Jury Acquits FBI Agent in Oregon Refuge Case

W. Joseph Astarita, a member of the FBI’s Hostage Rescue Team, was cleared of lying to conceal that he fired two shots at the truck of Oregon refuge occupation spokesman Robert “LaVoy” Finicum in 2016. It was the latest prosecution loss in the Malheur National Wildlife Refuge occupation.

A federal jury returned not guilty verdicts for FBI agent W. Joseph Astarita, accused of lying to conceal that he fired two shots at the truck of Oregon refuge occupation spokesman Robert “LaVoy” Finicum in 2016, The Oregonian reports. The jury of nine men and three women deliberated for about six hours over two days after a three-week trial before U.S. District Judge Robert Jones in Portland. Astarita was acquitted on Friday on two counts of making a false statement and one count of obstruction of justice. Astarita, 41, is a member of the FBI’s elite Hostage Rescue Team.

The verdict marks the latest in a series of daunting losses for prosecutors trying people involved in the occupation of the Malheur National Wildlife Refuge. Astarita had been on the Hostage Rescue Team for only eight months at the time of the shooting at a highway roadblock. He spent hours on the witness stand over two days and testified that he’s never fired his weapon in the line of duty during his 13 years with the FBI. He said he heard no gunshots that day, though investigators found eight were fired at the roadblock. With Astarita’s acquittal, the mystery remains as to who fired twice after Finicum swerved into a snowbank at the roadblock, stepped from his truck with his hands in the air and shouted, “Go ahead and shoot me.” Later, two state police SWAT officers shot and killed Finicum after he had walked away from his truck and was seen reaching into his inner left jacket pocket, where police said he had a loaded 9mm Ruger pistol.

from https://thecrimereport.org

Trump Interest in FBI Building Leaves Project in Limbo

President Trump’s interest in keeping the FBI headquarters in downtown Washington has left a proposal to move the bureau to the capital’s suburbs in limbo and leaves the FBI in a deteriorating structure.

President Trump has become personally involved in plotting a new FBI headquarters in downtown Washington, an interest that for now has left the project in limbo and the agency stranded in a building that no longer suits its needs, the Washington Post reports. For years, FBI officials have raised alarms that decrepit conditions at its current headquarters, the J. Edgar Hoover Building, are serious security concerns. A year ago, federal officials finally decided on three finalist locations in Maryland and Virginia, and Congress appropriated $913 million toward a project expected to cost more than $3 billion. Six months after Trump entered the White House, his administration abandoned the plan. It proposed in February that the government build a smaller headquarters to replace the Hoover building in downtown D.C. and move 2,300 other FBI staffers out of the Washington area altogether, to Alabama, Idaho and West Virginia.

Those decisions, by the General Services Administration and the FBI, were made after Trump took a personal interest in the project. Sources said Trump has frequently raised the issue of the FBI building and his desire for it to be torn down. The website Axios reported that Trump was obsessed with the project and was “dead opposed” to plans to move it out of D.C. Before entering politics, Trump was considering bidding on the project himself. White House Press Secretary Sarah Sanders said, “The President is interested in making sure taxpayer dollars spent on new buildings are being spent wisely and appropriately.” Sen. Richard Shelby (R-AL) said Trump brought up the project with him in a meeting this spring and impressed upon him the importance of building the bureau a new headquarters downtown on what the president called a “beautiful” location. “I agreed with him. I told him I thought it was a good idea,” Shelby said.

from https://thecrimereport.org

Categories: FBI

New Report on Police Digital Forensics Techniques

According to a new CSIS report, "going dark" is not the most pressing problem facing law enforcement in the age of digital data: Over the past year, we conducted a series of interviews with federal, state, and local law enforcement officials, attorneys, service providers, and civil society groups. We also commissioned a survey of law enforcement officers from across the…

According to a new CSIS report, "going dark" is not the most pressing problem facing law enforcement in the age of digital data:

Over the past year, we conducted a series of interviews with federal, state, and local law enforcement officials, attorneys, service providers, and civil society groups. We also commissioned a survey of law enforcement officers from across the country to better understand the full range of difficulties they are facing in accessing and using digital evidence in their cases. Survey results indicate that accessing data from service providers -- much of which is not encrypted -- is the biggest problem that law enforcement currently faces in leveraging digital evidence.

This is a problem that has not received adequate attention or resources to date. An array of federal and state training centers, crime labs, and other efforts have arisen to help fill the gaps, but they are able to fill only a fraction of the need. And there is no central entity responsible for monitoring these efforts, taking stock of the demand, and providing the assistance needed. The key federal entity with an explicit mission to assist state and local law enforcement with their digital evidence needs­ -- the National Domestic Communications Assistance Center (NDCAC)­has a budget of $11.4 million, spread among several different programs designed to distribute knowledge about service providers' poli­cies and products, develop and share technical tools, and train law enforcement on new services and tech­nologies, among other initiatives.

From a news article:

In addition to bemoaning the lack of guidance and help from tech companies -- a quarter of survey respondents said their top issue was convincing companies to hand over suspects' data -- law enforcement officials also reported receiving barely any digital evidence training. Local police said they'd received only 10 hours of training in the past 12 months; state police received 13 and federal officials received 16. A plurality of respondents said they only received annual training. Only 16 percent said their organizations scheduled training sessions at least twice per year.

This is a point that Susan Landau has repeatedly made, and also one I make in my new book. The FBI needs technical expertise, not backdoors.

Here's the report.

from https://www.schneier.com/blog/

FBI’s Wray Rejects Putin Ideas on Russia Probe

FBI director Christopher Wray dismisses Russian President Vladimir Putin’s suggestions that U.S. investigators observe interviews of wanted suspects in Russia or that Russians observe FBI questioning of suspects in the U.S.

Amid a barrage of headlines about President Trump and Russian meddling in the 2016 election, FBI director Christopher Wray told NBC that Russia “continues to engage in malign influence efforts to this day,” USA Today reports. Trump’s response to a similar question was criticized Wednesday after he appeared to say  that Russia was no longer targeting the U.S. Wray dismissed two ideas from Russian President Vladimir Putin, which Trump called “interesting.” The first was to have American investigators go to Russia to observe interviews of wanted suspects, including those indicted in Special Counsel Robert Mueller’s probe of Russian meddling in the election.

“I never want to say never, but it’s certainly not high on our list of investigative techniques,” Wray said. He said Putin’s other idea, to have Russians come to the U.S. to observe questioning of suspects wanted there, was “even lower on our list of investigative techniques.” Wray also took on the blistering Inspector General’s report on the bureau’s handling of the Hillary Clinton email investigation, calling it “fair” and explaining the biggest lesson he learned was that no matter how big or small an investigation is, the bureau always has to stick to the same policies. He is “unwilling to budge” on protecting the FBI’s sources and methods in its investigations, even with mounting pressure from Congress to delve into details of the ongoing investigation into Russian meddling. Wray called Mueller a “straight shooter” and said the Russia investigation he’s leading is “not a witch hunt,” a term Trump uses frequently.

from https://thecrimereport.org

FBI Have Less Confidence in Agency’s New Leaders

An internal survey of FBI employees further undercuts an explanation President Trump and his aides gave for firing director James Comey and replacing him with Christopher Wray. Trump said the bureau was in turmoil and agents had lost confidence in Comey.

One year after President Trump fired the FBI director James Comey, agents say they have less confidence in the ethics and vision of the bureau’s new leadership, according to internal survey data reported by the New York Times. The survey further undercuts an explanation President Trump and his aides gave for firing Comey and replacing him with Christopher Wray. Trump said the bureau was in turmoil and agents had lost confidence in Comey. The internal data suggest that Trump either misread those views or mischaracterized them. As a whole, FBI morale remains high, despite a barrage of attacks by the president and his allies. Agents said they are proud to work at the FBI, believe in the mission, look forward to going to work and believe their job makes a difference. Scores in those areas remained steady.

