TOP-SECRET – DHS Cybersecurity Order 13636

Executive Order 13636: Improving Critical Infrastructure Cybersecurity Cyber-Dependent Infrastructure Identification Working Group (CDIIWG)

20 pages
For Official Use Only
March 11, 2013Executive Order 13636: Improving Critical Infrastructure Cybersecurity Cyber-Dependent Infrastructure Identification Working Group (CDIIWG)

20 pages
For Official Use Only
March 11, 2013
Executive Order 13636: Improving Critical Infrastructure Cybersecurity Cyber-Dependent Infrastructure Identification Working Group (CDIIWG)

20 pages
For Official Use Only
March 11, 2013

Download

Overview of Executive Order 13636

– Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity was released on February 12, 2013
– Relies on public-private collaboration to improve critical infrastructure cyber posture
– Includes elements to enhance information sharing, develop a cybersecurity framework, and create a voluntary cybersecurity program
– Requires the Department of Homeland Security (DHS) to identify the “critical infrastructure where a cybersecurity incident could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security”

DHS will work with CIPAC to execute Section 9 of the EO

“Within 150 days of the date of this order, the Secretary shall use a risk-based approach to identify critical infrastructure where a cybersecurity incident could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security.” (EO 13636, Section 9)

Apply consistent, objective criteria

Stakeholders include:
– Critical Infrastructure Partnership Advisory Council (CIPAC)
– Sector Specific Agencies (SSA)
– Sector Coordinating Councils (SCC)
– Government Coordinating Councils (GCC)
– Critical infrastructure owners and operators

The list of identified critical infrastructure will be reviewed and updated on an annual basis

Execution of Section 9 will be led by the Cyber-Dependent Infrastructure Identification Working Group (CDIIWG)

Overview of CDII Approach (1 of 2)

Only a small subset of U.S. infrastructure will fall under the focus of the EO activity
– Owners and operators will have the opportunity to provide relevant information
– A review process will be established for the identification as critical infrastructure

Focus is on critical infrastructure that could be compromised through cyber exploitation and which, if incapacitated, could result in catastrophic national, public health, or economic consequences
– Higher standard than debilitating, which is what is used in the base definition to define critical infrastructure
– The Secretary of DHS will provide a list of critical infrastructure most at risk in the context of a cyber incident within 150 days of EO release
– Commercial IT products and consumer information technology services will not be directly designated under the EO as infrastructure most at risk

All sectors will be engaged –through engagement and initial analysis it may be determined that a sector does not have any infrastructure that meets the threshold, the focus of the initial list will not be on that sector(s)

Sectors with existing CI identification processes and lists should be leveraged where appropriate

Functions-based approach to identify critical infrastructure
– Accounts for the virtual and distributed nature of cyber infrastructure
– Focuses on the critical activities, services, or products being produced or provided by a sector, subsector, or mode
– Functions are identified based on the national or regional level consequences that can result from a disruption or exploitation of the infrastructure
– Does not identify a specific organization’s assets, networks, or systems; focus is on sector functions and the types of systems that support them

Requires the application of criteria that will be used to screen the infrastructure that aligns to the critical functions
– Consistently applied within sectors and, where possible, across sectors as well

Stakeholder engagement will be conducted throughout this effort
– CDIIWG will work with sectors (SSAs, SCCs, GCCs) via the CIPAC partnership framework

…

Download

Overview of Executive Order 13636

DHS will work with CIPAC to execute Section 9 of the EO

Apply consistent, objective criteria

The list of identified critical infrastructure will be reviewed and updated on an annual basis

Execution of Section 9 will be led by the Cyber-Dependent Infrastructure Identification Working Group (CDIIWG)

Overview of CDII Approach (1 of 2)

Sectors with existing CI identification processes and lists should be leveraged where appropriate

Stakeholder engagement will be conducted throughout this effort
– CDIIWG will work with sectors (SSAs, SCCs, GCCs) via the CIPAC partnership framework

…

DownloadExecutive Order 13636: Improving Critical Infrastructure Cybersecurity Cyber-Dependent Infrastructure Identification Working Group (CDIIWG)

20 pages
For Official Use Only
March 11, 2013

Download

Overview of Executive Order 13636

DHS will work with CIPAC to execute Section 9 of the EO

Apply consistent, objective criteria

The list of identified critical infrastructure will be reviewed and updated on an annual basis

Execution of Section 9 will be led by the Cyber-Dependent Infrastructure Identification Working Group (CDIIWG)

Overview of CDII Approach (1 of 2)

Sectors with existing CI identification processes and lists should be leveraged where appropriate

Stakeholder engagement will be conducted throughout this effort
– CDIIWG will work with sectors (SSAs, SCCs, GCCs) via the CIPAC partnership framework

…

Overview of Executive Order 13636

DHS will work with CIPAC to execute Section 9 of the EO

Apply consistent, objective criteria

The list of identified critical infrastructure will be reviewed and updated on an annual basis

Execution of Section 9 will be led by the Cyber-Dependent Infrastructure Identification Working Group (CDIIWG)

Overview of CDII Approach (1 of 2)

Sectors with existing CI identification processes and lists should be leveraged where appropriate

Stakeholder engagement will be conducted throughout this effort
– CDIIWG will work with sectors (SSAs, SCCs, GCCs) via the CIPAC partnership framework

…

PUBLIC INTELLIGENCE – Air Force Office of Special Investigations Publishes Report on Military Sextortion Scams

An image taken from the cover of a February 2013 U.S. Air Force Office of Special Investigations report on cybersex extortion scams.

Public Intelligence

The U.S. Air Force Office of Special Investigations (AFOSI) is warning military personnel to avoid becoming victims of online sextortion scams that use “sexual images (obtained either through enticement or malicious code)” to extort money from unsuspecting victims. “Cyber sextortion” is described as a growing problem among the military services with incidents being reported by “all Military Criminal Investigative Organizations” involving service members stationed in Europe, Asia and the U.S. The AFOSI report, released in February on a restricted basis, was recently posted online on the document-sharing website Scribd.

After reviewing Department of Defense statistics, the AFOSI found that cyber sextortion cases across the military services are primarily “webcam sextortion scams” where they DoD personnel were “enticed to engage in online sexual activities which were secretly recorded” and “money was then extorted from the victims in order to prevent the release of compromising video material.” Though it is “unclear whether perpetrators are specifically targeting US military members”, the report describes DoD members as potentially “vulnerable to blackmail and extortion” because of the expectation that they maintain “a professional appearance” and the strict requirements for maintaining a security clearance.

According to the AFOSI report, the Naval Criminal Investigative Service (NCIS) has identified four similar cases of cyber sextortion (two on Guam, one in Japan, and one in Bahrain) involving Navy members between August 2012 and November 2012. The U.S. Army Criminal Investigation Command (USACIDC) also reported three cases involving soldiers located in South Korea, Germany, and Texas. The AFOSI itself has identified multiple cases involving U.S. Air Force members in Japan, South Korea, Alaska, Portugal and Guam.

Many of the incidents reportedly originated from a criminal sextortion ring based in the Philippines. In a public affairs notice posted earlier this month on the Air Force website, a spokesperson for the AFOSI said that the ring involved “21 employees of a Philippines-based web portal solutions company” who reportedly “targeted hundreds of U.S. Army and Navy members for a period of more than a year”.

To protect against potential sextortion scams, the AFOSI recommends protecting personal information and limiting what information is divulged on social networking sites. The report also recommends not responding to “unsolicited e-mails or chat requests”, particularly when the communication involves a “request to exchange provocative pictures or videos”.

MORE HERE:

Air Force Office of Special Investigations Publishes Report on Military Sextortion Scams

Monty Python’s The Meaning of Life ( Mr Creosote ) – Film Skid

TOP-SECRET – CIA Chief Technology Officer Big Data and Cloud Computing Presentations

The following are presentation slides for talks given by Ira A. “Gus” Hunt, the CIA’s Chief Technology Officer, on the topic of “big data” and cloud computing. A presentation given by Hunt at the GigaOM Structure:Data conference last week garnered significant attention for his discussion of the CIA’s desire to “collect everything and hang on to it forever.” Hunt’s presentation was similar to several he has given before, many of which share the same slides, including one which states: “It is really very nearly within our grasp to be able to compute on all human generated information.”

Beyond Big Data: Riding the Technology Wave	March 2012	33 pages	Download
Big Data Challenges and Opportunities	March 2012	23 pages	Download
Big Data Operational Excellence Ahead in the Cloud	October 2011	24 pages	Download

SECRECY NEWS – A LOOK BACK AT CONGRESSIONAL OVERSIGHT OF INTELLIGENCE, 2011-2012

Several nuggets of interest are presented in the latest biennial report
from the Senate Select Committee on Intelligence, summarizing the
Committee's oversight activities in the 112th Congress:

        http://www.fas.org/irp/congress/2013_rpt/srpt113-7.html

*        The Director of National Intelligence abruptly cancelled a multi-year
effort to establish a single consolidated data center for the entire
Intelligence Community a year or so ago, in favor of a migration to cloud
computing.

*        Under criticism that the number of intelligence contractor personnel has
grown too high, too fast, intelligence agencies have been cutting the
number of contractors they employ or converting contractors to government
employees.  But some of those agencies have continued to hire additional
contractors at the same time, resulting in net growth in the size of the
intelligence contractor workforce.

*        A written report on each covert action that is being carried out under a
presidential finding is provided to the congressional committees every
quarter.

The March 22 report also provides some fresh details of the long-awaited
and still unreleased Committee study on CIA's detention and interrogation
program.  That 6,000 page study, which was completed in July 2012 and
approved by the Committee in December 2012, is divided into three volumes,
as described in the report:

"I. History and Operation of the CIA's Detention and Interrogation
Program. This volume is divided chronologically into sections addressing
the establishment, development, and evolution of the CIA detention and
interrogation program."

"II. Intelligence Acquired and CIA Representations on the Effectiveness of
the CIA's Enhanced Interrogation Techniques. This volume addresses the
intelligence attributed to CIA detainees and the use of the CIA's enhanced
interrogation techniques, specifically focusing on CIA representations on
how the CIA detention and interrogation program was operated and managed,
as well as the effectiveness of the interrogation program. It includes
sections on CIA representations to the Congress, the Department of Justice,
and the media."

"III. Detention and Interrogation of Detainees. This volume addresses the
detention and interrogation of all known CIA detainees, from the program's
inception to its official end, on January 22, 2009, to include information
on their capture, detention, interrogation, and conditions of confinement.
It also includes extensive information on the CIA's management, oversight,
and day-to-day operation of the CIA's detention and interrogation program,"
according to the report's description.

"I have read the first volume, which is 300 pages," said CIA Director John
O. Brennan at his February 7 confirmation hearing.  "There clearly were a
number of things, many things, that I read in that report that were very
concerning and disturbing to me, and ones that I would want to look into
immediately, if I were to be confirmed as CIA Director."

"It talked about mismanagement of the program, misrepresentations of the
information, providing inaccurate information," Mr. Brennan said then. "And
it was rather damning in a lot of its language, as far as the nature of
these activities that were carried out."

The Committee said it is awaiting comments on the study from the White
House, the CIA and other executive branch agencies, and that it will then
"discuss the public release of the Study."

On February 15, 2013, Republicans who were members of the Committee in the
last Congress formally filed dissenting comments opposing the study and its
conclusions, the report said.

For its first couple of decades, the Senate Intelligence Committee held
that "even secret activities must be as accountable to the public as
possible," as Sen. Daniel Inouye stated in the Committee's first biennial
report in 1977, and that "as much information as possible about
intelligence activities should be made available to the public," as
Senators Richard Shelby and Bob Kerrey wrote in the 1999 version of the
report.

But in the past decade, the Committee seems to have reconceptualized its
relationship with the public.  It no longer promises to make "as much
information as possible about intelligence activities" available to the
public.  The notion that "secret activities" could be "accountable to the
public" is now evidently considered a contradiction in terms (although
release of the report on CIA interrogation practices, if it ever came to
pass, would nullify and transcend that contradiction).  

Today, as the latest report states, the Committee aims merely "to provide
as much information as possible to the American public about its
intelligence oversight activities."  (Intelligence Oversight Steps Back
from Public Accountability, Secrecy News, January 2, 2013).

Even within the narrowed horizons to which it has limited itself, however,
the report presents a rather attenuated, "skim milk" account of the
Committee's work. Judging from the new report, intelligence oversight
consists of frequent briefings, followed by numerous "evaluations" and
"reviews."

The report provides no indication of any conflict between the Committee
and the intelligence agencies. Consequently, there are no significant
victories (though the successful passage of four consecutive intelligence
authorization bills is a notable achievement), and no meaningful defeats.

At the Brennan confirmation hearing on February 7, Committee chair Sen.
Dianne Feinstein said: "I have been calling, and others have been
calling--the Vice Chairman and I--for increased transparency on the use of
targeted force for over a year, including the circumstances in which such
force is directed against U.S. citizens and noncitizens alike."  And to its
credit, the Committee conscientiously posed a pre-hearing question on
classification reform to Mr. Brennan (which he deflected).

But the new report does not identify any such effort by Committee
leadership to promote increased transparency on targeted killing during the
past Congress.  It does not reference the failure to accomplish the
declassification of Foreign Intelligence Surveillance Court opinions, as
the Committee had been promised in 2011.  Nor does the report address the
abuse of classification authority or cite what the President called "the
problem of overclassification" at all.

_______________________________________________
Secrecy News is written by Steven Aftergood and published by the
Federation of American Scientists.

The Secrecy News Blog is at:
     http://www.fas.org/blog/secrecy/

To SUBSCRIBE to Secrecy News, go to:
     http://www.fas.org/sgp/news/secrecy/subscribe.html

To UNSUBSCRIBE, go to
     http://www.fas.org/sgp/news/secrecy/unsubscribe.html

OR email your request to saftergood@fas.org

Secrecy News is archived at:
     http://www.fas.org/sgp/news/secrecy/index.html

Support the FAS Project on Government Secrecy with a donation:
     http://www.fas.org/member/donate_today.html

_______________________
Steven Aftergood
Project on Government Secrecy
Federation of American Scientists
web:    www.fas.org/sgp/index.html
email:  saftergood@fas.org
voice:  (202) 454-4691
twitter: @saftergood

Monty Python – A vida de Brian – película completa – The Life of Brian – Full Movie – Spanish Subs

http://youtu.be/uCd-ogwLQ38

TMZ – Brad Pitt & Angelina Jolie — NOT Married!

http://youtu.be/f0imbxRE2vY

Angelina Jolie has just made it crystal clear … she and Brad Pitt did NOT secretly get married — despite rumors that she and Brad had a wedding on the DL.

TOP-SECRET – National Counterterrorism Center Says Urban Exploration Could “Aid Terrorists”

Public Intelligence

The National Counterterrorism Center (NCTC) is warning law enforcement and first responders that urban exploration, an activity that involves trying to gain access to restricted or abandoned man-made structures, can provide useful information for terrorists conducting surveillance of a potential target. Also known as “building hacking”, urban exploration has been around in its modern form for decades, tracing some its recent history to post-war exploration of the Parisian catacombs and members of MIT’s Tech Model Railroad Club Signals and Power Subcommittee, who organized explorations of steam tunnels and rooftops around campus in the late 1950s.

In an advisory released to law enforcement in November 2012 titled Urban Exploration Offers Insight Into Critical Infrastructure Vulnerabilities, the NCTC warns of the potential risks posed by urban explorers and their online posting of photos and videos depicting their exploration. The NCTC document describes urban explorers as “hobbyists who seek illicit access to transportation and industrial facilities in urban areas” including rooftops, utility tunnels and bridges. According to the NCTC, photos and videos posted online by urban explorers “could be used by terrorists to remotely identify and surveil potential targets” which could “aid terrorists in pinpointing locations in dense urban environments.” The document also makes specific reference to the advancement of navigation and mapping technology, including three-dimensional modeling and geo-tagging, as potentially aiding terrorists to conduct online surveillance of a target. Corporate websites can often provide “information about buildings” and “social media postings of explorers’ activity often identify access points and security flaws” that could be exploited by terrorists. A 2010 bulletin issued by the Department of Homeland Security expressed similar concerns about the use of Google Earth and other publicly available mapping software for terrorist surveillance. The bulletin stated that “live Web-based camera feeds combined with street-level and direct overhead imagery views from Internet imagery sites allow terrorists to conduct remote surveillance of multiple potential targets without exposing themselves to detection.”

The NCTC advisory also lists several locations, such as bridges, utility tunnels, rooftops and subways, where an urban explorer might reveal “security flaws”. Along with each location, there is a list of potential access locations and security vulnerabilities that the NCTC believes an urban explorer’s postings could potentially reveal. For example, urban explorers could discover and document the use of a bridge’s “ladders, crosswalk scaffoldings, trap doors, scuttles, and hatches” and reveal methods of accessing “structural components, including caissons (the structures that house the anchor points of a bridge suspension system), to identify weaknesses.”

Past activities by urban explorers have occasionally been mistaken for potential terrorist activity. In 2011 four men were arrested in London for “suspicion of railway trespass and burglary” after they were found near an elevator used by private contractors working on the rail lines for the London Underground. The men were arrested at the Russell Square station, one of the locations of the 7/7 terrorist attacks, after security camera operators saw the men in dark clothing with cameras and feared preparations for a terrorist attack around the upcoming royal wedding between Prince William and Catherine Middleton. A few months later, four men were arrested in New York City for criminal trespass after a local resident saw them “carrying Roman candles and cameras” into the Second Avenue Subway tunnel. The men identified themselves as urban explorers and said they planned to use the Roman candles for lighting photographs.

Urban Exploration TimelineThis guide is aimed at chronicling the history of exploring neglected and off-limits areas as well as the history of modern urban exploration culture. Sorry this guide is still a little biased towards English-speaking countries, but so far most contributors have been English speakers. If you have any corrections or suggestions, please get in touch.
Date	Event

Nov 1793	Philibert Aspairt, considered by some the first cataphile, becomes lost while exploring the Parisian catacombs by candlelight. His body is found 11 years later.

1861	Writing in the Brooklyn Standard, poet Walt Whitman describes his visit to Brooklyn’s recently abandoned Atlantic Avenue Tunnel, which in 1844 had been built as the first subway tunnel in the world.

1904	One week after the opening of the subway system, New Yorker Leidschmudel Dreispul is killed by an oncoming train while exploring the new tunnels. The Interborough Rapid Transit company responds by erecting “no trespassing” signs throughout the system.

1916	Harry H. Gardiner, “The Human Fly”, climbs 12 floors and 211 feet up the side of Detroit’s Majestic Building, thereby becoming the first builderer in recorded history.

1921	In perhaps the first organized group expedition to an abandoned building, Dadaists including Andre Breton, Paul Eluard, Francis Picabia and Tristan Tzara organize a trip to the deserted and little-known church of St. Julien le Pauvre in Paris. In promoting the event, the Dadaists promise to remedy “the incompetence of suspect guides and cicerones”, offering instead a series of visits to selected sites, “particularly those which really have no reason for existing”.

1955	Guy Debord publishes his Introduction to a Critique of Urban Geography, and develops a practice called dérive, which consists of travelling through urban environments and noting psychogeographical variations. In the decade that follows, members of the left-leaning Situationist International movement argue that society consists largely of passive spectators and consumers of packaged experiences, and suggest that individuals can shake up this state of affairs by engaging in creative play.

1959	In the US, members of MIT’s Tech Model Railroad Club’s Signals and Power subcommittee engage in semi-systematic excursions into steam tunnels and rooftops around campus, a practice they call “hacking”.

1968	Inspired by the publications of the French resistance that operated through the catacomb network during WWII, Parisian cataphiles begin adopting pseudonyms and communicating with each other through printed paper leaflets they call tracts.

1971	Secretly entering Paris’ Notre Dame cathedral at night, Philippe Petit stretches a steel cable between its towers. The next morning he crosses this improvised high wire, only to be arrested upon descending. Three years later, Petit duplicates his stunt between the twin towers of New York City’s World Trade Center.

1977	The San Francisco Suicide Club, a group which lists “fringe exploration” among its many aims, is founded in San Francisco. This group eventually becomes the Cacophony Society.

1980	Eighteen-year-old rail historian Bob Diamond rediscovers Brooklyn’s Atlantic Avenue Tunnel, which had been sealed up and forgotten since 1861.

1981	Responding to a challenge by a fire marshal who states “Until you climb a building, don’t tell me how to perform a rescue in a high rise building”, Dan Goodwin, aka “Spiderman”, climbs Chicago’s Sears Tower, becoming the first climber to use suction cups to climb glass windows.

1985	In Australia, Sydney drain explorer Rolf Adams begins writing the Sydney Pseudokarst (“false cave”) series in the newsletter of the Sydney University Speleological Society.

Jan 1986	In Australia, Melbourne cave enthusiasts Doug, Sloth and Woody found the Cave Clan, and soon begin exploring storm drains and other man-made caves as well as natural ones. Over the next decade, the Cave Clan absorbs other, smaller draining groups.

May 1987	Members of the Cave Clan discover the drain they dub The Maze, arguably the best storm drain in Australia.

Apr 1989	The first Annual Cave Clan Clannie Awards are held in Melbourne’s ANZAC drain.

Jul 1989	In Australia, Doug publishes the first issue of Il Draino, the Cave Clan newsletter.

1990	In Russia, Moscow-area explorer Vadim Mikhailov and his fellow subterranean explorers form the group Diggers of the Underground Planet.

1990	Eric Bagai publishes an essay called “The First Hackers” in a book called What I Did With My Trash: Ten Years With a TRS-80. Although not widely read, the essay has the distinction of being perhaps the earliest written explanation of what urban exploration is all about.

Sep 1990	Outdoorsman Alan S. North writes The Urban Adventure Handbook, a guide in which he encourages people to climb buildings and explore the city as an accessible alternative to climbing mountains and exploring wilderness. Although not widely read, the handbook inspires a few people to begin using the term “urban adventure” in their writings.

May 1991	After finding a Cave Clan sticker in a drain under Sydney, Predator forms the group’s first official interstate branch, the Sydney Cave Clan. In following years, the Cave Clan founds branches in Adelaide, Brisbane, Canberra, Perth and Hobart.

1994	The Diggers of the Underground Planet find Moscow’s fabled, but officially denied, “Metro-2” subway system. The seven-level-deep system was built in the Stalin era to allow Kremlin officials to evacuate the city quickly.

1994	In the US, Dug Song and Greg Shewchuk publish the first issue of Samizdat, a zine featuring urban stunts involving tunnels and rooftops. They publish two issues before going on permanent hiatus.

1994	In Australia, the Bunker Boyz, a group dedicated to exploring abandoned bunkers and military tunnels, is founded in Sydney.

Feb 1994	The newsgroup alt.college.tunnels is founded and the first message is posted. Early posters include later UE fixtures Eric Chien, Ben Hines and Matthew Landry.

Mar 1995	Kevin Kelm establishes the website Abandoned Missile Base VR Tour, which quickly becomes very popular.

1996	In Russia, the Diggers of the Underground Planet officially register with the Moscow government as the “Center of Underground Research”.

1996	Wes Modes puts up a website called Adventuring, archiving his writings about freighthopping and buildering. The site brings the term “urban adventure” from North’s book to the web.

Apr 1996	Ben Hines puts up the website College Tunnels WWW Resource Site, the official web counterpart to the alt.college.tunnels newsgroup.

Sep 1996	In the US, Max Action and his fellow University of Minnesota explorers form the group “Adventure Squad”, which they later rename Action Squad.

Oct 1996	Ninjalicious publishes the first issue of the paper zine Infiltration. In the editorial of the first issue, he coins the term “urban exploration” and introduces the idea of exploring off-limits areas of all types as a hobby.

Nov 1996	The newsgroup uk.rec.subterranea is founded and the charter is created.

1997	With the third issue of their magazine Jinx, long-time New York City explorers Lefty Leibowitz and L.B. Deyo begin featuring articles on urban mountaineering and exploration. Jinx goes online at planetjinx.com (later jinxmagazine.com).

Apr 1997	Ninjalicious establishes an Elevator Action-themed website for Infiltration and links his site to five or six other sites he finds related to exploring storm drains, college steam tunnels or abandoned buildings.

Jul 1997	In response to increasing spam on the newsgroup alt.college.tunnels, Paul Allen Rice establishes a mailing list where vadders can discuss college tunnels and any manmade underground structures, the Underground list.

Aug 1997	Melbourne explorer Gunny establishes a website for the Cave Clan and annoys some members of the Melbourne Cave Clan by publishing its location lists. Following this controversy, Gunny and Silk go independent and establish the website of the Melbourne Drain Team.

Sep 1997	Berliner Unterwelten, or the Berlin Underground Association, is founded in Germany.

Sep 1997	Ninjalicious establishes the infiltration-l mailing list, which is devoted to exploration of off-limits areas both above and below ground.

Sep 1997	In Scotland, the Milk Grate Gang forms with the purpose of exploring the Glaswegian underworld, and places its adventures online at Subterranean Glasgow.

1998	Explorer and photographer Stanley Greenberg publishes Invisible New York: The Hidden Infrastructure of the City.

Feb 1998	Gunny and Lord Emor of the Melbourne Drain Team establish the Draining webring. In May, Emor hands the ring over to Ninjalicious, who expands the ring’s scope by renaming it the Urban Exploration Ring. The renamed ring quickly expands from six to eighteen websites across Australia, Canada, the US and Britain.

Sep 1998	Wanting to conceal his identity from some people who are harrassing him, Gunny adopts the persona of a New York-based science fiction author named “Johnathan Littell”. Later shedding this identity and adopting the alias Panic, the Melbourne-based explorer apologizes for having mislead people about his identity, explaining “This was done more out of self preservation and an attempt to continue to take an active part in the UE community than an attempt to hurt, mislead or deceive people.”

Dec 1998	Julia Solis establishes a Dark Passage website.

Dec 1998	Yahoo stops lumping 30+ exploration sites into the category Recreation:Cool Links:Recreation and Sports, and creates a new category, Recreation:Hobbies:Urban Exploration.

Dec 1998	German explorers Dietmar and Ingmar Arnold, of Berliner Underwelten, publish Dunkle Welten, a German-language guide to the worlds beneath Berlin.

Jan 1999	Ninjalicious establishes the Infilnews mailing list and sends out the first edition of a semiannual e-mail newsletter covering events of interest to urban explorers.

Mar 1999	Paul Allen Rice creates the domain Urbanexplorers.net, and a website containing many useful links for college tunnelers goes online there shortly afterwards.

Apr 1999	Julia Solis and her explorer friends stage an event called “Dark Passage” in the subway tunnels beneath New York City.

Jun 1999	The Sydney Cave Clan holds the first Golden Torch Awards awards night at the Glebe Island Silos.

Aug 1999	Members of the Sydney Cave Clan publish the first issue of the zine Urbex. They publish three more issues on paper before switching to an electronic format.

2000	Lefty and L.B. found the Jinx Athenaeum Society, which convenes in New York City to hear speeches and debates of interest to urban explorers and others.

2000	Eku Wand and Dietmar Arnold, of Berliner Unterwelten, release Berlin im Untergrund: Potsdamer Platz, an interactive multimedia CD offering tours of subterranean Berlin.

Aug 2000	Minneapolis-area explorers from Mouser’s Under-MN mailing list convene for the first Mouser Week, a weeklong festival of group exploration.

Aug 2000	Canadian explorer Mr. Sable creates a public MSN group and invites members of the Urban Exploration Ring to sign up in order to exchange messages, links and photos. The group, called Urban Explorers, quickly grows to include a membership of more than 100 explorers from Australia, Canada, the UK, the USA, Ireland, France and Holland. An Australian subgroup, Urban Exploration Australia, is also popular for a time, until it is censored by Microsoft.

Oct 2000	Max Action puts up a website for Action Squad.

2001	Julia Solis stumbles upon an unmoderated DMOZ category called “Urban Speleology”, which she adopts and adapts to urban exploration.

Aug 2001	Max Action finds a vast maze of interconnected utility tunnel systems under Minneapolis and St. Paul that he dubs the Labyrinth, and over the next two years, Action Squad thoroughly explores (and Jim Hollison thoroughly maps) the system.

Sep 2001	Terrorists attack the Pentagon and the World Trade Center, and the US and the world go on high alert.

Jan 2002	Ben Brockert establishes a UE News section of his website, but abandons it a few weeks later due to lack of user participation.

Mar 2002	Daniel Joseph Konopka, who had been in touch with the Chicago Urban Exploration group, is arrested after being found with hazardous chemicals in the tunnels under the University of Illinois at Chicago; he is subsequently sentenced to 13 years in prison for having stored cyanide in Chicago’s subway tunnels. Konopka tells authorities he found the cyanide while engaged in urban exploration at an abandoned warehouse in Chicago.

Spring 2002	New York City’s LTV Squad, a graffiti-turned-exploration crew, holds its first spring invitational, gathering 30+ explorers for a day of exploring and socializing in Brooklyn.

Summer 2002	Explorers establish stronger international ties when Canadian Agent K visits Australia, American Jim Hollison and various members of the Australian Cave Clan visit Europe, and Australians Gilligan and Panic independently visit both Europe and North America.

Aug 2002	Julia Solis and her collaborators in New York City form Ars Subterranea, a society populated by artists, architects, historians and urban explorers.

Sep 2002	Julia Solis publishes New York Underground: Anatomie Einer Stadt, a German-language book about subterranean New York City.

Oct 2002	When 922 audience members are taken hostage by Chechen rebels during a performance at a Moscow theatre, Vadim Mikhailov, of the Diggers of the Underground Planet, leads the Russian authorities into the theatre by a little-known underground route.

Nov 2002	Ars Subterranea holds its inaugural event, an exhibit on Underground New York, in Brooklyn’s Atlantic Avenue tunnel.

Nov 2002	Avatar-X launches the website Urban Exploration Resource, and creates a message forum that can be shared across multiple websites. Several other Canadian websites soon begin to use UER’s message board system. Before long, UER replaces the MSN message board as the net’s largest and most active exploration message board.

Mar 2003	Doug launches a full-colour publication called The Cave Clan Magazine and prints 100 copies of the premiere issue.

Mar 2003	Max Action records and releases versions one and two of “UE Favorite Things”, a song which quickly becomes an anthem of sorts.

Apr 2003	The 15th Annual Cave Clan Clannie Awards are held.

Apr 2003	Explorer and photographer Stanley Greenberg publishes Waterworks: A Photographic Journey Through New York’s Hidden Water System.

May 2003	Frustrated by infighting between various branches of the Cave Clan, and particularly the increasing independence of the large and important Sydney branch, Doug quits as editor of Il Draino and hands the publication over to Beanz.

Jul 2003	Jinx releases its book, Invisible Frontier: Exploring the Tunnels, Ruins & Rooftops of Hidden New York.

Aug 2003	An unidentified satirist debuts the website of the Secret Urban Exploration Ninja Mafia, thoroughly mocking the boasting and illiteracy that have become common on some exploration websites and message boards.

Oct 2003	Explorers John Gray and Mark Gerrity publish Abandoned Asylums of New England, a photography book containing more than 220 images of New England asylums.

Apr 2004	The owners of the site Urban Exploration Alberta take most of their content offline after learning that information on their site was used by criminals.

May 2004	Webmasters White Rabbit, of Underground Ozarks, and Mike Dijital, of Abandon Spaces, take their sites offline after being separately threatened with trespassing charges based on information on their sites.

June 2004	Roughly 65 explorers from across North America and a couple from beyond converge on Toronto for a successful four-day exploration convention trickily-titled Office Products Expo 94.

July 2004	A smaller group of explorers from the US and Canada meet up in Rhinebeck, NY, for a weekend of abandonment exploration dubbed NEOPEX (North East Office Products Expo).

Dec 2004	Roughly a dozen explorers convene in Orlando, Florida to attend a successful three-day event called Sexfest (South Eastern eXploration Festival).

Jul 2005	Explorers from the world over unite again for a weekend of exploration and seminars in Montreal, Quebec, organized by the fine people at Urban Exploration Montreal. This year’s event is, naturally, named Office Products Expo 95.

Aug 2005	Ninjalicious publishes Access All Areas: a user’s guide to the art of urban exploration, a more than 240-page book full of UE knowledge, advice and theory.

Aug 2005	Ninjalicious, founder of Infiltration zine and infiltration.org, dies of cancer in Toronto at the age of 31.

For a longer-term and more fun version of this history, check out Max Action’s delightful Rambling Essay on the Past, Present and Future of Urban Exploration.

Monty Python – Every Sperm is Sacred – Film

Monty Python’s Meaning of Life

Revealed – Four Facing Charges in Multi-Faceted Mortgage Fraud Conspiracy

PITTSBURGH—A resident of Verona, Pennsylvania and three residents of Pittsburgh, Pennsylvania have been indicted by a federal grand jury in Pittsburgh on charges of conspiracy, wire fraud, bank fraud, filing false tax returns, and failing to file tax returns, United States Attorney David J. Hickton announced today. The 20-count superseding indictment, returned on March 26, 2013, named George Kubini, 48, of 139 Topaz Drive, Verona, Pennsylvania; Dov Ratchkauskas, 46, of 2527 Mount Royal Boulevard, Pittsburgh, Pennsylvania; Sandra Svaranovic, 52, of 2938 O’Neill Drive, Pittsburgh, Pennsylvania; and Arthur Smith, 63, of 6939 Reynolds Street, Pittsburgh, Pennsylvania. According to the superseding indictment presented to the court, Kubini, Ratchklauskas, Svaranovic, Smith, and a number of other individuals who have already pleaded guilty, participated in a multi-faceted mortgage fraud conspiracy involving hundreds of properties and tens of millions of dollars worth of fraudulent loans. Kubini and Ratchkauskas operated businesses that purchased and sold real estate. The superseding indictment alleges that Kubini and Ratchkauskas sold properties financed through a complex mortgage fraud scheme and that they executed settlement statements that they then knew were fraudulent. The superseding indictment also alleged that Kubini and Ratchkauskas made false representations to borrowers about making improvements to the properties. Other members of the alleged conspiracy who already pleaded guilty include Robert Arakelian, who operated a mortgage broker business called Pittsburgh Home Loans, and Rhonda and Rochelle Roscoe, who operated another mortgage broker business called Riverside Mortgage. The superseding indictment alleges that Arakelian and Rhonda and Rochelle Roscoe, in furtherance of the conspiracy, submitted loan applications to lenders that falsely represented that the borrowers were intending to make payments at the time of the closings related to the purchase of the properties and that they had sufficient assets to make those payments from their own funds. This false representation was corroborated by Verification of Deposits that falsely represented that the borrowers had sufficient money in their bank accounts to make the payments at the closings. Other members of the conspiracy included Bartholomew Matto, Cynthia Pielin, and Crystal Spreng, who all worked at financial institutions and all pleaded guilty to their roles in the conspiracy. Their role was to sign the fraudulent Verifications of Deposit that falsely represented that the borrowers had sufficient funds in their accounts to make the payments at the closings. The conspiracy also involved fraudulent settlement statements that overstated the true sales prices of the properties and falsely represented that the purchases of the properties made substantial payments in connection with the purchase of the properties. Daniel Sporrer was and attorney who executed some of these fraudulent settlement statements and Karen Atkison was an assistant for Sporrer. Sporrer and Atkison all pleaded guilty to their roles in the conspiracy. The superseding indictment alleges that Smith, who is an attorney specializing in closing real estate transactions, similarly participated in the conspiracy by executing fraudulent settlement statements, by fraudulently withdrawing money from his trust account, and by making misrepresentations to a title insurance company. In addition, the conspiracy involved appraisers who made false representations about the properties serving as collateral for the loans. The superseding indictment alleges that Svaranovic, as part of the conspiracy, prepared fraudulent appraisals that falsely represented the conditions of the properties serving as collateral for the loans and overstated the fair market values of those properties. The superseding indictment also alleges that Kubini filed false income tax returns with the Internal Revenue Service that understated his adjusted gross income and that Smith failed to file his tax returns for the calender years 2007 through 2009 despite earning sufficient income to trigger his legal obligation to file his income tax returns. Assistant United States Attorney Brendan T. Conway is prosecuting this case on behalf of the government. The Mortgage Fraud Task Force conducted the investigation leading to the indictment in this case. The Mortgage Fraud Task Force is composed of investigators from federal, state, and local law enforcement agencies and others involved in the mortgage industry. Federal law enforcement agencies participating in the Mortgage Task Force include the Federal Bureau of Investigation; the Internal Revenue Service, Criminal Investigations; the United States Department of Housing and Urban Development, Office of Inspector General; the United States Postal Inspection Service; and the United States Secret Service. Other Mortgage Fraud Task Force members include the Allegheny County Sheriff’s Office; the Pennsylvania Attorney General’s Office, Bureau of Consumer Protection; the Pennsylvania Department of Banking; the Pennsylvania Department of State, Bureau of Enforcement and Investigation; and the United States Trustee’s Office. An indictment is an accusation. A defendant is presumed innocent unless and until proven guilty.

TMZ – Kim Kardashian Reveals Her Pregnant Weight!

