05/30/18

List of Issues for Talks Between Trump and Kim Jung-Un

By: Denise Simon | Founders Code

North Korea is holding up to 120,000 political prisoners in “horrific conditions” in camps across the country, according to estimates from a newly released State Department report.

The department on Tuesday issued its annual International Religious Freedom Report for 2017, which covers 200 countries and territories, documenting religious freedom and human rights abuses.

The findings on North Korea come as the Trump administration is working to engage the isolated regime. The White House says the administration continues to “actively prepare” for a possible summit with Kim Jong-Un.

The report, though, addressed the brutal conditions festering inside Kim’s kingdom. It revealed 1,304 cases of alleged religious freedom violations in the country last year, while detailing the harsh treatment of political and religious prisoners — and persecution of Christians.

Secretary of States Mike Pompeo is meeting with 4 Star General and head of the military intelligence, Kim Yong Chol is a longtime spy chief and vice chairman of the ruling Workers’ Party was responsible for hacking Sony. More here.

Then North Korea has 2 satellites in orbit and more planned in 2018-2019.

“The Unha launcher can put maybe 100 kilograms [220 lbs.] into a pretty low orbit, maybe 400 or 500 kilometers [250 to 310 miles]” above the Earth’s surface, Wright said. “By increasing the thrust, it allows North Korea to lift satellites to higher altitudes, or to carry a greater payload to longer distances if it is a ballistic missile.”

Wright noted that the earlier, Nodong engine was essentially a scaled-up version of the one in the Scud, the Soviet missile that Iraq often used during the Gulf War of the 1990s. Whereas the Nodong used Scud-level propellants instead of ones used in more modern rockets, Wright noted that the color of the flame coming from the new engine in photos of the test suggest that this missile uses more advanced propellants that can generate higher thrust. [ buy modafinil in canada Top 10 Space Weapons]

“The surprise has been why North Korea has stuck with Scud propellants for so long,” Wright said. “There have been reports for 15 years now that North Korea had bought some submarine-launched missiles from the Soviet Union after it collapsed that used more advanced propellants, yet in all this time, we didn’t see them launch missiles with anything but Scud propellant.

In 2016, At United States Strategic Command, controllers likely had a high-workload evening as STRATCOM monitored the launch of a Russian Soyuz rocket from the Plesetsk Cosmodrome just eight minutes prior to North Korea’s launch, as is typical for launches from Russia’s military launch site. The ascending Unha rocket was tracked using the Space-Based Infrared System in Geostationary Orbit, capable of detecting the infrared signature of ascending rockets from ground level all the way into orbit. This allows the U.S. military to track the vehicle’s trajectory in real time before relying on ground-based radars to track any objects that entered orbit. More here .

Ah, but there is but one more issue at least. Yes, North Korea imploded their nuclear test site at Punggye-ri. But…there are 4 more locations.

The most important is Yongbyon, while the other locations appear to have slight or no activity.

Further, North Korea maintains a rather advanced air defense system, listed among the top in the world.

However, while North Korean technology is relatively primitive — the nation’s air defenses are coordinated.

“They do have an old Soviet computerized anti-aircraft command and control system. Most of the radars are old, but they did receive some newer Iranian phased array radars,” Kashin said. “This is what I know, the anti-aircraft units are extensively using underground shelters for cover—not easy to destroy.”

Thus, while generally primitive, North Korean defenses might be a tougher nut to crack than many might expect. Moreover, while their technology is old, North Korea’s philosophy of self-reliance means it can produce most of its own military hardware. More here.

North Korea has a fairly robust chemical and biological weapons program. The 46 page report is found here.

Lastly, but hardly finally, is the cyber weapons produced and applied by North Korea.

Most recently is: May 29, 2018, The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) released a joint Technical Alert (TA) that identifies two families of malware—referred to as Joanap and Brambul—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

In conjunction with the release of this TA, NCCIC has released a Malware Analysis Report (MAR) that provides analysis on samples of Joanap and Brambul malware.

NCCIC encourages users and administrators to review TA18-149A: HIDDEN COBRA – Joanap Backdoor Trojan and Brambul Server Message Block Worm and MAR-10135536-3 – RAT/Worm.

While there has been recent discussions about applying the Libya model to North Korea for removing nuclear weapons, you can bet Kim Jung-Un is going to demand the Pakistan model.

05/29/18

Chinese Spy Networks in Britain and United States

By: Denise Simon | Founders Code

The agents are thought to have handed over secrets while still in service for France’s external DGSE intelligence agency, similar to Britain’s MI6 and America’s CIA, Ms Parly told CNews television. The third person – believed to be the wife – has been indicted for “concealment of treasonable crimes” and placed under “judicial control”, meaning judges keep close tabs on her pending trial. More here.

France has confirmed the arrest of two French intelligence officers who are accused of spying for the Chinese government. It appears that the two officers were captured and charged in December. However, their arrests were not publicized at the time, because French counterintelligence officials wanted to avoid alerting more members of a possible spy ring, which some say may include up to five French citizens. It was only last Friday, a day after French media published leaked reports of the arrests, that the French government spoke publicly about the case.

