FBI Working to Stop Massive Russian Malware Network

By: Denise Simon | Founders Code

Cisco’s Talos research unit yesterday reported its discovery of VPN Filter, a modular and stealthy attack that’s assembled a botnet of some five-hundred-thousand devices, mostly routers located in Ukraine. There’s considerable code overlap with the Black Energy malware previously deployed in attacks against Ukrainian targets and the US Government has attributed the VPN Filter campaign to the Sofacy threat group, a.k.a. Fancy Bear, or Russia’s GRU military intelligence service.

Ukrainian cybersecurity authorities think, and a lot of others agree with them, that Russia was gearing up a major cyberattack to coincide with a soccer League Championship match scheduled this Saturday in Kiev as part of the run-up to the World Cup. They also think it possible an attack could be timed for Ukraine’s Constitution Day, June 28th.

The US FBI has seized a key website used for VPN Filter command-and-control, which US authorities hope will cripple the campaign. The Justice Department says that VPN Filter could be used for “intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities.”


FBI agents armed with a court order have seized control of a key server in the Kremlin’s global botnet of 500,000 hacked routers, The Daily Beast has learned. The move positions the bureau to build a comprehensive list of victims of the attack and short-circuits Moscow’s ability to reinfect its targets.

The FBI counter-operation goes after  “VPN Filter,” a piece of sophisticated malware linked to the same Russian hacking group, known as Fancy Bear, that breached the Democratic National Committee and the Hillary Clinton campaign during the 2016 election. On Wednesday security researchers at Cisco and Symantec separately provided new details on the malware, which has turned up in 54 countries including the United States.

VPN Filter uses known vulnerabilities to infect home office routers made by Linksys, MikroTik, NETGEAR, and TP-Link. Once in place, the malware reports back to a command-and-control infrastructure that can install purpose-built plug-ins, according to the researchers. One plug-in lets the hackers eavesdrop on the victim’s Internet traffic to steal website credentials; another targets a protocol used in industrial control networks, such as those in the electric grid. A third lets the attacker cripple any or all of the infected devices at will.

The FBI has been investigating the botnet since at least August, according to court records, when agents in Pittsburgh interviewed a local resident whose home router had been infected with the Russian malware. “She voluntarily relinquished her router to the agents,” wrote FBI agent Michael McKeown, in an affidavit filed in federal court. “In addition, the victim allowed the FBI to utilize a network tap on her home network that allowed the FBI to observe the network traffic leaving the home router.”

FBI working to disrupt massive malware network linked to Russia

The FBI is working to disrupt a massive, sophisticated Russia-linked hacking campaign that officials and security researchers say has infected hundreds of thousands of network devices across the globe.

The Justice Department late Wednesday announced an effort to disrupt a botnet known as “VPNFilter” that compromised an estimated 500,000 home and office (SOHO) routers and other network devices. Officials explicitly linked the botnet to the cyber espionage group known as APT 28, or Sofacy, believed to be connected to the Russian government.

Officials said that the U.S. attorney’s office for the western district of Pennsylvania has obtained court orders allowing the FBI to seize a domain that is part of the malware’s command-and-control infrastructure. This will allow officials to redirect attempts by the malware to reinfect devices to an FBI-controlled server, thereby protecting devices from being infected again after rebooting.

Assistant Attorney General for National Security John C. Demers in a statement described the effort as the “first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities.”

Cybersecurity researchers first began warning of the destructive, sophisticated malware threat on Wednesday. Cisco’s Talos threat intelligence group said in a blog post Wednesday that VPNFilter had infected at least 500,000 devices in 54 or more countries.

The researchers had been tracking the hacking threat for several months and were not ready to publish their findings, but when the malware began infecting devices in Ukraine at an “alarming rate,” they decided to publish their research early.

“Both the scale and the capability of this operation are concerning. Working with our partners, we estimate the number of infected devices to be at least 500,000 in at least 54 countries,” the researchers wrote.

