Category Archives: Department of Homeland Security

Obama Gave Clemency to 95 Convicts, Who are They

Posted on by

Obama gave the warning earlier this year. He also has collaborated with an outside agency on who and why he commutes their sentences.

WASHINGTON — President Barack Obama plans to grant clemency to federal offenders “more aggressively” during the remainder of his presidency, he said in a sit-down interview with The Huffington Post on Friday.

Obama has faced criticism for rarely using his power to grant pardons and commutations. In December, he commuted the sentences of eight federal drug offenders, including four who had been sentenced to life. That brought his total number of commutations to 18.

Obama said he had granted clemency so infrequently because of problems in the Justice Department’s Office of the Pardon Attorney. The former head of that office, who was appointed during the George W. Bush administration, resigned in April amid criticism from criminal justice advocates.

“I noticed that what I was getting was mostly small-time crimes from very long ago,” Obama said. “It’d be a 65-year-old who wanted a pardon to get his gun rights back. Most of them were legitimate, but they didn’t address the broader issues that we face, particularly around nonviolent drug offenses. So we’ve revamped now the DOJ office. We’re now getting much more representative applicants.”

Many of those new applications came from what’s known as the Clemency Project 2014, announced when the head of the Office of the Pardon Attorney resigned. That project, which operates independently of the government, is intended to help DOJ sort through a huge number of applicants to figure out who meets specific criteria laid out by the administration.

4 of the 95 Prisoners Obama Just Set Free Had Nothing to Do With Drug Sentences

On Friday, President Obama granted clemency to 95 convicted prisoners. The vast majority of these individuals received harsh sentences for relatively minor drug offenses. Most of them will become free men and women on April 16, 2016.

Speaking to the press, Obama said:

“Earlier today, I commuted the sentences of 95 men and women who had served their debt to society – another step forward in upholding our fundamental ideals of justice and fairness.”

While they were referred to by the media as “drug offenders,” four of the men and women included were not punished for anything having to do with drugs. Here is some background on these “Freed Four.”

George Andre Axam

Crime: possession of a firearm by a convicted felon

Sentence: 15 years in prison

Though Axam had a history of drug abuse and felony offenses, the crime for which he was imprisoned occurred in December of 2001.

After arguing with his daughter outside his Atlanta house, Axam went back inside, retrieved a gun, then went outside and reportedly aimed it at his daughter’s boyfriend, who was sitting in a car. Axam proceeded to fire “one of two shots in [the boyfriend’s] direction,” then fled into the woods when the police came after him.

Carolyn Yvonne Butler

Crime: Three counts each of armed bank robbery and using a firearm during a violent crime

Sentence: 48 years in prison

Butler robbed three banks at gunpoint in 1991 – one on June 4, another on July 10, and the third on November 22. She reportedly purchased a .25 caliber pistol in San Antonio two days before the first crime.

Though she appealed her guilty verdicts, the U.S. Court of Appeals upheld her convictions.

Jon Dylan Girard

Crime: Counterfeiting

Sentence: Six months of home confinement and three years probation

Girard, a physician in Dayton, Ohio, was convicted of counterfeiting in 2002. He was granted a full pardon by the President.

Melody Eileen Homa (née Childress)

Crime: Aiding and abetting bank fraud

Sentence: Thirty days of home confinement, three years probation, 200 hours of community service

Homa committed her crime way back in 1991. Like Girard, the presidential pardon expunged the bank fraud charges from her record.

It’s unclear why these four individuals were tapped for sentence commutation or pardon. Obama has now granted clemency to a total of 163 prisoners in 2015.

Tashfeen Malik’s Visa Application Clues to Jihad

Posted on by

The trained Jihad widow by al Qaeda?

In part from BusinessInsider:

Malik, who was born in Pakistan and lived in Saudi Arabia for part of her life, moved to the US after meeting Farook first online and then in person when he traveled to Mecca for a religious pilgrimage in 2013. Farook was born in the US.

Malik was allowed to enter the US on a K-1 “fiance” visa. That program is now under more scrutiny, with the US government considering stronger screening measures for applicants. The House Judiciary Committee is investigating the issuance of Malik’s visa by Homeland Security officials.

Her application lists addresses in Pakistan and Saudi Arabia, including in Punjab Province and Riyadh, where Malik has lived in the past five years.

Farook also wrote the following “intention to marry” statement as part of Malik’s visa application. In the statement, signed on January 20, 2014, Farook wrote that he and Malik “intend to marry within the first month of her arriving in the US.”

Syed Rizwan Farook marriage statementHouse Judiciary Committee

A stamp on the document shows that Malik was admitted into the US on July 27, 2014.

Malik and Farook had both reportedly been radicalized before they met.

FBI Director James Comey said at a US Senate hearing earlier this month that they discussed jihad and martyrdom before they discussed Malik coming to the US to marry Farook.

And a friend of Farook, who has since been arrested, allegedly told authorities after the attacks that he was planning other attacks with Farook in 2011 and 2012.

Malik also reportedly posted a message on Facebook pledging allegiance to the leader of the terrorist group ISIS — aka the Islamic State, ISIL, and Daesh — while the San Bernardino attack was ongoing. She and Farook died in a shootout with police later that day.

Here’s the full visa application:

Tashfeen Malik Visa Application

 

Softest Target, Powergrid: Hacked Often

Posted on by

Report: U.S. electrical grid hacked repeatedly over past decade

WashingtonExaminer: State-backed hackers have probed and gained control of networks in parts of the electrical grid at least a dozen times over the last decade, according to officials.

“The grid is a tough target, but a lucrative target,” Keith Alexander, a former director of the National Security Agency, told the Associated Press. “The number of sophisticated attacks is growing. There is a constant, steady upbeat.”

Intrusions have come from China, Russia and Iran. Rather than trying to inflict immediate damage, officials say, the perpetrators have been trying to probe for vulnerabilities and stow away in critical systems.

“If the geopolitical situation changes and Iran wants to target these facilities, if they have this kind of information it will make it a lot easier,” Robert Lee, a former U.S. Air Force cyberwarfare operations officer, told the AP. “It will also help them stay quiet and stealthy inside.”

One specific incident cited by the AP involved Calpine Corp., a power producer with 100 power plants operating in 18 states and Canada. Experts say that information stolen from one of Calpine’s contractors was used to gain access to the company’s systems in 2013, and added that to the best of their knowledge, the perpetrator may still have access to Calpine’s systems today.

Citing another incident, the Wall Street Journal reported on Sunday that Iranian hackers gained control over the operating system of a small dam less than 20 miles from New York City. Officials from the FBI looked into the incident at the Bowman Avenue Dam in Rye, New York, in 2013.

The Department of Homeland Security would not confirm that event, but said in a statement that it was continuing “to coordinate national efforts to strengthen the security and resilience of critical infrastructure” and “working to raise awareness about evolving threats and promote measures to reduce risks.”

Part of the problem is that the technology powering critical infrastructure is often decades old.

“Some of the control systems boot off of floppy disks,” said Patrick Miller, who formerly performed hydroelectric dam cybersecurity for the U.S. Bureau of Reclamation and Army Corps of Engineers. “Some dams have modeling systems that run on something that looks like a washing machine hooked up to tape spools. It looks like the early NASA stuff that went to the moon.”

Intelligence officials have consistently cited the nation’s critical infrastructure as its most significant modern vulnerability in cyberspace. “My No. 1 threat that I see here is the threat to our critical infrastructure,” National Counterintelligence Executive William Evanina told the Washington Examiner in November.

Adm. Mike Rogers, the director of the National Security Agency and head of U.S. Cyber Command, has expressed the same sentiment.

“It is only a matter of ‘when’ that someone uses cyber as a tool to do damage to the critical infrastructure of our nation,” Rogers said in October. “I’m watching nation-states, groups within some of that infrastructure.

“At the moment, it seems to be really focused on reconnaissance and attempting to understand the characteristics of the structure, but it’s only a matter of time I believe until someone actually does something destructive,” Rogers added.

***

How it was found?

SAN JOSE, California (AP) — Security researcher Brian Wallace was on the trail of hackers who had snatched a California university’s housing files when he stumbled into a larger nightmare: Cyberattackers had opened a pathway into the networks running the United States’ power grid.

 

Digital clues pointed to Iranian hackers. And Wallace found that they had already taken passwords, as well as engineering drawings of dozens of power plants, at least one with the title “Mission Critical.” The drawings were so detailed that experts say skilled attackers could have used them, along with other tools and malicious code, to knock out electricity flowing to millions of homes.

Wallace was astonished. But this breach, The Associated Press has found, was not unique.

About a dozen times in the last decade, sophisticated foreign hackers have gained enough remote access to control the operations networks that keep the lights on, according to top experts who spoke only on condition of anonymity due to the sensitive nature of the subject matter.

The public almost never learns the details about these types of attacks — they’re rarer but also more intricate and potentially dangerous than data theft. Information about the government’s response to these hacks is often protected and sometimes classified; many are never even reported to the government.

These intrusions have not caused the kind of cascading blackouts that are feared by the intelligence community. But so many attackers have stowed away in the largely investor-owned systems that run the U.S. electric grid that experts say they likely have the capability to strike at will.

And that’s what worries Wallace and other cybersecurity experts most.

“If the geopolitical situation changes and Iran wants to target these facilities, if they have this kind of information it will make it a lot easier,” said Robert M. Lee, a former U.S. Air Force cyberwarfare operations officer.

In 2012 and 2013, in well-publicized attacks, Russian hackers successfully sent and received encrypted commands to U.S. public utilities and power generators; some private firms concluded this was an effort to position interlopers to act in the event of a political crisis. And the Department of Homeland Security announced about a year ago that a separate hacking campaign, believed by some private firms to have Russian origins, had injected software with malware that allowed the attackers to spy on U.S. energy companies.

“You want to be stealth,” said Lillian Ablon, a cybersecurity expert at the RAND Corporation. “That’s the ultimate power, because when you need to do something you are already in place.”

The hackers have gained access to an aging, outdated power system. Many of the substations and equipment that move power across the U.S. are decrepit and were never built with network security in mind; hooking them up to the Internet over the last decade has given hackers new backdoors in. Distant wind farms, home solar panels, smart meters and other networked devices must be remotely monitored and controlled, which opens up the broader system to fresh points of attack.

View gallery

This image obtained by The Associated Press in September …

This image obtained by The Associated Press in September 2015 shows a portion of a computer networki …

Hundreds of contractors sell software and equipment to energy companies, and attackers have successfully used those outside companies as a way to get inside networks tied to the grid.

Attributing attacks is notoriously tricky. Neither U.S. officials nor cybersecurity experts would or could say if the Islamic Republic of Iran was involved in the attack Wallace discovered involving Calpine Corp., a power producer with 82 plants operating in 18 states and Canada.

Private firms have alleged other recent hacks of networks and machinery tied to the U.S. power grid were carried out by teams from within Russia and China, some with governmental support.

Even the Islamic State group is trying to hack American power companies, a top Homeland Security official told industry executives in October.

The attack involving Calpine is particularly disturbing because the cyberspies grabbed so much, according to previously unreported documents and interviews.

Cybersecurity experts say the breach began at least as far back as August 2013.

Calpine spokesman Brett Kerr said the company’s information was stolen from a contractor that does business with Calpine. He said the stolen diagrams and passwords were old — some diagrams dated to 2002 — and presented no threat, though some outside experts disagree.

Kerr would not say whether the configuration of the power plants’ operations networks — also valuable information — remained the same as when the intrusion occurred, or whether it was possible the attackers still had a foothold.

The hackers stole user names and passwords that could be used to connect remotely to Calpine’s networks, which were being maintained by a data security company. Even if some of the information was outdated, experts say skilled hackers could have found a way to update the passwords and slip past firewalls to get into the operations network. Eventually, they say, the intruders could have shut down generating stations, fouled communications networks and possibly caused a blackout near the plants.

They also took detailed engineering drawings of networks and power stations from New York to California — 71 in all — showing the precise location of devices that communicate with gas turbines, boilers and other crucial equipment attackers would need to hack specific plants.

Cylance researchers said the intruders stored their stolen goods on seven unencrypted FTP servers requiring no authentication to access details about Calpine’s plants. Jumbled in the folders was code that could be used to spread malware to other companies without being traced back to the attackers’ computers, as well as handcrafted software designed to mask that the Internet Protocol addresses they were using were in Iran.

Calpine didn’t know its information had been compromised until it was informed by Cylance, Kerr said.

Iranian U.N. Mission spokesman Hamid Babaei did not return calls or address questions emailed by AP.

Cylance notified the FBI, which warned the U.S. energy sector in an unclassified bulletin last December that a group using Iran-based IP addresses had targeted the industry.

Homeland Security spokesman SY Lee said that his agency is coordinating efforts to strengthen grid cybersecurity nationwide and to raise awareness about evolving threats to the electric sector through industry trainings and risk assessments. As Deputy Secretary Alejandro Mayorkas acknowledged in an interview, however, “we are not where we need to be” on cybersecurity.

That’s partly because the grid is largely privately owned and has entire sections that fall outside federal regulation, which experts argue leaves the sector poorly defended against a growing universe of hackers seeking to access its networks.

As Deputy Energy Secretary Elizabeth Sherwood Randall said in a speech earlier this year, “If we don’t protect the energy sector, we are putting every other sector of the economy in peril.”

 

Forget the EMP, It’s the Hack, You’re at Risk

Posted on by

Iranian hackers infiltrated computers of small dam in NY

WASHINGTON (Reuters) – Iranian hackers breached the control system of a dam near New York City in 2013, an infiltration that raised concerns about the security of the country’s infrastructure, the Wall Street Journal reported on Monday, citing former and current U.S. officials.

Two people familiar with the breach told the newspaper it occurred at the Bowman Avenue Dam in Rye, New York. The small structure about 20 miles from New York City is used for flood control.

The hackers gained access to the dam through a cellular modem, the Journal said, citing an unclassified Department of Homeland Security summary of the incident that did not specify the type of infrastructure.

The dam is a 20-foot-tall concrete slab across Blind Brook, about five miles from Long Island Sound.

“It’s very, very small,” Rye City Manager Marcus Serrano told the newspaper. He said FBI agents visited in 2013 to ask the city’s information-technology manager about a hacking incident.

The dam breach was difficult to pin down, and federal investigators at first thought the target was a much larger dam in Oregon, the Journal said.

The breach came as hackers linked to the Iranian government were attacking U.S. bank websites after American spies damaged an Iranian nuclear facility with the Stuxnet computer worm.

It illustrated concerns about many of the old computers controlling industrial systems, and the White House was notified of the infiltration, the Journal said.

The newspaper said the United States had more than 57,000 industrial control systems connected to the Internet, citing Shodan, a search engine that catalogs each machine.

Homeland Security spokesman S.Y. Lee would not confirm the breach to Reuters. He said the department’s 24-hour cybersecurity information-sharing hub and an emergency response team coordinate responses to threats to and vulnerabilities in critical infrastructure.

***

Cant Sleep, You are at Risk

In part from Wired: If you want to keep yourself up at night, spend some time reading about the latest developments in cybersecurity. Airplanes hacked, cars hacked, vulnerabilities in a breathtaking range of sensitive equipment from TSA locks to voting booths to medical devices.

The big picture is even scarier. Former NSA Director Mike McConnell suspects China has hacked “every major corporation” in the US. Edward Snowden’s NSA leaks revealed the US government has its own national and international hacking to account for. And the Ponemon Institute says 110 million Americans saw their identities compromised in 2014. That’s one in two American adults.

The system is broken. It isn’t keeping us, our companies, or our government safe. Worse yet, no one seems to know how to fix it.

How Did We Get Here?

One deceptive truth seems to drive much of the cybersecurity industry down a rabbit hole: If you keep bad actors and bad software out of your system, you have nothing to worry about.

Malicious actors target “endpoints”—any device or sensor connected to a network—to break into that network. Network security seeks to protect those endpoints with firewalls, certificates, passwords, and the like, creating a secure perimeter to keep the whole system safe.

This wasn’t difficult in the early days of the Internet and online threats. But today, most private networks have far too many endpoints to properly secure. In an age of “Bring Your Own Device,” the cloud, remote access, and the Internet of Things, there are too many vulnerabilities hackers can exploit. As Ajay Arora, CEO of file security company Vera, notes, there is no perimeter anymore. It’s a dream of the past.

But the security paradigm remains focused on perimeter defense because, frankly, no one knows what else to do. To address threats, security experts should assume compromise – that hackers and malware already have breached their defenses, or soon will – and instead classify and mitigate threats.

The CIA Triad

The information security community has a model to assess and respond to threats, at least as a starting point. It breaks information security into three essential components: confidentiality, integrity, and availability.

Confidentiality means protecting and keeping your secrets. Espionage and data theft are threats to confidentiality.

Availability means keeping your services running, and giving administrators access to key networks and controls. Denial of service and data deletion attacks threaten availability.

Integrity means assessing whether the software and critical data within your networks and systems are compromised with malicious or unauthorized code or bugs. Viruses and malware compromise the integrity of the systems they infect.

The Biggest Threat

Of these, integrity is the least understood and most nebulous. And what many people don’t realize is it’s the greatest threat to businesses and governments today.

Meanwhile, the cybersecurity industry remains overwhelmingly focused on confidentiality. Its mantra is “encrypt everything.” This is noble, and essential to good security. But without integrity protection, the keys that protect encrypted data are themselves vulnerable to malicious alteration. This is true even of authenticated encryption algorithms like AES-GCM.

In the bigger picture, as cybercrime evolves, it will become clear that loss of integrity is a bigger danger than loss of confidentiality. One merely has to compare different kinds of breaches to see the truth of this:

A confidentiality breach in your car means someone learns your driving habits. An integrity breach means they could take over your brakes. In a power grid, a confidentiality breach exposes system operating information. An integrity breach would compromise critical systems, risking failure or shutdown. And a confidentiality breach in the military would mean hackers could obtain data about sensitive systems. If they made an integrity beach, they could gain control over these weapons systems. Full details and actions you can take to protect yourself, go here.

Juniper Hacked, Several Govt Agencies at Risk

Posted on by

Backdoor Code Found in Firewall

Engadget: One of the reasons corporate users and the privacy-minded rely on VPNs is to control access to their networks and (hopefully) not expose secrets over insecure connections. Today Juniper Networks revealed that some of its products may not have been living up to that standard, after discovering “unauthorized code” in the software that runs on its NetScreen firewalls during a code review. Pointed out by security researcher “The Grugq,” the backdoor has been present since late 2012 and can only be fixed by upgrading to a new version of software just released today.

Telnet / ssh exposes a backdoor added by attackers to ScreenOS source code. This has been there since August 2012. Noted code here.

The pair of issues that created the backdoor would allow anyone who knows about it to remotely log in to the firewall as an administrator, decrypt and spy on supposedly secure traffic, and then remove any trace of their activity. Obviously this is a Very Bad Thing, although Juniper claims it has not heard of any exploitation in the wild (which would be difficult, since no one knew it existed and attackers could hide their traces) so far.

Beyond sending IT people sprinting to patch and test their setups, now we can all speculate about which friendly group of state-sponsored attackers is responsible. US government officials have recently been pushing for mandated backdoor access to secure networks and services, but the Edward Snowden saga made clear that even our own country’s personnel aren’t always going to ask permission before snooping on any information they want to check out. I contacted Juniper Networks regarding the issue, but have not received a response at this time.

Update: A Juniper Networks spokesperson told us:

During a recent internal code review, Juniper discovered unauthorized code in ScreenOS® that could allow a knowledgeable attacker to gain administrative access and if they could monitor VPN traffic to decrypt that traffic. Once we identified these vulnerabilities, we launched an investigation and worked to develop and issue patched releases for the impacted devices. We also reached out to affected customers, strongly recommending that they update their systems and apply the patched releases with the highest priority.

The patched releases also address an SSH bug in ScreenOS that could allow an attacker to conduct DoS attacks against ScreenOS devices. These two issues are independent of each other.

Newly discovered hack has U.S. fearing foreign infiltration

Washington (CNN) A major breach at computer network company Juniper Networks has U.S. officials worried that hackers working for a foreign government were able to spy on the encrypted communications of the U.S. government and private companies for the past three years.

The FBI is investigating the breach, which involved hackers installing a back door on computer equipment, U.S. officials told CNN. Juniper disclosed the issue Thursday along with an emergency security patch that it urged customers to use to update their systems “with the highest priority.”

The concern, U.S. officials said, is that sophisticated hackers who compromised the equipment could use their access to get into any company or government agency that used it.

One U.S. official described it as akin to “stealing a master key to get into any government building.”

The breach is believed to be the work of a foreign government, U.S. officials said, because of the sophistication involved. The U.S. officials said they are certain U.S. spy agencies themselves aren’t behind the back door. China and Russia are among the top suspected governments, though officials cautioned the investigation hasn’t reached conclusions.

It’s not yet clear what if any classified information could be affected, but U.S. officials said the Juniper Networks equipment is so widely used that it may take some time to determine what damage was done.

A senior administration official told CNN, “We are aware of the vulnerabilities recently announced by Juniper. The Department of Homeland Security has been and remains in close touch with the company. The administration remains committed to enhancing our national cybersecurity by raising our cyber defenses, disrupting adversary activity, and effectively responding to incidents when they occur.”

Juniper Networks’ security fix is intended to seal a back door that hackers created in order to remotely log into commonly used VPN networks to spy on communications that were supposed to be among the most secure. A free trial vpn has been helpful for those new to the VPN world to decide if it is right for them.

Juniper said that someone managed to get into its systems and write “unauthorized code” that “could allow a knowledgeable attacker to gain administrative access.”

Such access would allow the hacker to monitor encrypted traffic on the computer network and decrypt communications.

Juniper sells computer network equipment and routers to big companies and to U.S. government clients such as the Defense Department, Justice Department, FBI and Treasury Department. On its website, the company boasts of providing networks that “US intelligence agencies require.”

Its routers and network equipment are widely used by corporations, including for secure communications. Homeland Security officials are now trying to determine how many such systems are in use for U.S. government networks.

Juniper said in its security alert that it wasn’t aware of any “malicious exploitation of these vulnerabilities.” However, the alert also said that attackers would leave behind no trace of their activity by removing security logs that would show a breach.

“Note that a skilled attacker would likely remove these entries from the log file, thus effectively eliminating any reliable signature that the device had been compromised,” the Juniper security alert said. If encrypted communications were being monitored, “There is no way to detect that this vulnerability was exploited,” according to the Juniper security alert.

According to a Juniper Networks spokeswoman’s statement, “Once we identified these vulnerabilities, we launched an investigation and worked to develop and issue patched releases for the impacted devices. We also reached out to affected customers, strongly recommending that they update their systems.”

U.S. officials said it’s not clear how the Juniper source code was altered, whether from an outside attack or someone inside.

The work to alter millions of lines of source code is sophisticated. The system was compromised for three years before Juniper uncovered it in a routine review in recent weeks.

Juniper said it was also issuing a security fix for a separate bug that could allow a hacker to launch denial-of-service attacks on networks.