Two charged in U.S. with providing material support to Hezbollah

By Brendan Pierson

(Reuters) – Two men have been arrested and charged by U.S. prosecutors with scouting potential targets and providing material support to the Lebanese group Hezbollah, which has been designated a terrorist organization by the U.S. government.

Ali Kourani, 32, of New York City and Samer El Debek, 27, of Dearborn, Michigan, were arrested on June 1, federal prosecutors in Manhattan announced Thursday. Both have appeared in Manhattan federal court, according to prosecutors.

Lawyers for Al Kourani and El Debek could not immediately be reached for comment.

In a criminal complaint unsealed Thursday, prosecutors said Kourani attended Hezbollah-sponsored weapons training in Lebanon as a teenager in 2000 before lawfully coming to the United States in 2003. He became a U.S. citizen in 2009, going on to earn a bachelor’s and a master’s degree, the complaint said.

Prosecutors said Kourani worked for Hezbollah while in the United States, identifying potential weapon suppliers; identifying people affiliated with the military of Israel, Hezbollah’s adversary; and gathering information about U.S. airport security and about military and law enforcement facilities in New York City.

They said Kourani received additional weapons training, including on a 2011 trip to Lebanon.

In a separate criminal complaint, prosecutors said El Debek, a U.S. citizen, was recruited by Hezbollah in 2007 or 2008 and began taking a salary from the organization.

Over the years, prosecutors said, El Debek received weapons training, including in bomb-making. They said he carried out missions for Hezbollah in Thailand to clean up materials used to make explosives that had been left behind in a house, and in Panama, where he gathered information about security and the Panama Canal and Israeli Embassy.

Both men, who remain in custody, are charged with providing material support and resources to a designated foreign terrorist organization, conspiracy, and illegal weapons possession.

Hezbollah, a Shi’ite group aligned with Iran and the government of Bashar al-Assad in Syria, has been designated a terrorist organization by the U.S. State Department since 1997.

The cases are United States v. Kourani, No. 17-mj-4151, and United States v. El Debek, No. 17-mj-4154, in the U.S. District Court for the Southern District of New York.

(Reporting By Brendan Pierson in New York; Editing by Bill Trott)

U.S. spy agencies probe another flank in Russian hacking

Reality Leigh Winner, 25, a federal contractor charged by the U.S. Department of Justice for sending classified material to a news organization, poses in a picture posted to her Instagram account. Reality Winner/Social Media via REUTERS

By Joseph Menn

SAN FRANCISCO (Reuters) – Russian hacking of the 2016 U.S. election included sophisticated targeting of state officials responsible for voter rolls and voting procedures, according to a top secret U.S. intelligence document that was leaked and published this week, revealing another potential method of attempted interference in the vote.

The month-old National Security Agency document outlined activities including impersonating an election software vendor to send trick emails to more than 100 state election officials. Analysts at the NSA believed the hackers were working for the Russian military’s General Staff Main Intelligence Directorate, or GRU, according to the document.

The document’s publication on Monday by The Intercept, a news outlet that focuses on security issues, received particular attention because an intelligence contractor, Reality Leigh Winner, was charged the same day with leaking it.

U.S. intelligence agencies have previously said the Kremlin tried to influence the election outcome in favor of Republican candidate Donald Trump through leaks during the campaign of hacked emails from Democratic Party officials, aimed at discrediting Democratic candidate Hillary Clinton.

The new revelations suggest that U.S. investigators are also still probing a more direct attempt to attack the election itself, and a federal official confirmed that is the case. However, there is no evidence that hackers were able to manipulate votes, or the vote tally.

The document says at least one employee of the software vendor had an account compromised but does not cover whether any of the elections officials were also successfully compromised.

If they did compromise the officials, hackers could have planted malicious software, then captured proof of the infection to suggest that there had been fraud on Clinton’s behalf, had she won the Nov. 8 election, experts said.

“If your goal is to disrupt an election, you don’t need to pick the winner or actually tamper with tally result,” said Matt Blaze, a University of Pennsylvania computer science professor who has written on the security of voting machines. Simply casting doubt on the legitimacy of the results could achieve the goals of a government-sponsored hacking campaign, he said.

U.S. intelligence officials had previously stated that Russian intelligence had won access to “multiple” election officials but had said that compromised machines were not involved with vote tallies. But they had not said how sophisticated and extensive the effort was or how it worked.

Russian President Vladimir Putin has strongly denied Russian government involvement in election hacking, though he said last week that “patriotic” Russians could have been involved. Trump has denied any collusion.

SPEAR-PHISHING ON ELECTIONS OFFICIALS

The newly leaked NSA report said the hackers used so-called “spear-phishing” techniques on election officials, trying to convince targets to click on links in emails that seemed to come from legitimate correspondents.

The report describes just one phishing campaign, which hit state officials a week before the election, but does not give any locations or say if it was successful. Although there may have been many others, security experts said one coming so late in the game would be more likely to be about sowing chaos than trying to alter vote counts.

The report did not say what the hackers were trying to accomplish, and any investigation of the computers of people who were targeted would be the jurisdiction of the FBI.

An FBI spokeswoman declined to comment Tuesday, as did the office of the special counsel Robert Mueller, who is investigating possible collusion between Trump campaign officials and the Russian government.

ATTACKING VOTER ROLLS

The “bait” used in the spear-phishing campaign involved software for managing voter registration rolls. The hackers might have been considering deleting some records and forcing officials to turn legitimate voters away, said elections technology security expert Alex Halderman, of the University of Michigan.

There were no wide reports of mass rejections of voters, so perhaps that plan was abandoned or proved too hard to execute, he said.

It is also possible that the idea was to get onto the machines of officials who oversaw both registration and voting software. Elections are run by counties in the United States.

“Depending on the county’s configuration and security practices and what is separated from what, they could have access to potentially every aspect, from lists of registered voters, to voting machines, to firmware on those machines, to the ballots that are presented, to the software that controls the final tally,” Blaze said.

“This is the holy grail of what an attacker would want to compromise.”

Members of Congress said they hoped to learn more about the hacking attempts.

“It’s important that the American people understand that the Russian attempts to break into a number of our state voting processes – we talked about this in the fall – was broad-based,” Democrat Mark Warner, vice chairman of the Senate Intelligence committee, told reporters.

“It’s my hope in the coming days that we can get more information out about that.”

(Reporting by Joseph Menn in San Francisco; Additonal reporting by Dustin Volz, Jim Finkle and Mark Hosenball in Washington; Editing by Jonathan Weber and Frances Kerry)

Contractor charged with leaking document about U.S. election hacking: sources

Reality Leigh Winner, 25, a federal contractor charged by the U.S. Department of Justice for sending classified material to a news organization, poses in a picture posted to her Instagram account. Reality Winner/Social Media via REUTERS

By Dustin Volz and Mark Hosenball

WASHINGTON (Reuters) – The U.S. Department of Justice on Monday charged a federal contractor with sending classified material to a news organization that sources identified to Reuters as The Intercept, marking one of the first concrete efforts by the Trump administration to crack down on leaks to the media.

Reality Leigh Winner, 25, was charged with removing classified material from a government facility located in Georgia. She was arrested on June 3, the Justice Department said.

The charges were announced less than an hour after The Intercept published a top-secret document from the U.S. National Security Agency that described Russian efforts to launch cyber attacks on at least one U.S. voting software supplier and send “spear-phishing” emails, or targeted emails that try to trick a recipient into clicking on a malicious link to steal data, to more than 100 local election officials days before the presidential election last November.

The Justice Department declined to comment on the case beyond its filing. Federal Bureau of Investigation did not immediately respond to a request for comment.

While the charges do not name the publication, a U.S. official with knowledge of the case said Winner was charged with leaking the NSA report to The Intercept. A second official confirmed The Intercept document was authentic and did not dispute that the charges against Winner were directly tied to it.

The Intercept’s reporting reveals new details behind the conclusion of U.S. intelligence agencies that Russian intelligence services were seeking to infiltrate state voter registration systems as part of a broader effort to interfere in the election, discredit Democratic presidential candidate Hillary Clinton and help then Republican candidate Donald Trump win the election.

The new material does not, however, suggest that actual votes were manipulated.

The Intercept co-founding editor Glenn Greenwald did not immediately respond to a request for comment. Winter’s mother also did not immediately respond to a request for comment.

While partially redacted, the NSA document is marked to show it would be up for declassification on May 5, 2042. The indictment against Winner alleges she “printed and improperly removed” classified intelligence reporting that was dated “on or about May 5, 2017.”

Classified documents are typically due to be declassified after 25 years under an executive order signed under former President Bill Clinton.

The NSA opened a facility in Augusta in 2012 at Fort Gordon, a U.S. Army outpost.

The FBI and several congressional committees are investigating how Russia interfered in the 2016 presidential election and whether associated of President Donald Trump may have colluded with Russian intelligence operatives during the campaign.

Trump has dismissed the allegations as “fake news,” while attempting to refocus attention on leaks of information to the media.

Winner graduated from basic military training at Lackland Air Force Base in San Antonio in 2011. Investigators determined she was one of only six individuals to print the document in question and that she had exchanged emails with the news outlet, according to the indictment.

U.S. intelligence agencies including the NSA and CIA have fallen victim to several thefts of classified material in recent years, often at the hands of a federal contractor. For example, former NSA contractor Edward Snowden in 2013 disclosed secret documents to journalists, including The Intercept’s Greenwald, that revealed broad U.S. surveillance programs.

(Additional reporting by John Walcott)