An affordable price is probably the major benefit persuading people to buy drugs at www.americanbestpills.com. The cost of medications in Canadian drugstores is considerably lower than anywhere else simply because the medications here are oriented on international customers. In many cases, you will be able to cut your costs to a great extent and probably even save up a big fortune on your prescription drugs. What's more, pharmacies of Canada offer free-of-charge shipping, which is a convenient addition to all other benefits on offer. Cheap price is especially appealing to those users who are tight on a budget
Service Quality and Reputation
Although some believe that buying online is buying a pig in the poke, it is not. Canadian online pharmacies are excellent sources of information and are open for discussions. There one can read tons of users' feedback, where they share their experience of using a particular pharmacy, say what they like or do not like about the drugs and/or service. Reputable online pharmacy canadianrxon.com take this feedback into consideration and rely on it as a kind of expert advice, which helps them constantly improve they service and ensure that their clients buy safe and effective drugs. Last, but not least is their striving to attract professional doctors. As a result, users can directly contact a qualified doctor and ask whatever questions they have about a particular drug. Most likely, a doctor will ask several questions about the condition, for which the drug is going to be used. Based on this information, he or she will advise to use or not to use this medication.
Iranian hackers are trying to identify computer systems that control infrastructure in the United States, such as the electrical grid, presumably with an eye towards damaging those systems, according to a new report from a cyber security firm and a think tank in Washington, D.C.
The researchers from Norse, a cyber security company, and the American Enterprise Institute, a conservative think tank that has been skeptical of the Iranian nuclear agreement, found that Iranian hacking against the U.S. is increasing and that the lifting of economic sanctions as part of an international agreement over Iran’s nuclear program “will dramatically increase the resources Iran can put toward expanding its cyberattack infrastructure.”
What’s more, the current sanctions regime, which has helped to depress Iran’s economy, has not blunted the expansion of its cyber spying and warfare capabilities, the researchers conclude.
The technical data underlying the report’s conclusions, while voluminous, aren’t definitive, and they don’t answer a central question of whether Iran intends to attack the U.S. Using data collected from a network of Norse “sensors” around the world made to look like vulnerable computers, the researchers tracked what they say is a dramatic escalation in spying and attacks on the U.S. from hackers in Iran, including within the Iranian military. The researchers also traced hacking back to a technical university in Iran, as well as other institutions either run or heavily influenced by the Iranian regime.
“Iran is emerging as a significant cyber threat to the U.S. and its allies,” the report’s authors say. “The size and sophistication of the nation’s hacking capabilities have grown markedly over the last few years, and Iran has already penetrated well-defended networks in the U.S. and Saudi Arabia and seized and destroyed sensitive data.”
That assessment tracks with the view of U.S. intelligence officials, who’ve been alarmed by how quickly Iran has developed the capability to wreak havoc in cyberspace. In 2012, officials say that Iranian hackers were responsible for erasing information from 30,000 computers at Saudi Aramco, the state-owned oil and gas production facility, as well as a denial-of-service attack that forced the websites of major U.S. banks to shut down under a deluge of electronic traffic. Earlier this year, Director of National Intelligence James Clapper said that Iran was responsible for an attack on the Sands casino company in 2014, in which intruders stole and destroyed data from the company’s computers.
The Norse and AEI researchers found that Iran’s cyber capabilities, which U.S. officials and experts say have been growing rapidly since around 2009, have accelerated in the past year. Attacks launched from Iranian Internet addresses rose 128 percent between January 2013 and mid-March 2015, the researchers found. And the number of individual Norse sensors “hit” by Iranian Internet addresses increased 229 percent. All told, the researchers conclude that hackers using Iranian Internet addresses have “expended their attack infrastructure more than fivefold over the course of just 13 months.”
There’s little debate about among U.S. officials and experts that Iran poses a credible and growing danger online. But the technical data underlying Norse and AEI’s conclusions came into question when the report was released on Thursday.
The researchers relied on “scans” of Norse sensors that may indicate some interest by an Iranian hacker, but don’t prove his intent or that he was planning to damage a particular computer.
“They talk about ‘attacks,’ but what they really mean are ‘scans,” which is more ambiguous, Robert M. Lee, a PhD candidate at King’s College London who is researching industrial control systems, told The Daily Beast. Industrial control systems are the computers that help run critical infrastructure.
Essentially, Iranian hackers are casing a neighborhood, but that doesn’t necessarily mean they’re going to rob houses. Lee, who is also an active duty Air Force cyber warfare operations officer, said he agreed with the report’s assessment that Iran is building up its cyber forces and poses a threat. But the underlying technical data in the report doesn’t directly support that claim, he said. “They reached the right conclusions but for the wrong reasons,” Lee said.
