Trump Excluded Iraq From Travel Suspension, BUT….

I the original Executive Order Trump signed to suspend travel from a handful of countries, Iraq was included. When the Executive Order was legally challenged by several courts, yet another Executive Order was issued to excluded Iraq. This decision was made due to the increased security cooperation between the United States and Iraq. Okay so what is the problem? How about other Iraqis that already lied on immigration filings or committed crimes and lied? Fingerprints were the key after the kidnapping. Ever wonder who else is in Virginia? There are plenty….

President Trump should have taken several other preliminary steps prior to those Executive Orders including suspending the entire visa waiver program. But back to Iraq…. and the Al Mahdi Militia, which is still active and operations under variations of the name:

The Mahdi Army, also known as Jaysh al-Mahdi (JAM), was formed by Muqtada al-Sadr in June 2003 in response to the U.S. invasion of Iraq.  [3] [4] Muqtada al-Sadr is the son of Grand Ayatollah Mohammed Sadiq al-Sadr, who founded the prominent Sadrist Movement in the 1980s, a vehemently nationalist political movement popular among Iraq’s Shiite lower class. After Mohammed Sadiq al-Sadr was assassinated in 1999, presumably by the Hussein regime, Muqtada al-Sadr succeeded him as the leader of the Sadrists as well as one of the most powerful and respected Shiite clerics in Iraq. [5] [6] [7] Following the U.S. invasion in 2003, Sadr called upon the Sadrist to join his new militia, the Mahdi Army, with the goal of expelling the U.S. coalition from Iraq and establishing an Iraqi Shiite government. Some of the group’s initial three hundred fighters were recruited in Kuwait and Saudi Arabia and together with their Iraqi counterparts were sent to Hezbollah camps in Lebanon for training. [8] [9] More here.

*** Image result for mahdi army DailyMail

Department of Justice
U.S. Attorney’s Office
Eastern District of Virginia
FOR IMMEDIATE RELEASE
Tuesday, March 28, 2017

Iraqi Refugees Arrested and Charged with Immigration Fraud

ALEXANDRIA, Va. – Two Iraqi refugees living in Northern Virginia were arrested this morning and charged along with another individual with immigration fraud.

The defendants arrested this morning are Yousif Al Mashhandani (“Yousif”), 35, of Vienna, and Adil Hasan, 38, of Burke, who are full biological brothers. The third individual charged is Enas Ibrahim, 32, also of Burke, who is the wife of Hasan. Each are charged with attempting to obtain naturalization contrary to law. The defendants will have their initial appearance today in front of Magistrate Judge Ivan D. Davis at 2 p.m. at the federal courthouse in Alexandria.

According to the affidavit in support of the criminal complaint, on Nov. 1, 2004, a United States citizen, identified as R.H., was kidnapped in Iraq and held with other hostages for months in horrible conditions in an underground bunker. After a raid in 2005 freed the hostages, authorities detained Majid Al Mashhadani (“Majid”), who is a full biological brother of Yousif and Adil Hasan, and he admitted his complicity in the kidnapping of R.H.

According to the affidavit in support of the criminal complaint, Yousif was admitted into the United States as a refugee in 2008. In May 2013, Yousif resided in Vienna and applied for naturalization as a United States citizen. In connection with Yousif’s applications for citizenship, his fingerprints were taken. According to an FBI fingerprint specialist, analysis conducted in November 2013 determined that Yousif’s fingerprints match those found on a document at the underground bunker where forces rescued R.H. and others in Iraq in 2005.

According to the affidavit in support of the criminal complaint, Yousif, Hasan, and Ibrahim are lawful permanent residents and have applied to naturalize and become United States citizens. On various applications and forms throughout their respective immigration processes, each has provided and extensive list of family members and information of their respective family trees; however, none ever listed any reference to Majid.

According to the affidavit in support of the criminal complaint, on March 4, 2016, FBI agents interviewed Yousif, Hasan and Ibrahim. When FBI agents asked Yousif why he failed to include reference to Majid on the family tree form, Yousif said he omitted reference to Majid because, when he was a refugee, he was told by others applying for refugee status that he would not be allowed into the United States if any immediate family members had a criminal background. Hasan admitted to FBI agents that Majid was his brother, and Hasan and Ibrahim each admitted they discussed not including Majid’s name on their applications for refugee status because their connection to Majid might delay their ability to gain such status.

According to the affidavit in support of the criminal complaint, to justify his application for refugee status, Yousif reported that in 2006, while working as an anti-corruption investigator for the Iraqi Commission on Public Integrity in Iraq, he started receiving threats from a Shiite militia known as the “Al Mahdi Militia,” in order to coerce Yousif to drop a particular corruption investigation. Yousif said that in May 2006 Adil was kidnapped by the Al Mahdi Militia, and only released after Yousif arranged to drop the investigation in question and helped pay a large ransom. Yousif said that after Adil was released, he reopened the corruption investigation, only to flee to Jordon in October 2006 after his parents’ house was burned down.

