BERND PULCH.ORG – THE HARDER THEY COME THE HARDER THEY FALL -THE INDEPENDENT VOICE OF FREEDOM – NO MORE FAIRY TALES – NO GATES OR SOROS FUNDING – NO PROJECT SYNDICATE – SCHLUSS MIT MÄRCHENSTUNDE – Kein Relotius – Keine Hitler-Tagebücher – Keine Peanuts – Great Reset, Build Back Better, TOXDAT, STASI Liste, STASI Schläfer Liste, KGB Liste, BDVP Liste, DDR POLIZEI Liste, GOMOPA4KIDS-Pädophilen-Netzwerk, GOMOPA Opfer Liste, GOMOPA Täter, NO FAIRY TALES – No Relotius – No Hitler Diaries – No Peanuts – Great Reset – Build Back Better – TOXDAT, STASI List, STASI SLEEPER List, KGB List, BDVP List, STASI Names A-Z, DDR-EAST GERMAN POLICE List, Offshore List, WEF Lists, Leaks Lists, GOMOPA4KIDS-Pedophiles-Network, GOMOPA Victims List, GOMOPA Offender Names, Stalin, Berija, Mao, Xi, Kim, Pol Pot, Putin, Erich Mielke, Ehrenfried Stelzer, Jochen Resch, Alexander Schalck-Golodkowski, Kim Philby, Wolfgang Schnur, IM Erika, Gregor Gysi, Gerhard Schroeder, Matthias Warnig, Friedhelm Laschütza, Angela Merkel, William Borm, Udo Albrecht, Gerhard Baumann, Gert Caden, Andreas Lorch, Anette Lorch, Britta Lorch, Catrin Lorch, Hermann Simm, Mischa Wolf, Peter Ehlers, Axel Hilpert, Thomas Promny, Jan Mucha, Klaus Croissant, Isabell Colonius, Sven Schmidt / Eagle IT, Gerd Löffler, Detlev K. Manthey, Dieter Feuerstein, Klaus-Dieter Maururg, Beate & Thomas Porten, Sonja Lüneburg, Rainer Rupp, Christel & Günter Guillaume – The One And Only Website With The License To Spy !
DDOsecrets reports: “250 gigabytes hacked from the Metropolitan D.C. police by the ransomware group known as Babuk. The data includes a 156.35 gigabyte “gang database” (released by the hackers as “all”) and two 64.19 gigabyte (released by the hackers as “HR”) and 29.03 gigabyte (released by the hackers as “part 2”) human resource datasets.
Distributed Denial of Secrets is immediately making the data available to journalists and researchers, and is in the process of reviewing it for portions that can be publicly released.
The hackers released the following screenshots (click to view enlarged versions) showing what they had access to and what is presumably contained in the data that is being released. The screenshots are offered to maintain a complete record and to offer a preliminary overview to journalists, researchers and curious citizens.
Distributed Denial of Secrets has located and converted 74,874 emails from the largely inaccessible .PST format to the universal .EML format, which are being made available to the public. The most recent collection of emails can be downloaded here. The emails come from the lead civilian analyst for the Department’s Intelligence Branch.
Some email conversions are also being provided directly to journalists and researchers.This includes 17,690 emails from the Director of Human Resources as well as 6,022 emails from then-intern Marvin “Ben” Haiman, now the Executive Director of the Professional Development Bureau and former Director for the Homeland Security Advisory Council for DHS.
The 98,586 emails are organized by archive, retain their original folder structure and are organized chronologically. Due to the way the emails were extracted and converted, they may not pass DKIM inspection. Forensic evaluation should only be performed on the original archives, as the conversions are provided only for convenience of journalists and other researchers.
THIS IS AN EXCERPT – YOU CAN DOWNLOAD THE FULL DOCUMENT AND MANY MORE FOR FREE AT OUR TELEGRAM CHANNEL
Ghaleb Alaumary, a 36-year-old dual U.S and Canadian citizen, worked for cyber criminals including the three North Koreans who heisted as much 1.3 billion dollars in a cybercrime spree believed to be executed on behalf of North Korean intelligence.Among the victims of the spree was a major Maltese bank, the Bank of Valletta, which was robbed of $14 million in 2019. To turn that cash into usable currency, the hackers turned to Alaumary.
“Alaumary recruited and organized individuals to withdraw stolen cash from ATMs; he provided bank accounts that received funds from bank cyber-heists and fraud schemes; and, once the ill-gotten funds were in accounts he controlled, Alaumary further laundered the funds through wire transfers, cash withdrawals, and by exchanging the funds for cryptocurrency,” the DOJ explained.
The North Korean spree employed other high-profile money launderers, including the Nigerian social media influencer Ramon “Hushpuppi” Abbas.
Before working with the North Koreans, Alaumary was implicated as an accomplice in the theft of $9.4 million from Canada’s McEwan University.
According to the DOJ, Alaumary worked with others to convince the university that they represented a construction company who had been involved in a major building project at the school, ultimately defrauding the school into wiring the team millions.
In addition to the jail time, Alaumary has also been ordered to pay more than $30 million to his victims in restitution.
“Other victims of Alaumary’s crimes included banks headquartered in India, Pakistan and Malta, as well as companies in the United States and U.K., individuals in the United States and a professional soccer club in the U.K.,” the DOJ said.
Become a Patron! True Information is the most valuable resource and we ask you to give back.
This executive order announced publicly acknowledged measures taken by the Obama administration in response to Russia’s alleged involvement in the hacking of Democratic National Committee and other computer systems. The annex identifies the entities targeted by the measures – including the Russian security service (FSB) and military intelligence (GRU).
Become a Patron! True Information is the most valuable resource and we ask you to give back.
Documents have revealed how a cyber attack could be carried out against western nations by Iran. The secret research sets out details on how to attack various targets including sinking a cargo ship or blowing up a fuel pump at a petrol station.
It’s believed the documents were put together by a cyber unit in the Islamic Revolutionary Guard Corps.
Become a Patron! True Information is the most valuable resource and we ask you to give back.
Assistant Defence Minister Andrew Hastie says it’s a “very sound development” that 30 nations came together and “named and shamed” China for cyber attacks on Microsoft.
This comes after Western world allies including Australia, the United States and Japan joined forces to directly blame the communist superpower for a major cyber attack on Microsoft software. The attack exploited weaknesses in Microsoft Exchange software which impacted thousands of computers and networks across the world.
“I think it’s a very sound development that we’ve named and shamed China behind these hacks – because it’s got to stop,” Mr Hastie told Sky News host Peta Credlin. “We have boundaries in our normal everyday relationships and so too have boundaries on the international stage. “And this is 30 nations saying to China ‘enough is enough – no more’.”
Become a Patron! True Information is the most valuable resource and we ask you to give back.
The Australian government, along with allies, has accused China of a major cyber attack on Microsoft software. It is alleged Chinese state-sponsored hackers compromised 400,000 servers across the world, including in Australia.
The Australian’s Chris Griffith told Sky News these attacks are becoming more prevalent and critical around the world. “It’s hard to pinpoint exactly if the state (China) is explicitly involved in it, or it is encouraging it, or if it is tacitly approving it,” he said. “In the last year we have seen the ramping up of cyber activity to a level we haven’t seen before. “It’s getting to a critical stage.”
Become a Patron! True Information is the most valuable resource and we ask you to give back.
Colonial Pipeline, supplier of 45% of East Coast fuel, was paralyzed in February by DarkSide ransomware attack.
In response to the Colonial Pipeline event attributed to the ransomware group DarkSide, the Biden Administration has announced an all-of-government effort to mitigate potential energy supply disruptions. On top of temporary actions to relieve fuel shortages, agencies such as the FBI and CISA have released advisory documents to “help [critical infrastructure] owners and operators improve their entity’s functional resilience by reducing their vulnerability to ransomware.”
In addition, President Biden signed an Executive Order designed broadly to “improve the nation’s cybersecurity,” although experts are already questioning whether the anticipated measures could have prevented any of the recent serious cyber events such as SolarWinds or Colonial Pipeline.
Become a Patron! True Information is the most valuable resource and we ask you to give back
Glenn S. Gerstell SPEECH | April 9, 2018
By some accounts, Russian meddling in the US election system may have originated from the depths of a hot dog cart. It’s a success story, of sorts.
In the early 1990s, an enterprising hot dog vendor in Russia seized upon the entrepreneurial opportunities created by the collapse of the Soviet Union to start his own catering company. He eventually grew his business enough to win lucrative catering contracts with the Russian government. He and his restaurants threw opulent banquets for Kremlin officials, earning him the nickname “Putin’s Cook.” Yevgeny Prigozhin’s company even won a contract in 2011 to deliver school lunches across Moscow, but children wouldn’t eat the food, complaining that it smelled rotten. Bad publicity ensued. Prigozhin’s company responded not by upgrading the food, but by hiring people to flood the internet with postings praising the food and rejecting complaints. Presumably, they found it cheaper to use the internet to write fake reviews than to fund deluxe hot dogs for schoolchildren.
Become a Patron! True Information is the most valuable resource and we ask you to give back.
The European Financial Position, EBA, said it has become the latest casualty of a digital assault, which Microsoft said a week ago was organized by Chinese government operatives.
The EBA said that it accepts no information was extricated from the assault on its Microsoft Trade Workers, and that it has now gotten its email foundation.
Become a Patron! True Information is the most valuable resource and we ask you to give back.
Some like the notorious “Gomopa & Co. ” are doing it already in the aftermath of the Stasi’s affection for surveillance and computers but now UN officials warn that many criminal syndicates turn to cybercrime.
COVID-19 transformed the global economy. While governments fought over scarce medical supplies, much of the world’s population sat at home. As workplaces stood unattended and malls lay empty, the massive resulting increase in internet traffic brought with it an inevitable explosion in illegal online activity.
Become a Patron! True Information is the most valuable resource and we ask you to give back.
Hallo Herr Pulch,
KGB-Spion Jochen Resch war 1989 monatelang in Moskau, einerseits aus Angst andererseits, um seine neue Rolle vorzubereiten. Dann hat er mit Stasi-Oberst Ehrenfried Stelzer die deutsch-russische Gesellschaft gegründet und parallel dazu Gomopa den Financial Intelligence Service, Intelligence steht für Geheimdienst wie Insider genauestens bestätigen können. Anschließend wurde Stelzer Reschs Strohmann bei der DIA und Maurischat Reschs Strohmann bei Gomopa.
Der Luca-Brasi-Brutalo der Gomopa hat keinerlei Bildung, ist wie “eine Flasche leer”, kann kein Englisch und keine Orthographie und ist leicht lenkbar für seinen Führungsoffizier Resch.
Become a Patron! True Information is the most valuable resource and we ask you to give back.
Page Count: 4 pages Date: September 3, 2020 Restriction: For Official Use Only Originating Organization: Cyber Mission Center, Office of Intelligence and Analysis, Department of Homeland Security File Type: pdf File Size: 167,819 bytes File Hash (SHA-256): CD0E044E731342D57AB13DCBB9C8B56D2D5A6295D1E51F6409461D1CAB55C61A
Become a Patron! True Information is the most valuable resource and we ask you to give back.
