Iran’s Boiling Point, About to Get Worse

For 6 days in a row, demonstrators against the Iran regime are demanding regime change. There is hardly any gas for 6000 bus drivers in Tehran. There are curfews, people being shot while others are being arrested. The country currency, the rial has continued to plunge in value and food is being rationed.

After passing a 90-day mark on Aug. 6, the following sanctions will snap back on Iran, according to the Treasury Department:

  • Sanctions on Iran buying or acquiring U.S. dollars
  • Sanctions on Iran trading gold and other precious metals
  • Sanctions on Iran’s sale, supply or trade of metals such as aluminum and steel, as well as graphite, coal and certain software for “integrating industrial processes”
  • Sanctions on “significant” sales or purchases of Iranian rials, or the maintenance of significant funds or accounts outside the country using Iranian rials
  • Sanctions on issuing Iranian debt
  • Iranian auto sanctions

The U.S. will also revoke certain permissions, granted to Iran under the deal, on Aug. 6. These include halting Iran’s ability to export its carpets and foods into the U.S., as well as ending certain licensing-related transactions.

At the end of the 180-day interval on Nov. 4, another set of sanctions will once again be clamped down on Iran:

  • Sanctions on Iran’s ports, as well as the country’s shipping and shipping sectors
  • Sanctions on buying petroleum and petrochemical products with a number of Iranian oil companies
  • Sanctions on foreign financial institutions transacting with the Central Bank of Iran and other Iranian financial institutions
  • Sanctions on the provision of certain financial messaging services to Iran’s central bank and other Iranian financial institutions
  • Sanctions on the provision of underwriting services, insurance, or reinsurance
  • Sanctions on Iran’s energy sector

The following day, on Nov. 5, the Trump administration will disallow U.S.-owned foreign entities from being allowed to engage in certain transactions with Iran. Sanctions on certain Iranian individuals will also be re-imposed on Nov. 5.

Read the Treasury’s full guide to the re-imposition of Iran nuclear deal sanctions here.

Meanwhile:

LONDON/ANKARA(Reuters) – An English court has cleared the way to consider whether it will allow the families of some of those killed in the Sept. 11, 2001 attacks on the United States to make a claim on Iranian assets in Britain.

The relatives want the English High Court to enforce a 2012 decision by a U.S. court which found there was evidence to show that Iran provided “material support and resources to al Qaeda for acts of terrorism”. The militant group carried out the attacks.

The New York court awarded the plaintiffs damages of over $7 billion. Iran denies any links to Al Qaeda or any involvement in the 9/11 attacks.

If the English court agrees to enforce the ruling, it could clear the way for assets in England and Wales to be frozen or seized. Iranian assets in England include a central London building and funds held by two subsidiaries of state-owned banks. This could add to Tehran’s troubles as it tries to stave off a financial crisis.

The June 8 ruling by a judge after a hearing in the English High Court removed an obstacle that was holding up the process.

The law requires the UK’s Foreign Office (FCO) to formally serve the legal papers to Iran’s Ministry of Foreign Affairs (MFA) before the enforcement proceedings can begin. A British official said it was routinely difficult to deliver papers to the MFA, according to FCO correspondence seen by Reuters. An FCO official declined to comment.

The judge ruled it was sufficient to try to notify them through other communication such as email or post.

That decision has unblocked the process. The plaintiffs will now ask a judge at the High Court in the next few months to consider whether the New York ruling can be entered as a judgment in English law, said their lawyer Natasha Harrison, a partner at the London office of Boies Schiller Flexner. The judgment could then be enforced, she said. This would mean assets could be frozen or seized.

An Iranian official said: “Iran will take all the necessary measures to stop it.”

An Iranian foreign ministry official said the June ruling was “fabricated” and “politically motivated”.

U.S. is on the Offensive, Espionage and Cyber

In the last few weeks, there was the Aspen Security Forum, a 3 day event. Then there was a DNI report. Then came 2 separate nationwide conference calls hosted by CERT, the cyber division of DHS.

A remarkable White House press briefing included the heads of intelligence agencies explaining the condition of cyber/espionage and the countermeasures against Russia.

Then there is the military side, a division frankly not well known, the Defense Security Services.

 

See the whole 2 page release here.