In an interview last night on “Extra,” Kim Kardashian addressed all the magazine covers speculating about her pregnant weight, saying, “[they] say I am 200 pounds and I’m like, ‘You are like 60 pounds off.'” So, she weighs 260 pounds. Unless she means the other way…

Unveiled – Incentives to Adopt Improved Cybersecurity Practices

Incentives to Adopt Improved Cybersecurity Practices

http://www.ofr.gov/OFRUpload/OFRData/2013-07234_PI.pdf

[FR Doc. 2013-07234 Filed 03/27/2013 at 8:45 am; Publication Date: 03/28/2013]

Billing Code: 3510-EA

DEPARTMENT OF COMMERCE
Office of the Secretary
National Institute of Standards and Technology
National Telecommunications and Information Administration

[Docket Number: 130206115-3115-01]

Incentives to Adopt Improved Cybersecurity Practices

AGENCY: U.S. Department of Commerce.

ACTION: Notice of Inquiry.

SUMMARY: The President has directed the Secretary of Commerce to evaluate a set of incentives designed to promote participation in a voluntary program to be established by the Secretary of Homeland Security to support the adoption by owners and operators of critical infrastructure and other interested entities of the Cybersecurity Framework being developed by the National Institute of Standards and Technology (NIST). The evaluation will include analysis of the benefits and relative effectiveness of such incentives, and whether the incentives would require legislation or can be provided under existing law and authorities to participants in the Program. The Department of Commerce (Department) will use input received in response to this Notice to inform its recommendations, which will focus on incentives for critical infrastructure owners. In addition, the Department may use this input to develop a broader set of recommendations that apply to U.S. industry as a whole.

DATES: Comments are due on or before [insert date 30 days after date of publication in the Federal Register].

ADDRESSES: Written comments may be submitted by mail to the Office of Policy Analysis and Development, National Telecommunications and Information Administration, U.S. Department of Commerce, 1401 Constitution Avenue, N.W., Room 4725, Washington, DC 20230. Comments may be submitted electronically to cyberincentives[at]ntia.doc.gov. All email messages and comments received are a part of the public record and will be made available to the public generally without change on the Internet Policy Task Force Web page at http://www.ntia.doc.gov/category/cybersecurity. For this reason, comments should not include confidential, proprietary, or business sensitive information.

FOR FURTHER INFORMATION CONTACT: For questions about this Notice, contact: Alfred Lee, Office of Policy Analysis and Development, National Telecommunications and Information Administration, U.S. Department of Commerce, 1401 Constitution Avenue, NW., Room 4725, Washington, DC 20230, telephone (202) 482–1880; or send an e-mail to cyberincentives[at]ntia.doc.gov. Please direct media inquiries to the Office of Public Affairs at (202) 482-4883; or send an email to publicaffairs[at]doc.gov.

SUPPLEMENTARY INFORMATION: The national and economic security of the United States depends on the reliable functioning of the Nation’s critical infrastructure. The cyber threat to critical infrastructure is growing and represents one of the most serious national security challenges that the United States must confront. On February 12, 2013, the President signed Executive Order 13636, “Improving Critical Infrastructure Cybersecurity.”¹ As the President stated in the Executive Order, “repeated cyber intrusions into America’s critical infrastructure demonstrate a need for improved cybersecurity.”²

1 “Exec. Order No. 13636, 78 Fed. Reg. 11739 (Feb. 19, 2013), available at:https://www.federalregister.gov/articles/2013/02/19/2013-03915/improving-
critical-infrastructure-cybersecurity.

2 Id.

The Executive Order establishes a policy of enhancing the security and resilience of the Nation’s critical infrastructure and maintaining a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy and civil liberties through a partnership with the owners and operators of critical infrastructure³ to improve cybersecurity information sharing and collaboratively develop and implement risk-based standards. The Executive Order sets forth three elements to establish this partnership. First, the Department of Homeland Security (“DHS”) will use a risk-based approach to identify critical infrastructure where a cybersecurity incident could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security. Second, the National Institute of Standards and Technology will develop a framework consisting of a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks (“the Framework”), which will provide a prioritized, flexible, repeatable, performance-based, and cost-effective approach, including information security measures and controls, to help owners and operators of critical infrastructure indentify, asses, and manage cyber risk. Third, DHS, in coordination with sector-specific agencies, will develop the Critical Infrastructure Cybersecurity Program (“the Program”) to promote voluntary adoption of the Framework.

3 For the purposes of this Notice, the term “critical infrastructure” has the meaning given the term in 42 U.S.C. § 5195c(e): “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”

The Executive Order recognizes that further incentives may be necessary to encourage sufficient private sector participation in the Program. To develop a clearer picture of existing and potential incentives, the Executive Order directs the Department of Commerce to recommend ways to promote participation in the Program.⁴ The recommendations “shall include analysis of the benefits and relative effectiveness of such incentives, and whether the incentives would require legislation or can be provided under existing law and authorities to participants of the Program.” Consistent with the Executive Order, these incentives may include technical and public policy measures that improve cybersecurity without creating barriers to innovation, economic growth, and the free flow of information. The Department of Commerce will submit its recommendations to the President through the Assistant to the President for Homeland Security and Counterterrorism and the Assistant to the President for Economic Affairs no later than June 12, 2013.

4 The Executive Order also directs the Secretaries of the Treasury and Homeland Security to recommend incentives to participate in the Program. The Secretary of Defense and the Administrator of General Services are also tasked with reporting on government procurement-related issues.

Improving cybersecurity practices among entities that do not own or operate critical infrastructure, or for other reasons are unlikely to join the Program, is also an important Executive Branch priority. Therefore, the Department of Commerce also seeks comment on a broader set of incentives that could help to promote the adoption of proven efforts to address cybersecurity vulnerabilities.

The Department of Commerce asked questions related to incentives for noncritical infrastructure in a July 2010 Notice of Inquiry.⁵ Responses to the July 2010 Notice aided the Department’s efforts to promote standards and best practices and informed its June 2011 “Green Paper,” Cybersecurity, Innovation and the Internet Economy.⁶ Along with the responses to this Notice, the Department plans to draw again on earlier responses in the development of recommendations to the President on incentives. In addition, the Department plans to use responsive comments to inform a follow-up to the Green Paper.

5 Dept. of Commerce, Cybersecurity, Innovation, and the Internet Economy, 75 Fed. Reg. 44216 (July 28, 2010) (Notice of Inquiry), available athttp://www.ntia.doc.gov/frnotices/2010/FR_CybersecurityNOI_07282010.pdf.

Comments received in response to the 2010 Notice of Inquiry are available at

http://www.nist.gov/itl/cybercomments.cfm.

6 Dept. of Commerce, Cybersecurity, Innovation, and the Internet Economy (June 2011),

http://www.nist.gov/itl/upload/Cybersecurity_Green-Paper_FinalVersion.pdf. The questions asked in the Green Paper are available at Dept. of Commerce, Cybersecurity, Innovation, and the Internet Economy, 76 Fed. Reg. 34965 (June 15, 2011), available at

http://www.ntia.doc.gov/federal-register-notice/2011/cybersecurity-innovationand-internet-economy.

Comments received in response to the Green Paper are available at

http://www.nist.gov/itl/greenpapercomments.cfm.

Stakeholders that responded to the July 2010 Notice may wish to focus on the following questions:

• Have your viewpoints on any questions related to incentives for noncritical infrastructure changed since you filed them in response to the July 2010 Notice?• Do your comments related to incentives for noncritical infrastructure also apply equally to critical infrastructure?

• Does anything in the Executive Order or recent legislative proposals change your views on what incentives will be necessary or how they can be achieved? In particular, would the incentives that you previously discussed be effective in encouraging all firms that participate in the Internet economy to participate in the Program? Would these incentives encourage critical infrastructure companies to join the Program?

In answering these questions, commenters should not limit their responses to incentives that are feasible under existing law.

For all stakeholders, particularly those that did not respond to these earlier inquiries, the Department of Commerce requests comments on any of the following questions:

• Are existing incentives adequate to address the current risk environment for your sector/company?• Do particular business sectors or company types lack sufficient incentives to make cybersecurity investments more than others? If so, why?

• How do businesses/your business assess the costs and benefits of enhancing their cybersecurity?

• What are the best ways to encourage businesses to make investments in cybersecurity that are appropriate for the risks that they face?

• How do businesses measure success and the cost-effectiveness of their current cybersecurity programs?

• Are there public policies or private sector initiatives in the United States or other countries that have successfully increased incentives to make security investments or other investments that can be applied to security?

• Are there disincentives or barriers that inhibit cybersecurity investments by firms? Are there specific investment challenges encountered by small businesses and/or multinational companies, respectively? If so, what are the disincentives, barriers or challenges and what should be done to eliminate them?

• Are incentives different for small businesses? If so, how?

• For American businesses that are already subject to cybersecurity requirements, what is the cost of compliance and is it burdensome relative to other costs of doing business?

• What are the merits of providing legal safe-harbors to individuals and commercial entities that participate in the DHS Program? By contrast, what would be the merits or implications of incentives that hold entities accountable for failure to exercise reasonable care that results in a loss due to inadequate security measures?

• What would be the impact of requiring entities to join the DHS Program prior to receiving government financial guarantees or assistance in relevant sectors?

• How can liability structures and insurance, respectively, be used as incentives?

• What other market tools are available to encourage cybersecurity best practices?

• Should efforts be taken to better promote and/or support the adoption of the Framework or specific standards, practices, and guidelines beyond the DHS Program? If so, what efforts would be effective?

• In what way should these standards, practices, and guidelines be promoted to small businesses and multinationals, respectively, and through what mechanisms? How can they be promoted and adapted for multinational companies in various jurisdictions?

• What incentives are there to ensure that best practices and standards, once adopted, are updated in the light of changing threats and new business models?

• Voluntary industry sector governance mechanisms are sometimes used to stimulate organizations to conform to a set of principles, guidelines, and operations based on best practices, standards, and conformity assessment processes that collectively increase the level of assurance while preserving organizations’ brand standing and the integrity of products and services.

o Do organizations participate in voluntary governance mechanisms?o Which industries/groups have voluntary governance mechanisms?

o Do existing voluntary governance mechanisms have cybersecurity-related constraints?

o What are the benefits and challenges associated with voluntary governance mechanisms?

Dated: __March 22, 2013_______________.

Rebecca M. Blank, Deputy Secretary of Commerce.

Patrick Gallagher, Under Secretary of Commerce for Standards and Technology.

Lawrence E. Strickling, Assistant Secretary for Communications and Information.

Cloudflare Inside View – Biggest DDos Attack in History on Spamhaus

At CloudFlare, we deal with large DDoS attacks every day. Usually, these attacks are directed at large companies or organizations that are reluctant to talk about their details. It’s fun, therefore, whenever we have a customer that is willing to let us tell the story of an attack they saw and how we mitigated it. This is one of those stories.

Spamhaus

Yesterday, Tuesday, March 19, 2013, CloudFlare was contacted by the non-profit anti-spam organization Spamhaus. They were suffering a large DDoS attack against their website and asked if we could help mitigate the attack.

Spamhaus provides one of the key backbones that underpins much of the anti-spam filtering online. Run by a tireless team of volunteers, Spamhaus patrols the Internet for spammers and publishes a list of the servers they use to send their messages in order to empower email system administrators to filter unwanted messages. Spamhaus’s services are so pervasive and important to the operation of the Internet’s email architecture that, when a lawsuit threatened to shut the service down, industry experts testified [PDF, full disclosure: I wrote the brief back in the day] that doing so risked literally breaking email since Spamhaus is directly or indirectly responsible for filtering as much as 80% of daily spam messages.

Beginning on March 18, the Spamhaus site came under attack. The attack was large enough that the Spamhaus team wasn’t sure of its size when they contacted us. It was sufficiently large to fully saturate their connection to the rest of the Internet and knock their site offline. These very large attacks, which are known as Layer 3 attacks, are difficult to stop with any on-premise solution. Put simply: if you have a router with a 10Gbps port, and someone sends you 11Gbps of traffic, it doesn’t matter what intelligent software you have to stop the attack because your network link is completely saturated.

While we don’t know who was behind this attack, Spamhaus has made plenty of enemies over the years. Spammers aren’t always the most lovable of individuals and Spamhaus has been threatened, sued, and DDoSed regularly. Spamhaus’s blocklists are distributed via DNS and there is a long list of volunteer organizations that mirror their DNS infrastructure in order to ensure it is resilient to attacks. The website, however, was unreachable.

Filling Up the Series of Tubes

Very large Layer 3 attacks are nearly always originated from a number of sources. These many sources each send traffic to a single Internet location, effectively creating a tidal wave that overwhelms the target’s resources. In this sense, the attack is distributed (the first D in DDoS — Distributed Denial of Service). The sources of attack traffic can be a group of individuals working together (e.g., the Anonymous LOIC model, although this is Layer 7 traffic and even at high volumes usually much smaller in volume than other methods), a botnet of compromised PCs, a botnet of compromised servers, misconfigured DNS resolvers, or even home Internet routers with weak passwords.

Since an attacker attempting to launch a Layer 3 attack doesn’t care about receiving a response to the requests they send, the packets that make up the attack do not have to be accurate or correctly formatted. Attackers will regularly spoof all the information in the attack packets, including the source IP, making it look like the attack is coming from a virtually infinite number of sources. Since packets data can be fully randomized, using techniques like IP filtering even upstream becomes virtually useless.

Spamhaus signed up for CloudFlare on Tuesday afternoon and we immediately mitigated the attack, making the site once again reachable. (More on how we did that below.) Once on our network, we also began recording data about the attack. At first, the attack was relatively modest (around 10Gbps). There was a brief spike around 16:30 UTC, likely a test, that lasted approximately 10 minutes. Then, around 21:30 UTC, the attackers let loose a very large wave.

The graph below is generated from bandwidth samples across a number of the routers that sit in front of servers we use for DDoS scrubbing. The green area represents in-bound requests and the blue line represents out-bound responses. While there is always some attack traffic on our network, it’s easy to see when the attack against Spamhaus started and then began to taper off around 02:30 UTC on March 20, 2013. As I’m writing this at 16:15 UTC on March 20, 2013, it appears the attack is picking up again.

How to Generate a 75Gbps DDoS

The largest source of attack traffic against Spamhaus came from DNS reflection. I’vewritten about these attacks before and in the last year they have become the source of the largest Layer 3 DDoS attacks we see (sometimes well exceeding 100Gbps). Open DNS resolvers are quickly becoming the scourge of the Internet and the size of these attacks will only continue to rise until all providers make a concerted effort to close them. (It also makes sense to implement BCP-38, but that’s a topic for another post another time.)

The basic technique of a DNS reflection attack is to send a request for a large DNS zone file with the source IP address spoofed to be the intended victim to a large number of open DNS resolvers. The resolvers then respond to the request, sending the large DNS zone answer to the intended victim. The attackers’ requests themselves are only a fraction of the size of the responses, meaning the attacker can effectively amplify their attack to many times the size of the bandwidth resources they themselves control.

In the Spamhaus case, the attacker was sending requests for the DNS zone file for ripe.net to open DNS resolvers. The attacker spoofed the CloudFlare IPs we’d issued for Spamhaus as the source in their DNS requests. The open resolvers responded with DNS zone file, generating collectively approximately 75Gbps of attack traffic. The requests were likely approximately 36 bytes long (e.g. dig ANY ripe.net @X.X.X.X +edns=0 +bufsize=4096, where X.X.X.X is replaced with the IP address of an open DNS resolver) and the response was approximately 3,000 bytes, translating to a 100x amplification factor.

We recorded over 30,000 unique DNS resolvers involved in the attack. This translates to each open DNS resolver sending an average of 2.5Mbps, which is small enough to fly under the radar of most DNS resolvers. Because the attacker used a DNS amplification, the attacker only needed to control a botnet or cluster of servers to generate 750Mbps — which is possible with a small sized botnet or a handful of AWS instances. It is worth repeating: open DNS resolvers are the scourge of the Internet and these attacks will become more common and large until service providers take serious efforts to close them.

How You Mitigate a 75Gbps DDoS

While large Layer 3 attacks are difficult for an on-premise DDoS solution to mitigate, CloudFlare’s network was specifically designed from the beginning to stop these types of attacks. We make heavy use of Anycast. That means the same IP address is announced from every one of our 23 worldwide data centers. The network itself load balances requests to the nearest facility. Under normal circumstances, this helps us ensure a visitor is routed to the nearest data center on our network.

When there’s an attack, Anycast serves to effectively dilute it by spreading it across our facilities. Since every data center announces the same IP address for any CloudFlare customer, traffic cannot be concentrated in any one location. Instead of the attack being many-to-one, it becomes many-to-many with no single point on the network acting as a bottleneck.

Once diluted, the attack becomes relatively easy to stop at each of our data centers. Because CloudFlare acts as a virtual shield in front of our customers sites, with Layer 3 attacks none of the attack traffic reaches the customer’s servers. Traffic to Spamhaus’s network dropped to below the levels when the attack started as soon as they signed up for our service.

Other Noise

While the majority of the traffic involved in the attack was DNS reflection, the attacker threw in a few other attack methods as well. One was a so-called ACK reflection attack. When a TCP connection is established there is a handshake. The server initiating the TCP session first sends a SYN (for synchronize) request to the receiving server. The receiving server responds with an ACK (for acknowledge). After that handshake, data can be exchanged.

In an ACK reflection, the attacker sends a number of SYN packets to servers with a spoofed source IP address pointing to the intended victim. The servers then respond to the victim’s IP with an ACK. Like the DNS reflection attack, this disguises the source of the attack, making it appear to come from legitimate servers. However, unlike the DNS reflection attack, there is no amplification factor: the bandwidth from the ACKs is symmetrical to the bandwidth the attacker has to generate the SYNs. CloudFlare is configured to drop unmatched ACKs, which mitigates these types of attacks.

Whenever we see one of these large attacks, network operators will write to us upset that we are attacking their infrastructure with abusive DNS queries or SYN floods. In fact, it is their infrastructure that is being used to reflect an attack at us. By working with and educating network operators, they clean up their network which helps to solve the root cause of these large attacks.

History Repeats Itself

Finally, it’s worth noting how similar this battle against DDoS attacks and open DNS relays is with Spamhaus’s original fight. If DDoS is the network scourge of tomorrow, spam was its clear predecessor. Paul Vixie, the father of the DNSBL, set out in 1997 to use DNS to help shut down the spam source of the day: open email relays. These relays were being used to disguise the origin of spam messages, making them more difficult to block. What was needed was a list of mail relays that mail serves could query against and decide whether to accept messages.

While it wasn’t originally designed with the idea in mind, DNS proved a highly scalable and efficient means to distribute a queryable list of open mail relays that email service providers could use to block unwanted messages. Spamhaus arose as one of the most respected and widely used DNSBLs, effectively blocking a huge percentage of daily spam volume.

As open mail relays were shut, spammers turned to virus writers to create botnets that could be used to relay spam. Spamhaus expanded their operations to list the IPs of known botnets, trying to stay ahead of spammers. CloudFlare’s own history grew out of Project Honey Pot, which started as an automated service to track the resources used by spammers and publishes the HTTP:BL.

Today, as Spamhaus’s success has eroded the business model of spammers, botnet operators are increasingly renting their networks to launch DDoS attacks. At the same time, DNSBLs proved that there were many functions that the DNS protocol could be used for, encouraging many people to tinker with installing their own DNS resolvers. Unfortunately, these DNS resolvers are often mis-configured and left open to abuse, making them the DDoS equivalent of the open mail relay.

If you’re running a network, take a second to make sure you’ve closed any open resolvers before DDoS explodes into an even worse problem than it already is.

TOP-SECRET – U.K. Home Office Draft Statutory Guidance on National Security Retention of Biometric Data

Protection of Freedoms Act 2012: Draft statutory guidance on the making or renewing of national security determinations allowing the retention of biometric data

29 pages
March 2013

2. This guidance is to provide direction to any police force or other law enforcement authority regarding the retention and use of biometric material for national security purposes through the making or renewing of a national security determination (“a NSD”).

3. This guidance is issued pursuant to section 22 of the 2012 Act, which places the Secretary of State under a duty to give guidance about making or renewing of a NSD under the provisions set out in section 20(2)(a) of the 2012 Act.

4. This guidance is publicly available and, in particular, should be readily accessible by members of any police force or law enforcement authority seeking to extend the permissible period of retention, for national security purposes, of DNA profiles or fingerprints which they have hitherto retained.

Law enforcement authorities

5. Only a law enforcement authority listed under section 18E(1) of the Counter-Terrorism Act 2008 or specified in any order made by the Secretary of State under that section may make or renew a NSD.

Effect of guidance

6. This guidance is admissible as evidence in criminal and civil proceedings. If any provision of this guidance appears relevant to any court or tribunal considering any such proceedings, or to the Commissioner for the Retention and Use of Biometric Material (“the Biometrics Commissioner”) overseeing the relevant Part of the 2012 Act, it can be taken into account.

7. A law enforcement authority may also be required to justify, with regard to this guidance, the retention, destruction or use of material held pursuant to a NSD, where appropriate.
Material to which this guidance applies

8. Part I, Chapter I of the 2012 Act provides for the making or renewal of NSDs for biometric material acquired under specific legislation. The retention periods and the relevant legislation are provided for by Part I, Chapter I of the 2012 Act and are set out at Chapter 2 of this guidance.

Extent

9. This guidance extends to the United Kingdom and applies to all relevant law enforcement authorities within it.
Purpose of guidance

10. The purpose of this guidance is to:

• Set out the basic principles that underpin the powers of a responsible Chief Officer or Chief Constable authorised to make or renew a NSD extending the retention of biometric data.
• To set out the threshold for making or renewing a NSD and the way in which those powers may be exercised.
• To promote the fundamental principles to be observed by those authorised to make or renew a NSD under provisions mentioned in section 20(2)(a) of the 2012 Act and to ensure the effectiveness of the use of those powers to retain biometric data for national security purposes.
• To ensure that any interference with the right to respect for private and family life (Article 8 of the European Convention on Human Rights (ECHR)) of persons to whom the data belongs is necessary, proportionate and in accordance with the law.
• To confirm that a responsible Chief Officer or Chief Constable is required to justify the use of such powers, in relation both to the making or renewal of individual NSDs and the general pattern of their use, to the Biometrics Commissioner or in court. Any misuse of those powers is likely to be harmful to national security (particularly counter-terrorism) and to undermine public confidence in those law enforcement authorities permitted to exercise such powers. All Chief Officers or Chief Constables authorised to make or renew NSDs must be able to explain and justify their decisions to exercise those powers to the Biometrics Commissioner.

…

Retention Periods

21. The Protection of Freedoms Act 2012 prescribes the periods for which certain types of biometric material may be retained. The 2012 Act amends the system in England and Wales governing the retention of DNA and fingerprints taken from those persons who are arrested for, but not convicted of an offence. This is in order to ensure that DNA and fingerprint material is only retained indefinitely where a person has been convicted of crime, or for a specified period where a person has been arrested for, but not convicted of a serious offence.

22. This means that the police and other law enforcement authorities may:

a) Retain indefinitely DNA and fingerprints taken from those persons who are convicted of a recordable offence (or an offence punishable by imprisonment in Scotland), but may not retain material indefinitely for those who have not been convicted of an offence;
b) Retain for a limited period (in most cases up to 3 years) DNA and fingerprints taken from those persons who are arrested but not convicted of a serious offence (i.e. a qualifying offence);
c) Retain DNA and fingerprints taken from those persons arrested but not convicted of a minor offence (i.e. non-qualifying offence), for a reasonable period where this is for the sole purpose of conducting a speculative search against existing holdings of biometric material;
d) Retain material taken from juveniles (persons under the age of 18 at the time of their arrest or detention) only in certain circumstances – taking account of the ages at which peak offending occurs, the findings of the European Court of Human Rights in S & Marper v UK which made special reference to children and the retention of the DNA of non-convicted children, and the provisions of the UN Convention on the Rights of the Child;
e) Retain material given voluntarily but ensure it is destroyed as soon as it has fulfilled the purpose for which it was taken, unless the person to whom it belongs is previously or subsequently convicted of a recordable offence, in which case it can be retained indefinitely; and
f) Retain material with the consent of the person to whom that material belongs as long as that person consents in writing to its retention (although a person may withdraw his or her consent at any time and if they do such material must be destroyed).

23. In addition, the police and other law enforcement authorities must:

g) Destroy DNA a sample as soon as a profile has been derived from it or within 6 months of it being taken – whichever is sooner.

…

Extended retention for National Security Purposes

29. The 2012 Act amends various pieces of legislation dealing with the retention, destruction and use of biometric material and in doing so also allows for DNA profiles and fingerprints taken or obtained under relevant legislation, to be retained for an additional period of up to 2 years for national security purposes. This period of extension is renewable. Such extensions are overseen by the Biometrics Commissioner, who has the power to order destruction of retained material where they consider that the criteria for extended retention have not been met.
30. A summary of the retention periods for England, Wales and Northern Ireland and for the separate system in Scotland is set out at Annex D.

…

Video – Monty Python – Hospital Sketch

The Hospital Sketch from Monty Pythons Meaning of Life

Unveiled – Insider Trading Charges Against Former Chief Information Officer of Technology Company and Hedge Fund Analyst

Preet Bharara, the United States Attorney for the Southern District of New York, and George Venizelos, the Assistant Director in Charge of the New York Field Office of the Federal Bureau of Investigation (FBI), today announced conspiracy and securities fraud charges against David Riley, a former chief information officer and vice president for Foundry Networks Inc. (“Foundry”), and Matthew Teeple, an analyst for an investment advisory firm to a family of hedge funds located in San Francisco, California (“Investment Adviser A”), for their alleged involvement in an insider trading scheme. Riley allegedly provided material, non-public information (“inside information”) concerning Foundry, a publicly traded technology company, to Teeple. Teeple then caused others to execute trades based upon the inside information, including in accounts managed by Investment Adviser A. In total, these trades earned Investment Adviser A profits of over $16 million and enabled Investment Adviser A to avoid losses in excess of $11 million. Teeple was arrested this morning in San Clemente, California, and is expected to be presented later today in federal district court in the Central District of California. Riley was arrested this morning in San Jose, California, and is expected to be presented later today in federal district court in the Northern District of California.

The Manhattan U.S. Attorney and the FBI also announced the unsealing of the guilty plea of John Johnson to conspiracy and securities fraud charges in connection with this insider trading scheme. Johnson pled guilty to these charges on March 18, 2013, before U.S. District Judge John F. Keenan.

Manhattan U.S. Attorney Preet Bharara said, “As alleged, when David Riley and Matthew Teeple chose to traffic in inside information involving high-tech companies, they embarked on a high-stakes game that has repeatedly proven to be unwinnable. With the charges against them and the plea of John Johnson that we announce today, the ranks of privileged professionals who behave as if they are above the law continue to swell.”

FBI Assistant Director in Charge George Venizelos said, “There may be little to distinguish this case from the dozens of others we have made against industry insiders and investment advisers in the past several years. There is certainly nothing unique about the outcome: If you allegedly traffic in inside information, by providing it or trading on it, you will inevitably be found out, charged, and prosecuted.”

In a separate action, the U.S. Securities and Exchange Commission (SEC) announced civil charges against Riley, Teeple, and Johnson.

According to the complaint and other court documents:

Throughout the insider trading scheme, Riley obtained inside information from Foundry and shared it with Teeple. As chief information officer and a vice president at Foundry, Riley had access to monthly and quarterly financial reporting, along with other sensitive, non-public information relating to Foundry, well before such information became public. After receiving inside information concerning Foundry from Riley, Teeple then shared this information with others, including another analyst who works at Investment Adviser A (the “Investment Adviser A analyst”) and others who then traded in Foundry securities. Investment Adviser A was an investment adviser for a family of hedge funds.

For example, on July 16, 2008, Riley provided Teeple with inside information concerning Foundry’s acquisition by another technology company, Brocade Communications Systems Inc. (“Brocade”), before it was publicly announced on July 21, 2008. Within two hours of this conversation between Riley and Teeple, Teeple made a phone call to the Investment Adviser A analyst. While Teeple and the Investment Adviser A analyst were on the phone, Investment Adviser A began purchasing a large amount of Foundry stock and call option contracts and selling put option contracts for Foundry. From approximately July 16, 2008 until the July 21, 2008 public announcement of Brocade’s acquisition of Foundry, Investment Adviser A purchased approximately 3,245,380 shares of Foundry. Based upon its trading in connection with the inside information concerning Foundry’s acquisition by Brocade, Investment Adviser A profited in the amount of approximately $13.6 million and avoided losses of approximately $7.4 million that it would have incurred due to its prior positions in Foundry.

Teeple also provided the inside information concerning Brocade’s impending acquisition of Foundry to two acquaintances of his, John Johnson and Karl Motey, before the July 21, 2008 public announcement. Teeple told Johnson and Motey that Foundry was going to be acquired by Brocade, and the approximate price at which Foundry was going to be acquired, which turned out to be substantially accurate when the terms of the acquisition were made public. Johnson traded on this inside information and profited in excess of $136,000.

In addition, on multiple occasions, Riley provided inside information concerning Foundry’s quarterly financial reporting to Teeple in advance of any public announcement. Teeple contacted the Investment Adviser A analyst shortly after these conversations with Riley in April 2008 and October 2008. Investment Adviser A subsequently traded in large quantities of Foundry equities based upon this inside information, amassing millions of dollars in both profits and avoided losses.

* * *

Riley, 47, of San Jose, California, is charged with one count of conspiracy to commit securities fraud, and three substantive securities fraud counts. The conspiracy count carries a maximum sentence of five years in prison and a fine of the greater of $250,000 or twice the gross gain or loss from the offense. Each of the securities fraud counts carries a maximum sentence of 20 years in prison and a fine of $5 million or twice the gross gain or loss from the offense.

Teeple, 41, of San Clemente, California, is charged with one count of conspiracy to commit securities fraud, and three substantive securities fraud counts. The conspiracy count carries a maximum sentence of five years in prison and a fine of the greater of $250,000 or twice the gross gain or loss from the offense. Each of the securities fraud counts carries a maximum sentence of 20 years in prison and a fine of $5 million or twice the gross gain or loss from the offense.

Johnson, 46, of Arvada, Colorado, is charged with one count of conspiracy to commit securities fraud, and one substantive securities fraud count. The conspiracy count carries a maximum sentence of five years in prison and a fine of the greater of $250,000 or twice the gross gain or loss from the offense. The securities fraud count carries a maximum sentence of 20 years in prison and a fine of $5 million or twice the gross gain or loss from the offense.

Mr. Bharara praised the investigative work of the FBI. He also thanked the SEC. He noted that the investigation is continuing.

The case is being handled by the Office’s Securities and Commodities Fraud Task Force. Assistant U.S. Attorney Steve Lee is in charge of the prosecution.

The charges contained in the complaint against Teeple and Riley are merely accusations, and the defendants are presumed innocent unless and until proven guilty.

This case was brought in coordination with President Barack Obama’s Financial Fraud Enforcement Task Force, on which Mr. Bharara serves as a co-chair of the Securities and Commodities Fraud Working Group. The task force was established to wage an aggressive, coordinated, and proactive effort to investigate and prosecute financial crimes. With more than 20 federal agencies, 94 U.S. attorneys’ offices, and state and local partners, it is the broadest coalition of law enforcement, investigatory, and regulatory agencies ever assembled to combat fraud.

Since its formation, the task force has made great strides in facilitating increased investigation and prosecution of financial crimes; enhancing coordination and cooperation among federal, state, and local authorities; addressing discrimination in the lending and financial markets; and conducting outreach to the public, victims, financial institutions, and other organizations. Over the past three fiscal years, the Justice Department has filed nearly 10,000 financial fraud cases against nearly 15,000 defendants including more than 2,900 mortgage fraud defendants. For more information on the task force, please visit http://www.stopfraud.gov.

Exposed – Iran’s Shahab Family of Missiles

Iran’s Shahab Family of Missiles

http://www.mashreghnews.ir/fa/news/202684/%DA%A9%D8%A7%D8%A8%D9%88%D8%B3%E2
%80%8C%D9%87%D8%A7%DB%8C-%D8%A7%D8%B3%D8%B1%D8%A7%D8%A6%DB%8C%
D9%84-%D8%A7%D8%B2-%D9%82%DB%8C%D8%A7%D9%85-%D8%B4%D9%87%D8%A7%
D8%A8%E2%80%8C%D9%87%D8%A7-%D8%AA%D8%A7-%D8%A8%D8%A7%D8%B1%D8%
B4-%D8%B4%D9%87%D8%A7%D8%A8%DB%8C-%D9%82%DB%8C%D8%A7%D9%85%E2%
80%8C%D9%87%D8%A7-%D8%B9%DA%A9%D8%B3

A detailed and visual report on Shahab family of missiles, their components and their capabilities.

Shahab is considered Iran’s most important offense and defense platform that is comparable to Russian and Chinese ICBMs. Our Persian observers tell us this is the first public and full-spectrum report on this weapon that includes technical and visual elements and is not as far as we know based on foreign intelligence or Iranian opposition forces, considering Mashreghnews’s alleged affiliations with Iranian armed forces.

In the report 3 other missile families based on Shahab’s platform is discussed: Safir, Ghiyam and Sejjil. All Shahab-based missiles are reported to be ballistic and at the moment, said to be flying as far as 2000 Km and Sejjil series are solid fuel branches with aims to go beyond 2500 Km.

Based on the report, Zelzal and Fateh missiles particularly Zelzal which is Iran’s early-stage middle range offense-only ground to ground road-mobile system (previously reported in Cryptome as Iranian IRGC controlled missile set to allegedly attack U.S bases in the region) are only sharing solid fuel technology with Shahab.

Safir is also reported to be the carriers of the Iranian satellites. What we found as a promising piece of “News” in this observation is the name of Hassan Tehrani Moghaddam, in this report. According to our native observer, late Major general Tehrani Moghaddam was the chief of IRGC’s self-sufficiency (home-brew technologies) organization who was killed among reportedly up to 30 other IRGC officers in a mysterious explosion last year in a secret missile depot.

Based on publicly aired media from Iran, Ayatollah Ali Khameneiee, the Iranian supreme leader, attended his funeral ceremony personally, which is something he does very rarely. At the same dates, we have had other inputs indicating there are rumors that the explosion was related to Israeli sabotage operations. IRGC spokesman officially denied it immediately, which also was something they do very rarely when it comes to Israel.

Our analysis is that IRGC’s claim about the incident as a ammunition mishandling was false. A year before that we had other inputs about a very similar explosion in Imam Ali Missile base in eastern Iran very close to Iraqi boarders and we had reports many Shahab missiles were depoted there.

Later our native observers told us there are many indications among Iranian opposition media outlets that both explosions were internally considered as an act of sabotage by IRGC counterintelligence.

We have an reliable source who tells us the second explosion, which resulted in the death of said general, was actually set as a plot to kill Ali Khameneiee himself since he was allegedly paying a visit to that site that particular day during the nuclear talks hurricane back last year but several suspicious calls to and from the site stopped his personal secret service from attending the event.

Therefore the attack was considered a major step from Israelis by Iranian intelligence and Khameneiee attended his burial service with a tough language against Israel. In a recent speech this week at the beginning of the New Persian year, as Obama was visiting Tel Aviv, Khemeneiee offered two clear statements:

– Ff Israel makes a wrong move we target Tel Aviv and Haifa- If U.S is honest in its claims toward a diplomatic approach they shall stop supporting Israel

We find the picked items as a clear sign the Iranian leadership and the US-based powers are rooting more toward an Israeli solution out of their problems and to the best of our knowledge from modern history some stuff have been solved in London, Berlin, Moscow and even Tripoli, not in Tel Aviv though.

Prepared for Cryptome.

Signed.

Netizens.

Unveiled by Cryptome – International Top Hackers

USE THE LINK TO SEE THE ORIGINAL DOCUMENT BELOW

Click to access key-hackers.pdf

TMZ – Christina Aguilera — Weight Loss Since ‘The Voice’

http://youtu.be/jbSx46-9LFw

Since quitting her role as a judge on “The Voice,” Christina Aguilera looks like she’s dropped a few pounds… which means a sinister force may have been at work when she was working for the show. IT’S THE CHAIRS!

Public Intelligence – U.S. Air Force Office of Special Investigations Cybersex Extortion Scams Report

AFOSI SPECIAL PRODUCT

5 pages
For Official Use Only
February 11, 2013

(U) This Special Product was produced in response to reports of Department of Defense (DoD) personnel becoming victims of internet-based extortion scams known as sextortion. Its purpose is to inform United States Air Force (USAF) personnel of this new online scam and offer mitigating steps that can reduce the chances of becoming a victim.

(U) INTRODUCTION

(U) Cyber criminals are continually developing new online scams to take advantage of the unsuspecting public. One of the most recent is cyber sextortion. Cyber sextortion generally refers to an act of using sexual images (obtained either through enticement or malicious code) in order to extort money from unsuspecting victims.

(U) Reporting across Military Services indicates that DoD personnel have been subjected mainly to webcam sextortion scams. DoD personnel were enticed to engage in online sexual activities which were secretly recorded; money was then extorted from the victims in order to prevent the release of compromising video material. Reported instances of sextortion involving DoD personnel suggests that many of the perpetrators originate from the Philippines. It is currently unclear whether perpetrators are specifically targeting US military members or whether DoD and USAF personnel are merely victims of a scam directed at the general public. Nonetheless, USAF personnel should be vigilant about protecting their personal information online and refrain from engaging in sexual activities through the internet that may potentially make them vulnerable to extortion.

(U) MECHANICS OF SEXTORTION SCAMS

(U) Cyber criminals involved in sextortion scams generally pose as attractive females seeking friendly conversation. They approach potential victims in chat rooms, popular dating websites, and social networking sites by initiating written/text communication in an attempt to befriend them. To convince an unsuspecting individual the person they are about to befriend is real, the perpetrator posts fictitious information about themselves (usually age, location, and multiple photos of the same person) to help establish legitimacy.

