Category Archives: Treasury

Iran’s Nuclear Program, Deviations From JCPOA

Posted on by

Primer: from a former Pentagon official

The Iran nuclear agreement, formally known as the Joint Comprehensive Plan of Action (JCPOA), all but guaranteed a nuclear Iran no later than 2030, necessitating U.S. withdrawal at some point to prevent a critical threat to American national security interests. But there was no urgency for Washington to do so.

What was pressing, following the Iran-Russia alliance with Bashar al-Assad gaining the upper hand in Syria’s civil war in 2016-17, was to roll back Tehran’s growing regional hegemony. Addressing this first would also have offered Trump more leverage with Iran in correcting the nuclear deal’s deep flaws.

Trump pledged to address both elements of the Iranian threat, but he has resisted confronting Iran regionally. Recently, he insisted upon the urgency of pulling out of Syria once Islamic State is defeated and his desire to let “other people take care of it now.” Those caretakers would be Iranians and Russians. This approach will raise the likelihood of an Iranian-Israel conflict over Syria, where the Assad regime is believed to be behind a weekend chemical weapons attack that killed dozens near Damascus and which in turn is blaming Israel for an attack on a Syrian airbase that killed several Iranian military personnel 24 hours later. Much more here to his cogent summary.

Iran to continue building at Arak nuclear site despite ... Arak photo

MEMRI: In advance of Iran’s National Nuclear Technology Day, on April 9, this document focuses on a number of steps taken by the Iranian regime to maintain and further develop Iran’s nuclear capabilities – steps that deviate from the framework of the JCPOA nuclear deal, and that in some cases even blatantly violate it. This paper will address the following:

1. Iran’s intention to enrich uranium above the percentage permitted in JCPOA.

2. Leaving the plutonium core of the reactor at Arak unblocked and usable.

3. Iran’s refusal to allow International Atomic Energy Agency (IAEA) inspections at its military sites.

1. Iran Announces Decision “To Construct Naval Nuclear Propulsion” – While Naval Nuclear Propulsion Requires Uranium Enriched To 60%-90%

On December 13, 2016, just six months after the JCPOA was finalized, Iranian President Hassan Rohani sent a letter to Atomic Energy Organization of Iran (AEOI) director Ali Akbar Salehi instructing him as follows: “As part of Iran’s nuclear program for peaceful purposes, and in the framework of Iran’s international commitments, the AEOI must formulate a plan to produce nuclear fuel for naval transportation, in cooperation with [Iran’s] scientific and research centers.”[1] It should be noted that nuclear propulsion requires uranium enriched to 60%-90%.

Shortly thereafter, on December 26, 2016, AEOI deputy director and spokesman Behrouz Kamalvandi, who was a member of Iran’s nuclear negotiating team, clarified to the Iranian Arabic-language Al-‘Alam TV: “The fuel is in effect for ships and submarines. At this time, Iran has a naval fleet [deployed] around the world, and with regard to submarines, Iran has long-term plans…

“There are various types of [nuclear] fuel, even fuel at 95% [enrichment, which is suitable for developing a nuclear bomb]. What is important is that Iran wants to carry this out in accordance with the JCPOA, but this does not mean that if we require 20%[-enriched] fuel that we will abandon this [the plan to enrich uranium to 60%-90%].”[2]

On March 25, 2017, Majlis National Security and Foreign Policy Committee Chairman Alaa Al-Din Boroujerdi explained: “Iran’s naval potential must be addressed, because Iran has a great deal of international maritime transportation, and therefore we need to use nuclear fuel capability. This is a capability that we will leverage for the oceans, and for submarine fuel. The matter of nuclear fuel [for this purpose] is an issue on which the IAEA will be informed… To date, we have not received any objections in this matter from the international institutions.”[3]

It should be emphasized that submarines are not used for civilian or commercial maritime purposes. In an August 28, 2017 interview with the Iranian news agency IRNA, Salehi explained the matter of producing nuclear fuel for naval transportation, saying: “A horizon of 10-15 years should be set so that this project will materialize… At this time, the research team is ready, and we have given it a place to directly advance this project. It should be noted that this industry has its own complications. We must place a pressurized reactor on a vessel and we must consider the risks. If the vessel is harmed or sunk, peoples’ lives will be in danger.

“We have said many times that this type of activity is Iran’s certain right. It creates capability for us. I also spoke about this to [IAEA secretary-general Yukia] Amano, and the important thing is that our activity is carried out under IAEA oversight.”[4]

Iranian Deputy Foreign Minister Abbas Araghchi, who was  a senior member of the nuclear negotiating team, told Iranian Channel One in a January 13, 2018  interview: “We have responded to America’s moves for renewal of the ISA [Congress’s 1996 Iran Sanctions Act, extended by the Senate on December 1, 2016 for a further 10 years], and Iranian President [Rohani] has ordered the production of nuclear fuel [for maritime transportation, which requires enrichment to 60%-90%], and this is considered a strategic move [on our part].”[5]

On February 22, 2018, an IAEA report noted for the first time that Iran had, in a January 6, 2018 letter, informed the agency that it had decided “to construct naval nuclear propulsion in future.” The IAEA said in the report that it had asked Tehran to provide “further clarifications and amplifications under the Additional Protocol” by May 2018.

Also according to the IAEA report, Iran had added that since this matter was still in the early stages, it would provide the required information as soon as it was available.[6]

Significance

The Iranian regime’s intention to “construct naval nuclear propulsion” means only one thing: an advance announcement that it intends to enrich uranium to a higher level that it was permitted on the JCPOA (3.67%) to a level of 60%-95% required for nuclear propulsion for ships or submarines. As noted, submarines are not used for civilian or commercial maritime traffic. It should be noted that 95% enriched uranium can be used by Iran to produce a nuclear bomb.

