dhs
Latest
Hacker posts info on thousands of Homeland Security employees
The US government has yet another security breach on its hands. Late yesterday, a Twitter account posted a Department of Homeland Security staff directory containing names, titles, email addresses, phone numbers and more for over 9,000 employees. "This is for Palestine, Ramallah, West Bank, Gaza, This is for the child that is searching for an answer," the post read. What's more, the hacker claims they have details on 20,000 FBI employees and plan to leak those next.
Full-body TSA scans are mandatory for 'some passengers'
The Transportation Security Administration was under pressure to establish rules regarding airport body scanners, and well, the Department of Homeland Security's weighed in. Now the Advanced Imaging Technologies (AIT) using Automatic Target Recognition (ATR) will be mandatory in certain cases. Slashgear notes that prior to this the scanners were opt-in, and one could go through a contactless, non-imaging scan instead. That option will exist, but security agents can insist on mandatory screening "for some passengers." The argument the DHS gives (PDF) is that these scanners are more capable of detecting prohibited, non-metallic items that could be hidden under a few layers of clothing than a metal detector wand would be.
CNN: FBI is investigating the Juniper Networks security hole
Yesterday's news of "unauthorized code" that could enable untraceable backdoor access to VPN traffic on certain Juniper Networks firewalls is now being investigated by the FBI. That news comes from CNN, which said that a US government official described the vulnerability as "stealing a master key to get into any government building." There's no word yet on which government agencies or private companies may have been using the specific ScreenOS-powered devices affected, but that's what the Department of Homeland Security is now trying to find out.
New DHS policy demands warrants before deploying Stingrays
The Department of Homeland Security announced a substantial policy change Wednesday regarding how it employs cellphone-tracking tools like the Stingray system. These cell-site simulators have been in use for more than a decade. They allow law enforcement to find cell phones either by directly searching for a known device or find an unknown device by sniffing for signaling information from the simulator's immediate vicinity and triangulating that data. The new policy explicitly demands that DHS personnel acquire a warrant before deploying the devices unless an exception, such as the imminent loss of human life, destruction of evidence, or to prevent the escape of a fugitive felon. Wednesday's announcement follows a similar decision by the Department of Justice last month. [Image Credit: Getty]
Raytheon signs $1 billion contract to protect government websites
Homeland Security has signed a five-year contract with Raytheon, which could be worth a whopping $1 billion. While the defense contractor is more known for weapons development, DHS hasn't joined forces with it to create more missiles, lasers, warheads and UAVs. No, the agency has asked the company's help to secure government websites. According to Raytheon's announcement, it will aid the government in developing, deploying and supporting technologies that watch out for and mitigate cyberattacks. Reuters says the company will also help around 100 agencies manage their network security within the duration of the partnership as the prime contractor for DHS' National Cybersecurity Protection System and Network Security Deployment divisions.
Feds charge nine hackers for $30M insider trading scheme
The Wall Street Journal reports that federal prosecutors are set to unseal charges Tuesday against nine hackers and stock traders involved in an insider trading operation that netted more than $30 million on illicit deals. The group to be charged allegedly had been conducting sophisticated cyber-attacks against newswire services in order to steal upcoming merger and acquisition information that had been uploaded to the newswire's servers -- but not yet published -- and position their investments accordingly. The group was discovered after a multi-agency investigation involving the DHS, FBI, SEC and the Secret Service.
Google, Microsoft join government's disaster response program
People hit by storms and other disasters need more than food, clothes or shelter in the days following the unfortunate event. They also need access to working internet or cellular networks to find family and friends who (heaven forbid) might be missing or to get in touch with people who might be worried sick about them. Homeland Security's Federal Emergency Management Agency (FEMA) hopes to supply the need for tech-savvy volunteers who can help out in those situations. That's why it has launched the Tech Corps program and enlisted the help of several big-name companies in the industry, including Cisco Systems, Google, Intel and Microsoft.
NASA tech helps find Nepal earthquake survivors
A new search-and-rescue tech by NASA JPL and Homeland Security found living survivors buried underneath 10 feet of debris in Nepal, proving that it works in real-life situations. The briefcase-like device called Finding Individuals for Disaster and Emergency Response (FINDER) can listen for the heartbeats and breathing of survivors trapped beneath up to 30 feet of rubble, behind 20 feet of solid concrete or within 100 feet in open spaces. It uses microwave-radar technology to look for signs of life, after which one of its components can pinpoint the person's location within five feet. That "locator" was added after a round of tests back in 2013.
