Category Archives: Cyber War

Russian Hackers Also Hit the Clinton Foundation

Posted on by

So, global adversaries came to understand early that much of the covert and diplomatic work and connections by Hillary Clinton during her term as senator and later as Secretary of State was going on in a dual location, meaning the Clinton Foundation and the U.S. State Department. So….let the hacking begin, and they did.

Now there is a question: Are there more than one servers? Evidence speaks to the answer, YES. See this item from Forbes where there are clues.

 

Records reveal that Hillary Clinton’s private clintonemail.com server shared an IP address with her husband Bill Clinton’s email server, presidentclinton.com, and both servers were housed in New York City, not in the basement of the Clintons’ Chappaqua, New York home.

Web archives show that the Presidentclinton.com Web address was being operated by the Clinton Foundation as of 2009, when Hillary Clinton registered her own clintonemail.com server.

Numerous Clinton Foundation employees used the presidentclinton.com server for their own email addresses, which means that they were using email accounts that, if hacked, would have given any hacker complete access to Hillary Clinton’s State Department emails, as well. More here.

Clinton Foundation Said to Be Breached by Russian Hackers

Bloomberg: The Bill, Hillary and Chelsea Clinton Foundation was among the organizations breached by suspected Russian hackers in a dragnet of the U.S. political apparatus ahead of the November election, according to three people familiar with the matter.

The attacks on the foundation’s network, as well as those of the Democratic Party and Hillary Clinton’s presidential campaign, compound concerns about her digital security even as the FBI continues to investigate her use of a personal e-mail server while she was secretary of state.

A spokesman for the foundation, Brian Cookstra, said he wasn’t aware of any breach. The compromise of the foundation’s computers was first identified by government investigators as recently as last week, the people familiar with the matter said. Agents monitor servers used by hackers to communicate with their targets, giving them a back channel view of attacks, often even before the victims detect them.

For a primer on recent cyber intrusions, click here.

Before the Democratic National Committee disclosed a major computer breach last week, U.S. officials informed both political parties and the presidential campaigns of Clinton, Donald Trump and Bernie Sanders that sophisticated hackers were attempting to penetrate their computers, according to a person familiar with the government investigation into the attacks.

The hackers in fact sought data from at least 4,000 individuals associated with U.S. politics — party aides, advisers, lawyers and foundations — for about seven months through mid-May, according to another person familiar with the investigations.

Thousands of Documents

The thefts set the stage for what could be a Washington remake of the public shaming that shook Sony in 2014, when thousands of inflammatory internal e-mails filled with gossip about world leaders and Hollywood stars were made public. Donor information and opposition research on Trump purportedly stolen from the Democratic Party has surfaced online, and the culprit has threatened to publish thousands more documents.

A hacker or group of hackers calling themselves Guccifer 2.0 posted another trove of documents purportedly from the DNC on Tuesday, including what they said was a list of donors who had made large contributions to the Clinton Foundation.

The Republican Party and the Trump campaign have been mostly silent on the computer attacks. In an earlier statement, Trump said the hack was a political ploy concocted by the Democrats.

Information about the scope of the attacks and the government warnings raises new questions about how long the campaigns have known about the threats and whether they have done enough to protect their systems.

The Clinton campaign was aware as early as April that it had been targeted by hackers with links to the Russian government on at least four recent occasions, according to a person familiar with the campaign’s computer security.

U.S. Inquiries

The U.S. Secret Service, Federal Bureau of Investigation and National Security Agency are all involved in the investigation of the theft of data from the political parties and individuals over the last several months, one of the people familiar with the investigation said. The agencies have made no public statements about their inquiry.

The FBI has been careful to keep that investigation separate from the review of Clinton’s use of private e-mail, using separate investigators, according to the person briefed on the matter. The agencies didn’t immediately respond to requests for comment.

Clinton spokesman Glen Caplin said that he couldn’t comment on government briefings about cyber security and that the campaign had no evidence that its systems were compromised.

“We routinely communicate and cooperate with government agencies on security-related matters,” he said. “What appears evident is that the Russian groups responsible for the DNC hack are intent on attempting to influence the outcome of this election.”

The DNC wouldn’t directly address the attacks but said in a written statement that it believes the leaks are “part of a disinformation campaign by the Russians.”

