ThereAreNoSunglasses

American Resistance To Empire

Kaspersky’s War On Crowdstrike Evangelist Dmitri Alperovitch

[I have discovered the following 2011 analysis by Eugene Kaspersky on the quality of the analysis work by Dmitri Alperovitch, the genius behind CROWDSTRIKE (former analyst for McAfee).  (SEE BELOW) It is totally negative.  Following that report is another Western media song of praise for the work of Crowdstrike…, for some reason, it can only be found in cache.  Between the two points of view, can we begin to understand what just happened w/Kaspersky’s man Ruslan Stoyanov?–(SEE: Head Of Investigations At Russia’s Biggest Cybersecurity Firm Arrested For Treason).]

kasperskys-blog

 

August 18, 2011

Shady RAT: Shoddy RAT.

Last week, Congresswoman Mary Bono Mack (CA-45), Chairman of the House Subcommittee on Commerce, Manufacturing and Trade, sent a letter to Dmitri Alperovitch, Vice President of Threat Research at McAfee, requesting further information on his recently published report “Revealed: Operation Shady RAT.”

First of all I’d like to say straight out that we do not share the concerns surrounding the intrusion described in the report, which intrusion the report claims has resulted in the theft of sensitive information of multiple governments, corporations and non-profit organizations.

We conducted detailed analysis of the Shady RAT botnet and its related malware, and can conclude that the reality of the matter (especially the technical specifics) differs greatly from the conclusions made by Mr. Alperovitch.

We consider those conclusions to be largely unfounded and not a good measure of the real threat level. Also, we cannot concede that the McAfee analyst was not aware of the groundlessness of the conclusions, leading us to being able to flag the report as alarmist due to its deliberately spreading misrepresented information.

I’d like to give my own answers to the key questions posed in the letter, to firmly establish the assessment of the situation by Kaspersky Lab as global security researchers – not only for the US, but for all nations concerned with cybercrime and advanced threats.

The report suggests the high-profile intrusions of recent months are neither sophisticated nor novel. How do these unsophisticated intrusions differ from the intrusions that were the focus of your report?

Many of the so-called “unsophisticated” intrusions that the IT security industry has discovered recently and which have been so prominent in the news should in fact be labeled just the opposite: “sophisticated”.

These sophisticated threats – such as TDSS, Zeus, Conficker, Bredolab, Stuxnet, Sinowal and Rustock – pose a much greater risk to governments, corporations and non-profit organizations than Shady RAT.

For example, TDSS controls one of the world’s largest zombie networks, made up of more than 4.5 million computers worldwide. It contains extremely sophisticated techniques and implements a whole range of risky payloads that can lead to the theft of sensitive information and even funds in bank accounts, to spam distribution, DDoS attacks and much more.

On the other hand, most security vendors did not even bother assigning a name to Shady RAT’s malware family, due to its being rather primitive.

Are such intrusions something the government and private sector can effectively prevent or mitigate on a continuing basis?

Most commercially-available anti-virus software is capable of preventing infection by the malware involved in Operation Shady RAT; most doesn’t require a special update to do so either, capable of detecting the malware generically.

Did the logs analyzed by McAfee reveal novel techniques or patterns that would be helpful in our efforts to combat cybercrime?

We are fairly sure that the logs that McAfee analyzed did not differ from the logs all the other security vendors analyzed.

Here are our findings: unlike malware from the abovementioned sophisticated samples, we found no novel techniques or patterns used in this malware. What we did find were striking shortcomings that reveal the authors’ low level of programming skill and lack of basic web security knowledge.

In addition, the way the malware spread – via masses of spam messages with infected files attached – is now considered to be old hat; most modern malware uses web attacks to get to target computers. Shady RAT also never used any advanced or previously unknown technologies for hiding itself in the system, any countermeasures against anti-viruses, or any encryption to protect the traffic between the servers and infected computers. Needless to say, these are features inherent only in sophisticated malware.

What is the greater target: intellectual property and national security information, or consumer information that can be used to perpetrate identity theft?

There is no evidence showing what sort of data has been acquired from infected computers, or if any data has been acquired at all.

We can only understand what data (if any) has been stolen by conducting an in-depth investigation within an affected organization to examine the actual access rights of the infected computers.

The report suggests that the more insidious intrusions are more likely to occur without public disclosure. Would more public disclosure help or harm industry efforts to fight this type of cybercrime?

Some of the more insidious intrusions take place without the general public becoming aware of them. What’s more, they can go undetected for some time before being discovered by the IT security industry, and this is likely to continue due to the nature of the architecture of modern software and the Internet.

However, regarding Shady RAT, the IT security industry did know about this botnet, but decided not to ring any alarm bells due to its very low proliferation – as confirmed by our cloud-based cyber-threat monitoring system and by other security vendors. It has never been on the list of the most widespread threats.

For years now the industry has adopted the simple and helpful rule of not crying wolf.

A very important question that has slipped off the radar is what state is behind this intrusion?

It’s not possible to give a straight and clear answer to this question; however, it looks overwhelmingly likely that no state is behind the Shady RAT botnet. How the botnet operates and the way the related malware is designed reveals startling fundamental defects hardly indicative of a well-funded cyber-attack backed up by a nation state.

