4 Million Federal Employees Hacked Months Ago

The Office of Personnel Management issued a warning today that all current and former federal employees may be the subject of hacking of personal data and security clearance information.

The Department of Homeland Security used a system called Einstein that determined the hack in April of 2015 but they did not reveal when the actual breach happened. Signs are pointing to China and the responsible country and it should be noted that Russia was responsible for an earlier breach of the IRS.

The Official Office of Personnel Management Press Release

Thursday, June 04, 2015 Contact: Sam Schumach
Tel: (202) 606-2402
OPM to Notify Employees of Cybersecurity Incident
WASHINGTON, DC – The U.S. Office of Personnel Management (OPM) has identified a cybersecurity incident potentially affecting personnel data for current and former federal employees, including personally identifiable information (PII).
Within the last year, the OPM has undertaken an aggressive effort to update its cybersecurity posture, adding numerous tools and capabilities to its networks.  As a result, in April 2015, OPM detected a cyber-intrusion affecting its information technology (IT) systems and data. The intrusion predated the adoption of the tougher security controls.
OPM has partnered with the U.S. Department of Homeland Security’s Computer Emergency Readiness Team (US-CERT) and the Federal Bureau of Investigation (FBI) to determine the full impact to Federal personnel. OPM continues to improve security for the sensitive information it manages and evaluates its IT security protocols on a continuous basis to protect sensitive data to the greatest extent possible. Since the intrusion, OPM has instituted additional network security precautions, including: restricting remote access for network administrators and restricting network administration functions remotely; a review of all connections to ensure that only legitimate business connections have access to the internet; and deploying anti-malware software across the environment to protect and prevent the deployment or execution of tools that could compromise the network.
As a result of the incident, OPM will send notifications to approximately 4 million individuals whose PII may have been compromised.  Since the investigation is on-going, additional PII exposures may come to light; in that case, OPM will conduct additional notifications as necessary.  In order to mitigate the risk of fraud and identity theft, OPM is offering credit report access, credit monitoring and identify theft insurance and recovery services to potentially affected individuals through CSID®, a company that specializes in these services.  This comprehensive, 18-month membership includes credit monitoring and $1 million in identity theft protection services at no cost to enrollees.
“Protecting our Federal employee data from malicious cyber incidents is of the highest priority at OPM,” said OPM Director Katherine Archuleta. “We take very seriously our responsibility to secure the information stored in our systems, and in coordination with our agency partners, our experienced team is constantly identifying opportunities to further protect the data with which we are entrusted.”
OPM has issued the following guidance to affected individuals:
Monitor financial account statements and immediately report any suspicious or unusual activity to financial institutions.
Request a free credit report at www.AnnualCreditReport.com or by calling 1-877-322-8228.  Consumers are entitled by law to one free credit report per year from each of the three major credit bureaus – Equifax®, Experian®, and TransUnion® – for a total of three reports every year.  Contact information for the credit bureaus can be found on the Federal Trade Commission (FTC) website, www.ftc.gov.
Review resources provided on the FTC identity theft website, www.identitytheft.gov.  The FTC maintains a variety of consumer publications providing comprehensive information on computer intrusions and identity theft.
You may place a fraud alert on your credit file to let creditors know to contact you before opening a new account in your name.  Simply call TransUnion® at 1-800-680-7289 to place this alert.  TransUnion® will then notify the other two credit bureaus on your behalf.
How to avoid being a victim:
Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information.  If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.
Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
Do not send sensitive information over the Internet before checking a website’s security (for more information, see Protecting Your Privacy, http://www.us-cert.gov/ncas/tips/ST04-013).
Pay attention to the URL of a website.  Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly.  Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information.  Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group (http://www.antiphishing.org).
Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic (for more information, see Understanding Firewalls, http://www.us-cert.gov/ncas/tips/ST04-004; Understanding Anti-Virus Software, http://www.us-cert.gov/ncas/tips/ST04-005; and Reducing Spam, http://www.us-cert.gov/ncas/tips/ST04-007).
Take advantage of any anti-phishing features offered by your email client and web browser.
Employees should take steps to monitor their personally identifiable information and report any suspected instances of identity theft to the FBI’s Internet Crime Complaint Center at www.ic3.gov.
Potentially affected individuals can obtain additional information about the steps they can take to avoid identity theft from the following agencies. The FTC also encourages those who discover that their information has been misused to file a complaint with them.

 

What is Missing from the TPP? Reward Offered

If The TPP is Such a Great Idea, Why Keep it a Secret?

