Category Archives: Department of Homeland Security

Immigrants Buying Entry into U.S., are Some Terrorists?

Posted on by

…..even if they are corrupt and the money used has been laundered or financed by a terror organization…

Primer:

CIA Director: We ‘have to assume’ terrorist activity in US

‘Impossible to say’ if ISIS has cells here

(CNN) – The director of the CIA said Wednesday despite the government’s best efforts, the likelihood of terrorist activity in the United States is strong.

“So I think we have to assume there’s something here in the states,” said John Brennan, in an interview for CNN’s “Erin Burnett OutFront” that aired Wednesday night. “We have to be relentless in terms of going after them.”

Brennan, who was appointed to lead the CIA shortly before President Barack Obama’s second term, said “it’s impossible to say” whether ISIS has operatives or cells in the United States, and he credited the “tremendous advances in information sharing and interaction between federal officials” in making it difficult for terrorists to operate in the country.

He said he is confident that the US will be “able to remove other senior members” of ISIS, including the organization’s leader Abu Bakr al-Baghdadi.

“His time is limited,” Brennan said of al-Baghdadi. “It’s just a question of whether or not he is going to be removed this week, this month, next month or in the coming months.”

But still, Brennan said “you cannot assume there’s nobody in the homeland.”

“What you need to do is to be able to continue to uncover and use intelligence, what they might be doing here,” he said. More details here.

Immigrant Investor Program:

Progress Made to Detect and Prevent Fraud, but Additional Actions Could Further Agency Efforts

What GAO Found   Full report here.

Inspector General Report is here.

The Department of Homeland Security’s U.S. Citizenship and Immigration Services (USCIS) has recently taken steps intended to enhance fraud detection and mitigation activities for the Employment-Based Fifth Preference Immigrant Investor Program (EB-5 Program) and address previous GAO recommendations.

This includes actions such as conducting and planning additional risk assessments to gather additional information on potential fraud risks to the program. For example, USCIS is leveraging overseas staff to investigate potential fraud associated with unlawful sources of immigrant investor funds and is conducting a site visit pilot to help assess the potential risks of fraud among EB-5 program investments. USCIS is also taking steps to collect more information about EB-5 program investments and immigrant investors through new, revised forms and expanding its use of background checks, among other things, to help improve its ability to identify specific incidence of fraud. However, fraud mitigation in the EB-5 Program is hindered by a reliance on voluminous paper files, which limit the agency’s ability to collect and analyze program information. In its review of a nongeneralizable selection of files associated with EB-5 program regional centers and immigrant investors, GAO found that identifying fraud indicators is extremely challenging. For example, many of these files were several thousand pages long and would take significant time to review. According to USCIS documentation, the program anticipates receiving approximately 14 million pages of supporting documentation from its regional-center applicants and immigrant investor petitioners annually. Recognizing these limitations, USCIS has taken preliminary steps to study digitizing and analyzing the paper files submitted by petitioners and applicants to the program, which could help USCIS better identify fraud indicators in the program; however, these efforts are in the early stages.

USCIS has incorporated selected leading fraud risk management practices into its efforts but could take additional actions to help guide and document its efforts. GAO’s Fraud Risk Framework is a set of leading practices that can serve as a guide for program managers to use when developing efforts to combat fraud in a strategic, risk-based manner. USCIS’s actions align with two key components of the Fraud Risk Framework: (1) commit to combating fraud by creating an organizational culture and structure conducive to fraud risk management such as by providing specialized fraud awareness training; and (2) assess risks by planning and completing regular fraud risk assessments. However, USCIS has not developed a fraud risk profile, an overarching document that guides its fraud management efforts, as called for in the Fraud Risk Framework. Instead, USCIS’s risk assessments, spanning multiple years, were developed as separate documents and reports, and there is not a unifying document that consolidates and systematically prioritizes these findings. Without a fraud risk profile, USCIS may not be well positioned to identify and prioritize fraud risks in the EB-5 Program, ensure the appropriate controls are in place to mitigate fraud risks, and implement other Fraud Risk Framework components.

