Category Archives: Department of Homeland Security

Revoking U.S. Citizenship, it Does Happen

Posted on by

FNC: A  Mexico native serving time in a prison south of the border for rape had his naturalized U.S. citizenship revoked by a federal judge Tuesday after authorities discovered the man failed to disclose a previous child sex assault conviction dating back more than 20 years.

The decision to denaturalize Jose Arizmendi, 54, made him the 88th person in the last eight years to have his citizenship revoked, according to a review by SeattlePI.com. Arizmendi had been living in Texas, making him the ninth person from the Lone Star State in eight years to be denaturalized.

imm

Jose Arizmendi, seen in a 1996 mug shot.

“The Justice Department is committed to preserving the integrity of our nation’s immigration system,” Acting Assistant Attorney General Chad A. Readler said in a statement. “We will aggressively pursue denaturalization in cases where individuals lie on their naturalization applications, especially in a circumstance like this one, which involved a child sex abuser. Civil denaturalization cases are an important law enforcement tool for protecting the public, including our children.”

Arizmendi, who is currently serving an 18-year sentence in Mexico for the rape of a minor there, did not tell officials at his immigration interview in October 1995 about his conviction six months earlier for the aggravated sexual assault of a child, according to a Department of Justice news release. Arizmendi was given 10 years of probation in that case, The Houston Chronicle reported.

When officials approving his immigration request asked if he had ever been arrested or convicted of a crime, Arizmendi told them: “No.”

Partly based on that answer, Arizmendi became a U.S. citizen in 1996. But immigration officials eventually uncovered the child sex assault conviction and alerted the DOJ, which initiated proceedings to strip Arizmendi of his citizenship in February 2015.

Because of a 10-year statute of limitations, U.S. authorities couldn’t revoke the citizenship based on the criminal conviction alone – but due to Arizmendi’s lie to immigration officials, they were able to strip it as a civil denaturalization.

“Applications for naturalization must be candid with all material facts,” Acting U.S. Attorney for the Southern District of Texas Abe Martinez said in a statement. “Like in this case, failing to disclose material data should result in denaturalization.”

*** Meanwhile, other cases such as that posted below are still common and daily criminal cases.

From left, rape-home invasion suspects Francisco Palencia, 17, and Josue Ramirez, 19. Ramirez has an immigration hold from ICE at the Gwinnett County Jail near Atlanta.

GWINNETT COUNTY, Ga. – It’s easily one of the most horrific crimes of the year in the Atlanta area, and now WND has found that the lead suspect is an illegal alien from Latin America.

On June 15, police arrested three Hispanic teen agers accused of raping a 23-year-old Gwinnett County mother in front of her 4-year-old son.

The suspects are Josue Aguilar Ramirez, 19, Francisco Palencia, 17, and an unidentified 15-year-old girl. All three face charges of kidnapping, rape, cruelty to children, aggravated sodomy and aggravated battery.

The oldest, Ramirez, is an illegal immigrant who is subject to an immigration hold at the Gwinnett County Detention Center, according to online jail records.

According to the police report, the young mother arrived home from work with her two small children just before 3 a.m. on May 12 and found two armed men inside her kitchen, each wearing black jackets and ski masks. They were armed with Taser stun guns.

“The two males were armed with Tasers and approached ( her),” according to the police report.

The incident occurred at the woman’s apartment in unincorporated Tucker, Georgia, within Gwinnett County, a suburb of Atlanta that has one of the state’s highest populations of illegal immigrants.

The mother initially tried to fight back, but one of the men threw two pots of boiling water on her, severely burning her shoulder, neck and arm, according to the police report. Even though badly burned, she still struggled to get away from her attackers and back to her children.

That’s when the men shocked the woman with the Taser and forced her into the bedroom. One of the teens asked her if she had HIV, and she said “no.” They demanded she take off her clothes and forced her to perform oral sex before raping her, the police reports state.

She told police that she “complied wit h the male’s demands out of fear for what could be done to her children.”