The researchers didn’t find that Iran had successfully penetrated any industrial control systems and caused machinery to break down.
While the report concludes that Iran will use the sanctions relief to fuel its growing cyber warfare program, other researchers have suggested that Iran is likely to back off its most aggressive operations—like those against the Saudi oil company and U.S. banks—and will instead focus on cyber espionage that doesn’t cause physical damage.
“They’ll be far more targeted and careful,” Stuart McClure, the CEO and president of cybersecurity company Cylance, told The Daily Beast in a recent interview. Since the U.S. and its international partners reached a tentative agreement with Iran on its nuclear program earlier this month, Cylance hasn’t tracked any attacks by an Iranian hacker group that it has been monitoring and documented in an earlier report (PDF).
But Norse’s conclusions are generally supported by Cylance’s research, which found that Iran had actually penetrated systems controlling a range of critical infrastructure in the U.S., including oil and gas, energy and utilities, transportation, airlines, airports, hospitals, telecommunications, and aerospace companies. The company’s report on those intrusions, which it said was based on two years of research, also didn’t attribute any failures of critical infrastructure to those Iranian intrusions.
“A lot of the work [the Iranians] were doing was quite sloppy, almost to the point that they wanted to get caught,” McClure said. He speculated that the Iranians may have been trying to send a signal to the U.S. and their partners in the nuclear negotiations that they were capable of inflicting harm if they didn’t get a favorable deal. “Coming to the table and knowing your adversary is in your house influences the negotiation.”
Iran still has a way to go to join the ranks of the cyber superpowers. Its “cyberwarfare capabilities do not yet seem to rival those of Russia in skill, or ofChina in scale,” the Norse and AEI report finds. There is still a relatively small community of high-end hackers in the country, and the regime hasn’t been able to build as robust a tech infrastructure for launching attacks as other nations whose capabilities are more advanced, the researchers found.
The report identifies the Iranian government as responsible for the malicious activity, concluding that the traffic originated from organizations “controlled or influenced by the government” or moved over equipment that is known to be monitored and manipulated by Iran’s security services.
That claim is also likely to raise objection from technical experts, who generally demand more precise evidence to attribute a cyber operation to a specific actor.
“We are emphatically not suggesting that all malicious traffic emanating from Iran is government initiated or government-approved,” the researchers said. However, they argue “that the typical standards of proof for attributing malicious traffic to a specific source are unnecessarily high” in this case, given that so much of the traffic they observed traversed systems either owned, controlled, or spied on by the Iranian government.
That’s ironic: Earlier this year, when Obama administration officials declared publicly that North Korea was responsible for hacking Sony Pictures Entertainment, Norse was one of the most prominent skeptics, arguing that the government was relying on imprecise technical data and leaping to conclusions.
Norse said its own research suggested that a group of six individuals, including at least one disgruntled ex-Sony employee, was behind the assault, which humiliated Sony executives and led to threats of terrorist attacks over the release of The Interview.
But that theory was undermined in January when FBI Director James Comey took the unusual step of publicly declassifying information that, he said, definitively linked North Korea to the attack. Current and former U.S. intelligence officials also told The Daily Beast that they’d been tracking the hackers behind the Sony operation long before it was ever launched.
One hundred thirty websites are hosting malicious software on their websites in what the State Department is calling a sophisticated Russian cyber spying operation, according to security analysts.
“These websites include news services, foreign embassies and local businesses that were compromised by threat actors to serve as ‘watering holes,’” according to a report by the Overseas Security Advisory Council distributed this week. A watering hole is a hijacked website used by cyber attackers to deliver malware to unsuspecting victims.
“For example, users may navigate to one of these malicious sites with the intent of checking travel requirements or the status of a visa application and unknowingly download the embedded malware onto their computers,” the report said.
The report identified the locations of the compromised websites as the United States, South America, Europe, Asia, India and Australia.
The report appears to indicate Russian intelligence may be behind the operations. Also, none of the compromised websites are in China, an indication that Beijing’s hackers could be involved.
A total of 15 of the 130 websites used for watering holes were government embassy websites located in Washington, DC, and two were involved in passport and visa services and others are offering travel services.
The embassy targeting suggests some or all of the operations are linked to foreign intelligence services that are breaking into the networks as part of tracking and monitoring of foreign travel.
Another possibility is that the operation are part of information warfare efforts designed to influence policies and publics. Both Russia and China are engaged in significant strategic information operations targeting foreign governments and the private sector.
“The threat actors are likely attempting to gather information from entities with vested interests in international operations,” the report said. “Identified victims in this sector include embassies, defense industrial base groups, and think tanks.”
The report, based on data provided by the security firm iSight Partners, says the watering holes are likely part of cyber espionage operations.
“Analysis indicates this campaign has a global reach, continuing to target users of identified intelligence value long after the initial infection,” the report says.
