Cyber-code, Oilrig, Iran hires Russian Hackers

Posted on May 18, 2017May 18, 2017 by Denise Simon

Update and unrelated to OilRig and reported May 18: Russia tried to take over Pentagon Twitter accounts: report

SCMedia: Attacks believed to be Iranian in origin were fended off for more than two weeks in April, but security experts examining the code detected snippets of code from an underground Russian marketplace.

Iranian hackers targeting critical infrastructure

Attacks believed to be Iranian in origin were fended off for more than two weeks in April, but security experts examining the code detected something they’d never seen before: snippets of code baring similarities to a known Russian toolkit available on the underground Russian marketplace.

The code had previously been used in a damaging cyber-attack on the Ukraine’s infrastructure in 2015.

Carl Wright, general manager and executive vice president of worldwide sales at TrapX Security, the San Mateo, California-based security firm that blocked the hackers last month, told an interviewer it was the first time his firm had detected an attack where hackers based in Iran were collaborating with Russian hackers-for-hire, according to an article in the New York Times.

Wright could not reveal the target of the attack owing to a confidentiality arrangement. But other security experts said the attackers could have purchased the Russian toolkit from an online forum and customised it for their campaign.

This hypothesis is countered by TrapX researchers, however, who noted that a number of “web domains used in the attack had been registered to a Russian alias, and that three email addresses continue to be used by a hacker in Russian hacking forums and in the underground web.”

The Iranian attackers behind the latest campaign, dubbed OilRig for their previous attacks on oil companies in Saudi Arabia and Israel, have been expanding their geographical range with hundreds of new attacks targeting a number of military, financial and energy companies in Europe as well as the United States, the Times reported.

Nearly three-quarters of the code employed in the latest campaign was previously used by OilRig in hundreds of attacks on other enterprises, including government agencies and oil companies.

But, as the defences of the newest target became more robust and the attackers evolved their tactics, the security researchers noted new weapons in their arsenal: a typical hacker’s kit, used to siphon out data, such as to steal usernames and passwords; but, more revealing, a tool never before detected in an OilRig campaign.

This was obfuscated with encryption to evade security investigators. After weeks spent decrypting the code, the researchers at TrapX determined that besides code similar to that used by OilRig in prior attacks, the bad actors were employing malware called BlackEnergy, also used previously, specifically by the Russian hackers who attacked the Ukraine power grid. Further, data was being transferred from the target to a server also used in the Ukraine attack.

TrapX lured the miscreants to inject their malware onto a server, which was then analysed by the TrapX team who were able to then shut the attackers out of their client’s system.

Forbes

*** There is more:

Iranian hackers which previously targeted organizations in Saudi Arabia are now targeting organizations in other countries, including the US, as part of a campaign identified as OilRig campaign.

In addition to expanding its reach, the group has been enhancing its malware tools.

Researchers at Palo Alto Networks have been monitoring the group for some time and have

reported observing attacks launched by a threat actor against financial institutions and technology companies in Saudi Arabia and on the Saudi defense industry. This campaign referred to as “ OilRig,” by Palo Alto Networks, entails weaponized Microsoft Excel spreadsheets tracked as

“Clayslide” and a backdoor called “Helminth.” More here.

More: Last month

The Israeli Cyber Defense Authority yesterday announced that it believes Iran was behind the a series of targeted attacks against some 250 individuals between April 19 and 24 in government agencies, high-tech companies, medical organizations, and educational institutions including the renowned Ben-Gurion University. The attackers – whom security experts say are members of the so-called OilRig aka Helix Kitten aka NewsBeef nation-state hacking group in Iran — used stolen email accounts from Ben-Gurion to send their payload to victims.

“This is the largest and most sophisticated attack they’ve [OilRig] ever performed,” says Michael Gorelik, vice president of R&D for Morphisec, who studied the attacks and confirms that the final stage was thwarted for the most part. “It was a major information-gathering [operation],” he says.

OilRig has been rapidly maturing since it kicked off operations around 2015. The attack campaign against Israeli targets employed the just-patched Microsoft CVE-2017-0199 remote code execution vulnerability in the Windows Object Linking and Embedding (OLE) application programming interface. This flaw had been weaponized in attacks prior to the patch, including Dridex banking Trojan and botnet attacks, and in at least one other cyber espionage campaign.

Forbes has more on corporate and individual hack operations in the United States by OilRig including other countries.

North Korea and Friends, Cyber War, Nerve Gas and WMD

Posted on May 15, 2017May 15, 2017 by Denise Simon

Hey, look over there –>

WikiLeaks Reveals ‘AfterMidnight’ & ‘Assassin’ CIA Windows Malware Frameworks

When the world was dealing with the threat of the self-spreading WannaCry ransomware, WikiLeaks released a new batch of CIA Vault 7 leaks, detailing two apparent CIA malware frameworks for the Microsoft Windows platform. Dubbed “AfterMidnight” and “Assassin,” both malware programs are designed to monitor and report back actions on the infected remote host computer running the Windows operating system and execute malicious actions specified by the CIA. Since March, WikiLeaks has published hundreds of thousands of documents and secret hacking tools that the group claims came from the US Central Intelligence Agency (CIA). This latest batch is the 8th release in the whistleblowing organization’s ‘Vault 7’ series.

‘AfterMidnight’ Malware Framework

According to a statement from WikiLeaks, ‘AfterMidnight’ allows its operators to dynamically load and execute malicious payload on a target system. The main controller of the malicious payload, disguised as a self-persisting Windows Dynamic-Link Library (DLL) file and executes “Gremlins” – small payloads that remain hidden on the target machine by subverting the functionality of targeted software, surveying the target, or providing services for other gremlins. Once installed on a target machine, AfterMidnight uses an HTTPS-based Listening Post (LP) system called “Octopus” to check for any schedu led events. If found one, the malware framework downloads and stores all required components before loading all new gremlins in the memory. According to a user guide provided in the latest leak, local storage related to AfterMidnight is encrypted with a key which is not stored on the target machine. A special payload, called “AlphaGremlin,” contains a custom script language which even allows operators to schedule custom tasks to be executed on the targeted system. More detail here.

Meanwhile….

