Category Archives: Trump Administration

Pyotr Levashov Arrested in Barcelona, Hacker

Posted on by

All domestic news media has been blaming the Russians for cyber election intrusion. Conservative outlets have pushed back asking for evidence. There are investigations on The Hill regarding Russian interference and the House Intelligence Committee, chaired by Devin Nunes has seen the documents and share them with the White House. The committee co-chair Adam Schiff was angry he was not read on early enough. A big political conflict has occurred and Nunes recused himself from the specific committee investigation regarding Russia as Nunes remains chairman of the committee.

Okay so what you ask?

Well we want to blame the FBI, Comey and ODNI, Clapper for not being more forthcoming on the matter. Slow down everyone, as cyber investigations are international in scope and it takes a mobilized set of experts and agencies and international collaboration to make attribution by using exceptional tools, cyber talent and agreements. So….what does all this mean? It means the lid could soon blow off this whole operation.

You see, there was malware, phishing and countless botnet systems that were part of the U.S. election interference as we saw with the DNC hack and the John Podesta emails via WikiLeaks. There are countless moving parts and they are international. It is gratifying to know however, not only is government part of the investigation, but outside cyber corporations are doing their own due diligence and offering additional clues, evidence and assistance to the FBI. How so you ask?

From Krebs on Security: Then, on Jan. 26. 2012, I ran a story featuring a trail of evidence suggesting a possible identity of “Severa (a.k.a. “Peter Severa”), another SpamIt affiliate who is widely considered the author of the Waledac botnet (and likely the Storm Worm). In that story, I included several screen shots of Severa chatting on Spamdot.biz, an extremely secretive Russian forum dedicated to those involved in the spam business. In one of the screen shots, Severa laments the arrest of Alan Ralsky, a convicted American spam kingpin who specialized in stock spam and who — according to the U.S. Justice Department – was partnered with Severa. Anti-spam activists at Spamhaus.org maintain that Peter Severa’s real name is Peter Levashov (although the evidence I gathered also turned up another name, Viktor Sergeevich Ivashov). Read more here, it is fascinating and well done.

*** No wonder attribution takes a very long time right? Yes so read on please…..

Programmer Pyotr Levashov reportedly suspected in US election hacking arrested

Madrid: A Russian computer programmer, Pyotr Levashov, has been arrested in the Spanish city of Barcelona, a spokesman for the Russian embassy in Madrid said on Sunday.

It was unclear why Levashov was arrested. The embassy spokesman declined to give details for his arrest, and Spanish police and the interior ministry were not available for comment on Sunday.

Russian television station RT reported that Levashov was arrested under a US international arrest warrant and was suspected of being involved in hacking attacks linked to alleged interference in last year’s US election.

Peter Carr, a spokesman for the US Justice Department’s criminal division, said: “The US case remains under seal, so we have no information to provide at this time.”

The criminal division is separate from the national security division, which is responsible for investigating state-sponsored cyber crimes.

A US Department of Justice official said it was a criminal matter without an apparent national security connection.

Spanish authorities notified the Russian embassy of Levashov’s arrest on Friday, the embassy spokesman said.

In January, Spanish police arrested another Russian computer programmer, whose name was given as “Lisov” and who was wanted by the United States for leading a financial fraud network.

Russia's embassy in Madrid.Russia’s embassy in Madrid. Photo: Wikimedia/Luis García (Zaqarbal)

The US government has formally accused Russia of hacking Democratic Party emails to help the campaign of Republican President Donald Trump. The US Congress is also examining links between Russia and Trump during the election campaign.

Russian officials, including President Vladimir Putin, have repeatedly denied that Russia tried to influence the election.

Reuters

Related reading: Spain arrests Russian bank-account hacker wanted by FBI

January 2017: Spain has arrested a 32-year-old Russian computer programmer at Barcelona airport who is alleged to have designed and used software to steal bank account details from banks and individuals, Spanish police said on Friday.

Working with the U.S. Federal Bureau of Investigation (FBI), the man, named Lisov, was arrested by Spanish police on Jan. 13 as he waited to take a flight to another European country. He is suspected of leading a financial fraud network, the police said in a statement.

Lisov, wanted by the United States under an international arrest warrant, had been under observation by authorities for several days in the north-eastern region of Catalonia, police said. Police did not give the man’s first name. More here.

Related reading: Russian FSB Officers Charged in Yahoo Hack and More

Tip sheet on above:

ALEXSEY BELAN

Conspiring to Commit Computer Fraud and Abuse; Accessing a Computer Without Authorization for the Purpose of Commercial Advantage and Private Financial Gain; Damaging a Computer Through the Transmission of Code and Commands; Economic Espionage; Theft of Trade Secrets; Access Device Fraud; Aggravated Identity Theft; Wire Fraud

   Seems we need to be more patient when it comes to the FBI and associated international agencies…eh?

Will Trump Grant this Request by the House Oversight Committee?

Posted on by

Chaffetz leads renewed call for Trump to fire IRS chief

House Oversight Committee Chairman Jason Chaffetz leads renewed call for Trump to fire IRS chiefRomney exploring 2018 Senate run: reportSecret Service strained by protection of Trump family: reportMORE (R-Utah) and nearly 40 other Republican lawmakers on Thursday called for President Trump to fire IRS Commissioner John Koskinen.

The letter, the second this week from House Republicans on the topic, argues that firing Koskinen, whose term ends in November, would be in line with Trump’s comments in his inauguration speech that it is important for the government to be controlled by the public.

“So long as the IRS commissioner is a man who has misled the people, destroyed evidence, and failed his legal duties to the people’s representatives in Congress, the IRS is not ‘controlled by the people,'” the GOP lawmakers wrote. “For that reason, we request you immediately remove Koskinen.” More here from The Hill.

*** There could be that pesky pending problem: Trump and Koskinen also have a personal relationship that goes back to the 1970s in New York City. Koskinen was involved in helping arrange the sale of the Commodore Hotel in Manhattan to Trump, a deal that helped launch Trump’s lucrative business career, according to a May 5, 1976, article in The New York Times.

Tomahawks Destroyed 20 Assad Aircraft on Sharyat Flightline

Posted on by

Trump Orders Missile Attack in Retaliation for Syrian Chemical Strikes

By Jim Garamone

DoD News, Defense Media Activity

WASHINGTON, April 6, 2017 — The United States fired Tomahawk missiles into Syria today in retaliation for the regime of Bashar Assad using nerve agents to attack his own people.

President Donald J. Trump ordered the attack on Al-Shayrat Air Base, the base from which the chemical attack on Syria’s Idlib province was launched. The missiles were launched from U.S. Navy ships in the Eastern Mediterranean Sea.

The attack is in retaliation for the Syrian dictator for using banned chemical agents in the April 4 attack.

“Bashar al-Assad launched a horrible chemical weapons attack on innocent civilians,” Trump said in a statement to the nation. “Using a deadly nerve agent, Assad choked out the lives of helpless men, women and children. It was a slow and brutal death for so many. Even beautiful babies were cruelly murdered in this very barbaric attack. No child of God should ever suffer such horror.”

Vital National Security Interest

Trump ordered the targeted military strike on the airfield that launched the attack. “It is in the vital national security interest of the United States to prevent and deter the spread and use of deadly chemical weapons,” the president said.

No one disputes that Syria used banned chemical weapons of the people of Idlib, he said, adding that this is a violation of the Chemical Weapons Convention. Syria also ignored United Nations Security Council resolutions.

“Years of previous attempts at changing Assad’s behavior have all failed and failed very dramatically,” Trump said. “As a result, the refugee crisis continues to deepen and the region continues to destabilize, threatening the United States and its allies.”

Trump called on all civilized nations to join the United States in seeking an end to the slaughter in Syria, and to end the threat terrorism poses in the blighted nation.

Details of Strike

Shortly after the president’s address, Pentagon spokesman Navy Capt. Jeff Davis issued a statement providing details of the strike. It took place at about 8:40 p.m. EDT — 4:40 a.m.  April 7 in Syria, he said.

