Republicans Hacked, Data Sent to Russian Domain

Republicans hacked, skimmed NRSC donations sent to Russian domain

Hundreds, if not thousands of donations made to the NRSC this year were likely compromised

CSO: Republicans who gave money to the National Republican Senatorial Committee (NRSC) this year, in order to help support incumbent Republican senators, might want to check their credit card statements.

Those who donated to the NRSC between March 16 and October 5, 2016, conducted their transaction on a platform that was compromised by malicious code designed to steal credit card details and personal information. The NRSC quietly corrected the problem sometime around October 6, 2016.

The hacked storefront, which powers the NRSC donation system, was discovered by Willem de Groot – a Dutch developer who discovered thousands of compromised websites running vulnerable versions of the Magento e-commerce platform.

The compromised NRSC transactions included the donor’s first name, last name, email address, billing details (address, city, state, and zip code), employer details, occupation, card type, card number, card expiration, and security code.

Once the data was collected by the malicious code, the compromised transactions were then sent to one of two different domains.

Earlier this year, the criminals responsible for skimming the card data were using jquery-cloud[.]net to receive the compromised records. Later, the code on the NRSC website was altered to send skimmed transactions to jquery-code[.]su.

The malicious .su domain is still operational, and it’s hosted on a network (Dataflow) with some suspicious, if not outright criminal clients – including those that deal with drugs, money laundering, Phishing, and spam.

It isn’t clear who is behind the attack, as anyone can register a domain and obtain hosting. One interesting observation made by de Groot during his research, was that Dataflow and jquery-cloud[.]net came online together during the same week in November of 2015.

As for impact, it’s hard to tell how many transactions on the NRSC website were compromised. Going by traffic, de Groot said that upwards of 3,500 compromised transactions per month were possible.

Based on reporting to the Federal Election Commission, the NRSC collected more than $30 million in contributions since March 2016, when the card skimming code was first observed on their domain. But again, this total is for all funds collected, and doesn’t single out credit card donations.

As mentioned, once the issue became public earlier this month, the NRSC quietly replaced the compromised storefront with a new one powered by WordPress.

Salted Hash attempted to reach out to the NRSC over the weekend, but the committee hasn’t responded to queries. As of October 17, the NRSC website makes no mention of the new storefront, or the compromised e-commerce platform.

Unfortunately, this means GOP supporters who had their credit card information compromised could be caught by surprise once their accounts show signs of fraudulent activity, and left completely unaware of the problem’s root cause.

During his research, de Groot determined that more than 5,400 storefronts were compromised by the same type of malicious code used on the NRSC domain. So far, he has discovered nine variants of the skimming code, suggesting that multiple people (or groups) are involved.

When de Groot reached out to victims, in an attempt to alert them about their compromised domains, many of the website owners failed to understand the full impact of the situation.

Some responded to the warnings by arguing to de Groot that the code added by the criminals didn’t matter because – “our payments are handled by a 3rd party payment provider” or “our shop is safe because we use HTTPS.”

Those responding like this are missing the bigger point; if the code running the payment processing system is compromised, 3rd-party processing and HTTPS will not prevent a criminal from obtaining your card data or personal information.

A full list of the storefronts compromised by the skimming code is available on GitLab. Over the weekend, GitLab removed the list in error, but they’ve since restored the list with an apology.

A video demonstrating how the NRSC hack worked is below:

 

Going deeper, BuzzFeed tells us who Fancy Bear really is:

SAN FRANCISCO — On the morning of March 10, nine days after Hillary Clinton had won big on Super Tuesday and all but clinched the Democratic nomination, a series of emails were sent to the most senior members of her campaign.

At a glance, they looked like a standard message from Google, asking that users click a link to review recent suspicious activity on their Gmail accounts. Clicking on them would lead to a page that looked nearly identical to Gmail’s password reset page with a prompt to sign in. Unless they were looking closely at the URL in their address bar, there was very little to set off alarm bells.

From the moment those emails were opened, senior members in Clinton’s campaign were falling into a trap set by one of the most aggressive and notorious groups of hackers working on behalf of the Russian state. The same group would shortly target the Democratic National Committee (DNC) and Democratic Congressional Campaign Committee (DCCC). It was an orchestrated attack that — in the midst of one of the most surreal US presidential races in recent memory — sought to influence and sow chaos on Election Day.

The hack first came to light on June 15, when the Washington Post published a story based on a report by the CrowdStrike cybersecurity firm alleging that a group of Russian hackers had breached the email servers of the DNC. Countries have spied on one another’s online communications in the midst of an election season for as long as spies could be taught to use computers — but what happened next, the mass leaking of emails that sought to embarrass and ultimately derail a nominee for president, had no precedent in the United States. Thousands of emails — some embarrassing, others punishing were available for public perusal while the Republican nominee for president, Donald Trump, congratulated Russia on the hack and invited it to keep going to “find the 30,000 emails that are missing” from Clinton’s private email server. It was an attack that would edge the US and Russia closer to the brink of a cyberwar that has been simmering for the better part of a decade.

The group behind the hacks is known as Fancy Bear, or APT 28, or Tsar Team, or a dozen other names that have been given to them over the years by cybersecurity researchers. Despite being one of the most reported-on groups of hackers active on the internet today, there is very little researchers can say with absolute certainty. No one knows, for instance, how many hackers are working regularly within Fancy Bear, or how they organize their hacking squads. They don’t know if they are based in one city or scattered in various locations across Russia. They don’t even know what they call themselves.

The group is, according to a White House statement last week, receiving their orders from the highest echelons of the Russian government and their actions “are intended to interfere with the US election process.” For the cybersecurity companies and academic researchers who have followed Fancy Bear’s activities online for years, the hacking and subsequent leaking of Clinton’s emails, as well as those of the DNC and DCCC, were the most recent — and most ambitious — in a long series of cyber-espionage and disinformation campaigns. From its earliest-known activities, in the country of Georgia in 2009, to the hacking of the DNC and Clinton in 2016, Fancy Bear has quickly gained a reputation for its high-profile, political targets.

“Fancy Bear is Russia, or at least a branch of the Russian government, taking the gloves off,” said one official in the Department of Defense. “It’s unlike anything else we’ve seen, and so we are struggling with writing a new playbook to respond.” The official would speak only on condition of anonymity, as his office had been barred from discussing with the press the US response to Fancy Bear’s attacks. “If Fancy Bear were a kid in the playground, it would be the kid stealing all the juice out of your lunch box and then drinking it in front of you, daring you to let him get away with it.”

For a long time, they did get away with it. Fancy Bear’s earliest targets in Georgia, Ukraine, Poland, and Syria meant that few in the US were paying attention. But those attacks were where Fancy Bear honed their tactics — going after political targets and then using the embarrassing or strategic information to their advantage. It was in those earliest attacks, researchers say, that Fancy Bear learned to couple their talent for hacking with a disinformation campaign that would one day see them try to disrupt US elections.