Peter Smith and Hillary’s 30,000 Missing Emails

Posted on by

Peter Smith and Michael Flynn knew each other and communicated often. Peter Smith was 81 years old when he died, but what does Flynn have when it comes to 30,000 emails that Hillary deleted? Once Smith was able to located Russian hackers that admitted hacking Hillary’s emails, the question is where are they and why were they never published?

Performing attribution, ensuring they are real, confirming they have not been doctored is the challenge, after all Russians are in the equation. However, cyber experts performing the review have an above 90% certainty. Peter Smith was not associated at all with any part of the Trump camp but did support his race for the White House.

Meanwhile, special council Robert Mueller and his team are likely passing out subpoenas to get all the pieces of the electronic trail on this.

Image result for peter smith hackers Peter Smith/NYDailyNews

Humm…let’s go deeper for background and context. Once you read below, you will have thousands of questions and some are answered here in the follow up podcast with the WSJ journalist that broke the story.

***

A new report raises some big questions about Michael Flynn and Russian hackers

The Wall Street Journal describes how one Trump supporter reached out to hackers — and dropped Flynn’s name.

A tantalizing new report from Shane Harris of the Wall Street Journal gives the strongest indication yet that collusion may have occurred — or was at least attempted — between supporters of Donald Trump’s 2016 presidential campaign and Russian hackers who targeted Democrats’ emails.

And it raises serious questions about whether fired National Security Adviser Michael Flynn was involved in these efforts to contact hackers.

Harris describes an effort by Peter Smith, a Trump-supporting GOP operative and private equity executive, to track down Hillary Clinton’s infamous 30,000 or so deleted emails during the fall of 2016.

The effort, described on the record to Harris by Smith (the 81-year old man died a week and a half after their interview), entailed outreach to several hacker groups, including at least two that Smith believed to be Russian-tied, to see if they had hacked the emails and could release them.

The emails — which Clinton said she deleted because they were personal and unrelated to her work as secretary of state — never surfaced. And Smith didn’t work for the Trump campaign.

But this new report could be especially significant because of one name that keeps coming up: Michael Flynn, who at the time was advising the Trump campaign.

Smith repeatedly claimed that he was in contact with Flynn about the effort to find Clinton’s emails, per Harris’s sources.

“He said, ‘I’m talking to Michael Flynn about this — if you find anything, can you let me know?’” said Eric York, a computer-security expert from Atlanta who searched hacker forums on Mr. Smith’s behalf for people who might have access to the emails. …

… In phone conversations, Mr. Smith told a computer expert he was in direct contact with Mr. Flynn and his son, according to this expert. … The expert said that based on his conversations with Mr. Smith, he understood the elder Mr. Flynn to be coordinating with Mr. Smith’s group in his capacity as a Trump campaign adviser.

Furthermore, Harris describes, apparently for the first time, US intelligence reports claiming Russian hackers discussed how to get hacked emails to Flynn through a third party.

Investigators have examined reports from intelligence agencies that describe Russian hackers discussing how to obtain emails from Mrs. Clinton’s server and then transmit them to Mr. Flynn via an intermediary, according to U.S. officials with knowledge of the intelligence.

If accurate, all this is enough to raise serious questions about just what Flynn knew about this or any other attempted outreach to Russian hackers.

How this story fits into the timeline of the hackings

It’s no secret that Trump wanted someone to find Clinton’s deleted emails — he said as much publicly.

To recap: When word got out that Clinton had used a personal email account for all her work at the State Department, she agreed to hand over the work-related emails on that account to government investigators. But it turned out that she had previously deemed about 32,000 emails (about half of the total) to be “personal” rather than work-related, and deleted them.

Many conservatives didn’t take Clinton’s explanation for why she deleted the emails at face value, and questioned whether the deleted emails could have included some incriminating information that might reveal scandalous behavior of some kind. One of those Republicans was Trump, who repeatedly referenced the deleted emails on the campaign trail.

In July 2016, hacked emails from the Democratic National Committee were publicly released, and the hacks were thought to be the work of Russia. And at the time, Trump said in public that he hoped there would be email releases to come — including Clinton’s deleted ones.

