TBR News May 13, 2017

May 13 2017

The Voice of the White House

Washington, D.C. May 13, 2017: “To anyone trying to assemble a collection of daily news articles, from reputable sources and not blogs, there is either a glut of news or a dearth. Too much or too little. Today we have the reportable actions of Trump on one hand and the cyber attacks on the other. The civil war in Syria, the North Korean falling rockets, the vanished border fence, the French elections and the hysterical allegations against Russia for anything from stealing elections to flat tires, all of these vital stories are overwhelmed by cyber attacks and the ill-advised Comey firing. Next week, if the computer systems are still in place, there will be nothing other than pathetic stories about wounded marmosets, lost cats, new pizza restaurants in Brooklyn using reprocessed human fat, locked lavatories on United commercial aircraft and other moving and vital stories.”

Table of Contents

  • Global cyber attack slows but experts see risk of fresh strikes
  • Don’t WannaCry? 5 easy tips to protect yourself from ransomware
  • Embarrassing the Government Is the Ultimate Crime
  • What is ransomware?
  • ‘Accidental hero’ halts ransomware attack and warns: this is not over
  • Comey declines to testify before Senate committee
  • Classified America: Why Is the US Public Allowed To Know So Little?
  • The labels said ‘organic.’ But these massive imports of corn and soybeans weren’t.
  • “Misunderstanding Terrorism”: How the Us vs. Them Mentality Will Never Stop Attacks
  • Trump to back Palestinian ‘self-determination’ on Mideast trip: aide
  • Iraq’s Shi’ite paramilitaries squeeze Islamic State toward Syria border

 Global cyber attack slows but experts see risk of fresh strikes

May 13, 2017

by Jeremy Wagstaff and Eric Auchard

Reuters

SINGAPORE/FRANKFURT-A global cyber attack described as unprecedented in scale forced a major European automaker to halt some production lines while hitting schools in China and hospitals in Indonesia on Saturday, though it appeared to die down a day after its launch.

Capitalizing on spying tools believed to have been developed by the U.S. National Security Agency, the cyber assault has infected tens of thousands of computers in nearly 100 countries, with Britain’s health system suffering the worst disruptions.

Cyber extortionists tricked victims into opening malicious malware attachments to spam emails that seemed to contain invoices, job offers, security warnings and other legitimate files.

Once inside the targeted network, so-called ransomware made use of recently revealed spy tools to silently infect other out-of-date machines without any human intervention. This, security experts said, marked an unprecedented escalation in the risk of fresh attacks spreading in the coming days and weeks.

The ransomware encrypted data on the computers, demanding payments of $300 to $600 to restore access. Researchers observed some victims paying via the digital currency bitcoin, though no one knows how much may have been transferred to extortionists because of the largely anonymous nature of such transactions.

Researchers with security software maker Avast said they had observed 126,534 ransomware infections in 99 countries, with Russia, Ukraine and Taiwan the top targets.

The hackers, who have not come forward to claim responsibility or otherwise been identified, took advantage of a worm, or self-spreading malware, by exploiting a piece of NSA spy code known as “Eternal Blue” that was released last month by a hackers group known as the Shadow Brokers, according to researchers with several private cyber security firms.

Renault said it had halted auto production at several sites including Sandouville in northwestern France and Renault-owned Dacia plants in Romania on Saturday to prevent the spread of ransomware in its systems.

Nissan’s manufacturing plant in Sunderland, northeast England, was also affected by the cyber assault though “there has been no major impact on our business”, a spokesman for the Japanese carmaker said.German rail operator Deutsche Bahn [DBN.UL] said some electronic signs at stations announcing arrivals and departures were infected, with travelers posting pictures showing some bearing a message demanding a cash payment to restore access.

“UNPRECEDENTED” ATTACK EASES

Europol’s European Cybercrime Center said it was working closely with country investigators and private security firms to combat the threat and help victims. “The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits,” it said in a statement.

Some experts said the threat had receded for now, in part because a British-based researcher, who declined to give his name, registered a domain that he noticed the malware was trying to connect to, and so limited the worm’s spread.

“We are on a downward slope, the infections are extremely few, because the malware is not able to connect to the registered domain,” said Vikram Thakur, principal research manager at Symantec.

“The numbers are extremely low and coming down fast.”

But the attackers may yet tweak the code and restart the cycle. The researcher in Britain widely credited with foiling the ransomware’s proliferation told Reuters he had not seen any such tweaks yet, “but they will (happen).”

Researchers said the worm deployed in the latest attack, or similar tools released by Shadow Brokers, are likely to be used for fresh assaults not just with ransomware but other malware to break into firms, seize control of networks and steal data.

Finance chiefs from the Group of Seven rich countries were to commit on Saturday to joining forces to fight the growing threat of international cyber attacks, according to a draft statement of a meeting they are holding in Italy.

“Appropriate economy-wide policy responses are needed,” the ministers said in their draft statement, seen by Reuters.

HOSPITALS IN FIRING LINE

In Asia, some hospitals, schools, universities and other institutions were affected, though the full extent of the damage is not yet known because it is the weekend.

“I believe many companies have not yet noticed,” said William Saito, a cyber security adviser to Japan’s government. “Things could likely emerge on Monday” as staff return to work.

China’s information security watchdog said “a portion” of Windows systems users in the country were infected, according to a notice posted on the official Weibo page of the Beijing branch of the Public Security Bureau on Saturday. Xinhua state news agency said some secondary schools and universities were hit.

In Vietnam, Vu Ngoc Son, a director of Bkav Anti Malware, said dozens of cases of infection had been reported there, but he declined to identify any of the victims.

South Korea’s Yonhap news agency reported a university hospital had been affected, while a communications official in Indonesia said two hospitals there had been hit.

The most disruptive attacks were reported in Britain, where hospitals and clinics were forced to turn away patients after losing access to computers on Friday.

International shipper FedEx Corp said some of its Windows computers were also breached. “We are implementing remediation steps as quickly as possible,” a FedEx statement said.

Telecommunications company Telefonica was among many targets in Spain. Portugal Telecom and Telefonica Argentina both said they were also targeted.

Only a small number of U.S.-headquartered organizations were hit because the hackers appear to have begun the campaign by focusing on targets in Europe, said Thakur.

By the time they turned their attention to the United States, spam filters had identified the new threat and flagged the ransomware-laden emails as malicious, he added.

MICROSOFT BOLSTERS WINDOWS DEFENCES

Private security firms identified the ransomware as a new variant of “WannaCry” that had the ability to automatically spread across large networks by exploiting a known bug in Microsoft’s Windows operating system.

“This is one of the largest global ransomware attacks the cyber community has ever seen,” said Rich Barger, director of threat research with Splunk, one of the firms that linked WannaCry to the NSA.

The Shadow Brokers released Eternal Blue as part of a trove of hacking tools that they said belonged to the U.S. spy agency.

The attack targeted Windows computers that had not installed patches released by Microsoft in March, or older machines running software that Microsoft no longer supports and for which patches did not exist, including the 16-year-old Windows XP system, researchers said.

Microsoft said it pushed out automatic Windows updates to defend existing clients from WannaCry. It had issued a patch on March 14 to protect them from Eternal Blue. Late on Friday, Microsoft also released patches for a range of long discontinued software, including Windows XP and Windows Server 2003.

“Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt,” Microsoft said in a statement on Friday, adding it was working with customers to provide additional assistance.

POLITICALLY SENSITIVE TIMING

The spread of the ransomware capped a week of cyber turmoil in Europe that began when hackers posted a trove of campaign documents tied to French candidate Emmanuel Macron just before a run-off vote in which he was elected president of France.

On Wednesday, hackers disrupted the websites of several French media companies and aerospace giant Airbus. The hack happened four weeks before a British general election in which national security and the management of the state-run National Health Service are important issues.

Authorities in Britain have been braced for cyber attacks in the run-up to the election, as happened during last year’s U.S. election and on the eve of the French run-off vote on May 7.

But those attacks – blamed on Russia, which has repeatedly denied them – followed a different modus operandi involving penetrating the accounts of individuals and political organizations and then releasing hacked material online.

On Friday, Russia’s interior and emergencies ministries, as well as its biggest bank, Sberbank, said they were targeted by ransomware. The interior ministry said about 1,000 computers had been infected but it had localized the virus.

Although cyber extortion cases have been rising for several years, they have to date affected small- to mid-sized organizations. “Seeing a large telco like Telefonica get hit is going to get everybody worried,” said Chris Wysopal, chief technology officer with cyber security firm Veracode.

(Additional reporting by Kiyoshi Takenaka, Jim Finkle, Eric Auchard, Jose Rodriguez, Alistair Smout, Andrea Shalal, Jack Stubbs, Antonella Cinelli, Dustin Volz, Kate Holton, Andy Bruce, Michael Holden, David Milliken, Rosalba O’Brien, Julien Toyer, Tim Hepher, Luiza Ilie, Patricia Rua, Axel Bugge, Sabine Siebold and Eric Walsh, Engen Tham, Fransiska Nangoy, Soyoung Kim, Mai Nguyen; editing by Mark Heinrich)

 Don’t WannaCry? 5 easy tips to protect yourself from ransomware

May 13, 2017

RT

An aggressive new strain of ransomware is shutting down Windows operating computers all over the world. Although the virus known as WannaCry has already infected over 75,000 PCs in 99 countries, it is actually not that hard to secure your digital data.

The latest ransomware employs asymmetric encryption to hold the target’s information for ransom, using a pair of keys uniquely generated by the attacker for the victim. The attacker makes the private key available to the victim only after the ransom is paid – or very likely does not.

Here are some easy steps to protect your machine and secure your files from falling hostage to online scammers.

#0 Patch!

Security experts advise to install the Microsoft fix—MS17-010—right away. Following the installation, make sure to reboot the system.

The patch that closes the backdoor used by WannaCry to penetrate the system was released by Microsoft on March 14 – apparently shortly after the NSA became aware that its exploit has been stolen, and roughly a month before the Shadow Brokers hacking group exposed it to the world.

In general, patching your system and installing regular Microsoft updates should secure an average PC user from unwanted vulnerabilities.

#1 Beware!

Just as with many other ransomware, the virus can penetrate the system not only through a Windows vulnerability, but also through the “spray-‘n’-pray” phishing attack, which involves spamming users with emails that carry a malicious attachment. The attackers can also lure a victim to click on a URL where malware will be ready to crawl into your machine.

Because ransomware targets everyday Internet users, businesses and public service providers, any individuals or organizations that needs continuous access to its systems should be especially careful what sites they visit and which attachments they open up.

#2 Backup!

It is highly advised, in order to protect yourself from being held hostage to data thieves, to create secure backups of important data on a regular basis. Simply backing up is not enough though, as physically disconnecting the storage device is required to avoid it being infected with ransomware as well. Cloud storage is another option to use, but it makes your data vulnerable to all other kinds of attacks.

#3 Don’t pay ransom!

This one is quite simple – there’s no guarantee that victims will get their data back even if they caught up cash cyber crooks demand from them. Plus there is no guarantee that the attackers won’t strike you again or demand more.

#4 Install antivirus (at least a trial version)!

Make use of your antivirus software’s ransomware removal tool, which should scan for and wipe out any ransomware attempts found on your computer.

Most paid subscriptions use real-time protection to keep their clients. Even if ransomware gets past your antivirus, chances are good that within a short while an automatic antivirus update will clear the intruder from your system. Most antivirus companies offer trial versions free of charge to test before subscribing for a paid service, which should be enough if one needs to urgently remove a stray malware.

Ransomware known as WannaCry, Wanna, or Wcry went on a global cyber infection rampage on Friday, infecting at least 75,000 computers in at least 99 countries. The malware adopted to a multi-lingual platform has caused complete data paralysis at banks, hospitals and telecommunications service providers, most notably in the UK, Spain, and Germany.

The virus demands a ransom of $300 to $600 in bitcoin by May 15 to unlock access to data held hostage. The malware is widely believed to have been developed based on the National Security Agency’s zero-day exploit which was leaked last month by the Shadow Brokers hacker group.

Embarrassing the Government Is the Ultimate Crime

Why whistleblowers are treated worse than traitors

May 12, 2017

by Philip Giraldi

The Amereican Conservative

President Barack Obama was a master at using the tools available through the Justice Department to silence whistleblowers and otherwise put a lid on developments that might embarrass his administration. He initiated numerous claims of the state-secrets privilege to stop lawsuits against the government, while also prosecuting leakers with a zeal previously unseen.

So perhaps it is not completely surprising to learn of a truly bizarre tale that surfaced last week regarding an Obama-era closed-door trial and imprisonment of a Federal Bureau of Investigation (FBI) translator, Daniela Greene, a German linguist who reportedly traveled secretly from Detroit to Syria to wed a leading ISIS terrorist whom she had been investigating but had never met.

The odd romance could have come straight out of a work of fiction. In fact, it has an uncanny resemblance to Ian Fleming’s From Russia With Love, where the Russian double agent Tatiana Romanova claimed that she had fallen in love with James Bond as a result of studying his KGB file. And just like in the Fleming novel, our FBI heroine experienced guilt and remorse before finally deciding to do the right thing, though in her case the right thing meant returning to her old allegiance rather than embracing a new one.

One interesting aspect of the trial and imprisonment of Greene is how it was all kept secret. Another notable fact is that she was convicted on a lesser charge that minimized her jail time, with the judge further being induced to give her the lightest possible sentence. This mitigation was reportedly due to her cooperation, but it might also be because the case was such an embarrassment, demonstrating that there are huge holes in the bureau’s security vetting and personnel-management procedures.

Admittedly there is much that one does not know about the Greene saga, as considerable portions of the court records were sealed and remain unobtainable. But there are certain bits that can almost certainly be surmised from similar cases involving defections. Thirty-eight-year-old Daniela Greene was born in Czechoslovakia and raised in Germany. She married an American servicemember, from whom she has subsequently separated, and moved to the United States. She eventually obtained a master’s degree in history from Clemson University and was eventually hired in 2011 by the FBI as a German-language translator. As part of the hiring process, she was subjected to what was believed to be a thorough background check that included a polygraph. She was granted a top-secret clearance to provide translation support in highly sensitive terrorism-related investigations.

