New York, drug distributors reach $1.18 billion opioid settlement as national deal looms

By Brendan Pierson and Nate Raymond

NEW YORK (Reuters) -The three largest U.S. drug distributors agreed mid-trial to pay up to $1.18 billion to settle claims by New York state and two of its biggest counties over their role in the nationwide opioid epidemic, the state’s attorney general said on Tuesday.

McKesson Corp, Cardinal Health Inc and AmerisourceBergen Corp settled as state attorneys general prepare to announce as soon as this week a landmark $26 billion deal with the distributors and drugmaker Johnson & Johnson resolving cases nationwide.

The deal with New York Attorney General Letitia James and the populous Long Island counties of Nassau and Suffolk came three weeks into the first jury trial accusing companies of profiting from a flood of addictive painkillers that devastated communities.

“While no amount of money will ever compensate for the millions of addictions, the hundreds of thousands of deaths, or the countless communities decimated by opioids, this money will be vital in preventing any future devastation,” James said.

Hunter Shkolnik, a lawyer for Nassau County at the law firm Napoli Shkolnik, in a statement said that unlike the proposed national settlement, the New York deal “is not contingent on the rest of the country or other states joining.”

In a joint statement, the distributors called the settlement “an important step toward finalizing a broad settlement with states, counties, and political subdivisions.”

‘GETTING CLOSE’ ON NATIONAL SETTLEMENT

The national settlement is expected to be announced later this week, people familiar with the matter said. Joe Rice, a lead negotiator for lawyers for the cities and counties at Motley Rice, told reporters the parties are “getting close” to finalizing a deal.

After the framework is announced, states and their subdivisions will need to decide whether to join the global accord, the sources have said. The ultimate settlement price-tag could fluctuate depending on how many agree to the deal or reject it to pursue litigation on their own.

The settlement also calls the creation of a national clearinghouse of data on opioid shipments operated under the oversight of an independent third-party monitor.

Paul Geller, a lead negotiator for the plaintiffs at Robbins Geller Rudman & Dowd Geller, said that provision would be “transformative” in battling drug oversupply.

Nearly 500,000 people died from opioid overdoses in the United States from 1999 to 2019, according to the U.S. Centers for Disease Control and Prevention. The CDC last week said provisional data showed that 2020 was a record year for overall drug overdose deaths with 93,331, up 29% from a year earlier.

REMAINING DEFENDANTS

More than 3,300 cases have been filed largely by states and local governments alleging drugmakers falsely marketed opioid painkillers as safe, and distributors and pharmacies of ignoring red flags that they were being diverted to illegal channels.

The New York trial will continue against three drugmakers accused of deceptively marketing their painkillers – Endo International Plc, Teva Pharmaceutical Industries Ltd and AbbVie Inc’s Allergan unit.

Ahead of the trial, Johnson & Johnson agreed to pay $263 million to resolve the claims by the state and counties. Pharmacy operators Walgreens Boots Alliance Inc, CVS Health Corp, Rite Aid Corp and Walmart Inc agreed to settle with the counties for a combined $26 million.

Two other opioid cases are also on trial in West Virginia and California. The companies have denied wrongdoing.

James’ office said that of the nearly $1.18 billion the distributors agreed to pay, more than $1 billion will go toward addressing the epidemic. The counties have said the money will be used for mental health and addiction programs.

Payments will start in two months and will continue over the next 17 years, James said.

(Reporting by Brendan Pierson in New York and Nate Raymond in Boston; Editing by Tom Hals, Chizu Nomiyama, Bill Berkrot and Nick Zieminski)

Exclusive: Iran-linked hackers pose as journalists in email scam

By Raphael Satter and Christopher Bing

WASHINGTON (Reuters) – When Iranian-born German academic Erfan Kasraie received an email from The Wall Street Journal requesting an interview, he sensed something was amiss.

The Nov. 12 note purportedly came from Farnaz Fassihi, a veteran Iranian-American journalist who covers the Middle East. Yet it read more like a fan letter, asking Kasraie to share his “important achievements” to “motivate the youth of our beloved country.”

“This interview is a great honor for me,” the note gushed.

Another red flag: the follow-up email that instructed Kasraie to enter his Google password to see the interview questions.

