Secret Planes, Russia, China and the United States oh My

 

Trifecta of Intel Chaos, Shadow Brokers, Wikileaks, NSA

photo

WikiLeaks announces “Vault 8”

Those releases were part of a series of leaks WikiLeaks called Vault 7. Now, WikiLeaks says Hive is just the first of a long string of similar releases, a series WikiLeaks calls Vault 8, which will consist of source code for tools previously released in the Vault 7 series.

The WikiLeaks announcement has sent shivers up the spines of infosec experts everywhere, as it reminded them of April this year when a hacking group named The Shadow Brokers published cyber-weapons allegedly stolen from the NSA.

Some of the tools included in that release have been incorporated in many malware families and have been at the center of all three major ransomware outbreaks that have taken place n 2017 — WannaCry, NotPetya, and Bad Rabbit. More here.

Security Breach and Spilled Secrets Have Shaken the N.S.A. to Its Core

A serial leak of the agency’s cyberweapons has damaged morale, slowed intelligence operations and resulted in hacking attacks on businesses and civilians worldwide

 

WASHINGTON — Jake Williams awoke last April in an Orlando, Fla., hotel where he was leading a training session. Checking Twitter, the cybersecurity expert was dismayed to discover that he had been thrust into the middle of one of the worst security debacles ever to befall American intelligence.

Mr. Williams had written on his company blog about the Shadow Brokers, a mysterious group that had somehow obtained many of the hacking tools the United States used to spy on other countries. Now the group had replied in an angry screed on Twitter. It identified him — correctly — as a former member of the National Security Agency’s hacking group, Tailored Access Operations, or T.A.O., a job he had not publicly disclosed. Then the Shadow Brokers astonished him by dropping technical details that made clear they knew about highly classified hacking operations that he had conducted.

America’s largest and most secretive intelligence agency had been deeply infiltrated.

“They had operational insight that even most of my fellow operators at T.A.O. did not have,” said Mr. Williams, now with Rendition Infosec, a cybersecurity firm he founded. “I felt like I’d been kicked in the gut. Whoever wrote this either was a well-placed insider or had stolen a lot of operational data.”

The jolt to Mr. Williams from the Shadow Brokers’ riposte was part of a much broader earthquake that has shaken the N.S.A. to its core. Current and former agency officials say the Shadow Brokers disclosures, which began in August 2016, have been catastrophic for the N.S.A., calling into question its ability to protect potent cyberweapons and its very value to national security. The agency regarded as the world’s leader in breaking into adversaries’ computer networks failed to protect its own.

“These leaks have been incredibly damaging to our intelligence and cyber capabilities,” said Leon E. Panetta, the former defense secretary and director of the Central Intelligence Agency. “The fundamental purpose of intelligence is to be able to effectively penetrate our adversaries in order to gather vital intelligence. By its very nature, that only works if secrecy is maintained and our codes are protected.”

With a leak of intelligence methods like the N.S.A. tools, Mr. Panetta said, “Every time it happens, you essentially have to start over.”

Fifteen months into a wide-ranging investigation by the agency’s counterintelligence arm, known as Q Group, and the F.B.I., officials still do not know whether the N.S.A. is the victim of a brilliantly executed hack, with Russia as the most likely perpetrator, an insider’s leak, or both. Three employees have been arrested since 2015 for taking classified files, but there is fear that one or more leakers may still be in place. And there is broad agreement that the damage from the Shadow Brokers already far exceeds the harm to American intelligence done by Edward J. Snowden, the former N.S.A. contractor who fled with four laptops of classified material in 2013.

Mr. Snowden’s cascade of disclosures to journalists and his defiant public stance drew far more media coverage than this new breach. But Mr. Snowden released code words, while the Shadow Brokers have released the actual code; if he shared what might be described as battle plans, they have loosed the weapons themselves. Created at huge expense to American taxpayers, those cyberweapons have now been picked up by hackers from North Korea to Russia and shot back at the United States and its allies.

A screenshot taken as ransomware affected systems worldwide last summer. The Ukrainian government posted the picture to its official Facebook page.

Millions of people saw their computers shut down by ransomware, with demands for payments in digital currency to have their access restored. Tens of thousands of employees at Mondelez International, the Oreo cookie maker, had their data completely wiped. FedEx reported that an attack on a European subsidiary had halted deliveries and cost $300 million. Hospitals in Pennsylvania, Britain and Indonesia had to turn away patients. The attacks disrupted production at a car plant in France, an oil company in Brazil and a chocolate factory in Tasmania, among thousands of enterprises affected worldwide.

American officials had to explain to close allies — and to business leaders in the United States — how cyberweapons developed at Fort Meade in Maryland, came to be used against them. Experts believe more attacks using the stolen N.S.A. tools are all but certain.

Inside the agency’s Maryland headquarters and its campuses around the country, N.S.A. employees have been subjected to polygraphs and suspended from their jobs in a hunt for turncoats allied with the Shadow Brokers. Much of the agency’s cyberarsenal is still being replaced, curtailing operations. Morale has plunged, and experienced cyberspecialists are leaving the agency for better-paying jobs — including with firms defending computer networks from intrusions that use the N.S.A.’s leaked tools.

