A Tip Discovered the Capital One Data Hack

Lil miss Paige got what is in your wallet.

Paige Adele Thompson

MCLEAN, Va., July 29, 2019 /PRNewswire/ — Capital One Financial Corporation (NYSE: COF) announced today that on July 19, 2019, it determined there was unauthorized access by an outside individual who obtained certain types of personal information relating to people who had applied for its credit card products and to Capital One credit card customers.

Capital One

Capital One immediately fixed the configuration vulnerability that this individual exploited and promptly began working with federal law enforcement. The FBI has arrested the person responsible and that person is in custody. Based on our analysis to date, we believe it is unlikely that the information was used for fraud or disseminated by this individual. However, we will continue to investigate.

“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” said Richard D. Fairbank, Chairman and CEO. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”

Based on our analysis to date, this event affected approximately 100 million individuals in the United States and approximately 6 million in Canada.

***

According to the criminal complaint, the FBI honed in on Thompson after “information obtained from the obtrusion” was found on a GitHub page with Thompson’s name attached to it. A tipster had emailed Capital One on July 17, 2019, to alert them to the post. The message included a link to a file, that was confirmed to contain information for getting into Capital One systems.

paige thompsonAnd Paige bragged about her nefarious achievements.

 

Paige Adele Thompson described herself as a “Programmer, sysadmin, electronics enthusiast” on the GitLab profile mentioned in the third section of this article. Another profile states that she works at Netcrave Communications in Seattle. A search of online records brings up a now-deleted LinkedIn page that lists her occupation as “Owner / software engineer” at Netcrave. On a Meetup page, Thompson also described herself as the CTO of the company.

The resume that FBI investigators alluded to in the criminal complaint was easily found on Scribd, the online platform that allows for the sharing of documents. Thompson wrote on the resume that she worked for Amazon as a systems engineer in 2015 and 2016. She also lists prior jobs as a software engineer at companies including ATG Stores Inc, ConnectXYZLLC and Seattle Software Systems. The resume states that Thompson attended Bellevue Community College but did not graduate. Excellent work as published here.

According to the criminal complaint, Paige Thompson actually began the hack in March. It is quite the case and interesting reading found here.

Baltimore, Corruption More

NR: The saga of Mayor Catherine Pugh is only the tip of the iceberg.

Baltimore, a once-great American city, has all but imploded thanks to decades of corrupt leadership, crime, and the progressive policies now trumpeted by Democratic presidential hopefuls as solutions to the country’s cultural and economic divisions.

Baltimore, MD - Blighted Baltimore Homes Are Razed, Along ...

The latest dramatic, if not unique, chapter in Baltimore politics is the still-unfolding story of Democrat Catherine Pugh, the long-time state senator who won the city’s 2016 mayoral election. Pugh is taking an indefinite leave of absence (but will still collect her $185,000-per-year salary) following news that she had received $500,000 from sales of self-published children’s books to the University of Maryland Medical System, where she was until recently a board member, and $300,000 from other businesses and organizations, some of which had won multi-million-dollar contracts from the city and state during her tenure in Baltimore and Annapolis. She also bought her house below market value and renovated it at a deep discount thanks to one of the businesses that bought her “Healthy Holly” books, which teach, according to one Amazon reviewer, that “Exercising is fun, but money laundering is funner.”

Pugh, whose homes and City Hall office were raided April 25 by the FBI amid calls from Governor Larry Hogan and other elected officials to resign over her book deals, won a tight primary race in 2016 against former mayor Sheila Dixon, who had been convicted of stealing gift cards meant for poor residents. At the time Pugh was, by comparison, the clean candidate. Which is not to say she was an exemplar of high character—in 2010 as a state senator she was the lead sponsor of the first law in the nation requiring the census to count inmates as residents of their last permanent, address rather than of their prison. This law boosted Baltimore’s declining population by some 12,000 people—and saved the city’s powerful delegation from losing seats in the state legislature. Perhaps Bernie Sanders and other Democrats should tap her for insight on the hot topic of felons and terrorists voting from prison if she is unemployed thanks to the self-dealing noted above.