The phony request was in reality an attempt to break into Kasraie’s email account. The incident is part of a wider effort to impersonate journalists in hacking attempts that three cybersecurity firms said they have tied to the Iranian government, which rejected the claim. The incidents come to light at a time when the U.S. government has warned of Iranian cyber threats in the wake of the U.S. air strike that killed Iran’s second most powerful official, Major-General Qassem Soleimani.

In a report https://blog.certfa.com/posts/fake-interview-the-new-activity-of-charming-kitten published Wednesday, London-based cybersecurity company Certfa tied the impersonation of Fassihi to a hacking group nicknamed Charming Kitten, which has long been associated with Iran. Israeli firm ClearSky Cyber Security provided Reuters with documentation of similar impersonations of two media figures at CNN and Deutsche Welle, a German public broadcaster. ClearSky also linked the hacking attempts to Charming Kitten, describing the individuals targeted as Israeli academics or researchers who study Iran. ClearSky declined to give the specific number of people targeted or to name them, citing client confidentiality.

Iran denies operating or supporting any hacking operation. Alireza Miryousefi, the spokesman for the Islamic Republic’s mission to the United Nations, said that firms claiming otherwise “are merely participants in the disinformation campaign against Iran.”

Reuters uncovered similar hacking attempts on two other targets, which the two cybersecurity firms, along with a third firm, Atlanta-based Secureworks, said also appeared to be the work of Charming Kitten. Azadeh Shafiee, an anchor for London-based satellite broadcaster Iran International, was impersonated by hackers in attempts to break into the accounts of a relative of hers in London and Prague-based Iranian filmmaker Hassan Sarbakhshian.

Sarbakhshian – who fled the Islamic Republic amid a crackdown that saw the arrest of several fellow photojournalists in 2009 – was also targeted with an email that claimed to be from Fassihi. The message asked him to sign a contract to sell some of his pictures to The Wall Street Journal. Sarbakhshian said in an interview that he was suspicious of the message and didn’t respond.

Neither did the ruse fool Kasraie, an academic who frequently appears on television criticizing Iran’s government.

“I understood 100 percent that it was a trap,” he said in an interview.

That’s not surprising given the hackers’ sloppy tactics. For instance, they missed the fact that Fassihi had left the Journal last year for a new job at The New York Times.

The Journal declined to comment. Fassihi referred questions to The Times, which in a statement called the impersonation “a vivid example of the challenges journalists are facing around the globe.”

U.S. officials and cybersecurity experts see Iran as a digital threat. Earlier this month, the U.S. Department of Homeland Security and the Federal Bureau of Investigation (FBI) issued alerts about the threat of Iranian cyberattacks following the controversial U.S. attack that killed Soleimani. Microsoft, which tracks attempts to undermine election security, in October accused Charming Kitten of targeting a U.S. presidential campaign; sources told Reuters https://reut.rs/38a9rEM at the time that the campaign was Donald Trump’s.

Homeland Security and FBI spokespeople declined to comment on the recent impersonations identified by Reuters. Certfa, ClearSky, and Secureworks said they could be tied to Charming Kitten through a study of the tactics, targets, and digital infrastructure involved – including servers, link shortening services, and domain registration patterns.

“This activity does align with prior Iranian cyber operations,” said Allison Wikoff, a Secureworks researcher who has tracked Charming Kitten for years.

In early 2019, the United States indicted Behzad Mesri – who ClearSky has linked to Charming Kitten through emails and social media activity – on charges of recruiting a former U.S. Air Force intelligence officer to spy on behalf of Iran. Mesri remains at large and could not be reached for comment.

Other impersonated journalists included CNN national security analyst Samantha Vinograd, whose identity was stolen in August and used in attempts to break into email accounts in Israel, ClearSky said. Another was Michael Hartlep, a Berlin-based videojournalist who has done freelance assignments for Deutsche Welle and Reuters. ClearSky found his name on an email inviting recipients to a bogus Deutsche Welle webinar on Iran’s role in the Middle East. The firm did not find evidence that the Reuters name was used in hacking attempts.

In another case, the hackers appear to have invented a journalist – “Keyarash Navidpour” – to send out a phony invitation on Jan. 4 to an online seminar that it claimed Deutsche Welle would hold about the killing of Soleimani the day before. No such journalist works for Deutsche Welle, said the news organization’s spokesman Christoph Jumpelt.