France’s Minister of the Armed Forces, Florence Parly, told France’s CNews television on Friday that two French intelligence officers were “accused of extremely serious acts of treason” against the French state. The two officers had been charged with delivering classified information to a foreign power”, she said. Parly added that the spouse of one of the officers was also being investigated for participating in acts of espionage on behalf of a foreign country. When asked to identify the country that the two officers are accused of spying for, the minister refused to respond. But the Agence France Presse news agency cited an anonymous “security source”, who said that the two intelligence officers were being suspected of spying for China and that they had been captured following a sting operation by French counterintelligence officers.

French television station TFI1 said on Friday that both spy suspects are officers in the General Directorate of External Security (DGSE), France’s primary external intelligence agency. The station added that at least one of the two suspects was stationed at the embassy of France in Beijing when French counterintelligence became aware of the alleged espionage. According to some reports, the two suspects had retired from the DGSE by the time they were arrested, but committed their alleged espionage while still in the service of the spy agency. French government officials have refused to provide information about the length of the alleged espionage or the nature of the classified information believed to have been compromised. Additionally, no information is available about whether the two alleged spies were working in cooperation with each other. The BBC asked China last week about the arrests in France, but the Chinese Ministry of Foreign Affairs said it was not aware of the incident.

*** As a reminder, the United States has its own Chinese spy network. Jerry Chun Shing Lee was charged with aiding China dismantle a U.S. informant network in China in exchange for money. He has pleaded not guilty.

© Provided by South China Morning Post Publishers Limited

It was this past February that FBI Director Chris Wray provided testimony to the Senate Intelligence Committee that Chinese spies have fully infiltrated U.S. universities. Additionally, China continues to gain access and in many cases successfully, of U.S. technologies and intellectual properties through telecommunications companies, academia and most especially with joint business adventures.

China has launched an ‘all society’ approach to gain access to intellectual property and some universities are pushing back on the warnings put forth by Director Wray as there are an estimated 400,000 Chinese students studying in the United States, many attending cash-strapped colleges.

05/29/18

US Warships Challenge Chinese Islands: FONOP

By: Denise Simon | Founders Code

USS Higgins

The US Navy sent two warships to a disputed archipelago in the South China Sea on May 28 in its latest symbolic protest against China’s claims there.

Reuters first reported that the USS Higgins and the USS Antietam ventured within 12 miles of the Paracel Islands in a demonstration the Pentagon calls a “freedom of navigation operation” or FONOP. The move signals US rejection of China’s claims of political control in the South China Sea.

The objective of their sail-by was a speck of land called “Woody Island,” where China has developed airstrips and port facilities in recent years as part of a broader strategy of establishing bases in these islands to demonstrate and exercise its political claims. This spring, China landed strategic bombers capable of carrying nuclear weapons on the island, a symbolic display of its deterrent power, and satellite imagery showed the arrival of surface-to-air missiles this month.

**

The Vietnamese government protested China’s move as a violation of its sovereign claim to the islands—exactly the language used by China to protest US actions today after sending its own warships to warn away the Americans.

** See more here.

The island is one of many that lay behind the “nine dash line,” a diplomatic term of art for China’s political vision for the South China Sea, which is at the center of a web of claims by nearby nations:

In March, the US sent a destroyer on a FONOP to the Spratly Islands. In response, China increased its naval activity there, including a parade of warships that was also captured by Planet satellites. Tensions in the South China Sea have been simmering for years, but are now complicated by China’s role in North Korean nuclear talks and growing trade disputes with the Trump administration.

*** Meanwhile in April of 2018:

Surveillance photos suggest it has already broken its promise to not land military aircraft on its artificial islands. And there are claims the facilities have begun jamming US forces.

Philippines news service The Inquirer has obtained an aerial surveillance photo taken back in January which appears to show two Chinese Xian Y-7 twin engine aircraft on the recently constructed artificial island of Mischief Reef — also known as Panganiban Reef.

These are military combat transport aircraft, built to rapidly deploy special forces troops and munitions to a battlefield.

The news comes amid reports that electronic warfare equipment recently installed on the islands were last week directed at disrupting the passage of the United States Navy’s aircraft carrier, the USS Roosevelt.

FAIT ACCOMPLI?

Mischief Reef is within the internationally recognized 370km exclusive economic zone (EEZ) that applies to the Philippines. It is one of seven artificial islands arbitrarily constructed within the disputed Spratly Islands cluster. Three of these have large, 3km long military-grade runways.

China refuses to accept the UN economic zone standard, established after World War II to reduce international tensions, as well as an adverse ruling in 2016 by an international court of arbitration on the matter.

Instead, it insists it holds sovereign territorial rights over the whole 3.5 million-square-kilometer South China Sea, right up to 20km of the coasts of bordering nations including Taiwan, Vietnam, Borneo and Malaysia.

“If they could land transports now, in the future they might want to land more provocative and destabilizing types of assets such as fighter jets and bombers,” research fellow Collin Koh at Singapore’s Rajaratnam School of International Studies’ Maritime Security Program, told The Inquirer.