North Korean hacking group is thought to be behind cyber attack which wreaked havoc across the globe

Technical clues suggest North Korean hacking group is behind cyber attack

Ransomware left the NHS crippled with operations cancelled over the weekend

The virus is now thought to have been released by the Lazarus Group

It has already been blamed for a string of hacks dating back to at least 2009

It includes the 2014 attack on Sony that left its network offline for weeks

Okay maybe….while other IT cyber professionals point to Russian thug hackers….

Rex Tillerson last month spoke about a quasi red line with North Korea….when is enough, enough? Well his answer was, ‘we will know it when we see it’.

Nonetheless, what more needs to be known about North Korea that the media is not reporting? Plenty…..

‘Unrestricted Warfare’ (超限战, literally “warfare beyond bounds”) is a book on military strategy written in 1999 by two colonels in the People’s Liberation Army, Qiao Liang (乔良) and Wang Xiangsui (王湘穗). Its primary concern is how a nation such as China can defeat a technologically superior opponent (such as the United States) through a variety of means. Rather than focusing on direct military confrontation, this book instead examines a variety of other means. Such means include using International Law (see Lawfare) and a variety of economic means to place one’s opponent in a bad position and circumvent the need for direct military action.[1] Go here for more information.

This already tells us and the Pentagon, to not trust China….right? So how can we place trust and the burden of dealing with North Korea on Beijing? We cant.

The RGB is the KGB….

The RGB is the North Korean Reconnaissance General Bureau….much like that of the KGB, now in Russia known as the FSB.

In 2015, North Korea spies infiltrated the United Nations agencies including the World Food Program which is a major supplier of food aid to North Korea. Somehow, the Obama White House and other government agencies neglected to take real action on that or even earnestly report it. Prior to that little event, in 2010, the U.S. Treasury via and Obama Executive Order targeted North Korea for proliferation and other illicit activities including arms trafficking, money laundering and smuggling narcotics.

Barack Obama, simply annexed a GW Bush Executive Order adding a few new items noted below:

President Obama also identified the following entities and individual for sanctions by listing them on the Annex to the Order:

·   The Reconnaissance General Bureau (RGB), North Korea’s premiere intelligence organization involved in North Korea’s conventional arms trade;

·       RGB commander Lieutenant General Kim Yong Chol;

·   Green Pine Associated Corporation, a North Korean conventional arms dealer subordinated to the control of the RGB; and

·   Office 39 of the Korean Workers’ Party, which provides critical support to North Korean leadership in part through engaging in illicit economic activities and managing the leadership’s slush funds.

The U.S. government has longstanding concerns regarding North Korea’s involvement in a range of illicit activities conducted through government agencies and associated front companies. North Korea’s nuclear and missile proliferation activity and other illicit conduct violate UN Security Council Resolutions 1718 and 1874, and these activities and their other illicit conduct violate international norms and destabilize the Korean Peninsula and the entire region. In signing this Order, President Obama has frozen the property and interests in property of the three entities and one individual listed on the Annex. This Order provides the United States with new tools to disrupt illicit economic activity conducted by North Korea.

As a matter of note, in recent days, Russia has stepped in to offer some diplomatic assistance dealing with North Korea as it appears China is dragging the diplomatic and political anchor dealing with the DPRK. Ah Russia again right? The in depth study is here on North Korea, It includes, history, terror attacks, cyber attacks, assassination attempts, raids and details on unrestricted warfare.

Just for some context, Russia and China have been aiding North Korea for decades…..but has the media done their work to expose this or the State Department? Nope…

Image result for north korea general o kuk ryol Courtesy

You see, General O Kuk ryol and Kim Jong Un both manage Unit 121. Unit 121, is part of the RGB and did the Sony hack, remember that? Well General O, is a graduate of the Mangyongdae Revolutionary School and the Kim Il sung University….but most importantly, he graduated also from Frunze Military Academy in 1962….where is that? Ah….Moscow, and at the time, it was the Soviet Union.

Frunze Military Academy in Devichie pole, Moscow

Strategy: Integrate their cyber forces into an overall battle strategy as part of a combined arms campaign. Additionally they wish to use cyber weapons as a limited non-war time method to project their power and influence.

Experience: Hacked into the South Korea and caused substantial damage; hacked into the U.S. Defense Department Systems. More here.

Meanwhile, we also have the Korea Computer Center…there are 9 production facilities and 11 regional centers. However, the KCC also has offices in China, Germany and Syria..further it should be noted that an estimated 10,000 North Korean IT developers operate in China, where it is common that $500.00 of their monthly salary goes back to the North Korean state.

So, we have Syria, Russia, China all colluding with North Korea….Iran is as well but the United Nations too? Yup…

FNC: For more than a year, a United Nations agency in Geneva has been helping North Korea prepare an international patent application for production of sodium cyanide — a chemical used to make the nerve gas Tabun — which has been on a list of materials banned from shipment to that country by the U.N. Security Council since 2006.

The World Intellectual Property Organization, or WIPO, has made no mention of the application to the Security Council committee monitoring North Korea sanctions, nor to the U.N. Panel of Experts that reports sanctions violations to the committee, even while concerns about North Korean weapons of mass destruction, and the willingness to use them, have been on a steep upward spiral.

Fox News told both U.N. bodies of the patent application for the first time late last week, after examining the application file on a publicly available WIPO internal website.

Information on the website indicates that North Korea started the international patent process on Nov. 1, 2015 — about two months before its fourth illegal nuclear test. The most recent document on the website is a “status report,” dated May 14, 2017 (and replacing a previous status report of May 8), declaring the North Korean applicants’ fitness “to apply for and be granted a patent.”

CLICK HERE FOR THE STATUS REPORT

During all that time, however, the U.N.’s Panel of Experts on North Korea “has no record of any communication from WIPO to the Committee or the Panel regarding such a serious patent application,” said Hugh Griffiths, coordinator of the international U.N. expert team, in response to a Fox News question.

The Panel of Experts has now officially “opened an investigation into this matter,” he said.

“This is a disturbing development that should be of great concern to the U.S. administration and to Congress, as well as the U.S. Representative to the U.N.,” William Newcomb, a member of the U.N. Panel of Experts for nearly three years ending in 2014, told Fox News.

