Category Archives: Whistleblower

1.8 Million Exchange Students Part of Security Investigation Review

Posted on by

Primer: Chinese spies target US intellectual property (important due to universities relationships with government operations) Further is 2015, U.S. diplomats previously warned China to stop using covert law enforcement agents on U.S. soil. CNN reported that the agents pressure Chinese citizens to return to the country to face justice, often on corruption charges, United States officials confirmed to CNN. The agents have successfully coerced several Chinese nationals to return to China from the U.S., they said.

So, between India and China we have more than a million foreign nationals at the student level. Are they really students? This is a number too, where American students are eliminated from college acceptance due to favorable foreign student policy.

The Student and Exchange Visitor Program (SEVP) is a part of the National Security Investigations Division and acts as a bridge for government organizations that have an interest in information on nonimmigrants whose primary reason for coming to the United States is to be students.

On behalf of the Department of Homeland Security (DHS), SEVP manages schools, nonimmigrant students in the F and M visa classifications and their dependents. The Department of State (DoS) manages Exchange Visitor Programs, nonimmigrant exchange visitors in the J visa classification and their dependents. Both SEVP and DoS use the Student and Exchange Visitor Information System (SEVIS) to track and monitor schools; exchange visitor programs; and F, M and J nonimmigrants while they visit the United States and participate in the U.S. education system.

WASHINGTON — There are 1.18 million international students with F (academic) or M (vocational) status studying at 8,774 schools in the United States according to the latest “SEVIS by the Numbers.” The biannual report on international student data, which includes a new section on regional data trends, is prepared by the Student and Exchange Visitor Program (SEVP), part of U.S. Immigration and Customs Enforcement’s (ICE) Homeland Security Investigations (HSI).

The report, released Thursday by SEVP, highlights May 2017 data from the Student and Exchange Visitor Information System (SEVIS), a web-based system that includes information about international students, exchange visitors and their dependents while they are in the United States.

Based on data extracted from SEVIS May 5, the international student population increased 2 percent compared to May 2016, with 76 percent of students enrolled in higher education programs of study.

Seventy-seven percent of international students hailed from Asia. Among continents, South America had the largest percentage increase (6.5 percent) in international students studying in the United States when compared to May 2016.  

China and India continue to send the largest number of students to study in the United States, at 362,368 students and 206,698 students, respectively. And even with a 19 percent decline – the steepest percentage decline among the top 10 Asian countries – Saudi Arabia still had 55,806 students studying in the United States in May 2017, ranking fourth among Asian countries. With an 18 percent increase, Nepal saw the largest proportional growth in students coming to the United States.

Nearly 514,000 international students pursued science, technology engineering or mathematics (STEM) degrees in May 2017, marking an 8 percent increase from May 2016. Thirty-nine percent of those students pursued engineering degrees. India not only had the largest number of STEM students, but also the largest proportional STEM student population; 84 percent of Indian students in the United States studied STEM.

In May 2017, 10 U.S. universities certified to enroll only F international students accounted for 10 percent of the entire international student population. New York University (15,386 students), the University of Southern California (13,365 students) and Northeastern University (12,372 students) – all certified to enroll F students – had the highest international student enrollment numbers among U.S. schools.

Nine percent of schools can enroll both F and M international students. The top three schools in this category included: Cornell University (5,716 students), the Houston Community College System (4,768 students) and Santa Monica College (3,554 students).

The international student population in the Northeast increased 4 percent when compared to May 2016, marking the highest proportional growth of the four U.S. regions. Rhode Island was the only state in the region to experience a dip in the number of international students compared to the previous year, while New York and Massachusetts added the largest number of international students during that same period, 4,490 students and 2,770 students, respectively. New Jersey saw an increase of 10 percent in international students pursuing bachelor’s degrees.

In the South, the international student population grew 3 percent since May 2016. Florida, Georgia and Texas all saw significant increases in the number of international students studying in those states.  While Louisiana, Tennessee and Oklahoma saw decreases in the number of international students studying there..

Arkansas, Kentucky and Maryland all saw major growth in international students taking part in their higher education system. Maryland saw a 10 percent increase in the number of students earning a bachelor’s degree. However, the southern region saw the largest growth at the graduate degree level. The number of international students pursuing master’s degrees increased 25 percent in Arkansas and 35 percent in Kentucky.