ELECTRONIC MISCHIEF

The Wall Street Journal reports US intelligence officers have identified radar and communications jamming equipment being installed on Beijing’s artificial South China Sea island fortresses.

Such electronic warfare devices are designed to block an opponent’s radar from ‘seeing’ what is going on, and prevent ships and aircraft from communicating with each other and the outside world.

Now, a US Navy pilot appears to have confirmed that these facilities are active.

Serving aboard the USS Roosevelt aircraft carrier which passed through the South China Sea to visit the Philippines last week, he implied the immense warship and its aircraft had been targeted by these disruptive devices.

“The mere fact that some of your equipment is not working is already an indication that someone is trying to jam you.” the pilot told the Philippines’ GMA News Online.

“And so we have an answer to that,” the naval officer cryptically told the journalist invited aboard for a tour of the ship.

DELVE DEEPER: How does China’s military compare with the US?

The USS Roosevelt had passed through the disputed waterway at the same time as a major Chinese naval parade was being staged on behalf of its new President-for-life, Xi Jinping.

The pilot reportedly flew one of the US Navy’s EA-18G Growler aircraft — a modified Super Hornet intended to provide electronic warfare support for accompanying ships and aircraft.

“This is not something that the US will look kindly on or think they can overlook.” military analyst Omar Lamrani at geopolitical think-tank Stratfor told Business Insider .

Lamrani said that even though electronic jamming was nothing like shooting a weapon, such activity was provocative and “could lead to an escalatory pattern that could be negative for both sides.” More here.

05/28/18

Memorial Day Parade in Trump Country USA

By: Lloyd Marcus

A year ago, Mary and I moved from Florida to Paw Paw, West Virginia (population 500) to be near our parents. Saturday was our first Paw Paw Memorial Day parade; patriotic Americana at its best. Both sides of Main street was adorned with flags – Old Glory proudly flying high waving in the breeze. The refreshing sound of Paw Paw school marching band’s excellent rendition of “America the Beautiful” filled the air. Remember the New York school principal who banned “God Bless the USA” on one occasion and “Stand Up for the Red, White and Blue” on another? https://bit.ly/2xq9puX

A leftist judge upheld a California school banning students from wearing American flag shirts on Cinco de Mayo. Administrators claimed American flag shirts would inflame the passions of Latino students celebrating their Mexican holiday. https://bit.ly/2xh4V9F

A Virginia school board Chairman, Ryan Sawyers, decreed that students will not be required to stand for the National Anthem or the Pledge of Allegiance. https://bit.ly/2LzRhBG

Folks, leftists who control public education are intentionally undermining patriotism by demonizing America.

Judging by the demeanor and behavior of students as they walk pass our home everyday, Mary and I suspect Paw Paw school students are getting a no nonsense quality education. Unlike urban schools https://herit.ag/2INqvbe, I suspect Paw Paw students are not being taught that patriotism is bigoted and insensitive to illegals – taught that America is racist, sexist, homophobic and the greatest source of evil on the planet.

The parade featured antique cars, trucks and tractors – fire engines, a marching band from neighboring Berkeley Springs – floats from numerous civic organizations and churches. Kids excitedly scrambled for candy thrown from the floats. Many were pre-k children. My mind went to the Texas pre-k teacher who said under the “Welcoming Schools Program”, she must explain homosexuality to 4 year olds and teach them that “gay love is beautiful”. https://bit.ly/2sgVO3e Watching the toddlers laughing, playing and scrambling for candy, the thought of interrupting their innocence to indoctrinate them with confusing leftist propaganda is the height of wicked child abuse.

The parade float that truly moved me featured a female soldier in uniform who stood frozen at attention saluting our flag in the unforgiving sun and heat. The float had a hand written sign which read, “Stand for the flag”. This woman’s respect, discipline and commitment spoke a powerful silent message about how proud she is to be an American and what it means to be an American. As I watched the touching float move out of my sight, the soldier remained frozen.

Look at this woman’s display of extreme respect for our flag in light of NFL players’ ongoing displays of disrespect for our flag, country, police and military.

Last football season, Trump said it was shameful for NFL players to disrespect our flag. Sports media, democrats, Hollywood, NFL management and players joined in a gang assault attacking Trump. They blasted their narrative 24/7 that idiot president Trump picked a fight with the NFL. These leftists had no idea that outraged angry football fans and the American people would side with Trump. So this season, the NFL made a smart business decision not to permit players to, in essence, give America their middle fingers on the field.

The NFL rule this season is players who kneel during the National Anthem will be fined. Displaying remarkable arrogance and disrespect for fans who buy tickets, the NY Jets owner said he will pay the fine https://bit.ly/2scZzY0; in essence, coddling his spoiled brat, ungrateful and disrespectful millionaire players.

Paw Paw’s parade was an extravaganza of patriotism with red, white and blue – stars and stripes displayed on horses, floats, cars, people and even babies. Clearly, Paw Paw is love America Trump country;Trump election signs still live on a few lawns. And yet, none of my mostly white fellow Paw Paw residents called me the “n” word or tried to lynch me. Fake news, mainstream media relentlessly promote their lie that Trump voters are white supremacists who hate everyone not like them. The atmosphere of the Memorial Day festivities was laid back and friendly – families enjoying themselves.