With this announcement, Iran is taking the first practical step to eliminating its fundamental obligation in the JCPOA not to enrich uranium above 3.67%.

2. Is Iran Permitted To Maintain The Plutonium Core At Arak?

According to a series of tweets on January 21-22 by Iranian Ambassador to the UK Hamid Baeidinejad, who was also a member of the Iranian nuclear negotiating team, during the talks for the JCPOA Iran had demanded that it be allowed to keep the core of the heavy water reactor at Arak undamaged. He added that Iran had filled only the core’s holes with cement, so that it could reactivate it when necessary, as had been previously confirmed by AEOI director Salehi (see below). Baeidinejad tweeted:

“For us, preserving the essence of the reactor at Arak as a heavy water reactor, and modernizing it, are considered the most important outcomes, and the achievement of which we are the most proud, in the JCPOA. The Western psy-ops organization wants to convert this triumph into a defeat [for us], and therefore presented a false picture of the filling of the reactor core with cement, which was attended by reporters who realized that this was fake. We must beware of the enemy’s plot.”[7]

“After we forced the members of the P5+1 into allowing us to preserve the reactor at Arak as a heavy water reactor, and to modernize it, they claimed that modernizing the core, i.e., the  calandria, meant replacing it with a new one. In order to prevent the misuse, or the possible use [of the old calandria], they insisted on sending it outside Iran.”[8]

“Iran objected to this, and noted that it would not send any of its nuclear equipment out of the country. After lengthy talks, we realized that there was a need to find a technical way to prevent the immediate use of the core. They proposed welding the core, which is steel, and cutting it into pieces.[9]

“Iran opposed this proposal and noted that it wants to put the core in a museum on public display showing the creativity of Iran’s scientists. Ultimately, it was suggested that the holes of the core, not the core itself, be filled with cement so that it could not be used immediately.”[10]

Supporters of Baeidinejad’s statements tweeted the photo below and noted that the image on the right had been doctored to show the core filled with cement, and that this photo had been circulated by opponents of the JCPOA in Iran who wanted to show a false picture of Iran’s submission to the demands of the West. The image on the left, they said, was an actual photo of the Arak reactor taken by the reporters mentioned by Baeidinejad.


Photos of the Arak plutonium reactor (Source: Twitter.com/Esferayn1/status/955385176221257728, January 22, 2018.

AEOI director Salehi also stated that the core had not been filled with cement, and that “we [actually] poured cement only into some of the reactor’s pipelines, [pipes] several centimeters in diameter and two to three meters long. [We poured it] not into the reactor itself but [only] into the external pipes… ” (see MEMRI Inquiry & Analysis No. 1341, Head Of Iran’s Atomic Energy Organization: Only External Pipelines Of Arak Reactor Were Filled With Cement, Its Core Was Not; Within Five Days, We Can Begin Enriching Uranium To 20%, September 1, 2017).

3. Is The IAEA Allowed Access To Iran’s Military Sites?

The discussion on the issue of IAEA access to Iran’s military sites has been ongoing since July 2015, with the passage of UN Security Council Resolution 2231 that set out the elements of the JCPOA. Iranian regime spokesmen continue to claim that neither the JCPOA, the NPT nor the Additional Protocol allow IAEA inspectors to enter Iranian military sites.

On January 14, 2018,  AEOI spokesman Behrouz Kamalvandi said: “No one in Iran will allow the IAEA access to the military sites, and this matter is not mentioned in the [NPT] treaty, the Additional Protocol, or the JCPOA. I reject the four conditions of the American president in the matter of continuing [the implementation ] of the JCPOA. In the past, there was the matter of visits to military sites such as Parchin. [But] this file was closed, and now there is no issue that the IAEA has presented in this matter that [justifies] allowing them access to military sites. The American president is making unfounded statements in this matter, perhaps because he knows that we, like other countries, are sensitive in this matter, and he expects us to immediately say that we do not agree and in fact oppose it vehemently. Thus he is trying to leverage [our refusal] so that he can say that Iran is not willing to allow access under any conditions.

“There are rules for access [to military sites]. We cannot possibly allow access casually, or allow [visits] out of [mere] curiosity. Everything [in this matter] has rules, and these rules are presented and set out in the Additional Protocol. Actually, the Protocol does not mention access to undeclared sites. Even when a particular place is declared [as nuclear, proof must be presented that] nuclear activity [actually] takes place there.

“We are conducting no nuclear activity whatsoever at any of our sites, and we are not a country that wants a [nuclear] bomb or weapons.

“It is the Americans who have stated that Iran wants [nuclear] weapons, and because they themselves are acting to [produce them?] at [their own] military sites, they have concluded that there must be access to these sites [in Iran].

“In recent years, the only instance presented in this matter was the issue of the PMD [Possible Military Dimension s] and they [the Americans] made a lot of noise about it for no reason. They raised the issue of Parchin, and after [IAEA General Director Amano] visited [there] and samples were provided [by Iran], it became clear that their noise in this matter was baseless, and this file was closed forever. Therefore the IAEA has not brought up any plan in the matter of access to military sites, and also is not talking about it [any longer]. If Trump thinks that Iran or any other country will open the doors of its sites, particular military sites, so that they [the West] will take advantage of this and want to spy, [he needs to know that] this is not going to happen in Iran, and that Iran will not allow anyone to do such a thing.

“Our obligations under the JCPOA are carried out according to the Additional Protocol. We are responding to the IAEA’s questions, and  complementary access  is in accordance with what is presented in the Additional Protocol. The IAEA has indicated this in several reports, and it is completely satisfied, and as of now no issue in the matter of access is on its table. If there are such matters, the IAEA must present them, and say so.