“Russia, if you’re listening, I hope you’re about to find the 30,000 [Hillary Clinton] emails that are missing,” he said at a press conference. “I think you will probably be rewarded mightily by our press. Let’s see if that happens. That will be next.”

A few months after this, in fall 2016, Peter Smith launched the effort reported by the Journal to try to get the emails from hacking groups that he thought might have them — including hacking groups he understood to be tied to the Russian government.

Again, though, it seems that no one did have Clinton’s deleted emails. The biggest Russia-linked email hacks and dumps involved the DNC accounts (released in July 2016) and Clinton campaign chair John Podesta’s emails (released in October 2016), but no emails from Clinton’s own server.

Michael Flynn’s potential involvement could be highly significant

Still, one major question has always been whether any Trump associates were involved in these or other hacking efforts.

There’s been a whole lot of evidence that several Trump associates (including Flynn) had ties to Russian officials, and of course it was clear that Trump’s public policies were far more pro-Russia than the Republican norm.

But there really hasn’t been very much evidence tying anyone in Trumpworld to any hacking — making it plausible that the hacking operations were carried out without any coordination or contacts with anyone in Trump’s camp.

Harris’s story changes that somewhat. Now we know of Smith’s outreach to Russian hackers — and, more importantly, his claims that Flynn (who was close to Trump) may have known too. And there’s that other claim that US intelligence suggests Russian hackers were discussing giving hacked emails to Flynn. Where would they get that idea?

Any involvement from Flynn could be quite significant. He’s known to have had many contacts with Russian officials, and he advised Trump on foreign policy matters during the presidential campaign.

Afterward, Trump named him national security adviser. But he didn’t last long in the post, resigning in February due to controversy over whether he falsely described his contacts with Russian Ambassador Sergey Kislyak during the transition.

By then, the White House had been told that Flynn was under federal investigation. And then-FBI Director James Comey has since testified that the day after Flynn’s firing, President Trump took him aside and told him, “I hope you can see your way clear to letting this go, to letting Flynn go. He is a good guy. I hope you can let this go.”

So Trump has already been trying to shield Flynn from investigators — making the question of just what Flynn might know ever more interesting, and one that will certainly be on special counsel Robert Mueller’s mind.

Brute Force Attack on UK Parliament User Emails

Posted on by

Inside and outside cyber experts are making attributions to Russia.

The Russian government is suspected of being behind a cyber-attack on parliament that breached dozens of email accounts belonging to MPs and peers.

Although the investigation is at an early stage and the identity of those responsible may prove impossible to establish with absolute certainty, Moscow is deemed the most likely culprit.

The British security services believe that responsibility for the attack is more likely to lie with another state rather than a small group of individual hackers.

The number of states who might mount such an attack on the UK is limited, and, in addition to Russia, includes North Korea, China and Iran.

A security source said: “It was a brute force attack. It appears to have been state-sponsored.”

“The nature of cyber-attacks means it is notoriously difficult to attribute an incident to a specific actor.”

MPs contacted by the Guardian said the immediate suspicion had fallen upon foreign governments such as Russia and North Korea, both of which have been accused of being behind hacking attempts in the UK before. More from the Guardian.

BBC: Up to 90 email accounts were compromised during the cyber-attack on Parliament on Friday.

Fewer than 1% of the 9,000 users of the IT system were impacted by the hacking, said a parliamentary spokesman.

The hack prompted officials to disable remote access to the emails of MPs, peers and their staff as a safeguard.

The spokesman said the attack was a result of “weak passwords” and an investigation is under way to determine whether any data has been lost.

Both Houses of Parliament will meet as planned on Monday and plans are being put in place to allow it to resume its wider IT services, said officials.

A number of MPs confirmed to the BBC they were unable to access their parliamentary email accounts outside of the Westminster estate following the hacking.

‘Passwords for sale’

The spokesman said the parliamentary network was compromised due to “weak passwords” which did not conform to guidance from the Parliamentary Digital Service.

