JBS, the Meat Processor Paid $11M in Ransom

Reuters: JBS USA, subsidiary of Brazilian firm JBS SA (JBSS3.SA), confirmed in a statement on Wednesday the company paid the equivalent of $11 million in ransom in response to a criminal hack against its operations.

The world’s largest meat producer canceled shifts at its U.S. and Canadian meat plants last week, after JBS said it was hit with a crippling cyberattack that threatened to disrupt food supply chains and inflate food prices.

***

“This was a very difficult decision to make for our company and for me personally,” JBS USA CEO Andre Nogueira said in a statement. “However, we felt this decision had to be made to prevent any potential risk for our customers.”

The company said it paid the ransom to “mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated.”

According to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, ransomware is a type of malware that shuts down a company’s computer infrastructure with hackers demanding payment to unlock the system.

Earlier this month, the FBI attributed the infiltration to Russia-based hackers.

JBS said it was in constant contact with federal officials, and while investigations are ongoing, “preliminary investigation results confirm that no company, customer or employee data was compromised.”

Texas JBS meatpacking plant rejects state effort to test ...

The company said it spends $200 million annually in IT services.

JBS is not the first company to recently pay ransom to cyber criminals based in Russia. JBS said its ability to resolve the issues resulting from the attack was “due to its cybersecurity protocols, redundant systems and encrypted backup servers.” Additionally, the company employs more than 850 IT professionals around the world. JBS maintained that no company, customer or employee data was compromised.

Bloomberg: 

It also halted slaughter operations across Australia and idled one of Canada’s largest beef plants. The FBI has attributed the incident to REvil, a hacking group that researchers say has links to Russia.

The global shutdowns upended agricultural markets and raised concerns about food security as hackers increasingly target critical infrastructure.Operations have returned to normal levels and the company expected lost production to be fully recovered by the end of this week.

In its latest statement, JBS said the vast majority of the company’s facilities were operational at the time of payment. It had made the decision to “mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated” in consultation with internal IT professionals and third-party cybersecurity experts.

JBS added it has maintained constant communications with government officials throughout the incident, and that third-party forensic investigations are still ongoing.

Dow Jones had earlier reported the ransom payment.

The Under Reported Threat to the US of Smuggling Chinese

We have watched for years the chaos at the U.S. Southern border with Mexico. While there is has been a single focus on Latin Americans crossing into the United States, very little has been reported about the volume of Chinese. This should stimulate some critical thinking and questions.

Is this espionage, operatives or the building of a force for other reasons? In February of 2020, NBC News was asking some of the same questions.

A Chinese student walked around a perimeter fence at a U.S. naval base in Key West, taking pictures of government buildings. Stopped by police, he said he was trying to capture images of the sunrise.

aerial view of nas key west naval air station base truman ...

And nine days after that, two more Chinese students drove past a guard at the same naval base. When stopped by security 30 minutes later, they voluntarily displayed the videos and photos they had taken of the base.

The first Chinese student arrested at the naval base in Key West was Zhao Qianli, 20, who was taken into custody on Sept. 26, 2018.

Zhao entered the base by walking along the facility’s secure fence line and trudging through the beach, court documents say.

Zhao headed directly to the Joint Interagency Task Force South property, according to court records, where he took several photographs on his Motorola cellphone and his Canon EOS digital camera.

His devices contained photos and videos of sensitive equipment at the facility’s “antenna farm,” as well as images of warning signs that read “Military Installation” and “Restricted Area,” according to court documents.

Zhao initially told military police that he was “lost” and that he was a “dishwasher from New Jersey.” In later conversations with the FBI, Zhao said he traveled to Key West to “see the sights, such as the Hemingway House,” but there were no images of tourist attractions on his phone, according to his sentencing memo.

Zhao admitted to receiving military training as a university student in China and was found to have a “police blouse” and a People’s Republic of China Interior Ministry belt buckle at his hotel, the memo says.

 

In 2016, Newsweek in part reported:

Smuggling Chinese across the southern U.S. border appeals to traffickers because it is more lucrative than smuggling individuals from Mexico or Central America. A longer journey commands a steeper price and the going rate per person is believed to be somewhere between $50,000 and $70,000; the total value of the trade for the Chinese mafias involved has been estimated at $750 million.

The role of Chinese mafia groups (triads) in bringing migrants across the border has also deepened their exposure to and ties with Latin American narcotics cartels, both in human smuggling and beyond.

An “alliance between Chinese and Latin American smuggling rings” was noted as early as 1993, but today the scope of this “alliance” encompasses not just smuggling, but also other illicit activity including the sale of drug precursors from Asia and pirated materials.

