Category Archives: Department of Homeland Security

The Letter: Declassified but Somewhat Redacted

Posted on by

ODNI & DOJ Announce the Release of a Previously Classified Letter from Former Deputy Assistant Attorney General Yoo to former FISC Presiding Judge Kollar-Kotelly

February 29, 2016

The Letter

ODNI: The Department of Justice has released today in redacted form a previously classified 2002 letter from former Deputy Assistant Attorney General John Yoo of the DOJ Office of Legal Counsel addressed to former Foreign Intelligence Surveillance Court Presiding Judge, Colleen Kollar-Kotelly.

The letter was designed to address certain questions that Judge Kollar-Kotelly raised during her first briefing on May 17, 2002, concerning certain collection activities authorized by President George W. Bush shortly after the attacks of September 11, 2001, referred to as the President’s Surveillance Program.  As described in the publicly released Inspectors General reports concerning the PSP dated July 10, 2009 (published April 25, 2015 and September 21, 2015), Judge Kollar-Kotelly was permitted to read the letter, but was not authorized to retain a copy or take notes. The 2002 letter purports to generally outline the scope of the President’s legal authority to conduct possible electronic surveillance techniques after the attacks of September 11, 2001. Beginning in 2004, the Department of Justice thoroughly reexamined the factual underpinnings and legal analysis for the PSP culminating in a legal opinion issued by the Office of Legal Counsel on May 6, 2004. (That opinion is also publicly available in redacted form)

Additional Background

As previously released in the IC on the Record posting of December 21, 2013, President Bush authorized the NSA, via a series of classified authorizations beginning in October 2001, to collect three “baskets” of information, including: (1) the contents of certain international communications (which was later referred to as the Terrorist Surveillance Program); and the bulk collection of non-content (2) telephony and (3) Internet metadata, subject to various conditions. NSA’s content interception activities under the TSP were limited to the acquisition of specific international communication (i.e., to or from the United States) involving persons reasonably believed to be associated with al Qaeda and affiliated terrorist organizations. Over time, these presidentially-authorized activities were transitioned to the authority of the Foreign Intelligence Surveillance Act. The collection of communications pursuant to the TSP ended in 2007, and the Government transitioned this collection to be undertaken pursuant to FISA authority and orders of the Foreign Intelligence Surveillance Court. Later, in August 2007, Congress enacted the Protect America Act as temporary authority to provide for the acquisition of certain communication content. The PAA, which expired in February 2008, was replaced by the FISA Amendments Act of 2008, which was enacted in July 2008 and remains in effect.

Today, content collection targeting non-U.S. persons reasonably believed to be located overseas for foreign intelligence purposes is conducted pursuant to section 702 of FISA.  No U.S. person or person located in the United States may be intentionally targeted pursuant to section 702. The bulk collection of Internet metadata under the PSP was transitioned to the authority of the FISA in July 2004 (and ceased in December 2011, when the U.S. Government decided to not seek reauthorization from the FISC).The bulk collection of telephony metadata under the PSP was transitioned to the authority of the FISA in May 2006. In November 2015, the USA FREEDOM Act ended the NSA’s collection of telephone metadata in bulk, and provided a new mechanism for the Government to obtain the targeted production of call detail records relating to authorized investigations to protect against international terrorism through applications to the FISC.

The transition of PSP activities to authority of the FISA is described in greater and more specific detail in documents previously disclosed in IC on the Record.

***

As noted by the Bush White House Archives:

Fact Sheet: President Bush Has Kept America Safe

President Bush Fundamentally Reshaped Our Strategy To Protect The American People

“Because of … the efforts of many across all levels of government, we have not suffered another attack on our soil since September the 11th, 2001.”

President George W. Bush (March 8, 2008)

On December 17, President Bush visited the Army War College in Carlisle, Pennsylvania, and discussed efforts to protect the security and liberty of the American people.  Following the attacks of September 11, 2001, President Bush took the fight to the enemy to defeat the terrorists and protect America.  The President deployed all elements of national power to combat terrorism, which had previously been considered primarily a “law enforcement” issue.  He transformed our military and strengthened our national security institutions to wage the War on Terror and secure our homeland.  The President also made missile defense operational and advanced counterproliferation efforts to help prevent our enemies from threatening us, and our allies, with weapons of mass destruction.