According to the affidavit in support of the criminal complaint, to justify his application for refugee status, Hasan provided sworn testimony that, in 2006, he had been kidnapped and tortured by members of the Al Mahdi Army and held for nearly a month. Hasan said he was released upon the payment of a ransom of $20,000. In an interview by FBI agents in April 2016, Hasan said he was threatened in Iraq on two occasions, but made no mention of being kidnapped, held hostage, and tortured for nearly a month. In a subsequent interview in October 2016, FBI agents confronted Hasan about the discrepancy in his stories and Hasan admitted to making false statements and creating his persecution story.

Each defendant faces a maximum penalty of 10 years in prison if convicted. Actual sentences for federal crimes are typically less than the maximum penalties. A federal district court judge will determine any sentence after taking into account the U.S. Sentencing Guidelines and other statutory factors.

Dana J. Boente, Acting Deputy Attorney General and U.S. Attorney for the Eastern District of Virginia; Andrew W. Vale, Assistant Director in Charge of the FBI’s Washington Field Office; Patrick J. Lechleitner, Special Agent in Charge of U.S. Immigration and Customs Enforcement’s (ICE) Homeland Security Investigations (HSI) Washington, D.C., made the announcement. The FBI’s Joint Terrorism Task Force, which includes ICE/HSI and U.S. Citizenship and Immigration Services, investigated the case. Assistant U.S. Attorneys Gordon D. Kromberg and Colleen E. Garcia are prosecuting the case.

 

A copy of this press release is located on the website of the U.S. Attorney’s Office for the Eastern District of Virginia. Related court documents and information is located on the website of the District Court for the Eastern District of Virginia or on PACER by searching for Case No. 1:17-mj-143.

A criminal complaint contains allegations that a defendant has committed a crime. Every defendant is presumed to be innocent until and unless proven guilty in court.

What you Should Know About “Las Moicas” and Why

Is there any reason why the Trump administration has not called for all drug cartels to be listed as terror organizations?

Ten Cartels are fighting for control of Guerrero with more brutality and violence

Subject Matter: Organized crime in Guerrero
Recommendation: No prior subject matter knowledge requiredGuerrero occupies the third place in terms of most poverty at 62% of the population and first place for homicides at 2884 in 2016 at the national level. It is the state most disputed among organized crime groups. There is a presence of 10 cartels, five of them top level. Its central zone has converted into a battlefield between two organizations Los Rojos and Los Ardillos and possibly others that authorities have not completely identified yet. The presence of 500 military and state police has not contained the disappearances and executions and the criminals come back each time more brutal.

In the last decade, Guerrero has converted in the land of cartels and death; the dispute between the Sinaloa cartel, CJNG, the Beltran Leyva Organization, the Knights Templar, La Familia Michoacana and no less than five local organizations have converted the state into the most violent with 18,000 executions since 2006, when the call to war against the narco was initiated.

In Guerrero, 12 of the 81 towns are considered neutral zones. The geographic location of Chilapa has converted it into a demarcation most fought over since 2012 by Los Ardillos and Los Rojos, and not only because it is an essential corridor for the transit of drugs, also its land is utilized for the growing of poppys, “that has just finished its first harvest of the year”, according to the Guerrero Coordination Group.

What has happened this year, in Chilapa, there have been 48 executions related to the war between Los Rojos and Los Ardillos, Rojos and a third group of civil organizations known as “Los Jefes” or “Gente Nueva”, different to the Gente Nueva of the Sinaloa cartel, only have a presence int he communities,  and with a population of 129,867 only has 500 soldiers and 100 Municipals to police it.

This last weekend was a violent one in the State with no less that 23 deaths, 10 of them in Chilapa, two women and three men were killed by gunfire in different events and five bodies were incinerated in the interior of a taxi.

At the Start of the month, on Tuesday the 7th, 6 dismembered bodies in a state of decomposition appeared inside 13 plastic bags. On Thursday the 9th, they found another five bodies charred inside a vehicle. The brutality with which they perpetrate the executions in the indigenous town, “is very strong” assured the Governor Hector Astudillo Flores.

The growing wave of violence in the town led to the implementation of Operation Chilapa, in January of 2016. One year after the security strategy was put in place, the Mayor Jesus Parra Garcia blamed social networks and media for “inventing facts that affect the image of the town”. With recent executions of PRI members he had to admit that the violence was aggravated during his administration.

These are times of crisis, of adversity, and are very complex. I have had to govern in the most difficult times for Chilapa, he told reporters.