The Midwest saw minimal growth of 1 percent. Illinois added 1,331 students to its international student population, marking the largest increase in the region, while Nebraska experienced the largest proportional growth of 7 percent. Missouri experienced the largest decrease in international students, both in terms of student numbers and proportional decline, 763 students and 3 percent, respectively.

In the western part of the United States, international student enrollment stayed relatively static in California, other than an 8 percent increase in the number of students earning bachelor’s degrees. Idaho saw a 14 percent drop in the total number of international students studying in the state, with a 16 percent decrease in the number of students earning a bachelor’s degree. But, Nevada’s international student population grew by 5 percent, marking the largest proportional growth in the region.

The full “SEVIS by the Numbers” report can be viewed here. Report data was extracted from SEVIS May 5. The report captures a point-in-time snapshot of data related to international students studying in the United States. Data for the previous “SEVIS by the Numbers” report was extracted from SEVIS in November 2016.

Individuals can explore more international student data from current and previous “SEVIS by the Numbers” reports by visiting the Study in the States interactive mapping tool. This information is accessible at the continent, region and country level and includes information on gender and education levels, as well as international student populations by state, broken down by geographical areas across the globe.

SEVP monitors the more than one million international students pursuing academic or vocational studies (F and M visa holders) in the United States and their dependents. It also certifies the schools and programs that enroll these students. The U.S. Department of State monitors exchange visitors (J visa holders) and their dependents, and oversees exchange visitor programs.

Both SEVP and the Department of State use SEVIS to protect national security by ensuring that students, visitors and schools comply with U.S. laws. SEVP also collects and shares SEVIS information with government partners, including U.S. Customs and Border Protection and U.S. Citizenship and Immigration Services, so only legitimate international students and exchange visitors gain entry into the United States.

HSI reviews SEVIS records for potential violations and refers cases with possible national security risks or public safety concerns to its field offices for further investigation. Additionally, SEVP’s Analysis and Operations Center reviews student and school records for administrative compliance with federal regulations related to studying in the United States.

 

Investigating the Other Collusion Case

Posted on by

Seems it at least began in 2015, long before Donald Trump was campaigning for the Oval Office.

Also, as an aside, John Podesta is testifying before the House Intelligence Committee next week. He too has financial ties to Moscow operations.

The Vnesheconombank is Russian owned and has been under a sanctions architecture due to the annexing of Crimea. In Russia, by law, the bank’s board chairman is the Prime Minister of Russia. Vladimir Putin increased leading when he became the bank’s chairman in 2008. Now precisely why is Russia investing at all in the United States in the first place? Well soft power and doing business with the Export Import Bank, an agency that is corrupt to the core. Further, Sergei Gorkov is head of the bank and is is/was a Russian spy.

Image result for Vnesheconombank  ABC

BusinessInsider:The U.S. Treasury has added a bunch of entities to its Russia sanctions list, including a sovereign wealth fund that used to be connected to some pretty high-profile U.S. billionaires.

The Treasury’s Office of Foreign Assistance Control on Thursday added The Russian Direct Investment Fund to the list, along with a number of entities linked to RDIF parent Vnesheconombank and energy giant Rosneft.

Vnesheconombank was first sanctioned last year, but RDIF hadn’t been explicitly targeted until the announcement on Thursday.

Private equity moguls Steve Schwarzman of Blackstone, David Bonderman of TPG, and Leon Black of Apollo Global Management all served as board members for RDIF when it was established in 2011, according to a press release at the time.

At some point, those names were removed from the RDIF website.

The Wall Street Journal first reported that the investors’ names had disappeared from the site in September 2014, but said that they still served on the board at that time. There are currently no names listed on the international advisory board on RDIF’s website.

Back in 2011, each board member issued statements about joining the board. Here are some highlights:

“We believe there are many attractive investment opportunities in Russia — the RDIF will provide the strong and experienced local partnership needed for investors to realize those opportunities.” — David Bonderman

“Russia has strong fundamentals that will continue to fuel its growth trajectory and offer attractive investment opportunities. We believe the Russia Direct Investment Fund will help further align U.S. and Russian objectives in terms of identifying paths toward partnership in the private sector.” — Leon Black

“It’s always good to have friends when you are going to a place that you are not as familiar with.”  — Stephen Schwarzman

Bonderman has spoken publicly about investing in the country in recent months, telling an audience at the Milken Global Conference this year that the Russian market remains attractive, according to a report by CNN Money.