Mary and I are a black/white interracial couple. Shortly after moving into our Paw Paw home, white neighbor Peggy knocked on our front door welcoming us with an apple pie. White neighbor Ron showed up one day with corn from his garden which he promised would be the sweetest we have ever eaten. Ron was correct. Elderly white gentleman Charley and his buddy George pulled in our driveway to personally welcome us to Paw Paw.

Paw Paw’s Memorial Day parade, antique car show and festivities were refreshing and delightful. It represents the real America that is demeaned, impugned and despised by leftists. These folks voted for Trump because they felt leftists’ tyranny and knew our country was swiftly moving in the wrong direction. Trump respects everyday real Americans and is working hard for us.

Mid-term elections are coming in November. If democrats take congress, the deep state will surely impeach Trump. As crazy as this sounds, the deep state does not want America made great again. We must stay engaged helping Republicans keep control of congress.

It was a great day in Paw Paw, WV, Trump country USA. I am extremely proud of my wife Mary for showing remarkable restraint, sticking to her diet by not purchasing fried dough covered with powdered sugar.

Lloyd Marcus, The Unhyphenated American
Help Lloyd spread the Truth: http://bit.ly/2kZqmUk
http://LloydMarcus.com

05/26/18

China Annexed the DPRK, C’mon Admit it, China is an Adversary

By: Denise Simon | Founders Code

Primer: The Fiscal 2019 NDAA imposes a ban on technology products from Chinese firms such as ZTE and Huawei. Yet, North Korea has it courtesy of China.

And:

The Financial Crimes Enforcement Network (FinCEN) is issued this advisory to further alert financial institutions to North Korean schemes being used to evade U.S. and United Nations (UN) sanctions, launder funds and finance the North Korean regime’s weapons of mass destruction (WMD) and ballistic missile programs.

Private companies in China are not private at all. The Chinese state holds at least some stock and often a larger voting block. Private Chinese companies invest all over the world including Venezuela, the United States and Britain as well as regions such as Latin America and Africa.

You can bet most of those companies in North Korea are actually owned by the Chinese State.

China does bad things and yet no world leader publicly states that fact nor declares China as an adversary while China has declared the United States as an adversary. President Xi, the now eternal ruler, quotes a dynasty cliche: ‘Tǒngzhì yīqiè zài yángguāng xià’, the translation is rule everything under the sun.

So now we have ZTE: ZTE, once the scourge of U.S. authorities for its violations of Iran sanctions, has become a key source of evidence about North Korea’s use of the American financial system to launder money, said the people, who gave details about the confidential investigations on the condition of anonymity. Federal investigators have been poring through data supplied by ZTE to find links to companies that North Korea has used to tap into the U.S. banking system, the people said.

Using evidence from ZTE, prosecutors on June 14 filed a case seeking $1.9 million held in six U.S. bank accounts in the name of China’s Mingzheng International Trading Limited. Prosecutors allege that Mingzheng is a front company for a covert Chinese branch of North Korea’s state-run Foreign Trade Bank. Between October and November 2015, Mingzheng was a counterparty to 20 illicit wire transfers in violation of the International Emergency Economic Powers Act, according to prosecutors.

On Aug. 22, prosecutors in Washington filed a lawsuit seeking more than $4 million in funds tied to China’s Dandong Chengtai Trading Limited and a network of companies owned by Chi Yupeng, a Chinese national with close ties to North Korea’s military. That same day, the Treasury Department added Dandong Chengtai Trading and several of its business affiliates, as well as Mingzheng, to the sanctions list. More here.

During the negotiations for the talks between Kim Jung-Un and President Trump, ZTE was thrown in the mix. Why? China made some demands during the recent trade talks. It was just announced that Trump imposed a $1.5 billion fine on ZTE and relayed that to President Xi. More negotiations and the final fine was $1.3 billion, plus alter the board members of ZTE, which means that the Chinese state cannot have any management or vote. China will skirt that too. How so?

AEI explained it for us and quite well.

One of the substantial challenges in curtailing North Korea’s nuclear program is preventing Chinese companies from doing business with their pals in Pyongyang. Usually, Chinese companies in North Korea operate through networks of shell companies to avoid falling afoul of US and international sanctions. And most of these companies are small in scope and can easily rebrand themselves if caught. Enter Zhongxing Telecommunications Equipment (ZTE), not a small, expendable subsidiary, but instead a large PRC state-owned enterprise (SOE) with over 74,000 employees.

ZTE has transferred US technology to North Korea, supplying the Kim regime with US telecommunications tech that strengthens its defense capabilities by allowing it indirect access to US semiconductors (dual use technology for communications).  For that and other transgressions — including violating US Iran sanctions — ZTE paid a monster fine and entered into an agreement with the US to cease and desist. It was caught violating that agreement and banned from business with the United States as a result.

But President Trump offered China’s state-owned ZTE a lifeline via a May 13 tweet. Apparently, all that it took was for Chinese President Xi to dangle access for US agriculture exports to China in exchange for allowing ZTE to continue to do business with American firms. For what it’s worth, the president denied intending to lift the sales ban, but then followed up to describe a punishment that includes lifting the sales ban.