Wray was largely unknown to most agents when he came into office during one of the most tumultuous times in FBI history. He brought in a fresh leadership team and a more low-key style than his predecessor. He opted not to spar publicly with Trump, even as the president has attacked the bureau and accused agents of being part of a “witch hunt” against him. Neither the overall positive results nor the declining leadership scores back up Trump’s version of events, in which he brought in Wray to stabilize a wobbly, discredited agency. The figures were obtained through a public records request by the blog Lawfare, which conducted its own analysis and shared the raw data with the Times. FBI officials use the survey, collected around March each year, to identify problem areas.

from https://thecrimereport.org

FBI Agent Strzok Says He is ‘Notch in Putin’s Belt’

Peter Strzok, the FBI agent whose anti-Trump text messages fueled suspicions of partisan bias, told Congress on Thursday that his work has never been tainted by politics and that the intense scrutiny he is facing represents “just another victory notch in Putin’s belt.”

Peter Strzok, the FBI agent whose anti-Trump text messages fueled suspicions of partisan bias, told Congress on Thursday that his work has never been tainted by politics and that the intense scrutiny he is facing represents “just another victory notch in Putin’s belt,” the Associated Press reports. Strzok, who helped lead FBI investigations into Hillary Clinton’s email use and potential coordination between Russia and Donald Trump’s campaign, testified publicly for the first time since being removed from special counsel Robert Mueller’s team after discovery of the derogatory text messages last year. Strzok said he has never allowed personal opinions to infect his work, that he had information that had the potential to damage Trump but never leaked it and that the focus on him by Congress plays into “our enemies’ campaign to tear America apart.”

Republican members of the House judiciary and oversight committees were expected to grill Strzok for hours. They maintain that the text messages with FBI lawyer Lisa Page color the outcome of the Clinton email investigation and undercut the FBI’s ongoing investigation into Russian election interference. Trump himself has launched personal attacks against the two FBI officials, including a Wednesday tweet that asked “how can the Rigged Witch Hunt proceed when it was started, influenced and worked on, for an extended period of time” by Strzok. Strzok acknowledged that while his text message criticism was “blunt,” it was not directed at one person or political party and included jabs not only at Trump but also at Clinton as well as Sen. Bernie Sanders. Strzok said there was “simply no evidence of bias in my professional actions,” adding, “Let me be clear, unequivocally and under oath: not once in my 26 years of defending my nation did my personal opinions impact any official action I took.”

from https://thecrimereport.org

FBI’s Strzok Was Removed from Bureau Headquarters

Peter Strzok, an FBI agent who has been pilloried by President Trump and was sharply criticized in a new Justice Department watchdog report, was escorted from the FBI building Friday as part of his disciplinary process.

Peter Strzok, an FBI agent who has been pilloried by President Trump and was sharply criticized in a new Justice Department watchdog report, was escorted from the FBI building Friday as a disciplinary process plays out, reports Politico. Strzok was removed last August from special counsel Robert Mueller’s investigation into Russian contacts with the Trump campaign after the DOJ inspector general found stridently anti-Trump text messages Strzok exchanged with FBI attorney Lisa Page. Strzok, a veteran agent who served as deputy assistant director of the counterintelligence division, was reassigned to the FBI’s human resources division.

Strzok’s attorney, Aitan Goelman, said the incident was just the latest in a string of humiliating episodes the long-serving civil servant has had to endure. “Despite being put through a highly questionable process, Pete has complied with every FBI procedure, including being escorted from the building as part of the ongoing internal proceedings,” Goelman said. “Pete has steadfastly played by the rules and respected the process, and yet he continues to be the target of unfounded personal attacks, political games and inappropriate information leaks.” Goelman said. Strzok’s removal occurred one day after the inspector general released a report that examined whether the agent’s political opinions affected his work on the investigation into Hillary Clinton’s private email use as secretary of state. While the report cited Strzok’s “biased state of mind,” it concluded that his views did not affect the conclusions in the Clinton probe. The IG is looking at whether Strzok’s beliefs played an unwarranted role in launching the Trump-Russia probe.

from https://thecrimereport.org

FBI Agent Charged With Assault in Denver Gun Case

An FBI agent who shot a man in the leg after dropping his gun while doing a backflip on a dance floor has been charged with second-degree assault, and more charges could be filed based on the results of blood alcohol tests.

