HomelandSecurity
Latest
DOJ report finds foreign meddling had no impact on midterm elections
If attempts at election meddling had any tangible effect on the US midterms, you won't hear about it from some officials. The Departments of Justice and Homeland Security have submitted a joint report to President Trump saying there was no evidence a foreign government or agency had a "material impact" on the infrastructures of the 2018 vote, including campaigns and political bodies. The actual conclusions are classified, but they're consistent with what the government said after the elections, the Justice Department said.
Shutdown means government won't engage with the tech industry at CES
It's not just FCC Chairman Ajit Pai who'll back out of CES as a result of the US government shutdown. The Consumer Technology Association has confirmed that at least ten government officials have cancelled their speaking engagements at the technology trade show "so far." It's not just FCC representatives like Pai or his compatriot Brendan Carr, either. The FTC's Rohit Chopra and Rebecca Slaughter (shown above) have backed out, as have officials from the EPA (Brandon Bray and Barnes Johnson), FDA (Bakul Patel), FEMA (Daniel Kaniewski) and Homeland Security (Andre Hentz).
US border officers don't always delete collected traveler data
Privacy advocates aren't just concerned about warrantless device searches at the border because of the potential for deliberate abuse -- it's that the officials might be reckless. And unfortunately, there's evidence this is the case in the US. Homeland Security's Office of the Inspector General has released audit findings showing that Customs and Border Protection officers didn't properly follow data handling procedures in numerous instances, increasing the chances for data leaks and hurting accountability.
Face scanning in US airports is rife with technical problems
If you've had misgivings about the effectiveness of Homeland Security's airport face scanning (let alone the privacy implications), you're not alone. The department's Inspector General has issued a report warning that the scanning system is struggling with "technical and operational challenges." Customs and Border Protection could only use the technology with 85 percent of passengers due to staff shortages, network problems and hastened boarding times during flight delays. The system did catch 1,300 people overstaying their allowed time in the US, but it might have caught more -- and there were problems "consistently" matching people from specific age groups and countries.
FBI links North Korea hackers to two more malware attacks
The FBI and the Department of Homeland Security have linked more malware with North Korean hackers. The agencies say state-backed hackers called Hidden Cobra have likely used remote access tool Joanap and server message block worm Brambul to infiltrate the global media, aerospace, financial and critical infrastructure sectors. The attacks are part of a North Korea cyberattack campaign that has persisted since at least 2009, the agencies wrote in a Technical Alert.
Homeland Security database would track bloggers, social media
Fears about the potential effects of propaganda and fake news remain high, and American officials are determined to keep track of media outlets in a bid to curb these misinformation campaigns. The Department of Homeland Security has put out a call for companies that could create a database tracking over 290,000 "media influencers" around the world, including online news outlets, bloggers and prominent social network accounts. The system would identify contributor details (such as contact info and their employers), and would allow searching for individuals and outlets through categories like their locations, the focuses of their coverage and their sentiment.
DHS will demand that feds implement basic email security
After suffering several security breaches over the past few years, the US government will finally require federal agencies to implement basic email security measures. According to Reuters, Homeland Security's deputy undersecretary for cybersecurity Jeanette Manfra has revealed at an event in New York that the agency will soon require other federal agencies to adopt DMARC and STARTTLS. DMARC helps detect and block spoofed emails to prevent impersonation of government officials. STARTTLS prevents emails from being intercepted en route to the recipient. Both are at least a decade old and have already been widely adopted by email providers like Google and Microsoft.
DHS finally reveals the states Russia hacked during the elections
State officials finally know if they serve one of the 21 states Russia tried to hack during the 2016 Presidential elections. Homeland Security and other agencies found out in 2016 that Russian government hackers tried to get into some states' voting registration systems, but it took a year for the secretaries of state to convince the DHS to disclose its findings. The agency has only decided to tell authorities if they were targeted during the elections on Friday, because it "would help [them] make security decisions" way before the 2018 midterm elections begin.
DHS faces lawsuit over phone and laptop border searches
The number of electronic devices seized and searched at customs sharply increased in 2016 and has continued to rise this year. A number of groups and politicians have spoken out against the growing practice and now the ACLU and the Electronic Frontier Foundation (EFF) have filed a lawsuit against the Department of Homeland Security on behalf of 11 individuals who had their devices searched without a warrant.
US lifts laptop ban at Abu Dhabi airport
The US is scaling back its ban on laptops for Middle Eastern flights headed to the US... though it's not because officials believe everything is safe. The Department of Homeland Security has exempted Abu Dhabi International Airport from the ban (which also covers tablets) after verifying that Etihad Airways has properly implemented "enhanced security measures." While the agency isn't clear about what those are, they include tighter screening for both people and the devices they carry aboard.
