US Charges Russian Spies, Hackers in Yahoo Hack
March 21, 2017 in Uncategorized
The United States last week charged two Russian intelligence agents and two criminal hackers with masterminding the 2014 theft of 500 million Yahoo accounts in a move that marks the first time that the US government has criminally charged Russian spies with cyber offenses.
The 47-count Justice Department indictments on Wednesday 15 March included charges of conspiracy, computer fraud and abuse, economic espionage, theft of trade secrets, wire fraud, access device fraud and aggravated identify theft. The charges also paint a picture of the Russian security services as working hand-in-hand with cyber criminals, who helped spies further their intelligence goals in exchange for using the same exploits to make money. Speaking at a press conference to announce the charges, Acting Assistant Attorney General Mary McCord disclosed that the criminal conduct at issue, carried out and otherwise facilitated by officers from an FSB unit that serves as the FBIs point of contact in Moscow on cyber crime matters, is beyond the pale. Russias Federal Security Service (FSB) is the successor to the KGB. McCord further disclosed that the hacking campaign was awarded by the FSB in order to collect intelligence but that the two hackers used the collected information as an opportunity to line their pockets.
The indictment named the FSB officers involved as Dmitry Dokuchaev and his superior, Igor Sushchin, both of whom are in Russia. According to Russian news agency Interfax, Dokuchaev was arrested for treason in December. According to the Justice Department, the alleged criminals involved in the scheme include Alexsey Belan, who is amongst the FBIs most-wanted cyber criminals and was arrested in Europe in June 2013 however he escaped to Russia before he could be extradited to the US. Karim Baratov, who was born in Kazakhstan but also has Canadian citizenship, was also named in the indictment. The Justice Department disclosed that Baratov was arrested in Canada on 14 March. Officials in Toronto have confirmed the arrest. The US does not have an extradition treat with Russia, with McCord stating that she was hopeful that Russian authorities would cooperate in bringing criminals to justice. The US often charges cyber criminals with the intent of deterring future state-sponsored activity.
The charges announced last week are not related to the hacking of Democratic Party emails during the 2016 US presidential election. US intelligence agencies have stated that they were carried out by Russian spy services, including the FSB, in order to help the campaign of Republican candidate Donald Trump.
Yahoo disclosed when it announced the then-unprecedented breach last September, that it believed that the attack was state-sponsored. On Wednesday, the company stated that the indictment unequivocally shows that to be the case.
According to the indictment, in the 2014 breach, at least thirty million of the Yahoo accounts were the most seriously affected, with Belan being able to burrow deep into their accounts and taking user contact lists that were later used for a financially motivated spam campaign. The indictment went on to say that Belan also stole financial information, such as credit card numbers and gift cards. Yahoo had previously stated that about 32 million accounts had fallen victim to the deeper attack, which it said leveraged forged browser cookies to access accounts without the need for a password. According to Wednesdays indictment, FSB officers Sushchin and Dokuchaev also directed Baratov to use the information gained in the Yahoo breach to hack specific targets who possessed email accounts with other service providers, including Google. The incitement charged that when Baratov was successful, Dokuchaev would reward him with a bounty.
In December 2016, Yahoo announced another breach that occurred in 2013 and which affected 1 billion accounts. At the time, Special Agent Jack Bennett of the FBIs San Francisco Division disclosed that the 2013 breach is unrelated and that an investigation of that incident is ongoing. The hacks forced Yahoo to accept a discount of US $350 million in what had been a US $4.83 billion deal to sell its main assets of Verizon Communications Inc.
The charges come amidst a number of controversies relating to alleged Kremlin-backed hacking of the 2016 US presidential election and the possible links between Russian figures and associates of US President Donald Trump, as well as uncertainty about whether President Trump is willing to respond forcefully to aggression from Moscow in cyberspace and elsewhere.
Brexit: What Occurs When Article 50 is Triggered?
March 16, 2017 in Uncategorized
If the UK government sticks to its timetable, then Article 50 will be triggered by the end of this month. But how and when? And what happens next?
What is Article 50?
The referendum last June was the UK’s signal that it wants to leave the European Union, and Article 50 is the format notification of the UK’s intention to leave – effectively it is the start of the leaving process, which will last two years.