Trump spokeswoman Hope Hicks didn’t respond to e-mails seeking comment about the government warnings. The Republican National Committee didn’t respond to e-mail messages. A Sanders spokesman, Michael Briggs, said he wasn’t aware of the warnings.

IDing the Hackers

The government’s investigation is following a similar path as the DNC’s, including trying to precisely identify the hackers and their possible motives, according to people familiar with the investigations. The hackers’ link to the Russian government was first identified by CrowdStrike Inc., working for the Democratic Party.

A law firm reviewing the DNC’s initial findings, Baker & McKenzie, has begun working with three additional security firms — FireEye Inc., Palo Alto Networks Inc. and Fidelis Cybersecurity — to confirm the link, according to two people familiar with the matter, underscoring Democrats’ concerns that the stolen information could be used to try to influence the outcome of the November election.

A spokesman for Baker & McKenzie didn’t immediately respond to requests for comment. DNC spokesman Luis Miranda said the party worked only with CrowdStrike.

If the Democrats can show the hidden hand of Russian intelligence agencies, they believe that voter outrage will probably outweigh any embarrassing revelations, a person familiar with the party’s thinking said.

So far the released documents have revealed little that is new or explosive, but that could change. Guccifer 2.0 has threatened to eventually release thousands of internal memos and other documents.

Line of Attack

Sensitive documents from the Clinton Foundation could have the most damaging potential. The Trump camp has said it plans to make the foundation’s activities a subject of attacks against Clinton; the sort of confidential data contained in e-mails, databases and other digital archives could aid that effort.

An analysis by Fidelis confirmed that groups linked to Russian intelligence agencies were behind the DNC hack, according to a published report.

The government fills a crucial gap in flagging attacks that organizations can’t detect themselves, said Tony Lawrence, a former U.S. Army cyber specialist and now chief executive officer of VOR Technology, a computer security company in Hanover, Maryland.

“These state actors spend billions of dollars on exploits to gather information on candidates, and nine times out of ten [victims] won’t be able to identify or attribute them,” he said.

Google Accounts

Bloomberg News reported Friday that the hackers who hit the DNC and Clinton’s campaign burrowed much further into the U.S. political system than initially thought, sweeping in law firms, lobbyists, consultants, foundations and policy groups in a campaign that targeted thousands of Google e-mail accounts and lasted from October through mid-May.

Data from the attacks have led some security researchers to conclude that the hackers were linked to Russian intelligence services and were broadly successful in stealing reports, policy papers, correspondence and other information. Dmitry Peskov, a spokesman for President Vladimir Putin, denied that the Russian government was involved.

Russia uses sophisticated “information operations” to advance foreign policy, and the target audience for this kind of mission wouldn’t be U.S. voters or even U.S. politicians, said Brendan Conlon, who once led a National Security Agency hacking unit.

“Why would Russia go to this trouble? Simple answer — because it met their foreign policy objectives, to weaken the U.S. in the eyes of our allies and adversaries,” said Conlon, now CEO of Vahna Inc., a cyber security firm in Washington. Publishing the DNC report on Trump “weakens both candidates — lists out all the weaknesses of Trump specifically while highlighting weaknesses of Clinton’s security issues. The end result is a weaker president once elected.”

Russia Link

Russia has an expansive cyber force that it has deployed in complex disinformation campaigns throughout Europe, according to intelligence officials.

BfV, the German intelligence agency, has concluded that Russia was responsible for a 2015 hack against the Bundestag that forced shutdown of its computer systems for several days. Germany is under “permanent threat” from Russian hackers, said BfV chief Hans-Georeg Maassen.

Security software maker Trend Micro said in May that Russian hackers had been trying for several weeks to steal data from Chancellor Angela Merkel’s Christian Democratic Union party, and that they also tried to hack the Dutch Safety Board computer systems to obtain an advance copy of a report on the downing of a Malaysian aircraft over Ukraine in July 2014. The report said the plane was brought down by a Russian-made Buk surface-to-air missile.

The cyber attacks are part of a broader pattern of state-sponsored hacking by Russia focused on political targets, with a goal of giving Russia the upper hand in dealing with other governments, said Pasi Eronen, a Helsinki-based cyber warfare researcher who has advised Finland’s Defense Ministry.

 

Islamic State Threatens U.S. Military Bases

Posted on by

S. Korea beefs up security after Islamic State threatens US bases

Stripes: SEOUL, South Korea— The South Korean government said Monday it will step up security measures against potential terrorist threats after U.S. air bases and a South Korean civilian reportedly appeared on a list of targets circulated by a pro-Islamic State group of hackers.