 

 

 

 

 

 

 

 

 

 

And there is more:

FBI Releases Article on Securing the Internet of Things

The Federal Bureau of Investigation (FBI) has released an article on the risks associated with internet-connected devices, commonly referred to as the Internet of Things (IoT). FBI warns that cyber threat actors can use unsecured IoT devices as proxies to anonymously pursue malicious cyber activities.

As our reliance on IoT becomes an important part of everyday life, being aware of the associated risks is a key part of keeping your information and devices secure. NCCIC encourages users and administrators to review the FBI article for more information and refer to the NCCIC Tip Securing the Internet of Things.

*** IOT?

The internet of things, at its simplest level, is a network of smart devices – from refrigerators that warn you when you’re out of milk to industrial sensors – that are connected to the internet so they can share data, but IoT is far from a simple challenge for IT departments.

Related reading: Five IoT Predictions For 2019

For many companies, it represents a vast influx of new devices, many of which are difficult to secure and manage. It’s comparable to the advent of BYOD, except the new gizmos are potentially more difficult to secure, aren’t all running one of three or four basic operating systems, and there are already more of them.

A lot more, in fact – IDC research says that there are around 13 billion connected devices in use worldwide already, and that that number could expand to 30 billion within the next three years. (There were less than 4 billion smartphone subscriptions active around the world in Ericsson’s most recent Mobility Report.)

With a huge number of companies “doing IoT” – most big-name tech companies, including Google, Microsoft, Apple, Cisco, Intel, and IBM have various types of IoT play – all working to bring as many users as possible into their respective ecosystems, motivation to make sure IoT systems and devices from different companies all work with each other is sometimes lacking.

Internet of Things photo

The problem, of course, is that nobody’s willing to give up on the idea of their own ecosystem becoming a widely accepted standard – think of the benefits to the company whose system wins out! – and so the biggest players in the space focus on their own systems and development of more open technologies lags behind. More here.

Hey Jim Acosta, this Could be Why Media is an Enemy

Traveling over the CNN’s Jim Acosta’s Twitter account, this is his pinned tweet:

Then yesterday, he re-tweeted this:

And he retweeted this:

At the White House press briefing, Sarah Sanders called on @Acosta and he asked Sarah if she or the Trump White House would denounce that the media is an enemy of the people. She did not denounce that but went on to describe the media and progressive abuse the Trump administration endures, listing many nasty encounters.

What did @Acosta do?

He tweeted again:

As a conservative radio host, I watched that WH exchange between them and sent a tweet to @Acosta inviting him to an interview with me. ……crickets….

But there is more. It goes beyond CNN actually. Media and the left are simply branding all things law enforcement as racists including those in government, Republican voters and even some at Fox News. So we are in a posture war here that is undeniable. So….no sooner was all that over, here comes the New York Times.

***

Meet Sarah Jeong. She’s the newest member of the New York Times editorial board. She also has a history of saying pretty vile, racist things on Twitter.

Saved tweets from Sarah Jeong, the newest member of the New York Times editorial board. (source: Twitter)

Heck, just read more here, if you can stomach the vile branding of her and where the NYT’s is going in the future.

Eligible Receiver 97, Red Team Being Applied Today for Cyber Hacks?

An early classified Defense Department cybersecurity exercise named “Eligible Receiver 97” (ER97) featured a previously unpublicized series of mock terror attacks, hostage seizures, and special operations raids that went well beyond pure cyber activities in order to demonstrate the potential scope of threats to U.S. national security posed by attacks in the cyber domain, according to recently declassified documents and a National Security Agency (NSA) video posted today by the nongovernmental National Security Archive at The George Washington University.

“Joint Exercise Eligible Receiver 97”, run during the Clinton presidency, is frequently pointed to as a critical event in the United States’ appreciation of threats in cyber space. The exercise led directly to the formation of what would eventually become United States Cyber Command (USCYBERCOM) and informed key studies such as the formative Marsh Report on critical infrastructure protection. Despite the significance of ER97, however, very little is publicly known about the exercise itself.