Why GAO Did This Study

Congress created the EB-5 visa category to promote job creation and capital investment by immigrant investors in exchange for lawful permanent residency and a path to citizenship. Participants must invest either $500,000 or $1 million in a business that is to create at least 10 jobs. Upon meeting program requirements, immigrant investors are eligible for conditional status to live and work in the United States and can apply to remove the conditional basis of lawful permanent residency after 2 years. In August 2015, GAO reported on weaknesses in certain USCIS fraud mitigation activities, and made two related recommendations.

GAO was asked to review actions taken by USCIS to address fraud risks in the EB-5 program since its August 2015 report. This report examines the extent to which USCIS (1) has taken steps to enhance its fraud detection and mitigation efforts; and (2) has incorporated selected leading fraud risk management practices into its efforts. GAO reviewed relevant program documentation and information; selected and reviewed a random, nongeneralizable sample of immigrant investor petitions and regional-center applications submitted between fiscal years 2010 and 2014; and compared USCIS’s actions against GAO’s Fraud Risk Framework.

What GAO Recommends

GAO recommends that USCIS develop a fraud risk profile that aligns with leading practices identified in GAO’s Fraud Risk Framework. The Department of Homeland Security concurred with GAO’s recommendation.

DHS Allows Refugees into U.S. with only Testimony, no Documents

Posted on by

Europe, now then the United States…

Related reading: Presidential Determination Signed to Accept 85,000 Refugees

VIDEO: Obama Administration Official Admits to Allowing Refugees in to U.S. Based on Their Testimony Alone

Cruz questions administration officials on refugee program at Judiciary Committee hearing

WASHINGTON, D.C. – U.S. Sen. Ted Cruz (R-Texas), in today’s Judiciary immigration subcommittee hearing, highlighted serious problems with the Obama administration’s refugee resettlement efforts, including the federal government’s inadequate refugee vetting process. While questioning State Department Principal Deputy Assistant Secretary Simon Henshaw, Department of Homeland Security (DHS) Director León Rodríguez, and Department of Health and Human Services Director Robert Carey, Sen. Cruz specifically noted that the administration’s willful blindness to radical Islamic terrorism has prevented Christian refugees from the Middle East from escaping the genocide of ISIS and has also seriously undermined counterterrorism efforts in the United States.

Moreover, during an exchange with Sen. Cruz, Director Rodríguez acknowledged publicly that refugee applications can be approved based solely on the applicant’s testimony, without any documentation.

Sen. Cruz: Is it true or false that the testimony of the applicant alone can be sufficient for approval? 

Director Rodríguez: There are cases where the testimony is not necessarily corroborated by documents…I am acknowledging that, yes, testimony can be the basis for the grant of a refugee…

Watch Sen. Cruz’s full opening remarks and first line of questioning, where Director Rodríguez admits that refugee applications can be approved based on testimony alone, here. Sen. Cruz’s second line of questioning can be viewed here. Below is the full transcript of Sen. Cruz’s opening remarks:

“America has long shown an incredible generosity of spirit welcoming refugees and offering them safe haven. Indeed, I am the son of a refugee who fled prison and torture in Cuba and came to America seeking freedom. But our immigration laws are not a suicide pact. The refugee program should not become a vehicle for terrorists to come murder innocent Americans.

“I and, I think, a great many Americans are deeply concerned by the willful blindness of this administration to the threat of radical Islamic terrorism. That was characterized powerfully just a few minutes ago when our Democratic colleague Senator Al Franken said we should not even ask refugees if they are Muslims. If one is trying to prevent radical Islamic terrorists from coming in, the suggestion from my Democratic colleague that we shouldn’t even ask, to me, is nuts.

“As we look at what is happening in Syria and what is happening in the Middle East, ISIS is evil. They are waging a war of genocide against Christians. They are murdering Jews. They are murdering fellow Muslims, and yet, the refugee program as administered by this administration seems to have an enormous preference for Syrian Muslim refugees and seems to actively keep out Syrian Christian refugees.