The malware targets home and office routers and what are known as network-access storage (NAS) devices, hardware devices that store data in one, single location but can be accessed by multiple individuals — creating a massive system of infected devices, commonly known as a botnet.

VPNFilter also uses two stages of malware, an unusual set up that makes it more difficult to prevent a device from being re-infected after it is rebooted. The FBI on Wednesday urged individuals whose devices may have been infected to reboot them as soon as possible.

The FBI is also also soliciting help from a nonprofit known as the Shadowserver Foundation, which will pass the IP addresses to internet service providers, foreign computer emergency teams and others to help stem the damage.

The malware is the latest sign of the growing cyber threat from Russia. News of the outbreak comes roughly a month after senior U.S. and British officials blamed the Russian government for coordinated cyberattacks on network devices in an effort to conduct espionage and intellectual property theft.

The U.S. has also blamed Moscow for the global cyberattack known as notPetya that ravaged computers across the globe last summer, calling it the most destructive and costly cyberattack in history.

The code of VPNFilter has similarities with version of another malware known as BlackEnergy, which was used in an attack on Ukraine’s power grid in late 2015. The Department of Homeland Security has linked the malware to the Russian government.


President Trump Withdraws from North Korea Nuclear Summit

By: Denise Simon | Founders Code

There are several things in play. China, Iran and Russia and North Korea are watching all U.S. positions and it began with the Pompeo demands announced of Iran since exiting the JCPOA, nuclear deal. Iran has not only responded with several nasty-grams, they are also being threatening  towards Europe on many of their demands to stay in the deal.

National Security Counsel chair John Bolton is also being blamed by North Korea for the breakdown due to the reference of the Libya model. That is an excuse as the Libya model for removing the nuclear program was far in advance of the removal of Maummar Gaddafi and his eventual death.

Further, there is the matter of China injecting itself into the preparations and talks between North Korea and the United States. North Korea follows all advice and leads from President Xi. Now, where are those pesky nuclear weapons in North Korea since the nuclear test site collapsed and was further blown up in a gesture move for selected outside media?

There is also the issue of the other locations of interest in North Korea that the United States is well aware of that proves China has aided and assisted in the military sites and nuclear program as has Iran and Russia. China does not want to be confronted with that proof.

Further, there is the matter of the ‘nuclear umbrella’.

In this book, Terence Roehrig provides a detailed and comprehensive look at the nuclear umbrella in northeast Asia in the broader context of deterrence theory and U.S. strategy. He examines the role of the nuclear umbrella in Japanese and South Korean defense planning and security calculations, including the likelihood that either will develop its own nuclear weapons. Roehrig argues that the nuclear umbrella is most importantly a political signal demonstrating commitment to the defense of allies and is used as a tool to prevent further nuclear proliferation in the region. While the role of the nuclear umbrella is often discussed in military terms, this book provides an important glimpse into the political dimensions of the nuclear security guarantee. As the security environment in East Asia changes with the growth of North Korea’s capabilities and China’s military modernization, as well as Donald Trump’s early pronouncements that cast doubt on traditional commitments to allies, the credibility and resolve of U.S. alliances will take on renewed importance for the region and the world.

The U.S. nuclear umbrella in the region is not focused on North Korea, but also incorporates planning against potential Chinese aggression. Nullifying or weakening the umbrella over the Peninsula, some would argue, might leave South Korea open to potential Chinese coercion and send the wrong signal at a time when China is seem by some as trying to pressure Taiwan and reassert its influence in the region.

Related reading: Japan Under the US Nuclear Umbrella

Related reading: The US Nuclear Umbrella Over South Korea


Russia’s 53rd Missile Brigade Did Shoot Down MH17

By: Denise Simon | Founders Code

Now the question is why? Could it have been a single message to Ukraine to not mess with Russia as it was invading Ukraine? And directly after this attack, the President of Petro Poroshenko fled to Russia.