“It’s a disaster on multiple levels,” Mr. Williams said. “It’s embarrassing that the people responsible for this have not been brought to justice.”

In response to detailed questions, an N.S.A. spokesman, Michael T. Halbig, said the agency “cannot comment on Shadow Brokers.” He denied that the episode had hurt morale. “N.S.A. continues to be viewed as a great place to work; we receive more than 140,000 applications each year for our hiring program,” he said.

Compounding the pain for the N.S.A. is the attackers’ regular online public taunts, written in ersatz broken English. Their posts are a peculiar mash-up of immaturity and sophistication, laced with profane jokes but also savvy cultural and political references. They suggest that their author — if not an American — knows the United States well.

“Is NSA chasing shadowses?” the Shadow Brokers asked in a post on Oct. 16, mocking the agency’s inability to understand the leaks and announcing a price cut for subscriptions to its “monthly dump service” of stolen N.S.A. tools. It was a typically wide-ranging screed, touching on George Orwell’s “1984”; the end of the federal government’s fiscal year on Sept. 30; Russia’s creation of bogus accounts on Facebook and Twitter; and the phenomenon of American intelligence officers going to work for contractors who pay higher salaries.

The Shadow Brokers have mocked the N.S.A. in regular online posts and released its stolen hacking tools in a “monthly dump service.”

One passage, possibly hinting at the Shadow Brokers’ identity, underscored the close relationship of Russian intelligence to criminal hackers. “Russian security peoples,” it said, “is becoming Russian hackeres at nights, but only full moons.”

Russia is the prime suspect in a parallel hemorrhage of hacking tools and secret documents from the C.I.A.’s Center for Cyber Intelligence, posted week after week since March to the WikiLeaks website under the names Vault7 and Vault8. That breach, too, is unsolved. Together, the flood of digital secrets from agencies that invest huge resources in preventing such breaches is raising profound questions.

Have hackers and leakers made secrecy obsolete? Has Russian intelligence simply outplayed the United States, penetrating the most closely guarded corners of its government? Can a work force of thousands of young, tech-savvy spies ever be immune to leaks?

Some veteran intelligence officials believe a lopsided focus on offensive cyberweapons and hacking tools has, for years, left American cyberdefense dangerously porous.

“We have had a train wreck coming,” said Mike McConnell, the former N.S.A. director and national intelligence director. “We should have ratcheted up the defense parts significantly.”

America’s Cyber Special Forces

At the heart of the N.S.A. crisis is Tailored Access Operations, the group where Mr. Williams worked, which was absorbed last year into the agency’s new Directorate of Operations.

The N.S.A.’s headquarters at Fort Meade in Maryland. Cybertools the agency developed have been picked up by hackers from North Korea to Russia and shot back at the United States and its allies. Jim Lo Scalzo/European Pressphoto Agency

T.A.O. — the outdated name is still used informally — began years ago as a side project at the agency’s research and engineering building at Fort Meade. It was a cyber Skunk Works, akin to the special units that once built stealth aircraft and drones. As Washington’s need for hacking capabilities grew, T.A.O. expanded into a separate office park in Laurel, Md., with additional teams at facilities in Colorado, Georgia, Hawaii and Texas.

The hacking unit attracts many of the agency’s young stars, who like the thrill of internet break-ins in the name of national security, according to a dozen former government officials who agreed to describe its work on the condition of anonymity. T.A.O. analysts start with a shopping list of desired information and likely sources — say, a Chinese official’s home computer or a Russian oil company’s network. Much of T.A.O.’s work is labeled E.C.I., for “exceptionally controlled information,” material so sensitive it was initially stored only in safes. When the cumulative weight of the safes threatened the integrity of N.S.A.’s engineering building a few years ago, one agency veteran said, the rules were changed to allow locked file cabinets.

The more experienced T.A.O. operators devise ways to break into foreign networks; junior operators take over to extract information. Mr. Williams, 40, a former paramedic who served in military intelligence in the Army before joining the N.S.A., worked in T.A.O. from 2008 to 2013, which he described as an especially long tenure. He called the work “challenging and sometimes exciting.”

T.A.O. operators must constantly renew their arsenal to stay abreast of changing software and hardware, examining every Windows update and new iPhone for vulnerabilities. “The nature of the business is to move with the technology,” a former T.A.O. hacker said.

Long known mainly as an eavesdropping agency, the N.S.A. has embraced hacking as an especially productive way to spy on foreign targets. The intelligence collection is often automated, with malware implants — computer code designed to find material of interest — left sitting on the targeted system for months or even years, sending files back to the N.S.A.

The same implant can be used for many purposes: to steal documents, tap into email, subtly change data or become the launching pad for an attack. T.A.O.’s most public success was an operation against Iran called Olympic Games, in which implants in the network of the Natanz nuclear plant caused centrifuges enriching uranium to self-destruct. The T.A.O. was also critical to attacks on the Islamic State and North Korea.