Secured the Homeland 

  • Protected our Nation and prevented another attack on U.S. soil for more than seven years, modernized our national security institutions and tools of war, and bolstered our homeland security.  Under the President’s watch, numerous terrorist attacks have been prevented in the United States.  These include:
    • An attempt to bomb fuel tanks at JFK airport;
    • A plot to blow up airliners bound for the East Coast;
    • A plan to destroy the tallest skyscraper in Los Angeles;
    • A plot by six al Qaeda inspired individuals to kill soldiers at Fort Dix Army Base in New Jersey;
    • A plan to attack a Chicago-area shopping mall using grenades; and
    • A plot to attack the Sears Tower in Chicago.
  • Arrested and convicted more than two dozen terrorists and their supporters in America since 9/11.
  • Froze the financial assets in the United States of hundreds of individuals and entities linked to terrorism and proliferation.
  • Doubled the Border Patrol to more than 18,000 agents, equipped the Border Patrol with better technology and new infrastructure, and effectively ended the process of catch and release at the border.  Increased border security and immigration enforcement funding by more than 160 percent and constructed hundreds of miles of fencing and vehicle barriers.
  • Instituted a process to screen every commercial air passenger in the country, launched credentialing initiatives to better identify passengers, and expanded the Federal Air Marshal Program.  Replaced the multiple watchlists that were in place prior to 9/11 with a single, consolidated watchlist, and incorporated biometrics in screening and identifying individuals entering our country.  Created US-VISIT to screen foreign travelers and prevent terrorists from entering America.  Required secure identification at our ports of entry to better monitor individuals entering the United States.
  • Invested more than $38 billion in public health and medical systems, created a biothreat air monitoring system, and developed a national strategy and international partnership on avian and pandemic flu.
‘History – assuming it is written by free men and women not intimidated into silence by the fear of attracting the terrorists’ notice – will be exceedingly kind to this president.’

The Atlanta Journal-Constitution (Sept. 16, 2007)

Waged the Global War on Terror

  • Removed the Taliban from power and brought freedom to the 25 million people of Afghanistan.
  • Freed 25 million Iraqis from the rule of Saddam Hussein, a dictator who murdered his own people, invaded his neighbors, and repeatedly defied United Nations resolutions.
  • Captured or killed hundreds of al Qaeda leaders and operatives in more than two dozen countries with the help of partner nations.  September 11 mastermind Khalid Sheikh Mohammed is in U.S. custody and Abu Musab al-Zarqawi, the former leader of al-Qaeda in Iraq, was killed in 2006.  Removed al Qaeda’s safe-haven in Afghanistan and crippled al Qaeda in Iraq, including defeating al Qaeda in its former stronghold of Anbar Province.

Transformed Our Approach to Combating Terrorism After the 9/11 Attacks

  • Increased the size of our ground forces and number of unmanned aerial vehicles and strengthened special operations forces by increasing resources, manpower, and capabilities.  Increased the Defense Department’s base budget more than 70 percent since 2001, including increased funding for military pay and benefits, research, and development.  Started moving American forces from Cold War garrisons in Europe and Asia so they can deploy more quickly to any region of the world.  Modernized and transformed the National Guard from a strategic reserve to an operational reserve.
  • Forged a new, comprehensive cybersecurity policy to improve the security of Federal government and military computer systems and made protecting these systems a national priority.
  • Improved cargo screening and security at U.S. ports and increased containerized cargo screening overseas.
  • Established a more unified, collaborative intelligence community under the leadership of a Director of National Intelligence to ensure information is shared among intelligence and law enforcement professionals so they have the information they need to protect the American people while respecting the legal rights of all U.S. persons, including freedoms, civil liberties, and privacy rights guaranteed by Federal law.
  • Consolidated 22 agencies and 180,000 employees under a new agency, the Department of Homeland Security, to foster a comprehensive, coordinated approach to protecting our country.
  • Advocated for and signed into law the USA PATRIOT Act, the Intelligence Reform and Terrorism Prevention Act, and a modernization of the Foreign Intelligence Surveillance Act.
  • Shifted the FBI’s focus from investigating terrorist attacks to preventing them.  Created the National Security Branch at the FBI, which combines the FBI’s counterterrorism, counterintelligence, intelligence, and weapons of mass destruction (WMD) elements under the leadership of a senior FBI official.
  • Created the Terrorist Screening Center and the National Security Division at the Department of Justice.