An FBI agent who shot a man in the leg after dropping his gun while doing a backflip on a dance floor has been charged with second-degree assault, and more charges could be filed based on the results of blood alcohol tests, the Denver Post reports. Chase Bishop, 29,  has been charged with one count of second-degree assault in connection with the June 2 nightclub shooting. Bishop turned himself in on Tuesday morning. Bishop made international news when a video of the shooting became public.

Bishop was partying off duty at Mile High Spirits, a distillery and dance club. Bishop danced in the center of a circle of people and then performed a backflip. During the flip, his gun fell from its holster and when Bishop picked it up, the gun fired. Bishop then placed the gun in his waistband and walked off the dance floor with his hands in the air. The bullet hit the victim in an artery in his leg. The injury was serious but the man will recover. FBI officials refused to release Bishop’s name although he had been identified by media outlets. The FBI has not released any information about its policy for agents carrying weapons while off duty and in establishments serving alcohol.

from https://thecrimereport.org

Router Vulnerability and the VPNFilter Botnet

On May 25, the FBI asked us all to reboot our routers. The story behind this request is one of sophisticated malware and unsophisticated home-network security, and it’s a harbinger of the sorts of pervasive threats ­ from nation-states, criminals and hackers ­ that we should expect in coming years. VPNFilter is a sophisticated piece of malware that infects mostly…

On May 25, the FBI asked us all to reboot our routers. The story behind this request is one of sophisticated malware and unsophisticated home-network security, and it's a harbinger of the sorts of pervasive threats ­ from nation-states, criminals and hackers ­ that we should expect in coming years.

VPNFilter is a sophisticated piece of malware that infects mostly older home and small-office routers made by Linksys, MikroTik, Netgear, QNAP and TP-Link. (For a list of specific models, click here.) It's an impressive piece of work. It can eavesdrop on traffic passing through the router ­ specifically, log-in credentials and SCADA traffic, which is a networking protocol that controls power plants, chemical plants and industrial systems ­ attack other targets on the Internet and destructively "kill" its infected device. It is one of a very few pieces of malware that can survive a reboot, even though that's what the FBI has requested. It has a number of other capabilities, and it can be remotely updated to provide still others. More than 500,000 routers in at least 54 countries have been infected since 2016.

Because of the malware's sophistication, VPNFilter is believed to be the work of a government. The FBI suggested the Russian government was involved for two circumstantial reasons. One, a piece of the code is identical to one found in another piece of malware, called BlackEnergy, that was used in the December 2015 attack against Ukraine's power grid. Russia is believed to be behind that attack. And two, the majority of those 500,000 infections are in Ukraine and controlled by a separate command-and-control server. There might also be classified evidence, as an FBI affidavit in this matter identifies the group behind VPNFilter as Sofacy, also known as APT28 and Fancy Bear. That's the group behind a long list of attacks, including the 2016 hack of the Democratic National Committee.

Two companies, Cisco and Symantec, seem to have been working with the FBI during the past two years to track this malware as it infected ever more routers. The infection mechanism isn't known, but we believe it targets known vulnerabilities in these older routers. Pretty much no one patches their routers, so the vulnerabilities have remained, even if they were fixed in new models from the same manufacturers.

On May 30, the FBI seized control of toknowall.com, a critical VPNFilter command-and-control server. This is called "sinkholing," and serves to disrupt a critical part of this system. When infected routers contact toknowall.com, they will no longer be contacting a server owned by the malware's creators; instead, they'll be contacting a server owned by the FBI. This doesn't entirely neutralize the malware, though. It will stay on the infected routers through reboot, and the underlying vulnerabilities remain, making the routers susceptible to reinfection with a variant controlled by a different server.