In January 2014 Greene was working in the bureau’s Detroit office, focusing on a German-born rapper who had converted to Islam and become a jihadist affiliated with ISIS. He was well-known for his propaganda and recruiting videos aimed at a German-speaking audience. His actual name was Denis Cuspert but his rapper name was Deso Dogg. Both in Syria and online he went by various other names, including Abou Mamadou and Denis Mamadou Cuspert. He also used an Arabic name, Abu Talha al-Almani (“Father of” Talha “the German”). In one video he is seen holding a newly severed human head while in another he is kicking a corpse on a battlefield near Homs in Syria.

Cuspert fled Germany in 2012, shortly after having posted a fake video on Facebook that allegedly showed American soldiers raping a Muslim woman. The video reportedly motivated a man to attack U.S. servicemen in Frankfurt, killing two of them. After stops in Egypt and Libya, Cuspert wound up in Syria where he was put to work in the ISIS propaganda department.

Greene’s professional interest in Cuspert apparently developed into a different type of obsession. She identified several phone and Skype accounts he used but also found a third account that she kept to herself, not reporting the information to her superiors. Shortly thereafter, she almost certainly made initial contact with Cuspert surreptitiously through that account. In June 2014, she filed a foreign-travel request claiming that she intended to visit her family in Munich, which was granted, but instead flew to Istanbul and made her way to the border, where she contacted Cuspert and he arranged for her onward travel into Syria. Once in Syria she immediately married Cuspert, even though she was still married to her American husband, but within two weeks she began to have serious concerns about what she had done.

On August 1, five weeks after Greene’s departure from the U.S., the FBI issued a secret arrest warrant for her. Increasingly distraught over her situation, Greene somehow escaped Syria and made her way back to the United States, where she was arrested on August 8. She was allegedly fully cooperative, her case was sealed, and a series of closed hearings followed through the end of the year, when she pleaded guilty and was sentenced to two years in prison dating from her arrest in August. She was released in August 2016 and now lives in Syracuse.

Greene’s testimony regarding Cuspert apparently led to his being identified as a “Specially Designated Global Terrorist” in February 2015. She also reportedly provided other information that was “significant, long-running and substantial.” Greene claimed during her interrogations in late 2014 that she had revealed little to her husband and his colleagues during her short time in Syria, an assertion the FBI may or may not have believed to be true. Shortly after Greene’s sentencing, the German media picked up on bits of the story, alleging that Cuspert had actually been duped into marrying an FBI “spy,” a spin that likely originated with the U.S. government to create suspicion regarding Cuspert among his colleagues in ISIS.

The handling of the Greene case is only partly discernible because so many of the relevant court documents are still sealed, but it does raise some serious questions beyond the procedures used to check out new employees. Greene might have been able to provide substantial information on Cuspert personally and on her surroundings at an ISIS stronghold in Syria. But she spoke no Arabic and it is safe to assume that she would not have been trusted, which would mean close monitoring of her activities was likely. And she admitted providing information to Cuspert on the investigation into him, so it is possible that she also was forthcoming on other FBI cases that she knew about.

FBI translators work closely with special agents on cases, so it is not as if they spend all day translating documents without any understanding of why texts are relevant. Greene might have had considerable information on terrorism investigations underway in Germany. She would certainly have been pressed by ISIS to establish her bona fides and she no doubt would have been cooperative, just as she was when she returned home to the United States and opted to help her FBI interrogators. And as ISIS would have been careful not to let her know too much while she was still being assessed, one has to be somewhat skeptical about the reliability or importance of the information that she proved willing to provide to the U.S. government.

Greene was plausibly a traitor. She provided classified information to an enemy of the United States (as defined by the 2016 Congressional Authorization to Use Military Force). She was tried in secret and received a slap-on-the-wrist sentence. Other American citizens or residents convicted of providing material assistance to terrorists or desiring to join ISIS and al-Qaeda have received much stiffer sentences. Terrorism or national-security cases produce an 87 percent conviction rate and the sentences have averaged 14 years, even when the accused did absolutely nothing beyond talking or sending money back home in one of the frequent FBI “sting” operations (referred to by some as entrapment). So there is a substantial difference in terms of how justice was served in the Greene case compared to what was normal for others who “provide material assistance to terrorism.”

Two other national-security cases involving CIA-officer whistleblowers sent to prison also illustrate how justice is not always blind. On January 23, 2012, John Kiriakou, a whistleblower who had exposed the secret and illegal Agency waterboarding program to Senate investigators, was charged with disclosing classified information to journalists, including the name of an undercover CIA officer who had already been exposed in the media. The government made no effort to demonstrate that any genuine national-security interests had actually been damaged by Kiriakou’s actions. To avoid a protracted trial held in secret, in October 2012, Kiriakou plea-bargained guilty to one count of passing classified information to the media, thereby violating the Intelligence Identities Protection Act. In January 2013, he was sentenced to 30 months in prison and is now free.

Then there is Jeffrey Sterling, who is currently serving a three-and-a-half-year prison term for allegedly leaking information to New York Times journalist James Risen. Sterling first came to the media’s attention when in 2003 he blew the whistle on a botched CIA operation called Operation Merlin, telling the Senate Intelligence Committee staff that the CIA had mistakenly sent nuclear secrets to Iran. So it was perhaps inevitable that in 2006, when James Risen published a book that inter alia discussed the botched Operation Merlin, the Department of Justice focused on Sterling as the suspected source. In court the federal prosecutors relied almost entirely on Risen’s phone and email logs, which reportedly demonstrated that the two men had been in contact up until 2005. But the prosecutors did not provide the content of those communications, even though the FBI was listening in on some of them. Risen has claimed that he had multiple sources on Operation Merlin, and Sterling has always denied being involved. No evidence was ever produced in court demonstrating that any classified information ever passed between them.

Jeffrey Sterling could not even testify in the trial on his own behalf because he would have had to discuss Operation Merlin, which was and is still classified, meaning he could not reveal any details about it even if they are already known through the Risen book. Indeed, some of the information in Risen’s book relating to Merlin could not have been known by Sterling as he was no longer associated with the operation after mid-2000, a detail that could also not be presented as it too was considered classified. The jury convicted Sterling based on “suspicion,” a verdict that defense witness Col. Pat Lang, former head of the Defense Intelligence Agency’s clandestine program, described as a “travesty.”

After conviction Sterling was sent to prison in Colorado—900 miles from his family’s home in St. Louis. According to his wife Holly, legal fees have wiped out the couple’s finances, leading some to believe that the government deliberately set out to make an example of Sterling. John Kiriakou observed that “The point wasn’t just to imprison Jeffrey. It was to ruin him. Utterly ruin him. The point was to demonize him. And frighten any other would-be whistleblowers.”

So much for equal justice in the United States. Joining a terrorist group to marry one of its leaders while sharing classified information merits little in the way of either publicity or consequences because it would embarrass the “system.”  But blowing the whistle on wrongdoing causes a ton of bricks to descend—even when the government fails to demonstrate that any actual damage has been done. It is all a matter of perception. The contrite translator cooperates and gets a pass while those who expose government criminality can expect nothing but the worst, even if an essentially phony case has to be contrived to dole out the punishment.

 

What is ransomware?