(U) Once the victim has accepted the perpetrator’s friendship invitation, the “online relationship” commences and perpetrators quickly change the nature of the conversation from friendly to sexual. At this point victims are invited to participate in live video communication and are lured into cybersex activities.

(U) In many cases perpetrators enact sexually explicit poses or engage in masturbation to entice the victim to reciprocate. Perpetrators then inform unsuspecting victims that their online sexual activities have been recorded. The perpetrator subsequently threatens to upload the contents on various websites (YouTube, Facebook, heterosexual and homosexual porn sites, etc.) or distribute it to the victims’ family, friends, or coworkers unless financial payment is made. In some instances victims were forced to purchase a subscription to pornographic websites. Those websites provide financial incentives similar to “referral fees” for perpetrators who coerce victims to sign up for the service.

(U) Monetary demands placed on the victims have averaged around several hundred dollars (US$) per person. In one case, however, law enforcement authorities in Singapore broke up a sextortion ring responsible for extorting upward of US$90,000 from a single victim over a 9-month time period. The authorities suspected the same group deprived another individual of nearly US$100,000 by threating to make victim’s cybersex activities public.

(U) SEXTORTION CASES INVOLVING DOD MEMBERS

(U) Currently it is not known how many DoD personnel have been victimized by this type of online sextortion scam. In November 2012, Facebook’s security team—the world’s largest social networking site—identified a major sextortion ring operating out of Naga City, Philippines. The ring, involving 21 employees of the Philippine-based company MoneyMaker Portal Web Solutions, reportedly targeted hundreds of US Army and Navy members for a period over one year. It is unknown how many DoD members were actually victimized by this ring. Less dramatic examples of cyber criminals targeting DoD members through these types of scams have been observed by all Military Criminal Investigative Organizations.

(U//FOUO) A recent Naval Criminal Investigative Service (NCIS) report focusing on this type of online scam identified four cases (two on Guam, one in Japan, and one in Bahrain) involving Navy members between August 2012 and November 2012. In all instances, Department of the Navy personnel were lured into online sexual activity that was secretly recorded, and were subsequently threatened with exposure if payment was not made. The United States Army Criminal Investigation Command (USACIDC) also reported a total of three cases from South Korea, Germany, and Texas, of Army members who were recently victimized. In all cases, victims engaged in consensual cybersex activities that were secretly recorded and subsequently used to extort money from them.6 AFOSI has also received multiple reports indicating that USAF personnel have been subjected to sextortion scams. Multiple incidents of sextortion involving USAF members were reported in Japan, South Korea and Alaska, one in Portugal, and one on Guam.

Video – French Taunting – Monty Python and the Holy Grail

The two scenes of hilarious french insults.

Exposed.su Taken Offline

Exposed.su, the website that’s been leaking the social security numbers, phone numbers, addresses and credit reports of several public figures, has gone offline.

US authorities have been investigating the site that leaked the personal information of Michelle Obama, Bill Gates, U.S. Attorney General Eric Holder, Hilary Clinton, CIA Director John Brennan, and many others.

NetworkWorld reports that the domain name still points to CloudFlare’s name servers. However, it’s uncertain if CloudFlare is responsible for the outage.

A couple of days ago, users began reporting that Exposed.su was moved to CrimeOpen.com. However, none of the sites are currently accessible.

CrimeOpen.com displays a “domain seized by the DHS” notification, but according to a post on Pastebin, the notification might not be legitimate.

Last week, we learned that the credit reports published on the site were apparently stolen from annualcreditreport.com, a credit reporting website operated by Equifax, Experian and TransUnion.

Revealed – Iran Cyber Offense Posters

Iran Cyber Offense Posters

A sends:

Oghab on IRAN Cyber Offense

The following posters belong to IRGC, the Iranian offensive military wing. None are officially confidential but only certain people gets their hand to such information and only a very limited part of them get to actually go to these “meetings”. Both are related to development of asymmetric aeronautical weaponry specially using UAS-based approaches and development of “unconventional” SIGINT and ELINT infrastructure to direct attacks specifically on long-term targets. They differ from the usual military and intelligence systems that try to cover everything and usually turn up useless in asymmetric wars thus it is not a conventional Air Force subject and being considered mainly as CO/IRAF, an attack blade made of Cyber and Aerial Vectors. I don’t want to share my reasons for this semi-leak but I do have a clear message for people who are behind such efforts, specially one particular elite team who “run and execute” Iran’s CO (Cyber Offense) and their mastermind. Here is the message: You are not anonymous either, wanna keep going?

Poster 1

[Image]

“Drones in Asymmetric warfare”
Host: NAHAB research center, Imam Hussain University ( IRGC )
Subjects: ELINT, Stealth technologies in UAS, Fast-acting Drones, UAS without GPS, Warfare capabilities in UAS, Enemy UAS detection, interception, landing, disruption.
Meeting Format: Seminar plus talks
Sponsors: IRGC, Aerial Industries, ROSHD, Air Force
email: ech[at]ihu.ac.ir
phones: 738 293 49 (land line), 0919 0084 069 (Cell), if you want to make calls add Iran and Tehran’s phone extension accordingly

Note 1. Imam Hussain University is a Military university located in IRGC-owned area north-east Tehran and it also is a Military Base

Poster 2

[Image]

“The Need to Develop {modern} Aerial weaponry for future Wars”
Host: Technical Faculty, Imam Sadeq Base, Imam Hussain University (IRGC)
Subjects: Modern Aerial Weapons, infrastructures required to build, Studies of offensive and defensive Doctrines, Planes with Payloads, Fast reacting Tactics
Meeting Format: Military Conference
Sponsors: IRGC, Air Force, AeroSpace Organization, Community of Research and Development of Air defense, the institute of Advanced defense tactics, Defense industries Organization, the Self-sufficiency Organization of IRGC Navy, Army
email: acw91[at]ihu.ac.ir
phone: 771 049 27 ( land line )

Note 2. Among said participants, only the “Defense industries Organization” is listed by many international players as a banned and restricted target for business or communication

Prawda – X-Files of Soviet Defense Ministry exposed

Svetlana Smetanina
Pravda.Ru

In Soviet times, the Ministry of Defense was working on a secret project aimed at creating a superhuman with paranormal abilities. Under this project, a group of scientists managed to get in touch with a foreign civilization. The head of this top-secret project shared some details with reporters for the first time.

On a regular winter day in Moscow, in the comfort a room with a fireplace, journalists were given a real sensation. A senior retired official of the Ministry of Defense, lieutenant-general in reserve, PhD, a fellow of the Academy of Natural Sciences Alexey Savin said that in the late 1980′s a group of researchers from the Expert Management Unit of General Staff managed to make a contact with representatives of another civilization. Interestingly, none of the journalists were particularly surprised but, rather, relieved with the “confession.”

Vasily Yeremenko, a Major General of FIB in reserve, academician of the Academy of Security, Defense and Law Enforcement, was the first to speak to the press. In Soviet times he served in the KGB and supervised the Air Force and development of aviation technology. Among his assignments was collection of information by the Air Force of the facts of appearance of unidentified flying objects. According to Vasily Yeremenko, by that time there was an ample amount of such information.

Missile units were even given a directive in case of detection of UFOs. The main task was not to create opportunities for reciprocal aggression. In 1983-1984 at the testing grounds of the Academy of Sciences by Vladimirovka, the Ministry of Defense and the KGB organized a large-scale study of paranormal phenomena. The military training site was not a random choice. Experts have long come to the conclusion that UFOs inevitably appear in places where military equipment and weapons are tested.

“We can say that we learned to summon UFOs in Vladimirovka. To do this, we dramatically increased the number of military flights and movement of the equipment. If the intensity on our side increased, UFOs appeared with the probability of 100 percent,” explained Yeremenko. After six months of tests the authoritative commission came to three main conclusions.

First, modern science was not yet able to identify such phenomena. Second, it could be reconnaissance equipment of the U.S. or Japan. Third, it could be an impact of an extraterrestrial civilization. “The UFO topic today is ubiquitous. Precisely because of its scandalous nature serious scientists are not willing to identify their position on this issue. Pilots often see such objects, but they have a veto on this topic, so do astronauts. In confidential conversations they talk about their experiences meeting with UFOs, but they are afraid to speak publicly about this,” said Vasily Yeremenko.

He believes that this subject requires a serious approach because it is a security issue. Yet, it is still a closed topic both in the U.S. and in Russia. Lt. Gen. Alexey Savin proceeded to reveal some aspects of the engagement of the Ministry of Defense. He headed the Expert Management Unit of the General Staff, whose task was to examine various unusual phenomena.

The main project of the unit was a state program on the discovery of intellectual human resources. The goal of the program was to identify ways to make the human brain work in a special regime of super-powers, making a person a superhuman. The Scientific Council of the program was led by an Academician Natalya Bekhtereva, who until her death served as a scientific director of the Institute of Human Brain of RAS.

Over two hundred highly skilled professionals from across the country participated in the program. “In the process of research, we came to the conclusion that a human was an energy and information system that receives information from outside. This is precisely why a human can manifest paranormal abilities,” said Alexey Savin. In order to identify this external source of information, three groups were created. One group was formed from scientists, another – from military, and the third one was composed of women.

The group of women made the most significant progress in the research. Savin explained that they “wanted to make a contact with representatives of other civilizations. And we did it.” According to him, a special method has been developed that allowed the human brain to tune into a contact. “We had to tune energy-contour of the human brain to a particular wave, like a radio,” Alexey Savin explained.

No hypnosis, drugs, or other similar methods were used in the course of the experiment. A special system of testing was also developed to separate the incoming reports from hallucinations and insanity of the experiment participants. The experimental results were impressive: six participants were given a chance of physical contact, and two of them even managed to visit an alien ship. According to Savin, representatives of extraterrestrial civilizations revealed themselves gradually, giving away the information as they saw fit.

In particular, they talked about their government structure and education system. No information on the military could be obtained. The only thing they agreed to share was a scheme of the equipment for the diagnosis and treatment of various diseases. The head of the experiment explained that humans were like small children to them. “Our civilization is too young to be of interest to them as a subject for a dialogue. Because we are also a part of the universe, we may harm ourselves and other civilizations with our foolish actions, so they are looking out for us. “

The program of communication with extraterrestrial intelligence had been developed for several years until politics intervened. In 1993, the study was stopped and the unit disbanded. According to Savin, he was able to retain only a small number of documents, most of them, including photo reports, are still in the archives of the Ministry of Defense. Incidentally, the unique method for the development of the phenomenal abilities of an individual, until recently, was used in the Academy named after Gagarin until it was disbanded by the former Defense Minister Serdyukov. Yet, the core of the research team was preserved.

“Four years ago we tried to repeat the experiment, and we were successful,” said Alexey Savin. According to him, today this work continues, and the “brains and talented people are still present in the defense industry.” Answering the question of Pravda.Ru why it was decided to announce it to the media Savin replied: “Why hide something from people? Instead, they need to prepare for new challenges.”

He believes that there are two global challenges today: climate change and shortage of drinking water. Russia has a special role in this process. “When we pass the point of bifurcation, people from all over will run to us. How will we meet them, with weapons? Of course, we will have to negotiate.” Maybe all this is a puzzle from the “textbook” for young civilizations? Perhaps, aliens have arranged an experiment to see how we would handle it.

Cryptime – Mirror and Index of Declassified NSA Cryptologs

23 March 2013. NSA 136 Cryptologs Contents 1974-1997:

Part 1 — Cryptologs 1 – 75, 1974 – 1982

22 March 2013. NSA has replaced the original non-searchable image PDFs with searchable PDFs. These have replaced the files forrmerly provided on Cryptome.

21 March 2013. Add links to Nos. 28 and 41 retrieved today.

13 March 2013

NSA Releases Declassified 136 Cryptologs

Government Attic offers the entire collection in a Zip file:

http://www.governmentattic.org/7docs/NSA-Cryptolog_1997-1974.pdf (240MB)

We have emailed NSA to make Nos. 28 and 41 accessible, which it has promised to do.

Government Attic initiated this release, called “monumental” by NSA, and suggested Cryptome and others also request.

The Cryptologs OCRed to raw text, no formatting, no proofreading:

http://cryptome.org/2013/03/nsa-cryptologs-txt.zip (4.4MB)

http://www.nsa.gov/public_info/declass/cryptologs.shtml

Cryptologs

Date Posted: May 9, 2012| Last Modified: Mar 7, 2013| Last Reviewed: Mar 7, 2013

All documents are provided in PDF format.

PUBLIC INTELLIGENCE – GAO Report: Increasing the Effectiveness of Efforts to Share Terrorism-Related Suspicious Activity Reports

INFORMATION SHARING: Additional Actions Could Help Ensure That Efforts to Share Terrorism-Related Suspicious Activity Reports Are Effective

68 pages
March 2013
5.2 MB

The Department of Justice (DOJ) has largely implemented the Nationwide Suspicious Activity Reporting Initiative among fusion centers—entities that serve as the focal point within a state for sharing and analyzing suspicious activity reports and other threat information. The state and local law enforcement officials GAO interviewed generally said the initiative’s processes worked well, but that they could benefit from additional feedback from the Federal Bureau of Investigation (FBI) on how the reports they submit are used. The FBI has a feedback mechanism, but not all stakeholders were aware of it. Implementing formalized feedback mechanisms as part of the initiative could help stakeholders conduct accurate analyses of terrorism-related information, among other things.

The technical means that federal, state, and local entities use to collect and share terrorism-related suspicious activity reports—Shared Spaces servers that DOJ provides to most fusion centers and the FBI’s eGuardian system—provide many overlapping or duplicative services. For example, both systems provide a national network for sharing the reports and tools to analyze them. The federal government is aware that duplication exists but supports both systems to enable fusion centers to control information on individuals, consistent with the centers’ privacy requirements, and facilitate the FBI’s investigative needs. However, the FBI was concerned that supporting two systems introduces risks that it will not receive all reports. For example, at the time of our review, many fusion centers were choosing not to automatically share all of their reports with the FBI’s system—although they may have shared reports via phone or other means—and DOJ had not fully diagnosed why. In its March 2013 letter commenting on a draft of this report, DOJ stated that it had made progress on this issue. DOJ also had not formally tested the exchange of information between the two systems to ensure that the exchanges were complete. Taking additional steps to mitigate the risks that reports are not fully shared could help DOJ ensure that the FBI receives all information that can support investigations.

Stakeholders GAO interviewed generally reported that training fully or partially met objectives, such as making law enforcement more aware of the initiative. DOJ has mechanisms to assess the analyst training to help ensure that analysts have the information they need to review and share reports. However, DOJ had not fully assessed its training provided to officers on the front line, which could help ensure that officers receive sufficient information to be able to recognize terrorism-related suspicious activity. DOJ has provided training to executives at 77 of 78 fusion centers, about 2,000 fusion center analysts, and about 290,000 of the 800,000 line officers. DOJ is behind schedule in training the line officers but is taking actions to provide training to officers who have not yet received it.

DOJ and other agencies collect some data to assess the performance of the Nationwide Suspicious Activity Reporting Initiative—such as the number of reports submitted and resulting FBI investigations. These data show that stakeholders were increasingly submitting and using terrorism-related reports. However, DOJ had not yet established plans and time frames for implementing measures that assess the homeland security results achieved by the initiative and thus lacked a means for establishing accountability for implementing them.

…

TMZ TV-Who’s Fatter: Pregnant Kim Kardashian or Pregnant Jessica Simpson?

http://youtu.be/Tgxe5psTfUQ

Both Kim Kardashian and Jessica Simpson are gaining weight now that they’re well into pregnancy, so we’re going to play a sort of messed up game: Who’s fatter? Winner gets the healthiest baby!

SECRECY NEWS – DOD INSPECTOR GENERAL HAS UNRESTRICTED ACCESS TO CLASSIFIED INFO

A Department of Defense instruction issued on Friday reinforces the policy
that the DoD Office of Inspector General (OIG) is to have full access to
all records, including classified records, that it needs to perform its
function, and that no DoD official other than the Secretary himself may
block such access.

"The OIG must have expeditious and unrestricted access to all records...,
regardless of classification, medium (e.g. paper, electronic) or format
(e.g., digitized images, data) and information available to or within any
DoD Component, and be able to obtain copies of all records and information
as required for its official use once appropriate security clearances and
access are substantiated for the OIG DoD personnel involved," the
instruction states.

See "Office of the Inspector General of the Department of Defense Access
to Records and Information," DoD Instruction 7050.03, March 22, 2013:

        http://www.fas.org/irp/doddir/dod/i7050_03.pdf

By stressing that the Inspector General's access is independent of a
record's classification, medium or format, this language elaborates and
bolsters the text of a previous version of the instruction, which did not
make those distinctions.

        http://www.fas.org/irp/doddir/dod/i7050_03-2000.pdf

Furthermore, the new instruction specifies, "No officer, employee,
contractor, or Service member of any DoD Component may deny the OIG DoD
access to records."  Only the Secretary of Defense may invoke a statutory
exemption to limit IG access to certain intelligence, counterintelligence,
or other sensitive matters, which he must then justify in a report to
Congress.

As a result these robust access provisions, the DoD Inspector General is
well-positioned to conduct internal oversight not only of the Pentagon's
extensive classified programs, but also of the classification system
itself, particularly since the Department of Defense is the most prolific
classifier in the U.S. government.

In fact, the Inspector General of each executive branch agency that
classifies national security information is now required by the Reducing
Over-Classification Act of 2010 to evaluate the agency's classification
program.  Each Inspector General was directed "to identify policies,
procedures, rules, regulations, or management practices that may be
contributing to persistent misclassification of material."

        http://www.gpo.gov/fdsys/pkg/PLAW-111publ258/pdf/PLAW-111publ258.pdf

The first evaluation is due to be completed by September 30, 2013. 
Vexingly, the Act did not provide a functional definition of
"over-classification" or "misclassification."  Therefore, the first hurdle
that the IG evaluations must overcome is to determine the nature and the
parameters of the problem of over-classification.

PRIVACY AND CLOUD COMPUTING, AND MORE FROM CRS

New and updated products from the Congressional Research Service that
Congress has not made readily available to the public include the
following.

Cloud Computing: Constitutional and Statutory Privacy Protections, March
22, 2013:

        http://www.fas.org/sgp/crs/misc/R43015.pdf

The National Broadband Plan Goals: Where Do We Stand?, March 19, 2013:

        http://www.fas.org/sgp/crs/misc/R43016.pdf

U.S. Customs and Border Protection: Trade Facilitation, Enforcement, and
Security, March 22, 2013:

        http://www.fas.org/sgp/crs/homesec/R43014.pdf

Itemized Tax Deductions for Individuals: Data Analysis, March 21, 2013:

        http://www.fas.org/sgp/crs/misc/R43012.pdf

International Monetary Fund: Background and Issues for Congress, March 21,
2013:

        http://www.fas.org/sgp/crs/misc/R42019.pdf

China Naval Modernization: Implications for U.S. Navy Capabilities --
Background and Issues for Congress, March 21, 2013:

        http://www.fas.org/sgp/crs/row/RL33153.pdf

Former Presidents: Pensions, Office Allowances, and Other Federal
Benefits, March 21, 2013:

        http://www.fas.org/sgp/crs/misc/RL34631.pdf

_______________________________________________
Secrecy News is written by Steven Aftergood and published by the
Federation of American Scientists.

The Secrecy News Blog is at:
     http://www.fas.org/blog/secrecy/

To SUBSCRIBE to Secrecy News, go to:
     http://www.fas.org/sgp/news/secrecy/subscribe.html

To UNSUBSCRIBE, go to
     http://www.fas.org/sgp/news/secrecy/unsubscribe.html

OR email your request to saftergood@fas.org

Secrecy News is archived at:
     http://www.fas.org/sgp/news/secrecy/index.html

Support the FAS Project on Government Secrecy with a donation:
     http://www.fas.org/member/donate_today.html

_______________________
Steven Aftergood
Project on Government Secrecy
Federation of American Scientists
web:    www.fas.org/sgp/index.html
email:  saftergood@fas.org
voice:  (202) 454-4691
twitter: @saftergood

Video Skid – Monty Python – Election Night Special

http://youtu.be/31FFTx6AKmU

Monty Python’s Flying Circus- funny sketch making fun of Election Night

Cryptome unveils – NSA Thinking Outloud About Cyberspace

NSA Thinking Outloud About Cyberspace

US AUS CAN NZ UK constitutes the five-nation Echelon global surveillance agreement members.

http://cryptome.org/2013/03/cryptolog_135.pdf (2.0MB)

[Excerpts]

DOCID: 4033695

TOP SECRET UMBRA

CRYPTOLOG
The Journal of Technical Health

Vol. XXIII, No.1
SPRING 1997

SECRET

CRYPTOLOG
Spring 1997

THINKING OUT LOUD ABOUT CYBERSPACE (U)

by William B. Black, Jr.
Director’s Special Assistant for Information Warfare

INTRODUCTION (U)

(S REL AUS CAN NZ UK) On 3 March 1997, the Secretary of Defense officially delegated to the National Security Agency the authority to develop Computer Network Attack¹ (CNA) techniques. This delegation of authority has added a new, third dimension to NSA’s “one mission” future. That is, in the networked world of Cyberspace, CNA technology is the natural companion of NSA’s exploit and protect functions. This delegation of authority is sure to be a catalyst for major change in NSA’s basic processes and its workforce. The end result, however, should remain information technology-derived products, services, and experts.

(U) The articles following this introduction were written by the staff of the Director’s Special Assistant for Information Warfare. Because confusion still surrounds the emergence and history of Information Warfare (IW), these articles are intended to contribute to the common understanding of why Information Operations and its concepts are important to the future of NSA.

1. DoDD 3600.1, Information Operations, dated 09 December 1996, defines CNA as “operations to disrupt, deny, degrade or destroy information resident in computers and computer networks, or the computers and networks themselves.”

REL AUS CAN NZ UK

SECRET

CRYPTOLOG
Spring 1997

A HISTORICAL PERSPECTIVE (U)

(U) After World War II, an understanding of the core competency underlying the making and breaking of codes — cryptology — resulted in a national decision to consolidate both activities in one organization: NSA. Both activities benefited from this consolidation, and became stronger.

(S REL AUS CAN NZ UK) Since the end of the Cold War, in an emerging networked world, an understanding of the emergence of a new core competency — “cyberology” — with its close technological relationship to cryptology has again resulted in a national decision to consolidate. Cyberology’s central activities, i.e., “exploitation,” “protection,” and “attack,” will be worked together, thus benefiting all of them.

SETTING THE STAGE (U)

(U) There are certain assumptions that underpin the thought processes related to preparing for our Agency’s future in cyberspace. These are premises that are basic to the understanding, the preparations, and the acceptance of major changes. The following presents the main assumptions.

We’re On the Edge of a New Age (U)

(U) First is an acceptance that we are on the edge of a new age, called the “Information Age.” Also, that this new age is engulfing almost every aspect of society, including the very nature of our business. The basic premise is that the information technology advancements of the last 30 years far exceed any evolution of technology in the Industrial Age. These advances are so traumatic and far-reaching that they clearly represent something truly “new.” It is important to note that, historically, technological advancements were called “revolutions” when they make progress of a single order of magnitude. (e.g., the automobile “revolutionized” transportation because it was ten times faster than the horse). In the case of information technology, the contention is that the last thirty years have seen an advancement of not one but six orders of magnitude — 1,000,000 times! — in information technology. The end result has been a great deal of confusion and turmoil as human nature attempts to force the “new” of the Information Age into the “known” of the Industrial Age. This “new,” however, does not fit; we have to change the thought process.

The Public Sees Government as the Bad Guy (U)

(U) Second, the public reaction to this new age has a direct relationship to the National Security Agency and the way we do business. At the beginning of the Industrial Age, the public centered in on industrialists and/or capitalists as being “the problem.” Labor unions were created and child labor laws were enacted to curb their power. In today’s Age, the public has centered in on government as “the problem.” Specifically, the focus is on the potential abuse of the Government’s applications of this new information technology that will result in an invasion of personal privacy. For us, this is difficult to understand. We are “the government,” and we have no interest in invading the personal privacy of U.S. citizens. Regardless, the public’s concerns are real and have an impact upon us. The Computer Security Act of 1987 is one example of this impact, for it clearly represents a first step in limiting any potential NSA involvement in the public sector.

REL AUS CAN NZ UK

SECRET

CRYPTOLOG
Spring 1997

This Age Brought Its Space With It (U)

(U) Third, a major aspect of the Information Age is that it is ushering in a totally new sphere of operations, a new environment called “cyberspace.” For many, cyberspace is an ill-defined, comic-book concept — perhaps something created by a science-fiction writer or a Hollywood producer. But for NSA, in the Information Age, cyberspace is both real and virtual: while the real portion consists of physical assets (computers, network terminals, satellites, fiber optic cables, etc.) located on earth and in space, it is the virtual aspect -all interconnected, all networked, all compatible and interoperable -that is the most important. Almost every type of interaction that occurs in the physical world will have a corollary in cyberspace.

(U) In cyberspace, complex networks on networks emerge as an organizing concept upon which our future operations must focus. All networks are interconnected, and routing across the various elements of the network is automatic and not pre-determinable. Descriptors such as Defense Information Infrastructure (DII) or National Information Infrastructure (Nil) refer to portions of users of the Global Information Infrastructure (GIl) or better yet, the users of cyberspace’s transportation system. The future global use and dependency on cyberspace should evolve much the way the use of the Internet has evolved today, i.e., because it should be extremely cost effective. The more important aspect of this inter-connectivity is the fact that, as we move into this complex networked future, computers are in charge, and physical geography becomes less and less important. While computers initially automated routine and mundane tasks, today inter-networking has turned computers and systems to networks, affording opportunities to work with greater and greater amounts of information at any distance. In the future, advances in artificial intelligence, and increases in understanding of cognitive processes, in general, will move us rapidly into a situation where computers and networks work in conjunction with each other, under broad guidance from humans, to actually make decisions and act on our behalf. This is cyberspace’s future.

The Future of Warfare is Warfare in Cyberspace — a.k.a. Information Warfare (U)

(U) When we look to the future of warfare in the Information Age, we ask ourselves the question “How do you conduct warfare in cyberspace?” The answer is Information Warfare or, in accordance with DoD’s new Directive 3600.1, Information Operations. Information warfare has been the subject of many speeches, scholarly papers, and popular journals. Information warfare has even made its debut in Hollywood in the film Independence Day. These many, differing views of IW confuse “information in war,” “information technology enhancements of existing combat capabilities or weapon systems,” and “warfare in cyberspace.” In our view, “information in war” has been with us throughout history, i.e., intelligence on opposing forces was as valuable to Napoleon as it was to MacArthur. “Information technology enhancements” emerged during the Industrial Age with the natural evolution of weapons technology. IW for us, however, is “warfare in cyberspace” and is an exclusive feature of the Information Age. We believe that its biggest impact is yet to come.

(U) Another aspect of warfare that came with the Information Age is that actual, physical combat can be viewed in living rooms of America via television. The horrors of war cannot be hidden. As a result, in the simplest of terms, “body bags” are no longer acceptable. There is considerable societal pressure to find non-lethal means of accomplishing tasks that once called for conventional military action.

(U) For the military, the Information Age presents yet another problem. With the kind of computers, communications, and networking available in the commercial world, how can the military justify separate systems? Commercial communications networks are too inexpensive and too pervasive to ignore. The

REL AUS CAN NZ UK

SECRET

CRYPTOLOG
Spring 1997

good news for the military is that — probably for the first time — they will have interoperable communications in joint service activities and even in multinational operations. The bad news, however, is that they will also be interoperable with their adversaries.

(S REL AUS CAN NZ UK) In Information Age terms, IW provides a “digital coercion” option. The primary target of this option is the information infrastructure of an adversary. Such information infrastructures are expected to be primarily computer controlled, operated by the commercial-civilian sector (unprotected), and the primary infrastructure upon which military forces almost totally depend. For IW purposes, access to these computer-controlled infrastructures can permit the degradation, disruption, or destruction of the network and/or the functions they serve. As a result, the “computers” become the intelligence “targets” of highest priority.

(S REL AUS CAN NZ UK) There are specific types of weapons associated with Information Warfare. These include viruses, worms, logic bombs, trojan horses, spoofing, masquerading, and “back” or “trap” doors. They are referred to as “tools” or “techniques” even though they may be pieces of software. They are publicly available, very powerful, and, if effectively executed, extremely destructive to any society’s information infrastructure.

(U) As a last thought in setting the stage, we expect the Information Warrior of the future to be very different in their thought processes. They will understand the non-physical nature of the future capabilities, will be comfortable with working across the spectrum, and have extensive knowledge of non-military targets. Probably most importantly, they will be comfortable with the concept of networks. They will understand that “information operations” are more than “operations” supported by intelligence and communications; rather, they will understand that all three function together synergistically. Finally, Information Warriors will understand that in the “tooth-to-tail” accounting of personnel, military personnel will be the “tooth” and civilians will be the “tail.” Tail equates to the emerging information infrastructure, a primary strategic target of IW.

THE BEGINNING (U)

(S REL AUS CAN NZ UK) The following articles will look in depth at various aspects of Information Operations or Information Warfare as they relate to NSA. “Cyberology” and our new CNA mission should provoke much thought and discussion. It is hoped that these articles will serve as a catalyst and basis for these activities.

(FOUO) Mr. Black retired from NSA in 1997 after a long career. He was the first Director’s Special Assistant for Information Warfare, and oversaw the establishment of the Information Operations Technology Center.

REL AUS CAN NZ UK

SECRET

Video Skid – Monty Python – Exploding Penguin

http://youtu.be/1k1ccguXiwshttp://youtu.be/1k1ccguXiws

TMZ – Ashley Greene — Inconsolable After Condo Fire

http://youtu.be/OTMSi0cmiHg

Cradling her dog’s dead body, “Twilight” star Ashley Greene was utterly heartbroken when she returned to her West Hollywood condo this afternoon … hours after it went up in flames.

Unveiled by Cryptome – US Secret Service Seeks Google Mail

US Secret Service Seeks Google Mail

A sends:

USSS Secret Service GMAIL LEA activities on at least a few gmail accounts today, likely real. Interesting this comes up immediately after posting evidence of 9/11 design by federal directors.

———- Forwarded message ———-

From: <USLawEnforcement[at]google.com>
Date: Thu, Mar 14, 2013 at 3:07 PM
Subject: RE: [9-0184000000651] Notification from Google
To:

Dear ,

Google has received legal process for information related to your account in a matter issued by the U.S. Secret Service.

To comply with the law, Google may provide responsive documents pursuant to the Electronic Communications Privacy Act. See 18 U.S.C. § 2701 et seq.

For more information about the legal process seeking your Google account information, you may wish to contact the party seeking this information at:

808-541-1912

Unfortunately, Google is not in a position to provide you with legal advice or discuss the substance of the process in our possession.

If you have other questions regarding this matter, we encourage you to contact your attorney.

Regards,

Google Inc.

Legal Investigations Support

Video Skid – Monty Python – Hamlet

To be, or not to be: that is the question:
Whether ’tis nobler in the mind to suffer
The slings and arrows of outrageous fortune,
Or to take arms against a sea of troubles,
And by opposing end them? To die: to sleep;
No more; and by a sleep to say we end
The heart-ache and the thousand natural shocks
That flesh is heir to, ’tis a consummation
Devoutly to be wish’d. To die, to sleep;
To sleep: perchance to dream: ay, there’s the rub;
For in that sleep of death what dreams may come
When we have shuffled off this mortal coil,
Must give us pause: there’s the respect
That makes calamity of so long life;
For who would bear the whips and scorns of time,
The oppressor’s wrong, the proud man’s contumely,
The pangs of despised love, the law’s delay,
The insolence of office and the spurns
That patient merit of the unworthy takes,
When he himself might his quietus make
With a bare bodkin? who would fardels bear,
To grunt and sweat under a weary life,
But that the dread of something after death,
The undiscover’d country from whose bourn
No traveller returns, puzzles the will
And makes us rather bear those ills we have
Than fly to others that we know not of?
Thus conscience does make cowards of us all;
And thus the native hue of resolution
Is sicklied o’er with the pale cast of thought,
And enterprises of great pith and moment
With this regard their currents turn awry,
And lose the name of action. – Soft you now!
The fair Ophelia! Nymph, in thy orisons
Be all my sins remember’d.

TMZ – Khloe Kardashian’s Bag — FRONT ROW at Clippers Game!

Clippers tickets are pretty spendy these days — especially in the front row — but that’s where Khloe Kardashian’s Celine bag sat for the game last night. What’s worse, the BAG cost more than the SEATS!

Public Intelligence – Urban Exploration Could “Aid Terrorists”

Video Skid – Monty Python – Hospital Sketch

The Hospital Sketch from Monty Pythons Meaning of Life

THe FBI – Insider Trading Charges Against Former Galleon Portfolio Manager

Manhattan U.S. Attorney Preet Bharara said, “As alleged, Rengan Rajaratnam and his brother shared more than DNA; they also shared a penchant for insider trading. Along with his brother Raj, Rengan Rajaratnam was allegedly at the heart of an insider trading scheme that swept up an unprecedented number of people in its web of corruption, and with his indictment, we are one step closer to closing that chapter.”

FBI Assistant Director in Charge George Venizelos said, “Rengan Rajaratnam’s career arc paralleled his brother’s. He followed in Raj’s footsteps by obtaining an MBA from a top- flight business school. He went to work for Raj at Galleon. As alleged in the indictment, Rengan also engaged in the same illegal conduct as Raj. He reaped the benefit of insider information obtained by Raj, and he planned to reciprocate by cultivating his own source of inside information. Now Rengan’s career arc has descended to the same place his brother’s did less than four years ago: defendant.”

In a separate action, the U.S. Securities and Exchange Commission (SEC) announced civil charges against Rengan Rajaratnam.

The following allegations are based on the indictment filed yesterday and unsealed today in Manhattan federal court and other court documents:

The inside information concerning Clearwire originated from Rajiv Goel, an employee of Intel Corp. (“Intel”). In March 2008, Goel provided inside information to his friend Raj Rajaratnam concerning a significant transaction in which Intel would invest approximately $1 billion in Clearwire in exchange for a 10 percent equity position. Raj Rajaratnam, in turn, shared the inside information with his brother, Rengan Rajaratnam. Rengan Rajaratnam and Raj Rajaratnam used this inside information to buy Clearwire stock on March 24 and 25, 2008.

After the U.S. stock markets closed on March 25, 2008, a major news organization published an article describing, in part, the proposed Clearwire transaction. Shortly afterward, Rajaratnam called his brother to alert him to the news report. In that call, Rajaratnam said, “We’re f—d, man,” because the “Clearwire stuff…just hit” the newspaper. Rengan Rajaratnam explained that the news article was “short on details…they don’t have any of the equity split. But they named…Comcast, they named Time Warner, Clearwire, Sprint.” Raj Rajaratnam replied, “O.K., s—t.” Rajaratnam then said, “So, I don’t know how much you got in today,” referring to Raj Rajaratnam’s purchases of Clearwire stock that day, “but I think [Clearwire’s share price] is gonna rip [rise sharply] tomorrow.” In fact, Clearwire’s share price did rise sharply the following day in response to the news article, after which Rengan Rajaratnam and Raj Rajaratnam made nearly $1.2 million in profits from the inside information concerning Clearwire.

The inside information concerning AMD originated from Anil Kumar, who was, at the time, a partner of McKinsey & Co. (“McKinsey”), the global management consulting firm. In 2008, AMD hired McKinsey to advise it in relation to a strategic transaction in which AMD would spin off its manufacturing business into a new entity and the investment authority of Abu Dhabi would invest in the new entity and in AMD itself. On August 15, 2008, Kumar advised Raj Rajaratnam that AMD and the Abu Dhabi investment authority had “shaken hands and said that they’re going ahead with the deal.” Three hours later, Raj Rajaratnam told Rengan Rajaratnam, “I just heard that…AMD had a handshake with the…Arabs….The Arabs to put [in] six billion dollars.” He also told his brother that he had bought AMD shares based on Kumar’s inside information about AMD, and that he was “buying two fifty”—meaning 250,000 shares of AMD—“for you, OK?” Rengan Rajaratnam replied, “Alright, thanks a lot man, I appreciate it.” On August 15, 2008, Raj Rajaratnam bought three million shares of AMD for a Galleon hedge fund that he managed and 250,000 shares of AMD for a Galleon hedge fund that Rajaratnam managed.

Later that day, Rengan Rajaratnam and Raj Rajaratnam spoke again about the AMD inside information and also about the affirmative efforts that Rajaratnam was making to cultivate another McKinsey partner (“McKinsey Partner A”) as a source of inside information. Specifically, Rengan Rajaratnam advised Raj Rajaratnam that he had just finished a meeting with McKinsey Partner A in which McKinsey Partner A “spilled his beans” and “volunteered the information about the investments” in AMD. Raj Rajaratnam said, “[W]hat we wanna do is…get him and then have access to, you know, be able to chat with him” about

other inside information. Raj Rajaratnam said to Rengan Rajaratnam, “[H]e is a little dirty, right?” Rajaratnam responded, “[H]e’s a little dirty.” Rajaratnam said that when he had asked McKinsey Partner A what other stocks McKinsey Partner A liked, McKinsey Partner A said, “‘You know, the problem is all my best ideas…are inside information.’”