Gen. Vincent Brooks, U.S. Forces Korea commander, and Gen. Lee Soon-jim, of the South Korean joint chiefs of staff, receive a briefing at the Joint Security Area of the Demilitarized Zone Thursday, May 12, 2016. The South Korean government reported Monday that U.S. bases and a South Korean civilian appeared on a list of targets circulated by pro-Islamic State hackers.<br>Kim Gamel/Stars and Stripes

Gen. Vincent Brooks, U.S. Forces Korea commander, and Gen. Lee Soon-jim, of the South Korean joint chiefs of staff, receive a briefing at the Joint Security Area of the Demilitarized Zone Thursday, May 12, 2016. The South Korean government reported Monday that U.S. bases and a South Korean civilian appeared on a list of targets circulated by pro-Islamic State hackers.

U.S. Forces Korea said the alert levels at military installations on the divided peninsula have not changed but stressed it is ready to respond “at any time to any emerging threats.”

Concern was raised over the weekend when South Korea’s state spy agency said Islamic State has called for attacks by revealing the locations of 77 U.S. and NATO air force installations, including Osan and Kunsan air bases, on messaging services. A South Korean employee of a welfare organization also was listed, the agency said.

The list included targets in several countries and was a troubling reminder that South Korea faces possible threats beyond its longtime rival to the north. The two Koreas remain technically at war since the 1950-53 conflict ended in an armistice instead of a peace treaty. Some 28,500 American servicemembers are stationed in the South.

The National Intelligence Service statement warned that “terror against South Korean citizens and foreigners in this country is becoming a reality.”

The spy agency apparently was referring to a so-called kill list released earlier this month by a pro-ISIS hacking group known as the United Cyber Caliphate with the names, addresses and email addresses of more than 8,000 people. It was not clear how or why the individuals were selected.

The group also published satellite images showing U.S. air bases around the world, although the same images can be found on Google Earth, according to Vocativ, a media and technology company that reported on the list on June 8.

NIS said it had told the U.S. military and South Korean military and police agencies to be on guard and to provide sufficient protection for the facilities mentioned by the group.

USFK said it takes the safety of the installations very seriously and remains committed to ensuring the highest degree of security on the peninsula.

“Through constant vigilance and regular exercises with our South Korean counterparts, we remain prepared to respond at any time to any emerging threats,” it said in an emailed statement.

South Korean Prime Minister Hwang Kyo-ahn said Monday that the government will come up with measures to prevent terrorist attacks, the Yonhap news agency reported. He said the nation’s counterterrorism center also will increase investigations and take every possible step to protect the public.

“The Islamic State of Iraq and the Levant has been citing South Korea as a potential target for its attacks since last September,” Hwang was quoted as saying.

 

**** From SCMagazine in April:

Several ISIS hacking groups announced on social media that they have joined forces to form a mega hacking group called United Cyber Caliphate (UCC).

Last week, threat actors in the group posted the names and addresses of 3,602 of the “most important citizens” of #NewYork and #Brooklyn and called for ISIS sympathizers to use the information to carry out lone wolf attacks, according to Techworm.

The list includes about 3,000 ordinary New Yorkers who have no specific ties to the government. The majority of the people on the list live in Manhattan and Brookly and each will receive a visit from the Federal Bureau of Investigations and the NYPD to discuss the issue, according to NBC4 New York.

During the same time, the group reportedly defaced the website of a Michigan church, leaving behind ISIS propaganda as part of a larger campaign using the “#KillCrusaders” hashtag.

UCC also claimed to have launched a cyberattack against the U.S. State Department that resulted in the leaked the data of about 50 employees, and defacement campaigns that targeted multiple Australian websites and the Russian Federal Customs Service.

The group also took credit for an attack that leaked the data of 18,000 Saudi Ministry of Defense and Aviation employees.

Update 4/27: UCC this week published a new kill list featuring names linked to the U.S. State Department, the DHS and other federal agencies, according to a report from Vocativ.

Demand the Pen and Phone for the Alien Enemies Act

Posted on by

 

   

8 Terror Attacks in Almost 8 Years: America Has Averaged One Terror Attack a Year Under Obama’s Watch

NYPost: America has now averaged one serious Islamic terrorist attack a year on President Obama’s watch, yet he still insists the threat from radical Islam is overblown and that he’s successfully protecting the nation.