Baltimore has seen better days. Established in 1729, it was the first ‘boom town’ in the United States, home to an expansive shipbuilding sector and the nation’s first common-carrier railroad (B&O) connecting Baltimore with cities as far-flung as St. Louis and Chicago. Today it is known to Americans via “The Wire,” HBO’s 2002–2008 television series that viscerally captured the hopelessness of the city’s drug-infested streets, failing schools, corrupt police department and power-hungry City Hall.

Crime is so pervasive today that Johns Hopkins University, the city’s largest private-sector employer, won approval this year from the state legislature to create its own armed police force to protect students, faculty, and its medical campus. The rate of violent crime has been terrible for years and last year Baltimore topped the FBI’s homicide list at a time when violent crime has been decreasing nationally. Security company ADT just ranked Baltimore’s residents the “most robbed” in the United States. This, four years after former mayor Stephanie Rawlings-Blake, a Democrat like every Baltimore mayor since 1967, told residents they needed to give looters “space” to “destroy” during riots following the death of Freddie Gray, a black man who died in police custody in 2015, and earlier told residents who complained about spiking crime during her tenure that they were “part of the problem.” (She decided not to run for a second term, by the way.)

But crime is only one of Baltimore’s many problems. The vast majority of the city’s public-school children can’t read or write at grade level. When they graduate from high school, 70 percent of Baltimore City public school students who enter a two- or four-year college need remedial help in basic reading and math. And then there are the massive water-main breaks that regularly halt commerce, and the 17,000 vacant houses pockmarking the city like ghosts of the city’s past stature.

No wonder so many people are voting with their feet and leaving. Last year’s census figures showed that, of the 30 largest cities in the United States, only Baltimore and Detroit lost population. Baltimore had shrunk to a population not seen for 100 years. This year’s census figures show another population decline of 1.2 percent to just over 600,000 residents and no signs of stopping.

What makes a bad situation worse are decades of economic policies that by design create two Baltimores—one for the connected, and one for everyone else. The city’s 2.248 percent property tax rate, more than twice as high as that of other counties in the state, drives people and businesses away from a city that desperately needs new families. Owning a $500,000house costs $11,240 per year in city property taxes, as opposed to $5,500 in the surrounding county. As more and more people leave, those same beleaguered taxpayers are forced to shoulder a larger share of the tax burden for city services. Connected developers, on the other hand, regularly receive massive tax breaks to build luxury developments like the Four Seasons, hotels like the Baltimore Marriott Waterfront, and myriad other projects that continually drain city coffers of millions without boosting employment, while homeowners effectively pay tax rates sometimes 16 times higher.

Amid these ashes, what do elected and appointed officials think will ignite Baltimore’s economy? A bigger convention center and new horse track for the Triple Crown’s Preakness, businesses with such vibrant futures that both must be massively subsidized by state taxpayers to survive. Securing public funds for both was the main focus of Ms. Pugh’s administration before she went into hiding.

And nothing is going to change soon. The acting mayor, Democrat Jack Young, is content to act as a “place holder” for Ms. Pugh until she decides—if ever—to return to office before the 2020 election. As he told the Baltimore Sun, “People should understand we’re still moving the city forward with a steady hand.” This particular “steady hand” has spent 20-plus years on the city council, overseeing its decline.

With the FBI probe casting a wider net than Ms. Pugh, the city needs to eject her from office along with the corruption and mismanagement that has plagued it for decades. The people of Baltimore deserve better.

They need someone who did not learn the Baltimore Way from their mentors and who knows how to earn the city money, not redistribute it to friends, family, and his or her own bank account. They need someone willing to make schools compete for students by becoming places where those students learn, and brave enough to make streets safe and neighborhoods thrive—not someone who will do anything to cling to power. And they need someone willing to make the structural economic reforms necessary to create jobs and lure businesses over the long-term instead of someone who can only recycle ideas that have been failing for decades.

Long-time city politicians need not apply. The city needs someone with courage, not connections. May the 2020 mayoral race, for the first time in a long time, draw candidates devoted to securing the city’s future, not their own.

More ‘Narco-Subs’ Still Out There

The clip, which appears to have been recorded via helmet cam, ends with the narco sub crew opening the hatch, and emerging with their hands in the air.

