Chinese companies, including at least one posing significant national security concerns. This history with China pre and post-dates the 2015 Henniges transaction. For example, in December of 2013, one month after Rosemont Seneca’s merger with Bohai Capital to form BHR, Hunter Biden reportedly flew aboard Air Force Two with his father, then-Vice President Biden to China.4 While in China, he helped arrange for Jonathan Li, CEO of Bohai Capital, to “shake hands” with Vice-President Biden.5 Afterward, Hunter Biden met with Li for reportedly a “social meeting.”6 After the China trip, BHR’s business license was approved.7 In December of 2014, BHR also reportedly became an investor in China General Nuclear Power Corp (CGN), a state-owned energy company involved in building nuclear reactors.8 In April of 2016, the U.S. Department of Justice (DOJ) charged CGN with conspiracy to unlawfully engage and participate in the production and development of special nuclear material outside the United States which could cause “significant damage to our national security.”9 Then, in August of 2015, Gemini Investments Limited, another Chinese-government linked entity, purchased 75 percent of Rosemont Reality, a sister company of Rosemont 3 Seneca.10 Rosemont Realty became Gemini Rosemont and it reportedly focused on purchasing American real estate.11In September 2015, BHR joined with a subsidiary of the Aviation Industry Corporation of China (AVIC) to acquire Henniges for $600 million. AVIC acquired 51 percent of the company, and BHR acquired 49 percent.12 According to reports, the acquisition of Henniges by BHR and AVIC was the “biggest Chinese investment into US automotive manufacturing assets to date.”13 Because the acquisition gave Chinese companies direct control of Henniges’ anti-vibration technologies, the transaction was reviewed by CFIUS. CFIUS approved the transaction despite reports that in 2007, years before BHR teamed up with AVIC’s subsidiary, AVIC was reportedly involved in stealing sensitive data regarding the Joint Strike Fighter program. AVIClater reportedly incorporated the stolen data into China’s J-20 and J-31 aircraft.14

You will notice numbered footnotes in the text above. That text is in part of a letter sent by Senator Grassley (Senate Finance Committee) to Treasury Secretary Mnuchin this past August. It is uncertain if Treasury did respond to the letter. But hold on there is more.

In May of 2016, the Wall Street Journal had an interesting piece regarding the sale of fake Indian tribal bonds. 7 people were charged of this fraud. Among them was a former campaign adviser to Secretary of State John Kerry and a second man once dubbed by the media “porn’s new king” along with five others. Devon Archer, an advisor to Mr. Kerry’s presidential campaign in 2004 and Jason Galanis a former investor in the adult entertainment business allegedly duped clients into investing more than $43 million in sham bonds in 2014 and 2015.

Image result for Rosemont Seneca Bohai, LLC

Now Devon Archer and Hunter Biden were best of buddies. In 2014, there was a lot of money flowing into a Morgan Stanley account under the name of Rosemont Seneca Bohai, LLC c/o Devon Archer.

 

Rosemont Seneca Partners Co… by JohnSolomon on Scribd

Now, we must remember that the United States has a ‘Mutual Legal Assistance Treaty’ (MLAT) with several countries.

Click here for the presentation of the Mutual Legal Assistance Treaty

This is an agreement between two or more countries for the purpose of gather and exchanging information in a effort to enforce laws and prosecute public or criminal cases that include witness statements, service of documents, forfeiture, illicit assets, terrorism, sanctions, freezing accounts, restraining orders, judgement, subpoenas, transfers of financial instruments, security, regulations and disclosures. Most of the time these cases are a result of transnational organized crime, tax evasions or money-laundering. Other cooperative international agencies include Europol, Interpol repatriation organizations including the FBI and the United Nations.

So Nancy, with assistance of some in the Senate, the Treasury Department and the Trump White House, Trump is doing the right thing by following the law, draining the swamp and asking for continued foreign cooperation in fraud cases. Hold your powder everyone, this will get very interesting.

Time to Place a Terror Status on Drug Cartels

Posted on by

President Trump has long pledged to sign off on declaring drug cartels as terror organizations going back to at least March of 2019.

Mexican security forces on Sunday killed seven more members of a presumed cartel assault force that rolled into a town near the Texas border and staged an hour-long attack, officials said, putting the overall death toll at 20.

The Coahuila state government said in a statement that lawmen aided by helicopters were still chasing remnants of the force that arrived in a convoy of pickup trucks and attacked the city hall of Villa Union on Saturday.

The reason for the military-style attack remained unclear. Cartels have been contending for control of smuggling routes in northern Mexico, but there was no immediate evidence that a rival cartel had been targeted in Villa Union.

Earlier Sunday, the state government had issued a statement saying seven attackers were killed Sunday in addition to seven who died Saturday. It had said three other bodies had not been identified, but its later statement lowered the total deaths to 20.

