A refusal to acknowledge US laws, belief in UFOs and selling fake passports to pay for their abandoned house HQ: 

The inside story of the 'Rise of the Moors' militia who hit the headlines after stand-off with Massachusetts cops

• 11 'armed and dangerous' men who claimed to be part of an extremist group known as 'Rise of the Moors' were taken into custody on Saturday outside Boston
• The men were arrested after an nine-hour standoff with Massachusetts police
• They claimed to be part of 'a militia' group based in Pawtucket, Rhode Island that does 'does not recognize' US laws
• Rise of the Moors are an offshoot a rapidly growing, larger antigovernment group known as 'Moorish sovereign citizens' that began in the late 1990s
• They believe that a bogus US treaty with Morocco from 1787 allows them to belong to their own sovereign nation and therefore not subject to any US laws
• They also claim that its followers are the 'aboriginal people' of the US 
• The group takes its teachings partly from a religious sect known as the Moorish Science Temple founded by Noble Drew Ali, dating back to 1913
• Rise of the Moors have a large social media presence, with more than 17,000 subscribers to the group's YouTube channel 

By TATE DELLOYE FOR DAILYMAIL.COM

PUBLISHED: 18:13 EDT, 5 July 2021 |

Eleven men were taken into custody early Saturday morning after a nine-hour standoff between Massachusetts police and heavily armed men in tactical gear who claimed to be part of a militia group called Rise of the Moors.  

A Massachusetts State Police trooper saw two cars with their hazard lights on parked on the shoulder of Interstate-95, outside the town of Wakefield at about 1:30 a.m. The group of heavily armed men were refilling gas tanks with their own fuel and told law enforcement that they making were headed to Maine for 'training.' 

After refusing to comply with an order to drop their weapons, several men took off into a nearby woodland area, prompting a shelter-in-place order for local communities. 

They indicated to police that they were not carrying gun licenses and that they did not recognize US laws as members of a little-known group named 'Rise of the Moors.' 

State law enforcement said the men referred to themselves 'as a militia' and that they 'adhere to 'Moorish Sovereign Ideology.''

Here's what we know about the group, which only formed in the late 1990s, but has recently exploded in popularity thanks to social media... 

A group of heavily armed men were refusing to comply with police Saturday morning north of Boston, prompting Interstate 95 to be closed and a shelter-in-place order for nearby residents after several of the men fled to a nearby woodland area. The men were said to be members of a little-known extremist group called ‘Rise of the Moors,’ that believes they are not subject to US laws

Jahmal Latimer also known as ‘Talib Abdulla Bey’ cofounded the militia group which claims to be a non-profit educational group based out of Rhode Island. He identifies himself on the group webpage as the chief of the 'Rhode Island State Republic and Providence Plantations'

'Sovereign citizens' who claim they're not subject to US laws

Rise of the Moors are a 'Moorish sovereign citizens' group whose adherents say they are part of their own sovereign nation and therefore are not subject to any US law.

According to the group's website, Rise of the Moors is based in Pawtucket, Rhode Island and is one of 25 active antigovernmental sovereign-citizen groups identified by the Southern Poverty Law Center in 2020. 

While the group's Facebook page has 1,100 followers and a YouTube channel with 17,000 subscribers, the total number of members is unknown. 

Freddy Cruz, a research analyst with the Southern Poverty Law Center told the Washington Post: 'They have the idea that they have the authority to essentially detach themselves from the United States. So they do things like refusing to pay taxes, get driver's licenses, or register firearms, and they try to get their members to challenge those federal laws.'   

The Rise of The Moors, which flies the Moroccan flag, is centered on the belief that its followers are the 'aboriginal people' of the US and takes its teachings partly from a religious sect known as the Moorish Science Temple, a religious movement that dates back to 1913. 

It wasn't until the 1990s that the Moorish movement began merging their beliefs with 'the sovereign citizens movement.' Sovereign Citizens believe that individual citizens are independent of federal and state governments. Thus was the birth of the 'Moorish Sovereign Citizens.' 

Jamhal Talib Abdullah Bey (pictured in the center wearing a turban) poses with fellow members of the Rise of the Moors group in January 2021

'Salad bar' group founded on a non-existent 1787 treated between the US and Morocco

Rise of the Moors (like other Moorish sovereign citizen groups), believe in a fictitious 1787 treaty between the United States and Morocco that grants them immunity from US law.  

'There's no such treaty,' says Kenneth Gray, a retired FBI Agent who specialized in Counter-Terrorism. 'It's bogus. It's all part of their fraudulent historical claims.' 

They use this perceived immunity to justify refusing to pay taxes, buy auto insurance, register their vehicles and to defraud banks and other lending institutions. 

Rise of the Moors is just one offshoot of many different types of 'Moorish Sovereign Citizen' groups. Most groups tend to be small, with only a couple dozen followers.

JJ MacNab, a fellow at George Washington University's Program on Extremism described Moorish sovereign citizens on Twitter as 'a salad bar' group made up of different factions that have cobbled together their own ideology from a variety of sources. 

'They rely on an alternative history that borrows from Moorish Science Temple, Black Hebrew Israelism, Nation of Islam, UFO theories, phony Native American tribes, and the pseudo-legal arguments crafted by white supremacist 'patriot' groups in the 1970s,' she says.  