The compromised websites are increasingly functioning as indirect malicious software attack tools. The compromised sites represent a different method than widely used spear phishing – the use of emails to trigger malicious software downloads.
“Rather than send a malicious email directly to a target of interest, threat actors research and compromise a high-traffic website that will likely be visited by numerous targets of interest,” the report said.
“Watering holes are effective, as they often exploit existing vulnerabilities on a user’s machine,” the report said. More sophisticated threat actors have been observed employing zero-day exploits – those which are previously unknown and evade antivirus and intrusion detection systems (IDS) to successfully compromise victims. Zero-days were used in the widely publicized Forbes.com watering hole in late 2014.”
The hijacked websites appear to be part of a campaign spanning 26 upper-level Internet domains and include affiliations with 21 nations and the European Union.
According to iSight, evidence suggests the campaign is “likely tied to cyber espionage operations with a nexus to the Russian Federation.”
The compromised government websites included those from Afghanistan, Iraq, Jordan, Namibia, Qatar and Zambia. The report recommended not visiting any of those embassy websites or risk being infected with malware.
Technically, the attackers arranged for computer users who visited the compromised websites to be infected with an embedded JavaScript that redirected users to a Google-shortened URL, and then on to websites the mapped their computer systems. This “profiling” is used by cyber spies to identify valuable targets and control that specific victims who are injected with a malware payload.
The profiling is used to identify targets that will produce “high intelligence value” returns, indicating sophisticated cyber spies are involved. The infection also employed a technique called the use of “evercookie” a derivative of the small files that are inserted on computers and can be used by remote servers to tailor information, such as advertisements, to specific user.
While normal cookies can be easily removed, evercookies store data in multiple locations, a method that makes them extremely difficult to find and removed. The use of evercookies also permits long-term exploitation by cyber attackers.
To counter watering hole attacks, users should make sure system and software security updates are applied, and avoid visiting suspicious websites.
In particular, network monitoring should be used to spot unusual activities, specifically geared toward attacks that exploit zero-day vulnerabilities.
“The threat of watering holes is likely to remain high, given their increasing popularity and success in the last year,” the report said.
The report, “Compromised Global Websites Target Unsuspecting Travelers,” was produced by OSAC’s Research & Information Support Center (RISC). It is available for OSAC members at osac.gov. *** But there is more.
SAN FRANCISCO (Reuters) – Hacking attacks that destroy rather than steal data or that manipulate equipment are far more prevalent than widely believed, according to a survey of critical infrastructure organizations throughout North and South America.
The poll by the Organization of American States, released on Tuesday, found that 40 percent of respondents had battled attempts to shut down their computer networks, 44 percent had dealt with bids to delete files and 54 percent had encountered “attempts to manipulate” their equipment through a control system.
Those figures are all the more remarkable because only 60 percent of the 575 respondents said they had detected any attempts to steal data, long considered the predominant hacking goal.
By far the best known destructive hacking attack on U.S. soil was the electronic assault last year on Sony Corp’s Sony Pictures Entertainment, which wiped data from the Hollywood fixture’s machines and rendered some of its internal networks inoperable.
The outcry over that breach, joined by President Barack Obama, heightened the perception that such destruction was an unusual extreme, albeit one that has been anticipated for years.
Destruction of data presents little technical challenge compared with penetrating a network, so the infrequency of publicized incidents has often been ascribed to a lack of motive for attackers.
Now that hacking tools are being spread more widely, however, more criminals, activists, spies and business rivals are experimenting with such methods.
“Everyone got outraged over Sony, but far more vulnerable are these services we depend on day to day,” said Adam Blackwell, secretary of multidimensional security at the Washington, D.C.-based group of 35 nations.
The survey went to companies and agencies in crucial sectors as defined by the OAS members. Almost a third of the respondents were public entities, with communications, security and finance being the most heavily represented industries.
The questions did not delve into detail, leaving the amount of typical losses from breaches and the motivations of suspected attackers as matters for speculation. The survey-takers were not asked whether the attempted hacks succeeded, and some attacks could have been carried off without their knowledge.
The survey did allow anonymous participants to provide a narrative of key events if they chose, although those will not be published.
Blackwell told Reuters that one story of destruction involved a financial institution. Hackers stole money from accounts and then deleted records to make it difficult to reconstruct which customers were entitled to what funds.
“That was a really important component” of the attack, Blackwell said.
In another case, thieves manipulated equipment in order to divert resources from a company in the petroleum industry.
Blackwell said that flat security budgets and uneven government involvement could mean that criminal thefts of resources, such as power, could force blackouts or other safety threats.
At security company Trend Micro Inc. , which compiled the report for the OAS, Chief Cybersecurity Officer Tom Kellermann said additional destructive or physical attacks came from political activists and organized crime groups.