They added: “As they are identified, the individuals whose accounts have been compromised have been contacted and investigations to determine whether any data has been lost are under way.”

The incident comes just over a month after 48 of England’s NHS trusts were hit by a cyber-attack.

International Trade Secretary Liam Fox said: “We have seen reports in the last few days of even cabinet ministers’ passwords being for sale online.

“We know that our public services are attacked so it is not at all surprising that there should be an attempt to hack into parliamentary emails.

“And it’s a warning to everybody, whether they are in Parliament or elsewhere, that they need to do everything possible to maintain their own cyber-security.”

The latest attack was publicly revealed by Liberal Democrat peer Lord Rennard on Twitter as he asked his followers to send any “urgent messages” to him by text.

The National Cyber Security Centre and National Crime Agency are investigating the incident.

WannaCry Hacking Bad, but This is Terrifying

Posted on by

WASHINGTON — CIA Director Mike Pompeo says he thinks disclosure of America’s secret intelligence is on the rise, fueled partly by the “worship” of leakers like Edward Snowden.

“In some ways, I do think it’s accelerated,” Pompeo told MSNBC in an interview that aired Saturday. “I think there is a phenomenon, the worship of Edward Snowden, and those who steal American secrets for the purpose of self-aggrandizement or money or for whatever their motivation may be, does seem to be on the increase.”

Pompeo said the United States needs to redouble its efforts to stem leaks of classified information. More here.

***

A Cyberattack ‘the World Isn’t Ready For’

Golan Ben-Oni, of the IDT Corporation, which was attacked in April with two cyberweapons stolen from the National Security Agency.  Justin T. Gellerson for The New York Times

NEWARK — There have been times over the last two months when Golan Ben-Oni has felt like a voice in the wilderness.

On April 29, someone hit his employer, IDT Corporation, with two cyberweapons that had been stolen from the National Security Agency. Mr. Ben-Oni, the global chief information officer at IDT, was able to fend them off, but the attack left him distraught.

In 22 years of dealing with hackers of every sort, he had never seen anything like it. Who was behind it? How did they evade all of his defenses? How many others had been attacked but did not know it?

Since then, Mr. Ben-Oni has been sounding alarm bells, calling anyone who will listen at the White House, the Federal Bureau of Investigation, the New Jersey attorney general’s office and the top cybersecurity companies in the country to warn them about an attack that may still be invisibly striking victims undetected around the world.

And he is determined to track down whoever did it.

“I don’t pursue every attacker, just the ones that piss me off,” Mr. Ben-Oni told me recently over lentils in his office, which was strewn with empty Red Bull cans. “This pissed me off and, more importantly, it pissed my wife off, which is the real litmus test.”

Two weeks after IDT was hit, the cyberattack known as WannaCry ravaged computers at hospitals in England, universities in China, rail systems in Germany, even auto plants in Japan. No doubt it was destructive. But what Mr. Ben-Oni had witnessed was much worse, and with all eyes on the WannaCry destruction, few seemed to be paying attention to the attack on IDT’s systems — and most likely others around the world.

The strike on IDT, a conglomerate with headquarters in a nondescript gray building here with views of the Manhattan skyline 15 miles away, was similar to WannaCry in one way: Hackers locked up IDT data and demanded a ransom to unlock it.

But the ransom demand was just a smoke screen for a far more invasive attack that stole employee credentials. With those credentials in hand, hackers could have run free through the company’s computer network, taking confidential information or destroying machines.

Worse, the assault, which has never been reported before, was not spotted by some of the nation’s leading cybersecurity products, the top security engineers at its biggest tech companies, government intelligence analysts or the F.B.I., which remains consumed with the WannaCry attack.

Were it not for a digital black box that recorded everything on IDT’s network, along with Mr. Ben-Oni’s tenacity, the attack might have gone unnoticed.

Scans for the two hacking tools used against IDT indicate that the company is not alone. In fact, tens of thousands of computer systems all over the world have been “backdoored” by the same N.S.A. weapons. Mr. Ben-Oni and other security researchers worry that many of those other infected computers are connected to transportation networks, hospitals, water treatment plants and other utilities.