It was this cyberarsenal that the Shadow Brokers got hold of, and then began to release.

Like cops studying a burglar’s operating style and stash of stolen goods, N.S.A. analysts have tried to figure out what the Shadow Brokers took. None of the leaked files date from later than 2013 — a relief to agency officials assessing the damage. But they include a large share of T.A.O.’s collection, including three so-called “ops disks — T.A.O.’s term for tool kits — containing the software to bypass computer firewalls, penetrate Windows and break into the Linux systems most commonly used on Android phones.

Evidence shows that the Shadow Brokers obtained the entire tool kits intact, suggesting that an insider might have simply pocketed a thumb drive and walked out.

But other files obtained by the Shadow Brokers bore no relation to the ops disks and seem to have been grabbed at different times. Some were designed for a compromise by the N.S.A. of Swift, a global financial messaging system, allowing the agency to track bank transfers. There was a manual for an old system code-named UNITEDRAKE, used to attack Windows. There were PowerPoint presentations and other files not used in hacking, making it unlikely that the Shadow Brokers had simply grabbed tools left on the internet by sloppy N.S.A. hackers.

After 15 months of investigation, officials still do not know what was behind the Shadow Brokers disclosures — a hack, with Russia as the most likely perpetrator, an insider’s leak, or both.

Some officials doubt that the Shadow Brokers got it all by hacking the most secure of American government agencies — hence the search for insiders. But some T.A.O. hackers think that skilled, persistent attackers might have been able to get through the N.S.A.’s defenses — because, as one put it, “I know we’ve done it to other countries.”

The Shadow Brokers have verbally attacked certain cyberexperts, including Mr. Williams. When he concluded from their Twitter hints that they knew about some of his hacks while at the N.S.A., he canceled a business trip to Singapore. The United States had named and criminally charged hackers from the intelligence agencies of China, Iran and Russia. He feared he could be similarly charged by a country he had targeted and arrested on an international warrant.

He has since resumed traveling abroad. But he says no one from the N.S.A. has contacted him about being singled out publicly by the Shadow Brokers.

“That feels like a betrayal,” he said. “I was targeted by the Shadow Brokers because of that work. I do not feel the government has my back.”

The Hunt for an Insider

For decades after its creation in 1952, the N.S.A. — No Such Agency, in the old joke — was seen as all but leakproof. But since Mr. Snowden flew away with hundreds of thousands of documents in 2013, that notion has been shattered.

The Snowden trauma led to the investment of millions of dollars in new technology and tougher rules to counter what the government calls the insider threat. But N.S.A. employees say that with thousands of employees pouring in and out of the gates, and the ability to store a library’s worth of data in a device that can fit on a key ring, it is impossible to prevent people from walking out with secrets.

The agency has active investigations into at least three former N.S.A. employees or contractors. Two had worked for T.A.O.: a still publicly unidentified software developer secretly arrested after taking hacking tools home in 2015, only to have Russian hackers lift them from his home computer; and Harold T. Martin III, a contractor arrested last year when F.B.I. agents found his home, garden shed and car stuffed with sensitive agency documents and storage devices he had taken over many years when a work-at-home habit got out of control, his lawyers say. The third is Reality Winner, a young N.S.A. linguist arrested in June, who is charged with leaking to the news site The Intercept a single classified report on a Russian breach of an American election systems vendor.

Mr. Martin’s gargantuan collection of stolen files included much of what the Shadow Brokers have, and he has been scrutinized by investigators as a possible source for them. Officials say they do not believe he deliberately supplied the material, though they have examined whether he might have been targeted by thieves or hackers.

But according to former N.S.A. employees who are still in touch with active workers, investigators of the Shadow Brokers thefts are clearly worried that one or more leakers may still be inside the agency. Some T.A.O. employees have been asked to turn over their passports, take time off their jobs and submit to questioning. The small number of cyberspecialists who have worked both at T.A.O. and at the C.I.A. have come in for particular attention, out of concern that a single leaker might be responsible for both the Shadow Brokers and the C.I.A.’s Vault7 breaches.

Then there are the Shadow Brokers’ writings, which betray a seeming immersion in American culture. Last April, about the time Mr. Williams was discovering their inside knowledge of T.A.O. operations, the Shadow Brokers posted an appeal to President Trump: “Don’t Forget Your Base.” With the ease of a seasoned pundit, they tossed around details about Stephen K. Bannon, the president’s now departed adviser; the Freedom Caucus in Congress; the “deep state”; the Alien and Sedition Acts; and white privilege.

“TheShadowBrokers is wanting to see you succeed,” the post said, addressing Mr. Trump. “TheShadowBrokers is wanting America to be great again.”

The mole hunt is inevitably creating an atmosphere of suspicion and anxiety, former employees say. While the attraction of the N.S.A. for skilled cyberoperators is unique — nowhere else can they hack without getting into legal trouble — the boom in cybersecurity hiring by private companies gives T.A.O. veterans lucrative exit options.