“It is inconceivable for America to say that it wants access to Iran’s military sites without asking the IAEA, or that it has any information at all on them [the sites] . These actions on its part are aimed solely at finding a pretext to elicit a negative response from Iran. Iran will certainly say ‘no,’ and this [access to its military sites] will not happen. Trump must not interpret this matter as Iran’s insufficient cooperation with the IAEA. We are sufficiently cooperating with the IAEA, as cooperation was clearly defined in the [NPT] treaty, in the [Additional] Protocol, and in the JCPOA. Even the IAEA has expressed satisfaction [with Iran’s cooperation]. The IAEA has no question in the matter that is on the table, and therefore it is not concerned. Trump needs to worry [only if] the IAEA is worried…”[11]

Iranian Deputy Foreign Minister Abbas Araghchi, told Iranian Channel One in his January 13, 2018 interview: “The Americans thought that visiting military centers constitutes a weak point for us, and Iran cannot agree to [these visits] in any way. They tried to pull the IAEA in this direction, and invested months of efforts in ripping up the JCPOA at Iran’s expense, but did not succeed…

“It is the IAEA that needs to determine where and what to visit. This is a technical and professional matter whose framework is set out in the Additional Protocol and the JCPOA.

“Our nuclear facilities are under oversight. Beyond this, there are principles. America cannot tell the IAEA where it should go. We have acted with the IAEA in a way that [the agency] always stresses – and that way is that Iran is fully cooperating [with it].

“The IAEA has not asked to visit military centers, and things don’t work that way either – i.e. that it asks and that we approve [the request]. We will not allow the IAEA to interfere any more than it has to…”[12]

 

* A. Savyon is Director of the MEMRI Iran Media Project; U. Kafash is a MEMRI Research Fellow.

Cyberwar: The new Forever Battle, Indicators of Compromise

Posted on by

The United States is in the midst of the most resounding policy shift on cyber conflict, one with profound implications for national security and the future of the internet. The just-released U.S. Cyber Command “vision” accurately diagnoses the current state of cyber conflict and outlines an appropriate new operational model for the command: since cyber forces are in “persistent engagement” with one another, U.S. Cyber Command must dive into the fight, actively contesting adversaries farther forward and with more agility and operational partnerships.

The vision, however, ignores many of the risks and how to best address them. Most importantly, the vision does not even recognize the risk that more active defense – in systems and networks in other, potentially friendly nations – persistently, year after year, might not work and significantly increases the chances and consequences of miscalculations and mistakes. Even if they are stabilizing, such actions may be incompatible with the larger U.S. goals of an open and free Internet. More here including the critique of the report.

US Cyber Command gets unified military command status ...

*** Meanwhile we know all too well about Russia and China’s cyber espionage, yet when proof surfaces by hacking into their documents for evidence….both countries begin another denial session. And Trump invited Putin to a bi-lateral meeting at the White House? Any bi-lateral meeting should take place outside the United States in a neutral location like Vanuatu or the Canary Islands….

TheTimes: Russian attempts to fuel dissent and spread disinformation have been exposed by a cache of leaked documents that show what the Kremlin is prepared to pay for hacking, propaganda and rent-a-mob rallies.

Hacked emails sent by Moscow-linked figures outline a dirty-tricks campaign in Ukraine, which was invaded on the orders of President Putin in 2014. Experts said that they exposed the dangers faced by Britain and its allies because Russia used the same weapons of disinformation, bribery and distortion to attack the West.

Bob Seely, a Tory MP and expert on Russian warfare, said his analysis of the leaks, which comprise thousands of emails and a password-protected document related to the conflict in Ukraine, revealed a “shopping list of subversion”.

“There is overwhelming evidence that the tools and techniques of Russian covert conflict are being used in and against the UK, the US and the EU,” he added. “In the wake of the Skripal poisoning it’s more important than ever that we understand these methods.”

The cost and extent of tactics were disclosed in a third tranche of the so-called Surkov leaks, named after Vladislav Surkov, a Kremlin spin-master said by some to be Mr Putin’s Rasputin.

Two previous tranches, published online by Ukrainian Cyber Alliance, a hacker activist collective, were said to include emails from an account linked to Mr Surkov. He has been closely involved with the management of Donetsk and Luhansk People’s Republics, two Russian-controlled “statelets” in Ukraine established by pro-Moscow separatists.

The latest publication appears to contain emails found in accounts linked to Inal Ardzinba, Mr Surkov’s first deputy, and to a Ukrainian Communist party leader. They suggest that the Kremlin paid local groups and individuals in Ukraine that were willing to advance its aim to fracture the country.

One set of correspondence from October 2014, which appears to have been sent by a Russian politician to Mr Ardzinba, contained proposals to fund cyberoperations, including hacking email accounts for between $100 and $300. A wider plan to “troll opponents”, “demotivate enemies” on social media, and amass the personal data of targeted individuals in Ukraine’s second largest city, Kharkiv, was priced at $130,500.

The Russian foreign ministry has denied in the past that Mr Ardzinba has had anything to do with propaganda in Ukraine. According to Mr Seely, the leaks appear to reveal plans to plant new historical and philosophical ideas. The emails also include an event and two books that would claim that an area of Ukraine had Russian heritage.

Other proposals included the orchestration of anti-Ukraine, pro-Russia rallies. These involved the transport of “sportsmen” trained in martial arts to agitate at the rallies, bribes to local media to feature the protests and bribes to police to turn a blind eye. A month of rallies in Kharkiv was priced at $19,200. It included 100 participants, three organisers and two lawyers. It is unclear if the rallies took place, though others orchestrated by the Kremlin did happen, the research said. Moves to get 30 ex-communist figures elected to local government were floated in June 2015, at $120,460, the leaks said.

The Kremlin has claimed in the past that the Surkov leaks are fabricated and in the information war between Ukraine and Russia falsehoods may have been planted. However, the authors of correspondence in the first two tranches confirmed their authenticity. They were supported by the Atlantic Council, an international affairs think tank, after an analysis of metadata.