He is quoted as saying: “Sanctions are perfectly set up not to work at all but to make a political statement.”

Spokespeople for Blackstone and TPG declined to comment. Apollo could not be reached for comment.

A spokesperson for the Russian Direct Investment Fund said: “For Vnesheconombank subsidiaries the new clarification by the US Department of the Treasury is essentially a technical repetition of sanctions imposed a year ago, which targeted a number of Russian companies including Vnesheconombank and its subsidiaries.

“Given the nature of the Fund’s activity, RDIF has never attracted financing in the USA, it invests its own funds. Since the introduction of sanctions last year RDIF has continued to invest into the Russian economy and build new international partnerships.”

So what you ask?

Image result for sergei gorkov Sergei Gorkov

Well due to sanctions, those on the Trump campaign team, transition team and now in the White House may have violated sanctions. If so, the reason would be why, to what end and how many may be involved? It should also be added that many Republicans have ties to Russians and oligarchs, not all is as it seems. We can only hope, while not knowing details, the Senate is also investigating Hillary Clinton in much the same condition. Yet as Secretary of State, Hillary and Obama had the ability to sign waivers to finesse sanctions. This was likely the case between Hillary and the Kremlin regarding Skolkovo.

Remember, don’t shoot the messenger. Furthermore, it seems some on the Senate committee are leaking too.

Senate investigators are examining the activities of a little-known $10-billion Russian investment fund whose chief executive met with a member of President Donald Trump’s transition team four days before Trump’s inauguration, a congressional source told CNN.

The source said the Senate intelligence committee is investigating the Russian fund in connection with its examination of discussions between White House adviser Jared Kushner and the head of a prominent Russian bank. The bank, Vnesheconombank, or VEB, oversees the fund, which has ties to several Trump advisers. Both the bank and the fund have been covered since 2014 by sanctions restricting U.S. business dealings.
Separately, Steve Mnuchin, now Treasury Secretary, said in a January letter that he would look into the Jan. 16 meeting between the fund’s chief executive and Anthony Scaramucci, a member of the transition team’s executive committee and a fundraiser and adviser for Trump’s presidential campaign. At the time, Mnuchin had not yet been confirmed as Treasury Secretary. The Treasury Department did not respond to a request for an update.
Two Democratic senators had asked Treasury to investigate whether Scaramucci promised to lift sanctions — a policy shift that would help the fund attract more international investment to Russia.
The questions draw attention to the Russian Direct Investment Fund, a government investment arm that has helped top U.S. private-equity firms invest in Russia and that was advised by Stephen Schwarzman, who is now chairman of Trump’s Strategic and Policy Forum, an advisory group of business leaders.
Schwarzman, chief executive officer of Blackstone Group, was named in 2011 to the fund’s International Advisory Board along with other leaders of major equity companies and sovereigh-wealth funds who reviewed the fund’s operations, plans and potential investments. Schwarzman declined to comment. A source close to him said Schwarzman has not spoken to anyone on the fund “for some time.”
The fund also worked with Goldman Sachs, whose former president Gary Cohn is Trump’s chief economic adviser and where Kirill Dmitriev, the fund’s chief executive, worked as an investment banker in the 1990s. Goldman was part of a consortium created in 2012 to invest in large Russian businesses preparing to go public, and was hired in 2013 to burnish Russia’s investment image. The company declined to comment.