Said an expert familiar with the sanctions regime: “It undermines sanctions to have this going on. The U.N. agencies involved should have been much more alert to checking these programs out.”

Questions sent last week to the U.S. State Department about WIPO’s patent dealings with North Korea had not been answered before this story was published.

For its part, a WIPO spokesperson told Fox News by email, in response to the question of whether it had reported the patent application to the U.N. sanctions committee, only that the organization “has strict procedures in place to ensure that it fully complies with all requirements in relation to U.N. Security Council sanction regimes.”

The spokesperson added that “we communicate with the relevant U.N. oversight committees as necessary.”

But apparently, help with preparing international patent applications for a sanctioned nerve gas “chemical precursor” does not necessarily count as grounds for such communication, if the Panel of Experts records are correct.

This is by no means the first time that WIPO, led by its controversial director general, Francis Gurry, has flabbergasted other parts of the U.N. and most Western nations with its casual and undeclared assistance, with potential WMD implications, to the bellicose and unstable North Korean regime.

And, as before, how the action is judged may depend upon razor-thin, legalistic interpretations of U.N. sanctions law on the one side vs. staggering violations of, at a minimum, common sense in dealing with the unstable North Korean regime, which among other things has never signed the international convention banning the development, production, stockpiling and use of chemical weapons.

While the patent process went on at WIPO, that regime has conducted five illegal nuclear tests — two in the past year, while the patent process was under way — and at least ten illegal ballistic missile launches since 2016, while issuing countless threats of mass destruction against its neighbors and the U.S.

In 2012, Fox News reported that WIPO had shipped U.S.-made computers and sophisticated computer servers to North Korea, and also to Iran, without informing sanctions committee officials.

The shipments were ostensibly part of a routine technology upgrade. Neither country could obtain the equipment on the open market, and much of it would have required special export licenses if shipped from the U.S.

The report kicked off an uproar, but after a lengthy investigation, the U.N. sanctions committee decided that the world organization’s porous restrictions had not been violated, while also noting WIPO’s defense that as an international organization, it was not subject to the rules aimed at its own member states.

Nonetheless, the investigators declared that “we simply cannot fathom how WIPO could have convinced itself that most Member States would support the delivery of equipment to countries whose behavior was so egregious it forced the international community to impose embargoes.”

The investigators also declared that “WIPO, as a U.N. agency, shares the obligation to support the work of other U.N. bodies, including the Sanctions Committees,” and that in response to the furor, WIPO had “implemented new requirements to check on sanctions compliance in advance of program implementation.”

There is no doubt about the banned nature of sodium cyanide — which can also be used to produce deadly cyanide gas, another weapon of mass destruction.

The chemical appears on a Security Council list of “items, materials, equipment, goods and technology” related to North Korea’s “other weapons of mass destruction programs” beyond nuclear weapons, which first appeared after U.N. Security Council resolution 1718 was approved in 2006.

CLICK HERE FOR THE LIST

That resolution, voted after North Korea conducted its first nuclear test, ordained that member states “prevent the direct or indirect supply, sale or transfer” to the regime known as the Democratic People’s Republic of Korea, or DPRK, of the listed items “which could contribute to DPRK’s nuclear-related, ballistic missile-related or other weapons of mass destruction-related programs.”

It also declared that “all member states shall prevent any transfers to the DPRK by their nationals or from their territories, or from the DPRK by its nationals or from its territory, of technical training, advice, services or assistance related to the provision, manufacture, maintenance or use of the items” listed.

Additionally, it demanded a freeze by U.N. member states or all “funds, other financial assets and economic resources” that could be used in the mass destruction-related programs.

CLICK HERE FOR RESOLUTION 1718

A subsequent Security Council resolution, 2270, in 2016 broadened things by declaring that “economic resources” referred to in Resolution 1718 “includes assets of every kind, whether tangible or intangible, movable or immovable, accrual or potential, which potentially may be used to obtain funds, goods or services” by DPRK.

This may open up another controversial aspect of the cyanide patent application, since, along with its mass-destructive uses, the chemical is considered the most common agent in the extraction of gold from ores and concentrates.

Further, according to the North Korean application to WIPO, the new process it wants to make ready for international patenting is a lower-cost process that produces ultra-high-grade product.

CLICK HERE FOR THE PROCESS APPLICATION DESCRIPTION

In WIPO’s response to Fox News, the agency’s spokesperson emphasized that “WIPO is not a patent-granting authority. Its role in handling these applications is to ensure that they conform to the procedural requirements” of the 152-member Patent Cooperation Treaty, or PCT, “and to publish them in accordance with the provisions of the treaty.” North Korea is a PCT signatory.

Translation: WIPO is merely a neutral, technical pass-through mechanism. As the spokesperson put it: “The decisions concerning whether or not to ultimately grant the patent are the sole purview of each jurisdiction where protection is being sought, in accordance with national law.”

While that may be true, it is also true, according to the WIPO website, that the U.N. agency gives those who use its services a lot of financially meaningful help.

That starts with the fact that by filing an international filing application with the agency, you have to pay only one fee rather than more than 150 to get an application acceptable in all PCT countries (which include the U.S. as one of the treaty’s biggest users).

WIPO also provides one-stop research on whether a patent overlaps with those elsewhere, and offers the possibility of widespread dissemination and publicity — i.e., stimulating demand, and thus at least the potential for sanctions-breaking in any subsequent licensing the North Korean patent.

Igniting controversy has been a characteristic of Director General Gurry’s reign — indeed, even before he first took WIPO’s top executive office in 2008.

In 2015, the U.N.’s watchdog Office of Internal Oversight Services (OIOS) was asked by WIPO’s own General Assembly chair to investigate Gurry for allegedly ordering, in 2008, break-ins of the offices of staffers to seek DNA evidence that they wrote anonymous letters against him. Gurry was WIPO’s No. 2 at the time.

A year later, after much byzantine maneuvering, a heavily redacted version of the report declared that “while there were indications that Mr. Gurry had a direct interest in the outcome of the DNA analysis, there is no evidence that he was involved in the taking of DNA samples.”

