Category Archives: Technology and Work

U.S. Seizes Domain Names Used in Spear-Phishing Campaign With Mimicked @USAID Emails

June 2, 2021 By in Federal Agencies, Security, Technology and Work, Trends, USAID Tags: , , ,
13 Going on 14 — GFM: https://gofund.me/32671a27

 

Via USDOJ:
Justice Department Announces Court-Authorized Seizure of Domain Names Used in Furtherance of Spear-Phishing Campaign Posing as U.S. Agency for International Development

On or about May 25, malicious actors commenced a wide-scale spear-phishing campaign leveraging a compromised USAID account at an identified mass email marketing company. Specifically, the compromised account was used to send spear-phishing emails, purporting to be from USAID email accounts and containing a “special alert,” to thousands of email accounts at over one hundred entities.

Upon a recipient clicking on a spear-phishing email’s hyperlink, the victim computer was directed to download malware from a sub-domain of theyardservice[.]com. Using that initial foothold, the actors then downloaded the Cobalt Strike tool to maintain persistent presence and possibly deploy additional tools or malware to the victim’s network. The actors’ instance of the Cobalt Strike tool received C2 communications via other subdomains of theyardservice[.]com, as well as the domain worldhomeoutlet[.]com. It was those two domains that the Department seized pursuant to the court’s seizure order.
[…]
On May 28, pursuant to court orders issued in the Eastern District of Virginia, the United States seized two command-and-control (C2) and malware distribution domains used in recent spear-phishing activity that mimicked email communications from the U.S. Agency for International Development (USAID). This malicious activity was the subject of a May 27 Microsoft security alert, titled “New sophisticated email-based attack from Nobelium,” and a May 28 FBI and Cybersecurity and Infrastructure Security Agency joint cybersecurity advisory.

The Department’s seizure of the two domains was aimed at disrupting the malicious actors’ follow-on exploitation of victims, as well as identifying compromised victims. However, the actors may have deployed additional backdoor accesses between the time of the initial compromises and last week’s seizures.

 

Jamaica: A U.S. Ambassador’s Apology and One Convoluted Story About That Twitter Wrestling

October 30, 2020 By in Ambassadors, Controversies, Diplomacy, FSOs, Huh? News, Media, Political Appointees, Realities of the FS, Social Media, Technology and Work, Trump, U.S. Missions, WHA|Western Hemisphere Tags: , ,

 

The Twitter Wrestling news out of Jamaica continue to distract us from our never ending woes, (see Top US Diplomat in Jamaica Wrestles With Random People on Twitter).  The tweets have now been deleted with no explanation.
We have it in good authority that the Jamaicans were plenty upset about this. The Twitter spectacle apparently resulted in a telephone call between the Jamaican Foreign Affairs Minister, Kamina Johnson Smith and Ambassador Tapia.  The Foreign Minister also tweeted “I have spoken with the Ambassador and he is aware that the engagement was not appropriate for a diplomatic representative.”
Ouch!
Ambassador Tapia on the other hand has now given an interview to Cliff Hughes Online where he said “I take full responsibility for what took place”  but that it wasn’t him who did the wrestling on Twitter.  That sounds a lot like “I take full responsibility. It’s not my fault” doesn’t it?   It wasn’t the intern either, thank goodness! The ambassador, a political appointee, also told the interviewer that the individual, (a he) will be “leaving shortly, because it was inappropriate” according to the interview with Cliff Hughes Online posted here.
In that interview, Ambassador Tapia discussed the employee who purportedly sent the offensive tweets under his account and was asked “What do you mean by rotating him out?”
Ambassador Tapia responded with extreme helpfulness (pardon our attempt at transcription, the zigzagged response made us frankly, dizzy):
“Which means that he will be leaving by going back to the U.S.”
Then Ambassador Tapia added, “He just got here, just about 3 or 4 weeks ago …. so he will normally stay …. he’s married … he goes home … we tried to rotate him every two months so that he can go home and be with his family but he will be, I will say he will be leaving sooner than the rotation.”
What the what?
So we are to believe that a Public Affairs officer (typically in charge of media), a career employee trained in media and public relations just decided one day to throw his career to the Caribbean winds, and go on an insult spree directed at his host county nationals?
Seriously? Why would he do that?
And that now this purported rogue officer is to be rotated out? Rotated out after four weeks in country?
If the employee assigned to Embassy Jamaica just got there 3 or 4 weeks ago and is now directed to return to the United States, that’s not called a rotation. That’s a curtailment, a shortening of the assignment, and presumably an involuntary one.  An ambassador can initiate that if he/she declares loss of confidence on any employee.
How it is that this employee just got to post 3 or 4 weeks ago, but that they  also “tried” to rotate him every two months so that he can go home and be with his family? How did that work?  And pray tell, what kind of employment schedule is this?
We’re not liking this story one bit, folks; it’s not hanging well together even at the thin seams.