Some Moorish Sovereign Citizen groups believe that Black Moors were the first settlers in the United States and argue that slave ships were a fiction created by white historians to cover up their claim on the land. Others believe that a UFO mothership will soon descend to earth to collect the chosen people (Moors) and return them to their home galaxy. 

The Rise of the Moor webpage states in no-uncertain terms: 'Moors are the organic or original sovereigns of this land — America.'  It continues, 'When we declare our nationality as Moorish Americans we are taking back the position as the aboriginal people of the land, to which the sovereign power is vested in.' 

They believe in the notion that all African-Americans (as well as Dominicans, Haitians and Tainos) were descended from African 'Moors' and therefore they do not, and should not 'identify as black.' 

'The Moors of North America have been branded by European Colonial occupiers of our land in order to strip us of our illustrious history.'  

The temple founded in 1913 that gives the group its Moroccan influences 

Much of the dogma in Rise of the Moors is based in a religious sect known as the Moorish Science Temple. 

The organization was founded by Noble Drew Ali (born as Timothy Drew) in 1913. 

The Rise of the Moors pays tribute to the Noble Drew Ali on their website, calling him the 'first Patriot of the fallen Moors here in America' as well as the 'Savior of Humanity.' 

Drew Ali taught that all blacks were of Moorish origins but had their Muslim identity taken away from them through slavery and racial segregation. He also encouraged use of the term 'Moor' rather than 'black' in self-identification. Many of the group’s formal practices were derived from Muslim observances. 

He established new traditions that required all male members of the Temple to wear a fez or turban. They added the suffixes 'Bey' or 'El' to their last names as a way to signify their Moorish heritage and the new journey as Moorish Americans.  

Unlike the Rise of the Moors, most adherents of the Moorish Science Temple are not  'sovereign citizens' nor do they shows an interest in paramilitary activity.

Jahmal Latimer, who also goes by the title Talib Abdulla Bey and identifies as the 'grand chief of Rhode Island. Rise of the Moors are an offshoot of the 'Moorish sovereign citizen movement' which is described by The Southern Poverty Law Center as a collection of independent organizations and lone individuals that emerged in the early 1990s who believe that individual citizens are independent from the authority of federal and state governments

Jahmal Latimer shared footage of him him racking a gun and bragging that he had three rifles to his 17,000 followers on YouTube 

One clip shows several men dressed in camouflage clothing waving a Moroccan flag as they stand at the side of the I-95. The Rise of The Moors is centered on the belief that all African-Americans are Moorish descendants of Morocco. Its followers also claim that Moors are the 'aboriginal people' of the US

The ex-marine who declared himself leader after studying 'Moorish science' 

Jahmal Latimer (who also goes by the title Talib Abdulla Bey) is listed on the group's website as their leader. He also identifies himself as the chief of the 'Rhode Island State Republic and Providence Plantations.'

According to the site, Bey served in the military for four years, some or all of that time in the Marines, after which he began studying 'Moorish Science.' 

Income generated though illegal schemes including selling fake license plates and passports that funded abandoned Rhode Island house HQ 

According to the Southern Poverty Law Center: 'Moorish sovereigns sustain themselves by selling bogus legal documents, fraudulent auto insurance forms, fake license plates, counterfeit passports and various other documents.' 

They also save money by avoiding taxes. 'They have perpetrated large-scale financial fraud, including creating false money orders, fraudulent cashier’s checks, and bogus financial instruments.' 

Members of Rise of Moors profit from selling various items through their webpage, such as online courses, e-readers and suspicious-looking financial schemes. One member named Sanchez Bey, hawks clothing apparel that 'that represents ancient knowledge' and their 'dominion and rulership over the universe.' 

Another member by the name of Muris Sylfstr Mawal Bey claims to offer customers, 'the best shoes available online.' And Delvon al-Lanier Bey, provides 'Afrocentric-based spiritual and educational training.'

The Rise of the Moors' clubhouse in Rhode Island was an abandoned home which they acquired through 'adverse possession.' The property is owned by Midfirst Bank which has sued the militia group over it, reported the Globe.

Their website explains 'adverse possession' as 'simply taking what's yours and not waiting for anyone to give it to you.'  

'As an example, our people have been waiting for reoperations, waiting to get access to our resources, waiting for better homes, waiting for better business and waiting for our freedom. Adverse possession puts an end to waiting.'

Their threaten to 'repeat the process' until 'every Moorish family has a home and a business.'  

+12

+12

Much of the dogma in Rise of the Moors is based in a religious sect known as the Moorish Science Temple. The organization was founded by Noble Drew Ali (left) in 1913. The Rise of the Moors pays tribute to the Noble Drew Ali on their website, calling him the 'first Patriot of the fallen Moors here in America' as well as the 'Savior of Humanity.' They also state that Edward Mealy El (right) is the true successor of Noble Drew Ali, whose death lead to a schism in the religion

The Rise of the Moors clubhouse is based out of an abandoned home they said was acquired through 'adverse possession.' Their website explains that 'adverse possession' as 'simply taking whats yours and not waiting for anyone to give it to you.' The property is legally owned by Midfirst Bank which has sued the militia group over squatting

Many of the group’s formal practices were derived from Muslim observances. He established new traditions that required all male members of the Temple to wear a fez or turban. They added the suffixes 'Bey' or 'El' to their last names as a way to signify their Moorish heritage and the new journey as Moorish Americans

Saturday's police standoff - the Rise of the Moors hit the mainstream 

The group were reportedly on their way from Rhode Island to Maine to conduct 'training' when the incident in Massachusetts occurred.