Death toll put at 20 for Mexico cartel attack near US ...

The governor said the armed group — at least some in military style garb — stormed the town of 3,000 residents in a convoy of trucks, attacking local government offices and prompting state and federal forces to intervene. Bullet-riddled trucks left abandoned in the streets were marked C.D.N. — Spanish initials of the Cartel of the Northeast gang.

Given the recent deaths in two attacks, momentum is building and what is taking so long? Frankly, it comes down to the trade deal(s) between the United States and Mexico which has been approved by Mexico, Canada and the Unites States but not ratified yet by our own Congress.

For some context on how easy it is to apply sanctions regarding ‘countering narcotics trafficking’ there is a law titled the King Pin Act. Recently updated this past June, The Foreign Narcotics King Pin Designation Act has 32 pages, two columns of named individuals or organizations.

In part of this law for reference includes:

THE KINGPIN ACT

On December 3, 1999, the President signed into law the Kingpin Act (21 U.S.C. §§
1901-1908 and 8 U.S.C § 1182), providing authority for the application of
sanctions to significant foreign narcotics traffickers and their organizations
operating worldwide. Section 805(b) of the Kingpin Act blocks all property and
interests in property within the United States, or within the possession or
control of any U.S. person, which are owned or controlled by significant foreign
narcotics traffickers, as identified by the President, or foreign persons
designated by the Secretary of the Treasury, after consultation with the
Attorney General, the Director of Central Intelligence, the Director of the
Federal Bureau of Investigation, the Administrator of the Drug Enforcement
Administration, the Secretary of Defense, the Secretary of Homeland Security,
and the Secretary of State, as meeting the criteria as identified in the Kingpin
Act.

On July 5, 2000, OFAC issued the Foreign Narcotics Kingpin Sanctions
Regulations, 31 C.F.R. Part 598, which implement the Kingpin Act and block all
property and interests in property within the United States, or within the
possession or control of any U.S. person, which are owned or controlled by
specially designated narcotics traffickers, as identified by the President, or
foreign persons designated by the Secretary of the Treasury, after consultation
with the Attorney General, the Director of Central Intelligence, the Director of
the Federal Bureau of Investigation, the Administrator of the Drug Enforcement
Administration, the Secretary of Defense, the Secretary of Homeland Security and
the Secretary of State, as meeting the following criteria:

• Materially assists in, or provides financial or technological support for or
to, or provides goods or services in support of, the international narcotics
trafficking activities of a specially designated narcotics trafficker;

• Owned, controlled, or directed by, or acts for or on behalf of, a specially
designated narcotics trafficker; or

• Plays a significant role in international narcotics trafficking.

III. PROHIBITED TRANSACTIONS

E.O. 12978

E.O. 12978 blocks the property and interests in property in the United States,
or in the possession or control of U.S. persons, of the persons listed in the
Annex to E.O. 12978, as well as of any foreign person determined by the
Secretary of the Treasury, after consultation with the Attorney General and the
Secretary of State, to be a specially designated narcotics trafficker.

The names of persons and entities listed in the Annex to E.O. 12978 or
designated pursuant to E.O. 12978, whose property and interests in property are
therefore blocked, are published in the Federal Register and incorporated into
OFAC’s list of Specially Designated Nationals and Blocked Persons (SDN List)
with the OFAC program tag “[SDNT].” The SDN List is available through OFAC’s web
site: http://www.treasury.gov/sdn.

THE KINGPIN ACT

The Kingpin Act blocks all property and interests in property within the United
States, or within the possession or control of any U.S. person, of the persons,
identified by the President, or foreign persons designated by the Secretary of
the Treasury, after consultation with the previously identified federal
agencies.

So, what is the problem? Actually it is likely the top government officials of Mexico would be sanctioned and the government itself would fall. The other suggestion is U.S. domestic banks would be implicated as well as some city officials in the United States including Los Angeles, Chicago, New York, Newark and Miami.

The consequences are huge but it is time.

Erdogan of Turkey to Visit Trump White House

Posted on by

This visit is on and off and maybe on again. The meeting is scheduled the same day as the open impeachment inquiry hearings begin.

President Erdogan is angry with the United States due to Congress moving legislation to apply sanctions that would affect Turkey as a result of the invasion into Syria.

Turkey has been threatening Europe, especially Germany with more migrants and Chancellor Merkel capitulated. Erdogan is in fact deporting what he calls ISIS fighters to their home countries including the United States. Stating that Turkey is not a hotel, even if the home country has revoked citizenship, he is deporting them.

Now that Erdogan feels like he is in the driver’s seat, he has been also bombing Iraq as recently as last week.

On Tuesday morning Turkish air strikes targeted Kurdish forces on Sinjar Mountain in northern Iraq.

According to initial reports, the Turkish Air Force struck at bases used by the Kurdistan Workers Party, or PKK, and its ally, the Yazidi Shingal Protection Units.