But the same document also found that Gurry had bent the organization’s rules and steered a sensitive cyber-security contract to a business acquaintance, , something alleged by one of Gurry’s former top deputies, James Pooley.

Under Gurry, WIPO also has been the only U.N. agency ever sanctioned by the U.S. State Department, on the grounds that it failed to adopt “best practices” in ethics and whistle-blower standards — a punishment first meted out by the pro-U.N. Obama administration in September 2015.

Among the whistle-blowers who say they were forced to leave WIPO during Gurry’s tenure for drawing attention to the agency’s previous computer shipments to North Korea is Miranda Brown, formerly Gurry’s senior strategic advisor.

Brown has repeatedly asked for her reinstatement at the WIPO, and just as often has been turned down by Gurry’s office.

With GPS, Drug Cartels Move Shipments to Europe Until

Posted on May 15, 2017May 15, 2017 by Denise Simon

Drug cartels heavily rely on GPS devices to track shipments, feds say

The GPS has increasingly become a drug dealer’s new partner in crime.

Drug-smuggling groups are relying on the device to keep tabs on drug packages as they wind their way through Central America to the United States, according to published reports.

The criminals attach the drug shipments to buoys, send them off in the Pacific Ocean, and use signals they give off to track a package’s location by using special codes, InSight Crimes reports.

The GPS gives dealers the advantage of having drug shipments picked up by others monitoring their movements without being detected by authorities.

GPS devices are also allowing drug cartels to keep track of lower-level smugglers to ensure they are doing what they were told, say U.S. officials.

Barbara L. Carreno, public affairs officer for the U.S. Drug Enforcement Administration, said drug dealers have been using the tracking device for years. But recently, as the once bulky devices have become smaller and cheaper, their use has increased, she said.

“Traffickers need to know that their mules are doing what they are supposed to do and delivering their very valuable shipments where they are supposed to go,” Carreno said. “We often find GPS devices in shipments we seize.”

Traffickers won’t use a computerized system that would lead law enforcement back to them or create records that would implicate them.

– Barbara L. Carreno, spokeswoman, U.S. Drug Enforcement Administration

The GPS is simple enough, the DEA says, that it actually eludes more sophisticated tools used for drug interdictions by government agencies of various countries.

“Traffickers wouldn’t use a computerized system that would lead law enforcement back to them or create records that would implicate them,” Carreno said. “They want something cheap, unsophisticated and untraceable.”

Salvadoran officials say that Ecuadorean boatmen have become a core part of the criminal activity. They move the shipments to places off coasts of El Salvador, Guatemala and Costa Rica.

Once the shipments are left at certain locations in the Pacific, traffickers use the GPS to alert those waiting for them by sending information to mobile telephones and computers, the website said, citing the Salvadoran national police’s anti-narcotics division.

One of the most notorious drug kingpins, Ecuador’s Washington Prado Alava, was said by Colombian authorities to have run a highly sophisticated trafficking operation. But his operation, which moved 250 metric tons of cocaine to the United States over a four-year span, was dependent on GPS locators, Insight Crime reported. More here from FNC.

***

Anti-drug forces from several European and American countries intercepted a total of eight tons of cocaine in a double bust that is being dubbed as one of the largest in history.

In the larger one, Spanish authorities cooperated with Ecuadorean police to intercept a ship off that Latin American country bringing more than 5.5 metric tons of cocaine to Spain.

The ship was loaded with Colombian cocaine in the Pacific and planned to travel through the Panama Canal and across the Atlantic to Europe, officials said in a statement.

Una operación de la @policia junto a la de Ecuador ha permitido interceptar un buque con 5.529 kilos de cocaína y detener a 24 personas.pic.twitter.com/5W5UFrSX9K

In a separate drug seizure, Spanish police stopped a Venezuela-flagged fishing vessel carrying 2.5 metric tons of cocaine near Martinica.

The ship was intercepted on May 4 and was towed to Las Palmas in Spain’s Canary Islands.

The U.S. Drug Enforcement Agency and Britain’s National Crime Agency also took part in the joint operation.

The cargo seized off the coast of Ecuador has an estimated value of $250 million. Ecuadorean agents boarded it when it was almost three nautical miles off Santa Elena province.

Spain’s Interior Minister Juan Ignocio Zoido said to El Pais that the first operation resulted in the capture of 24 suspected drug traffickers.

“It is one of the largest cocaine seizures in history and it takes apart a large drug-trafficking organization between South America and Spain,” he said.

The massive operation began after Spain found out in January that a South American ring with links in Spain was organizing a large shipment.

That information was corroborated by intelligence also gathered by the U.S., Britain and Portugal, the statement said.

Since the beginning of 2017, Ecuador has confiscated about 30 tons of cocaine.

Large seizures of cocaine and cannabis aren’t uncommon in the Iberian Peninsula, which is seen as a drug gateway to Europe.

Spanish police captured almost eight metric tons of cocaine from four vessels in 2015 and 2016 and arrested 80 people, the police statement said.

China Hacked the FDIC, will Trump Sanction?

Posted on May 5, 2017May 5, 2017 by Denise Simon

Beyond not trusting Russia, the same holds true for Iran. But then there is China. Trump should never allow China to take the lead in handling North Korea. Anyway, back to hacking and covert hegemony in Latin America.

Problems uncovered after employees walk off job with thousands of SSNs on flash drives.

Image result for china hacked fdic

China hacked FDIC, US officials covered it up, report says

China’s spies hacked into computers at the Federal Deposit Insurance Corporation from 2010 until 2013 — and American government officials tried to cover it up, according to a Congressional report.

The House of Representative’s Science, Space and Technology Committee released its investigative report on Wednesday.

It presents the FDIC’s bank regulators as technologically inept — and deceitful.

According to congressional investigators, the Chinese government hacked into 12 computers and 10 backroom servers at the FDIC, including the incredibly sensitive personal computers of the agency’s top officials: the FDIC chairman, his chief of staff, and the general counsel.

When congressional investigators tried to review the FDIC’s cybersecurity policy, the agency hid the hack, according to the report.