Who are Los Rojos and Los Ardillos

In the period of 2012 – 2015, when the municipality was governed by PRI Francisco Javier Garcia Gonzalez, Los Rojos settled in Chilapa under the command of Zenen Nava Sanchez “El Chaparro”, alleged family of Jesus Nava Romero ” El Rojo”.

He was a Lieutenant of Arturo Beltran Leyva and who was slaughtered in June of 2013 in Puebla. During this administration, the population lived through the first mass kidnappings, huge extortion of transport and businesses and brutal executions.

Jesus Nava Romero dead in the street (Borderland Beat archive)

Los Ardillos, a gang that comes from the Quechultenango region, whose leaders Celso and Antonio Hernandez Ortega are brothers of ex PRD deputy Bernardo Ortega Jiminez, have extended into the regions of Chilapa, Zitlala, Tixtla, Totoloapan and Acapulco in only one year, 2014, during the transition of the governorships of Angel Aguirre Rivero and Rogelio Ortega Martinez bot of the PRD.

The battle for the central zone of Guerreo tainted at this moment Aguirre Rivero as well as Garcia Gonzalez and also the ex PRI Mario Moreno Arcos of Chilpancingo, and Ignacio Bacilio and Eduardo Nero all accused publicly of ties to Los Rojos.

In 2015, with the change of State Government and municipal, things had begun to escalate. The President of the organization Siempre Vivos, Jose Diaz Navarro, assured that a reduction in the violence would be felt because Zenen Nava, who in January of 2016 escaped after a two hour confrontation with the armed forces, had returned. According to the PGR, El Chaparro in one of the 13 priority objectives of Guerrero and Morelos.

In the last three years, Los Ardillos and Los Rojos, in their dispute for territory, have committed executions of extreme cruelty, torturing, decapitating, and incinerating corpses that were left in public places.

They have also been responsible for the disappearance of 130 persons, according to the Centre for Human Rights. The mass kidnappings in the towns of Zitlata and Chilapa, where the criminal groups kidnap the inhabitants, all in the presence of Military and State Police, denounce the ONG.

The confrontations between various cartels, as well as the kidnappings and executions against the inhabitants, have caused fear in Chilapa. Families prefer not to leave their houses aftern 7 at night , the schools are secured with padlocks and checkpoints that are reinforced.

Nevertheless, the organization Siempre Vivos considers that part of the violence that affects the towns of Tixtla and Zitlala, is a strategy of terror of the State and Federal Governments so that the population calls for the law of Homeland Security, that is pending for discussion at the Congress of the Union.

Totoloapan and the Tequileros

Located in the region of the Tierra Caliente, Totoloapan is, along with Ajuchitlan, Arcelio and Coyuca, the Municipality most threatened by Los Tequileros, a group that separated from La Famila Michoacana and since 2013 have occasioned the displacement of families from no less than 16 communities.

According to reports of the newspaper El Sur, Raibel Jacobo de Almonte, El Tequilero, was a plaza jefe for La Familia Michoacana. Once he had formed his own organization, he began controlling the San Miguel Totolapan and some rural populations in the border area of Rio Balsas. In 2016 his epower extended to populations of the municipalities of Ajuchitlan, Tlapehuala and Arcelia.

In the Tierra Caliente, six out of every ten homicides are attributed to Los Tequileros, who are also linked to a politician, PRI deputy Saul Beltran Orozco. Before the omission, complicity and participation of the local authorities, the local population had chosen to arm itself to the face this criminal organization.

The violence in Guerrero is generalized by the number of cartels that are disputing the third poorest State of the country, but also by the failed security strategy implemented by the Federal and State Governments, that while advising of “big changes” and advances in security the State remains the number one in the list for malicious homicides.  Translated by Otis B Fly-Wheel for Borderland Beat from a Sinembargo article

***
Not finished yet:
Image result for Las Moicas
Meet the Little-Known Mexican Cartel Operating in California

A little-known drug trafficking group in Mexico called “Las Moicas” has not only successfully defended its foothold in the US heroin market for years against Mexico‘s most powerful cartels, but recent reports suggest that it might be expanding.

In an interview with BBC Mundo published on March 15, a spokesperson for the US Drug Enforcement Administration (DEA) said that the Moicas had been expanding their territory in Mexico and that the little-known group had come into conflict with some of Mexico‘s biggest criminal organizations, including the Sinaloa Cartel and the Jalisco Cartel – New Generation (CJNG).

According to a July 2015 report from the DEA, eight major Mexican transnational criminal groups were known to be operating in the United States. Alongside prominent players like the Sinaloa Cartel and CJNG, appeared a trafficking organization called Las Moicas.