“If Fancy Bear were a kid in the playground, it would be the kid stealing all the juice out of your lunch box and then drinking it in front of you, daring you to let him get away with it.”

In late July 2008, three weeks before Russia invaded Georgia in a show of force that altered the world’s perception of the Kremlin, a network of zombie computers was already gearing up for an attack against the Georgian government. Many of the earliest attacks were straightforward — the website of then-President Mikheil Saakashvili was overloaded with traffic, and a number of news agencies found their sites hacked. By Aug. 9, with the war underway, much of Georgia’s internet traffic, which routes through Russia and Turkey, was being blocked or diverted, and the president’s website had been defaced with images comparing him to Adolf Hitler.

 

Sophos Secruity

It was one of the earliest cases of cyberwarfare coinciding with a real-world physical war, and Fancy Bear, say researchers, was one of the groups behind it.

“When this group first sprung into action, we weren’t necessarily paying attention to the various Russian threat actors, inasmuch as we weren’t distinguishing them from each other,” said one former cybersecurity researcher, who has since left the private sector to work for the Pentagon. He said he could not be quoted on record due to his current job, but that in 2010, when he was still employed with a private company, they had only just started to distinguish Fancy Bear from the rest of the cyber operations being run by the Russian government.

Kurt Baumgartner, a researcher with the Moscow-based Kaspersky cybersecurity company, said the group had the types of financial and technical resources that only nation-states can afford. They would “burn through zero days” said Baumgartner, referring to rare, previously unknown bugs that can be exploited to hack into systems. The group used sophisticated malware, such as Sourface, a program discovered and named by the California-based FireEye cybersecurity company, which creeps onto a computer and downloads malware allowing that computer to be controlled remotely. Other programs attributed to Fancy Bear gave them the ability to wipe or create files, and to erase their footsteps behind them. FireEye researchers wrote that clues left behind, including metadata in the malware, show that the language settings are in Russian, that the malware itself was built during the workday in Moscow and St. Petersburg, and that IP addresses used in attacks could be traced back to Russian sources.

It wasn’t surprising to cybersecurity experts at that time that Russia would be at the forefront of a cyberattack on a nation-state. Along with China, the US, and Israel, Russia was considered to have one of the most sophisticated cyber-offensive capabilities in the world. While China appeared to have its offensive cyber teams largely organized within its military, the US under the NSA, and Israel under Unit 8200, much of Russia’s cyber operations remained obscure.

There are reports from inside Russia that have helped draw a better picture of Russia’s cyber ops. Russian investigative journalists, like Andrei Soldatov, author of The Red Web, have reported on how, following the dismantling of the KGB, Russia’s cyber operations were organized under the FSB, the KGB’s main successor agency. It was a unit operating under the FSB, for instance, that US intelligence officials believe was responsible for years-long cyber-espionage operations into the White House and State Department, discovered in the summer of 2015. At some point, Russia’s main foreign intelligence agency, the GRU, began its own cyber ops. Soldatov said it’s not clear exactly when that happened — though he says it was likely around the time of the war with Georgia — but Fancy Bear is the name given to the most notorious, and apparently prolific, group of hackers working under the GRU.

“Russia’s intelligence agency operates differently. You won’t see officers [in] uniform and hacking into infrastructure. They embed people in various infrastructure places, like ISPs, or power companies,” said Vitali Kremez, a cybercrime intelligence researcher with the Flashpoint cybersecurity firm. “To orchestrate the DNC hack wouldn’t require dozens of people, it would take two or three people, even one person, if he was talented enough. That person would have his orders for that part of the operation, and someone else, somewhere else, might have orders for a different part.”

For years, cybersecurity companies wrote up reports about Fancy Bear, often adding only in the postscript that the group they were talking about was working on behalf of Russia’s GRU. It wasn’t until last week that the US government officially named them as being tied to the highest echelons of Russia’s government.

“What first caught our attention about Fancy Bear was the targets it went after,” the Pentagon researcher said. “This was a group interested in high-stakes targets, and given who they were after — Georgia, Poland, Russian dissidents — it seemed obvious that a Russian government agency would be after those targets.”

In the years following Georgia, the targets that Fancy Bear went after grew in size, sophistication, and scope. One report, by Germany’s intelligence agency BfV, categorized the group as engaging in “hybrid warfare,” meaning a mix of conventional warfare and cyberwarfare. It gave the example of a Dec. 23, 2015, attack on Ukraine’s power grid that left more than 230,000 people without power, and said that Fancy Bear had also tried to lure German state organizations, including the Parliament and Angela Merkel’s CDU party, into installing malware on their systems that would have given the hackers direct access to German government systems. It’s unclear if anyone opened the emails that installed the malware.

The BfV report concluded that these “cyberattacks carried out by Russian secret services are part of multiyear international operations that are aimed at obtaining strategic information.” It was the first time a government had publicly named Fancy Bear as a Russian cyber operation. And there was one attack, on a French TV station, that cybersecurity researchers say was a precursor of things yet to come.

BuzzFeed News; Getty

It was just past 10 p.m. on April 8, 2015, when the French television network TV5Monde suddenly began to broadcast ISIS slogans, while its Facebook page started to post warnings: “Soldiers of France, stay away from the Islamic State! You have the chance to save your families, take advantage of it,” read one message. “The CyberCaliphate continues its cyberjihad against the enemies of Islamic State.”

The posts prompted headlines around the world declaring that the ISIS hacking division, known as the “cyber caliphate,” had successfully hacked into the French television network and taken over the broadcast.

It took nearly a month for cybersecurity companies investigating the attack to determine that it had, in actuality, been carried out by Fancy Bear. One of the companies, FireEye, told BuzzFeed News that they had traced the attack back to the group by looking at the IP addresses used to attack the station, and comparing them to IP addresses used in previous attacks carried out by Fancy Bear. The ISIS claims of responsibility planted on TV5Monde were just a disinformation campaign launched by the Russians to create public hysteria over the prospect of a terror group launching a cyberattack.

“Russia has a long history of using information operations to sow disinformation and discord, and to confuse the situation in a way that could benefit them,” Jen Weedon, a researcher at FireEye told BuzzFeed News following the attack. “In this case, it’s possible that the ISIS cyber caliphate could be a distraction. This could be a touch run to see if they could pull off a coordinated attack on a media outlet that resulted in stopping broadcasts, and stopping news dissemination.”

For nearly a month, headlines in France and across Europe had speculated about ISIS’ cyber capabilities and motives for the attack on TV5Monde. The stories setting the record straight, and reporting that a Russian group had, in fact, launched the attack, ran in a handful of newspapers for a day or two after the discovery.