 

 

@StateDept Plans to Bring Self to a Screeching Halt Worldwide

August 31, 2020 By in Functional Bureaus, Leadership and Management, Realities of the FS, Spectacular, State Department, Technology and Work, Trends, U.S. Missions Tags: ,
Sender A via email:
“Do you want to know how to bring the State Department to a screeching halt in 5 minutes, worldwide? Deploy your new program overlay on the purchasing system at year end. Sounds small, right?
Nope.
Today is a workday in much of our area of the world. We have 20 days from today to finish creating and funding orders for everyone, everywhere overseas, before this year’s money runs out, and before the usual continuing resolution begins on October 1 which prevents purchasing. 
So, we got 10 days notice in August to get affidavits from *ALL* the companies around the world we order things from that they do not use Huawei, ZTE or several other Chinese manufacturers. Then that got extended to 9/30.
Except….except….we wake up this morning, and the system we use to create [purchase] orders has been updated, and now requires written verification that EVERY SINGLE VENDOR we get things from —
— whether that’s gasoline to put in the engines of our water trucks (so we don’t run out of clean drinking water) to food for the Marines who work at our embassies — 
does not/does not use Chinese (essentially) technology, NOR DO THEY USE ANYBODY ELSE WHO DOES.
Like, y’know…their internet provider, or telephones.”

 

Note: Blog announcement coming up, stay tuned!

Snapshot: ShareAmerica’s “Debt-trap Diplomacy” Narrative Via Facebook/Twitter Campaigns

March 3, 2020 By in AF |Africa, Digital Diplomacy, Diplomacy, Foreign Assistance, Functional Bureaus, Snapshots, Social Media, State Department, Technology and Work, Trends Tags: , , , , , , ,

 

Via @StateDept’s FY 2018 Annual Performance Report | FY 2020 Annual Performance Plan (PDF/p149)

Key Indicator: Number of engagements generated by ShareAmerica content delivered to impact targeted narratives

Indicator Analysis. The Department is moving to align its content production more closely with trending social media narratives in target countries on Administration priority issues. Achieving this will require reallocation of internal resources and development of new editorial procedures. Because significant changes to IIP’s organization/mission are in the process of being implemented, IIP is unsure of the future of this particular indicator, and are not able to provide out-year targets at this time. While ShareAmerica will continue to operate, the direction and methods of evaluation for the program may be impacted.

A recent content team effort illustrates how this new editorial model can work. More specifically, the team:

• Employed analytics tools to monitor African conversations on the subject of Chinese aid. More specifically IIP sought to determine whether/how Africans drew distinctions between Chinese and American efforts;

• Identified key narratives and even phrases (“Debt-trap Diplomacy”) gaining traction in selected English, French, and Portuguese-speaking African nations and audience segments most likely to engage in those narratives;

• Developed content specifically tailored − down to the headline (“How U.S. aid avoids ‘debt-trap diplomacy’”) − to impact those narratives by contrasting development aid best practices with those that enmesh recipients in debt. IIP did not specifically address Chinese aid, but knew from our research that the target audiences could connect the dots; and

• Created Facebook and Twitter advertising campaigns (total expenditure: $1,000 total, or $8 per day/platform in each country) specifically targeting the audience segments identified during research phase.