Invigorated International Alliances And Partnerships To Make America Safer And More Secure

  • Partnered with nations in Europe, the Middle East, Asia, Africa, and the Western Hemisphere on intelligence sharing and law enforcement coordination to break up terrorist networks and bring terrorists to justice.
  • Transformed NATO to face 21st century threats, including strengthening the Alliance’s capabilities against WMD and cyber attacks, while leading the international military effort in Afghanistan.
  • Established the Proliferation Security Initiative (PSI) and other multilateral coalitions to stop WMD proliferation and strengthen our ability to locate and secure nuclear and radiological materials around the world.  Dismantled and prevented the reconstitution of the A.Q. Khan proliferation network, an extensive, international network that had spread sensitive nuclear technology and capability to Iran, Libya, and North Korea.
  • Worked with European partners to limit Iran’s ability to develop weapons of mass destruction and ballistic missiles and finance terrorism, and initiated targeted sanctions against Iran’s Quds Force.  Gathered support for and won passage of three Chapter VII United Nations Security Council resolutions that impose sanctions on Iran and require it to suspend its uranium enrichment and other proliferation-sensitive nuclear activities.
  • Established the Six Party Talks framework in partnership with China, South Korea, Japan, and Russia.  Obtained a commitment from North Korea to abandon all nuclear weapons and existing nuclear programs.  Since November 2007, USG experts have supervised North Korea’s activities to disable its plutonium production capability.
  • Persuaded Libya to disclose and dismantle all aspects of its WMD and advanced missile programs, renounce terrorism, and accept responsibility for prior acts of terror.  Normalized our relations with Libya as a result.
  • Signed agreements for missile defense sites in the Czech Republic and Poland to help protect America and its allies from the threat of WMD delivered by ballistic missiles.  Obtained NATO endorsement of plans to deploy missile defense assets in Europe.

SecDef on Gitmo and Detainees Too Dangerous

Posted on by

A partial closing? An Executive Order to overrule the law and Congress? There are no more enemy combatants anywhere in the world? Where would a new president send enemy combatants? What about the next Secretary of Defense?

Thoughts?

Ash Carter: There Are Gitmo Detainees so Dangerous That it Is Not Safe to Transfer Them

FreeBeacon: Defense Secretary Ash Carter told reporters on Monday there are detainees at the Guantanamo Bay military prison who are so dangerous that it would not be safe to transfer them outside the care of the United States.

Carter and President Obama have drawn up a plan to move many of the remaining 91 detainees into the custody of foreign governments. Detainees not cleared for transfer overseas—those who Carter describes as too dangerous to go elsewhere—would be moved stateside in an effort to close the detention facility.

Moving Detainees From Gitmo To U.S. Is Reckless and Dangerous

February 23, 2016

WASHINGTON, D.C. – Representative Darrell Issa (R-Ca.) issued the following statement on the President’s plan to close the detention facility at Guantanamo Bay and relocate some of the most dangerous detainees into the United States:

“President Obama is once again proving his willingness to set aside the rule of law to pursue his own reckless agenda no matter the consequences for the American people. The plan announced today would take detainees deemed too dangerous to transfer to other countries and bring them right into our own backyards. It risks the lives and safety of American citizens and it’s not what the people expect of our commander-in-chief.”

“The administration has already let nearly 150 detainees go free, only to see many of them return to terrorist groups and rejoin the fight against us. Instead of focusing on finding new homes for terrorists, the President should refocus his efforts on winning the War on Terror and bringing an end to the extremist groups seeking to do us harm.”

 

 

Carter made his comment while holding a press briefing at the Pentagon along with Joseph Dunford, the chairman of the Joint Chiefs of Staff.

A reporter asked Carter if the United States is thinking of transferring the Guantanamo Bay naval base back to the Cuban government, which he denied while drawing a distinction between the naval base and the detention facility.

“The base is separate from the detention facility,” Carter said in response. “The base is in a strategic location. We’ve had it for a long time. It’s important to us, and we intend to hold onto it.”

Carter then turned his attention to the detention center within the naval base, which he said is the specific focus of the Obama administration’ closure plan.

“With respect to the detention facility at [Guantanamo], which is what the president was speaking about last week … there are people in the Guantanamo Bay detention facility whom it is not safe to transfer to any other—they have to stay in U.S. detention,” Carter said. “Safety is the top priority for me, the chairman, and for the president.”