* * *

Rajaratnam, 42, of New York, New York, has been charged with one count of conspiracy to commit securities fraud and six counts of securities fraud. Count one, the conspiracy charge, carries a maximum potential penalty of five years in prison and a fine of $250,000 or twice the gross gain or loss from the offense. Counts two through seven, the securities fraud charges, each carry a maximum potential penalty of 20 years in prison and a maximum fine of $5 million.

Raj Rajaratnam was found guilty of conspiracy and securities fraud charges in 2011 and is currently serving an 11-year prison sentence. Rajiv Goel and Anil Kumar both pled guilty pursuant to cooperation agreements and were sentenced to two years of probation in 2012.

Mr. Bharara praised the investigative work of the FBI. He also thanked the SEC. Mr. Bharara noted that the investigation is continuing.

This case was brought in coordination with President Barack Obama’s Financial Fraud Enforcement Task Force, on which Mr. Bharara serves as a co-chair of the Securities and Commodities Fraud Working Group. President Obama established the interagency Financial Fraud Enforcement Task Force to wage an aggressive, coordinated, and proactive effort to investigate and prosecute financial crimes. The task force includes representatives from a broad range of federal agencies, regulatory authorities, inspectors general, and state and local law enforcement who, working together, bring to bear a powerful array of criminal and civil enforcement resources. The task force is working to improve efforts across the federal executive branch and, with state and local partners, to investigate and prosecute significant financial crimes, ensure just and effective punishment for those who perpetrate financial crimes, combat discrimination in the lending and financial markets, and recover proceeds for victims of financial crimes.

This case is being handled by the Office’s Securities and Commodities Fraud Task Force. Assistant U.S. Attorney David B. Massey is in charge of the prosecution.

The charges contained in the Indictment are merely accusations, and the defendant is presumed innocent unless and until proven guilty.

Cryptome – NSA Assesses Winterbotham’s The Ultra Secret

SA Assesses Winterbotham’s “The Ultra Secret”

http://cryptome.org/2013/03/cryptolog_15.pdf (2.3MB)

NSA Cryptolog 15, VOL. II, NO. 12 DECEMBER 1975

[Excerpts]

DOCID 4009727

TOP SECRET

NATIONAL SECURITY AGENCY
FORT GEROGE G. MEADE, MARYLAND

CRYPTOLOG

DECEMBER 1975

WINTERBOTHAM’S “THE ULTRA SECRET”:

A PERSONAL COMMENT Brigadier John H. TiltmanWEAPON THAT HELPED DEFEAT NAZIS P. W. Filby

MUM’S STILL THE WORD! [redacted]

THIS DOCUMENT CONTAINS CODEWORD MATERIAL

TOP SECRET

Declassified and Approved for Release by NSA on 10-11-2012 pursuant to E.O. 13526.

MDR Case # 54778

SECRET

WINTERBOTHAM’S “THE ULTRA SECRET”
THREE VIEWS

The following three articles deal in various ways with the publicity given in the British and American press and on television to F. W. Winterbotham’s book “The Ultra Secret.” The first article, by Brigadier John H. Tiltman, deals with the accuracy of the statements in the book and the degree of harm done by them. The second article, by P. W. Filby, is a review of the book as assessed by a member of the team of specialists who worked the German diplomatic problem. The third article, by [redacted] M542, a word of advice to those who might now be tempted to tell everything they know.

A PERSONAL COMMENT

By Brigadier John H. Tiltman, P1

When Winterbotham’s book was first published late in 1974 in England, some members of NSA who had served at Bletchley Park during World War II, on reading early reviews, assumed that it was officially authorised. This was definitely not the case. Its publication was strenuously opposed by British responsible authorities, who took legal advice on the probable consequences of prosecuting the author under the British Official Secrets Act. They were advised that prosecution could not be effective without the case going to court and evidence produced that British national security had been damaged by the book’s publication with consequent public disclosure of more current intelligence activities. They therefore decided that legal action would probably do more harm than good.

Another and perhaps a decisive factor making prosecution unlikely to succeed was the publication in France in 1973 of Bertrand’s book Enigma, ou La Plus Grande Enigme de la Guerre 1939-1945. This revealed for the first time the fact of an analytic success against the Enigma and was decisive in the discussions between Deputy Director NSA and Director GCHQ on the matter of whether to attempt to restrain Winterbotham and his publisher.

I am not alone in believing that an early official public description (perhaps a joint US-UK statement) of the basic facts of the wartime exploitation of the intelligence derived from the solution of the Enigma keys might have mitigated the damage done to security. Perhaps this could have been strengthened by a further

December 75 * CRYPTOLOG * Page 1

HANDLE VIA COMINT CHANNELS ONLY

SECRET

statement that the revelation of technical details of the methods of solution would be resisted indefinitely. I realise however that there must be other valid arguments which persuaded the responsible authorities not to take such action.

I myself took no part in the solution of Enigma keys in Huts 6 and 8, nor in its exploitation in Hut 3, but I am, I believe, the only person around who was on the directorate level at Bletchley Park during the war and had a hand in many of the policy decisions made regarding the production and use of the intelligence derived.

The book is poorly written and very inaccurate in some areas where I know the facts. The references to the early history of Enigma solution and to the activities of the staff of Hut 6 (who performed the cryptanalytic part of the enterprise) are hopelessly wrong. It is difficult to understand how the author who had considerable responsibilities for the organisation and distribution of Enigma intelligence could have been so completely ignorant of the technical side of the operation. He doesn’t know the difference between the Enigma (a rotor machine), other German ciphers, the Japanese high-grade diplomatic machine (the “Purple,” a totally different kind of machine), and the Japanese Fleet general cipher (a codebook and additive hand system). His remarks about the “Bronze Goddess” appear to be a complete invention.

Some people gather the impression when they read the book that the author greatly magnifies his own part in the winning of the war. I give an example from my own experience. To quote some passages, “It was at this point that Menzies told me he had decided to hand over my shadow OKW in Hut 3 to the General Administration at Bletchley. One never knew where one stood with Menzies. He softened the pill by confirming me as his deputy … ” (p. 87). “Despite the loss of my personal control of Hut 3 and the shadow OKW, I still had direct access to it when required. I was never told by Menzies the real reasons for the takeover … “(p. 92). The facts are that I reported to the Director of Military Intelligence at the War Office, that Curtis, the War Office representative in Hut 3, in conjunction with Humphries, the corresponding Air Force representative, had on two separate occasions gone behind my back to recommend reorganisation of Hut 3 under their own more direct control. In consequence, a SIGINT Board meeting was called with General Menzies in the chair and consisting of the three Service Directors of Intelligence and Director GCHQ. At this meeting it was decided to withdraw Humphries, Curtis, and the naval representative.

I knew Winterbotham slightly and flew with him to Paris on the occasion of one of my official visits to France in 1940. His outstanding achievement was the establishment of SLUs (special liaison units) for the dissemination of ULTRA to commanders in the field. I have no reason to doubt that he records this faithfully. He gives rise to feelings of dscomfort, however, when he describes his relations with the more high-ranking recipients of his wares. It appears that Montgomery must have treated him with less courtesy than others and consequently he feels sure he himself could have fought Montgomery’s battles far more efficiently!

In view of its general inaccuracy, especially when touching on technical matters, I believe the book, taken by itself, does no harm. This cannot be said for the side effects it touched off. The first review I read was in the Washington Post by Al Friendly, who himself served in Hut 3. He headlines his review “Confessions of a Codebreaker.” He gives the impression that for a great part of the war every telegraphic order issued by Hitler was currently on the desk of the Prime Minister and concerned Allied commanders. This is simply not true. Such a picture takes no account of the many difficulties of the operation, the decisions to be taken on insufficient evidence as to priorities of attack on some keys to the exclusion of others, the many failures and delays, the early misunderstanding as to the real meaning of messages, etc. The general success of the project was as much a triumph of organisation of the large-scale attack as of the ingenuity and persistence of the cryptanalysts, especially the mathematicians.

Perhaps the most objectionable of the reviews was a long article in one of the London Sunday newspapers by Peter Calvocoressi. He was an important figure in Hut 3, presumably recruited by Winterbotham. He is now, I believe, managing director of Penguin Books and was the joint author of a distinguished history of World War II. His article is an extremely well-written description of life in Hut 3, but he has gone further than anyone else in including a photograph of the German Service Enigma and in mentioning the Bombe. I believe this was the first time a picture of the service Enigma appeared in public print. Not even Bertrand in his book Enigma gives a photograph of the machine. I am quite unable to understand Calvocoressi’s arrogant assumption that he can say what he likes in public now that Winterbotham’s book has appeared. I hold the view that everyone who worked in Bletchley Park is still under a moral obligation not to disclose secrets not previously published without official permission and, I would have thought, is aware of this obligation.

Many of us were nervous of what David Kahn would have to say when his turn came to review the book. When his review did appear in the New York Review of Books, it was surprisingly mild and harmless. He, of course, is in a different category. Not ever having been a part of

December 75 * CRYPTOLOG * Page 2

HANDLE VIA COMINT CHANNELS ONLY

SECRET

any Government agency, he cannot be regarded as subject to the same restrictions.

Other reviewers have been influential journalists who have taken the tone that the book has revealed the operations of World War II in a new light, that history will have to be rewritten, that the British have told only part of the story and that they will have to tell the rest. I do not know whether we have heard the last of this attitude.

Something has to be said about the paragraphs on page 14 of the book dealing with personalities. Winterbotham mentions the mathematicians Alexander, Babbage, Welchman, and Milner Barry, but doesn’t seem to have heard of Turing, who is generally regarded as the leading genius of the methods of solution of the Enigma in its various forms. He says that “it was generally accepted that of our own backroom boys ‘Dilly’ Knox was the mastermind behind the Enigma affair.” I do not agree with this at all, though I am aware that he was in general charge of the analysis of the machine before the war and long before the British had any success in solution. Incidentally, Winterbotham seems to confuse Knox with Foss, who fits much better into the physical description in the book and who had some influence mbes became available. In his casual remarks about me, Winterbotham is somewhere near the truth: he says I had been borrowed from the Army. So I was — 20 years earlier! Of Josh Cooper he says he was “another brilliant mathematician.” Josh wasn’t a mathematician at all — he was a very fine linguist. For no known reason, Winterbotham mentions Dick Pritchard. He was a regular Army officer who had been with me for 8 or 9 years, before the war, but he had nothing whatever to do with the solution of the Enigma.

I think it quite likely that all this does no harm at all, but we cannot by any means be certain of this. Therefore, we have to continue to try to withhold further disclosures, particularly on technical methods of solution.

(HVCCO)

Briigadier Tiltman was Deputy Director and Chief Cryptographer, GCHQ, from 1941 to 1946. Since 1964 he has been working at NSA, Fort Meade. He is a Commander, Order of St. Michael and St. George; Commander, Order of the British Empire; and Distinguished Member, CMI.

HANDLE VIA COMINT CHANNELS ONLY

SECRET

(UNCLASSIFIED)

ULTRA WAS SECRET WEAPON THAT HELPED DEFEAT NAZIS

By P. W. Filby

Shortly after the outbreak of World War II, the British Government acquired a stately home in a small town called Bletchley, a town renowned only for its railway junction and nearby brickyards. For the next few months civilians and servicemen and women arrived in ever increasing numbers, and hardly a house in Bletchley escaped billeting. The citizens wondered at the motley crowd, raffishly dressed for the most part, often absent-minded and all having a studious air about them.

High iron fences were erected round the home known as Bletchley Park and armed Army guards were on duty at all times. The locals had to get used to comings and goings of their lodgers at all hours, and having taken in civilians they would suddenly see them emerge in full regalia as officers of the three services, especially when they made trips to London.

Many guesses were hazarded but the only thing that could be said was that it was a secret department — and the secret was well kept, so well that it is not until now, thirty years later, that the Bletchley people and the world will know that the many thousands of people at the “Park” were working in enemy codes and ciphers.

Group Captain Winterbotham has taken advantage of the “30-year rule” to describe the success of one group, “Hut 3.” It is an absorbing story, and although the chief defect is that Winterbotham was not a codebreaker and therefore makes several wrong assertions, the book is one of outstanding interest, and readers will marvel at the war’s greatest secret and how it was kept until now.

Just before the outbreak of World War II the British had obtained by various means a complex machine known as “Enigma” which was being used for the encoding of the most secret and important German armed forces communications . After a prodigious effort the British cryptographers of “Hut 3” managed to break this machine and later built what might well have been the first computer, so that the communications could be read immediately upon receipt.

To everyone’s surprise, the Germans continued to use this machine throughout the war and thus most plans made by Hitler and his High Command were known to the British (and later, the Americans also) at the same time as the German recipients.

Radio operators in remote, lonely locations intercepted the messages, which were rushed to

December 75 * CRYPTOLOG * Page 3

UNCLASSIFIED

Bletchley, often by motorcycle until more sophisticated methods were evolved, and were promptly decoded and passed to the appropriate commands. The intelligence was code-named “Ultra.”

Astonishingly, there is nothing in captured German documents to suggest that anyone sus pected that the most secret cypher code was being read throughout the war. Much of the credit for this were the rules laid down by Winterbotham for the “need to know.”

For instance, the Russians were never told of it, and the many free forces (French, Dutch, etc.) were not let in on the secret. Winterbotham toured British and American commands, lecturing users on this intelligence and warning them care had to be taken on how the information could be used.

For instance, although the presence of an enemy force might be given in detail by Ultra, to bomb it immediately would cause the Germans to wonder how the enemy knew of this force, so reconnaissance planes had to be used so that the Germans would suspect that they had been spotted from the air.

Unhappily, it was not unusual for holders of the German plans to have to forgo using them for fear of compromising the cypher break. One such occasion was the bombing of poor Coventry; enemy plans were known beforehand, but to defend the city would have aroused German suspicions. Although attempts to defend were made, the populace was not warned in advance. At that time it was not known whether German spies were working among the British.

But the information was used with telling effect in the Battle of Britain, when the Air Force knew exactly the direction and the force to be employed in each attack. It is probable that Ultra did much to save Britain in those dark days. Everyone knew the Air Force could not withstand these onslaughts for long, but Ultra allowed them breathing space by parceling out the slender defense forces where needed most.

Ultra played a particularly distinguished part in the North African campaign, where Montgomery was informed of Rommel’s disposition of his forces and the extent of his supplies. Ultra also enabled supplies across the Mediterranean Sea to be sunk en route. Montgomery’s face should be red, since he claimed verbally and in his books that he planned his battle order, but he acquired the record of invincibility only through his use of the information given by Ultra.

With the British losing thousands of tons of shipping weekly, the decoding of the German Navy’s messages provided a welcome respite, and from 1943 the losses were significantly reduced since the disposition of the U-boats was known.

One wonders now just how the Normandy landing would have worked out without Ultra. Since decoded messages told of the German belief that the attack would come from the narrow Pas de Calais, General Patton arrived with a phantom army to give the impression the landing would indeed be tried there. Consequently Rundstedt and a vast army were kept there, reducing the defenses in Normandy.

Ultra’s strength was also shown when, in the Battle of the Bulge, the Germans relied on telephone rather than radio communications, and many lives were lost because the Allies could 1earn nothing of the German plans and intentions.

These and other exciting stories are related in this absorbing book. It suffers perhaps because Winterbotham was a “go-between” rather than one of the codebreakers, and thus credit is not given to the mathematicians and linguists who worked long hours in stuffy rooms where, because of blackout precautions, fresh air seldom penetrated the smoke-filled atmosphere.

Tribute, must also have been paid to those radio operators, straining their ears when static and other conditions meant a missed group and maybe an important one at that, when the operator could not ask for a repeat — these were the real heroes of one of the outstanding accomplishments of the war .

One amusing tailpiece to the whole affair is the effect it will have on those whose memoirs have already been written. Many should now be rewritten; if Ultra did not actually win the war it will cause historians to revise what has been written thus far. Books such as “D-Day” are exciting reading, but the present work must be included in all war hiptory collections from now on, since it will affect all war histories in varying ways.

Winterbotham is rightly proud of Bletchley’s achievement, but he tends to forget that information, needs acting upon; it needs good generals and above all a great Air Force, Army, and Navy. Fortunately the Allies had these too, and though Ultra was one of the most important contributions to the victory, Winterbotham perhaps overrates it a little.

Sir John Masterman’s book, “The Double-Cross System in the War of 1939-1945” (reviewed in these columns February 12, 1972) describes how captured spies were “turned around” and also contributed to the downfall of Germany. There were other great coups but UItra and Double Cross must rank very high in the defeat of the Nazis.

P. W. Filby, in addition to his SIGINT experience at Bletchley Park and GCHQ, is an “honorary NSA-er by marriage” (his wife is CLA President and CRYPTOLOG’s SRA Editor Vera R. Filby). Mr. Filby is the current Director of the Maryland Historial Society, Baltimore, Maryland. The preceding review is reprinted in entirety from the Baltimore Evening Sun, June 10, 1975. FOUO

December 75 * CRYPTOLOG * Page 4

UNCLASSIFIED

MUM’S STILL THE WORD!

By [REDACTED] M542

Many people make their work and the organization they work for an extension of their own egos, especially when the organization is performing a vital service to society. For most people, one of the most compelling motivations on the job is the quest for approval by their peers and supervisors. But we NSAers are not like “most people.” True, we have always been able to rely on peer and supervisory approval, but we have never been able to derive ego gratification from identifying with NSA — historically, both the Agency itself and our specific jobs here have been obscured from public notice. Lately, however, the curtain cloaking our activities has been lifted slightly. Winterbotham’s book The Ultra Secret and the follow-on revelations in the CBS television program, “Sixty Minutes, ” have provided the public with glimpses of the vital role that cryptology plays in protecting our nation’s security. Certainly, all of us must feel a sense of pride, and perhaps indulge our egos a bit, to see our Agency’s vital function finally made known to the public. It’s a very seductive thing. We plug along for years without public recognition. We strive constantly to overcome the natural urge to discuss our work with non-NSA friends, particularly when that work involves events taking place on the world stage. Then, suddenly, there’s our organization, our work — us! –on the television screen, the front page of the newspaper, the public bookshelf. How easy it is to feel proud about finally getting public recognition. But that initial feeling of pride and personal gratification is soon outweighed by the disquieting realization that someone has talked, someone has betrayed our tradition of keeping our mouths shut.

The fact that such revelations do not always compromise sensitive information, as in the case of The Ultra Secret and the TV follow-on, does not diminish our feelings of dismay. That precious shell of anonymity — so carefully maintained over the years — has been cracked. One can only expect that others will rush forth to give their versions of past events and open that crack still wider.

That our cryptologic operations are discussed at all in the public media, no matter how many decades have elapsed, is the primary concern here. Journalistic appetite begets appetite and, once titillated by the morsels served up by disclosures such as those in Winterbotham’s book, it tends to become ravenous for the whole pot. Those who were associated with the cryptologic effort in the past — and the numbers are prodigious — as well as those currently involved, are presented with a psychological cop-out to indulge thelr ego [redacted] talk about their work. After all, everyone else is doing it. Thus, revelation begets revelation.

The publication of The Ultra Secret, however innocuous its specific revelations, can only be viewed with foreboding. It can only hasten the dropping of the next shoe. And when that shoe drops, we NSAers should remember, “Mum’s still the word!”

December 75 * CRYPTOLOG * Page 5

UNCLASSIFIED

PI – National Counterterrorism Center: Insight on Infrastructure Vulnerabilities

Urban Exploration Offers Insight Into Critical Infrastructure Vulnerabilities

1 page
For Official Use Only
November 19, 2012

(U//FOUO) Urban Explorers (UE)—hobbyists who seek illicit access to transportation and industrial facilities in urban areas—frequently post photographs, video footage, and diagrams on line that could be used by terrorists to remotely identify and surveil potential targets. Advanced navigation and mapping technologies, including three dimensional modeling and geo-tagging, could aid terrorists in pinpointing locations in dense urban environments. Any suspicious UE activity should be reported to the nearest State and Major Area Fusion Center and to the local FBI Joint Terrorism Task Force.

…

SECRECY NEWS – NASA Technical Reports Database Goes Dark

This week NASA abruptly took the massive NASA Technical Reports Server (NTRS) offline. Though no explanation for the removal was offered, it appeared to be in response to concerns that export controlled information was contained in the collection.

“Until further notice, the NTRS system will be unavailable for public access. We apologize for any inconvenience this may cause you and anticipate that this site will return to service in the near future,” the NTRS homepagenow states.

NASA Public Affairs did not respond yesterday to an inquiry about the status of the site, the reason for its suspension, or the timeline for its return.

NASA Watch and The Unwanted Blog linked the move to a statement from Rep. Frank Wolf on Monday concerning alleged security violations at NASA Langley Research Center.

“NASA should immediately take down all publicly available technical data sources until all documents that have not been subjected to export control review have received such a review and all controlled documents are removed from the system,” Rep. Wolf said.

In other words, all NASA technical documents, no matter how voluminous and valuable they are, should cease to be publicly available in order to prevent the continued disclosure of any restricted documents, no matter how limited or insignificant they may be.

“There is a HUGE amount of material on NTRS,” said space policy analyst Dwayne Day. “If NASA is forced to review it all, it will never go back online.”

Essentially, the mindset represented by Rep. Wolf and embraced by NASA fears the consequences of unauthorized disclosure more than it values the benefits of openness. It is a familiar outlook that has wreaked havoc with the nation’s historical declassification program, and has periodically disrupted routine access to record collections at the National Archives, as well as online collections at the CIA, the Los Alamos technical report library, and elsewhere.

“I’d also note that a large amount of historical Mercury/Gemini/Apollo documents that were previously available at NARA Fort Worth is now apparently withdrawn due to ITAR [export controls],” said Dr. Day.

The upshot is that the government is not an altogether reliable repository of official records. Members of the public who depend on access to such records should endeavor to make and preserve their own copies whenever possible.

Video – Monty Python – Exploding Penguin

http://youtu.be/1k1ccguXiws

Cryptome reveals – Internet Is a Spy State

Internet Is a Spy State

At 06:09 AM 3/18/2013, Eugen Leitl wrote on Cypherpunks:

http://edition.cnn.com/2013/03/16/opinion/schneier-internet-surveillance/index.html

The Internet is a surveillance state

By Bruce Schneier, Special to CNN

March 16, 2013 — Updated 1804 GMT (0204 HKT)

STORY HIGHLIGHTS

Bruce Schneier: Whether we like it or not, we’re being tracked all the time on the Internet

Schneier: Our surveillance state is efficient beyond the wildest dreams of George Orwell

He says governments and corporations are working together to keep things that way

Schneier: Slap-on-the-wrist fines notwithstanding, no one is agitating for better privacy laws

Editor’s note: Bruce Schneier is a security technologist and author of “Liars and Outliers: Enabling the Trust Society Needs to Survive.”

__________

Cryptome:

That the Internet is a gigantic spying machine has been known since its invention, the security industry has made billions pretending to protect against its spying.

Schneier has also written recently that security does not work, cannot work, that attackers are always going to excell over defenders, due to the economic incentives to attack being greater than those to defend.

Long a top expert selling security services, what is Schneier up to with gloom and doom that is usually associated with selling snake oil — his favorite target. Has his amply promoted 24×7 services been defeated by attackers? Is he keeping that quiet? Is he about to be doxed, has been hit with a blackmail demand, or worse, his defenses compromised? Who else among the experts are colluding with this initiative to admit Internet deception from the git go?

Recall that beloved Peter Neumann and others advocate chucking the current Internet and starting over with better security and privacy basic requirements. Uh huh, and what will take its place, will it be better or more snake oil? And what to do with all that stored data of the world’s greatest spying machine promoted with the complicity of Internet advocates and the security industry?

Pardon, monsieur, foxes in the hen house, comes to mind.

Schneier says in his security-is-doomed-to-fail piece a public discussion is needed on what to do, the experts don’t have answers. That’s a good start after years of experts promising to do better next time, meanwhile trust open source, trust us.

Where does snake oil end and “something better” begin? Is something better ever not snake oil? Is a public discussion of an issue never not rigged in favor of the organizers? Is tumultous public discussion never not preamble to a coup justified as needed to control the mob who has gotten out of hand, who voted the wrong way, who attacked the leaders? Who hacked the experts?

Coups are always justified as needed for security, and who Machiavelli’s the coup masters other than security and propaganda experts yearning to maintain privilege and reputation.

Coups are not always obvious, the most effective are hardly noticed.

TMZ – Tiger Woods & Lindsey Vonn Dating — Will He Cheat Again?

http://youtu.be/X8DeTGkUeF4

Lindsey Vonn and Tiger Woods made it official — they’re dating — but we all knew that was the case back when Tiger sent his private jet to pick her up last month… so now, the only real update is these awkward “it’s official!” photos they took together.

Public Intelligence – FAA Airspace Management Plan for Disasters

FAA Airspace Management Plan for Disasters

30 pages
For Official Use Only
July 18, 2012

0.1 The Airspace Management Plan for Disasters provides a nationally consistent framework and suite of supportive tools for the use of the Federal Aviation Administration’s air traffic and airspace management operational expertise and capabilities, as well as statutory authority, to enhance the safety and effectiveness (including unity of effort) of air missions supporting response and recovery efforts such as Search and Recue flights following a disaster. The plan also speaks to the use of these tools to safeguard persons and property on the ground. Additionally, this plan also helps to balance the needs of those response air missions with the agency’s concurrent effort to return the National Airspace System, which is critical to the U.S. economy and American way of life, to normal operations. Note that the Federal Aviation Administration also uses operational contingency plans and other air traffic management procedures, which are separate from this document, that specifically focus on sustaining the operation of the National Airspace System and normal air traffic, especially for situations involving the disruption or degrading of the agency’s Air Navigation Services.

0.2 Federal, State, and local agency, as well as military, partners are the primary intended audience of this document. This plan is also provides a coordination resource for those Federal Aviation Administration operations personnel who regularly cooperate with interagency partners on the use of air traffic and airspace management capabilities to support response and recovery efforts.

0.3 The plan is informed by numerous natural disasters that have struck the country since Hurricane Katrina in 2005, as well as many national and State-level exercises. Reflecting the lessons learned from those events, the plan is designed to be implemented in a scalable and flexible manner that best meets the operational needs shaped by the specific disaster at hand and the requirements of the responding Federal, State, local, tribal / territorial, and private sector stakeholders. Implementation of this plan can be carried out for any disaster provoking the need for response and recover air missions or otherwise involving the National Airspace System, including events to which the Federal Government is responding through the Stafford Disaster Relief and Emergency Assistance Act and purely State or local crises. In many cases, the Federal Aviation Administration will implement this plan initially in cooperation with State level authorities, including State Emergency Management Agencies and National Guard units, and then, as the disaster unfolds, scale up implementation as Federal assistance, including response aircraft begin to arrive in theater. Elements of this plan may also be used to facilitate air operations regularly flown by the U.S. Forest Service, Bureau of Land Management, and National Park Service to support, for example, wildfire firefighting, law enforcement, and search and resure missions.

0.4 The plan is not intended as a stand alone document. It is intended to be implemented through Federal Aviation Administration Temporary Flight Restrictions and other operational measures. The plan is also designed to provide air traffic and airspace management input to a broad range of other aviation centric disaster response and recovery plans and procedures used by U.S. Northern Command, United States Coast Guard, Customs and Border Protection, the State Emergency Management Agencies and National Guard elements, and other Federal, State, local, territorial / tribal interagency partners. In addition, it is intended to complement the National Response Framework and other related disaster response and recovery plans.

Video – Skid – Monty Python-Bring out your dead!

Cryptome – Pollard and Manning Pardon Both

oth Jonathan Pollard and Bradley Manning served as military intelligence analysts, Pollard for the Navy, Manning the Army.

Pollard allegedly delivered suitcases-full of hardcopy classified documents to the Israeli Embassy, the day’s legally protected drop box. Manning delivered comparable amounts, if not more, by copying to digital disks and thumbdrives, then digitally transmitting to the legally protected drop boxes of WikiLeaks.

Pollard was caught by reporting of an inside informer. Manning was caught by reporting of an insider informer.

Pollard was prosecuted, convicted and imprisoned for life for espionage. Manning is on trial for espionage facing imprisonment for life.

After first distancing itself from Pollard, Israel is now seeking his release with a well-supported public campaign. Notable Israelis and thousands of others have a signed a petition to Obama for Pollard’s release. Obama said recently Pollard committed a grave crime and he does not intend to immediately release Pollard.

After seeing material disclosed by Manning, countries, notables and thousands of others from around the world are calling for his release. Petitions have been delivered to Obama for his release. Obama has stated Manning a committed serious crime and if found guilty should be punished.

Pollard was tried in a civil court with civil protections.

Manning is being tried in a military court with military protections.

Pollard has served 28 years of his sentence.

Manning has been in detention for three years.

Pollard claims he acted for patriotism.

Manning claims he acted for patriotism.

Pollard allegedly revealed highly classified inadequately protected information. His sentence is said to be a warning to others.

Manning used high technology to transfer inadequately protected information. His prosecution is said to be a warning to others.

Information security measures have improved following both breaches.

Pollard and Manning, pardon both for disclosing inadequate protection of classified information.

SECRET – DHS Geospatial Concept of Operations (GeoCONOPS) Version 4

Homeland Security Geospatial Concept of Operations (GeoCONOPS) Version 4.0

Draft
190 pages
June 2012
3.64 MB

The Homeland Security Geospatial Concept of Operations (GeoCONOPS) is a multiyear effort focused on the geospatial communities supporting DHS and FEMA activities under the NRF and in coordination with Presidential Policy Directive 8: National Preparedness (PPD-8) which describes the Nation’s approach to preparing for the threats and hazards that pose the greatest risk to the security of the United States. The GeoCONOPS, in its fourth year, is a multiyear product to document the current geospatial practices supporting the NRF, PPD-8, and Stafford Act activities. The participants and intended audience of the GeoCONOPS include the GIOT Members, 15 Emergency Support Functions (ESF), both primary and support, and other federal mission partners. The GeoCONOPS will be updated on a yearly basis to ensure it meets the needs of all mission partners. The GeoCONOPS is currently under review by FEMA for adoption by NIMS.

…

DHS is relying more often and more broadly on geospatial information technology to collect and analyze key situational awareness data for its emergency response missions. According to the National Strategy for Homeland Security and DHS’s mission statement: homeland security covers prevention, protection, mitigation, response, and recovery. Geospatial products and intelligence play a key role in the Department’s preparation for disasters and its response to them; they are used to help assess damage, aid in search and rescue (SAR), remove debris, and support incident management.

The Geospatial Management Office (GMO) serving the DHS Chief Information Office, was established by the Intelligence Reform and Terrorism Prevention Act of 2004 (Title VII, Subtitle B, Section 8201, Homeland Security Geospatial Information). Through its implementation of DHS Management Directive 4030, the GMO exercises executive leadership in establishing DHS geospatial information technology programs, directives, and initiatives and provides oversight for the integration of geospatial data 1 See Annex C for a complete list of federal partners. and technology. It serves as the principal office to facilitate all interagency activities relating to domestic geospatial and remote sensing (RS) data to support the needs of homeland security-related intelligence, law enforcement, environmental, scientific, and emergency response requirements.

The GMO must develop requirements and processes for access to common operating data used by components and provide guidance to other federal departments and agencies that are supporting and executing homeland security and emergency management operations.

Geospatial technology provides a significant role in incident management. Its uses today include disaster early warning and mitigation, border monitoring, criminal investigations, public health protection, and critical infrastructure oversight. In recent years, federal mission partners have been operating with minimal formal guidance or direction on how to conduct geospatial support to the emergency response and homeland security operating regimes, relying instead on ad hoc coordination.

As a result, geospatial efforts in support of incident management have frequently been slow to start or have been completely unavailable immediately following a disaster, leaving the “full power” and benefits of geospatial technology unrealized. The development of the GeoCONOPS for homeland security and emergency management operations ensures that timely and accurate geospatial data is shared across the entire geospatial community, resulting in better informed decision making across all phases of an incident.

…

…

GIOT Team Members

Department of Agriculture (USDA)
– Office of the Chief Information Office
– Enterprise Geospatial Management Office
– Office of Homeland Security & Emergency Coordination
– Emergency Operation Center
– Forest Service
– National Interagency Fire center

Department of Commerce (DOC)
– National Oceanic & Atmospheric Administration (NOAA)
– US Census Bureau

Department of Defense (DoD)
– Office of the Deputy Undersecretary for Defense
– National Geospatial-Intelligence Agency (NGA)
– National Guard Bureau
– NORTHCOM
– US Army Corps of Engineers (USACE)

Department of Health & Human Services (HHS)

Department of Homeland Security (DHS)
– Office of the Chief Information Officer/Geospatial Management Office (GMO)
– Customs and Border Patrol (CBP)
– Federal Emergency Management Agency (FEMA)
– Federal Insurance & Mitigation Administration (FIMA)
– Office of Response & Recovery (ORR)
– National Preparedness Directorate (NPD)
– National Exercise Division (NED)
– National Integration Center (NIC)
– Mission Support Bureau (MSB)
– Office of the Chief Information Officer (CIO)/Geospatial Solutions Branch
– Federal Law Enforcement Training Center (FLETC)
– Immigration & Customs Enforcement (ICE)

– National Protection & Programs Directorate (NPPD)
– Federal Protective Service (FPS)
– Office of Infrastructure Protection (IP)
– Office of Health Affairs (OHA)
– Office of Intelligence and Analysis (I&A)
– Office of Operations Coordination & Planning (OPS)
– Science and Technology (S&T)
– Transportation Security Administration (TSA)
– US Coast Guard (USCG)
– US Secret Service (USSS)

Department of Housing & Urban Development (HUD)

Department of Interior (DOI)
– US Geological Survey (USGS)

Department of State
– USAID

Department of Transportation (DOT)

Environmental Protection Agency (EPA)

Federal Aviation Administration (FAA)

Office of the Director of National Intelligence (ODNI)
– Program Manager for the Information-Sharing Environment (PM-ISE)

Small Business Administration (SBA)

Veterans Administration (VA)

Collaborating Partners

American Red Cross (ARC)

National Alliance for Public Safety GIS (NAPSG)

National States Geographic Information Council (NSGIC)

Open Geospatial Consortium (OGC)

SECRECY NEWS – CLASSIFICATION COMPLAINT ARISING FROM THOMAS DRAKE CASE DISMISSED

In July 2011, J. William Leonard, a former director of the Information
Security Oversight Office (ISOO), took the extraordinary step of filing a
formal complaint with the Office he once led charging that a document used
to indict former NSA official Thomas Drake under the Espionage Act had been
wrongly classified in violation of the executive order on classification.
("Complaint Seeks Punishment for Classification of Documents" by Scott
Shane, New York Times, August 2, 2011; "Ex-federal official calls U.S.
classification system 'dysfunctional'" by Ellen Nakashima, Washington Post,
July 21, 2012)

    http://www.fas.org/sgp/news/2012/07/jwl-complaint.pdf

Last December, in a newly disclosed response, John P. Fitzpatrick, the
current ISOO director, concluded that Mr. Leonard's complaint did not
warrant the sanctions that Mr. Leonard had urged.  Neither the original
classification of the NSA document, titled "What a Wonderful Success," nor
its continued classification "rise to the level of willful acts in
violation of the Order," Mr. Fitzpatrick wrote in his December 26, 2012
response.

    http://www.fas.org/sgp/jud/drake/isoo-jwl.pdf

With that, the matter was officially closed.  But the divergent views
underlying the complaint remain unresolved and continue to fester.

"I have devoted over 34 years to Federal service in the national security
arena, to include the last 5 years of my service being responsible for
Executive branch-wide oversight of the classification system," Mr. Leonard
wrote in his 2011 complaint. "During that time I have seen many equally
egregious examples of the inappropriate assignment of classification
controls to information that does not meet the standards for
classification; however, I have never seen a more willful example."

But Mr. Fitzpatrick said that having reviewed the original classification
of the document as well as its continued classification, "I find no
violation in either case."  In fact, he noted, "NSA discontinued the
classification of the document in question" during the course of the Drake
case.

"The content and processing of the document fall within the standards and
authority for classification under the Order and NSA regulations," Mr.
Fitzpatrick wrote.  That doesn't make them immune to criticism, he wrote,
but it means that their classification does not "rise to the level of
willful acts in violation of the Order."

Mr. Leonard was not persuaded.  In an email to Mr. Fitzpatrick after the
complaint was dismissed, he said he was not overly concerned by the
original classification of the document, "which although improper was, by
all appearances, a reflexive rather than willful act."  Nor, of course, was
he troubled by the eventual declassification of the document.

But "What I did and continue to take issue with is that in between those
events, senior officials of both the NSA and DoJ made a number of
deliberate decisions to use the supposed classified nature of that document
as the basis for a criminal investigation of Thomas Drake as well as the
basis for a subsequent felony indictment and criminal prosecution."

Not only that, Mr. Leonard said, but DoJ and NSA officials justified the
classification after the fact by claiming the document "reveals... a
specific level of effort..." concerning a classified activity, and that
that assertion was "factually incorrect."

    http://www.fas.org/sgp/jud/drake/jwl-resp.html

Mr. Fitzpatrick said he had no basis to comment on the Drake case per se. 
"That is not my purview."  

"I do think it important to note that ISOO's authority to handle the
complaint pertains to classification actions authorized under the Order. 
It does not extend to investigative or prosecutorial decisions made under
other authorities," Mr. Fitzpatrick told Secrecy News yesterday.