Thousands of computers across the globe were hit by a ransom-demanding malware. DW explains what ransomware is and how to avoid becoming the next victim.

May 13, 2017

by  Chase Winter

DW

A massive global cyberattack infected tens of thousands of computers in nearly 100 countries by exploiting vulnerabilities believed to have been exposed in documents leaked from the US National Security Agency.

Friday’s attack used a malware known as ransomware to extort money from victims, including governments, companies and organizations.

DW explains what ransomware is and how to avoid becoming the next victim.

What is ransomware?

Ransomware is malware that encrypts files on an infected computer or mobile device. The ransomware locks the computer and prevents users from accessing files, documents and pictures until payment is made.

How does a computer get infected with ransomware?

Computers are typically infected when a user opens a link or email attachment from a malicious email message. Known as a phishing email, the message is often sent from an email account disguised to look like it is coming from a known or trustworthy entity. Hackers can also plant malware on websites.

Sometimes a user may not be immediately aware the computer is infected. Some types of ransomware, such as the one used on Friday, show a “lock screen” notifying the user their files have been encrypted and demanding payment to unlock the files.

How does payment and unlocking work?

The ransomware demands the user pay to have the files decrypted. Payment, often with the anonymous virtual currency Bitcoin, allows the user to access the files with an encryption key only known by the hacker. As in Friday’s attack, the payment can go up if it is not made within a short time frame.

If the payment is not made within a certain time period the encryption key is destroyed and the files lost forever.

Should you pay ransomware?

Law enforcement agencies advise against paying ransom. They say payment encourages criminal hackers and there is no guarantee that after payment access to files will be restored.

What can you do to protect yourself against ransomware?

Exercise caution before clicking on an email link from an unknown or potentially disguised source. Users should also install security updates on their computers and back up files in case of attack.

Friday’s attack targeted a known vulnerability in the Windows operating system. Microsoft said it released Windows updates to defend against the ransomware used in the attack, but not everyone installed them.

Why are businesses vulnerable to ransomware?

Larger businesses, organizations and governments may not install security updates immediately because they have their own security measures in place. Hackers target businesses because they calculate that they are more likely to pay. Businesses may have sensitive data and do not want to disrupt operations. Restoring files may also be more expensive than paying the extortion fee.

How can you get files back?

Without paying the extortion payment it is very difficult to save the files.  There are instances of hackers creating weak malware that is capable of being broken. In one case, a hacker regretted creating malware and published a master key for files to be decrypted. In another case, law enforcement seized a server with keys on it and shared it with victims.

Law enforcement agencies and computer security companies have keys to some ransomware to decrypt files, but with a growing number of different malware most ransomware cannot be decrypted.

 

‘Accidental hero’ halts ransomware attack and warns: this is not over

  • Expert who stopped spread of attack by activating software’s ‘kill switch’ says criminals will ‘change the code and start again’
  • Cyber-attack hits dozens of countries – live updates

May 13, 2017

Massive ransomware cyber-attack hits 74 countries around the world

by Nadia Khomami in London and Olivia Solon in San Francisco

The Guardian

The “accidental hero” who halted the global spread of an unprecedented ransomware attack by registering a garbled domain name hidden in the malware has warned the attack could be rebooted.

The ransomware used in Friday’s attack wreaked havoc on organisations including FedEx and Telefónica, as well as the UK’s National Health Service (NHS), where operations were cancelled, X-rays, test results and patient records became unavailable and phones did not work.

But the spread of the attack was brought to a sudden halt when one UK cybersecurity researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and inadvertently activated a “kill switch” in the malicious software.

The researcher, who identified himself only as MalwareTech, is a 22-year-old from south-west England who lives with his parents and works for Kryptos logic, an LA-based threat intelligence company.

“I was out having lunch with a friend and got back about 3pm and saw an influx of news articles about the NHS and various UK organisations being hit,” he told the Guardian. “I had a bit of a look into that and then I found a sample of the malware behind it, and saw that it was connecting out to a specific domain, which was not registered. So I picked it up not knowing what it did at the time.”

The kill switch was hardcoded into the malware in case the creator wanted to stop it spreading. This involved a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading. The domain cost $10.69 and was immediately registering thousands of connections every second.

MalwareTech explained that he bought the domain because his company tracks botnets, and by registering these domains they can get an insight into how the botnet is spreading. “The intent was to just monitor the spread and see if we could do anything about it later on. But we actually stopped the spread just by registering the domain,” he said. But the following hours were an “emotional rollercoaster”.

“Initially someone had reported the wrong way round that we had caused the infection by registering the domain, so I had a mini freakout until I realised it was actually the other way around and we had stopped it,” he said.

MalwareTech said he preferred to stay anonymous “because it just doesn’t make sense to give out my personal information, obviously we’re working against bad guys and they’re not going to be happy about this.”

He also said he planned to hold onto the URL, and he and colleagues were collecting the IPs and sending them off to law enforcement agencies so they can notify the infected victims, not all of whom are aware that they have been affected.

He warned people to patch their systems, adding: “This is not over. The attackers will realise how we stopped it, they’ll change the code and then they’ll start again. Enable windows update, update and then reboot.”

He said he got his first job out of school without any real qualifications, having skipped university to start up a tech blog and write software.

“It’s always been a hobby to me, I’m self-taught. I ended up getting a job out of my first botnet tracker, which the company I now work for saw and contacted me about, asking if I wanted a job. I’ve been working there a year and two months now.”

But the dark knight of the dark web still lives at home with his parents, which he joked was “so stereotypical”. His mum, he said, was aware of what had happened and was excited, but his dad hadn’t been home yet. “I’m sure my mother will inform him,” he said.

“It’s not going to be a lifestyle change, it’s just a five-minutes of fame sort of thing. It is quite crazy, I’ve not been able to check into my Twitter feed all day because it’s just been going too fast to read. Every time I refresh it it’s another 99 notifications.”

Proofpoint’s Ryan Kalember said the British researcher gets “the accidental hero award of the day”. “They didn’t realise how much it probably slowed down the spread of this ransomware”.

The time that @malwaretechblog registered the domain was too late to help Europe and Asia, where many organisations were affected. But it gave people in the US more time to develop immunity to the attack by patching their systems before they were infected, said Kalember.

The kill switch won’t help anyone whose computer is already infected with the ransomware, and it’s possible that there are other variants of the malware with different kill switches that will continue to spread.

The malware was made available online on 14 April through a dump by a group called Shadow Brokers, which claimed last year to have stolen a cache of “cyber weapons” from the National Security Agency (NSA).

Ransomware is a type of malware that encrypts a user’s data, then demands payment in exchange for unlocking the data. This attack used a piece of malicious software called “WanaCrypt0r 2.0” or WannaCry, that exploits a vulnerability in Windows. Microsoft released a patch (a software update that fixes the problem) for the flaw in March, but computers that have not installed the security update remain vulnerable.

The ransomware demands users pay $300 worth of cryptocurrency Bitcoin to retrieve their files, though it warns that the “payment will be raised” after a certain amount of time. Translations of the ransom message in 28 languages are included. The malware spreads through email.