A good example of a cyber-attack most likely backed by a nation state is Stuxnet. Just compare the number of vulnerabilities used, special techniques, and the various assessments of the development cost. With Shady RAT we are dealing with a lame piece of homebrew code that could have been written by a beginner.

On the black market the Shady RAT malware would be valued at not much more than a couple hundred dollars. Even if an “evil” state were to decide to launch a targeted attack, it could buy much more sophisticated malware for just $2,000 – $3,000. And most certainly the evil state wouldn’t use the same command and control server for five years, and then keep it operating after it was revealed in the world media that it had been exposed – allowing security researchers to conduct in-depth analysis of the botnet.

We believe that this act was performed by rather novice criminals who were testing the ground, but who didn’t improve their skills much at all since the date they started the botnet.

To summarize the Shady RAT report:

Was it the most sophisticated attack ever?

No.

Was it the longest-lasting attack ever?

No.

Was it a historically unprecedented transfer of wealth?

No.

Is there proof that 71 organizations were compromised and had data leaked?

No.

Was it backed up by a state?

No.

Does Shady RAT deserve much attention?

No.

Useful link: Comment from Alex Gostev, Kaspersky Lab’s Chief Security Expert

Moscow’s cyber warriors in Ukraine linked to US election

Financial Times

 

 

 

Security firm accuses Russian intelligence’s ‘Fancy Bear’ hackers

crowdstrikeCrowdstrike
by: Demetri Sevastopulo and Courtney Weaver in Washington

The discovery of an alleged Russian government hack of a Ukrainian mobile phone app has boosted investigators’ confidence that Moscow was behind the hacking of Democratic National Committee servers in the US before the presidential election, cyber security firm CrowdStrike said.

The firm, which was hired by the DNC to rebuild its cyber defences after the attack, said Fancy Bear — a code name it assigned to hackers that it believes are associated with Russian military intelligence, the GRU — had implanted malware in an Android mobile phone application used by anti-Russian forces operating in eastern Ukraine. Identifying the perpetrators of cyber intrusions is notoriously hard as attackers can conceal their identity. But Dmitri
Alperovitch, the co-founder of CrowdStrike, said his confidence level that the DNC hack was the work of GRU hackers had risen from “medium” to “high” because of the alleged Ukrainian hack between 2014 and 2016. Mr Alperovitch said the same malware was used for both the Ukraine attacks and the DNC hack. He said Fancy Bear was the only group of hackers that had previously used the malware, and that the source code was not publicly available, leading to the conclusion that the GRU-affiliated hackers were behind both of the cyber attacks. The emergence of more evidence of Russian hacking comes as Donald Trump, the president-elect, continues to dismiss as “ridiculous” suggestions from the CIA and other US intelligence agencies that the Kremlin orchestrated cyber attacks in the US to interfere with the presidential election. Several US congressional committees are probing the attacks, which President Barack Obama has blamed on the Russians. “My hope is that the president-elect is going to similarly be concerned with making sure that we don’t have potential foreign influence in our election process,” Mr Obama said last week at a press conference. Mr Obama has also ordered an investigation, which will be finished before he leaves office, into the hacks. Asked whether he believed Russian president Vladimir Putin had personally authorised the hacking, Mr Obama responded: “I’d make a larger point, which is, not much happens in Russia without Vladimir Putin. This is a pretty hierarchical operation.”
According to CrowdStrike, the hackers installed malware in an Android-based mobile phone application developed by the Ukrainians to improve the targeting of Soviet-era D-30 Howitzer artillery guns. The firm said the deployment of the Fancy Bear malware may have helped reconnaissance against Ukrainian forces. “The ability of this malware to retrieve communications and gross locational data from an infected device makes it an attractive way to identify the general location of Ukrainian artillery forces and engage them,” CrowdStrike said.

Mr Alperovitch said the target of the attack increased the certainty that it was affiliated with the GRU. While the evidence was not conclusive, he said Ukrainian forces lost 80 per cent of their Howitzers over a two-year period, but lost only 50 per cent of other artillery that did not rely on the app. Since 2014, Russia has been engaged in hybrid warfare in Ukraine where it has used cyber and informational campaigns to weaken the new western-backed government in Kiev and aid the pro-Russia separatists who currently control a swath of Ukraine’s east. Last year, Ukrainian authorities accused Russia of successfully shutting down several of the country’s power grids through a cyber attack. While Moscow denied the attack, several cyber security experts said the malware was likely the result of a group of Russian hackers called the Sandworm team, a group that previously had tried similar attacks in the US and Europe. Mr Alperovitch said CrowdStrike found evidence of the malware over the summer, but needed time to investigate fully. He said the conclusions had been handed to security officials in the US government. The increased focus on Russian cyber attacks comes after months of controversy in the US about the role that Mr Putin and the Kremlin may have played in the hacking of the Democratic party and its officials. Some members of the Clinton campaign have blamed the hacking, which resulted in the release of thousands of emails that had been provided to WikiLeaks, for their unexpected loss to Mr Trump. European countries, including Germany and France, are also increasingly alarmed about the potential for Russia to influence elections across Europe with everything from pure hacking to the use of botnets — networks of infected private computers — to accelerate the proliferation of fake news that can influence voters. Twitter: @dimi