ER97 involved an NSA Red Team playing the role of North Korean, Iranian and Cuban hostile forces whose putative aim was to attack critical infrastructure as well as military command-and-control capabilities to pressure the U.S. government into changing its policies toward those states. An interagency Blue Team was required to provide recommendations to personnel enacting defensive responses. Until now, only two phases out of three (infrastructure and command-and-control) had been publicly known.  The video and documents posted today provide new details about the third phase involving kinetic attacks in the physical domain – i.e. more traditional terrorist assaults on civilian targets – which were built upon intelligence gathered through the Red Team’s successes. Read more here on the declassified files.

*** With all the cyber terror going on today in the United States, are we doing more ‘red team’ exercises? Perhaps some of those tactics are paying off many years later.

3 Carbanak (FIN7) Hackers Charged With Stealing 15 Million ...

Three Members of Notorious International Cybercrime Group “Fin7” in Custody for Role in Attacking Over 100 U.S. Companies

Victim Companies in 47 U.S. States; Used Front Company ‘Combi Security’ to Recruit Hackers to Criminal Enterprise

          SEATTLE – Three high-ranking members of a sophisticated international cybercrime group operating out of Eastern Europe have been arrested and are currently in custody facing charges filed in U.S. District Court in Seattle, announced U.S. Attorney Annette L. Hayes, Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division and Special Agent in Charge Jay S. Tabb Jr. of the FBI’s Seattle Field Office.

According to three federal indictments unsealed today, Ukrainian nationals Dmytro Fedorov, 44, Fedir Hladyr, 33, and Andrii Kolpakov, 30, are members of a prolific hacking group widely known as FIN7 (also referred to as the Carbanak Group and the Navigator Group, among other names).  Since at least 2015, FIN7 members engaged in a highly sophisticated malware campaign to attack more than 100 U.S. companies, predominantly in the restaurant, gaming, and hospitality industries.  As set forth in the indictments, FIN7 hacked into thousands of computer systems and stole millions of customer credit and debit card numbers which were used or sold for profit.

In the United States alone, FIN7 successfully breached the computer networks of businesses in 47 states and the District of Columbia, stealing more than 15 million customer card records from over 6,500 individual point-of-sale terminals at more than 3,600 separate business locations.  Additional intrusions occurred abroad, including in the United Kingdom, Australia, and France.  Companies that have publicly disclosed hacks attributable to FIN7 include such familiar chains as Chipotle Mexican Grill, Chili’s, Arby’s, Red Robin and Jason’s Deli.  Additionally here in Western Washington FIN7 targeted the Emerald Queen Casino (EQC) and other local businesses.  The Emerald Queen Casino was able to stop the intrusion and no customer data was stolen.

“Protecting consumers and companies who use the internet to conduct business – both large chains and small ‘mom and pop’ stores — is a top priority for all of us in the Department of Justice,” said U.S. Attorney Annette L. Hayes.  “Cyber criminals who believe that they can hide in faraway countries and operate from behind keyboards without getting caught are just plain wrong.  We will continue our longstanding work with partners around the world to ensure cyber criminals are identified and held to account for the harm that they do – both to our pocketbooks and our ability to rely on the cyber networks we use.”

“The three Ukrainian nationals indicted today allegedly were part of a prolific hacking group that targeted American companies and citizens by stealing valuable consumer data, including personal credit card information, that they then sold on the Darknet,” said Assistant Attorney General Benczkowski.  “Because hackers are committed to finding new ways to harm the American public and our economy, the Department of Justice remains steadfast in its commitment to working with our law enforcement partners to identify, interdict, and prosecute those responsible for these threats.”

“The naming of these FIN7 leaders marks a major step towards dismantling this sophisticated criminal enterprise,” said Special Agent in Charge Jay S. Tabb Jr., of the FBI’s Seattle Field Office.  “As the lead federal agency for cyber-attack investigations, the FBI will continue to work with its law enforcement partners worldwide to pursue the members of this devious group, and hold them accountable for stealing from American businesses and individuals.”

Each of the three FIN7 conspirators is charged with 26 felony counts alleging conspiracy, wire fraud, computer hacking, access device fraud, and aggravated identity theft.