The footage is from just one of 14 similar drug interdictions that the Munro and two other Coast Guard cutters pulled off between May and July 2019 along the coasts of Mexico and Central and South America, according to a July 11 statement from the U.S. Coast Guard Pacific Area.

***

The NarcoSub: A Cutaway Illustration | Earthly Mission

InsightCrime: The operation, which took place on June 18, ended with the arrest of five smugglers and the seizure of the cocaine valued at $232 million.

The US Coast Guard has seen an uptick in these vessels recently. In a span of two months in 2017, the Coast Guard stopped seven “low-profile drug smuggling vessels,” according to a news release, seizing around 10,300 kilograms of cocaine worth more than $306 million.

Authorities in Colombia are also seeing an increase in this trafficking method.

In August of 2018, for example, Colombia’s navy intercepted two semi-submersible vessels, one of which was carrying more than two tons of drugs valued at $66 million, and the other which was carrying more than 1,700 kilograms of cocaine. By September of the same year, the Colombian navy had captured 14 semi-submersibles in the Pacific Ocean, more than three times the prior year, Business Insider reported.

Drug submarines largely depart from Colombia’s Pacific coast, where mangroves provide the perfect cover for submarine builders.

The increasing use of so-called narco-submarines to smuggle drugs between Colombia and the United States reflects two realities of the cocaine trade: coca production is at an all-time high in Colombia, and traffickers still see the high seas as one of the most effective ways to move drugs.

In 2018, coca cultivation in Colombia stood at 208,000 hectares, just a fraction less than the record 209,000 hectares seen in 2017. Such a bonanza has led traffickers to turn to all types of maritime transport.

The longtime smuggling method of concealing cocaine within cargo ships docking at US ports has been employed by traffickers recently, evidenced by massive drug seizures at ports in New York and Philadelphia.

Traffickers also clearly see semi-submersible vessels — first used by Colombian drug smugglers in the early 1990s — as an effective method of delivery. These vessels are largely employed to skirt improved radar technology and authorities’ use of high-speed boats.

Sitting below the waterline, semi-submersible vessels usually just have their exhaust pipes above the surface. As far back as 2009, such vessels could be constructed for as little as $50,000 and assembled in less than 90 days. Since then, they have only become faster, more sophisticated and likely cheaper to build.

Traffickers have also used fully submersible versions, which cost millions of dollars to build but have enough room for a few crew members and massive drug hauls.

The uptick in interdictions of semi-submersible vessels shows that the Coast Guard’s tripling of resources in the Pacific has been effective. Yet traffickers’ continued use of submarines likely indicates that a portion still manage to get through.

Even when stopped, these submarines can prove frustrating for authorities. They are built to be easily sunk, and their crews are difficult to prosecute, once the drug cargo and vessel sit at the bottom of the ocean.

***

A 2008 U.S. military Southern Command report predicted that semi-submersible vessels would soon be able carry 330 tons north each year or close to half of all cocaine moving north.

There is some evidence this may already be the case. A 2010 United Nations report on The Globalization of Crime said that in 2008, 46 percent of all cocaine seized by Colombia in the Pacific was found on semi-submersibles. With the U.S. estimating that 69 percent of cocaine entering the country in 2007 left Colombia via the Pacific, semi-submersibles have in the last few years been responsible for a very sizeable proportion of the global cocaine trade. More here.

2008 documentary on drug subs.

 

Is the U.S. Prepared for Foreign Interference of 2020 Elections

The Democrats continue to declare the Russians helped Donald Trump win the presidency and that now President Trump has done nothing to prevent Russian interference of the 2020 elections.

DHS is worried about our elections, and it's asking ...

But we need to look at some real facts.