“This was eminently predictable in lots of ways,” said Kalember. “As soon as the Shadow Brokers dump came out everyone [in the security industry] realised that a lot of people wouldn’t be able to install a patch, especially if they used an operating system like Windows XP [which many NHS computers still use], for which there is no patch.”

Security researchers with Kaspersky Lab have recorded more than 45,000 attacks in 74 countries, including the UK, Russia, Ukraine, India, China, Italy, and Egypt. In Spain, major companies including telecommunications firm Telefónica were infected.

By Friday evening, the ransomware had spread to the United States and South America, though Europe and Russia remained the hardest hit, according to security researchers Malware Hunter Team. The Russian interior ministry says about 1,000 computers have been affected.

Comey declines to testify before Senate committee

May 12, 2017

by Austin Wright

politico

Ousted FBI Director James Comey will not appear in a closed session before the Senate Intelligence Committee next Tuesday.

Comey had been invited by Chairman Richard Burr (R-N.C.) and top Democrat Mark Warner of Virginia. Their panel is investigating Russia’s election meddling and allegations of collusion between the Trump campaign and Moscow

Warner announced that Comey would not be appearing before his panel in an interview on MSNBC Friday.

The session would have provided Comey a first chance to discuss with lawmakers the circumstances of his firing.

Warner’s announcement came after President Donald Trump issued a warning to Comey on Twitter Friday, writing that the fired FBI director “better hope that there are no ‘tapes’ of our conversations before he starts leaking to the press!”

The tweet — which has outraged Democrats — appeared to be a response to a New York Times story in which sources close to Comey said he had declined a request from Trump to pledge loyalty to the president.

Classified America: Why Is the US Public Allowed To Know So Little?

May 13, 2017

by Robert Koehler,

AntiWar

For a journalist – especially one covering government and politics – the most suspicious, least trustworthy word in the language ought to be: “classified.”

As the drama continues to swirl around Russiagate, or whatever the central controversy of the Trump administration winds up being known as, that word keeps popping up, teasingly, seductively: “It appeared that there was a great deal more (former acting Attorney General Sally) Yates wished she could share,” the Washington Post informed us the other day, for instance, “but most of the information surrounding everything that happened remains classified.”

And the drama continues! And I have yet to hear a mainstream journo challenge or question that word or ask what could be at stake that requires protective secrecy even as the U.S. government seemingly threatens to collapse around Michael Flynn, America’s national security advisor for three weeks, and his relationship to Russia. Is there really any there there?

I’m not suggesting that there isn’t, or that it’s all fake news. Trump and pals are undoubtedly entwined financially with Russian oligarchs, which of course is deeply problematic. And maybe there’s more. And maybe some of that “more” is arguably classified for a valid reason, but I want, at the very least, to know why it’s classified. What I read and hear feels, instead, like collusion: journalists unquestioningly honoring bureaucratic keep-out signs as objective, even sacred, stopping points. Public knowledge must go no further because . . . you know, national security. But the drama continues!

And this is troubling to me because, for starters, nations built on secrecy are far more unstable than those that aren’t. Job #1 of a free, independent media is the full-on, continuous challenge to government secrecy. Such a media understands that it answers to the public, or rather, that it’s a manifestation of the public will. Stability and freedom are not the result of private tinkering. And peace is something created openly. The best of who we are is contained in the public soul, not bequeathed to us by unfathomably wise leaders.

So I cringe every time I hear the news stop at the word “classified.” Indeed, in the Trump era, it seems like a plot device: a way to maintain the drama. “. . . there was a great deal more Yates wished she could share, but most of the information surrounding everything that happened remains classified.”

Stay tuned, and keep your imaginations turned to high! This is Russia we’re talking about. They messed with our election. They “attacked” us in cyberspace. We’d tell you more about how bad things are, but . . . you know, national security.

If nothing else, this endless retreat behind the word “classified” is a waste of the Trump presidency. This administration’s recklessness is opening all sorts of random doors on national secrets that need airing. It’s not as though the country was sailing along smoothly and keeping the world safe and peaceful till Donald Trump showed up.

Trump could well be making a bad situation worse, but, as William Hartung pointed out: “After all, he inherited no less than seven conflicts from Barack Obama: Afghanistan, Iraq, Libya, Pakistan, Somalia, Syria and Yemen.”

The United States is engaged in endless war, at unbelievable and never-discussed cost, to no end except destruction in all directions. Those who have launched and perpetuated the wars remain the determiners of what’s classified and what isn’t. And Russia lurks silently in the background as a new Cold War gestates. And the media participate not in reporting the news but promoting the drama.

Occasionally this has not been the case. Remember the Pentagon Papers? Daniel Ellsberg photocopied a multi-thousand-page secret history of the Vietnam War in 1971 and handed it over to the New York Times. It was classified! But papers printed it. And Sen. Mike Gravel later read portions of the text aloud at a Senate subcommittee hearing.

“These portions,” notes history.com, “revealed that the presidential administrations of Harry S. Truman, Dwight D. Eisenhower, John F. Kennedy and Lyndon B. Johnson had all misled the public about the degree of US involvement in Vietnam, from Truman’s decision to give military aid to France during its struggle against the communist-led Viet Minh to Johnson’s development of plans to escalate the war in Vietnam as early as 1964, even as he claimed the opposite during that year’s presidential election.”

Our own government, in short, is as untrustworthy as the governments of our allies and our enemies. Government officials left to operate free of public scrutiny – bereft of public input – have proven themselves over and over to be shockingly shortsighted and cold-blooded in their decision-making, and indifferent to the impact they have on the future.

“It is nearly a truism,” writes Jeffrey Sachs, “that US wars of regime change have rarely served America’s security needs. Even when the wars succeed in overthrowing a government, as in the case of the Taliban in Afghanistan, Saddam Hussein in Iraq, and Moammar Khadafy in Libya, the result is rarely a stable government, and is more often a civil war. A ‘successful’ regime change often lights a long fuse leading to a future explosion, such as the 1953 overthrow of Iran’s democratically elected government and installation of the autocratic Shah of Iran, which was followed by the Iranian Revolution of 1979.”

All of this, and so much more, preceded Trump. He’s only the tail end of our troubles.

The labels said ‘organic.’ But these massive imports of corn and soybeans weren’t.

May 12, 2017

by Peter Whoriskey

The Washington Post

A shipment of 36 million pounds of soybeans sailed late last year from Ukraine to Turkey to California. Along the way, it underwent a remarkable transformation.

The cargo began as ordinary soybeans, according to documents obtained by The Washington Post. Like ordinary soybeans, they were fumigated with a pesticide. They were priced like ordinary soybeans, too.

But by the time the 600-foot cargo ship carrying them to Stockton, Calif., arrived in December, the soybeans had been labeled “organic,” according to receipts, invoices and other shipping records. That switch — the addition of the “USDA Organic” designation — boosted their value by approximately $4 million, creating a windfall for at least one company in the supply chain.

After being contacted by The Post, the broker for the soybeans, Annapolis-based Global Natural, emailed a statement saying it may have been “provided with false certification documents” regarding some grain shipments from Eastern Europe. About 21 million pounds of the soybeans have already been distributed to customers.

The multimillion-dollar metamorphosis of the soybeans, as well as two other similar grain shipments in the past year examined by The Post, demonstrate weaknesses in the way that the United States ensures that what is sold as “USDA Organic” is really organic.