‘I would reach out to people to help him”

Senate and House investigators are looking into various Russian entities to determine whether anyone connected to the Trump campaign helped Russians as they meddled in the 2016 presidential election, and whether Trump associates discussed sanctions with Russian officials.
The congressional inquiries, along with a criminal investigation by special counsel Robert S. Mueller, have shadowed the Trump administration. Trump has denied any connection to Russia’s election-meddling, calling the criminal probe “a witch hunt.”
Scaramucci, the founder of SkyBridge Capital, minimized his January meeting with Dmitriev in the resort town of Davos, Switzerland, at the celebrated annual gathering of the World Economic Forum. Scaramucci had met Dmitriev at previous Davos meetings, although at the gathering in January, Scaramucci was expecting to be named White House liaison to the business community.
Dmitriev “came over to say hello in a restaurant, and I was cordial,” Scaramucci said in a recent email to CNN. “There is nothing there.”
The day after the meeting, Scaramucci told Bloomberg TV that he had “as a private citizen” been working with Dmitriev on bringing a delegation of executives to Russia.
“What I said to him last night, in my capacity inside the administration, I would certainly reach out to some people to help him,” Scaramucci said before describing a thicket of ethical clearances he would face. “The idea was many months ago to have more outreach with Russia but also other countries, not just Russia. China, other countries.”
Scaramucci’s comments alarmed Democratic Senators Elizabeth Warren of Massachusetts and Ben Cardin of Maryland, who asked Mnuchin investigate whether Scaramucci sought to “facilitate prohibited transactions” or promised to waive or lift sanctions against Russia.
In a reply Jan. 30, before he was sworn in, Mnuchin said he would “ensure the appropriate Department components assess whether further investigation of this matter is warranted.”
A spokeswoman for the Russian fund said the two men did not discuss sanctions, and that the discussion itself did not violate sanctions that U.S. imposed in 2014 after Russia annexed part of neighboring Ukraine. The spokeswoman declined to describe the conversation, saying, “We do not comment on private meetings.”

An advocate for lifting sanctions

Since Trump’s election, Dmitriev has been one of Russia’s most vocal officials in calling for an end to U.S. sanctions and arguing that joint U.S.-Russia projects can create jobs in the United States.
The fund hired two U.S. lobbying firms in September 2014, after sanctions were imposed, paying them a combined $150,000 over two months for public relations work. The fund has not hired any lobbyists since then.
With a history of helping U.S. manufacturers and asset management companies invest in Russia, the fund is a logical starting point for Russia’s push to lift U.S. sanctions, former State Department chief economist Rodney Ludema said.
“If you’re going to get your nose under the tent, that’s a good place to start,” said Ludema, a Georgetown University economics professor. “I’m sure their objective is to get rid of all the sanctions against the financial institutions. But RDIF is one [sanctioned organizations] where a number of prominent U.S. investors have been involved.”
Scaramucci also questioned U.S. sanctions while he was in Davos and echoed Trump’s statements about improving relations with Russia.
Two weeks after the meeting between Scaramucci and Dmitriev, when President Trump spoke by phone to Russian President Vladimir Putin, the fund announced it would open an office in New York in May.
No New York office has been opened but the fund “still expects to open a representative office in the US this year,” the spokeswoman said.

 

 

Cyber Spy Weapons Software Used Against Activists and Journalists

Posted on by

Mexico ranks 9th in journalists deaths. Find the list here by country.

Related reading: iPhone security flaw discovered, used by cyber weapons dealer

 Geek.com

Mexican Government was spying on Journalists and Activists with Pegasus Surveillance software

Journalists and activists in Mexico accused the government of spying on them with the powerful surveillance software Pegasus developed by the NSO Group.

Journalists and activists in Mexico accused the government of spying on them with a powerful surveillance software. According to the journalists, the authorities used an Israeli spyware to hack their mobile devices. The surveillance software is the questionable Pegasus that is developed by the Israeli surveillance NSO Group and sold exclusively to the governments and law enforcement agencies.

NSO Group is owned by US private equity firm Francisco Partners Management. it made the headlines after the investigation conducted by The New York Times.

People familiar with the NSO Group confirmed that the company has an internal ethics committee that monitors the sales and potential customers verifying that the software will not be abused to violate human rights.

Officially the sale of surveillance software is limited to authorized governments to support investigation of agencies on criminal organizations and terrorist groups.

Unfortunately, its software is known to have been abused to spy on journalists and human rights activists.

“There’s no check on this,” said Bill Marczak, a senior fellow at the Citizen Lab at the University of Toronto’s Munk School of Global Affairs. “Once NSO’s systems are sold, governments can essentially use them however they want. NSO can say they’re trying to make the world a safer place, but they are also making the world a more surveilled place.”

The discovery is the result of an investigation conducted by Mexican NGOs and the CitizenLab organization.