In Mexico, contact between triads and cartels occurs in various regions, including those ruled by the ruthless Los Zetas syndicate and the Gulf and Juarez cartels, depending on what routes are used for migrants. Triad groups are believed to operate in the Mexican state of Chiapas and the Red Dragon triad, which operates in Peru, is involved not only in smuggling, but also in extortion and drug trafficking within Latin America. The wide-ranging activities of transnational organized crime groups generate additional law enforcement concerns beyond border security.

But it is important to look to the other side of our country, the area of the Bahamas and South Florida. A few islands in the Bahamas are now fully owned by China, one such island is Bird Cay. From Forbes in 2019 in part:

Quoting CaribbeanNews.com directly:

“China has set its sights on The Bahamas and has invested billions of dollars in building new infrastructure and industry across the country.

New roads, new businesses, new hotels, and booming Chinese immigration has led to many companies being staffed with more Chinese workers than local Bahamians.”

Plus, “Reports show that over 200,000 Chinese are illegally smuggled into the Caribbean every year to open their shops or work at Chinese businesses, with many sending their money back to China.”

However, the local government doesn’t see how it’s in a good position to do anything about it since Chinese state banks are simultaneously flooding the islands with tens of millions of dollars… even going so far as to finance new ports there.

Private Islands for sale - Bird Cay - Bahamas - Caribbean Bird Cay, owned now by China

Hold on, there is South Florida where those smuggled Chinese are making their way into the United States aboard some very expensive yachts.

The Miami Herald just last year told us:

Dozens of Chinese nationals without proper papers have been smuggled from the Bahamas to South Florida by operators of luxury yachts who are charging them thousands of dollars each for the short Atlantic journey, according to federal criminal cases.

In recent instances, the Coast Guard stopped two vessels approaching the South Florida shore, leading to the arrests of three men accused of transporting a total of 26 Chinese passengers and one Bahamian, court records show. The alien smuggling operations were not related, however.

Rocco Oppedisano, a 51-year-old Italian national, is scheduled for arraignment in Miami federal court Wednesday on charges of conspiring to transport aliens into the United States and bringing them here for financial gain. Oppedisano told a magistrate judge this week that properties he once owned in the Northeast have been sold along with his Mercedes-Benz, Porsche and Fiat vehicles to pay for legal costs over his immigration troubles.

Oppedisano was stopped by the Coast Guard on Dec. 2 while he was commandeering a 63-foot Sunseeker yacht named INXS FINALLY with 14 Chinese passengers and one Bahamian, according to an indictment. Among the passengers was a Chinese national, Ying Lian Li, who was deported last April but tried to re-enter the country.

It is unclear why these Chinese nationals — unlike Cubans and Haitians smuggled here in both go-fast and rickety boats in the past — sought to come to South Florida. But over the past five years, the Bahamas has experienced an influx of Chinese workers flocking to the archipelago as part of a push by China to invest in the country’s hotel, tourism and trade industries.

In the other alien smuggling case, a Coast Guard cutter encountered a 70-foot Hatteras yacht about 20 miles east of South Florida on July 23, when officers radioed the vessel to ask how many people were on board. The yacht’s response: two crew and eight Japanese passengers with passports, who did not need additional visas to enter the United States.

It was all a lie, according to a Homeland Security Investigations criminal affidavit.

About 10 miles east of Port Everglades, Coast Guard officers boarded the yacht and asked crew member Robert L. McNeil Jr. to bring all the passengers on deck. The officers counted 12 passengers with passports from the People’s Republic of China but without required visas to enter the United States, according to the HSI affidavit.

The Coast Guard concluded that none of the 12 Chinese nationals possessed documents that would allow them to enter the United States legally. McNeil, and the yacht’s charter captain, James A. Bradford, along with the 12 Chinese nationals were transferred to the Coast Guard cutter.

During questioning, Bradford said he left South Florida on the Hatteras yacht bearing the name CAREFREE on July 22 and arrived in Nassau, Bahamas, that day. He admitted that the purpose of the trip was to pick up a “tour group of aliens” in the Bahamas, transport them to South Florida and return to the Bahamas on July 26.

Bradford, who has been a charter captain for decades, said “he never checked to see if the passengers had proper documents to come to the U.S.,” according to the affidavit.

A search of the yacht uncovered 10 cellphones in the bridge area; none of the Chinese nationals had mobile phones on them.

“Based on my knowledge and experience in human smuggling cases, smugglers often collect cell phones from migrants until they are paid for delivering the migrants to the U.S.” wrote HSI special agent David Jansen, who added that none of the passengers carried any luggage.

