STATE DEPARTMENT RELEASES UKRAINE DOCUMENTS

On Friday evening, the State Department released nearly 100 pages of records in response to American Oversight’s lawsuit seeking a range of documents related to the Trump administration’s dealings with Ukraine.

Among other records, the production includes emails that confirm multiple contacts in March of 2019 between Secretary of State Mike Pompeo and Trump lawyer Rudy Giuliani, at least one of which was facilitated by President Trump’s assistant Madeleine Westerhout.

American Oversight is reviewing the production to assess whether the State Department has fully complied with the court’s order. Notes on what we’ve found are below.

You can download the documents here. They are also available below.

 

Statement from American Oversight Executive Director Austin Evers

“We can see why Mike Pompeo has refused to release this information to Congress. It reveals a clear paper trail from Rudy Giuliani to the Oval Office to Secretary Pompeo to facilitate Giuliani’s smear campaign against a U.S. ambassador.

“This is just the first round of disclosures. The evidence is only going to get worse for the administration as its stonewall strategy collapses in the face of court orders.

“That American Oversight could obtain these documents establishes that there is no legal basis for the administration to withhold them from Congress. That conclusively shows that the administration is engaged in obstruction of justice. The president and his allies should ask themselves if impeachment for obstruction is worth it if the strategy isn’t even going to be effective.

“This lawsuit is just one of several American Oversight is pursuing to bring transparency to the Ukraine investigation. The public should expect more disclosures, over the administration’s strong objection, for the foreseeable future.”

 

In the Documents

New: The documents show a March 26, 2019, call between Rudy Giuliani and Mike Pompeo. (Page 39 of document)

A March 28, 2019, email includes a list of scheduled calls for Pompeo. Calls include Rudy Giuliani on March 29, and Rep. Devin Nunes on April 1, 2019.

On March 27, 2019, Rudy Giuliani’s assistant contacted Madeleine Westerhout, who was serving as the president’s Oval Office gatekeeper at the time. She asked Westerhout for a “good number” for Pompeo, adding that she had “been trying and getting nowhere through regular channels.” Westerhout contacted someone at the State Department to ask for a number she could provide. (Page 55)

During his closed-door testimony, career diplomat David Hale mentioned two calls between Pompeo and Giuliani, one on March 28, 2019, and one on March 29. The documents include a March 28 email to Hale indicating that Pompeo had been the one to request a call with Giuliani. (Page 45)

The March 29 call appears on page 46, and the confirmation of its scheduling is on page 44.

Also in the documents: An April 5 letter to the State Department from six former U.S. ambassadors to Ukraine (including Bill Taylor), expressing their concern about the attacks on U.S. Ambassador to Ukraine Marie Yovanovitch. (Page 13)

On April 12, 2019, Reps. Steny Hoyer and Eliot Engel wrote to Pompeo, also expressing their concern (page 28). The State Department responded on June 11, saying “Yovanovitch was due to complete her three-year diplomatic assignment in Kyiv this summer.” (Page 34)

Note: The State Department did not produce a formal directive recalling Yovanovitch or a formal readout of Trump’s July 25 call with Zelensky. Both of these were covered by the court’s production order.

Part of Investigation:

Select a tag below to see a full list of related documents

Topic
Areas of Investigation
Jurisdiction
Entity
FOIA ID #
Case #

FBI Counterintelligence Note Warns About Chinese Talent Programs

FBI Counterintelligence Note Warns About Chinese Talent Programs

 

Chinese Talent Programs are a vital part of Chinese industry. Talent programs recruit experts to fill technical jobs that drive innovation and growth in China’s economy. National, provincial, and municipal talent recruitment programs provide opportunities for experts to work in industry and academic organizations supporting key areas deemed critical to China’s development. The talent programs recruit experts globally from businesses, industry, and universities with multiple incentives to work in China. Associating with these talent programs is legal and breaks no laws; however, individuals who agree to the Chinese terms must understand what is and is not legal under US law when sharing information. A simple download of intellectual property (IP) or proprietary information has the potential to become criminal activity.

(U//FOUO) The large number of foreign students, researchers, scientists, and professionals in the United States, combined with current technological capabilities, allows foreign governments to contact and recruit individuals with the hopes to acquire advanced technology without research costs. While the majority of the population are law abiding individuals, anyone has the capability to acquire information. The theft of information can come from current or former employees, business partners, consultants, contractors, temporary hires, foreign agents, suppliers, or even vendors who have access to proprietary information.

(U) Recruiting these individuals allows China to:

  • (U//FOUO) Gain access to research and expertise for cutting edge technology
  • (U//FOUO) Benefit from years of scientific research conducted in the United States supported by US Government grants and private funding
  • (U//FOUO) Severely impact the US economy.

(U) The goal of this SPIN is to provide an overview of the potential threats posed by the Chinese Talent Programs.