Hafiz Saeed Allegedly Arrested In Pakistan Under Pressure From Trump

Hafiz Saeed arrested in PAK: Modi’s pressure told in the video, playing a trump friendship with India

dainik-bhaskar

Danikbaskrkcom | John thirty-one

Hafiz Muhammad Saeed, house arrest, Pakistan media, national news in hindi, national news

Monday afternoon, the Home Minister of Pakistan Chaudhry Nisar said that Saeed had been declared a terrorist by the US. Saeed Khan also said that Pakistan was to keep an eye on since 2010.

New Delhi / Islamabad. The Government of Pakistan Lashkar-e-Taiba chief Hafiz Saeed on Monday placed under house arrest. However, it released a video of himself arrested Hafiz Saeed said. He has blamed Modi for arrest. According to Pakistan’s Aarway channel, Saeed under house arrest for fear of the US’s new president is Donald Trump. The government of Sindh in Pakistan have confirmed the arrest of Saeed. It is said that Saeed in Lahore is placed on a secret location. What the Home Minister said Pakistan …

 

– Please tell the Monday afternoon the Home Minister of Pakistan Chaudhry Nisar Ali Khan told the media that the Jamaat-ud-Dawa chief Hafiz Saeed, the US has declared a terrorist. Saeed Khan also said that Pakistan was to keep an eye on since 2010.
– Khan, Jamaat is clearly banned organization. The UN Security Council has banned him. The government will have to take action against him. Chowdhury said the action is pending against Saeed long time. Nisar’s statement came hours after Saeed was arrested.
– Asked about US President Trump Trump Khan said people who are the target of the victims of terrorism. Where the US has been targeting terrorists?
Trump took action, fearing Pakistan
– Pakistan’s media trump the fear of government step are told. Please tell the US citizens of the 7th Muslim countries have been banned from coming to America. It is believed that Pakistan is the US ban.
– Trump has clear ban will be imposed on countries that export terrorism. Saeed’s detention for fear of the US is seen as a step.
– Pakistani security expert said Arif Jamal Saeed telling herself that she was arrested because of Modi and the US.
After the arrest video released
Stunningly, after the arrest Saeed issued a video message to his supporters.
– In it he said, “brothers in Islam. Especially my Kashmir brethren. Where-as far as my voice rose. I want to say that international pressure Hukumat Pakistan decided to arrest me. Which I was informed. I think that all this is happening because of international pressure.
– “In Pakistan, the Jamaat-ud-Dawa is not a question of. We have made sacrifices to protect Pakistan. We Relief and Education (Education) has worked on. We have joined with their brothers in Balochistan. We also help people in Sindh. And especially we stood for Kashmir.
– “K for the year I made the program. February 5 was supposed to work on it. So I suspect that they will not tolerate talk of India. And that of course will put pressure. Since the time Trump and new US President (President) is made. And that he wants to be a great friendship. Their mutual cases. However, Americans are not our issues. Our issue is with India. The issue of Kashmir. But he put the emphasis.
Hafiz Saeed, who is? Saeed why we brought, which he lays eggs
– Hafiz Saeed, mastermind of the 26/11 Mumbai attacks. 166 people were killed in the attack, including six Americans. India has asked Pakistan to hand him over several times.
– Not just the Mumbai attacks in India and Afghanistan clearly the hand of Hafiz Saeed but Pakistan denies it.
– The United States released a list of International Terrorist, which was also the name of Saeed. A million dollar US bounty placed on him eat. Interpol red corner notice against him was issued.

Drone/Commando Assault Upon Yemeni Compound Kills Daughter of Anwar Al-Awlaki

[Is the intentional elimination of a specific bloodline (a father and all his children and potentially, his grandchildren) a form of “genocide”?

anwar-al-awlaki

Consider the following, and the story of Anwar al-Awlaki, 1st American citizen killed by Pentagon/CIA drone.  The CNBC report at the bottom of this page relates the truth about the latest swarm of Yemen-based news reports.  This time, the vindictive drone killers went after the daughter of al-Awlaki, and even his brother-in-law.  The American raid was conducted while the Mocha battle raged, providentially providing bigger headlines than the commando/drone raids on al-Qaida.]

Times of IndiaClashes on Yemen west coast kill more than 100: Medics

The bodies of at least 90 Huthi rebels were taken to a hospital in the Red Sea city of Hodeida, which is controlled by the insurgents, while 19 dead soldiers were taken to the southern port city of Aden

Saba.netArmy kills mercenaries in Taiz

“Dozens of Saudi-paid mercenaries were killed and wounded when the army and popular forces foiled their attempt to infiltrate toward Mocha district of Taiz province overnight”

Saba.netDozens of Saudi-paid mercenaries killed in Jawf

“Dozens of Saudi-paid mercenaries were killed in a successful operation of the army and popular forces in al-Masloub district of Jawf province,”

New York TimesRenewed Fighting and Drone Strikes in Yemen Kill About 75

Gulf NewsOne US soldier dead, three injured in raid in Yemen: US military

“A local Yemeni official reported earlier that the raid left 41 suspected Al Qaeda militants and 16 civilians dead, among them eight women and eight children.”