“In 2014, the Obama administration admitted 249 refugees from Syria, 224 of those, 89.9 percent, were Muslim, only 13 were Christian – 5.2 percent. In 2015, the Obama administration admitted 2,192 refugees from Syria; 2,149 were Muslim – that’s 98 percent – and only 29, 1.3 percent, were Christian. In 2016 to date, the Obama administration has admitted 11,717 refugees from Syria, of those 11,624 were Muslim – that’s 99.2 percent – and 49 were Christian – that’s 0.41 percent. All told since 2011, 14,267 Syrian refugees have been admitted to the United States and more than 14,000 of them were Muslim. Fewer than 100 were Christian.

“Now, those numbers are not even close to the proportional population in Syria. Ten percent of the pre-war population in Syria was Christian, and yet, 0.68 percent of the refugees being admitted by the administration are Christian.”

Why Did DHS Honor Antonia Hernandez?

Posted on by

DHS Agency That Enforces Immigration Law Honors Open Borders Activist Who Helps Illegal Aliens

The Homeland Security agency responsible for enforcing the nation’s immigration laws is honoring a renowned open-borders activist dedicated to defending illegal aliens in the U.S. with a prestigious award. Known as “Outstanding American by Choice,”it’s bestowed annually by U.S. Citizenship and Immigration Services (USCIS) to recognize the “significant contributions and achievements of a naturalized” American citizen. This year’s winner is being crowned today at a ceremony in Los Angeles, California where she runs a billion-dollar charity largely dedicated to assisting immigrants.

Her name is Antonia Hernández, a civil rights attorney who spent two decades litigating on behalf of illegal immigrants at the Mexican American Legal Defense and Educational Fund (MALDEF), the powerful open borders group that specializes in discrimination lawsuits on behalf of illegal aliens. Promoted as a “Latino advocacy” group, MALDEF also pushes for free college tuition for illegal immigrants and lowering educational standards to accommodate new migrants. The group’s leadership says it’s racist to make English the country’s official national language and inhumane to protect the southern border with a fence. Hernández was president and general counsel at MALDEF before becoming president and CEO at a like-minded nonprofit with deep pockets called the California Community Foundation. The charity ranks among the nation’s top100 foundations by size and giving with an endowment exceeding $1 billion. Among its focuses is “immigrant integration.”

Hernández is the oldest of seven children born to poor Mexican immigrants, according to a magazine profile that says before she could drive Hernández walked the picket lines in support of California’s farm workers. During twenty years at MALDEF Hernández successfully defeated a California measure—passed by voters—that would have denied health and education benefits to illegal immigrants, worked to create voting districts that equitably represented Latinos and litigated on behalf of limited-English proficient students in the nation’s public school system. A California congresswoman who honored Hernández with a public service award years ago described her as a “tenacious defender of immigration reform”and a “devoted advocate on behalf of fair and just immigration reform.”

Under Hernández’s leadership the California Community Foundation has dedicated large amounts of resources to assist illegal immigrants, especially in the last two years. In 2014, Hernández led an effort to form an emergency relief fund to help the influx of illegal alien minors—mostly from Central America— that the Obama administration allowed to enter the U.S. through Mexico. The government calls them Unaccompanied Alien Children (UAC) and many have ties to gang members in the U.S., specifically MS-13. In fact, earlier this year Judicial Watch reported that the execution-style murder of a Massachusetts man was committed by two Central American teens that came to the U.S. as UACs under the president’s open border free-for-all. Many of the UACs have also brought in dangerous diseases, including swine flu, dengue fever, Ebola virus and tuberculosis. Nevertheless, Hernández said this about the UACs when her nonprofit scrambled to help them: “They are our children.”