The search also uncovered $118,100 hidden behind the wall paneling of the yacht’s master bedroom, the affidavit said. Investigators also seized more than $2,800 from McNeil.

Both Bradford and McNeil were indicted on charges of conspiring to transport aliens into the United States and bringing them here for financial gain. To resolve his case, McNeil pleaded guilty earlier this month to one count of alien smuggling to make a profit. He faces up to 10 years in prison.

The Hill says this is a disturbing trend.

Matt Cardy/Getty Images

While it’s unclear why these Chinese nationals sought to come to South Florida, the move is part of a larger five-year trend in the region. The Bahamas has seen a surge of Chinese workers as China invests in the archipelago’s hospitality and tourism industries. China’s presence in the Bahamas reportedly stems from a burgeoning relationship between the two countries, after China provided disaster relief in a bid to establish trade.

 

But What is NOT in Fauci’s Emails?

That is the question(s)…

While many are calling for the resignation of Dr. Anthony Fauci, I say hold on. Why? Often, in fact most often, former government employees rarely are investigated, charged or prosecuted. I say just suspend him without pay until a full commission is launched.

There are all kinds of people reading through all the released Fauci emails and rightly so. While reading through many articles and posts relating to the emails where so appear to be smoking guns…we must consider what is not in the emails.

As Joe Biden has ordered the intelligence agencies to go through a full review and report back, a long application of strategic thinking is also in order. The reader is invited to ask their own questions in the comments section of this post.

For some context and courtesy of Bloomberg News in part:

No matter where the inquiry leads, the history of lab safety shows, at the very least, that leaks of pathogens have happened in the past — sometimes with deadly consequences. It also shows that even transparent, thorough investigations into the origins of an outbreak can end in uncertainty.

By the late 1970s, smallpox had been eradicated in nature, but work on it continued in a handful of labs around the world, including a facility in Birmingham, England, which had access to a particularly virulent strain. In the summer of 1978, a medical photographer working there named Janet Parker fell ill. When pustules spread across her upper body, a local doctor diagnosed it as a bad case of chickenpox.

It was the third leak of smallpox that decade from a British lab. The British government moved aggressively to contain the outbreak, quarantining hundreds of people and vaccinating many more. Thanks to their efforts, only one other person — Parker’s mother — developed the disease. But Parker died an excruciating, lonely death in an isolation ward — the last known victim of smallpox.

But there were other victims. At the time, the newspapers covering the episode fixated on the director of the laboratory, an expert on pox viruses named Henry Bedson. Despite an absence of evidence, the press blamed him for the outbreak. Quarantined at home and despondent, Bedson went out to his garden shed and slit his own throat; he died soon afterward.

The British government commissioned a thorough investigation into the outbreak. It turned up evidence that Bedson may not have observed sufficient safety protocols and speculated that Parker must have somehow contracted smallpox through contamination in the air ducts. Later, a lawsuit effectively refuted this explanation, leading to the unsettling possibility that Parker herself may have entered one of the work spaces without proper protection. The debate continues to this day.

When lab leaks take place in a secretive society, the difficult job of confirming the source of an outbreak gets much harder. A good case in point was the infamous anthrax outbreak in Sverdlovsk, an isolated city in the Soviet Union.

In 1979, rumors of anthrax killing dozens — or even thousands — began trickling out to the West. Later that year, Soviet journals confirmed some of these reports, noting that upward of a hundred people had contracted anthrax after ingesting contaminated meat; over 60 had died. A tragedy, yes, but perhaps inevitable: Anthrax was endemic in local animal populations.

Intelligence officials in the U.S. weren’t convinced. Satellite imagery showed what looked like decontamination trucks around the city, with considerable activity focused on a mysterious military facility known as Compound 19. CIA analysts hypothesized that the Soviets had mistakenly released a weaponized form of anthrax. More here.

***

Remember, Dr. Fauci has the Director of the NIAID since 1984. He not only knows the history of super bugs and pandemics but he also has access to the files and documentation of global laboratories and scientists.

Can we quit saying ‘lab leaks’, which infers an accident? Perhaps ‘released’ should replace ‘leak’. Anyway, moving on.

Exactly why was the CIA not called in by Fauci or the suggestion of that in 2019 or earlier like around the time of the warning cables that were sent by U.S. Embassy officials back to the State Department in 2018?

How come Dr. Fauci’s emails did not include communication exchanges with other countries that provided big financial aid to the Wuhan Lab like France and Canada?

As the Public Health Agency of Canada refuses to release uncensored internal documents, a Conservative MP says he wants to know how far Canada’s collaboration with China on Level-4 pathogens went — and why two federal scientists were let go by the National Microbiology Lab in Winnipeg in January.