But he added that "To conclude that the single document cited in the
complaint was the primary basis for an investigation and prosecution is, in
my view, too narrow a reading of the facts of the case. When building such
cases, agencies make decisions to reduce the risk of exposing national
security information.  This influences their selection of which documents
and evidence to place in the public record.  These are matters of
investigative and prosecutorial discretion whose results are determined in
court.  Neither those results, nor opinions about the relative merits of
mounting a case, recast the original classification action as
sanction-worthy."

Mr. Leonard highlighted the striking fact that no one has ever been
sanctioned for abuse of classification authority, and he told Mr.
Fitzpatrick that the present case was a missed opportunity.

"Accountability is crucial to any system of controls and the fact that
your determination in this case preserves an unbroken record in which no
government official has ever been held accountable for abusing the
classification system does not bode well for the prospect of real reform of
the system," Mr. Leonard wrote.

Why indeed has there never been any accountability for classification
abuse?  Mr. Fitzpatrick said "This goes to the cultural aspects of national
security information control, where the premium is placed on protection and
avoidance of inadvertent disclosure.  The other side of that coin -- I
would call it simply overclassification -- is less generally policed
against.  Its ill effects are felt in the cumbersome processes associated
with declassification review and the persistent backlogs and slow processes
that characterize the system."

Mr. Leonard went further in a thoughtful but scathing presentation at a
panel sponsored by the Brennan Center for Justice on March 14, in which he
first disclosed the ISOO response to his complaint. He said, "I've come to
the conclusion that the executive branch is both incapable and unwilling to
achieve real reform in this area."

Mr. Fitzpatrick said that, for his part, he retained a degree of hope that
meaningful changes to secrecy policy could still be achieved.

"There are some essential elements needed to bring about reform, and they
hard to come by," he said via email. "The first and most important is an
unambiguous call for change from senior leadership.  That mandate must
promise commitment and describe specific outcomes the change is meant to
bring about.  Examples would include: reduce classification; expedite
declassification; improve access to declassified historical Formerly
Restricted Data.  Given that inter-agency cooperation is needed to address
these issues, nothing short of a White House-directed effort is likely to
succeed in making this kind of reform happen.  This belief underlies the
[Public Interest Declassification Board's] primary recommendation from
their recent report [namely, to establish a White House-led steering group
on secrecy reform]."

The last impartial word about the Thomas Drake prosecution (though not
specifically on classification policy) may be that of the presiding judge,
Judge Richard D. Bennett. At the July 2011 sentencing hearing that ended
the case, he called the government's handling of the matter
"unconscionable" and abusive.

Thomas Drake himself reflected on his experience in a speech to the
National Press Club on March 15:

    http://www.c-spanvideo.org/program/311537-1

SECRET SESSIONS OF CONGRESS, AND MORE FROM CRS

The latest updates from the Congressional Research Service include these
reports.

Secret Sessions of the House and Senate: Authority, Confidentiality, and
Frequency, March 15, 2013:

        http://www.fas.org/sgp/crs/secrecy/R42106.pdf

Europe's Energy Security: Options and Challenges to Natural Gas Supply
Diversification, March 15, 2013:

        http://www.fas.org/sgp/crs/row/R42405.pdf

The Amending Process in the Senate, March 15, 2013:

        http://www.fas.org/sgp/crs/misc/98-853.pdf

Commonly Used Motions and Requests in the House of Representatives, March
15, 2013:

        http://www.fas.org/sgp/crs/misc/RL32207.pdf

Navy Nuclear Aircraft Carrier (CVN) Homeporting at Mayport: Background and
Issues for Congress, March 15, 2013:

        http://www.fas.org/sgp/crs/weapons/R40248.pdf

Navy Irregular Warfare and Counterterrorism Operations: Background and
Issues for Congress, March 15, 2013:

        http://www.fas.org/sgp/crs/natsec/RS22373.pdf

Coast Guard Cutter Procurement: Background and Issues for Congress, March
15, 2013:

        http://www.fas.org/sgp/crs/weapons/R42567.pdf

Coast Guard Polar Icebreaker Modernization: Background, Issues, and
Options for Congress, March 15, 2013:

        http://www.fas.org/sgp/crs/weapons/RL34391.pdf

_______________________________________________
Secrecy News is written by Steven Aftergood and published by the
Federation of American Scientists.

The Secrecy News Blog is at:
     http://www.fas.org/blog/secrecy/

To SUBSCRIBE to Secrecy News, go to:
     http://www.fas.org/sgp/news/secrecy/subscribe.html

To UNSUBSCRIBE, go to
     http://www.fas.org/sgp/news/secrecy/unsubscribe.html

OR email your request to saftergood@fas.org

Secrecy News is archived at:
     http://www.fas.org/sgp/news/secrecy/index.html

Support the FAS Project on Government Secrecy with a donation:
     http://www.fas.org/member/donate_today.html

_______________________
Steven Aftergood
Project on Government Secrecy
Federation of American Scientists
web:    www.fas.org/sgp/index.html
email:  saftergood@fas.org
voice:  (202) 454-4691
twitter: @saftergood

DIE ZEIT über das Zitat “ausgeklügelte Schutzgeldsystem von Gomopa”

Artikel Link

http://www.zeit.de/2013/11/Finanznachrichtendienst-Gomopa

FINANZNACHRICHTENDIENST GOMOPA”Jetzt du wieder! Gruß Klaus”

Wie der Finanznachrichtendienst Gomopa gegen Betrüger kämpft und dabei selbst dubiose Geschäfte macht.

Es war an einem Mittwochmittag im September 2012 in Berlin-Kreuzberg, als Klaus Maurischat, ein Eis in der Hand und einen Kollegen neben sich, über eine Brücke spazierte und brutal überfallen wurde. Drei schwarz vermummte Männer griffen ihn an, sie schlugen ihn auf offener Straße nieder und traten ihm ins Gesicht, dann liefen sie davon. Blutend schleppte sich Maurischat in sein Büro am Tempelhofer Ufer und rief die Polizei.

Maurischat, 56, war wohl kein Zufallsopfer. Der Mann lebt gefährlich. Er ist Chef eines Finanznachrichtendienstes namens Gomopa, und er hat es sich zur Aufgabe gemacht, Anlagebetrügern und anderen Wirtschaftskriminellen auf die Spur zu kommen und auf seiner Internetseite vor ihnen zu warnen. So schafft man sich Feinde in einem Milieu, in dem es Geld im Überfluss und wenig Skrupel gibt. Wer ihm die Schläger auf den Hals hetzte, ist nicht bekannt.

Eine der Firmen, mit denen sich Maurischat und seine Mitarbeiter in den vergangenen Jahren intensiv beschäftigten, ist die Immobiliengruppe S&K mit Sitz in Frankfurt. Die Rechercheure von Gomopa hatten einen guten Riecher, denn auch die Strafverfolgungsbehörden nahmen die Firma ins Visier, und sie holten jüngst zum großen Schlag aus: Am 19. Februar durchsuchten nicht weniger als 1.200 Ermittlungsbeamte und 15 Staatsanwälte eine Frankfurter Jugendstilvilla und mehr als 130 Objekte in sieben Bundesländern.

Die Hauptverdächtigen wurden verhaftet, es sind der 33-jährige Stephan Schäfer und der 31-jährige Jonas Köller, die beiden Chefs von S&K. Sie werden verdächtigt, ein betrügerisches Schneeballsystem aufgebaut und Geldanleger um einen dreistelligen Millionenbetrag betrogen zu haben. Das Geld soll unter anderem für den exzessiven und extrem aufwendigen Lebensstil der Beschuldigten verwendet worden sein. Die Staatsanwaltschaft ermittelt in dem Fall gegen insgesamt 50 Personen, darunter sind auch Anwälte und Sachverständige, die den Hauptverdächtigen zu Diensten waren.

Für Maurischat und seine Truppe könnte der Triumph kaum größer sein. Bereits im März 2010 hatten sie vor S&K gewarnt. Für ihre Berichterstattung waren die Rechercheure von der Frankfurter Firma mit Klagen überzogen worden. Auf der Internetseite des Finanznachrichtendienstes ist zu lesen: “Bis zur vorgestrigen Verhaftung von Schäfer und seines Geschäftspartners Jonas Köller wurden gegen GoMoPa.net insgesamt zwölf Klagen an vier Landgerichten (Stuttgart, Berlin, Köln und Frankfurt am Main) eingereicht und der Streitwert auf drei Millionen Euro hochgetrieben.” Man habe sich davon aber nicht schrecken lassen: “GoMoPa.net hielt stand.” Damit weckt der Fall S&K Sympathien für ein Unternehmen, das sich gerne als eine Art Schutzpolizei für Bürger und Anleger darstellt. “GoMoPa wurde mit dem Ziel gegründet, durch aktive Aufklärung und permanente Transparenz nachhaltig zur Betrugsprävention in Wirtschaft und Gesellschaft beizutragen”, heißt es auf der Website.

Das klingt gut, wenn nicht: zu gut, um wahr zu sein. Recherchen der ZEIT legen den Verdacht nahe, dass die selbst erklärten Saubermänner ebenfalls Dreck am Stecken haben könnten. Es gibt Indizien für systematisch betriebene Erpressungen.

Gomopa steht für Goldman, Morgenstern & Partners, der Hauptsitz des Unternehmens ist New York, aber mit der berühmten Investmentbank hat die Firma nichts zu tun. Bei der auf der Website angegebenen Adresse von Gomopa handelt es sich um ein Gebäude an der Madison Avenue in Midtown Manhattan. Dort findet sich ein Business Center, eine Art Gemeinschaftsbüro, wo sich Unternehmen Fax, Kopierer und Konferenzräume teilen. Bei einem Besuch vor Ort war niemand von Gomopa für die ZEIT zu erreichen. Man solle einen Termin machen, sagte die Empfangsdame. Persönlich kenne sie niemanden von der Firma.

Tatsächlich scheint Gomopa maßgeblich von Deutschland aus betrieben zu werden. Am Tempelhofer Ufer in Berlin-Kreuzberg hat eine Gomopa GmbH ihren Sitz, es handelt sich um eine Niederlassung der US-Firma.

Ein ehemaliger freier Mitarbeiter der Firma beschreibt gegenüber der ZEIT den eigentlichen Zweck des Unternehmens als ein “ausgeklügeltes Schutzgeld-Geschäftsmodell”.

Seite 2/3:

“Dann morgen unser abgesteckter positiv Artikel”

Die Sache laufe so: “Entweder die betroffenen Unternehmen zahlen, oder Gomopa zerstört ihren Ruf so gründlich, dass sie keine Geschäfte mehr machen können.”

Das wäre Erpressung. Um das zu kaschieren, zahle die erpresste Firma an Gomopa das Geld für eine angebliche Dienstleistung, so der Exmitarbeiter. Oder sie beteilige sich sogar mit Kapital an Gomopa.

Das Ganze spielt sich vor dem Hintergrund des sogenannten grauen Kapitalmarkts ab. Die dort tätigen Unternehmen werden nicht von Aufsichtsbehörden überwacht. Sie versprechen potenziellen Geldanlegern hohe Renditen, etwa mit Immobiliengeschäften, Unternehmensbeteiligungen oder Edelsteinhandel. Auf die Risiken wird oft nur im Kleingedruckten hingewiesen. Ob die versprochene Rendite fließt, zeigt sich häufig erst nach Jahren. Viele Unternehmen handeln legal, aber Abzocke und Betrügereien kommen häufig vor. Seriöse Anbieter sind von unseriösen schwer zu unterscheiden.

Fachorgane mit kritischen Experten, die in diesem Bereich für Aufklärung sorgen, können Anleger vor Schäden bewahren, sind also eigentlich eine gute Sache. Es gibt aber offenbar auch ein anderes Geschäftsmodell: Erfahrene Szenekenner durchleuchten Anlagefirmen und unterziehen sie einer ständigen kritischen Berichterstattung, sie lassen sich dann aber durch Geldzahlungen der betroffenen Unternehmen ruhigstellen. Dass dieses Geschäftsmodell ganz besonders einträglich sein kann, ergibt sich aus der Tatsache, dass gerade unentdeckte Anlagebetrüger regelmäßig in Geld schwimmen und ein großes Interesse daran haben, ihre Geschäfte so lange wie möglich weiterzubetreiben.

Im Fall S&K ging es damit los, dass dessen Chefs eine Reihe anonymer E-Mails erhielten, wie sie der ZEIT vor ihrer Verhaftung berichteten. “Hallöle ihr milchreisbubis!”, begann eine dieser Nachrichten. “Eure klitsche ist in einem jahr geschichte. was jetzt im internet auf euch traumtänzer und loser zukommt, ahnt ihr nicht. haut ab, solange es noch geht. das ist ein gutgemeinter rat und unsere letzte warnung.”

Stephan Schäfer behauptet, Maurischat habe zugegeben, dass er und ein Mann namens Wolfgang Zimmermann für die anonymen Mails und auch für anonyme Internetseiten gegen S&K verantwortlich seien. “Das ist eine Lüge!”, schreibt Maurischat der ZEIT. Nie habe er derlei getan, nie derlei zugegeben.

Unstrittig ist, dass sich Maurischat und Schäfer im September 2012 in der Gomopa-Niederlassung in Berlin trafen, um Differenzen auszuräumen. Nach Maurischats Darstellung führte er damals mit Schäfer Vergleichsverhandlungen. Der Immobilienunternehmer habe ihn, einen anderen Mann namens Zimmermann und Gomopa verleumdet und nach einer Unterlassungsklage eingewilligt, Schmerzensgeld zu leisten. Überdies habe der S&K-Chef angeboten, sich bei dem Finanznachrichtendienst mit zwei Millionen Euro zu beteiligen.

Obwohl es sich dabei um eine außerordentlich merkwürdige Offerte handelte, war sie für Maurischat durchaus akzeptabel: “Ich schlug ihm vor, wenn er das wolle, dann könne er eine speziell dafür anzufertigende Teilhabererklärung unterzeichnen.”

Das tat Schäfer zwar nicht, aber er zahlte immerhin 200.000 Euro an Maurischat. Der leitete einen Großteil des Geldes an Zimmermann und andere weiter und behielt 30.000 Euro.

Am 22. Oktober schrieb Maurischat eine Mail an Schäfer, in der es zum einen um dieses bereits gezahlte Geld ging und zum anderen um eine noch vorzunehmende Beteiligung Schäfers an Gomopa. Diese Beteiligung hätte auch beeinflusst, wie über S&K auf GoMoPa.net berichtet worden wäre. Das legt jedenfalls die Mail nahe, die der Anlegerschützer schrieb.

“Also, Teilhabervertrag unterschrieben zu mir und entsprechend handeln. Dann morgen unser abgesteckter positiv Artikel und die beiden o.a. Artikel sind auch weg”, so Maurischat an Schäfer. Er bot an: “Meinetwegen schmeiße ich sämtliche Artikel auch sofort und heute raus wenn mir der unterschriebene und in der Anlage befindliche Teilhabervertrag vorliegt und wir das zum Bestandteil unserer Vereinbarung machen!” Der Schluss dieser Mail spricht Bände: “Jetzt du wieder! Gruß Klaus”.

Nach der Zahlung seien Artikel über sein Unternehmen auf der Website von Gomopa zum Teil verschwunden und zum Teil durch positivere Berichte ersetzt worden, sagt Schäfer. Maurischat behauptet heute, dass er einen Einstieg von S&K bei seinem Finanznachrichtendienst nur akzeptiert hätte, wenn sich die Immobilienfirma vorher von einem von ihm ausgewählten Wirtschaftsprüfer hätte begutachten lassen wollen. In der der ZEIT vorliegenden “Beteiligungserklärung” steht davon allerdings nichts. Dafür findet sich dort diese Passage: Gomopa “wird nach Eingang der ersten Zahlung sämtliche S&K betreffenden Artikel vom Netz nehmen und neue Artikel über S&K nicht veröffentlichen ohne diese mit S&K einvernehmlich abzusprechen”.

Seite 3/3:

So ist das in der Szene: Man schlägt sich – und verträgt sich

Klaus Maurischat verhandelte nach Unterlagen, die der ZEIT vorliegen, auch mit einem Finanzunternehmer in Hamburg. Dabei ging es ebenfalls um einen Einstieg bei Gomopa. Und auch über diesen Mann und einen seiner Geschäftspartner waren zuvor auf der Gomopa-Website kritische Beiträge erschienen.

Der Mann ließ sich auf die Sache ein. Der Gomopa-Chef habe ihm in einem mündlichen Gespräch klargemacht, dass die negativen Berichte nur gegen Geld ein Ende nehmen würden, sagt der Hamburger Geschäftsmann: “Zu zahlen erschien mir günstiger, als sich auf einen Internetkrieg einzulassen.”

Auch dieser Unternehmer bekam anonyme Mails. Bei einer stand in der Betreffzeile: “Kurz vor dem Konkurs?” Darunter folgten acht “Überschriften, die auf Internetseiten Sie zukünftig begleiten könnten”.

Der Hamburger schrieb an Maurischat: “Ich (…) bestätige hiermit den verbindlichen Antrag auf Ankauf von 40 Stck./ in Worten vierzig Shares (Aktien)” an der Gomopa Control Inc. Der Sitz dieser Gomopa-Tochter ist Miami im US-Bundesstaat Florida. Vereinbart wurde eine Beteiligung in Höhe von 200000 Euro.

Unstreitig ist, dass Gomopa im April 2012 von dem Hamburger Kaufmann 24750 Euro als erste Rate kassierte. Maurischat bestätigte ihm auch schriftlich den Eingang des Geldes und wies in dem Schreiben ausdrücklich darauf hin, dass diese Beteiligung in keinem Zusammenhang mit der Berichterstattung auf GoMoPa.net stehe, wie “böse Menschen” denken könnten.

Als der Unternehmer dann aber nicht die noch ausstehenden 175250 Euro überwies, bedrohte ihn Maurischat per Mail vom 9. Juli 2012: “Nochmals mache ich Sie darauf aufmerksam, dass ich Ihnen und sämtlichen Unternehmen an denen Sie beteiligt sind eigene Internetseiten widmen und über Ihre Geschäftspraktiken aufklären werde, wenn Sie Ihren Verpflichtungen nicht nachkommen.” Er werde überdies “sämtliche Geschäftsbanken Ihres Hauses informieren und über Ihr Unternehmen mehrfach auf unserer Plattform öffentlich berichten”, drohte Maurischat. “Diese Meldungen gehen sodann an fast 60000 User und Vertriebe aus dem Finanzbereich!” Angeblich schauen jährlich 8,4 Millionen Besucher auf der Gomopa-Website vorbei.

Auch per SMS drohte Maurischat dem Kaufmann: “Bis zum Offenbarungseid oder zur Insolvenz werde ich Sie treiben. Zahlen Sie nicht, bereite ich Ihnen und Ihrer Firma einen Skandal – da denken Sie noch in 20 Jahren dran!”

Maurischat gibt heute zu, diese Mails und Nachrichten “wahrscheinlich” geschrieben zu haben. Er sei “mehr als wütend” gewesen, weil der Hamburger ihm gegenüber sein Kaufmannsehrenwort gebrochen habe. Nicht er habe dem Mann eine Beteiligung angeboten, sondern der habe ihn danach gefragt. Das zugesagte Geld sei für ein neues Projekt seines Unternehmens fest eingeplant gewesen, sein Ausbleiben habe die Firma in ziemliche Schwierigkeiten gebracht.

Der ZEIT sind 14 weitere Firmen bekannt, die behaupten, im Zusammenhang mit Gomopa-Berichten zu Geldzahlungen genötigt worden zu sein. Sie haben Angst, genannt zu werden. “Gegen Gomopa haben Sie keine Chance”, sagt ein Unternehmer. “Auf deren Berichte wird im Internet geklickt. Egal ob die Fakten stimmen oder nicht.”

Maurischat weist alle Anschuldigungen zurück. Gomopa mache die Berichterstattung im Internet nie von Geldzahlungen abhängig. Vielmehr werde er diffamiert von Leuten, “die von uns beim Betrügen und Lügen erwischt wurden”.

Über ihn selbst, der mal eine Lehre als Groß- und Einzelhandelskaufmann gemacht hat, heißt es auf der Gomopa-Website, dass er “die Methoden und Tricks des Marktes wie kaum ein anderer” kenne, und das ist sicher wahr. Dass er einschlägig vorbestraft ist, steht nicht da. Man erfährt auf der Website auch nichts über die Verbindung mit dem 60-jährigen Wolfgang Zimmermann, einer ebenfalls schillernden Figur der Szene.

Zimmermann steht hinter einer Firma namens Confidential Business mit Sitz in Panama. Er taucht oft dann bei Unternehmen auf, wenn diese wegen Artikeln auf GoMoPa.net und anonymen Internetseiten unter Druck stehen. Zimmermann bietet an, das Problem gegen eine Geldzahlung zu lösen. Seine Dienstleistungen hat er in einem Werbebrief an das Frankfurter Immobilienunternehmen S&K (etwas ungelenk) so beschrieben: “Ich gebe meiner Klientel äußerst aggressive, aber legale Waffen und Mittel zu Hand.”

Wie Maurischat und Zimmermann zusammenarbeiten, das geht unter anderem aus einer der ZEIT vorliegenden Mail hervor, die Zimmermann an einen Finanzunternehmer geschrieben hat. Darin droht er: “Wir stellen weitere Anzeigen. Bis Sie am Ende sind.” Gomopa leiste “echt gute Arbeit”, schreibt Zimmermann und fügt hinzu: “Die können Sie nicht abstellen, da haben Sie keine Chance mehr. (…) Sie wollten ja nicht zahlen.”

Zimmermann hat sich zu keinem der Vorwürfe geäußert. Dass mit ihm nicht zu spaßen ist, hat auch Maurischat erfahren. Zwischen ihm und Zimmermann habe es einen jahrelangen Streit und “Internetkrieg” gegeben, schreibt er der ZEIT.“Auf diversen, anonym ins Internet gestellten Webseiten wurden Mitarbeiter und ich unter anderem als Päderasten, Gewohnheitsverbrecher und Kinderschänder bezeichnet.” 2006 habe man den “Krieg” mithilfe eines Anwalts beendet. Dann sei “Ruhe eingekehrt”. So ist das in der Szene: Man schlägt sich – und verträgt sich.

Video – Monty Python – The Spanish Inquisition

Great British comedy classic

Rosemary Award Winner For Worst Open Government Performance in 2012

Washington, DC, March 15, 2013 – The Department of Justice has earned the dubious distinction of winning the infamous Rosemary Award for the second time in a row, for worst open government performance of any federal agency over the past year, according to the award citation posted today by the independent non-governmental National Security Archive at www.nsarchive.org.

During the past year, Justice has failed to order agencies to upgrade their Freedom of Information regulations to comply with Congress’s statutory changes (dating back to 2007) or President Obama’s direction of a “presumption of disclosure.” Similarly, Justice failed to change its litigation posture in Freedom of Information lawsuits to support openness, and in fact actually backed agency efforts to undermine the 2007 OPEN Government Act. The Department and its Office of Information Policy continued, for the third year in a row, to publish misleading statistics about FOI responsiveness, while the government-wide use of discretionary exemptions, such as the “deliberative process” privilege, rose dramatically from the previous year.

Rose Mary Woods in action

President Richard Nixon’s secretary Rose Mary Woods demonstrates the backwards-leaning stretch with which she erased eighteen-and-a-half minutes of a key Watergate conversation recorded on White House tapes.

The Emmy- and George Polk Award-winning National Security Archive, based at The George Washington University, has carried out twelve government-wide audits of FOIA performance (including the Knight Open Government Surveys), filed more than 50,000 Freedom of Information requests over the past 25 years, opened historic government secrets ranging from the CIA’s “Family Jewels” to the Iraq invasion war plans, and won a series of lawsuits that saved hundreds of millions of White House e-mail from the Reagan through the Obama presidencies, among many other achievements.

The Archive established the Rosemary Award in 2005 to highlight the lowlights of government secrecy, and named the prize after President Nixon’s secretary, Rose Mary Woods, who testified that she had accidentally – while stretching to answer a phone call – erased 18 and a half minutes of a crucial Watergate tape.

Justice clinched the intensely competitive award with the appearance before the Senate Judiciary Committee on Wednesday March 13, 2013 by the director of the department’s Office of Information Policy, Melanie Pustay, who refused to answer senators’ questions about department litigation that would undermine the OPEN Government Act of 2007 authored by Senators Leahy and Cornyn. For the video, visit the Senate Judiciary Committee site.

The Department’s testimony claimed that updating agency Freedom of Information regulations was merely optional, “not required” when Congress changed the law in 2007 or when the President and the Attorney General changed the policy in 2009. Director Pustay quickly asserted, however, that her own agency was in the final stages of updating its own FOIA regulations – to which Senator Leahy replied, it’s been five years since we changed the law, it took me less time to get through law school!

As the Department’s lead entity for enforcing compliance with the Freedom of Information Act, the Office of Information Policy remains the primary impediment for raising the U.S. government’s implementation of FOIA to the levels demanded by President Obama, according to today’s Rosemary Award citation.

The National Security Archive’s latest audit of federal agency FOIA performance shows that 53 out of 100 agencies have not updated their regulations since Congress changed the law in 2007. The Archive’s findings also reveal that updated regulations are no guarantee of good regulations, since only one of the three agencies that updated since December 2012 complied with the requirements of the 2007 statutory changes.

Several witnesses and Senators’ questions at the March 13 hearing exposed the Justice Department’s attempt to eviscerate the OPEN Government Act of 2007 by backing the Federal Election Commission in their litigation against the public interest group CREW. The FEC claims that a postcard acknowledgement amounts to a “determination” under FOIA, and thus meets the 20-day response standard in the law, retaining the threat of fees that the 2007 act meant to remove when agencies were untimely in their responses to requesters. Director Pustay told the Senators she couldn’t comment on pending litigation.

The Justice Department also earned the Rosemary Award by failing to do any review of FOIA litigation to apply the new Obama openness policies. The problem dates back to the Attorney General’s memo from March 2009 that included a huge loophole, leaving it up to the Department’s litigators to apply the new standards “if practicable”! In stark contrast, President Clinton’s Attorney General Janet Reno included a formal requirement for litigation review in her 1993 memorandum on FOIA. Subsequently, the Department reported back in 1994 that the review actually produced significant new disclosures.

The Justice Department continues to stretch the truth on FOIA responsiveness, claiming for three years now a “release rate” of over 90 percent. However, as witnesses pointed out at the Senate Judiciary hearing on March 13, that number willfully ignores the real experience of FOIA requesters, in part by discounting 9 of the 11 reasons that the Department sends them away unsatisfied (“no records,” “referrals,” “fee-related problems,” “not reasonably described” etc.). Counting those categories, the actual “release rate” would be a more pedestrian – and more realistic – 55 to 60 per cent.

The true DOJ release statistics.

These fudged statistics and prohibitive FOIA procedures have real world implications for citizens attempting to see documents describing what their government is up to. For example, in January 2013, the Justice Department denied a New York Times FOIA request for its White Paper (provided to Congress) on the legal bases for drone targeting, claiming the b-5 deliberative process exemption, which has essentially come to mean “withhold it because you want to withhold it.” This is the very exemption that Attorney General Eric Holder, in his March 2009 Memorandum on FOIA, instructed agencies to use less frequently, writing that information should not be withheld simply because an agency “may do so legally.”

Four days after the unclassified memo leaked to NBC News, however, the Justice Department released the document “as a matter of agency discretion.” The release actually shows that the Department had no basis for withholding the White Paper in the first place. Instead, the DOJs public message seems to be: “leaks work better than FOIA.” White House spokesman Jay Carney apparently agreed, stating at a press conference after the leak, “Since it’s out there, you should read it.”

In fairness (which is not the point of the Rosemary Award), today’s citation recognizes that the Justice Department has also taken steps that actually improve transparency. These include prodding agencies to close their ten oldest FOIA requests (though some requests have still been languishing for more than 20 years), requiring regular and even quarterly FOIA reports from all agencies, co-hosting “requester round table meetings,” and encouraging agencies to send FOIA staff to American Society of Access Professionals (ASAP) training sessions. (The Department’s Office of Information Policy actually received an award from ASAP in 2012, but this was for its support of ASAP as an organization, not for Justice’s FOIA policies and practices.)

Unfortunately, these welcome improvements have to be weighed against the more troubling evidence of policy-level disregard for basic considerations of openness that the Department has displayed. At the same time that Justice Department OIP director Pustay testified with a straight face that “all agencies are in compliance with the OPEN Government Act,” her own agency was fighting in court to eviscerate that Act’s primary enforcement mechanism, propagating misleading FOIA statistics, and failing to implement her own Attorney General’s instruction to establish “a presumption of disclosure.”

TMZ – Lindsay Lohan Shows Up to Court — GLITTERED!

http://youtu.be/-Km9gegd8L4

Lindsay Lohan showed up to her trial moments ago — 48 minutes late — and someone threw glitter at her on her way in.

TOP-SECRET – Michael Anne Casey CIA bin Laden Hunter

Michael Anne Casey CIA bin Laden Hunter

Michael Anne Casey, with Alfreda Frances Bikowsky, was identified by reporters reporters Ray Nowosielski and John Duffy as principals in the CIA team which tracked Osama bin Laden:

Nowosielski and Duffy make the case that Bikowsky and another CIA agent named Michael Anne Casey deliberately declined to tell the White House and the FBI that Khalid al-Mihdhar, an Al Qaida affiliate they were tracking, had obtained a visa to enter the U.S. in the summer of 2001. Al-Mihdhar was one of the hijackers on American Airlines Flight 77. The CIA lost track of him after he entered the U.S.Michael Anne Casey, according Nowosielski and Duffy, is the name of the CIA analyst who sat on information about Al-Mihdhar obtaining a visa in 2001, at one point telling an FBI agent detailed to the agency, “Listen, it’s not an FBI case. It’s not an FBI matter. When we want the FBI to know, we’ll let them know. And you’re not going to say anything.”

An alleged composite of the bin Laden trackers is the heroine of the movie Zero Dark Thirty.

[Image]

Video Skid – Monty Python – Four Yorkshiremen

The FBI – Lawyer Pleads Guilty to Involvement in Massive No-Fault Automobile Insurance Fraud Scheme

Preet Bharara, the United States Attorney for the Southern District of New York, announced today that Sol Naimark, an attorney, pled guilty to his role in two separate conspiracies to defraud private insurance companies under New York’s no-fault automobile insurance law, including one charge related to the largest single no-fault automobile insurance fraud scheme ever charged. Naimark pled guilty yesterday before U.S. District Judge J. Paul Oetken. Recently, Alexander Sander, an owner and controller of several fraudulent no-fault clinics; Gregory Mikhalov, an owner and controller of medical clinics; Lynda Tadder, a manager at a no-fault clinic; and Chad Greenshner, a licensed chiropractor, also pled guilty to conspiracy to commit mail fraud and health care fraud in connection with the scheme before Judge Oetken. The five defendants were arrested in February 2012, along with 31 others, and charged with conspiracy to commit mail fraud and health care fraud in connection with a systemic scheme to defraud private insurance companies of more than $279 million under New York’s no-fault automobile insurance law. Some of the defendants were also charged with racketeering and money laundering. A total of 10 defendants, including one licensed doctor, have now pled guilty. Naimark also pled guilty to a separate conspiracy to commit health care fraud.

Manhattan U.S. Attorney Preet Bharara said, “Sol Naimark actively solicited clients for whom he could churn out bogus lawsuits as part of a multi-million-dollar insurance fraud scheme. It is particularly egregious when an attorney uses his license to perpetrate a fraud.”

According to the superseding information, other publicly filed information in the case, and the defendants’ statements in open court:

Under New York State Law, every vehicle registered in New York State is required to have no-fault automobile insurance, which enables the driver and passengers of a registered and insured vehicle to obtain benefits of up to $50,000 per person for injuries sustained in an automobile accident, regardless of fault, (the “No-Fault Law”). The No-Fault Law requires prompt payment for medical treatment, thereby obviating the need for claimants to file personal injury lawsuits in order to be reimbursed. Under the No-Fault Law, patients can assign their rights to reimbursement from an insurance company to others, including medical clinics that provide treatment for their injuries. New York State Law also requires that all medical clinics in the state be incorporated, owned, operated, and/or controlled by a licensed medical practitioner in order to be eligible for reimbursement under the No-Fault Law. Insurance companies will not honor claims for medical treatments from a medical clinic that is not actually owned, operated, and controlled by a licensed medical practitioner.

In order to mislead New York authorities and private insurers, some of the defendants in this case who were the true owners of these medical clinics (“No-Fault clinic controllers”) paid licensed medical practitioners, including doctors, to use their licenses to form the professional corporations through which the medical clinics would then bill the private insurers for the bogus medical treatments. Sandler owned, operated, and controlled at least four of these no-fault clinics, and Tadder was a manager at one of the clinics.

The No-Fault clinic controllers also instructed the clinic doctors to prescribe excessive and unwarranted referrals for various “modality treatments” for nearly every patient they saw. The treatments included physical therapy, acupuncture, and chiropractic treatments—as much as five times per week for each—and treatments for psychology, neurology, orthopedics, and range of motion, in addition to functional capacity tests. Clinic doctors also prescribed unnecessary MRI’s, X-rays, orthopedics, and medical supplies. The No-Fault clinic controllers received thousands of dollars in kickbacks for patient referrals from the owners of the modality clinics (“modality controllers”). Mikhalov was a modality controller who admitted to owning modality clinics that purported to be owned by licensed doctors, as required by New York Law. Greenshner was a chiropractor who provided unnecessary medical treatments at one of the modality clinics.

Patients were also referred to personal injury lawyers to file lawsuits against the insurance companies arising out of their exaggerated injuries from automobile accidents. The success of these lawsuits hinged on how many medical treatments the patients received, providing the necessary incentive for the patients to receive multiple treatments at the no-fault and modality clinics. Naimark admitted to paying a No-Fault clinic controller to refer him patients that received unnecessary treatments so that he could file personal injury lawsuits on behalf of the patients. The second charge to which Naimark pled guilty relates to payments he made to a runner to bring him no-fault patients so that he could file personal injury lawsuits on their behalf.

* * *

Naimark, 54, of Flushing, New York, pled guilty to two counts of conspiracy to commit health care fraud. He faces a maximum sentence of 20 years in prison. He is scheduled to be sentenced by Judge Oetken on July 22, 2013. Sandler and Mihalov each pled guilty to conspiracy to commit health care fraud and conspiracy to commit mail fraud, and each faces a maximum sentence of five years in prison. Tadder pled guilty to conspiracy to commit health care fraud and conspiracy to commit mail fraud and faces a maximum sentence of 30 years in prison. Greenshner pled guilty to conspiracy to commit health care fraud and faces a maximum sentence of 10 years in prison. Greenshner Mikhalov, Sandler, and Tadder are scheduled to be sentenced by Judge Oetken on July 1, July 8, July 9, and September 27, 2013, respectively.

U.S. Attorney Preet Bharara thanked the Federal Bureau of Investigation and the New York City Police Department for their continued outstanding work in this investigation.

The case is being prosecuted by the Office’s Organized Crime Unit. Assistant U.S. Attorneys Daniel S. Goldman, Nicholas L. McQuaid, Carolina A. Fornos and Daniel S. Noble are in charge of the prosecution. Assistant U.S. Attorneys Jason L. Cowley and Martin Bell of the Office’s Asset Forfeiture Unit are responsible for the forfeiture of assets.

TMZ – Ice-T & Coco Have Beets Scare!

http://youtu.be/ZfXlkqZAcHA

The TMZ Tour saw Ice-T and Coco out having lunch and Coco admitted to having a beet salad… so now we know what color her pee is today…

Cryptome – Shabak Sites Then and Now

Shabak Sites Then and Now

http://www.shabak.gov.il/English/History/mischan/Pages/default.aspx [Image]

Google Street View

[Image]

Google Street View

[Image]

Google Street View

[Image]

Google Street View

[Image]

Google Street View

[Image]

Google Street View

[Image]

[Image] [Image]

Video – Skid – The Lonely Trout: Evolution

Billy Connolly rehearses for Eric Idle’s What About Dick? A once in a lifetime comedy event from the procreators of Spamalot. Exclusive Download only from http://www.whataboutdick.com on November 13th 2012.

Starring Russell Brand, Billy Connolly, Tim Curry, Eric Idle, Eddie Izzard, Jane Leeves, Jim Piddock, Tracey Ullman and Sophie Winkleman.

TOP-SECRET – FAA Airspace Management Plan for Disasters

FAA Airspace Management Plan for Disasters

30 pages
For Official Use Only
July 18, 2012

0.1 The Airspace Management Plan for Disasters provides a nationally consistent framework and suite of supportive tools for the use of the Federal Aviation Administration’s air traffic and airspace management operational expertise and capabilities, as well as statutory authority, to enhance the safety and effectiveness (including unity of effort) of air missions supporting response and recovery efforts such as Search and Recue flights following a disaster. The plan also speaks to the use of these tools to safeguard persons and property on the ground. Additionally, this plan also helps to balance the needs of those response air missions with the agency’s concurrent effort to return the National Airspace System, which is critical to the U.S. economy and American way of life, to normal operations. Note that the Federal Aviation Administration also uses operational contingency plans and other air traffic management procedures, which are separate from this document, that specifically focus on sustaining the operation of the National Airspace System and normal air traffic, especially for situations involving the disruption or degrading of the agency’s Air Navigation Services.

0.2 Federal, State, and local agency, as well as military, partners are the primary intended audience of this document. This plan is also provides a coordination resource for those Federal Aviation Administration operations personnel who regularly cooperate with interagency partners on the use of air traffic and airspace management capabilities to support response and recovery efforts.