Results:

• Digital analytics measure “post momentum” (engagement rate over previous 24 hours) at 76 times above average;

• 74 percent of respondents clicked-through to read the article;

• Fully 10 percent of respondents shared the article to their own social feeds, shares being the highest level of engagement and clearest indicator of success; and

• Facebook campaign (reach: two million) netted useful benchmarking data, allowing more precise, and inexpensive, future targeting for message reinforcement.

Indicator Methodology :

ShareAmerica content is meant to be distributed primarily on social media. IIP will assess whether social media audiences are finding the content engaging and interesting on those platforms. As a proxy for link clicks and for an engagement metric usable for a large set of articles, IIP will look at the total number of social media engagements (retweets, shares, likes, and comments) on Department ShareAmerica social media posts.

Clips:

Oh, Looky There! They’re Gonna Gum Up the Ops Center’s Ears?

December 5, 2019 By in Huh? News, Leadership and Management, Mike Pompeo, Pompeo, Secretary of State, State Department, Technology and Work, Top Ranks, Trends, Trump Tags: , ,

 

Who’s bright idea is this? Before long, senior officials will have to learn how to work the phones themselves and take their own notes. Oh, and take those important calls in secure, soundproof bathrooms!
We suspect that soon when there’s a qpq call (really, why stop at one), all that a senior official has to do is simply say, excuse me One Team, I need to go wee-wee. Senior official could then escape to the appropriate bathroom, and that’s all that the Foreign Relations of the United States could document for posterity, that some telephone diplomacy occurred in a secure, soundproof bathroom on such and such date!  And the State Department would call it the best record-keeping ever!
You’re welcome!

Ops Center. 2011. State Department

 

USEU Sondland Turns Over WhatsApp Messages and Other Docs to @StateDept

October 9, 2019 By in Ambassadors, Congress, Govt Documents, Huh? News, Impeachment Inquiry, Mike Pompeo, Political Appointees, Pompeo, Realities of the FS, Secretary of State, State Department, Technology and Work, Trends, Trump, U.S. Missions, Ukraine Tags: , , , , , ,

 

Via Yahoo News:

The State Department waited until 12:30 a.m. on Tuesday to tell U.S. Ambassador Gordon Sondland not to show up for his scheduled deposition with three House committees later that morning, the ambassador’s lawyer told Yahoo News. Robert Luskin, Sondland’s attorney, said he got the extraordinary middle-of-the-night directive in a phone call from a State Department official he declined to identify. The official offered no explanation of the grounds on which the State Department was blocking Sondland’s appearance at the last minute.

Michael Isikoff reported that Luskin confirmed that Sondland has already turned over to the State Department WhatsApp messages, text messages and other documents in his possession relevant to the House investigation.
Also, which State Department official made the call to Sondland at 12:30 a.m.? Curious people wants to know.

Diplomatic Security Investigating as Many as 130 Former/Current @StateDept Officials Over Clinton Emails

October 8, 2019 By in Diplomatic Security, Foreign Service, FSOs, Functional Bureaus, Govt Documents, Huh? News, John F. Kerry, Political Appointees, Realities of the FS, Regulations, Rex Tillerson, Security, State Department, Technology and Work, Trends Tags: , , , , , ,

 

In May 2016, State/OIG released its report on Office of the Secretary: Evaluation of Email Records Management and Cybersecurity Requirements.
WaPo recently reported about the investigation of email records by some 130 current and former State Department during Secretary Clinton’s tenure as Secretary of State includes a quote from an unnamed senior State Department official denying this has anything to do with who sits in the White House.

