Category Archives: Cyber War

4 Million Federal Employees Hacked Months Ago

Posted on by

The Office of Personnel Management issued a warning today that all current and former federal employees may be the subject of hacking of personal data and security clearance information.

The Department of Homeland Security used a system called Einstein that determined the hack in April of 2015 but they did not reveal when the actual breach happened. Signs are pointing to China and the responsible country and it should be noted that Russia was responsible for an earlier breach of the IRS.

The Official Office of Personnel Management Press Release

Thursday, June 04, 2015 Contact: Sam Schumach
Tel: (202) 606-2402
OPM to Notify Employees of Cybersecurity Incident
WASHINGTON, DC – The U.S. Office of Personnel Management (OPM) has identified a cybersecurity incident potentially affecting personnel data for current and former federal employees, including personally identifiable information (PII).
Within the last year, the OPM has undertaken an aggressive effort to update its cybersecurity posture, adding numerous tools and capabilities to its networks.  As a result, in April 2015, OPM detected a cyber-intrusion affecting its information technology (IT) systems and data. The intrusion predated the adoption of the tougher security controls.
OPM has partnered with the U.S. Department of Homeland Security’s Computer Emergency Readiness Team (US-CERT) and the Federal Bureau of Investigation (FBI) to determine the full impact to Federal personnel. OPM continues to improve security for the sensitive information it manages and evaluates its IT security protocols on a continuous basis to protect sensitive data to the greatest extent possible. Since the intrusion, OPM has instituted additional network security precautions, including: restricting remote access for network administrators and restricting network administration functions remotely; a review of all connections to ensure that only legitimate business connections have access to the internet; and deploying anti-malware software across the environment to protect and prevent the deployment or execution of tools that could compromise the network.
As a result of the incident, OPM will send notifications to approximately 4 million individuals whose PII may have been compromised.  Since the investigation is on-going, additional PII exposures may come to light; in that case, OPM will conduct additional notifications as necessary.  In order to mitigate the risk of fraud and identity theft, OPM is offering credit report access, credit monitoring and identify theft insurance and recovery services to potentially affected individuals through CSID®, a company that specializes in these services.  This comprehensive, 18-month membership includes credit monitoring and $1 million in identity theft protection services at no cost to enrollees.
“Protecting our Federal employee data from malicious cyber incidents is of the highest priority at OPM,” said OPM Director Katherine Archuleta. “We take very seriously our responsibility to secure the information stored in our systems, and in coordination with our agency partners, our experienced team is constantly identifying opportunities to further protect the data with which we are entrusted.”
OPM has issued the following guidance to affected individuals:
Monitor financial account statements and immediately report any suspicious or unusual activity to financial institutions.
Request a free credit report at www.AnnualCreditReport.com or by calling 1-877-322-8228.  Consumers are entitled by law to one free credit report per year from each of the three major credit bureaus – Equifax®, Experian®, and TransUnion® – for a total of three reports every year.  Contact information for the credit bureaus can be found on the Federal Trade Commission (FTC) website, www.ftc.gov.
Review resources provided on the FTC identity theft website, www.identitytheft.gov.  The FTC maintains a variety of consumer publications providing comprehensive information on computer intrusions and identity theft.
You may place a fraud alert on your credit file to let creditors know to contact you before opening a new account in your name.  Simply call TransUnion® at 1-800-680-7289 to place this alert.  TransUnion® will then notify the other two credit bureaus on your behalf.
How to avoid being a victim:
Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information.  If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.
Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
Do not send sensitive information over the Internet before checking a website’s security (for more information, see Protecting Your Privacy, http://www.us-cert.gov/ncas/tips/ST04-013).
Pay attention to the URL of a website.  Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly.  Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information.  Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group (http://www.antiphishing.org).
Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic (for more information, see Understanding Firewalls, http://www.us-cert.gov/ncas/tips/ST04-004; Understanding Anti-Virus Software, http://www.us-cert.gov/ncas/tips/ST04-005; and Reducing Spam, http://www.us-cert.gov/ncas/tips/ST04-007).
Take advantage of any anti-phishing features offered by your email client and web browser.
Employees should take steps to monitor their personally identifiable information and report any suspected instances of identity theft to the FBI’s Internet Crime Complaint Center at www.ic3.gov.
Potentially affected individuals can obtain additional information about the steps they can take to avoid identity theft from the following agencies. The FTC also encourages those who discover that their information has been misused to file a complaint with them.