What’s Donald Trump’s message to Beijing (and Pyongyang and Tehran)? Companies that matter to China’s top leadership can violate US sanctions with impunity. All it takes is the will to blackmail the US and large Chinese SOEs will have carte blanche to supply the rogue regimes of the world.

Remember, Chinese SOEs that do business with North Korea are not motivated merely by profit. Instead, they are motivated by policy directives that originate in the Chinese Communist Party. Historically, China’s position on North Korea has been fairly opaque, yet its continued trade with the regime indicates Beijing has an interest in its wellbeing, in direct opposition to US interests and overall security in Asia.

At the end of the day, President Trump says he wants to cripple North Korea’s nuclear program. If North Korean dictator Kim Jong Un won’t denuclearize voluntarily, the US will have to rely on “maximum pressure,” including aggressive sanctions. Forgiving ZTE for violating US law is yet another example of the US shooting itself in the foot in dealing with North Korea. And probably not the last.

Meanwhile, as North Korea blew up the tunnels leading to the already destroyed nuclear test site, no one has asked where are those nuclear weapons now? No one has mentioned other possible military dimension sites or missile locations. Just as a reminder.

05/24/18

FBI Working to Stop Massive Russian Malware Network

By: Denise Simon | Founders Code

Cisco’s Talos research unit yesterday reported its discovery of VPN Filter, a modular and stealthy attack that’s assembled a botnet of some five-hundred-thousand devices, mostly routers located in Ukraine. There’s considerable code overlap with the Black Energy malware previously deployed in attacks against Ukrainian targets and the US Government has attributed the VPN Filter campaign to the Sofacy threat group, a.k.a. Fancy Bear, or Russia’s GRU military intelligence service.

Ukrainian cybersecurity authorities think, and a lot of others agree with them, that Russia was gearing up a major cyberattack to coincide with a soccer League Championship match scheduled this Saturday in Kiev as part of the run-up to the World Cup. They also think it possible an attack could be timed for Ukraine’s Constitution Day, June 28th.

The US FBI has seized a key website used for VPN Filter command-and-control, which US authorities hope will cripple the campaign. The Justice Department says that VPN Filter could be used for “intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities.”

***

FBI agents armed with a court order have seized control of a key server in the Kremlin’s global botnet of 500,000 hacked routers, The Daily Beast has learned. The move positions the bureau to build a comprehensive list of victims of the attack and short-circuits Moscow’s ability to reinfect its targets.

The FBI counter-operation goes after  “VPN Filter,” a piece of sophisticated malware linked to the same Russian hacking group, known as Fancy Bear, that breached the Democratic National Committee and the Hillary Clinton campaign during the 2016 election. On Wednesday security researchers at Cisco and Symantec separately provided new details on the malware, which has turned up in 54 countries including the United States.

VPN Filter uses known vulnerabilities to infect home office routers made by Linksys, MikroTik, NETGEAR, and TP-Link. Once in place, the malware reports back to a command-and-control infrastructure that can install purpose-built plug-ins, according to the researchers. One plug-in lets the hackers eavesdrop on the victim’s Internet traffic to steal website credentials; another targets a protocol used in industrial control networks, such as those in the electric grid. A third lets the attacker cripple any or all of the infected devices at will.

The FBI has been investigating the botnet since at least August, according to court records, when agents in Pittsburgh interviewed a local resident whose home router had been infected with the Russian malware. “She voluntarily relinquished her router to the agents,” wrote FBI agent Michael McKeown, in an affidavit filed in federal court. “In addition, the victim allowed the FBI to utilize a network tap on her home network that allowed the FBI to observe the network traffic leaving the home router.”

FBI working to disrupt massive malware network linked to Russia

The FBI is working to disrupt a massive, sophisticated Russia-linked hacking campaign that officials and security researchers say has infected hundreds of thousands of network devices across the globe.

The Justice Department late Wednesday announced an effort to disrupt a botnet known as “VPNFilter” that compromised an estimated 500,000 home and office (SOHO) routers and other network devices. Officials explicitly linked the botnet to the cyber espionage group known as APT 28, or Sofacy, believed to be connected to the Russian government.

Officials said that the U.S. attorney’s office for the western district of Pennsylvania has obtained court orders allowing the FBI to seize a domain that is part of the malware’s command-and-control infrastructure. This will allow officials to redirect attempts by the malware to reinfect devices to an FBI-controlled server, thereby protecting devices from being infected again after rebooting.

Assistant Attorney General for National Security John C. Demers in a statement described the effort as the “first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities.”

Cybersecurity researchers first began warning of the destructive, sophisticated malware threat on Wednesday. Cisco’s Talos threat intelligence group said in a blog post Wednesday that VPNFilter had infected at least 500,000 devices in 54 or more countries.

The researchers had been tracking the hacking threat for several months and were not ready to publish their findings, but when the malware began infecting devices in Ukraine at an “alarming rate,” they decided to publish their research early.

“Both the scale and the capability of this operation are concerning. Working with our partners, we estimate the number of infected devices to be at least 500,000 in at least 54 countries,” the researchers wrote.

