dhs
Latest
New lawsuit shows your phone is unsafe at American borders
A recent case filed in federal court, in which an American woman had her iPhone seized and cracked by Customs and Border Protection in a New Jersey airport puts a whole new spin on the things we now need to worry about when leaving the country. It appears that now everyone's phones, despite country of origin or cause, are subject to nonconsensual seizure and search -- even if we refuse to give up our passwords. If you're not caught up on the story, news hit this week that a Staten Island mom coming home from a February trip with her 9-year-old daughter from Switzerland had her iPhone snatched, kept for months and accessed for no given reason. Apple did not respond to a request for comment by publication time.
Phones sold by the four major US carriers could have a major security flaw
Customers using devices from four major cell phone carriers could unknowingly be exposing sensitive data to hackers, according to the Department of Homeland Security (DHS). Fifth Domain reports that DHS-funded researchers from mobile security firm Kryptowire have found vulnerabilities in phones used by Verizon, AT&T, T-Mobile and Sprint. The flaws are built into phones by manufacturers, and include a loophole that could exploit data, emails and text messages.
Russian hackers are inside US utility networks
Russian hackers infiltrated the control rooms of US utility companies last year, reaching a point where they "could have thrown switches," The Wall Street Journal reports. The paper cites officials from the Department of Homeland Security (DHS) confirming that the hackers -- from a state-sponsored group previously known as Dragonfly or Energetic Bear -- gained access to allegedly secure networks, where they could have caused blackouts.
Fundraiser to reunite immigrant families is largest in Facebook history
In the last six weeks, the Trump administration's strategy to separate children while criminally prosecuting parents for attempting to cross the southern US border illegally has led the government to take almost 2,000 youth from their families to camps and foster homes across the country. This has ignited a furor over the last week, and people have voted with their wallets. A Facebook fundraiser dedicated to reuniting these families is the largest in the social media platform's history and has raised $10.5 million to date since launching on June 16th.
US government finds new malware from North Korea
Even though Donald Trump is on good terms with North Korea, the Department of Homeland Security is still following that country's ongoing cyberattack campaign (which it's dubbed "Hidden Cobra"). Now CNN reports there's a new variant of North Korean malware to look out for: Typeframe. In a report released yesterday, the DHS says it's able to download and install additional malware, proxies and trojans; modify firewalls; and connect to servers for additional instructions. These are attacks we've seen in plenty of malware variants, Typeframe is just the latest addition.
FCC shrugs at fake cell towers around the White House
Turns out, Ajit Pai was serious last year when he told lawmakers that the FCC didn't want anything to do with cybersecurity. This past April the Associated Press reported "For the first time, the U.S. government has publicly acknowledged the existence in Washington of what appear to be rogue devices that foreign spies and criminals could be using to track individual cellphones and intercept calls and messages."
US and UK warn that Russia has been hacking routers worldwide
This morning, reports surfaced that UK Prime Minister Theresa May has been briefed on possible incoming Russian-based cyberattack that could lead to the release of compromising information about the country's lawmakers. But the threat has been expanded beyond gaining leverage on politicians. UK cyber intelligence agency NCSC, the FBI and the DHS have jointly accused Russian-based attackers of engaging a campaign for months trying to compromise routers, switches and firewalls around the world to hijack the Internet's infrastructure.
Homeland Security database would track bloggers, social media
Fears about the potential effects of propaganda and fake news remain high, and American officials are determined to keep track of media outlets in a bid to curb these misinformation campaigns. The Department of Homeland Security has put out a call for companies that could create a database tracking over 290,000 "media influencers" around the world, including online news outlets, bloggers and prominent social network accounts. The system would identify contributor details (such as contact info and their employers), and would allow searching for individuals and outlets through categories like their locations, the focuses of their coverage and their sentiment.
Facebook knows it must do more to fight bad actors
Not everything at SXSW 2018 was about films or gadgets. A few blocks away from the Austin Convention Center, where the event is being held, the Consumer Technology Association (CTA) hosted a number of panels for its Innovation Policy Day. In a session dubbed "Fighting Terror with Tech," Facebook's Lead Policy Manager of Counterterrorism, Brian Fishman, spoke at great length about what the company is doing to keep bad actors away from its platform. That doesn't only include terrorists who may be using the site to communicate, or to try to radicalize others, but also trolls, bots and the spreading of hate speech and fake news.
A US customs computer snafu caused major airport delays
US Customs and Immigration computers went down at various airports around the US yesterday, causing some havoc for travelers returning from holidays. It left hundreds of folks stuck in lines for a couple of hours in a part of the airport where there's normally not a lot to do. The agency didn't say what caused the problem, but said "there is no indication the service disruption was malicious in nature."