 

Disneyworld Discriminates Against Americans

Posted on by

October 2014 – Disney CEO Bob Iger is one of eight co-chairs of the Partnership for a New American Economy, a leading group advocating for an increase in the H-1B visa cap. Last Friday, this partnership was a sponsor of an H-1B briefing at the U.S. Capitol for congressional staffers. The briefing was closed to the press.

One of the briefing documents handed out at the congressional forum made this claim: “H-1B workers complement – instead of displace – U.S. Workers.” It explains that as employers use foreign workers to fill “more technical and low-level jobs, firms are able to expand” and allow U.S. workers “to assume managerial and leadership positions.”

The document was obtained by Norman Matloff, a computer science professor at the University of California at Davis and a longtime critic of the H-1B program. He posted it on his blog.
From the perspective of five laid-off Disney IT workers, all of whom agreed to speak on the condition of anonymity, Disney cut well-paid and longtime staff members, some who had been previously singled out for excellence, as it shifted work to contractors. These contractors used foreign labor, mostly from India. The laid-off workers believe the primary motivation behind Disney’s action was cost-cutting.

“Some of these folks were literally flown in the day before to take over the exact same job I was doing,” said one of the IT workers who lost his job. He trained his replacement and is angry over the fact he had to train someone from India “on site, in our country.”

Disney officials promised new job opportunities as a result of the restructuring, and employees marked for termination were encouraged to apply for those positions. But  the workers interviewed said they knew of few co-workers who had landed one of the new jobs.

Employees said the original number of workers laid off back in October was more than several hundred. But the Disney source put that number lower, saying approximately 135 IT workers lost their jobs.

It gets worse.

Pink Slips at Disney. But First, Training Foreign Replacement
Disney executives said that the layoffs were part of a reorganization, and that the company opened more positions than it eliminated.

But the layoffs at Disney and at other companies, including the Southern California Edison power utility, are raising new questions about how businesses and outsourcing companies are using the temporary visas, known as H-1B, to place immigrants in technology jobs in the United States. These visas are at the center of a fierce debate in Congress over whether they complement American workers or displace them.

According to federal guidelines, the visas are intended for foreigners with advanced science or computer skills to fill discrete positions when American workers with those skills cannot be found. Their use, the guidelines say, should not “adversely affect the wages and working conditions” of Americans. Because of legal loopholes, however, in practice, companies do not have to recruit American workers first or guarantee that Americans will not be displaced.

Too often, critics say, the visas are being used to bring in immigrants to do the work of Americans for less money, with laid-off American workers having to train their replacements.

Read much more here.

What is Missing from the TPP? Reward Offered

Posted on by

If The TPP is Such a Great Idea, Why Keep it a Secret?

The Obama Administration has been pressuring members of Congress to pass the bill that will give President Obama the “fast track”  authority to negotiate the Trans-Pacific Partnership(TPP) agreement without any debate in Congress.  Fast track authority would not allow for any amendments and the bill would remain secret until just before it is voted on.

“President Obama is currently pressing members of Congress to pass Fast-Track authority for a trade and investment agreement called the Trans-Pacific Partnership (TPP). If Fast Track passes, it means that Congress must approve or deny the TPP with minimal debate and no amendments. Astonishingly, our lawmakers have not seen the agreement they are being asked to expedite.” Nation of Change

This trade agreement, like previous international trade agreements, like NAFTA, is not a partisan issue.  On just about every other piece of legislation that the Obama Administration has introduced to Congress, the Republican majority has stood fast against it.  However, in this instance, Congress appears to be strangely united in its efforts to pass a secret bill that they have not even been allowed to read.  More important details here.