According to the report, the Moicas are based in the Mexican state of Michoacán and have ties to the Familia Michoacána, an organization largely displaced by its splinter group, the Knights Templar. Despite the decline of the Familia Michoacána after the death of its top leader in 2014, the Moicas group “remains a regional supplier in California and operate[s] on a smaller scale relative to other major Mexican” criminal organizations.

The Moicas’ first reported run-in with the DEA dates back to 2009, when US authorities seized 50 kilograms of heroin and $250,000 in cash, in addition to arresting several of the 21 suspects from the group later charged in connection with the seizure.

The DEA’s press release concerning the operation asserts that a total of 200 kilograms of heroin, with an estimated retail value of $17.5 million, were smuggled during the run. The group allegedly hid both drugs heading north and drug profits heading south “in elaborate vehicle engine compartments” that allowed them to cross the border undetected.

At the time, the Moicas operated solely in California, but the group has since reportedly expanded to Reno, Nevada, and it operates in some areas of California dominated by the Sinaloa Cartel, according to the DEA’s 2015 report.

As of March 2016, VICE News reported, Mexican authorities had no record of Las Moicas.

InSight Crime Analysis

Mexico’s criminal landscape has become increasingly fragmented as larger cartels continue to rely heavily on smaller groups for specialized criminal tasks and as the government continues to take down top leaders of major criminal organization. In an illustration of this dynamic, Mexican authorities stated that nine cartels — not including the Moicas — operated throughout the country as of July 2016, relying on a total of 37 criminal cells.

Within this context, it appears that the Moicas may have succeeded in quietly growing by maintaining a low profile, as suggested by the absence of official acknowledgement of the group by the Mexican government as well as the scant public information available about the organization. According to the DEA spokesperson contacted by BBC Mundo, the US anti-drug agency does not even know the composition of the Moicas’ hierarchy.

It is possible that the Moicas have followed the blueprint of earlier Mexican drug trafficking organizations, such as the Xalisco Boys who achieved a striking expansion across the United States in the 1990s by investing in the heroin market while maintaining a low profile.

And it is likely that the Moicas’ rise and reported expansion has been fueled by the booming US demand for heroin. The US consumption market for this particularly addictive drug is believed to have tripled over the past decade, boosted by over-prescription of legal opioid drugs and even allegedly criminal activity by executives of some companies in the US pharmaceutical industry.

Fired, Preet Bharara and $100 Million Dollars

With the approval of President Trump, Attorney General Jeff Sessions fired several attorneys general including the United States Attorney General for the Southern District of New York, Preet Bharara. In many instances, this may have been a prudent decision, however, Bharara did in fact perform some stellar legal work and credit must be offered where it is due.

This post is not so much about the Attorney General being fired as it is about the matter of hacking and phishing and costing two domestic internet tech companies $100 million dollars. These schemes are a very common daily event and few if any companies ever talk about it publically as they reveal cyber protection vulnerabilities and how employees are duped to the schemes. To be more clear, this is how Hillary Clinton’s campaign architect, John Podesta had his emails scooped up such that WikiLeaks got them, posted them for global access during the United States campaign and election cycle.

Further, to those out there that are angry with the FBI, this case in some fairness illustrates the work rank and file agents are tasked to investigate. When it comes to cyber/hacking cases, they are among the hardest to solve especially with international operatives.

Image result for preet bharara  BusinessInsider

Now enter Preet Bharara and the case he prosecuted against EVALDAS RIMASAUSKAS. The indictment is found here.

In an additional disclosure, Bharara is also being sued by a hedge-fund.

The summary of the case:

Department of Justice

U.S. Attorney’s Office

Southern District of New York

FOR IMMEDIATE RELEASE

 

Lithuanian Man Arrested For Theft Of Over $100 Million In Fraudulent Email Compromise Scheme Against Multinational Internet Companies

Joon H. Kim, the Acting United States Attorney for the Southern District of New York, and William F. Sweeney Jr., the Assistant Director-in-Charge of the New York Office of the Federal Bureau of Investigation (“FBI”), announced criminal charges against EVALDAS RIMASAUSKAS for orchestrating a fraudulent business email compromise scheme that induced two U.S.-based internet companies (the “Victim Companies”) to wire a total of over $100 million to bank accounts controlled by RIMASAUSKAS. RIMASAUSKAS was arrested late last week by authorities in Lithuania on the basis of a provisional arrest warrant.  The case has been assigned to U.S. District George B. Daniels.