CBC NEWSU.S. reportedly follows up Yemen commando raid with drone strike

“The officials said the pilotless plane targeted a vehicle travelling in Baihan in the province of Shabwa, in which two suspected al Qaeda members were travelling. Both men were killed.”

“A U.S. commando died and three were wounded during a dawn raid on Sunday in the rural Yakla district of central Yemen’s al-Bayda province.”

“An al-Qaeda official and an online news service linked to the terror group said the raid left about 30 people dead, including women and children.

nawar-al-awlaki Nawar al-Awlaki

Among the children killed was Anwaar, the eight-year-old daughter of Anwar al-Awlaki, a radical Yemeni-American cleric killed in a U.S. airstrike in Yemen in 2011, according to the girl’s grandfather.
Nasser al-Awlaki told The Associated Press that Anwaar was visiting her mother when the raid took place. She was shot in the neck and bled for two hours before she died, he said.”

abdulrahman

–[al-Awlaki’s American-born son, Abdulrahman al-Awlaki, was killed October 14, 2011, in another U.S. drone strike–ed.]

 

U.S. reportedly follows up Yemen commando raid with drone strike

cbc news

 

 

Among those killed in the raid was 8-year-old daughter of late U.S.-born radical al-Awlaki

A suspected U.S. drone strike killed two men believed to be al-Qaeda militants in central Yemen, local officials said early on Monday, hours after American commandos carried out the first military operation authorized by President Donald Trump.

The officials said the pilotless plane targeted a vehicle travelling in Baihan in the province of Shabwa, in which two suspected al Qaeda members were travelling. Both men were killed, they said.

Al-Qaeda has exploited a civil war in Yemen pitting the Iran-aligned Houthi movement against the Saudi-backed government of president Abd-Rabbu Mansour Hadi to recruit more followers and enhance its influence in the impoverished country.

The United States, which sees the Yemeni branch of al-Qaeda as a major threat to its regional interests, conducted dozens of drone strikes in Yemen throughout Barack Obama’s presidency.

It has acknowledged drone strikes to target militants, but declines to comment on specific attacks.

Yemen is also one of seven Muslim-majority countries subject to a controversial travel and refugee ban, said to be temporary in nature, as part of an executive order signed by president Donald Trump in his first days in the White House.

A U.S. commando died and three were wounded during a dawn raid on Sunday in the rural Yakla district of central Yemen’s al-Bayda province. The U.S. military also said that at least 14 suspected al Qaeda militants were killed.

“Americans are saddened this morning with news that a life of a heroic service member has been taken in our fight against the evil of radical Islamic terrorism,” Trump said in a statement.

“My deepest thoughts and humblest prayers are with the family of this fallen service member,” he said.

The names of the casualties were not released.

Planning for the clandestine counterterrorism raid began before Obama left office on Jan. 20, but Trump authorized the raid, according to a U.S. defence official, who was not authorized to discuss details beyond those announced by the Pentagon and so spoke on condition of anonymity.

The raid was planned as a clandestine operation and not intended to be made public, but the loss of a service member changed that, the official said, adding that no detainees were taken in the operation.

An al-Qaeda official and an online news service linked to the terror group said the raid left about 30 people dead, including women and children. Among the children killed was Anwaar, the eight-year-old daughter of Anwar al-Awlaki, a radical Yemeni-American cleric killed in a U.S. airstrike in Yemen in 2011, according to the girl’s grandfather.

Nasser al-Awlaki told The Associated Press that Anwaar was visiting her mother when the raid took place. She was shot in the neck and bled for two hours before she died, he said.

 

COMMENT FROM MR. AWLAKI’S FATHER

 

Trump’s First Brush w/Executive Orders Meets the Chaos of Reality

Jerry Markon, Emma Brown, Katherine ShaverThe Washington Post

A federal judge in New York blocked deportations nationwide late Saturday of those detained on entry to the United States after an executive order from President Donald Trump targeted citizens from seven predominantly Muslim countries.

Judge Ann Donnelly of the U.S. District Court in Brooklyn granted a request from the American Civil Liberties Union to stop the deportations after determining that the risk of injury to those detained by being returned to their home countries necessitated the decision.

Minutes after the judge’s ruling in New York, another came in Virginia when U.S. District Judge Leonie Brinkema issued a temporary restraining order to block for seven days the removal of any green-card holders being detained at Dulles International Airport. Brinkema’s action also ordered that lawyers have access to those held there because of the ban.

Trump’s order reverberated across the world Saturday, making it increasingly clear that the measure he had promised during his presidential campaign was casting a wider net than even his opponents had feared.

Confusion and concern among immigrant advocates mounted throughout the day as travelers from the Middle East were detained at U.S. airports or sent home. A lawsuit filed on behalf of two Iraqi men challenged Trump’s executive action, which was signed Friday and initially cast as applying to refugees and migrants.