Government scales back plans for license plate-tracking program
To say that there's been some concern about the Department of Homeland Security's on-again, off-again license plate-tracking initiative is something of an understatement. Despite fresh resistance from the ACLU, the agency is persisting with the project, but has revealed that it will walk back on some of its more far-reaching requirements. The original idea was to implement a nationwide system of license plate scanners that could track a suspect's movements, making it easier for the Immigrations and Customs Enforcement Agency to follow and apprehend criminals. Now, however, the folks at Nextgov have uncovered a document, dated February 18th, that scales the scope of the setup to a minimum of 25 states.
Google and Facebook come out against government spying
The Department of Homeland Security is setting up shop in Silicon Valley, with the agency's head Jeh Johnson pushing for easier access to our private data. Naturally, both Google and Facebook have started to openly resist this call to create backdoors for state surveillance. At the RSA security conference, Google's Keith Enright told MIT Technology Review that any attempt to breach his company's encryption would harm civil liberties.
Dept of Homeland Security is opening a Silicon Valley office
Security Secretary Jeh Johnson has announced that the Department of Homeland Security will soon open a satellite office in the heart of Silicon Valley. The new location will serve a dual purpose: to solidifying the DHS's relationships with area tech firms, which have been rather strained over the past few years, and as a means of recruiting. "We want to strengthen critical relationships in Silicon Valley and ensure that the government and the private sector benefit from each other's research and development," Johnson told reporters during the RSA Conference on Tuesday. "And we want to convince some of the talented workforce here in Silicon Valley to come to Washington."
Frenemies US and China join forces to fight cyber crime
The US and China are going to try to work together to take on cyber criminals. The Department of Homeland Security says that the US and China "intend to establish cyber discussions" on the path to reestablishing full government-to-government cyber security discussions. The DHS and China's Ministry of Public Sector agreed to focus on cross border cyber-enabled crimes like money laundering and online child sexual exploitation. The renewed interest in cooperation is the result of DHS Secretary Jeh Johnson's visit to Beijing.
DHS seeks bids for access to license-plate tracking systems
The Department of Homeland Security wants access to data about when and where suspects have traveled, and it could get that information from a license-plate tracking system. According to The Washington Post, the DHS first sought a private company that gathers location data in February last year. But it soon pulled back because of the backlash from advocates of privacy and civil liberties who pointed out that access to a commercial tracking system would allow field officers to pinpoint the location of millions of citizens who commute everyday. Now, a year later, the DHS is back with a new solicitation – that this time it says can both meet its goal and protect citizen privacy.
The CIA and Homeland Security want to delete almost all their emails
Usually, deleting emails is a no-fanfare, one-click affair -- but not when you're the Central Intelligence Agency or the Department of Homeland Security. Both agencies have recently submitted proposals to the National Archives and Records Administration that outline their plans to delete years' worth of emails, which the Archives has already tentatively approved. The CIA apparently turned one in to comply with the administration's directive, ordering federal agencies to conjure up viable plans to better manage government emails by 2016. If approved, all the correspondences of every person to ever be employed by the CIA will be flushed down the digital toilet three years after they leave. All messages older than seven years old will also be nuked, and only the digital missives of 22 top officials will be preserved -- something which several senators do not want to happen.
Silk Road 2.0 was just the first: police seize more Tor-shielded darknet sites
Yesterday's takeover of Silk Road 2.0 was just the tip of the iceberg apparently, as the FBI and European law enforcement organizations have announced a "global action" against similar darknet marketplaces. "Operation Onymous" resulted in 17 arrests total, the removal of 410 hidden services that allegedly offered illegal drugs and weapons for sale, as well as the seizure of more than $1 million Bitcoins in, $250,000 in cash and drugs. Troels Oerting of the European Cybercrime Center told Wired that his staff hadn't had time to assemble a full list of takedowns, but it includes Cloud 9, Hydra, Pandora, Cannabis Road and more. The Telegraph reports six Britons accused of helping run Silk Road 2.0 are among those arrested, while the BBC has word of two arrested in Ireland. Like both iterations of Silk Road, the sites were using Tor to anonymize access, but were still exposed. Details of how the service was pierced have not been revealed (we have an idea), but The Wall Street Journal quotes Eurojust spokesman Ulf Bergstrom saying "You're not anonymous anymore when you're using Tor."
Meet Rebecca Richards, the NSA's new Privacy Officer
It's safe to say that the NSA will need more than a pressure hose to wash away the scandals of 2013. As part of the plan to rehabilitate its image, the NSA advertised for a privacy officer back in September, and now the role has been filled by Rebecca Richards. Currently working in Homeland Security's privacy office, Richards' job will be to advise the NSA's director on ways to ensure that civil liberties aren't being ignored by the data-hungry agency. We were going to post the new executive's mugshot, but it appears that she's already gotten the hang of this online privacy lark.