The Obama Administration has been pressuring members of Congress to pass the bill that will give President Obama the “fast track”  authority to negotiate the Trans-Pacific Partnership(TPP) agreement without any debate in Congress.  Fast track authority would not allow for any amendments and the bill would remain secret until just before it is voted on.

“President Obama is currently pressing members of Congress to pass Fast-Track authority for a trade and investment agreement called the Trans-Pacific Partnership (TPP). If Fast Track passes, it means that Congress must approve or deny the TPP with minimal debate and no amendments. Astonishingly, our lawmakers have not seen the agreement they are being asked to expedite.” Nation of Change

This trade agreement, like previous international trade agreements, like NAFTA, is not a partisan issue.  On just about every other piece of legislation that the Obama Administration has introduced to Congress, the Republican majority has stood fast against it.  However, in this instance, Congress appears to be strangely united in its efforts to pass a secret bill that they have not even been allowed to read.  More important details here.

WikiLeaks issues call for $100,000 bounty on monster trade treaty

Today WikiLeaks has launched a campaign to crowd-source a $100,000 reward for America’s Most Wanted Secret: the Trans-Pacific Partnership Agreement (TPP). One chapter is found here.

Over the last two years WikiLeaks has published three chapters of this super-secret global deal, despite unprecedented efforts by negotiating governments to keep it under wraps. US Senator Elizabeth Warren has said

“[They] can’t make this deal public because if the American people saw what was in it, they would be opposed to it.”

The remaining 26 chapters of the deal are closely held by negotiators and the big corporations that have been given privilleged access. Today, WikiLeaks is taking steps to bring about the public’s rightful access to the missing chapters of this monster trade pact.

The TPP is the largest agreement of its kind in history: a multi-trillion dollar international treaty being negotiated in secret by the US, Japan, Mexico, Canada, Australia and 7 other countries. The treaty aims to create a new international legal regime that will allow transnational corporations to bypass domestic courts, evade environmental protections, police the internet on behalf of the content industry, limit the availability of affordable generic medicines, and drastically curtail each country’s legislative sovereignty.

The TPP bounty also heralds the launch of WikiLeaks new competition system, which allows the public to pledge prizes towards each of the world’s most wanted leaks. For example, members of the public can now pledge on the missing chapters of the TPP.

WikiLeaks founder Julian Assange said,

“The transparency clock has run out on the TPP. No more secrecy. No more excuses. Let’s open the TPP once and for all.”

Note: The TPP is also noteworthy as the icebreaker agreement for the giant proposed ’T-treaty triad’ of TPP-TISA-TTIP which extends TPP style rules to 53 nations, 1.6 billion people and 2/3rds of the global economy.

See https://wikileaks.org/pledge/

Skies are Filled with FBI Aircraft

After a little more digging on this story, the tail numbers for the aircraft and additional details are found here.

More surveillance operations in those clouds above and they belong to the FBI even though there are alias names in front companies managing those aircrafts.

The FBI has under the ‘critical incident response group’ a fleet of aircraft. An inspector general has performed an audit of the division complete with redactions. Considering legitimacy of the program, then why the redactions and the fake companies and forged signatures?

FBI Runs Secret Air Force Posing As Fake Companies To Spy On U.S. Cities

WASHINGTON (AP) — The FBI is operating a small air force with scores of low-flying planes across the country carrying video and, at times, cellphone surveillance technology — all hidden behind fictitious companies that are fronts for the government, The Associated Press has learned.

The planes’ surveillance equipment is generally used without a judge’s approval, and the FBI said the flights are used for specific, ongoing investigations. In a recent 30-day period, the agency flew above more than 30 cities in 11 states across the country, an AP review found.

Aerial surveillance represents a changing frontier for law enforcement, providing what the government maintains is an important tool in criminal, terrorism or intelligence probes. But the program raises questions about whether there should be updated policies protecting civil liberties as new technologies pose intrusive opportunities for government spying.

U.S. law enforcement officials confirmed for the first time the wide-scale use of the aircraft, which the AP traced to at least 13 fake companies, such as FVX Research, KQM Aviation, NBR Aviation and PXW Services. Even basic aspects of the program are withheld from the public in censored versions of official reports from the Justice Department’s inspector general.

“The FBI’s aviation program is not secret,” spokesman Christopher Allen said in a statement. “Specific aircraft and their capabilities are protected for operational security purposes.” Allen added that the FBI’s planes “are not equipped, designed or used for bulk collection activities or mass surveillance.”

But the planes can capture video of unrelated criminal activity on the ground that could be handed over for prosecutions.

Some of the aircraft can also be equipped with technology that can identify thousands of people below through the cellphones they carry, even if they’re not making a call or in public. Officials said that practice, which mimics cell towers and gets phones to reveal basic subscriber information, is rare.