The three shipments, each involving millions of pounds of “organic” corn or soybeans, were large enough to constitute a meaningful proportion of the U.S. supply of those commodities. All three were presented as organic, despite evidence to the contrary. And all three hailed from Turkey, now one of the largest exporters of organic products to the United States, according to Foreign Agricultural Service statistics.

Agriculture Department officials said that they are investigating fraudulent organic grain shipments. But the agency declined to identify any of the firms or shipments involved.

“We are continuing the investigation based on the evidence received,” it said in a statement.

The imported corn and soybean shipments examined by The Post were largely destined to become animal feed and enter the supply chain for some of the largest organic food industries. Organic eggs, organic milk, organic chicken and organic beef are supposed to come from animals that consume organic feed, an added expense for farmers that contributes to the higher consumer prices on those items.

While most food sold as “USDA Organic” is grown in the United States, at least half of some organic commodities — corn, soybeans and coffee — come from overseas, from as many as 100 countries.

USDA officials say that their system for guarding against fraud is robust.

Under USDA rules, a company importing an organic product must verify that it has come from a supplier that has a “USDA Organic” certificate. It must keep receipts and invoices. But it need not trace the product back to the farm. Some importers, aware of the possibility of fraud, request extra documentation. But others do not.

Regardless of where organics come from, critics say, the system suffers from multiple weaknesses in enforcement: Farmers hire their own inspection companies; most inspections are announced days or weeks in advance and lack the element of surprise; and testing for pesticides is the exception rather than the rule.

These vulnerabilities are magnified with imported products, which often involve more middlemen, each of whom could profit by relabeling conventional goods as “organic.” The temptation could be substantial, too: Products with a “USDA Organic” label routinely sell for twice the price of their conventional counterparts.

In recent years, even as the amount of organic corn and soybeans imported to the United States has more than tripled, the USDA has not issued any major sanctions for the import of fraudulent grain, U.S. farmers said.

“The U.S. market is the easiest for potentially fraudulent organic products to penetrate because the chances of getting caught here are not very high,” said John Bobbe, executive director of the Organic Farmers’ Agency for Relationship Marketing, or OFARM, a farmer cooperative. In Europe and Canada, he said, import rules for organics are much stricter.

Moreover, even when the USDA has responded to complaints of questionable imports, action has come too late to prevent the products from reaching consumers.

Four months after the soybeans arrived in California and after The Post began making calls about the shipment, county officials acting on behalf of the USDA showed up at the warehouse where the soybeans were being stored. The officials took samples to test for exposure to pesticides.

By that time, about 21 million pounds of the 36 million-pound shipment had already reached farms and mills. The customers who have purchased the soybeans said they were unaware there may have been a problem until a Post reporter called.

Gauging the extent of fraud in imported organics is difficult because there is little incentive for organic companies to advertise their suspicions about suppliers.

To test USDA claims that organic imports are rigorously monitored, The Post examined pesticide residue testing conducted on organic products in China.

China is the leading source of organic tea and ginger in the United States, and its food exports have drawn repeated scrutiny.

“In China, farmers have trouble following their own laws,” said Chenglin Liu, a professor at St. Mary’s University School of Law in San Antonio. “ So how can Americans expect Chinese farmers will follow U.S. organic rules?”

As in the United States, farmers in China seeking the “USDA Organic” label hire an inspection agency to certify that they meet the organic rules.

Using public-records laws, The Post obtained the results of pesticide residue tests conducted on farms with USDA organic certification in China. Although pesticide tests are not mandatory, inspection agencies are required to take samples from 5 percent of their clients, and The Post requested the results from the three most active inspection agencies overseeing Chinese farms.

The pesticide results showed very high levels of pesticide residue on some “organic” Chinese products. They also showed that the pesticide residue tests are applied unevenly.

One of the largest inspection agencies, a German company known as Ceres, appears to do rigorous testing.

Ceres conducts most of its tests on plant leaves, rather than on fruits, a method that can be more likely to detect pesticide use.

Their results from China, as a Ceres official said, were “quite shocking.”

Of 232 samples that Ceres tested from the Chinese organic farms, 37 percent showed more than traces of pesticide residue.

“This is the reality we are battling with in China,” said Albrecht Benzing of Ceres.

Some of the problem arises from pesticides from neighboring farms drifting over, experts said, and some is contamination from China’s polluted soil and water.

For example, in Shandong province, the Laiwu Manhing Vegetables Fruits Corp. harvests ginger that has been grown organically. But the water available for washing the ginger is so polluted that it leaves pesticide residue.

“After the ginger is washed, the water leaves behind pesticide residues too high to be considered organic” in the United States, said Li Hongtao, a sales manager at the company. He said the ginger is sold as organic in some countries but not the United States or Europe.

The pesticide residue results that were obtained by The Post also indicate that enforcement of “USDA Organic” rules for pesticides are uneven and possibly arbitrary, with results depending on the inspection agency.

While Ceres found remarkably high levels of pesticide residue, others reported extremely low levels.

For example, Ecocert, a French inspection agency, reported pesticide residue on about 1 percent of 360 samples from China in 2015 — a level of cleanliness remarkable for any country, let alone China and its well-documented pollution.

This wide range of pesticide use detected by organic inspectors in China — nearly 40 percent at one company and 1 percent in another — suggests a variety of methods and standards at work. Ecocert said their results may be low because they chose samples from a large number of farms. Different firms may also use different thresholds for what constitutes a positive result. The next year, Ecocert said, its testing criteria changed slightly, and the percentage of samples with pesticide levels rose to 8 percent.

Critics say the disparity in results shows that certifying agencies can make any farm look organic.

“The certifying agencies can choose who and when they test,” said Mischa Popoff, a former USDA organic inspector turned critic. “That’s why the results they can get are completely arbitrary.”

Each of the questionable organic shipments of corn and soybeans examined by The Post passed through Turkey, a country whose organic exports have provoked criticism from international authorities.

In 2013, for example, a report by the Research Institute of Organic Agriculture found that half of European importers and Turkish handlers had detected pesticide residue on organic products from Turkey.

The United States has seen large spikes in the amount of organic corn and soybeans entering from Turkey, according to USDA statistics. Between 2014 and 2016, the amount of organic corn arriving from Turkey rose from 15,000 metric tons to more than 399,000 metric tons; the amount of organic soybeans coming from Turkey rose from 14,000 metric tons to 165,000. (The three shipments examined by The Post represent roughly 7 percent of annual organic corn imports and 4 percent of organic soybean imports.)

Such sudden jumps in organic food production draw scrutiny because the organic transition process is slow — it can take three years for conventional land to be converted into organic farmland.

“Where did all this big production come from? Where are these organic farmers?” Miles McEvoy, chief of the USDA’s organic program, said to a group of U.S. organic farmers earlier this year.

The rise of imports has helped drop prices by more than 25 percent, hurting U.S. organic farmers, many of them small operations.

“My neighbor, small farm, lost $30,000 last year on 100 acres of organic corn,” said OFARM’s Bobbe. “In fact, there’s so much coming in, we’re finding buyers who won’t take any corn.”

To piece together the three questionable shipments, The Post was given records of the transactions by an industry expert who requested anonymity because they may conflict with the mandates of his employer. The documents included company invoices, shipping records and health certificates accompanying the shipments. Warehouse operators, importers, exporters and Ukrainian officials verified key documents and added details.

  • The first of the shipments arrived at the port of Wilmington in Delaware a year ago. It consisted of 46 million pounds of “organic” corn.

The Romanian company that provided the corn is not a certified organic company, and receipts show that the corn was initially purchased at the conventional price, not the organic one.

The shipper is listed as Hakan Organics, a Dubai-based company with operations in Turkey.

Hakan Organics is listed as an organic handler in good standing with the USDA.

The first intended customer for the corn, Perdue Agribusiness, asked for additional paperwork and then refused to accept the shipment, because “we could not confirm all the proper documentation” that Perdue requires, a company spokesman said.

The Post could not determine who ended up purchasing the “organic” corn.

Since then, Perdue has not received any shipments from Hakan Organics, a Perdue spokesman said.

Hakan Organics continued to ship agricultural products to the United States.

Hakan Bahceci, the chief executive of Hakan, indicated by email that he would answer questions but then did not respond further.

  • The second shipment, the soybeans from Ukraine and Turkey, arrived aboard the Four Diamond at the port of Stockton in December 2016.

A set of health certificates that accompanied the soybeans allowed The Post to trace the soybeans from California back to Turkey and to their origin in Ukraine.

The health certificates and associated receipts indicate that they were not really organic. For one thing, the soybeans were fumigated with tablets of aluminum phosphide, a pesticide prohibited under organic regulations; some of the soybeans originated from ADM Ukraine, a company that does not produce or trade organic soybeans and did not sell or label them as such, a company spokeswoman said; and finally, the soybeans were originally priced at the level of conventional soybeans.

Invoices and other documents for those soybeans showed that they were originally priced at about $360 per ton. By the time they reached the United States, the price reached almost $600 per ton.

Global Natural, the Annapolis-based firm that was marketing the soybeans in the United States, said it has stopped selling “all potentially affected product.” Company officials declined to answer further questions.

The importer of the soybeans is Agropex International.

Ashley Anderson, who is listed as the president of Agropex International, insisted that the soybeans that arrived in Stockton are legitimately organic.

  • The third shipment involved 46 million pounds of “organic” corn that sailed from Romania to Turkey and then to Baltimore, arriving in March.

The Romanian producers of the corn, a company called Belor, is not a certified organic company and sold the corn at conventional prices, according to receipts. But by the time the corn from Romania reached the United States, it was labeled organic. Its price had risen 72 percent. As with the cargo aboard the Four Diamond, the value of the shipment increased by millions.

Dennis Minnaard of DFI Organics said his company had been set to buy some of the corn but rejected the shipment because the broker did not “take away our doubts” about its authenticity.

Yet that “organic” corn continued to be marketed to other customers, according to industry officials who spoke on the condition of anonymity because of the private nature of the deals.

With “the complex supply chain of organic grain,” McEvoy, the USDA official, told concerned farmers at the Midwest Organic and Sustainable Education Service conference earlier this year, “there are challenges.”

 “Misunderstanding Terrorism”: How the Us vs. Them Mentality Will Never Stop Attacks

May 13 2017

by Murtaza Hussain

The Intercept

Finding and stopping terrorists before they strike is often compared to looking for a needle in a haystack, a cliché that speaks to the difficulty of preventing a crime that, while deadly, is uncommon. Counterterrorism officials still suggest that the task would become easier if they could use profiling to target Muslim communities. In other words, if they could shrink the size of the haystack.

But a new book by Dr. Marc Sageman, a veteran counterterrorism researcher and former CIA operations officer, argues that this approach, even if carried to its fullest extension in a nightmare scenario for civil liberties, would still be ineffective, because jihadist terrorism is such a statistically rare phenomenon.

In his book “Misunderstanding Terrorism,” Sageman counts 66 Islamic jihadist terrorist plots in Western countries between 2002 and 2012, involving a total of 220 perpetrators. This figure works out to an average of 22 terrorists per year, across a population of roughly 700 million people. Even narrowed to just the Muslim population in Western countries, estimated at roughly 25 million people, that’s less than one in 1 million Muslims a year who could be considered terrorists.

Describing a hypothetical dragnet conducted by Western countries that correctly identified terrorists 99 percent of the time, but accused innocent people 1 percent of the time, Sageman asks us to imagine the following:

If all the various police departments operating in the West collaborate and carry out a gigantic sweep by applying this profile to their respective Muslim populations in order to catch terrorists hiding in their respective societies, they would arrest all 22 terrorists that emerge in a given year. However, they would make a mistake 1 percent of the time for 25 million people, which comes to 250,000 people. Therefore, in order to catch all 22 global neo-jihadi terrorists, they would put 250,000 Muslims in jail by mistake.

Because terrorism is so uncommon, he writes, any strategy for combating it that involves policing entire communities is likely to end up harming huge numbers of innocent people — thus feeding the same climate of alienation and hostility that fosters political violence in the first place.

In the 1980s, Sageman helped organize Afghan resistance fighters against the Soviet Union. Over the decades since, he has interviewed hundreds of individuals accused of involvement in jihadist terrorism, documenting the circumstances of their cases and their personal motivations.

“Misunderstanding Terrorism” analyzes every jihadist terrorist plot that occurred in the United States and Europe over a 10-year period ending in 2012. The study excludes nonviolent terror-related cases, such as those involving financial donations or other material support charges, as well as sting operations in which plots were developed by agent provocateurs — a tactic favored by U.S. law enforcement agencies but viewed with skepticism in many European countries. His research comes to two broad conclusions. The first is that violent terrorist plots in Western countries are a statistically tiny phenomenon, which makes blanket counterterrorism approaches an ill-suited response. The second takeaway is that “social identity theory” — that is, how people self-identify in a crisis — is the primary motivating factor behind terrorist attacks.

Despite efforts to protect civil liberties, Sageman writes that profiling-based approaches have led the United States to “grossly overestimate the violent terrorist threat and commit a very large number of assessment errors.” The politically driven manipulation of the threat of terrorism has led Americans to “fibrillate in fear and bankrupt [themselves] with security” in response to a threat that is much smaller than they have been led to believe.

But why does the threat of terrorism resonate so much more in the popular imagination than other dangers? Sageman argues that identity politics influence our response to violence, both for victims and for perpetrators. Most Americans perceive terrorism as something that comes from an “out-group” rather than from people with whom they identify. As a result, an attack creates a sense of solidarity, leading people to react emotively, in contrast to the oft-muted response to more common forms of violence. This identity-driven reaction to terrorist violence also causes people to overestimate how prevalent terrorism really is, making them willing to commit wildly disproportionate resources to fighting it.

Sixteen years after 9/11, the war on terror still appears to have no end in sight, driven on by a circular logic of violence and retribution. Under the Obama administration, the U.S. government tried to frame its counterterrorism programs as not specifically targeting Muslims, while still carrying out airstrikes overseas and launching controversial “countering violent extremism” programs in Muslim communities. Although in recent years some national security experts like Sageman have begun to point out the self-defeating nature of American counterterrorism policies, Donald Trump’s approach – focusing explicitly on Muslim communities, implementing discriminatory immigration policies, expanding military action abroad, and declaring an open-ended war against the amorphous concept of “radical Islam” – isn’t a course correction.