(U) THOUSAND TALENTS PROGRAM

(U//FOUO) China’s most prominent national talent recruitment program is the “Recruitment Program of Global Experts,” which is commonly known as the Thousand Talents Program. It focuses on identifying key national-level organizations and associ-ated personnel involved in implementation and management.

(U) Its goal is to recruit ethnic Chinese experts from Western universities, research cen-ters, and private companies to boost China’s national capabilities in the science and technology (S&T) fields and to move China forward as an innovative nation. The pro-gram also implemented sub-programs for both young and foreign (non-ethnic Chinese) experts.

(U//FOUO) Originally, this program had a five-to-ten year goal of recruiting 2,000 profes-sionals worldwide who could lead innovation and pioneering work in key technologies, and promote the development of emerging industries. However, this program expanded its scope — recruiting far more than the initial goal of 2,000 individuals — and extended its life through at least 2020.

(U) In order to be eligible as a candidate for the Thousand Talents Program, an individual must be in a field of study the Chi-nese Academy of Science (CAS) deems critical or meet the following criteria:

  • (U) Expert or scholar with full professorship in a prestigious foreign university or research and development (R&D) insti-tute
  • (U) Technical managerial professional in a senior position at an internationally known company or financial institution
  • (U) Entrepreneur holding IP rights or key technologies and possesses overseas experience

(U) THREAT TO US BUSINESS AND UNIVERSITIES

(U//FOUO) Chinese Talent Programs pose a serious threat to US businesses and universities through economic espionage and theft of IP. The different programs focus on specific fields deemed critical to China, to boost China’s national capability in S&T fields. These subject mat-ter experts often are not required to sign non-disclosure agreements with US entities, which could result in lost of unprotected information that jeopardizes contracts or research funding. One of the greatest threats toward these experts is transferring or transporting proprietary, classified, or export-controlled information, or IP, which can lead to criminal charges.

(U//FOUO) The threat not only targets businesses or universities but potentially targets the researchers or scientists themselves. The technology researched or developed not only costs millions of dollars but costs years, if not decades to develop. Additionally, the theft of informa-tion or IP creates a risk that someone else could take credit for the researcher’s efforts. The information stolen can be recreated, resold or claimed by others, which in turn will cost the originator creditability and potential funding for future endeavors.

(U) Theft of intellectual property is an increasing threat to organizations and can go unnoticed for months or even years. In today’s society, technology affords easier access to every aspect of academia and business. Some of these tools have become effective for recruiting, such as social media. Social media websites often display large amounts of personal data, such as who an individual works for, phone numbers, known associates, previous jobs, and locations. Additionally, websites like LinkedIn have full resumes, detailing the history of an individual’s achievements and accomplishments.

(U) The FBI assesses each year the United States loses billions of dollars due to technology transfer. While it is important to conduct collaborative research, it is vital for the survival of US businesses and universities that they protect their information and mitigate lost or stolen in-formation.

TOP-SECRET – Iran Making Nuclear Weapons Report

TOP-SECRET – Iran Making Nuclear Weapons Report

1. This report of the Director General to the Board of Governors and, in parallel, to the Security Council, is on the implementation of the NPT Safeguards Agreement and relevant provisions of Security Council resolutions in the Islamic Republic of Iran (Iran).

G. Possible Military Dimensions

38. Previous reports by the Director General have identified outstanding issues related to possible military dimensions to Iran’s nuclear programme and actions required of Iran to resolve these. Since 2002, the Agency has become increasingly concerned about the possible existence in Iran of undisclosed nuclear related activities involving military related organizations, including activities related to the development of a nuclear payload for a missile, about which the Agency has regularly received new information.

39. The Board of Governors has called on Iran on a number of occasions to engage with the Agency on the resolution of all outstanding issues in order to exclude the existence of possible military dimensions to Iran’s nuclear programme. In resolution 1929 (2010), the Security Council reaffirmed Iran’s obligations to take the steps required by the Board of Governors in its resolutions GOV/2006/14 and GOV/2009/82, and to cooperate fully with the Agency on all outstanding issues, particularly those which give rise to concerns about the possible military dimensions to Iran’s nuclear programme, including by providing access without delay to all sites, equipment, persons and documents requested by the Agency. Since August 2008, Iran has not engaged with the Agency in any substantive way on this matter.

40. The Director General, in his opening remarks to the Board of Governors on 12 September 2011, stated that in the near future he hoped to set out in greater detail the basis for the Agency’s concerns so that all Member States would be kept fully informed. In line with that statement, the Annex to this report provides a detailed analysis of the information available to the Agency to date which has given rise to concerns about possible military dimensions to Iran’s nuclear programme.