The malware targets home and office routers and what are known as network-access storage (NAS) devices, hardware devices that store data in one, single location but can be accessed by multiple individuals — creating a massive system of infected devices, commonly known as a botnet.

VPNFilter also uses two stages of malware, an unusual set up that makes it more difficult to prevent a device from being re-infected after it is rebooted. The FBI on Wednesday urged individuals whose devices may have been infected to reboot them as soon as possible.

The FBI is also also soliciting help from a nonprofit known as the Shadowserver Foundation, which will pass the IP addresses to internet service providers, foreign computer emergency teams and others to help stem the damage.

The malware is the latest sign of the growing cyber threat from Russia. News of the outbreak comes roughly a month after senior U.S. and British officials blamed the Russian government for coordinated cyberattacks on network devices in an effort to conduct espionage and intellectual property theft.

The U.S. has also blamed Moscow for the global cyberattack known as notPetya that ravaged computers across the globe last summer, calling it the most destructive and costly cyberattack in history.

The code of VPNFilter has similarities with version of another malware known as BlackEnergy, which was used in an attack on Ukraine’s power grid in late 2015. The Department of Homeland Security has linked the malware to the Russian government.

05/24/18

President Trump Withdraws from North Korea Nuclear Summit

By: Denise Simon | Founders Code

There are several things in play. China, Iran and Russia and North Korea are watching all U.S. positions and it began with the Pompeo demands announced of Iran since exiting the JCPOA, nuclear deal. Iran has not only responded with several nasty-grams, they are also being threatening  towards Europe on many of their demands to stay in the deal.

National Security Counsel chair John Bolton is also being blamed by North Korea for the breakdown due to the reference of the Libya model. That is an excuse as the Libya model for removing the nuclear program was far in advance of the removal of Maummar Gaddafi and his eventual death.

Further, there is the matter of China injecting itself into the preparations and talks between North Korea and the United States. North Korea follows all advice and leads from President Xi. Now, where are those pesky nuclear weapons in North Korea since the nuclear test site collapsed and was further blown up in a gesture move for selected outside media?

There is also the issue of the other locations of interest in North Korea that the United States is well aware of that proves China has aided and assisted in the military sites and nuclear program as has Iran and Russia. China does not want to be confronted with that proof.

Further, there is the matter of the ‘nuclear umbrella’.

In this book, Terence Roehrig provides a detailed and comprehensive look at the nuclear umbrella in northeast Asia in the broader context of deterrence theory and U.S. strategy. He examines the role of the nuclear umbrella in Japanese and South Korean defense planning and security calculations, including the likelihood that either will develop its own nuclear weapons. Roehrig argues that the nuclear umbrella is most importantly a political signal demonstrating commitment to the defense of allies and is used as a tool to prevent further nuclear proliferation in the region. While the role of the nuclear umbrella is often discussed in military terms, this book provides an important glimpse into the political dimensions of the nuclear security guarantee. As the security environment in East Asia changes with the growth of North Korea’s capabilities and China’s military modernization, as well as Donald Trump’s early pronouncements that cast doubt on traditional commitments to allies, the credibility and resolve of U.S. alliances will take on renewed importance for the region and the world.

The U.S. nuclear umbrella in the region is not focused on North Korea, but also incorporates planning against potential Chinese aggression. Nullifying or weakening the umbrella over the Peninsula, some would argue, might leave South Korea open to potential Chinese coercion and send the wrong signal at a time when China is seem by some as trying to pressure Taiwan and reassert its influence in the region.

Related reading: Japan Under the US Nuclear Umbrella

Related reading: The US Nuclear Umbrella Over South Korea

05/24/18

Russia’s 53rd Missile Brigade Did Shoot Down MH17

By: Denise Simon | Founders Code

Now the question is why? Could it have been a single message to Ukraine to not mess with Russia as it was invading Ukraine? And directly after this attack, the President of Petro Poroshenko fled to Russia.

The other question is, what is the consequence for Russia? MH17, a passenger jet was flying from Amsterdam to Kuala Lampur and was blown out of the sky over Ukraine. Communications intercepts show that pro-Russian rebels had called for the launch of a surface to air missile weapon.

Fred Westerbeke, Chief Prosecutor of the Dutch Prosecutor’s office, presents interim results in the ongoing investigation of the 2014 MH17 crash that killed 298 people over eastern Ukraine, during a news conference in Bunnik, Netherlands, May 24, 2018. REUTERS/Francois Lenoir

BUNNIK, Netherlands (Reuters) – Prosecutors investigating the downing of Malaysia Airlines Flight 17 over eastern Ukraine in 2014 said on Thursday they had identified the missile used to shoot down the plane as coming from a Russian military unit. The airliner was hit by a Russian-made missile on July 17, 2014, with 298 people on board, two-thirds of them Dutch, over territory held by pro-Russian separatists. All aboard died.

Wilbert Paulissen, head of the crime squad of the Netherlands’ national police, said the missile had been fired from a carrier belonging to Russia’s 53rd Anti-Aircraft Brigade.

