Category Archives: U.S. Constitution

Can FBI Investigate the Director of CIA over Private Emails?

Posted on by

There have been countless top agency people within the Obama administration that have violated law, procedures and even a White House directive regarding use of private emails and violations of communications security and operational security.

First we came to know about Lisa Jackson, Secretary of the EPA, then there was Eric Holder himself, while he was the top lawyer at the Department of Justice. Hillary and her server operation made an art of violating all protocols, but now John Brennan appears to be the next one in line where the FBI needs to open an investigation case. Is that possible? Has anyone asked Department of Homeland Security Secretary Jeh Johnson about his use of private emails? How about a massive campaign where every administration official has to sign a compliance document, then take a polygraph, then be terminated for violations? Imagine…..just imagine the fallout. If for nothing else, these people should lose their respective security clearances, this is dereliction of duty and malfeasance, much less a violation of Oath.

Hackers release info on Obama’s national security transition team

by: Aaron Boyd 

The slow drip of information allegedly stolen from CIA Director John Brennan’s personal email account continues to find its way onto WikiLeaks, with a list of personal information about 20 members of President Obama’s transition team added to the leak in the most recent post on Oct. 26.

The list — which includes names, personal emails, phone numbers, Social Security numbers and more — was originally posted to Twitter by user @_CWA_ on Oct. 19, however the account was quickly suspended and the post removed.

After the Twitter account was shut down, “Crackas With Attitude” — the duo claiming to have perpetrated the hack — began slowly posting the information to WikiLeaks. The third and latest dump came on Oct. 26, including the list and the dossier of a FBI agent in the counterterrorism division.

The list posted Monday mostly includes names of former intelligence and national security officials, some of whom served under President George W. Bush and some who served or currently serve under President Barack Obama, including Homeland Security Secretary Jeh Johnson.

The names have something else in common, as well.

All of the people listed were part of the Obama administration’s transition team, with most of them serving on the National Security Team. The team members listed covered the Defense Department, DHS, CIA and Office of the Director of National Intelligence.

Only three names advised on other aspects of the transition but Federal Times confirmed that everyone whose information was exposed served in some capacity.

The document was created (or most recently updated) on Nov. 16, 2008, according to the associated metadata.

The breadth of the release is minor compared to the high-profile breach of the Office of Personnel Management last year but the implications are still serious, especially as this information was released publicly on the Internet.

“It’s a pretty serious proposition to have any of that information out there,” said Marcus Christian, a former federal prosecutor and current partner with the law firm of Mayer Brown’s cybersecurity and data privacy practice.

While the perpetrators reportedly used social engineering to trick a helpline support employee into changing Brennan’s account password, the subsequent exfiltration of data and postings online still constitute a cyber crime, Christian said.

“Often times we look to the technological solution [for cybersecurity] but often times the problem — no matter how intricate and hardened we think our technology happens to be — there’s always some weakness,” he said, including the human element.

If the perpetrators are caught, Christian expects they could be prosecuted under a combination of the Computer Fraud and Abuse Act and federal Aggravated Identity Theft statutes, with the latter carrying a two-year mandatory minimum sentence.

MI5 and the FBI: Terrorists on Twitter-Social Media

Posted on by

Twitter is the least cooperative technology company calling terrorists on the internet ‘freedom fighters. This was revealed in testimony this week.

Twitter has come under criticism from some analysts who say the social media company has failed to swiftly remove accounts that recruit potential terrorists and incite violence, raising concerns that the United States has not done enough to combat the Islamic State’s rapid expansion of its propaganda operations online.

Mark Wallace, CEO of the Counter Extremism Project, said on Wednesday that the Islamic State (also known as ISIS or ISIL) terrorist group has effectively used social media sites such as Twitter to propagandize and radicalize individuals, including Americans. His nonprofit project recently chronicled 66 U.S. citizens who are accused of joining or attempting to join the Islamic State, plotting attacks in the United States, providing financial support to extremist groups, or disseminating radical propaganda.

“These individuals have very different backgrounds and experiences, but the one characteristic they seem to share is active participation on social media,” he said in testimony to the House Committee on Oversight and Government Reform.

The terror group known as Islamic State or Daesh has deployed and exploited unprescendented use of social media, where the effectiveness is beyond definition. Intelligence agencies in the West are grappling with solutions pushing the protections of free speech and use of the internet.