41. The analysis itself is based on a structured and systematic approach to information analysis which the Agency uses in its evaluation of safeguards implementation in all States with comprehensive safeguards agreements in force. This approach involves, inter alia, the identification of indicators of the existence or development of the processes associated with nuclear-related activities, including weaponization.

42. The information which serves as the basis for the Agency’s analysis and concerns, as identified in the Annex, is assessed by the Agency to be, overall, credible. The information comes from a wide variety of independent sources, including from a number of Member States, from the Agency’s own efforts and from information provided by Iran itself. It is consistent in terms of technical content, individuals and organizations involved, and time frames.

43. The information indicates that Iran has carried out the following activities that are relevant to the development of a nuclear explosive device:

• Efforts, some successful, to procure nuclear related and dual use equipment and materials by military related individuals and entities (Annex, Sections C.1 and C.2);
• Efforts to develop undeclared pathways for the production of nuclear material (Annex, Section C.3);
• The acquisition of nuclear weapons development information and documentation from a clandestine nuclear supply network (Annex, Section C.4); and
• Work on the development of an indigenous design of a nuclear weapon including the testing of components (Annex, Sections C.5–C.12).

44. While some of the activities identified in the Annex have civilian as well as military applications, others are specific to nuclear weapons.

45. The information indicates that prior to the end of 2003 the above activities took place under a structured programme. There are also indications that some activities relevant to the development of a nuclear explosive device continued after 2003, and that some may still be ongoing.

Escalating Tensions Between the United States and Iran Pose Potential Threats to the United States

Escalating Tensions Between the United States and Iran Pose Potential Threats to the United States

 

 

The Joint Intelligence Bulletin (JIB) is planned to help bureaucratic, state, nearby, innate, and regional counterterrorism, digital, and law implementation authorities, and private segment accomplices, to viably stop, forestall, appropriate, or react to episodes, deadly tasks, or fear based oppressor assaults in the United States that could be led by or for the benefit of the Government of Iran (GOI) if the GOI were to see activities of the United States Government (USG) as demonstrations of war or existential dangers to the Iranian system. The GOI could act straightforwardly or enroll the participation of intermediaries and accomplices, for example, Lebanese Hizballah. The FBI, DHS, and NCTC had evaluated any active retaliatory assault would initially happen abroad. In the occasion the GOI were to decide to direct a Homeland assault, potential targets and strategies for assault in the Homeland could run from digital activities, to focused deaths of people considered dangers to the Iranian system, to damage of open or private foundation, including US army installations, oil and gas offices, and open tourist spots. USG activities may likewise incite vicious radical supporters of the GOI to submit assaults in retaliation, with next to zero notice, against US-based Iranian protesters, Jewish, Israeli, and Saudi people and interests, and USG faculty.

(U//FOUO) Immediate Response in Homeland Could Take Form of Cyber Operations

(U//FOUO) The FBI, DHS, and NCTC survey a prompt GOI reaction in the Homeland could appear as endeavored digital activities against USG offices and systems, including US military frameworks, and basic private part works, given that such tasks could be endeavored by Iran-based digital entertainers without the need of building up a US nearness. The US Intelligence Community has evaluated that Iran keeps on getting ready for digital assaults against the United States and partners. It is fit for causing confined, impermanent problematic impacts during a digital assault on unfortunate casualty systems. Verifiably, Iran has demonstrated the capacity to complete troublesome and ruinous digital assaults against open and private business systems, for example, expanded dispersed forswearing of-administration (DDoS) battles and information erasure assaults.

(U//FOUO) Iran speaks to a digital secret activities and assault risk, utilizing progressively refined digital methods and endeavoring to convey digital abilities that would empower assaults against basic foundation in the United States. Tehran’s general hazard math for a digital reaction likely will change dependent on the US strike, which Iranian pioneers have vocally depicted as escalatory, and hostile digital activities are probably going to be considered as retaliatory alternatives. Malignant action and observation may not really happen from Iranian Internet Protocol (IP) space, as on-screen characters may utilize midpoint framework in different nations. All things considered, traffic from Iranian IP locations may not be demonstrative of malignant movement. The FBI, DHS, and NCTC stress great digital cleanliness, for example, fixing frameworks and instructing work force to make preparations for generally utilized digital entertainer procedures, for example, social building and lance phishing.

(U//FOUO) Potential for GOI-Directed Lethal Attacks in the Homeland

(U//FOUO) as of late, the USG has captured a few people following up in the interest of either the GOI or Lebanese Hizballah who have directed reconnaissance demonstrative of possibility making arrangements for deadly assaults in the United States against offices and people.

» (U//FOUO) A specialist of the GOI captured in 2018 had led observation of Hillel CenterUSPER and Rohr Chabad CenterUSPER, Jewish establishments situated in Chicago, including shooting the security highlights encompassing the Chabad Center.