WikiLeaks issues call for $100,000 bounty on monster trade treaty

Today WikiLeaks has launched a campaign to crowd-source a $100,000 reward for America’s Most Wanted Secret: the Trans-Pacific Partnership Agreement (TPP). One chapter is found here.

Over the last two years WikiLeaks has published three chapters of this super-secret global deal, despite unprecedented efforts by negotiating governments to keep it under wraps. US Senator Elizabeth Warren has said

“[They] can’t make this deal public because if the American people saw what was in it, they would be opposed to it.”

The remaining 26 chapters of the deal are closely held by negotiators and the big corporations that have been given privilleged access. Today, WikiLeaks is taking steps to bring about the public’s rightful access to the missing chapters of this monster trade pact.

The TPP is the largest agreement of its kind in history: a multi-trillion dollar international treaty being negotiated in secret by the US, Japan, Mexico, Canada, Australia and 7 other countries. The treaty aims to create a new international legal regime that will allow transnational corporations to bypass domestic courts, evade environmental protections, police the internet on behalf of the content industry, limit the availability of affordable generic medicines, and drastically curtail each country’s legislative sovereignty.

The TPP bounty also heralds the launch of WikiLeaks new competition system, which allows the public to pledge prizes towards each of the world’s most wanted leaks. For example, members of the public can now pledge on the missing chapters of the TPP.

WikiLeaks founder Julian Assange said,

“The transparency clock has run out on the TPP. No more secrecy. No more excuses. Let’s open the TPP once and for all.”

Note: The TPP is also noteworthy as the icebreaker agreement for the giant proposed ’T-treaty triad’ of TPP-TISA-TTIP which extends TPP style rules to 53 nations, 1.6 billion people and 2/3rds of the global economy.

See https://wikileaks.org/pledge/

Launch a Moratorium on Refugees NOW

Posted on by

There are 2 key words that make it very easy with approval for foreign nationals to enter the United States, ‘refugees and asylees’, both are very threatening conditions to our national security.

Reuters / Moayad Zaghmout

Is anyone taking notice? The call to action here is to demand your district representative in Congress to launch an immediate moratorium now. Here is your proof and platform…if it happens there, it is happening here and that too has been proven.

The United Nations is the master of the refugee and asylum program for the United States. This has been previously explained here.

Enemies of the West such as al Qaeda, al Nusra and ISIS has a brilliant plan and it is working.

UN-cleared refugees to Norway revealed as ISIS militants – report

Norwegian authorities have revealed that several Middle East refugees set to be granted asylum in Norway under a UN program have links to the Islamic State and Nusra Front extremist groups, media reported on Monday.

 

Unfortunately, there are people who try to exploit and abuse the refugee system. We have uncovered some quota refugees with links to the Nusra Front and the ISIL,” police superintendent Svein Erik Molstad said, as quoted by the Dagbladetnewspaper.

During two trips to the Middle East, Norway’s PST police intelligence unit discovered up to 10 Norway-bound refugees were members of the militant groups. The findings were discovered during background checks conducted by the agency.

The migrants are part of the so-called “quota refugees” cleared by the UN High Commissioner for Refugees (UNHCR) for resettlement in Norway.

The issue is particularly relevant at the moment, as the Norwegian Parliament is discussing how many more refugees Norway will accept from Syria. A majority are calling for 10,000 to be let into the country, although local governments say they cannot accommodate such a large number. Negotiations are underway, with a final decision expected later this month.

Around 5,000 refugees already in Norway are in asylum centers, awaiting housing.

Both the Islamic State (IS, formerly ISIS/ISIL) and Nusra Front are engaged in fighting against forces loyal to Syrian President Bashar Assad. IS now controls large swathes of Iraq and Syria, and has ambitions to form a ‘caliphate’ in the Middle East.

This is not the first time that concern has been raised regarding militants disguised as refugees. A Libyan government adviser said in May that Islamic State is smuggling “prize operatives” into Europe.

In April, IS supporters posted photographs allegedly taken in Italian cities, accompanied with messages such as: “We are in your streets.”