0.3 The plan is informed by numerous natural disasters that have struck the country since Hurricane Katrina in 2005, as well as many national and State-level exercises. Reflecting the lessons learned from those events, the plan is designed to be implemented in a scalable and flexible manner that best meets the operational needs shaped by the specific disaster at hand and the requirements of the responding Federal, State, local, tribal / territorial, and private sector stakeholders. Implementation of this plan can be carried out for any disaster provoking the need for response and recover air missions or otherwise involving the National Airspace System, including events to which the Federal Government is responding through the Stafford Disaster Relief and Emergency Assistance Act and purely State or local crises. In many cases, the Federal Aviation Administration will implement this plan initially in cooperation with State level authorities, including State Emergency Management Agencies and National Guard units, and then, as the disaster unfolds, scale up implementation as Federal assistance, including response aircraft begin to arrive in theater. Elements of this plan may also be used to facilitate air operations regularly flown by the U.S. Forest Service, Bureau of Land Management, and National Park Service to support, for example, wildfire firefighting, law enforcement, and search and resure missions.

0.4 The plan is not intended as a stand alone document. It is intended to be implemented through Federal Aviation Administration Temporary Flight Restrictions and other operational measures. The plan is also designed to provide air traffic and airspace management input to a broad range of other aviation centric disaster response and recovery plans and procedures used by U.S. Northern Command, United States Coast Guard, Customs and Border Protection, the State Emergency Management Agencies and National Guard elements, and other Federal, State, local, territorial / tribal interagency partners. In addition, it is intended to complement the National Response Framework and other related disaster response and recovery plans.

Video – Monty Python – Dirty Hungarian Phrasebook

The Dirty Hungarian Phrasebook sketch and courtroom scene from Monty Python’s Flying Circus

P.S. Yes, we know they’re just speaking gibberish and it’s not really Hungarian. We don’t need any more smartypants commenters telling us that.

SECRET – Denver-Area Criminal Named to FBI’s Ten Most Wanted Fugitives List

Federal Bureau of Investigation, Denver Division Special Agent in Charge (SAC) James Yacone announced today the placement of a fugitive from the Denver metropolitan area to the FBI’s Ten Most Wanted Fugitives list. Joining SAC Yacone at the press conference were First Judicial District Attorney Peter A. Weir, United States Attorney for the District of Colorado John Walsh, and Jefferson County Sheriff Ted Mink.

SAC Yacone discussed the background of the FBI’s Ten Most Wanted Fugitives program, which was launched on March 14, 1950—63 years ago today. The program has a nearly 94 percent success rate for those that have been added to the list and arrested since its inception.

The last fugitive from Colorado added to the list from the FBI Denver Division was Theodore Robert Bundy, aka Ted Bundy, on February 10, 1978; he was captured on February 15, 1978 for a murder he committed in Aspen, Colorado.

The fugitive that was added to the Ten Most Wanted Fugitives list today is Edwin Ernesto Rivera Gracias. He is wanted for his alleged involvement in the brutal murder of a long-time family acquaintance in Jefferson County, Colorado. The crime took place on August 17, 2011. The 69-year-old victim was found brutally beaten, stabbed, and dumped in the mountains of Jefferson County.

Rivera Gracias is believed to be in El Salvador and may have Salvadoran identification that says Edwin Rivera. He may also attempt to travel to the United States using fraudulent documents.

He is a known member of the gang MS-13. Rivera Gracias has ties to other gang members who are located in Colorado, Los Angeles, and El Salvador. Rivera Gracias may also be traveling to Mexico and Guatemala.

The FBI Denver Division obtained an unlawful flight to avoid prosecution (UFAP) warrant for Rivera Gracias in the United States District Court for the District of Colorado.

The FBI Denver Division is asking for media and public assistance in bringing this dangerous fugitive to justice. The FBI is offering a reward of up to $100,000 for information leading directly to the arrest of Edwin Ernesto Rivera Gracias.

If Rivera Gracias is spotted, immediately contact the nearest office of the FBI or local law enforcement agency. For any possible sighting outside the United States, contact the nearest U.S. Embassy or Consulate.

A telephone tip line has been set up to assist in the apprehension of this fugitive. Please call 1-800-CALL-FBI to report information.

Resources:
– Story: New Top Ten Fugitive
– Video: Edwin Ernesto Rivera Gracias on FBI Ten Most Wanted List
– Wanted poster (English) | Wanted poster (Spanish)
– Ten Most Wanted Fugitives list
– Facts on the Ten Most Wanted Fugitives program

Additional Information:

Top Ten Fugitives Who Committed Crimes Within the Denver Division

Name	Date Placed on List	Date Arrested/Located	Location of Crime	Crime Committed
Joseph Franklin Bent, Jr.	1/9/51	8/29/52	Cheyenne, WY	UFAP-Robbery, Attempted Murder, Assault
Cameron David Bishop	4/15/69	3/12/75	Golden, CO	Sabotage
Theodore Robert Bundy	2/10/78	2/15/78	Aspen, CO	UFAP-Murder
Joseph Corbett, Jr.	3/30/60	10/29/60	Denver, CO	UFAC-Kidnapping, Murder
Charles Francis Higgins	10/10/60	10/17/60	Canon City, CO	UFAC-Robbery
Francis Leroy Hohimer	6/20/69	12/20/69	Denver, CO	UFAP-Robbery
Everett Lowell Krueger	1/25/54	2/15/54	Jackson, WY	ITSMV
Chester Anderson McGonigal	8/14/61	8/17/61	Aspen, CO	UFAP-Attempted Murder
Edwin Ernesto Rivera Gracias	3/14/13		Jefferson County, CO	UFAP-First-Degree Murder

Top Ten Fugitives Arrested/Located Within the Denver Division

Name	Date Placed on List	Date Arrested	Location of Arrest	Crime Committed
Daniel Jay Barney	3/10/81	4/19/81 (found dead)	Denver, CO	UFAP-Sexual Assault; Armed Burglary; Escape
Everett Leroy Biggs	11/21/66	12/1/66	Broomfield, CO	UFAP-Armed Robbery; Bank Robbery
James Robert Bishop	1/10/66	1/21/66	Aspen, CO	UFAP-Armed Robbery
Harry H. Burton	3/9/51	2/7/52	Cody, WY	UFAP-Murder
Daniel Abram Everhart	8/17/55	10/9/55	Denver, CO	UFAP-Robbery
Edward Eugene Harper	11/29/08	7/23/09	Washakie County, WY	UFAP-Conspiracy to Commit Sexual Battery, Child Fondling, Sexual Battery
Richard Allen Hunt	5/27/59	6/2/59	Thermopolis, WY	ITSMV; UFAP-Kidnapping, Assault with Intent to Commit Murder
Lohman Ray Mays, Jr.	2/15/85	9/23/85	Cheyenne, WY	Bank Robbery; UFAC-Escape
Chester Anderson McGonigal	8/14/61	8/17/61	Denver, CO	UFAP-Attempted Murder
Jack Harvey Raymond	8/8/54	10/14/54	Denver, CO	ITSP
James Ray Renton	4/7/76	5/9/77	Aurora, CO	UFAP-Murder; Bond Default; Parole Violator
John William Sherman	8/3/79	12/17/81	Golden, CO	EFP
Ernest Tait	8/16/60	9/10/60	Denver, CO	UFAP-Burglary
Raymond Edward Young	11/12/51	11/16/51	Denver, CO	UFAP-Burglary, Assault with a Dangerous Weapon

TMZ – Reggie Bush’s Baby Mama Looks Like Kim Kardashian

Reggie Bush was out exercising in Santa Monica with his baby mama, Lilit Avagyan, who looks EXACTLY like Kim Kardashian. Exercise is known to help induce labor but hopefully it won’t go down while Reggie is in company — he might fumble it.

Cryptome unveils – Deep State: Inside Government Secrecy Industry

Review of Deep State: Inside the Government Secrecy Industry

Deep State: Inside the Government Secrecy Industry

Marc Ambinder and D.B. Grady

Read on Kindle; hardcover due April 1, 2013

This comprehensive assessment of the secrecy industry — its origin in 1947 national security legislation, rise through promotion of the Cold War, decline with collapse of the USSR, near death before 9/11 rescue, to steroidal enhancement with Coldwarish cyberwar — is paralleled with the critical self-advancing role of journalism in managing information flow to the public through quiet mutually beneficial arrangements between officials and the press in deciding what shall be kept secret and what revealed, with “national security” the plutonium-pitting goose.

Until the Internet blasted open the goose-bolthole for bandits like WikiLeaks.

Ambinder and Brown tell an applaudable if sordid story of complicity between government and media to exploit public trust, aptly summarized by the opening authors’ note:

AUTHORS’ NOTEThis is a book about secrets, and the authors feel an obligation to be transparent about a few things. During his time in the military, author D. B. Grady (which is a pseudonym for David Brown) held a security clearance. No sensitive information he came across while serving in Afghanistan or in the United States made it into this book.

In September 2012, author Marc Ambinder began consulting for Palantir Technologies LLC, an analytics company that does work for intelligence agencies and the Department of Defense, among other clients. He was brought in to work on a specific project that did not require access to secrets or to classified information. There was no cross-pollination; the manuscript had already been completed, and nothing in this book comes from any material gathered at Palantir.

Finally, both authors wrote extensively about secrecy while writing this book. We’ve written tens of thousands of words on the subject, and have collectively written more than 20,000 posts to Twitter. If one compares our body of work to this book, it is possible that we have reused phrases or metaphors to describe certain subjects. If that is the case, it is entirely unintentional. Our brains don’t compartmentalize the way that computers can. However, aside from some material about the U.S. Joint Special Operations Command that also appeared in The Command: Deep inside the President’s Secret Army, the book is an original work in its entirety, the reporting is fresh, and the conclusions, we hope, are original.

While researching this book we stumbled across many things that we won’t be able to write about. Though we have no legal obligation to submit our work to the government before publication, we have an ethical obligation as citizens to take extreme care when writing about sensitive subjects. We shared certain chapters with a number of former senior national security and intelligence officials, including several former directors of intelligence agencies. Our purpose was to learn if the publication of this book would truly jeopardize national security. After receiving the feedback, we asked ourselves whether there was a compelling reason to print the secrets in question anyway, and worked from there. We hope we’ve struck the proper balance.

The last paragraph confirms the national security complicity continues unabated, whether chosen by the authors or enforced by publisher’s lawyers and official secrecy agreements. This is the gold standard of national security office-holding and journalism, either join the club or be excluded from rewarding access.

Despite the authors’ admirably researched coverage of the secrecy industry and complicit journalism, they condemn both official secrecy officially-sanctioned journalism to follow the USSR into extinction by uncontrollable openness generated by public distrust of government and journalism seen as global spying machines.

Don’t dream of rejuggling of government and journalism, online or offline, to head off their decline, no national defense will protect against it, no increase in secrecy measures will stop leaks of vital secrets.

Too many secrets, too many secretkeepers, too many inherent faults to breach overloaded containment vessels. Digital information cannot be controlled by physical fortresses. A thumb drive can be a weapon of mass destruction. Leaks spread at the speed of photons, too fast for human response. At this speed leaks are indistinguishable from secrets except to inhuman machines.

Keeping secrets will depend not on HUMINT but on information system processors requiring layers of interpretation for slow-witted human comprehension and action forever too late. Government and journalism are not equipped mentally or physically for this hyperspeed torrent over-flooding their bulwarks.

A spark of hope national security fear-mongering can work: A specialist is quoted as saying quantum research is as crucial as was the invention of the atomic bomb, the “US cannot survive being second in this race.” Photons faster, more unpredictable and more lethal than controlled atomic reactions. The national security threat of Internet swarm is unbeatable except by highly classified technology.

Very fast forward to plot exposure: Bêtes noires of this downfall of authoritative information is WikiLeaks and other outsiders of the authority-by-secrecy industry.

Outsiders win the WarGame:

“A young man finds a back door into a military central computer in which reality is confused with game-playing, possibly starting World War III.”

Monty Python’s Flying Circus – Argument Clinic

PI – DHS Geospatial Concept of Operations (GeoCONOPS) Version 4

Homeland Security Geospatial Concept of Operations (GeoCONOPS) Version 4.0

Draft
190 pages
June 2012
3.64 MB

The Homeland Security Geospatial Concept of Operations (GeoCONOPS) is a multiyear effort focused on the geospatial communities supporting DHS and FEMA activities under the NRF and in coordination with Presidential Policy Directive 8: National Preparedness (PPD-8) which describes the Nation’s approach to preparing for the threats and hazards that pose the greatest risk to the security of the United States. The GeoCONOPS, in its fourth year, is a multiyear product to document the current geospatial practices supporting the NRF, PPD-8, and Stafford Act activities. The participants and intended audience of the GeoCONOPS include the GIOT Members, 15 Emergency Support Functions (ESF), both primary and support, and other federal mission partners. The GeoCONOPS will be updated on a yearly basis to ensure it meets the needs of all mission partners. The GeoCONOPS is currently under review by FEMA for adoption by NIMS.

…

DHS is relying more often and more broadly on geospatial information technology to collect and analyze key situational awareness data for its emergency response missions. According to the National Strategy for Homeland Security and DHS’s mission statement: homeland security covers prevention, protection, mitigation, response, and recovery. Geospatial products and intelligence play a key role in the Department’s preparation for disasters and its response to them; they are used to help assess damage, aid in search and rescue (SAR), remove debris, and support incident management.

The Geospatial Management Office (GMO) serving the DHS Chief Information Office, was established by the Intelligence Reform and Terrorism Prevention Act of 2004 (Title VII, Subtitle B, Section 8201, Homeland Security Geospatial Information). Through its implementation of DHS Management Directive 4030, the GMO exercises executive leadership in establishing DHS geospatial information technology programs, directives, and initiatives and provides oversight for the integration of geospatial data 1 See Annex C for a complete list of federal partners. and technology. It serves as the principal office to facilitate all interagency activities relating to domestic geospatial and remote sensing (RS) data to support the needs of homeland security-related intelligence, law enforcement, environmental, scientific, and emergency response requirements.

The GMO must develop requirements and processes for access to common operating data used by components and provide guidance to other federal departments and agencies that are supporting and executing homeland security and emergency management operations.

Geospatial technology provides a significant role in incident management. Its uses today include disaster early warning and mitigation, border monitoring, criminal investigations, public health protection, and critical infrastructure oversight. In recent years, federal mission partners have been operating with minimal formal guidance or direction on how to conduct geospatial support to the emergency response and homeland security operating regimes, relying instead on ad hoc coordination.

As a result, geospatial efforts in support of incident management have frequently been slow to start or have been completely unavailable immediately following a disaster, leaving the “full power” and benefits of geospatial technology unrealized. The development of the GeoCONOPS for homeland security and emergency management operations ensures that timely and accurate geospatial data is shared across the entire geospatial community, resulting in better informed decision making across all phases of an incident.

…

…

GIOT Team Members

Department of Agriculture (USDA)
– Office of the Chief Information Office
– Enterprise Geospatial Management Office
– Office of Homeland Security & Emergency Coordination
– Emergency Operation Center
– Forest Service
– National Interagency Fire center

Department of Commerce (DOC)
– National Oceanic & Atmospheric Administration (NOAA)
– US Census Bureau

Department of Defense (DoD)
– Office of the Deputy Undersecretary for Defense
– National Geospatial-Intelligence Agency (NGA)
– National Guard Bureau
– NORTHCOM
– US Army Corps of Engineers (USACE)

Department of Health & Human Services (HHS)

Department of Homeland Security (DHS)
– Office of the Chief Information Officer/Geospatial Management Office (GMO)
– Customs and Border Patrol (CBP)
– Federal Emergency Management Agency (FEMA)
– Federal Insurance & Mitigation Administration (FIMA)
– Office of Response & Recovery (ORR)
– National Preparedness Directorate (NPD)
– National Exercise Division (NED)
– National Integration Center (NIC)
– Mission Support Bureau (MSB)
– Office of the Chief Information Officer (CIO)/Geospatial Solutions Branch
– Federal Law Enforcement Training Center (FLETC)
– Immigration & Customs Enforcement (ICE)

– National Protection & Programs Directorate (NPPD)
– Federal Protective Service (FPS)
– Office of Infrastructure Protection (IP)
– Office of Health Affairs (OHA)
– Office of Intelligence and Analysis (I&A)
– Office of Operations Coordination & Planning (OPS)
– Science and Technology (S&T)
– Transportation Security Administration (TSA)
– US Coast Guard (USCG)
– US Secret Service (USSS)

Department of Housing & Urban Development (HUD)

Department of Interior (DOI)
– US Geological Survey (USGS)

Department of State
– USAID

Department of Transportation (DOT)

Environmental Protection Agency (EPA)

Federal Aviation Administration (FAA)

Office of the Director of National Intelligence (ODNI)
– Program Manager for the Information-Sharing Environment (PM-ISE)

Small Business Administration (SBA)

Veterans Administration (VA)

Collaborating Partners

American Red Cross (ARC)

National Alliance for Public Safety GIS (NAPSG)

National States Geographic Information Council (NSGIC)

Open Geospatial Consortium (OGC)

TMZ – Brandi Glanville Looking HOT — Would You Risk HPV?

http://youtu.be/L_J1BIsBO-8

Brandi Glanville was looking sexy out on the beach the other day but WHO CARES! We’d rather talk about her HPV.

SECRECY NEWS – OPM MULLS CHANGES TO SECURITY CLEARANCE QUESTIONNAIRE

The Office of Personnel Management has invited the public to comment on
proposed changes to Standard Form (SF) 86, the questionnaire that must be
filled out by all persons who are seeking a security clearance for access
to classified information.

Although critics have argued that the SF-86 is hopelessly out of date and
should be abandoned in favor of a more streamlined process, the changes
that OPM is currently considering are mostly technicalities, not a
wholesale revision.  Proposed changes include a recognition of civil unions
as a legal alternative to marriage, a clarification that use of drugs that
are illegal under federal law must be reported even if they are legal under
state law, and changes in wording and instructions for completion of the
Form.

Public comments on the changes were solicited by OPM in a March 12 Federal
Register notice.

    http://www.fas.org/sgp/news/2013/03/fr-sf86.html

SF-86 is notoriously burdensome to fill out, requiring individuals to
supply detailed personal information about all places they have lived for
the past seven years, their employment history and where they went to
school, along with the name and contact information of someone who can
verify each item, as well as any criminal history record, use of illegal
drugs, and so forth.

    http://www.fas.org/sgp/othergov/sf86.pdf

"The SF 86 takes approximately 150 minutes to complete," the OPM notice
says.  But for many people, this seems to be an underestimate.

"I spent four hours one Saturday completing [an] SF-86," wrote John Hamre,
who was deputy secretary of defense under President Clinton, in a
Washington Post op-ed recently. ("The wrong way to weed out spies,"
Washington Post, February 20.)  His pointed criticism of the Form and the
clearance process may have inspired some of the proposed changes.

The OPM notice promises that "once entered, a respondent's complete and
certified investigative data remains secured in the e-QIP system until the
next time" the form must be completed (e.g. for clearance renewal).

But in Secretary Hamre's case this didn't happen for some reason -- his
previous Form was not saved. "The OPM apparently had no record of this
document, which was filed with that agency," he wrote, so he had to start
over from scratch.

When the SF-86 asked for a list of "all foreign travel you have undertaken
in the past 7 years," Hamre balked.  He said he had repeatedly traveled on
official business and always reported any contacts with foreign government
officials.  So "I refused to enter the information, rather than give it to
our government a second time."

As if in response to Hamre's objection, the new OPM notice says the Form's
instructions will be "amended so that the respondent need [not] report
contact related to official U.S. Government travel."

Much like the national security classification system that it supports,
the security clearance process is still predicated on cold war-era
presumptions that became obsolete decades ago. This fundamental critique
has yet to be addressed by OPM.

"Why does our government rely on forms designed in the 1950s?" Hamre
complained.  "Our country needs a system built for the 21st century.  The
current system is pathetic."

DETERRING LEAKS THROUGH POLYGRAPH TESTING

Last summer, Director of National Intelligence James R. Clapper directed
agencies that perform polygraph tests to include a "pre-test dialogue"
about the need to prevent leaks of classified information as part of the
polygraph interview process.

In a July 2012 memorandum to agencies, he said that the CIA's polygraph
program exemplified what he had in mind.

"During the pre-test discussion, CIA specifically asks whether an
individual has provided classified information or facilitated access to
classified information to any unauthorized persons, to include the media,
unauthorized U.S. persons, or foreign nationals.  The polygraph process is
also used to identify deliberate disclosures," DNI Clapper wrote.  Other
agencies that perform polygraph testing should follow procedures similar to
CIA's, he said.

"Aggressive action is required to better equip United States Government
elements to prevent unauthorized disclosures," DNI Clapper wrote.

The new policy was announced last June, but the implementing July 2012
memorandum was only released this week in response to Freedom of
Information Act requests.  See "Deterring and Detecting Unauthorized
Disclosures, Including Leaks to the Media, Through Strengthened Polygraph
Programs," July 13, 2012:

    http://www.fas.org/sgp/othergov/intel/leak-poly.pdf

A copy of the memorandum was also obtained by Jason Leopold of
Truthout.org, who reported on it yesterday.

    http://truth-out.org/news/

LEAKS: WHY THE GOVERNMENT CONDEMNS AND CONDONES THEM

Leaks of classified information and the government's responses to them are
the subject of a new study by David Pozen of Columbia Law School.

The starting point for his examination is the "dramatic disconnect between
the way our laws and our leaders condemn leaking in the abstract and the
way they condone it in practice."  How can this disconnect be understood?

Leaks benefit the government, the author argues, in many ways. They are a
safety valve, a covert messaging system, a perception management tool, and
more.  Even when a particular disclosure is unwelcome or damaging, it
serves to validate the system as a whole.

This thesis may explain why the number of leak prosecutions is still lower
than might be expected, given the prevalence of leaks, and why new
legislative proposals to combat leaks have met with a lukewarm response
from executive branch officials.

"The leak laws are so rarely enforced not only because it is hard to
punish violators, but also because key institutional actors share
overlapping interests in maintaining a permissive culture of classified
information disclosures."

The article is full of stimulating observations woven into an original and
provocative thesis.  See "The Leaky Leviathan: Why the Government Condemns
and Condones Unlawful Disclosures of Information" by David Pozen, to be
published in Harvard Law Review:

    http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2223703

_______________________________________________
Secrecy News is written by Steven Aftergood and published by the
Federation of American Scientists.

The Secrecy News Blog is at:
     http://www.fas.org/blog/secrecy/

To SUBSCRIBE to Secrecy News, go to:
     http://www.fas.org/sgp/news/secrecy/subscribe.html

To UNSUBSCRIBE, go to
     http://www.fas.org/sgp/news/secrecy/unsubscribe.html

OR email your request to saftergood@fas.org

Secrecy News is archived at:
     http://www.fas.org/sgp/news/secrecy/index.html

Support the FAS Project on Government Secrecy with a donation:
     http://www.fas.org/member/donate_today.html

_______________________
Steven Aftergood
Project on Government Secrecy
Federation of American Scientists
web:    www.fas.org/sgp/index.html
email:  saftergood@fas.org
voice:  (202) 454-4691
twitter: @saftergood

Video – Monty Python – Self-Defense Against Fruit

from Monty Python’s Flying Circus
Season 1 – Episode 04 – Owl Stretching Time
Recorded 21-09-69, Aired 26-10-69

TMZ – Ben Affleck at Oscars After Party — Shaves Beard!

http://www.youtube.com/watch?v=NxmLmp4uJJk&feature=share&list=SP3143ACE2C75DDDFC

Ben Affleck trimmed off his lucky beard just hours after winning the Oscar for Best Picture… even though beardless Ben is guilty of creating “Forces of Nature!” He needs to get that beard back..

PI – Tactical Chat: How the U.S. Military Uses IRC to Wage War

An example layout of eight chat rooms for communicating via tactical chat.

Public Intelligence

Despite the U.S. military’s massive spending each year on advanced communications technology, the use of simple text chat or tactical chat has outpaced other systems to become one of the most popular paths for communicating practical information on the battlefield. Though the use of text chat by the U.S. military first began in the early 1990s, in recent years tactical chat has evolved into a “primary ‘comms’ path, having supplanted voice communications as the primary means of common operational picture (COP) updating in support of situational awareness.” An article from January 2012 in the Air Land Sea Bulletin describes the value of tactical chat as an effective and immediate communications method that is highly effective in distributed, intermittent, low bandwidth environments which is particularly important with “large numbers of distributed warfighters” who must “frequently jump onto and off of a network” and coordinate with other coalition partners. Text chat also provides “persistency in situational understanding between those leaving and those assuming command watch duties” enabling a persistent record of tactical decision making.

A 2006 thesis from the Naval Postgraduate School states that internet relay chat (IRC) is one of the most widely used chat protocols for military command and control (C2). Software such as mIRC, a Windows-based chat client, or integrated systems in C2 equipment are used primarily in tactical conditions though efforts are underway to upgrade systems to newer protocols. “Transition plans (among and between the Services) for migrating thousands of users to modern protocols and cloud-computing integration has been late arriving” according to the Air Land Sea Bulletin. Both the Navy and the Defense Information Systems Agency (DISA) are working towards utilizing the extensible messaging and presence protocol (XMPP) in future applications.

In 2009, the Air Land Sea Applications Center issued a multi-service tactics, techniques, and procedures (MTTP) manual attempting to codify the protocols and standards for the usage of tactical chat throughout the services. The manual provides a common language for tactical chat, unifying disparate usage standards in different services such as “consistent naming conventions for rooms, people, and battle roles and activities” and “archival agreements among multiple user communities”. For example, the manual provides naming conventions for chat room users, demonstrating how to construct user names that clearly indicate the user’s role and unit. A 4th Infantry Division Plans Officer should utilize the call sign 4ID_OPS_PLANS when engaging in tactical chat while a Tactical Action Officer aboard the USS Enterprise should use the name CVN65_ENT_TAO. The manual also provides standards for naming chat rooms and managing large numbers of rooms simultaneously for coordinating missions and situational awareness. A helpful glossary also provides translations of tactical chat abbreviations and terms, such as canx meaning cancel and rgr for roger.

The MTTP manual describes how tactical chat can be used for a variety of purposes to support “coordination, integration, and execution of missions” including everything from maneuver and logistics to intelligence, fires and force protection. One vignette presented in the manual describes how tactical chat or TC might be used in a cordon and search operation:

“During a day mission by ground maneuver units conducting cordon and search operations in a small village known for harboring insurgents, a Predator UAS flying in support of troops on the ground spotted movement on the roof of a previously searched building. The UAS operator, noticing that the forces conducting the cordon and search had already begun moving away from the structure, used TC to immediately notify the ground unit’s [tactical operations center] that an individual was moving on the roof and appeared to be getting into a hide site. After communicating this information to the troops on the ground, the TOC confirmed that the individual seen by the UAS was not in their unit, and with the assistance of the UAS operator using TC, was able to direct his troops to reenter the building and ‘talk’ them to the suspected hide site over voice communications. The individual hiding on the rooftop was then captured. The use of TC in this instance was critical to the capture of an insurgent that would otherwise have escaped.”

Tactical chat can also be used for targeting the enemy and receiving clearance to fire, enhancing “the collective and coordinated use of indirect and joint fires through the targeting process.” Rather than contacting “several agencies via radio or telephone and taking several minutes to initiate fire missions on a fleeing target or in the middle of a TIC [troops in contact]“, unit fire support elements can use tactical chat to request clearance and deconflict airspace required for the mission in a matter of seconds, which is helpful in locations like Afghanistan where ground units are commonly separated by more than 90 kilometers. According to the manual, the chat room transaction in such a situation might appear like this:

[03:31:27] <2/1BDE_BAE_FSE> IMMEDIATE Fire Mission, POO, Grid 28M MC 13245 24512, Killbox 32AY1SE, POI GRID 28M MC 14212 26114, Killbox 32AY3NE, MAX ORD 8.5K
[03:31:28] <CRC_Resolute> 2/1BDE_BAE_FSE, stby wkng
[03:31:57] <CRC_Resolute> 2/1BDE_BAE_FSE, Resolute all clear
[03:32:04] <2/1BDE_BAE_FSE> c
[03:41:23] <2/1BDE_BAE_FSE> EOM
[03:41:31] <CRC_Resolute> c

A fire mission request is sent to the control and reporting center (CRC) controller who then works to deconflict the airspace and report back that the space is now clear. Once the mission is complete, the brigade fire support element notifies users with the statement EOM or end of mission.

In this case, the brevity of tactical chat allows for fast and simple communication, enabling the brigade fire support element to receive a reply in seconds and continue with their mission. However, it is this very aspect of tactical chat, its speed and brevity, that can sometimes create confusion on the battlefield. Similar to the public world of social media, tactical chat allows inaccurate or misleading information to be widely disseminated and sent to all users just “as quickly as accurate information.” According to the MTTP manual, tactical chat’s “short text messages can cause ambiguity and accuracy can be compromised without strict adherence to standard terminology”, allowing users to quickly proliferate inaccurate or misleading information that can affect operations. A 2003 article from U.S. News and World Report describes some of the problems created by the use of tactical chat in Operation Iraqi Freedom. In one example, a pilot’s widely reported sighting of vehicles moving towards the Kuwaiti border turned out to be a “large band of hungry camels.” In another example, a radio intercept was disseminated that reportedly discussed Iraqi soldiers using poisonous artillery rounds. The copy-and-paste nature of tactical chat led to news of the intercept proliferating fast throughout military chat networks with many saying that the Iraqis were “loading chemical rounds”. The buzz continued until an Arabic linguist clarified that the intercept was mistranslated and that the rounds were not poisonous, they had just gone bad.

Download it here

Tactical Chat: How the U.S. Military Uses IRC to Wage War

Video – Monty Python – How To Do It

How to rid the world of all known diseases

TOP-SECRET – U.S. Army Forensics and Warrant-Based Targeting Newsletter

Center for Army Lessons Learned

162 pages
For Official Use Only
March 2010

In January 2009 the Army’s authority to unilaterally apprehend and detain insurgents in Iraq expired. The Army now operates in Iraq at the invitation of the Government of Iraq (GOI). The change in the Army’s authority heightens the guiding principle of working by, with, and through the Iraqi Security Forces (ISF). The Army must work within the Iraqi rule of law when dealing with insurgents who threaten U.S. forces.

It requires the Army to work with the ISF and the Iraqi court system to remove insurgents from the street. The Army must learn how the Iraqi system is structured and how its courts operate. The Army must also help educate the Iraqi courts, particularly the judges, on the science of how Americans collect and process evidence (forensics). Educating the judges on forensics is important to the Army having its day in court and its evidence entered into the proceeding against the insurgents.

The intent of this newsletter is to assist Soldiers, leaders, and commanders in understanding the key aspects of the new landscape as follows:

• Iraqi judges are the law within the Iraqi court system. Commanders must build relationships and trust with the Iraqi judges. Commanders must also help educate judges on internationally accepted techniques used in building a case for prosecution, especially with forensic evidence.

• Commanders and staff judge advocates must actively seek the help of Iraqi local officials to learn how local systems operate because every province and district is unique.

• Soldiers and leaders must be trained in the proper collection and processing of evidence, crime scene documentation, and the identification and handling of witness statements.

• Leaders must understand the local warrant system since the first step in the Iraqi court system is to obtain a warrant issued by an Iraqi judge.

• Commanders that task-organize assets for evidence- or warrant-based targeting will be most successful. Prosecution task forces are also an important tool.

• Advice and practical lessons from subject matter experts in the institutional base and from the forces operating in theater are provided in this newsletter.

…

When U.S. forces first entered into operations in the Iraqi theater, the coalition operated under a sequential series of United Nations Security Council Resolution (UNSCR) mandates and at the invitation of the Iraqi government. Coalition forces had unilateral authorization to detain any person posing a threat to U.S. forces or to the Iraqi population. The last mandate, UNSCR 1790, expired at the end of December 2008. Prior to the expiration of UNSCR 1790, U.S. forces began a gradual transition to operations by, with, and through the Iraqis and their security forces. On 1 January 2009, a bilateral security agreement between the United States and the Government of the Iraq was implemented.

The coalition currently operates at the invitation of and under the rule of law of the Iraqi government. U.S. forces must adhere to Iraqi laws and the security agreement provisions before arresting or detaining anyone posing a threat in Iraq. The coalition’s responsibility is to follow the rules of the Iraqi criminal courts and judges to detain criminals and insurgents.

A significant change to daily operations is the coalition cannot detain persons based on the perception of a threat. Before the security agreement, the coalition detained suspects based on its intelligence assessment of whether a suspect posed a threat to the coalition.

Now the coalition operates using evidence- or warrant-based targeting. It requires cooperation between U.S. forces, Iraqi Security Forces (ISF), and Iraqi judges in the arrest and conviction of terrorists and criminals.

U.S. forces must continue to use targeting methodology (find, fix, finish, exploit, analyze, and disseminate or F3EAD) to identify and convict insurgents and criminals. The coalition must learn techniques to translate collected intelligence into evidence that is acceptable to the Iraqi courts. Forensics is the primary method used by the coalition to develop evidence gathered at the crime scene. Using forensics is new to the Iraqi courts, which traditionally rely on eyewitness testimony as a means of conviction. It is the duty of U.S. forces to educate and to inform their Iraqi partners on the forensics process.

In this newsletter, the reader is introduced to the background and use of forensics in the first two sections, Forensics Background and Battlefield Forensics. The articles in section three, Warrant-Based Targeting, provide a brief education on the Iraqi legal process and how coalition forces are adapting to working within the Iraqi system. This section includes discussions on how units and commanders develop solutions to partner with the ISF to obtain warrants to arrest and detain insurgents. Several examples are provided to demonstrate how commanders work with Iraqi judges, a critical factor in building confidence in the capability to work within the courts. The final section, Evidence Collection, highlights the importance of proper evidence collection and processing. This section offers techniques for conducting searches and evidence handling to minimize the risk of contamination. It also compares the difference between physical and testimonial evidence.

TMZ – Joe Flacco — The RICHEST Normal Dude EVER!

http://youtu.be/OGSo-SugHUA

Joe Flacco is not only the highest paid QB in NFL history… he’s also the most normal friggin’ dude in the world! Who would EVER guess this dude just made $121 MILLION DOLLARS!?

SECRECY NEWS – BRADLEY MANNING TAKES RESPONSIBILITY

At an open hearing on February 28, Pfc. Bradley Manning said that he was
responsible for providing U.S. government documents to the WikiLeaks
website, including a large collection of U.S. State Department cables, a
video of a brutal U.S. Army helicopter attack in Baghdad, and other
records.

"The decisions that I made to send documents and information to the WLO
[WikiLeaks Organization] and website were my own decisions, and I take full
responsibility for my actions," he told the military court.

The Army belatedly released a redacted copy of Pfc. Manning's statement
yesterday. (An unofficial version had been privately transcribed by Alexa
O'Brien soon after the hearing.)

        http://www.fas.org/sgp/jud/manning/022813-statement.pdf

The Freedom of the Press Foundation obtained an audio recording of the
statement, which it released online.

        https://pressfreedomfoundation.org/blog

Manning eloquently expressed his motivations for the unauthorized
disclosures, including the need to expose corruption and deception in the
conduct of diplomacy and military operations. He described the efforts he
made to weigh the possible damage that might result from disclosure, and
the judgment he made that release of the records was the appropriate step.

But he did not acknowledge that any other individuals had been placed at
risk by his actions, nor did he take responsibility for any consequences
they might suffer. Taliban leaders said in 2010 that they were scrutinizing
the Afghanistan war records published by WikiLeaks and that they would
"punish" persons listed in the records who were found to have cooperated
with the U.S. military.

FOIA IN THE 113TH CONGRESS, AND MORE FROM CRS

The latest products from the Congressional Research Service include these
items.

Freedom of Information Act (FOIA): Background and Policy Options for the
113th Congress, March 8, 2013:

        http://www.fas.org/sgp/crs/secrecy/R41933.pdf

What's the Difference? -- Comparing U.S. and Chinese Trade Data, February
25, 2013:

        http://www.fas.org/sgp/crs/row/RS22640.pdf

Afghanistan: Post-Taliban Governance, Security, and U.S. Policy, March 8,
2013:

        http://www.fas.org/sgp/crs/row/RL30588.pdf

Hugo Chávez's Death: Implications for Venezuela and U.S. Relations, March
8, 2013:

        http://www.fas.org/sgp/crs/row/R42989.pdf

"Sense of" Resolutions and Provisions, March 11, 2013:

        http://www.fas.org/sgp/crs/misc/98-825.pdf

U.S. Immigration Policy: Chart Book of Key Trends, March 7, 2013:

        http://www.fas.org/sgp/crs/homesec/R42988.pdf

INTELLIGENCE SHARING IMPROVES WITH ALLIES, LAGS WITH CONGRESS

The Commander of U.S. Central Command said last week that he is
"encouraged" by the willingness of U.S. intelligence agencies to share
information with military allies, which is becoming "a standard practice
rather than the exception."  At the same time, the chair of the Senate
Intelligence Committee complained that her committee has not been receiving
the intelligence information that it requires to perform its oversight
function.

"As I travel throughout the AOR [area of responsibility] and see the
promise of new initiatives and the risk posed by numerous challenges, I
receive requests from military leaders across the region to increase
intelligence sharing between our militaries," said Gen. James N. Mattis,
CENTCOM Commander, in testimony before the Senate Armed Services Committee
on March 5.