Got a confidential news tip?

The New York Times would like to hear from readers who want to share messages and materials with our journalists.

Young T.A.O. hackers are lucky to make $80,000 a year, while those who leave routinely find jobs paying well over $100,000, cybersecurity specialists say. For many workers, the appeal of the N.S.A’s mission has been more than enough to make up the difference. But over the past year, former T.A.O. employees say an increasing number of former colleagues have called them looking for private-sector work, including “graybeards” they thought would be N.S.A. lifers.

“Snowden killed morale,” another T.A.O. analyst said. “But at least we knew who he was. Now you have a situation where the agency is questioning people who have been 100 percent mission-oriented, telling them they’re liars.”

Because the N.S.A. hacking unit has grown so rapidly over the past decade, the pool of potential leakers has expanded into the hundreds. Trust has eroded as anyone who had access to the leaked code is regarded as the potential culprit.

Some agency veterans have seen projects they worked on for a decade shut down because implants they relied on were dumped online by the Shadow Brokers. The number of new operations has declined because the malware tools must be rebuilt. And no end is in sight.

“How much longer are the releases going to come?” a former T.A.O. employee asked. “The agency doesn’t know how to stop it — or even what ‘it’ is.”

One N.S.A. official who almost saw his career ended by the Shadow Brokers is at the very top of the organization: Adm. Michael S. Rogers, director of the N.S.A. and commander of its sister military organization, United States Cyber Command. President Barack Obama’s director of national intelligence, James R. Clapper Jr., and defense secretary, Ashton B. Carter, recommended removing Admiral Rogers from his post to create accountability for the breaches.

But Mr. Obama did not act on the advice, in part because Admiral Rogers’ agency was at the center of the investigation into Russia’s interference in the 2016 election. Mr. Trump, who again on Saturday disputed his intelligence agencies’ findings on Russia and the election, extended the admiral’s time in office. Some former intelligence officials say they are flabbergasted that he has been able to hold on to his job.

A Shadow War With Russia?

Lurking in the background of the Shadow Brokers investigation is American officials’ strong belief that it is a Russian operation. The pattern of dribbling out stolen documents over many months, they say, echoes the slow release of Democratic emails purloined by Russian hackers last year.

But there is a more specific back story to the United States-Russia cyber rivalry.

Starting in 2014, American cybersecurity researchers who had been tracking Russia’s state-sponsored hacking groups for years began to expose them in a series of research reports. American firms, including Symantec, CrowdStrike and FireEye, reported that Moscow was behind certain cyberattacks and identified government-sponsored Russian hacking groups.

The Moscow headquarters of Kaspersky Lab, a Russian cybersecurity firm that hunted for N.S.A. malware. Kirill Kudryavtsev/Agence France-Presse — Getty Images

In the meantime, Russia’s most prominent cybersecurity firm, Kaspersky Lab, had started work on a report that would turn the tables on the United States. Kaspersky hunted for the spying malware planted by N.S.A. hackers, guided in part by the keywords and code names in the files taken by Mr. Snowden and published by journalists, officials said.

Kaspersky was, in a sense, simply doing to the N.S.A. what the American companies had just done to Russian intelligence: Expose their operations. And American officials believe Russian intelligence was piggybacking on Kaspersky’s efforts to find and retrieve the N.S.A.’s secrets wherever they could be found. The T.A.O. hackers knew that when Kaspersky updated its popular antivirus software to find and block the N.S.A. malware, it could thwart spying operations around the world.

So T.A.O. personnel rushed to replace implants in many countries with new malware they did not believe the Russian company could detect.

In February 2015, Kaspersky published its report on the Equation Group — the company’s name for T.A.O. hackers — and updated its antivirus software to uproot the N.S.A. malware wherever it had not been replaced. The agency temporarily lost access to a considerable flow of intelligence. By some accounts, however, N.S.A. officials were relieved that the Kaspersky report did not include certain tools they feared the Russian company had found.

As it would turn out, any celebration was premature.

On Aug. 13 last year, a new Twitter account using the Shadow Brokers’ name announced with fanfare an online auction of stolen N.S.A. hacking tools.

“We hack Equation Group,” the Shadow Brokers wrote. “We find many many Equation Group cyber weapons.”

Inside the N.S.A., the declaration was like a bomb exploding. A zip file posted online contained the first free sample of the agency’s hacking tools. It was immediately evident that the Shadow Brokers were not hoaxsters, and that the agency was in trouble.

The leaks have renewed a debate over whether the N.S.A. should be permitted to stockpile vulnerabilities it discovers in commercial software to use for spying — rather than immediately alert software makers so the holes can be plugged. The agency claims it has shared with the industry more than 90 percent of flaws it has found, reserving only the most valuable for its own hackers. But if it can’t keep those from leaking, as the last year has demonstrated, the resulting damage to businesses and ordinary computer users around the world can be colossal. The Trump administration says it will soon announce revisions to the system, making it more transparent.