Investigators cited several insiders who knew about how the agency responded. For example, one of the FDIC’s top lawyers told employees not to discuss the hacks via email — so the emails wouldn’t become official government records.

FDIC Chairman Martin Gruenberg is being summoned before the Congressional committee on Thursday to explain what happened.

The FDIC refused to comment. However, in a recent internal review, the agency admits that it “did not accurately portray the extent of risk” to Congress and recordkeeping “needs improvement.” The FDIC claims it’s now updating its policies.

Given the FDIC’s role as a national banking regulator, the revelation of this hack poses serious concern.

The FDIC’s role is to monitor any bank that isn’t reviewed by the Federal Reserve system. It has access to extremely sensitive, internal information at 4,500 banks and savings institutions.

The FDIC also insures deposits at banks nationwide, giving it access to huge loads of information on Americans.

“Obviously it’s indicative of the Chinese effort to database as much information as possible about Americans. FDIC information is right in line with the deep personal information they’ve gone for in the past,” said computer security researcher Ryan Duff. He’s a former member of U.S. Cyber Command, the American military’s hacking unit.

“Intentionally avoiding audits sounds unethical if not illegal,” he added.

Congressional investigators discovered the hacks after finding a 2013 memo from the FDIC’s own inspector general to the agency’s chairman, which detailed the hack and criticized the agency for “violating its own policies and for failing to alert appropriate authorities.”

The report also says this culture of secrecy led the FDIC’s chief information officer, Russ Pittman, to mislead auditors. One whistleblower, whose identity is not revealed in the report, claimed that Pittman “instructed employees not to discuss… this foreign government penetration of the FDIC’s network” to avoid ruining Gruenberg’s confirmation by the U.S. Senate in March 2012.

David Kennedy, a computer security expert and former analyst at the NSA spy agency, worries that federal agencies are repeatedly hiding hacks “under the blanket of national security.”

“With such a high profile breach and hitting the top levels of the FDIC, it’s crazy to me to think that this type of information wasn’t publicly released. We need to be deeply concerned around the disclosure process around our federal government,” said Kennedy, who now runs the cybersecurity firm TrustedSec.

This same committee, led by Republican Congressman Lamar Smith of Texas, has previously criticized the FDIC for minimizing data breaches.

Several cybersecurity experts — who have extensive experience guarding government computers — expressed dismay at the alleged cover-up.

“It’s incumbent upon our policymakers to know about these data breaches so we can properly evaluate our defenses. Trying to hide successful intrusions only makes it easier for the next hacker to get in,” said Dan Guido, who runs the cybersecurity firm Trail of Bits.

*** China’s Great Leap Into Latin America

U.S. President Donald Trump’s opposition to the North American Free Trade Agreement and his withdrawal from the Trans-Pacific Partnership have led some critics to claim that the United States is turning its back to regional trading partners, and that Trump is thus freeing up China to make inroads into Latin America. But China’s presence in the Western Hemisphere is already well-established, having predated Trump’s election by almost 20 years. Beijing’s involvement in the region is subject to the ebb and flow of the region’s economic and political changes, but it stems from the needs both of China and corresponding Latin American capitals.

But if China’s position has long since become a fixture in the hemisphere, it is equally true that U.S. policymakers have been remarkably complacent over the years as the growing Chinese presence has necessarily impacted not only the region, but U.S. political, economic, and security interests. That needs to change.

China’s interest in Latin America is both economic and strategic. It was the accelerating Chinese economy’s voracious appetite for raw materials that keyed its entry to the region, a land of plenty when it comes to natural resources. Iron, soybeans, copper, and oil make up the bulk of Chinese imports from the region. In turn, securing access to Latin American markets for the export of Chinese manufactured products became a priority as well.

Economic Push

The numbers are staggering. China joined the World Trade Organization in 2001, and its bilateral trade with Latin America and the Caribbean has since skyrocketed, from $15 billion in 2001 to $288.9 billion in 2013 — an increase of almost 2000 percent. That number now represents 6 percent of China’s total foreign trade, an increase from 2.7 percent in 2000. (Some 13 percent of Latin America’s trade is now done with China, up from negligible levels in 2000.)

In the past decade, China’s two biggest development banks have provided $125 billion to Latin America — more than the combined total lending of the World Bank and the Inter-American Development Bank. China is now Latin America’s largest creditor. In addition, between 2000 and 2015, Chinese leaders visited the region more than 30 times.

Last November, Chinese President Xi Jinping made his third trip to the region since 2013, announcing a plan to double bilateral trade and to increase investment stock value by 150 percent over the next decade.

Not Just Economics

China also has significant geopolitical interests. It wants to project power and influence in an area long considered to be within the U.S. sphere of influence — no doubt a response to what Beijing considers U.S. efforts to contain and encircle China in Asia by cultivating allied and friendly governments.

Critical to China’s aspirations as a growing global power as well is what it calls global governance reform. In translation, that means Beijing uses its growing trade and financial might to challenge the architecture of the U.S.-dominated post-World War II order and alter it along lines more favorable to China. Beijing sees developing its own alliances through trade and loans as an important way to counterbalance U.S. influence and to secure support in multilateral forums on such important issues to Beijing as human rights, climate change, and economic governance.

It bears noting that China considers its principal regional economic and political interlocutor to be the Community of Latin America and Caribbean States, an organization established by the late Venezuelan firebrand Hugo Chavez that purposefully excludes the United States and Canada.

Finally, it is no coincidence that of the 22 countries that diplomatically recognize Taiwan, 12 are in Latin America and the Caribbean. China wants specifically to erode this support for Taipei. As a Chinese white paper on Latin America and the Caribbean in 2008 put it succinctly, “the One China principle is the political basis for the establishment and development of relations between China and Latin America.”

Changing Times

Chinese demand for commodities keyed its entry into the region and helped produce one of Latin America’s fastest periods of growth in decades, but the times are changing. Lackluster global economic growth and the cooling Chinese economy (which has contributed to the end of the global commodity boom) have resulted in a drop in Chinese imports from and exports to Latin America in recent years. Indeed, over the past year regional revenues from commodity exports to China dropped some 40 percent.