In their analysis of the third tranche, Mr Seely and his co-researcher Alya Shandra, managing editor of an English-language Ukrainian news website, say the leaks are “very likely to be authentic”. Ms Shandra and Mr Seely plan to publish their report with the Royal United Services Institute.

Peter Quentin, a research fellow at the Royal United Services Institute, said: “There is no reason to believe these leaks are any less credible than the previous tranches. This third tranche certainly seems to fit with the trend of well-documented subversion by Russian activists in the region.”

Schiff Never Complained when Obama Normalized Relations with Putin

Posted on by

Remember, under the Obama administration, rogue nations such as Iran and Cuba were placed as among the world’s good actors. Hillary went to Russia with a ‘reset button’ and gave Moscow more authority and power in regions of major conflict. Yet it is Congressman Adam Schiff and his friendly democrat friends that are continuing to whine about Trump’s interactions with Russia or Russians.

So, Obama set the table on the friendly approach to Medvedev and Putin and Russian aggression around the world has more than threatened equilibrium, it is deadly.

Have you wondered why Bashir al Assad has not been brought before a global tribunal for war crimes?

UNITED NATIONS – Russia and China on Thursday vetoed a U.N. Security Council resolution referring the Syrian crisis to the International Criminal Court for investigation of possible war crimes, prompting angry responses from the proposal’s supporters who said the two countries should be ashamed.

This is the fourth time Russia and China have used their veto power as permanent council members to deflect action against the government of President Bashar Assad. The 13 other council members voted in favor of the resolution.

More than 60 countries signed on to support the French-drafted measure, in a dramatic demonstration of international backing for justice in the conflict which has sent millions fleeing and killed more than 160,000, according to activists. More here.

*** That is right, Russia has veto power and they have used it since at least 2014. Does it even make sense that Russia is part of the Security Council in the first place? Nope…

As the United States continues to fight against the Taliban in Afghanistan, who has been supplying the Taliban with weapons? Yup…Russia. You see, Russia has training operations with real fighting equipment and when the training is complete, they leave the high tech equipment behind and tell the Taliban to come get it.

Did Adam Schiff or Maxine Waters get on TV and demand impeachment over Obama’s relationship with Moscow? Nah….

While not a fan at all of MSNBC, Richard Engle however did an exceptional reporting piece on Putin including who else was to be assassinated by poison, including Christopher Steele of the Trump dossier.

So, in solidarity with Britain, the Trump administration took aggressive action in expelling several Russian diplomats (read spies) as did at least almost three dozen other countries. Trump also closed the Russian diplomatic post in Seattle. What was going on there was terrifying and it is questionable on why Obama did not order it closed in December of 2016. Read below for what the FBI knew and yet was unable to take action due to the Obama White House.

Escalating tit for tat, US orders Russian consulate closed ... Russian post in Seattle

Among the 27 countries that have retaliated for what is believed to be a Kremlin-ordered chemical-weapon attack on an ex-Russian intelligence officer and his daughter in Britain earlier this month, the United States took by far the most dramatic steps: ousting 60 diplomats in total, including 15 suspected intelligence operatives based at Russia’s United Nations Mission alone—the most significant action of its type since the Reagan administration. (The move prompted Russia, on Thursday, to announce the expulsion of 60 U.S. diplomats and the closure of the U.S. consulate in Saint Petersburg.) But it was the Trump administration’s announcement of the shuttering of Russia’s consulate in Seattle that turned heads. Why Seattle? What was going on there? Would the closure matter?

While Seattle is an important city for Russian intelligence collection efforts domestically, its consulate’s profile has generally been quieter than San Francisco’s or New York’s, according to two former U.S. intelligence officials who asked to remain anonymous but have knowledge of Russian activities in these areas. But the closure of the consulate is noteworthy nonetheless: Along with the administration’s shuttering of the San Francisco consulate in 2017, Russia will now lack a diplomatic facility west of Houston, or any diplomatic presence on the West Coast for the first time since 1971. Russian intelligence officers—at least those under diplomatic cover—will no longer operate in easy proximity to America’s two great tech capitals. Indeed, at least in Seattle, suspected Russia spies have already been caught attempting to infiltrate local tech companies.

“Certainly, there were enough issues that were important to the Russians in Seattle—the naval bases, Microsoft, Boeing, Amazon,” says John Sipher, a former CIA officer who worked closely with the FBI on counterespionage issues. “There was always nervousness within the national security agencies that the sheer number of ethnic Russians in these industries was something the Russians could take advantage of. I don’t know if closing Seattle was a strategic choice; nonetheless, the concentration of high-tech and military resources makes it a sensible target.”

After the closure of the Russian consulate in San Francisco, former senior U.S. intel officials told me that facility had, for decades, functioned as the primary hub for Russian intelligence-gathering in the Western United States. It featured key classified communications systems, and was a crucial collection center in Russia’s long-running effort to map out America’s fiber-optic cable network.

One of the two anonymous former intelligence officials I spoke with called Seattle a top-five U.S. city for Russian counterintelligence work, but a “smaller operation” than San Francisco. Seattle did not have the same type of communications facilities as San Francisco, the two former officials said. In fact, Russian diplomats used to regularly drive a van with protected diplomatic information from San Francisco to Seattle, said a second official, though the frequency of those trips decreased over time, when U.S. officials suspected the Russians had begun to move their communications to encrypted channels online.

Still, the Seattle area has some rich espionage targets. Firms like Boeing and Microsoft have long been of interest to Russian operatives, the former intel officials said. So have the many military bases in the area, including, pre-eminently, Naval Base Kitsap, located just across the Puget Sound from Seattle and home to eight nuclear-armed submarines. Administration officials have openly cited the Seattle consulate’s proximity to Boeing, and sensitive military bases, as reasons for its closure.