The award that Hernández is accepting today is supposed to go to a candidate that demonstrates “their commitment to this country and to the common civic values that unite us all as Americans,” according to a USCIS announcement. The agency purports to consider candidates’ civic participation, professional achievement and responsible citizenship. The government’s goal is to recognize individuals who chose to become Americans and have made significant contributions to both their community and the United States. Deputy Security of Homeland Security Alejandro Mayorkas, shamefully ousted as a Clinton federal prosecutor after orchestrating the pardon of a big-time drug dealer, will give Hernández the award at today’s ceremony. A Department of Homeland Security (DHS) announcement of the event describes Hernández as a civil rights attorney who has demonstrated her commitment of social justice and civic engagement for over four decades.

IN 2015:  

Readout of Deputy Secretary Mayorkas’ Trip to California and Arizona

Release Date:
February 3, 2015

For Immediate Release
DHS Press Office
Contact: 202-282-8010

PHOENIX – Deputy Secretary of Homeland Security Alejandro Mayorkas today concluded a trip to Los Angeles, San Francisco, and Phoenix for a series of workforce engagements with U.S. Immigration and Customs Enforcement (ICE) and U.S. Citizenship and Immigration Services (USCIS) personnel. Deputy Secretary Mayorkas also met with local elected officials and law enforcement to discuss the ongoing collaboration with the Department of Homeland Security to safeguard local communities.

While in Los Angeles, Deputy Secretary Mayorkas participated in a panel discussion with Los Angeles Mayor Eric Garcetti, the Mayor’s Chief of Immigrant Affairs Linda Lopez and California Community Foundation President and Chief Executive Officer Antonia Hernandez. During the panel, Deputy Secretary Mayorkas discussed the Department’s implementation efforts related to Deferred Action for Childhood Arrivals (DACA) and Deferred Action for Parents of Americans and Lawful Permanent Residents (DAPA) and the economic benefits of the recent administrative actions on immigration for the City of Los Angeles. Deputy Secretary Mayorkas reiterated the need for Congress to pass an appropriations bill to fully fund the Department of Homeland Security as soon as possible.

While in Los Angeles, Deputy Secretary Mayorkas also met with Los Angeles Police Department Chief Charlie Beck and Los Angeles County Sheriff Jim McDonnell, emphasizing the importance of enhanced communication and information sharing between the Department and state and local law enforcement.

Deputy Secretary Mayorkas then traveled to San Francisco, where he met with San Francisco Mayor Ed Lee, Police Chief Gregory Suhr, and other local officials to discuss the Department’s commitment to working with local communities to ensure that we effectively and sensibly enforce our Nation’s immigration laws.

In Phoenix, San Francisco and Los Angeles, Deputy Secretary Mayorkas participated in DHS employee town hall discussions with ICE and USCIS personnel, to thank them for their service and for responsibly implementing the Department’s policies and enforcement priorities.

Russia Hacked 4 Voter Registration Systems

Posted on by

Russian Hackers Targeted Nearly Half of States’ Voter Registration Systems, Successfully Infiltrated 4

Think hackers will tip the vote? Read this first….

CSMonitorThe US election system is a massively complex tangle of technology. And some of it is insecure.

It’s rife with internet-based entry points, full of outdated infrastructure, cluttered with proprietary software from a random assortment of vendors, and lacks any standardized security safeguards.

In all, it’s a recipe for disaster. But if a malicious hacker really set out to manipulate the election, how would they actually do it and what could they really accomplish?

The most obvious target seems to be internet-enabled voting, currently used in 32 states. But, these systems aren’t what you think of when you hear “internet-enabled.”

They tend to be systems for distributing ballots that voters print out on paper, sign, and then email or fax back to the state authority for counting.

But emailing and faxing ballots introduces some problems. On a technical level, faxes and the emails used in internet voting aren’t encrypted.

That means states are passing ballots around the open internet. If an attacker is able to compromise any point along the way, they might intercept completed ballots.

Related reading: Hackers have attempted more intrusions into voter databases, FBI director says

So, not only does this system do away with any notion of secrecy, it also ignores any modern understanding of cryptographic security.

