Sunday, January 5, 2020

"Iran Hack" of FDLP: Smells Like An Insider

Introduction

On January 4, 2020, in an apparent retaliation attack for the assassination of Iranian terror leader Qassam Soleimani, a U.S. Federal government website (the U.S. Federal Depository Library Program, a subset of the U.S. Government Publishing Office), was discovered hacked. The site remains offline as of this writing.

DHS: No Confirmation That Iran Did It

As of this writing, the U.S. government has declined to name Iran as the perpetrator of the attack. Per Sara Sendek, spokesperson for the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency:
“We are aware the website of the Federal Depository Library Program (FDLP) was defaced with pro-Iranian, anti-US messaging. At this time, there is no confirmation that this was the action of Iranian state-sponsored actors.”

Attack Doesn't Match Tech Insiders' Predictions

In anticipating what the Iranian retaliation might be, Wired speculated that it would involve some sort of destructive action against a U.S. government website, such as "data-destroying wipers" or "industrial control system hacking."

This attack didn't match those projections.

Image 1: Graphic Analysis - Resembles Extreme Leftist Propaganda

Here is the hack image. You can see a fist coming from the right to punch President Trump in the face. The President is shown with blood running from the mouth.

Image 2, posted in 2013 (well before President Trump ever campaigned for President), was posted by an anti-Nazi group. It shows an image of a fist coming from the right to punch and shatter a swastika on the left. The caption states: “Fighting Fascism Is A Social Duty/ Not An Antisocial Crime.”


The individual or individuals who posted this image have an image from the movie Inglorious Basterds, at their "about page." That movie is a feature film imagining a violent spree against Nazis. 

The "anti-racist" propaganda has translated into anti-Trump propaganda with numerous images relating to the meme of "Punch the Trump," often with an added element of blood. Here is an example from Brutal Studios' game of the same name. The advertising meme says "FINISH HIM," shows his face spurting blood, and has the caption: "A cool & deadly 'finish-him' move!"

Here is another meme retrieved from the Imgflip.com, a popular meme creation site. The image shows an adaption of the World War II-era icon "Rosie the Riveter" with a "Bernie 2016" cap on.

The caption: "Donald Trump? I'd like to punch him in the face."
Even a cursory Internet search yields abundant evidence that fantasies of punching President Trump, to bloody and harm him, have proliferated in the United States since the beginning of his presidency.

A Federal Employee Member of the "Resistance" May Have Helped

Project Veritas, the brainchild of journalist James O'Keefe, showed us years ago that some U.S. Federal workers have been actively working to thwart President Trump in a variety of ways, a story that was widely covered in conservative media when their activities were discovered. See for example this video of State Department employee Stuart Karaffa, "a ranking member of the Metro DC Democratic Socialists of America," stating "I have nothing to lose" by doing this, presumably because it is difficult to fire Federal employees. Karaffa was not the only one by any means.

Especially considering that 75% of security breach incidents are committed by "insiders," there is every likelihood that this breach was committed by someone with the ability to dismantle the government website from the inside.

Image 2: Text Analysis - Bears Mark of A Socialist, Artist, Familiar With QAnon

The English portion of the text reads (perhaps I am duplicating from the above; I did not see the above on the website, but rather reprinted it from an article covering the story). The text appears as written and contains typos.
"in the name of god
Islamic Republic of Iran
This is message from Islamic Republic of Iran
We will not stop supporting our friends in the region: the oppressed people of Palestine, the oppressed people of Yemen, the people and the Syrian government, the people and government of Iraq, the oppressed people of .Bahrain, the true mujahideen resistance in Lebanon and Palestine; [they] always will be supported by us"

Looking at the text, a few things are striking:

  • Religious fundamentalists such as those who run the Iranian government capitalize "God." The word is lowercased here, which is a sign of disrespect and would be more a hallmark of communists/socialists, who oppose religion ("religion and communism are incompatible.")
  • The  © (copyright) symbol at the lower left ("copyright FDLP") would be the type of thing an artist (or writer )might leave on a document. Otherwise its appearance is strange. (See "Artist Anti-Racist" section below.)
  • The phrase "Islamic Republic of Iran" is repeated twice; not economical.
  • The use of the "killbox" (e.g., "[they]") stands out -- as this is the convention used in messages from "QAnon" to denote a target of U.S. government prosecution. People familiar with Q understand this code. (See graphic below.)
Here are sample "QAnon" posts with "killbox".

"Artist Anti-Racist" Group - Sample

Going back to "Lady Liberty's Lamp Collective," a.k.a. "The Lamp," which posted the 2013 image of the hand smashing the swastika (shown above), the "about" page shows a scene where the actors are bent over a potential next victim, gun and hunting knife at the ready.

 The implication is that whoever these people are, they are extremists who endorse violence against "Right-wingers."
"Lots of people are wondering who we at the Lady Liberty’s Lamp Collective are.
We are a collective of artists, writers, photographers and videographers who have come together to report on and fight right-wing racism
Watch this video to find out– just remember to replace 'German' with 'Right-winger!'”
Looking at the hacker text, this may be irrelevant, but there is a similarity between their writing (the writing of self-declared artists) and the writing defacing the U.S. government website yesterday - no period at the end of the sentence. 