Because there is a seven-hour float from Kitsap to these nuclear-armed submarines’ dive point, the two former officials said, there are numerous opportunities to track the subs’ movements—a longstanding concern for U.S. intelligence and military officials. Knowing when a submarine is headed out to sea or how many submarines are running patrols at a given time, and potentially identifying new technologies on these vessels, are all valuable pieces of intelligence, these officials said. Moreover, U.S. intel officials have worried that in a worst-case-scenario—actual armed hostilities between the two countries—information gleaned from Russian operatives in the Pacific Northwest could be used to identify “choke points.” For instance, they might know the ideal places to fire a rocket-propelled grenade at a fishing boat in a narrow channel, which could prevent military vessels from deploying.

In the past, suspected intel operatives based at Russia’s Seattle consulate were observed engaging in the same sorts of behavior as their counterparts in San Francisco, the two former intel officials said, including tracking down potential fiber-optic nodes (as part of Russia’s long-term effort to map where data were being transferred), or Cold War-era intelligence-collection sites, in Northwestern forests. U.S. officials also believed Russian operatives were traveling to remote beaches in the area in order to “signal,” or cryptically transmit and receive data, with interlocutors offshore. (There was a specific beach in Oregon these individuals would favor, the two former officials said.)

More recently, however, these activities appeared to die down, these individuals said, an event one of the former intel officials attributes to Edward Snowden’s 2013 disclosures, which some in the intelligence community believe led Russia to overhaul its strategies for domestic intelligence-gathering. Generally, this person said, Seattle seemed like a “proving ground” for junior Russian intelligence officers, a place to send less-experienced operatives to acclimate them to the United States. After Snowden, U.S. intel officials started seeing more “travelers” in the Seattle area—suspected intelligence operatives working under both diplomatic and nonofficial cover—flying in remotely to meet with individuals, the two former officials said.

The biggest Russia-related concern in Seattle was “cyber-related activities,” which were separate from the consulate, the two former officials said—including those of the local Kaspersky Labs affiliate. In July 2017, U.S. officials banned Moscow-based Kaspersky, which produces anti-virus software, from being used on any government computers, over fears about the company’s connections to Russian intelligence. U.S. counterintelligence officials were concerned that Kaspersky was being used as a tool for Russian covert communications, the two former officials said, and were also examining whether individuals affiliated with Kaspersky were actual engaging in cyber-espionage domestically. “As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the company has never helped, nor will help, any government in the world with its cyber espionage efforts,” a spokesperson for Kaspersky said. “The U.S. government actions against Kaspersky Lab lack sufficient basis, are unconstitutional, have been taken without any evidence of wrongdoing by the company, and rely upon subjective, non-technical public sources, such as uncorroborated and often anonymously sourced media reports, related claims, and rumors, which is why the company has challenged the validity of these actions in federal court.“

“Was Kaspersky looking at Microsoft or Boeing as opportunities to exploit? Was it just business development? Or were they actually engaged in trying to penetrate these enterprises?” asked one of the former officials. “The suspicions on Kaspersky have pretty much been borne out … when you look at the recent U.S. government decision, and what has been publicly reported on what the Israelis have been able to find out.” In 2017 the New York Times reported that Israeli intelligence had hacked into a Russian espionage operation, observing Russian operatives using back doors in Kaspersky software to scan for, and purloin, U.S. intelligence documents.

Russia’s interest in Microsoft is also well-documented. In 2010, U.S. officials deported Alexey Karetnikov, a 23-year-old Russian national, from the Seattle area, where he had been working at Microsoft as a software tester. U.S. officials believed he was actually a Russian intelligence officer, and linked him to the ring of 10 “illegals”—Russian deep-cover operatives who had been living in the United States—that U.S. officials had arrested and deported earlier that year. Two of those undercover operatives, Michael Zottoli and Patricia Mills (whose real names are Mikhail Kutsik and Natalia Pereverzeva), had lived in Seattle for years, even starting a family there. In Seattle, Kutsik worked at a telecommunications firm, and both operatives took finance classes at the University of Washington. In a 2017 article in Seattle Met Magazine, Kutsik and Pereverzeva’s former investments professor said he believed the Russians were interested in his class because many of his students went on to work for Amazon, Boeing or Microsoft. Kutsik, Pereverzeva and Karetnikov were not known to have been coordinating their activities with the Seattle consulate, one of the former officials said.

Even as Russian espionage continues to migrate outside consular facilities—to travelers, and individuals working locally under nonofficial cover—it is “no coincidence” that both shuttered diplomatic outposts were on the West Coast, said one of the former officials. No matter when—or if—these two consulates are reopened, Russian interest in the West Coast is likely to continue far into the foreseeable future.

Where is Adam Schiff now?

 

9 Iranians Charged in Hacking 176 Universities, Intellectual Property

Posted on by

Nine Iranians Charged With Conducting Massive Cyber Theft Campaign On Behalf Of The Islamic Revolutionary Guard Corps

Mabna Institute Hackers Penetrated Systems Belonging to Hundreds of Universities, Companies, and Other Victims to Steal Research, Academic Data, Proprietary Data, and Intellectual Property