Mr. Williams said it may be years before the “full fallout” of the Shadow Brokers breach is understood. Even the arrest of whoever is responsible for the leaks may not end them, he said — because the sophisticated perpetrators may have built a “dead man’s switch” to release all remaining files automatically upon their arrest.

“We’re obviously dealing with people who have operational security knowledge,” he said. “They have the whole law enforcement system and intelligence system after them. And they haven’t been caught.”

Testimony: Hezbollah, the Illicit Networks Global Reach

Place of Origin: Lebanon

Year of Origin: 1982

Founder(s): Ali Akbar Mohtashemi—Iran’s then-ambassador to Syria; Imad Fayez Mughniyeh; Grand Ayatollah Muhammad Hussein Fadlallah; Abbas al-Musawi

Places of Operation: Lebanon, Syria, Germany, Mexico, Paraguay, Argentina, Brazil, Iran, United Arab Emirates

photo

*** Related reading: Egypt’s Sisi against idea of strikes on Iran, Hezbollah

Emanuele Ottolenghi
House Committee on Foreign Affairs, Western Hemisphere Subcommittee
8 November 2017

Chairman Cook, allow me first to congratulate you on your recent appointment as the new chairman of this subcommittee. Mr. Chairman, Ranking Member Sires, members of the subcommittee, thank you for the opportunity to testify on behalf of the Foundation for Defense of Democracies and its Center on Sanctions and Illicit Finance.

In 2011, the U.S. Drug Enforcement Administration (DEA) indicted Ayman Saied Joumaa, a Lebanese-Colombian dual national whose global network of companies operating out of Latin America, West Africa, and Lebanon laundered money for Mexican and Colombian cartels to the tune of $200 million a month of drug proceeds.[1] Joumaa worked with Hezbollah as the kingpin in one of many networks Hezbollah runs globally to sustain its financial needs. When his case came to light, the New York Times quoted a DEA official as saying that Hezbollah operated like “the Gambinos on steroids.”[2]

The United States cannot continue to combat a threat of such magnitude unless it leverages all its tools of statecraft in a combined, sustained, and coordinated fashion. Over the past decade, Hezbollah’s terror finance outside Lebanon has evolved from a relatively small fundraising operation involving trade-based money laundering and charitable donations into a multi-billion dollar global criminal enterprise.

Increasing quantities of Schedule 2 drugs like cocaine invade the U.S. from Latin America, adding fuel to the opioid pandemic that has already cost so many lives.[3] Cocaine consumption is as much a national epidemic as opioids, Mr. Chairman, and Hezbollah helps make it available to U.S. consumers.

This makes Hezbollah, its senior leadership, and its numerous operatives involved in running illicit drug-trafficking and money-laundering operations on a global scale the perfect candidates for Kingpin and Transnational Crime Organization designations, in addition to the terrorism and terror finance designations already in place.

The U.S. government has, over the years, developed remarkably sharp and effective tools to counteract Hezbollah’s terror finance threat, but is not using them as vigorously as it should. The Kingpin Act is one such instrument. But like all other instruments of statecraft, its impact would be much greater if used consistently and in conjunction with other tools. The challenge for Congress, the executive branch, the intelligence community, and law enforcement agencies is to leverage these tools in a manner that will outsmart Hezbollah and disrupt its cash flows enough to inflict irreparable damage to the terror group’s finances.

In pursuit of this goal, America needs to better coordinate the application and enforcement of all instruments available from the formidable toolbox created over the past two decades by legislation and executive orders, including leveraging Executive Orders 13581 and 13773 on combating transnational organized crime, Executive Order 13224 on combating sources of terror finance, the 1999 Foreign Narcotics Kingpin Designation Act, the 2015 Hezbollah International Financing Prevention Act (HIFPA), the Global Magnitsky Human Rights Accountability Act of 2016, and soon the Hezbollah International Financing Prevention Act Amendment of 2017, which is now awaiting reconciliation between its House and Senate versions and which will, once approved, expand on HIFPA.

In doing so, it should focus significantly on the Western Hemisphere, where Hezbollah’s global footprint, especially in Latin America, is most menacing.

Hezbollah’s regional operations are part of a global network of illicit financial and commercial enterprises whose goal is to fund Hezbollah’s activities in the Middle East. Where and when needed, these networks can also be activated to provide logistical support to operatives engaged in planning terror attacks. The United States therefore needs to think and act globally to disrupt Hezbollah’s illicit finance networks. Latin America is a very good place to start doing that.

In the remainder of my testimony, I will discuss evidence demonstrating the magnitude of the threat posed by Hezbollah’s terror finance to the national security of the United States. I will also provide evidence of the high-ranking nature of Hezbollah’s operatives in Latin America – a sure sign of the importance of Hezbollah’s Latin American networks to the organization’s budget. And I will discuss the impact of U.S. policy and actions on disrupting Hezbollah’s terror finance activities. The evidence I am presenting today, hopefully, will highlight both strengths and weaknesses of present U.S. policy and offer ways to improve results.

Download the full testimony here.