The strike was conducted using Tomahawk Land Attack Missiles, or TLAMs, launched from the destroyers USS Porter and USS Ross in the eastern Mediterranean Sea, Davis said in his statement. A total of 59 TLAMs targeted aircraft, hardened aircraft shelters, petroleum and logistical storage, ammunition supply bunkers, air defense systems, and radars.

“As always,” Davis said, “the U.S. took extraordinary measures to avoid civilian casualties and to comply with the Law of Armed Conflict.  Every precaution was taken to execute this strike with minimal risk to personnel at the airfield.”

The strike was “a proportional response to Assad’s heinous act,” the Pentagon spokesman said, noting that Shayrat Airfield was used to store chemical weapons and Syrian air forces. The U.S. intelligence community assesses that aircraft from Shayrat conducted the April 4 chemical weapons attack, he added, and the strike was intended to deter the regime from using chemical weapons again.

Russian forces were notified in advance of the strike using the established deconfliction line, Davis said, and U.S. military planners took precautions to minimize risk to Russian or Syrian personnel at the airfield.

“We are assessing the results of the strike,” Davis said. “Initial indications are that this strike has severely damaged or destroyed Syrian aircraft and support infrastructure and equipment at Shayrat Airfield, reducing the Syrian government’s ability to deliver chemical weapons. The use of chemical weapons against innocent people will not be tolerated.”

***

Russian military personnel were at the base during the U.S. attack, soldiers told Al Masdar. But the Russians weren’t harmed during the strike, which focused on the airfields, fuel tankers and aircraft hangars, according to Al Masdar. Rex Tillerson, Secretary of State earlier in the afternoon, placed a call to Putin with advanced warning but no call was made to warn Syria.

Obama/Rice Abuse of Surveillance Started During Iran Deal

Posted on by
Image result for obama surveillance israel VOA

The Guardian more than a year ago, validates the summary posted below.

US ‘spied on Binyamin Netanyahu during Iran nuclear deal talks’

Despite Barack Obama’s promise to curtail eavesdropping on allies in the wake of the Edward Snowden revelations about the scale and scope of US activities, the National Security Agency’s (NSA) surveillance included phone conversations between top Israeli officials, US congressmen and American-Jewish groups, according to the Wall Street Journal.

Further, we cannot eliminate any complicity that would include NSC advisor, Ben Rhodes.

Did the Obama Administration’s Abuse of Foreign-Intelligence Collection Start Before Trump?

One clue: The Russia story is a replay of how the former White House smeared pro-Israel activists in the lead-up to the Iran Deal

Tablet: The accusation that the Obama administration used information gleaned from classified foreign surveillance to smear and blackmail its political opponents at home has gained new traction in recent days, after reports that former National Security Adviser Susan Rice may have been rifling through classified transcripts for over a year that could have included information about Donald Trump and his associates. While using resources that are supposed to keep Americans safe from terrorism for other purposes may be a dereliction of duty, it is no more of a crime than spending all day on Twitter instead of doing your job. The crime here would be if she leaked the names of U.S. citizens to reporters. In the end, the seriousness of the accusation against Rice and other former administration officials who will be caught up in the “unmasking” scandal will rise or fall based on whether or not Donald Trump was actively engaged in a conspiracy to turn over the keys of the White House to the Kremlin. For true believers in the Trump-Kremlin conspiracy theories, the Obama “spying and lying” scandal isn’t a scandal at all; just public officials taking prudent steps to guard against an imminent threat to the republic.

But what if Donald Trump wasn’t the first or only target of an Obama White House campaign of spying and illegal leaks directed at domestic political opponents?

In a December 29, 2015 article, The Wall Street Journal described how the Obama administration had conducted surveillance by US Gov on Israeli officials to understand how Prime Minister Benjamin Netanyahu and other Israeli officials, like Ambassador Ron Dermer, intended to fight the Iran Deal. The Journal reported that the targeting “also swept up the contents of some of their private conversations with U.S. lawmakers and American-Jewish groups.”

Despite this reporting, it seemed inconceivable at the time that—given myriad legal, ethical, political, and historical concerns, as well as strict National Security Agency protocols that protect the identity of American names caught in intercepts—the Obama White House would have actually spied on American citizens. In a December 31, 2016, Tablet article on the controversy, “Why the White House Wanted Congress to Think It Was Being Spied on By the NSA,” I argued that the Obama administration had merely used the appearance of spying on American lawmakers to corner opponents of the Iran Deal. Spying on U.S. citizens would be a clear abuse of the foreign-intelligence surveillance system. It would be a felony offense to leak the names of U.S. citizens to the press.