“We need these documents. We need to know what the Government of Canada was doing through the National Microbiology Lab in Winnipeg with respect to cooperating with the Wuhan Institute of Virology in Wuhan, China,” Conservative foreign affairs critic Michael Chong said during a special parliamentary committee hearing on Canada-China relations Monday night.

The special committee has demanded to know why two federal government scientists were escorted out of Canada’s only Level 4 Lab in July 2019, just four months after one of them shipped samples of the Ebola and Henipah viruses to the Wuhan Institute of Virology in China — stories first published by CBC News.

Two months after that shipment, on May 24, 2019, the Public Health Agency of Canada (PHAC) referred an “administrative matter” to RCMP that resulted in the removal of two Chinese research scientists — Xiangguo Qiu and her husband, Keding Cheng — and several international students on July 5.

No where in the Fauci emails is the request for the medical files of ‘patient zero’ or of any Chinese scientists that fell ill or died. Why?

Did Dr. Fauci reach out to the Galveston National Laboratory which is part of the University of Texas for any pandemic details? Not so much, why?

Galveston bio lab explains connections to Wuhan | Local ...

How come Dr. Fauci only had Dr. Deborah Birx as an addition to the White House Virus Task Force and other virology experts were not called on like other world health leaders?

How about any references to expert white papers that Dr. Fauci made? He only said data…what data?

There are hundreds of questions and standing up a full commission is past due. Meanwhile, suspect the doctor and start the real interviews and subpoenas. There are likely hundreds if not thousands more across the world that know more with evidence….Dr. Fauci makes no email inquiries and the same goes for the intelligence agencies, unless they have and that is being embargoed too.

Schumer and Dark Money Called Majority Forward Investigation

Points back again to that pesky Marc Elias –>

Majority Forward was incorporated in June by Perkins Coie lawyer Marc Elias, who represents Senate Majority PAC.

Elias, who is also general counsel for the campaign of Democratic presidential candidate Hillary Clinton, said Friday night he could not immediately comment.

Forward Majority | Millennial Politics

FNC: A dark money group aligned with Senate Majority Leader Chuck Schumer, D-N.Y., is facing an Internal Revenue Service complaint from a liberal watchdog group for concealing their political activity where they attempted to damper GOP election turnout for certain races in 2018.

Recently released tax records from the liberal nonprofit Majority Forward showed the dark money group gave $2.7 million to a different nonprofit, the Coalition for a Safe and Secure America (CSSA), in 2018, according to Axios.

Majority Forward is part of the Senate Majority PAC, serving as its nonprofit arm. The $2.7 million it gave made up the majority of the $4 million raised by CSSA that year.

CSSA converted that money into multiple direct-mailing campaigns and digital advertisements during the 2018 midterm cycle targeting Republican lawmakers, including Sens. Josh Hawley, R-Mo., and Mike Braun, R-Ind.

The ads were deceptive in their nature, claiming the candidates had changed their position on central conservative tenets, and were posted to state-specific Facebook pages.

The ads led to the liberal watchdog group Citizens for Responsibility and Ethics in Washington (CREW) to file an IRS complaint against CSSA. Majority Forward also recently admitted it left off legally required disclosures from direct-mail pieces in the 2018 midterm cycle.

“Coalition for a Safe Secure America appears to have falsely told the IRS they were not involved in politics. Dark money groups too often bypass the law in their efforts to secretly and improperly influence who is elected,” CREW president Noah Bookbinder said in a statement published last month. “We urge the IRS to open an investigation into Coalition for a Safe Secure America and take swift and appropriate action for any potential violations.”

CSSA’s ad targeting Hawley accused him of siding “with Washington liberals against gun owners.” Braun was labeled “Tax-Hike-Mike.”

Additionally, former Sen. Dean Heller, R-Nev., and Rep. Matt Rosendale, R-Mont., were targeted by its ads during the 2018 cycle. Heller and Rosendale both lost their races.

Heller was charged with allowing “almost 200,000 foreign workers a backdoor entry into our country.” Rosendale was accused of supporting “drone monitoring” while running for a Montana Senate seat.

Some of the ads also promoted Libertarian Party candidates to siphon votes away from the targeted Republicans.

Majority Forward was able to finance the ads while hiding its true reasons behind the ads through loopholes in campaign finance laws that allowed limited political activity from nonprofits.