An attack on those systems, they warn, could put lives at risk. And Mr. Ben-Oni, fortified with adrenaline, Red Bull and the house beats of Deadmau5, the Canadian record producer, said he would not stop until the attacks had been shut down and those responsible were behind bars.

“The world is burning about WannaCry, but this is a nuclear bomb compared to WannaCry,” Mr. Ben-Oni said. “This is different. It’s a lot worse. It steals credentials. You can’t catch it, and it’s happening right under our noses.”

And, he added, “The world isn’t ready for this.”

Targeting the Nerve Center

Mr. Ben-Oni, 43, a Hasidic Jew, is a slight man with smiling eyes, a thick beard and a hacker’s penchant for mischief. He grew up in the hills of Berkeley, Calif., the son of Israeli immigrants.

Even as a toddler, Mr. Ben-Oni’s mother said, he was not interested in toys. She had to take him to the local junkyard to scour for typewriters that he would eventually dismantle on the living room floor. As a teenager, he aspired to become a rabbi but spent most of his free time hacking computers at the University of California, Berkeley, where his exploits once accidentally took down Belgium’s entire phone system for 15 minutes.

To his parents’ horror, he dropped out of college to pursue his love of hacking full time, starting a security company to help the city of Berkeley and two nearby communities, Alameda and Novato, set up secure computer networks.

He had a knack for the technical work, but not the marketing, and found it difficult to get new clients. So at age 19, he crossed the country and took a job at IDT, back when the company was a low-profile long-distance service provider.

As IDT started acquiring and spinning off an eclectic list of ventures, Mr. Ben-Oni found himself responsible for securing shale oil projects in Mongolia and the Golan Heights, a “Star Trek” comic books company, a project to cure cancer, a yeshiva university that trains underprivileged students in cybersecurity, and a small mobile company that Verizon recently acquired for $3.1 billion.

Which is to say he has encountered hundreds of thousands of hackers of every stripe, motivation and skill level. He eventually started a security business, IOSecurity, under IDT, to share some of the technical tools he had developed to keep IDT’s many businesses secure. By Mr. Ben-Oni’s estimate, IDT experiences hundreds of attacks a day on its businesses, but perhaps only four each year give him pause.

Nothing compared to the attack that struck in April. Like the WannaCry attack in May, the assault on IDT relied on cyberweapons developed by the N.S.A. that were leaked online in April by a mysterious group of hackers calling themselves the Shadow Brokers — alternately believed to be Russia-backed cybercriminals, an N.S.A. mole, or both.

The WannaCry attack — which the N.S.A. and security researchers have tied to North Korea — employed one N.S.A. cyberweapon; the IDT assault used two.

Both WannaCry and the IDT attack used a hacking tool the agency had code-named EternalBlue. The tool took advantage of unpatched Microsoft servers to automatically spread malware from one server to another, so that within 24 hours North Korea’s hackers had spread their ransomware to more than 200,000 servers around the globe.

The attack on IDT went a step further with another stolen N.S.A. cyberweapon, called DoublePulsar. The N.S.A. used DoublePulsar to penetrate computer systems without tripping security alarms. It allowed N.S.A. spies to inject their tools into the nerve center of a target’s computer system, called the kernel, which manages communications between a computer’s hardware and its software.

In the pecking order of a computer system, the kernel is at the very top, allowing anyone with secret access to it to take full control of a machine. It is also a dangerous blind spot for most security software, allowing attackers to do what they want and go unnoticed. In IDT’s case, attackers used DoublePulsar to steal an IDT contractor’s credentials. Then they deployed ransomware in what appears to be a cover for their real motive: broader access to IDT’s businesses.

Mr. Ben-Oni learned of the attack only when a contractor, working from home, switched on her computer to find that all her data had been encrypted and that attackers were demanding a ransom to unlock it. He might have assumed that this was a simple case of ransomware.