Surveillance State, Your Touch and Your Smartphone

Posted on by

There was a Rand Paul filibuster last week over the NSA broad sweep of citizen’s private affairs. Senator Paul does have a major point in his efforts to protect our privacy yet to what ends when it comes to national security? He pledges to take the matter of the vote on the NSA to see the Patriot Act end.

There is yet another piece of legislation that is important to understand. The USA Freedom Act. In part:

Uniting and Strengthening America by Fulfilling Rights and Ending Eavesdropping, Dragnet Collection, and Online Monitoring Act

H.R. 3361/ S. 1599

Purpose:  To rein in the dragnet collection of data by the National Security Agency (NSA) and other government agencies, increase transparency of the Foreign Intelligence Surveillance Court (FISC), provide businesses the ability to release information regarding FISA requests, and create an independent constitutional advocate to argue cases before the FISC.

End bulk collection of Americans’ communications records

• The USA Freedom Act ends bulk collection under Section 215 of the Patriot Act.
• The bill would strengthen the prohibition on “reverse targeting” of Americans—that is, targeting a foreigner with the goal of obtaining communications involving an American.
• The bill requires the government to more aggressively filter and discard information about Americans accidentally collected through PRISM and related programs.

Reform the Foreign Intelligence Surveillance Court

• The USA Freedom Act creates an Office of the Special Advocate (OSA) tasked with promoting privacy interests before the FISA court’s closed proceedings. The OSA will have the authority to appeal decisions of the FISA court.
• The bill creates new and more robust reporting requirements to ensure that Congress is aware of actions by the FISC and intelligence community as a whole.
• The bill would grant the Privacy and Civil Liberties Oversight  Board subpoena authority to investigate issues related to privacy and national security.

Increase Transparency

• The USA Freedom Act would end secret laws by requiring the Attorney General to publicly disclose all FISC decisions issued after July 10, 2003 that contain a significant construction or interpretation of law.
• Under the bill, Internet and telecom companies would be allowed to publicly report an estimate of (1) the number of FISA orders and national security letters received, (2) the number of such orders and letters complied with, and (3) the number of users or accounts on whom information was demanded under the orders and letters.
• The bill would require the government to make annual or semiannual public reports estimating the total number of individuals and U.S. persons that were subject to FISA orders authorizing electronic surveillance, pen/trap devices, and access to business records.

DONT APPLAUD JUST YET…this next introduction of technology is very chilling. When does it all stop with surveillance?

NSA will Track Your Smartphone Finger Strokes

Smartphone technology built by Lockheed Martin promises to verify a user’s identity based on the swiftness and shape of the individual’s finger strokes on a touch screen. The mobile device feature, created by Lockheed Martin, verifies a user’s identity based on the swiftness and shape of the individual’s finger strokes on a touch screen. The technology is but one incarnation of handwriting-motion recognition, sometimes called “dynamic signature” biometrics, that has roots in the Air Force. “Nobody else has the same strokes,” said John Mears, senior fellow for Lockheed IT and Security Solutions. “People can forge your handwriting in two dimensions, but they couldn’t forge it in three or four dimensions. Three is the pressure you put in, in addition to the two dimensions on the paper. The fourth dimension is time. The most advanced handwriting-type authentication tracks you in four dimensions.”  The biometric factors measured by Lockheed’s technology, dubbed “Mandrake,” are speed, acceleration and the curve of an individual’s strokes. “We’ve done work with the NSA with that for secure gesture authentication as a technique for using smartphones,” Mears said. “They are actually able to use it.” According to Defense One . Lockheed officials said they do not know how or if the agency has operationally deployed the Mandrake smartphone doodling-recognition tool. The company also is the architect of the FBI’s recently completed $1 billion facial, fingerprint, palm print, retina scan and tattoo image biometric ID system. That project, called the Next Generation Identification system, could tie in voice and “gait matching” (how a person walks) in the future, the bureau has said. Mandrake potentially might be useful for emergency responders who often do not have the time or capability to access an incident command website, Mears said.