R3D, SocialTic, Article 19 and CitizenLab published a report that details the surveillance illegally operated by the Mexican government through the spyware.

Authorities have been sending malicious links to individuals’ phones, in order to trick victims into opening the messages they were specifically crafted and in some cases, the attack involved also family members if the victims were not compromised.

“The targets received SMS messages that included links to NSO exploits paired with troubling personal and sexual taunts, messages impersonating official communications by the Embassy of the United States in Mexico, fake AMBER Alerts, warnings of kidnappings, and other threats.” states the report. “The operation also included more mundane tactics, such as messages sending fake bills for phone services and sex-lines. Some targets only received a handful of texts, while others were barraged with dozens of messages over more than one and a half years. A majority of the infection attempts, however, took place during two periods: August 2015 and April-July 2016″.

Mexican Govenment surveillance

The Pegasus spyware leverages zero-day exploits to compromise both iOS and Android devices.

The government targeted individuals that exposed evidence on government corruption and activists who revealed human rights violations by the Mexican Government.

The researchers observed at least two periods of intense targeting:

  • Period 1 (August 2015) when the Mexican President was officially exonerated for his role in the “Casa Blanca” scandal on which Carmen Aristegui, a well-known reporter, had first reported, and Carlos Loret de Mola was questioning the government’s role in extrajudicial killings. Aristegui revealed that President Enrique Pena Nieto’s wife had bought a $7 million Mexico City mansion from a government contractor.
  • Period 2 (April- July 2016) when revelations of government involvement in human rights abuses and extra-judicial killings were made public.

Mexican Government spyware

According to the New York Times report, at least three Mexican federal agencies have purchased some $80 million of spyware from NSO Group since 2011.

Companies like the NSO Group operate in the dark, in a sort of “legal gray area,” despite the Israeli government exercises strict control of the export of such kind of software, surveillance applications could be abused by threat actors and authoritarian regimes worldwide.

Let me close with Key Findings of the report

  • Over 76 messages with links to NSO Group’s exploit framework were sent to Mexican journalists, lawyers, and a minor child (NSO Group is a self-described “cyber warfare” company that sells government-exclusive spyware).
  • The targets were working on a range of issues that include investigations of corruption by the Mexican President, and the participation of Mexico’s Federal authorities in human rights abuses.
  • Some of the messages impersonated the Embassy of the United States of America to Mexico, others masqueraded as emergency AMBER Alerts about abducted children.
  • At least one target, the minor child of a target, was sent infection attempts, including a communication impersonating the United States Government, while physically located in the United States.

***

Then comes former National Security Council advisor for President Trump Michael Flynn.

Cyberweapons Group Sold Spyware Used Against Political Dissidents

He earned nearly $1.5 million last year as a consultant, adviser, board member, or speaker for more than three dozen companies and individuals, according to financial disclosure forms released earlier this year.

Two of those entities are directly linked to NSO Group, a secretive Israeli cyberweapons dealer founded by Omri Lavie and Shalev Hulio, who are rumored to have served in Unit 8200, the Israeli equivalent of the National Security Agency.

Flynn received $40,280 last year as an advisory board member for OSY Technologies, an NSO Group offshoot based in Luxembourg, a favorite tax haven for major corporations. OSY Technologies is part of a corporate structure that runs from Israel, where NSO Group is located, through Luxembourg, the Cayman Islands, the British Virgin Islands, and the U.S.

Flynn also worked as a consultant last year for Francisco Partners, a U.S.-based private equity firm that owns NSO Group, but he did not disclose how much he was paid. At least two Francisco Partners executives have sat on OSY’s board.

Flynn’s financial disclosure forms do not specify the work he did for companies linked to NSO Group, and his lawyer did not respond to requests for comment. Former colleagues at Flynn’s consulting firm declined to discuss Flynn’s work with NSO Group. Executives at Francisco Partners who also sit on the OSY Technologies board did not respond to emails. Lavie, the NSO Group co-founder, told HuffPost he is “not interested in speaking to the press” and referred questions to a spokesman, who did not respond to queries.

Many government and military officials have moved through the revolving door between government agencies and private cybersecurity companies. The major players in the cybersecurity contracting world ― SAIC, Booz Allen Hamilton, CACI Federal and KeyW Corporation ― all have former top government officials in leadership roles or on their boards, or have former top executives working in government.