Rod J. Rosenstein, the Deputy Attorney General of the United States, Geoffrey S. Berman, the United States Attorney for the Southern District of New York, William F. Sweeney Jr., the Assistant Director-in-Charge of the New York Field Division of the Federal Bureau of Investigation (“FBI”), and John C. Demers, Assistant Attorney General for National Security, announced today the unsealing of an indictment charging GHOLAMREZA RAFATNEJAD, EHSAN MOHAMMADI, ABDOLLAH KARIMA, a/k/a “Vahid Karima,” MOSTAFA SADEGHI, SEYED ALI MIRKARIMI, MOHAMMED REZA SABAHI, ROOZBEH SABAHI, ABUZAR GOHARI MOQADAM, and SAJJAD TAHMASEBI.  The defendants were each leaders, contractors, associates, hackers-for-hire, and affiliates of the Mabna Institute, an Iran-based company that was responsible for a coordinated campaign of cyber intrusions that began in at least 2013 into computer systems belonging to 144 U.S.-based universities, 176 universities across 21 foreign countries, 47 domestic and foreign private sector companies, the United States Department of Labor, the Federal Energy Regulatory Commission, the State of Hawaii, the State of Indiana, the United Nations, and the United Nations Children’s Fund.  Through the activities of the defendants, the Mabna Institute conducted these intrusions to steal over 30 terabytes of academic data and intellectual property from universities, and email inboxes from employees of victim private sector companies, government victims, and non-governmental organizations.  The defendants conducted many of these intrusions on behalf of the Islamic Republic of Iran’s (“Iran”) Islamic Revolutionary Guard Corps (“IRGC”), one of several entities within the government of Iran responsible for gathering intelligence, as well as other Iranian government clients.  In addition to these criminal charges, today the Department of Treasury’s Office of Foreign Assets Control (OFAC) designated the Mabna Institute and the nine defendants for sanctions for the malicious cyber-enabled activity outlined in the Indictment.

Deputy Attorney General Rod J. Rosenstein said:  “These nine Iranian nationals allegedly stole more than 31 terabytes of documents and data from more than 140 American universities, 30 American companies, five American government agencies, and also more than 176 universities in 21 foreign countries.  For many of these intrusions, the defendants acted at the behest of the Iranian government and, specifically, the Iranian Revolutionary Guard Corps.  The Department of Justice will aggressively investigate and prosecute hostile actors who attempt to profit from America’s ideas by infiltrating our computer systems and stealing intellectual property.  This case is important because it will disrupt the defendants’ hacking operations and deter similar crimes.”

Manhattan U.S. Attorney Geoffrey S. Berman said:  “Today, in one of the largest state-sponsored hacking campaigns ever prosecuted by the Department of Justice, we have unmasked criminals who normally hide behind the ones and zeros of computer code.  As alleged, this massive and brazen cyber-assault on the computer systems of hundreds of universities in 22 countries, including the United States, and dozens of private sector companies and governmental organizations was conducted on behalf of Iran’s Islamic Revolutionary Guard.  The hackers targeted innovations and intellectual property from our country’s greatest minds.  These defendants are now fugitives from American justice, no longer free to travel outside Iran without risk of arrest.  The only way they will see the outside world is through their computer screens, but stripped of their greatest asset – anonymity.”

FBI Assistant Director William F. Sweeney Jr. said:  “The numbers alone in this case are staggering, over 300 universities and 47 private sector companies both here in the United States and abroad were targeted to gain unauthorized access to online accounts and steal data.  An estimated 30 terabytes was removed from universities’ accounts since this attack began, which is roughly equivalent of 8 billion double-sided pages of text.  It is hard to quantify the value on the research and information that was taken from victims but it is estimated to be in the billions of dollars. The nine Iranians indicted today now find themselves wanted by the FBI and our partner law enforcement agencies around the globe – and like other cyber criminals they will soon learn their ability to freely move was just limited to the virtual world only.”

According to the allegations contained in the Indictment[1] unsealed today in Manhattan federal court:

Background on the Mabna Institute

GHOLAMREZA RAFATNEJAD and EHSAN MOHAMMADI, the defendants, founded the Mabna Institute in approximately 2013 to assist Iranian universities and scientific and research organizations in stealing access to non-Iranian scientific resources.  In furtherance of its mission, the Mabna Institute employed, contracted, and affiliated itself with hackers-for-hire and other contract personnel to conduct cyber intrusions to steal academic data, intellectual property, email inboxes and other proprietary data, including ABDOLLAH KARIMA, a/k/a “Vahid Karima,” MOSTAFA SADEGHI, SEYED ALI MIRKARIMI, MOHAMMED REZA SABAHI, ROOZBEH SABAHI, ABUZAR GOHARI MOQADAM, and SAJJAD TAHMASEBI.  The Mabna Institute contracted with both Iranian governmental and private entities to conduct hacking activities on their behalf, and specifically conducted the university spearphishing campaign on behalf of the IRGC.  The Mabna Institute is located at Tehran, Sheikh Bahaii Shomali, Koucheh Dawazdeh Metri Sevom, Plak 14, Vahed 2, Code Posti 1995873351.

University Hacking Campaign

The Mabna Institute, through the activities of the defendants, targeted over 100,000 accounts of professors around the world.  They successfully compromised approximately 8,000 professor email accounts across 144 U.S.-based universities, and 176 universities located in foreign countries, including Australia, Canada, China, Denmark, Finland, Germany, Ireland, Israel, Italy, Japan, Malaysia, Netherlands, Norway, Poland, Singapore, South Korea, Spain, Sweden, Switzerland, Turkey, and the United Kingdom.  The campaign started in approximately 2013, and has continued through at least December 2017, and broadly targeted all types of academic data and intellectual property from the systems of compromised universities, including, among other things, academic journals, theses, dissertations, and electronic books.  Through the course of the conspiracy, U.S.-based universities spent over approximately $3.4 billion to procure and access such data and intellectual property.

The hacking campaign against universities was conducted across multiple stages.  First, the defendants conducted online reconnaissance of university professors, including to determine these professors’ research interests and the academic articles they had published.  Second, using the information collected during the reconnaissance phase, the defendants created and sent spearphishing emails to targeted professors, which were personalized and created so as to appear to be sent from a professor at another university.  In general, those spearphishing emails indicated that the purported sender had read an article the victim professor had recently published, and expressed an interest in several other articles, with links to those additional articles included in the spearphishing email.  If the targeted professor clicked on certain links in the email, the professor would be directed to a malicious Internet domain named to appear confusingly similar to the authentic domain of the recipient professor’s university.  The malicious domain contained a webpage designed to appear to be the login webpage for the victim professor’s university.  It was the defendants’ intent that the victim professor would be led to believe that he or she had inadvertently been logged out of his or her university’s computer system, prompting the victim professor for his or her login credentials.  If a professor then entered his or her login credentials, those credentials were then logged and captured by the hackers.