If only hubris could be weaponized!

In the wake of Omar Mateen’s Orlando massacre, Obama whined about growing criticism of his terror-fighting strategy. But boy, does he deserve it. His record on terrorism is terrible, and Hillary Clinton should have a tough time defending it.

Here we are in the eighth year of his presidency, and the nation has now suffered eight significant attacks by Islamist terrorists on US soil or diplomatic property — an average of one attack a year since Obama’s been in office, with each new attack seemingly worse than the last.

And there’s six long months left to go.

Obama said Orlando “marks the most deadly shooting in American history.” Actually, it was the second-worst act of Islamic terrorism in American history, replacing in six short months the San Bernardino massacre as the deadliest terrorist attack on US soil since 9/11.

Here are the previous seven:

December 2015: Syed Farook and Tashfeen Malik, a married Pakistani couple, stormed a San Bernardino County government building with combat gear and rifles and opened fire on about 80 employees enjoying an office Christmas party. They killed 14 after pledging loyalty to ISIS. A third Muslim was charged with helping buy weapons.

July 2015: Mohammad Abdulazeez opened fire on a military recruiting center and US Navy Reserve center in Chattanooga, Tenn., where he shot to death four Marines and a sailor. Obama refused to call it terrorism.

May 2015: ISIS-directed Muslims Nadir Soofi and Elton Simpson opened fire on the Curtis Culwell Center in Garland, Texas, shooting a security guard before police took them down.

April 2013: Dzhokhar and Tamerlan Tsarnaev, Muslim brothers from Chechnya, exploded a pair of pressure-cooker bombs at the Boston Marathon, killing three and wounding more than 260. At least 17 people lost limbs from the shrapnel.

September 2012: Terrorists with al Qaeda in the Maghreb attacked the US Consulate in Benghazi, Libya, killing the US ambassador, a US Foreign Service officer and two CIA contractors. Obama and then-Secretary of State Clinton misled the American people, blaming the attack on an anti-Muslim video.

November 2009: Army Maj. Nidal Hasan opened fire on fellow soldiers at Fort Hood, Texas, killing 13. Obama ruled it “workplace violence,” even though Hasan was in contact with an al Qaeda leader before the strikes and praised Allah as he mowed down troops.

June 2009: Al Qaeda-trained Abdulhakim Muhammad opened fire on an Army recruiting office in Little Rock, Ark., killing Pvt. William Long and wounding Pvt. Quinton Ezeagwula.

So there you have it — an average of one serious terror strike against the United States every year on Obama’s watch. And we’re not even counting the underwear bomber, Times Square bomber, Fed Ex bombs and other near-misses.

History will not be kind to this president’s record.

When he came into office, Obama vowed to defeat terrorism using “all elements of our power”: “My single most important responsibility as president is to keep the American people safe. It’s the first thing that I think about when I wake up in the morning. It’s the last thing that I think about when I go to sleep at night.”

But it soon became clear he wasn’t serious.

In June 2009, Obama traveled to Cairo to apologize to Muslims the world over for America’s war on terror. Then he canceled the war and released as many terrorists as he could from Gitmo, while ordering the FBI and Homeland Security to delete “jihad” and other Islamic references from their counterterrorism manuals and fire all trainers who linked terrorism to Islam, blinding investigators to the threat from homegrown jihadists like Mateen.

Obama also stopped a major investigation of terror-supporting Muslim Brotherhood front groups and radical mosques, while opening the floodgates to Muslim immigrants, importing more than 400,000 of them, many from terrorist hot spots Syria, Iraq, Somalia, Saudi Arabia and Pakistan.

Attack after attack, the president has ridiculously maintained that global warming is a bigger threat than global terrorism. Americans are fed up. Even before San Bernardino and Orlando, polls showed Obama was widely viewed as soft on Islamist terrorists. He has an absolutely awful record keeping us safe from terrorism.

And this is the security mantle Hillary is so proud to inherit? Good luck with that.

Paul Sperry is author of “Infiltration: How Muslim Spies and Subversives Have Penetrated Washington” and “Muslim Mafia: Inside the Secret Underworld That’s Conspiring to Islamize America.”