“Roman Davydov”, Foto aus dem slowakischen Visumantrag.
Am 23. August 2019 wurde Zelimkhan Khangoshvili, ein georgischer Asylbewerber tschetschenischer Herkunft, auf dem Rückweg vom Freitagsmoscheeservice in einem Park in der Nähe des Berliner Kleiner Tiergartens ermordet. Der Mörder war von der deutschen Polizei gefangen genommen worden, nachdem er mit dem Fahrrad vom Tatort weggelaufen war und zwei Teenager gesehen hatten, wie er seine Perücke, Kleidung und seinen Schalldämpfer in die Spree entsorgt hatte. Er ist seitdem in Haft und hat Unschuld behauptet. In unseren früheren gemeinsamen Ermittlungen mit Der Spiegel und The Insider (Russland) haben wir den Mörder – der unter der gefälschten Identität von Vadim Sokolov (49) reiste – als Vadim Krasikov (54) identifiziert Mindestens zwei Auftragsmorde: 2007 in Karelien und 2013 in Moskau. Für diese Morde wurde er von den russischen Behörden auf einer Interpol Red Notice gesucht – bis er 2015 plötzlich fallen gelassen wurde. Wir haben letztendlich herausgefunden, dass das Attentat vom russischen FSB, der staatlichen Sicherheitsbehörde, geplant und organisiert wurde. Die Vorbereitung des Mordes wurde direkt von hochrangigen Mitgliedern einer Veteranenstiftung ehemaliger Spetsnaz-Offiziere der Eliteeinheit FSB Vympel überwacht. Wir konnten jedoch nachweisen, dass der FSB direkt an der Planung und Unterstützung der Operation beteiligt war, da wir die wiederholte Anwesenheit des Mörders in den FSB Spetznaz-Schulungseinrichtungen in den Monaten vor seiner Reise unter einer von der Regierung ausgestellten Deckungsidentität geolokalisieren konnten im August 2019 nach Deutschland.
Become a Patron! True Information is the most valuable resource and we ask you to give back.
Am 5. Mai 2020 berichteten deutsche Medien, dass die deutsche Bundesanwaltschaft einen Haftbefehl gegen den russischen Staatsbürger Dmitry Badin erlassen hat, den Hauptverdächtigen beim Hacking des Deutschen Bundestages im Jahr 2015.
Become a Patron! True Information is the most valuable resource and we ask you to give back
Following a week ago’s US airstrikes against Iranian military initiative, the FBI watched expanded revealing of site ruination movement spreading Pro-Iranian messages. The FBI accepts a few of the site disfigurement were the consequence of digital on-screen characters misusing realized vulnerabilities in content administration frameworks (CMSs) to transfer ruination documents. The FBI exhorts associations and individuals worried about Iranian digital focusing on be acquainted with the markers, strategies, and procedures gave in this FLASH, just as strategies and methods gave in as of late spread Private Industry Notification “Notice on Iranian Cyber Tactics and Techniques” (20200109-001, 9 January 2020).
Become a Patron! True Information is the most valuable resource and we ask you to give back.
The FBI has watched digital entertainers bypassing multifaceted verification through normal social building and specialized assaults. This Stick clarifies these techniques and offers relief procedures for associations and elements utilizing multifaceted confirmation in their security endeavors. Multifaceted validation keeps on being a solid and compelling safety effort to secure online records, as long as clients play it safe to guarantee they don’t succumb to these assaults.
Multifaceted validation is the utilization of an assortment of strategies to affirm a client’s personality rather than just utilizing a username and secret phrase. Regularly this sort of verification utilizes an optional token which changes after some time to give a one-time password, yet numerous organizations currently utilize biometrics or social data, for example, time of day, geolocation, or IP address—as a type of validation.
Danger Diagram
FBI detailing distinguished a few strategies digital on-screen characters use to go around prevalent multifaceted verification systems so as to acquire the one-time password and access ensured accounts. The essential techniques are social building assaults which assault the clients and specialized assaults which target web code.
In 2019 a US banking establishment was focused by a digital assailant who had the option to exploit a blemish in the bank’s site to evade the two-factor confirmation actualized to ensure accounts. The digital assailant signed in with taken injured individual accreditations and, when arriving at the optional page where the client would typically need to enter a Stick and answer a security question, the aggressor entered a controlled string into the Internet URL setting the PC as one perceived on the record. This enabled him to sidestep the Stick and security question pages and start wire moves
from the exploited people’s records.
In 2016 clients of a US banking establishment were focused by a digital assailant who ported their telephone numbers to a telephone he possessed—an assault called SIM swapping. The aggressor considered the telephone organizations’ client care delegates, discovering some who were all the more ready to give him data to finish the SIM swap. When the aggressor had command over the clients’ telephone numbers, he called the bank to demand a wire move from the unfortunate casualties’ records to another record he possessed. The bank,
perceiving the telephone number as having a place with the client, didn’t request full security questions yet mentioned a one-time code sent to the telephone number from which he was calling. He additionally mentioned to change PINs and passwords and had the option to connect unfortunate casualties’ charge card numbers to a versatile installment application.
Through the span of 2018 and 2019, the FBI’s Web Wrongdoing Grievance Center and FBI unfortunate casualty grumblings watched the above assault—SIM swapping—as a typical strategy from digital culprits trying to go around two-factor validation. Casualties of these assaults have had their telephone numbers taken, their financial balances depleted, and their passwords and PINs changed. A large number of these assaults depend on socially building client care agents for significant telephone organizations, who offer data to the assailants.
In February 2019 a digital security master at the RSA Gathering in San Francisco, exhibited a huge assortment of plans and assaults digital on-screen characters could use to dodge multifaceted validation. The security master exhibited ongoing instances of how digital entertainers could utilize man-in-the-center assaults and session capturing to block the traffic between a client and a site to lead these assaults and keep up access for whatever length of time that conceivable. He likewise showed social building assaults, including phishing plans or fake instant messages implying to be a bank or other help to make a client sign into a phony site and surrender their private data.
At the June 2019 Hack-in-the-Crate gathering in Amsterdam, digital security specialists exhibited a couple of devices—Muraena and NecroBrowser—which worked pair to robotize a phishing plan against clients of multifaceted confirmation. The Muraena instrument captures traffic between a client and an objective site where they are mentioned to enter login qualifications and a token code not surprisingly. When validated, NecroBrowser stores the information for the casualties of this assault and seizes the session treat, permitting digital on-screen characters to sign into these private records, take them over, and change client passwords and recuperation email addresses while keeping up access as far as might be feasible.
Moderation Systems
Guarding against multifaceted confirmation assaults requires consciousness of the assaults which evade the security and consistent watchfulness for social designing assaults.
Instruct clients and heads to distinguish social building deceit—how to perceive counterfeit sites, not tap on maverick connections in email, or square those connections altogether—and show them how to deal with basic social designing strategies.
Consider utilizing extra or progressively complex types of multifaceted validation for clients and overseers, for example, biometrics or conduct verification strategies, however this may add burden to these clients.
Become a Patron! True Information is the most valuable resource and we ask you to give back.
The FBI has identified successful spearphishing campaigns directed at college and university students, especially during periods when financial aid funds are disbursed in large volumes. In general, the spearphishing emails request students’ login credentials for the University’s internal intranet. The cyber criminals then capture students’ login credentials, and after gaining access, change the students’ direct deposit destination to bank accounts within the threat actor’s control.
Threat
In February 2018, the FBI received notification of a spearphishing campaign targeting students at an identified University in the south eastern United States. The campaign occurred in January 2018 when an unidentified number of students attending the University received an email requesting their login credentials for the University’s internal intranet. Using the University’s intranet portal, the cyber criminals accessed a third-party vendor that manages the disbursement of financial aid to students and changed the direct deposit information for 21 identified students to bank accounts under the cyber criminal’s control. The threat actor stole approximately $75,000 from the 21 students. The student accounts were accessed by at least 13 identified US Internet Protocol (IP) addresses.
On 31 August 2018, the Department of Education identified a similar spearphishing campaign targeting multiple institutions of higher education. In this campaign, the cyber criminals sent students an email inviting them to view and confirm their updated billing statement by logging into the school’s student portal. After gaining access, the cyber criminals changed the students’ direct deposit destinations to bank accounts under the threat actor’s control.
The nature of the spearphishing emails indicates the cyber criminals conducted reconnaissance of the target institutions and understand the schools’ use of student portals and third-party vendors for processing student loan payment information. In addition, the timing of the campaigns indicates the cyber criminals almost certainly launched these campaigns to coincide with periods when financial aid funds are disseminated in large volumes.
Recommendations
The FBI recommends providers implement the preventative measures listed below to help secure their systems from attacks:
Notify all students of the phishing attempts and encourage them to be extra vigilant
Implement two-factor authentication for access to sensitive systems and information
Monitor student login attempts from unusual IP addresses and other anomalous activity
Educate students on appropriate preventative and reactive actions to known criminal schemes and social engineering threats
Apply extra scrutiny to e-mail messages with links or attachments directed toward students
Apply extra scrutiny to bank information initiated by the students seeking to update or change direct deposit credentials
Direct students to forward any suspicious requests for personal information to the information technology or security department
Become a Patron! True Information is the most valuable resource and we ask you to give back.
Executive Summary
The National Cyber and Information Security Agency, registered office at Mučednická 1125/31, 616 00 Brno, pursuant to §12 paragraph 1 of the Act No. 181/2014 Coll. on Cyber Security and Change of Related Acts (Act on Cyber Security), as amended, issues this
w a r n i n g :
The use of technical or program tools of the following companies, including their subsidiary companies, poses a threat to the cyber security.
– Huawei Technologies Co., Ltd., Shenzhen, People’s Republic of China
– ZTE Corporation, Shenzhen, People’s Republic of China
R E A S O N I N G
1) On the basis of the facts found during the execution of its competence, the National Cyber and Information Security Agency (hereinafter referred to as “NCISA”) has found that the use of the technical or program tools of the aforementioned companies poses a threat to the cyber security and therefore, pursuant to §12 paragraph 1 of the Act on Cyber Security, issues this warning.
2) NCISA’s competence to issue this warning is embedded within the provisions of §22, b), of the Act on Cyber Security, which empowers it to issue measures. Pursuant to §11 paragraph 2 of the Act on Cyber Security, these measures also include a warning under §12 of the Act on Cyber Security.
3) This warning has been issued based on the following findings.
4) The legal and political environment of the People’s Republic of China (“PRC”) in which the companies primarily operate and whose laws are required to comply with, requires private companies to cooperate in meeting the interests of the PRC, including participation in intelligence activities etc. At the same time, these companies usually do not refrain from such cooperation with the state; in this environment, efforts to protect customers’ interests at the expense of the interests of the PRC are significantly reduced. According to available information, there is an organizational and personal link between these companies and the state. Therefore, this raises concerns that the interests of the PRC may be prioritized over the interests of the users of these companies’ technologies.
