Timesdelhi.com

July 18, 2018
Category archive

Department of Homeland Security

A huge spreadsheet naming ICE employees gets yanked from GitHub and Medium

in activism/Delhi/Department of Homeland Security/Government/immigration/India/Policy/Politics/TC/Trump administration by

A massive database of current U.S. Immigration and Customs Enforcement (ICE) employees scraped from public LinkedIn profiles has been removed from the tech platforms hosting the data. The project was undertaken by Sam Lavigne, self-described artist, programmer and researcher in response to recent revelations around ICE’s detention practices at the southern U.S. border.

Lavigne posted the database to GitHub on Tuesday and by Wednesday the repository had been removed. The database included the name, profile photo, title and city area of every ICE employee who listed the agency as their employer on the professional networking site. A more in-depth version of the data pulled all public LinkedIn data from the pool of users, including previous employment, education history and any other information those users opted to make public. The total database lists this information for 1,595 ICE employees, from the company’s CTO on down to low-level workers.

The project accompanied a Medium post about the project’s aims that has since been removed by the platform:

While I don’t have a precise idea of what should be done with this data set, I leave it here with the hope that researchers, journalists and activists will find it useful…

I find it helpful to remember that as much as internet companies use data to spy on and exploit their users, we can at times reverse the story, and leverage those very same online platforms as a means to investigate or even undermine entrenched power structures. It’s a strange side effect of our reliance on private companies and semi-public platforms to mediate nearly all aspects of our lives.

The data set appears to have violated GitHub and Medium guidelines against doxing. Medium’s anti-harassment policy specifically forbids doxing and defines it broadly, preventing “the aggregation of publicly available information to target, shame, blackmail, harass, intimidate, threaten, or endanger.”

Because it doesn’t include personal identifying information like home addresses, phone numbers or other non-public details, Lavigne’s project isn’t really doxing in the normal sense of the word, though that hasn’t made it less controversial.

GitHub’s own policy leading to the data’s removal is less clear, though the company told The Verge the repository was removed due to “doxxing and harassment.” The platform’s terms of service forbid uses of GitHub that “violate the privacy of any third party, such as by posting another person’s personal information without consent.” This leaves some room for interpretation, and it is not clear that data from a public-facing social media profile is “personal” under this definition. GitHub allows researchers to scrape data from external sites in order to aggregate it “only if any publications resulting from that research are open access.”

While Lavigne’s aggregation efforts were deemed off-limits by some tech platforms, they do raise compelling questions. What kinds of public data, in aggregate, run afoul of anti-harassment rules? Why can this kind of data be scraped for the purposes of targeted advertising or surveillance by law enforcement but not be collected in a user-facing way? The ICE database raised these questions and plenty more, but for some tech companies the question of hosting the data proved too provocative from the start.

News Source = techcrunch.com

The United States needs a Department of Cybersecurity

in China/Column/computer security/Congress/cyberattack/cybercrime/Cyberwarfare/Delhi/department of defense/Department of Homeland Security/department of justice/executive/Federal Bureau of Investigation/Government/hacking/India/national security/Politics/Russia/San Francisco/Security/spy/United States/Washington by

This week over 40,000 security professionals will attend RSA in San Francisco to see the latest cyber technologies on display and discuss key issues. No topic will be higher on the agenda than the Russian sponsored hack of the American 2016 election with debate about why the country has done so little to respond and what measures should be taken to deter future attempts at subverting our democracy.

For good reason. There is now clear evidence of Russian interference in the election with Special Counsel Mueller’s 37-page indictment of 13 Russians yet the attack on US sovereignty and stability has gone largely unanswered.  The $120 million set aside by Congress to address the Russian attacks remains unspent. We expelled Russian diplomats but only under international pressure after the poisoning of a former Russian spy and his daughter.