But as the day progressed, administration officials confirmed that the sweeping order also targeted U.S. legal residents from the named countries – green-card holders – who were abroad when it was signed. Also subject to being barred entry into the United States are dual nationals, or people born in one of the seven countries who hold passports even from U.S. allies, such as the United Kingdom.

The virtually unprecedented measures triggered harsh reactions from not only Democrats and others who typically advocate for immigrants but also key sectors of the U.S. business community. Leading technology companies recalled scores of overseas employees and sharply criticized the president. Legal experts forecast a wave of litigation over the order, calling it unconstitutional. Canada announced it would accept asylum applications from U.S. green-card holders.

Yet Trump, who centered his campaign in part on his vow to crack down on illegal immigrants and impose what became known as his “Muslim ban,” was unbowed. As White House officials insisted that the measure strengthens national security, the president stood squarely behind it.

“It’s not a Muslim ban, but we were totally prepared,” Trump told reporters in the Oval Office. “You see it at the airports, you see it all over. It’s working out very nicely, and we’re going to have a very, very strict ban, and we’re going to have extreme vetting, which we should have had in this country for many years.”

In New York, Donnelly seemed to have little patience for the government’s arguments, which focused heavily on the fact that the two defendants named in the lawsuit had already been released.

Donnelly noted that those detained were suffering mostly from the bad fortune of traveling while the ban went into effect. “Our own government presumably approved their entry to the country,” she said at one point, noting that, had it been two days prior, those detained would have been granted admission without question.

During the hearing, ACLU attorney Lee Gelernt informed the court that he had received word of a deportation to Syria, scheduled within the hour. That prompted Donnelly to ask if the government could assure that the person would not suffer irreparable harm. Receiving no such assurance, she granted the stay to the broad group included in the ACLU’s request.

A senior Department of Homeland Security official had no comment about the rulings late Saturday and said the department was consulting with its lawyers.

The official said enforcement of the president’s order on Saturday had created minimal disruption, given that only a small number of the several hundred thousand travelers arriving at U.S. airports daily had been affected.

Nationwide, he said, 109 people had been denied entry into the United States. All had been in transit when Trump signed the order, and some had already departed the United States on flights by late Saturday while others were still being detained awaiting flights. Also, 173 people had not been allowed to board U.S.-bound planes at foreign airports.

The official said that officers doing case-by-case reviews had granted 81 waivers so far to green-card holders.

DHS began implementing the president’s order immediately after he signed it, according to the official. He declined to say whether the department had an operational plan ready at that time.

Though several congressional Republicans denounced the order, the majority remained silent, and a few voiced crucial support – including, most prominently, House Speaker Paul Ryan, R-Wis., who had rejected Trump’s anti-Muslim proposals during the campaign. “This is not a religious test, and it is not a ban on people of any religion,” Ryan said Saturday. “This order does not affect the vast majority of Muslims in the world.”

The president’s order, signed Friday, suspends admission to the United States of all refugees for 120 days and bars for 90 days the entry of any citizen from Iraq, Iran, Syria, Yemen, Sudan, Libya and Somalia. That list excludes several majority-Muslim nations – notably Turkey, the United Arab Emirates and Indonesia – where the Trump Organization, now run by the president’s adult sons, is active and which in some cases have also faced troublesome issues with terrorism.

According to the text of the order, the restriction applies to countries that have already been excluded from programs allowing people to travel to the United States without a visa because of terrorism concerns. Hewing closely to nations already named as terrorism concerns elsewhere in law might have allowed the White House to avoid angering powerful and wealthy majority-Muslim allies, such as Egypt and Saudi Arabia.

Amid widespread confusion on Saturday about how the order will be enforced, some administration officials acknowledged that its rollout had been chaotic. Officials tried to reassure travelers and their families, pointing out that green-card holders in the United States will not be affected and noting that the DHS is allowed to grant waivers to those individuals and others deemed to not pose a security threat. It can take years for someone to become a green-card holder, or lawful permanent resident authorized to permanently live and work in the country.

“If you’ve been living in the United States for 15 years and you own a business and your family is here, will you be granted a waiver? I’m assuming yes, but we are working that out,” said one official, who could not be more specific because details remained so cloudy. A senior White House official later said that waivers will be evaluated on a case-by-case basis and that green-card holders in the United States will have to meet with a consular officer before leaving the country.

But officials made clear that the federal officers detaining refugees and migrants with valid U.S. visas and restricting them from entering the country were following orders handed down by top DHS officials, at the White House’s behest.

The order drew outrage from a range of activist and advocates for Muslims, Arabs and immigrants. More than 4,000 academics from universities nationwide signed a statement of opposition and voiced concern the ban would become permanent. They described it as discriminatory and “inhumane, ineffective and un-American.”

The executive action has caused “complete chaos” and torn apart families, said Abed Ayoub, legal and policy director of the American-Arab Anti-Discrimination Committee.

At Dulles, Virginia Gov. Terry McAuliffe (D) addressed more than 100 people protesting Trump’s order. He said: “I remind everybody we are a land of immigrants. . . . Discriminatory tactics breed hatred.”