Latin America is also changing politically. China’s initial push into the Western Hemisphere was facilitated by the rise to power of a host of leftist populist governments — a phenomenon collectively referred to as the Pink Tide. Many leaders, foremost among them Venezuela’s Hugo Chavez, were determined to distance themselves from the United States and from institutions perceived to be allied with Washington. These leaders were happy to align themselves with China, which adheres to a supposed policy of non-interference in countries’ internal affairs. That equally suited a number of Latin American governments, which proceeded to undermine democratic institutions and the rights of their citizens.

However, with the bust in oil prices and other commodities exposing the economic dysfunction of the populist model, frustrated voters are shifting their support to more pragmatic, market-friendly governments. These governments can be expected to operate in a more sober and transparent manner, and to be more respectful of democratic institutions, eschewing the opaque, behind-the-scenes deals that China previously thrived on. With less opportunity to present itself as the buyer or lender of last resort, China will find itself needing to adapt to a more challenging and competitive environment.

Beijing seems to be adjusting well: China’s evolving economic strategy is now one of diversification, with an emphasis less on traditional industries such as mining and energy extraction and more on sectors such as infrastructure (including energy, airports, seaports, and roads), construction, telecommunications, manufacturing, finance, agriculture, tourism, and even the space sector.

Implications for the United States

China’s authoritarianism, global designs, and disregard for international norms and practices raise serious questions about the impact of its engagement in the Western Hemisphere on the promotion of democracy, human rights, and the rule of law. In recent congressional testimony, U.S. Southern Commander Adm. Kurt Tidd put it like this:

For Russia, China, and Iran, Latin America is not an afterthought. These global actors view the Latin American economic, political, and security arena as an opportunity to achieve their respective long-term objectives and advance interests that may be incompatible with ours and those of our partners. Their vision for an alternative international order poses a challenge to every nation that values non-aggression, rule of law, and respect for human rights — the very same principles that underlie the Inter-American system of peace and cooperation. Some of what they’re doing — while not a direct military threat — does warrant examination. Even seemingly benign activities can be used to build malign influence.

This was certainly evident in recent years, with China providing anti-American governments with an alternative source of trade, investment, and finance outside conventional institutions that ordinarily require some conditionalities on good governance, transparency, anti-corruption efforts, human rights, and the rule of law. In some cases, it didn’t create major problems. In others, such as Venezuela ($65 billion in Chinese loans) and Ecuador ($11 billion), Beijing bankrolled authoritarianism and human rights abuses, undercutting U.S. efforts to promote its policy agenda in the Americas and setting the stage for the chaos now underway in Venezuela.

Yet it is not as though the United States can block or impede Chinese trade and investment in the hemisphere. It is also important to keep things in perspective: U.S. trade with Latin America is still three times larger than China’s. Nor can China match our proximity, cultural and familial ties, and long shared history. The best response therefore to the Chinese presence in the Western Hemisphere is to do what the United States does best: compete.

The situation is best approached as a strategic competition in which the United States employs its comparative advantages and the above described strengths to secure its role as the preferred partner of choice for our Latin American neighbors. China may have the cash advantage, but it cannot compete with the United States in terms of the aforementioned, nor in the agreements shared throughout the Western Hemisphere on rules-based behavior, transparency, and a belief in economic opportunity, strong institutions, and the rule of law. The United States also boasts a 50-year record of promoting sustainable long-term regional development and humanitarian projects, a commitment to corporate social responsibility, and — not to put too fine a point on it — laws that prohibit bribery and other corrupt practices that often undermine the public’s faith in their systems.

This is in contrast to the Chinese presence, where cultural differences, radically divergent value systems, and different ways of doing business often impair mutual understanding and trust. China also has a poor record on human rights, anti-corruption practices, and environmental and labor conventions. (In many cases, Chinese construction companies import Chinese workers, spurring local resentments over lost employment opportunities.)

On the economic front, many economists worry that China’s demand for raw materials harkens back to Latin America’s bad old days of too much dependence on commodity exports. Neither do they see purchasing Chinese manufactured goods in return as being conducive to long-term development. Again, in contrast, the United States provides meaningful value-added, job-creating investment in the region while purchasing the sort of manufactured goods that generate more jobs.

Game On

Whatever professions of a win-win economic situation for all, or of China’s benign intent, China’s position in Latin America affects the U.S. agenda and regional stability — and Beijing has the resources and motivation needed to adapt to changing circumstances and to remain such a regional fixture for the foreseeable future. That is why U.S. complacency is not an option. Competition need not be hostile, just determined. In particular, the Trump administration has an excellent opportunity to press the U.S. advantage by drawing closer to regional heavyweights Brazil and Argentina, who are attempting to shake off the legacies of years of statist economics. These are countries where China has been particularly active. Each now has a market-friendly president desperate to produce economic growth and draw foreign investment.

A reinvigorated U.S. engagement with the hemisphere will reap significant benefits for the U.S. economy. It will create new investment opportunities, including in the energy sector, but it will also drive up the cost of doing business for Beijing. That China continues to expand its presence in other regions such as Asia and Africa is one thing, but encroaching in our own neighborhood more directly impacts the U.S. national interest. It’s time for America to pay closer attention.

WTH Congressman Rohrabacher? Such a Wild Story

Posted on May 4, 2017May 4, 2017 by Denise Simon

It is a well known secret or rather fact that 90% of the Russians inside the United States are here on a Kremlin mission. Will we ever know all the names of the Russians that Obama expelled from the United States in December of 2016 as a response to the hacking and intrusion into our election architecture with bots and intelligence leaks? Not likely…but read on, this is almost like an Alfred Hitchcock movie.

As for a video and background:

But how about this Congressman?

Dana Rohrabacher, a Republican representative from California, openly acknowledges such a meeting with Rinat Akhmetshin, an alleged Soviet spy in Berlin. The topic? A high-profile Russian money laundering case and related sanctions on Russia. A pretty good summary is here from Weiss.

Digging deeper

It all began before 2012, when Barack Obama signed the law titled the Magnitsky Act. Creepy things are included as the basis of this law which is noted on page 9 of the 15 page bill.