[1] U.S. Department of the Treasury, Press Release, “Treasury Targets Major Lebanese-Based Drug Trafficking and Money Laundering Network,” January 26, 2011. (https://www.treasury.gov/press-center/press-releases/Pagés/tg1035.aspx); see also: U.S. Department of the Treasury, Press Release, “U.S. Charges Alleged Lebanese Drug Kingpin with Laundering Drug Proceeds for Mexican and Colombian Drug Cartels,” December 13, 2011. (https://www.justice.gov/archive/usao/vae/news/2011/12/20111213joumaanr.html)

[2] Jo Becker, “Beirut Bank Seen as a Hub of Hezbollah’s Financing,” The New York Times, December 13, 2011. (http://www.nytimes.com/2011/12/14/world/middleeast/beirut-bank-seen-as-a-hub-of-hezbollahs-financing.html)

[3] Nick Miroff, “American cocaine use is way up. Colombia’s coca boom may be why,” The Washington Post, March 4, 2017. (https://www.washingtonpost.com/news/worldviews/wp/2017/03/04/colombias-coca-boom-is-showing-up-on-u-s-streets/?utm_term=.d370be3ebe9c)

photo

*** A short briefing from the State Department on October 10, 2017 by National Counter-terrorism Center Director, Nick Rasmussen:

Hizballah’s use of terrorism across the globe, which has persisted for several decades; second, the group’s continued effort to advance terrorism acts worldwide; and third, the fact that the organization is, in fact, focused on U.S. interests, including here in the homeland. And that is part of the reason why we are here today.

Lebanese Hizballah has repeatedly demonstrated for the world its true character. It is an organization that relies on terrorism as well as other forms of violence and coercion to achieve its goals. And this takes place in spite of the group’s attempts to portray itself as a legitimate political party. Prior to September 11th, I think everybody knows Hizballah was responsible for the terrorism-related deaths of more U.S. citizens than any other foreign terrorist organization.

Now, for many Americans, their introduction to the threat posed by this group came after Hizballah’s attack on the U.S. embassy in Beirut in April of 1983. That horrific attack killed 63 and wounded an additional 120 individuals, and it was followed by an even more deadly attack on our Marine barracks in October of 1983 which killed 241 Americans and wounded an additional 128 Americans.

So Hizballah’s penchant for violence has not changed over the last three decades. We’ve seen time and time again with its international terrorism unit, the External Security Organization, also known as the IJO, the Islamic Jihad Organization, and Unit 910, 9-1-0. But its deployment of operatives to nearly every corner of the globe continues to engage in terrorism-related activity.

In 2012 the group carried out a bomb attack in Bulgaria that killed five Israeli tourists and one Bulgarian national, and a number of Hizballah operatives have been caught laying the groundwork for attacks in places like Azerbaijan, in Egypt, in Thailand, in Cyprus, and in Peru. And there are other instances of Hizballah-related arrests and disruptions around the world that are at this point unpublicized and remain classified.

But all of this together shows us that the group seeks to develop and maintain a global capability to carry out acts of terror. I can assure you that the conversation today would be much different had some of these disrupted plots actually succeeded. Casualty counts would be higher and many innocent lives would have been forever altered. The group is also known to focus on areas populated by tourists, almost guaranteeing that with their attacks innocent victims – innocent civilians will be victims.

Now, with respect to the homeland here in the United States, let me say this. While much of our work in the government since 9/11 has focused on al-Qaida and more recently on ISIS, in the 20 years since Hizballah’s designation as a foreign terrorist organization, we have never taken our focus off of Hizballah and on the threat it represents to the homeland.

***

Syria, ISIS, and the Broader Middle East
As an Iranian proxy, Hezbollah has taken up arms alongside Syrian and Iranian forces in defense of the Syrian regime in that country’s civil war. In 2012, the U.S. Treasury levied additional sanctions on Hezbollah for its support of Syrian President Bashar al-Assad’s regime. According to Treasury, since the beginning of the Syrian civil war in early 2011,
Hezbollah provided “training, advice and extensive logistical support to the Government of Syria’s increasingly ruthless efforts to fight against the opposition.” 45
As of October 2016, Hezbollah and Syrian forces were reportedly besieging some 40,000 Syrians in three towns, preventing them access to medical treatment. 46
During an October 2016 rally in Beirut, Nasrallah promised that Hezbollah
would “continue to bear our great responsibilities of jihad” in Syria. 47
In January 2015, in response to Israeli airstrikes on alleged weapons shipments to Hezbollah in Syria, Nasrallah called the strikes an aggression against Syria’s regional allies.
As such, Syria’s allies have the right to retaliate, according to Nasrallah. 48
Hezbollah’s activity in Syria has its domestic detractors as well. Subhi al-Tufayli, Hezbollah’s first secretary-general from 1989 to 1991, has accused Hezbollah of being
a “partner in the killing of the Syrian people.” He denounced Hezbollah members who fight alongside Russians, and called on the Hezbollah leadership to heed Lebanese opposition to the group’s involvement in Syria. 49
Hezbollah’s role in Syria is not limited to fighting anti-government rebels. Under Iranian direction, Hezbollah has also fought against ISIS, which Nasrallah described as a growing threat to the region and an existential threat to Lebanon in an August 2014 interview with the Lebanese newspaper Al-Akhbar. 50
Hezbollah has also fought against the Nusra Front (Jabhat Fateh al-Sham).51
On October 19, 2016, Qassem told Hezbollah’s Al-Manar TV that Hezbollah “will not leave Syria as long as there is a need to confront takfiri groups.” 52
In November 2016, Hezbollah held a public parade in the Syrian city of Qusair to highlight its role in the conflict. The terror group showcased U.S. and Russian armored personnel carriers and tanks. The U.S. State Department issued a statement that it was “gravely concerned” and investigating how Hezbollah acquired U.S. equipment. 53
The United States provides aid to the Lebanese military, which denied that U.S.-provided weaponry had been transferred to Hezbollah 54. Read the full report here.