"In order to demonstrate our commitment, I requested the Intelligence
Community to begin drafting releasable products for our most trusted
partners in the Levant, on the Arabian Peninsula, in the Central Asian
States, and in South Asia as a standard practice rather than the
exception," Gen. Mattis said.

"I am encouraged by the personal attention the Office of the Director of
National Intelligence is giving these matters. Director Clapper's strong
emphasis and encouragement for the intelligence community to produce
intelligence in a manner that eases our ability to responsibly share
information with our military counterparts creates a stronger, more focused
front against our common enemies and builds our partner nations'
confidence.  We are grateful for the nimble manner in which our
intelligence community has strengthened our efforts to checkmate more of
our enemy's designs," Gen. Mattis testified.

    http://www.fas.org/irp/congress/2013_hr/030513mattis.pdf

But in a notable contrast, congressional leaders say they have not gotten
similar cooperation from the intelligence community, and they have less
reason for encouragement.

"There is a very strong feeling on both sides of the aisle that the
[intelligence] committee is not receiving the information it needs to
conduct all oversight matters in the manner in which we should," said Sen.
Dianne Feinstein, chair of the Senate Intelligence Committee, during the
Senate confirmation of John O. Brennan to be CIA Director on March 7

    http://www.fas.org/irp/congress/2013_cr/brennan.html

"There is the matter of Office of Legal Counsel opinions concerning the
targeted killing of Americans.  The committee needs to understand the legal
underpinning of not only this program but of all clandestine programs, of
all covert actions, so we may ensure the actions of the intelligence
community operate according to law," Sen. Feinstein said. "Absent these
opinions, we cannot conduct oversight that is as robust as it needs to be."

With respect to the opinions on targeted killing, at least, the committee
was finally able to reach an accommodation with the Administration while
the confirmation process was pending, which included "staff access and
without restrictions on note taking," she said.

"I want to thank the administration. I think increasingly they understand
this problem of the need for us to access more information. It is not a
diminishing one, it is a growing one, and it is spreading through this
House-- and I suspect the other House as well," Sen. Feinstein said.

Sen. Patrick Leahy, chair of the Senate Judiciary Committee, said he
"reluctantly opposed" the confirmation of Mr. Brennan because "the
administration has stonewalled me and the Judiciary Committee for too long
on a reasonable request to review the legal justification for the use of
drones in the targeted killing of American citizens."

_______________________________________________
Secrecy News is written by Steven Aftergood and published by the
Federation of American Scientists.

The Secrecy News Blog is at:
     http://www.fas.org/blog/secrecy/

To SUBSCRIBE to Secrecy News, go to:
     http://www.fas.org/sgp/news/secrecy/subscribe.html

To UNSUBSCRIBE, go to
     http://www.fas.org/sgp/news/secrecy/unsubscribe.html

OR email your request to saftergood@fas.org

Secrecy News is archived at:
     http://www.fas.org/sgp/news/secrecy/index.html

Support the FAS Project on Government Secrecy with a donation:
     http://www.fas.org/member/donate_today.html

_______________________
Steven Aftergood
Project on Government Secrecy
Federation of American Scientists
web:    www.fas.org/sgp/index.html
email:  saftergood@fas.org
voice:  (202) 454-4691
twitter: @saftergood

Video – Monty Python: Marriage counselor

CRYPTOME – Alleged Parastoo Aid to JFK OP

http://cyberwarzone.com/various-hacking-teams-unite-opisrael-talks-erasing-israel-web-7-april

7 March 2013

Alleged Parastoo Aid to JFK OP

A sends:

We have received a tip from a Persian observer and a source that the recent OP at JFK was done by Parastoo based on their last publication and since, based on their expressions on an underground forum, Joe Biden made statements at AIPAC that made them more angry. There is evidence Parastoo is a role player in #OPISRAEL and the upcoming wave. The JFK Lulz was a Joint OP done by people involved with these groups with Parastoo providing the “know-how” and others bringing logistics to the gang.

TMZ – Joe Flacco — I Might Make $121 Million … But I Still Ride the Bus

http://youtu.be/U4dZLEl0Xok

When Joe Flacco touched down at BWI airport in Baltimore this weekend … there was no fancy limo waiting for him … no chauffeur … just a regular bus to the regular person parking lot … and the $121 MILLION quarterback hopped on it like everybody else.

MDR – Ex-Stasi-Leute – Kontakte zur kriminellen Szene – Amträger korrumpiert…

Landtags-Untersuchungsausschuss in SachsenHatten Ex-Stasi-Leute Kontakte zur kriminellen Szene?

Der Landesverfassungsschutz Sachsen hatte offenbar Hinweise auf Verbindungen früherer Mitarbeiter der DDR-Staatssicherheit zur Organisierten Kriminalität. Das erklärte die frühere Referatsleiterin Simone Skroch (früher Henneck) am Freitag im Landtags-Untersuchungsausschuss zu kriminellen und korruptiven Netzwerken in Sachsen. Die Informationen stammten von mehreren und voneinander unabhängigen Quellen.

Halfen Ex-Stasi-Leute bei der “Verführung” von Amtspersonen?

Die einstige Referatsleiterin im Landesamt für Verfassungsschutz, Simone Henneck, sagt am 09.01.2013 in Dresden (Sachsen) vor dem Untersuchungsausschuss des Sächsischen Landtages aus.

Die frühere Leiterin der Geheimdienstabteilung für Organisierte Kriminalität gab am Freitag neue Details preis.

Wie die Hauptzeugin des Ausschusses erläuterte, gab es diesen Hinweisen zufolge zahlreiche Kontakte zwischen teils hochrangigen Ex-Stasi-Mitarbeitern und Vertretern der regionalen und internationalen Organisierten Kriminalität in den Bereichen Wirtschaft und öffentliche Verwaltung sowie im Rotlichtmilieu. Ihr Ziel: Angestellte, Beamte, Politiker und andere Vertreter des öffentlichen Lebens zielgerichtet in verfängliche Situationen zu bringen, mit denen man sie später hätte erpressen können. Dazu zählten Skroch zufolge auch Bestechung und Korruption. Die Juristin bezog sich dabei auf das Wirken der Organisierten Kriminalität im Raum Chemnitz, Zwickau und Vogtland.

Vom “Sachsensumpf” zur “Aktenaffäre”

Die Hinweise zu möglichen kriminellen Netzwerken in Sachsen waren 2007 erstmals aufgetaucht. Grundlage war eine Datensammlung des sächsischen Geheimdienstes. Die Vorwürfe reichten von Amtsmissbrauch über Kinderprostitution bis zur Bandenkriminalität. Darin sollten auch Juristen und Polizisten verstrickt sein. Ermittlungen externer Prüfer und der Staatsanwaltschaft Dresden entkräfteten jedoch die Vorwürfe, die Ermittlungen gegen die Beschuldigten wurden eingestellt. Stattdessen wurde Skroch vorgeworfen, Akten aufgebauscht zu haben. Sie bestreitet das vehement und erhob bei ihrer Befragung am Freitag erneut schwere Vorwürfe gegen die frühere Chefetage des Verfassungsschutzamts.

Bereits im Januar hatte Skroch vor dem Ausschuss erklärt, dass zahlreiche Dokumente über die Begegnung von Informanten mit Geheimdienstlern verschwunden seien. Jetzt äußerte sie die Vermutung, dass ihr Panzerschrank während einer Urlaubsreise im Juni 2007 geöffnet wurde. Zudem warf sie ihren damaligen Vorgesetzten vor, sie nicht rechtzeitig über ein gegen sie laufendes Disziplinarverfahren informiert zu haben.

Der aktuelle Untersuchungs-Ausschuss wurde 2010 auf Antrag der Opposition eingesetzt, weil nach ihrer Ansicht im Abschlussbericht des vorherigen Gremiums zu viel Fragen offen gebelieben waren.

http://www.mdr.de/sachsen/sachsensumpf116.html

Weiterführende Links

10. Januar 2013Ehemalige Verfassungsschützerin belastet Vorgesetzte
18. Dezember 2012Leipziger Journalisten: Einspruch gegen Freispruch
10. Dezember 2012Freispruch für Leipziger Journalisten
09. November 2012Prozess gegen Ex-Zwangsprostituierte aus früherem Leipziger Bordell neu aufgerollt
20. Mai 2010Neuer Akten-Ausschuss in Sachsen eingesetzt
25. November 2009Ehemalige Verfassungsschützerin will Schmerzensgeld
05. Mai 2009Polizist kritisiert Ermittlungen zum Kinderbordell
28. April 2009Sächsische Aktenaffäre: Zeugin belastet Juristen

SECRECY NEWS – FEDS ADD NEW ESPIONAGE ACT CHARGE AGAINST LINGUIST

Last fall, Navy contract linguist James Hitselberger was charged under the
Espionage Act with two counts of unlawful retention of national defense
information after several classified documents were allegedly found in his
possession.  (See "Document Collector Charged Under Espionage Statute,"
Secrecy News, November 7, 2012.)

Two weeks ago, in a superseding indictment, prosecutors added a third
charge of unlawful retention under the Espionage Act, along with three
other counts of unauthorized removal of a public record.

    http://www.fas.org/sgp/jud/hitsel/indict-sup.pdf

Mr. Hitselberger's public defenders responded with a battery of pre-trial
motions, including a new challenge to the constitutionality of the
Espionage Act itself.

The defense attorneys said the indictment against Mr. Hitselberger is
"multiplicious," meaning that a single offense has been alleged in
multiple, redundant counts. This is an impermissible practice that is
considered prejudicial to a defendant.  Mulitplicious counts "afford the
government an unfair advantage by increasing the likelihood that the jury
will convict on at least one count, if only as the result of a compromise
verdict."  The defense asked the court to compel prosecutors to choose
between Count One and Count Two, "both of which charge the same offense of
unlawful retention of national defense information." 

    http://www.fas.org/sgp/jud/hitsel/030113-mult.pdf

Defense attorneys also moved for a "bill of particulars" to require the
government to identify exactly which "national defense information" Mr.
Hitselberger is accused of unlawfully retaining in violation of the
Espionage Act.

"Even if the documents at issue here are classified and the government
proves beyond a reasonable doubt the Mr. Hitselberger retained them, the
government must establish that information within these documents
constitutes national defense information.... [Yet] much (if not all) of the
information contained in the documents is publicly available
information.... In order to prepare for trial without needlessly preparing
to respond to irrelevant information or guessing at what the government
deems relevant, defense counsel must be directed to the portions of the
documents that the government claims constitute national defense
information."

    http://www.fas.org/sgp/jud/hitsel/bop.pdf

But perhaps the most interesting motion filed by the defense, and one
which adds a dimension beyond the particular facts of Mr. Hitselberger's
case, asks the court to find the unlawful retention statute of the
Espionage Act unconstitutionally vague.

Every leak prosecution has included a defense challenge to the
constitutionality of the Espionage Act, almost as a matter of course.  The
constitutionality of the Act has consistently been upheld, though sometimes
with limiting factors imposed by the court.  In any event, the Hitselberger
motion, filed by public defenders A.J. Kramer and Mary Manning Petras,
carefully distinguishes the current matter from previous cases.  At several
points the motion included striking insights from Melville Nimmer and other
legal scholars to bolster its argument.  The result is something more than
a pro forma gesture.

The Espionage Act prohibition on unlawful retention of national defense
information (18 USC 793e) "is a statute of alarming breadth and little
definition," the defense attorneys concluded. "Because the statute is
vague, this Court should dismiss Counts One, Two and Three of the
indictment."

    http://www.fas.org/sgp/jud/hitsel/030113-vague.pdf

Other motions filed by the defense and the prosecution are posted here:

    http://www.fas.org/sgp/jud/hitsel/index.html

Mr. Hitselberger is not accused of espionage, nor is he suspected of
acting on behalf of a foreign power.

WHEN CAN A COURT REJECT AN AGENCY CLASSIFICATION CLAIM?

Last year, DC District Judge Richard W. Roberts ordered the U.S. Trade
Representative to disclose a classified document to a FOIA requester
because, he said, the classification of the document was not properly
supported.  (See "Court Says Agency Classification Decision Not 'Logical,"
Secrecy News, March 2, 2012.) That ruling in Center for International
Environmental Law v. Office of the U.S. Trade Representative was a
startling judicial rebuff to executive classification authority of a sort
that had not been seen in many years, and the government quickly appealed.

In oral arguments in the DC District Appeals Court last month, government
attorneys all but declared that a court has no power to overrule an
executive branch classification decision. The transcript of that February
21 hearing has just become available.

    http://www.fas.org/sgp/jud/ciel/oralarg.pdf

Judge Roberts' "substitution of [his] judgment about likely harm to
foreign relations [that could ensue from disclosure] fails to give the
deference that's due to the Executive in this sensitive area of foreign
relations and national security, and is entirely inconsistent with this
Court's consistent case law over many decades that emphasizes the need for
such deference," argued H. Thomas Byron, III, on behalf of the U.S. Trade
Representative.

Circuit Court Judge Brett Kavanaugh asked Mr. Byron whether there were any
circumstances in which a court could reject a classification claim.

"When do you think a Court could ever disagree with the Executive's
determination in this kind of case?" Judge Kavanaugh asked.

Mr. Byron that if the agency's declarations in support of classification
are logical and plausible, then the agency is entitled to judicial
deference.

"Isn't that going to cover 100 percent of the cases?" Judge Kavanaugh
asked.

"I certainly think, Judge Kavanaugh, that the Executive would not submit a
declaration that was not logical or plausible," Mr. Byron replied.

Then he went even further and suggested that the executive branch has
exclusive constitutional authority over classification policy.

Judge Kavanaugh was inquiring how the government would respond to an
argument made in an amicus brief filed by media organizations contending
that Congress had mandated judicial review of classification when it
amended the FOIA in 1974 in order to enable Courts to review executive
classification judgments. Not only that, but when President Ford vetoed the
measure, Congress overrode the veto.

Mr. Byron said, "The question is whether those changes [i.e. the 1974
amendments] altered the constitutionally required deference to the
Executive in this area under the Separation of Powers Doctrine," suggesting
that the congressional override of President Ford's veto was meaningless
and without effect.

"That's interesting," said Judge Kavanaugh. "You don't think Congress
could put the courts in the position of second guessing" the executive?

"Well, when it comes to predictive judgments about harm to national
security and foreign relations I think that's a very difficult question,"
Mr. Byron said.

"I agree," Judge Kavanaugh replied.

Cogent arguments to the contrary were made by attorney Martin Wagner on
behalf of the Center for International Environmental Law at the hearing and
can be found in the transcript.

SUNSHINE WEEK EVENTS AIM TO PROMOTE OPEN GOVERNMENT

This week is Sunshine Week, an annual effort sponsored by journalism
advocacy and civil society organizations to promote values of open
government, freedom of information, and public participation. A rich
variety of events are scheduled around the country, most of which are free
and many of which will be webcast.

    http://sunshineweek.rcfp.org/events/

I will be participating in several programs, including these:  "Open
Government in the Second Term," sponsored by the Center for Effective
Government and the Electronic Privacy Information Center on March 12:

    http://epic.org/events/sunshineweek2013.html

The Future of Classification Reform, sponsored by the Brennan Center for
Justice on March 14:

    http://www.brennancenter.org/events

Freedom of Information Day at the Newseum on March 15:

    http://www.freedomforum.org/e-vite/press/foi-2013/body.html

Freedom of Information Day at the Washington College of Law Collaboration
on Government Secrecy on March 18:

    http://www.wcl.american.edu/lawandgov/cgs/

A new report from the Center for Effective Government found reason to
praise the Obama Administration's openness in some areas of government but
not in national security, which it said has been a "glaring exception" to
progress in other domains.  

Among numerous recommendations for future progress, the Center report
urged the Department of Justice to renounce the use of criminal prosecution
for leaks to the media. "Unauthorized disclosures of restricted information
to the media should be handled through administrative channels, not
criminal prosecution."  See "Delivering on Open Government: The Obama
Administration's Unfinished Legacy," March 10:

    http://www.foreffectivegov.org/obama-first-term-transparency-report

_______________________________________________
Secrecy News is written by Steven Aftergood and published by the
Federation of American Scientists.

The Secrecy News Blog is at:
     http://www.fas.org/blog/secrecy/

To SUBSCRIBE to Secrecy News, go to:
     http://www.fas.org/sgp/news/secrecy/subscribe.html

To UNSUBSCRIBE, go to
     http://www.fas.org/sgp/news/secrecy/unsubscribe.html

OR email your request to saftergood@fas.org

Secrecy News is archived at:
     http://www.fas.org/sgp/news/secrecy/index.html

Support the FAS Project on Government Secrecy with a donation:
     http://www.fas.org/member/donate_today.html

_______________________
Steven Aftergood
Project on Government Secrecy
Federation of American Scientists
web:    www.fas.org/sgp/index.html
email:  saftergood@fas.org
voice:  (202) 454-4691
twitter: @saftergood

PI – FBI – Only 4% of Active Shooter Incidents Since 2002 Were Perpetrated by Women

A segment from KETV News in Omaha, Nebraska discusses active shooter training exercises held at a local elementary school. Similar training exercises have been held around the country following recent mass shootings.

Public Intelligence

An FBI analysis of active shooter incidents since 2002 found that 96% of the attacks were perpetrated by males, most of which acted alone. The statistic is found in a joint intelligence bulletin released at the end of December by the Department of Homeland Security and FBI titled “Recent Active Shooter Incidents Highlight Need for Continued Vigilance“. The bulletin provides brief advice on crisis response and long-term protective measures as well as statistics related to past active shooter incidents, which are defined as situations where one or more individuals participates in a “random or systematic killing spree demonstrating their intent to harm others with a firearm.” Active shooters are distinguished from other “traditional criminal acts, such as robbery or hostage-taking” by their intention to commit “mass murder”. The FBI analyzed 154 active shooter events in the United States between 2002 and 2012 that included three or more individuals being shot. This analysis found that:

96% of the shooters were males
51% of the shooters were deceased following the attack (43% committed suicide and 8% were shot and killed by responders)
96% of the attacks involved shooters acting alone
37% of the attacks occurred in workplaces and 17% occurred in an academic setting
40% of the attacks were unable to be linked to a clear motivation
21% of the attacks were motivated by workplace retaliation and 14% were motivated by domestic disputes
Academic retaliation by a current or former student only accounted for 7% of the attacks

The FBI’s analysis found that active shooters were often described as “social isolates” who “harbored feelings of hate and anger” and had some contact with mental health professionals. Though mental illness is a common factor among many active shooters, its functional role in causing the massacre is indeterminate according to FBI analysis. Very few of the shooters in cases analyzed by the FBI had previous arrests for violent crimes, though many had encountered a significant emotional hardship prior to the attack such as “loss of significant relationships, changes in financial status, loss of a job, changes in living arrangements, major adverse changes to life circumstances, and/or feelings of humiliation or rejection on the part of the shooter.”

To help protect against active shooter situations, the DHS-FBI joint bulletin recommends that public facilities update their emergency and crisis management plans and conduct exercises to ensure a rapid response to a large-scale crisis. Long-term security plans for public facilities should “emphasize physical safeguards, including building enhancements that present a more robust deterrent and provide a more survivable environment.” Building enhancement can take the form of physical modification, such as the installation of “window and external door protection with quick-release capability”, as well as the establishment of “safe areas within the facility for assembly and refuge during crises.”

Video – Monty Python – “French Subtitled Film” sketch

Monty Python’s Flying Circus sketch called “French Subtitled Film” from season 2 episode 10.

Die Süddeutsche Zeitung über “GoMoPa” und die Zahlungen von S&K

http://www.sueddeutsche.de/geld/mutmassliche-anlagebetrueger-sk-die-akte-midas-1.1620191-4

TMZ – Lisa Vanderpump — Suck It Haters … We Don’t Need New ‘Housewives’

http://youtu.be/rI1hp0E63Fo

“Real Housewives of Beverly Hills” star Lisa Vanderpump is unfazed by any potential “housewives” boycotting the show, telling TMZ … the show’s not looking for any new cast members anyways.

SECRET – U.S. Army Forensics and Warrant-Based Targeting Newsletter

Center for Army Lessons Learned

162 pages
For Official Use Only
March 2010

In January 2009 the Army’s authority to unilaterally apprehend and detain insurgents in Iraq expired. The Army now operates in Iraq at the invitation of the Government of Iraq (GOI). The change in the Army’s authority heightens the guiding principle of working by, with, and through the Iraqi Security Forces (ISF). The Army must work within the Iraqi rule of law when dealing with insurgents who threaten U.S. forces.

It requires the Army to work with the ISF and the Iraqi court system to remove insurgents from the street. The Army must learn how the Iraqi system is structured and how its courts operate. The Army must also help educate the Iraqi courts, particularly the judges, on the science of how Americans collect and process evidence (forensics). Educating the judges on forensics is important to the Army having its day in court and its evidence entered into the proceeding against the insurgents.

The intent of this newsletter is to assist Soldiers, leaders, and commanders in understanding the key aspects of the new landscape as follows:

• Iraqi judges are the law within the Iraqi court system. Commanders must build relationships and trust with the Iraqi judges. Commanders must also help educate judges on internationally accepted techniques used in building a case for prosecution, especially with forensic evidence.

• Commanders and staff judge advocates must actively seek the help of Iraqi local officials to learn how local systems operate because every province and district is unique.

• Soldiers and leaders must be trained in the proper collection and processing of evidence, crime scene documentation, and the identification and handling of witness statements.

• Leaders must understand the local warrant system since the first step in the Iraqi court system is to obtain a warrant issued by an Iraqi judge.

• Commanders that task-organize assets for evidence- or warrant-based targeting will be most successful. Prosecution task forces are also an important tool.

• Advice and practical lessons from subject matter experts in the institutional base and from the forces operating in theater are provided in this newsletter.

…

When U.S. forces first entered into operations in the Iraqi theater, the coalition operated under a sequential series of United Nations Security Council Resolution (UNSCR) mandates and at the invitation of the Iraqi government. Coalition forces had unilateral authorization to detain any person posing a threat to U.S. forces or to the Iraqi population. The last mandate, UNSCR 1790, expired at the end of December 2008. Prior to the expiration of UNSCR 1790, U.S. forces began a gradual transition to operations by, with, and through the Iraqis and their security forces. On 1 January 2009, a bilateral security agreement between the United States and the Government of the Iraq was implemented.

The coalition currently operates at the invitation of and under the rule of law of the Iraqi government. U.S. forces must adhere to Iraqi laws and the security agreement provisions before arresting or detaining anyone posing a threat in Iraq. The coalition’s responsibility is to follow the rules of the Iraqi criminal courts and judges to detain criminals and insurgents.

A significant change to daily operations is the coalition cannot detain persons based on the perception of a threat. Before the security agreement, the coalition detained suspects based on its intelligence assessment of whether a suspect posed a threat to the coalition.

Now the coalition operates using evidence- or warrant-based targeting. It requires cooperation between U.S. forces, Iraqi Security Forces (ISF), and Iraqi judges in the arrest and conviction of terrorists and criminals.

U.S. forces must continue to use targeting methodology (find, fix, finish, exploit, analyze, and disseminate or F3EAD) to identify and convict insurgents and criminals. The coalition must learn techniques to translate collected intelligence into evidence that is acceptable to the Iraqi courts. Forensics is the primary method used by the coalition to develop evidence gathered at the crime scene. Using forensics is new to the Iraqi courts, which traditionally rely on eyewitness testimony as a means of conviction. It is the duty of U.S. forces to educate and to inform their Iraqi partners on the forensics process.

In this newsletter, the reader is introduced to the background and use of forensics in the first two sections, Forensics Background and Battlefield Forensics. The articles in section three, Warrant-Based Targeting, provide a brief education on the Iraqi legal process and how coalition forces are adapting to working within the Iraqi system. This section includes discussions on how units and commanders develop solutions to partner with the ISF to obtain warrants to arrest and detain insurgents. Several examples are provided to demonstrate how commanders work with Iraqi judges, a critical factor in building confidence in the capability to work within the courts. The final section, Evidence Collection, highlights the importance of proper evidence collection and processing. This section offers techniques for conducting searches and evidence handling to minimize the risk of contamination. It also compares the difference between physical and testimonial evidence.

Clip – Monty Python – Certain Substances

his is a sketch from Season1 Episode 5 called “Mans Crisis of Identity in the Latter Half of the 20th Century”

Public Intelligence – Inspire Al-Qaeda in the Arabian Peninsula Magazine Issue 10, March 2013

The following is the tenth issue of “Inspire” magazine reportedly produced by Al-Qaeda in the Arabian Peninsula’s media organization Al-Malahem. There are nine previous issues of Inspire magazine, all of which have been published by this site, and we have continually expressed our desire for readers to scrutinize the authenticity of the material provided in this publication. This scrutiny is especially important given that the supposed editor of Inspire magazine was reportedly killed in a drone strike in 2011. We have removed password protection from the PDF to enable easier analysis, but have left the file’s original metadata intact. As with all nine previous issues of the magazine we must emphasize that this material is provided, as always, for educational and informational purposes.

Al-Malahem Media Foundation

62 pages
Spring 2013
66.4 MB

Monty Python – Travel Agent Sketch – Video

TMZ – Lebron James’s Wedding Ruins Jewish Holiday

Lebron James and his wife have set a date for their wedding… problem is, it falls on the Jewish holiday Yom Kippur. Now we gotta wonder if his agent is going to make it!

TOP-SECRET – DHS Intelligence and Analysis Suspicious Activity Reporting (SAR) Topics of Interest Winter 2013

Winter 2013: DHS/I&A Analyst Suspicious Activity Reporting (SAR) Topics of Interest

1 page
For Official Use Only
January 2013

(U//FOUO) DHS/I&A is interested in the following SAR topics, which have been updated based on current issues of national interest. Previous topics remain relevant, and law enforcement, first responders, and other homeland security professionals should continue to submit reports on these issues. Per the SAR Functional Standard, only information validated as reasonably indicative of preoperational planning related to terrorism should be reported as a SAR. I&A is reviewing SAR reports on these topics but would welcome any additional context, ideas or local analysis on these topics and opportunities for joint production. We will discuss key findings and assessments during scheduled HS-SLIC Weekly threat briefs.

(U//FOUO) Reports of threats to religious or cultural facilities. Reports of surveillance; verbal or telephonic threats of violence; trespassing; property damage, including vandalism or arson; or tests of security at religious or cultural facilities. [HSEC-8 TERRORIST OPERATIONS: HSEC-8.3.1 General suspicious activities; HSEC-8.4.2.20 Targets of elicitation – Specific sites]

(U//FOUO) Reports of suspicious activities or incidents associated with state, local, tribal, territorial, or private sector computer networks and Web sites. Reports of denial of service (DoS) attacks against Web sites; Web page defacement; physical entry resulting in unauthorized access to computer networks or hardware; suspicious e-mails that install malware on the network; data exfiltration, or other unusual network access or activity, where there are indicators that the cyber incident is reasonably indicative of links to terrorism. [HSEC-1 CYBER ATTACKS AND EXPLOITATION: HSEC-1.3 Suspicious activities and behaviors, HSEC-1.10 Incidents]

(U//FOUO) Reports of suspicious activities or incidents associated with mass gatherings, and special events. Reporting on observed casing activities; breaches or attempted intrusions at event locations or related venues; suspicious inquiries about security protocols for events or VIPs; testing of security; expressed or implied threats to specific events; incidents of suspicious acquisition of explosive precursor materials; or findings of caches or unusual amounts of weapons or explosives. [HSEC-8 TERRORIST OPERATIONS: HSEC-8.3.1 General suspicious activities; HSEC-8.4.2.21 Targets of elicitation – Special events].

(U//FOUO) Reports of suspicious activities, queries, theft, sabotage, tampering, or vandalism within the transportation sector—including mass transit, aviation, maritime, ground and surface, rail, and pipeline systems. Reporting on attempts to elicit information such as unusual questions about routes, capacities, peak travel time, training, and security; suspicious behavior by passengers or employees; testing of security; and expressed or implied threats by individuals or groups towards this sector. Reporting on the theft, loss, or diversion of personnel identification or credentials, uniforms, equipment, or training materials. Reporting on sabotage or loss of knowledge-based materials for maintenance of fleet. [HSEC-8 TERRORIST OPERATIONS: HSEC-8.3.1 General suspicious activities; HSEC-8.4.2.17 Targets of elicitation – Transportation sector]

(U//FOUO) Reports of efforts to artfully conceal improvised explosive devices in innocuous items, such as satchels, backpacks, suitcases, jars, bottles, cans, shoes, clothing, parcels, or toys. Reporting on potential security probes by individuals trying to enter secure areas with devices that resemble explosive devices. Reporting on unsolicited or unusual parcels delivered from unfamiliar overseas addresses, noting the identification of the sender and recipient and whether the recipient has reported multiple suspicious parcels in recent weeks or months. Reporting on the use of special materials, such as lead or other dense metals or liquids, to prevent the discovery of illicit goods by technical detection equipment, such as x-ray radiography equipment or chemical detectors. [HSEC-8 TERRORIST OPERATIONS: HSEC-8.3.1 General suspicious activities; HSEC-8.8 Methods, capabilities, and activities of adversaries]

(U//FOUO) Note: In the course of official activities, and to the extent permitted by law, police, fire, EMS, and security personnel are encouraged to report activities of a suspicious nature; however, this information should not be collected solely on First Amendment protected activities or on the basis of any racial, ethnic, religious, or other profile.

Film – Monty Python! Police Burglary Sketch

Justice prevails – Bin Laden son-in-law detained overseas, brought to New York

Al-Qaeda spokesman Sulaiman Bu Ghaith speaks in an undated video message carried on Qatar’s al-Jazeera television October 9, 2001 saying that the militant group believed in “terrorism against oppressors”. …more

Prosecutors unsealed an indictment against a son-in-law of Osama bin Laden on Thursday that charged him with conspiracy to kill Americans, after government sources said he was arrested overseas and brought to New York.

Suleiman Abu Ghaith, a militant who appeared in videos representing al Qaeda after the September 11 attacks in 2001, had initially been picked up in Turkey and was brought to the United States in an operation led by Jordanian authorities and the FBI, the sources said.

The Turkish government deported him to Jordan, the sources said, where local authorities and the FBI took custody of him. He was brought to the United States in the last few days, a law enforcement source said.

U.S. officials including Attorney General Eric Holder announced the indictment on Thursday, saying he would be arraigned on Friday at U.S. District Court in lower Manhattan, only blocks from the site of the World Trade Center, which was destroyed in the September 11 attacks.

Abu Ghaith becomes one of the highest-ranking al Qaeda figures to be brought to the United States for civilian trial. When Holder previously announced plans to try defendants in the September 11 attacks in the same courthouse, he was forced to back down by public opposition, and the trials were moved to the U.S. military base at Guantanamo Bay, Cuba.

New York police were less concerned Abu Ghaith’s case would present a security problem than they were about the trials of Khalid Sheikh Mohammed and four others charged with plotting the attacks, a law enforcement source said.

“It’s not the same. It doesn’t rise to that level,” said the source, who is familiar with the department’s views and spoke on condition of anonymity.

The indictment accused Abu Ghaith of acting in a conspiracy that “would and did murder United States nationals anywhere in the world,” listing actions before and after September 11, 2001.

“Among other things, Abu Ghaith urged others to swear allegiance to bin Laden, spoke on behalf of and in support of al Qaeda’s mission, and warned that attacks similar to those of September 11, 2001 would continue,” the indictment said.

It cited a May 2001 gathering at a house in Kandahar, Afghanistan, alleging Abu Ghaith urged guests to swear allegiance to bin Laden, and it says bin Laden summoned Abu Ghaith on the evening of September 11, requesting his assistance.

Bin Laden and Abu Ghaith appeared together the next morning, when the defendant warned the United States and its allies that a “great army is gathering against you” and that “the nation of Islam” would do battle against “the Jews, the Christians and the Americans,” the indictment alleges.

FIRST WORD FROM CONGRESSMAN

Initial public confirmation of Abu Ghaith’s capture came from Representative Peter King, a senior Republican member of the House of Representatives Intelligence Committee and former chairman of the House Committee on Homeland Security.

“I commend our CIA and FBI, our allies in Jordan, and President (Barack) Obama for their capture of al-Qaeda spokesman Sulaiman Abu Ghaith. I trust he received a vigorous interrogation, and will face swift and certain justice,” King said in a statement.

U.S. sources indicated that, while a CIA role in the capture of Abu Ghaith could not be ruled out, the FBI took the lead role in the operation under the auspices of an interagency body known as the High-value Detainee Interrogation Group.

The group was created by Obama’s administration after the president ordered the shutdown of a CIA program in which militant suspects were detained and held in a network of secret prisons during the administration of President George W. Bush.

The suspects were sometimes subjected to controversial and physically coercive “enhanced interrogation techniques,” and also were sometimes transferred without trial to third countries under a procedure known as “extraordinary rendition.”

Records compiled by a United Nations sanctions committee show Abu Ghaith was born in Kuwait in 1965.

After the September 11 attacks, Abu Ghaith first surfaced as one of al Qaeda’s main spokesmen. Later, U.S. officials believe he was part of a group of top al Qaeda figures that included one of bin Laden’s sons, Saad, who allegedly traveled to Iran, where the Iranian government said they were being held “in custody.”

The Long War Journal, a counterterrorism blog published by the conservative Foundation for the Defense of Democracies, reported in 2010 that Abu Ghaith had been released by Iranian authorities and supposedly had returned to Afghanistan.

Revealed – Bradley Manning Attorney on Statement Release

Bradley Manning Attorney on Statement Release

Date: 1 Mar 2013 11:57:42 -0700
From: “The Law Office of David E. Coombs” <info[at]armycourtmartialdefense.com>
Subject: [Auto-Reply] Request for Bradley Manning Statement

Thank you for your recent inquiry. A representative from our office will contact you as soon as possible.

**If this is an inquiry regarding United States v. Manning, our office will not be granting interviews or responding to inquires at this time. However, recognizing the public’s interest in this case, we will be issuing regular public releases at www.armycourtmartialdefense.info.

_____

To: info[at]armycourtmartialdefense.com
Subject: Request for Bradley Manning Statement
Dated: March 1, 2013

Dear Mr. Coombs,

We respectfully request for publication a copy of the full statement by PFC Bradley Manning in court yesterday, February 28, 2013.

Publication will be on Cryptome.org, a public education website.

Thanks very much.

TMZ – Terrence Howard Has SEX SCENE with Oprah

http://youtu.be/Ho2RdFm5jAc

Terrence Howard didnít hold back when he described his recent sex scene with Oprah in the movie “Dead Man Down.” In fact, he called her breasts “tig ol’ bitties.” O NO, you didn’t!

TOP-SECRET – Report of the Ministry of Defense about Nuclear Weapons and their misconduct through Cyberterrorists

CTO Vision writes:

Bottom Line Up Front: After reviewing all available evidence and rigorously weighing threat information, a Task Force of the Defense Science Board (DSB) concludes that:

The United States cannot be confident that our critical Information Technology (IT) systems will work under attack from a sophisticated and well-resourced opponent.

How does that make you feel? You know yourself what adversaries are doing when it comes to intellectual property theft. Now read on for more about what the DSB sees as the threat to military systems.

Here are more details:

The Defense Science Board (DSB) provides advice, assessments and reports as chartered by DoD leadership. It has studied cyber security and related topics for years and has been instrumental in providing new ideas and perspectives for action by DoD leadership.

The DSB was recently chartered to look at an interesting and somewhat intellectually stimulating topic, that of how US military systems could withstand cyber attack and remain able to execute their mission. The chartered group, a task force on Resilient Military Systems, produced a report with a set of recommendations designed to improve DoD’s ability to accomplish its missions. The overarching strategy recommended by the DSB is one that enhanced the department’s defenses in the face of attacks, decreases the effectiveness of adversaries, increases the cost to adversaries, and deters the most significant adversaries by ensuring the US maintains the ability to deliver desired mission capabilities in the face of catastrophic cyber attack.

The task force also identified a framework to implement metrics collection systems and then develop appropriate performance metrics that can be used to shape DoD’s investment decisions. The report approved by DSB chairman Paul Kaminsky is at http://www.acq.osd.mil/dsb/reports2010s.htm. It is also available at: Resilient Military Systems and the Advanced Cyber Threat.

Here is more from the forwarding letter to the report:

The final report of the DSB Task Force on Resilient Military Systems is attached. This report is based on the perspective of 24 Task Force members who received more than 50 briefings from practitioners and senior officials throughout the Department of Defense (DoD), Intelligence Community (IC), commercial sector, academia, national laboratories, and policymakers. This Task Force was asked to review and make recommendations to improve the resilience of DoD systems to cyber attacks, and to develop a set of metrics that the Department could use to track progress and shape investment priorities.

After conducting an 18-month study, this Task Force concluded that the cyber threat is serious and that the United States cannot be confident that our critical Information Technology (IT) systems will work under attack from a sophisticated and well-resourced opponent utilizing cyber capabilities in combination with all of their military and intelligence capabilities (a “full spectrum” adversary). While this is also true for others (e.g. Allies, rivals, and public/private networks), this Task Force strongly believes the DoD needs to take the lead and build an effective response to measurably increase confidence in the IT systems we depend on (public and private) and at the same time decrease a would-be attacker’s confidence in the effectiveness of their capabilities to compromise DoD systems. This conclusion was developed upon several factors, including the success adversaries have had penetrating our networks; the relative ease that our Red Teams have in disrupting, or completely beating, our forces in exercises using exploits available on the Internet; and the weak cyber hygiene position of DoD networks and systems. The Task Force believes that the recommendations of this report create the basis for a strategy to address this broad and pervasive threat.