5) The PRC actively promotes its interests in the territory of the Czech Republic, including a conduct of influence and espionage intelligence activities (see, for example, Security Information Service Annual Report for 2017).
6) The security community’s findings on the activities of these companies in the Czech Republic and around the world, which are available to NCISA, raise reasonable concerns about the existence of potential risks in using the technical or program tools they provide to their customers in order to support the interests of the PRC.
7) The technical and program tools of the aforementioned companies are being supplied to the information and communication systems that are or may be of strategic importance from the national security standpoint. Disruption of information security, i.e. disruption of the availability, integrity, or confidentiality of information in such information and communication systems can have a significant impact on the security of the Czech Republic and its interests.
8) These facts, in their entirety, lead to reasonable concerns about possible security risks in the use of these companies’ technologies. The degree of potential risk due to the possible impact of information security breaches on information and communication systems relevant to the state is not negligible.
9) NCISA points out that the authorities or persons required to implement security measures under the Act on Cyber Security in connection with risk management pursuant to §5 paragraph 1 h) article 3 of the Decree No. 82/2018 Coll. on Security Measures, Cyber Security Incidents, Reactive Measures, Cyber Security and Data Disposal Submission Requirements (Cyber Security Regulation) in risk assessment and risk management plan shall take into account measures pursuant to §11 of the Act on Cyber Security. One of these measures is also a warning pursuant to §12 of the Act on Cyber Security.
10) NCISA points out that the authorities or persons required to implement security measures under the Act on Cyber Security in connection with risk management pursuant to §4 paragraph 1 c) and paragraph 2 c) of the Decree No. 316/2014 Coll. on Security Measures, Cyber Security Incidents, Reactive Measures, and Cyber Security Submission Requirements (Cyber Security Regulation) shall take into account threats and vulnerabilities. With regard to the transitional provision in §35 of the Decree No. 82/2018 Coll. on Security Measures, Cyber Security Incidents, Reactive Measures, Cyber Security and Data Disposal Submission Requirements (Cyber Security Regulation), these are the administrators and operators of the Critical Information Infrastructure information systems and the administrators and operators of the Critical Information Infrastructure communication systems, in case these systems were designated before May 28, 2018, as well as the administrators and operators of important information systems that met the criteria before May 28, 2018.
11) NCISA further points out that, pursuant to §4 paragraph 4 of the Act on Cyber Security, the authorities and persons referred to in §3 c) to f) of the Act on Cyber Security are required to take into account requirements arising from security measures during the selection of a supplier for their information or communication system, and include these requirements in a contract concluded with the supplier. Taking into account the requirements arising from security measures under the first sentence to the extent necessary to meet the obligations under the Act on Cyber Security cannot be considered an unlawful restriction of competition or an unjustified obstacle to competition.
Become a Patron! True Information is the most valuable resource and we ask you to give back.
DEPARTMENT OF HOMELAND SECURITY
(U//FOUO) DHS Final Decision on Removal of Kaspersky-Branded Products
The following assessment was included in court filings made by Kaspersky in their case against the U.S. Government for banning the use of Kaspersky products.
Financial Decision on Binding Operational Directive 17-01, Removal of Kaspersky-Branded Products
Page Count: 25 pages
Date: December 4, 2017
Restriction: For Official Use Only
Originating Organization: Department of Homeland Security, Office of Cybersecurity and Communications
BOD 17-01 requires all federal executive branch departments and agencies to (1) identify the use or presence of “Kaspersky-branded products” on all federal information systems within 30 days of BOD issuance (i.e., by October 13); (2) develop and provide to DHS a detailed plan of action to remove and discontinue present and future use of all Kaspersky-branded products within 60 days of BOD issuance (i.e., by November 12); and (3) begin to implement the plan of action at 90 days after BOD issuance (i.e., December 12), unless directed otherwise by DHS in light of new information obtained by DHS, including but not limited to new information submitted by Kaspersky.
The Secretary of Homeland Security is authorized to issue BODs, in consultation with the Director of the Office of Management and Budget, for the purpose of safeguarding federal information and information systems from a known or reasonably suspected information security threat, vulnerability, or risk. I recommended issuing the BOD in the Information Memorandum, and the rationale for issuance of the BOD was summarized in your Decision Memorandum. As described further below, your decision to issue BOD 17-01 was based on three interrelated concerns that rested on expert judgments concerning national security: the broad access to files and elevated privileges of anti-virus software, including Kaspersky software; ties between Kaspersky officials and Russian government agencies; and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting between Kaspersky operations in Russia and Kaspersky customers, including U.S. government customers. Because of these interrelated concerns, you determined that Kaspersky-branded products present a “known or reasonably suspected information security threat, vulnerability, or risk.” In addition, you found that these risks exist regardless of whether Kaspersky-branded products have ever been exploited for malicious purposes. The BOD is a tool for protecting federal information and information systems from any “known or reasonably suspected information security threat, vulnerability, or risk,” and the Department’s authority to issue it does not depend on whether Kaspersky-branded products have been exploited by the Russian Government or Kaspersky to date.
…
BRG evaluated specific Kaspersky products according to the following objectives:
(1) To evaluate whether it is feasible for an intelligence agency to passively monitor and decrypt traffic between users of Kaspersky-branded products and the Kaspersky Security Network (“KSN”), a cloud-based network that receives and analyzes information about possible threats from installed Kaspersky software;
(2) To determine whether turning KSN off ― or using the Kaspersky Private Security Network (“KPSN”) ― can reliably prevent potentially sensitive data from being transmitted inadvertently to Kaspersky; and
(3) To evaluate whether a malicious actor leveraging KSN can conduct targeted searches of Kaspersky users for specific information.
As explained in the NCCIC Supplemental Assessment, the BRG analysis not only is largely unresponsive to DHS’s security concerns, but also supports DHS’s concerns in certain areas. For example, on objective (1), BRG analyzed only to the security of the connection between the antivirus software and the KSN; BRG did not address the security of communications within the KSN or between KSN and Kaspersky’s non-KSN IT infrastructure, such as Kaspersky offices and datacenters. BRG also evaluated the potential for “passive” interception of communications by intelligence agencies, but DHS is concerned about “active” operations involving access by Russian intelligence to Kaspersky offices and servers in Russia, as discussed in Section III.A.4 below and Part III.E of the Information Memorandum.
…
3. Kaspersky Ties to the Russian Government
In the Information Memorandum, I described certain ties, past and present, between Kaspersky officials and Russian government agencies. Kaspersky concedes key aspects of this account, such as Eugene Kaspersky’s former studies at an institute overseen by the KGB and other state institutions and his service as a software engineer at a Ministry of Defense institute. It also admits that its officials might have “acquaintances, friends, and professional relationships within the [Russian] government,” although Kaspersky states that, “in itself,” does not mean that these connections were or are “inappropriate” or “improper.” Furthermore, Kaspersky does not deny various connections to Russian intelligence described in the Information Memorandum, including that Eugene Kaspersky has saunas with a group that usually includes Russian intelligence officials; that Kaspersky’s Chief Legal Officer Igor Chekunov manages a team of specialists who provide technical support to the FSB and other Russian agencies; that the team can gather identifying information from individual computers; and that this technology has been used to aid the FSB in investigations
…
Professor Maggs makes a number of significant conclusions. Specifically, Professor Maggs
concludes that:
(a) Russian law requires FSB bodies to carry out their activities in collaboration with various entities in Russia, including private enterprises, and thus including Kaspersky.
(b) Private enterprises, including Kaspersky, are under a legal obligation to assist FSB bodies in the execution of the duties assigned to FSB bodies, including counterintelligence and intelligence activity.
(c) Russian law permits FSB service personnel to be seconded to private enterprises, including Kaspersky, with the consent of the head of the enterprise and with the FSB personnel remaining in FSB military service status during the secondment.
(d) Kaspersky qualifies as an “organizer of the dissemination of information on the Internet” and, as such, is required (1) to store in Russia and provide to authorized state bodies, including the FSB, metadata currently and content as of July 1, 2018; and, based on this or other laws, (2) to install equipment and software that enables the FSB and potentially other state authorities to monitor all data transmissions between Kaspersky’s computers in Russia and Kaspersky customers, including U.S. government customers.
Become a Patron! True Information is the most valuable resource and we ask you to give back.
DEPARTMENT OF HOMELAND SECURITY Department of Homeland Security Cybersecurity Strategy 2018 May 20, 2018
U.S. Department of Homeland Security Cybersecurity Strategy Page Count: 35 pages Date: May 15, 2018 Restriction: None Originating Organization: Department of Homeland Security File Type: pdf File Size: 278,548 bytes File Hash (SHA-256): 65DED01F461679F5028AFE8C2B0FE08CBFE0EE17BD530F4815D12EF738FB3656
Download File below
The American people are increasingly dependent upon the Internet for daily conveniences, critical services, and economic prosperity. Substantial growth in Internet access and networked devices has facilitated widespread opportunities and innovation. This extraordinary level of connectivity, however, has also introduced progressively greater cyber risks for the United States. Long-standing threats are evolving as nation-states, terrorists, individual criminals, transnational criminal organizations, and other malicious actors move their activities into the digital world. Enabling the delivery of essential services—such as electricity, finance, transportation, water, and health care—through cyberspace also introduces new vulnerabilities and opens the door to potentially catastrophic consequences from cyber incidents. The growing number of Internet-connected devices and reliance on global supply chains further complicates the national and international risk picture. More than ever, cybersecurity is a matter of homeland security and one of the core missions of the U.S. Department of Homeland Security (DHS).
At DHS, we believe that cyberspace can be secure and resilient. We work every day across the Department and with key partners and stakeholders to identify and manage national cybersecurity risks. We do this by adopting a holistic risk management approach. Like every organization, no matter how big or small, we must minimize our organizational vulnerability to malicious cyber activity by protecting our own networks. DHS also has broader responsibilities to protect the larger federal enterprise and improve the security and resilience of other critical systems. At the same time, we seek to reduce cyber threats by preventing and disrupting cyber crimes, and to lessen the consequences of cyber incidents by ensuring an effective federal response when appropriate. Finally, we work to create conditions for more effective cyber risk management through efforts to make the cyber ecosystem more fundamentally secure and resilient. This strategy sets forth our goals, objectives, and priorities to successfully execute the full range of the Secretary of Homeland Security’s cybersecurity responsibilities.
…
During the last several decades, advances in technology have fundamentally changed the world. Substantial growth in Internet access, use of Internet-enabled devices, and the availability of high speed information technology systems and large datasets have facilitated productivity, efficiencies, and capabilities across all major industries. The proliferation of technology also presents new cybersecurity challenges and leads to significant national risks. More than 20 billion devices are expected to be connected to the Internet by 2020. The risks introduced by the growing number and variety of such devices are substantial.