In part from Newsweek: The head of Britain’s internal counter-intelligence service MI5, has warned that ISIS and other extremist groups “continue to aspire to mass casualty attacks against the U.K.” and that an increasing proportion of their communication online and via encrypted channels is out of reach of Britain’s security services.

“All of this means the threat we are facing today is on a scale and at a tempo that I have not seen before in my career,” Andrew Parker said in his keynote speech made at a lord mayor’s event in London on Wednesday night.
Parker also warned of the “three-dimensional threat” that ISIS pose—at home, overseas and online. “We are seeing plots against the U.K. directed by terrorists in Syria; enabled through contacts with terrorists in Syria; and inspired online by Isil’s [ISIS] sophisticated exploitation of technology.”

Parker said MI5 must evolve its activities in order to combat modern threats, and emphasized that the agency’s ability to intercept communications has “been a key component in MI5’s toolbox throughout our history.”

The MI5 boss said he imagined the forthcoming defence review would garner more public interest than previous debates on similar matters. “But I hope that the public debate will be a mature one, ” he added. “Informed by the three independent reviews, and not characterized by ill-informed accusations of ‘mass surveillance’, or other such lazy two-worded tags.”

When it comes to the very similar requests by FBI Director, James Comey, his pleas are in earnest yet, tech companies and the U.S. Constitution actually prevent some actions due to the 1st Amendment. It is a slippery slope for both sides.

FBI Director James Comey called for a national conversation about how far tech companies should be allowed to go in applying encryption to their devices, saying law enforcement faces growing and overlapping challenges in accessing data needed to prosecute crimes.

During a speech at the Brookings Institution Thursday, Comey said the new forms of encryption being developed for mobile devices, as well as the rapid growth of the devices themselves, make it tough for the FBI to keep up with ways criminals can “go dark.”

“With going dark, those of us in law enforcement and public safety have a major fear of missing out,” Comey said. “Missing out on predators who exploit the most vulnerable among us; missing out on violent criminals who target our communities; missing out on a terrorist cell using social media to recruit, plan and execute an attack. We have seen case after case — from homicides and car crashes to drug trafficking, domestic abuse and child exploitation — where critical evidence came from smartphones, hard drives and online communication.”

To advance the discussion, Congress is holding hearings with counter-terrorism experts and they too make a compelling argument siding with Comey.

Refugees in America Before those in Europe

Posted on by

We watch in horror the refugee crisis in Europe and the stories are terrifying but for a deeper argument, it has been going on here in America for decades so the slow flow of migrants is not a robust as that currently in Europe.

What is more, global leaders are in full discussion on several tracks including how to find housing, medical care, schools, jobs, transportation and more. Additionally, big talks are underway to create a safe zone for Syrians in their home country. Well, the argument can be made there are at least two of them in Jordan and Turkey now….creating one in Syria? How about creating zones in respective countries in Central America?

Refugee crisis grows in Central America as women ‘run for their lives’

Women and children are increasingly fleeing gang violence in Mexico and Central America in hopes of reaching the US, says new UNHCR report

Thousands of women flee their homes in parts of Central America and Mexico each year to escape armed gangs and domestic violence and seek refuge in the United States, a flow that is becoming a refugee crisis, the UN refugee agency says.

The number of women, some with children, fleeing rampant gang violence in parts of Mexico, and the Northern Triangle region of El Salvador, Honduras and Guatemala, is rising, the UNHCR said in a report published on Wednesday.

More than 66,000 children travelled with their families or alone from the Northern Triangle region – which has the world’s highest murder rates – to the United States in 2014.

More unaccompanied children from the Northern Triangle and Mexico reached the United States in August than in the same month last year, the US government said.

“With authorities often unable to curb the violence and provide redress, many vulnerable women are left with no choice but to run for their lives,” Antonio Guterres, head of the UN refugee agency (UNHCR), said in the report.

While attention is focused on the hundreds of thousands of people fleeing to Europe from countries such as Syria and Iraq, a new refugee crisis is taking shape in Central America, the UNHCR warned.