DHS has a video game-like trainer for active shooter incidents
Today, the Department of Homeland Security's Science and Technology Directorate announced the release of a virtual training platform for active shooter incidents. The Enhanced Dynamic Geo-Social Environment, or EDGE, is a program that creates a virtual active shooter scenario through which first responders can train themselves. EDGE launches today and is free for all first responders.
US: North Korea's been hacking everyone since 2009
US authorities believe the North Korean government has been using an army of hackers called "Hidden Cobra" to deploy cyber attacks over the past eight years. That's according to the Technical Alert formally issued by the Homeland Security and the FBI, which contains the details and tools NK's cyber army has been using to infiltrate the media, financial, aerospace and critical infrastructure sectors in the US and around the globe. The government agencies issued the alert after tracing the IP addresses of a malware variant used to manage NK's DDoS attacks to North Korean computers. While other players can spoof their IPs to frame NK, the US is encouraging cyber analysts to be on the lookout, warning them that the Asian country will continue to use cyber operations to advance its government's military and strategic objectives.
US won't ban laptops on European flights, at least for now
After weeks of discussions, the Department of Homeland Security (DHS) has said it won't enforce a ban on laptops and other personal electronics on flights to the US from Europe. While officials remain keen to "implement any and all measures necessary to secure commercial aircraft" flying into the US, airlines and European officials appear to have sufficiently stalled negotiations on the blanket ban mooted earlier this month by Homeland Security Secretary John Kelly.
Homeland Security classifies election infrastructure as critical
The Department of Homeland Security has officially classified election systems as critical infrastructure in order to keep them safe from tampering. Election infrastructure include storage facilities, polling places, voter registration databases, voting machines and other systems that help manage the election process and report and display its results. DHS' announcement came after US intelligence released a report directly accusing Russian President Vladimir Putin of influencing the US presidential elections, mostly by ordering the use of cyber infiltration. If you'll recall, cyberattackers hacked into the Democratic National Committee's machines, as well as into over 20 states' election systems. However, none of the machines that were compromised were used for vote tallying.
Hackers targeted voter registration systems in 20 states
With the US presidential election just over a month away, a Homeland Security official says voter registration systems in 20 states were the targets of hackers. The Associated Press reports that an official from the department confirmed the activity over the the last few months and explained that it hasn't been determined if the threats were domestic or foreign. ABC News reported this week that Russian hackers targeted the systems of 20 states and successfully infiltrated four.
Homeland Security is investigating the Leslie Jones hack
The Department of Homeland Security is looking into yesterday's hack of actress Leslie Jones' personal information and photos. Deadline reports DHS confirmed Thursday that its New York office has an open investigation into the attack, but the on-going investigation prohibited the release of any further information. Jones' website was hacked and nude photos from her iCloud account were posted there along with images of her passport and driver's license. This comes just weeks after the actress was attacked online following the premiere of the Ghostbusters reboot she starts in.
Homeland Security's big encryption report wasn't fact-checked
If you watch Marvel's Agents of S.H.I.E.L.D., Blacklist, or any other TV show with make-believe espionage, you probably hear the term "going dark" at least once a week. In the real world, "going dark" has become FBI shorthand for when baddies can't be spied on, or manage to vanish into thin internet, at the fault of encryption. And it's at the heart of an oft-virulent tug-of-war between entities such as the FBI, Apple, civil liberties groups, conspiracy theorists, and lawmakers.
Homeland Security wants social media info from foreign visitors
Someday, departure and arrival forms in the US might have a new section asking foreign nationals for their Facebook and Twitter accounts. The Department of Homeland Security has submitted a proposal to add a section in those forms that reads: "Please enter information associated with your online presence--Provider/Platform--Social media identifier." According to the info published by the Federal Register, it would be an optional field and would only ask for people's usernames on social media platforms, not their passwords.
The TSA is failing spectacularly at cybersecurity
Five years of Department of Homeland Security audits have revealed, to the surprise of few and the dismay of all, that the TSA is as great at cybersecurity as it is at customer service. The final report from the DHS Office of Inspector General details serious persistent problems with TSA staff's handling of IT security protocols. These issues include servers running software with known vulnerabilities, no incident report process in place, and zero physical security protecting critical IT systems from unauthorized access. What we're talking about here are the very basics of IT security, and the TSA has been failing at these quite spectacularly for some time.
UK police arrest teenager over recent US government hacks
UK authorities believe they've caught a teenage hacker who was part of the recent wave of attacks on US government officials. A 15-year-old boy who goes by the name "Cracka" was arrested earlier this week for his part in a number of security breaches. He's allegedly head of the group "Crackas with Attitude" who made news back in October for breaking into the personal email of CIA head John Brennan. The group went on to access several accounts owned by Director of National Intelligence James Clapper last month.
