Category Archives: Whistleblower

Trump’s Reelection Operation Targeted by Cyber Attacks

Posted on by

Hey Hillary it is not Russia, but they are out there for sure. This time most notable attributions are pointing to Iran.

When the Pentagon recently awarded Microsoft a $10 billion contract to transform and host the US military’s cloud computing systems, the mountain of money came with an implicit challenge: Can Microsoft keep the Pentagon’s systems secure against some of the most well-resourced, persistent, and sophisticated hackers on earth?

“They’re under assault every hour of the day,” says James Lewis, vice president at the Center for Strategic and International Studies. 

Microsoft’s latest win over cloud rival Amazon for the ultra-lucrative military contact means that an intelligence-gathering apparatus among the most important in the world is based in the woods outside Seattle. These kinds of national security responsibilities once sat almost exclusively in Washington, DC. Now in this corner of Washington state, dozens of engineers and intelligence analysts are dedicated to watching and stopping the government-sponsored hackers proliferating around the world.

Members of the so-called MSTIC (Microsoft Threat Intelligence Center) team are threat-focused: one group is responsible for Russian hackers code-named Strontium, another watches North Korean hackers code-named Zinc, and yet another tracks Iranian hackers code-named Holmium. MSTIC tracks over 70 code-named government-sponsored threat groups and many more that are unnamed.

El acuerdo del Pentágono con Microsoft conlleva un centro ...

What are the superpowers of Microsoft?

“Microsoft sees stuff that just nobody else does,” says Williams, who founded the cybersecurity firm Rendition Infosec. “We routinely find stuff, for instance, like flags for malicious IPs in Office 365 that Microsoft flags, but we don’t see it anywhere else for months.”

Connect the dots

Cyber threat intelligence is the discipline of tracking adversaries, following bread crumbs, and producing intelligence you can use to help your team and make the other side’s life harder. To achieve that, the five-year-old MSTIC team includes former spies and government intelligence operators whose experience at places like Fort Meade, home to the National Security Agency and US Cyber Command, translates immediately to their roles at Microsoft. 

MSTIC names dozens of threats, but the geopolitics are complicated: China and the United States, two of the most significant players in cyberspace and the two biggest economies on earth, are virtually never called out the way countries like Iran, Russia, and North Korea frequently are. 

“Our team uses the data, connects the dots, tells the story, tracks the actor and their behaviors,” says Jeremy Dallman, a director of strategic programs and partnerships at MSTIC. “They’re hunting the actors—where they’re moving, what they’re planning next, who they are targeting—and getting ahead of that.”

Microsoft, like other tech giants including Google and Facebook, regularly notifies people targeted by government hackers, which gives the targets the chance to defend themselves. In the last year, MSTIC has notified around 10,000 Microsoft customers that they’re being targeted by government hackers. 

New targets

Beginning in August, MSTIC spotted what’s known as a password spraying campaign. Hackers took around 2,700 educated guesses at passwords for accounts associated with an American presidential campaign, government officials, journalists, and high-profile Iranians living outside Iran. Four accounts were compromised in this attack.

“Once we understand their infrastructure—we have an IP address we know is theirs that they use for malicious purposes—we can start looking at DNS records, domains created, platform traffic,” Dallman says. “When they turn around and start using that infrastructure in this kind of attack, we see it because we’re already tracking that as a known indicator of that actor’s behavior.” 

After doing considerable reconnaissance work, Phosphorus tried to exploit the account recovery process by using targets’ real phone numbers. MSTIC has spotted Phosphorus and other government-sponsored hackers, including Russia’s Fancy Bear, repeatedly using that tactic to try to phish two-factor authentication codes for high-value targets.

What raised Microsoft’s alarm above normal on this occasion was that Phosphorus varied its standard operating procedure of going after NGOs and sanctions organizations. The cross-hairs shifted, the tactics changed, and the scope grew.

Microsoft’s sleuthing ultimately pointed the finger at Iranian hackers for targeting presidential campaigns including, Reuters reported, Donald Trump’s 2020 reelection operation.