“The dramatic refugee crises we are witnessing in the world today are not confined to the Middle East or Africa,” Guterres said in a statement. “We are seeing another refugee situation unfolding in the Americas.“

The UNHCR said it had recorded a nearly five-fold increase in asylum seekers arriving in the United States from the Northern Triangle since 2008. In 2014, 40,000 people from these countries and Mexico applied for asylum in the United States.

The UNHCR report includes 160 interviews with women who had fled their homes in the Northern Triangle region and Mexico and travelled to the United States. After crossing the border illegally, they were detained and placed in detention centres.

All the women interviewed had either been recognised as refugees or been screened by US authorities, “and determined to have a credible or reasonable fear of persecution or torture”, the report said.

One 17-year-old Salvadorean girl called Norma says she was gang raped by three members of the notorious M18 gang in a cemetery in late 2014. She said she was targeted because she was married to a police officer.

“They took their turns … they tied me by the hands. They stuffed my mouth so I would not scream,” Norma is quoted as saying in the report. Then “they threw me in the trash”.

Nearly two-thirds of the women said threats and attacks by armed criminal gangs, including rape, killings, forced recruitment of their children and extortion payments, were among the main reasons why they left their home countries.

“The increasing reach of criminal armed groups, often amounting to de facto control over territory and people, has surpassed the capacity of governments in the region to respond,” the report said.

US government figures show that 82% of 16,077 women from the Northern Triangle region and Mexico interviewed by US authorities in the last year were found to have a credible fear of persecution or torture and were allowed to pursue their claims for asylum in the United States.

Violence at the hands of abusive husbands and partners, including rape and beatings with baseball bats, was another key reason why women were fleeing their homes.

“Unable to secure state protection, many women cited domestic violence as a reason for flight, fearing severe harm or death if they stayed,” the report said.

More than three-quarters of the women interviewed said they knew the journey overland to the United States was dangerous, but it was a risk worth taking.

Some said they took birth control pills before starting their journey to avoid getting pregnant as a result of rape by human traffickers or gangs, the report said.

“Coming here [to the United States] was like having hope that you will come out alive,” the report quoted Sara, who fled Honduras and sought asylum in the United States, as saying.

 

So, the Most Transparent Administration in History, Nah

Posted on by

Not being timely or responsive to letters or to requests is a means to use avoidance as a weapon and the Obama White House is perfect at this, a lesson used by several agencies.

There are also lawyers that are assigned by the White House that in fact scrutinize all Freedom of Information Act requests before they are advanced through the system.

Obama administration sets new record for withholding FOIA requests

PBS, WASHINGTON — The Obama administration set a record again for censoring government files or outright denying access to them last year under the U.S. Freedom of Information Act, according to a new analysis of federal data by The Associated Press.

The government took longer to turn over files when it provided any, said more regularly that it couldn’t find documents and refused a record number of times to turn over files quickly that might be especially newsworthy.

It also acknowledged in nearly 1 in 3 cases that its initial decisions to withhold or censor records were improper under the law — but only when it was challenged.

Its backlog of unanswered requests at year’s end grew remarkably by 55 percent to more than 200,000. It also cut by 375, or about 9 percent, the number of full-time employees across government paid to look for records. That was the fewest number of employees working on the issue in five years.

The government’s new figures, published Tuesday, covered all requests to 100 federal agencies during fiscal 2014 under the Freedom of Information law, which is heralded globally as a model for transparent government. They showed that despite disappointments and failed promises by the White House to make meaningful improvements in the way it releases records, the law was more popular than ever. Citizens, journalists, businesses and others made a record 714,231 requests for information. The U.S. spent a record $434 million trying to keep up. It also spent about $28 million on lawyers’ fees to keep records secret.

“This disappointing track record is hardly the mark of an administration that was supposed to be the most transparent in history,” said Sen. John Cornyn, R-Texas, who has co-sponsored legislation with Sen. Patrick Leahy, D-Vt., to improve the Freedom of Information law. Their effort died in the House last year.

The new figures showed the government responded to 647,142 requests, a 4 percent decrease over the previous year. It more than ever censored materials it turned over or fully denied access to them, in 250,581 cases or 39 percent of all requests. Sometimes, the government censored only a few words or an employee’s phone number, but other times it completely marked out nearly every paragraph on pages.

On 215,584 other occasions, the government said it couldn’t find records, a person refused to pay for copies or the government determined the request to be unreasonable or improper.

The White House touted its success under its own analysis. It routinely excludes from its assessment instances when it couldn’t find records, a person refused to pay for copies or the request was determined to be improper under the law, and said under this calculation it released all or parts of records in 91 percent of requests — still a record low since President Barack Obama took office using the White House’s own math.

“We actually do have a lot to brag about,” White House spokesman Josh Earnest said.

Earnest on Wednesday praised agencies for releasing information before anyone requested it, such as the salaries and titles of White House employees. He cited more than 125,000 sets of data posted on a website, data.gov, which include historical temperature charts, records of agricultural fertilizer consumption, Census data, fire deaths and college crime reports.

“When it comes to our record on transparency, we have a lot to be proud of,” he told reporters aboard Air Force One. “And frankly, it sets a standard that future administrations will have to live up to.”

Separately, the Justice Department congratulated the Agriculture and State departments for finishing work on their oldest 10 requests, said the Pentagon responded to nearly all requests within three months and praised the Health and Human Services Department for disclosing information about the Ebola outbreak and immigrant children caught crossing U.S. borders illegally.

The government’s responsiveness under the open records law is an important measure of its transparency. Under the law, citizens and foreigners can compel the government to turn over copies of federal records for zero or little cost. Anyone who seeks information through the law is generally supposed to get it unless disclosure would hurt national security, violate personal privacy or expose business secrets or confidential decision-making in certain areas. It cited such exceptions a record 554,969 times last year.

Under the president’s instructions, the U.S. should not withhold or censor government files merely because they might be embarrassing, but federal employees last year regularly misapplied the law. In emails that AP obtained from the National Archives and Records Administration about who pays for Michelle Obama’s expensive dresses, the agency blacked-out a sentence under part of the law intended to shield personal, private information, such as Social Security numbers, phone numbers or home addresses. But it failed to censor the same passage on a subsequent page.

The sentence: “We live in constant fear of upsetting the WH (White House).”

In nearly 1 in 3 cases, when someone challenged under appeal the administration’s initial decision to censor or withhold files, the government reconsidered and acknowledged it was at least partly wrong. That was the highest reversal rate in at least five years.

The AP’s chief executive, Gary Pruitt, said the news organization filed hundreds of requests for government files. Records the AP obtained revealed police efforts to restrict airspace to keep away news helicopters during violent street protests in Ferguson, Missouri. In another case, the records showed Veterans Affairs doctors concluding that a gunman who later killed 12 people had no mental health issues despite serious problems and encounters with police during the same period. They also showed the FBI pressuring local police agencies to keep details secret about a telephone surveillance device called Stingray.

“What we discovered reaffirmed what we have seen all too frequently in recent years,” Pruitt wrote in a column published this week. “The systems created to give citizens information about their government are badly broken and getting worse all the time.”

The U.S. released its new figures during Sunshine Week, when news organizations promote open government and freedom of information.

The AP earlier this month sued the State Department under the law to force the release of email correspondence and government documents from Hillary Rodham Clinton’s tenure as secretary of state. The government had failed to turn over the files under repeated requests, including one made five years ago and others pending since the summer of 2013.

The government said the average time it took to answer each records request ranged from one day to more than 2.5 years. More than half of federal agencies took longer to answer requests last year than the previous year.

Per FBI: Foreign Telecoms Likely Hacked Hillary Emails

Posted on by

The Justice Department officials also used the words “reckless”, “stunning,” and “unbelievable” in discussing the controversy swirling around Clinton’s use of a private, nongovernment email account.

FBN Exclusive: DOJ Officials Fear Foreign Telecoms Hacked Clinton Emails, Server

FBN: Officials close to the matter at the Department of Justice are concerned the emails Hillary Clinton sent from her personal devices while overseas on business as U.S. Secretary of State were breached by foreign telecoms in the countries she visited—a list which includes China.

“Her emails could have easily been hacked into by telecoms in these countries. They got the emails first, and then routed them back to her home server. They could have hacked into both,” one Justice Department official close to the matter says.

Another Justice Department official adds: “Those telecommunications companies over there often have government workers in there. That telecom in that foreign country could then follow the trail of emails back to her server in the U.S. and break into the server” remotely over the Internet. At various points in this process, there were multiple entry points to hack into Clinton’s server to steal information, as well as eavesdrop, the Justice Department officials say.

This is the first indication that officials at the Justice Department are concerned that foreign telecom workers may have broken into Clinton’s emails and home server. The Federal Bureau of Investigation is currently investigating the national security issues surrounding Clinton’s emails and server.

The Justice Department officials also used the words “reckless”, “stunning,” and “unbelievable” in discussing the controversy swirling around Clinton’s use of a private, nongovernment email account, as well as her use of a personal Blackberry (BBRY), an Apple (AAPL) iPad, and home server while U.S. Secretary of State. The officials did not indicate they have any knowledge of a breach at this point.

As for the effort to designate Clinton’s emails as classified or unclassified, the Justice Department officials agreed that, as one put it: “Every email she sent is classified because she herself is classified, because she is both Secretary of State and a former first lady.”

In addition, there’s a growing belief among cyber security experts at web security places like Venafi and Data Clone Labs that Clinton’s emails were unprotected in the first three months of her tenure in 2009 as the nation’s top diplomat, based on Internet scans of her server Venafi conducted at that time.

“For the first three months of Secretary Clinton’s term in office, from early January to late March, access to her home server was not encrypted or authenticated with a digital certificate,” Kevin Bocek, vice president of security strategy and threat intelligence at Venafi tells FOX Business. “That opens the risk that Clinton’s user name and password were exposed and captured, particularly in places she traveled to at this time, like China or Egypt. And that raises issues of national security,” adding “Attackers could have eavesdropped on communications, particularly in places like China, where the Internet and telecom infrastructure are built to do that.”

Digital certificates are the bedrock of Internet security. They verify the Web authenticity and legitimacy of an email server, and they let the recipient of an email know that an email is from a trusted source. Essentially, digital certificates are electronic passports attached to an email that verifies that a user sending an email is who he or she claims to be.

Because it appears Clinton’s server did not have a digital certificate in the first three months of 2009, “a direct attack on her server was likely at this time, and the odds are fairly high it was successful,” says Ira Victor, director of the digital forensic practice at Data Clone Labs.

In and around January 13, 2009, the day of Clinton’s Senate confirmation hearings, the clintonemail.com domain name was registered. An estimated 62,320 emails were sent and received on Clinton’s private email account during her tenure as U.S. Secretary of State. Later, 31,830 emails were erased from her private server because they were deemed personal.

Although Clinton previously has argued that there was no classified material on her home server in Chappaqua, N.Y., the U.S. Department of State has deemed 403 emails as classified, with three designated “top secret” (the State Dept. itself has been the subject of cyber hacking).

Clinton has maintained her home server did have “numerous safeguards,” but it’s unclear specifically what security measures were installed, and what those layers were. In September, Clinton apologized on ABC News for using a home server to manage her U.S. Department of State electronic correspondence.

Although Clinton and her team have indicated her emails were not hacked, not knowing about a breach is different from being hacked, cyber analysts tell FOX Business. Her campaign staffers did not return calls or emails for comment. “Even the NSA, the CIA, and Fortune 500 companies know they cannot make that claim that they have not been hacked. Everyone can be hacked,” says Bocek.

FOX News recently reported that an intelligence source familiar with the FBI’s probe into Clinton’s server said that the FBI is now focused on whether there were violations of the federal Espionage Act pertaining to “gross negligence” in the safeguarding of national defense information. Sets of emails released show that Clinton and top aides continuously sent information about foreign governments and sensitive conversations with world leaders, among other things, FOX News reported.

Secure communications and devices are routine in the federal government. For example, President Barack Obama received a secure Blackberry from the National Security Agency after he was elected, a former top NSA official tells FOX Business.

“I could not recall that I ever heard that a secure Blackberry was provided to Hillary Clinton.  No one else can either,” the former NSA official says, adding, “There is no way her calls were properly secured if she used her [personal] Blackberry.” Blackberry declined comment.

The former NSA official says the same issue is at play for Clinton’s iPad. “While there have been recent advances in securing iPhones and iPads, these were not available, in my opinion, when she was Secretary of State and there would have to be a record that she sought permission to use them with encryption,” the former NSA official says.

When traveling overseas, U.S. secretaries of states use secure phones that ensure end-to-end encryption, and in some cases, mutual authentication of the parties calling, the former NSA official said. Communications are conducted via secured satellite, digital networks or Internet telephony.

“I think I can say, with some confidence, that once any decent foreign intelligence service discovered she was using her personal phone and iPad, she would be targeted and it would be a high priority operation,” the former NSA official said, adding, “if the calls were unencrypted, it would be no challenge at all while she was overseas — they just have to get to the nearest cell tower.”

The first three months of her tenure as Secretary of State would have been an ideal time for hackers to break in, cyber security experts say.

Specifically, experts point to work done by cyber security experts at Venafi, which has revealed a three-month gap in security for Clinton’s home server after the Palo Alto, Calif. firm’s team had conducted routine, “non-intrusive Internet scanning” in January 2009.

Venafi’s Bocek tells FOX Business that he and his team had picked up Clinton’s domain, clintonemail.com, at that time, and found that her home server had not been issued a digital certificate. That means email traffic to and from her server was unprotected from early January to late March 2009. During that time, Clinton traveled as U.S. Secretary of State to China, Indonesia, South Korea, Japan, Egypt, Palestine, Israel, Belgium, Switzerland, and Turkey.

“It also means anyone accessing her home server, including Clinton and other people, would have unencrypted access, including from devices and via web browsers,” says Bocek. “This means that during the first three months of Secretary Clinton’s term in office, web browser, smartphone, and tablet communications would not have been encrypted.”

Digital certificates are vital to Internet security. All “online banking, shopping, and confidential government communications wouldn’t be possible without the trust established by digital certificates,” says Bocek. “Computers in airplanes, cars, smartphones, all electronic communications, indeed trade around the world depend on the security from digital certificates.”

The Office of Management and Budget has now mandated that all federal web servers must use digital certificates by the end of 2016, Bocek notes.

If cyber hackers broke into Clinton’s server, they also could have easily tricked it into handing over usernames, passwords, or other sensitive information, Bocek noted.

“The concern is that log-on credentials could have been compromised during this time, especially given travel to China and elsewhere,” Bocek says opening the door to more lapses. “As we’ve seen with so many other breaches, to long-term, under-the-radar compromise by adversaries, hacks that Clinton and her team may not be aware of.”

Bocek adds: “Essentially, the cyber hacker would have looked to Clinton’s server like it was Secretary Clinton emailing.”

Digital forensic analyst Victor agrees. “It’s highly likely her emails sent during this time via her devices and on her server were not encrypted. More significantly, her log-on credentials, her user name and passwords, were almost certainly not encrypted,” says Victor, who has testified in cyber security cases as an expert forensic witness. “So that means emails from Clinton’s aides, like Huma Abedin, or anyone who had email accounts on her server, their communications were also likely unencrypted.”

Victor adds: “It’s highly likely all of their user names and passwords were being exposed on a regular basis to potential cyber attackers, with the high risk they were stolen by, for instance, government employees who could get the passwords for everyone Clinton was communicating with.”

Victor explains how Clinton’s emails from her devices could have been hacked, and malware could have been planted on her server. “Say Clinton emailed from her device during her Beijing trip in that 2009 period. Her emails would first get routed through the local, state-controlled Chinese telecom. The Chinese telecom captures those bits of emails that are broken up into electronic packets by the device she uses,” Victor explains.

Any device Clinton emailed from, Victor says, was constantly “polling and authenticating communications” between her device and her server. But all of the back-and-forth communication goes through, say, the Chinese telecom. When the device is polling her server with non-secure communications, it’s giving attackers repeat opportunities to breach.”

He continues: “If the connection was not protected, a state actor at the China telecom transmitting her email back to her server in the U.S. could breach both the device and the server at that point.”

Martin C. Libicki, a senior management scientist and cyber expert at Rand Corp., says that security on Clinton’s devices could have been higher than feared. But he says that, while the Blackberry device does have strong encryption, once Clinton zoomed emails from her Blackberry through the foreign telecom networks during those first three months of her tenure, “it was much easier to hack both the device and the server then.”

Venafi’s team, which included analysts Hari Nair and Gavin Hill, found Clinton and/or her team did eventually purchase digital certificates for the server and the clintonemail.com domain name starting in March 2009.

Victor added: “But the question that needed to be asked then was, once the certificate was installed, did Clinton and her team warn anyone she had emailed during those first three months about the poor security during that time, did they warn them to reset their security passwords on all their devices?”