Carter then said that because some detainees are too dangerous to release, there needs to be an alternate facility in the U.S. for these individuals to go if Guantanamo is closed, which is at the heart of Obama’s proposal.

The Pentagon is reportedly looking at send prisoners to either the federal Supermax prison in Florence, Colo., the military prison in Leavenworth, Kansas, or the Naval Consolidated Brig in Charleston, S.C.

One problem for the administration, however, is that it is currently illegal to move Guantanamo detainees to U.S. soil. Carter said at Monday’s briefing that Congress must change the law for the closure plan to go into effect.

“[Obama’s Guantanamo plan] can’t be done unless Congress acts, which means Congress has to support the idea that it would be good to move this facility and the detainees to the United States … it’s good if it can be done, but it can’t be done under current law. The law would have to be changed. That’s the reason we would put the proposal in front of Congress,” Carter said.

This may prove difficult for the administration, as a bipartisan majority in both houses of Congress disapprove of closing Guantanamo and transferring detainees to the U.S.

Carter reaffirmed his support for the president’s plan, citing its fiscal benefits—U.S. officials say it would save the government between $65 million and $85 million per year—and benefits for U.S. military personnel charged with duty at Guantanamo. He said the plan is good “on balance” and that he does not want to pass the Guantanamo issue to the next president and Defense Secretary if possible.

The president has long maintained that Guantanamo should be closed because the detention facility is not in keeping with American values and serves as a recruiting tool for terrorists.

Those who want Guantanamo to remain open argue that the facility is necessary to hold enemy combatants who are members of jihadist groups like al Qaeda to keep them off the battlefield and gather intelligence. They cite the reportedly exceptional treatment detainees receive at the facility, which military leaders have detailed to reporters, as well as experts who say that Guantanamo plays a minimal role in jihadist propaganda.

The recidivism rate for Guantanamo detainees who are released and return to terrorist activity is about 30 percent, according to experts.

A recent example that garnered attention was Ibrahim al Qosi, a former aide to Osama bin Laden who was sent to Guantanamo in 2002 and released 10 years later. Al Qosi resurfaced this month as a senior member of al Qaeda in the Arabian Peninsula, the terror group’s most dangerous branch.

When asked about al Qosi’s return to jihadist activity at a Senate Appropriations Committee hearing last week, Secretary of State John Kerry lamented that “he’s not supposed to be doing that.”

It is important to understand the term enemy combatant, lawful and unlawful as defined the Geneva Convention. You can read the 10 items here.

 

 

 

CAIR -1 FBI-0

Posted on by

Go to the FBI website and see for yourself.  Violent extremism is a politically correct phrase…..a dangerous one.

New FBI Counter Extremism Site Fails to Mention Islamism

The FBI altered its website ‘Don’t Be a Puppet’ after pressure from the Muslim-Brotherhood-linked Council on American-Islamic Relations (CAIR).

ClarionProject: The FBI has launched a new website to counter extremism, but it has been stripped of references to Islamist extremism or Islam.

Titled “Don’t be a Puppet,” the site tries to deconstruct some of the motivating factors that lead people into extremism. It’s aimed for use in high schools or other programs for teenagers.

The website was originally slated to launch in November 2015, but did not, following criticisms from the Council on American-Islamic Relations (CAIR). At the time, CAIR expressed concerns about a new FBI “countering violent extremism” (CVE) online program that would make teachers an extension of law enforcement and may stigmatize and increase bullying of Muslim students.”

Several community organizations told The New York Times they thought the website “focuses almost entirely on Islamic extremism.”

The site was then put on hold, eventually launching in February 2016.

There is no reason why a site that targets the specific roots of Islamist terrorism and tackles the ideology openly should increase the bullying of Muslim students. On the contrary, if the site’s explanation properly separates the theocratic totalitarian political ideology of Islamism

IslamismGlossary Item

The interpretation of Islam as a governmental system in which strict Sharia law must be enforced; synonymous with Political Islam.

from the religion of Islam in general, then it should have the opposite impact – calming fears about Muslims by painting an accurate picture about what is going on.

The updated version of the site includes only vague generalities about different types of “violent extremism.” CAIR had lobbied the FBI to change the content of the game, which the agency seems to have done.

The types of extremism listed incude:

  • White Supremacy Extremists
  • Environmental Extremists
  • Militia Extremists
  • Religious Extremists
  • Anarchist Extremists

“It’s the FBI’s primary responsibility—working with its many partners—to protect the nation from attacks by violent extremists,” the website’s introduction states. “One important way to do that is to keep young people—the future of our country—from embracing violent extremist ideologies in the first place.”

“This website is designed to help do just that. Built by the FBI in consultation with community leaders and other partners, it uses a series of interactive materials to educate teens on the destructive nature of violent extremism and to encourage them to think critically about its messages and goals.”

Although the website mentions specific terrorist attacks including 9/11 as being carried out by al-Qaeda, it failed to name the specific ideology driving Islamist terrorist attacks worldwide.

Without a clear explanation of the ideology behind Islamist terrorism, the FBI presents the problem as solely one of violence, in sharp contrast to the reality of the many non-violent Islamist groups which are working towards their ambitions of a global Islamist caliphate

CaliphateGlossary Item

An Islamic State where Sharia is the basis of governance; usually used in reference to past Islamic empires in the Middle East.

through political means. Foremost among these is the Muslim Brotherhood, one branch of which is the terrorist organization Hamas.

The Council on American Islamic Relations is facing a possible ban in the U.S. after legislation to ban Muslim Brotherhood

Muslim BrotherhoodGlossary Item

A worldwide Islamist organization founded in Egypt in 1928 by Hassan al-Banna that seeks to implement Sharia-based governance globally.

entities in America as terrorist organizations passed the House Judiciary Committee. CAIR is listed as one of three US Muslim Brotherhood entities.

A mountain of documentation shows that CAIR’s role in the U.S. Muslim Brotherhood’s Palestine Committee. Two of CAIR’s founders were present at a secret meeting in 1993 that was wiretapped by the FBI where they were instructed to deceive American audiences.

“War is deception,” they said at the meeting.

 

Hillary’s Email Pals Included the WH and SCOTUS Judges

Posted on by

Sheesh…..now what about the 30,000 emails about ah yoga and wedding plans…yeah, yoga sure Hillary. What about the emails from the White House to Hillary…ah all this transparency is well infectious eh?

Ever wonder why a Secretary of State needed to email, confer and be email pals with selected Supreme Court justices?

Hillary’s email account an open secret in Washington long before scandal broke

WashingtonTimes: Hundreds of people — from White House officials and titans of the mainstream media to senators, Supreme Court justices and many of her top colleagues at the State Department — could have known about Hillary Clinton’s secret email account, if only they’d cared to look closely enough.

Listed on some of the more than 28,000 messages Mrs. Clinton released so far are several White House chiefs of staff and a former director of the Office of Management and Budget, much of the rest of official Washington, and a number of people who had oversight of the State Department’s key operations and open-records obligations. President Obama was also on a series of messages, though the government is withholding those.

But just how widely disseminated Mrs. Clinton’s address was became clear in a single 2011 message from Anne-Marie Slaughter, who appeared to include Mrs. Clinton on a message alongside Supreme Court Justices Stephen G. Breyer and Elena Kagan, reporters Jeffrey Toobin, David Brooks, Fred Hiatt and Evan Thomas, CIA Director David H. Petraeus, top Obama aide Benjamin Rhodes and former White House counsel Gregory Craig.

 
Computer specialists said they would have had to know what they were looking for to spot Mrs. Clinton’s address, but it was there for anyone who did look — raising questions about how her unique arrangement remained secret for so long. It came to the public’s attention when news broke in March 2015 in The New York Times — after it was uncovered by a congressional investigation into the 2012 Benghazi terrorist attack.

The State Department has since acknowledged that it did not search Mrs. Clinton’s messages in response to open-records requests filed under federal law, and federal District Judge Emmet G. Sullivan is prodding the department about how the situation got so out of hand.

“We’re talking about a Cabinet-level official who was accommodated by the government for reasons unknown to the public. And I think that’s a fair statement — for reasons unknown to the public,” the judge said at a hearing last week, where he decided to approve conservative legal group Judicial Watch’s request for discovery to pry loose more details about who approved the odd email setup and how it ducked the rules.
“All the public can do is speculate,” Judge Sullivan told the government lawyers who have been fighting to drag out the release of the messages Mrs. Clinton has turned over, and to prevent her from having to relinquish thousands of others. “You want me to say it’s done, but I can’t do that right now.”

The final batch of messages the State Department has in its custody — 2,000 of them — is due to be released Monday.

The facts have changed dramatically since the emails were first revealed and Mrs. Clinton insisted that she set up her unique arrangement out of “convenience” for herself and insisted no classified material was sent on the account.

Already, 1,782 messages have been deemed to contain classified material, and 22 of those messages contain “secret” information. Another 22 messages contain “top secret” material so sensitive that the government won’t even release any part of them, meaning they will remain completely hidden from the public.

Mrs. Clinton’s arrangement set off public policy and security debates. Analysts said her server was likely unprotected against any moderately sophisticated attack.

Although details remain sketchy as to what protection Mrs. Clinton used, analysts said having one person maintaining her server is no way to protect sensitive information from a hack. Christopher Soghoian, principal technologist at the American Civil Liberties Union, said there is no evidence that Mrs. Clinton was having her server tested by independent specialists — a major oversight.

“You cannot secure your server with one guy working part time,” Mr. Soghoian said.

That one person, Bryan Pagliano, who reportedly worked for Mrs. Clinton at the State Department and on the side as her server technician, asserted his Fifth Amendment right against incriminating himself in testimony to Congress last year.

Even if the server itself wasn’t compromised, Mr. Soghoian said, Mrs. Clinton was sending email over the broader Internet, where an enterprising opponent could have intercepted messages. If she had been using a State.gov account to email others within the government, that wouldn’t have been possible, he said.

There is no evidence that Mrs. Clinton was hacked, but analysts said that’s of little comfort. Even if the FBI doesn’t find evidence, it is not conclusive.

“Clinton’s use of unencrypted email left her vulnerable to nation states. There’s no amount of investigation the FBI can do to prove that didn’t happen,” Mr. Soghoian said.

Bob Gourley, co-founder of cybersecurity consultancy Cognitio, said the government has to assume Mrs. Clinton’s server was compromised, and he said it begs the question of why she declined to use a State.gov account and instead set up her own off-site server.

“All indications are this was not just a matter of convenience,” he said. “There’s no reason why she should have used her own server and go to all the trouble to do that unless she wanted to hide something.”

That something, Mr. Gourley believes, is the negotiating she did on behalf of the Clinton Foundation, founded by her husband, former President Bill Clinton. She helped lead the foundation as soon as she stepped down from the secretary’s job.

The security analyst said he suspects details of those negotiations are part of the 30,000 messages Mrs. Clinton indicated she sent during her time in office but that she declined to turn back to the State Department. The former secretary said those messages were personal business, such as scheduling yoga classes or arranging her daughter Chelsea’s wedding.

Judicial Watch is trying to get Mrs. Clinton to turn over those messages to the State Department, and that’s the case pending before Judge Sullivan.

“The big story on Monday is, wow, now we have reviewed about half of Mrs. Clinton’s reported records. Where’s the other half?” said Judicial Watch President Tom Fitton. “That’s what our discovery is about. Where’s the other half, and how can we find out so they can be retrieved and reviewed and released to the public?”

Mrs. Clinton says the Obama administration is overclassifying her messages. She says she would like all of the messages she returned to the government released, including presumably the 22 the government deems so “top secret” that they can’t be shared even in part.

She and her campaign have questioned the political motivations or conclusions of the inspectors general who have pushed for classification, to Judge Sullivan, whose order of discovery could force her aides to answer tough questions and could eventually lead to her having to return the rest of her emails.

Mr. Fitton said the questions Judicial Watch will ask during discovery include how the government supported her email server, why the folks who handled Freedom of Information Act open-records requests weren’t made aware of it, who else used it, what security precautions were taken and who approved it.

A Washington Times analysis of the more than 28,000 messages that have been released show dozens of State Department employees, from the lowest to the highest levels, were aware that Mrs. Clinton was using her unique arrangement to conduct government business.

The extensive awareness within the department struck Judge Sullivan.

“How on earth can the court conclude that there’s not, at a minimum, a reasonable suspicion of bad faith regarding the State Department’s response to this FOIA request?” he said at a hearing last week.

Mrs. Clinton’s successor, current Secretary of State John F. Kerry, was one of those who emailed with Mrs. Clinton on her secret account during his time in the Senate. He was one of a handful of senators The Times found who were pen pals with Mrs. Clinton.

Last week, Mr. Kerry tried to explain how he missed Mrs. Clinton’s behavior and told Congress he simply mailed the address he was given.

“I didn’t think about it. I didn’t know if she had an account, or what the department gave her at that point in time, or what she was operating with. I had no knowledge,” he told Rep. Darrell E. Issa, a California Republican who prodded him on the matter.

Stories about odd email practices have continued to dog Mr. Obama’s tenure. His former administrator at the Environmental Protection Agency, Lisa P. Jackson, used a secret agency email address to conduct government business, but the EPA says those messages were searched in open-records requests.

Defense Secretary Ashton Carter used a private address to conduct some government business in the first months after taking office. He said the practice was wrong and apologized for it.

Mr. Gourley, the cybersecurity specialist, said Mrs. Clinton’s practice went beyond that. He compared it to a phone, saying everyone has a home phone or personal cellphone, and even top government officials occasionally use it for official business. But in Mrs. Clinton’s case, she rejected an official government email account and used only her secret account.

“Those kinds of rules were just totally flouted by Clinton,” he said.

After Ukraine, DHS Warns Domestic Utility Companies

Posted on by

Feds advise utilities to pull plug on Internet after Ukraine attack

WashingtonExaminer: The Department of Homeland Security advised electric utilities Thursday that they may need to stop using the Internet altogether, after the agency found that a cyberattack that brought down Ukraine’s power grid in December could have been far more devastating than reported.

The Dec. 23 cyberattack forced U.S. regulators to place utilities on alert after unknown attackers caused thousands of Ukrainian residents to lose power for hours by installing malicious software, or malware, on utility computers. But the Department of Homeland Security said Thursday that the attack may have been directed at more than just the country’s electricity sector, suggesting the attackers were looking to cause more harm than was reported.

In response, federal investigators are recommending that U.S. utilities and other industries “take defensive measures.” To start with, they need to best practices “to minimize the risk from similar malicious cyber activity,” according to an investigative report issued Thursday by Homeland Security’s Industrial Control Systems Cyber Emergency Response Team.

But the team is also recommending more drastic action, such as keep control-system computers away from the Internet.

“Organizations should isolate [industrial control system] networks from any untrusted networks, especially the Internet,” the report says. “All unused ports should be locked down and all unused services turned off. If a defined business requirement or control function exists, only allow real-time connectivity to external networks. If one-way communication can accomplish a task, use optical separation.”

The findings show that the power outages were caused by three attacks using cyberintrusion software to attack electric power distribution companies, affecting about 225,000 customers. It also reveals that once power was restored, the utilities continued “to run under constrained operations,” implying that the damage to grid control systems was profound.

The team also learned that “three other organizations, some from other critical infrastructure sectors, were also intruded upon but did not experience operational impacts.” That suggests the attackers were going after more than just the power grid, and may have been planning a much more economy-wide attack. The team does not disclose what other sectors of the country were targeted.

The team said the attack was well-planned, “probably following extensive reconnaissance of the victim networks,” the report says. “According to company personnel, the cyberattacks at each company occurred within 30 minutes of each other and impacted multiple central and regional facilities.”

The attackers were attempting to make the damage permanent. The report says the attackers installed “KillDisk” malware onto company computers that would erase data necessary to reboot operations after a cyberattack.

There is also a mystery to the attackers’ actions.

“Each company also reported that they had been infected with BlackEnergy malware; however, we do not know whether the malware played a role in the cyberattacks,” the report says. The malware was delivered using an email embedded hacking technique known as “spear phishing” that contained a number of malicious Microsoft Office attachments.

“It is suspected that BlackEnergy may have been used as an initial access vector to acquire legitimate credentials; however, this information is still being evaluated,” the team says.

The investigation was done with Ukraine authorities and involved the FBI, Department of Energy and the North American Electric Reliability Corporation.

*** 

New research is shining a light on the ongoing evolution of the BlackEnergy malware, which has been spotted recently targeting government institutions in the Ukraine.

Security researchers at ESET and F-Secure each have dived into the malware’s evolution. BlackEnergy was first identified several years ago. Originally a DDoS Trojan, it has since morphed into “a sophisticated piece of malware with a modular architecture, making it a suitable tool for sending spam and for online bank fraud,” blogged ESET’s Robert Lipovsky.

“The targeted attacks recently discovered are proof that the Trojan is still alive and kicking in 2014,” wrote Lipovsky, a malware researcher at ESET.

ESET has nicknamed the BlackEnergy modifications first spotted at the beginning of the year ‘BlackEnergyLite’ due to the lack of a kernel-mode driver component. It also featured less support for plug-ins and a lighter overall footprint.

“The omission of the kernel mode driver may appear as a step back in terms of malware complexity: however it is a growing trend in the malware landscape nowadays,” he blogged. “The threats that were among the highest-ranked malware in terms of technical sophistication (e.g., rootkits and bootkits, such as Rustock, Olmarik/TDL4, Rovnix, and others) a few years back are no longer as common.”

The malware variants ESET has tracked in 2014 – both of BlackEnergy and of BlackEnergy Lite – have been used in targeted attacks. This was underscored by the presence of plugins meant for network discovery, remote code execution and data collection, Lipovsky noted.

“We have observed over a hundred individual victims of these campaigns during our monitoring of the botnets,” he blogged. “Approximately half of these victims are situated in Ukraine and half in Poland, and include a number of state organizations, various businesses, as well as targets which we were unable to identify. The spreading campaigns that we have observed have used either technical infection methods through exploitation of software vulnerabilities, social engineering through spear-phishing emails and decoy documents, or a combination of both.”

In a whitepaper, researchers at F-Secure noted that in the summer of 2014, the firm saw samples of BlackEnergy targeting Ukrainian government organizations for the purposes of stealing information. These samples were nicknamed BlackEnergy 3 by F-Secure and identified as the work of a group the company refers to as “Quedagh.” According to F-Secure, the group is suspected to have been involved in cyber-attacks launched against Georgia during that country’s conflict with Russia in 2008.

“The Quedagh-related customizations to the BlackEnergy malware include support for proxy servers and use of techniques to bypass User Account Control and driver signing features in 64-bit Windows systems,” according to the F-Secure whitepaper. “While monitoring BlackEnergy samples, we also uncovered a new variant used by this group. We named this new variant BlackEnergy 3.”

Only Quedagh is believed to be using BlackEnergy 3, and it is not available for sale on the open market, noted Sean Sullivan, security advisor at F-Secure.

“The name [of the group] is based on a ship taken by Captain Kidd, an infamous privateer,” he said. “It is our working theory that the group has previous crimeware experience. Its goals appear to be political but they operate like a crimeware gang. There have been several cases this year of which BlackEnergy is the latest. The trend is one of off-the-shelf malware being used in an APT [advanced persistent threat] kind of way. The tech isn’t currently worthy of being called APT, but its evolving and scaling in that direction.”

Within a month of Windows 8.1’s release, the group added support for 64-bit systems. They also used a technique to bypass the driver-signing requirement on 64-bit Windows systems.

In the case of BlackEnergy 3, the malware will only attempt to infect a system if the current user is a member of the local administration group. If not, it will re-launch itself as Administrator on Vista. This will trigger a User Account Control (UAC) prompt. However, on Windows 7 and later, the malware will look to bypass the default UAC settings.  

“The use of BlackEnergy for a politically-oriented attack is an intriguing convergence of criminal activity and espionage,” F-Secure notes in the paper. “As the kit is being used by multiple groups, it provides a greater measure of plausible deniability than is afforded by a custom-made piece of code.”

In 2014 from the Department of Interior and DHS:

Summary: Investigation of NPS-GCNP SCADA SYSTEM

Report Date: August 7, 2014

OIG investigated allegations that the Supervisory Control and Data Acquisition (SCADA) system at Grand Canyon National Park (Park) may be obsolete and prone to failure. In addition, it was alleged only one Park employee controlled the system, increasing the potential for the system to fail or become unusable.

The SCADA system is a private utilities network that monitors and controls critical infrastructure elements at the Park. Failure of the system could pose a health and safety risk to millions of Park visitors. Due to potential risks that system failure posed, we consulted with the U.S. Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) and asked that they assess the overall architecture and cybersecurity of the Park’s SCADA system.

ICS-CERT conducted an onsite review and issued a report outlining the weaknesses it found at the Park’s SCADA system, including obsolete hardware and software, inadequate system documentation and policies, insufficient logging and data retention. We provided a copy of ICS-CERT’s assessment report to the National Park Service for review and action.