At the same time, Fancy Bear was running other experiments, including a campaign to harass British journalist Eliot Higgins, and his citizen journalist website, Bellingcat. Higgins, who had published a number of articles documenting Russia’s alleged involvement in the shooting down of a Malaysian jetliner over Ukraine and the Russian shelling of military positions in eastern Ukraine, suddenly received an onslaught of spear-phishing emails. It wasn’t until this year, when Higgins saw a report by the ThreatConnect cybersecurity company on the DNC hacks that he realized that the emails targeting his site might have been similar to those targeting the DNC. He forwarded the spear-phishing emails to ThreatConnect, which confirmed that he, as well, had been targeted by Fancy Bear.

“I think it is possible that the things we were reporting on caught the eye of the hackers,” said Higgins. “More than anything it’s a badge of honor if they are going through so much effort to attack us. We must be getting something right.”

Russian media outlets, including Kremlin-owned Sputnik and Russia Today, have run articles suggesting that Bellingcat is linked to the CIA. The Bellingcat website has been defaced with personal photos of a contributor and his girlfriend.

“I think they are worried,” Higgins said. “So they are trying to discredit us.” He said it surprised him that the spear-phishing emails that targeted him and his campaign followed — almost to a formula — those sent to the DNC. The hackers didn’t bother to change the IP address, URL service, or fake Gmail message they used on either his website or the DNC. It was almost, he said, as if they didn’t mind being traced. “They have a government backing them that doesn’t care about taking down airliners, and bombing civilians in Syria so maybe they don’t care about being caught.”

Both Bellingcat and TV5Monde were, researchers now say, practice runs for Fancy Bear on the use of disinformation campaigns. People would remember a story about a ISIS-led cyberattack on France far more than a story pointing out that it was actually the Russians. Bellingcat’s work on exposing Russian operations would forever be linked, at least in the Russian media, to the accusations that they were CIA operatives. Fancy Bear was honing its skills.

The emails that Higgins, Clinton and the rest of the DNC received were variations of the millions of spear-phishing emails that go out each day. The success of those emails is predicated on the idea that everyone, no matter how savvy or suspicious, will eventually succumb to a spear-phishing attempt given enough time and effort by the attackers.

While Fancy Bear has used sophisticated — and expensive — malware during its operations, its first and most commonly used tactic has been a simple spear-phishing email, or a malicious email engineered to look like it was coming from a trusted source.

“These hacks almost always start with spear-phishing emails, because why would you start with something more complex when something so simple and easy to execute works?” said Anup Ghosh, CEO of the Invincea cybersecurity firm, which has studied the malware found on the DNC systems. “It is the easiest way to get malware onto a machine, just having the person click a link or open an executable file and they have opened the front door for you. Our analysis is on the malware itself, which had remote command and control capabilities. They essentially got the DNC to download malware which let them remotely control their computers.”

Once a spear-phishing email is clicked on, users not only give up their passwords but, in many cases, including in the case of the DNC, download malware onto their computers that gives the attackers instant access to their entire systems.

Cybersecurity experts report that 50% of people will click on a spear-phishing email. In the case of the Democratic Party, Fancy Bear’s success rate was about half of that — but good enough to get them into the accounts of some of the most senior members of the party.

From March 10, 2016, emails appearing to come from Google were sent to 108 members of Democratic presidential nominee Hillary Clinton’s campaign, and another 20 people from the Democratic National Convention (DNC), according to research published by the cybersecurity firm SecureWorks. They found the emails by tracing the malicious URLs set up by Fancy Bear using Bitly, the same service used to target Bellingcat. Fancy Bear had set the URL they sent out to read accounts-google.com, rather than the official Google URL, accounts.google.com. Dozens of people were fooled.

“They did a great job with capturing the look and feel of Google”

“We were monitoring bit.ly and saw the accounts being created in real time,” said Phil Burdette, a senior security researcher at SecureWorks, explaining how they stumbled upon the URLs set up by Fancy Bear. Bitly also keeps data on when a link is clicked, which allowed Burdette to determine that of the 108 email addresses targeted at the Clinton campaign, 20 people clicked on the links (at least four people clicked the link more than once). At the DNC, 16 email addresses were targeted, and 4 people clicked on them.

“They did a great job with capturing the look and feel of Google,” said Burdette, who added that unless a person was paying clear attention to the URL or noticed that the site was not HTTPS secure, they would likely not notice the difference.

Once Democratic Party officials entered their information into the fake Gmail page, Fancy Bear had access to not just their email accounts, but to the shared calendars, documents, and spreadsheets on their Google Drive. Among those targeted, said Burdette, were Clinton’s national political director, finance director, director of strategic communications, and press secretary. None of Clinton’s staff responded to repeated requests for comment from BuzzFeed News.

In their June 14 report, CrowdStrike found that not only was Fancy Bear in the DNC system, but that another group linked to Russia known as Cozy Bear, or APT 29, had also hacked into the DNC and was lurking in the system, collecting information. The report stated, “Both adversaries engage in extensive political and economic espionage for the benefit of the government of the Russian Federation and are believed to be closely linked to the Russian government’s powerful and highly capable intelligence services.”

The linked names, say the cybersecurity researchers who come up with them according to their own personal whims, are no coincidence. While both bears sought out intelligence targets and infiltrated government agencies across the world, their styles were distinct. Cozy Bear would go after targets en masse, spear-phishing an entire wing at the State Department or White House and then lurking quietly in the system for years. Fancy Bear, meanwhile, would be more specific in its targets, aggressively going after a single person by mining social media for details of their personal lives.

Both bears were in the DNC system, but whereas Cozy Bear might have been there for years, undetected in the background, CrowdStrike has said that it was Fancy Bear, with their more aggressive intelligence-gathering operation, that tipped off security teams that something was amiss. It was also Fancy Bear, cybersecurity researchers believe, who was behind the disinformation campaigns that made public the thousands of emails from the DNC and Clinton.

Making those emails public, say cybersecurity experts and US intelligence officials, is what shifted the hack from another Russian cyber-espionage operation to a game changer in the long-simmering US–Russia cyberwar. Using the well-established WikiLeaks platform, as well as newly invented figureheads, ensured that the leaked emails got maximum exposure. Within 24 hours of the CrowdStrike report, a Twitter account under the name @Guccifer_2 was established and began tweeting about the hack on the DNC. One of the first tweets claimed responsibility for hacking the DNC’s servers, and in subsequent private messages with journalists, including BuzzFeed News, the account claimed that it was run by a lone Romanian hacker, and that he alone had been responsible for hacking into the DNC servers and, later, the Clinton Foundation, as well as senior members of Clinton’s staff. The account offered to send BuzzFeed News emails from the hacks and appeared to make the same offer to several US publications, including Gawker and the Smoking Gun.