One clip shows several men dressed in camouflage clothing waving a Moroccan flag as they stand at the side of the I-95 and declare 'we are not anti-government'.

A separate video, filmed after daybreak, shows one of the camouflage-clad members speaking directly to the camera, stating: 'We're not anti- police, we're not sovereign citizens, we're not black identity extremists.

'The possession of a gun per se, constitutes no offence, so we haven't violated any laws.'

'The police saw us on the side of the road with our guns secured, we were afraid, so we got out with our arms, and I have a body camera that has been recording the whole time,' the Rise of the Moors member insisted.

'We reassured them multiple times that we are abiding by the federal laws as well as the judicial opinions of the United States Supreme Court, but they keep portraying us as being anti-government but we're not anti-government at all.'

The member did not specifically outline his group's goals or beliefs.

One of the camouflage-clad members speaking directly to the camera, stating: 'We're not anti- police, we're not sovereign citizens, we're not black identity extremists.

'The possession of a gun per se, constitutes no offence, so we haven't violated any laws.'

'The police saw us on the side of the road with our guns secured, we were afraid, so we got out with our arms, and I have a body camera that has been recording the whole time,' the Rise of the Moors member insisted.

'We reassured them multiple times that we are abiding by the federal laws as well as the judicial opinions of the United States Supreme Court, but they keep portraying us as being anti-government but we're not anti-government at all.'

The member did not specifically outline his group's goals or beliefs. 

In a clip filmed during the standoff, leader Jamhal Talib Abdullah Bey told the camera: 'We're not anti- police, we're not sovereign citizens, we're not black identity extremists'

The Noble Drew Ali taught that all blacks were of Moorish origins but had their Muslim identity taken away from them through slavery and racial segregation. He also encouraged use of the term 'Moor' rather than 'black' in self-identification

Share or comment on this article: 

The inside story of the 'Rise of the Moors' militia nine hour stand-off with Massachusetts cops

Euros: Azzurro taking knee mural replaced by Fascist stance

'Stay standing Italy' says rightist school movement

- RIPRODUZIONE RISERVATA

+CLICK TO ENLARGE

(ANSA) - ROME, JUL 2 - Rightist CasaPound school movement Blocco Studentesco on Thursday night replaced a mural by street artist Harry Greb showing an Italy player taking the knee for Black Lives Matter with a poster from the 1934 World Cup showing an Azzurro standing up and giving the Fascist salute, adding the tag "Stay standing, Italy".
    Blocco Studentesco said "Kneeling, for us, is not a form of respect for anyone, it's better to stand up and look each other in the face".
    Italian professional footballers association AIC said Thursday that it was time to stop a "defamatory campaign" against the Italy players over their stance on taking the knee at Euro 2020.
    Unlike some national teams, the Azzurri did not take the knee in support of the Black Lives Matter movement before their victory over Austria in the last 16 of the tournament last week.
    Five of the starting XI took the knee before Italy's last group game against Wales.
    In a statement to ANSA, the AIC said it "unreservedly stigmatizes the defamatory, biased campaign against the Italian national team players.
    "All of the Azzurri are our members," added the union ahead of Italy's quarter-final against Belgium in Munich on Friday.
    "They have all leant their faces and their images to be the lead figures in the numerous initiatives against any form of racism and discrimination that we have been doing for years". (ANSA).

UPDATED

Is the ‘Dragon Man’ a new species of human? Here’s what we know so far

Some scientists believe we've found our long-lost sister lineage. But not everyone is entirely convinced.

 by Tibi Puiu

ZME
July 5, 2021
in Anthropology, News, Science

Artist’s impression of Dragon Man. Credit: Chuang Zhao.

Last week, paleontologists in China broke the news that they have identified a 146,000-year-old cranium that may belong to a distinct, up until now unidentified species of humans. This tentative new species, known as Homo longi, or Dragon Man, has a mix of features shared by Neanderthals, Denisovans, and humans. If it is indeed a new species, scientists believe it may be the closest relative to modern humans, replacing the Neanderthals as our closest extinct kin.

The Dragon Man skull

From left to right are the skulls of Peking Man, Maba, Jinniushan, Dali, and Harbin. Credit: Kai Geng.

The skull was found near Harbin, a town in northeast China, in 1933 by bridge construction workers. Its potential importance was missed until 2018 when it reached the hands of a team of paleontologists led by Xijun Ni, a professor of primatology and paleoanthropology at the Chinese Academy of Sciences and Hebei GEO University.

Unlike most other hominin fossilized skulls that are usually crushed and fragmented, the Harbin skull was discovered remarkably intact. Its only major flaw is that it has only one tooth still attached to the mandible, a left molar.

In a series of three papers, the researchers described the extraordinary skull, which could hold a brain comparable in size to modern humans. It features almost square eye sockets beneath a heavy brow ridge reminiscent of the Neanderthals but has a wide face with small, flat cheekbones that is typical of modern humans. The cranium, which scientists believed belonged to a 50-year-old male, also features a wide mouth and oversized teeth.


“The Harbin fossil is one of the most complete human cranial fossils in the world. This fossil preserved many morphological details that are critical for understanding the evolution of the Homo genus and the origin of Homo sapiens. While it shows typical archaic human features, the Harbin cranium presents a mosaic combination of primitive and derived characters setting itself apart from all the other previously named Homo species,” said Qiang Ji, a professor of paleontology at Hebei GEO University.

A new species of human? not so fast

Artist impression of Dragon Man. Credit: The Innovation.

Like modern humans, Homo longi probably hunted mammals and birds, gathered wild fruits and vegetables, and perhaps even caught fish. Considering the Harbin individual was large in stature, as well as the location where it was found, the researchers believed that H. longi was well adapted to harsh environmental conditions.

Geochemical analyses showed that the Harbin man fossils are at least 146,000 years old, placing them well within the Middle Pleistocene, an era when humans were busy dispersing across the world. It is thus very likely that H. longi encountered Homo sapiens, as well as Denisovans and Neanderthals.

“We see multiple evolutionary lineages of Homo species and populations co-existing in Asia, Africa, and Europe during that time. So, if Homo sapiens indeed got to East Asia that early, they could have a chance to interact with H. longi, and since we don’t know when the Harbin group disappeared, there could have been later encounters as well,” says author Chris Stringer, a paleoanthropologist at the Natural History Museum in London.

When the researchers reconstructed the human tree of life to account for H. longi, they found that the tentative new species is even more closely related to us than Neanderthals and represents a sister species. This implies that Homo sapiens must have split from Neanderthals even further back in time, diverging from a common ancestor roughly 400,000 years earlier than scientists had previously thought.


“It is widely believed that the Neanderthal belongs to an extinct lineage that is the closest relative of our own species. However, our discovery suggests that the new lineage we identified that includes Homo longi is the actual sister group of H. sapiens,” says Professor Ni.

But is Homo longi truly a new species of human? It’s a bit too early to tell. The Harbin man may well be a Denisovan, an extinct species of archaic human that ranged across Asia during the Lower and Middle Paleolithic and whose fossil record is very scant. So far, the only fossils we have found of Denisovans include a finger bone, a few teeth and a skull fragment retrieved from Denisova Cave in Siberia, and a jawbone from Xiahe, northern China.

According to Ars Technica, when “Ni and colleagues did their statistical analysis, they pointed out that the Harbin skull fell into a group along with the 160,000-year-old Denisovan mandible from Xiahe. Given the great diversity of shapes and sizes that human skulls come in, it wouldn’t be that surprising for the Harbin skull to actually belong to the range of diversity for Denisovans.

If scientists manage to extract DNA from the Harbin skull, they could then compare it to the genomes of Denisovans, Neanderthals, and modern humans, to which we have access. That would settle at least some of the debate.

In any event, the Harbin skull is hugely significant. If it turns out to be a distinct species, then the human tree of life just got enlarged with one member. If subsequent research shows it is from a Denisovan, then we’ll finally know what these rather mysterious cousins looked like. So a win/win for science.

UPDATED

Georgia pride march cancelled after LGBT office ransacked and rainbow flags destroyed

Men climbed into the Tbilisi Pride office, ransacking it and tearing up rainbow flags.

LGBT campaigners in Georgia have called off a pride march after violent groups opposed to the event stormed and ransacked their office in the capital Tbilisi.

Key points:
Video footage showed protesters scaling a building and tearing down rainbow flags

Journalists were targeted in the violence

A tourist was reportedly stabbed for wearing an earring

Activists launched five days of LGBT Pride celebrations last Thursday and had planned a "March for Dignity" on Monday in central Tbilisi, shrugging off criticism from the church and conservatives who said the event had no place in Georgia.

However, the march plan was disrupted by counter-protesters before it could begin.

Video footage posted by LGBT activists showed men scaling their building to reach their balcony, where they tore down rainbow flags and were seen entering the office of Tbilisi Pride.

Other footage showed a journalist with a bloodied mouth and nose, and a man on a scooter driving at journalists in the street.

After the pride march was called off, some anti-march demonstrators staged a prayer outside a church facing the parliament building, while others danced to traditional music in celebration.

LGBT activists say the anti-pride march protesters are far-right extremists.(Reuters: Irakli Gedenidze)

Police said more than 50 journalists had been targeted in the violence.

Campaigners said some of their equipment had been broken in the attack.

"No words can explain my emotions and thoughts right now. This is my working space, my home, my family today. Left alone in the face of gross violence," LGBT activist Tamaz Sozashvili tweeted.

Media also reported that a tourist had been stabbed because he was allegedly wearing an earring.

The interior ministry, which said eight people were detained over the violence, had urged LGBT activists to abandon the march for security reasons.

It said in a statement that various groups were gathering and protesting, and that journalists had been targeted with violence.

"We once again publicly call on the participants of 'Tbilisi Pride' to refrain from the 'March of Dignity' … due to the scale of counter-manifestations planned by opposing groups," it said.

People danced in front of Georgia's parliament building after the pride march was cancelled.

(Reuters: Irakli Gedenidze)

Several Western embassies in Georgia issued a joint statement condemning the attack and calling on authorities to ensure freedom of expression and assembly.

"Violence is simply unacceptable and cannot be excused," the statement said.

President Salome Zourabichvili, who visited one of the injured journalists, said the violence was a "violation of the core fabric of Georgia".

"What happened is not the Georgia I know," Ms Zourabichvili, who ran as an independent, wrote on Twitter.

"It's not the Georgia based on its core values of tolerance."

In the run-up, Prime Minister Irakli Garibashvili said he viewed the march as "not reasonable", saying it risked causing public confrontation and that it was not acceptable to most Georgians, the Civil Georgia media outlet reported.

Rights campaigners condemned the violence and accused Mr Garibashvili of having emboldened hate groups.

"Violent far-right crowds supported by [the] Church & emboldened by [an] incredibly irresponsible statement of PM [Garibashvili] gathered in Tbilisi center to prevent Pride March, attacking journalists & breaking into Pride office," wrote Giorgi Gogia, who works for US-based Human Rights Watch.

VIDEO
Georgia pride march cancelled after LGBT office ransacked and rainbow flags destroyed - ABC News

Demoralised Afghan troops flee as key districts fall to Taliban insurgency
Afghan commandos arrive to reinforce security forces in Faizabad, capital of Badakhshan province, after the Taliban captured neighbourhood districts of Badakhshan. Photo: Reuters

Rahim Faiez, Kabul

July 06 2021 

The Taliban’s march through northern Afghanistan gained momentum overnight on Sunday with the capture of several districts from fleeing Afghan forces, several hundred of whom fled across the border into Tajikistan, officials said.

The government of Afghanistan announced it was preparing to mount a counter offensive.

More than 300 Afghan military personnel crossed from Afghanistan’s Badakhshan province as Taliban fighters advanced toward the border, Tajikistan’s State Committee for National Security said in a statement.

The Afghan troops crossed over at about 6.30pm local time on Saturday

“Guided by the principles of humanism and good neighbourliness,” the Tajik authorities allowed the retreating Afghan National Defence and Security Forces to cross into Tajikistan, said the statement

Since mid-April, when US President Joe Biden announced the end to Afghanistan’s “forever war”, the Taliban have made strides throughout the country.

But its most significant gains have been in the northern half of the country, a traditional stronghold of the US-allied warlords who helped defeat them in 2001. The Taliban now controls roughly a third of all 421 districts and district centres in Afghanistan.

The gains in northeastern Badakhshan province in recent days have mostly come to the insurgent movement without a fight, said Mohib-ul Rahman, a provincial council member.

He blamed Taliban successes on the poor morale of troops who are mostly outnumbered and without resupplies.

“Unfortunately, the majority of the districts were left to Taliban without any fight,” said Mr Rahman. In the last three days, 10 districts fell to Taliban, eight without a fight, he said.

Hundreds of Afghan army, police and intelligence troops surrendered their military outposts and fled to the Badakhshan provincial capital of Faizabad, Mr Rahman said.

Even as a security meeting was being held early on Sunday to plot the strengthening of the perimeter around the capital, some senior provincial officials were leaving Faizabad for the capital Kabul, he said.

Late last month, the Afghan government resurrected militias with a reputation of brutal violence to support the beleaguered Afghan forces but Mr Rahman said that many of these militias in the Badakhshan districts had put up only a half-hearted fight.

The areas under Taliban control in the north are increasingly strategic, running along Afghanistan’s border with central Asian states.

Last month, the religious movement took control of Imam Sahib, a town in Kunduz province opposite Uzbekistan and gained control of a key trade route.

The inroads in Badakhshan are particularly significant as it is the home province of former President Burhanuddin Rabbani, who was killed by a suicide bomber in 2011.

His son, Salahuddin Rabbani, is part of the current High Council for National Reconciliation. The slain former president also led Afghanistan’s Jamiat-e-Islami, which was the party of famed anti-Taliban fighter Ahmad Shah Massoud, killed by a suicide bomber two days before the 9/11 attacks in the United States.

The Interior Ministry issued a statement on Saturday saying the defeats were temporary although it was not clear how they would regain control.

Taliban spokesman Zabihullah Mujahid confirmed the fall of the districts and said most were without a fight.

The Taliban in previous surrenders have shown videos of Afghan soldiers taking transportation money and returning to their homes.

‘You know you’re shaking things up when they come after you’: Hacker takes over top accounts on new pro-Trump app GETTR

The hacker says more vulnerabilities remain.

Mikael Thalen

Tech

Published Jul 5, 2021

GETTR, the new social media platform for supporters of former President Donald Trump, has already been hacked.

Launched last week by Jason Miller, a former spokesperson for Trump, GETTR was compromised after security researchers discovered numerous bugs and vulnerabilities.vertisement

The accounts for some of the site’s biggest users, including Miller himself as well as Rep. Marjorie Taylor Greene, were taken over on Sunday by hacker @JubaBaghdad.

The usernames for the hacked accounts were all changed to include a pro-Palestinian message: “@JubaBaghdad was here :) ^^ free palestine ^^.”

Speaking with Insider, the hacker argued that the attack had been “easy” due to the site’s poor security postertisement

“They should not publish the website before making sure everything, or at least almost everything, is secure,” he said.

Other compromised accounts included those belonging to former Secretary of State Mike Pompeo, the pro-Trump broadcaster Newsmax, and ex-White House chief strategist Steve Bannon.

Miller responded to the hack of his site by downplaying the severity, arguing that the problem was fixed within minutes.

“You know you’re shaking things up when they come after you. The problem was detected and sealed in a matter of minutes, and all the intruder was able to accomplish was to change a few user names,” Miller told Insider. “The situation has been rectified and we’ve already had more than half a million users sign up for our exciting new platform!”

Despite Miller’s assurances, however, @JubaBaghdad told Salon’s Zachary Petrizzo on Monday that GETTR was still vulnerable. Petrizzo says the hacker was able to show him all of the personal information he used while signing up for the site. (Editor’s note: Zachary Petrizzo previously contributed to the Daily Dot.)

Security woes are just one of several issues facing the novice platform. Shortly after launch, trolls flooded GETTR with pornographic images, much to the ire of the site’s conservative userbase.

The Kaseya Ransomware Attack is a Really Big Deal
By Matt Tait Monday, July 5, 2021

LAWFARE

A keyboard (ericnvntr/https://flic.kr/p/9A8uFb/CC BY 2.0/https://creativecommons.org/licenses/by/2.0/)

If you’re not already paying attention to the Kaseya ransomware incident, you should be. It’s likely the most important cybersecurity event of the year. Bigger than the Exchange hacks by China in January. Bigger than the Colonial pipeline ransomware incident. And, yes, more important than the SolarWinds intrusions last year.

First, some background. Kaseya is a managed service provider; its customers use Kaseya to manage their company IT infrastructure. As part of this task, Kaseya can deploy software to the systems under management, in a way that is broadly equivalent to a software provider deploying an automatic update to those machines. For those interested in more, Nick Weaver wrote a piece for Lawfare that walks through the background in depth.

Under normal circumstances, automatic software deployment, especially in the context of software updates, are a good thing. But here this feature was turned on its head. Russian-based criminal gang REvil hacked into Kaseya’s management system, and pushed REvil software to all of the systems under Kaseya’s management. From there, the ransomware promptly disabled those computers and demanded a cryptocurrency payment of about $45k per system to set the machines free. As of writing, REvil claims that about a million total computers were affected, and is offering a “bulk discount” of $70m to unlock all affected systems in a single payment.

Although the direct impact is already enormous, to me, the direct impact is, in some sense, far less important than the issue of how the incident occurred, namely by subverting software delivery mechanisms as a means to install ransomware.

Supply chain attacks such as these are the proximate technical cause of many of cybersecurity’s “greatest” hits, including NotPetya and SolarWinds. The NotPetya attack in June 2017 did about $10bn or so of damage globally. The SolarWinds campaign led to the compromise of thousands of major organizations and dozens of federal agencies. NotPetya was delivered by a malicious update to Ukrainian accountancy software firm MeDoc; the SolarWinds malware by a malicious update to SolarWinds’ IT management software.

If this is not yet enough to catch your attention, three further observations will.

First, supply chain compromises, such as these, are very often indiscriminate; everyone that installs a malicious update gets the malware. Even in cases where supply-chain malware merely lays the groundwork for further sub-targeting after the initial breach—as the SolarWinds malware did—the effect is disruptive to all recipients, whether sub-targeted or not. Except in very rare cases, perpetrators behind supply chain attacks cannot control, predict or constrain the real-world consequences of subverting software supply-chains—and this is especially true when they are used to install ransomware.

The second, and perhaps scariest, observation is that the software vendors used in malicious update compromises thus far have, in the grand scheme of things, been relatively small. MEDoc, SolarWinds and Kaseya are, of course, important to their respective customers, but none were household names before their respective incidents. Far bigger software vendors exist. Some are central to the basic functioning of modern computing. A disruption to the supply chain of platform vendors like Microsoft, Apple, or Google would have fallout at a scale that is literally unimaginable; with global disruption so vast that it cannot really be articulated without sounding insane or alarmist. But platform vendors are not the only large software developers. Hundreds of smaller companies exist on the periphery, each with enormous customer-bases, from organizations like NVidia, Dell, Adobe and Mozilla; Linux and its various major distributions; the maintainers of core package managers used by huge numbers of software developers; large enterprise IT products; as well as any of the major games companies like Blizzard Activision or Valve. Most of these regularly push software to huge numbers of users and organizations at an operational scale that makes MEDoc, Kaseya and SolarWinds look like lightweights.

The final observation is that defensive remediation of ransomware deployed through automatic updates is pathological to the cybersecurity industry itself in a way that is qualitatively different from other categories of cybersecurity incidents.

To understand why, contrast the Kaseya breach with, say, a more “traditional” deployment of malware using zero-day exploits against each affected target. Hackers who develop or have access to zero-days have two natural obstacles to their mass-use: the difficulty in reaching exposed systems, and the risk of discovery. Once the zero-day is discovered, its utility rapidly and sharply declines.

Once a zero-day is discovered being used “in the wild”, remediation typically comes in the form of two key streams in the cybersecurity community. The first stream is the software developers at the affected vendor. Those developers quickly reverse-engineer the exploit to identify the software defect. For simple fixes, the developers can fix it outright; for more complicated issues they might temporarily disable the surrounding feature until the defective component can be safely re-engineered. In either case, an “immunized” patch is made ready and deployed to customers, often within a few days of initial discovery of the exploit.

As the developers engineer a patch to prevent new infections, the incident response community mobilizes to help infected organizations. These incident responders perform an intensive triage and remediation. They identify and restore affected systems, discover what was stolen, and put in place measures that will make future compromises less likely to occur—and less damaging when they do—for the affected systems and organizations.

Malware deployed automatically via the supply-chain up-ends all of these dynamics pathologically. A malware operator with access to automatic software delivery infrastructure has no incentive to keep the infections small. Rather than infecting only a few targets at the top of their priority list, the hacker typically hacks all affected customers nearly simultaneously. Finding and reaching exposed systems isn’t an obstacle here to their mass-deployment either; the delivery mechanism “helpfully” routes the malware through to systems buried deep inside corporate networks, or hidden behind layers of traditional defenses.

The vendor can’t respond in the normal way to supply-chain malware either. The malware came from their own software delivery infrastructure, so remediation begins with them disabling their infrastructure to prevent further misuse and then turning inwards to secure their own systems. In any case, patches are the wrong tool for remediation: patches help defend systems that might be vulnerable to malware, but here their customers are already infected with the malware. By the time the breach is discovered, it’s already too late to fix via a patch.

As if this wasn’t enough, malware-laden updates are also pathological to incident response. Since malicious updates affect enormous groups of systems simultaneously, they tend to saturate the capacity of the entire incident response industry overnight, overwhelming their ability to respond.

In short, software supply chain security breaches don’t look like other categories of breaches. A lot of this comes down to the central conundrum of system security: it’s not possible to defend the edges of a system without centralization so that we can pool defensive resources. But this same centralization concentrates offensive action against a few single points of failure that, if breached, cause all of the edges to fall at once. And the more edges that central failure point controls, the more likely the collateral real-world consequences of any breach, but especially a ransomware breach will be catastrophic, and cause overwhelm the defensive cybersecurity industry’s ability to respond.

Tackling this problem is no small task; it will need a great deal of resources and creativity across a large number of different domains, from the technical community through to the foreign policy community. And, to be fair, many of the options towards a safer infrastructure will likely require some large, and frankly unpopular, shaping-up against some large entrenched interests to make progress.

But before researchers and policymakers can start to look for solutions, the first step is recognizing why supply-chain compromise is fundamentally different from most other problems encountered day-to-day in cybersecurity, and one with a failure mode that can be unusually fast and large-scale. Only then will the information security community be able to start tackling it with the scale and seriousness that it deserves.

Fallout continues from most widespread global ransomware attack to date

Cyberattack hit at least 17 countries; FBI directing ‘full resources’ to investigation

Published: July 5, 2021
Associated Press

The inside of a computer in seen in Jersey City, N.J. ASSOCIATED PRESS

BOSTON — The single biggest global ransomware attack yet continued to bite Monday as details emerged on how the Russia-linked gang responsible breached the company whose software was the conduit. In essence, the criminals used a tool that helps protect against malware to spread it widely.

An affiliate of the notorious REvil gang, best known for extorting $11 million from the meat-processor JBS JBSS3, -0.95% after a Memorial Day attack, infected thousands of victims in at least 17 countries on Friday, largely through firms that remotely manage IT infrastructure for multiple customers, cybersecurity researchers said.


REvil was demanding ransoms of up to $5 million. But late Sunday it offered in a posting on its dark web site a universal decryptor software key that would unscramble all affected machines in exchange for $70 million in cryptocurrency. It wasn’t clear who they expected might pay that amount.

Sweden may have been hardest hit by the attack — or at least most transparent about it. Its defense minister, Peter Hultqvist, bemoaned on Monday “a serious attack on basic functions in Swedish society.”

”It shows how fragile the system is when it comes to IT security and that you must constantly work to develop your ability to defend yourself,” he said in a TV interview. Most of the Swedish grocery chain Coop’s 800 stores were closed all weekend because their cash register software supplier was crippled. They remained closed Monday. A Swedish pharmacy chain, gas station chain, the state railway and public broadcaster SVT were also hit.

A broad array of businesses and public agencies were affected, including in financial services, travel and leisure and the public sector — though few large companies, the cybersecurity firm Sophos reported. The cybersecurity firm ESET identified victims in countries including the United Kingdom, South Africa, Canada, Argentina, Mexico, Indonesia, New Zealand and Kenya.

Ransomware criminals infiltrate networks and sow malware that cripples them by scrambling all their data. Victims get a decoder key when they pay up.

In Germany, an unnamed IT services company told authorities several thousand of its customers were compromised, the news agency dpa reported. Also among reported victims were two big Dutch IT services companies — VelzArt and Hoppenbrouwer Techniek. Most ransomware victims don’t publicly report attacks or disclose if they’ve paid ransoms.

On Sunday, the FBI said in a statement that while it was investigating the attack, its scale “may make it so that we are unable to respond to each victim individually.” Deputy National Security Advisor Anne Neuberger later issued a statement saying President Joe Biden had “directed the full resources of the government to investigate this incident” and urged all who believed they were compromised to alert the FBI.

Biden suggested Saturday the U.S. would respond if it was determined that the Kremlin is at all involved. Less than a month ago, Biden pressed Russian President Vladimir Putin to stop giving safe haven to REvil and other ransomware gangs whose unrelenting extortionary attacks the U.S. deems a national security threat.

On Monday, Putin spokesman Dmitry Peskov was asked if Russia was aware of the attack or had looked into it. He said no, but suggested it could be discussed by the U.S. and Russia in consultations on cybersecurity issues for which no timeline has been specified.

Experts say it was no coincidence that REvil launched the attack at the start of the Fourth of July holiday weekend, knowing U.S. offices would be lightly staffed and many victims might not learn of it until back at work Monday or Tuesday.

Most end users of managed service providers “have no idea” whose software keep their networks humming, said CEO Fred Voccola of the breached software company, Kaseya.

He estimated the victim number in the low thousands, mostly small businesses like “dental practices, architecture firms, plastic surgery centers, libraries, things like that.”

Voccola said only between 50-60 of the company’s 37,000 customers were compromised. But 70% were managed service providers who use the company’s hacked VSA software to manage multiple customers. It automates the installation of software and malware-detection updates and manages backups and other vital tasks.

Kaseya said it sent a detection tool to nearly 900 customers on Saturday night.

The REvil offer to offer blanket decryption for all victims of the Kaseya attack in exchange for $70 million suggested its inability to cope with the sheer quantity of infected networks, said Allan Liska, an analyst with the cybersecurity firm Recorded Future.

But Kevin Reed of Acronis said the offer of a universal decryptor could be a PR stunt because no human involvement would be needed to pay a $45,000 base ransom demand apparently sent to the vast majority of targets. Analysts reported seeing demands of $5 million and $500,000 for bigger targets, which would require negotiation.

Analyst Brett Callow of Emsisoft said he suspects REvil is hoping insurers might crunch the numbers and determine the $70 million will be cheaper for them than extended downtime.

Sophisticated ransomware gangs on REvil’s level usually examine a victim’s financial records — and insurance policies if they can find them — from files they steal before activating the ransomware. The criminals then threaten to dump the stolen data online unless paid, although that does not appear to have happened in this case. But this attack was apparently bare-bones. REvil seems only to have scrambled victims’ data.

Dutch researchers said they alerted Miami-based Kaseya to the breach and said the criminals used a “zero day,” the industry term for a previous unknown security hole in software. Voccola would not confirm that or offer details of the breach — except to say that it was not phishing.

“The level of sophistication here was extraordinary,” he said.

It was not the first ransomware attack to leverage managed services providers. In 2019, criminals hobbled the networks of 22 Texas municipalities through one. That same year, 400 U.S. dental practices were crippled in a separate attack.

Active since April 2019, REvil provides ransomware-as-a-service, meaning it develops the network-paralyzing software and leases it to so-called affiliates who infect targets and earn the lion’s share of ransoms. U.S. officials say the most potent ransomware gangs are based in Russia and allied states and operate with Kremlin tolerance and sometimes collude with Russian security services.

RIP
Richard Donner, director of Superman, Lethal Weapon and The Goonies, dies aged 91

He was "the greatest Goonie of all" said Stephen Spielberg.


Mark Serrels
July 5, 2021

CNET

Donner attending at 25th anniversary Goonies reunion at Warner Bros. Studios in October 2010.Michael Tran/FilmMagic

Richard Donner, the director behind huge hits like Lethal Weapon, The Goonies and Superman, has died aged 91. His wife, producer Lauren Shuler Donner, did not disclose the cause of death.

Donner had an incredible career, directing one of the first significant superhero movies in Superman, starring Christopher Reeves and Marlon Brando, but made his feature film debut with The Omen, the classic, iconic horror movie, written by David Seltzer.

Donner is perhaps most famous for his work on the Lethal Weapon series, which helped create the template for the buddy cop movie. Lethal Weapon grossed $120 million on a $15 million budget and kickstarted one of the most memorable franchises in Hollywood history, perhaps peaking with the sequel, Lethal Weapon 2, released in 1989. It was the third most successful movie released that year behind Batman and Indiana Jones and the Last Crusade. Donner also directed cult classic, The Goonies, launching the careers of stars like Sean Astin and Josh Brolin.

He was also an incredibly successful producer. Donner's production company, The Donners' Company, helped launch the X-Men franchise back in 2000.

"Being in his circle was akin to hanging out with your favorite coach, smartest professor, fiercest motivator, most endearing friend, staunchest ally, and — of course — the greatest Goonie of all," said Stephen Spielberg, in a statement sent to Variety.

"Dick genuinely cared about me, my life and my family," added Danny Glover, who was directed by Donner. "We were friends and loved each other far beyond collaborating for the screen and the success that the Lethal Weapon franchise brought us. I will so greatly miss him."