Tag: Russia

Several European banks have been drawn into money-laundering allegations centered on dirty Russian money. Much of the information has been made available to media outfits by The Organized Crime and Corruption Reporting Project, or OCCRP. Investigations into the scandal are under way in the Baltic nations, the US, the UK and the Nordic countries. Below is a list of the main banks touched by the scandal.

Danske Bank A/S

Denmark’s biggest bank admitted in September that much of about $230bn that flowed through its tiny Estonian unit between 2007 and 2015 was probably suspicious in origin.

The lender is being investigated by the U.S. Department of Justice and the Securities and Exchange Commission, as well as by authorities in Denmark, Estonia, the U.K. and France.

Swedbank AB

Swedish broadcaster SVT alleged that almost $6bn in suspicious transactions flowed between Danske Bank and Swedbank in 2007-2015, linking the Swedish bank to Danske’s $230bn money-laundering scandal.

The bank is being investigated by the financial supervisory authorities of Sweden and Estonia. It’s also being probed by Sweden’s Economic Crime Authority for allegedly breaching insider information rules.

Nordea Bank Abp

The biggest Nordic bank allegedly handled about €700m in potentially dirty money, with funds arriving from failed Lithuanian bank Ukio Bankas and heading to shell companies in countries such as the British Virgin Islands and Panama, according to Finnish broadcaster YLE.

Investor Bill Browder filed complaints with Nordic authorities in October alleging $405m of suspicious funds flowed via the bank. Sweden decided not to investigate but Finland has yet to say if it will.

Deutsche Bank AG

More than $889m went from accounts at Deutsche Bank to those of the so-called “Troika Laundromat” between 2003 and 2017, according to German daily Süddeutsche Zeitung—part of the OCCRP journalist group.

The report comes on top of regulatory scrutiny of Deutsche Bank’s role as a correspondent bank in Danske Bank’s money-laundering scandal and a probe by German prosecutors of its involvement in a tax-evasion scheme unmasked by the Panama Papers in 2016.

Raiffeisen Bank International AG

The Austrian bank that’s among the biggest foreign lenders in Russia is the main target of a filing by the Hermitage Fund, detailing $634m allegedly transferred to it from Lithuania’s Ukio Bankas and from the Estonian unit of Danske Bank. Hermitage said the bank ignored signs that should have triggered money-laundering prevention measures.

Raiffeisen has launched an internal probe, yet also points out that Hermitage has filed similar allegations before and that they were dismissed by Austrian authorities.

ABN Amro Group NV

The Troika Laundromat moved about €190m through a unit of the Dutch bank that became part of Royal Bank of Scotland, Dutch newspaper Trouw and magazine De Groene Amsterdammer reported. All assets, data and clients of the unit became the legal responsibility of RBS in February 2008, ABN said.

The Dutch financial crimes police declined to comment on whether it was investigating the bank.

Cooperatieve Rabobank U.A.

About €43m were paid to the Rabobank account of Dutch yacht builder Heesen for construction of two boats for Russian senator Valentin Zavadnikov, according to newspaper Trouw and magazine De Groene Amsterdammer. The money came from the Troika Laundromat scheme, the media outlets said.

The Dutch financial crimes police declined to comment on whether it was investigating the bank.

ING Groep NV

The Dutch bank’s branch in Moscow worked until 2013 with a client who it suspected of involvement in money laundering, the media outlets said.

The Dutch financial crimes police declined to comment on whether it was investigating the bank. ING last year paid $900m to end a Dutch money-laundering probe.

Turkiye Garanti Bankasi A.S.

The Dutch unit of the Turkish bank processed €200m in transactions that came from two Lithuanian banks that were at the center of the Troika Laundromat, the Dutch media outlets reported.

It wasn’t immediately clear if it was being investigated.