Acting U.S. Attorney Joon H. Kim said:  “From half a world away, Evaldas Rimasauskas allegedly targeted multinational internet companies and tricked their agents and employees into wiring over $100 million to overseas bank accounts under his control. This case should serve as a wake-up call to all companies – even the most sophisticated – that they too can be victims of phishing attacks by cyber criminals. And this arrest should serve as a warning to all cyber criminals that we will work to track them down, wherever they are, to hold them accountable. The charges and arrest in this case were made possible thanks to the terrific work of the FBI and the cooperation of the victim companies and their financial institutions. We thank the companies and their banks for acting quickly, coming forward promptly, and cooperating with law enforcement; it led not only to the charges announced today, but also the recovery of much of the stolen funds.”

FBI Assistant Director William F. Sweeney Jr. said:  “As alleged, Evaldas Rimasauskas carried out a business email compromise scheme creatively targeting two very specific victim companies. He was initially successful, acquiring over $100 million in proceeds that he wired to various bank accounts worldwide. But his footprint would eventually lead investigators to the truth, and today we expose his lies. Criminals continue to commit a wide variety of crimes online, and significant cyber data breaches have had a negative impact across a variety of industries. The FBI will continue to work with our domestic and international partners to pursue criminals who engage in this type of activity, wherever they may be hiding.”

According to the allegations contained in the Indictment unsealed today[1]:

From at least in or around 2013 through in or about 2015, RIMASAUSKAS orchestrated a fraudulent scheme designed to deceive the Victim Companies, including a multinational technology company and a multinational online social media company, into wiring funds to bank accounts controlled by RIMASAUSKAS.  Specifically, RIMASAUSKAS registered and incorporated a company in Latvia (“Company-2”) which bore the same name as an Asian-based computer hardware manufacturer (“Company-1”), and opened, maintained, and controlled various accounts at banks located in Latvia and Cyprus in the name of Company-2.  Thereafter, fraudulent phishing emails were sent to employees and agents of the Victim Companies, which regularly conducted multimillion-dollar transactions with Company-1, directing that money the Victim Companies owed Company-1 for legitimate goods and services be sent to Company-2’s bank accounts in Latvia and Cyprus, which were controlled by RIMASAUSKAS.  These emails purported to be from employees and agents of Company-1, and were sent from email accounts that were designed to create the false appearance that they were sent by employees and agents of Company-1, but in truth and in fact, were neither sent nor authorized by Company-1.  This scheme succeeded in deceiving the Victim Companies into complying with the fraudulent wiring instructions.

After the Victim Companies wired funds intended for Company-1 to Company-2’s bank accounts in Latvia and Cyprus, RIMASAUSKAS caused the stolen funds to be quickly wired into different bank accounts in various locations throughout the world, including Latvia, Cyprus, Slovakia, Lithuania, Hungary, and Hong Kong.  RIMASAUSKAS also caused forged invoices, contracts, and letters that falsely appeared to have been executed and signed by executives and agents of the Victim Companies, and which bore false corporate stamps embossed with the Victim Companies’ names, to be submitted to banks in support of the large volume of funds that were fraudulently transmitted via wire transfer.

Through these false and deceptive representations over the course of the scheme, RIMASAUSKAS, the defendant, caused the Victim Companies to transfer a total of over $100,000,000 in U.S. currency from the Victim Companies’ bank accounts to Company-2’s bank accounts.

*                *                *

RIMASAUSKAS, 48, of Vilnius, Lithuania, is charged with one count of wire fraud and three counts of money laundering, each of which carries a maximum sentence of 20 years in prison, and one count of aggravated identity theft, which carries a mandatory minimum sentence of two years in prison.

The maximum potential sentences are prescribed by Congress and are provided here for informational purposes only, as any sentencing of the defendant will be determined by the judge.

Mr. Kim praised the outstanding investigative work of the FBI, and thanked the Prosecutor General’s Office of the Republic of Lithuania, the Lithuanian Criminal Police Bureau, the Vilnius District Prosecutor’s Office and the Economic Crime Investigation Board of Vilnius County Police Headquarters for their assistance in the investigation and arrests, as well as the Department of Justice’s Office of International Affairs.

The case is being prosecuted by the Office’s Complex Frauds and Cybercrime Unit.  Assistant U.S. Attorney Eun Young Choi is in charge of the prosecution.  Assistant U.S. Attorney Edward Diskant is handling the forfeiture aspects of the prosecution.

The charges contained in the Indictment are merely accusations, and the defendant is presumed innocent unless and until proven guilty.

 

[1] As the introductory phrase signifies, the entirety of the text of the Indictment, and the description of the Indictment set forth herein, constitute only allegations, and every fact described should be treated as an allegation.

About that Trump Server with Pings from Alfa Bank

A matter of note: Alfa Bank has FIFA as a customer. Under Loretta Lynch at DoJ, she prosecuted the FIFA fraud, Further, that pesky Trump dossier that was crafted by Christopher Steele is the same person that broke the case on FIFA. (Note the end of this press release).