Julian Assange, founder of the online leaking platform WikiLeaks Steffi Loos / AFP / Getty Images

Within the week, WikiLeaks had published more than 19,000 DNC emails. Though WikiLeaks would not reveal the source, Guccifer 2.0 gleefully messaged journalists that he had been the source of the leak. Few bought the story — a language analysis on the Guccifer 2.0 account showed it made mistakes typical of Russian speakers, and when asked questions in Romanian by reporters in an online chat, Guccifer 2.0 appeared to not be able to answer. Meanwhile, metadata in the docs, such as Russian-language settings and software versions popular in Russia, led cybersecurity experts to believe that not only were the emails leaked by Russia, but that Guccifer 2.0 was an account created by the Russian state to try and deflect attention.

The same week, a site calling itself DCLeaks suddenly appeared, claiming it was run by “American hacktivists,” and began publishing hacked emails as well.

US intelligence agencies now believe that Guccifer 2.0 and DCLeaks were created by Fancy Bear, or a Russian organization working in conjunction with Fancy Bear, in order to disseminate the hacked emails and launch a disinformation campaign about their origin. WikiLeaks, whose founder Julian Assange has been dogged by his own accusations of close ties to Russia, has refused to state how he got the emails.

“We hope to be publishing every week for the next 10 weeks, we have on schedule, and it’s a very hard schedule, all the US election-related documents to come out before Nov. 8,” Assange said in a recent press conference.

Just weeks before Americans go to the polls, no one knows what material is yet to be published.


In a background briefing earlier this year, one US intelligence officer described cyberwar as “a war with no borders, no innocents, and no rules.” The officer, who has been working on US cyberpolicy for over a decade, said he didn’t think it was a question of if the US and Russia would one day be fighting a full-out cyberwar — it was a question of when.

“They’ve been dancing around each other like two hungry bears for a long time. At some point, one of them is going to take a bite,” said the officer. (His use of the word “bears” appeared to be coincidental.)

The White House’s naming of the Russian government as being behind the hacks attributed to Fancy Bear took the US and Russia into uncharted territory. While no one used the word cyberwar, the statement by the Department of Homeland Security and Director of National Intelligence did not mince words.

“The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations. The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts. These thefts and disclosures are intended to interfere with the US election process,” the statement read. “We believe, based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could have authorized these activities.”

Russian President Vladimir Putin has continued to deny Russia’s involvement in the hacks and said the leaked emails are a “public service.” In a televised address this week, Putin said the hacks were not in Russia’s interest.

Russian President Vladimir Putin Sputnik / Reuters

“There’s nothing in Russia’s interest here; the hysteria has been created only to distract the American people from the main point of what was revealed by hackers. And the main point is that public opinion was manipulated. But no one talks about this. Is it really important who did this? What is inside this information — that is what important,” Putin said.

The US is still “writing the playbook,” as one Department of Defense official put it, on what happens next, though sanctions, diplomatic action, and offensive cyberattacks are all being considered. Members of Congress have come forward, asking the White House to take aggressive action against Russia. The two countries are, undoubtedly, facing the lowest point in relations in decades.

Fancy Bear and other Russian hacking groups are still active. As countries in Europe — including France, the UK, and Germany — face upcoming elections, what is to stop Fancy Bear from engaging in the same type of hacking and disinformation campaigns?

“They did this to the United States — there is nothing to stop them from doing this to our allies in Europe,” said Jason Healey, former White House director of cyber infrastructure, and a senior research scholar at Columbia University’s School of International and Public Affairs. “We need to be working with our allies and sharing what we know so that this group doesn’t interfere with elections across Europe.”

Baumgartner, the researcher with Kaspersky, said he’s noticed big changes with Fancy Bear. They appear to be spreading out their operations and focus, he said.

“What used to be one focused and narrow group is now several subgroups,” he said. “They might be running independent of each other, or in parallel, but they seem to be spreading out operations.”

Higgins, who runs the Bellingcat website, said that after a lull of almost a year, he suddenly started getting spear-phishing emails again this week that look identical to the ones Fancy Bear hackers sent him last year.

“They’re sending them every day again,” said Higgins. “They are clearly not going to stop.”

CORRECTION

The Bellingcat website was defaced by photos of one of its contributors. The original version of this story stated that it was defaced with photos of its founder, Higgins.

How Much has Russia Penetrated America and Policy?

A couple of items, then one wonders if either presidential candidate will mention any part of these items before the election……nah

Beginning with the Department of Justice:

Brooklyn Resident And Two Russian Nationals Arrested In Connection With Scheme To Illegally Export Controlled Technology To Russia

Defendants Used Brooklyn-Based Front Companies to Procure Sophisticated Military and Satellite Technology on Behalf of Russian End-Users

Earlier today, Alexey Barysheff of Brooklyn, New York, a naturalized citizen of the United States, was arrested on federal charges of illegally exporting controlled technology from the United States to end-users in Russia.  Simultaneously, two Russian nationals, Dmitrii Aleksandrovich Karpenko and Alexey Krutilin, were arrested in Denver, Colorado, on charges of conspiring with Barysheff and others in the scheme.[1]  Federal agents also executed search warrants at two Brooklyn locations that were allegedly used as front companies in Barysheff’s illegal scheme.

Barysheff is scheduled to make his initial appearance today at 2:00 p.m. at the United States Courthouse, 225 Cadman Plaza East, Brooklyn, New York, before Chief United States Magistrate Judge Roanne L. Mann.  Karpenko and Krutilin are scheduled to make their initial appearances today at the United States Courthouse in Denver, Colorado, where the government will seek their removal in custody to the Eastern District of New York.

The arrests and charges were announced by U.S. Attorney Robert L. Capers of the Eastern District of New York; Assistant Attorney General for National Security John P. Carlin; Special Agent in Charge Angel M. Melendez, U.S. Immigration and Customs Enforcement (ICE), Homeland Security Investigations (HSI) for New York; FBI Assistant Director in Charge William F. Sweeney, Jr., New York Field Office; Special Agent in Charge Jonathan Carson, U.S. Department of Commerce, Bureau of Industry and Security, Office of Export Enforcement, New York Field Office; and Craig Rupert, Special Agent in Charge of the Department of Defense, Defense Criminal Investigative Service, North East Field Office.

The complaints allege that Barysheff, Karpenko, Krutilin, and others were involved in a conspiracy to obtain technologically cutting-edge microelectronics from manufacturers and suppliers located within the United States and to export those high-tech products to Russia, while evading the government licensing system set up to control such exports.  The Department of Commerce, pursuant to authority granted by the President of the United States, has placed restrictions on the export and re-export of items that it has determined could make a significant contribution to the military potential and weapons proliferation of other nations and that could be detrimental to the foreign policy and national security of the United States.  The microelectronics shipped to Russia included, among other products, digital-to-analog converters and integrated circuits, which are frequently used in a wide range of military systems, including radar and surveillance systems, missile guidance systems, and satellites.  These electronic devices required a license from the Department of Commerce to be exported to Russia and have been restricted for anti-terrorism and national security reasons.