“All the vehicles in a convoy carrying the missile were part of the Russian armed forces,” he told a televised news conference.

Russia has denied involvement in the incident. There was no immediate comment from Moscow on the investigative development.

In an interim update on their investigation, prosecutors said they had trimmed their list of possible suspects from more than a hundred to several dozen.

“We have a lot of proof and a lot of evidence, but we are not finished,” said chief prosecutor Fred Westerbeke. “There is still a lot of work to do.”

He said investigators were not yet ready to identify individual suspects publicly or to issue indictments. The question of whether members of the 53rd Brigade were actively involved in the downing of the plane remains under investigation, he said.

Westerbeke called on witnesses, including members of the public, to help identify members of the crew that was operating the missile system. He also asked for tip-offs in determining what their orders were and in identifying the officials in charge of the brigade.

A Joint Investigation Team, drawn from Australia, Belgium, Malaysia, the Netherlands and Ukraine, is gathering evidence for a criminal prosecution in the downing of the plane.

The Dutch Safety Board concluded in an October 2015 report that the Boeing 777 was struck by a Russian-made Buk missile.

Westerbeke called on witnesses, including members of the public, to help identify members of the crew that was operating the missile system. He also asked for tip-offs in determining what their orders were and in identifying the officials in charge of the brigade.

A Joint Investigation Team, drawn from Australia, Belgium, Malaysia, the Netherlands and Ukraine, is gathering evidence for a criminal prosecution in the downing of the plane.

The Dutch Safety Board concluded in an October 2015 report that the Boeing 777 was struck by a Russian-made Buk missile.

Dutch prosecutors said in September 2016 that 100 “persons of interest” had been identified in the investigation, while Australian and Malaysian officials had initially expressed hope that suspects’ names would be made public in 2017.

Eventual suspects are likely to be tried in absentia in the Netherlands after Russia used its veto to block a U.N. Security Council resolution seeking to create an international tribunal to oversee criminal complaints stemming from the incident.

05/23/18

Sec. State Pompeo’s Note-taking During Hearing

By: Denise Simon | Founders Code

This was a Congressional Budget Session for the State Department Fiscal year 2019.

The Congressman Gregory Meeks got on his high horse about the commitment to diplomatic security. Meeks in his last comment proved to be an ass. Check out that little 3 minute snippet here.

Now, we can’t know if this is a ‘to-do’ list for himself or those of his staff, but an Associated Press photographer captured an interesting photo.

So, let’s go down the list shall we?

#7 Meet IG: There are several that have been published recently with regard to the State Department. They include: Operation Inherent Resolve and Operation Pacific Eagle, a Fraud Alert and Operation Freedom’s Sentinel. (The Freedom’s Sentinel is a quarterly report) Click here to see those IG reports.

#8 Jim Donovan: Last year, Donovan was on the short list to be Deputy Treasury Secretary and withdrew his name. He is a managing director and partner at Goldman Sachs and has close ties to Jeb Bush and Mitt Romney.

#9 Call Lavrov: Well, we should all know him, he is the Minister of Foreign Affairs of Russia. Now this is an interesting call because Lavrov is on his way to visit the DPRK, you know lil Kim Jung-Un and Lavrov have been nurturing a relationship with Zohrab Mnatsakanyan, the Foreign Minister of Armenia. Or how about telling Lavrov, “Hey dude, this meddling thing and propaganda gig against the U.S. comes with consequences.”

#10 Mexico Ambassador: This could have a couple of options. a) Our National Guard on the border, b) The U.S ambassador to Mexico resigned in March and we presently don’t have one. Under consideration is Edward Whitacre Jr., a former CEO at General Motors and AT&T. Whitacre has also worked previously with Carlos Slim, Mexico’s richest man.

This brings us to #11 Carlos Slim: Could this be some kind of NAFTA issue or regarding The Economic Coordinating Council in Mexico?

#12 Robert Reilly: Reilly has a long history at the State Department and in global media. He is a conservative and a senior policy fellow at the America Foreign Policy Council, The Claremont Institute. He was part of the Information Strategy Office at the Pentagon as well as a senior advisor on Operation Iraqi Freedom.

#13 Need help…no idea.

#14 Diversity Data….hummm.

Could bad math have us skipping to #20? Sam Feist: Well, perhaps Pompeo has a whole truck load of stuff to discuss with Sam. He is the Senior Vice President, Washington Bureau Chief for CNN.

#21 Help…no idea.

#22 PC on Iran: After the Deal to a New Deal? Europe vs. U.S. on sanctions maybe?

Meanwhile: Pompeo says Singapore is “still” a go, cites “the preparations for our historic meeting with North Korea, still scheduled for June 12. We have a generational opportunity to solve a major national security challenge.” “We are clear-eyed about the regime’s history. It’s time to solve this once and for all. A bad deal is not an option. The American people are counting on us to get this right. If the right deal is not on the table, we will respectfully walk away.”

Pompeo assumed a similarly hard line on resuming talks with Iran, promising to “apply unprecedented financial pressure” and suggesting that economic sanctions are just one of several measures the United States will use against the regime in Tehran. To achieve a new nuclear deal, he added, Iran “simply needs to change its behavior.”