Vinograd referred questions to CNN, which did not return messages seeking comment. Hartlep told Reuters he worried such stunts might give sources second thoughts about answering a reporter’s queries.

“If this becomes the usual way of tricking people,” he said, “definitely it makes our work very hard.”

(Reporting by Raphael Satter and Christopher Bing in Washington; Additional reporting by Michelle Nichols in New York and Parisa Hafezi in London; Editing by Chris Sanders and Brian Thevenot)

North Korea is dismantling its nuclear site, but is it abandoning its arsenal or hiding evidence?

A satellite photo of the Punggye-Ri nuclear test site in North Korea May 14, 2018. Planet Labs Inc/Handout via REUTERS

By Josh Smith

SEOUL (Reuters) – Satellite imagery shows North Korea dismantling facilities at its nuclear test site, but experts say the images can’t reveal whether it is the first step toward full denuclearization, or an attempt to cloak nuclear capabilities from outside observers.

North Korea’s intentions were thrown further into doubt on Wednesday, when it abruptly announced it may “reconsider” meeting with U.S. President Donald Trump in June if the United States continues to insist on unilateral denuclearization.

Commercial satellite imagery – including photos taken by Planet Labs as recently as May 14 – show North Korea removing some structures around its nuclear test site at Punggye-ri, experts say.

“So far it looks like the surface-level support structures are being dismantled,” said Scott LaFoy, an open source imagery analyst. “This would be consistent with the site being closed, as you need engineers and working teams on-site to prepare and maintain the site.”

Among the facilities that appear to have been razed are an engineering office, as well as buildings housing the air compressor used to pump air into the tunnels where the bombs were detonated, said non-proliferation expert Frank Pabian.

“This is entirely in keeping with the official North Korean news report that ‘technical measures’ associated with the shutdown were underway,” Pabian said.

North Korea has said it plans to use explosives to collapse the tunnels; “completely” block up the tunnel entrances; and remove observation facilities, research institutes and guard structures.

A limited number of foreign media have been invited to view the ceremonial closure of the site, but so far no international inspectors, leading some experts to suspect that North Korea is seeking to hide details of its nuclear capabilities.

“North Korea might seem like they’re being generous in holding this event, but this is the actual testing ground we’re talking about here – The smoking gun,” said Suh Kune-yull, professor of nuclear energy system engineering at Seoul National University. “It seems like they’re trying to erase any evidence of the nuclear capabilities they have.”

“SOME RED FLAGS”

In a statement on Wednesday, North Korea’s first vice minister of foreign affairs Kim Kye Gwan sharply criticized American officials – especially national security adviser John Bolton – for suggesting that Libya could be a template for denuclearizing North Korea.

Bolton has proposed Trump and North Korean leader Kim Jong Un make a deal similar to the one that led to components of Libya’s nuclear program being shipped to the United States in 2004.

In 2011, Libyan leader Muammar Gaddafi was captured and killed by rebel forces backed by a NATO air campaign.

While the technical aspects of a North Korea deal could mirror some aspects of the Libya effort, Pyongyang has a much more advanced weapons program and Gaddafi’s fate is not encouraging, Andreas Persbo, the executive director of VERTIC, a London think tank that focuses on disarmament verification and implementation, said in a recent interview.

“Libya is a horrible example to make out of that perspective because of course the North Koreans have their own teams advising Kim Jong Un on what this meant, and they will highlight the fact that this is not a good solution for North Korea,” he said.

North Korea appears instead to be proposing a longer-term general commitment to “denuclearization of the Korean peninsula,” which could take years even under the best circumstances, experts say.

LaFoy said North Korea’s actions so far are “not necessarily nefarious,” but that it does raise some “red flags” about complete permanent denuclearization.

“That imagery tells us the site appears to be in the process of decommissioning,” he said. “But we can’t yet tell if it is going to be closed for years or something that can ultimately be reversed in a few weeks or months.”

(GRAPHIC: Nuclear North Korea – https://tmsnrt.rs/2Kql12i)

(Additional reporting by Christine Kim in SEOUL and Malcolm Foster in TOKYO. Editing by Lincoln Feast.)