DHS finds first responder apps are plagued by security issues
While it's great that a consumer app like Waze started offering traffic data to help first responders avoid traffic, emergency professionals have been using their own suite of apps for awhile. But how safe are they? The Department of Homeland Security initiated a pilot program to vet the security of 33 different apps provided by 20 developers -- and found that 32 of them had potential security and privacy concerns and more serious vulnerabilities.
Federal employees stole data from Homeland Security
Three employees of the inspector general's office for the Department of Homeland Security (DHS) are accused of stealing a computer system that contained around 246,000 employees' personal data. That information included names, social security numbers and dates of birth, USA Today reports, and one of the suspects is also said to have had in their possession around 159,000 agency case files. The data breach was reported to DHS officials in May and acting DHS Secretary Elaine Duke decided in August to notify the employees whose information was included in the stolen data.
Homeland Security wants to scan your face at the border
Maybe Apple has the right idea when it comes to the future of identification, with Face ID built into the new iPhone X. The Department of Homeland Security wants to scan the faces of people entering or leaving the country, without needing to have anyone get out of their cars. The DHS's Silicon Valley office is hosting an "industry day" on November 14th to find ways to do just that, even if folks are wearing sunglasses and hats or the driver is looking away from the cameras.
Feds warn energy, aviation companies of hacking threats
Hackers have been targeting the nuclear, energy, aviation, water and critical manufacturing industries since May, according to Reuters. It's even serious enough for Homeland Security and the FBI to email firms most at risk of attacks, warning them that a group of cyberspies had already succeeded in infiltrating some of their peers' networks, including at least one energy generator. According to the feds' report, the hackers use malicious emails and websites to obtain credentials needed to worm their way into networks where they remain, biding their time and keeping an eye on the firms' activities.
Fear of the US government led me to censor myself on Twitter
The day I've been dreading for months is drawing near. On October 18th, the Department of Homeland Security's modified system of records is scheduled to go into effect. The updated policy would affect all US immigrants, whether they are new, existing or permanent residents or even naturalized citizens, and how they are identified by the government. More accurately, it would allow the DHS, Border Patrol and other immigration authorities to collect social media handles as part of an individual's official record. As someone who's working in the US on a visa, I was immediately worried about how it would affect my standing.
Americans are horrified by DHS plan to track immigrants on social media
Starting October 18th, the Department of Homeland Security will collect and store "social-media handles, aliases, associated identifiable information and search results" in the permanent files of all immigrants. This will include new immigrants, in addition to permanent residents and naturalized citizens.
US bans use of Kaspersky software in federal agencies
The US government has officially banned the use of Kaspersky security software in all of its federal agencies. Kaspersky has been under suspicion for cyberespionage for several months now, especially due to its ties to the Russian government and the fact that the company is required under Russian law to comply with Russian intelligence agency requests. According to a statement provided by the Department of Homeland Security to the Washington Post: "The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security." Kaspersky Lab, on the other hand, firmly denies the accusations, stating that it "doesn't have any inappropriate ties with any government" and that there's "no credible evidence" to back up the "false allegations." It also complained that it's being treated unfairly, and that it's never helped any government in cyberespionage. The US government has already removed Kaspersky from its approved vendors list back in July amid speculation that it's involved with Russian authorities. Now the government is going so far as to ban it altogether, giving federal agencies three months to remove the software. A draft version of the Senate's National Defense Authorization Act has banned the Department of Defense from using it as well, though The Washington Post notes that the Defense Department doesn't generally use it anyway.
ICE insists it doesn’t use Stingrays to track undocumented immigrants
In a letter (PDF), the acting director of the Immigration and Customs Enforcement (ICE) said that the agency doesn't use its Stingray mobile call-intercepting devices while enforcing immigration laws. It does deploy them when pursuing criminal suspects, however, and individual agents might use them while acting in a joint task force with other federal officers.
'Enhanced' security screenings begin for travelers flying into the US
If you breathed a sigh of relief when the Department of Homeland Security announced that it would not be extending its laptop ban to US inbound flights from Europe, we've got some not-great news for you. Starting today, people flying into the US from another country should expect a much longer wait at security due to increased scrutiny.
US lifts laptop ban from final Middle Eastern airline (updated)
If you're a business traveller who wants to use your laptop on a flight originating in the Middle East, things are looking up. The US started to lift restrictions for passengers carrying large electronics like laptops on flights originating in the Middle East earlier this month, including lifting the ban at Abu Dhabi airport, and exempting Emirates and Turkish Airlines from the ban. Now, according to a report by Reuters, the US Transportation Security Administration (TSA) has finally lifted the laptop ban on inbound passengers on Saudi Arabian Airlines, the final airline to be under restriction.
