Info Security Archives

Online shoppers take heed.

The Federal Trade Commission is allowing the U.S. Citizenship and Immigration Services arm of the Homeland Security Department access to its secure consumer complaint database so USCIS officials can investigate scammers posing as immigration legal advisers, federal officials announced on Thursday.

Typically only law enforcement officials can search through the FTC's Consumer Sentinel Network, which warehouses tips that customers submit to the Better Business Bureau, National Consumers League and other watchdog organizations.

USCIS, FTC and Justice Department officials announced the new data exchange on Thursday as part of a public awareness campaign to crack down on unauthorized legal assistance providers. Many imposters charge unwitting immigrants for resources the government offers for free, like application forms, or falsely claim they can expedite the approval process, according to USCIS officials. Some promise to help clients obtain immigration papers for which the applicant is ineligible.

Obama administration officials have been stressing the White House's commitment to immigration enforcement, as they try to ease the way for comprehensive immigration reform.

USCIS posted several campaign ads on YouTube to educate people on how to avoid immigration scams, but the promos do not encourage reporting deceptive outfits. The ads direct Internet users to the uscis.gov/avoidscams website for more information. A "Report Immigration Scams" tab on the site takes visitors to an interactive Web page where they can notify authorities about suspicious professionals.

The Pentagon and the Homeland Security Department are aiding Defense contractor Lockheed Martin Corp. on an investigation into a cyber attack that reportedly infiltrated the firm's security networks, federal officials said Saturday night.

"DoD is aware of a cyber incident impacting Lockheed Martin and, together with the Department of Homeland Security, is working with the company in determining the extent of the incident," Pentagon spokeswoman Lt. Col. April Cunningham said. "Impact to DoD is minimal and we don't expect any adverse effect."

In the past, the Defense' Cyber Crime Center has been responsible for heading probes into intrusions on .mil networks and systems in the defense industrial base, which includes Lockheed. Homeland Security has focused on helping civilian agencies and commercial companies assess cyber events, such as the recent Sony PlayStation network breach.

But, increasingly, the Pentagon and Homeland Security have been sharing cyber experts, tools and privacy officers, to respond to cyberattacks against government contractors, including one disclosed in March that hit security firm RSA. In that incident, perpetrators compromised a system containing information on RSA-manufactured "SecurID" digital credentials used by many federal employees and contractors.

According to Reuters, which first reported the Lockheed incident on Friday, unidentified hackers "breached [Lockheed] security systems designed to keep out intruders by creating duplicates to SecurID electronic keys," according to one person who was not authorized to publicly discuss the matter. The offenders learned how to copy the security keys with data stolen during the RSA attack, the Reuters story said.

At the time, RSA Executive Chairman Art Coviello announced through a message on the company's website that the data stolen could potentially be used to weaken the security of SecurID devices "as part of a broader attack."

As a matter of policy, Homeland Security and military officials declined to comment on the operations underway to stem damage at Lockheed.

DHS and Defense officials have "been in contact with the company to offer assistance in determining the extent of the incident, performing analysis of available data in order to provide recommendations to mitigate further risk," Homeland Security spokeswoman Amy Kudwa said.

Lockheed officials did not immediately respond to a request for comment.

Senate Commerce Chairman Jay Rockefeller has postponed a computer security hearing to attend the funeral of Judge M. Blane Michael, a proponent of digital privacy who served as Rockefeller's special counsel during his first term as governor of West Virginia, aides for the senator said on Monday.

Rockefeller, D-W.Va., has not yet announced a new date for the hearing, previously scheduled for Wednesday, which was to examine the economic ramifications of cyber threats in the private sector.

Last year, Michael, who sat on the U.S. Court of Appeals for the Fourth Circuit in Richmond, lectured to students at his alma mater New York University School of Law that the Internet may undermine the Fourth Amendment's search and seizure protections: "The digital age is placing our privacy in jeopardy. Technological advances in the way we communicate and store information make us increasingly vulnerable to intrusive searches and seizures."

The disconnect between analogue-era privacy and communications laws and the evolving, online nature of criminal activity has been the subject of several congressional hearings during the past year. Lawmakers are considering updating civil liberties legislation, such as the 1986 Electronic Communications Privacy Act, as well as establishing new computer crime rules as part of comprehensive cyber legislation.

During his speech, Michael noted that people store their digital files, including love letters, diaries and financial records, on an Internet service provider's remote server, so that they can access their documents from any computer.

"But online storage also raises questions about whether we retain any Fourth Amendment privacy interest in files once we store them remotely because they are then technically accessible to the Internet service provider," he said.

Michael cited a case that involved the government's seizure of Google's email servers, which house millions of people's personal data, just to look for just a few incriminating messages.

"In evaluating whether there is a privacy interest in personal files stored online, the current framework leaves room for considering other sources of interpretation, including the Fourth Amendment's formative history and contemporary norms and circumstances," he said.

On Friday, Rockefeller said in a statement that Michael was unvarnished in his honesty, uncanny in his humor and unequaled in his humility. He called him "a brilliant judge who never took for granted the power and the responsibility of deciding the cases that impacted people's lives or righted serious wrongs.

"I will be forever fortunate to call him my dearest friend and confidant - the kind you just trust to his very core and whose deep, easy companionship abides with you for a lifetime," he said.

It's all cloud, all the time in federal IT these days, especially since the Office of Management and Budget ordered agencies to take a cloud-first approach to IT projects. Mary Davie, assistant commissioner for the Office of Integrated Technology Services in the General Services Administration's Federal Acquisition Service, provides a reality check on cloud mania today, with a blog post aimed at busting four myths about cloud computing in the federal sector.

Those myths, according to Davie, are:

• Cloud can be anything.
• Public clouds are not secure, and agencies can't control security requirements.
• Agencies will lose control of their data.
• Moving to the cloud is difficult.

The Defense Department organization charged with cyber combat is reinforcing military networks by moving much of DoD's computing to a space many civilian agencies view as insecure - the cloud. Cloud computing is the practice of storing and accessing applications in a shared online environment, instead of on in-house servers.

U.S. Cyber Command chief Gen. Keith Alexander told lawmakers on Wednesday the following:

"The idea is to reduce vulnerabilities inherent in the current architecture and to exploit the advantages of cloud computing and thin-client networks, moving the programs and the data that users need away from the thousands of desktops we now use--up to a centralized configuration that will give us wider availability of applications and data combined with tighter control over accesses and vulnerabilities and more timely mitigation of the latter."

The White House has been pressing agencies to outsource information technology services to the Web as a way of phasing out the federal government's more than 2,000 expensive, energy-sucking data centers. But many federal managers are fearful of losing their data in the cloud. What happens in the event of an online outage or if the communal, off-site servers storing their programs are hacked?

Alexander's explanation as to why the cloud will offer Defense good defense:

"This architecture would seem at first glance to be vulnerable to insider threats -- indeed, no system that human beings use can be made immune to abuse -- but we are convinced the controls and tools that will be built into the cloud will ensure that people cannot see any data beyond what they need for their jobs and will be swiftly identified if they make unauthorized attempts to access data."

The feds are getting tough with online crime. On Thursday, agents with Immigration and Customs Enforcement arrested one Texan for pirating broadcasts of live sporting events and announced the sentencing of another in a software piracy conspiracy.

Bryan McCarthy, 32, of Deer Park, Texas, allegedly operated channelsurfing.net, which he used to streamline live, copyrighted sporting events over the Internet. The site was seized by federal authorities on Feb. 1. According to the criminal complaint the site was an online portal for pirated sports events from the National Football League, National Basketball Association, and National Hockey League, among others. The website also contained links to various live television channels.

McCarthy, who has been charged with one count of criminal infringement of a copyright, made $90,000 in profits from online merchants advertising on the site, according to an ICE press release. The site had 1.3 million hits since being shut down. If convicted, McCarthy faces a maximum of five years in prison.

"Brian McCarthy allegedly sought to profit by intercepting and then streaming live sporting events, hiding behind the anonymity of the internet to make a quick buck through what is little more than high-tech thievery," said Preet Bhara, U.S. Attorney for the Southern District of New York, in a prepared statement. "This arrest sends a clear message that this office, working with its partners at HSI, will vigorously protect valuable intellectual property rights through arrests and domain name seizures."

Also Thursday, David Fein, the U.S. Attorney for the District of Connecticut, said 46-year-old Michael Uszakow, who went by the alias "iced," was sentenced to two years of probation and ordered to pay a fine of $2,000 for his involvement in an underground online community that used the Internet to engage in large-scale distribution of copyrighted software, video games, movies, music files and other protected material.

Participants in the "warez scene" worked as "crackers" to break the digital copyright protections of material while others distributed the software to file storage sites on the Internet. According to Fein, Uszakow uploaded and downloaded thousands of files from the warez server known as Nite Ranger Hideout.

The website of U.S.-funded broadcaster Voice of America Persian was attacked by an Iranian pro-government group, according to a correspondent for sister station Radio Free Europe Radio Liberty. The main VOA site also appeared to have been hacked, as of 9:04 p.m. Eastern on Sunday.

"Website of VOA Persian Service was Hacked today by #Iran 's Cyber army #Iranelection," Golnaz Esfandiari wrote at around 5:30 p.m. Eastern on the social media tool Twitter.

One VOA story now states that the incident may have been prompted by the U.S. State Department's recent Arabic- and Persian-language Twitter campaigns in support of pro-democracy opposition groups overseas.

The hackers posted a message referring to Secretary of State Hillary Clinton that read:

"We have proven that we can.
Mrs. Clinton Do you want to hear the voice of oppressed nations will from heart of USA? Islamic world doesn't believe USA trickery.
We call on you to stop interfering in Islamic countries."

Hours before a number of web pages the Voice of America, was hacked. In one of the Voice of America Farsi domain being attacked, the group that his "army of cyber" is introduced, responsibility for the attack has been charged.
Army of cyber hackers on this page have put a picture on it in Persian and English is written: "We've proven that we can."
Army of cyber hackers also addressed on this page are written to the Secretary of State America: "Mrs. Clinton, you want the voice of oppressed nations to hear the heart of America? Muslim world does not believe America's craft. You say that interference in Muslim countries to stop. "
It seems that this action in response to remarks on Sunday (20 February) that Hillary Clinton in a television interview with BBC America, while talking about opening accounts in Arabic and Persian Tweeter by America's Foreign Ministry, had said : "We want young people like the young Americans who seek to express their rights are believed to be associated."

Looking for the latest images from Government Accountability Office reports? Well, now you can find them on the photo-sharing site Flickr.

On Thursday, the agency announced that it joined the White House and NASA on the site. GAO's page features 36 images that can be viewed and downloaded. All are taken from GAO reports, including "causes and rate of rail accidents, 2000-2009" and "top 20 U.S. seaports by number of foreign seafarer arrivals, fiscal year 2009."

"GAO continues to seek out new, innovative ways to convey our findings," said Gene L. Dodaro, U.S. comptroller general and head of the GAO. "The images in our reports help tell the story of government accountability by making complex concepts and data more understandable. Our Flickr page will allow us to highlight selected images and share them more easily with Congress and the public."

You can now become a fan of the Government Printing Office on Facebook.

On Friday, the federal government's printer launched a Facebook page "in an effort to continue to use social media as way of increasing transparency and engage with the public on the workings of [GPO]," the agency said in a news release.

Spokesman Gary Somerset said GPO recognizes that social media is how the world is increasingly communicating. "We already have YouTube and Twitter accounts and Facebook is another extension of the social media circle," he wrote in an e-mail. "These efforts complement GPO's longstanding use of digital systems to inform the public."

GPO plans to post announcements, press releases, agency job listings, photos and videos on its Facebook page. As of Monday afternoon, the agency had nearly 200 followers, with numbers rapidly increasing.