Image result for alfa bank  Image result for alfa bank russia

Press Statement: Alfa Bank confirms it has sought help from U.S. authorities, and discloses new cyberattacks linked to Trump hoax  —

Alfa Bank, a privately owned Russian bank, confirmed today that it has contacted U.S. law enforcement authorities for assistance and offered U.S. agencies its complete co-operation in finding the people behind attempted cyberattacks on its servers that have made it appear falsely that it has been communicating with the Trump Organization.

Alfa Bank confirmed a story in Circa News that it had been subjected to three new attempted domain name server (DNS) cyberattacks of increasing intensity over the last few weeks. In the attacks, multiple DNS requests were made by unidentified individuals, mostly using U.S. server providers, to a Trump Organization server. The DNS requests were made to appear as if they originated from Alfa Bank. The DNS responses from the Trump server were then erroneously returned to Alfa Bank, activating Alfa Bank’s automated security systems on February 18 and again on March 11 and 13. Alfa Bank has engaged the U.S.-based cyber forensics firm Stroz Friedberg to investigate these new attacks.

Alfa Bank believes that these malicious attacks are designed to create the false impression that Alfa Bank has a secretive relationship with the Trump Organization. In fact, there is not and never has been such a relationship.

New February 2017 attack on Alfa Bank server

On February 18, 2017, Alfa Bank experienced suspicious cyber-activity from an unidentified third-party. Specifically, the unidentified third-party repeatedly sent suspicious DNS queries from servers in the U.S. to a Trump Organization server. The unidentified individuals made it look as though these queries originated from variants of MOSCow.ALFAintRa.nET. As a result, the DNS responses from the Trump server were returned incorrectly to Alfa Bank’s server, which triggered Alfa Bank’s automated security system.

Alfa Bank believes that unknown individuals — using an identified U.S.-based service provider — are behind this recent attack, and that they are attempting to trigger verification signals between Alfa Bank and a server associated with the Trump Organization.

It believes that someone or some group manufactured this deceit by «spoofing» or falsifying DNS lookups to create the impression of communication between Alfa Bank and the Trump Organization. However, Alfa Bank’s DNS servers neither send nor receive email. Instead, they react when contacted by unwanted and unsolicited messages by sending out DNS verification signals asking, in effect, who is the server contacting Alfa Bank.

An Alfa Bank spokesperson said:

“The cyberattacks are an attempt by unknown parties to manufacture the illusion of contact between Alfa Bank’s DNS servers and ’Trump servers’.

«A simple analogy would be someone in the U.S. sending an empty envelope (in this case a DNS signal) to a Trump office (server) addressed to Trump, but on the back of the envelope the return address is Russia (Alfa Bank) instead of its own real address. The Trump office, recognizing there is nothing in the empty envelope to deal with, returns it as undelivered to Russia instead of to the U.S.-based sender. So, on cursory examination, Alfa Bank appears to have been receiving responses to queries it never actually sent.

«We have gone to the U.S. Justice Department and offered our complete co-operation to get to the bottom of this sham and fraud.»

Other indications of human intervention include the fact that the queries occurring in these logs included mixed uppercased and lowercased letters. The majority of DNS queries are machine based queries (for example, browsers and email clients), which would send lowercased queries to the DNS servers.

A few days after the February 18 DNS attack, Alfa Bank again started to receive inquiries from U.S. media outlets, including CNN, about allegations of cyber links with Donald Trump. No such link exists or, in fact, has ever existed between Alfa Bank and Mr. Trump or his organization.

An anonymous group has been trying for months to persuade news organizations to publish stories that such a link is real. Alfa Bank has asked reporters who have contacted it about the traffic to assist by letting the bank know if someone is trying to create the false impression that Alfa Bank has business or other dealings with Mr. Trump.

Two new confirmed March 2017 attacks on Alfa Bank server

On March 11 and 13, Alfa Bank was subjected to two new DNS attacks using similar methods. These attacks appear to have been orchestrated from multiple servers primarily in the U.S.

Between 02:00 and 07:00 (Moscow Time) on March 11 and at 21:00 on March 13, Alfa Bank experienced suspicious cyber activity from an unidentified third party or parties. The unidentified third parties or party repeatedly sent unusual DNS queries to a Trump server, the responses to which again ultimately triggered Alfa Bank’s automated security system.

Over a five-hour period on Saturday — and again on Monday — Alfa Bank received more than 1,340 DNS responses containing mail.trump-email.com.moscow.alfaintra.net.

These malicious and seemingly co-ordinated DNS attacks are coming from unidentified users using a variety of predominantly U.S. servers, including Google and Amazon web services. These IP service providers are inadvertently allowing their infrastructure to be used to attack Alfa Bank.

Alfa Bank suspects the unidentified parties are attempting to cover their tracks by using cloud services from these providers.