In New York, lawyers for two Iraqi men detained at John F. Kennedy International Airport – one of whom served the U.S. military mission in Iraq – filed a federal lawsuit challenging the order as unconstitutional.

One of the men, Hameed Khalid Darweesh, was released Saturday afternoon without explanation from federal officials. “This is the humanity, this is the soul of America,” he told reporters. “This is what pushed me to move, to leave my country and come here. . . . America is the land of freedom – the land of freedom, the land of the right.”

Other advocates promised further legal challenges. The Council on American-Islamic Relations (CAIR) denounced the order and said it would file a lawsuit challenging it as unconstitutional.

In a conference call with reporters, immigration lawyers and advocates said Trump’s order violated the Constitution, along with U.S. and international laws that guarantee migrants the right to apply for asylum at the border and the Immigration and Nationality Act, which forbids discrimination in the issuance of visas based on race, nationality, place of birth or place of residence.

But Mark Krikorian, executive director of the Center for Immigration Studies, which advocates for lower immigration levels, praised Trump.

“It’s a prudent measure,” he said. “It’s not the end of the world. It’s not the Statue of Liberty crying. The reaction has been hyperbolic.”

The effects of Trump’s order played out nationwide.

In Dallas, Behzad Honarjou, 43, was supposed to pick up his mother, 70-year-old Shahin Haffanpour, at the airport on Saturday. But when she arrived from Iran via Dubai, she was told that because of the executive order she would be sent back to Iran the next morning.

“I don’t know what to do,” Honarjou said. He said he was seeking an attorney to file an emergency habeas petition, but the courts were closed. Haffanpour has an immigrant’s visa issued by the U.S. Embassy in Ankara, Turkey, last year.

In Philadelphia, Sarah Assali said six relatives from Syria – two uncles, their wives and two cousins – were detained after arriving at the airport there early Saturday. Although they are Christian immigrants with valid visas to join family in this country, they were put on a plane back to Doha, Qatar, three hours later, Assali said.

She said her family members were not allowed to call or contact their family in the United States before being removed. “We don’t know what’s going to happen next.”

Philip Bump in Brooklyn, Louisa Loveluck in Beirut, and David Nakamura, Philip Rucker, Mike DeBonis, Lori Aratani, Carol Morello and Rachel Weiner in Washington contributed to this report.

Copyright © 2017, Chicago Tribune

China Ramps-Up Warnings of Trump-Instigated Conflict In S. China Seas

Donald Trump’s election as US president has increased the risk of hostilities breaking out, according to Chinese state media and analysts

China is stepping up preparedness for a possible military conflict with the US as the Donald Trump presidency has increased the risk of hostilities breaking out, state media and military observers said.

Beijing is bracing itself for a possible deterioration in Sino-US ties, with a particular emphasis on maritime security.

The People’s Liberation Army said in a commentary on its official website last Friday, the day of Trump’s inauguration, that the chances of war have become “more real” amid a more complex security situation in Asia Pacific.

The commentary written by an official at the national defence mobilisation department in the Central Military Commission said the call for a US rebalancing of its strategy in Asia, military deployments in the East and South China Seas and the instillation of a missile defence system in South Korea were hot spots getting closer to ignition.

“‘A war within the president’s term’ or ‘war breaking out tonight’ are not just slogans, they are becoming a practical reality,” it said.

The official People’s Daily said in another commentary on Sunday that China’s military would conduct exercises on the high seas regardless of foreign provocations. China’s sole aircraft carrier Liaoning passed through the narrow Taiwan Strait last month.

The commentary referred to remarks by the US secretary of state Rex Tillerson hopeful that the US should stop China’s access to artificial islands it has built in disputed areas of the South China Sea.

New White House spokesman Sean Spicer told a press conference on Monday that the US would prevent China from taking over territory in international waters in the South China Sea.

Spicer told the press “the US is going to make sure that we protect our interests there,” when asked about US President Donald Trump’s position on the South China Sea. “It’s a question of if those islands are in fact in international waters and not part of China proper, then yeah, we’re going to make sure that we defend international territories from being taken over by one country,” he said.

Foreign ministry spokeswoman Hua Chunying responded by telling the US “to be cautious in what it says and does, so as to avoid harming the peace and stability in the region.”

The Chinese military is constantly prepared for possible military conflict whoever serves as US president, but Donald Trump’s possible “extreme approach” against China was dangerous, according to analysts.

Ian Storey, a senior fellow at ISEAS-Yusof Ishak Institute in Singapore, said some of the comments from Trump’s key advisors and appointees suggest that the US may pursue a more hardline policy against Beijing in the South China Sea over the next four years

“As it’s highly unlikely that China will compromise its sovereignty claims in the face of US pressure, we can be sure that the dispute will increasingly become a risky point of contention between Beijing and Washington,” he said.

The comments come as President Xi Jinping is overseeing massive reforms within China’s military to improve its fighting capabilities. A huge reshuffle is also underway in the military’s top brass. Vice-Admiral Shen Jinlong, commander of the South Sea Fleet, is to replace retiring Admiral Wu Shengli as chief of the PLA Navy.