The article itself is a short, five-point text that was enshrined into EU law as part of the Lisbon Treaty in 2009. Prior to that, there was no process for leaving the EU. The text is vague, brief and is open to interpretation. Furthermore, it has never been tested before as no member has ever left the EU. Likewise there is no precedent, no patter to follow and therefore the process and procedures for leaving the EU are unclear.
How is Article 50 Triggered?
Due to the lack of precedent, the mechanics of triggering Article 50 are only now being discussed by officials in both London and in Brussels. The only requirement is that the notification is made in writing to the President of the European Council. Therefore it could be as simple as one line and sent in the form of an email, however given the enormity of the decision and the symbolism of the moment, it is likely that the UK government will make more of it. The notification letter may therefor include a reference to the UK government’s repeated desire that the EU remain a strong partner for Britain after Brexit. The letter could also be hand-delivered to the European Council building in Brussels. However by who it remains unclear, although it could be by Britain’s Ambassador to the EU, Sir Tome Barrow, or the Brexit Secretary, David Davis MP.
When Will Article 50 Be Triggered?
When to pull Article 50 is entirely up to the country that is planning to leave the EU. In the case of the UK, Prime Minister Teresa May has repeatedly indicated that she will do it by March. Time however is quickly running out, and the process have been further complicated by politics and sensitivities both in the UK and in Europe.
Domestically, politics between the House of Lords and the House of Commons has deployed the process. Only once the Brexit bill has been cleared by both houses and received royal ascent, will Prime Minister May be in a position to trigger it. However there are several dates which have been deemed as being inappropriate for a triggering.
- 15 March – All eyes will be on the Dutch election, which could be a potentially tricky day for the EU if anti-EU far-right candidate Geert Wilders does well. Triggering Article 50 on that day would also dominate the news agenda and could, potentially, influence Dutch voters. The result of the election will trickle in on 16 March, which will be another bad day to trigger Article 50.
- 25 March – This day marks the 60th anniversary of the Treaty of Rome, which laid the foundations of the present-day EU. The heads of state from all EU members, with the exception for now at least the UK, will gather in Rome for a weekend of celebrations.
IS the UK Still a Member of the EU After Article 50 Has Been Triggered?
Yes, the UK will remain a member of the EU for precisely two years from the day the article is triggered. Therefore if Article 50 is triggered on 31 March 2017, then the UK would case to be a member of the EU at the end of the day on 31 March 2019. During this two-year period, the UK will remain bound by EU laws and regulations. It will also be entitled to near-full membership rights, however it must also honour its commitments as a member and those include financial. The only areas in the two-year period where the UK is excluded from EU affairs are when the 27 remaining countries are discussing the UK withdrawal or where they are discussing internal EU business.
Once Article 50 Has Been Triggered, Is there Any Turning Back?
Article 50 does not state whether it is reversible and EU lawyers have never pronounced on the issue.
Will Negotiations Between the UK and the EU Begin As Soon As Article 50 is Triggered?
No. There is a common misconception that in the first week after the triggering of Article 50, the two negotiators – Michel Barnier for the EU and David Davis MP for the UK – will face off across a table and begin negotiating Britain’s exit. It will not work like this for a number of reasons. Firstly, the EU side will need at least two months in order to draw up guidelines. The remaining 27 states will also decide on negotiating topics and re lines, which they will then feed into the EU Council. While the EU has already presented a united front on Brexit, it will quickly become clear that many of the negotiating topics and red lines are unique to individuals states. Subsequently things will become more granular, complicated and divided as the process goes along. It will be up to the European Council’s behind-the-scenes Brexit negotiation, Belgian diplomat Didier Seewus, to co-ordinate with the member countries and try to keep negotiations on track. Secondly, while Mr Barnier is the chief negotiator on behalf of the EU Commission, the negotiations will be carried out by large teams on both sides.
What if the Withdrawal Process Takes Longer than the Designated Two Years?