As further detailed in the complaints, in 2015 Barysheff registered the Brooklyn, New York-based companies BKLN Spectra, Inc. (Spectra) and UIP Techno Corp. (UIP Techno).  Since that time, the defendants, and others have used those entities as U.S.-based front companies to purchase, attempt to purchase, and illegally export controlled technology.  To induce U.S.-based manufacturers and suppliers to sell them high-tech, export-controlled microelectronics and to evade applicable controls, the defendants and their co-conspirators purported to be employees and representatives of Spectra and UIP Techno and provided false end-user information in connection with the purchase of the items, concealed the fact that they were exporters, and falsely classified the goods they exported on records submitted to the Department of Commerce.  To conceal the true destination of the controlled microelectronics from the U.S. suppliers, the defendants and their co-conspirators shipped the items first to Finland and subsequently to Russia.

“U.S. export laws exist to prevent potentially dangerous technology from falling into the wrong hands,” said U.S. Attorney Capers.  “Those who seek to evade the scrutiny of U.S. regulatory and law enforcement agencies by operating in the shadows present a danger to our national security and our allies abroad.  We will continue to use all of our available national security options to hold such individuals and corporations accountable.”

“According to the complaints, Barysheff, Karpenko, and Krutilin conspired among themselves and with others to send sensitive U.S. technology surreptitiously to Russia in violation of U.S. export law,” said Assistant Attorney General Carlin.  “These laws are in place to protect the national security, and we will spare no effort in pursuing and holding accountable those who seek to harm the national security by illegally procuring strategic commodities for foreign entities.”

“Had law enforcement not interceded, the alleged perpetrators would have exported materials that are known to be used in a wide range of military devices,” said Melendez, Special Agent in Charge for HSI New York.  “HSI will continue to partner with other law enforcement agencies while focusing its efforts on national security and stopping the illegal flow of sensitive technology.”

“Export controls were established to prevent certain individuals, organizations, or nations from obtaining protected technology and information.  When the laws are evaded, we become vulnerable to the many threats posed by our adversaries.  The FBI will continue to protect our national security assets as we work with our partners to prevent the exportation of restricted materials,” said Sweeney, FBI Assistant Director in Charge, New York Field Office.

“Today’s arrest is a collaborative effort among law enforcement agencies.  I commend our colleagues for their efforts,” said Special Agent in Charge Carson, U.S. Department of Commerce Bureau of Industry and Security, Office of Export Enforcement, New York Field Office. “The Office of Export Enforcement will continue to use our unique authorities as the regulator and enforcer of our nation’s export control laws to keep the most dangerous goods out of the most dangerous hands.”

“The attempted theft of restricted U.S. technology by foreign actors severely threatens the United States’ defensive posture,” said Special Agent in Charge Craig Rupert, DCIS Northeast Field Office.  “DCIS will continue to pursue these investigations with our Federal partners to shield America’s investment in national defense.”

If convicted of the charges, the defendants face up to 25 years in prison and a $1 million fine.

The case is being handled by the Office’s National Security and Cybercrime Section.  Assistant U.S. Attorneys Craig R. Heeren and Peter W. Baldwin are in charge of the prosecution, with assistance from Trial Attorney Matthew Walczewski of the National Security Division’s Counterintelligence and Export Control Section.

The Defendants:

ALEXEY BARYSHEFF
Age: 36
Brooklyn, New York

DMITRII ALEKSANDROVICH KARPENKO
Age: 33
Russia

ALEXEY KRUTILIN
Age: 27
Russia

E.D.N.Y. Docket Nos. 16-893-M, 16-894-M

Then:

Again, Syria, again. U.S. Secretary of State John Kerry and Russian Foreign Minister Sergei Lavrov will meet yet again in Switzerland on Saturday, despite the ceasefire deal in Syria having fallen apart and Kerry suggesting that Russia was carrying out war crimes by bombing civilians in Aleppo. Putin brushes it all off. But Russian President Vladimir Putin said in an interview with French television TF1 on Wednesday that accusations of Russian war crimes are simply “political rhetoric that doesn’t make a lot of sense and doesn’t take account of the reality in Syria.” He added, “I am deeply convinced that it’s our Western partners, and especially the United States, that are responsible for the situation in the region in general and Syria in particular.” At an event in Moscow on Wednesday, Putin also insisted Russia won’t give in to “blackmail and pressure” over its military offensive in Syria and accused the U.S. and its allies of whipping up “anti-Russian hysteria.” Cyber front. The FBI believes that the hacking and leaking of Hillary Clinton campaign chairman John Podesta’s emails was carried out by Russian intelligence, anonymous officials tell the Wall Street Journal. The emails have been leaked to outlets such as the Intercept and WikiLeaks and show political deliberations of the Clinton campaign as well as transcripts of Clinton’s private speeches. The Department of Homeland Security is also helping states look for evidence of breaches and harden their networks following break-ins at a number of state electoral databases, similarly attributed to Russia. “The whole hysteria is aimed at making the American forget about the manipulation of public opinion,” Putin added Wednesday. “No one is talking about that, everyone wants to know who did that, what is important is what is inside and what that information is about.”

What is the Reason for this Global Demand by Putin?

Russia recently held defense drills for 40 million citizens in apparent preparation for an all-out nuclear war.

“And earlier this month, Putin’s ministers announced they had built bunkers capable of housing Moscow’s 14 million people.

****

The Ministry of Defense of the Russian Federation has stated that it is considering the return of Russian military bases to Cuba and Vietnam. Judging by everything, this information slipped through the cracks into the public space by accident, as most officials now prefer to either remain silent or answer evasively in the face of reporters’ questions. For a list of targeted Russian bases globally, click here.

Related reading: Breaking Sanctions with Cuba?

Related reading: The U.S. has had a Russian Problem of Espionage for Decades

Related reading: Rubio was Right, the Russian Memo, Just the Facts

Russia orders all officials to fly home any relatives living abroad, as tensions mount over the prospect of a global war

DailyMail: Russia is ordering all of its officials to fly home any relatives living abroad amid heightened tensions over the prospect of global war, it has been claimed.

Politicians and high-ranking figures are said to have received a warning from president Vladimir Putin to bring their loved-ones home to the ‘Motherland’, according to local media.

It comes after Putin cancelled a planned visit to France amid a furious row over Moscow’s role in the Syrian conflict and just days after it emerged the Kremlin had moved nuclear-capable missiles near to the Polish border.

Former Soviet leader Mikhail Gorbachev has also warned that the world is at a ‘dangerous point’ due to rising tensions between Russia and the US.

According to the Russian site Znak.com, administration staff, regional administrators, lawmakers of all levels and employees of public corporations have been ordered to take their children out of foreign schools immediately.