The United States faces threats from a growing set of sophisticated malicious actors who seek to exploit cyberspace. Motivations include espionage, political and ideological interests, and financial gain. Nation-states continue to present a considerable cyber threat. But non-state actors are emerging with capabilities that match those of sophisticated nation-states. Criminal actors are increasingly empowered by modern information and communications technologies that enable them to grow in sophistication and transnational reach. Transnational criminal organizations also increasingly collaborate through cyberspace. Complicating the threat picture, nation-states are increasingly using proxies and other techniques that blur the distinction between state and non-state cyber activities. In a number of cases, malicious actors engaged in significant criminal cyber activity appear to have both criminal and nation-state affiliations.
These diverse threats can impact federal and nonfederal information systems. Attempted incursions into government networks occur on a daily basis; the number of cyber incidents on federal systems reported to DHS increased more than ten-fold between 2006 and 2015. In 2015, a high-profile intrusion into a single federal agency resulted in the compromise of personnel records of over 4 million federal employees and ultimately affected nearly 22 million people. The growing interconnection of cyber and physical systems within critical infrastructure also creates the potential risk for malicious cyber activity to result in direct physical consequences; for example, the December 2015 overriding of controls in the Ukrainian electric grid resulted in widespread loss of power. Ransomware incidents such as WannaCry and NotPetya demonstrate how the rapid growth of the internet-of-things further complicates the threat as everyday devices can be targeted by malicious cyber actors with potentially far-reaching consequences.
…
Guiding Principles
DHS advances our mission and will accomplish our cybersecurity goals by aligning departmental activities according to the following guiding principles:
Risk prioritization. The foremost responsibility of DHS is to safeguard the American people and we must prioritize our efforts to focus on systemic risks and the greatest cybersecurity threats and vulnerabilities faced by the American people and our homeland.
Cost-effectiveness. Cyberspace is highly complex and DHS efforts to increase cybersecurity must be continuously evaluated and reprioritized to ensure the best results for investments made.
Innovation and agility. Cyberspace is an evolving domain with emergent risks. Although the proliferation of technology leads to new risks, it also provides an opportunity for innovation. DHS must lead by example in researching, developing, adapting, and employing cutting-edge cybersecurity capabilities and remain agile in its efforts to keep up with evolving threats and technologies.
Collaboration. The growth and development of the Internet has been primarily driven by the private sector and the security of cyberspace is an inherently cross-cutting challenge. To accomplish our cybersecurity goals, we must work in a collaborative manner across our Components and with other federal and nonfederal partners.
Global approach. Robust international engagement and collaboration is required to accomplish our national cybersecurity goals. DHS must engage internationally to manage global cyber risks, respond to worldwide incidents, and disrupt growing transnational cyber threats as well as encourage other nations and foreign entities to adopt the policies necessary to create an open, interoperable, secure, and reliable Internet.
Balanced equities. Cyberspace empowers people and enables prosperity worldwide. Cybersecurity is not an end unto itself, and efforts to mitigate cybersecurity risks must also support international commerce, strengthen international security, and foster free expression and innovation.
National values. DHS must uphold privacy, civil rights, and civil liberties in accordance with applicable law and policy. The Department empowers our cybersecurity programs to succeed by integrating privacy protections from the outset and employing a layered approach to privacy and civil liberties oversight.
Become a Patron! True Information is the most valuable resource and we ask you to give back.
Cyberspace operations (CO) is the employment of cyberspace capabilities where the primary purpose is to achieve objectives in or through cyberspace.
This publication focuses on military operations in and through cyberspace; explains the relationships and responsibilities of the Joint Staff (JS), combatant commands (CCMDs), United States Cyber Command (USCYBERCOM), the Service cyberspace component (SCC) commands, and combat support agencies; and establishes a framework for the employment of cyberspace forces and capabilities.
The Nature of Cyberspace Relationship with the Physical Domains.
Cyberspace, while part of the information environment, is dependent on the physical domains of air, land, maritime, and space.
CO use links and nodes located in the physical domains and perform logical functions to create effects first in cyberspace and then, as needed, in the physical domains. Actions in cyberspace, through carefully controlled cascading effects, can enable freedom of action for activities in the physical domains.
Cyberspace Layer Model. To assist in the planning and execution of CO, cyberspace can be described in terms of three interrelated layers: physical network, logical network, and cyberpersona. Department of Defense (DOD) Cyberspace. The Department of Defense information network (DODIN) is the set of information capabilities and associated processes for collecting, processing, storing, disseminating, and managing information on-demand to warfighters, policy makers, and support personnel, whether interconnected or stand-alone, including owned and leased communications and computing systems and services, software (including applications), data, security services, other associated services, and national security systems.
Connectivity and Access. Gaining access to operationally useful areas of cyberspace, including targets within them, is affected by legal, policy, or operational limitations. For all of these reasons, access is not guaranteed. Additionally, achieving a commander’s objectives can be significantly complicated by specific elements of cyberspace being used by enemies, adversaries, allies, neutral parties, and other United States Government (USG) departments and agencies, all at the same time.
The operational environment (OE) is a composite of the conditions, circumstances, and influences that affect the employment of capabilities and impact the decisions of the commander assigned responsibility for it. The information environment permeates the physical domains and therefore exists in any OE. The information environment is the aggregate of individuals, organizations, and systems that collect, process, disseminate, or act on information.
Given that cyberspace is wholly contained within the information environment and the chief purpose of information operations (IO) is to create effects in the information environment, there is significant interdependency between IO and CO.
Integrating Cyberspace Operations with Other Operations
During joint planning, cyberspace capabilities are integrated into the joint force commander’s (JFC’s) plans and synchronized with other operations across the range of military operations. While not the norm, some military objectives can be achieved by CO alone. Commanders conduct CO to obtain or retain freedom of maneuver in cyberspace, accomplish JFC objectives, deny freedom of action to the threat, and enable other operational activities.
Cyberspace Operations Forces
Commander, United States Cyber Command (CDRUSCYBERCOM), commands a preponderance of the cyberspace forces that are not retained by the Services. USCYBERCOM accomplishes its missions within three primary lines of operation: secure, operate, and defend the DODIN; defend the nation from attack in cyberspace; and provide cyberspace support as required to combatant commanders (CCDRs). The Services man, train, and equip cyberspace units and provide them to USCYBERCOM through the SCCs.
Challenges to the Joint Force’s Use of Cyberspace
Threats. Cyberspace presents the JFC’s operations with many threats, from nation-states to individual actors to accidents and natural hazards. Anonymity and Difficulties with Attribution. To initiate an appropriate defensive response, attribution of threats in cyberspace is crucial for any actions external to the defended cyberspace beyond authorized self-defense.
Geography Challenges. In cyberspace, there is no stateless maneuver space. Therefore, when US military forces maneuver in foreign cyberspace, mission and policy requirements may require they maneuver clandestinely without the knowledge of the state where the infrastructure is located.
Technology Challenges. Using a cyberspace capability that relies on exploitation of technical vulnerabilities in the target may reveal its functionality and compromise the capability’s effectiveness for future missions.
Private Industry and Public Infrastructure. Many of DOD’s critical functions and operations rely on contracted commercial assets, including Internet service providers (ISPs) and global supply chains, over which DOD and its forces have no direct authority.
Globalization. The combination of DOD’s global operations with its reliance on cyberspace and associated technologies means DOD often procures mission-essential information technology products and services from foreign vendors.
Mitigations. DOD partners with the defense industrial base (DIB) to increase the security of information about DOD programs residing on or transiting DIB unclassified networks.
Become a Patron! True Information is the most valuable resource and we ask you to give back.
An unidentified cyber actor in mid-March 2018 used GrandCrab Version 2 ransomware to attack a State of Connecticut municipality network and a state judicial branch network, according to DHS reporting derived from a state law enforcement official with direct and indirect access. The municipality did not pay the ransom, resulting in the encryption of multiple servers that affected some data backups and the loss of tax payment information and assessor data. The attack against the state judicial branch resulted in the infection of numerous computers, but minimal content encryption, according to the same DHS report.
(U//FOUO) The unidentified cyber actor introduced the ransomware used against the judicial branch network through a vendor server/host; the ransomware then harvested cached credentials of high-level privileged accounts, according to the same DHS report. The actor then used the credentials to access two servers on the network and propagate the malware via server message block (SMB). Connecticut state cybersecurity officials were able to block the ransomware’s communication with external infrastructure, which prevented the encryption of additional hosts and data loss, according to the same DHS report.
(U) GandCrab Malware
(U) Released in late January 2018, GandCrab, also called “GrandCrab,” is a ransomware variant distributed by exploit kits that requires communication with the ransomware’s command-and-control (C2) server to encrypt files of an infected computer, according to an online technical support site. The developers of GandCrab recently upgraded the original version after Romanian police and BitDefender mitigated infections by recovering its decryption keys, according to a separate article from the same online technical support site. As of 6 March 2018, no free decryption key is available to victims of GandCrab version 2. GandCrab uses NameCoin’s .BIT as its top-level domain (TLD); therefore, variants of the ransomware using the .BIT TLD must also use a domain name server that supports .BIT, according to the same online technical support site. Upon infection, GandCrab will attempt to query the ransomware’s C2 servers on the .BIT domain to establish communication. GandCrab will not encrypt a host’s content with the .CRAB extension if communication is not established with the C2 server, according to the same online technical support site.
Become a Patron! True Information is the most valuable resource and we ask you to give back.
Goals for a Common Approach to Threat Frameworks
Following a common approach helps to:
• Establish a shared ontology and enhance information-sharing since it is easier to maintain mapping of multiple models to a common reference than directly to each other
• Characterize and categorize threat activity in a straightforward way that can support missions ranging from strategic decision-making to analysis and cybersecurity measures and users from generalists to technical experts
• Support common situational awareness across organizations
Key Attributes and Goals in Building a Cyber Threat Framework
• Incorporate a hierarchical/layered perspective that allows a focus on a level detail appropriate to the audience while maintaining linkage and traceability of data
• Employ Structured and documented categories with explicitly defined terms and labels (lexicon)
• Focus on empirical/sensor-derived ‘objective’ data
• Accommodate a wide variety of data sources, threat actors and activity
• Provide as a foundation for analysis and decision-making
The Common Cyber Threat Framework
• Since 2012, the Office of the DNI has worked with interagency partners to build and refine The Common Cyber Threat Framework reflecting these key attributes and goals
• The Common Cyber Threat Framework is not intended to displace or replace an organization’s existing model which is tailored to its specific mission and requirements; rather, it is intended to:
Serve as a viable Universal Translator (a cyber Esperanto or Rosetta Stone) facilitating efficient and possibly automated exchange of data and insight across models once each has been mapped to it and the mappings shared
Provide a Starting Point featuring a simple threat model and value-neutral concepts. It can be customized for any organization as needed—and any deviations from the common approach are readily apparent, facilitating mapping and data exchange.
Become a Patron! True Information is the most valuable resource and we ask you to give back.
In March 2018, an identified financial services corporation received a thumb drive infected with the bank credential-stealing Qakbot malware variant, targeting information from networked computers and financial institution web sites. The financial services corporation purchased bulk thumb drives from a US online retailer of computer hardware. The thumb drives were originally manufactured in China. According to FBI forensic analysis, the Qakbot malware was on the infected thumb drive before the drive arrived in the United States. Qakbot is extremely persistent and requires removal of all malware from every device. Failure to remove even one node of malware may result in re-infecting previously sanitized systems possibly costing the victim hundreds of thousands of dollars in malware removal and system downtime.