Increasingly, I believe that my conclusion in that piece was wrong. I believe the spying was real and that it was done not in an effort to keep the country safe from threats—but in order to help the White House fight their domestic political opponents.

“At some point, the administration weaponized the NSA’s legitimate monitoring of communications of foreign officials to stay one step ahead of domestic political opponents,” says a pro-Israel political operative who was deeply involved in the day-to-day fight over the Iran Deal. “The NSA’s collections of foreigners became a means of gathering real-time intelligence on Americans engaged in perfectly legitimate political activism—activism, due to the nature of the issue, that naturally involved conversations with foreigners. We began to notice the White House was responding immediately, sometimes within 24 hours, to specific conversations we were having. At first, we thought it was a coincidence being amplified by our own paranoia. After a while, it simply became our working assumption that we were being spied on.”

This is what systematic abuse of foreign-intelligence collection for domestic political purposes looks like: Intelligence collected on Americans, lawmakers, and figures in the pro-Israel community was fed back to the Obama White House as part of its political operations. The administration got the drop on its opponents by using classified information, which it then used to draw up its own game plan to block and freeze those on the other side. And—with the help of certain journalists whose stories (and thus careers) depend on high-level access—terrorize them.

Once you understand how this may have worked, it becomes easier to comprehend why and how we keep being fed daily treats of Trump’s nefarious Russia ties. The issue this time isn’t Israel, but Russia, yet the basic contours may very well be the same.

***

Two inquiries now underway on Capitol Hill, conducted by the Senate intelligence committee and the House intelligence committee, may discover the extent to which Obama administration officials unmasked the identities of Trump team members caught in foreign-intelligence intercepts. What we know so far is that Obama administration officials unmasked the identity of one Trump team member, Michael Flynn, and leaked his name to the Washington Post’s David Ignatius.

“According to a senior U.S. government official,” Ignatius wrote in his Jan. 12 column, “Flynn phoned Russian Ambassador Sergey Kislyak several times on Dec. 29, the day the Obama administration announced the expulsion of 35 Russian officials as well as other measures in retaliation for the hacking. What did Flynn say, and did it undercut the U.S. sanctions?”

Nothing, the Times and the Post later reported. But exposing Flynn’s name in the intercept for political purposes was an abuse of the national-security apparatus, and leaking it to the press is a crime.

This is familiar territory. In spying on the representatives of the American people and members of the pro-Israel community, the Obama administration learned how far it could go in manipulating the foreign-intelligence surveillance apparatus for its own domestic political advantage. In both instances, the ostensible targets—Israel and Russia—were simply instruments used to go after the real targets at home.

In order to spy on U.S. congressmen before the Iran Deal vote, the Obama administration exploited a loophole, which is described in the original Journal article. The U.S. intelligence community is supposed to keep tabs on foreign officials, even those representing allies. Hence, everyone in Washington knows that Israeli Ambassador Ron Dermer is under surveillance. But it’s different for his American interlocutors, especially U.S. lawmakers, whose identities are, according to NSA protocol, supposed to be, at the very least, redacted. But the standard for collecting and disseminating “intercepted communications involving U.S. lawmakers” is much less strict if it is swept up through “foreign-foreign” intercepts, for instance between a foreign ambassador and his capital. Washington, i.e. the seat of the American government, is where foreign ambassadors are supposed to meet with American officials. The Obama administration turned an ancient diplomatic convention inside out—foreign ambassadors were so dangerous that meeting them signaled betrayal of your own country.

During the long and contentious lead-up to the Iran Deal the Israeli ambassador was regularly briefing senior officials in Jerusalem, including the prime minister, about the situation, including his meetings with American lawmakers and Jewish community leaders. The Obama administration would be less interested in what the Israelis were doing than in the actions of those who actually had the ability to block the deal—namely, Senate and House members. The administration then fed this information to members of the press, who were happy to relay thinly veiled anti-Semitic conceits by accusing deal opponents of dual loyalty and being in the pay of foreign interests.