Failure to act will see officials jeopardising their chances of promotion, local media has reported.

The exact reason for the order is not yet clear.

But Russian political analyst Stanislav Belkovsky is quoted by the Daily Star as saying: ‘This is all part of the package of measures to prepare elites to some ‘big war’.’

Relations between Russia and the US are at their lowest since the Cold War and have soured in recent days after Washington pulled the plug on Syria talks and accused Russia of hacking attacks

The Kremlin has also suspended a series of nuclear pacts, including a symbolic cooperation deal to cut stocks of weapons-grade plutonium.

Just days ago, it was reported that Russia had moved nuclear-capable missiles near to the Polish border as tensions escalated between the world’s largest nation and the West.

The Iskander missiles sent to Kaliningrad, a Russian enclave on the Baltic Sea between Nato members Poland and Lithuania, are now within range of major Western cities including Berlin.

Polish officials – whose capital Warsaw is potentially threatened – have described the move as of the ‘highest concern’.

RUSSIA TESTS BALLISTIC MISSILES AS TENSIONS BUILD

Russia’s military conducted a series of intercontinental ballistic missile tests on Wednesday, the latest flexing of its muscles as tensions with the US spike over Syria.

Russian forces fired a nuclear-capable rocket from a Pacific Fleet submarine in the Sea of Okhotsk north of Japan, state-run RIA Novosti reported.

A Topol missile was shot off from a submarine in the Barents Sea, and a third was launched from an inland site in the north-west of the vast country, Russian agencies reported.

The latest display of might by Moscow – which has been conducting regular military drills since ties with the West slumped in 2014 over Ukraine – comes as tensions have shot up in recent days.

Russia has pulled the plug on a series of deals with the US – including a symbolic disarmament pact between the two nuclear powers to dispose of weapons-grade plutonium – as Washington has halted talks on Syria.

The Kremlin has also moved an air defence missile system and missile cruisers to the war-ravaged country to bolster its forces there.

That comes as the West has accused Moscow of committing potential war crimes in its bombing of rebel-held part of the city of Aleppo in support of an assault by regime forces.

Washington has previously lashed out at Moscow for resorting to alleged “nuclear sabre-rattling” as East-West relations fell to the worst level since the Cold War following Russia’s seizure of Crimea from Ukraine in March 2014.

Putin’s decision to cancel his Paris visit came a day after French President Francois Hollande said Syrian forces had committed a ‘war crime’ in the battered city of Aleppo with the support of Russian air strikes.

Putin had been due in Paris on October 19 to inaugurate a spiritual centre at a new Russian Orthodox church near the Eiffel Tower, but Hollande had insisted his Russian counterpart also took part in talks with him about Syria.

The unprecedented cancellation of a visit so close to being finalised is a ‘serious step… reminiscent of the Cold War’, said Russian foreign policy analyst Fyodor Lukyanov.

‘This is part of the broader escalation in the tensions between Russia and the West, and Russia and NATO,’ he told AFP.

The Kremlin has also been angered over the banning of the Russian Paralympic team from the Rio Olympics amid claims of state-sponsored doping of its athletes.

Meanwhile, the top advisor to US presidential candidate Hillary Clinton has said the FBI is investigating Russia’s possible role in hacking thousands of his personal emails.

But Russian officials have vigorously rejected accusations of meddling in the US presidential elections and dismissed allegations that Moscow was behind a series of recent hacks on US institutions.

Retired Russian Lt. Gen. Evgeny Buzhinsky told the BBC: ‘Of course there is a reaction. As far as Russia sees it, as Putin sees it, it is full-scale confrontation on all fronts. If you want a confrontation, you’ll get one.

‘But it won’t be a confrontation that doesn’t harm the interests of the United States. You want a confrontation, you’ll get one everywhere.’

Earlier this week British Foreign Secretary Boris Johnson waded into the row, calling for anti-war campaigners to protest outside the Russian embassy in London.

Johnson said the ‘wells of outrage are growing exhausted’ and anti-war groups were not expressing sufficient outrage at the conflict in Aleppo.

‘Where is the Stop the War Coalition at the moment? Where are they?’ he said during a parliamentary debate.

****

Hillary Revealed Through Hacked Podesta Emails

Nah….she isn’t all that is she? uh huh…..and she for sure has a system to keep her own fingerprints off the trail while her custom designed human firewall does all the work.

  CNN

Seems the Hillary campaign instigated by Brian Fallon was working to get Trey Gowdy’s emails on the matter of the Benghazi investigation and approached the vice chair of the committee Elijah Cummings.

7 biggest revelations from WikiLeaks release of Podesta emails

FNC: Here are seven of the biggest revelations so far:

‘SPOILED BRAT’

Top Bill Clinton lieutenant Doug Band, in an alleged 2011 exchange with Podesta, tore into Chelsea Clinton, who had apparently been raising questions about the company Band co-founded, Teneo.

“I don’t deserve this from her and deserve a tad more respect or at least a direct dialogue for me to explain these things,” Band wrote in November. “She is acting like a spoiled brat kid who had nothing else to do but create issues to justify what she’s doing because she, as she has said, hasn’t found her way and has a lack of focus in her life.”

BILL CLINTON ‘LOSING IT’

Bill Clinton has long had a soft spot for New Hampshire, the state that made him the “Comeback Kid” and helped propel him to the Democratic nomination in 1992. So when it seemed on Feb. 7 that Hillary Clinton was set to lose the state’s primary by a large margin, Bill did not take the news well.

“He’s losing it bad today,” Bill Clinton chief of staff Tina Flournoy wrote. “I’m not with him. If you’re in NH please see if you can talk to him.”

Vermont Sen. Bernie Sanders went on to beat Clinton in the Granite State 60-to-38 percent on Feb. 9.

Bill Clinton wasn’t alone in his despondency.

Neera Tanden, an activist and past adviser to Hillary Clinton, wrote to Podesta on Feb. 4: “What is wrong w the people of Nh?”

COZY WITH THE PRESS

The alleged Podesta emails show a particular level of comfort with certain members of the news media.

CNBC correspondent John Harwood emailed Podesta numerous times, on some occasions to request an interview and other times to offer advice. On May 8, 2015, Harwood wrote an email with the subject line “Watch out.”

“Ben Carson could give you real trouble in a general [election],” Harwood wrote before linking to video clips of an interview Harwood did with the former pediatric neurosurgeon.

In a July 2015 email, New York Times reporter Mark Leibovich emailed communications director Jennifer Palmieri several chunks of an interview he did with Hillary Clinton, and seemingly asked permission for the “option to use the following” portions. Palmieri suggested he cut a reference Clinton made to Sarah Palin and remove Clinton’s quote, “And gay rights has moved much faster than women’s rights or civil rights, which is an interesting phenomenon.”

Palmieri ended one email: “Pleasure doing business!”