(7) Sergei Leonidovich Magnitsky died on November 16,

2009, at the age of 37, in Matrosskaya Tishina Prison in

Moscow, Russia, and is survived by a mother, a wife, and

2 sons.

(8) On July 6, 2011, Russian President Dimitry Medvedev’s

Human Rights Council announced the results of its independent

investigation into the death of Sergei Magnitsky. The Human

Rights Council concluded that Sergei Magnitsky’s arrest and

detention was illegal; he was denied access to justice by the

courts and prosecutors of the Russian Federation; he was investigated

by the same law enforcement officers whom he had

accused of stealing Hermitage Fund companies and illegally

obtaining a fraudulent $230,000,000 tax refund; he was denied

necessary medical care in custody; he was beaten by 8 guards

with rubber batons on the last day of his life; and the ambulance

crew that was called to treat him as he was dying was deliberately

kept outside of his cell for one hour and 18 minutes

until he was dead. The report of the Human Rights Council

also states the officials falsified their accounts of what happened

to Sergei Magnitsky and, 18 months after his death, no officials

had been brought to trial for his false arrest or the crime

he uncovered. The impunity continued in April 2012, when

Russian authorities dropped criminal charges against Larisa

Litvinova, the head doctor at the prison where Magnitsky died.

(9) The systematic abuse of Sergei Magnitsky, including

his repressive arrest and torture in custody by officers of the

Ministry of the Interior of the Russian Federation that Mr.

Magnitsky had implicated in the embezzlement of funds from

the Russian Treasury and the misappropriation of 3 companies

from his client, Hermitage Capital Management, reflects how

deeply the protection of human rights is affected by corruption.

(10) The politically motivated nature of the persecution

of Mr. Magnitsky is demonstrated by—

(A) the denial by all state bodies of the Russian Federation

of any justice or legal remedies to Mr. Magnitsky

during the nearly 12 full months he was kept without

trial in detention; and

(B) the impunity since his death of state officials he

testified against for their involvement in corruption and

the carrying out of his repressive persecution.

*** It was in 2013, that a list of people were added to the Treasury sanction list.

BOGATIROV, Letscha (a.k.a. BOGATYREV, Lecha; a.k.a. BOGATYRYOV, Lecha); DOB 14 Mar 1975; POB Atschkoi, Chechen Republic, Russia (individual) [MAGNIT].

DROGANOV, Aleksey O.; DOB 11 Oct 1975; POB Lesnoi Settlement, Pushkin Area, Moscow Region, Russia (individual) [MAGNIT].

DUKUZOV, Kazbek; DOB 1974; POB Urus-Martan District, Chechen Republic, Russia (individual) [MAGNIT].

KARPOV, Pavel; DOB 27 Aug 1977; POB Moscow, Russia (individual) [MAGNIT].

KHIMINA, Yelena; DOB 11 Sep 1953; POB Moscow, Russia (individual) [MAGNIT].

KOMNOV, Dmitriy; DOB 17 May 1977; POB Kashira Region, Moscow, Russia (individual) [MAGNIT].

KRIVORUCHKO, Aleksey (a.k.a. KRIVORUCHKO, Alex; a.k.a. KRIVORUCHKO, Alexei); DOB 25 Aug 1977; POB Moscow Region, Russia (individual) [MAGNIT].

KUZNETSOV, Artem (a.k.a. KUZNETSOV, Artyom); DOB 28 Feb 1975; POB Baku, Azerbaijan (individual) [MAGNIT].

LOGUNOV, Oleg; DOB 04 Feb 1962; POB Irkutsk Region, Russia (individual) [MAGNIT].

PECHEGIN, Andrey I.; DOB 24 Sep 1965; POB Moscow Region, Russia (individual) [MAGNIT].

PODOPRIGOROV, Sergei G.; DOB 08 Jan 1974; POB Moscow, Russia (individual) [MAGNIT].

PROKOPENKO, Ivan Pavlovitch; DOB 28 Sep 1973; POB Vinnitsa, Ukraine (individual) [MAGNIT].

SILCHENKO, Oleg F.; DOB 25 Jun 1977; POB Samarkand, Uzbekistan (individual) [MAGNIT].

STASHINA, Yelena (a.k.a. STASHINA, Elena; a.k.a. STASHINA, Helen); DOB 05 Nov 1963; POB Tomsk, Russia (individual) [MAGNIT].

STEPANOVA, Olga G.; DOB 29 Jul 1962; POB Moscow, Russia (individual) [MAGNIT].

TOLCHINSKIY, Dmitri M. (a.k.a. TOLCHINSKY, Dmitry); DOB 11 May 1982; POB Moscow, Russia (individual) [MAGNIT].

UKHNALYOVA, Svetlana (a.k.a. UKHNALEV, Svetlana; a.k.a. UKHNALEVA, Svetlana V.); DOB 14 Mar 1973; POB Moscow, Russia (individual) [MAGNIT].

VINOGRADOVA, Natalya V.; DOB 16 Jun 1973; POB Michurinsk, Russia (individual) [MAGNIT].

*** What you ask?

Well, on May 3, 2017, FBI Director James Comey appeared before the Senate for the annual hearing. Senator Grassley made it a point to ask a few key questions regarding FARA and why FusionGPS was not listed or registered as required by law. Great question. It seems FusionGPS is a Russian front operation.

This operation also includes several other people that are Russian operatives that have been lobbying members of Congress to amend or repeal the Magnitsky Act. The letter for background is here demanding a full investigation and why. Senator Grassley is right to demand some answers as the matter includes dead bodies, embezzlement of more than $200 million and of course is part of a wide Russian intrusion and chaos campaign. The FBI cannot begin to come close to closing this case, it has years of history and is worldwide.

Remember that US Attorney Preet Bharara that Jeff Sessions fired? That was not a good idea, unless there was something else nefarious in history with people in the Trump orbit. No implication or inference here, however there is much more to the whole event.

Anyway…try this too.

A Russian lawyer who was a witness in a US federal court case connected to the largest money-laundering scheme in Russian history was hospitalized after plunging four stories on Tuesday in Moscow, a spokesman said.