The other question is, what is the consequence for Russia? MH17, a passenger jet was flying from Amsterdam to Kuala Lampur and was blown out of the sky over Ukraine. Communications intercepts show that pro-Russian rebels had called for the launch of a surface to air missile weapon.

Fred Westerbeke, Chief Prosecutor of the Dutch Prosecutor’s office, presents interim results in the ongoing investigation of the 2014 MH17 crash that killed 298 people over eastern Ukraine, during a news conference in Bunnik, Netherlands, May 24, 2018. REUTERS/Francois Lenoir

BUNNIK, Netherlands (Reuters) – Prosecutors investigating the downing of Malaysia Airlines Flight 17 over eastern Ukraine in 2014 said on Thursday they had identified the missile used to shoot down the plane as coming from a Russian military unit. The airliner was hit by a Russian-made missile on July 17, 2014, with 298 people on board, two-thirds of them Dutch, over territory held by pro-Russian separatists. All aboard died.

Wilbert Paulissen, head of the crime squad of the Netherlands’ national police, said the missile had been fired from a carrier belonging to Russia’s 53rd Anti-Aircraft Brigade.

“All the vehicles in a convoy carrying the missile were part of the Russian armed forces,” he told a televised news conference.

Russia has denied involvement in the incident. There was no immediate comment from Moscow on the investigative development.

In an interim update on their investigation, prosecutors said they had trimmed their list of possible suspects from more than a hundred to several dozen.

“We have a lot of proof and a lot of evidence, but we are not finished,” said chief prosecutor Fred Westerbeke. “There is still a lot of work to do.”

He said investigators were not yet ready to identify individual suspects publicly or to issue indictments. The question of whether members of the 53rd Brigade were actively involved in the downing of the plane remains under investigation, he said.

Westerbeke called on witnesses, including members of the public, to help identify members of the crew that was operating the missile system. He also asked for tip-offs in determining what their orders were and in identifying the officials in charge of the brigade.

A Joint Investigation Team, drawn from Australia, Belgium, Malaysia, the Netherlands and Ukraine, is gathering evidence for a criminal prosecution in the downing of the plane.

The Dutch Safety Board concluded in an October 2015 report that the Boeing 777 was struck by a Russian-made Buk missile.

Westerbeke called on witnesses, including members of the public, to help identify members of the crew that was operating the missile system. He also asked for tip-offs in determining what their orders were and in identifying the officials in charge of the brigade.

A Joint Investigation Team, drawn from Australia, Belgium, Malaysia, the Netherlands and Ukraine, is gathering evidence for a criminal prosecution in the downing of the plane.

The Dutch Safety Board concluded in an October 2015 report that the Boeing 777 was struck by a Russian-made Buk missile.

Dutch prosecutors said in September 2016 that 100 “persons of interest” had been identified in the investigation, while Australian and Malaysian officials had initially expressed hope that suspects’ names would be made public in 2017.

Eventual suspects are likely to be tried in absentia in the Netherlands after Russia used its veto to block a U.N. Security Council resolution seeking to create an international tribunal to oversee criminal complaints stemming from the incident.


Deep Throat, Deep State and #SpyGate is Old News

By: Denise Simon | Founders Code

C’mon… remember the Watergate break-in? Former CIA operatives were part of that. But wait, Nixon himself was being surveilled by the FBI. Anna Chennault, a GOP operative had interesting connections all throughout Asia. Those relationships were of big concern to the FBI and the Bureau was tracking those connections. That was all related to the Paris Peace talks on North and South Vietnam. Due to FBI eavesdropping and collections of diplomatic cables, Lyndon Johnson knew all about Nixon’s subterfuge. Have we forgotten the secret Nixon tapes? Too bad we can’t ask Mark Felt questions, dead men tell no tales.