By Lily Hay Newman for Wired 

For two hours on Monday, internet traffic that was supposed to route through Google’s Cloud Platform instead found itself in quite unexpected places, including Russia and China. But while the haphazard routing invoked claims of traffic hijacking—a real threat, given that nation states could use the technique to spy on web users or censor services—the incident turned out to be a simple mistake with outsized impacts.

Google noted that almost all traffic to its services is encrypted, and wasn’t exposed during the incident no matter what. As traffic pinballed across ISPs, though, some observers, including the monitoring firm ThousandEyes, saw signs of malicious BGP hijacking—a technique that manipulates the web’s Border Gateway Protocol, which helps ISPs automatically collaborate to route traffic seamlessly across the web.

ThousandEyes saw Google traffic rerouting over the Russian ISP TransTelecom, to China Telecom, toward the Nigerian ISP Main One. “Russia, China, and Nigeria ISPs and 150-plus [IP address] prefixes—this is obviously very suspicious,” says Alex Henthorne-Iwane, vice-president of product marketing at ThousandEyes. “It doesn’t look like a mistake.”

Malicious BGP hijacking is a serious concern, and can be exploited by criminals or nation state actors to intercept traffic or disrupt a target service—like Google. But the technique also has a dopey, well-intentioned cousin known as a prefix leak, or sometimes “accidental BGP hijacking.”

In both cases, rerouting occurs when an ISP declares that it owns blocks of IP addresses that it doesn’t actually control. This can be an intentional deception, but can also simply come down to a configuration error that, while disruptive, is not intentional. On Monday, a Google spokesperson said that the company didn’t see signs of malicious hijacking, and instead suspected that the Nigerian ISP Main One had accidentally caused the problem.

“The problem here is a failure to apply basic best current practices to these routing sessions.”

There are minimum best practices that ISPs should implement to keep BGP routes on the up and up. These are important, because they apply filters that catch errors in the event of a route leak and block problematic routes. Not all ISPs implement these protections, though, and in a prefix leak like the one that affected Google, traffic will flow chaotically across networks, not based on efficiency or established paths, but based on which networks haven’t put the BGP safeguards in place and will therefore accept the rogue routing.

Indeed, on Tuesday morning Main One said in a statement that, “This was an error during a planned network upgrade due to a misconfiguration on our BGP filters. The error was corrected within 74mins.”

In this case, it appears that the Russian and Chinese ISPs, and perhaps others as well, offered a path to the Google traffic because they hadn’t implemented protective configurations.

The protocols underlying the internet were written decades ago, in a different era of computing, and many have needed major security overhauls and additions to improve trust and reliability around the web. There was the effort to encrypt web traffic with HTTPS, and the growing movement to secure the internet’s Domain Name System address lookup process so it can’t be used to spy on users, or for malicious rerouting.

Similarly, ISPs and internet infrastructure providers are starting to implement a protection called Resource Public Key Infrastructure that can virtually eliminate BGP hijacking, by creating a mechanism to cryptographically confirm the validity of BGP routes. Like HTTPS and DNSSEC, RPKI will only start to provide true customer protection when a critical mass of internet infrastructure providers implement it.

“This incident had a non-trivial impact because Google and some other prominent network routes were accidentally leaked,” says Roland Dobbins, a principal engineer at the network analysis firm Netscout. “But the problem here, as it is in most of these cases, is a failure to apply basic best current practices to these routing sessions. The key is for network operators to participate in the global operational community, get these kinds of filters put in place, and move to implement RPKI.”

While Google’s incident wasn’t a hack and instead gets into obscure internet protocol drama, the impact for users on Monday was apparent—and shows the pressing need to resolve issues with BGP trust. The flaw has been maliciously hijacked before, and could be again.

The rapidly evolving story about Moscow-based Kaspersky Lab’s involvement in helping Russian government hackers steal sensitive National Security Agency materials has taken yet another turn, as The Wall Street Journal reports that the assistance could have come only with the company’s knowledge.

Wednesday’s report, citing unnamed current and former US officials, said the help came in the form of modifications made to the Kaspersky antivirus software that’s used by more than 400 million people around the world. Normally, the programs scan computer files for malware. “But in an adjustment to its normal operations that the officials say could only have been made with the company’s knowledge, the program searched for terms as broad as ‘top secret,’ which may be written on classified government documents, as well as the classified code names of US government programs, these people said.”

The report is the latest to detail a 2015 event in which an NSA worker—described as a contractor by the WSJ and an employee in articles from The Washington Post—sneaked classified materials out of the agency and onto an Internet-connected computer that had Kaspersky AV installed on it. The WSJ, WaPo, and The New York Times have all reported that hackers working for the Russian government were able to home in on the documents with the help of the Kaspersky software.

On Tuesday, the NYT was first in reporting that NSA officials first learned of the help provided by Kaspersky AV from Israeli intelligence officials who had hacked into Kaspersky’s corporate network and witnessed the assistance in real time.

Wednesday’s report is the first to explicitly say the assistance wasn’t the result of a covert hack or the exploitation of an inadvertent weakness but rather likely came with the knowledge of at least one Kaspersky official.

“There is no way, based on what the software was doing, that Kaspersky couldn’t have known about this,” the WSJ quoted a former US official with knowledge of the 2015 event saying. The official went on to explain that the Kaspersky software was designed in a way that it would have had to be programmed to look for specific keywords. Kaspersky employees, the official continued, “likely” would have known such a thing was happening. The evidence, Wednesday’s report said, has now caused many US officials to believe the company was a “witting partner” in locating the materials on the home computer.

In a statement issued Wednesday, Kaspersky officials wrote:

Kaspersky Lab was not involved in and does not possess any knowledge of the situation in question, and the company reiterates its willingness to work alongside US authorities to address any concerns they may have about its products as well as its systems.
The company has long maintained it has no inappropriate ties to any government, including Russia’s, and vigorously defends against all malware threats.

Meanwhile, Reuters reported that German officials had no evidence to back the reports Kaspersky AV played a role in the theft of the NSA materials and had no plans to warn against the use of the software. Last month, the US Department of Homeland Security took the unprecedented step of banning all federal government agencies and departments from using any Kaspersky goods or services.

The WSJ went on to report that US intelligence agencies spent months studying and experimenting with Kaspersky software to see if they could trigger it into behaving as if it had discovered classified materials on a computer being monitored by US spies. “Those experiments persuaded officials that Kaspersky was being used to detect classified information,” Wednesday’s report said.

By Dan Goodin for ARS Technica 

Cabinet reshuffle #12 for Zuma

Desperation to push through the R1-trillion nuclear deal and “gatvolness” with SACP leader Blade Nzimande’s criticism of his leadership ahead of the ANC’s elective conference are probably the main reasons behind President Jacob Zuma’s most recent Cabinet reshuffle.

The reshuffle, that saw Nzimande chopped from the Cabinet, four ministers changing portfolios and the introduction of loudmouth ANC MP Bongani Bongo as minister of intelligence, is part of Zuma’s fightback campaign to reclaim authority over a deeply fractured governing party.

The axing brings an end to a decade-long bromance between Zuma and the communists, who were at the forefront of lobbying for the corruption charges against Zuma to be dropped and for president Thabo Mbeki to be recalled.

The relationship soured when it became clear that Zuma was never really interested in changing the economic policies of the country to benefit the poor, but rather to enrich himself and his besties, the Guptas.

In recent months, Nzimande has been one of Zuma’s most vocal critics with the SACP, calling for his removal as ANC president.

The SACP-ANC relationship is at an all-time low, with threats by the reds to go it alone in the 2019 election.

Firing Nzimande opened up the opportunity for Zuma to play musical chairs.

His close ally David Mahlobo becomes energy minister; Bongo takes over state security; Ayanda Dlodlo moves to home affairs and Mmamoloko Kubayi takes over the communications portfolio.

Hlengiwe Mkhize moves from home affairs to higher education and the young rising star MP and former Young Communist League leader, Buti Manamela, replaces the controversial Mduduzi Manana as Mkhize’s deputy.

So why did Zuma move his powerful intelligence minister to the energy portfolio?

It does not require rocket science to connect the dots: Zuma needs to push through the nuclear deal with Russia’s Rosatom before his term ends. If a candidate other than Nkosazana Dlamini-Zuma wins the ANC’s presidential election, Zuma could be out as state president as early as January.

Mahlobo has accompanied Zuma on at least one state visit to Russia, to meet President Vladimir Putin. It was always a mystery why Mahlobo, and not the energy minister, had travelled with Zuma, but that question has now been answered.

The Sunday Times reported last month that Mahlobo accompanied convicts Gayton McKenzie and Kenny Kunene – supposedly Zuma’s New Best Friends – to Russia to present themselves as BEE partners to Russian oil and gas company Rosgeo for a R5bn deal. Connect the dots.

The Western Cape High Court’s ruling earlier this year that the tender process for nuclear should start from scratch was a massive setback for Zuma and Putin. Mahlobo has now been trusted with pushing the deal through – and fast.

Remember that Zuma’s favourite son, Duduzane, and the Guptas own Shiva Uranium, who will be one of the chief beneficiaries of a nuclear deal. That is the Zuma pension plan.

Kubayi was supposed to fast-track the deal after Tina Joemat-Pettersson got the boot in March for failing to do so, but she probably moved too slowly in Zuma’s view.

The reshuffle is a sign that Zuma is panicking. South Africa should be on high alert.

By Adriaan Basson for News24

Russia’s Federal Antimonopoly Service (FAS) has opened a case against a subsidiary of Mondi for violating what it says are “elements of the antimonopoly laws”.

FAS says it “suspects” Mondi Syktyvkar, which it describes as Russia’s largest paper producer, of failing to comply with aspects of federal law; in particular “monopolistically fixing the high price for offset paper”.

Mondi has said that it had not received “any FAS notification to this effect” and had no further details of the probe.

“Mondi is committed to complying with all applicable antimonopoly laws and believes it has not violated any such laws.”

Lora Rossler, group head of communications at Mondi, said that the group’s offset uncoated fine paper sales in Russia comprised about 10% of its Europe and international uncoated fine paper sales, or “less than 2%” of group sales.

Mondi’s share slipped 2.2% to close at R277.95 on the JSE.
“A recently observed increase of prices for offset paper has elements of violating the antimonopoly law,” Nelli Galimkhanova, head of the FAS department for industry control, said in a statement on the authority’s Web site on Friday.

“Upon considering all case circumstances and the arguments given by the respondent, the FAS commission shall make a decision,” she says.

FAS says it found last year the costs of offset paper rose about 50% for Russian consumers, but this did not match the change in the costs of production and sale of such paper.

It had earlier initiated inspections of Russia’s largest cellulose and paper industry makers.

Offset paper refers to paper used for printing books and magazines and not to single office-style paper for photocopying.

FAS also says it was continuing to “watch the situation” in Russian cellulose-and-paper markets, and that it monitored costs on a quarterly basis.

Justin Jordan, equity analyst at Jefferies International in London, says Russian authorities had not contacted Mondi formally.

“What happens from here? Likely nothing, in Jefferies’s view. Worst case scenario, a modest fine,” he says.

Jordan says that Mondi had increased offset reel paper prices by 25% in Russian currency terms last year, due to domestic Russian cost inflation.

However, he says that market sentiment was the “real issue here”, following an earlier European Union investigation into possible price-fixing in industrial sack markets.

Mondi last month said it had not been affected by unannounced inspections at several companies in the European kraft paper and industrial bags sector.

By Mark Allix for www.bdlive.co.za

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top