Meanwhile, Vice-Admiral Yuan Yubai, the former North Sea Fleet commander, has been promoted to head the Southern Theatre Command, which focuses on the South China Sea. “Promoting naval officers to command theatres is aimed at utilising them to the maximum and getting ready to win wars,” Song Zhongping, a military affairs commentator at Phoenix TV, said.

The navy has been the focus of recent developments within the PLA, with massive investment and the construction of large numbers of ships, Song said.

China is involved in other disputes beyond the South China Sea, particularly with Taiwan. Sovereignty disputes with Japan in the East China Sea and concerns over the deployment of the missile shield in South Korea are other potential flashpoints.

Russia’s knockout game in Syria

Russia’s knockout game in Syria

aljazeera

 

 

 

A series of successful wiles and meticulous manoeuvring allowed Russia to become the main architect of Syria’s future.

In the stratospheric realm of geopolitics  and fighter jets, Russia has run circles around everyone, writes Bell [Sergei Karpukhin/Reuters]In the stratospheric realm of geopolitics and fighter jets, Russia has run circles around everyone, writes Bell [Sergei Karpukhin/Reuters]

 

By @neopolitiks

 

Russia and Turkey recently concluded talks in Astana about Syria. It was a remarkable cooperation given that Turkey shot down a Russian fighter jet just over a year ago, damaging relations between the two countries.

What tactics has Russia used to manage such delicate relationships and become the main architect of the future of Syria? If we look at the past and present, we can see a successful pattern of Russian manoeuvring.

In July 2015, the commander of Iran’s elite Quds force, Qassem Soleimani, visited Moscow, after which Russia entered the Syrian war. Russia then moved towards working with the Obama administration as co-partners in developing ceasefires, an International Support Group for Syria, and a United Nations-led Geneva process. The cooperation with the US did not work; however, Russia achieved its goal of appearing an equal to the US globally.

The US entered that game without a policy on Syria, nor any weight on the ground. Former US Secretary of State John Kerry’s words and techniques were no match for the Russian investment of hardware, and he effectively played into Russia’s process.

The US has since been unceremoniously dumped by Russia in regards to Syria. Once Russia’s goal of global parity was achieved, the Americans were no longer necessary. Russia invited the Trump administration to Astana (Iran rejected the American presence), but it was clearly a Russian defined process.

Russia used the UN deftly as well. The UN, and its envoy Staffan de Mistura, provided international legitimacy, and more cover for the Russian process, although the envoy initially garnered his credibility from being backed by Russian-American co-sponsorship.

But, once the UN process was no longer needed – and Mistura was a little too critical of Bashar al-Assad’s excesses – Russia declared that he was not fulfilling his mandate, creating an excuse to sideline him. Having played the UN game, Russia could afford to shed it.

A ‘political solution’

Today, Russia wants to first achieve a ceasefire, or, as some say, a “frozen conflict” in Syria, and Turkey is the key to getting armed opposition groups to agree. This is the logic that justifies the cooperation between the two today.

However, after a ceasefire, the next step will be a “political solution” to the conflict. The key to that file is Iran, not Turkey. It is the Islamic Republic that is closest to Assad and his security system, and with the highest stakes in his fate.

Will Turkey, like the US and the UN before it, then get knocked out of the game after Russia achieves its aims of a ceasefire. Will it be left behind as Vladimir Putin clambers up the ladder of control in Syria?

Some will say that Putin is clever enough to keep Turkey in the political game, needing it as a counterweight to Iran, and having it manage the opposition. Russia will also have probably made political promises to Turkey to seal today’s cooperation deal.

Turkey may not be knocked out, but its role may be geographically circumscribed to certain parts of northern Syria. The question is, can Russia square the circle of its promises to Turkey while also dealing with Iran?

It is far from certain whether Russian wiles can outdo Persian cunning for the future of Syria.

Iran is not fully happy with the Russian-Turkish approach today, as it wants a clearer and firmer victory for Assad, but it is smart enough to bide its time. It is the power on the ground and also the key for any serious future politics.

Iran and Assad needed Russia’s air force for military victory, but political and security control on the ground is their game. Lest we forget, President Assad has his own ideas about his future and that of Syria, probably closer to Iran’s than Russia’s. The successful Russian manoeuvres meet their match with the partner that had “invited” it to the conflict in July 2015.

Russia will have tough decisions ahead: Will it be an exit from Syria, leaving an incoherent mess, a managed frozen conflict, or real change? If Russia opts for any significant political change, the situation may end up a tough and dirty tactical tug of war between Iran and Russia for years to come, each pressuring the other to bend to its will.

The wild card

However, the Middle East is never that simple. There is still a wild card left. Israel has deftly stayed out of the Syrian war until now, and has developed quiet understandings with Russia so the two don’t get in each other’s way militarily.

If Israel increases its pressure on Assad and Hezbollah – and thereby Iran – in southern Syria, that would constitute an indirect message: don’t get too confident about “victory”. Donald Trump’s more anti-Iranian stance will abet this direction. The Obama holiday is ending for Tehran.