Threat
Qakbot is an information stealing worm—originally discovered in 2007 with a major update in 2017—that propagates through removable drives, network shares, and Web pages. The most common vector of intrusion for Qakbot is malicious attachments to phishing emails. Once executed, Qakbot spreads to other shared folders and uses Server Message Block (SMB) protocol to infect other machines. Qakbot has keylogging capabilities, and is able to propagate across network environments through a single instance within that network. It is capable of remaining on a device through the use of registry keys and by scheduling recurring tasks to run at timed intervals. Every device connected to the network and every piece of removable media which has been attached needs to be scanned for the malware and cleaned of the infection before it can be reconnected. The most recent updates in 2017 allows Qakbot to lock users out of the active directory, preventing them from being able to work. It also deploys malicious executables into network shares, registering them as services.
Cyber actors have the capability to infect devices with malware at nearly any point in the manufacturing process. The FBI has historically seen cases of infection with malware capable of stealing credentials, gathering data on the users of a computer or network, dropping other types of malware, and serving as a “backdoor” into a secure network. It is difficult to know at which point the malware infection occurred or whether the infection was intentional, due to the international nature of hardware manufacturing.
Recommendations
To mitigate the threat of a potentially infected thumb drive, the following measures should be taken at a minimum:
Ensure the use of approved, trusted vendors for hardware purchases.
Scan all hardware, especially removable storage media, on an external system prior to its insertion into a network environment.
For signature-based intrusion detection systems, ensure that the hash value for known Qakbot variants are included. The MD5 value for the variant identified in this PIN was: ff0e3ec80faafd04c9a8b375be77c6b6. This hash value can change, so be prepared to use other advanced detection systems.
Users should protect themselves and organizations by practicing good browsing habits, ensuring they do not respond to or click on unsolicited email, and to not plug unknown USB devices into their workstations.
If you don’t have the expertise to properly handle or identify potential cyber threats please seek out an expert who can provide the expertise needed to secure your organization.
Become a Patron! True Information is the most valuable resource and we ask you to give back.
A Common Cyber Threat Framework: A Foundation for Communication
Page Count: 11 pages Date: July 18, 2018 Restriction: None Originating Organization: Office of the Director of National Intelligence File Type: pdf File Size: 508,077 bytes File Hash (SHA-256):E8C62419D5DA3ED97F1429864F6D0A39708D23913F5D09303097A435ACC8DBAA
• Establish a shared ontology and enhance information-sharing since it is easier to maintain mapping of multiple models to a common reference than directly to each other
• Characterize and categorize threat activity in a straightforward way that can support missions ranging from strategic decision-making to analysis and cybersecurity measures and users from generalists to technical experts
• Support common situational awareness across organizations
Key Attributes and Goals in Building a Cyber Threat Framework
• Incorporate a hierarchical/layered perspective that allows a focus on a level detail appropriate to the audience while maintaining linkage and traceability of data
• Employ Structured and documented categories with explicitly defined terms and labels (lexicon)
• Focus on empirical/sensor-derived ‘objective’ data
• Accommodate a wide variety of data sources, threat actors and activity
• Provide as a foundation for analysis and decision-making
The Common Cyber Threat Framework
• Since 2012, the Office of the DNI has worked with interagency partners to build and refine The Common Cyber Threat Framework reflecting these key attributes and goals
• The Common Cyber Threat Framework is not intended to displace or replace an organization’s existing model which is tailored to its specific mission and requirements; rather, it is intended to:
Serve as a viable Universal Translator (a cyber Esperanto or Rosetta Stone) facilitating efficient and possibly automated exchange of data and insight across models once each has been mapped to it and the mappings shared
Provide a Starting Point featuring a simple threat model and value-neutral concepts. It can be customized for any organization as needed—and any deviations from the common approach are readily apparent, facilitating mapping and data exchange.
Become a Patron! True Information is the most valuable resource and we ask you to give back.
Unidentified Cyber Actor Attacks State and Local Government Networks with GrandCrab Ransomware
Page Count: 3 pages Date: June 4, 2018 Restriction: For Official Use Only Originating Organization: Department of Homeland Security, Office of Intelligence and Analysis File Type: pdf File Size: 272,001 bytes File Hash (SHA-256):33D7903C899000F32FEF462130E8D9081F204EE41EB620B813A2E654F54415E5
(U//FOUO) An unidentified cyber actor in mid-March 2018 used GrandCrab Version 2 ransomware to attack a State of Connecticut municipality network and a state judicial branch network, according to DHS reporting derived from a state law enforcement official with direct and indirect access. The municipality did not pay the ransom, resulting in the encryption of multiple servers that affected some data backups and the loss of tax payment information and assessor data. The attack against the state judicial branch resulted in the infection of numerous computers, but minimal content encryption, according to the same DHS report.
(U//FOUO) The unidentified cyber actor introduced the ransomware used against the judicial branch network through a vendor server/host; the ransomware then harvested cached credentials of high-level privileged accounts, according to the same DHS report. The actor then used the credentials to access two servers on the network and propagate the malware via server message block (SMB). Connecticut state cybersecurity officials were able to block the ransomware’s communication with external infrastructure, which prevented the encryption of additional hosts and data loss, according to the same DHS report.
(U) GandCrab Malware
(U) Released in late January 2018, GandCrab, also called “GrandCrab,” is a ransomware variant distributed by exploit kits that requires communication with the ransomware’s command-and-control (C2) server to encrypt files of an infected computer, according to an online technical support site. The developers of GandCrab recently upgraded the original version after Romanian police and BitDefender mitigated infections by recovering its decryption keys, according to a separate article from the same online technical support site. As of 6 March 2018, no free decryption key is available to victims of GandCrab version 2. GandCrab uses NameCoin’s .BIT as its top-level domain (TLD); therefore, variants of the ransomware using the .BIT TLD must also use a domain name server that supports .BIT, according to the same online technical support site. Upon infection, GandCrab will attempt to query the ransomware’s C2 servers on the .BIT domain to establish communication. GandCrab will not encrypt a host’s content with the .CRAB extension if communication is not established with the C2 server, according to the same online technical support site.
The American people are increasingly dependent upon the Internet for daily conveniences, critical services, and economic prosperity. Substantial growth in Internet access and networked devices has facilitated widespread opportunities and innovation. This extraordinary level of connectivity, however, has also introduced progressively greater cyber risks for the United States. Long-standing threats are evolving as nation-states, terrorists, individual criminals, transnational criminal organizations, and other malicious actors move their activities into the digital world. Enabling the delivery of essential services—such as electricity, finance, transportation, water, and health care—through cyberspace also introduces new vulnerabilities and opens the door to potentially catastrophic consequences from cyber incidents. The growing number of Internet-connected devices and reliance on global supply chains further complicates the national and international risk picture. More than ever, cybersecurity is a matter of homeland security and one of the core missions of the U.S. Department of Homeland Security (DHS).
At DHS, we believe that cyberspace can be secure and resilient. We work every day across the Department and with key partners and stakeholders to identify and manage national cybersecurity risks. We do this by adopting a holistic risk management approach. Like every organization, no matter how big or small, we must minimize our organizational vulnerability to malicious cyber activity by protecting our own networks. DHS also has broader responsibilities to protect the larger federal enterprise and improve the security and resilience of other critical systems. At the same time, we seek to reduce cyber threats by preventing and disrupting cyber crimes, and to lessen the consequences of cyber incidents by ensuring an effective federal response when appropriate. Finally, we work to create conditions for more effective cyber risk management through efforts to make the cyber ecosystem more fundamentally secure and resilient. This strategy sets forth our goals, objectives, and priorities to successfully execute the full range of the Secretary of Homeland Security’s cybersecurity responsibilities.
…
During the last several decades, advances in technology have fundamentally changed the world. Substantial growth in Internet access, use of Internet-enabled devices, and the availability of high speed information technology systems and large datasets have facilitated productivity, efficiencies, and capabilities across all major industries. The proliferation of technology also presents new cybersecurity challenges and leads to significant national risks. More than 20 billion devices are expected to be connected to the Internet by 2020. The risks introduced by the growing number and variety of such devices are substantial.
The United States faces threats from a growing set of sophisticated malicious actors who seek to exploit cyberspace. Motivations include espionage, political and ideological interests, and financial gain. Nation-states continue to present a considerable cyber threat. But non-state actors are emerging with capabilities that match those of sophisticated nation-states. Criminal actors are increasingly empowered by modern information and communications technologies that enable them to grow in sophistication and transnational reach. Transnational criminal organizations also increasingly collaborate through cyberspace. Complicating the threat picture, nation-states are increasingly using proxies and other techniques that blur the distinction between state and non-state cyber activities. In a number of cases, malicious actors engaged in significant criminal cyber activity appear to have both criminal and nation-state affiliations.
These diverse threats can impact federal and nonfederal information systems. Attempted incursions into government networks occur on a daily basis; the number of cyber incidents on federal systems reported to DHS increased more than ten-fold between 2006 and 2015. In 2015, a high-profile intrusion into a single federal agency resulted in the compromise of personnel records of over 4 million federal employees and ultimately affected nearly 22 million people. The growing interconnection of cyber and physical systems within critical infrastructure also creates the potential risk for malicious cyber activity to result in direct physical consequences; for example, the December 2015 overriding of controls in the Ukrainian electric grid resulted in widespread loss of power. Ransomware incidents such as WannaCry and NotPetya demonstrate how the rapid growth of the internet-of-things further complicates the threat as everyday devices can be targeted by malicious cyber actors with potentially far-reaching consequences.
…
Guiding Principles
DHS advances our mission and will accomplish our cybersecurity goals by aligning departmental activities according to the following guiding principles:
1. Risk prioritization. The foremost responsibility of DHS is to safeguard the American people and we must prioritize our efforts to focus on systemic risks and the greatest cybersecurity threats and vulnerabilities faced by the American people and our homeland.
2. Cost-effectiveness. Cyberspace is highly complex and DHS efforts to increase cybersecurity must be continuously evaluated and reprioritized to ensure the best results for investments made.
3. Innovation and agility. Cyberspace is an evolving domain with emergent risks. Although the proliferation of technology leads to new risks, it also provides an opportunity for innovation. DHS must lead by example in researching, developing, adapting, and employing cutting-edge cybersecurity capabilities and remain agile in its efforts to keep up with evolving threats and technologies.
4. Collaboration. The growth and development of the Internet has been primarily driven by the private sector and the security of cyberspace is an inherently cross-cutting challenge. To accomplish our cybersecurity goals, we must work in a collaborative manner across our Components and with other federal and nonfederal partners.
5. Global approach. Robust international engagement and collaboration is required to accomplish our national cybersecurity goals. DHS must engage internationally to manage global cyber risks, respond to worldwide incidents, and disrupt growing transnational cyber threats as well as encourage other nations and foreign entities to adopt the policies necessary to create an open, interoperable, secure, and reliable Internet.