I’d much rather see online voting systems with built-in encryption. And that’s not a complex undertaking. Many websites currently use HTTPS, an encrypted protocol, to avoid leaking important things such as credit card numbers and passwords. That’s a good place to start for completed ballots.

Hard targets

But launching a full-scale attack on these systems wouldn’t be easy. First, attackers would need to target online voters (a small minority) who are scattered in various jurisdictions.

Then, once the vulnerable voters are identified, attackers would need to wait for the polling place to transmit those votes. While that kind of attack could work on one person, or a single location, it would be difficult to pull off at any meaningful scale.

Alternatively, an adversary could invent an entirely new population of phantom voters, register them to vote remotely, and stuff the ballot box with fake votes. That’s possible, but highly improbable.

So, what about servers

The easiest way to target servers that collect online ballots is with a distributed denial of service, or DDoS, attack that overwhelms a website with traffic. A totally compromised server could enable attackers to alter or destroy votes in a much sneakier way, and an attack like this could potentially avoid detection until after the election.

But this sort of attack would be pretty obvious to system maintainers, and I suspect polling administrators would quickly switch back to relying on the mail. Remember, online systems aren’t intended for use on Election Day, rather they merely collect absentee ballots.

On the bright side, however, this kind of attack appears possible for only five of the internet-enabled voting states. Only Alabama, Alaska, Arizona, North Dakota, and Missouri have a so-called internet portal.

And none of those states are battleground territories. So, regardless of their security posture, attacking these portals isn’t likely to sway the election. If Florida or Pennsylvania had one of these portals, I’d be more worried.

Voting machines

No electronic voting machine is bulletproof when it comes to cybersecurity. But if an adversary needs to physically visit voting machines in order to fiddle with results, then he or she would need a whole lot of bodies in a whole lot of polling places in order to make an impact.

Don’t get me wrong, attackers could rely on wireless networking or sophisticated antennas. But even with ideal placement and transmission power, bad guys would need to be within sight of a polling place to conduct practical attacks on a Wi-Fi-enabled voting machine.

While remote attacks are possible, it’s not like someone could affect voting from another country. They’d more likely need to be parked outside the polling place. So, although Wi-Fi voting machines are a terrible idea, they don’t appear to be an existential threat to democracy at the time being.

Voter information

Rather than attacking ballot-issuing and ballot-counting systems, attackers have more attractive targets. Voter records, for example, are tempting to cybercriminals since they contain enough personally identifiable information (PII) to kick off identity theft and identity fraud attacks at a much larger scale.

Unfortunately, some of these data sets have already been compromised. Almost 200 million voter records were accidentally leaked late in 2015, and the FBI warned in August that some state voter databases have also suffered breaches.

Altering voter registration records is a big deal since such attacks can affect voter turnout. While that’s not what’s being reported today, such an attack could not only nudge election results one way or another, but also raise serious questions about the integrity of the democratic process.

Even though rare, voter fraud has become a hot political issue. Any attack on voter records could trigger complaints about a rigged election and undermine confidence in the entire system.

Perceptions matter

Alarmingly, hacking elections may not involve the actual compromising of ballots or vote counting at all.

Just imagine that someone decided to take down a couple of voter information websites. Would this technically interfere with the election process? Maybe, if some people were trying to find the address for their polling place.

The obvious effect, though, would be to create the impression that the election is under attack, raising concerns about the credibility of the voting process and casting doubt on the results.

Solutions for securing the vote

Technology may be making elections more convenient and efficient, but that same technology can introduce new risks and it needs to be accounted for.

State election boards or commission should test their systems ahead of Election Day in November. They should even try attacking their own systems to discover what’s possible, and what can help defend their systems.

If you are a voter who is concerned about election hacking, local election officials should be able to tell you how they are dealing with potential cyberthreats. And if you really want to help, volunteer at the polls on Election Day.

Interesting Group Behind the Epic Yahoo Hack

Posted on by

Seems Yahoo could by lying about who actually did the hack and this may be due to the merger between Verizon and Yahoo.