Given the frequency of the attacks and the variety of Internet service providers used in the attacks, Alfa Bank’s working hypothesis is that these new attacks are being launched from a botnet.

Possible third new attack In March 2017

Alfa Bank has now started to monitor all incoming messages to its servers containing the word «trump.» This monitoring has revealed that Alfa Bank also is receiving unsolicited marketing emails from «[email protected].» These incoming spam marketing emails also trigger Alfa Bank’s security system, which automatically sends multiple DNS verification requests back to the originating server — here, the Trump server — in order to ascertain the identity of the sender.

Alfa Bank does not know whether these marketing emails are legitimate, or whether a third-party is orchestrating the campaign in another attempt to create the false impression of inappropriate communications between Alfa Bank and the Trump Organization.

In response to media questions that started last September, Alfa Bank asked Mandiant, one of the world’s leading cyber experts, to investigate allegations suggested by an anonymous cyber group of a link between Alfa Bank and Trump, based on unverified DNS logs.

Mandiant completed its independent investigation late last year. After examining Alfa Bank’s system both remotely and on the ground in Moscow, and the unverified DNS data presented to the media by the anonymous cyber group, Mandiant concluded that there is no evidence of substantive contact, such as emails or financial links, between Alfa Bank and the Trump Campaign or the Trump Organization.

Mandiant investigated (1) the DNS data given to the media, which journalists had shared with independent DNS experts, and (2) Alfa Bank servers for any evidence of links.

Mandiant concluded:

DNS data — There is no information that indicates where the list (obtained by reporters) has come from. The list contains approximately 2,800 look ups of a Domain Name over a period of 90 days. The information is inconclusive and is not evidence of substantive contact or a direct email or financial link between Alfa Bank and the Trump Campaign or Organization.

Alfa Bank servers — Nothing we have or have found alters our view as described above that there is no evidence of substantive contact or a direct email or financial link between Alfa Bank and the Trump Campaign or Organization.

Mandiant’s working hypothesis is that the activity the reporters’ sources alleged last year was caused by an email marketing/spam campaign possibly targeted at Alfa Bank employees by a marketing server, which triggered security software.

Earlier this year, Alfa Bank launched another investigation to find out who was — and maybe still is — behind this elaborate hoax.

Access to other’s DNS data is highly privileged and is usually independently examined for academic purposes and cyber security research. Therefore, the examination and sharing of DNS data by the people involved in these fraudulent activities brings into question whether these data were acquired lawfully and whether it was ethical to misuse privileged access in order to manufacture a deceit.

Alfa Bank’s working hypothesis is that an individual — possibly well known in internet research circles — may have fed selected DNS data to an anonymous cyber group to ensure they reached a specific (and erroneous) conclusion. Alternatively, the cyber group may have been complicit in the deceit. In the most recent cases, unknown individuals demonstrably attempted to insert falsified records onto Alfa Bank’s computer systems designed to create the same impression.

An Alfa Bank spokesperson said: «The anonymous cyber group, which is led according to news accounts by ‘Tea Leaves,’ cannot produce evidence of a link because there never has been one. Alfa Bank believes that it is under attack and has pledged its complete cooperation to U.S. authorities to find out who is behind these malicious attacks and false stories.»

Visa Overstays are a Bigger Issue then the Border Wall

Primer: If you overstay your visa for 180 days or more (but less than one year), when you depart the U.S. you will be barred from reentering the U.S. for three years. If you overstay your visa for one year or more, when you depart the U.S. you will be barred from reentering the U.S. for ten years.

Image result for visa overstay

Related reading: Rep. Henry Cuellar (D-TX), reports on 30 countries that refuse to take back their criminals. He appeared on CSpan and Full Measure explaining the issue. The Washington Times reports under federal law, the U.S. government can refuse to issue visas to nationals of countries that refuse to take back their citizens who have been ordered deported from the United States. But according to Cuellar, the government is not enforcing the law.
***

TruthRevolt reports in part: The Center for Migration Studies reports that “two-thirds of those who arrived in 2014 did not illegally cross a border, but were admitted (after screening) on non-immigrant (temporary) visas, and then overstayed their period of admission or otherwise violated the terms of their visas.” This is a trend, far above illegal crossings, which is anticipated to continue climbing from now on.

“That’s because, incredibly, the U.S. doesn’t have an adequate system to assure the foreigners leave when they’re supposed to,” Judical Watch reports. “This has been a serious problem for years and in fact some of the 9/11 hijackers overstayed their visa to plan the worst terrorist attack on U.S. soil. More than a decade and a half later little has changed. Securing the famously porous southern border is essential to national security but so is a reliable system that cracks down on visa overstays.”