One consequence of the 2016 US election is a rise in the sheer number of players fighting to hack political parties, campaigns, and think tanks, not to mention government itself. Election-related hacking has typically been the province of the “big four”—Russia, China, Iran, and North Korea. But it’s spreading to other countries, although the Microsoft researchers declined to specify what they’ve seen.

“What is different is that you’re getting additional countries joining the fray that weren’t necessarily there before,” says Jason Norton, a principal project manager on MSTIC. “The big two [Russia and China]—now, we can say they’ve been historically going after this since well before the 2016 election. But now you’re getting to see additional countries do that—poking and prodding the soft underbelly in order to know the right pieces to have an influence or impact in the future.” 

“The field is getting crowded,” Dallman agrees. “Actors are learning from each other. As they learn tactics from the more prominent names, they turn that around and use them.” 

The upcoming election is different, too, in that no one is surprised to see this malicious activity. Leading into 2016, Russian cyber activity was greeted with a collective dumbfounded naïveté, contributing to paralysis and an unsure response. Not this time.

You saw them in 2016, you saw what they did in Germany, you saw them in the French elections—all following the same MO. The 2018 midterms, too—to a lesser degree, but we still saw some of the same MO, the same actors, the same timing, the same techniques. Now we know, going into 2020, that this is the MO we’re looking for. And now we’ve started to see other countries come out and start doing other tactics.”

In 2016, it was CrowdStrike that first investigated and pointed the finger at Russian activity aiming to interfere with the American election. The US law enforcement and intelligence community later confirmed the company’s findings and eventually, after Robert Mueller’s investigation, indicted Russian hackers and detailed Moscow’s campaign.

MIT Technology Review visited Microsoft, the full summary is here.

Erdogan of Turkey to Visit Trump White House

Posted on by

This visit is on and off and maybe on again. The meeting is scheduled the same day as the open impeachment inquiry hearings begin.

President Erdogan is angry with the United States due to Congress moving legislation to apply sanctions that would affect Turkey as a result of the invasion into Syria.

Turkey has been threatening Europe, especially Germany with more migrants and Chancellor Merkel capitulated. Erdogan is in fact deporting what he calls ISIS fighters to their home countries including the United States. Stating that Turkey is not a hotel, even if the home country has revoked citizenship, he is deporting them.

Now that Erdogan feels like he is in the driver’s seat, he has been also bombing Iraq as recently as last week.

On Tuesday morning Turkish air strikes targeted Kurdish forces on Sinjar Mountain in northern Iraq.

According to initial reports, the Turkish Air Force struck at bases used by the Kurdistan Workers Party, or PKK, and its ally, the Yazidi Shingal Protection Units.

If Erdogan does meet President Trump it is going to be an interesting session. Trump is slated to confront Erdogan about buying the Russian air defense system and the recent three sanctions that Trump lifted could easily be applied again. Tensions are in fact high.

This is what happened the last time Erdogan was in Washington DC.
U.S. Secret Service agents were among those attacked during the May 16, 2017 protests. Two Diplomatic Security special agents, six U.S. Secret Service officers and one MPD officer sustained multiple injuries, with at least one taken to the hospital.

THAWING TIES: Erdogan to meet Trump | Local News for ...

Just last month, the House of Representatives passed a resolution 405-11 reaffirming the United States’ condemnation of “the killing of 1.5 million Armenians by the Ottoman Empire from 1915 to 1923.”

“Whereas Raphael Lemkin, who coined the term genocide in 1944, and who was the earliest proponent of the United Nations Convention on the Prevention and Punishment of Genocide, invoked the Armenian case as a definitive example of genocide in the 20th century,” the resolution states.

Turkey does not recognize the loss of 1.5 Armenians as genocide.

Meanwhile, a closer look at Turkey reveals the following:

 

  • In Germany, Turkey controls 900 mosques out of a total of 2,400. These Islamic centers not only serve members of the Turkish diaspora, but also stop them from assimilating into German society. Speaking with Turks in Germany, Erdogan urged them not to assimilate, and called the assimilation of migrants in Europe “a crime against humanity.”
  • Erdogan has also been expanding Turkey beyond its borders – starting with Cyprus, the Greek Islands, Suakin Island (Sudan) and Syria.
  • Mosques, migrants and the military are now Erdogan’s new weapons in his threats against the West.

Erdogan is the head of NATO’s second-largest army; he has spies throughout Europe through a network of mosques, associations and cultural centers; he has brought his country to the top of the world rankings for the number of imprisoned journalists and has shut the mouth of German comedians with the threat of legal action. By keeping migrants in Turkish refugee camps, he controls immigration to Europe.

The worse Erdogan behaves, the greater his weight in Europe. In a 2015 meeting, Erdogan reportedly was “openly mocking” European Commission President Jean-Claude Juncker and other “senior European leaders”, as Juncker asked Erdogan to consider how he was treated “like a prince” at a Brussels summit.

Turkey’s 2018 military budget increased to $19 billion, 24% higher than 2017, according to a report by the Stockholm International Peace Research Institute. Erdogan has placed Turkey’s military — once a bastion of Turkish nationalism and secularism — under his political authority. While Europe is pacifist and refuses to invest in its own security or, like Germany, support NATO’s budget, Turkey is belligerent.

Ever since his Justice and Development Party (AKP) became Turkey’s dominant political force in 2002, for Erdogan, elevating the public role of Islam has been more than a slogan. At public gatherings, the Turkish president has made the “rabia“, a hand gesture of four fingers raised and the thumb hidden, to protest the overthrow of Egypt’s Islamist then President Mohamed Morsi by Egypt’s military. Erdogan evidently sees himself as a global Islamic leader with national elections to win. Through four million Turkish Muslims in Germany and vast communities in the Netherlands, France, Austria and beyond, Erdogan does indeed have enormous influence in Europe.

Erdogan has also been expanding Turkey beyond its borders – starting with Cyprus, the Greek Islands, Suakin Island (Sudan) and Syria. “We are a big family of 300 million people from the Adriatic to the Great Wall of China”, Erdogan said in a recent speech from Moldova. The borders of Turkey, he stated in Izmir, span “from Vienna to the shores of the Adriatic Sea, from East Turkistan (China’s autonomous region of Xinjiang) to the Black Sea”. More here.

 

Iran’s Underground Enrichment Facility

Posted on by

Under the Iran deal, Iran agreed to redesign, convert and limit its nuclear facilities.

Particular focus was put on Iran’s uranium-enrichment capabilities, putting serious limitations on uranium-enrichment facilities in Iran – Natanz and Fordow. Among other resolutions, Iran also agreed to allow inspection of all its nuclear facilities and the IAEA inspectors will be able to request visits to military sites. However, it doesn’t guarantee them access to military sites.

Fordow is Iran’s second fuel enrichment facility, buried under a mountain in the Great Salt Desert near the holy city of Qom. Before the Iran deal, the bunker was filled with 2,710 centrifuges that could enrich uranium to weapons-grade materials.

Under the nuclear agreement, Iran agreed to stop any uranium enrichment and uranium enrichment R&D at Fordow and turn the plant into a nuclear physics and technology center that will produce radioisotopes for use in medicine, agriculture, industry and science.

Reported in part by Free Beacon:

U.S. State Department officials described Iran’s blocking of an international nuclear inspector from accessing key nuclear sites last week as an “outrageous and unwarranted act of intimidation” amid growing concerns Iran is hiding undeclared nuclear materials.

The administration suspects that Iran is trying to prevent international inspectors from confirming its work with prohibited nuclear materials.

“The United States is deeply concerned about the two issues the IAEA acting director general described in today’s special session of the IAEA Board of Directors,” the official said. “First, that the IAEA has detected evidence of potential undeclared nuclear material in Iran, and second, the detention of an IAEA inspector. Along with Iran’s expansion of proliferation-sensitive nuclear activity, this pattern of deception and intimidation is unacceptable. All nations should be concerned that Iran is not fully cooperating with the IAEA and should demand Iran immediately redress these serious problems.”

The diplomatic escalation comes as Iran breaches limits on the amount of enriched uranium it produces and the enrichment methods it uses. It escalated installations of advanced centrifuges in the past week and has vowed to continue doing so.

Nuclear experts told the Free Beacon that Iran’s behavior raises multiple questions and concerns about the nature of its ongoing work.

“Assuming the IAEA version of events is correct and she did not have explosive contamination on her person, then Iran may be testing what the reaction is to denying inspectors access to safeguarded sites,” David Albright, a former weapons inspector and president of the Institute for Science and International Security, told the Free Beacon.

“How long does it take for this episode to be reported to the board and media?” he asked. “Does the IAEA send a replacement quickly? How many countries and which ones believe the Iranian rationale? Is there outrage or are there divisions that delay a coordinated response?”

Andrea Stricker, a nonproliferation analyst and research fellow at the Foundation for Defense of Democracies, described Iran’s actions as “highly provocative.”

It “gives the impression that Iran could be considering curtailing inspection authorities as a future step to draw down its JCPOA commitments,” Stricker said. “It’s a hostile sign for sure.”

Self Described Socialist Now the DA in San Francisco

Posted on by

Senator Dianne Feinstein lives in Pacific Heights, a suburb of San Francisco. Speaker Nancy Pelosi lives there too. In fact 56 billionaires live in the Bay Area of which at least 20 live in Pacific Heights. Did they all vote for the Marxist Boudin or know his history much less objectives as a District Attorney?

Primer, a leading voice from CNN for Black Lives Matter:

Was going to write a piece on Boudin but I found this perfect summary below.

Nation's Most Toxic DA Candidate - Patriot Gun News

On Saturday, public defender Chesa Boudin won the race to become district attorney of San Francisco. His victory, although celebrated as part of the larger national movement to elect more criminal justice reformers to offices of power, may not be such a gift to San Francisco, whose crime woes seem to be at least partly the result of too little criminal enforcement.

Boudin’s political leanings are fairly unsurprising. San Francisco’s newest DA and self-proclaimed socialist is the son of former members of the violent revolutionary far-left group Weather Underground, an organization that rose to infamy in the 1970s and carried out as many as two dozen bombings of government properties. Both of Boudin’s parents were imprisoned for murders related to a robbery they conducted as Weathermen, and Boudin’s father David Gilbert is still serving time.

In his parents’ stead, two other militant Weathermen, known as leaders within the organization, raised Boudin. Indeed, in an interview with Jacobin (yes, that Jacobin), Boudin spoke positively of how his four parents’ “activism” has inspired his own work, despite the “mistakes” they all made—a supposedly “charming” detail that is fundamentally grotesque.

As a Yale-trained lawyer, Boudin eventually left the United States to work as a translator for Venzuela’s now-deceased socialist dictator Hugo Chavez, an outrageous resume data point that ought to get someone laughed out of political office (for those unfamiliar, Chavez’s socialism eventually transformed Venezuela into a failed state). But predictably not so in San Francisco, where behemoth, yet ineffective government is fetishized to the point of allowing piles of human feces in the streets.

Starting January 1, 2020, Boudin will hold the office of the city’s top law enforcement official, but his staggeringly leftist vision—regarded by some as exceptionally to the left, even by San Francisco standards—may be at sharp odds for what the city needs.

True, Boudin isn’t entering the easiest of roles. Among the United States’ 20 largest cities, San Francisco currently ranks number one in property crime, a status that has been driven by a cottage industry of organized gangs reselling stolen goods, often in broad daylight. Boudin’s stated approach to crimes like this is to stop punishing them.

Boudin’s platform is nominally predicated upon reducing mass incarceration and racial disparities in the criminal justice system. Among Boudin’s declared initiatives is to no longer charge for gang enhancement, which significantly increases the penalties if an offender is found to have participated in a street gang.

Boudin has called this penalty “racially motivated” since recent studies have found that only 8 percent of documented gang members are white. However, San Francisco, whether its latest DA is willing to admit it or not, has a serious problem with gang activity. For instance, 70 to 80 percent of the city’s car break-ins are carried out by organized gangs, and a car is broken into in San Francisco 80 times per day. If these numbers suggest anything, there isn’t enough deterrence for joining a street gang.

Decriminalizing gang membership should not be used as a political cudgel to advance the left’s identity politics drivel, and doing so may have disastrous consequences. San Francisco has previously relaxed certain policies, reducing penalties for some facially non-violent charges, to reduce incarceration levels and allow police supposedly to focus on violent crime. While this method can be applied with some measured success, it requires a highly tailored approach that San Francisco has shown itself ill-equipped to carry out.

For instance, when San Francisco passed Proposition 47 five years ago, it met loud applause from criminal justice reform groups, such as the American Civil Liberties Union (ACLU). But it was an abysmal failure. As I wrote last week when reflecting on Prop 47, “Prop 47 was allegedly designed to keep non-violent offenders out of the state’s already packed prisons by reducing certain non-violent felonies to mere misdemeanors. For instance, a thief can now steal twice as much as he or she formerly could before facing a felony charge. But thieves have begun to capitalize on this loophole. In cities like Vacaville, CA, just outside of the state’s capital, theft has more than doubled, and police believe Prop 47 is to blame.”

Boudin’s platform, in all its emphasis on reducing incarceration (as opposed to reducing crime), likely promises more failed policies similar to Prop 47. Some have voiced their discontent with Boudin’s election, which they fear will only exacerbate San Francisco’s current crime woes, ones that remained largely unaddressed by San Francisco’s former DA George Gascon. On Saturday, police union president Tony Montoya declared in an official statement, “Unfortunately, the election results mean that San Francisco residents will have to suffer through another four years of George Gascón style policies that have plagued our city and decimated public safety.”

Two Marches ago, I reflected in the tone of a sad desperado how San Francisco had begun to resemble a failed state. As a former San Franciscan, I have little hope that Boudin’s policies will do anything but exacerbate what is, by all metrics, an urban crisis fomented and sustained by excessive liberalism. Hat tip Federalist

Syrian Henchmen Financial Sanctuary in Moscow

Posted on by

2011: Hillary Clinton declared that Bashir al Assad was a reformer.

Primer:

Rami Makhlouf: Wealthy, powerful cousin of Syria’s president

Makhlouf, 45, is Syria’s richest man and a member of what was described during U.S. Senate Committee on Foreign Relations hearings as a powerful “mafia” that also includes Syrian president Bashar Al-Assad, Makhklouf’s cousin. Before his country plunged into civil war, Makhlouf was allegedly worth $5 billion thanks to his control of monopolies and semi-monopolies in the air travel, telecommunications, real estate, oil and construction sectors. Makhlouf is on U.S. sanctions lists and is a known beneficiary of corruption.

***

Several Makhlouf family members, close cousins and accomplices of Syrian dictator Bashar al-Assad, have purchased tens of millions of dollars’ worth of properties in Moscow’s prestigious skyscraper district.

Headed by al-Assad’s uncle, Mohammed Makhlouf, the Makhloufs are considered to be Syria’s richest and second most important family. Before 2011, they controlled 60 percent of the Syrian economy, ostensibly acquired through years of corruption and intimidation.

GlobalWitness:

Our exposé of the Makhloufs’ properties is rare supporting evidence that lends substance to rumours of regime money being funnelled out of Syria throughout the war. Information about the regime’s assets and finances is notoriously scarce due to the terror fostered by al-Assad’s apparatus at home and abroad.

Our investigation further shows that the loans secured against some of the properties could be for the purposes of laundering money from Syria into Moscow. This opens the possibility that the money could then be moved into other jurisdictions, such as the EU, where members of the family are sanctioned.

Of the newly-revealed Moscow property purchases, the largest amount was bought by Hafez Makhlouf, one of Bashar al-Assad’s first cousins.

Hafez is accused of overseeing the killings and torture of detainees and protestors. Most of Hafez’s purchases were arranged using an opaque Lebanese loan structure that bears several hallmarks of money laundering, possibly with the purpose of moving the money beyond Russia.

Russia has been a key ally of the al-Assad family over their almost 50-year rule. It intervened on their side of the war in Syria in 2015, turning it in their favour through airstrikes and land offensives on opposition-controlled territory.

Reports of Russian banks aiding the Syrian regime surfaced in 2012 and 2013, after Western sanctions hit and the more powerful family members were stripped of European visas and their EU and Swiss bank accounts were frozen. Now it seems that the Syrian regime has been using Moscow as an alternative safe haven, and possibly a potential gateway for its ill-gotten gains to enter the wider financial system.

Hafez Makhlouf, who purchased US$22.3 million worth of property in Moscow’s ‘City of Capitals’ towers, was head of the Damascus ‘Section 40’ of Syria’s infamous General Intelligence Directorate until late 2014. This is the Syrian agency charged with quelling internal dissent, formerly and popularly known as the State Security service. As Damascus is the capital, this was already an important role, but Hafez appears to have had a great deal more authority than this official title reflects.

Testimony collected by Syrian human rights groups about Hafez’s Section 40 and its command branch, the Al-Khatib Branch, as well as wider testimony collected by journalists about the systemic use of torture by Syria’s intelligence services, points to how Hafez would have potentially overseen the detention of  thousands of Syrians and their subsequent abuse, and, in some cases, even murder.

Moreover, multiple regime defectors have since testified, in a 2019 book by journalist Sam Dagher, that Hafez was a hard-line member of Bashar al-Assad’s inner circle and one of his most influential advisers. According to the testimony, Hafez was one of two main advocates for crushing the demonstrations in 2011. Dagher’s book includes testimony from witnesses who saw Hafez shooting civilians in Douma and giving shoot-to-kill orders on hundreds of peaceful protestors in Daraa and Homs.

Makhlouf Family Tree Diagram english  When buying the Moscow office space in 2016, Hafez Makhlouf’s Russian-registered property companies took out loans using 11 of the properties as collateral. The complex structure of these loans disguises Hafez’s connection to the funds. This is characteristic of money laundering and could have been designed to establish money flows between Russia and Syria which would appear unconnected to Hafez, raising the possibility that the ultimate aim is to move the money out of Russia.

The loans were provided to Hafez’s Russian companies by a Lebanese company called Nylam SAL Offshore. The company is classified as ‘offshore’ in Lebanon; while Lebanese ‘offshore’ companies do not hide their owners like offshore companies in so-called secrecy jurisdictions like the British Virgin Islands, these companies do benefit from enhanced banking secrecy. The exact amount loaned by Nylam is unknown.

In 2018, two years after the property purchases, Hafez, the sole shareholder of his three Russian companies, passed his shares to Briana SAL Offshore, a Lebanese company with identical shareholders, directors and address as Nylam. Russian corporate records for the Russian property companies contain details about Briana because it is a shareholder. These records show that Briana states its country of business as Syria.

Russia’s biggest bank, Sberbank, provided banking services for at least one of the Russian property companies formerly owned by Hafez and now owned by Briana, a Russian corporate database shows.

As the loans from Nylam to Hafez’s Russian companies were international (coming into Russia from Lebanon), it is feasible that they were transacted in US dollars, which is the commonly used international currency. If that were the case, the money could have transited through Sberbank’s SWIFT payment system, which, according to anti-money laundering expert Graham Barrow, could risk breaching the terms of the US sanctions against Hafez Makhlouf.

The convoluted nature of the loans taken against the properties should have raised red flags with Sberbank, but it is unclear what due diligence was carried out on the loans.

Sberbank’s dealings with the Makhloufs are part of a broader pattern of major Russian banks helping the Syrian regime. In 2012 and 2013, both Reuters and Wall Street Journal reported that the al-Assad regime held accounts at Gazprombank and VTB, two of Russia’s largest banks, which, like Sberbank, have extensive international correspondent banking relationships. More here.