 

The Yahoo hackers weren’t state-sponsored, a security firm says

CSO: Common criminals, not state-sponsored hackers, carried out the massive 2014 data breach that exposed information about millions of Yahoo user accounts, a security firm said Wednesday.

Yahoo has blamed state actors for the attack, but it was actually elite hackers-for-hire who did it, according to InfoArmor, which claims to have some of the stolen information.

The independent security firm found the alleged data as part of its investigation into “Group E,” a team of five professional hackers believed to be from Eastern Europe.

InfoArmor’s claims dispute Yahoo’s contention that a “state-sponsored actor” was behind the data breach, in which information from 500 million user accounts was stolen. Some security experts have been skeptical of Yahoo’s claim and wonder why the company isn’t offering more details.

InfoArmor also claimed that Group E was behind high-profile breaches at LinkedIn, Dropbox and Tumblr. To sell that information, the team has used other hackers, such as Tessa88 and peace_of_mind, to offer the stolen goods on the digital black market.

“The group is really unique,” Komarov said. “They’re responsible for the largest hacks in history, in term of users affected.” More details here.

**** Advice****

You don’t care who has looked at your emails? Really? Consider:

Here’s a simple exercise I invite you to do. Open your email and take a look at everything that you keep on it, both sent and received conversations. Scan all of them, every attachment you ever sent or received, every personal and work conversation, every email draft.

The truth is, we aren’t aware that we are living a big part of our lives through our email inbox.

We keep it all there, in only one place: photos, contracts, invoices, tax forms, reset passwords for every other account, sometimes even passwords or credit card PINs.

And our emails are interconnected to all our other digital accounts, from bank accounts to social networks (LinkedIn, Twitter, Facebook, etc), cloud services (Google Drive, iCloud, Dropbox), online shops (Amazon, for, ex, where you most likely saved your credit card details as well) and so on.

By simply breaching the email, a malicious hacker can easily get access to all those. They know how to do that.  Read More here…you REALLY need to.

From Digital Guardian:

Wrapping your head around the idea of a breach that affects half a billion users is a difficult task, and it’s not one that anyone has had to contemplate until now. Yahoo’s data breach is far and away the largest on record in terms of the number of users involved. The economic effect on the company will take years to calculate, and it may never be fully known, as is often the case with these breaches. Though Yahoo, already on the ropes and in the middle of a sale to Verizon, may see some rather unpleasant effects quite soon.

From the user’s perspective, too, the massive amount of data taken in the compromise – including dates of birth, email addresses, physical addresses, and security questions and answers – could have far-reaching effects. The information is an identity thief’s starter kit, even without bank account or payment card data. Yahoo has pointed the finger at a state-sponsored attacker, as is customary in these incidents.

“Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network. Yahoo is working closely with law enforcement on this matter,” the company said in a statement on the compromise.

As gory as they are, the public details of the Yahoo compromise aren’t what’s really interesting or important here. The intriguing part in this case is how long it took Yahoo to uncover and disclose the data breach. In its public statements, the company said it discovered the compromise recently, but the data was stolen in 2014. That fact has drawn the attention of Capitol Hill and a group of senators is asking some very uncomfortable questions of Yahoo CEO Marissa Mayer.

In their letter, Sens. Ed Markey, Patrick Leahy, Elizabeth Warren, Al Franken, Richard Blumenthal and Ron Wyden asked Mayer when and how Yahoo learned of the breach, why the company took so long to uncover it, and whether any government agencies warned Yahoo of an attack by state-sponsored attackers. The lawmakers also said that the data taken from Yahoo could be used easily in other attacks.

“The stolen data included usernames, passwords, email addresses, telephone numbers, dates of birth, and security questions and answers,” the senators said. “This is highly sensitive, personal information that hackers can use not only to access Yahoo customer accounts, but also potentially to gain access to any other account or service that users access with similar login or personal information, including bank information and social media profiles.” Complete summary here.