***** Now for the human dimension to protect the homeland.

Obama has the authority to use his pen and phone on two options, declare a presidential proclamation or apply the law, The Alien Enemies Act. This can only be done during a time of war, such that the United States remains in a war since 2001. There is no question that the battlefields have remained the same while additional areas of hostilities have been added. The enemy is dynamic and has moved for at least a decade and the terror soldiers wear no flag patch of loyalty to a country but rather to a militant Islamic doctrine. Former President George W. Bush using all the legal and historical experts was correct in using the term ‘enemy combatant’.

As noted above, in the last 8 years, enemy combatants have brought the war, the hostilities and death to the homeland. This is the time for the sitting president to apply his authority which would provide more aggressive actions be taken by all law enforcement and investigative agencies in the United States asserting a higher level of protection. To not do so, is reckless, antithetical to his oath and to all the others that pledge the same oath. The United States is in a national security crisis and it must be declared. Consider, this is not just about the homeland, all foreign locations such as diplomatic posts or embassies are part of U.S. sovereign land where any location that is attack would also require presidential action.

The Alien Enemies Act is still on the books today, such that it is extraordinary that no one in Congress has in fact demanded it be applied. There are those that walk among us in this nation that are from and loyal to hostile nations.

Related reading:  Proclamation 2685–Removal of alien enemies

Related reading: Truman, Proclamation 2685

Related reading: Executive Order 9066

While this summary could be considered rhetorical, nonetheless it is real and this is our mission, our battle to win or lose.

SECTION 1. Be it enacted by the Senate and the House of Representatives of the United States of America in Congress assembled, That it shall be lawful for the President of the United States at any time during the continuance of this act, to order all such aliens as he shall judge dangerous to the peace and safety of the United States, or shall have reasonable grounds to suspect are concerned in any treasonable or secret machinations against the government thereof, to depart out of the territory of the United Slates, within such time as shall be expressed in such order, which order shall be served on such alien by delivering him a copy thereof, or leaving the same at his usual abode, and returned to the office of the Secretary of State, by the marshal or other person to whom the same shall be directed. And in case any alien, so ordered to depart, shall be found at large within the United States after the time limited in such order for his departure, and not having obtained a license from the President to reside therein, or having obtained such license shall not have conformed thereto, every such alien shall, on conviction thereof, be imprisoned for a term not exceeding three years, and shall never after be admitted to become a citizen of the United States. Read the full Act here.

Facts on TWO Lists, Watch List and Terror List

Posted on by

   

Most Wanted Terrorists

Select the images of suspected terrorists to display more information.

JABER A. ELBANEH

 

How Does the FBI Watch List Work? And Could It Have Prevented Orlando?

Wired:  OF ALL THE details investigators have uncovered about Orlando terrorist Omar Mateen, perhaps the most infuriating is the fact that he spent 10 months on a government watch list, yet had no trouble buying an assault rifle and a handgun.

Authorities placed Mateen on a watch list in May 2013 after coworkers at the Florida courthouse where he was a security guard told authorities he boasted of connections to al Qaeda and other terrorists organizations. He remained on the list for 10 months, and FBI Director James Comey told reporters this week that during that time the agency placed Mateen under surveillance and had confidential sources meet with him.

But the feds removed Mateen from the list in March 2014, after concluding that he had no significant links to terrorism beyond attending the same mosque as an American suicide bomber who died in Syria. “We don’t keep people under investigation indefinitely,” Comey said, adding that he doesn’t see anything that his agents should have done differently.

Comey didn’t identify the list Mateen was on, but an unnamed official told the Daily Beast that he was in two databases, the Terrorist Identities Datamart Environment database and the Terrorist Screening Database, more commonly called the terrorist watch list.

Here’s a look at what the lists are and how someone gets their name on one.

What is the Terrorist Watch List?
The Terrorist Screening Database was created in 2003 by order of a Homeland Security Presidential Directive. The database includes the names and aliases of anyone known to be, or reasonably suspected of being, involved in terrorism or assisting terrorists through financial aid or other ways. The federal Terrorist Screening Center maintains the database, and an array of government agencies nominate people to it through the National Counter Terrorism Center.

Some of the information in the database originates with the Terrorist Identities Datamart Environment, also called TIDE. That list contains classified data collected by intelligence agencies and militaries worldwide, but anything passed on to the terrorist watch list is first scrubbed of classified info. In 2013, TIDE had 1.1 million names in it.

The State Department checks all visa applicants against the watch list. The TSA’s No-Fly list and Selectee List, which identifies people who warrant additional screening and scrutiny at airports and border crossings, are also derived from the watch list. But it is most often used by law enforcement agencies at all levels to check the identity of anyone arrested, detained for questioning, or stopped for a traffic violation. The FBI calls it “one of the most effective counterterrorism tools for the US government.”

Entries in the database are coded according to threat level to provide law enforcement with instructions on what to do when they encounter a suspected terrorist who is on the list. According to a 2005 inspector general report (.pdf), of some 110,000 records in the database that the IG reviewed, 75 percent of them were given handling code 4, considered the lowest level, and 22 percent were given handling code 3. Only 318 records had handling codes 1 or 2. A description of what each level means is redacted in the publicly released version of the document, but a note indicates that people are usually given code 4 when they are either just an associate of a suspected terrorist and therefore may not pose a threat or if there is too little information known about the individual to categorize them at a higher level.

Appearing in the database doesn’t mean you’ll be arrested, denied a visa, or barred from entering the country. But it does mean your whereabouts and any other information gleaned from, say, a traffic stop, will be added to the file and scrutinized by authorities.

What’s the Criteria for Getting on the Watch List?
According to a 2013 watch list guideline produced by the Terrorist Screening Center and obtained by The Intercept, engaging in terrorism or having a direct connection to a terrorist organization is not necessary for inclusion on the list. Parents, spouses, siblings, children and “associates” of a suspected terrorist can appear on the list without any suspicion of terrorist involvement. “Irrefutable evidence” of terrorist activity and connections is also not necessary, the document states. Reasonable suspicion is sufficient, though this isn’t clearly defined.

“These lists are horribly imprecise,” a former federal prosecutor, who asked to remain anonymous, told WIRED. “They are based on rumor and innuendo, and it’s incredibly easy to get on the list and incredibly difficult to get off the list. There’s no due process for getting off the list.”

The guidelines also reveal that the Assistant to the President for Homeland Security and Counterterrorism can temporarily authorize placing entire “categories” of people on to the No-Fly and Selectee lists based on “credible intelligence” that indicates a certain category of individuals may be used to conduct an act of terrorism.

“Instead of a watch list limited to actual, known terrorists, the government has built a vast system based on the unproven and flawed premise that it can predict if a person will commit a terrorist act in the future,” Hina Shamsi, head of the ACLU’s National Security Project, told The Intercept. “On that dangerous theory, the government is secretly blacklisting people as suspected terrorists and giving them the impossible task of proving themselves innocent of a threat they haven’t carried out.”

What Is the No-Fly List?
This narrower list, derived from the terrorist watch list, includes people who haven’t done anything to warrant being arrested, yet the government deems too dangerous to allow onto commercial aircraft. Mateen reportedly did not appear on this list. The list included 2,500 individuals when Homeland Security chief Michael Chertoff released the tally for the first time in 2008. Six years later, Christopher Piehota, director of the Terrorist Screening Center, told a House subcommittee it had 64,000 names on it. That sounds like a lot, but the list includes dead people and multiple versions of names.

The No-Fly list is also notorious for ensnaring the innocent whose names resemble those of suspected terrorists. Senator Ted Kennedy, for example, was repeatedly prevented from boarding planes because his name matched that of someone on the list.

What Kind of ‘Terrorist Activity’ Gets You on the Terrorist Watch List?
Obvious things like using or possessing weapons of mass destruction will land you on the terrorist watch list. So will committing violence at an international airport, or engaging in arson or other types of destruction of government property if it’s done to intimidate, coerce, or influence people or government policy. But computer hacking can also get you included if it damages a computer used for interstate or foreign commerce or ones that are used by a financial institution or the government, if the hack was intended to influence people or policy.

Just as there are those on the list who shouldn’t be, so too are there people who don’t make it onto the list who should. Umar Farouk Abdul Mutallab, the so-called “underwear bomber” who attempted to detonate explosives aboard a flight from Europe in 2009, wasn’t on the terrorist or No-Fly lists, even though his father alerted the US embassy in Nigeria to his radicalization. He did appear in the TIDE database, but because that information is classified, it didn’t make it to the No-Fly list or the Amsterdam airport where he boarded his flight.

A 2007 inspector general’s audit of the terrorist watch list found that in 15 percent of terrorism cases the inspector’s office reviewed, the FBI failed to add suspects in the cases to the list.

Can Someone on the List Buy a Gun from a Federally Licensed Seller?
Appearing on the terrorist watch list wouldn’t necessarily prevent someone from purchasing a gun; it simply means law enforcement is alerted if you apply to purchase a weapon. So even if he’d been included on the list at the time he bought his weapons, Mateen would still have had no trouble purchasing his Sig Sauer MCX rifle and Glock 17 handgun.

There are ten criteria, however, that do prevent people, whether they’re on the terrorist watch list or not, from buying firearms from a licensed seller. They include a felony conviction, being an undocumented immigrant and being deemed mentally unstable by a court.

Government Accountability Office data recently released to California Democratic Senator Dianne Feinstein indicate that 2,477 people on the watch list attempted to buy a firearm between February 2004 (when authorities started checking gun sale purchases against the list) and the end of 2015. Of those, 2,265 of the transactions were allowed.

Feinstein proposed legislation last year to prevent known or suspected terrorists on the watch list from obtaining a gun license or buying a weapon from a licensed seller. The Senate rejected the proposal one day after the San Bernadino attack, but Feinstein said she hopes the Orlando massacre will give the bill new life. This week, Senate Democrats filibustered until Republicans agreed to consider such legislation.

But barring anyone on the list from buying a gun can create a different problem. “If you prevent people on the list from buying a weapon, then an attempt to buy the weapon can alert the person that they’re on the list,” the former prosecutor told WIRED. “So you’re aiding the terrorist [with that information].”

 

How Many People Are on the Terrorist Watch List?
The exact number is unclear because the list includes many aliases and variations of names, and officials often confuse the number of names that are on the list and the number of unique individuals that are on it. In 2011, for example, more than 1 million names appeared on the list, but just 400,000 of these represented unique individuals. In 2014, the Terrorist Screening Center’s Piehota told lawmakers the list included 800,000 names.

About 99 percent of names nominated to the list each year are accepted, and the number of nominations grows annually. In 2009, authorities nominated 227,932 known or suspected terrorists. In 2013, the number reached nearly 469,000.

Most of the people on the watch list are not US citizens; placing a citizen or permanent US resident on the list is supposed to require a higher standard, such information “from sources of known reliability or where there exists additional corroboration or context supporting reasonable suspicion,” according to the guidelines The Intercept obtained.

How Do You Get Off the Terrorist Watch List or No-Fly List?
This remains a source of great controversy. People on these lists rarely know how or why they landed there, and the process of removal can be convoluted. In 2007, the Department of Homeland Security created a redress program through which people can challenge their inclusion on the No-Fly list. It works well enough for anyone mistakenly added to the list, but provides little help to those whom the government says are on the list for legitimate reasons but won’t disclose the reasons.

The FBI will remove people from the terrorist watch list after closing an investigation that failed to uncover terrorist activity or connections. This is exactly what happened to Mateen, which has angered some officials. “The only way you should get off the list is if they no longer believe you’re a threat,” Senator Lindsey Graham said during a Capitol Hill briefing after the Orlando shooting. “It should have nothing to do with not being able to prove a crime.”

But the FBI was simply following procedure when it dropped Mateen from the watch list, after being criticized in the past for not promptly removing people when cases get closed. An inspector general’s report in 2007 found that the FBI failed to remove names in a timely manner in 72 percent of the cases the Bureau closed for lack of evidence. A 2009 audit found that the situation had not improved, prompting lawmakers like Vermont Democratic Senator Patrick Leahy to criticize the Bureau.

 

The bigger question then, is not why was Mateen removed from the list, but why did the FBI close its investigation of him prematurely? “To me, there was enough here to keep it in some sort of a status,” New York Republican Representative Peter King said during the Capitol Hill briefing this week.

But with so many suspects on the watch list, authorities must be judicious in choosing which ones to pursue. “Our work is very challenging,” Comey said this week. “We are looking for needles in a nationwide haystack. But we’re also called upon to figure out which pieces of hay might someday become needles.”

There is no specific criteria guiding when to close a case related to the terrorist watch list. “It’s a judgment call,” says the former prosecutor. “It depends on the seriousness of the allegations and the result of the investigation. It’s [a matter of whether an] investigator is convinced, more than anything else, that ‘We better keep looking at this guy.’”

In the case of Mateen, investigators surveilled him, looked into his background, and performed a “dangle,” the former prosecutor says. That’s when a confidential informant meets with a suspect. “They feel the guy out to try to figure out if he’s real or if he’s just all talk,” he says. They may do this by asking if he’s interested in purchasing weapons or materials to make a bomb. “They may try the dangle operation two or three times, and if he shows no genuine interest in activity, if he doesn’t take the bait, then they say after a period of time, we’ve got no reason to believe this person is something other than an angry young man … and they close the investigation.”

Still, a case is never truly closed. Authorities can re-open it if something piques their interest—like say, a suspect buying weapons. That would have been sufficient to get Mateen back on the FBI’s radar. But because he wasn’t on the watch list, the FBI didn’t know what he was up to. And that’s what lawmakers are saying they want to fix.

 

 

 

States Complying with DOJ/FBI Facial Recognition Database

Posted on by

 

 

GAO: The Department of Justice’s (DOJ) Federal Bureau of Investigation (FBI) operates the Next Generation Identification-Interstate Photo System (NGI-IPS)— a face recognition service that allows law enforcement agencies to search a database of over 30 million photos to support criminal investigations. NGI-IPS users include the FBI and selected state and local law enforcement agencies, which can submit search requests to help identify an unknown person using, for example, a photo from a surveillance camera. When a state or local agency submits such a photo, NGI-IPS uses an automated process to return a list of 2 to 50 possible candidate photos from the database, depending on the user’s specification. As of December 2015, the FBI has agreements with 7 states to search NGI-IPS, and is working with more states to grant access. In addition to the NGI-IPS, the FBI has an internal unit called Facial Analysis, Comparison and Evaluation (FACE) Services that provides face recognition capabilities, among other things, to support active FBI investigations. FACE Services not only has access to NGI-IPS, but can search or request to search databases owned by the Departments of State and Defense and 16 states, which use their own face recognition systems. Biometric analysts manually review photos before returning at most the top 1 or 2 photos as investigative leads to FBI agents.

DOJ developed a privacy impact assessment (PIA) of NGI-IPS in 2008, as required under the E-Government Act whenever agencies develop technologies that collect personal information. However, the FBI did not update the NGI-IPS PIA in a timely manner when the system underwent significant changes or publish a PIA for FACE Services before that unit began supporting FBI agents. DOJ ultimately approved PIAs for NGI-IPS and FACE Services in September and May 2015, respectively. The timely publishing of PIAs would provide the public with greater assurance that the FBI is evaluating risks to privacy when implementing systems. Similarly, NGI-IPS has been in place since 2011, but DOJ did not publish a System of Records Notice (SORN) that addresses the FBI’s use of face recognition capabilities, as required by law, until May 5, 2016, after completion of GAO’s review. The timely publishing of a SORN would improve the public’s understanding of how NGI uses and protects personal information.

Prior to deploying NGI-IPS, the FBI conducted limited testing to evaluate whether face recognition searches returned matches to persons in the database (the detection rate) within a candidate list of 50, but has not assessed how often errors occur. FBI officials stated that they do not know, and have not tested, the detection rate for candidate list sizes smaller than 50, which users sometimes request from the FBI. By conducting tests to verify that NGI-IPS is accurate for all allowable candidate list sizes, the FBI would have more reasonable assurance that NGI-IPS provides leads that help enhance, rather than hinder, criminal investigations. Additionally, the FBI has not taken steps to determine whether the face recognition systems used by external partners, such as states and federal agencies, are sufficiently accurate for use by FACE Services to support FBI investigations. By taking such steps, the FBI could better ensure the data received from external partners is sufficiently accurate and do not unnecessarily include photos of innocent people as investigative leads.

*** The Privacy Act of 1974 places limitations on agencies’ collection, disclosure, and use of personal information maintained in systems of records.3 The Privacy Act requires agencies to publish a notice—known as a System of Records Notice (SORN)—in the Federal Register identifying, among other things, the categories of individuals whose information is in the system of records, and the type of data collected.4 Also, the E-Government Act of 2002 requires agencies to conduct Privacy Impact Assessments (PIA) that analyze how personal information is collected, stored, shared, and managed in a federal system.5 Agencies are required to make their PIAs publicly available if practicable.  See the entire report here from the General Accounting Office.