But it’s less common for former U.S. intelligence officials to work with foreign cybersecurity outfits. “There is a lot of opportunity in the U.S. to do this kind of work,” said Ben Johnson, a former NSA employee and the co-founder of Obsidian Security. “It’s a little bit unexpected going overseas, especially when you combine that with the fact that they’re doing things that might end up in hands of enemies of the U.S. government. It does seem questionable.”

What is clear is that during the time Flynn was working for NSO’s Luxembourg affiliate, one of the company’s main products — a spy software sold exclusively to governments and marketed as a tool for law enforcement officials to monitor suspected criminals and terrorists — was being used to surveil political dissidents, reporters, activists, and government officials. The software, called Pegasus, allowed users to remotely break into a target’s cellular phone if the target responded to a text message.

Last year, several people targeted by the spyware contacted Citizen Lab, a cybersecurity research team based out of the University of Toronto. With the help of experts at the computer security firm Lookout, Citizen Lab researchers were able to trace the spyware hidden in the texts back to NSO Group spyware. After Citizen Lab publicized its findings, Apple introduced patches to fix the vulnerability. It is not known how many activists in other countries were targeted and failed to report it to experts.

NSO Group told Forbes in a statement last year that it complies with strict export control laws and only sells to authorized government agencies. “The company does NOT operate any of its systems; it is strictly a technology company,” NSO Group told Forbes.

But once a sale is complete, foreign governments are free to do what they like with the technology. Read more here.

2016 Internet Crime Report

Posted on by

IC3 Releases Annual Report Highlighting Trends in Internet Crime

Giving someone access to your computer is like giving out a key to your front door. A computer can have your bank account information, family photos, and other private documents and data—information that fraudsters would like to steal. That’s why tech support fraud has become a significant trend in online crime, according to the 2016 Internet Crime Report from the FBI’s Internet Crime Complaint Center (IC3).

In tech support fraud cases, criminals convince unsuspecting victims to provide remote access to their computer by calling and posing as tech support personnel from a legitimate company. The criminal can then simply charge your credit card for a fake anti-virus product, or, in more sinister situations, they can steal your personal information or install malware. More than 10,000 incidents of tech support fraud were reported to the IC3 in 2016, with victims losing nearly $8 million. Though anyone can be a victim, older computer users are the most vulnerable targets.

“They’ll trick you into letting them into your computer,” said IC3 Unit Chief Donna Gregory. “You open the door and allow them in. You may think you’re just watching them install a program to get rid of a virus, but they are really doing a lot of damage behind the scenes.”

In addition to tech support fraud, the other major fraud categories last year were business e-mail compromise, ransomware, and extortion.

The IC3 receives complaints on a variety of Internet scams and crimes, and it has received more than 3.7 million complaints since it was created in 2000. In 2016, the IC3 received a total of 298,728 complaints with reported losses in excess of $1.3 billion. The IC3 uses the information from public complaints to refer cases to the appropriate law enforcement agencies and identify trends. The IC3’s extensive database is also available to law enforcement. Internet users should report any Internet fraud to IC3, no matter the dollar amount. Additional data helps the FBI and law enforcement gain a more accurate picture of Internet crime.

Screenshot of the front cover of the Internet Crime Complaint Center’s 2016 Internet Crime Report
View full report | View state reports

The IC3 publishes the Internet Crime Report annually to increase public awareness of current trends in Internet crime. For this report, the IC3 has also created a separate state-by-state breakdown that allows users to select their state from a dropdown menu so they can review local trends in Internet crime. The top states for reported dollar amounts lost to Internet fraud in 2016 were California ($255 million), New York ($106 million), and Florida ($89 million).

Though Internet crime is a serious threat, there are ways to help keep yourself safe online. The IC3 recommends computer users update their anti-virus software and operating system. Additionally, the Internet is an especially important place to remember the old adage: If it sounds too good to be true, it probably is.

“Be aware of what you are clicking on and also what you’re posting on social media. Always lock down your social media accounts as much as possible,” Gregory said. “Try to use two factor authentication, and use safe passwords or things more difficult to guess. The tougher the password, the harder it is for someone to crack.”