Finally, the members of the conspiracy used stolen account credentials to obtain unauthorized access to victim professor accounts, through which they then exfiltrated intellectual property, research, and other academic data and documents from the systems of compromised universities, including, among other things, academic journals, theses, dissertations, and electronic books.  The defendants targeted data across all fields of research and academic disciplines, including science and technology, engineering, social sciences, medical, and other professional fields.  At least approximately 31.5 terabytes of academic data and intellectual property from compromised universities were stolen and exfiltrated to servers under the control of members of the conspiracy located in countries outside the United States.

In addition to stealing academic data and login credentials for university professors for the benefit of the Government of Iran, the defendants also sold the stolen data through two websites, Megapaper.ir (“Megapaper”) and Gigapaper.ir (“Gigapaper”).  Megapaper was operated by Falinoos Company (“Falinoos”), a company controlled by ABDOLLAH KARIMA, a/k/a “Vahid Karima,” the defendant, and Gigapaper was affiliated with KARIMA.  Megapaper sold stolen academic resources to customers within Iran, including Iran-based public universities and institutions, and Gigapaper sold a service to customers within Iran whereby purchasing customers could use compromised university professor accounts to directly access the online library systems of particular United States-based and foreign universities.

Prior to the unsealing of the Indictment, the FBI provided foreign law enforcement partners with detailed information regarding victims within their jurisdictions, so that victims in foreign countries could be notified and so that foreign partners could assist in remediation efforts.

Private Sector Hacking Victims

In addition to targeting and compromising universities, the Mabna Institute defendants targeted and compromised employee email accounts for at least approximately 36 United States-based private companies, and at least approximately 11 private companies based in Germany, Italy, Switzerland, Sweden, and the United Kingdom, and exfiltrated entire email mailboxes from compromised employees’ accounts.  Among the United States-based private sector victims were three academic publishers, two media and entertainment companies, one law firm, 11 technology companies, five consulting firms, four marketing firms, two banking and/or investment firms, two online car sales companies, one healthcare company, one employee benefits company, one industrial machinery company, one biotechnology company, one food and beverage company, and one stock images company.

In order to compromise accounts of private sector victims, members of the conspiracy used a technique known as “password spraying,” whereby they first collected lists of names and email accounts associated with the intended victim company through open source Internet searches.  Then, they attempted to gain access to those accounts with commonly-used passwords, such as frequently used default passwords, in order to attempt to obtain unauthorized access to as many accounts as possible.  Once they obtained access to the victim accounts, members of the conspiracy, among other things, exfiltrated entire email mailboxes from the victims.  In addition, in many cases, the defendants established automated forwarding rules for compromised accounts that would prospectively forward new outgoing and incoming email messages from the compromised accounts to email accounts controlled by the conspiracy.

In connection with the unsealing of the Indictment, today the FBI issued a FBI Liaison Alert System (FLASH) message, providing detailed information regarding the vulnerabilities targeted and the intrusion vectors used by the Mabna Institute in their campaign against private sector companies, to provide the public with information to assist in detecting and remediating the threat.

U.S. Government and NGO Hacking Victims

In the same time period as the university and private sector hacking campaigns described above, the Mabna Institute also conducted a computer hacking campaign against various governmental and non-governmental organizations within the United States.  During the course of that campaign, employee login credentials were stolen by members of the conspiracy through password spraying.  Among the victims were the following, all based in the United States:  the United States Department of Labor, the Federal Energy Regulatory Commission, the State of Hawaii, the State of Indiana, the State of Indiana Department of Education, the United Nations, and the United Nations Children’s Fund.  As with private sector victims, the defendants targeted for theft email inboxes of employees of these organizations.

*                *                *

GHOLAMREZA RAFATNEJAD, EHSAN MOHAMMADI, ABDOLLAH KARIMA, a/k/a “Vahid Karima,” MOSTAFA SADEGHI, SEYED ALI MIRKARIMI, MOHAMMED REZA SABAHI, ROOZBEH SABAHI, ABUZAR GOHARI MOQADAM, and SAJJAD TAHMASEBI, the defendants, are citizens and residents of Iran.  Each is charged with one count of conspiracy to commit computer intrusions, which carries a maximum sentence of five years in prison; one count of conspiracy to commit wire fraud, which carries a maximum sentence of 20 years in prison; two counts of unauthorized access of a computer, each of which carries a maximum sentence of five years in prison; two counts of wire fraud, each of which carries a maximum sentence of 20 years in prison; and one count of aggravated identity theft, which carries a mandatory sentence of two years in prison.  The maximum potential sentences in this case are prescribed by Congress and are provided here for informational purposes only, as any sentencings of the defendants will be determined by the assigned judge.

Mr. Berman praised the outstanding investigative work of the FBI, the assistance of the United Kingdom’s National Crime Agency (NCA), and the support of the OFAC.  The case is being handled by the Office’s Complex Frauds and Cybercrime Unit.  Assistant United States Attorneys Timothy T. Howard, Jonathan Cohen, and Richard Cooper are in charge of the prosecution, with assistance provided by Heather Alpino and Jason McCullough of the National Security Division’s Counterintelligence and Export Control Section.

The charges contained in the Indictment are merely accusations and the defendants are presumed innocent unless and until proven guilty.

[1] As the introductory phrase signifies, the entirety of the text of the Indictment, and the description of the Indictment set forth herein, constitute only allegations, and every fact described should be treated as an allegation.

Attachment(s):
Download U.S. v. Rafatnejad et al Indictment
Topic(s):
Cyber Crime
Component(s):
USAO – New York, Southern
Press Release Number:
18-089

POTUS and Omnibus, No Line Item Veto?