In a January 2015 memo, former Politico reporter Maggie Haberman, who now works for The New York Times, was described as having “a very good relationship” with the campaign.

“We have had her tee up stories for us before and have never been disappointed,” the memo said.

HOPING FOR TRUMP

Hillary Clinton allies were apparently hoping the Republican primary electorate would nominate Donald Trump as the GOP candidate for president.

Media commentator Brent Budowsky wrote to Podesta on March 13 that “Right now I am petrified that Hillary is almost totally dependent on Republicans nominating Trump.”

“…..even a clown like Ted Cruz would be an even money bet to beat and this scares the hell of out me…..” Budowsky wrote.

A Democrat National Committee strategy document from April 7, 2015 also wrote about “elevating the Pied Piper candidates,” identified as Trump, Cruz and Carson.

WALL STREET SPEECHES

Campaign research director Tony Carrk emailed top Clinton advisers on Jan. 25 with some “flags from HRC’s paid speeches” that were given during the time between her tenure as secretary of state and when she announced her presidential candidacy. Clinton has not released transcripts of those speeches despite numerous calls from her primary and general election opponents.

Among the red flags is Clinton admitting she’s “Kind Of Far Removed” from middle-class struggles due to “The Economic, You Know, Fortunes That My Husband And I Now Enjoy.” That speech was delivered to employees at Goldman-Black Rock on Feb. 4, 2014.

In a line that came back to bite her in Sunday night’s presidential debate, Clinton discussed needing “Both A Public And A Private Position” during a speech for National Multi-Housing Council in April 2013.

In other speeches, Clinton boasts of her ties to Wall Street, admits she needs Wall Street funding and says insiders are needed to fix problems on Wall Street. Sanders was a particular critic of Wall Street and so-called “economic inequality” during his protracted primary campaign against Clinton.

In another speech, Clinton said her “dream is a hemispheric common market, with open trade and open borders.”

SANDERS STRATEGY

Throughout the alleged Podesta emails, aides debate tactics against Clinton’s main 2016 primary rival, Sanders. Carrk forwarded a 71-page, nearly 50,000-word opposition research file on Oct. 28, 2015, picking apart nearly every policy and position of Sanders. “Attached are some hits that could either be written or deployed during the next debate on Sanders,” Carrk wrote.

On Jan.6, campaign adviser Mandy Grunwald and Palmieri debated how to respond to Sanders’ attacks on Clinton’s ties to Wall Street.

“I liked messing with Bernie on wall street at a staff level for the purposes of muddying the waters and throwing them off their game a bit,” Palmieri wrote. “But don’t know that it is most effective contrast for her. Seems like we are picking the fight he wants to have.”

Grunwald replied: “Bernie wants a fight on a Wall Street. We should not give him one.”

ALLIES’ SUPPORT FOR ISIS?

An alleged email sent from Hillary Clinton’s account to Podesta on Aug. 17, 2014, noted that ISIS was receiving financial and logistical support from Saudi Arabia and Qatar.

“While this military/para-military operation is moving forward, we need to use our diplomatic and more traditional intelligence assets to bring pressure on the governments of Qatar and Saudi Arabia, which are providing clandestine financial and logistic support to [ISIS] and other radical Sunni groups in the region,” the email said.

It’s unclear whether the email was actually authored by Clinton.

The Clinton campaign, meanwhile, has blasted WikiLeaks over the release, while ramping up its accusations that the group is working with the Russian government.

“It is absolutely disgraceful that the Trump campaign is cheering on a release today engineered by Vladimir Putin to interfere in this election, and this comes after Donald Trump encouraged more espionage over the summer and continued to deny the hack even happened at Sunday’s debate,” spokesman Glen Caplin said in a statement. “The timing shows you that even Putin knows Trump had a bad weekend and a bad debate. The only remaining question is why Donald Trump continues to make apologies for the Russians.”

****

The uranium deal, which involved 25 percent of Russia’s deposits, was discussed in an email conversation between Clinton Foundation communications head, Maura Pally, and Clinton campaign chief, John Podesta, Breitbart reports.

“Putting on all of your radars that Grassley sent a letter to AG Lynch (dated June 30th though we just saw it) asking questions about contributions to the Clinton Foundation and the Uranium One deal. Letter is attached. Craig is connecting with comms team to be sure they are aware as well,” the email said.

“Clinton Foundation’s ties to a number of investors involved in a business transaction that resulted in the acquisition of Uranium One, owner of U.S. based uranium assets, by Atomredmetzoloto (ARMZ), a subsidiary of Rosatom, a Russian government owned company. The transaction raised a number of national security concerns because it effectively ceded 20% of U.S. uranium production capacity to the Russian government,” said an excerpt from Grassley’s letter.

The original message was also sent to Hillary’s former shadow, Huma Adedin. She has not been spotted on the campaign trail since her husband’s latest sexting scandal, which included him making lewd comments and sending photos of himself in his underwear that also showed their toddler son laying next to him.

Minutes after receiving the email, John Podesta forwarded it to [email protected], [email protected], [email protected], [email protected]. The deep connection between the State Department and the Clinton Foundation has never been clearer – or more terrifying.

The Hill: An official within Democratic presidential nominee Hillary Rodham’s campaign appeared to have discussions with sources inside the Department of Justice (DOJ) about ongoing open records lawsuits regarding the former secretary of State’s emails, according to an email released on Tuesday.

In an email from May 2015, Clinton campaign spokesman Brian Fallon said that “DOJ folks” had “inform[ed]” him about an upcoming status conference in one of the lawsuits regarding Clinton’s private email setup.

The information about an upcoming court event would have been public knowledge and open for all to attend. And it’s unclear whether the people Fallon spoke to at the Justice Department were officials who regularly communicate with the public.

However, the fact Fallon – a former spokesman with the Justice Department — remained in contact with anyone from the department is likely to renew allegations that the Obama administration maintained an especially cozy relationship with Clinton’s presidential campaign.

****

Politico:

Clinton ‘not in the same place’ as her aides on email scandal

As the furor over Hillary Clinton’s emails built in the summer of 2015, the Democratic candidate appears to have resisted at least some of her team’s advice about how to get ahead of the story. In an email to other aides, Clinton campaign communications director Jennifer Palmieri said she viewed the decision to turn over thumb drives and a computer server to the Justice Department as a chance for Clinton to try to move past the controversy, but Clinton apparently had a different view.

“As you all know, I had hoped that we could use the ‘server moment’ as an opportunity for her to be viewed as having take [sic] a big step to deal with the email problem that would best position us for what is ahead. It is clear that she is not in same place (unless John has a convo with her and gets her in a different place),” Palmieri wrote in the August 8 email.