Global Blackouts, Anywhere in the World, Courtesy Russia

Posted on by

Fitful sleep last night after reading a very long detailed piece on Russian hackers versus Ukraine. Why, well the same tools and language they use have been found on American infrastructure and systems. Last thoughts before sleep were those of life before the internet and how people get emails with attachments that should never be opened. The short summary is just below. The more detailed and terrifying truth follows. It is a long summary, must be read…it is something like a cyber Hitchcock Twilight Zone disaster thriller, but it happened and happened often.

Image result for cyber war russia and us

Further, during a hearing in the House with former DHS Secretary, Jeh Johnson revealed a couple of key facts. One is told that during the election cycle, when the DNC hack, officials on numerous requests refused assistance, cooperation and discussions with DHS and FBI about foreign cyber intrusions. What was the DNC hiding? The other fact is Obama had the full details in intelligence briefings daily leading into November and December and refused to tell the country about Russian interference. He waited until after the elections and into December to take action. Why?

Okay, read on….

Image result for ukraine blackout CommentaryMagazine

Russia’s New Cyber Weapon Can Cause Blackouts Anywhere in the World

Hackers working with the Russian government have developed a cyber weapon that can disrupt power grids, U.S researchers claim. The cyber weapon has the potential to be absolutely disruptive if used on electronic systems necessary for the daily functioning of American cities.

The malicious software was used to shut down one-fifth of the electric power generated in Kiev, Ukraine last December. Called ‘CrashOverride’ the malware only briefly disrupted the power system but its potential was made clear.

With development, the cyber weapon could easily be used against U.S with devastating effects on transmission and distribution systems.

Sergio Caltagirone, director of threat intelligence for Dragos, a cybersecurity firm that examined the malware said, “It’s the culmination of over a decade of theory and attack scenarios, it’s a game changer.”

Dragos has dubbed the group of hackers who created the bug and used it in Ukraine, Electrum. The group and the virus have also been under scrutiny by cyber intelligence firm, FireEye, headed by John Hultquist. Hultquist’s company has nicknamed the group Sandworm and are keeping watch for clues of another attack.

The news of the malware comes in the middle of the ongoing investigation into Russia’s influence on the recent Presidential election. The Russian government is accused of trying to influence the outcome of the election by hacking hundreds of political organizations and leveraging social media.

While there is no hard evidence yet, U.S. officials believe the disruptive power hackers are closely connected to the Russian Government. U.S. based energy sector experts agree the malware is a huge concern and concede they are seeking ways to combat potential attacks.

“U.S utilities have been enhancing their cybersecurity, but attacker tools like this one pose a very real risk to reliable operation of power systems,”said Michael Assante, who worked at Idaho National Labs and is former chief security officer of the North American Electric Reliability Corporation.

CrashOverride

CrashOverride is only the second known instance of malware specifically designed to destroy or disrupt industrial control systems. The U.S. and Israel worked together to create Stuxnet, a bug designed to disrupt Iran’s nuclear enrichment program.

Robert M. Lee, chief executive of Dragos believes CrashOverride could be manipulated to attack other types of industrial control such as gas or water, though there has been no demonstration of that yet. But the sophistication of the entire operation is undeniable. The hackers had the resources to only develop the malware but to test it too.

The malware works by scanning for critical components that operate circuit breakers, then opening these breakers, which stops the flow of electricity. It continues to keep the circuit breakers open, even if a grid operator tries to close them. CrashOverride also cleverly comes with a “wiper” component that erases the existing software on the computer system that controls the circuit breakers. This forces the grid operator to revert to manual operations, which means a longer and more sustained power outage.

Potential outages could last a few hours and probably not more than a couple of days as U.S. power systems are designed to have high manual override capabilities necessary in extreme weather.

As mentioned above, you need to read the full detailed version here and just how the FBI, global cyber experts at the request of Ukraine worked diligently for accurate attribution to a Russian cyber force intruding on power systems. Hat tip to these experts and the story needs to go mainstream, as we are in a cyber war, the depths impossible to fully comprehend. Ukraine is the target and cyber incubation center for Russian cyber terrorists where they test, review, adapts and keep going without consequence.

Image result for ukraine blackout

Okay, read it all here. Hat tip for the detailed summary and the people doing quiet investigative cyber work.