The exit clock to leave the EU effectively begins the moment that Article is triggered. Precisely two years later the UK ceases to be a member of the EU. During that period, the negotiations for the exit must be concluded. However this is an extremely unrealistic timetable to conclude such complicated negotiations and in reality, because of the time taken at the beginning and the end for the process to wind up and wind down the negotiations, the actual negotiating time will probably be only 15 months at best. The two-year Article 50 period can however be extended, and the UK continue to be an EU member, however only if all 27 remaining countries agree to it unanimously.
US Announces Decline in Illegal Immigrant Crossings
March 15, 2017 in Uncategorized
The United States government announced this month that the number of illegal immigrants crossing into the US from Mexico went down by 40% from January to February.
Homeland Security Chief John Kelly disclosed that the “change in trends” was the result of President Donald Trump’s tough policies. Mr Kelly disclosed that the number of “inadmissible persons” crossing the US-Mexico border had dropped this year from 31,578 to 18,762 in January to February – a period when the number of arrests of illegal immigrants usually increases. He disclosed that “since the administration’s implementation of executive orders to enforce immigration laws, apprehensions and inadmissible activity is trending toward the lowest monthly total in at least the last five years.”
New rules announced by the Trump Administration last month included plans to send undocumented people to Mexico, even if they are not Mexicans, and expand the criteria for immediate deportations. The government disclosed that the new guidelines would not usher in mass deportations, but were instead designed to empower agents to enforce laws that are already on the books. The president has also signed an executive order for an “impassable physical barrier” on the US-Mexico border and has insisted that Mexico will pay for it, despite its repeated refusals. The measures have been condemned by Mexico as being “hostile and “unacceptable.”
The president made immigration and border control a key part of his election campaign, promising to protect Americans from “bad dudes.” An estimated 11 million undocumented immigrants live in the US, many of whom are from Mexico.
Meanwhile on Monday 6 March, President Trump revised his travel ban, barring people from six mainly Muslim countries. The ban however has since faced its first legal challenge from the state of Hawaii. State lawyers have asked for an emergency block on the order, stating that the measure will harm its residents, businesses and schools.
While the revised measure removed some of the more controversial language on religious minorities, Hawaii Attorney General Doug Chin disclosed that it still constituted a “Muslim ban” due to the countries involved and past statements from the administration.
The directive, which includes a 120-day ban on all refugees, will take effect on 16 March. Citizens of Iran, Libya, Syria, Somali, Sudan and Yemen, the other six countries on the original 27 January order, will once more be subject to a 90-day travel ban. Iraq, which was listed on the original order, has since been removed from the list.
President Trump’s previous order was halted by the US federal courts amidst concerns that it unfairly targeted Muslims. It caused chaos at airports and mass protests.
Wikileaks Offers Tech Firms First Pick at CIA Files
March 14, 2017 in UncategorizedLast week, Wikileaks announced that technology firms will get “exclusive access” to details of the CIA’s cyber-warfare programme. The statement comes after the anti-secrecy website published thousands of the US spy agency’s secret documents, including what it says are the CIA’s hacking tools.
On Thursday 9 March, Wikileaks founder Julian Assange stated that, after some thought, he had decided to give the tech community further leaks first. Mr Assange disclosed that “once the material is effectively disarmed, we will publish details.” US federal agencies have already launched a criminal investigation into the release of the documents.
In its first tranche of leaks, Wikileaks alleged that the CIA had developed what Mr Assange called “a giant arsenal” of malware to attack “all the systems that average people use.” Tech firms, including Apple and Google, have since stated that hey are developing counter-measures to combat any malware that the CIA may have developed. Mr Assange has disclosed that his organization had “a lost more information on the cyber-weapons programme,” noting that while Wikileaks maintained a neutral position on most of its leaks, in this case it did make a strong stance, stating “we want to secure communications technology because, without it, journalists aren’t able to hold the state to account.” Mr Assange also claimed that the intelligence service had known for weeks that Wikileaks had access to the material and done nothing about it.
On Thursday, Mr Assange also spoke more about the Umbrage programme, which was revealed in the first leaked documents. He stated that a whole section of the CIA is working on Umbrage, a system that attempts to trick people into thinking that they have been hacked by other groups or countries by collecting malware from other nation states, such as Russia. He noted that “the technology is designed to be unaccountable,” and claimed that an anti-virus expert, who was not named, had come forward to say that he believed sophisticated malware that he had previously attributed to Iran, Russia and China, now looked like something that the CIA had developed. Mr Assange went on to say that “the type of attack system corresponds to a description we published of that attack system unless of course China has already got hold of these parts of the CIA arsenal and is using it to pretend to be the CIA,” adding that the intelligence agency could potentially be causing the tech industry “billions of dollars of damage.”