He did not back off the Trump administration’s threat to apply sanctions to European companies that do business with Iran, saying companies must wind down operations in Iran or else face penalties and promised lawmakers that: “We will come back to you seeking further authority” for additional measures to squeeze Tehran.

But the hearing turned combative as Democrats challenged Pompeo for presenting Congress with a State Department budget that maintains deep cuts to diplomatic and developmental activities — a budget that Rep. Eliot L. Engel (NY), the ranking Democrat on the foreign affairs panel, called “insulting” and predicted that Congress would reject. More here.

05/23/18

First Cuba, Now China? US State Dept. Reports An American Falls Ill After ‘Abnormal’ Sounds

By: Terresa Monroe-Hamilton

It’s happened again… this time in China. An American government employee who is stationed in southern China is now showing signs of possible brain injury after reporting disturbing sounds and sensations, the State Department said on Wednesday. This is eerily similar to incidents out of Cuba. When they first started happening in Cuba, I said that it was some type of weapon, probably from the Russians or the Chinese and here we are. This employee is suffering now from the same ailments as the individuals in Cuba experienced. The question is… we removed most of our diplomats from Cuba over this, will we do so in China?

The State Department warning was issued through the United States Consulate in Guangzhou, a city in southern China. Americans were advised to seek medical attention if they felt similar symptoms. No other cases have been reported… yet. Someone is obviously targeting American diplomats and it is happening in countries that are unfriendly to us. They are using our people as guinea pigs. “A U.S. government employee in China recently reported subtle and vague, but abnormal, sensations of sound and pressure,” the health alert said. “We do not currently know what caused the reported symptoms and we are not aware of any similar situations in China, either inside or outside of the diplomatic community.” You can bet they know exactly what is going on here and aren’t saying.

The employee, who was working in Guangzhou, “reported experiencing a variety of physical symptoms” from late 2017 until April, Jinnie Lee, a spokeswoman for the United States Embassy in Beijing, said in an emailed response to questions. So, this has been going on for awhile in tandem with Cuba. Secretary of State Mike Pompeo told the House Foreign Affairs Committee on Wednesday that medical teams were heading to Guangzhou to address the issue. “The medical indications are very similar and entirely consistent with the medical indications that have taken place to Americans working in Cuba,” he said.

This does not bode well for our relations with China. Yesterday, North Korea wobbled on the summit meeting with President Trump. It’s rumored that China and Iran are behind the change of heart there. And now the Pentagon has disinvited China from an international military exercise over its militarization of islands in the South China Sea.

The American embassy in China was told today “that the clinical findings of this evaluation matched mild traumatic brain injury,” according to Ms. Lee, who said she could not reveal any more details to protect the employee’s privacy. Mild traumatic brain injury can show up as headache, dizziness, nausea, poor memory and a general foggy sensation. The Chinese Ministry of Foreign Affairs did not immediately answer faxed questions about the ill American, but Pompeo said the Trump administration had asked the Chinese government for assistance in an investigation, “and they have committed to honoring their commitments under the Vienna convention.” Sure they have, just like the Cubans did.

The Vienna convention requires that countries protect diplomats stationed in their nations. Of course, everything is ruled by plausible deniability, isn’t it? So far, our government is not accusing the Chinese of foul play here. But I think it is pretty clear they are suspected of it. Americans already bristle at dealing with communists… this isn’t going to assuage anyone’s trepidation over trade, military dealings or sovereignty. Both countries where the attacks have taken place are communist.

In late 2016, diplomats posted to the United States Embassy in Havana began complaining of hearing strange, wrenching noises and suffering symptoms like headaches, dizziness and loss of hearing. A total of 24 Americans were confirmed as suffering from the attacks, most of them diplomats and some diplomats’ spouses. We still don’t know the cause, but I contend it is sonic weaponry of some sort. The United States has expelled at least 17 Cuban diplomats to underscore its view that Cuba bears some responsibility. Will we follow suit with the Chinese? Unlikely as they hold a ton of our debt. Cuba and China of course are denying any involvement… it’s the Schultz defense… “I know nothing!”

Senator Marco Rubio frequently dismissed the notion that Cuba could have been unaware of what American diplomats termed an “attack.” “The idea that someone could put together some sort of action against them, 24 of them, and the Cuban government not know who did it, it’s just impossible,” Rubio said in a Senate hearing in January. I could not agree more. Rubio also joins in my belief that Russia or China are behind these attacks.

Approximately 2,000 US employees are stationed in China. Diplomats based in the country are probably among the most closely watched by Chinese security services. The Chinese fear spies because that is what they do. The State Department is not taking chances. “While in China, if you experience any unusual acute auditory or sensory phenomena accompanied by unusual sounds or piercing noises, do not attempt to locate their source,” the notice from the consulate said. “Instead, move to a location where the sounds are not present.” Yeah, that’s not exactly helpful or proactive. I suggest they find the source and fast before it’s used on our military or an American population center.

The United States Consulate in Guangzhou, China. The State Department said a government employee posted in the city had reported “subtle and vague, but abnormal, sensations of sound and pressure.”CreditU.S. Department of State