In January 2018, at the request of U.S. officials, foreign authorities separately arrested Ukrainian Fedir Hladyr and a second FIN7 member, Dmytro Fedorov.  Hladyr was arrested in Dresden, Germany, and is currently detained in Seattle pending trial.  Hladyr allegedly served as FIN7’s systems administrator who, among other things, maintained servers and communication channels used by the organization and held a managerial role by delegating tasks and by providing instruction to other members of the scheme.  Hladyr’s trial is currently scheduled for October 22, 2018.

Fedorov, a high-level hacker and manager who allegedly supervised other hackers tasked with breaching the security of victims’ computer systems, was arrested in Bielsko-Biala, Poland.  Fedorov remains detained in Poland pending his extradition to the United States.

In late June 2018, foreign authorities arrested a third FIN7 member, Ukrainian Andrii Kolpakov in Lepe, Spain.  Kolpakov, also is alleged to be a supervisor of a group of hackers, remains detained in Spain pending the United States’ request for extradition.

According to the indictments, FIN7, through its dozens of members, launched numerous waves of malicious cyberattacks on numerous businesses operating in the United States and abroad.  FIN7 carefully crafted email messages that would appear legitimate to a business’ employee, and accompanied emails with telephone calls intended to further legitimize the email. Once an attached file was opened and activated, FIN7 would use an adapted version of the notorious Carbanak malware in addition to an arsenal of other tools to ultimately access and steal payment card data for the business’ customers. Since 2015, many of the stolen payment card numbers have been offered for sale through online underground marketplaces. (Supplemental document “How FIN7 Attacked and Stole Data” explains the scheme in greater detail.)

FIN7 used a front company, Combi Security, purportedly headquartered in Russia and Israel, to provide a guise of legitimacy and to recruit hackers to join the criminal enterprise.  Combi Security’s website indicated that it provided a number of security services such as penetration testing.  Ironically, the sham company’s website listed multiple U.S. victims among its purported clients.

 

The charges in the indictments are merely allegations, and the defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

The indictments are the result of an investigation conducted by the Seattle Cyber Task Force of the FBI and the U.S. Attorney’s Office for the Western District of Washington, with the assistance of the Justice Department’s Computer Crime and Intellectual Property Section and Office of International Affairs, the National Cyber-Forensics and Training Alliance, numerous computer security firms and financial institutions, FBI offices across the nation and globe, as well as numerous international agencies. Arrests overseas were executed in Poland by the “Shadow Hunters” from CBŚP (Polish Central Bureau of Investigation); in Germany by LKA Sachsen – Dezernat 33, (German State Criminal Police Office) and the Polizeidirektion Dresden (Dresden Police); and in Spain by the Grupo de Seguridad Logica within the Unidad de Investigación Technologica of the Cuerpo Nacional de Policía (Spanish National Police).

This case is being prosecuted by Assistant U.S. Attorneys Francis Franze-Nakamura and Steven Masada of the Western District of Washington, and Trial Attorney Anthony Teelucksingh of the Justice Department’s Computer Crime and Intellectual Property Section.

how_fin7_attacked_and_stole_data.pdf

Finally U.S. Sanctions Turkey over U.S. prisoners

Primer:

Ankara for years has been providing support to Hamas, Iran, ISIS, al Queda and Libya jihadists, yet it’s this incredibly stupid decision to hold an American hostage that has ultimately earned Turkey its first US sanctions.

U.S. Prepares List of Turkey Economic Sanctions Targets

The U.S. has prepared a list of Turkish entities and individuals to target should it decide to impose sanctions on Recep Tayyip Erdogan’s government for imprisoning U.S. citizens and employees of its diplomatic mission, according to two people with knowledge of the matter.

The lira slid.

While negotiations to release one of the people, evangelical Pastor Andrew Brunson, are ongoing, the preparation of the so-called “designation packages” shows how close the U.S. has come to imposing unprecedented penalties against a NATO ally. The sanctions are modeled on those against the Russian government and oligarchs close to President Vladimir Putin, the people said, asking not to be named because of the sensitivity of the issue.

The U.S. has extended deadlines this week to release Brunson or face sanctions, according to Turkish and U.S. officials familiar with the talks. The people and entities determined in the designation packages would need to be approved by the Treasury secretary and secretary of state.