Palmieri proposed that the campaign put out word after the Sunday talk shows the following day that Clinton had surrendered the thumb drives and server to the Justice Department then do an interview with Univision where she would talk about the decision during a broader discussion about college costs. However, the timing ultimately slipped a bit, with the campaign announcing the move late on Tuesday, after she’d already taped the Univision interview earlier that day. Read the rolling blog from Politico here and the revealing references to the emails.

 

 

Mexican Officials are Smuggling Haitians into the U.S.

Immigration Official Warns 40,000 Haitians On Their Way To U.S. Via California’s Mexico Border

SAN FRANCISCO (AP) — A top U.S. immigration official says 40,000 Haitians may be on their way to the United States amid what she calls an “emergency situation” on California’s border with Mexico.

Immigration and Customs Enforcement Director Sarah Saldana said Thursday in Washington that the estimate came from other governments during a recent trip she made to Central America.

Saldana told the House Judiciary Committee that word of the new arrivals contributed to the Homeland Security Department’s announcement on Thursday that it was lifting special protections shielding Haitians from deportation that were put in place after their country’s 2010 earthquake. She says changing conditions in Haiti also played a part.

***  

Mexican officials quietly helping thousands of Haitian illegal immigrants reach U.S.

WashingtonTimes: Mexican officials are quietly helping thousands of illegal immigrant Haitians make their way to the United States, according to an internal Homeland Security document that details the route taken by the migrants, the thousands of dollars paid to human smugglers along the way and the sometimes complicit role of the governments of America’s neighbors.

More than 6,000 Haitians arrived at the border in San Diego over the last year — a staggering 18-fold increase over fiscal year 2015. Some 2,600 more were waiting in northern Mexico as of last week, and 3,500 others were not far behind, waiting in Panama to make the trip north, according to the documents, obtained by Rep. Duncan Hunter, California Republican.

The migrants are paying at least $2,350 to be smuggled from South America to the doorstep of the U.S., where many present themselves at the border and many demand asylum, hoping to gain a foothold here.

Boat maker Audit Volmar walks inside the shell of a sail boat he's building on the beach of Leogane, Haiti. The 30-foot-long boats are purchased by smugglers for around $12,000 and then taken to northern Haiti to find passengers. (Associated Press)
Photo by: Dieu Nalio Chery
Boat maker Audit Volmar walks inside the shell of a sail boat he’s building on the beach of Leogane, Haiti. The 30-foot-long boats are purchased by smugglers for around $12,000 and then taken to northern Haiti to find passengers. (Associated Press)

“Haitians have forged a dangerous and clandestine new path to get to the United States,” says the document, which lays out in detail the route and the prices paid along the way for smugglers, bus tickets and, where they can be obtained legally, transit documents.

Their trek begins in Brazil and traces a 7,100-mile route up the west coast of South American and Central America, crossing 11 countries and taking as long as four months.

Some countries are more welcoming than others, according to the document, which was reviewed by The Washington Times. Nicaragua is listed as being particularly vigilant about deporting the Haitian migrants if they are caught — so smugglers charge $1,000 to get through that country.

When traveling through Central American countries the Haitians will claim instead to be from Congo, believing that authorities in Central America aren’t likely to go through the hassle of deporting them to West Africa if they are caught, Homeland Security said.

Being smuggled through Ecuador costs $200, while Guatemala and Colombia cost $300 apiece, the document says.

Mexico, though, is more accommodating to the migrants. It stops them at its southern border in Tapachula, processes them and — though they don’t have legal entry papers — “they receive a 20-day transit document” giving them enough time to get a bus across Mexico, arriving eventually in Tijuana, just south of San Diego.

Once in the United States, many of the Haitians claim asylum and fight deportation in cases that can drag on for years, guaranteeing the migrants a foothold in the country in the meantime. U.S. Citizenship and Immigration Services said it received referrals to conduct credible fear screenings, which is the first part of an affirmative asylum claim, for 523 Haitians over the last year.

Other Haitians who are apprehended are put on a slow deportation track, giving them a chance to blend into the shadows along with other illegal immigrants. Southern Florida is a particularly attractive destination for the Haitians once they are released into the U.S., the document said.

Haitians are the latest nationality to surge into the United States, along with Central Americans enticed by the belief that lax enforcement policies under President Obama will enable them to stay, even if it means living in the shadows.

“The exponential increase in Haitian migrants showing up at the southern border is truly astonishing, and it shows one of the many consequences of President Obama’s immigration policy, which invites illegal entry and exploitation of the system,” said Joe Kasper, chief of staff for Mr. Hunter.

He said he was struck by “Mexico’s complicity” in helping the Haitians by granting them legal passage just to reach the United States.

Mexico doesn’t want them, but it’s entirely content with putting migrants — in this case Haitians — right on America’s doorstep,” he said.

The Mexican Embassy in Washington has not responded to repeated inquiries from The Times, dating back to last month, on its role in the Haitian surge.

As many as 75,000 Haitians fled to Brazil after the 2010 earthquake. Some 50,000 still remain, but the rest have left — including a steady stream over the last year headed for the United States.

Haiti’s embassy in Washington promised to make someone available to discuss the situation, but didn’t follow through.

U.S. Customs and Border Protection, the agency that guards the borders and ports of entry, acknowledged “an uptick” in Haitians arriving without permission. In fact, the numbers leapt from 339 in fiscal year 2015 to 6,121 in 2016 — an increase of more than 1,800 percent.

“While CBP officials have made adjustments to port operations to accommodate this uptick in arriving individuals, CBP officials are used to dynamic changes at our local border crossings, including San Ysidro, the nation’s busiest border crossing, and are able to flex resources to accommodate those changes,” the agency said in a statement.

CBP says it processed the Haitians “on a case by case basis” and those that don’t have permission to be in the U.S. are sent to Immigration and Customs Enforcement (ICE), the deportation agency.

As of Sept. 24, ICE had 619 Haitians in detention.

ICE had been moving slowly on deportations of Haitians under a humanitarian policy in place since the 2010 earthquake. But on Sept. 21, Homeland Security Secretary Jeh Johnson announced a change, saying agents would again begin rapid deportations of Haitians caught at the border.

Jessica Vaughan, policy studies director at the Center for Immigration Studies, said the data shows just how much the smuggling operations control illegal immigration. She said there are faster routes through Mexico and into the United States, but the fact that 90 percent of them are coming to San Diego is evidence they have an arrangement, likely with the Sinaloa cartel.

She also that by issuing transit permits, Mexico was assisting not only the Haitians’ illegal migration, but also providing a financial boost to the very criminal cartels that Mexican officials say are a threat to their society.

“I understand how this collusion or ambivalence to a criminal phenomenon works in Mexico, but I don’t understand why the Obama administration is letting it happen,” she said. “We could shut this down in a hurry simply by telling asylum seekers that they need to apply in one of the eight or nine safe countries that they passed through on the way. Otherwise we are just asking to see another 160,000 or more applicants next year.”