Anyone Paying Attention to Wilbur Ross, Commerce Sec?

What is Wilbur Ross worth? The answer is a slippery one when you ask Wilbur to respond. There is a dispute when it comes to his financials in the ranger of a billion or two. Further, where did his wealth come from you ask? Well there were allegedly family trusts, hotels, shipping companies, steel, banking in Cyprus and even those Rothschilds. More here from Forbes.

photo

Wilbur Ross’ company has been moving LPG for a Russian gas giant.

But now, in what might seem almost an echo of the Red Scare that lasted in America for generations, this business relationship is seen as tainted, an ominous connection to a country that unleashed cyberwar against American democracy and the 2016 election that put Trump in the White House.

Are all connections to Russia now suspect? Or are they sometimes merely an inconvenient consequence of doing business in a country where major corporations often are controlled by the Kremlin?

The latest tie between Russia, Trump and his campaign and administration officials came to light Sunday with news that the U.S. commerce secretary is a part owner of Navigator Holdings, a shipping company that transports LPG produced by Sibur, a big Russian company with ties to the Kremlin.

Some shipping business experts who follow the company are shrugging off the news.

“Russia has a lot of commodities that need to go somewhere else,” said Benjamin J. Nolan, a financial analyst who covers Navigator for Stifel, Nicolaus & Co. He added, “Odds are, they are going to have long term contracts with Western shipping companies.”

The Russian government is a powerful factor in almost every part of the country’s economy. Some of Russia’s biggest banks, such as Sberbank and VTB are state-controlled, with their management answering directly or indirectly to the Kremlin.

Then there is Gazprom, a big gas supplier to Europe, and Rosneft, the oil producer. Both are majority state owned.

***

Two people associated with Siber are under U.S. sanctions

***

How about Venezuela? Yup…

Despite U.S. sanctions on Venezuela’s bond transactions in international markets and other restrictions against top officials, the Paradise Papers show that Secretary of Commerce Wilbur Ross has an important stake in multi-million dollar businesses related with state-oil giant Petróleos de Venezuela (PDVSA).

As reported by Newsweek on Sunday, Ross still retains interest in Navigator Holdings, a shipping company incorporated in the Marshall Islands in the South Pacific that maintains a close relationship with Russia’s energy company SIBUR, which is run by President Vladimir Putin’s son-in-law Kirill Shamalov and other individuals who have been sanctioned by the U.S. Navigator Holdings has received millions of dollars every year in earnings due to coastal shipping services provided to PDVSA.

PDVSA is no small client of Navigator Holdings. The state-oil company contributed to 10.7 percent of Navigator’s earnings during fiscal year 2014 and 11.7 percent in fiscal year 2015, according to Venezuelan newspaper El Nacional. The company’s earnings translate into $33.7 million and $36.7 million for each fiscal year thanks to PDVSA’s use of the Navigator’s 29 tankers to carry liquefied petroleum gas during those years.

As he was awaiting confirmation, Ross failed to disclose any business interests with Putin’s family and his stake in the maritime industry. James Rockas, Ross’s spokesman, told the New York Times that the secretary of commerce “recuses himself from any matters focused on transoceanic shipping vessels, but has been generally supportive of the [Trump] administration’s sanctions of Russian and Venezuelan entities.”

But Ross’s businesses pose a potential conflict of interest, ICIJ reported. Ross has “the power to influence U.S. trade, sanctions and other matters that could affect SIBUR’s owners,” the Paradise Papers report added. More here from Newsweek.

 

Saudi Arabia says Lebanon Declares War

photo

It is all about Iran….

Arabia reveals list of wanted members of the terrorist militias in the region including

What did President Trump know or what was he told?

Remarks by President Trump and Prime Minister Hariri of Lebanon in Joint Press Conference

Saudi Arabia says Lebanon declares war, deepening crisis

BEIRUT (Reuters) – Saudi Arabia accused Lebanon on Monday of declaring war against it because of aggression by the Iran-backed Lebanese Shi‘ite group Hezbollah, a dramatic escalation of a crisis threatening to destabilize the tiny Arab country.