Posted on by

2232 pages of stupid and everyone should take the time to just scan the $1.3 trillion spending bill. I got to page 184 last night and went to bed mad. There is no line item veto but there should be. President Trump can veto the whole truck load of crap and should. In place of the line item veto, he can wield his pen and sign an Executive Order eliminating countless crazy spending things or suspend some of the acts for the rest of his term. Something like the Food for Progress Act. And we are still bailing out the healthcare insurance companies…. anyway…there is also $687 million to address Russian interference. Just what is that plan?

  1. How about the Cloud Act? Foreign governments get access to our data? WHAT?   2. Okay how about Trump’s “wall funding.” It’s not a wall. It’s repairs, drones and pedestrian fencing – no construction. 3. Then we have the House Freedom Caucus with their letter to President Trump:   So…need more?  Conservative Review has these 10 items for your consideration.Here are the top 10 problems with the bill:

    1) Eye-popping debt: This bill codifies the $143 billion busting of the budget caps, which Congress adopted in February, for the remainder of this fiscal year. This is on top of the fact that government spending already increased $130 billion last year over the final year of Obama’s tenure. Although the Trump administration already agreed to this deal in February, the OMB put out a memo suggesting that Congress appropriate only $10 billion of the extra $63 billion in non-defense discretionary spending. Now it’s up to Trump to follow through with a veto threat. It’s not just about 2018. This bill paves the road to permanently bust the budget caps forever, which will lead to trillions more in spending and cause interest payments on the debt to surge past the cost of the military or even Medicaid in just eight years.

    Keep in mind that all the additional spending will be stuffed into just six months remaining to the fiscal year, not a 12-month period. A number of onerous bureaucracies will get cash booster shots instead of the cuts President Trump wanted.

    Remember when Mick Mulvaney said the fiscal year 2017 budget betrayal was needed so that he could do great things with the fiscal year 2018 budget? Good times.

    2) Bait and switch on the wall: Since this bill increases spending for everything, one would think that at least the president would get the $15 billion or so needed for the wall. No. The bill includes only $641 million for 33 miles of new border fencing but prohibits that funding for being used for concrete barriers. My understanding is that President Trump already has enough money to begin construction for roughly that much of the fence, and pursuant to the Secure Fence Act, he can construct any barrier made from any This actually weakens current law.

    3) Funds sanctuary cities: When cities and states downright violate federal law and harbor illegal aliens, Congress’ silence in responding to it is deafening. Cutting off block grants to states as leverage against this dangerous crisis wasn’t even under discussion, even as many other extraneous and random liberal priorities were seriously considered.

    4) Doesn’t fund interior enforcement: Along with clamping down on sanctuary cities, interior enforcement at this point is likely more important than a border wall. After Obama’s tenure left us with a criminal alien and drug crisis, there is an emergency to ramp up interior enforcement. Trump requested more ICE agents and detention facilities, but that call was ignored in this bill. Trump said that the midterms must focus on Democrats’ dangerous immigration policies. Well, this bill he is supporting ensures that they will get off scot-free.

    5) Doesn’t defund court decisions: Some might suggest that this bill was a victory because at least it didn’t contain amnesty. But we have amnesty right now, declared, promulgated, and perpetuated by the lawless judiciary. For Congress to pass a budget bill and not defund DACA or defund the issuance of visas from countries on Trump’s immigration pause list in order to fight back against the courts is tantamount to Congress directly passing amnesty.

    6) Funds Planned Parenthood: We have no right to a border wall or more ICE funding, but somehow funding for a private organization harvesting baby organs was never in jeopardy or even under discussion as a problem.

    7) Gun control without due process: Some of you might think I’m being greedy, demanding that “extraneous policies” be placed in a strict appropriations bill. Well, gun control made its way in. They slipped in the “Fix NICS” bill, which pressures and incentivizes state and federal agencies to add more people to the system even though there is already bipartisan recognition that agencies are adding people who should not be on the list, including veterans, without any due process in a court of law. They are passing this bill without the House version of the due process protections and without the promised concealed carry reciprocity legislation. Republicans were too cowardly to have an open debate on such an important issue, so they opted to tack it onto a budget bill, which is simply unprecedented. The bill also throws more funding at “school violence” programs when they refuse to repeal the gun-free zone laws that lie at the root of the problem.

    8) More “opioid crisis funding” without addressing the problem: The bill increases funding for “opioid addiction prevention and treatment” by $2.8 billion relative to last year, on top of the $7 billion they already spent in February. This is the ultimate joke of the arsonist pretending to act as the firefighter, because as we’ve chronicled in detail, these funds are being used to clamp down on legitimate prescription painkillers and create a de facto national prescription registry so that government can violate privacy and practice medicine. Meanwhile, the true culprits are illicit drugs and Medicaid expansion, exacerbated by sanctuary cities, as the president observed himself. Yet those priorities are jettisoned from the bill.

    9) Student loan bailout: The bill offers $350 million in additional student loan forgiveness … but only for graduates who take “lower-paid” government jobs or work for some non-profits! This was a big priority of Sen. Elizabeth Warren.  Government created this problem of skyrocketing student debt by fueling it with subsidies and giving the higher education cartel a monopoly of accreditation, among other things. Indeed, this very same bill increases Pell grants by $2 billion. But more money is always the solution, especially when it helps future government workers.

    10) Schumer’s Gateway projects earmark: Conservatives had a wish list of dozens of items, but it’s Schumer’s local bridge and tunnel project that got included. While the bill didn’t contain as much as Schumer asked for (remember the tactic of starting off high), the program would qualify for up to $541 million in new transportation funding. Also, the bill would open up $2.9 billion in grants through the Federal Transit Administration for this parochial project that should be dealt with on a state level. New York has high taxes for a reason.