According to the CMS study, there have been 600,000 more overstays than illegal border crossings since 2007. Mexico leads in both overstays and EWIs, or entries without inspection. Here are the breakdowns:

  • California has the largest number of overstays (890,000), followed by New York (520,000), Texas (475,000), and Florida (435,000).
  • Two states had 47 percent of the 6.4 million EWIs in 2014: California (1.7 million) and Texas (1.3 million).
  • The percentage of overstays varies widely by state: more than two-thirds of the undocumented who live in Hawaii, Massachusetts, Connecticut, and Pennsylvania are overstays. By contrast, the undocumented population in Kansas, Arkansas, and New Mexico consists of fewer than 25 percent overstays. More here.

*** So who is responsible for control of this? ICE holds all accountability, which reports to the Department of Homeland Security. What about Congress you ask?

Check this out…

Well, there was a bill introduced in 2013, 2015 and again in January of 2017. Yup. The current bill was only introduced and has a 1% chance of passing. It is only a 2 page bill to amend current law noted as H.R. 643. This bill would make it a crime for visa overstays with defined penalties. It is the U.S. State Department, Bureau of Consular Affairs that is responsible for issuing visas and waivers in the case of denials. If you can stand reading the steps and caveats to this process, go here.

Related reading: DHS Releases Entry/Exit Overstay Report For Fiscal Year 2015

For context on how DHS under Secretary Jeh Johnson at the time packaged the report, here is a sample:

DHS conducts the overstay identification process by examining arrival, departure and immigration status information, which is consolidated to generate a complete picture of an individual’s travel to the United States.  The Department identifies two types of overstays – those individuals for whom no departure has been recorded (Suspected In-Country Overstay) and those individuals whose departure was recorded after their lawful admission period expired (Out-of-Country Overstay).

This report focuses on foreign nationals who entered the United States as nonimmigrant visitors for business (i.e., B1 and WB visas) or pleasure (i.e., B2 and WT visas) through an air or sea port of entry, which represents the vast majority of annual nonimmigrant admissions.  In FY 2015, of the nearly 45 million nonimmigrant visitor admissions through air or sea ports of entry that were expected to depart in FY 2015, DHS determined that 527,127 individuals overstayed their admission, for a total overstay rate of 1.17 percent.  In other words, 98.83 percent had left the United States on time and abided by the terms of their admission.

The report breaks the overstay rates down further to provide a better picture of those overstays that remain in the United States beyond their period of admission and for whom CBP has no evidence of a departure or transition to another  immigration status. At the end of FY 2015, the overall Suspected In-Country Overstay number was 482,781 individuals, or 1.07 percent.

Due to further continuing departures by individuals in this population, by January 4, 2016, the number of Suspected In-Country overstays for FY 2015 had dropped to 416,500, rendering the Suspected In-Country Overstay rate as 0.9 percent.  In other words, as of January 4, DHS was able to confirm the departures of over 99 percent of nonimmigrant visitors scheduled to depart in FY 2015 via air and sea POEs, and that number continues to grow.

This report separates Visa Waiver Program (VWP) country overstay numbers from non-VWP country numbers.  For VWP countries, the FY 2015 Suspected In-Country overstay rate is 0.65 percent of the 20,974,390 expected departures. For non-VWP countries, the FY 2015 Suspected In-Country Overstay rate is 1.60 percent of the 13,182,807 expected departures. DHS is in the process of evaluating whether and to what extent the data presented in this report will be used to make decisions on the VWP country designations.

Overall, CBP has improved the collection of data on all admissions to the United States by foreign nationals, biometric data on most foreign travelers to the United States, and processes to check data against criminal and terrorist watchlists.  CBP has also made tremendous progress in accurately reporting data on overstays to better centralize the overall mission in identifying overstays.  CBP will continue to roll out additional pilot programs during FY 2016 that will further improve the ability of CBP to accurately report this data.

U.S. Immigration and Customs Enforcement’s (ICE) Counterterrorism and Criminal Exploitation Unit (CTCEU) is the program dedicated to the enforcement of nonimmigrant visa violations.  Each year, ICE analyzes records of hundreds of thousands of potential status violators from various investigative databases and DHS entry/exit registration systems. The goal is to identify, locate, prosecute when appropriate, and remove overstays consistent with DHS’s immigration enforcement priorities, which prioritize those who pose a risk to national security or public safety.

Read more here.

The Counterterrorism and Criminal Exploitation Unit prevents terrorists and other criminals from exploiting the nation’s immigration system. Really? Yup, that is what the website reads. In a hearing from 2012, you may be interested in reading the testimony on the matter of visa overstays delivered by DHS Deputy Counterterrorism Coordinator John Cohen and ICE Homeland Security Investigations Deputy Executive Associate Director Peter Edge.