President Obama signs executive order focused on improving national cybersecurity
While the President is currently giving his State of the Union address (viewable on YouTube here), earlier today he signed an executive order intended to improve the network security of "critical infrastructure." As noted by The Hill, the order charges the National Institute of Standards and Technology with the task of creating a framework of best practices for operators in industries like transportation, water and health to follow, due in the next 240 days. The Department of Homeland Security is also heading up a voluntary program works with various agencies and industry groups to make sure the policies are actually adopted, and find ways to create incentives for that to happen. The order has arrived after cybersecurity legislation failed to pass through Congress, and has been rumored heavily throughout the last few weeks. The president called for Congress to pass legislation to prevent cyberattacks during his speech, and this order is reportedly meant as a step in that direction. The Wall Street Journal indicates many businesses want liability protection against attacks in exchange for following the guidelines, which would require approval form Congress in order to happen. It includes language accounting for privacy concerns as well, with agencies required to look over the potential impact of their work, and release public assessments. The DHS is to report in a year how its work impacts civil liberties and provide recommendations on mitigating such risks. There's a lot to read through, so you can check out the document itself embedded after the break, or wait for those various agency reports for more updates.
Man on vacation confused for a Russian spy, almost restarts cold war
Threats of Russian espionage can come from the unlikeliest of sources, as Jim Mimlitz, owner of Navionics Research, a small integrator firm, knows only too well. Curran Gardner Public Water District, just outside of Springfield, Illinois, employed Mimlitz's firm to set up its Supervisory Control and Data Acquisition system (SCADA), and the spy games began when Mimlitz went on vacation in Russia. While there, he logged into the SCADA system to check some data, then logged off and went back to enjoying Red Square and the finest vodka mother Russia has to offer. However, five months later a Curran Gardner water pump fails, and an IT contractor eyeballing the logs spots the Russian-based IP address. Fearing stolen credentials, he passes the info up the chain of command to the Environmental Protection Agency (as it governs the water district) without bothering to contact Mimlitz, whose name was in the logs next to the IP address. The EPA then passed along the paranoia to a joint state and federal terrorism intelligence center, which issued a report stating that SCADA had been hacked. Oh boy. A media frenzy followed bringing all the brouhaha to Mimlitz's attention. After speaking with the FBI, the massive oversight was identified, papers were shuffled, and everyone went about their day. So, next time you delete all your company's e-mail, or restart the wrong server, remember: at least you didn't almost start World War III. Tap the source link for the full story. [Image courtesy Northackton]
US Department of Homeland Security developing system to predict criminal intent
We're not exactly lacking in opportunities for Minority Report references these days, but sometimes they're just unavoidable. According to a new report from CNET based on documents obtained by the Electronic Privacy Information Center, the US Department of Homeland security is now working on a system dubbed FAST (or Future Attribute Screening Technology) that's designed to identify individuals who are most likely to commit a crime. That's not done with something as simple as facial recognition and background checks, however, but rather algorithms and an array of sensors and cameras that can detect both physiological and behavioral cues that are said to be "indicative of mal-intent." What's more, while the DHS says that it has no plans to actually deploy the system in public just yet, it has apparently already conducted a limited trial using DHS employees -- though no word on the results of how well it actually works, of course. Hit the source link below for the complete (albeit somewhat redacted) documents.
A new accessory for your iPhone: a NASA-developed chemical sensor
What's better than a handful of sensors for determining if some hostile enemy has set off chemical weapons in a city? How about hundreds of thousands or millions of sensors? If research being done by NASA Ames Research Center under the Cell-All program in the US Department of Homeland Security's Science and Technology Directorate is taken into production, your next smartphone might contain chemical-sensing circuitry. A recent article in OnOrbit described a proof of concept that was developed by Jing Li, a scientist at Ames, and a group of other researchers. In order to test out the tiny nanosensor-based chemical sensing circuitry, Li and his team created a device that plugs into the dock port of an iPhone. To quote the original post, The new device is able to detect and identify low concentrations of airborne ammonia, chlorine gas and methane. The device senses chemicals in the air using a "sample jet" and a multiple-channel silicon-based sensing chip, which consists of 16 nanosensors, and sends detection data to another phone or a computer via telephone communication network or Wi-Fi. A newer version of the sensor has 64 nanosensors built-in and is less than 1 cm on a side. Isn't it cool that your iPhone is getting to be more like a Star Trek tricorder every day? [via Gizmodo]