It didn’t take much imagination for members of Congress to imagine their names being inserted in the Iran deal echo chamber’s boilerplate—that they were beholden to “donors” and “foreign lobbies.” What would happen if the White House leaked your phone call with the Israeli ambassador to a friendly reporter, and you were then profiled as betraying the interests of your constituents and the security of your nation to a foreign power? What if the fact of your phone call appeared under the byline of a famous columnist friendly to the Obama administration, say, in a major national publication?

To make its case for the Iran Deal, the Obama administration redefined America’s pro-Israel community as agents of Israel. They did something similar with Trump and the Russians—whereby every Russian with money was defined as an agent of the state. Where the Israeli ambassador once was poison, now the Russian ambassador is the kiss of death—a phone call with him led to Flynn’s departure from the White House and a meeting with him landed Attorney General Jeff Sessions in hot water.

Did Trump really have dealings with FSB officers? Thanks to the administration’s whisper campaigns, the facts don’t matter; that kind of contact is no longer needed to justify surveillance, whose spoils could then be weaponized and leaked. There are oligarchs who live in Trump Tower, and they all know Putin—ergo, talking to them is tantamount to dealing with the Russian state.

Yet there is one key difference between the two information operations that abused the foreign-intelligence surveillance apparatus for political purposes. The campaign to sell the Iran deal was waged while the Obama administration was in office. The campaign to tie down Trump with the false Russia narrative was put together as the Obama team was on its way out.

The intelligence gathered from Iran Deal surveillance was shared with the fewest people possible inside the administration. It was leaked to only a few top-shelf reporters, like the authors of The Wall Street Journal article, who showed how the administration exploited a loophole to spy on Congress. Congressmen and their staffs certainly noticed, as did the Jewish organizations that were being spied on. But the campaign was mostly conducted sotto voce, through whispers and leaks that made it clear what the price of opposition might be.

The reason the prior abuse of the foreign-intelligence surveillance apparatus is clear only now is because the Russia campaign has illuminated it. As The New York Times reported last month, the administration distributed the intelligence gathered on the Trump transition team widely throughout government agencies, after it had changed the rules on distributing intercepted communications. The point of distributing the information so widely was to “preserve it,” the administration and its friends in the press explained—“preserve” being a euphemism for “leak.” The Obama team seems not to have understood that in proliferating that material they have exposed themselves to risk, by creating a potential criminal trail that may expose systematic abuse of foreign-intelligence collection.

Lee Smith is a senior editor at the Weekly Standard and a senior fellow at the Hudson Institute. He is also the author of the recently published The Consequences of Syria.

China/Russia Using the Same Cyber Operations Playbook?

Posted on by

As President Trump meets with Xi Jinping of China at Mar A Lago, perhaps he should point to these two conditions in earnest.

North Korean hackers seem to have managed to access a secret war masterplan by South Korea and the U.S. in a cyberattack last September, sources here said Monday.

By Lee Yong-soo: (the item posted below is copyright protected)

Chosun: One government source said Defense Ministry investigators questioned around 40 people over the hacking attack and it appears that part of the masterplan, dubbed OPLAN 5027, “leaked.” A Defense Ministry source said the hackers accessed reports containing portions of the plan, not the entire document.

Defense Minister Han Min-koo and other military officials last year downplayed the seriousness of the hacking attack, saying that only a small number of sensitive military secrets leaked out.

OPLAN 5027 was first drawn up in 1978, when the South Korea-U.S. Combined Forces Command was established, and updated every two years since 1994. It includes troop deployment plans, key North Korean targets, strategies and military control of facilities in the North.

A military official said “discussions are still taking place” whether the plan has to be overhauled now the North has seen chunks of it.

The ministry found out about the leak while investigating a new computer virus in September that attacked the vaccine server at the military cyber command.

Investigators discovered that the Defense Ministry’s Internet and Intranet servers were infected with the same malware, affecting the minister’s own computer and around 2,500 computers with Internet access and 700 connected to the Intranet.