  1. DHS launched several programs to aid the U.S. security of the nation’s elections systems. Beginning in 2017, a National Infrastructure Protection Plan was launched which began the real partnership with Federal, State and local governments including private sector entities. The sharing of timely and actionable threats, cybersecurity assistance including sensors all at no charge to election officials. Scanning, risk assessment and analysis along with training are all part of the Protection Plan, including conference calls scheduled as needed. What is most interesting is this program was initiated by a Presidential Policy Directive #21 signed by then President Obama in 2013.
  2. As ODNI Dan Coats has tendered his resignation effective in mid-August, many have said he has no accomplishment. This agency is merely an intelligence coordinator of many agencies and is bureaucratic but Coats did create a position that is dedicated to election security efforts and is headed by Shelby Pierson who has a deep resume in intelligence and was a crisis manager for election security in the 2018 elections. He has briefed the House Oversight and Government Reform Committee several times so for any Democrat to declare that the Trump administration has done nothing is false.
  3. DHS has a resource library including a checklist that is available for free for any election officials that can be accessed as new threats or conditions arise. This library includes HTTPS encryption techniques, incident response, ransomware best practices and securing voter registration data. Additionally, email authentication techniques are available, layering credentialed access logins, security baselines, monitoring intrusions and brute force attack attempts are shared with all participating partners.

All of these efforts are positive steps against foreign interference, however fake news and rogue actors are crafty, resourceful and well financed. The United States is not the only country that is a victim of foreign intrusions.

Foreign spy services that are utilizing information operations in order to influence US elections reportedly include —aside from Russia— Israel, Saudi Arabia, the United Arab Emirates, Venezuela and China.

The majority of foreign information operations take place on social-media platforms such as YouTube, Twitter, Instagram and Facebook. But there are also campaigns to influence more traditional American media, for instance by tricking newspapers into publishing letters to the editor that are in fact authored by foreign intelligence operatives. Analysts from FireEye, Graphika and other cybersecurity and network-analysis firms told The Postthat some information operations are difficult to detect, because the presence of a state security service is not always apparent. However, the messages that are communicated in tweets, Facebook postings, online videos, etc., tend to echo —often word for word— the rhetoric of foreign governments, and promote their geopolitical objectives. As can be expected, these objectives vary. Thus, Russian, Israeli and Saudi information operations tend to express strong political support for US President Donald Trump, arguably because these governments see his potential re-election as a development that would further their national interest. In contrast, Iranian information operations tend to lambast Trump for his negative stance on the Iranian nuclear deal and for his support for Saudi Arabia’s intervention in the Yemeni Civil War.

Stanley McChrystal has called for a nonpartisan, non-governmental Fair Digital Election Commission to protect the integrity of our elections by detecting, exposing, evaluating and remediating the impact of disinformation. Well we already have one where non-government cyber experts are collaborating with government officials and issuing attributions to the cyber actors as well as recommendations.

Fake news and false news influence voter’s attitudes. So one must ask where in Silicon Valley and the tech giants? We already know that Instagram, Facebook, Google, YouTube and Twitter are censoring so voters must be diligent in research and cautious themselves regarding the spread of fake news and validating stories beyond just reading the headlines.

Last year, 2018:

A new study by three MIT scholars has found that false news spreads more rapidly on the social network Twitter than real news does — and by a substantial margin.

“We found that falsehood diffuses significantly farther, faster, deeper, and more broadly than the truth, in all categories of information, and in many cases by an order of magnitude,” says Sinan Aral, a professor at the MIT Sloan School of Management and co-author of a new paper detailing the findings.

“These findings shed new light on fundamental aspects of our online communication ecosystem,” says Deb Roy, an associate professor of media arts and sciences at the MIT Media Lab and director of the Media Lab’s Laboratory for Social Machines (LSM), who is also a co-author of the study. Roy adds that the researchers were “somewhere between surprised and stunned” at the different trajectories of true and false news on Twitter.

Moreover, the scholars found, the spread of false information is essentially not due to bots that are programmed to disseminate inaccurate stories. Instead, false news speeds faster around Twitter due to people retweeting inaccurate news items.

“When we removed all of the bots in our dataset, [the] differences between the spread of false and true news stood,”says Soroush Vosoughi, a co-author of the new paper and a postdoc at LSM whose PhD research helped give rise to the current study.

The study provides a variety of ways of quantifying this phenomenon: For instance,  false news stories are 70 percent more likely to be retweeted than true stories are. It also takes true stories about six times as long to reach 1,500 people as it does for false stories to reach the same number of people. When it comes to Twitter’s “cascades,” or unbroken retweet chains, falsehoods reach a cascade depth of 10 about 20 times faster than facts. And falsehoods are retweeted by unique users more broadly than true statements at every depth of cascade.