» (U//FOUO) Three Lebanese Hizballah External Security Organization (ESO) agents captured somewhere in the range of 2017 and 2019 had directed reconnaissance of US military and law implementation offices, basic foundation, private segment scenes, and open tourist spots in New York City, Boston, and Washington, DC.

(U//FOUO) The GOI likewise has a background marked by directing deaths and death endeavors against people in the United States it regards a danger to the Iranian system. The GOI killed the US-based previous representative for the Shah of the Iran in 1980 and plotted to kill the Saudi Arabian envoy to the United States in 2011. In August 2018, the USG captured two people for going about as operators of the GOI by directing incognito reconnaissance of Iranian protesters in New York City and Washington, DC, and the previously mentioned security highlights of Jewish offices in Chicago.

 

Website Defacement Activity Indicators of Compromise and Techniques Used to Disseminate Pro-Iranian Messages

Website Defacement Activity Indicators of Compromise and Techniques Used to Disseminate Pro-Iranian Messages

Following a week ago’s US airstrikes against Iranian military initiative, the FBI watched expanded revealing of site ruination movement spreading Pro-Iranian messages. The FBI accepts a few of the site disfigurement were the consequence of digital on-screen characters misusing realized vulnerabilities in content administration frameworks (CMSs) to transfer ruination documents. The FBI exhorts associations and individuals worried about Iranian digital focusing on be acquainted with the markers, strategies, and procedures gave in this FLASH, just as strategies and methods gave in as of late spread Private Industry Notification “Notice on Iranian Cyber Tactics and Techniques” (20200109-001, 9 January 2020).

Specialized Details:

The FBI recognized malevolent on-screen characters utilizing known vulnerabilities in CMSs to transfer ruination pictures onto injured individual sites. The FBI trusts one on-screen character utilized realized vulnerabilities permitting remote execution by means of treat and remote establishment. The FBI likewise distinguished that one of the records utilized in a destruction was presented on a site where the server facilitating the undermined site was designed so outer clients could direct HTTP POSTs. The FBI watched the utilization of a HTTP PUT direction to transfer a destruction document to an injured individual server.

The FBI notes various on-screen characters directed site mutilation movement with genius Iranian messages. Accordingly, the IP locations and procedures utilized will change. The FBI distinguished the underneath groupings of destruction movement.

One lot of mutilation action utilized the beneath record:

Filename MD5

Default.aspx

87b3b80bb214c0f5cfa20771dd6625f2

The accompanying connections, contact data, and strings were remembered for a disfigurement record:

http://yon%5B.%5Dir/6YL2X

https://t%5B.%5Dme/ZetaTech_iR2

https://instagram%5B.%5Dcom/Mrb3hz4d

hackedbymrb3hz4d(at)gmail[.]com

The accompanying IP addresses are related with the on-screen character connected to the disfigurement action with the above referenced connections, contact data, and strings:

IP Address

83.123.83[.]61

196.64.50[.]13

A second arrangement of destruction movement was distinguished utilizing the underneath record:

Filename

hardrevenge11.html

The FBI takes note of the above mutilation picture was transferred by means of a HTTP PUT order. The accompanying IP address is related with the on-screen character connected to this arrangement of ruination action:

IP Address

2.182.188[.]39

A third arrangement of mutilation action was distinguished utilizing the underneath IP address:

IP Address

212.92.114[.]228

The FBI notes for this mutilation action, the on-screen character had the option to direct a HTTP POST of a document utilized in a destruction.

Best Practices for Network Security and Defense:

Utilize customary updates to applications and the host working framework to guarantee insurance against known vulnerabilities.

Set up, and reinforcement disconnected, a “known decent” adaptation of the pertinent server and an ordinary change-the board arrangement to empower checking for modifications to servable substance with a document honesty framework.

Utilize client input approval to confine nearby and remote record incorporation vulnerabilities.

Execute a least-benefits approach on the Webserver to:

o Reduce foes’ capacity to raise benefits or turn horizontally to different hosts.

o Control creation and execution of records specifically catalogs.

If not effectively present, consider sending a peaceful area (DMZ) between the Web-confronting frameworks and corporate system. Constraining the communication and logging traffic between the two gives a technique to recognize conceivable noxious movement.

Guarantee a protected arrangement of Webservers. Every single pointless assistance and ports ought to be incapacitated or blocked. Every essential assistance and ports ought to be confined where plausible. This can incorporate whitelisting or blocking outside access to organization boards and not utilizing default login qualifications.

Utilize a switch intermediary or elective support of limit available URL ways to known authentic ones.

Direct customary framework and application weakness sweeps to build up regions of hazard. While this strategy doesn’t secure against multi day assaults, it will feature potential zones of concern.

Convey a Web application firewall, and direct ordinary infection signature checks, application fluffing, code audits, and server arrange examination.