6. Balanced equities. Cyberspace empowers people and enables prosperity worldwide. Cybersecurity is not an end unto itself, and efforts to mitigate cybersecurity risks must also support international commerce, strengthen international security, and foster free expression and innovation.
7. National values. DHS must uphold privacy, civil rights, and civil liberties in accordance with applicable law and policy. The Department empowers our cybersecurity programs to succeed by integrating privacy protections from the outset and employing a layered approach to privacy and civil liberties oversight.
Become a Patron! True Information is the most valuable resource and we ask you to give back.
Russian New Generation Warfare Handbook
Page Count: 68 pages Date: December 2016 Restriction: For Official Use Only Originating Organization: U.S. Army, Asymmetric Warfare Group File Type: pdf File Size: 2,341,074 bytes File Hash (SHA-256):06F68FFE2479DA61E398E30722FE733450C9A32C4503BA343363680A9EAA698E
(U) As the American Army fought in Iraq and Afghanistan, it became the best tactical level counter insurgency force of the modern era. America’s enemies, however, did not rest. Russia observed the transformation of the American Army and began a transformation of their own. This new military barely resembles its former Soviet self. Wielding a sophisticated blend of Unmanned Aircraft Systems (UAS), electronic warfare (EW) jamming equipment, and long range rocket artillery, it took the Soviet model out of the 1980s and into the 21st Century.
(U) Ukraine’s 2014 Euromaidan Revolution overthrew a corrupt Russian supported president and threatened to place a pro-European government in power on the very outskirts of the Russian Federation. In March 2014, Russia occupied Ukraine’s Crimea with SPETsNAZ units in a virtually bloodless operation. SPETsNAZ then infiltrated into the Donbas region, fomenting unrest and sparking a pro-Russian insurgency.
(U) Over the next few months, the Ukrainian military and volunteer militia fought back rather successfully. They pushed the separatists back to the very border with Russia. Then everything changed. Russian regular troops with heavy equipment attacked across their border and fought a series of encirclement battles resulting in hundreds of Ukrainian troops killed and the Ukrainian Anti-Terror Operation teetering on the brink of defeat.
(U) How do we combat this enemy? America has not encountered this type of conflict for nearly a generation and needs to transform to fight and win in complex maneuver warfare. Several factors contribute to potential challenges U.S. formations may face in such a conflict: It has been several years since we deployed large numbers of troops in combat in Iraq or Afghanistan. Our junior leaders, both officers and enlisted, have less and less combat experience. Our equipment has been designed to combat an insurgency, not an enemy with potential overmatch. How do we protect our troops from unmanned aerial vehicles (UAVs), communications and GPS jamming, and layered air defense networks?
(U) This handbook attempts to examine the tactics used by Russia in Ukraine as the military component of their New Generation Warfare doctrine. We will attempt to describe their capabilities and applications of combat power. Finally, this handbook will present recommendations for U.S. Battalions and Brigade Combat Teams to counter these Russian methods of war. The war in Ukraine is still ongoing. The Russian Forces are still involved in Syria and continue to improve from their successes and shortfalls. We, as American Soldiers, must do the same. As the saying goes, “Only fools learn from their mistakes. The wise man learns from the mistakes of others.”
…
(U) CYBER
(U) Russia’s developing capabilities have also incorporated the cyber realm. The U.S. dependence on computer networks and the amount of technology present even at the company level, create vulnerabilities to Russia’s new found capabilities. Contributing factors for increased cyber-attacks are their low risk to high pay off ratio and increasingly interconnected U.S. military networks. Everyday U.S. military functions, such as Web-based or computer generated administrative and logistical operations or activities. This creates a significant vulnerability to cyber intrusion and network degradation.
(U) Cyber-attacks can effectively shape the battlefield and require very little risk on the part of the perpetrator. Since U.S. formations operate under selfimposed restrictions, like ethical hacking and prioritizing protective measures over offensives in the cyber realm, they are limited in their capabilities compared to Russian counterparts.
(U//FOUO) Russia is also able to reach into its nonmilitary cyber expertise to complement their military capabilities. The Kremlin cooperates with criminal hacker groups and the Russian government employs thousands of professional hackers as part of their whole of government Information Operations strategy. This severely outnumbers U.S. military cyber capabilities and means that U.S. brigades could be subjected to cyber-attacks from pro-Russian sympathizers in countries not even involved in a conflict.
(U) As with the degraded communication environment, Cyber Meaconing Intrusion, Jamming and Intercept (MIJI) is a very real threat to U.S. formations.
Become a Patron! True Information is the most valuable resource and we ask you to give back.
Die linksradikale Internetseite http://www.linksunten.indymedia wurde von dem deutschen Innenministerium verboten. Die humoristische Web-Seite, die auch gegen meine Person gerichtet war, um die STASI und KGB-Enthuellungen zu stoppen, war auch fuer die Vorbereitung der Gewaltakte gegen den G20 – Gipfel ins Visier des Innenministeriums geraten.
Die Internetseite wurde wohl auch von Linksradikalen und GoMoPa – Demagogen benutzt, um Ihre amuesanten Hassbotschaften gegen mich zu verbreiten. Insbesondere die Hass-Postings in Bezug auf meine angebliche Borderline-Krankheit und meinen von den Genossen exklusiv georteten und fern diagnostizierten “Wahnsinn” haben mich immer wieder amuesiert und fuer manche schoene Stunde gesorgt. Schade, das dies nun vorerst vorbei sein soll, liebe lustige linksunten – Genossen. Meine Gedanken sind in dieser schweren Stunde bei Euch und Euren Hass-Familien.
Da Euch linksradikalen Ostberliner und Freiburger Internet-STASI-Epigonen durch die kritische Berichterstattung in allen wesentlichen Medien Deutschlands die Luft ausgeht, seid Ihr nunmehr immer mehr auf Rubel aus Moskau angewiesen.
Ihr liebe kommunistische Kamarilla um den Ober – Genossen-Boss “Klaus Dieter Maurischat” und Eure Hamburger und Wiesbadener Genossen und Hintermaenner habt schon in der Vergangenheit sehr positiv ueber Russland und dubiose russische Staats- und Immobilien-Mafiosi berichtet und werdet dies in Zukunft offen und vor allem klandestin verstaerkt tun. Der rollende Rubel macht es moeglich…
Ihr lieben, lustigen Troll-Genossen, technisch geleitet von dem IT -Ober-Troll Sven Schmidt, Eagle IT, Berlin, werdet wohl in Kuerze mit einer weiteren linksextremen Webseite aufwarten, um linksunten zu ersetzen. Tolle Ideen und gelungene journalistische Artikel in der Tradition des alten DDR-Agitprop wie “Plaste und Elaste aus Zschopau ” kommen bald wieder vermehrt auf uns zu.
Ich freue mich schon jetzt auf weitere unterhaltsame Momente in der lustigen linksunten und “GoMoPa”-Tradition durch neue, innovative humoristische Spitzenprodukte, gerne auch mal in russischer Sprache und mit detaillierten “Krankheitsbildern” von mir oder anderen lustigen Meldungen a la Richard Kimble, Lassie, Fury, Bernd Pulch und Flipper auf der Flucht. Tres bon.
Ich sage DANKE.
Spassibo Dir, lieber super-lustiger KGB – Genosse Troll-Praesident Vladimir Putin fuer Dein gelungenes Medien-Sponsoring an Deiner alten deutschen Wirkungsstaette…
Become a Patron! True Information is the most valuable resource and we ask you to give back.
About how signals intelligence agencies, like NSA and GCHQ, are intercepting communications, we learned a lot from the Snowden revelations and the German parliamentary inquiry, but also from new legislation in France, the Netherlands and the United Kingdom.
Much less is known about the practice of tapping by law enforcement, like for example the FBI and police forces. Now, a case from the Netherlands provides some interesting insights in how Dutch police intercepts internet communications – in a way that comes remarkably close to the bulk collection by intelligence agencies.
Office of the Team High Tech Crime (THTC) of the Dutch police in Driebergen (photo: NRC/Merlin Daleman)
Cooperation with the Russians
On Saturday, May 27, the Dutch newspaper De Volkskrant came with a surprising storyabout the cooperation between the Team High Tech Crime (THTC) of the Dutch police and officials from the Russian federal security service FSB, which is the main successor to the notorious KGB.
Since 2009, regular meetings are held in the Netherlands, in which also officials from the FBI participate. The aim is to cooperate in tracking down and eventually arresting cyber criminals. The Volkskrant’s front page report is accompanied by an extensive background story, which contains some more worrying details, but is only available in Dutch.
The cooperation with the Russians dates back to September 2007, when the head of THTC attended a conference in the Russian city of Khabarovsk, at which CIA, FBI, Mossad, BND and other agencies were present. The head of THTC was able to create a connection to the FSB and their deputy head of the department for cyber crime, Sergei Mikhailov, became the liaison for the Dutch police and would regularly visit the Netherlands.
Meetings in Driebergen
Initially, the meetings with the Russians were held in the Dutch village of Driebergen, where the Team High Tech Crime has its offices. The Dutch security service AIVD was apparently not very fond of this, so every visit of for example Mikhailov had to be reported, and since 2012, every police officer who had contact with someone from the FSB was briefed by the AIVD before and after every meeting.
The FSB, much like the FBI, isn’t just responsible for law enforcement, but is also Russia’s secret service for domestic security. This made AIVD worried that FSB officers could use their visits to the Netherlands for spying – although strictly spoken, collecting foreign intelligence is the task of another Russian agency, the SVR.
The police compound in Driebergen started as highway patrol station, but nowadays houses some of the most sensitive units of the Dutch police, including the national criminal investigation branch and the Unit Landelijke Interceptie (or Lawful Interception, ULI), which was created in 2005 as the central facility for internet tapping, as well as for telephone tapping on behalf of all the smaller police districts.*
The police compound in the village of Driebergen (photo via Flickr)
Security incident
There was at least one security incident in Driebergen: De Volkskrant describes that during a meeting with FBI and FSB, a Russian official came to a member of the Dutch police team, pointed at someone from the FBI and said “he is copying your data”. An investigator went looking and saw that indeed the American had a thumb drive in a police laptop and was copying Dutch information. Whether this had any consequences was not reported.
In 2014, the cooperation with Russia came under pressure: in July, there was the Russian annexation of the Crimea and shortly aftwerwards, flight MH17 was shot down, killing 193 Dutch citizens. The criminal investigation of this case also takes place in Driebergen, so the police decided to move to meetings with FSB officials from Driebergen to police stations in Amsterdam and Rotterdam.
Intercepting at Leaseweb
The first case in which Dutch police and Russian FSB cooperated started in 2008, when Russian criminals used the ZeuS trojan horse malware to spoof the login screen of banks in order to capture user credentials, and steal the money from bank accounts without a trace.
Often these criminals used servers of the Dutch hosting company Leaseweb, which offers relatively anonymous and cheap services as well as high-speed connections, as it is close to the large Amsterdam internet exchange AMS-IX. To communicate with eachother, the criminals used the messenger service ICQ, which is still popular in Russia and Eastern Europe, but doesn’t use encryption.
To catch the criminals behind the ZeuS malware, the Dutch police team set up operation Roerdomp (the Dutch name for the Eurasian bittern) and in October 2008, they asked other countries for the ICQ numbers of known cyber criminals. Within 3 months, authorities from the US, Germany, Britain, the Ukraine and Russia provided a total of 436 ICQ numbers. In January 2009, the public prosecutor and an examining judge approved the interception of communications associated with these numbers.
ICQ logo and interface
DPI filtering
To acquire these ICQ communications, the police had decided to intercept all ICQ traffic from Russia that went through the Leaseweb servers. For that purpose they bought equipment for deep-packet inspection (DPI) worth 600.000,- euro.
DPI devices are able to examine the packets that make up internet traffic and filter them according to predefined criteria, usually to prevent viruses and spam, but in this case for intercepting communications.
High-end DPI equipment, from manufacturers like Narus and Verint, can also recreate(“sessionize”) the communication sessions in order to filter complete files and messages out – which is also one of the main features of NSA’s XKEYSCORE system.
The Volkskrant reports that after the interception was approved, the new equipment was connected to the servers of Leaseweb, but actually, Leaseweb will have splitted the traffic on its main backbone cable, creating a copy of all the data, which was then directed to the police computer – telecom and internet companies really don’t like outsiders to install equipment onto their actual networks.
Next, all the copied Leaseweb traffic, some 50 Gigabit per second for 4 to 10 million websites, went through the DPI machine. First the police filtered out all ICQ traffic, and then the ICQ traffic associated with the list of the 436 selected numbers. This went on for 3 months, so the warrant was apparently renewed a few times, as an approval for targeted interception is initially limited to a period of 4 weeks.
Leaseweb headquarters in Amsterdam (click to enlarge)
Some questions
The description of the tapping operation by De Volkskrant raises some questions. Government filtering systems having access to all the internet traffic of a company is the way that (signals) intelligence agencies are conducting bulk collection, not the way that law enforcement is supposed to do targeted interception.
In western countries, the police is generally only allowed to tap communications associated with individually identified suspects or specific communication identifiers, like phone numbers and e-mail addresses. In the ZeuS case, it was probably argued that it was targeted interception because there were 436 specific identifiers: the ICQ numbers of known cyber criminals.
Foreign selectors
First, this case immediately reminds of the selector affair that came to light through the German parliamentary inquiry into the cooperation between NSA and BND. For years, NSA provided the Germans with millions of internet identifiers, which they entered into their satellite collection system, without being able to see to whom these identifiers belonged.
Could that have happened to the Dutch police too? Were they able to verify that each one of the 436 ICQ numbers was used by a cyber criminal, or did they just trusted the foreign authority that provided them?
For this kind of international cooperation, it’s often inevitable that you have to trust your foreign partners, but then you should also try to make sure that the data collection is as careful and targeted as possible.
Dutch internet tapping
One way to assure that is through technical means. For telephone tapping this is relatively easy, because telephone switches have built-in tapping capabilities based upon international standards. For internet tapping this is different and external devices have to be used to pick out the communications of interest.
In the Netherlands, the interception of internet data uses the Transport of Intercepted IP Traffic (TIIT) protocol, which ensures that the police only gets the internet data associated with an IP or e-mail address for which there’s a warrant.
Overview of the TIIT protocol for IP and e-mail interception (click to enlarge)
First, an Internet Service Provider (ISP) copies all its traffic and leads the copy to a secured interception network on its own premises. There, a sniffer machine (S1) filters out the data that have to be intercepted, and encrypts these with a key that is associated with a particular warrant.
Then, these data go to the ISP collector machine (S2), which sets up a connection, through an encrypted tunnel over a regular internet link, to a government collector machine (T1), which receives the data from one or more S2 machines.
The T1 devices are managed by the Unit Lawful Interceptions (ULI) in Driebergen and from there, the intercepted data are distributed to computers (T2) at the tapping rooms (tapkamers) of the police districts. Here, they are stored and decrypted so the intercepted communications become available in plain text.
Intercepting hosting providers
With the TIIT protocol, the police doesn’t get access to the copy of an ISP’s entire traffic: it’s the ISP that controls the sniffer machine that filters out the communications that belong to a particular suspect. But at Leaseweb it was apparently the police that controlled the sniffer (in the form of DPI equipment) where all the traffic passed through.
The most likely reason for this is that Leaseweb is a hosting provider and it’s considered that such companies don’t have to comply with the Dutch Telecommunications Law that says that public communication networks or services have to be interceptable. Therefore, hosting providers were not required to install the tapping facilities like the telephone and internet access companies have.
But the hosting companies can of course cooperate voluntarily when the police presents them a warrant. However, when the new Secret Services Act comes into force, such non-public communication providers do have to tolerate interception on behalf of AIVD and MIVD, but they don’t need to have pre-installed tapping capabilties.
This means that in both cases, even for targeted interception, the government will control the sniffer equipment for filtering up to a company’s entire traffic – something that digital rights groups like the ACLU already consider to be unlawful “bulk surveillance.”
Oversight
Another question is how to make sure that the police doesn’t misuse it’s power when for example a hosting provider voluntarily provides access to their entire traffic. Maybe the police has internal protocols for that, but while interception conducted by the secret services is subject to independent oversight, police tapping is not.
It’s considered that in criminal cases, a judge will eventually decide whether certain police methods are lawful or not, but in practice, judges often lack the necessary technical knowledge, while police and public prosecutors try to hide these sensitive techniques. It’s not clear whether any suspect in the ZeuS case was tried before a Dutch court.
Untargeted interception
The ZeuS case shows that not only the networks of telecommunications and internet service providers can be useful to intercept, but also hosting providers like Leaseweb, especially when their servers are used by foreign companies to host their internet (communication) services – useful, not only for the police, but also for the secret services AIVD and MIVD.
Soon, both services can even go a step further, as the new Secret Services Act will also allow them to conduct untargeted cable interception. That means that they may not only filter out communications that are associated with already known identifiers, but also (temporarily) store all the metadata and a lot of content in order to search for data that belong to yet unknown targets.
In the public debate about the new law, there was a lot of speculation about how the new untargeted cable access will be implemented, but the interception at Leaseweb, as described by De Volkskrant, gives a very concrete example of what can be expected.
National watch center of the Royal Marechaussee in Driebergen with a large dark gray Philips PNVX crypto telephone (photo: AmberAlert.nl)
The end of ZeuS
After collecting the messages associated with the 436 ICQ numbers and subsequently analysing them, it came out that one particular ICQ number acted as the leader of the cyber crime network. In one of the intercepted conversations this person even admitted to be the designer of the ZeuS malware.
The police gave him the codename “Umbro”, but he himself used aliasses like Lucky12345, Monstr, Slavik, IOO, Pollingsoon, and Nu11. De Volkskrant story doesn’t tell how the police found out the real identity of “Umbro” and it was only in 2014, under the international law enforcement Operation Tovar, that he was identified as Evgeniy Mikhailovich Bogachev, born October 28, 1983.
Already in 2013, investigators noticed that the ZeuS virus wasn’t just used for stealing money anymore, but also for finding out very specific information about government officials of Russia’s neighbours. Dutch police and the FBI became convinced that “Umbro” (Bogachev) had started working for Russian intelligence too.
To be or not to be arrested
The latter seems to be one of the reasons that, after the hack of the Democratic National Committee (DNC) in 2016, the US government put Bogachev on a list of sanctioned individuals. Besides that, his malware was also responsible for stealing over 100 million USD from American organizations. However, Bogachev is still at large, probably because he is useful for Russian intelligence operations.
For the Dutch police team there was another unpleasant surprise: Sergei Mikhailov, the FSB officer who had become such a familiar face for them, was suddenly arrested in December 2016 – according to Russian press reports because he and Kaspersky expert Ruslan Stojanov had leaked information to US intelligence.
Nobody knows whether this is true or where Mikhailov is now, but the cooperation between Dutch police and the Russian FSB continues.
When it comes to mobile broadband internet, there are a variety of numerous systems, for example LTE, 3rd generation as well as 4G, which allow continuous transmission of the web sign towards the cell phone. A special broadband Wi-Fi signal doesn’t depend on line-of-sight transmitters check over here.
Of course it is e2e crypted. That is why SS (Secret Service) need help from ISPs. All the “targeted” traffic goes through LI (Lawful Intercept) devices. SS is interested not only what you speak about, but with who you are speaking as well. With little bit of fishing or other methods you get the key to decrypt all the traffic and encrypt it again – so no one knows ’bout it.
Become a Patron! True Information is the most valuable resource and we ask you to give back.
Kellyanne Conway and CNN’s Anderson Cooper clashed in an interview over CNN’s reporting of the classified documents presented to President Obama and President-elect Trump including allegations that Russian operatives claim to have compromising personal and financial information about Trump.
Russian Agents Of Shield,Russian Agents Killed,Russian Agents In The Us,Russian Agents Dying,Russian Agents Voted For Trump,Russian Agents Behind Yahoo,Russian Agents Of Influence,Russian Agents Indicted,Russian Agents Trump,Russian Agents Yahoo Hack,Russian Agents Arrested,Russian Agents Are Behind Yahoo Breach,Russian Agents In America,Russian Travel Agents Association,Russian Sleeper Agents In America,Russian Kgb Agents In America,Russian Travel Agents In Australia,Russian Visa Agents In Australia,Russian Agents Behind Yahoo,Russian Agents Behind,Russian Basketball Agents,Russian Agents Killed By Isis,Russian Agents Executed By Isis,Russian Agents Killed By Is,Russian Agents Killed By Child,Russian Agents In Britain,Russian Visa Agents In Bangalore,Russian Fsb Agents Killed By Isis,Russian Chemical Agents,Russian Sleeper Agents Cold War,Russian Estate Agents Cyprus,Russian Sleeper Agents Caught,Russian Property Agents Cyprus,Russian Real Estate Agents Chicago,Russian Agents Killed By Child,Russian Visa Agents In Chennai,Child Russian Agents,Russian Agents Dying,Russian Agents Dead,Russian Double Agents,Russian Double Agents In The Cold War,Russian Double Agents Executed,Russian Visa Agents Delhi,Russian Travel Agents Directory,Russian Real Estate Agents Dubai,Russian Visa Agents In Dubai,Russian Travel Agents In Dubai,Russian Agents Executed,Russian Agents Executed By Isis,Russian Estate Agents,Russian Estate Agents London,Russian Estate Agents In Cyprus,Russian Estate Agents In Spain,Russian Education Agents,Russian Estate Agents In Paphos,Russian Estate Agents In Limassol,Russian Estate Agents Tenerife,Russian Foreign Agents Law,Russian Football Agents,Russian Fsb Agents,Russian Free Agents,Russian Free Agents Hockey,Russian Fifa Agents,Russian Fsb Agents Killed By Isis,Russian Fsb Agents Executed,Russian Free Agents Nhl,Russian Federal Agents,Russian Gru Agents,Russian Real Estate Agents Greece,Russian Hockey Agents,Russian Hunting Agents,Russian Free Agents Hockey,Russian Holiday Agents,Russian Agents In The Us,Russian Agents Indicted,Russian Agents In America,Russian Agents In The White House,Russian Agents In Uk,Russian Agents Isis,Russian Agents In Ukraine,Russian Agents In Europe,Russian Agents In Syria,Russian Agents In Romania,Russian Agents Killed,Russian Agents Killed By Isis,Russian Agents Killed By Child,Russian Kgb Agents In America,Russian Kgb Agents,Russian Fsb Agents Killed By Isis,Famous Russian Kgb Agents,Russian Visa Agents In Kolkata,Russian Sleeper Agents Movie,Russian Estate Agents Marbella,Russian Travel Agents Melbourne,Russian Real Estate Agents Miami,Russian Visa Agents In Mumbai,Russian Nerve Agents,Russian Free Agents Nhl,Russian Real Estate Agents New York,Russian Agents Of Shield,Russian Agents Of Influence,Russian Travel Agents Outbound,Russian Property Agents,Russian Property Agents London,Russian Property Agents Cyprus,Russian Port Agents,Russian Patent Agents,Russian Agents In Poland,Russian Visa Agents In Pakistan,Russian Estate Agents In Paphos,Russian Estate Agents Selling Property In Spain,Russian Agents In Romania,Russian Sleeper Agents Real,Russian Inteligence Agents Face Risk Of Disclosure,Russian Agents Shot,Russian Agents Series,Russian Sleeper Agents,Russian Sleeper Agents 2010,Russian Sleeper Agents 2014,Russian Secret Agents,Russian Sleeper Agents Tv Series,Russian Secret Agents Arrested In Us,Russian Sleeper Agents 1980s,Russian Special Agents,Russian Agents Trump,Russian Travel Agents,Russian Travel Agents List,Russian Travel Agents Association,Russian Travel Agents Uk,Russian Travel Agents In Dubai,Russian Tour Agents,Russian Travel Agents In Australia,Russian Travel Agents Melbourne,Russian Travel Agents In San Francisco,Russian Undercover Agents,Russian Agents In Us,Russian Agents In Uk,Russian Agents In Ukraine,Russian Travel Agents Uk,Russian Estate Agents In Uk,Russian Agents Voted For Trump,Russian Visa Agents In Delhi,Russian Visa Agents In Mumbai,Russian Visa Agents In Pakistan,Russian Visa Agents In Chennai,Russian Visa Agents In Dubai,Russian Visa Agents,Russian Visa Agents In Islamabad,Russian Visa Agents In India,Russian Visa Agents In Lahore,Russian Agents Were Behind Yahoo Hack,Russian Sleeper Agents Wiki,Russian Sleeper Agents Cold War,Russian Agents Yahoo Hack,Russian Agents Yahoo,Russian Agents Yahoo Breach,
Become a Patron! True Information is the most valuable resource and we ask you to give back.
Sie kennen das: Ein Clown sendet Ihnen eine E- Mail.
Der Clown nennt sich oder ist Rainer von Holst. Alles ohne Beweis. Was macht man damit ? Richtig. Man fragt Google und die User.
Die Rainer von Holst-Clown Maske mit falscher E-Mail inklusive cc an “Polizei” ohne handfeste Beweise – Ist das ein gelungener Halloween-Scherz ? Oder sind andere Horror-Clowns noch besser ?
a Adolf Hitler
b Benito Mussolini
c Rainer von Holst
d Nero
Wer hat die beste Horror-Clown-Frisur ?
a Fury
b Rainer von Holst
c Flipper
d Lassie
You will be the Judge !
Horror Clown Movies, Horror Clown Movies 2016, Horror Clown Makeup, Horror Clown Movie 2017, Horror Clown Videos, Horror Clown Costumes, Horror Clown Mask, Horror Clown Pics, Horror Clown Stories, Horror Clown Names, Scary Clown American Horror Story, Evil Clown American Horror Story Actor, American Horror Story Clown, Horror Movie About Clown, Horror Movie With Clown And Babysitter, Clown American Horror Story Actor, American Horror Clown Costume, American Horror Clown Mask, American Horror Clown Actor, Clown American Horror Story Trailer, Horror Clown Books, Horror Clown Birthday, Horror Clown Bilder, Horror Clown Breda, Horror Clown Blick, Horror Clown Basel, Horror Film Clown Babysitter, Horror Movie Clown Babysitter, Horror Story Clown Babysitter, American Horror Story Clown Backstory, Horror Clown Costumes, Horror Clown Costumes Adults, Horror Clown Character, Horror Clown Costume Ideas, Horror Clown Costumes Uk, Clown Horror Comedy, American Horror Clown Costume, Classic Horror Clown Costume, Womens Horror Clown Costume, Horror Movie Clown Costume, Horror Clown Drawings, Horror Clown Dolls, Horror Clown Dailymotion, Horror Clown Director, Horror Clown Deutsch, Horror Clown Deutschschweiz, Horror Dog Clown Car, Horror Dome Clown, Horror Clown Fancy Dress, Horror Clown Videos Dailymotion, Horror Clown England, Horror Clown Es, Horror Clown Eli Roth, Horror Clown Essen, Evil Clown Horror Movie, Evil Clown Horror, American Horror Story Clown Episode, Evil Clown American Horror Story, Evil Clown American Horror Story Actor, American Horror Story Clown Episode 1, Horror Clown Film, Horror Clown Face, Horror Clown Face Paint, Horror Clown Film 2015, Horror Clown Full Movie, Horror Clown Fancy Dress, Horror Clown Figurine, Horror Clown Frankrijk, Horror Clown Frankreich, Horror Clown France, Horror Clown Gifs, Horror Clown Games, Horror Clown Geschichte, Horror Clown Geschichten, Horror Clown Gesicht, Horror Clown Girl, American Horror Clown Gif, Scary Clown Horror Gif, Clown Horror Movie Gif, American Horror Story Clown Girl, Horror Clown Halloween, Horror Clown Huren, Horror Clown Images, Horror Clown In Nederland, Horror Clown In Der Schweiz, Horror Clown In Thun, Horror Clown In Frankrijk, Horror Clown In Frankreich, Horror Clown It, Horror Clown In Basel, Horror Clown In England, Horror Clown In Luxemburg, Horror Clown Jokes, Horror Clown Jack, American Horror Story Clown Jaw, Horror Clown John Wayne, Jeugdjournaal Horror Clown, Clown Horror Prank Jockiboi, Horror Clown Killer, Horror Clown Laugh, Horror Clown Luxemburg, Horror Clown Luxembourg, Horror Clown Lache, Clown Horror List, Horror Clown Movies List, Clown Horror Films List, Horror Movies Like Clown, American Horror Story Clown Lawsuit, Horror Clown Mask Latex, Horror Clown Movies, Horror Clown Movies 2016, Horror Clown Makeup, Horror Clown Movie 2017, Horror Clown Mask, Horror Clown Music, Horror Clown Movies On Netflix, Horror Clown Memes, Horror Clown Names, Horror Clown Nights, Horror Clown Night Game, Clown Horror Novels, Clown Horror Netflix, Clown Horror New, Horror Movie Clown Names, American Horror Clown Name, American Horror Clown No Mask, Horror Clown Movies New, Horror Clown Outfit, Horror Clown Movies On Netflix, Horror Movie Clown On Tricycle, Scary Clown On American Horror Story, Clown Horror Movies Online, Horror Movie With Clown On Cover, Clown Horror Watch Online, Horror Movies Of Clown, Creepy Clown On American Horror, Clown Horror Movie Watch Online, Horror Clown Pics, Horror Clown Prank, Horror Clown Props, Horror Clown Poem, Horror Clown Prosthetic, Horror Clown Photoshop, Horror Clown Pak, Horror Clown Face Paint, American Horror Clown Picture, Horror Movie Clown Puppet, Horror Clown Quotes, American Horror Story Clown Quotes, Horror Clown Real, Clown Horror Review, Clown Horror Rotten Tomatoes, Horror Film Clown Rocking Chair, American Horror Story Clown Real, American Horror Story Clown Running, American Horror Story Clown Real Person, American Horror Story Clown Real Face, Clown Horror Movie Dvd Release, Clown Horror Recensione, Horror Clown Stories, Scary Horror Clowns, Horror Story Clown Mask, Horror Clown Song, Horror Story Clown Statue, Horror Clown Sound, Horror Clown Suit, Scary Horror Clown Movies, Clown Horror Short Stories, Horror Movie Clown Scene, Horror Clown Tattoo, Horror Clown Top 10, Horror Clown Thun, Horror Clown Trailer, Horror Clown Tutorial, American Horror Clown Trailer, Horror Movie Clown Trailer, Moviepilot Horror Clown Trailer, Horror Movie The Clown, American Horror Story Clown, Horror Clown Masks Uk, Horror Clown Costumes Uk, Horror Film Clown Under Bed, Horror Movie Clown Under Bed, American Horror Story Clown Unmasked, American Horror Clown Makeup, Clown Upcoming Horror Movies, Horror Clown Makeup, Horror Clown Halloween Makeup, Horror Clown Uit Frankrijk, Horror Clown Videos, Horror Clown Videos Dailymotion, Horror Clown Verkleidung, American Horror Story Clown Video, American Horror Story Clown Vine, Halloween Horror Nights Clown Video, Horror Clown Tattoo Vorlagen, Horror Clown Versteckte Kamera, Horror Clown Vermoord, Horror Clown Verhalen, Horror Clown Wallpapers, Horror Clown Wiki, Horror Clown Woman, Horror Clown Wig, Horror Clown Womens Costume, Clown Horror Watch Online, Horror White Clown, American Horror Clown Without Mask, Horror Movie With Clown Doll, Horror Movie With Clown Killer, Horror Clown Youtube, Clown Horror Movies Youtube, American Horror Story Clown Youtube, Youtube Horror Clown Prank, Film Horror Sui Clown Yahoo, Film Horror Clown Yahoo, Horror Zombie Clown Mask, Clown Zombies Horror, Clown Horror Zwiastun, Horror Clown Zoetermeer, Rainer Von Holst Firmenwelten, Rainer Von Holst Gerlachreport, Rainer Von Holst Usa, Rainer Von Holst Gerlach, Rainer Von Holst Gomopa, Rainer Von Holst Iserlohn, Rainer Von Holst, Rainer Von Holst Bank, Rainer Von Holst Politico, Rainer Von Holst Augsburg, Rainer Von Holst Augsburg, Rainer Von Holst Bank, Rainer Von Holst Firmenwelten, Rainer Von Holst Gerlachreport, Rainer Von Holst Gerlach, Rainer Von Holst Gomopa, Rainer Von Holst Iserlohn, Rainer Von Holst Politico, Rainer Von Holst Princeton, Rainer Von Holst Usa, Rainer Von Holst Werther
4 comments:
Anonymous said…
Anonymous said…
see here said…
cyberzon said…
Post a Comment