The paper, “The Spread of True and False News Online,” is published today in Science.

 

 

Meet the United Front Work Department

The U.S. should perhaps scrapping any trade deal with China. Why?

Just this week, the United States Navy and Taiwanese authorities sailed through the Taiwan Strait. China threatened use of force to thwart any U.S. move over the partnership with Taiwan. So, the U.S. just tested that.

As an aside, the United States just approved a major sale of weapons requested by Taiwan totaling $2.2 billion. This is actually in compliance with U.S. law where we are to provide Taiwan with sufficient equipment and services for self-defense.

As part of the U.S. 7th Fleet, a guided missile cruiser transited the route continuing efforts to keep free and open the Indo-Pacific. President Trump is defying China and should actually as we dont respond to threats of war all while the White House National Security advisor John Bolton is in S. Korea. China continues to push the One China principle so as not to harm relations. Meanwhile, China has a robust active measures operation going on in Washington DC. So read on.

China’s Communist Party is intensifying covert influence operations in the United States that include funding Washington think tanks and coercing Chinese Americans, according to a congressional commission report.

The influence operations are conducted by the United Front Work Department, a Central Committee organ that employs tens of thousands of operatives who seek to use both overt and covert operations to promote Communist Party policies.

Johns Hopkins School of Advance International Studies, a major foreign policy education and analysis institute, has received funding from Tung Chee-hwa, a vice chairman of the Chinese People’s Political Consultative Conference, the party group that directs the United Front Work Department and includes a member of the Politburo Standing Committee, the collective dictatorship that rules China.

The funding for Johns Hopkins came from Tung’s non-profit group in Hong Kong, the China-U.S. Exchange Foundation, which is a registered Chinese agent.

In addition to Johns Hopkins, other think tanks linked to China and influential in American policy circles include the Brookings Institution, Atlantic Council, Center for American Progress, EastWest Institute, Carter Center, and the Carnegie Endowment for International Peace.

The Exchange Foundation is tied to Chinese government influence operations and uses the same public relations firm as the Chinese embassy. More here.

***

President Xi views United Front work as an important tool to strengthen support for the CCP both inside and outside China by exploiting individuals’ emotional and ideological sympathies for China and providing financial support to key groups and individuals.24 Although the importance of United Front work declined after the founding of the People’s Republic of China,* a number of Western analysts agree it has regained its prominence since then, and especially since the rise of Xi Jinping, as Beijing has embraced a much more assertive approach to foreign policy.25In his address to the 19th National Congress of the CCP† in October 2017, President Xi called United Front work“an important way to ensure the success of the [Chinese Communist] Party’s cause” and urged the CCP to form the “broadest possible patriotic United Front.”26 President Xi has also called United Front work a “magic weapon” that is important for bringing about “the great rejuvenation of the Chinese nation.”

Several pieces of U.S. legislation in 2018 have included important provisions for countering CCP and other malign foreign influence.‡ Representative Joe Wilson (R-SC) and Senators Rubio and Tom Cotton (R-AK) introduced legislation in March 2018, titled the Foreign Influence Transparency Act, which would require organizations that promote the political agendas of foreign governments to register as foreign agents§ and would require universities to disclose certain donations and gifts from foreign sources.127 Senator Ted Cruz (R-TX) introduced the Stop Higher U.S.-China Economic and Security Review Commission 15Education Espionage and Theft Act in May 2018, which is intended to strengthen the U.S. government’s ability to counter foreign intelligence organizations working inside the U.S. educational system.128 Senator Rubio and his Congressional-Executive Commission on China co-chair Representative Chris Smith (R-NJ), along with co-sponsors, introduced companion bills in the Senate and House in June 2018 calling for the establishment of an interagency task force to compile an unclassified report on CCP influence operations targeting the United States and certain U.S. allies.129 Most significantly, the National Defense Authorization Act for 2019 contains important provisions to coordinate the U.S. government response to malign foreign influence operations and campaigns—including specifically by China.* Read in full here.