Nikolai Gorokhov William Browder

There are conflicting reports about what happened to the lawyer, Nikolai Gorokhov. His spokesman, William Browder — who was an alleged victim in the money-laundering scheme — says he was “thrown from the fourth floor of his apartment building.” Russian media, often controlled by the state, says he “fell while he and workers were trying to lift a Jacuzzi into his apartment.”

“His name is redacted in all the documents,” Browder told BuzzFeed News regarding court filings in the US Southern District. “The feds were very concerned for his safety. I can confirm his role.” The Department of Justice didn’t immediately return a request for comment.

The case, USA v. Prevezon, is on the brink of going to trial in Manhattan — right in the middle of a massive shakeup of federal prosecutors by President Trump.

In court filings, the Department of Justice alleges that Prevezon, a Cyprus-based real estate company owned by a Russian national, purchased several New York City apartments with funds linked to a decade-old $230 million tax fraud case — the biggest in Russian history — perpetrated by gangsters and corrupt officials. In court filings, Prevezon says the DOJ has no hard evidence to back up its claims.

Last week, after plenty of drama, Trump fired Preet Bharara, the high-profile US attorney who was handling the case. Now prominent New York City defense attorney Marc Mukasey — the son of former US Attorney General Michael Mukasey, who at one point was defending Prevezon — is reportedly on the shortlist to replace Bharara.

Prevezon has filed a last-chance motion to get the case thrown out before trial — but if the judge rules against them, it’s scheduled to be presented to a New York City jury on May 15. It’s unclear when Trump — whose presidential campaign is facing close scrutiny for possible ties to Russia — will appoint Bharara’s successor.

Those involved in the case believe that it will stay on track, and experts agree that the case should proceed as scheduled, despite Bharara’s ousting.

“I don’t see the US government withdrawing from this case,” Will Pomeranz, deputy director of the Wilson Center’s Kennan Institute and a leading expert on Russian commercial and constitutional law, told BuzzFeed News. “It’s unlikely that with a case on the eve of going to trial is one that they’re going to back away from. And if they did, it would obviously send a signal.”

Michael Mukasey is no longer involved in the Prevezon defense and did not respond to a request to comment for this article. Prevezon’s current firm, Quinn Emanuel, said that it could not comment on the record. The DOJ said that it could not comment because the case is ongoing.

So how did Russian gangsters allegedly steal nearly a quarter-billion in taxpayer dollars? According to the DOJ, they literally stole companies.

In 2007, investigators say, an organization of Russian mobsters, corrupt officials, and law enforcement orchestrated a raid on three companies held by the Hermitage Fund, which at one time was the largest Western investor in Russia. Cops associated with the would-be fraudsters stormed the offices of the companies and seized key assets. Then, they re-registered the companies, putting themselves in charge. After they took control, the thieves ginned up sham lawsuits that resulted in rulings against the companies totaling a massive $973 million. But the payoff came later, when these stolen companies filed for tax refunds to the tune of $230 million, which was immediately approved by tax officials in cahoots with the fraudsters.

Once he caught wind of what happened, the founder of Hermitage, William Browder — also the spokesman for the lawyer who was hospitalized Tuesday in Moscow — fought back by enlisting a group of accountants and lawyers to suss out who was behind the scheme. One attorney, Sergei Magnitsky, was particularly successful. By digging through bank records, Magnitsky was able to track the $230 million — which happened to be the exact amount that Hermitage paid in taxes in 2006 — to bank accounts opened with obscure banks controlled by Russian gangsters.

But when Magnitsky brought this to the attention of the Russian Interior Ministry in 2008, instead of going after the culprits, the government jailed Magnitsky. A year later, he died in prison at age 37.

Preet Bharara Timothy A. Clary / AFP / Getty Images

The Russian authorities claimed Magnitsky died of heart failure and enacted a smear campaign against him, saying he and Browder had stolen the $230 million themselves. However, it was later revealed through investigative reports that Magnitsky had been denied medical care and likely tortured while in jail, which raised suspicion around his death.

The Magnitsky affair heightened tension between the Russian and United States governments. In 2012, President Obama signed the Magnitsky Act, which froze the assets of Russian human rights abusers and banned them from obtaining visas to enter the country. In 2013, the first 18 names were added to the list, including a number of people allegedly linked to the $230 million Hermitage tax heist. Vladimir Putin responded by banning 18 US citizens from entering Russia — including Bharara and a team of prosecutors who had put away a major Russian arms dealer.

“The reason that [the Prevezon case] is so important,” Browder told BuzzFeed News, “is this is the first major case going to trial involving money laundering from the crimes that led to the death of Sergei Magnitsky.”

In the years since Magnitsky’s death, Browder has led a crusade seeking justice for his former lawyer. And in 2013, he told BuzzFeed News, he walked a complaint into the Manhattan district attorney’s office, claiming that Hermitage’s investigators had linked funds from the $230 tax fraud to Prevezon and its real estate holdings in New York City. The Manhattan DA’s office turned the case over to Bharara, who announced in September 2013 that he was bringing a civil forfeiture claim to seize the assets of Prevezon, freezing $14 million of the company’s assets tied to the US bank accounts.

In court filings, Prevezon claims that the DOJ “tells two stories: one story about a $230 million Russian tax fraud, and another separate story about [Prevezon’s] legitimate real estate business,” but says that prosecutors “fail to connect the two.”

The company argues that Bharara’s former office has told “a graphic and disturbing story” about the tax fraud and Magnitsky’s death, but maintains that “[t]hose allegations are irrelevant to [Prevezon]” and “designed to inflame the reader [of the complaint] and to create prejudice against” the real estate company.

It is true that the DOJ makes no claim that the defendants from Prevezon were directly connected to the alleged theft of the $230 million. And in the end, if the US government is successful in its prosecution, a civil forfeiture ruling against the real estate company would only be the first small step in linking Russian individuals to laundered funds from the $230 million tax fraud in the court of law.

A number of other countries — including Britain, Switzerland, and Lithuania — will be watching the outcome of the case because they have opened criminal probes and frozen assets their investigators believe are tied to the $230 million heist. In total, to date, more than $40 million in assets tied to these cases has been frozen around the globe.

“It’s an example of the problem,” Pomeranz said, “but it’s just a small microcosm of the problem.”