TOP-SECRET – Iran Making Nuclear Weapons Report

TOP-SECRET – Iran Making Nuclear Weapons Report

1. This report of the Director General to the Board of Governors and, in parallel, to the Security Council, is on the implementation of the NPT Safeguards Agreement and relevant provisions of Security Council resolutions in the Islamic Republic of Iran (Iran).

G. Possible Military Dimensions

38. Previous reports by the Director General have identified outstanding issues related to possible military dimensions to Iran’s nuclear programme and actions required of Iran to resolve these. Since 2002, the Agency has become increasingly concerned about the possible existence in Iran of undisclosed nuclear related activities involving military related organizations, including activities related to the development of a nuclear payload for a missile, about which the Agency has regularly received new information.

39. The Board of Governors has called on Iran on a number of occasions to engage with the Agency on the resolution of all outstanding issues in order to exclude the existence of possible military dimensions to Iran’s nuclear programme. In resolution 1929 (2010), the Security Council reaffirmed Iran’s obligations to take the steps required by the Board of Governors in its resolutions GOV/2006/14 and GOV/2009/82, and to cooperate fully with the Agency on all outstanding issues, particularly those which give rise to concerns about the possible military dimensions to Iran’s nuclear programme, including by providing access without delay to all sites, equipment, persons and documents requested by the Agency. Since August 2008, Iran has not engaged with the Agency in any substantive way on this matter.

40. The Director General, in his opening remarks to the Board of Governors on 12 September 2011, stated that in the near future he hoped to set out in greater detail the basis for the Agency’s concerns so that all Member States would be kept fully informed. In line with that statement, the Annex to this report provides a detailed analysis of the information available to the Agency to date which has given rise to concerns about possible military dimensions to Iran’s nuclear programme.

41. The analysis itself is based on a structured and systematic approach to information analysis which the Agency uses in its evaluation of safeguards implementation in all States with comprehensive safeguards agreements in force. This approach involves, inter alia, the identification of indicators of the existence or development of the processes associated with nuclear-related activities, including weaponization.

42. The information which serves as the basis for the Agency’s analysis and concerns, as identified in the Annex, is assessed by the Agency to be, overall, credible. The information comes from a wide variety of independent sources, including from a number of Member States, from the Agency’s own efforts and from information provided by Iran itself. It is consistent in terms of technical content, individuals and organizations involved, and time frames.

43. The information indicates that Iran has carried out the following activities that are relevant to the development of a nuclear explosive device:

• Efforts, some successful, to procure nuclear related and dual use equipment and materials by military related individuals and entities (Annex, Sections C.1 and C.2);
• Efforts to develop undeclared pathways for the production of nuclear material (Annex, Section C.3);
• The acquisition of nuclear weapons development information and documentation from a clandestine nuclear supply network (Annex, Section C.4); and
• Work on the development of an indigenous design of a nuclear weapon including the testing of components (Annex, Sections C.5–C.12).

44. While some of the activities identified in the Annex have civilian as well as military applications, others are specific to nuclear weapons.

45. The information indicates that prior to the end of 2003 the above activities took place under a structured programme. There are also indications that some activities relevant to the development of a nuclear explosive device continued after 2003, and that some may still be ongoing.

Escalating Tensions Between the United States and Iran Pose Potential Threats to the United States

Escalating Tensions Between the United States and Iran Pose Potential Threats to the United States

 

 

The Joint Intelligence Bulletin (JIB) is planned to help bureaucratic, state, nearby, innate, and regional counterterrorism, digital, and law implementation authorities, and private segment accomplices, to viably stop, forestall, appropriate, or react to episodes, deadly tasks, or fear based oppressor assaults in the United States that could be led by or for the benefit of the Government of Iran (GOI) if the GOI were to see activities of the United States Government (USG) as demonstrations of war or existential dangers to the Iranian system. The GOI could act straightforwardly or enroll the participation of intermediaries and accomplices, for example, Lebanese Hizballah. The FBI, DHS, and NCTC had evaluated any active retaliatory assault would initially happen abroad. In the occasion the GOI were to decide to direct a Homeland assault, potential targets and strategies for assault in the Homeland could run from digital activities, to focused deaths of people considered dangers to the Iranian system, to damage of open or private foundation, including US army installations, oil and gas offices, and open tourist spots. USG activities may likewise incite vicious radical supporters of the GOI to submit assaults in retaliation, with next to zero notice, against US-based Iranian protesters, Jewish, Israeli, and Saudi people and interests, and USG faculty.