“This has nothing to do with who is in the White House,” said a senior State Department official, who spoke on the condition of anonymity because they were not authorized to speak publicly about an ongoing probe. “This is about the time it took to go through millions of emails, which is about 3½ years.”

Is this senior SDO anyone we know from Public Affairs?
Secretary Clinton left the State Department in 2013, over six years ago.  And the SDO said that This has nothing to do with who is in the White House?” 
Did the SDO say it with a straight face?
A side note, folks reading statements out of the State Department should be aware that the agency has ground rules for interviewing its officials. The ground rules are not new, but given the track record of this administration, it is worth taking a pause when they volunteer information.
SDO adds that “This is about the time it took to go through millions of emails, which is about 3½ years.” And yet, the letter received by a former State Department employee was apparently received this past August, and begins with “Recently, the Department of State’s Bureau of Diplomatic Security conducted a classification review of emails … (see letter below). What does “recently” actually means? What’s the timeline for this troubling project by Diplomatic Security? During Secretary Kerry’s tenure? At the beginning of Secretary Tillerson’s tenure? At the start of Mike Pompeo’s tenure? 
The WaPo report also includes an item about Ambassador Jeffrey Feltman who served as US Assistant Secretary of State for Near Eastern Affairs from August 2009 to June 2012, and went on to become Under-Secretary-General for Political Affairs at the United Nations (2012-2018):

“I’d like to think that this is just routine, but something strange is going on,” said Jeffrey Feltman, a former assistant secretary for Near East Affairs. In early 2018 Feltman received a letter informing him that a half dozen of his messages included classified information. Then a few weeks ago he was found culpable for more than 50 emails that contained classified information.

“A couple of the emails cited by State as problems were sent after my May 2012 retirement, when I was already working for the United Nations,” he said.

Below is a link to a letter sent out by Diplomatic Security and posted on CNN’s website. CNN notes that “A former US official who left the State Department in 2012 received a letter in August informing him that dozens of his emails that had been sent to then-Secretary of State Hillary Clinton were now being recategorized as classified.”
They’re doing retroactive classification and penalizing people for it.
They’re also asserting that a then UN official was  covered by US security classification?  Is this what a diplomatic squeegee looks like?
The letter published by CNN came from a little known office called “Program Applications Division” (APD) under Diplomatic Security’s Office of Information Security Programs. 
An earlier update of May 19, 2017 of 12 FAM 221.4 DS Personnel Authorized to Conduct Investigations notes:

Special agents of the Diplomatic Security Service, credentialed security specialists assigned to the Programs Application Division (DS/IS/APD), and credentialed special investigators assigned to the Office of Personnel Security and Suitability (DS/SI/PSS) conduct investigations as authorized by statute or other authority. DS authorizes special agents in the field offices and RSOs abroad to open investigations and provides direction and guidance for conducting those investigations.”

Per 1 FAM 262.7-1(A), updated in September 2018, DS/IS/APD administers the Department’s information protection program. It also notes that it:

Administers the Department’s Security Incident Program and coordinates cases subject to disciplinary actions with the Bureau of Human Resources, Office of Employee Relations (HR/ER), the DS Office of Personnel Security and Suitability (DS/SI/PSS) and the Bureau of Intelligence and Research (INR) regarding security clearance and special access concerns.”

A December 17, 2018 update of 12 FAM 558 marked Criminal Laws  say that Incidents involving intentional or grossly negligent release or mishandling of classified information may result in criminal penalties.  An illustrative list of criminal statutes establishing penalties of fine and imprisonment for the release of classified information is in 12 FAM Exhibit 558.”  

 

U.S. Ambassador to Poland Tweets Happy Passover Wishes, Angers Poles

April 22, 2019 By in Ambassadors, Holidays and Celebrations, Social Media, Technology and Work, U.S. Missions Tags: , , ,

 

Related posts: