Posts

Latest StuxNet Incarnation Resembles Alleged Project of Murdered GCHQ Officer

Kaspersky Labs has found a new incarnation of StuxNet malware, which they’ve called Gauss. As Wired summarizes, the malware is focused geographically on Lebanon and has targeted banks.

A newly uncovered espionage tool, apparently designed by the same people behind the state-sponsored Flame malware that infiltrated machines in Iran, has been found infecting systems in other countries in the Middle East, according to researchers.

The malware, which steals system information but also has a mysterious payload that could be destructive against critical infrastructure, has been found infecting at least 2,500 machines, most of them in Lebanon, according to Russia-based security firm Kaspersky Lab, which discovered the malware in June and published an extensive analysis of it on Thursday.

The spyware, dubbed Gauss after a name found in one of its main files, also has a module that targets bank accounts in order to capture login credentials. The malware targets accounts at several banks in Lebanon, including the Bank of Beirut, EBLF, BlomBank, ByblosBank, FransaBank and Credit Libanais. It also targets customers of Citibank and PayPal.

I find that interesting for a number of reasons. First, every time banks have squawked about our government’s access of SWIFT to track terrorist financing, the spooks have said if they don’t use SWIFT they’ll access the information via other means; it appears this malware may be just that. And the focus on Lebanon fits, too, given the increasing US claims about Hezbollah money laundering in the time since Gauss was launched. I’m even struck by the coincidence of Gauss’ creation last summer around the same time that John Ashcroft was going through the Lebanese Canadian Bank to find any evidence of money laundering rather than–as happens with US and European banks–crafting a settlement. I would imagine how that kind of access to a bank would give you some hints about how to build malware.

But the other thing the malware made me think of, almost immediately, was the (I thought) bogus excuse some British spooks offered last summer to explain the murder of Gareth Williams, the GCHQ officer–who had worked closely with NSA–who was found dead in a gym bag in his flat in August 2010. Williams was murdered, the Daily Mail claimed, because he was working on a way to track the money laundering of the Russian mob.

The MI6 agent found dead in a holdall at his London flat was working on secret technology to target Russian criminal gangs who launder stolen money through Britain.

[snip]

But now security sources say Williams, who was on secondment to MI6 from the Government’s eavesdropping centre GCHQ, was working on equipment that tracked the flow of money from Russia to Europe.

The technology enabled MI6 agents to follow the money trails from bank accounts in Russia to criminal European gangs via  internet and wire transfers, said the source.

‘He was involved in a very sensitive project with the highest security clearance. He was not an agent doing surveillance, but was very much part of the team, working on the technology side, devising stuff like software,’ said the source.

He added: ‘A knock-on effect of this technology would be that a number of criminal groups in  Russia would be disrupted.

‘Some of these powerful criminal networks have links with, and employ, former KGB agents who can track down people like  Williams.’

Frankly, I always thought that explanation was bogus–I suggested that the Brits could just partner with the US to access such data via SWIFT. And whatever it means, I haven’t seen such an explanation since.

But I do find it rather interesting that one of the most prominent unsolved murders of a spook was blamed–at around the time the StuxNet people were working on Gauss–on a plan to track money laundering.

The Banksters and the Cartels

Two Colombian economists decided to see who’s getting money off the illegal drug trade. And they discovered that American and British banks are getting a big chunk of the profits. (h/t Chris from Americablog) That’s because the cartels are laundering their proceeds through those banks.

The most far-reaching and detailed analysis to date of the drug economy in any country – in this case, Colombia – shows that 2.6% of the total street value of cocaine produced remains within the country, while a staggering 97.4% of profits are reaped by criminal syndicates, and laundered by banks, in first-world consuming countries.

Mind you, I’m not sure the analysis would be that different for any agricultural export. Even for food, farmers make less than 12% of all the money spent.

But one of the factors, the economists contend, is that the US more stringently polices money laundering in Colombian banks than in US ones.

Colombia’s banks, meanwhile, said Mejía, “are subject to rigorous control, to stop laundering of profits that may return to our country. Just to bank $2,000 involves a huge amount of paperwork – and much of this is overseen by Americans.”

“In Colombia,” said Gaviria, “they ask questions of banks they’d never ask in the US. If they did, it would be against the laws of banking privacy. In the US you have very strong laws on bank secrecy, in Colombia not – though the proportion of laundered money is the other way round. It’s kind of hypocrisy, right?”

I have noted (as does the Guardian), how banks like Wachovia used drug proceeds to help offset their losses from the mortgage bubble shitpile. I have noted how much less stringent we were in rooting out all the crime than we are with other banks, such as the Lebanese Canadian Bank. And I noted Citi’s recent wrist slap for allowing money laundering in the same shitpile period.

This article shows the other side to that: while our banksters get rich off of crime here, Colombia and Mexico and Honduras suffer the violence that results. That really has to change.

Scary Car Broker Plot and the Fifth Amendment

I’ve always been skeptical of the Scary Car Broker Plot–the suit against a bunch of used car brokers and others based on the claim that the entire thing is a money laundering operation for Hezbollah. At the core of the complaint is the allegation that entities that weren’t listed on Treasury’s sanctions list until early last year transferred money between 2007 and early last year (that is, until they were listed) to purchase used cars in the US.

Between approximately January 2007 and early 2011, at least $329 million was transferred by wire from accounts held in Lebanon at LCB, Federal Bank of Lebanon (“Federal Bank”), Middle East and Africa Bank (“MEAB”), and BLOM Bank (“BLOM”) to the United States through their correspondent bank accounts with U.S. financial institutions located in the Southern District of New York and elsewhere for the purchase of used cars.

But one of the main targets of the complaint–one they don’t actually get to until page 46 of a 65-page complaint–are thirty seemingly Lebanese-American owned car brokers in the US.

In describing these brokers, the complaint seems to offer little perspective on how this business–a perfectly legitimate business designed to get clunkers into countries where they still have market value–normally operates.

The businesses of these Car Buyers typically have little or no property or assets other than bank accounts that are used to receive wires from overseas to buy cars, and to purchase used cars at auction. These cars are then transported to shipping ports, where they are shipped to West Africa. The Car Buyers typically do not have offices, car lots, or an inventory of used cars other than cars that are in transit to the ports. Some of the Car Buyers purchase cars for their own account, but others simply retain a fee of a few hundred dollars for each car that they buy.

That is, the complaint suggests that the marginal nature of these businesses, by itself, makes these businesses sketchy. But it offers no proof for that fact (and I believe that a lot of these businesses are sketchy by design–they’re the automotive equivalent of recyclers who pick through trash to try to find things with ongoing value).

In the section laying out the individual descriptions of the middle men who dealt with the car brokers, there are a lot of assertions of direct and more attenuated ties to Hezbollah with little or no proof.

Nevertheless, the goal of this complaint is to seize money from the auto brokers, about whom the complaint makes no claims of knowledge of ties to Hezbollah.

Since the complaint, I’ve just been assuming that maybe the government has better evidence to tie the American businesses they’re effectively shutting down to Hezbollah (nevermind that the ties have always been closer to Colombian drug cartels).

But yesterday, Al-Jazeera had a long article poking a bunch more holes in the case. Read more

What If We Scrubbed Wachovia Like We Did the Lebanese Canadian Bank?

I’ll have several things to say about Jo Becker’s story on the big Hezbollah money laundering ring. For the moment, I’m most interested in how Treasury Department authorities uncovered the ring: by first declaring Lebanese Canadian Bank a money launderer, providing reason to break it up. When an affiliate of Société Générale agreed to buy the bank, they also agreed to scrub its money laundering accounts. To do so, it specifically had someone beyond the Big Four accounting firm that had “overlooked” the accounts in the past scrub the books, including bringing in John Ashcroft.

As part of its own agreement with Treasury officials, Lebanon’s Central Bank set up a process to scrub the books. But compliance officers at S.G.B.L.’s French partner, Société Générale, were skeptical of the Central Bank’s choice of investigators. One of them, the local affiliate of the international auditing firm Deloitte, had presumably missed the drug-related accounts the first time around, when it served as the Lebanese Canadian Bank’s outside auditor.

And, according to people knowledgeable about Lebanese banking, the central bank’s on-the-ground representative had been recommended to that post by Hezbollah.

As an extra step, to reassure wary international banks, the chairman of S.G.B.L.,  Antoun Sehnaoui, commissioned a parallel audit, with the help of Société Générale’s chief money-laundering compliance officer. And to make sure that his bank did not run afoul of Treasury officials by inadvertently taking on dirty assets, he also hired a consultant intimately familiar with the Patriot Act provision used to take the bank down: John Ashcroft, the former attorney general whose Justice Department wrote the law.

And then it investigated (presumably using pattern analysis) each and every account at the bank.

Initially, the auditors looked only at records for the past year. As they began combing through thousands of accounts, they looked for customers with known links to Hezbollah. They also looked for telltale patterns: repeated deposits of vast amounts of cash, huge wire transfers broken into smaller transactions and transfers between companies in such wildly incongruous lines of business that they made sense only as fronts to camouflage the true origin of the funds.

Each type of red flag was assigned a point value. An account with 1 or 2 points on a scale to 10 was likely to survive. One with 8 or 9 cried out for further scrutiny. Ultimately, the auditors were left with nearly 200 accounts that appeared to add up to a giant money-laundering operation, with Hezbollah smack in the middle, according to American officials. Complex webs of transactions featured the same companies over and over again, most of them owned by Shiite businessmen, many known Hezbollah supporters. Some have since been identified as Hezbollah fronts.

So effectively, they took a bank known to ignore money laundering controls and took it apart, piece by piece, to see all the money laundering it had sheltered.

Compare how the US dealt with Wachovia, which was involved in laundering a far greater chunk of money for drug cartels: $363 billion.

US authorities partly became aware Wachovia was helping cartels launder money when they captured a plane in 2006. In addition, the DEA first noted their role in launder Casas de Cambio money in 2005, and a British whistleblower had identified signs that same year.

But it’s clear that by 2007 officials from top regulators were aware of the problems.

Late in 2007, Woods attended a function at Scotland Yard where colleagues from the US were being entertained. There, he sought out a representative of the Drug Enforcement Administration and told him about the casas de cambio, the SARs and his employer’s reaction. The Federal Reserve and officials of the office of comptroller of currency in Washington DC then “spent a lot of time examining the SARs” that had been sent by Woods to Charlotte from London.

“They got back in touch with me a while afterwards and we began to put the pieces of the jigsaw together,” says Woods. What they found was – as Costa says – the tip of the iceberg of what was happening to drug money in the banking industry, but at least it was visible and it had a name: Wachovia.

But the prosecution of Wachovia wasn’t initiated until after Wells Fargo took it over in 2008. Which means Treasury could have insisted on the same process–an examination of a bank with known problems with money laundering to find all of its criminal clients.

It’s possible Treasury did–or is still doing that. Read more