If you want to make sure your router is no longer infected, you need to do more than reboot it, the FBI's warning notwithstanding. You need to reset the router to its factory settings. That means you need to reconfigure it for your network, which can be a pain if you're not sophisticated in these matters. If you want to make sure your router cannot be reinfected, you need to update the firmware with any security patches from the manufacturer. This is harder to do and may strain your technical capabilities, though it's ridiculous that routers don't automatically download and install firmware updates on their own. Some of these models probably do not even have security patches available. Honestly, the best thing to do if you have one of the vulnerable models is to throw it away and get a new one. (Your ISP will probably send you a new one free if you claim that it's not working properly. And you should have a new one, because if your current one is on the list, it's at least 10 years old.)

So if it won't clear out the malware, why is the FBI asking us to reboot our routers? It's mostly just to get a sense of how bad the problem is. The FBI now controls toknowall.com. When an infected router gets rebooted, it connects to that server to get fully reinfected, and when it does, the FBI will know. Rebooting will give it a better idea of how many devices out there are infected.

Should you do it? It can't hurt.

Internet of Things malware isn't new. The 2016 Mirai botnet, for example, created by a lone hacker and not a government, targeted vulnerabilities in Internet-connected digital video recorders and webcams. Other malware has targeted Internet-connected thermostats. Lots of malware targets home routers. These devices are particularly vulnerable because they are often designed by ad hoc teams without a lot of security expertise, stay around in networks far longer than our computers and phones, and have no easy way to patch them.

It wouldn't be surprising if the Russians targeted routers to build a network of infected computers for follow-on cyber operations. I'm sure many governments are doing the same. As long as we allow these insecure devices on the Internet ­ and short of security regulations, there's no way to stop them ­ we're going to be vulnerable to this kind of malware.

And next time, the command-and-control server won't be so easy to disrupt.

This essay previously appeared in the Washington Post

EDITED TO ADD: The malware is more capable than we previously thought.

from https://www.schneier.com/blog/

DOJ To Brief Congress Again on Trump’s Alleged ‘Spygate’

The Justice Department will offer another briefing to a select group of senior Congress members who have pressed for details about the FBI’s use of an informant to make contact with associates of President Trump’s 2016 campaign, House Speaker Paul Ryan said he has seen “no evidence” to back Trump’s claim that there was improper spying.

The Justice Department will offer another briefing to a select group of senior Congress members who have pressed for details about the FBI’s use of an informant to make contact with associates of President Trump’s 2016 campaign, reports Politico. A DOJ official said members of the Gang of Eight — a group that includes Speaker Paul Ryan (R-WI), Senate Majority Leader Mitch McConnell (R-KY), House Democratic Leader Nancy Pelosi (D-CA) and Senate Democratic Leader Chuck Schumer (D-NY) — will have an opportunity to review documents that they didn’t see during a high-level classified briefing last month. The briefing is expected to occur next Monday or Tuesday.

The new briefing comes as some GOP lawmakers say the Justice Department still has answers to provide about the FBI’s decision to deploy an informant to glean information from Trump campaign officials. Trump has railed against the FBI and accused it of planting a spy within his ranks for political purpose, though he’s presented no evidence to support the claim, which he’s labeled “spygate.” Ryan said Wednesday he’s seen “no evidence” to back up Trump’s claim and endorsed the “initial assessment” of another Rep. Trey Gowdy (R-SC), who said the FBI appropriately used an informant to follow leads about suspect contact between Trump campaign associates and Russia. Ryan also said the Justice Department still owed lawmakers information before they reached “final answers” on the episode, and he faulted DOJ for what he described as the slow-walking of congressional document requests. “There is no defense today for Paul Ryan siding with the FBI and Department of Justice against those of us in the Congress fighting for transparency and accountability,” Rep. Matt Gaetz (R-FL), told Fox News.

from https://thecrimereport.org