(U//FOUO) Immediate Response in Homeland Could Take Form of Cyber Operations

(U//FOUO) The FBI, DHS, and NCTC survey a prompt GOI reaction in the Homeland could appear as endeavored digital activities against USG offices and systems, including US military frameworks, and basic private part works, given that such tasks could be endeavored by Iran-based digital entertainers without the need of building up a US nearness. The US Intelligence Community has evaluated that Iran keeps on getting ready for digital assaults against the United States and partners. It is fit for causing confined, impermanent problematic impacts during a digital assault on unfortunate casualty systems. Verifiably, Iran has demonstrated the capacity to complete troublesome and ruinous digital assaults against open and private business systems, for example, expanded dispersed forswearing of-administration (DDoS) battles and information erasure assaults.

(U//FOUO) Iran speaks to a digital secret activities and assault risk, utilizing progressively refined digital methods and endeavoring to convey digital abilities that would empower assaults against basic foundation in the United States. Tehran’s general hazard math for a digital reaction likely will change dependent on the US strike, which Iranian pioneers have vocally depicted as escalatory, and hostile digital activities are probably going to be considered as retaliatory alternatives. Malignant action and observation may not really happen from Iranian Internet Protocol (IP) space, as on-screen characters may utilize midpoint framework in different nations. All things considered, traffic from Iranian IP locations may not be demonstrative of malignant movement. The FBI, DHS, and NCTC stress great digital cleanliness, for example, fixing frameworks and instructing work force to make preparations for generally utilized digital entertainer procedures, for example, social building and lance phishing.

(U//FOUO) Potential for GOI-Directed Lethal Attacks in the Homeland

(U//FOUO) as of late, the USG has captured a few people following up in the interest of either the GOI or Lebanese Hizballah who have directed reconnaissance demonstrative of possibility making arrangements for deadly assaults in the United States against offices and people.

» (U//FOUO) A specialist of the GOI captured in 2018 had led observation of Hillel CenterUSPER and Rohr Chabad CenterUSPER, Jewish establishments situated in Chicago, including shooting the security highlights encompassing the Chabad Center.

» (U//FOUO) Three Lebanese Hizballah External Security Organization (ESO) agents captured somewhere in the range of 2017 and 2019 had directed reconnaissance of US military and law implementation offices, basic foundation, private segment scenes, and open tourist spots in New York City, Boston, and Washington, DC.

(U//FOUO) The GOI likewise has a background marked by directing deaths and death endeavors against people in the United States it regards a danger to the Iranian system. The GOI killed the US-based previous representative for the Shah of the Iran in 1980 and plotted to kill the Saudi Arabian envoy to the United States in 2011. In August 2018, the USG captured two people for going about as operators of the GOI by directing incognito reconnaissance of Iranian protesters in New York City and Washington, DC, and the previously mentioned security highlights of Jewish offices in Chicago.

 

Website Defacement Activity Indicators of Compromise and Techniques Used to Disseminate Pro-Iranian Messages

Website Defacement Activity Indicators of Compromise and Techniques Used to Disseminate Pro-Iranian Messages

Following a week ago’s US airstrikes against Iranian military initiative, the FBI watched expanded revealing of site ruination movement spreading Pro-Iranian messages. The FBI accepts a few of the site disfigurement were the consequence of digital on-screen characters misusing realized vulnerabilities in content administration frameworks (CMSs) to transfer ruination documents. The FBI exhorts associations and individuals worried about Iranian digital focusing on be acquainted with the markers, strategies, and procedures gave in this FLASH, just as strategies and methods gave in as of late spread Private Industry Notification “Notice on Iranian Cyber Tactics and Techniques” (20200109-001, 9 January 2020).

Specialized Details:

The FBI recognized malevolent on-screen characters utilizing known vulnerabilities in CMSs to transfer ruination pictures onto injured individual sites. The FBI trusts one on-screen character utilized realized vulnerabilities permitting remote execution by means of treat and remote establishment. The FBI likewise distinguished that one of the records utilized in a destruction was presented on a site where the server facilitating the undermined site was designed so outer clients could direct HTTP POSTs. The FBI watched the utilization of a HTTP PUT direction to transfer a destruction document to an injured individual server.

The FBI notes various on-screen characters directed site mutilation movement with genius Iranian messages. Accordingly, the IP locations and procedures utilized will change. The FBI distinguished the underneath groupings of destruction movement.

One lot of mutilation action utilized the beneath record:

Filename MD5

Default.aspx

87b3b80bb214c0f5cfa20771dd6625f2

The accompanying connections, contact data, and strings were remembered for a disfigurement record:

http://yon%5B.%5Dir/6YL2X

https://t%5B.%5Dme/ZetaTech_iR2

https://instagram%5B.%5Dcom/Mrb3hz4d

hackedbymrb3hz4d(at)gmail[.]com

The accompanying IP addresses are related with the on-screen character connected to the disfigurement action with the above referenced connections, contact data, and strings:

IP Address

83.123.83[.]61

196.64.50[.]13

A second arrangement of destruction movement was distinguished utilizing the underneath record:

Filename

hardrevenge11.html

The FBI takes note of the above mutilation picture was transferred by means of a HTTP PUT order. The accompanying IP address is related with the on-screen character connected to this arrangement of ruination action:

IP Address

2.182.188[.]39

A third arrangement of mutilation action was distinguished utilizing the underneath IP address:

IP Address

212.92.114[.]228

The FBI notes for this mutilation action, the on-screen character had the option to direct a HTTP POST of a document utilized in a destruction.

Best Practices for Network Security and Defense:

Utilize customary updates to applications and the host working framework to guarantee insurance against known vulnerabilities.

Set up, and reinforcement disconnected, a “known decent” adaptation of the pertinent server and an ordinary change-the board arrangement to empower checking for modifications to servable substance with a document honesty framework.

Utilize client input approval to confine nearby and remote record incorporation vulnerabilities.

Execute a least-benefits approach on the Webserver to:

o Reduce foes’ capacity to raise benefits or turn horizontally to different hosts.

o Control creation and execution of records specifically catalogs.

If not effectively present, consider sending a peaceful area (DMZ) between the Web-confronting frameworks and corporate system. Constraining the communication and logging traffic between the two gives a technique to recognize conceivable noxious movement.

Guarantee a protected arrangement of Webservers. Every single pointless assistance and ports ought to be incapacitated or blocked. Every essential assistance and ports ought to be confined where plausible. This can incorporate whitelisting or blocking outside access to organization boards and not utilizing default login qualifications.

Utilize a switch intermediary or elective support of limit available URL ways to known authentic ones.

Direct customary framework and application weakness sweeps to build up regions of hazard. While this strategy doesn’t secure against multi day assaults, it will feature potential zones of concern.

Convey a Web application firewall, and direct ordinary infection signature checks, application fluffing, code audits, and server arrange examination.

CIA Offers Tips on Preparing a “Go-Bag” for Emergencies in Iran and Elsewhere

Ask Molly: November 20, 2019


Dear Molly,

I’ve been closely following the news out in California, and the devastation caused by wildfires that continue to burn. Though we don’t live in the area, it got me wondering if my family is prepared to handle a natural disaster like that. What can I do? #AskMollyHale

~Not Your Average Prepper


Dear Not Your Average Prepper,

Great question! Unfortunately, many people don’t think about these types of things until disaster strikes. It’s great that you’re thinking about emergency preparedness now.

GoBag2.jpg
CIA Officer with a Go-Bag

At CIA, we spend a lot of time discussing emergency preparedness and planning with our officers, who often find themselves working in all kinds of remote—and sometimes dangerous—places around the world. Often villages, towns or even cities are ill-equipped to handle major emergencies. What those emergencies might look like (hurricanes, earthquakes, civil unrest, violent uprisings or wildfires, etc.) can be hard to predict, but a well thought-out emergency plan, paired with regular drills and the right equipment, can put you in a better position to weather the storm, whatever form it takes.I asked our Office of Security for tips on developing an emergency action plan, and they had lots of suggestions. They also recommended that everyone learn how to create a “go-bag.” (A go-bag has important items that you may need during an emergency) Hopefully you’ll find these tips useful for you and your family.


Tips for Developing an Emergency Action Plan

An emergency action plan is, simply put, the plan of action for you and your family if a crisis arises. It’s important to discuss (and write down) your plan so you and your family know exactly what to do during an emergency. Remember: Planning shouldn’t be done in isolation. Every member of your family should be included and actively contribute. Here are a few things you should consider discussing when creating your emergency plan:

  • Be aware: What sort of natural disasters are frequent to your area? How might they affect your access to resources, roads or general infrastructure? Does your area have an emergency alert system? Do you know how you might be able to access it? These types of questions can help you shape your family’s planning meeting.
  • Establish a communication plan: The odds of you and your family being in the same location during an emergency are slim, so planning for communications is critical. Who is the primary point of contact for the family? What about a secondary point of contact, if your primary point of contact can’t be reached? What should you do if you don’t have a cell phone or if it isn’t working? Larger families should establish a ‘phone tree’ system in which each person is responsible for establishing contact with a particular person or set of persons.
  • Identify meeting points (primary/secondary/tertiary): If you and your family aren’t able to make contact with one another it’s important that everyone knows the location of designated meeting points. Meeting points should be familiar places around town where you and your family can plan to meet if an emergency were to occur while you were separated. It is best to pick locations that are familiar to your family, such as your home or that of a relative. Other options can include schools or local civic buildings. Be sure to have a few back-up locations just in case you can’t reach the first one. For instance, if the primary location is home but the roads are blocked, everyone should know to make their way to a secondary location, like a school or a grandparent’s house.
  • Consider the specific needs of your household: You can easily find an off-the-shelf emergency action plan on the Internet, but is it going to address the needs of your family in your specific area? Probably not. An emergency action plan should take into account precautions that are unique to you and your family. Perhaps you have a family member in a wheelchair; if so, your designated meeting points should take handicap accessibility into consideration. Do you have pets? Make sure you have food/water, vaccination records, proof of ownership and even a photo of your pet, in case you get separated. Check out the website for the Federal Emergency Management Agency (FEMA) for more information on how to prepare your pets for an emergency.
  • Plan evacuation routes: An emergency could require that you and your family quickly evacuate the area. If so, you need to be aware of all possible evacuation routes, without relying on GPS. Try to memorize these routes. That way you can evacuate an area safely and quickly—even if some roads are blocked and communication networks aren’t working.
  • Practice, practice, practice: An emergency plan is no good if it sits in the kitchen drawer unread and unused. It is important to commit the plan to memory. Our security officers encourage all of us at CIA to not only plan for emergencies, but also to practice them, both at home and at work. When practicing, throw in some curveballs that require you and your family to fall back on secondary plans or even completely unplanned options.

Building the Perfect Go-Bag

GoBag1.JPG
Emergency Kit Go-Bag on CIA Seal

According to FEMA, people should be prepared to take care of themselves and family members for up to 72 hours, or three days, following a disaster. To do this effectively you should collect and consolidate the appropriate materials at a well-known location in your home, work or vehicle ahead of time. We recommend consolidating the items into what we call a “go-bag,” so named because it is a tool that is intended for use in ‘on-the-go’ situations, such as a hasty evacuation.As some of our officers can attest, multiple go-bags scattered throughout the house, vehicles and your workplace might be the best solution. You never know where you’ll be when disaster strikes and having a go-bag within arm’s reach can mean the difference between life and death.

Contents of your go-bag should (at a minimum) include:

  • 1 gallon of water per day (or purification tablets)
  • Spoil-free food (i.e. protein bars)
  • First aid kit (with any prescription medications needed)
  • Light source (flashlight, glow sticks, etc.)
  • Spare batteries- (replenish them regularly)
  • Disaster plan with contact numbers, map and evacuation routes
  • Copies of passports and other critical documents
  • Warm blanket and several space blankets
  • Change of clothes with sturdy shoes
  • Hygiene supplies
  • Multi-tool (i.e., one that includes tools like a knife, screw driver and tweezers)
  • Cash and traveler’s checks
  • Matches or other fire starter in a waterproof case
  • Waterproof storage
  • Paper and pencil
  • Cell phone with emergency contact numbers and charger
  • Portable power bank for cell phones
  • Emergency repair kit (parachute cord, duct tape, safety pins)

This is by no means an exhaustive list, but should serve as a reference as you build a more personalized list based on your needs and those of your family, as well as the specific threats or challenges you are likely to face in your part of the world. If, for instance, you live along the coastline, you may want to put more time/effort into waterproofing your go bag and its contents. Those living or staying in areas of earthquake activity should consider including temporary shelters and focusing on communications, as cellular towers could be impacted.

Hopefully these tips are helpful!

Stay safe,

~ Molly

Unveiled – Terrorists plan attacks on US Power and Science Centers

Charlie Hebdo #1178-page-001
 

NNSA an Iranian Target

I cannot reveal my source (to keep my VIP access as it is) which is an underground forum known to host many of groups, “the usual suspects”. I observed there is on going arrangement for release the results of an attack to Department of Energy. If the map on the forum thread means something, I presume the national labs were also attacked. I couldn’t realize which one of the players and groups were orchestrating the release though. Among the targets there is NNSA, I have seen other Iranian attack on NNSA before. I am personally curious is this an attempt to mess with the smart grid or just another hit and grab industrial data?

Messages [on drawing] all in Farsi and have slang codes within them to the extent translator is useless.

[Image]

[Image]