Using intelligence agencies is an old habit, yet Obama appears to have made an art of that exploitation. Obama spied on journalists including James Rosen of Fox News. Obama likely approved of John Brennan’s operation to spy on the Senate staffers working on the enhanced interrogation techniques report headed by Senator Dianne Feinstein. Heck, Obama spied on Angela Merkel of Germany. Enter the NSA, they have everything. Edward Snowden proved that, right? Not too sure FISA warrants were ever really needed in the first place, think about that.

Spies, informants and operatives come in many forms. They can be staffers, hired ladies, lawyers, lobbyists, policy wonks, people having cocktails at conventions, summits or conferences where business cards are exchanged for later email/phone call follow-up.

It is all old news. Old news and old tactics that get refined due electronic communications, apps and encryption.

So, how do we know about these activities? Follow the money for starters. Remember the DNC and Hillary law firm, Perkins Coie?

The Obama for America committee paid Perkins Coie around $3 million during the 2012 election cycle, according to filings with the Federal Election Commission, A vast majority of the payments were earmarked for “Legal Services.”

Was Fusion GPS hired by Obama to surveil on Romney for opposition research? Was the media involved? Oh yeah, remember that debate and the advanced questions?  Then of course we have Fusion GPS and Trump.

Okay, this brings us to the current #Spygate and the names bubbling to the surface.

One such name is Stefan Halper. During the presidential transition, Donald Trump’s top trade advisor Peter Navarro, recommended Halper for an ambassadorship. Heck Halper was in the White House Executive Office wing last summer to discuss Asia with particular emphasis on China.

Stefan Halper goes all the way back to the Reagan/Carter days. Oh, wait… even Gerald Ford and George H.W. Bush were included in Halper’s political history. Is there a difference between spying, intelligence collection and being a political operative? You decide.

There is more, How about Paul Corbin? He was a communist. And yes, he was a campaign operative too. He worked on the John F. Kennedy campaign. There was also ‘Debategate’.

Moving on and do NOT hang your hat on Carter Page. Remember the Washington Post editorial board doing an early interview with Trump and a question arose about his foreign policy team? Well, Trump threw out 2 names from the hip, Carter Page and George Stephanopoulos. In fact, neither had any quality role in the Trump operation. Another was Zalmay Khalilzad, former U.S. ambassador to Afghanistan, Iraq and the United Nations. Heck, Trump never met Khalilzad. He remains a back channel fella with concerns still with Pakistan, Afghanistan and Iraq. Khalilzad was part of a money laundering investigation in 2014. Could he be an operative too?

Now take a moment and see the issue of Russian operatives and spies in the United States to understand how the FBI tails these people. In 2010, there was a spy swap (10 operatives) that included 2 key people. One such person was Anna Chapman who was assigned to get inside the Hillary State Department operation(s) and she did. The other is Sergei Skripal. He is the former Russian military officer and double agent that Russia just attempted to kill with Novichok, a nerve agent. Then there was this other double agent in New York that was captured in a counter-intelligence operation as a result of spy operations that work out of the Russian Mission to the United Nations.

Are you beginning to understand the other work of the FBI? President Bush expelled 50 Russians, Reagan expelled 55 Soviets and both Obama and Trump have expelled 35 and 60 respectively.

With those facts, does it stand to reason that the FBI rank and file agents are very concerned about foreign operatives in politics and campaigns? There is for sure an argument to be made that informants and plants are not only used, but required.

Will we ever know all the puzzle parts to these cases? NO.

Is #Spygate a one off with regard to President Trump? NO.

Perhaps there is something yet to be discovered in Hillary’s missing emails or Peter and Lisa’s text messages. Hello IG report by Michael Horowitz.

The tactics are tried and true… however, when will the media much less the Republicans, call out the abuse of power the Obama administration on all of this? In summary, the Trump administration should fight back and impeach those Obama operatives, what say you?


Katie Hopkins In Detroit: Can Patrick Colbeck Turn Michigan Around?