Lebanon has been thrust to the center of regional rivalry between Saudi Arabia and Iran since the Saudi-allied Lebanese politician Saad al-Hariri quit as prime minister on Saturday, blaming Iran and Hezbollah in his resignation speech.

Saudi Gulf affairs minister Thamer al-Sabhan said the Lebanese government would “be dealt with as a government declaring war on Saudi Arabia” because of what he described as aggression by Hezbollah.

Faulting the Hariri-led administration for failing to take action against Hezbollah during a year in office, Sabhan said “there are those who will stop (Hezbollah) and make it return to the caves of South Lebanon”, the heartland of the Shi‘ite community.

In an interview with Al-Arabiya TV, he added: “Lebanese must all know these risks and work to fix matters before they reach the point of no return.”

He did not spell out what action Saudi Arabia might take against Lebanon, a country with a weak and heavily indebted state that is still rebuilding from its 1975-90 civil war and where one-in-four people is a Syrian refugee.

There was no immediate comment from the Lebanese government.

Hezbollah is both a military and a political organization that is represented in the Lebanese parliament and in the Hariri-led coalition government formed last year.

Its powerful guerrilla army is widely seen as stronger than the Lebanese army, and has played a major role in the war in neighboring Syria, another theater of Saudi-Iranian rivalry where Hezbollah has fought in support of the government.

Lebanese authorities said on Monday the country’s financial institutions could cope with Hariri’s resignation and the stability of the Lebanese pound was not at risk.

But the cash price of Lebanon’s U.S. dollar-denominated bonds fell, with longer-dated maturities suffering hefty losses as investors took a dim view of the medium- to longer-term outlook for Lebanon.

HARIRI FREE TO TRAVEL, SAUDI FM SAYS

Hariri cited a plot to assassinate him during his unexpected resignation speech broadcast from Saudi Arabia which caught even his aides off guard. He also slammed Hezbollah and Iran, accusing them of sowing strife in the Arab world.

Hezbollah leader Sayyed Hassan Nasrallah has said he will not comment on Hariri’s speech, calling it a “Saudi statement” and saying Riyadh had forced Hariri to resign.

The sudden nature of Hariri’s resignation generated speculation in Lebanon that his family’s Saudi construction business had been caught up in an anti-corruption purge and he had been coerced into resigning. More here.

photo

Western intelligence services warned Lebanon’s former Prime Minister Saad al-Hariri of an assassination plot against him, thus prompting him to resign on Sunday, according to Saudi news media. Hariri is a Saudi-born Lebanese politician, reputed to be one of the world’s wealthiest people. He is the second son of the late Rafiq Hariri, who ruled Lebanon for much of the 1990s but was assassinated in 2005. Saad al-Hariri spent most of his life in Saudi Arabia, the United States and France, but returned to Lebanon in 2014 to lead the Future Movement, a center-right political party supported by Sunni Muslims and some Christians. He became prime minister in 2016.

On Friday, Hariri flew from Beirut to Riyadh for a scheduled high-level visit. But on Sunday he shocked the Arab world by announcing his resignation from the post of prime minister. He did so in a surprise television address from the Saudi capital, which was broadcast live in Lebanon. Hariri told stunned Lebanese audiences that he was resigning in order to protect himself from a plot that was underway to assassinate him. He added that the political climate in Lebanon was intolerably tense and reminded him of the conditions that led to the assassination of his father 12 years ago. He also accused Iran and Hezbollah of acting as the primary destabilizing factors in Lebanon and much of the Middle East. Hariri and his supporters believe that Hezbollah was behind his father’s assassination in 2005. There was intense speculation in Lebanon on Monday that Hariri would remain in Saudi Arabia for the foreseeable future, fearing for his life if he returned to Lebanon.

On Sunday, the Saudi-based newspaper Asharq al-Awsatclaimed that Hariri decided to resign after he “received warnings from Western governments” that there would be an assassination plot against him. The newspaper did not name the Western governments, nor did it identify those who are allegedly trying to kill Hariri. Later on Sunday, Saudi television station al-Arabiya al-Hadath alleged that an assassination attempt against Hariri had been stopped at the last minute in the Lebanese capital Beirut earlier in the week. Both news media cited “sources close” to the Lebanese leader, but did not provide specific information, nor did they give details of the alleged plot or plots. It is worth noting, however, that Lebanese security officials denied these reports from Riyadh. Lebanese media quoted senior security official Major General Abbas Ibrahim as saying that no information about assassination plots had been uncovered. Major Ibrahim, who heads Lebanon’s General Directorate of General Security, said that his agency had no information about attempts to kill Hariri or other Lebanese political figures.

This could mean that the information about a possible assassination plot against Hariri was given directly to him by Western intelligence agencies, probably because the latter fear that Lebanese security agencies are infiltrated by Hezbollah sympathizers. Or it could mean that the Saudi media reports are inaccurate. Lebanon is now awaiting further details by Hariri regarding the alleged assassination plot against him. In the meantime, the already fragile political life of Lebanon appears to be entering a period of prolonged uncertainty.