The sanctions are being prepared under the Global Magnitsky Act of 2016, which allows the U.S. government to target individuals, companies or other entities involved in corruption or human-rights abuses anywhere in the world. Sanctions under the act allow for the seizure of assets in the U.S., travel bans and prohibitions on doing business with U.S. entities.

Lira Plunges

Turkey’s lira plunged to a record low of 4.9985 after Bloomberg News reported the possible sanctions, extending its decline to 4.5 percent since July 26, when Vice President Mike Pence threatened sanctions over the Brunson case. Yields on Turkey’s 10-year debt hit a record 18.86 percent on Tuesday. The Borsa Istanbul 100 index has lost 36 percent in dollar-adjusted terms this year, the second-worst performance in the world after Venezuela.

A U.S. Treasury spokesman didn’t immediately reply to an emailed request for comment.

The scope of the sanctions highlights the disconnect between Washington and Ankara as they try to negotiate a way out of the deadlock, with Turkish officials still apparently believing the Trump administration is bluffing.

Bankers who have met with Turkish officials say the sanctions threats are not being taken seriously in Ankara, even as they risk cutting off financing to an economy dependent on imported capital. For their part, U.S. officials’ patience with Turkey’s negotiating tactics is wearing thin.

‘Hostages’

Within the State Department, Brunson and other prisoners including NASA scientist Serkan Golge and three Turkish employees of the U.S. mission to Turkey are referred to as “hostages.” The U.S. says they’re innocent and being held by Turkey for the sole purpose of extracting concessions on other points of tension in the U.S.-relationship.

The two countries have quarreled over a panoply of foreign policy issues that have driven the onetime allies to outright hostility. Foremost among them are differences over policy in Syria and Iran, Turkish suspicions about the U.S. response to a 2016 coup attempt against Erdogan, and the Turkish leadership’s budding friendship with Putin.

The Magnitsky sanctions under consideration could be just the start of what would look like a U.S. assault on Turkey’s vulnerable economy. The U.S. is also considering a hefty fine on state-run lender Turkiye Halk Bankasi AS for its role in evading U.S. sanctions targeting Iran’s nuclear program, and it would impose sanctions on Turkey when it receives delivery of a missile defense system from Russia, expected in 2019.

Deal Fails

As of last week, the Americans thought they had a deal that would bring Brunson home, according to accounts by officials on both sides of the matter. In return for the release of evangelical pastor, who’s been imprisoned for almost two years on charges including involvement in the failed coup, the U.S. administration would recommend a lenient fine on Halkbank. The U.S. also offered to send Mehmet Hakan Atilla, a former executive at the bank who’s been jailed in the U.S., back to Turkey to serve out the rest of his term.

As a final sweetener to the Turks, U.S. President Donald Trump said he’d get Israeli Prime Minister Benjamin Netanyahu to release a Turkish citizen, Ebru Ozkan, who’d been arrested in Israel on accusations of abetting Hamas. Netanyahu did it, and Ozkan was sent back to Turkey on July 16.

The Americans waited for Erdogan to deliver on his side of the deal: Brunson was to be released and then deported at a hearing on July 18. Instead, Turkey changed the conditions of the agreement at the last minute, with Foreign Minister Mevlut Cavusoglu interjecting to demand that any probe of Halkbank be dropped, according to Turkish and U.S. officials. The deal fell apart and Brunson was moved to house arrest.

The Americans had been carrying out the negotiations through a backchannel with a person close to Erdogan, according to people familiar with the matter. But they have had a difficult time gauging whether or not the Turkish side fully comprehends the possible consequences of U.S. sanctions on Turkey’s economy.

That’s made it harder for the U.S. to take decisive action as the U.S. is reluctant to take action that could risk tanking the economy of a nominally allied country, or bringing down its banking system. Turkish companies and banks depend on foreign capital to plug one of the world’s largest current-account deficits, which requires about $200 million a day in foreign financing.

Ironically, the damage that U.S. action could do to Turkey makes it more hesitant to act and strengthens Turkey’s negotiating position, according to Asli Aydintasbas, an Istanbul-based senior policy fellow at the European Council on Foreign Relations.

“I have seen this over and over in this relationship going back two decades, on a much smaller scale,” Aydintasbas said. “The price of actually doing something is so big that Turkey has a psychological advantage. It’s as if they have more power, whereas it’s the other way around.”