“We are facing a clear and present danger where we have non-state actors willing to destroy things,” he said. “This is going to be the year we suffer a catastrophe in the hemisphere, and when you will see kinetic response to a threat actor.”
So-called “ransomware,” which encrypts data files and demands payment be sent to remote hackers, could also have been interpreted as destructive, since it often leaves information unrecoverable.
A spokesman for the U.S. Department of Homeland Security, SY Lee, said the department did not keep statistics on how often critical U.S. institutions are attacked or see destructive software and would not “speculate” on whether 4 out of 10 seeing deletion attempts would be alarming.
U.S. political leaders cite attacks on critical infrastructure as one of their greatest fears, and concerns about protecting essential manufacturers and service providers drove a recent executive order and proposed legislation to encourage greater information-sharing about threats between the private sector and government.
Yet actual destructive attacks or manipulation of equipment are infrequently revealed. That is in part because breach-disclosure laws in more than 40 states center on the potential risks to consumers from the theft of personal information, as with hacks of retailers including Home Depot Inc and Target Corp.
Under Securities and Exchange Commission guidelines, publicly traded companies must disclose breaches with a potential material financial impact, but many corporations can argue that even deletion of internal databases, theft and manipulation of equipment are not material.
Much more is occurring at vital facilities behind the scenes, and that is borne out by the OAS report, said Chris Blask, who chairs the public-private Information Sharing and Analysis Center for cybersecurity issues with the industrial control systems that automate power, manufacturing and other processes.
“I don’t think the public has any appreciation for the scale of attacks against industrial systems,” Blask said. “This happens all the time.”
The widespread global hacking goes unreported both by the victim and by the media. The depths of destruction are not only hard to measure but identifying the hack is just as difficult.
When hacking is visual for all the world to see, it becomes an epic event and more is expected. Hacking is dark, cheap, highly targeted and often leaves only traces that a full team of experts must investigate for months to find. Ask France.
PARIS // French television network TV5Monde was forced to broadcast only pre-recorded programmes on Thursday after an “unprecedented” hack by self-proclaimed ISIL militants, who also hijacked its websites and social networks.
The Paris-based company, whose programmes are broadcast in more than 200 countries worldwide, was the target of a cyberattack that is “unprecedented for us and unprecedented in the history of television,” TV5Monde boss Yves Bigot said.
“Since 5:00am, we have only been able to put out a single programme on all our channels. For the moment, we are unable to produce our own programmes. We won’t be back up until 2pm,” Mr Bigot added.
“When you work in television… and you find out that your 11 channels are down, of course that’s one of the most dreadful things that can happen to you,” he said.
The hackers took control of the station and its social media operations late Wednesday, blacking out the TV channels and posting documents on its Facebook page purporting to be the identity cards and CVs of relatives of French soldiers involved in anti-ISIIL operations, along with threats against the troops.
“Soldiers of France, stay away from the Islamic State! You have the chance to save your families, take advantage of it,” read one message on TV5Monde’s Facebook page. “The CyberCaliphate continues its cyberjihad against the enemies of Islamic State,” the message added.
TV5Monde regained control of its social networks by 2:00am on Thursday but television broadcasts were likely to take hours, if not days, to return to normal. The attack would have required weeks of preparation, Mr Bigot added.
Its website was still offline at 11am and displaying an “under maintenance” message.
Prime minister Manuel Valls said the hack was an “unacceptable attack on the freedom of information and expression”, voicing “total solidarity with the editorial staff.”
Senior government members flocked to the station to show their support, with interior minister Bernard Cazeneuve saying: “We are up against determined terrorists … we are determined to fight them.”
Foreign minister Laurent Fabius said: “Everything is being done to find those who carried this out, punish them, re-establish the programmes and prevent cyberterrorists threatening freedom of expression in the future.”
The hackers had accused French president Francois Hollande of committing “an unforgivable mistake” by getting involved in “a war that serves no purpose”.
“That’s why the French received the gifts of Charlie Hebdo and Hyper Cacher in January,” it said on the broadcaster’s Facebook page, referring to attacks by gunmen in Paris on the satirical magazine and Jewish supermarket that left 17 people dead over three days.
France is part of a US-led military coalition carrying out air strikes against ISIL in Iraq and Syria, where the jihadist group has seized swathes of territory and declared a “caliphate”.
Close to 1,500 French nationals have left France to join the militants’ ranks in Iraq and Syria, where they represent almost half the number of European fighters present, according to a report released last Wednesday by the French Senate.
Extremists have become increasingly adept at using the internet to spread propaganda and attack media outlets.
In February, the Twitter feed of Newsweek was briefly hacked and threats were made against president Barack Obama’s family.
And in the immediate aftermath of the Charlie Hebdo attacks, hackers claiming to be Islamists hijacked hundreds of French websites, flooding them with militant propaganda.
“We are putting out an emergency programme so that we’re not left with a black screen. We don’t have emails. The whole IT system is down,” TV5Monde’s human resources director, Jean Corneil, said.
So today there was a widespread power outage in Washington DC. The State Department, the Air and Space Museum, the Capitol building and even train stations were offline. Immediately officials came out early and said it was not terrorism.
Well that could depend on the definition of terrorism and who was behind it. Somehow the story turned to an explosion at a power station in Maryland. Humm, sounds like a hack of a portioned power grid, or does it? Even the White House is pointing to the Russians. Any other president would consider this an act of war.
Washington (CNN)Russian hackers behind the damaging cyber intrusion of the State Department in recent months used that perch to penetrate sensitive parts of the White House computer system, according to U.S. officials briefed on the investigation.
While the White House has said the breach only ever affected an unclassified system, that description belies the seriousness of the intrusion. The hackers had access to sensitive information such as real-time non-public details of the president’s schedule. While such information is not classified, it is still highly sensitive and prized by foreign intelligence agencies, U.S. officials say.
The White House in October said it noticed suspicious activity in the unclassified network that serves the executive office of the president. The system has been shut down periodically to allow for security upgrades.
The FBI, Secret Service and U.S. intelligence agencies are all involved in investigating the breach, which they consider among the most sophisticated attacks ever launched against U.S. government systems. The intrusion was routed through computers around the world, as hackers often do to hide their tracks, but investigators found tell-tale codes and other markers that they believe point to hackers working for the Russian government. A spokesman for the National Security Council declined to comment. Neither the U.S. State Department or the Russian immediately embassy responded to a request for comment.
To get to the White House, the hackers first broke into the State Department, investigators believe.
The State Department computer system has been bedeviled by signs that despite efforts to lock them out, the Russian hackers have been able to reenter the system. One official says the Russian hackers have “owned” the State Department system for months and it is not clear the hackers have been fully eradicated from the system.
As in many hacks, investigators believe the White House intrusion began with a phishing email that was launched using a State Department email account that the hackers had taken over, according to the U.S. officials.
Director of National Intelligence James Clapper, in a speech at an FBI cyberconference in January, warned government officials and private businesses to teach employees what “spear phishing” looks like.
“So many times, the Chinese and others get access to our systems just by pretending to be someone else and then asking for access, and someone gives it to them,” Clapper said.
The ferocity of the Russian intrusions in recent months caught U.S. officials by surprise, leading to a reassessment of the cybersecurity threat as the U.S. and Russia increasingly confront each other over issues ranging from the Russian aggression in Ukraine to the U.S. military operations in Syria.
The attacks on the State and White House systems is one reason why Clapper told a Senate hearing in February that the “Russian cyberthreat is more severe than we have previously assessed.”
The revelations about the State Department hacks also come amid controversy over former Secretary of State Hillary Clinton’s use of a private email server to conduct government business during her time in office. Critics say her private server likely was even less safe than the State system. The Russian breach is believed to have come after Clinton departed State.
But hackers have long made Clinton and her associates targets.
The website The Smoking Gun first reported in 2013 that a hacker known as Guccifer had broken into the AOL email of Sidney Blumenthal, a friend and advisor to the Clintons, and published emails Blumenthal sent to Hillary Clinton’s private account. The emails included sensitive memos on foreign policy issues and were the first public revelation of the existence of Hillary Clinton’s private email address now at the center of controversy: [email protected]. The address is no longer in use.
Starting in 1992, the Justice Department amassed logs of virtually all telephone calls from the USA to as many as 116 countries, a model for anti-terror surveillance after Sept. 11, 2001.
WASHINGTON — The U.S. government started keeping secret records of Americans’ international telephone calls nearly a decade before the Sept. 11 terrorist attacks, harvesting billions of calls in a program that provided a blueprint for the far broader National Security Agency surveillance that followed.
For more than two decades, the Justice Department and the Drug Enforcement Administration amassed logs of virtually all telephone calls from the USA to as many as 116 countries linked to drug trafficking, current and former officials involved with the operation said. The targeted countries changed over time but included Canada, Mexico and most of Central and South America.
Federal investigators used the call records to track drug cartels’ distribution networks in the USA, allowing agents to detect previously unknown trafficking rings and money handlers. They also used the records to help rule out foreign ties to the bombing in 1995 of a federal building in Oklahoma City and to identify U.S. suspects in a wide range of other investigations.
The Justice Department revealed in January that the DEA had collected data about calls to “designated foreign countries.” But the history and vast scale of that operation have not been disclosed until now.
The now-discontinued operation, carried out by the DEA’s intelligence arm, was the government’s first known effort to gather data on Americans in bulk, sweeping up records of telephone calls made by millions of U.S. citizens regardless of whether they were suspected of a crime. It was a model for the massive phone surveillance system the NSA launched to identify terrorists after the Sept. 11 attacks. That dragnet drew sharp criticism that the government had intruded too deeply into Americans’ privacy after former NSA contractor Edward Snowden leaked it to the news media two years ago.
More than a dozen current and former law enforcement and intelligence officials described the details of the Justice Department operation to USA TODAY. Most did so on the condition of anonymity because they were not authorized to publicly discuss the intelligence program, part of which remains classified.
The DEA program did not intercept the content of Americans’ calls, but the records — which numbers were dialed and when — allowed agents to map suspects’ communications and link them to troves of other police and intelligence data. At first, the drug agency did so with help from military computers and intelligence analysts.
That data collection was “one of the most important and effective Federal drug law enforcement initiatives,” the Justice Department said in a 1998 letter to Sprint asking the telecom giant to turn over its call records. The previously undisclosed letter was signed by the head of the department’s Narcotics and Dangerous Drugs Section, Mary Lee Warren, who wrote that the operation had “been approved at the highest levels of Federal law enforcement authority,” including then-Attorney General Janet Reno and her deputy, Eric Holder.
The data collection began in 1992 during the administration of President George H.W. Bush, nine years before his son, President George W. Bush, authorized the NSA to gather its own logs of Americans’ phone calls in 2001. It was approved by top Justice Department officials in four presidential administrations and detailed in occasional briefings to members of Congress but otherwise had little independent oversight, according to officials involved with running it.
The DEA used its data collection extensively and in ways that the NSA is now prohibited from doing. Agents gathered the records without court approval, searched them more often in a day than the spy agency does in a year and automatically linked the numbers the agency gathered to large electronic collections of investigative reports, domestic call records accumulated by its agents and intelligence data from overseas, it even use 800 numbers for business too!
The result was “a treasure trove of very important information on trafficking,” former DEA administrator Thomas Constantine said in an interview.
The extent of that surveillance alarmed privacy advocates, who questioned its legality. “This was aimed squarely at Americans,” said Mark Rumold, an attorney with the Electronic Frontier Foundation. “That’s very significant from a constitutional perspective.”
Holder halted the data collection in September 2013 amid the fallout from Snowden’s revelations about other surveillance programs. In its place, current and former officials said the drug agency sends telecom companies daily subpoenas for international calling records involving only phone numbers that agents suspect are linked to the drug trade or other crimes — sometimes a thousand or more numbers a day.
Tuesday, Justice Department spokesman Patrick Rodenbush said the DEA “is no longer collecting bulk telephony metadata from U.S. service providers.” A DEA spokesman declined to comment.
HARVESTING DATA TO BATTLE CARTELS
The DEA began assembling a data-gathering program in the 1980s as the government searched for new ways to battle Colombian drug cartels. Neither informants nor undercover agents had been enough to crack the cartels’ infrastructure. So the agency’s intelligence arm turned its attention to the groups’ communication networks.
Calling records – often called “toll records” – offered one way to do that. Toll records are comparable to what appears on a phone bill – the numbers a person dialed, the date and time of the call, its duration and how it was paid for. By then, DEA agents had decades of experience gathering toll records of people they suspected were linked to drug trafficking, albeit one person at a time. In the late 1980s and early 1990s, officials said the agency had little way to make sense of the data their agents accumulated and almost no ability to use them to ferret out new cartel connections. Some agents used legal pads.
“We were drowning in toll records,” a former intelligence official said.
The DEA asked the Pentagon for help. The military responded with a pair of supercomputers and intelligence analysts who had experience tracking the communication patterns of Soviet military units. “What they discovered was that the incident of a communication was perhaps as important as the content of a communication,” a former Justice Department official said.
The military installed the supercomputers on the fifth floor of the DEA’s headquarters, across from a shopping mall in Arlington, Va.
The system they built ultimately allowed the drug agency to stitch together huge collections of data to map trafficking and money laundering networks both overseas and within the USA. It allowed agents to link the call records its agents gathered domestically with calling data the DEA and intelligence agencies had acquired outside the USA. (In some cases, officials said the DEA paid employees of foreign telecom firms for copies of call logs and subscriber lists.) And it eventually allowed agents to cross-reference all of that against investigative reports from the DEA, FBI and Customs Service.
The result “produced major international investigations that allowed us to take some big people,” Constantine said, though he said he could not identify particular cases.
In 1989, President George H.W. Bush proposed in his first prime-time address using “sophisticated intelligence-gathering and Defense Department technology” to disrupt drug trafficking. Three years later, when violent crime rates were at record highs, the drug agency intensified its intelligence push, launching a “kingpin strategy” to attack drug cartels by going after their finances, leadership and communication.
THE START OF BULK COLLECTION
In 1992, in the last months of Bush’s administration, Attorney General William Barr and his chief criminal prosecutor, Robert Mueller, gave the DEA permission to collect a much larger set of phone data to feed into that intelligence operation.
Instead of simply asking phone companies for records about calls made by people suspected of drug crimes, the Justice Department began ordering telephone companies to turn over lists of all phone calls from the USA to countries where the government determined drug traffickers operated, current and former officials said.
Barr and Mueller declined to comment, as did Barr’s deputy, George Terwilliger III, though Terwilliger said, “It has been apparent for a long time in both the law enforcement and intelligence worlds that there is a tremendous value and need to collect certain metadata to support legitimate investigations.”
The data collection was known within the agency as USTO (a play on the fact that it tracked calls from the U.S. to other countries).
The DEA obtained those records using administrative subpoenas that allow the agency to collect records “relevant or material to” federal drug investigations. Officials acknowledged it was an expansive interpretation of that authority but one that was not likely to be challenged because unlike search warrants, DEA subpoenas do not require a judge’s approval. “We knew we were stretching the definition,” a former official involved in the process said.
Officials said a few telephone companies were reluctant to provide so much information, but none challenged the subpoenas in court. Those that hesitated received letters from the Justice Department urging them to comply.
After Sprint executives expressed reservations in 1998, for example, Warren, the head of the department’s drug section, responded with a letter telling the company that “the initiative has been determined to be legally appropriate” and that turning over the call data was “appropriate and required by law.” The letter said the data would be used by authorities “to focus scarce investigative resources by means of sophisticated pattern and link analysis.”
The letter did not name other telecom firms providing records to the DEA but did tell executives that “the arrangement with Sprint being sought by the DEA is by no means unique to Sprint” and that “major service providers have been eager to support and assist law enforcement within appropriate bounds.” Former officials said the operation included records from AT&T and other telecom companies.
A spokesman for AT&T declined to comment. Sprint spokeswoman Stephanie Vinge Walsh said only that “we do comply with all state and federal laws regarding law enforcement subpoenas.”
Agents said that when the data collection began, they sought to limit its use mainly to drug investigations and turned away requests for access from the FBI and the NSA. They allowed searches of the data in terrorism cases, including the bombing of a federal building in Oklahoma City that killed 168 people in 1995, helping to rule out theories linking the attack to foreign terrorists. They allowed even broader use after Sept. 11, 2001. The DEA’s public disclosure of its program in January came in the case of a man charged with violating U.S. export restrictions by trying to send electrical equipment to Iran.
At first, officials said the DEA gathered records only of calls to a handful of countries, focusing on Colombian drug cartels and their supply lines. Its reach grew quickly, and by the late 1990s, the DEA was logging “a massive number of calls,” said a former intelligence official who supervised the program.
Former officials said they could not recall the complete list of countries included in USTO, and the coverage changed over time. The Justice Department and DEA added countries to the list if officials could establish that they were home to outfits that produced or trafficked drugs or were involved in money laundering or other drug-related crimes.
The Justice Department warned when it disclosed the program in January that the list of countries should remain secret “to protect against any disruption to prospective law enforcement cooperation.”
At its peak, the operation gathered data on calls to 116 countries, an official involved in reviewing the list said. Two other officials said they did not recall the precise number of countries, but it was more than 100. That gave the collection a considerable sweep; the U.S. government recognizes a total of 195 countries.
At one time or another, officials said, the data collection covered most of the countries in Central and South America and the Caribbean, as well as others in western Africa, Europe and Asia. It included Afghanistan, Pakistan, Iran, Italy, Mexico and Canada.
The DEA often — though not always — notified foreign governments it was collecting call records, in part to make sure its agents would not be expelled if the program was discovered. In some cases, the DEA provided some of that information to foreign law enforcement agencies to help them build their own investigations, officials said.
The DEA did not have a real-time connection to phone companies’ data; instead, the companies regularly provided copies of their call logs, first on computer disks and later over a private network. Agents who used the system said the numbers they saw were seldom more than a few days old.
The database did not include callers’ names or other identifying data. Officials said agents often were able to identify individuals associated with telephone numbers flagged by the analysis, either by cross-referencing them against other databases or by sending follow-up requests to the phone companies.
To keep the program secret, the DEA sought not to use the information as evidence in criminal prosecutions or in its justification for warrants or other searches. Instead, its Special Operations Division passed the data to field agents as tips to help them find new targets or focus existing investigations, a process approved by Justice Department lawyers. Many of those tips were classified because the DEA phone searches drew on other intelligence data.
That practice sparked a furor when the Reuters news agency reported in 2013 that the DEA trained agents to conceal the sources of those tips from judges and defense lawyers. Reuters said the tips were based on wiretaps, foreign intelligence and a DEA database of telephone calls gathered through routine subpoenas and search warrants.
As a result, “the government short-circuited any debate about the legality and wisdom of putting the call records of millions of innocent people in the hands of the DEA,” American Civil Liberties Union lawyer Patrick Toomey said.
A BLUEPRINT FOR BROADER SURVEILLANCE
The NSA began collecting its own data on Americans’ phone calls within months of Sept. 11, 2001, as a way to identify potential terrorists within the USA. At first, it did so without court approval. In 2006, after The New York Times and USA TODAY began reporting on the surveillance program, President George W. Bush’s administration brought it under the Foreign Intelligence Surveillance Act, which allows the government to use secret court orders to get access to records relevant to national security investigations. Unlike the DEA, the NSA also gathered logs of calls within the USA.
The similarities between the NSA program and the DEA operation established a decade earlier are striking – too much so to have been a coincidence, people familiar with the programs said. Former NSA general counsel Stewart Baker said, “It’s very hard to see (the DEA operation) as anything other than the precursor” to the NSA’s terrorist surveillance.
Both operations relied on an expansive interpretation of the word “relevant,” for example — one that allowed the government to collect vast amounts of information on the premise that some tiny fraction of it would be useful to investigators. Both used similar internal safeguards, requiring analysts to certify that they had “reasonable articulable suspicion” – a comparatively low legal threshold – that a phone number was linked to a drug or intelligence case before they could query the records.
“The foundation of the NSA program was a mirror image of what we were doing,” said a former Justice Department official who helped oversee the surveillance. That official said he and others briefed NSA lawyers several times on the particulars of their surveillance program. Two former DEA officials also said the NSA had been briefed on the operation. The NSA declined to comment.
There were also significant differences.
For one thing, DEA analysts queried their data collection far more often. The NSA said analysts searched its telephone database only about 300 times in 2012; DEA analysts routinely performed that many searches in a day, former officials said. Beyond that, NSA analysts must have approval from a judge on the Foreign Intelligence Surveillance Court each time they want to search their own collection of phone metadata, and they do not automatically cross-reference it with other intelligence files.
Sen. Patrick Leahy, D-Vt., then the chairman of the Senate Judiciary Committee, complained last year to Holder that the DEA had been gathering phone data “in bulk” without judicial oversight. Officials said the DEA’s database was disclosed to judges only occasionally, in classified hearings.
Holder pulled the plug on the phone data collection in September 2013.
That summer, Snowden leaked a remarkable series of classified documents detailing some of the government’s most prized surveillance secrets, including the NSA’s logging of domestic phone calls and Internet traffic. Reuters and The New York Times raised questions about the drug agency’s own access to phone records.
Officials said the Justice Department told the DEA that it had determined it could not continue both surveillance programs, particularly because part of its justification for sweeping NSA surveillance was that it served national security interests, not ordinary policing. Eight months after USTO was halted, for example, department lawyers defended the spy agency’s phone dragnet in court partly on the grounds that it “serves special governmental needs above and beyond normal law enforcement.”
Three months after USTO was shut down, a review panel commissioned by President Obama urged Congress to bar the NSA from gathering telephone data on Americans in bulk. Not long after that, Obama instructed the NSA to get permission from the surveillance court before querying its phone data collection, a step the drug agency never was required to take.
The DEA stopped searching USTO in September 2013. Not long after that, it purged the database.
“It was made abundantly clear that they couldn’t defend both programs,” a former Justice Department official said. Others said Holder’s message was more direct. “He said he didn’t think we should have that information,” a former DEA official said.
By then, agents said USTO was suffering from diminishing returns. More criminals — especially the sophisticated cartel operatives the agency targeted — were communicating on Internet messaging systems that are harder for law enforcement to track.
Still, the shutdown took a toll, officials said. “It has had a major impact on investigations,” one former DEA official said.
The DEA asked the Justice Department to restart the surveillance program in December 2013. It withdrew that request when agents came up with a new solution. Every day, the agency assembles a list of the telephone numbers its agents suspect may be tied to drug trafficking. Each day, it sends electronic subpoenas — sometimes listing more than a thousand numbers — to telephone companies seeking logs of international telephone calls linked to those numbers, two official familiar with the program said.
The data collection that results is more targeted but slower and more expensive. Agents said it takes a day or more to pull together communication profiles that used to take minutes.
The White House proposed a similar approach for the NSA’s telephone surveillance program, which is set to expire June 1. That approach would halt the NSA’s bulk data collection but would give the spy agency the power to force companies to turn over records linked to particular telephone numbers, subject to a court order.