Details confirmed by the FBI track closely with published reports since at least 2003 that a government surveillance program might be behind suspicious-looking planes slowly circling neighborhoods. The AP traced at least 50 aircraft back to the FBI, and identified more than 100 flights since late April orbiting both major cities and rural areas.

One of the planes, photographed in flight last week by the AP in northern Virginia, bristled with unusual antennas under its fuselage and a camera on its left side. A federal budget document from 2010 mentioned at least 115 planes, including 90 Cessna aircraft, in the FBI’s surveillance fleet.

The FBI also occasionally helps local police with aerial support, such as during the recent disturbance in Baltimore that followed the death of 25-year-old Freddie Gray, who sustained grievous injuries while in police custody. Those types of requests are reviewed by senior FBI officials.

The surveillance flights comply with agency rules, an FBI spokesman said. Those rules, which are heavily redacted in publicly available documents, limit the types of equipment the agency can use, as well as the justifications and duration of the surveillance.

Details about the flights come as the Justice Department seeks to navigate privacy concerns arising from aerial surveillance by unmanned aircrafts, or drones. President Barack Obama has said he welcomes a debate on government surveillance, and has called for more transparency about spying in the wake of disclosures about classified programs.

“These are not your grandparents’ surveillance aircraft,” said Jay Stanley, a senior policy analyst with the American Civil Liberties Union, calling the flights significant “if the federal government is maintaining a fleet of aircraft whose purpose is to circle over American cities, especially with the technology we know can be attached to those aircraft.”

During the past few weeks, the AP tracked planes from the FBI’s fleet on more than 100 flights over at least 11 states plus the District of Columbia, most with Cessna 182T Skylane aircraft. These included parts of Houston, Phoenix, Seattle, Chicago, Boston, Minneapolis and Southern California.

Evolving technology can record higher-quality video from long distances, even at night, and can capture certain identifying information from cellphones using a device known as a “cell-site simulator” — or Stingray, to use one of the product’s brand names. These can trick pinpointed cellphones into revealing identification numbers of subscribers, including those not suspected of a crime.

Officials say cellphone surveillance is rare, although the AP found in recent weeks FBI flights orbiting large, enclosed buildings for extended periods where aerial photography would be less effective than electronic signals collection. Those included above Ronald Reagan Washington National Airport and the Mall of America in Bloomington, Minnesota.

After The Washington Post revealed flights by two planes circling over Baltimore in early May, the AP began analyzing detailed flight data and aircraft-ownership registrations that shared similar addresses and flight patterns. That review found some FBI missions circled above at least 40,000 residents during a single flight over Anaheim, California, in late May, according to Census data and records provided by the website FlightRadar24.com.

Most flight patterns occurred in counter-clockwise orbits up to several miles wide and roughly one mile above the ground at slow speeds. A 2003 newsletter from the company FLIR Systems Inc., which makes camera technology such as seen on the planes, described flying slowly in left-handed patterns.

“Aircraft surveillance has become an indispensable intelligence collection and investigative technique which serves as a force multiplier to the ground teams,” the FBI said in 2009 when it asked Congress for $5.1 million for the program.

Recently, independent journalists and websites have cited companies traced to post office boxes in Virginia, including one shared with the Justice Department. The AP analyzed similar data since early May, while also drawing upon aircraft registration documents, business records and interviews with U.S. officials to understand the scope of the operations.

The FBI asked the AP not to disclose the names of the fake companies it uncovered, saying that would saddle taxpayers with the expense of creating new cover companies to shield the government’s involvement, and could endanger the planes and integrity of the surveillance missions. The AP declined the FBI’s request because the companies’ names — as well as common addresses linked to the Justice Department — are listed on public documents and in government databases.

At least 13 front companies that AP identified being actively used by the FBI are registered to post office boxes in Bristow, Virginia, which is near a regional airport used for private and charter flights. Only one of them appears in state business records.

Included on most aircraft registrations is a mysterious name, Robert Lindley. He is listed as chief executive and has at least three distinct signatures among the companies. Two documents include a signature for Robert Taylor, which is strikingly similar to one of Lindley’s three handwriting patterns.

The FBI would not say whether Lindley is a U.S. government employee. The AP unsuccessfully tried to reach Lindley at phone numbers registered to people of the same name in the Washington area since Monday.

Law enforcement officials said Justice Department lawyers approved the decision to create fictitious companies to protect the flights’ operational security and that the Federal Aviation Administration was aware of the practice. One of the Lindley-headed companies shares a post office box openly used by the Justice Department.

Such elusive practices have endured for decades. A 1990 report by the then-General Accounting Office noted that, in July 1988, the FBI had moved its “headquarters-operated” aircraft into a company that wasn’t publicly linked to the bureau.

The FBI does not generally obtain warrants to record video from its planes of people moving outside in the open, but it also said that under a new policy it has recently begun obtaining court orders to use cell-site simulators. The Obama administration had until recently been directing local authorities through secret agreements not to reveal their own use of the devices, even encouraging prosecutors to drop cases rather than disclose the technology’s use in open court.

A Justice Department memo last month also expressly barred its component law enforcement agencies from using unmanned drones “solely for the purpose of monitoring activities protected by the First Amendment” and said they are to be used only in connection with authorized investigations and activities. A department spokeswoman said the policy applied only to unmanned aircraft systems rather than piloted airplanes.

 

Lone Wolves vs. QRF vs. Patriot Act

In the news is the discussion of terminating parts of the Patriot Act and key uses the NSA was using. While having parts of the Patriot Act go dark is a good thing to protect our granted privacy rights, there is one section that will go dark and that is part in parcel the ‘lone-wolf’ section.

The condition or phenomenon known as lone wolf is a matter that needs some further attention as most recent attacks have been performed by units of lone wolves.  Such was the case of Major Nidal Hassan, the Ft. Hood shooter as the recent case in Garland, Texas. Others include the attacks in Paris and in Australia.
It is suggested that you take the time to watch this video and continue the debate.

 

As it relates to the Patriot Act and up for debate is shown below:

Lone Wolf.

A Summary by Mary DeRosa

Section 6001 of the Intelligence Reform and Terrorism Prevention Act of 2004, known as the “lone wolf” amendment, broadens FISA to allow surveillance of a new category of individuals. The provision amends FISA’s definition of “agent of a foreign power” to include any person, other than a U.S. person, who “engages in international terrorism or activities in preparation therefore.” Previously, that definition required a nexus to a foreign power or entity, such as a foreign government or an international terrorist organization. The expanded definition allows the government to use FISA for surveillance of a non-U.S. person who has no known ties to a group or entity. Congress passed this “lone wolf” provision because it was concerned that the previous FISA definitions did not cover unaffiliated individuals—or those for whom no affiliation can be established—who nonetheless engage or are preparing to engage in international terrorism.

The standards and procedures for FISA collection are different, more secretive, and in some cases less rigorous than those for law enforcement surveillance. But FISA is limited by its requirement that the target of surveillance be a foreign power or its agent. After this “lone wolf” provision, a target can be considered an “agent of a foreign power” without any evidence that they are acting with a group. But there must be probable cause that the target is engaging or preparing to engage in “international terrorism,” which FISA defines to be activities that involve violent, criminal acts intended to intimidate or coerce a population or a government and that occur totally outside of the United States or transcend national boundaries.

Section 6001(b) of the Intelligence Reform Act subjects the “lone wolf” amendment to the PATRIOT Act’s sunset provision. Therefore, unless reauthorized, the expanded authority will expire on December 31, 2005.

Targeting the Loosely-Affiliated Terrorist
by Michael J. Woods

Critics of FISA’s new “lone wolf’ provision argue it is a dangerous expansion of authority, allowing the application of FISA to individuals lacking any connection to foreign powers. The language actually enacted, however, integrates a definition of “international terrorism’ that preserves a sufficiently strong foreign nexus requirement. Therefore, the statute’s parts, taken together and read in context, contain adequate safeguards to ensure that the lone wolf provision will be used against its intended targets—international terrorists.

Before the lone wolf provision, there were two principal paths to obtain FISA surveillance of an international terrorist: first, by demonstrating probable cause that the target acts in the U.S. as a “member’ of an international terrorist group (found in FISA section 101(b)(1)(A)); and second, by demonstrating probable cause that the target “knowingly engages in sabotage or international terrorism, or activities that are in preparation therefor, for or on behalf of a foreign power’ (section 101(b)(2)(C)). The first option is difficult to establish given the informality of terrorist organizations and is not available where the target is a U.S. person. The second is the stock from which the present “lone wolf’ provision is cut, and provides the conceptual foundation for the new provision.

The legislative history of those two original FISA provisions, found primarily in House Report 95-1283, Senate Report 95-701 and House Conference Report 95-1720, reveals that the drafters’ chief concern here was to avoid application of the FISA to purely domestic terrorists or political dissidents. Congress was reacting to the Supreme Court’s 1972 holding in United States v. United States District Court (found at 407 U.S. 297, and commonly called the “Keith case’) that “domestic security surveillance’ was subject to the warrant and reasonableness requirements of the Fourth Amendment. The group at issue in Keith was a radical organization (the White Panther Party) that had bombed a number of federal facilities to draw attention to the group’s domestic social/political agenda. (See The Court Legacy, Vol. XI, No. 4 (Nov. 2003).) The Court emphasized that its Keith holding addressed only “the domestic aspects of national security’ and did not reach “the activities of foreign powers or their agents.’ FISA was the legislative approach to the area beyond Keith: the field of foreign intelligence surveillance. In addressing terrorism as a national security threat, the FISA drafters needed to draw a line between the purely domestic variety covered by the Keith ruling, and the activities of international terrorist organizations (which could take place in the United States).

 

Surveillance State, Your Touch and Your Smartphone

There was a Rand Paul filibuster last week over the NSA broad sweep of citizen’s private affairs. Senator Paul does have a major point in his efforts to protect our privacy yet to what ends when it comes to national security? He pledges to take the matter of the vote on the NSA to see the Patriot Act end.

There is yet another piece of legislation that is important to understand. The USA Freedom Act. In part:

Uniting and Strengthening America by Fulfilling Rights and Ending Eavesdropping, Dragnet Collection, and Online Monitoring Act

H.R. 3361/ S. 1599

Purpose:  To rein in the dragnet collection of data by the National Security Agency (NSA) and other government agencies, increase transparency of the Foreign Intelligence Surveillance Court (FISC), provide businesses the ability to release information regarding FISA requests, and create an independent constitutional advocate to argue cases before the FISC.

End bulk collection of Americans’ communications records

• The USA Freedom Act ends bulk collection under Section 215 of the Patriot Act.
• The bill would strengthen the prohibition on “reverse targeting” of Americans—that is, targeting a foreigner with the goal of obtaining communications involving an American.
• The bill requires the government to more aggressively filter and discard information about Americans accidentally collected through PRISM and related programs.

Reform the Foreign Intelligence Surveillance Court

• The USA Freedom Act creates an Office of the Special Advocate (OSA) tasked with promoting privacy interests before the FISA court’s closed proceedings. The OSA will have the authority to appeal decisions of the FISA court.
• The bill creates new and more robust reporting requirements to ensure that Congress is aware of actions by the FISC and intelligence community as a whole.
• The bill would grant the Privacy and Civil Liberties Oversight  Board subpoena authority to investigate issues related to privacy and national security.

Increase Transparency

• The USA Freedom Act would end secret laws by requiring the Attorney General to publicly disclose all FISC decisions issued after July 10, 2003 that contain a significant construction or interpretation of law.
• Under the bill, Internet and telecom companies would be allowed to publicly report an estimate of (1) the number of FISA orders and national security letters received, (2) the number of such orders and letters complied with, and (3) the number of users or accounts on whom information was demanded under the orders and letters.
• The bill would require the government to make annual or semiannual public reports estimating the total number of individuals and U.S. persons that were subject to FISA orders authorizing electronic surveillance, pen/trap devices, and access to business records.

DONT APPLAUD JUST YET…this next introduction of technology is very chilling. When does it all stop with surveillance?

NSA will Track Your Smartphone Finger Strokes

Smartphone technology built by Lockheed Martin promises to verify a user’s identity based on the swiftness and shape of the individual’s finger strokes on a touch screen. The mobile device feature, created by Lockheed Martin, verifies a user’s identity based on the swiftness and shape of the individual’s finger strokes on a touch screen. The technology is but one incarnation of handwriting-motion recognition, sometimes called “dynamic signature” biometrics, that has roots in the Air Force. “Nobody else has the same strokes,” said John Mears, senior fellow for Lockheed IT and Security Solutions. “People can forge your handwriting in two dimensions, but they couldn’t forge it in three or four dimensions. Three is the pressure you put in, in addition to the two dimensions on the paper. The fourth dimension is time. The most advanced handwriting-type authentication tracks you in four dimensions.”  The biometric factors measured by Lockheed’s technology, dubbed “Mandrake,” are speed, acceleration and the curve of an individual’s strokes. “We’ve done work with the NSA with that for secure gesture authentication as a technique for using smartphones,” Mears said. “They are actually able to use it.” According to Defense One . Lockheed officials said they do not know how or if the agency has operationally deployed the Mandrake smartphone doodling-recognition tool. The company also is the architect of the FBI’s recently completed $1 billion facial, fingerprint, palm print, retina scan and tattoo image biometric ID system. That project, called the Next Generation Identification system, could tie in voice and “gait matching” (how a person walks) in the future, the bureau has said. Mandrake potentially might be useful for emergency responders who often do not have the time or capability to access an incident command website, Mears said.