At the time, the ministry said only that hackers accessed “some military information, including sensitive information” and that North Korea appears to be responsible.

The hackers tried to attack the main server of the Defense Integrated Data Center, which serves as the cyber nerve center of South Korea’s defense system.

 

***

China’s Information Warriors Are Growing More Disciplined, Say US Cyber Leaders

And some U.S. cyber leaders worry that the American military’s approach is too reactive and defensive.

When President Trump meets this week with his Chinese counterpart, President Xi Jinping, he’ll be engaging with a leader who commands an increasingly disciplined and persistent information-warfare force.

In December 2015, the Chinese military stood up a Strategic Support Force as part of a larger series of reforms. Essentially a Chinese version of U.S. Cyber Command, the new force focuses on war in the electromagnetic spectrum, space, and cyberspace.  “All these are the new fields that determine whether the PLA can win in the future battlefield,” Chinese officials told state media.

The new force’s key focus is building capabilities to disrupt U.S. military operations, according to Martin Libicki, who leads cybersecurity studies at the U.S. Naval Academy. In January China announced that the country will develop the world’s first exascale super computer by the end of the year.

The move follows years of steady and incremental improvements in information operations, Vice Adm. Tim White, commander of the U.S. Cyber National Mission Force, said Tuesday at the Navy League’s Sea-Air-Space conference. “They are building what I would call campaigns. They are being very thoughtful about it and being purposeful in their approach and there is some design that they are organizing themselves,” he said of adversarial nations such as China but also Russia.  “It’s not just a single mission, point of time, or place. It’s interwoven together to achieve a national purpose.”

By contrast, White worries the U.S. military is thinking too defensively. He believes the Pentagon should work toward a more disciplined, consistent response, and shift from a “broadly reactive” posture “to something we are doing something as a result of our own campaign and planning efforts.”

“They’re on the field and we are figuring out how to get on that field,” White  said. “What nations are doing in this space, it’s more coordinated. It’s more interoperable from their perspective. It’s more structured and it’s more integrated.”

Industrial espionage from China appears to have  waned since Barack Obama and Xi signed an agreement in September 2015. But attacks have not vanished entirely. Between March and May of last year, Chinese hackers deployed a backdoor into a government services company, stole important credentials, and attempted to gain access to U.S. military secrets, according to the FireEye cyber security group.

Without speaking specifically about that incident, Vice Adm. Jan Tighe, deputy chief of naval operations for information warfare and the director of naval intelligence, said that many of the attacks, pings, intrusion attempts and probe “appear to be part of deliberate campaigns” of adversarial nation-state activities against Western targets.

How to fight them off? The head of U.S. Cyber Command, Adm. Michael Rogers, has suggested giving more authority to lower-ranking service personnel. The Navy anticipates that all 40 of the Navy’s cyber mission force teams will reach full operational capability by 2018.

Navy leaders at Sea-Air-Space also said  artificial intelligence would play a bigger role in attacking and defending networks.

“I would not say we see new and exquisite DARPA-like capabilities yet,” emerging out of China in terms of artificial intelligence specifically for information warfare, according to White. “But I do think it will be inevitable because you’re not constrained by physics.”

Meanwhile, the U.S. military is exploring the use of cognitive computing and deep learning to better understand network vulnerabilities and predict attacker behavior, according to Vice Adm. Michael Gilday, who leads the Navy’s 10th Fleet  and Cyber Command, in accordance with phase II of the Command’s strategic plan to 2020, first laid out in 2015.

Marine Maj. Gen. Lori Reynolds, the commander of Marine Forces Cyber Command also maid a plea to industry. “Anything we can do to automate the intelligence cycle … that’s the right investment,”

But Military cyber leaders say that the United States and China will likely put artificial intelligence to different uses in information warfare. Automation can and probably should take over much defensive work to better keep up with the speed of attacks. But the use of offensive cyber weapons will still involve human decision making for the United States military. They could not guarantee the same of China.

AI can absolutely tighten your ability to make a decision inside your enemy’s ability to make a decision,” said Gilday.

Defense One asked Gilday and Tighe if they were seeing adversarial nations attempt to automate the use of offensive cyber weapons. They declined to respond.