Hacker text:
"in the name of god
Islamic Republic of Iran
This is message from Islamic Republic of Iran
We will not stop supporting our friends in the region: the oppressed people of Palestine, the oppressed people of Yemen, the people and the Syrian government, the people and government of Iraq, the oppressed people of .Bahrain, the true mujahideen resistance in Lebanon and Palestine; [they] always will be supported by us"
"About" text at this site:
"We are a collective of artists, writers, photographers and videographers who have come together to report on and fight right-wing racism"

Conclusion

I believe that law enforcement should look for a perpetrator or perpetrator team fitting the following profile:
  • Graphic artist (the writing has errors and I do not think a writer was the lead here)
  • Extreme leftist
  • Anti-Trump
  • Someone involved in the "resistance" movement
  • Someone with access to the FDLP website
  • American, not Iranian 

See part 2 of this blog.

References

About The Hack

Cloudflare Community (Accessed 5 January 2020). "Community Tip - Fixing Error 520: Web server is returning an unknown error." https://community.cloudflare.com/t/community-tip-fixing-error-520-web-server-is-returning-an-unknown-error/44205. Archive link here.

Bukharin, N.I., and E. Preobrazhensky: The ABC of Communism. "Chapter 11: Communism and Religion." https://www.marxists.org/archive/bukharin/works/1920/abc/11.htm. Archive link here.

Griffith, Keith (5 January 2020). Daily Mail (UK). "'Iranian hackers' breach US government website operated by the Federal Depository Library Program in retaliation for airstrike." https://www.dailymail.co.uk/news/article-7852819/Iranian-hackers-breach-government-website-retaliation-airstrike.html. Archive link here.

Harries, Robert (5 January 2020). "Chilling warning on Iran after US government site hacked." https://www.walesonline.co.uk/news/world-news/iran-us-goverment-website-hacked-17514954. Archive link here.

Federal Depository Library Program website (Accessed January 5, 2020). "About." https://www.fdlp.gov/about-the-fdlp/federal-depository-libraries.

Amuzegar, Jahangir (September 1995). "Islamic Fundamentalism in Action: The Case of Iran."
https://mepc.org/journal/islamic-fundamentalism-action-case-iran. Archive link here.

"Anti-Racist"/Anti-Trump Extremism/Violent Imagery

IMDB (Accessed 5 January 2020). "Inglorious Basterds." https://www.imdb.com/title/tt0361748/. Archive link here.

"The Lamp" (September 14, 2013). "Death in June's Tour of FAIL!" https://ladylibertyslamp.wordpress.com/2013/09/14/death-in-junes-tour-of-fail. Archive link here.

Brutal Studio (Accessed 5 January 2020). "Punch the Trump." https://appraw.com/android-game/punch-the-trump-22med. Archive link here.

Imgflip.com (Accessed 5 January 2020). "Donald Trump? I'd like to punch him in the face." https://imgflip.com/i/10rf3m. Archive link here.

Wikipedia (Accessed 5 January 2020). "Rosie the Riveter." https://en.wikipedia.org/wiki/Rosie_the_Riveter.

Insider Threat

Schick, Shane (2017). SecurityIntelligence (published by IBM). "Insider Threats Account for Nearly 75 Percent of Security Breach Incidents"
https://securityintelligence.com/news/insider-threats-account-for-nearly-75-percent-of-security-breach-incidents/. Archive link here.

Federal Employee Resistance Movement

Project Veritas (18 September 2018). "Deep State Unmasked: State Dept on Hidden Cam "Resist Everything" "I Have Nothing to Lose." https://www.youtube.com/watch?v=ZXLuqQe8DqQ. Archive link here.

Stepman, Inez Feltscher (1 October 2018). The Federalist. "Federal Employees Who Resist Elected Officials’ Orders Should Be Fired." https://thefederalist.com/2018/10/01/federal-employees-who-resist-elected-officials-orders-should-be-fired/. Archive link here.

Richardson, Valerie (20 September 2018). The Washington Times. "Communist GAO auditor: Federal bureaucracy abuzz with socialists working on Trump resistance." https://www.washingtontimes.com/news/2018/sep/20/project-veritas-reveals-communist-gao-auditor-part/. Archive link here.

Svab, Petr. (19 September 2018). The Epoch Times. "Ex-Federal Employee Says She Got Leaks From ‘Resistance Movement’ in Government."
https://www.theepochtimes.com/ex-federal-employee-says-she-got-leaks-from-resistance-movement-in-government_2665781.html. Archive link here.

QAnon

QAnon message repository (not an official government website) (Accessed 5 January 2020). https://qmap.pub/.

Geddes, Martin (Accessed 5 January 2020). "QAnon: The 4 Functions of Q." https://qanon.martingeddes.com/. Archive link here.

___________
By Dr. Dannielle Blumenthal. All opinions are the author's own. Public domain.