North Korea’s History of Kidnappings and Foreign Assassinations
March 9, 2017 in UncategorizedIn February, local police reported that Kim Jong-nam, the half-brother of North Korean leader Kim Jong-un, was killed in Malaysia. Over the past several weeks, some South Korean media outlets have reported that North Korean agents were responsible for his death, so far there has been no evidence provided. However, since Kim Jong-un took power, he has made no compunction in execution officials perceived as being a threat to his authority. In one of the most high-profile incidents, his uncle and senior mentor, Chang Song-thaek, was executed. The country itself has also had a long history of sending agents overseas in order to carry out assassinations, attacks and kidnappings. Below are five such incidents.
Raid on the Blue House (1968)
A team of thirty-one elite, handpicked North Korean commandos were sent to the south with a mission to infiltrate the Blue House, which is South Korea’s presidential residence, and assassinate President Park Chung-hee. While hiding out in the mountains above Seoul, they were discovered by a group of civilians however they decided that instead of killing them, they would teach them about communism and release them with a warning not to tell anyone. Their plan however was foiled as police and the military were notified, although the North Korean commandos managed to evade detection. They entered the capital, dressed in South Korean army uniforms, and marched to the Blue House disguised as the very soldiers tasked with locating them. At a checkpoint 100m away from the Blue House, they were questioned and a gunfight erupted. While many of the commandos managed to flee, most were later killed or committed suicide as they tried to get back to the North. One was captured. In that incident, more than ninety South Koreans wee killed, including a large group of civilians who were reportedly on a bus.
Bombing in Burma (1983)
If the incident in Malaysia is indeed an assassination attempt that occurred in a third country, then this is nothing new. A bomb hidden at the Martyrs’ Mausoleum in Rangoon, the capital of Myanmar, exploded just minutes before then South Korean President Chun Doo-hwan arrived to lay a wreath on 9 October. Mr Chun’s car had been delayed in traffic, which ultimately saved his life, however seventeen South Korean nations, including four ministers were killed, and four Burmese nationals also died. Three North Korean agents were involved in the attack and are said to have detained one of three bombs early, after hearing the sound of a bugle that mistakenly signalled the president’s arrival. They managed to flee the scene, however one was later killed nad the two others were captured.
Overseas Abductions (1970s – 1980s)
North Korea has admitted to kidnapping Japanese citizens in the 1970s nad 1980s in a bid to train its spies in Japanese customs and language. Some were kidnapped from coastal areas in Japan by North Korean agents while others from overseas. The youngest was a thirteen-year-old girl who was abducted in 1977 while on he way home from school. Pyongyang has since retuned five of the abductees, stating that eight more died. Japan however does not believe that hey are dead, adding that far more people were abducted. South Koreans have also been targeted in abduction cases, with the most high profile case being that of a film director and his actress wife, who were taken in Hong Kong to North Korea so that they could help the country build its firm industry.
Killing in Vladivostok (1996)
It is estimated that thousands of North Koreans are living in Russia, and South Korean consular official Choi Duk Keun’s job was to monitor those who were living in Vladivostock. He was found bludgeoned in October 1996, with South Korean media later reporting that he was killed to avenge the deaths of twenty-two North Korean commandos whose submarine ran aground on a beach in South Korea a month earlier.
Targeting Defectors
North Korean defections have led to assassination attempts. In 2016, when North Korea’s deputy ambassador to the United Kingdom defected, South Korea warned at the time of possible revenge assassinations and kidnappings. There is precedent to this as when Hwang Jang-yob, a senior politician, defected to South Korea in 1997, another prominent defector, Yi Han-yong, was shot in the head by suspected North Korea assassins. He was the nephew of Song Hye-rim, who is the mother of Kim Jong-nam. Thirteen years later, two North Korean military officials posing as defectors were jailed in South Korea for an unsuccessful plot to kill Mr Hwang.