But the attack struck Mr. Ben-Oni as unique. For one thing, it was timed perfectly to the Sabbath. Attackers entered IDT’s network at 6 p.m. on Saturday on the dot, two and a half hours before the Sabbath would end and when most of IDT’s employees — 40 percent of whom identify as Orthodox Jews — would be off the clock. For another, the attackers compromised the contractor’s computer through her home modem — strange.

The black box of sorts, a network recording device made by the Israeli security company Secdo, shows that the ransomware was installed after the attackers had made off with the contractor’s credentials. And they managed to bypass every major security detection mechanism along the way. Finally, before they left, they encrypted her computer with ransomware, demanding $130 to unlock it, to cover up the more invasive attack on her computer.

Mr. Ben-Oni estimates that he has spoken to 107 security experts and researchers about the attack, including the chief executives of nearly every major security company and the heads of threat intelligence at Google, Microsoft and Amazon.

With the exception of Amazon, which found that some of its customers’ computers had been scanned by the same computer that hit IDT, no one had seen any trace of the attack before Mr. Ben-Oni notified them. The New York Times confirmed Mr. Ben-Oni’s account via written summaries provided by Palo Alto Networks, Intel’s McAfee and other security firms he used and asked to investigate the attack.

“I started to get the sense that we were the canary,” he said. “But we recorded it.”

Since IDT was hit, Mr. Ben-Oni has contacted everyone in his Rolodex to warn them of an attack that could still be worming its way, undetected, through victims’ systems.

“Time is burning,” Mr. Ben-Oni said. “Understand, this is really a war — with offense on one side, and institutions, organizations and schools on the other, defending against an unknown adversary.”

‘No One Is Running Point’

Since the Shadow Brokers leaked dozens of coveted attack tools in April, hospitals, schools, cities, police departments and companies around the world have largely been left to fend for themselves against weapons developed by the world’s most sophisticated attacker: the N.S.A.

A month earlier, Microsoft had issued a software patch to defend against the N.S.A. hacking tools — suggesting that the agency tipped the company off to what was coming. Microsoft regularly credits those who point out vulnerabilities in its products, but in this case the company made no mention of the tipster. Later, when the WannaCry attack hit hundreds of thousands of Microsoft customers, Microsoft’s president, Brad Smith, slammed the government in a blog post for hoarding and stockpiling security vulnerabilities.

For his part, Mr. Ben-Oni said he had rolled out Microsoft’s patches as soon as they became available, but attackers still managed to get in through the IDT contractor’s home modem.

Six years ago, Mr. Ben-Oni had a chance meeting with an N.S.A. employee at a conference and asked him how to defend against modern-day cyberthreats. The N.S.A. employee advised him to “run three of everything”: three firewalls, three antivirus solutions, three intrusion detection systems. And so he did.

But in this case, modern-day detection systems created by Cylance, McAfee and Microsoft and patching systems by Tanium did not catch the attack on IDT. Nor did any of the 128 publicly available threat intelligence feeds that IDT subscribes to. Even the 10 threat intelligence feeds that his organization spends a half-million dollars on annually for urgent information failed to report it. He has since threatened to return their products.

“Our industry likes to work on known problems,” Mr. Ben-Oni said. “This is an unknown problem. We’re not ready for this.”

No one he has spoken to knows whether they have been hit, but just this month, restaurants across the United States reported being hit with similar attacks that were undetected by antivirus systems. There are now YouTube videos showing criminals how to attack systems using the very same N.S.A. tools used against IDT, and Metasploit, an automated hacking tool, now allows anyone to carry out these attacks with the click of a button.

Worse still, Mr. Ben-Oni said, “No one is running point on this.”

Last month, he personally briefed the F.B.I. analyst in charge of investigating the WannaCry attack. He was told that the agency had been specifically tasked with WannaCry, and that even though the attack on his company was more invasive and sophisticated, it was still technically something else, and therefore the F.B.I. could not take on his case.

The F.B.I. did not respond to requests for comment.

So Mr. Ben-Oni has largely pursued the case himself. His team at IDT was able to trace part of the attack to a personal Android phone in Russia and has been feeding its findings to Europol, the European law enforcement agency based in The Hague.

The chances that IDT was the only victim of this attack are slim. Sean Dillon, a senior analyst at RiskSense, a New Mexico security company, was among the first security researchers to scan the internet for the N.S.A.’s DoublePulsar tool. He found tens of thousands of host computers are infected with the tool, which attackers can use at will.

“Once DoublePulsar is on the machine, there’s nothing stopping anyone else from coming along and using the back door,” Mr. Dillon said.

More distressing, Mr. Dillon tested all the major antivirus products against the DoublePulsar infection and a demoralizing 99 percent failed to detect it.

“We’ve seen the same computers infected with DoublePulsar for two months and there is no telling how much malware is on those systems,” Mr. Dillon said. “Right now we have no idea what’s gotten into these organizations.”

In the worst case, Mr. Dillon said, attackers could use those back doors to unleash destructive malware into critical infrastructure, tying up rail systems, shutting down hospitals or even paralyzing electrical utilities.

Could that attack be coming? The Shadow Brokers resurfaced last month, promising a fresh load of N.S.A. attack tools, even offering to supply them for monthly paying subscribers — like a wine-of-the-month club for cyberweapon enthusiasts.

In a hint that the industry is taking the group’s threats seriously, Microsoft issued a new set of patches to defend against such attacks. The company noted in an ominously worded message that the patches were critical, citing an “elevated risk for destructive cyberattacks.”

Mr. Ben-Oni is convinced that IDT is not the only victim, and that these tools can and will be used to do far worse.

“I look at this as a life-or-death situation,” he said. “Today it’s us, but tomorrow it might be someone else.”

1.8 Million Exchange Students Part of Security Investigation Review

Posted on by

Primer: Chinese spies target US intellectual property (important due to universities relationships with government operations) Further is 2015, U.S. diplomats previously warned China to stop using covert law enforcement agents on U.S. soil. CNN reported that the agents pressure Chinese citizens to return to the country to face justice, often on corruption charges, United States officials confirmed to CNN. The agents have successfully coerced several Chinese nationals to return to China from the U.S., they said.

So, between India and China we have more than a million foreign nationals at the student level. Are they really students? This is a number too, where American students are eliminated from college acceptance due to favorable foreign student policy.

The Student and Exchange Visitor Program (SEVP) is a part of the National Security Investigations Division and acts as a bridge for government organizations that have an interest in information on nonimmigrants whose primary reason for coming to the United States is to be students.

On behalf of the Department of Homeland Security (DHS), SEVP manages schools, nonimmigrant students in the F and M visa classifications and their dependents. The Department of State (DoS) manages Exchange Visitor Programs, nonimmigrant exchange visitors in the J visa classification and their dependents. Both SEVP and DoS use the Student and Exchange Visitor Information System (SEVIS) to track and monitor schools; exchange visitor programs; and F, M and J nonimmigrants while they visit the United States and participate in the U.S. education system.

WASHINGTON — There are 1.18 million international students with F (academic) or M (vocational) status studying at 8,774 schools in the United States according to the latest “SEVIS by the Numbers.” The biannual report on international student data, which includes a new section on regional data trends, is prepared by the Student and Exchange Visitor Program (SEVP), part of U.S. Immigration and Customs Enforcement’s (ICE) Homeland Security Investigations (HSI).

The report, released Thursday by SEVP, highlights May 2017 data from the Student and Exchange Visitor Information System (SEVIS), a web-based system that includes information about international students, exchange visitors and their dependents while they are in the United States.

Based on data extracted from SEVIS May 5, the international student population increased 2 percent compared to May 2016, with 76 percent of students enrolled in higher education programs of study.

Seventy-seven percent of international students hailed from Asia. Among continents, South America had the largest percentage increase (6.5 percent) in international students studying in the United States when compared to May 2016.  