Feds Seized 2 Cyber Domains of Hackers/SolarWinds

DOJ:

Domain Names Were in Part Used to Control a Cobalt Strike Software Tool that the Actors Implanted on Victim Networks

WASHINGTON – On May 28, pursuant to court orders issued in the Eastern District of Virginia, the United States seized two command-and-control (C2) and malware distribution domains used in recent spear-phishing activity that mimicked email communications from the U.S. Agency for International Development (USAID). This malicious activity was the subject of a May 27 Microsoft security alert, titled “New sophisticated email-based attack from Nobelium,” and a May 28 FBI and Cybersecurity and Infrastructure Security Agency joint cybersecurity advisory.

The Department’s seizure of the two domains was aimed at disrupting the malicious actors’ follow-on exploitation of victims, as well as identifying compromised victims. However, the actors may have deployed additional backdoor accesses between the time of the initial compromises and last week’s seizures.

“Last week’s action is a continued demonstration of the Department’s commitment to proactively disrupt hacking activity prior to the conclusion of a criminal investigation,” said Assistant Attorney General John C. Demers for the Justice Department’s National Security Division. “Law enforcement remains an integral part of the U.S. government’s broader disruption efforts against malicious cyber-enabled activities, even prior to arrest, and we will continue to evaluate all possible opportunities to use our unique authorities to act against such threats.”

“Cyber intrusions and spear-phishing email attacks can cause widespread damage throughout affected computer networks, and can result in significant harm to individual victims, government agencies, NGOs, and private businesses,” said Acting U.S. Attorney Raj Parekh for the Eastern District of Virginia. “As demonstrated by the court-authorized seizure of these malicious domains, we are committed to using all available tools to protect the public and our government from these worldwide hacking threats.”

“Friday’s court-authorized domain seizures reflect the FBI Washington Field Office’s continued commitment to cyber victims in our region,” said Assistant Director in Charge Steven M. D’Antuono of the FBI’s Washington Field Office. “These actions demonstrate our ability to quickly respond to malicious cyber activities by leveraging our unique authorities to disrupt our cyber adversaries.”

“The FBI remains committed to disrupting this type of malicious cyber activity targeting our federal agencies and the American public,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division. “We will continue to use all of the tools in our toolbelt and leverage our domestic and international partnerships to not only disrupt this type of hacking activity but to impose risk and consequences upon our adversaries to combat these threats.”

On or about May 25, malicious actors commenced a wide-scale spear-phishing campaign leveraging a compromised USAID account at an identified mass email marketing company. Specifically, the compromised account was used to send spear-phishing emails, purporting to be from USAID email accounts and containing a “special alert,” to thousands of email accounts at over one hundred entities. More here.

Solarwinds Management Tools - Full Control Networks source

More details on the backstory of SolarWinds

“This release includes bug fixes, increased stability and performance improvements.”

The routine software update may be one of the most familiar and least understood parts of our digital lives. A pop-up window announces its arrival and all that is required of us is to plug everything in before bed. The next morning, rather like the shoemaker and the elves, our software is magically transformed.

Last spring, a Texas-based company called SolarWinds made one such software update available to its customers. It was supposed to provide the regular fare — bug fixes, performance enhancements — to the company’s popular network management system, a software program called Orion that keeps a watchful eye on all the various components in a company’s network. Customers simply had to log into the company’s software development website, type a password and then wait for the update to land seamlessly onto their servers.

The routine update, it turns out, is no longer so routine.

Hackers believed to be directed by the Russian intelligence service, the SVR, used that routine software update to slip malicious code into Orion’s software and then used it as a vehicle for a massive cyberattack against America.

“Eighteen thousand [customers] was our best estimate of who may have downloaded the code between March and June of 2020,” Sudhakar Ramakrishna, SolarWinds president and CEO, told NPR. “If you then take 18,000 and start sifting through it, the actual number of impacted customers is far less. We don’t know the exact numbers. We are still conducting the investigation.”

On Thursday, the Biden administration announced a roster of tough sanctions against Russia as part of what it characterized as the “seen and unseen” response to the SolarWinds breach.

NPR’s months-long examination of that landmark attack — based on interviews with dozens of players from company officials to victims to cyber forensics experts who investigated, and intelligence officials who are in the process of calibrating the Biden administration’s response — reveals a hack unlike any other, launched by a sophisticated adversary who took aim at a soft underbelly of digital life: the routine software update.

By design, the hack appeared to work only under very specific circumstances. Its victims had to download the tainted update and then actually deploy it. That was the first condition. The second was that their compromised networks needed to be connected to the Internet, so the hackers could communicate with their servers.

For that reason, Ramakrishna figures the Russians successfully compromised about 100 companies and about a dozen government agencies. The companies included Microsoft, Intel and Cisco; the list of federal agencies so far includes the Treasury, Justice and Energy departments and the Pentagon.