Sageman argues that identity politics are also what fundamentally drives the terrorists themselves. U.S. government policies can consciously or inadvertently fuel a sense of conflict between different groups, in this case Muslims and Westerners. (Several government studies have also pointed to politics as a driver of terrorism, finding U.S. foreign policy as the most frequently cited motivation.)

“All of us see the world through the prism of identity, so when we see an escalation of a conflict happening between ‘us’ and ‘them,’ it inevitably leads some people toward political violence,” Sageman told The Intercept in an interview. “Looking at it in terms of foreign policy, when the government attacks other countries, oftentimes people who have a link to that country or identify with the people there will start categorizing themselves alongside the victims of those attacks.”

By categorizing huge swaths of the global population as enemies or potential enemies, Trump is engaging in hostile posturing toward very large numbers of people who pose no threat to the United States. Meanwhile, the rising death toll from his military actions has the potential to be a force-multiplier for terrorist recruitment. Thanks to advances in information technology, the destructive effects of U.S. military actions are more easily recorded and disseminated than they were a few decades ago. As they escalate, these actions are likely to trigger an emotive “in-group” reaction among those people who perceive themselves as targeted, Sageman says. Likewise, terrorist attacks in Western countries will trigger an emotive “in-group” reaction among Americans, continuing the cycle.

In Sageman’s view, factors like ideological extremism and economic deprivation, sometimes cited as root causes of terrorist violence, are secondary to political identity.

He notes that the phenomenon of identity-based violence has been repeated in different cultural and religious contexts in American history – including by people most Americans would now consider part of the “in-group.” During the Mexican-American War of 1846, an entire battalion of Irish Catholics fighting in the U.S. Army defected to the Mexican side out of a sense of solidarity with the suffering of their Mexican co-religionists, and in protest of the discrimination then faced by Catholics in the United States. Although this episode is largely forgotten today in the U.S., its memory continues to linger for some in Mexico and Ireland.

Sageman believes that the only path to winding down our present conflict is to expand our own “in-group.” In the United States, Sageman said that would mean “bringing everybody into the fold and saying that we’re all Americans, equally, and not just focusing exclusively on one group and defining them as suspicious and not completely part of the fold.”

“Crafting a sense of national identity that includes people instead of driving them further apart is what a leader is supposed to do,” he added. “If we are unable to respond to real threats in a proportional and focused manner, and if we see continue to see this cumulative radicalization of discourse, we will end up with more political violence at home, not less.”

Trump to back Palestinian ‘self-determination’ on Mideast trip: aide

May 12, 2017

by Matt Spetalnick

Reuters

WASHINGTON-President Donald Trump will express support for Palestinian “self-determination” during a Middle East trip this month, a senior aide said on Friday, suggesting Trump is open to a two-state solution to the Israeli-Palestinian conflict despite not having publicly embraced the idea so far.

The comment by U.S. national security adviser H.R. McMaster came just nine days after a White House visit by Palestinian President Mahmoud Abbas in which Trump vowed to seek a historic peace deal but stopped short of explicitly recommitting to the eventual goal of Palestinian statehood, a longtime bedrock of U.S. policy.

Previewing Trump’s first foreign trip, McMaster also said he would use a visit to Saudi Arabia, his first stop, to encourage Arab and Muslim partners to take “bold new steps” to confront those from Iran, Islamic State, al Qaeda and Syrian President Bashar al-Assad’s government “who perpetuate chaos and violence.”

Trump’s travels, which begin late next week and will also include stops in Israel and Rome, are intended to “broadcast a message of unity” by visiting holy sites of Christianity, Judaism and Islam, McMaster told reporters.

Trump’s meetings with Israeli and Palestinian leaders, currently due to be held separately, will be closely watched for whether he begins to articulate a cohesive strategy to revive long-stalled negotiations. Most experts are skeptical of Trump’s chances of brokering a peace accord that eluded his predecessors.

Trump plans, in talks with Israeli Prime Minister Benjamin Netanyahu, to “reaffirm America’s unshakeable bond to the Jewish state” and in a meeting with Abbas to “express his desire for dignity and self-determination for the Palestinians,” said McMaster, a decorated Army general with extensive Middle East experience.

Trump is expected to meet Abbas, the Western-backed head of the Palestinian Authority, in Bethlehem in the West Bank, Palestinian sources say.

Palestinians were disappointed when Trump failed to mention a two-state solution in a joint appearance with Abbas on May 3.

Trump sparked international criticism in February when, during a news conference with Netanyahu, he appeared to back away from a longstanding U.S. commitment to Palestinian statehood, saying he would leave it up to the parties to decide.

An independent state is not only the aspiration of the vast majority of Palestinians but has been the objective of successive U.S. administrations and the international community.

Asked whether Trump would bring Netanyahu and Abbas together in the same room during the visit scheduled for May 22-23, McMaster said that would be up to the president and the other leaders. “The final plans aren’t set yet,” he said.

(Additional reporting by Jeff Mason and David Alexander; Editing by Chris Reese and Mary Milliken)

 Iraq’s Shi’ite paramilitaries squeeze Islamic State toward Syria border

May 12, 2017

by Isabel Coles

Reuters

Iraq’s Shi’ite paramilitaries launched an offensive on Friday to drive Islamic State from a desert region near the border with Syria as security forces fought the militants in the city of Mosul.

Spokesman Karim al-Nouri said the target of the operation was the Qairawan and Baaj areas about 100 km west of Mosul, where U.S.-backed Iraqi forces are advancing in their campaign to rout the militants from city.

Seven months into the Mosul campaign, Islamic State has been driven from all but a handful of districts in the city’s western half including the Old City, where it is using hundreds of thousands of civilians as human shields.

The paramilitaries have been kept on the sidelines of the battle for the city of Mosul itself, but have captured a vast, thinly populated area to the southwest, cutting Islamic State supply routes to Syria.

Islamic State is losing territory and on the retreat in both Iraq and Syria.

The Iraqi military said in a statement its air force was supporting the operation by the paramilitary groups known collectively as Hashid Shaabi or Popular Mobilisation Forces (PMF).

Unlike regular Iraqi security forces, the PMF does not receive support from the U.S.-led coalition, which is wary of Iran’s influence over the most powerful factions within the body.

Officially answerable to the government in Baghdad, the PMF were formed when Islamic State overran around one third of Iraq including Mosul nearly three years ago and Iraqi security forces disintegrated.

Nouri said PMF control over the border would assist Syrian government forces when they push toward the Islamic State-held city of Raqqa.

On Friday, the Syrian Democratic Forces (SDF) said their assault on Raqqa, the militants’ biggest urban stronghold, would begin soon and that they were awaiting weapons including armored vehicles from the U.S.-led coalition

The PMF is not officially involved in Syria, but tens of thousands of Iraqi Shi’ite militiamen are fighting there on behalf of the government of President Bashar al-Assad, which is backed by Iran.

(Reporting by Isabel Coles; Editing by Richard Lough)

 

 

 

 

No responses yet

Leave a Reply