If Erdogan does meet President Trump it is going to be an interesting session. Trump is slated to confront Erdogan about buying the Russian air defense system and the recent three sanctions that Trump lifted could easily be applied again. Tensions are in fact high.

This is what happened the last time Erdogan was in Washington DC.
U.S. Secret Service agents were among those attacked during the May 16, 2017 protests. Two Diplomatic Security special agents, six U.S. Secret Service officers and one MPD officer sustained multiple injuries, with at least one taken to the hospital.

THAWING TIES: Erdogan to meet Trump | Local News for ...

Just last month, the House of Representatives passed a resolution 405-11 reaffirming the United States’ condemnation of “the killing of 1.5 million Armenians by the Ottoman Empire from 1915 to 1923.”

“Whereas Raphael Lemkin, who coined the term genocide in 1944, and who was the earliest proponent of the United Nations Convention on the Prevention and Punishment of Genocide, invoked the Armenian case as a definitive example of genocide in the 20th century,” the resolution states.

Turkey does not recognize the loss of 1.5 Armenians as genocide.

Meanwhile, a closer look at Turkey reveals the following:

 

  • In Germany, Turkey controls 900 mosques out of a total of 2,400. These Islamic centers not only serve members of the Turkish diaspora, but also stop them from assimilating into German society. Speaking with Turks in Germany, Erdogan urged them not to assimilate, and called the assimilation of migrants in Europe “a crime against humanity.”
  • Erdogan has also been expanding Turkey beyond its borders – starting with Cyprus, the Greek Islands, Suakin Island (Sudan) and Syria.
  • Mosques, migrants and the military are now Erdogan’s new weapons in his threats against the West.

Erdogan is the head of NATO’s second-largest army; he has spies throughout Europe through a network of mosques, associations and cultural centers; he has brought his country to the top of the world rankings for the number of imprisoned journalists and has shut the mouth of German comedians with the threat of legal action. By keeping migrants in Turkish refugee camps, he controls immigration to Europe.

The worse Erdogan behaves, the greater his weight in Europe. In a 2015 meeting, Erdogan reportedly was “openly mocking” European Commission President Jean-Claude Juncker and other “senior European leaders”, as Juncker asked Erdogan to consider how he was treated “like a prince” at a Brussels summit.

Turkey’s 2018 military budget increased to $19 billion, 24% higher than 2017, according to a report by the Stockholm International Peace Research Institute. Erdogan has placed Turkey’s military — once a bastion of Turkish nationalism and secularism — under his political authority. While Europe is pacifist and refuses to invest in its own security or, like Germany, support NATO’s budget, Turkey is belligerent.

Ever since his Justice and Development Party (AKP) became Turkey’s dominant political force in 2002, for Erdogan, elevating the public role of Islam has been more than a slogan. At public gatherings, the Turkish president has made the “rabia“, a hand gesture of four fingers raised and the thumb hidden, to protest the overthrow of Egypt’s Islamist then President Mohamed Morsi by Egypt’s military. Erdogan evidently sees himself as a global Islamic leader with national elections to win. Through four million Turkish Muslims in Germany and vast communities in the Netherlands, France, Austria and beyond, Erdogan does indeed have enormous influence in Europe.

Erdogan has also been expanding Turkey beyond its borders – starting with Cyprus, the Greek Islands, Suakin Island (Sudan) and Syria. “We are a big family of 300 million people from the Adriatic to the Great Wall of China”, Erdogan said in a recent speech from Moldova. The borders of Turkey, he stated in Izmir, span “from Vienna to the shores of the Adriatic Sea, from East Turkistan (China’s autonomous region of Xinjiang) to the Black Sea”. More here.

 

Syrian Henchmen Financial Sanctuary in Moscow

Posted on by

2011: Hillary Clinton declared that Bashir al Assad was a reformer.

Primer:

Rami Makhlouf: Wealthy, powerful cousin of Syria’s president

Makhlouf, 45, is Syria’s richest man and a member of what was described during U.S. Senate Committee on Foreign Relations hearings as a powerful “mafia” that also includes Syrian president Bashar Al-Assad, Makhklouf’s cousin. Before his country plunged into civil war, Makhlouf was allegedly worth $5 billion thanks to his control of monopolies and semi-monopolies in the air travel, telecommunications, real estate, oil and construction sectors. Makhlouf is on U.S. sanctions lists and is a known beneficiary of corruption.

***

Several Makhlouf family members, close cousins and accomplices of Syrian dictator Bashar al-Assad, have purchased tens of millions of dollars’ worth of properties in Moscow’s prestigious skyscraper district.

Headed by al-Assad’s uncle, Mohammed Makhlouf, the Makhloufs are considered to be Syria’s richest and second most important family. Before 2011, they controlled 60 percent of the Syrian economy, ostensibly acquired through years of corruption and intimidation.