Recent sanctions are unlikely to change the behavior of the Putin administration. To put it bluntly, we have done nothing of substance to address our vulnerability to foreign cyberattacks. Meanwhile, our enemies gain in technological capability, sophistication and impact.

Along with the Russians, the Chinese, North Koreans, Iranians and newly derived nation states use cyber techniques on a daily basis to further their efforts to gain advantage on the geopolitical stage. It is a conscious decision by these governments that a proactive cyber program advances their goals while limiting the United States.

Krisztian Bocsi/Bloomberg via Getty Images

We were once dominant in this realm both technically and with our knowledge and skillsets. That playing field has been leveled and we sit idly by without the will or focus to try and regain the advantage. This is unacceptable, untenable and will ultimately lead to potentially dire consequences.

In March of this year, the US CyberCommand released  a vision paper called “Achieve and Maintain Cyberspace Superiority.” It is a call to action to unleash the country’s cyber warriors to fight  for our national security in concert with all other diplomatic and economic powers available to the United States.

It’s a start but a vision statement is not enough.  Without a proper organizational structure, the United States will never achieve operational excellence in its cyber endeavors.  Today we are organized to fail.  Our capabilities are distributed across so many different parts of the government that they are overwhelmed with bureaucracy, inefficiency and dilution of talent.

The Department of Homeland Security is responsible for national protection including prevention, mitigation and recovery from cyber attacks. The FBI, under the umbrella of the Department of Justice,  has lead responsibility for investigation and enforcement. The Department of Defense, including US CyberCommand, is in charge of national defense.  In addition, each of the various military branches  have their own cyber units. No one who wanted to win would organize a critical  capability in such a distributed and disbursed manner.

How could our law makers know what policy to pass? How do we recruit and train the best of the best in an organization, when it might just be a rotation through a military branch? How can we instantly share knowledge that benefits all when these groups don’t even talk to one another? Our current approach does not and cannot work.

Image courtesy of Colin Anderson

What is needed is a sixteenth branch of the Executive — a Department of Cybersecurity — that  would assemble the country’s best talent and resources to operate under a single umbrella and a single coherent policy.  By uniting our cyber efforts we would make the best use of limited resources and ensure seamless communications across all elements dealing in cyberspace. The department would  act on behalf of the government and the private sector to protect against cyberthreats and, when needed, go on offense.

As with physical defense, sometimes that means diplomacy or sanctions, and sometimes it means executing missions to cripple an enemy’s cyber-operations. We  have the technological capabilities, we have the talent, we know what to do but unless all of this firepower is unified and aimed at the enemy we might as well have nothing.

When a Department of Cybersecurity is discussed in Washington, it is usually rejected because of the number of agencies and departments affected. This is code for loss of budget and personnel. We must rise above turf battles if we are to have a shot at waging an effective cyber war. There are some who have raised concerns about coordination on offensive actions but they can be addressed by a clear chain of command with the Defense Department to avoid the potential of a larger conflict.

We must also not be thrown by comparisons to the Department of Homeland Security and conclude a Cybersecurity department would face the same challenges. DHS was 22 different agencies thrust into one. A Department of Cybersecurity would be built around a common set of skills, people and know-how all working on a common issue and goal. Very different.

Strengthening our cyberdefense is as vital as having a powerful standing army to defend ourselves and our allies. Russia, China and others have invested in their cyberwar capabilities to exploit our systems almost at will.

Counterpunching those efforts requires our own national mandate executed with Cabinet level authority. If we don’t bestow this level of importance to the fight and set ourselves up to win, interference in US elections will not only be repeated …  such acts will seem trivial in comparison to what could and is likely to happen.

News Source = techcrunch.com

Russia targeted election systems in 21 states, successfully hacking some

in 2016 election/Congress/Delhi/Department of Homeland Security/election hacking/electronic voting/Government/Hack/India/Politics/Russia/TC by

On Friday, the Department of Homeland Security notified nearly half of the U.S. states that their election systems were targeted by Russia-affiliated hackers in an attempt to influence the 2016 election. In most of the states targeted, the hackers were engaged in preliminary activities like scanning. In other states hackers attempted to infiltrate systems and failed, but in a small selection of states, with only Illinois confirmed so far, the election systems were compromised successfully. According to Homeland Security, none of these attempts were aimed at the systems that actually tabulate the votes themselves.

At least 21 states were the focus on these hacking attempts, including Alabama, Alaska, Arizona, California, Colorado, Connecticut, Delaware, Florida, Illinois, Iowa, Maryland, Minnesota, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Texas, Virginia, Wisconsin and Washington, as confirmed by the Associated Press and the states themselves. States like Florida, Ohio, Pennsylvania, Virginia and Wisconsin are among the swing states considered critical to an electoral college victory last year. So far, other battleground states including Michigan, Nevada, New Hampshire and North Carolina are not among those confirmed in the hacking attempt.

In a message to election officials in the state of Wisconsin, Homeland Security specified that the hack was conducted by “Russian government cyber actors.” The agency first confirmed the state-level hacking attempts toward the 21 states in June, informing the Senate Intelligence Committee. At that time, the states targeted by the operation were not made public.

Some members of Congress have spoken out against Homeland Security’s decision to delay notifying states and providing details, including Rep. Adam Schiff and Sen. Mark Warner, the ranking Democrats on the House and Senate’s respective intelligence committees.

“It’s unacceptable that it took almost a year after the election to notify states that their elections systems were targeted, but I’m relieved that DHS has acted upon our numerous requests and is finally informing the top elections officials in all 21 affected states that Russian hackers tried to breach their systems in the run up to the 2016 election,” Warner said.

In a statement to TechCrunch, Homeland Security spokesperson Scott McConnell elaborated on the decision to inform states:

“DHS does not publicly disclose cybersecurity information shared between the department and its partners. When we become aware of a potential victim, DHS notifies the owner or operator of the system, who in this case may not necessarily be the Secretary of State’s office. However, recognizing that state and local officials should be kept informed about cybersecurity risks to election infrastructure, we are working with them to refine our processes for sharing this information while protecting the integrity of investigations and the confidentiality of system owners.

This includes the development of an election subsector coordinating council and making security clearances available to those who may need access to classified information in the oversight of their election systems. As part of our ongoing information sharing efforts, today DHS notified the Secretary of State or other chief election officer in each state of any potential targeting we were aware of in their state leading up to the 2016 election. We will continue to keep this information confidential and defer to each state whether it wishes to make it public or not.”

We will be following this story as more states disclose details around election-related hacking activity.

Featured Image: franckreporter/Getty Images

News Source = techcrunch.com

U.S. government bans Kaspersky software citing fears about Russian intelligence

in Delhi/Department of Homeland Security/Government/India/Kaspersky/kaspersky labs/Politics/Russia/TC/Trump administration by

Three months after the General Services Administration removed Kaspersky Lab from a list of approved federal vendors, Homeland Security is banning the Russian security software maker outright. In a statement on Wednesday, DHS Acting Secretary Elaine Duke directed all Executive Branch agencies and departments to identify any Kaspersky products being used over the next 30 days, to make a plan to eliminate their use in the next 60 days and to begin that discontinuation within 90 days.

“The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” DHS said in its directive.

“The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.”

At the end of its full statement on the issue, available here, DHS states that it will allow Kaspersky and “any other entity that claims its commercial interests will be directly impacted” to submit a written argument along with any evidence or data that could offset the U.S. government’s concerns.

Kaspersky fired back at the decision with its own statement, available in full below.

“Given that Kaspersky Lab doesn’t have inappropriate ties with any government, the company is disappointed with the decision by the U.S. Department of Homeland Security (DHS), but also is grateful for the opportunity to provide additional information to the agency in order to confirm that these allegations are completely unfounded.

No credible evidence has been presented publicly by anyone or any organization as the accusations are based on false allegations and inaccurate assumptions, including claims about the impact of Russian regulations and policies on the company. Kaspersky Lab has always acknowledged that it provides appropriate products and services to governments around the world to protect those organizations from cyberthreats, but it does not have unethical ties or affiliations with any government, including Russia.

“In addition, more than 85 percent of its revenue comes from outside of Russia, which further demonstrates that working inappropriately with any government would be detrimental to the company’s bottom line. These ongoing accusations also ignore the fact that Kaspersky Lab has a 20-year history in the IT security industry of always abiding by the highest ethical business practices and trustworthy technology development.

“Regarding the Russian polices and laws being misinterpreted, the laws and tools in question are applicable to telecom companies and Internet Service Providers (ISPs), and contrary to the inaccurate reports, Kaspersky Lab is not subject to these laws or other government tools, including Russia’s System of Operative-Investigative Measures (SORM), since the company doesn’t provide communication services. Also, it’s important to note that the information received by the company, as well as traffic, is protected in accordance with legal requirements and stringent industry standards, including encryption, digital certificates and more.

“Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts, and it’s disconcerting that a private company can be considered guilty until proven innocent, due to geopolitical issues. The company looks forward to working with DHS, as Kaspersky Lab ardently believes a deeper examination of the company will substantiate that these allegations are without merit.”

While the new steps from DHS are a strong statement on its suspicions, the truth is murkier. Given the controversy over Kaspersky’s rumored but never clearly substantiated closeness with Russian intelligence, the move might just be erring on the side of caution. Still, to purge Kaspersky products altogether in such a public way sends a strong message, but who the message is to or what if anything it’s actually rooted in remains far from clear.

Featured Image: Bob Stefko/Getty Images

News Source = techcrunch.com

Trump administration sued over warrantless smartphone searches at U.S. borders

in aclu/Customs and Border Protection/Delhi/Department of Homeland Security/DHS/EFF/Government/India/Policy/Politics/privacy/TC by

With the border wall fight looming large in Congress, another kind of battle at the border is heating up. On Wednesday, the Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU) filed a lawsuit with the Department of Homeland Security over warrantless border searches. In the case, Alasaad v. Duke, two organizations will represent 11 individuals who had U.S. border agents search their computers and smartphones without any kind of warrant. Elaine Duke is the current acting secretary of DHS following General John Kelly’s move into the innermost White House circle as chief of staff.

The plaintiff details in the case are pretty interesting. Ten of the 11 are U.S. citizens with the outlier being a permanent resident. According to the EFF, several are Muslims and people of color who have presumably been singled out by border agents newly emboldened by this administration’s aggressive pursuit of travel and immigration policies targeting those groups. The plaintiff group includes a NASA engineer, students, journalists and a veteran who were returning to the U.S. from international travel at the time of the searches. Some of these individuals had their smartphones held by border officers for months, though none were accused of any particular crime.

In the case of NASA engineer Sidd Bikkannavar, the plaintiff was on his way back from a vacation to Chile when a Customs and Border Protection officer in the Houston airport forced him to unlock his phone using his password and hand it over. The officer took the phone for half an hour, explaining that the agency used “algorithms” to examine its content. In other instances, a plaintiff alleges that he was physically assaulted by border agents who confiscated his unlocked smartphone. The EFF release offers the full list of plaintiffs and their stories.

“The government cannot use the border as a dragnet to search through our private data,” ACLU attorney Esha Bhandari said of the case, filed in the Massachusetts U.S. District Court. “Our electronic devices contain massive amounts of information that can paint a detailed picture of our personal lives, including emails, texts, contact lists, photos, work documents, and medical or financial records. The Fourth Amendment requires that the government get a warrant before it can search the contents of smartphones and laptops at the border.”

Featured Image: Sandy Huffaker/Getty Images

News Source = techcrunch.com

Go to Top