The United West

Katie Hopkins of TheRebel.media talked with gubernatorial candidate Patrick Colbeck about the challenges of running for office in a state with changing demographics and profound problems.

  • 45% of out of state funding is going to the Dem Candidate campaign chest, Abdul el Sayed.
  • Abdul’s father-in-law is former president of MI CAIR (Council of American Islamic Relations).
  • First Muslim candidate for Governor of Michigan, mirror’s the left agenda of Canada’s PM Justin Trudeau.
  • A major Abdul el Sayed campaign promoter, Linda Sarsour supports Sharia for America.


We Are Living In A Period Of Tectonic Change

By: Kent Engelke | Capitol Securities

Many times I have opined the world is undergoing a tectonic change where yesterday’s rules no longer apply. The issue at hand is most investors are playing by yesterday’s rules, the result of algorithmic trading and indexing which accounts for over 90% of total volume. There is no macroeconomic or geopolitical analysis.

As I noted several times, I believe the mega-capitalized technology firms, specifically five companies that comprise an incredible 28% of the NASDAQ’s capitalization and 19% of the S & P 500’s value, have generally been exempted from the rules and regulations that would have sunk mere mortal companies.

Is this exemption about to change given the rising calls that these companies are monopolistic, crushing competition and to heck with customer confidentiality, further believing there is too much power concentrated in just a few?

Last week the WSJ discussed the rising number of “reeducation camps” in China. At the current pace, the number of “reeducation camps” would match the number present during the “Cultural Revolution” of the early 1970s.

Domestically, there are ample reports that today’s social media companies are attempting to “reeducate” American and western democratic societies to their view of equality. Anyone who disagrees is immediately branded as a bigot, uneducated and an unenlightened Neanderthal, dehumanizing anyone who believes in the traditional Judeo Christian ethics.

I ask what the difference between a Chinese reeducation camp is and today’s social media companies other than one is government run? I do think it is noteworthy that China has similar companies as Google, Facebook and Amazon such as Bajdu, Alibaba and Tencent that will assist in Chinese surveillance.

It could be of great market significance if greater scrutiny of today’s mega-sized social media companies occurs.

And then there is the attitude of these companies towards taxation. Greater taxation and social engineering is okay as long as they are not impacted. Is this attitude changing, utilizing Amazon’s reaction to Seattle’s headcount tax? Seattle’s city council voted unanimously to assess a $295 tax per employee on any company that has over $20 million in revenue in an attempt to resolve various social issues. Amazon is very displeased.

Yesterday it was reported cities in the Bay Area, including San Francisco, are considering a similar tax amounting to $250 to $300 per head. The corporate response is similar to that of Amazon’s.

Are these corporate behemoths beginning to adopt the attitude of the electorate that it is not okay that government dictates social policy via taxation and redistribution?

This potential change in attitude can be of great significance.

Perhaps another issue of great consideration, yesterday the IRS warned taxpayers to proceed with caution after high tax states including New York, New Jersey and Connecticut approved “workarounds” to the new federal limits on deductions for state and local taxes via the ability to declare such taxes as charitable deductions to offset federal taxable income.

In my view, this is yet another example that taxes and social engineering are great just as long you are not the one whose income is being redistributed.

Enough of the socio economic rant, the Minutes from the recent Fed meeting were released. Generally speaking, the Minutes were dovish indicating another interest rate hike will occur “soon” and the Committee would “welcome” a modest overshoot of their 2 percent inflation target, indicating they are in no rush to tighten more aggressively.

Equities erased losses, closing mixed. Treasuries were nominally higher in price, but the yield on the 10-year is still over 3%.

Last night the foreign markets were mixed. London was down 0.15%, Paris was up 0.35% and Frankfurt was down 0.11%. China was down 0.45%, Japan was down 1.11% and Hang Sang was up 0.31%.

The Dow should open nervously unchanged navigating escalating geopolitical and trade issues. The 10-year is unchanged at 3.0%.