GlobalWitness:

Our exposé of the Makhloufs’ properties is rare supporting evidence that lends substance to rumours of regime money being funnelled out of Syria throughout the war. Information about the regime’s assets and finances is notoriously scarce due to the terror fostered by al-Assad’s apparatus at home and abroad.

Our investigation further shows that the loans secured against some of the properties could be for the purposes of laundering money from Syria into Moscow. This opens the possibility that the money could then be moved into other jurisdictions, such as the EU, where members of the family are sanctioned.

Of the newly-revealed Moscow property purchases, the largest amount was bought by Hafez Makhlouf, one of Bashar al-Assad’s first cousins.

Hafez is accused of overseeing the killings and torture of detainees and protestors. Most of Hafez’s purchases were arranged using an opaque Lebanese loan structure that bears several hallmarks of money laundering, possibly with the purpose of moving the money beyond Russia.

Russia has been a key ally of the al-Assad family over their almost 50-year rule. It intervened on their side of the war in Syria in 2015, turning it in their favour through airstrikes and land offensives on opposition-controlled territory.

Reports of Russian banks aiding the Syrian regime surfaced in 2012 and 2013, after Western sanctions hit and the more powerful family members were stripped of European visas and their EU and Swiss bank accounts were frozen. Now it seems that the Syrian regime has been using Moscow as an alternative safe haven, and possibly a potential gateway for its ill-gotten gains to enter the wider financial system.

Hafez Makhlouf, who purchased US$22.3 million worth of property in Moscow’s ‘City of Capitals’ towers, was head of the Damascus ‘Section 40’ of Syria’s infamous General Intelligence Directorate until late 2014. This is the Syrian agency charged with quelling internal dissent, formerly and popularly known as the State Security service. As Damascus is the capital, this was already an important role, but Hafez appears to have had a great deal more authority than this official title reflects.

Testimony collected by Syrian human rights groups about Hafez’s Section 40 and its command branch, the Al-Khatib Branch, as well as wider testimony collected by journalists about the systemic use of torture by Syria’s intelligence services, points to how Hafez would have potentially overseen the detention of  thousands of Syrians and their subsequent abuse, and, in some cases, even murder.

Moreover, multiple regime defectors have since testified, in a 2019 book by journalist Sam Dagher, that Hafez was a hard-line member of Bashar al-Assad’s inner circle and one of his most influential advisers. According to the testimony, Hafez was one of two main advocates for crushing the demonstrations in 2011. Dagher’s book includes testimony from witnesses who saw Hafez shooting civilians in Douma and giving shoot-to-kill orders on hundreds of peaceful protestors in Daraa and Homs.

Makhlouf Family Tree Diagram english  When buying the Moscow office space in 2016, Hafez Makhlouf’s Russian-registered property companies took out loans using 11 of the properties as collateral. The complex structure of these loans disguises Hafez’s connection to the funds. This is characteristic of money laundering and could have been designed to establish money flows between Russia and Syria which would appear unconnected to Hafez, raising the possibility that the ultimate aim is to move the money out of Russia.

The loans were provided to Hafez’s Russian companies by a Lebanese company called Nylam SAL Offshore. The company is classified as ‘offshore’ in Lebanon; while Lebanese ‘offshore’ companies do not hide their owners like offshore companies in so-called secrecy jurisdictions like the British Virgin Islands, these companies do benefit from enhanced banking secrecy. The exact amount loaned by Nylam is unknown.

In 2018, two years after the property purchases, Hafez, the sole shareholder of his three Russian companies, passed his shares to Briana SAL Offshore, a Lebanese company with identical shareholders, directors and address as Nylam. Russian corporate records for the Russian property companies contain details about Briana because it is a shareholder. These records show that Briana states its country of business as Syria.

Russia’s biggest bank, Sberbank, provided banking services for at least one of the Russian property companies formerly owned by Hafez and now owned by Briana, a Russian corporate database shows.

As the loans from Nylam to Hafez’s Russian companies were international (coming into Russia from Lebanon), it is feasible that they were transacted in US dollars, which is the commonly used international currency. If that were the case, the money could have transited through Sberbank’s SWIFT payment system, which, according to anti-money laundering expert Graham Barrow, could risk breaching the terms of the US sanctions against Hafez Makhlouf.

The convoluted nature of the loans taken against the properties should have raised red flags with Sberbank, but it is unclear what due diligence was carried out on the loans.

Sberbank’s dealings with the Makhloufs are part of a broader pattern of major Russian banks helping the Syrian regime. In 2012 and 2013, both Reuters and Wall Street Journal reported that the al-Assad regime held accounts at Gazprombank and VTB, two of Russia’s largest banks, which, like Sberbank, have extensive international correspondent banking relationships. More here.