China and India continue to send the largest number of students to study in the United States, at 362,368 students and 206,698 students, respectively. And even with a 19 percent decline – the steepest percentage decline among the top 10 Asian countries – Saudi Arabia still had 55,806 students studying in the United States in May 2017, ranking fourth among Asian countries. With an 18 percent increase, Nepal saw the largest proportional growth in students coming to the United States.

Nearly 514,000 international students pursued science, technology engineering or mathematics (STEM) degrees in May 2017, marking an 8 percent increase from May 2016. Thirty-nine percent of those students pursued engineering degrees. India not only had the largest number of STEM students, but also the largest proportional STEM student population; 84 percent of Indian students in the United States studied STEM.

In May 2017, 10 U.S. universities certified to enroll only F international students accounted for 10 percent of the entire international student population. New York University (15,386 students), the University of Southern California (13,365 students) and Northeastern University (12,372 students) – all certified to enroll F students – had the highest international student enrollment numbers among U.S. schools.

Nine percent of schools can enroll both F and M international students. The top three schools in this category included: Cornell University (5,716 students), the Houston Community College System (4,768 students) and Santa Monica College (3,554 students).

The international student population in the Northeast increased 4 percent when compared to May 2016, marking the highest proportional growth of the four U.S. regions. Rhode Island was the only state in the region to experience a dip in the number of international students compared to the previous year, while New York and Massachusetts added the largest number of international students during that same period, 4,490 students and 2,770 students, respectively. New Jersey saw an increase of 10 percent in international students pursuing bachelor’s degrees.

In the South, the international student population grew 3 percent since May 2016. Florida, Georgia and Texas all saw significant increases in the number of international students studying in those states.  While Louisiana, Tennessee and Oklahoma saw decreases in the number of international students studying there..

Arkansas, Kentucky and Maryland all saw major growth in international students taking part in their higher education system. Maryland saw a 10 percent increase in the number of students earning a bachelor’s degree. However, the southern region saw the largest growth at the graduate degree level. The number of international students pursuing master’s degrees increased 25 percent in Arkansas and 35 percent in Kentucky.

The Midwest saw minimal growth of 1 percent. Illinois added 1,331 students to its international student population, marking the largest increase in the region, while Nebraska experienced the largest proportional growth of 7 percent. Missouri experienced the largest decrease in international students, both in terms of student numbers and proportional decline, 763 students and 3 percent, respectively.

In the western part of the United States, international student enrollment stayed relatively static in California, other than an 8 percent increase in the number of students earning bachelor’s degrees. Idaho saw a 14 percent drop in the total number of international students studying in the state, with a 16 percent decrease in the number of students earning a bachelor’s degree. But, Nevada’s international student population grew by 5 percent, marking the largest proportional growth in the region.

The full “SEVIS by the Numbers” report can be viewed here. Report data was extracted from SEVIS May 5. The report captures a point-in-time snapshot of data related to international students studying in the United States. Data for the previous “SEVIS by the Numbers” report was extracted from SEVIS in November 2016.

Individuals can explore more international student data from current and previous “SEVIS by the Numbers” reports by visiting the Study in the States interactive mapping tool. This information is accessible at the continent, region and country level and includes information on gender and education levels, as well as international student populations by state, broken down by geographical areas across the globe.

SEVP monitors the more than one million international students pursuing academic or vocational studies (F and M visa holders) in the United States and their dependents. It also certifies the schools and programs that enroll these students. The U.S. Department of State monitors exchange visitors (J visa holders) and their dependents, and oversees exchange visitor programs.

Both SEVP and the Department of State use SEVIS to protect national security by ensuring that students, visitors and schools comply with U.S. laws. SEVP also collects and shares SEVIS information with government partners, including U.S. Customs and Border Protection and U.S. Citizenship and Immigration Services, so only legitimate international students and exchange visitors gain entry into the United States.

HSI reviews SEVIS records for potential violations and refers cases with possible national security risks or public safety concerns to its field offices for further investigation. Additionally, SEVP’s Analysis and Operations Center reviews student and school records for administrative compliance with federal regulations related to studying in the United States.