OPINION: How far is Russia willing to go in Syria?

It is far from certain whether Russian wiles can outdo Persian cunning for the future of Syria. What is clear however is that, through Syria, Russia has achieved the perception of global parity, if not supremacy, with the US, woven itself into international legitimacy through the UN, and deflated and co-opted a rival, Turkey.

In the stratospheric realm of geopolitics – and fighter jets – Russia has run circles around everyone. However, “the ground” is controlled by fighting forces and security systems created and nurtured by Iran. There, the visitor to Moscow in July 2015 and his country may have the final say.

John Bell is director of the Middle East programme at the Toledo International Centre for Peace in Madrid. He is a former UN and Canadian diplomat, and served as political adviser to the personal representative of the UN secretary-general for southern Lebanon and adviser to the Canadian government.

The views expressed in this article are the author’s own and do not necessarily reflect Al Jazeera’s editorial policy.

3 Top Russian Cyber-Security Officials Arrested In US Related Treason Investigation

[FSB opened a criminal investigation after a hacker attack on the Russian financial sector in 2016 ; Russia Arrests Third ‘U.S. Spy’ in Cyber Treason Case]

Photo: Victor Korotaev / Kommersant

Lubyanka Consultant floating in Lefortovo

kommersant

The investigation around the CDC led to the arrest of FSB officer “Kaspersky Lab”

As the “Kommersant”, arrested a top manager, “Kaspersky Lab” Ruslan Stoyanov, head of the company to investigate cybercrime department, working closely with law enforcement agencies. According to “Kommersant”, the arrest may be linked to the investigation in respect of one of the deputy head of the Information Security Centre (CDC) of the FSB. In “Kaspersky Lab” argue that the case is not related to the company, but experts point out that it may affect the relationship of Internet business with the FSB.

Head of investigation of computer incidents “Kaspersky Lab” Ruslan Stoyanov to December 2016 is in custody in the detention center “Lefortovo”, a source told “Kommersant”, close to the FSB. The press service of “Kaspersky Lab” confirmed the arrest, adding that the investigation is not related to the company and “conducted against a private person.”

At the same time in the same case and arrested the head of one of the divisions of the FSB Sergei Mikhailov CDC, says “Kommersant” source. At the center of public relations, CDC and its own security management (SSG) of the FSB did not respond to “Kommersant” requests. To phone to Sergei Mikhailov his mobile failed line. One of his friends has confirmed that the number is not available from December. The accounts in social networks and online messengers evident that Mr. Stoyanov was last online 4 December, Mr. Mikhailov – December 5th.

The problems in the CDC, “Kommersant” said January 13 – According to unofficial information, the post may leave the head of Andrei Gerasimov units. “B” sides tied happening just with CSS FSB investigation against one of his deputies. According to them, among other things checked CDC relationships with private companies, which cooperated with the department in conducting examinations on Cybercrime.

CSS investigation conducted on suspicion of violation of Art. 275 of the Criminal Code ( “treason”), told “Kommersant” top managers and co-owners of three IT-companies and confirmed the source, close to the FSB, the former federal official, and head of one of the industry associations in the field of communication. Two of them made it clear that in the investigation to verify information on employee allegedly receiving money from the CIB one of the foreign companies by a member of a certain Russian company in the field of information security.

The situation in the CDC runs the risk of impact on cybersecurity and e-commerce markets, where participants may have to re-build the relationship with the state. Two companion “b” familiar with Sergey Mikhailov, argue that this is one of the key CDC employees who “in fact, in charge of the entire internet business in the country.” “This man, in my opinion, largely informally determines the policy throughout the industry cybersecurity and e-commerce” – confirms an old friend of Mr. Mikhailov, founder of the payment system Chronopay Paul Wroblewski. The impact, he believes events in the CDC on the industry, may be assessed only after the appearance of official data from the FSB.

Sergei Mikhailov also participates in the work of public organizations. He, in particular, is part of the Information Security cluster of the Russian Association of Electronic Communications. Cluster Coordinator and Director of Strategic Projects of the Institute of Internet Studies Irina leva told “Kommersant” that at the last meeting on December 12 Mr Mikhailov was not, though he is always present before. She calls it a “very competent” specialist, which “helps achieve understanding between Internet companies and security services.”

Department investigate computer incidents “Kaspersky Lab” in 2013 cooperated with the FSB and MVD within the cyber crime analysis and expert support of criminal cases in the field of cybersecurity. Ruslan Stoyanov to 2006 he worked in the management of special technical activities of the Moscow police ( “K” control). Other department staff also come from the management of the “K”, as well as of the Investigative Committee of Russia, previously reported in the company. “Ruslan Stoyanov is known as a man who knows how to build informal contacts I think that.” Kaspersky Lab “after the incident, think about the need to distance themselves from law enforcement agencies and to build a more formal relationship with the FSB”, – said the chief editor Andrei Soldatov Agentura.ru. FSB, according to him, in any case, and will continue to actively cooperate with the company in the investigation of cyber crime, because “nowhere to go – from” Kaspersky Lab “the best expertise.”

Maria Kolomychenko

%d bloggers like this: