Friday, 6 February 2015

DIA Cyber Warrior delivers first Worldwide Threat Assessment

Vincent R. Stewart, Lieutenant General, U.S. Marine Corps was promoted into the position of Director of the Defense Intelligence Agency. While our friend and colleague Lt. General Ronald Burgess (ret.), now at Auburn University here in Alabama, certainly understood and respected the importance of the cyber domain, General Stewart represents the first time we have a true cyber warrior at the helm of the DIA.  Immediately prior to his appointment as Director of the DIA, General Stewart served as the commander of the Marine Force Cyber Command (described at the end of this blog post.)  General Stewart was director of Marine Intelligence from 2009 to 2013, rising through the ranks in a long and distinguished career that began with humble beginnings in Jamaica and includes many decorations for valor and leadership.


Worldwide Threat Assessment - Cyber

On February 3, 2015, Lt. General Stewart delivered his first Worldwide Threat Assessment to the Senate Armed Services Committee. (Transcript here). So what did our new DIA Cyber Warrior leader have to say about Cyber threats?

The briefing began, appropriately, with a status of Iraq and Afghanistan, focusing on terrorist threats from ISIL, al-Qa'ida, and the Taliban. After that he touched on certain other "violent extremist organizations" and concluded with a region-by-region and global threat summary.

In his discussion of ISIL, al-Qa'ida, and the Taliban, no technology or internet discussion was featured. Expanding beyond Iraq, AQAP (Al-Qa'ida in the Arabian Peninsula) was said to be focused on commercial aviation targeted with innovative explosions. AQIM (Al-Qa'ida in Lands of the Islamic Mahgreb) is mostly focused on kidnapping and attacks against allies. The Al-Nusrah Front and the Khorasan group were said to be focused on providing personnel and training in Syria, but with an interest in targeting western interests. IRGC-QF (Islamic Revolutionary Guard Corps-Quds Force) and Lebanese Hizballah were described a "instruments of Iran's foreign policy and its ability to project power in Iraq, Syria, and beyond." Boko Haram was described as having the potential to expand beyond Nigeria to become a "significan regional crisis."

Cyber Operations

The first mention of cyber comes with regard to Russia, mentioning that Russian actions against Kyiv included "the use of propaganda and information operations, cyberspace operations, covert agents, ..."While the other regional assessments did not include cyber individually, cyber was brought up in the concluding portion of the remarks in the section labeled "Global Threats."

General Stewart's points on the lack of consensus about the status of cyber attacks was especially telling. The "big bullets" from the cyber portion of the talk seem to be:

  • aggressive attacks against DoD and allied defense networks
  • increased cyber-espionage against DoD and Defense Contractor networks
  • concerns about supply chain vulnerabilities
  • increased use of cyber operations in regional conflicts
  • a lack of international "norms of behavior" in cyberspace
  • freedom of action, especially by Iran and North Korea, to conduct peacetime cyber offensive attacks on western interests without fear of reprisal
  • the use of the Internet by non-state actors for Communication, Propaganda, Fundraising, and Recruitment
Below I quote the General's remarks on cyber in full:
The global cyber threat environment presents numerous persistent challenges to the security and integrity of DoD networks and information. Threat actors now demonstrate an increased ability and willingness to conduct aggressive cyberspace operations -- including both service disruptions and espionage -- against U.S. and allied defense information networks. Similarly, we note with increasing concern recent destructive cyber actions against U.S. private-sector networks demonstrating capabilities that could hold U.S. government and defense networks at risk. For 2015, we expect espionage against U.S government defense and defense contractor networks to continue largely unabated, while destructive network attack capabilities continue to develop and proliferate worldwide. We are also concerned about the threat to the integrity of the U.S. defense procurement networks posed by supply chain vulnerabilities from counterfeit and sub-quality components.
Threat actors increasingly are willing to incorporate cyber options into regional and global power projection capabilities. The absence of universally accepted and enforceable norms of behavior in cyberspace contributes to this situation. In response, states worldwide are forming "cyber command" organizations and developing national capabilities. Similarly, cyberspace operations are playing increasingly important roles in regional conflicts -- for example, in eastern Ukraine -- where online network disruptions, espionage, disinformation and propaganda activities are now integral to the conflict.
Iran and North Korea now consider disruptive and destructive cyberspace operations a valid instrument of statecraft, including during what the U.S. considers peacetime. These states likely view cyberspace operations as an effective means of imposing costs on their adversaries while limiting the likelihood of damaging reprisals.
Non-state actors often express the desire to conduct malicious cyber attacks, but likely lack the capability to conduct high-level cyber operations. However, non-state actors, such as Hizballah, AQAP, and ISIL will continue during the next year to effectively use the Internet for communication, propaganda, fundraising and recruitment.


MARFORCYBER background

In January, General Stewart passed control of the U.S. Marine Corps Forces Cyber Command (MARFORCYBER)to Major General Daniel J. O'Donohue.


(a somewhat dated biography of General O'Donohue is available from the Armed Services Committee)

The command, established in October 2009, was complemented by the Navy's U.S. Tenth Fleet Cyber Command. According to the Marine Corps' "Concepts and Programs" document, the mission of MARFORCYBER is to "plan, coordinate, integrate, synchronize, and direct full spectrum Marine Corps cyberspace operations. This includes Department of Defense (DoD) Global Information Grid (GIG) operations, defensive cyber operations, and when directed, planning and executing offensive cyberspace operations. These operations support the Marine Air Ground Task Force (MAGTF), joint, and combined cyberspace requirements that enable freedom of action across all warfighting domains and deny the same to adversarial forces."

MARFORCYBER has two sub-units, Marine Corps Network Operations and Security Center (MCNOSC), which defends the Marine's own network, and Company L, Marine Cryptologic Support Battalion (MCSB), which plans and executes offensive cyberspace operations.
(www.marines.mil/Portals/59/Publications/U.S. Marine Corps Concepts and Programs 2013_1.pdf, PDF page 42)











Posted by at No comments:

Tuesday, 6 January 2015

Universities Targeted with "Library Account" phish

Many universities across the country have been targeted with phishing emails that warn their students that their "Library Account" is going to expire. As with so many cybercrime issues, these crimes could be addressed much differently if the Powers That Be were aware that these were not individual cases, but an on-going campaign across victims across the country!

Towards that end, I've collected full text examples of many of these phish, with links to the University web pages where there students have been warned. Hopefully we can start warning people of national on-going campaigns like this BEFORE they are victimized!

While I was reviewing University Phish for this project, I was especially impressed with the phishing details shared at University of Michigan (Go Blue!) and University of Pennsvylvania. Both are great examples of giving students enough details to understand the scope of the risk at hand.

January 2014 Library Account phish

January 9, 2014 - George Washington University
Subject: Library Account
Dear User,

Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once! To reactivate your account, simply visit the following page and login with your university account. After logging in, your account is reactivated and it will redirect you to your Library Account.

February Library Account phish

February 21, 2014 - Flinders University
Have you received an email asking you to “validate” your Library Account? This email is attempting to steal Flinders user credentials and is not legitimate.

Don’t follow the links in the email, just delete it. The library will never ask you to login to verify your details or activate your account.

May Library Account phish

May 23, 2014 - Lehigh University

June Library Account phish

June 26, 2014 - University of Minnesota
From: Library
Date: Thu, Jun 26, 2014 at 8:47 AM
Subject: Library Account
To:
Dear User,
Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once!

To reactivate your account, simply visit the following page and login wilth your library account.

Login Page:
xxxxxxxxxxxxxxxxxx
Sincerely,
University of Minnesota Libraries
499 Wilson Library
309 19th Avenue South
Minneapolis, Minnesota 55455
(612) 624-3321 (voice)
(612) 626-9353 (fax)

September Library Account phish

September 10, 2014 - University of Pennsylvania

From: Jonathan Heller < jheller@pobox.supenn.edu > 
Subject: Library Account Access 
Date: Wed, Sep 10, 2014 2:11 PM 

Dear User,
Your access to your library account is expiring soon and it won't be accessible for you. You must reactivate your account in order to continue to have access to this service. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library profile.

(LINK REMOVED)

If you are not able to login, please contact Library Services Manager at jheller@pobox.upenn.edu . 



Sincerely, 
Jonathan Heller 
Library Services Manager 
Access & Delivery Services 
Penn Libraries 
University of Pennsylvania 
(215) 898-8956 
jheller@pobox.upenn.edu
September 17, 2014 - University of North Carolina Health Sciences Library
Alert: Phishing Emails Impersonate UNC Library

Some members of the UNC community have received false emails that appear to be from the Library.

These emails state that “access to your library account is expiring soon and it won’t be accessible for you.” The email directs the recipient to a link that appears to be from the Library.

October Library Account Phish

October 8, 2014 - UC Denver's Auraria Library
October 9, 2014 - University of Colorado Health Sciences Library
The University has been recently subjected to a phishing attack. The subject line of these new phishing messages is “Library Account Access”. These emails are designed to appear as if they are coming from the library concerning a library account activation. The phishing emails also contain links to malicious web sites that ask for your University information (Name and student/employee ID).

October 10, 2014 - Miami University of Ohio 

    From: XXX XXX [mailto:xxxxxxxx@miamioh.edu]
    Sent: Friday, October 10, 2014 12:45 PM
    To: xxxxxxxx@miamioh.edu
    Subject: Library Account Access

    Dear User,

Your access to your library account is expiring soon and it won’t be accessible for you. You must reactivate your account in order to continue to have access to this service. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library profile.

(LINK)

If you are not able to login, please contact Library Services Manager at xxxxxxxx@miamioh.edu.



    Sincerely,
    
    Alison Withers
    Library Services Manager
    Access and Delivery Services
    University Library
    Miami University
    513-529-2938
October 30, 2014 - Virginia Commonwealth University 

To:
From: Access Services Manager 
Date: 10/30/2014 11:54AM
Subject: Library Account Access

Dear User,
Your access to your library account is expiring soon and it won’t be accessible for you. You must reactivate your account in order to continue to have access to this service. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library account.

(Link redacted, actual link goes to login.vcu.edu.cavc.tk)

If you are not able to login, please contact Library Services Manager at kbonis@vcu.edu.



Sincerely,

Kerry Bonis
Library Services Manager
Access & Delivery Services
Main Library
Virginia Commonwealth University
(804) 827-3968

November Library Account phish

November 13, 2014 - Illinois Institute of Technology
IIT faculty, staff and students may have received an email to “All Members of the University of Illinois” notifying you about a new library system that requires you to activate a new library account. Do not respond to this email. It is a phishing attempt to collect IIT campus-wide ID numbers (CWIDs).

Library users affiliated with Illinois Tech gain access to subscription databases when off-campus by entering their CWID. Releasing that information to a third-party may result in access to our databases being limited or cut off. You can always safely access the library website by using the IIT Portal links, or going directly to the library website. If you believe your CWID has been compromised, please contact the OTS support desk.

November 17, 2014 - Southern Methodist University 

Sample Phishing Email

Subject: Library Account Access
Sender: Jane Sippell 

Dear User,
Your access to your library account is expiring soon and it won’t be accessible for you. You must reactivate your account in order to continue to have access to this service. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library profile.

Note – this link appears in the email:

https://libcat.smu.edu/cgi_bin/ldapauth.cgi_loginType=E25JFHNfCD7…

The actual destination does not point to the SMU library catalog but to a web address at http://libcat.smu.edu.cvre.tk

http://libcat.smu.edu.cvre.tk/cgi_bin/ldapauth.cgi_loginType=E25JFHNfCD7v…

If you are not able to login, please contact Access Services Manager at jsippell@smu.edu.



Sincerely,

Jane Sippell
Access Services Manager
Access & Delivery Services
Central University Libraries
Southern Methodist University
(214) 919-5931
jsippell@smu.edu
November 17, 2014 - University of Arizona 

From: library (EMAIL ADDRESS REMOVED)
Subject: Library account
Date: November 17, 2014 at 8:46:39 AM MST
Reply-To: (EMAIL ADDRESS REMOVED)

Dear User,
Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once!

To reactivate your account, simply visit the following page and login with your library account.

Login Page:

(URL REMOVED)

Sincerely,

The University of Arizona Libraries
(ADDRESS, PHONE NUMBER AND URL REMOVED)

November 18, 2014 - Washington University in St. Louis
Dear User,

Your access to your library account is expiring soon and it won’t be accessible for you. You must reactivate your account in order to continue to have access to this service. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library profile.

(LINK)

If you are not able to login, please contact Access Services Manager at *********@wustl.edu.

Sincerely,

November 19, 2014 - Ball State University Library
University Libraries was alerted that some members of the Ball State community received an email message stating their library account was soon to expire. The email said to reactivate the account by clicking on a web address included in the message. This was a phishing scam and the campus Office of Information Security took steps block access to the phony site.

December Library Account Phish

December 1, 2014 - Harvard University
December 1, 2014 - McGill University (Canada) 

    From: Library  
    Subject: Library Account
    Sent: Monday, December 01, 2014 8:49 AM
    To: 

    Dear User,
    Your library account has expired, therefore you must reactivate 
    it immediately or it will be closed automatically. If you intend 
    to use this service in the future, you must take action at once!

    To reactivate your account, simply visit the following page 
    and login with your library account.

    Login Page:

    Sincerely,

    McGill Library
    McLennan Library Building
    3459 rue McTavish
    Montreal, Quebec
    H3A 0C9
December 1, 2014 - Cornell University
Subject: Library Account
Date: December 1, 2014

Dear User,

Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once! To reactivate your account, simply visit the following page and login with your library account.

Login Page:
(BAD LINK)

Sincerely,

Cornell University Library, Ithaca, NY 14853 | (607) 255-4144

December 3, 2014 - University of Tennessee Knoxville
Dear User,

Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once!

To reactivate your account, simply visit the following page and login with your library account.

Login Page:

http://www.lib.utk.edu/reactivation?service

Sincerely,



    University of Tennessee
    University Libraries
    Email: library@utk.edu
    Tel: (865) 974-4351
December 15, 2014 - California State University Long Beach
December 18, 19, 20, 2014 - University of Michigan - (Hail to the Victors! Go Blue! WELCOME COACH HARBAUGH! Watched you play in 1985 while I was a Wolverine myself!!!) (oops) (blush) 

Date: Thursday, December 18, 2014
Subject: Library Account Access

Dear User,

Your access to your library account is expiring soon and it won’t be accessible for you. You must reactivate your account in order to continue to have access to the library services. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library profile.

[LINK REMOVED]

If you are not able to login, please contact [LINK REMOVED] for immediate assistance.

Sincerely,



Access Services Manager
University of Michigan Library
(734) 936-2921
[LINK REMOVED]
Date: Friday, December 19, 2014
Subject: U-M library System Problem
Dear [Your Name],

You are receiving this message because your login and off-campus access may have been compromised.

Your access will be inactive in 3 days. Because of some security problems, we decided to make some changes (Upgrade) and this is due to the implementation of a new version of Central Authentication System(CAS) and Umich WebLogin.
This means while you are off-campus or on-campus you will have no access to library's internal web services.

You can activate it by going again simply login to University of Michigan Library Weblogin System with your U-M LoginID and reactive your access.
Offer that Logout your account and close your browser.

Please note: If you get an Authentication Error ,just try 2 times to login again. Because System will automatically block your IP and Account and you should contact Systems Help Desk to Unlock.


University of Michigan Library
818 Hatcher Graduate Library South
913 S. University Avenue
Ann Arbor, MI 48109-1190
(734) 764-0400
[LINK REMOVED]
Date: Friday, December 19, 2014
Subject: ADMIN

Dear Web-mail Account User,

Your e-mail Account have Exceed the 20 GB e-mail Storage Set-Up by your Service Provider/Admin. You have to contact your Service Provider on Help Desk Support Portal below in less than 48 hours to avoid Suspension of your Web-mail Account if you dont Verify your e-mail account. To keep your Account Safe, Kindly Click the Help Desk Support Blue Portal below:

umich.edu-helpdesk [LINK REMOVED]


SERVICE DESK - IT HELP DESK
©COPYRIGHT 2014 WEB-TEAM. ALL RIGHT RESERVED.
December 23, 2014 - Wake Forest University
Dear User,

Your access to your library account is expiring soon and it won’t be accessible for you. You must reactivate your account in order to continue to have access to the library services. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library profile.

(LINK)

If you are not able to login, please contact James Hart at hartja@wfu.edu for immediate assistance.


Sincerely,

James Hart
Access Services
ZSR Library
Wake Forest University
336-758-4967
hartja@wfu.edu
December 23, 2014 - UAB Library
Posted by at No comments:
Labels: , ,

Wednesday, 12 November 2014

Phishing Success Rates and Google Phish

Last week a group of Google employees led by Elie Bursztein joined UCSD researchers Andreas Pitsillidis and Stefan Savage in presenting the findings of a study on phishing to the ACM Internet Measurement Conference in Vancouver, British Columbia. Their paper, Handcrafted Fraud and Extortion: Manual Account Hijacking in the Wild (12 page PDF) was picked up broadly in the press, and as usual, wildly misinterpreted.

At least 110 articles referring to the study were found in a simple Google News search with headlines ranging from the somewhat accurate:

  • Manual Phishing Gmail Attacks Found To Be Very Effective - Top Tech News, Nov 9, 2014
  • Google Study Finds Email Scams Are More Effective Than You'd Expect - Huffington Post, Nov 7, 2014
  • Old-time phishing scams are working just fine, Google finds - Naked Security, Nov 11, 2014
to the extreme bending of the facts for headline value such as these:
  • Phishing attacks on email accounts are successful 45 percent of the time - Firstpost, Nov 10, 2014
  • Phishing scams work 45% of the times: Google study - Times of India, Nov 10, 2014
  • Have You Been Scammed? Phishing Emails Successful 45% of the Time - Crave Online, Nov 11, 2014
  • A scary number of you are still falling for phishing scams, says Google - Nov 10, 2014

What did Google and UCSD Actual Say about Phishing?

First, the 45% quote. For the 100 Google/Gmail phishing sites that the researchers studied, they found that depending on the structure of the page, as few as 3% of the visitors filled out the phishing form and submitted their data. Overall 13% of the visitors to the webforms shared their personal data with the phishers, while in the most extreme example, 45% of the visitors to the phishing web page completed the form and submitted their personal data.

There were several interesting findings in the study. A few that I found interesting included:

  • 35% of phishing sites target victims' email
  • 21% of phishing sites target banking credentials
  • A growing number of phishing sites are targeting App Stores and Social networking credentials
  • Account takeovers are primarily Fast and Foreign:
    • 20% of compromised Google accounts were logged into within 30 minutes
    • The top countries of origin for hijackers were China, Ivory Coast, Malaysia, Nigeria, and South Africa
  • The easiest way to have your account restored is to have registered an SMS telephone number for out of band contact.

Manual Hijacking

The focus of this study was the process of Manually Hijacking accounts belonging to Google users. Because of that focus, it is not clear how broadly the observed behaviors can or should be projected onto other types of phishing. At Malcovery Security we observe 600 to 800 newly created phishing sites per day. This study focused primarily on Gmail/Google phish from January 2014, and for part of the study focused specifically on 100 Gmail phishing websites.

Google provided some statistics on how widely the problem of manual hijacking has been seen in the past. Over calendar 2012-2013, Google's security teams found that approximately 9 manual hijacking cases per day per million active users occurred. With over 500 million subscribers, Google is dealing with thousands of such account hijacks per day.

With Google participating in the research, researchers were able to determine that when an account is taken over, the criminals login to the account and search the email history and address books to determine how best to monetize the account. It seems that every week someone will make the comment in my presence "Yes, I have malware on my computer, but the worst that might happen is they get my email password!" But think about what is possible with that? How would you reset your password at your Bank? Amazon.com? eBay? On most of those sites, clicking "I Forgot My Password" results in an email being sent with a "Reset My Password" link! If the criminal finds an email from your bank in your email history, they now know exactly which bank to visit to click the "I Forgot My Password!" The email account is the key to the entire balance of your account!

The researchers also found that the scam we first wrote about in 2009 in the post Traveler Scams: Email Phishers Newest Scam is still quite prevalent. In this scam, because the criminal has access to your recent sent emails and address book, they are able to contact your friends and family with news of a tragedy while traveling where they desperately need money wired overseas to help them through the crisis. I've met many individuals who have wired money to their friends before realizing it was a scam! They often have stories of how they KNEW the email was truly from their friend, because when they asked questions, their friend replied with details only the friend would know. Often these details made use of prior "private" conversations in the phishing victim's email sent items box!

Popular Email Phish from Malcovery's ThreatHQ System

In the past seven days, Malcovery Security confirmed 416 distinct phishing URLs related to Google and their properties. These URLs were hosted on 207 distinct domain names on 174 different IP addresses. By country, the United States is the most prominent host of phishing sites, not just for Google, but for nearly every brand that does business in the USA. Of those 174 IP addresses, 90 are in the United States.

Google phish locations: November 5-12, 2014

90United States of America
8Great Britain
7Turkey
6Australia
5Canada
5Chile
5Germany
4Indonesia
4India
4Italy
4Netherlands
4Romania
4Russia
4Singapore
4Spain
3France
3Thailand
2Brazil
2Hong Kong
2South Africa
1Japan
1Korea
1Mauritius
1Ukraine
This popular phish appeared on the domains bloo8.net, iyfcolombia.org, beingmedicalep.com, lifeofease.us, microcenterengineering.com, manosartesanasdelaregion.com, ouzophilippos.com, acount-verification.com and many ohters.

Although this phishing site is PRIMARILY imitating DropBox, it still steals Gmail and other email credentials:
The domain hosting this phish was "t-online.de".
This version brings in many cable-provider logos for email address choices, rather than relying on "Other Email" as some of the others do:
This version brings the logos of many Chinese language email providers into the mix:
One of the earlier forms of the phish:
These just a few examples of the "look and feel" of some of the 400+ Google-related phishing URLs we've seen in the past seven days at Malcovery security. Most of them were seen many times each!
Posted by at No comments:
Labels: , , ,

US Federal Grant Scam: Greendot MoneyPak Edition

Last week we shared a blog post about phone scams claiming to have a Warrant For Your Arrest. After sharing some information about that scam, we've been receiving student-generated tips from several of our students about similar phone scams.

US Federal Grant Scam

Today's scam comes to us courtesy of UAB Criminal Justice student Kyle Jones. Kyle works on the Malware Research Team at the UAB Center for Information Assurance and Joint Forensics Research.

The scam begins with a phone call, in our case coming from callerid 305.356.9999, claiming that we have been selected to receive a Grant from the Federal Government because of our participation in a survey. Of all the people who have taken this IRS Survey, 1700 people have been selected to receive this grant. The caller then instructs us that we should go to a Western Union location near us and we should call them back once we are at the Western Union for instructions on how to receive our $9,500 grant.

The callback number was (516) 554-0006, which seems to be a New York number in Garden City.

So, we waited a bit and called the criminals back from the Western Union store in my office. (grin).

When we called the 516 number, the line was answered "US Federal Grants" and we were asked for the code that we had been given during the first call. I tried providing a slightly wrong code, and learned that they actually are tracking the codes, because she was unable to look up our information. We provided the correct code and learned that it was "very important that we don't go into the Western Union Store yet!" She then asked me if we were near a grocery store, such as a Seven-11? I told her I had a Publix store nearby but she said that wouldn't work. After some back and forth, we learned that a CVS Pharmacy would work for her needs. She instructed me that I needed me to go to the CVS and buy a GreenDot MoneyPak card for $200.

"You need to put $200 on the card to activate the Money Transfer Control Number, but you will get the $200 back, it will be reimbursed with your grant.

Now, simply let me tell you, you are not going to pay the money to me or to my department. This is your money and it is going to be reimbursed back to you. Before we can transfer the money you have to make a registration with the Federal Reserve Bank and once you make the registration then with the help of the Federal Reserve Bank registration number, I will generate the Money Transfer Control Number so that you can receive your money from the Western Union Store."

Here's the audio clip of that part . . .

(audio)How it works - the woman at US Federal Grants, who sometimes claimed this grant was from the IRS, tells us we need to pay a $200 registration fee.

She then "transferred us" to the Federal Reserve Bank as you can hear with this link.

(audio)Transferred to the Federal Reserve Bank - Kevin Jones, manager of the Federal Reserve Bank took my call and helped me.

Kevin was good enough to explain the whole process of how to purchase a GreenDot MoneyPak card for $200 so that I could "within 5 minutes" pick up my $10,000 - (the $9800 grant + $200 reimbursement for my registration) - from the Western Union Counter. Here's the audio of him explaining it to us:

(audio)The GreenDot MoneyPak Process - as explained by the Federal Reserve Bank's Kevin Jones

What To Do if you are a US Federal Grant Scam victim

  • The Best Place to report any type of online scam is the FBI's Internet Crime & Complaint Center. To go directly to their complaint page, use this link:

    https://complaint.ic3.gov.

    Although the form has many questions that you may not be able to answer, complete the form to the best of your ability with the information you DO know. Specifically make sure to note things such as:

    • What name did the person use?
    • Did they call you by name?
    • What agency, department, or company did they claim to be with?
    • How much money did they want you to pay?
    • What number(s) shows up in your callerid?
    • Did they give you any other numbers to call or websites to visit?
    Even if you do not have ALL of this information, any information you share can help link cases together. If someone calling Houston and someone calling Birmingham both told you to call the same phone number, that is a "link". If they used the same Officer Name, that is another "link". The more individual cases we can link together, the better chance we have of catching the criminals!

  • IF YOUR SCAM MENTIONS THE IRS, be sure to report the crime to the investigators at the Department of Treasury who have set up a special website for gathering information about this scam:

    http://www.treasury.gov/tigta/contact_report_scam.shtml

  • IF YOU HAVE LOST MONEY in your case, be sure to ALSO report this as a crime to your local Police Department!
Thank you for reading! Please share this link with your friends, family, and co-workers for their awareness! If you have a story you would like to share, please use the Comment form below!

Posted by at No comments:

Monday, 10 November 2014

University "Accept your new raise" Phish

One of the best emails that an employee can get from their employer is the one that tells you that you have been awarded a raise! In certain industries, such as academia, this type of email is quite rare, so you can imagine what welcome news it would be!

University Salary Phish Example

Phishers have been attacking universities across the country with emails that look like this one (Example email from University of Chicago):

++++++++++++++++++++++

From: employeebenefits@uchicago.edu
Subject: Your Salary Raise Confirmation

Hello,

The University is having a salary increase program this year with an average of 2.5%.
The Human Resources department evaluated you for a raise on your next paycheck.
Click below to confirm and access your salary revision documents:

Click Here hxxp://kirovtourism.ru/www.uchicago.edu/Sign-In.htm to access the documents

Sincerely,
Human Resources
The University of Chicago

++++++++++++++++++++++

Recent reports about Your Salary Raise Confirmation

A google search for that email subject "Your Salary Raise Confirmation" helps to reveal just how many Universities are targeted in this attack.

DHS / REN-ISAC / Multi-State ISAC Advisory

On August 18, 2014, the Department of Homeland Security released an advisory titled "University Payroll Theft Scheme" that cautioned Universities to be wary of this scheme.

Some of the email subjects that were mentioned in that advisory include:

  • Your Salary Review Documents
  • Important Salary Notification
  • Your Salary Raise Confirmation
  • connection from unexpected IP
  • RE: Mailbox has exceeded its storage limit.
According to the DHS advisory, this scam has been seen repeatedly at a number of universities dating back to at least August of 2013!

If you receive a copy of a phish such as this, please send an alert to: soc@ren-isac.net

Posted by at No comments:

Friday, 7 November 2014

Warrant for Your Arrest phone scams

Yesterday the scammers tried to hit the wrong victim! Neera Desai works for us at Malcovery Security as a Threat Intelligence Analyst on the malware team. She had received a voicemail on her phone while she was in one of her UAB Computer Science classes and knew that this could be a clue towards something big. She played it for me, and we provided a copy to law enforcement.

The recording is available here as a m4a file (QuickTime will play it):

SheriffScam.m4a

Here's a transcript:

This message is for (student name). Hi this is officer Steven Jones and I'm calling you from Jefferson County. The reason of my call is to inform you that we have received a legal complaint against you on ??? identity. So if you want to be on the safer side and not get arrested contact on 646 759 4934 I repeat (646) 759-4934. If you disregard this message you alone are responsible for the legal actions that are taken against you. Thank you and have a great day!

Later the same day HER ROOMMATE had the same scam against her, only she happened to be at a place where she could answer the phone! Her call was from "Officer Austin Reed" instead of "Officer Steven Jones".

When we started digging into this scam we realized that this is an EXTREMELY POPULAR scam! We shared the information with the North Alabama Identity Theft Task Force, the Internet Crime & Complaint Center (IC3.gov) and the National Cyber Forensics Training Alliance (NCFTA) and have learned quite a bit more about the scope and range of this attack.

The Scam Structure

There are three parts to the "signature" of this attack:

  1. The victim receives a telephone call with a spoofed callerid to make it appear to be from either the IRS (they often spoof the "1040 hotline"), a law enforcement agency geographically proximal to the potential victim's location, or 911, the emergency contact number used in the United States.
  2. The victim will be told that they have committed a crime, which may include running a red light and being caught by a traffic camera, failing to appear for Jury Duty, failing to pay your taxes or failing to pay them on time, or, if an international person, having a problem with immigration paperwork.
  3. The victim will be instructed to send a payment immediately, with amounts ranging from $500 to $2,500, and threatened with immediate arrest if they fail to comply.

Recent Alabama Phone Scams

There does seem to be "locality waves" to this attack, where certain geographies will be heavily targeted, and then the attack will move on to another locality. As an example, in my area, dialing code (205), central Alabama, we have had several organizations do warnings about this type of attack, including: Other parts of the country have also experienced this scam, including:

What to Do?

There are TENS OF THOUSANDS of scam victims of this type all over the country. But without your clues, law enforcement doesn't know if this is one large organized crime group, ten groups, twenty groups, or a thousand individual con men acting alone. It is EXTREMELY IMPORTANT that you add your clues to the investigation.

  • The Best Place to report any type of online scam is the FBI's Internet Crime & Complaint Center. To go directly to their complaint page, use this link:

    https://complaint.ic3.gov.

    Although the form has many questions that you may not be able to answer, complete the form to the best of your ability with the information you DO know. Specifically make sure to note things such as:

    • What name did the person use?
    • Did they call you by name?
    • What agency, department, or company did they claim to be with?
    • What did they accuse you of?
    • How much money did they want you to pay?
    • What number shows up in your callerid?
    • Did they give you any other numbers to call or websites to visit?

    Even if you do not have ALL of this information, any information you share can help link cases together. If someone calling Houston and someone calling Birmingham both told you to call the same phone number, that is a "link". If they used the same Officer Name, that is another "link". The more individual cases we can link together, the better chance we have of catching the criminals!

  • IF YOU HAVE THE IRS VERSION of the case, be sure to report the crime to the investigators at the Department of Treasury who have set up a special website for gathering information about this scam:

    http://www.treasury.gov/tigta/contact_report_scam.shtml

  • IF YOU HAVE LOST MONEY in your case, be sure to ALSO report this as a crime to your local Police Department!

Be sure to share a comment below to tell the other readers here about your experience as well!
Posted by at No comments:

Wednesday, 1 October 2014

Terror in Oklahoma: Prison Islam + Internet Radicalization

When an Islamic jihadist decapitates a man in Syria, the world cries for air strikes and declares it to be terrorism.

When an Islamic jihadist decapitates a woman in Oklahoma, the media was falling all over itself with headlines such as these:

MSNBC No evidence Oklahoma beheading linked to terrorism, police say

The Hill Authorities: No terrorist link to Oklahoma beheading suspect

KFOR FBI: Oklahoma beheading not linked to terrorism

The problem with those statements, of course, is that they weren't true. They were statement made in the heat of the moment by officials hoping to prevent panic.

Alton A Nolen was convicted in January of 2011 and sentenced to prison for Possession of Marijuana, Assault and Battery on a Police Officer, Escape from Detention, Possession with intent to Distribute Cocaine. He served his time from March 10, 2011 until March 22, 2013 although the Cocaine sentence by itself was a six year sentence.

Alton A Nolen prison record

Alton AKA Jah'Keem Yisrael

Alton's Facebook page, www.facebook.com/alton.threadgill/, has been removed, but on that page he called himself "Jah'Keem Yisrael" and shared an interesting evolution from Christian-raised man tempted by drugs, to a radical white oppression version of Islam often found in prisons, to a mosque-educated and Internet-radicalized jihadi terrorist.

His Facebook page indicates that he graduated from Idabel High School in 2003 and Langston University in 2007 (Business Management Degree). In his posts from 2010, you can see his early Christian influences showing through in some of his posts, such as:

  • Sep 5, 2010: "GETN READY ANOTHA WEEK DAT DA LRD HAS BLESSED ME WIT"
  • Sep 9, 2010: "THNK U LD....STARTN DIZ NEW JOB TOMORROW GOT ME FEELING LIKE TONY THE TIGER.... ITZ GREAT!!!!LOL"
The picture of himself in workboots, with work gloves beneath a sign reading "Esta es su Cafeteria", reveals one of the tattoos his prison record makes note of "RIP Lil Kris":

Prison Islam

As soon as he gets out of his short prison stay, he stops thanking the Lord for his blessings and starts talking about Allah.

  • Apr 28, 2013 "Jst A Headz Up This World Is Sitting On Thin Ice...Jst Knw Dat Everything Allah(SAW) Has Created He Can Put To An End Within A Trillion Of A Second...The U Go"
  • by June 6, 2013, he is quoting the Koran on Facebook:
    Sura 3; Iya 85 If anyone desires a religion other than Islam (submission to Allah), never will it be accepted of him; and in the Hereafter he will be in the ranks of those who have lost. (including ur prayers) As-Salaamu Alaikium
  • by October 31, 2013, he is openly proseletyzing on Facebook:
    "Wondering y u so Christians worship Jesus and are told to end your prayers in his name, When your prayer is Our father which are in Heaven, hallowed be thy name thy kingdom come Luke 1 1:2 & 1st matt 6 9-10...Why worship Jesus when he's not the creator or forgiver..All Praise To Allah The One And Only!!!!! In the Bible if u study it like u spost to it clearly says in the book of matthew 7:21 'None of those who call me Lord' enter the kingdom of God, but only those who does the will of God. Therefore Jesus is Not Lord...."
  • and by November 11, 2013 shows the first Jihadi-leaning statement:
    "Why everybody is celebrating veterans day. Worrying about they freedom. What freedom? Don't yall knw them are muslims? Religious people. They pray 5 6 times a day. They not getting high and drunk killin over colors, and when they do kill its for God. Dnt yall knw that same place yall like to go bomb is where Moses and Jesus journeyed to....What freedom? Once again What freedom???Wake Up!!!"
  • November 2013 also has him talking about "The Black Man and Woman" are the "True Israelites and the Chosen People of God": "Not Racist...But To The Black Man And Woman aka The Tribe Of Judah...2:29 elderly white woman telling the fake jews in Israel get the hell out of it...3:30 white man telling u that u are the true jews...5:08 elderly woman saying dnt bow to the white man. Islam is the true religion. Wake Up!!!!" (Link to this YouTube video: https://www.youtube.com/watch?v=ja93FjyCSfo)

  • December 8, 2013 shows more "Nation of Islam" style Muslim beliefs, claiming that Jesus predicted the coming of Mohammed:
    00:13 THIS RABBI WHOS JEWISH BUT NOT AN TRUE JEW IS TELLING U THAT PROPHET MUHAMMAD IS THE LAST PROPHET, BUT IN ISRAEL THEYRE NOT REALLY SURE OF THIS...MY THANG WITH THEM KNOWING THAT JESUS SPOKE ABOUT A PROPHET WHO WAS TO COME AFTER HIM IN THE BOOK OF JOHN 14:15-16, JOHN16:7-8,AND IN JOHN16:12-13. WHY IS AMERIKA AND A BUNCH OF NONBELIEVERS ALWAYS PUTTING A BUNCH OF VIDEOS ON YOUTUBE STATING THINGS LIKE THIS WORLD IS BOUT TO END LIKE THE 2K THANG OR WHY DO ALL THE CHRISTIAN PREACHERS, CHURCHES AND PEOPLE SAY THINGS LIKE WE ARE IN THE LAST DAYS lol..IF U WERE READING YOUR BIBLES LIKE YOUR SPOST TO HES NOT COMING UNTIL THE COMFORTER AFTER HIM SHOW UP WHICH IS FOUD IN THE VERSES UP ABOVE IN THE THE BIBLE WHO WAS AND IS PROPHET MUHAMMAD. CHEK IT OUT PEOPLE JESUS IS NOT GNE RETURN UNTIL GOD (ALLAH) WORD IS FULFILLED. WAKE UP!!!!!
  • December 29, 2013: When Jesus Was Here Rite, He Brung The Gospel Rite, Which Means What? Gospel- Good News. Ok So This Good News Right, Come From Who? God (Allah). Who Is The One And Only Lord Of The Universe. With This Being Said Rite, Why Are You Worshipping Jesus Who In The Quran Was A Messenger. And If Jesus Is Christ Rite, Christ Means Messiah, Why Would The Father Jesus As You Say Be Coming Back To Earth LOl. Say If He Were To Get Killed When He Came Down Here What Is Everyone Gonna Do If Their So Call Lord Is Dead LOl.. God Allah Is Lord And Savior Who Youll Be Standing In Front Of On Judgement Day. Now Who Can Promise Me Jesus Is God, Savior And Holy Spirit And Show Me? Once Again Show Me. You Cant. Islam Is The True Religion!!!! Jesus Was An Messenger. By The Quran This I Promise U.

****InfoFromAMuslim****

Beginning January 12, 2014, almost all of the posts on the Facebook page are signed ****InfoFromAMuslim****

  • February 8, 2014 shows him desiring to do the Haj:
    As-Salaamu Alakium my brothers and sisters in Islam. Can anybody tell me what's the steps to proceed in participating in hajj?
  • March 3 shows Jah'Keem posting a photo of himself feeding the homeless labeled "GOOD DEEDS TO 3 PEOPLE"
  • March 7, 2014, Jah'keem updated his cover photo on Facebook to show the attached photo, labeling the photo "With killers and booom." This was still his cover photo up until the day his page was taken offline.

  • March 30, 2014: -
    Rev 21:2 & Rev 21:18 Jerusalem will no longer look like this once Jesus (Esaa in Arbaic Salayi wa alayi salaam Ameen) returns to kill the Dajaal aka Anti-Christ. What's going to happened is once war is over whom the Muslims are going to start- Jesus will come down with 10,000 Angels and kill the Anti-Christ and his army, once it's all over a new Jerusalem will descend down from Heaven once this war is over in Israel. The New Jerusalem will be pure gold. All whom are saved will experience this except people who don't fear God, liars and whoremongers etc....
    ****InfoFromAMuslim****

  • April 15, 2014:
    WHAT HAPPENED TO THE BLACK WOMAN EVERYBODY? AMERIKA AKA BABYLON HAS TURN THEM INTO HOES AND MAKES ITS DRUG DEALERS RAP STARS FOR ITS CHILDREN HERE TO LOOK UP TO-JST TO LOK THEM UP. WAKE UP!!!!! THAT MEANS BE WHO YOUR SUPPOST TO BE NOT WHAT YOU SEE ON THE TV ****InfoFromAMuslim****

  • By April 18, 2014 Jah'Keem has a long beard in his photos

Shariah Law

Beginning in May 2014, Jah'Keem starts preparing to participate in his first full Ramadan, and his pronouncements of judgement grow more pronounced. This includes a fascination for punishing unbelievers under Shariah law (see May 19) and encouraging Muslims to refuse to pay taxes, as we see May 25, 2014.

  • May 2, 2014:
    Preparing for June. 28th, 2014 which is the start of Ramadan for Muslims all around the World. Completing this all your previous sins from the previous year will be forgiven Alhamdulillah, SubhanAllah, Alahu Aikbar- Alahu Aikbar for Islam!!!!!!!!!
    ****InfoFromAMuslim****

  • May 15, 2014:
    (Sura 9 Ayah 113) In Islam we as Muslims are not permitted to pray for Non-Muslim family members. Quote "It is not fitting, for the Prophet and those who believe, that they should pray for forgiveness for Pagans, even though they be of kin, after it is clear to them that they are companions of the Fire"!!!!!!!
    ****InfoFromAMuslim****

  • May 19, 2014 - Two posts on Shariah law are made this day. According to multiple accounts in the news, the argument that led to his employment termination at work in September began with him describing the appropriate punishment of offending "white women" under Shariah law. Perhaps this is an allusion to the stoning video linked to from this Facebook page. Others describe that as he beheaded his co-worker, he "chanted from the Koran", which is exactly what happens in the first of this videos, which illustrates the manner in which a muslim would decapitate a non-muslim.

    The beheading video is labeled on Facebook with reference to a verse from the Koran which calls for those who turn away from Islam to be killed:

    The beheading video where Jah'Keem almost certainly learns the proper way to behead a co-worker has been viewed more than 240,000 times. After the video was reported using YouTube's guidelines, marking it as "Violence" with a subcategory "Promotes Terrorism", YouTube marked the video as "for mature audiences".

    The comment I left on the video is this:

    GarWarner: #YouTubeTerroristTraining This is the video that the radical muslim murderer who decapitated his co-worker in Oklahoma City posted on his Facebook page on May 19, 2014. Thank you, YouTube, for training terrorists. When people report this to you as "Violence" that "Promotes Terrorism" we aren't asking you to evaluate whether it needs to be marked as "mature audience" material. We are asking you to take these terrorist training videos off the Internet. 

  • May 24, 2014: less than a week after posting the beheading video and the stoning video, Jah'Keem declares Jihad, quoting Jesus to do so:
    Matthew 10:34 Jesus (pbuh Ameen) quotes "Do not think that I came to bring peace on the earth; I did not come to bring peace, but a sword. 35"For I came to SET A MAN AGAINST HIS FATHER, AND A DAUGHTER AGAINST HER MOTHER, AND A DAUGHTER-IN-LAW AGAINST HER MOTHER-IN-LAW;… JIHAD JIHAD JIHAD!
    ****InfoFromAMuslim**** (posted with a photo of a sword)

  • May 25, 2014:
    For u Muslims under Islam Its a Major sin in Islam to pay taxes. If u tryna reach Janna you literally can go to your job Human Resource office and file exempt on your 1040s -You have to note that your Muslim!!!
    ****InfoFromAMuslim****

    (when challenged, he posted this reply, also on May 25, 2014:

    Jah'Keem Yisrael: There is no Law stating that you can be punished or harassed for not paying taxes. This is the 16th amendment its your choice. In Islam its Haram to pay taxes and if your trying to avoid this Major sin in Islam you would have to go to your Human Resource office at your job and file exempt on your 1040 and note it with your Muslim!
    ****InfoFromAMuslim****

  • On May 30, Jah'Keem posts a photo of a white kid and says he has converted him to Islam:

    One whom was Guided to Islam 2day I offered him Dawah and he took his shahada!
    ****InfoFromAMuslim****

  • May 31, 2014 - a post predicting the destruction of white people:

    THIS A PROPHECY IN THE BIBLE PEOPLE TO BE FULFILLED LUKE 21:24......"They will fall by the sword and will be taken as prisoners to all the nations. Jerusalem will be trampled on by the Gentiles until the times of the Gentiles are fulfilled." So when u see the term Gentile in the Bible its relating to the white man and woman! They are descendants of Esau and the Edomites! SHARIA LAW IS COMING!!!!
    ****InfoFromAMuslim****

  • May 31, 2014 - Accompanying a photo of the Statue of Liberty

    When other countries look at this woman who sits upon the water they know she is the land of the free. Land of the free means Free from God Allah (swt) Laws of the Bible. Things like she tells u can eat pork when your not suppost to- she sells it in all of her stores Deuteronomy 14:8, Women not keeping their hair covered-forming jealousy 1st Corithians 11:6, same sex marriage when they should be killed Leviticus 20:13. And this is why you Non-Believers raise your kids to join the US Army to fight Allah swt people for the Devil.

    SHARIA LAW IS COMING!!!!!!

    ****InfoFromAMuslim****

Ramadan 2014

As Ramadan arrives, Jah'Keem shares posts of his gatherings with other Muslims, and his posts continue to be confrontational:
  • June 15, 2014 - first "weapon" photo - clearly from an online video.

    I JST WANT TO SAY AS AN MUSLIM WE DNT CELEBRATE AMERIKAS HOLIDAYS. A GOOD FATHER IS SOMEONE WHOS RAISING HIS CHILD UP TO BE SUCCESFUL NOT SOMEONE WHOS SMOKING AND DRINKING IN FRONT OF THEY CHILD LEADING THEM TO THE GRAVE OR THE PENITENTARY! SO WHY U MOTHERS WALKING AROUND YOUR HOUSE SMOKING BLUNTS IN FRONT OF YOUR KIDS THINKING INSIDE OF YOUR HEAD WHILE DOING IT "HOW U THANK U GNE BE " IS NOT GOOD PARENTS AND HELL BOUND TO BE IN FOREVER!!!!!!!!!
    ****InfoFromAMuslim****

  • June 17, 2014 - Jah'Keem explains that Jesus was never crucified:

    IN ISLAM WE TEACH THAT JESUS WAS NEVER PUT ON THE CROSS THAT HE WAS NEVER CRUCIFIED. IN THE BOOK DEAD SEA SCROLLS THAT WAS TOOKEN OUT THE BIBLE U WILL FIND OUT THAT HE WASNT .....If we read the Gospel of Barnabas, we will find that when Judas came with the Roman troops in order to betray Jesus (pbuh), God raised Jesus (pbuh) unto Him and saved him. He then made Judas look and even speak like Jesus (pbuh) so that the Romans dragged him (Judas) away with them kicking and screaming that he was not Jesus (pbuh) but Judas. Even the Apostles were totally bewildered.

    After the Romans had their fill afflicting Judas with all manner of abuse and torture, he was finally taken to trial. By now he had totally given up hope of ever being believed. So now when he was asked, "art thou Jesus?" He replied "Thou sayest". In other words, "you will not believe me if I say otherwise, so why fight it any more". His enemies (the Romans) then took him, mocked him, kicked him, cut him, spat on him, humiliated him, and tortured him. Finally, they put him up on the cross. It appears, however, that shortly after they took him down, he disappeared from his tomb (maybe to live in disease and torment and die later on if he was not already dead).

    The Gospel of Baranabas then goes on to describe how Jesus (pbuh) returned to the apostles to tell them of how God had saved him from the hands of the Jews and the Romans and how the traitor (Judas) was taken instead.

    ****InfoFromAMuslim****

  • July 4, 2014 - feeding the homeless and taking photos again:

    Saw this man and as an Muslim i had to get this Good Deed! 4 burritos and an energx drink lol. Alahu Aikbar! ****InfoFromAMuslim****

  • July 15, 2014 - posts that Muslim women in Oklahoma dress inappropriately (posts photo of woman with cleavage showing):

    Hopefully only here in Oklahoma Masjids u see all the supposely Muslimahs without their hijaabs and downblouse shirts!!!

    ****InfoFromAMuslim****

  • July 19th posts photos of himself celebrating the evening breaking of the fast at the mosque:

    At the Masjid (Mosque) Choppin It Up With My Brother Abdullah (From Bangladesh) Gettin Ready To Break Our Fast!!!!

    ****InfoFromAMuslim****

  • July 21 - more Nation of Islam-style propaganda, claiming that native Central Americans spoke Hebrew prior to being enslaved by the Spanish:

    I WANTED TO UPLOAD THIS VIDEO TO SCHOOL EVERYBODY ON HOW THE MEXICANS, PUERTO RICANS AND DOMINICANS ARE SPEAKING THE SAME LANGUAGE BUT ARE DIFFERENT SKIN COLORS. WELL AFTER THE ISRAELITES FLED ISRAEL (THE WHITE SPANIARDS CAUGHT AND ENSLAVED THEM AND RAPED THEM FROM THEIR ORIGINAL LANGUAGE WHICH WAS HEBREW AND FORCED THEM TO SPEAK SPANISH!!!!

    ****InfoFromAMuslim****

  • July 24 - post in support of Gaza (showing photo of ruined building and man with his Koran)

    I SUPPORT ALL THE TRUE AND FAITHFUL FOLLOWERS OF THE LATE PROPHET MUHAMMAD (SALAYI WA ALYI SALAAM AMEEN) IN GAZA! MAY ALLAH (SWT) REWARD THE TRUE AND FAITHFUL FOLLOWERS AMEEN!!

    ****InfoFromAMuslim****

  • Also July 24 -

    AMERICA SO CALL HELPS IRAQ (WHICH NOT)- WELL WHY CANT U HELP THE GAZA CITIZENS AGAINST ISRAEL LOL..I UPLOAD THIS PIK BECAUSE AMERICA AND ISRAEL ARE WICKED. WAKE UP MUSLIMS!!!

    ****InfoFromAMuslim****
    (a Photo of a very evil-looking "The Joker" from Batman, with his face exploding)

  • August 3, 2014 - attending a Muslim day at Fronteir City amusement park near Oklahoma City several photos posted including himself with "Brother Abdul Raman"

  • August 6, 2014 - several more photos:
    A NIGHT AT THE ISLAMIC MOSQUE IN OKLAHOMA CITY, OKLAHOMA WITH TWO OF MY BROTHERS FROM MOROCCO! (SURA 17 AL ISRA) PHOTO PBUH AMEEN!

    ****InfoFromAMuslim****

  • August 31, 2014 - Jah'Keem asking questions about why single men get Virgins in the afterlife:

    Allah swt says in the Quran- On the Day of Judgment the righteouss will be joined with their wives, wives joined with their husbands, families reuniting with each other-For the Males who died with no wife He (Allah) swt will give the individuals an virgin woman same age as the individual males whom died not married but made it to Heaven. They will marry each other and whatever it is that their or wanting in Heaven they can have. DNT MATTER WHAT IT IS THEY CAN HAVE IT!!!! MY THING WHY WILL HE NOT JST GIVE THE INDIVIDUALS A WOMAN WHATS SO GUD ABOUT A VIRGIN? IDK.

    ****InfoFromAMuslim****

    (He is answered by "Khalid Ibn Abdul Wahid")
    Khalid Ibn Abdul Wahid: A virgin is pure. Now imagine a woman Allah created JUST FOR YOU. She's gonna be pure just with that alone. So her being a virgin plus Allah creating her just for you I is the highest level of bring pure

  • September 5, 2014: (more photos)
    At The Masjid (Mosque)Today For Jumar 9/5/2014 & Peforming Wudu!!!

    ****InfoFromAMuslim****

  • From September 15, 17, several "judgement day" posts, quoting the Bible and Koran.

  • September 23, 2014 - Jah'Keem Yisrael's last Facebook Post at 9:50 PM, where he posts about the sin of masturbation:

    SHALOM ALHAKEIUM (O YE MUSLIMS) ALLAH (sWT) SAYS IN THE LAST DAYS "PEOPLE WILL BE LOVERS OF THEMSELVES, PROUD AND UNHOLY". SO TO ALL OF U THAT'S MASTURBATING WHICH I THINK IS 80% OF THE WORLD AND FOR WHATEVER THE DESIRE IT IS IN YOUR HEART THAT U DOING IT FOR-U CAN GET! (WARNING) THIS IS THE LAST DAYS....2ND TIMOTHY 3:2 ****InfoFromAMuslim****

So, that is a more complete story of Alton A. Nolen, AKA Jah'Keem Yisrael.

  • If the "workplace dispute" that led to his firing really was Jah'Keem explaining that women who commit sexual sin should be placed in a pit and stoned, as the video he displayed on May 19th demonstrates,
  • and if his response to learning he was fired was to decapitate a coworker while praising Allah
  • and if he has declared that white people are cursed of God
  • and if he claims Shariah Law is coming to America and the Statue of Liberty should be destroyed
. . . then how is this not terrorism?
Posted by at No comments:
Subscribe to: Posts (Atom)