Nearly every conceivable component within DoD is networked. These networked systems and components are inextricably linked to the Department’s ability to project military force and the associated mission assurance. Yet, DoD’s networks are built on inherently insecure architectures that are composed of, and increasingly using, foreign parts. While DoD takes great care to secure the use and operation of the “hardware” of its weapon systems, the same level of resource and attention is not spent on the complex network of information technology (IT) systems that are used to support and operate those weapons or critical IT capabilities embedded within them.

DoD’s dependence on this vulnerable technology is a magnet to U.S. opponents. In fact, DoD and its contractor base have already sustained staggering losses of system design information incorporating decades of combat knowledge and experience that provide adversaries insight to technical designs and system use. Despite numerous DoD actions, efforts are fragmented, and the Department is not currently prepared to mitigate the threat.

That forwarding letter was signed by the task force co-chairs, Mr. Lewis Von Thaer and Mr. James R. Gosler, two of the most professional, well thought out leaders I have ever worked with.

Please dive deep into the full document now. You will find some information you already know, but I promise some surprises as well.

DOWNLOAD THE ORIGINAL REPORT AT THE LINK BELOW

Click to access ResilientMilitarySystems.CyberThreat.pdf

TOP-SECRET – EU Heads of Mission Jerusalem Report 2012 Draft

he following draft version of the EU Heads of Mission Jerusalem Report 2012 was authored in January 2013 and reportedly leaked to a number of major news outlets by the organization Breaking the Silence. However, almost none of the outlets chose to publish the full report. This copy was published by the Israeli +972 Magazine.

EU Heads of Mission Jerusalem Report 2012

15 pages
Draft
January 2013

Video – Monty Python – The Missing Wallet

Scene from: “Monty – Python And Now For Something Completely Different” where a man asks a police officer for help.

Cryptome – NIST RFI Critical Infrastructure Cybersecurity

NIST Framework to Improve Critical Infrastructure Cybersecurity

[Federal Register Volume 78, Number 38 (Tuesday, February 26, 2013)]
[Notices]
[Pages 13024-13028]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2013-04413]

-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

National Institute of Standards and Technology

[Docket Number 130208119-3119-01]

Developing a Framework To Improve Critical Infrastructure 
Cybersecurity

AGENCY: National Institute of Standards and Technology, U.S. Department 
of Commerce.

ACTION: Notice; Request for Information (RFI).

-----------------------------------------------------------------------

SUMMARY: The National Institute of Standards and Technology (NIST) is 
conducting a comprehensive review to develop a framework to reduce 
cyber risks to critical infrastructure \1\ (the ``Cybersecurity 
Framework'' or ``Framework''). The Framework will consist of standards, 
methodologies, procedures, and processes that align policy, business, 
and technological approaches to address cyber risks.
---------------------------------------------------------------------------

    \1\ For the purposes of this RFI the term ``critical 
infrastructure'' has the meaning given the term in 42 U.S.C. 
5195c(e), ``systems and assets, whether physical or virtual, so 
vital to the United States that the incapacity or destruction of 
such systems and assets would have a debilitating impact on 
security, national economic security, national public health or 
safety, or any combination of those matters.''
---------------------------------------------------------------------------

    This RFI requests information to help identify, refine, and guide 
the many interrelated considerations, challenges, and efforts needed to 
develop the Framework. In developing the Cybersecurity Framework, NIST 
will consult with the Secretary of Homeland Security, the National 
Security Agency, Sector-Specific Agencies and other interested agencies 
including the Office of Management and Budget, owners and operators of 
critical infrastructure, and other stakeholders including other 
relevant agencies, independent regulatory agencies, State, local, 
territorial and tribal governments. The Framework will be developed 
through an open public review and comment process that will include 
workshops and other opportunities to provide input.

DATES: Comments must be received by 5:00 p.m. Eastern time on Monday, 
April 8, 2013.

ADDRESSES: Written comments may be submitted by mail to Diane 
Honeycutt, National Institute of Standards and Technology, 100 Bureau 
Drive, Stop 8930, Gaithersburg, MD 20899. Submissions may be in any of 
the following formats: HTML, ASCII, Word, RTF, or PDF. Online 
submissions in electronic form may be sent to cyberframework@nist.gov. 
Please submit comments only and include your name, company name (if 
any), and cite

[[Page 13025]]

``Developing a Framework to Improve Critical Infrastructure 
Cybersecurity'' in all correspondence. All comments received by the 
deadline will be posted at http://csrc.nist.gov without change or 
redaction, so commenters should not include information they do not 
wish to be posted (e.g., personal or confidential business 
information).

FOR FURTHER INFORMATION CONTACT: For questions about this RFI contact: 
Adam Sedgewick, U.S. Department of Commerce, 1401 Constitution Avenue 
NW., Washington, DC 20230, telephone (202) 482-0788, email 
Adam.Sedgewick@nist.gov. Please direct media inquiries to NIST's Office 
of Public Affairs at (301) 975-NIST.

SUPPLEMENTARY INFORMATION: The national and economic security of the 
United States depends on the reliable functioning of critical 
infrastructure, which has become increasingly dependent on information 
technology. Recent trends demonstrate the need for improved 
capabilities for defending against malicious cyber activity. Such 
activity is increasing and its consequences can range from theft 
through disruption to destruction. Steps must be taken to enhance 
existing efforts to increase the protection and resilience of this 
infrastructure, while maintaining a cyber environment that encourages 
efficiency, innovation, and economic prosperity, while protecting 
privacy and civil liberties.
    Under Executive Order 13636 \2\ (``Executive Order''), the 
Secretary of Commerce is tasked to direct the Director of NIST to 
develop a framework for reducing cyber risks to critical infrastructure 
(the ``Cybersecurity Framework'' or ``Framework''). The Framework will 
consist of standards, methodologies, procedures and processes that 
align policy, business, and technological approaches to address cyber 
risks. The Department of Homeland Security, in coordination with 
sector-specific agencies, will then establish a voluntary program to 
support the adoption of the Cybersecurity Framework by owners and 
operators of critical infrastructure and any other interested entities.
---------------------------------------------------------------------------

    \2\ ``Executive Order 13636--Improving Critical Infrastructure 
Cybersecurity'' 78 FR 11739 (February 19, 2013).
---------------------------------------------------------------------------

    Given the diversity of sectors in critical infrastructure, the 
Framework development process is designed to initially identify cross-
sector security standards and guidelines that are immediately 
applicable or likely to be applicable to critical infrastructure, to 
increase visibility and adoption of those standards and guidelines, and 
to find potential gaps (i.e., where standards/guidelines are 
nonexistent or where existing standards/guidelines are inadequate) that 
need to be addressed through collaboration with industry and industry-
led standards bodies. The Framework will incorporate voluntary 
consensus standards and industry best practices to the fullest extent 
possible and will be consistent with voluntary international consensus-
based standards when such international standards will advance the 
objectives of the Executive Order. The Framework would be designed to 
be compatible with existing regulatory authorities and regulations.
    The Cybersecurity Framework will provide a prioritized, flexible, 
repeatable, performance-based, and cost-effective approach, including 
information security measures and controls to help owners and operators 
of critical infrastructure and other interested entities to identify, 
assess, and manage cybersecurity-related risk while protecting business 
confidentiality, individual privacy and civil liberties. To enable 
technical innovation and account for organizational differences, the 
Cybersecurity Framework will not prescribe particular technological 
solutions or specifications. It will include guidance for measuring the 
performance of an entity in implementing the Cybersecurity Framework 
and will include methodologies to identify and mitigate impacts of the 
Framework and associated information security measures and controls on 
business confidentiality and to protect individual privacy and civil 
liberties.
    As a non-regulatory Federal agency, NIST will develop the Framework 
in a manner that is consistent with its mission to promote U.S. 
innovation and industrial competitiveness through the development of 
standards and guidelines in consultation with stakeholders in both 
government and industry. While the focus will be on the Nation's 
critical infrastructure, the Framework will be developed in a manner to 
promote wide adoption of practices to increase cybersecurity across all 
sectors and industry types. In its first year, the emphasis will be on 
finding commonality within and across the affected sectors. It will 
seek to provide owners and operators the ability to implement security 
practices in the most effective manner while allowing organizations to 
express requirements to multiple authorities and regulators. Issues 
relating to harmonization of existing relevant standards and 
integration with existing frameworks will also be considered in this 
initial stage.
    In accordance with the Executive Order, the Secretary of Commerce 
has directed the Director of the National Institute of Standards and 
Technology (the Director) to coordinate the development of a Framework 
to reduce the cyber risks to critical infrastructure. The Cybersecurity 
Framework will incorporate existing consensus-based standards to the 
fullest extent possible, consistent with requirements of the National 
Technology Transfer and Advancement Act of 1995,\3\ and guidance 
provided by Office of Management and Budget Circular A-119, ``Federal 
Participation in the Development and Use of Voluntary Consensus 
Standards and in Conformity Assessment Activities.'' \4\ Principles 
articulated in the Executive Office of the President memorandum M-12-08 
``Principles for Federal Engagement in Standards Activities to Address 
National Priorities'' \5\ will be followed. The Framework should also 
be consistent with, and support the broad policy goals of, the 
Administration's 2010 ``National Security Strategy,'' 2011 ``Cyberspace 
Policy Review,'' ``International Strategy for Cyberspace'' of May 2010 
and HSPD-7 ``Critical Infrastructure Identification, Prioritization, 
and Protection.''
---------------------------------------------------------------------------

    \3\ Public Law 104-113 (1996), codified in relevant part at 15 
U.S.C. 272(b).
    \4\ http://standards.gov/a119.cfm.
    \5\ http://www.whitehouse.gov/sites/default/files/omb/memoranda/2012/m-12-08_1.pdf.
---------------------------------------------------------------------------

    The goals of the Framework development process will be: (i) To 
identify existing cybersecurity standards, guidelines, frameworks, and 
best practices that are applicable to increase the security of critical 
infrastructure sectors and other interested entities; (ii) to specify 
high-priority gaps for which new or revised standards are needed; and 
(iii) to collaboratively develop action plans by which these gaps can 
be addressed. It is contemplated that the development process will have 
requisite stages to allow for continuing engagement with the owners and 
operators of critical infrastructure, and other industry, academic, and 
government stakeholders.
    In December 2011, the United States Government Accountability 
Office (GAO) issued a report titled ``CRITICAL INFRASTRUCTURE 
PROTECTION: Cybersecurity Guidance Is Available, but More Can Be Done 
to Promote Its Use.'' \6\ In its report, GAO found similarities in 
cybersecurity guidance across sectors, and recommended

[[Page 13026]]

promoting existing guidance to assist individual entities within a 
sector in ``identifying the guidance that is most applicable and 
effective in improving their security posture.'' \7\
---------------------------------------------------------------------------

    \6\ http://www.gao.gov/assets/590/587529.pdf.
    \7\ Id., at page 46.
---------------------------------------------------------------------------

    NIST believes the diversity of business and mission needs 
notwithstanding, there are core cybersecurity practices that can be 
identified and that will be applicable to a diversity of sectors and a 
spectrum of quickly evolving threats. Identifying such core practices 
will be a focus of the Framework development process.
    In order to be effective in protecting the information and 
information systems that are a part of the U.S. critical 
infrastructure, NIST believes the Framework should have a number of 
general properties or characteristics. The Framework should include 
flexible, extensible, scalable, and technology-independent standards, 
guidelines, and best practices, that provide:
     A consultative process to assess the cybersecurity-related 
risks to organizational missions and business functions;
     A menu of management, operational, and technical security 
controls, including policies and processes, available to address a 
range of threats and protect privacy and civil liberties;
     A consultative process to identify the security controls 
that would adequately address risks \8\ that have been assessed and to 
protect data and information being processed, stored, and transmitted 
by organizational information systems;
---------------------------------------------------------------------------

    \8\ Organizational risk responses can include, for example, risk 
acceptance, risk rejection, risk mitigation, risk sharing, or risk 
transfer.
---------------------------------------------------------------------------

     Metrics, methods, and procedures that can be used to 
assess and monitor, on an ongoing or continuous basis, the 
effectiveness of security controls that are selected and deployed in 
organizational information systems and environments in which those 
systems operate and available processes that can be used to facilitate 
continuous improvement in such controls; \9\
---------------------------------------------------------------------------

    \9\ Assessments determine whether the security controls selected 
by an organization are implemented correctly, operating as intended, 
and producing the desired results in order to enforce organizational 
security policies.
---------------------------------------------------------------------------

     A comprehensive risk management approach that provides the 
ability to assess, respond to, and monitor information security-related 
risks and provide senior leaders/executives with the kinds of necessary 
information sets that help them to make ongoing risk-based decisions;
     A menu of privacy controls necessary to protect privacy 
and civil liberties.
    Within eight months, the Executive Order requires NIST to publish 
for additional comment a draft Framework that clearly outlines areas of 
focus and provides preliminary lists of standards, guidelines and best 
practices that fall within that outline. The draft will also include 
initial conclusions for additional public comment. The draft Framework 
will build on NIST's ongoing work with cybersecurity standards and 
guidelines for the Smart Grid, Identity Management, Federal Information 
Security Management Act (FISMA) implementation, the Electricity 
Subsector Cybersecurity Capability Maturity Model, and related 
projects.
    NIST intends to engage with critical infrastructure stakeholders, 
through a voluntary consensus-based process, to develop the standards, 
guidelines and best practices that will comprise the Framework. This 
will include interactive workshops with industry and academia, along 
with other forms of outreach. NIST believes that the Framework cannot 
be static, but must be a living document that allows for ongoing 
consultation in order to address constantly evolving risks to critical 
infrastructure cybersecurity. A voluntary consensus standards-based 
approach will facilitate the ability of critical infrastructure owners 
and operators to manage such risks, and to implement alternate 
solutions from the bottom up with interoperability, scalability, and 
reliability as key attributes.
    A standards-based Framework will also help provide some of the 
measures necessary to understand the effectiveness of critical 
infrastructure protection, and track changes over time. DHS and Sector 
Specific Agencies will provide input in this area based on their 
engagement with sector stakeholders. This standards-based approach is 
necessary in order to be able to provide and analyze data from 
different sources that can directly support risk-based decision-making. 
A Framework without sufficient standards and associated conformity 
assessment programs could impede future innovation in security efforts 
for critical infrastructure by potentially creating a false sense of 
security.
    The use of widely-accepted standards is also necessary to enable 
economies of scale and scope to help create competitive markets in 
which competition is driven by market need and products that meet that 
market need through combinations of price, quality, performance, and 
value to consumers. Market competition then promotes faster diffusion 
of these technologies and realization of many benefits throughout these 
sectors.
    It is anticipated that the Framework will: (i) Include 
consideration of sustainable approaches for assessing conformity to 
identified standards and guidelines; (ii) assist in the selection and 
development of an optimal conformity assessment approach; and (iii) 
facilitate the implementation of selected approach(es) that could cover 
technology varying in scope from individual devices or components to 
large-scale organizational operations. The decisions on the type, 
independence and technical rigor of these conformity assessment 
approaches should be risk-based. The need for confidence in conformity 
must be balanced with cost to the public and private sectors, including 
their international operations and legal obligations. Successful 
conformity assessment programs provide the needed level of confidence, 
are efficient and have a sustainable and scalable business case.
    This RFI is looking for current adoption rates and related 
information for particular standards, guidelines, best practices, and 
frameworks to determine applicability throughout the critical 
infrastructure sectors. The RFI asks for stakeholders to submit ideas, 
based on their experience and mission/business needs, to assist in 
prioritizing the work of the Framework, as well as highlighting 
relevant performance needs of their respective sectors.
    For the purposes of this notice and the Framework, the term 
``standards'' and the phrase ``standards setting'' are used in a 
generic manner to include both standards development and conformity 
assessment development. In addition to critical infrastructure owners 
and operators, NIST invites Federal agencies, state, local, territorial 
and tribal governments, standard-setting organizations,\10\ other 
members of industry, consumers, solution providers, and other 
stakeholders to respond.
---------------------------------------------------------------------------

    \10\ As used herein, ``standard-setting organizations'' refers 
to the wide cross section of organizations that are involved in the 
development of standards and specifications, both domestically and 
abroad.
---------------------------------------------------------------------------

Request for Comment

    The following questions cover the major areas about which NIST 
seeks comment. The questions are not intended to limit the topics that 
may be addressed. Responses may include any topic believed to have 
implications for the development of the Framework

[[Page 13027]]

regardless of whether the topic is included in this document.
    While the Framework will be focused on critical infrastructure, 
given the broad diversity of sectors that may include parts of critical 
infrastructure, the evolving nature of the classification of critical 
infrastructure based on risk, and the intention to involve a broad set 
of stakeholders in development of the Framework, the RFI will generally 
use the broader term ``organizations'' when seeking information.
    Comments containing references, studies, research, and other 
empirical data that are not widely published should include copies of 
the referenced materials. Do not include in comments or otherwise 
submit proprietary or confidential information, as all comments 
received by the deadline will be made available publically at http://csrc.nist.gov/.

Current Risk Management Practices

    NIST solicits information about how organizations assess risk; how 
cybersecurity factors into that risk assessment; the current usage of 
existing cybersecurity frameworks, standards, and guidelines; and other 
management practices related to cybersecurity. In addition, NIST is 
interested in understanding whether particular frameworks, standards, 
guidelines, and/or best practices are mandated by legal or regulatory 
requirements and the challenges organizations perceive in meeting such 
requirements. This will assist in NIST's goal of developing a Framework 
that includes and identifies common practices across sectors.
    1. What do organizations see as the greatest challenges in 
improving cybersecurity practices across critical infrastructure?
    2. What do organizations see as the greatest challenges in 
developing a cross-sector standards-based Framework for critical 
infrastructure?
    3. Describe your organization's policies and procedures governing 
risk generally and cybersecurity risk specifically. How does senior 
management communicate and oversee these policies and procedures?
    4. Where do organizations locate their cybersecurity risk 
management program/office?
    5. How do organizations define and assess risk generally and 
cybersecurity risk specifically?
    6. To what extent is cybersecurity risk incorporated into 
organizations' overarching enterprise risk management?
    7. What standards, guidelines, best practices, and tools are 
organizations using to understand, measure, and manage risk at the 
management, operational, and technical levels?
    8. What are the current regulatory and regulatory reporting 
requirements in the United States (e.g. local, state, national, and 
other) for organizations relating to cybersecurity?
    9. What organizational critical assets are interdependent upon 
other critical physical and information infrastructures, including 
telecommunications, energy, financial services, water, and 
transportation sectors?
    10. What performance goals do organizations adopt to ensure their 
ability to provide essential services while managing cybersecurity 
risk?
    11. If your organization is required to report to more than one 
regulatory body, what information does your organization report and 
what has been your organization's reporting experience?
    12. What role(s) do or should national/international standards and 
organizations that develop national/international standards play in 
critical infrastructure cybersecurity conformity assessment?

Use of Frameworks, Standards, Guidelines, and Best Practices

    As set forth in the Executive Order, the Framework will consist of 
standards, guidelines, and/or best practices that promote the 
protection of information and information systems supporting 
organizational missions and business functions.
    NIST seeks comments on the applicability of existing publications 
to address cybersecurity needs, including, but not limited to the 
documents developed by: international standards organizations; U.S. 
Government Agencies and organizations; State regulators or Public 
Utility Commissions; Industry and industry associations; other 
Governments, and non-profits and other non-government organizations.
    NIST is seeking information on the current usage of these existing 
approaches throughout industry, the robustness and applicability of 
these frameworks and standards, and what would encourage their 
increased usage. Please provide information related to the following:
    1. What additional approaches already exist?
    2. Which of these approaches apply across sectors?
    3. Which organizations use these approaches?
    4. What, if any, are the limitations of using such approaches?
    5. What, if any, modifications could make these approaches more 
useful?
    6. How do these approaches take into account sector-specific needs?
    7. When using an existing framework, should there be a related 
sector-specific standards development process or voluntary program?
    8. What can the role of sector-specific agencies and related sector 
coordinating councils be in developing and promoting the use of these 
approaches?
    9. What other outreach efforts would be helpful?

Specific Industry Practices

    In addition to the approaches above, NIST is interested in 
identifying core practices that are broadly applicable across sectors 
and throughout industry.
    NIST is interested in information on the adoption of the following 
practices as they pertain to critical infrastructure components:
     Separation of business from operational systems;
     Use of encryption and key management;
     Identification and authorization of users accessing 
systems;
     Asset identification and management;
     Monitoring and incident detection tools and capabilities;
     Incident handling policies and procedures;
     Mission/system resiliency practices;
     Security engineering practices;
     Privacy and civil liberties protection.
    1. Are these practices widely used throughout critical 
infrastructure and industry?
    2. How do these practices relate to existing international 
standards and practices?
    3. Which of these practices do commenters see as being the most 
critical for the secure operation of critical infrastructure?
    4. Are some of these practices not applicable for business or 
mission needs within particular sectors?
    5. Which of these practices pose the most significant 
implementation challenge?
    6. How are standards or guidelines utilized by organizations in the 
implementation of these practices?
    7. Do organizations have a methodology in place for the proper 
allocation of business resources to invest in, create, and maintain IT 
standards?
    8. Do organizations have a formal escalation process to address 
cybersecurity risks that suddenly increase in severity?

[[Page 13028]]

    9. What risks to privacy and civil liberties do commenters perceive 
in the application of these practices?
    10. What are the international implications of this Framework on 
your global business or in policymaking in other countries?
    11. How should any risks to privacy and civil liberties be managed?
    12. In addition to the practices noted above, are there other core 
practices that should be considered for inclusion in the Framework?

    Dated: February 21, 2013.
Patrick Gallagher,
Under Secretary of Commerce for Standards and Technology.
[FR Doc. 2013-04413 Filed 2-25-13; 8:45 am]
BILLING CODE 3510-13-P

TMZ – Kourtney Kardashian After Baby — HOT Mom on the Beach

http://youtu.be/ZGFeC1XkBBE

Kourtney Kardashian was hanging out in Mexico and she looks SO unbelievably hot in her bikini that you might forget how gross those baby-feeding breasts are…

Unveiled by PI – TOP SECRET – White House Strategy on Mitigating the Theft of U.S. Trade Secrets

ADMINISTRATION STRATEGY ON MITIGATING THE THEFT OF U.S. TRADE SECRETS

141 pages
February 2013
6.62 MB

The Administration is focused on protecting the innovation that drives the American economy and supports jobs in the United States. As a Nation, we create products and services that improve the world’s ability to communicate, to learn, to understand diverse cultures and beliefs, to be mobile, to live better and longer lives, to produce and consume energy efficiently and to secure food, nourishment and safety. Most of the value of this work is intangible—it lies in America’s entrepreneurial spirit, our creativity, ingenuity and insistence on progress and in creating a better life for our communities and for communities around the world. These intangible assets are often captured as intellectual property—copyrights, patents, trademarks and trade secrets, and reflect America’s advantage in the global economy.

Emerging trends indicate that the pace of economic espionage and trade secret theft against U.S. corporations is accelerating. There appears to be multiple vectors of attack for persons and governments seeking to steal trade secrets. Foreign competitors of U.S. corporations, some with ties to foreign governments, have increased their efforts to steal trade secret information through the recruitment of current or former employees. Additionally, there are indications that U.S. companies, law firms, academia, and financial institutions are experiencing cyber intrusion activity against electronic repositories containing trade secret information. Trade secret theft threatens American businesses, undermines national security, and places the security of the U.S. economy in jeopardy. These acts also diminish U.S. export prospects around the globe and put American jobs at risk.

As an Administration, we are committed to continuing to be vigilant in addressing threats—including corporate and state sponsored trade secret misappropriation—that jeopardize our status as the world’s leader for innovation and creativity. We will continue to act vigorously to combat the theft of U.S. trade secrets that could be used by foreign companies or foreign governments to gain an unfair economic edge. Departments across the U.S. government have roles in protecting trade secrets and preserving our nation’s economic and national security. This strategy recognizes the crucial role of trade secrets in the U.S. economy and sets out a means for improved coordination within the U.S. government to protect them.

…

Investigations and Prosecutions of Trade Secret Theft

The Department of Justice has made the investigation and prosecution of corporate and state sponsored trade secret theft a top priority. The Department of Justice and the FBI will continue to prioritize these investigations and prosecutions and focus law enforcement efforts on combating trade secret theft. The FBI is also expanding its efforts to fight computer intrusions that involve the theft of trade secrets by individual, corporate, and nation-state cyber hackers. The Department of Homeland Security component law enforcement agencies will continue to work cooperatively with the Department of Justice when its investigations uncover evidence of trade secret theft.

…

Law Enforcement and Intelligence Information Sharing

The Office of the Director of National Intelligence (ODNI)

ODNI will coordinate within the intelligence community to inform the private sector about ways to identify and prevent the theft of trade secrets that benefit a state sponsor or an entity with ties to a foreign government. ODNI will coordinate expanded discussions between the intelligence community and the private sector, focusing on four main aspects of the threat posed by trade secret theft:

•• The number and identity of foreign governments involved in trade secret misappropriation;
•• The industrial sectors and types of information and technology targeted by such espionage;
•• The methods used to conduct such espionage; and
•• The dissemination, use, and associated impact of information lost in trade secret misappropriation.

ODNI, though the Office of the National Counterintelligence Executive (ONCIX) will also counter the threat of trade secret misappropriation by sharing threat warning and awareness information with the private sector, as well as imparting counterintelligence tradecraft procedures tailored to the private sector. In order to support this strategy, ONCIX will brief trade association groups and conferences on industry specific threats.

The Department of Justice

The Department of Justice and the FBI will continue to report on trade secret investigations and prosecutions. Additionally, the FBI will continue its outreach and education efforts with the private sector through various local, regional and national initiatives. At the local level, each of the FBI’s 56 field offices will continue to work with academic institutions, manufacturers, laboratories and other entities that are located within the field office’s area of responsibility and are perceived as being potentially at risk for trade secret theft. At the regional level, the FBI will continue to meet regularly with other government agencies, industry, and academia to share information about insider threats, economic espionage and trade secret theft.

The FBI’s headquarters will review the effectiveness of its local and regional efforts with a focus on the extent of outreach to companies and entities such as cleared defense contractors, universities, hospitals, high science companies, and emerging technology firms. The FBI will continue to engage with trade secrets owners through several national outreach organizations, including the Domestic Security Alliance Council, the National Security Business Alliance Council, and InfraGard, and will continue to work closely with various Information Sharing and Analysis Centers. These local, regional and national efforts will continue to reach a broad swath of companies in multiple sectors such as information technology, communications, aeronautics, engineering, energy, financial services, and consumer retail. The FBI’s engagement with the private sector promotes reasonable safeguards based on recent intelligence, case studies, and emerging trends.

The Department of Justice and the FBI will continue to train prosecutors and investigators on trade secret theft with the goal of increasing the number of successful investigations and prosecutions for violations of the Economic Espionage Act. These training events will target domestic law enforcement officers, prosecutors, and international partners. These events will include both a trade secret specific curriculum as well as broader intellectual property rights enforcement themes in which trade secret theft is a component.

The National Intellectual Property Rights Coordination Center

The National Intellectual Property Rights Coordination Center will obtain leads regarding trade secret misappropriation through its “Report IP Theft” Initiative.

The Department of Defense

The Department of Defense, through the Defense Security Service, will collect, analyze and report on threat information to cleared industries that support Department of Defense programs and the missions of other U.S. government departments and agencies. The Defense Security Service, in coordination with its partner agencies, will continue to provide advice to those cleared industry partners and deliver security training and education on counterintelligence. Through its annual report on trend analysis of threats targeting to U.S. defense technologies, the Defense Security Service will continue to communicate its analysis to industrial partners of the U.S. government.

The Defense Intelligence Agency will co-chair the National Critical Systems and Joint Technology Task Force with the FBI. This effort will continue to provide a collaborative forum to provide input into the counterintelligence efforts to protect critical and emerging technologies by Federal agencies.

Monty Python – How to Irritate People – Skit Video

http://youtu.be/CyCj9dmi5n8

The FBI -Investment Advisor Pleads Guilty to Defrauding Investors of More Than $3.2 Million

FRESNO, CA—Joseph Randall Medcalf, 56, formerly an investment advisor in Fresno, pleaded guilty yesterday to three counts of mail fraud and one count of bankruptcy fraud in connection with a scheme to defraud investors, United States Attorney Benjamin B. Wagner announced.

In his guilty plea, Medcalf admitted that from at least May 2002 through October 2007, he carried out a scheme to defraud investors by offering investment “opportunities” in entities that he controlled, such as All Valley Holdings LLC, CenCal Value Investments LLC, and other ventures. Medcalf failed to register these investments with the Securities and Exchange Commission or other governmental entities. Medcalf convinced some investors to move their investments from secure IRAs and other legitimate investments to him. In some cases, Medcalf’s investments were nonexistent; in other cases, they were failing and worthless. Medcalf frequently did not even invest the funds, but either paid other investors “returns” on their investments or spent it for his own personal use.

According to court documents, Medcalf marketed the investment opportunities as safe investments for a set time period, and he usually guaranteed and interest rate between 6 and 8 percent. He stated that the principal and interest would be returned at the end of the term. In some cases, Medcalf executed promissory notes and subscription agreements that stated the investment’s time period and guaranteed rate of return. These promissory notes and subscription agreements were not authorized by the Securities and Exchange Commission or other governmental entities. In order to lull investors into believing that the investments were secure, Medcalf sent out financial statements showing substantial returns. Medcalf also encouraged his investors to rollover their investment for another term so he could avoid paying out on the investments and to forestall the investors’ discovery that the purported investments were not legitimate.

According to the plea agreement, Medcalf also filed a bankruptcy petition in which he fraudulently failed to disclose his connection with All Valley Holdings and CenCal Value Investments in an effort to avoid disclosure of his scheme to defraud.

As a result of Medcalf’s fraud, investors lost more than $3.2 million. Medcalf has remained in custody since December 2011 when the FBI arrested him at the Atlanta airport as he flew back into the United States from overseas.

This case is the product of an investigation by the Federal Bureau of Investigation. Assistant U.S. Attorneys Kirk Sherriff and Christopher Baker are prosecuting the case.

Medcalf is scheduled to be sentenced by United States District Judge Anthony W. Ishii on May 13, 2013. The plea agreement provides for a sentence of six-and-a-half years in prison. The actual sentence will be determined by the court at the sentencing hearing.

SECRECY NEWS – THE REAL MINIMUM WAGE, CYBERSECURITY, AND MORE FROM CRS

The hourly minimum wage reached its peak value in 1968, when it was worth
$10.57 in real terms, the Congressional Research Service calculated in a
new report.  But although the nominal value of the minimum wage has
increased over the years, it has not kept pace with the increase in
consumer prices, and so its real value has fallen.  See Inflation and the
Real Minimum Wage: A Fact Sheet, February 26, 2013:

    http://www.fas.org/sgp/crs/misc/R42973.pdf

The recent executive order 13636 on cybersecurity was discussed in another
new CRS report, which reviewed the order's provisions, compared it to
pending legislation, and discussed the authority of the President to act
unilaterally in this area.  See "The 2013 Cybersecurity Executive Order:
Overview and Considerations for Congress," March 1, 2013:

    http://www.fas.org/sgp/crs/misc/R42984.pdf

A 1999 provision to provide public access to scientific data used in
federally funded research (known as the Shelby Amendment) has rarely been
invoked in Freedom of Information Act requests, and so neither the benefits
promised by its advocates nor the concerns of its critics have been
realized to any significant extent, a CRS study found.  See Public Access
to Data from Federally Funded Research: Provisions in OMB Circular A-110,
March 1, 2013:

    http://www.fas.org/sgp/crs/secrecy/R42983.pdf

The prospects for current negotiations between the government of Colombia
and the insurgent Revolutionary Armed Forces of Colombia (FARC) were
assessed in a new CRS report, which also provided background on the
conflict in that country.  See Peace Talks in Colombia, March 1, 2013:

    http://www.fas.org/sgp/crs/row/R42982.pdf

The U.S. Supreme Court has agreed to hear challenges to two state laws
that impose restrictions on same-sex marriage. The two pending cases were
discussed by CRS in Same-Sex Marriage and Supreme Court: United States v.
Windsor and Hollingsworth v. Perry, February 20, 2013:

    http://www.fas.org/sgp/crs/misc/R42976.pdf

The Equal Rights Amendment that was proposed in 1972 to prohibit
discrimination "on account of sex" was eventually ratified by 35 states,
three short of the 38 states required for adoption.  Those ratifications
have formally expired, but some supporters contend controversially that it
would possible "to restart the clock on ratification at the current level
of 35 states."  The issues were discussed by CRS in The Proposed Equal
Rights Amendment: Contemporary Ratification Issues, February 28, 2013:

    http://www.fas.org/sgp/crs/misc/R42979.pdf

The adequacy of official reporting of government expenditures is a
continuing concern among policy advocates.  "Two agencies -- the Department
of Homeland Security (DHS) and the Department of Defense (DOD) -- have
never received unqualified audit opinions, which signifies the persistence
of financial problems at these agencies," a new CRS report said.  See
Federal Financial Reporting: An Overview, February 27, 2013:

    http://www.fas.org/sgp/crs/misc/R42975.pdf

Other noteworthy new and updated CRS products that Congress has directed
CRS not to release to the public include the following.

Issues in Homeland Security Policy for the 113th Congress, February 27,
2013:

    http://www.fas.org/sgp/crs/homesec/R42985.pdf

Comparison of Rights in Military Commission Trials and Trials in Federal
Criminal Court, February 28, 2013:

    http://www.fas.org/sgp/crs/natsec/R40932.pdf

International Law and Agreements: Their Effect Upon U.S. Law, March 1,
2013:

    http://www.fas.org/sgp/crs/misc/RL32528.pdf

Cybersecurity: Authoritative Reports and Resources, February 28, 2013:

    http://www.fas.org/sgp/crs/misc/R42507.pdf

U.S. Crude Oil and Natural Gas Production in Federal and Non-Federal
Areas, February 28, 2013:

    http://www.fas.org/sgp/crs/misc/R42432.pdf

Securing America's Borders: The Role of the Military, February 25, 2013:

    http://www.fas.org/sgp/crs/homesec/R41286.pdf

Army Drawdown and Restructuring: Background and Issues for Congress, March
5, 2013:

    http://www.fas.org/sgp/crs/natsec/R42493.pdf

U.S. Trade and Investment in the Middle East and North Africa: Overview
and Issues for Congress, February 28, 2013:

    http://www.fas.org/sgp/crs/misc/R42153.pdf

Southwest Border Violence: Issues in Identifying and Measuring Spillover
Violence, February 28, 2013:

    http://www.fas.org/sgp/crs/homesec/R41075.pdf

Base Realignment and Closure (BRAC): Transfer and Disposal of Military
Property, February 28, 2013:

    http://www.fas.org/sgp/crs/natsec/R40476.pdf

Department of Defense Trends in Overseas Contract Obligations, March 1,
2013:

    http://www.fas.org/sgp/crs/natsec/R41820.pdf

Sequestration as a Budget Enforcement Process: Frequently Asked Questions,
February 27, 2013:

    http://www.fas.org/sgp/crs/misc/R42972.pdf

Sessions, Adjournments, and Recesses of Congress, February 27, 2013:

    http://www.fas.org/sgp/crs/misc/R42977.pdf

Kenya: Current Issues and U.S. Policy, February 26, 2013:

    http://www.fas.org/sgp/crs/row/R42967.pdf

Comparing Medicaid and Exchanges: Benefits and Costs for Individuals and
Families, February 28, 2013:

    http://www.fas.org/sgp/crs/misc/R42978.pdf

Brief History of Comprehensive Immigration Reform Efforts in the 109th and
110th Congresses to Inform Policy Discussions in the 113th Congress,
February 27, 2013:

    http://www.fas.org/sgp/crs/homesec/R42980.pdf

U.S. Trade and Investment in the Middle East and North Africa: Overview
and Issues for Congress, February 28, 2013:

        http://www.fas.org/sgp/crs/misc/R42153.pdf

China's Economic Conditions, March 4, 2013:

    http://www.fas.org/sgp/crs/row/RL33534.pdf

_______________________________________________
Secrecy News is written by Steven Aftergood and published by the
Federation of American Scientists.

The Secrecy News Blog is at:
     http://www.fas.org/blog/secrecy/

To SUBSCRIBE to Secrecy News, go to:
     http://www.fas.org/sgp/news/secrecy/subscribe.html

To UNSUBSCRIBE, go to
     http://www.fas.org/sgp/news/secrecy/unsubscribe.html

OR email your request to saftergood@fas.org

Secrecy News is archived at:
     http://www.fas.org/sgp/news/secrecy/index.html

Support the FAS Project on Government Secrecy with a donation:
     http://www.fas.org/member/donate_today.html

_______________________
Steven Aftergood
Project on Government Secrecy
Federation of American Scientists
web:    www.fas.org/sgp/index.html
email:  saftergood@fas.org
voice:  (202) 454-4691
twitter: @saftergood

Cryptome – Whistleblowing on Whistleblowing Oversight

Whistleblowing on Whistleblowing Oversight

[Federal Register Volume 78, Number 38 (Tuesday, February 26, 2013)]
[Notices]
[Pages 13101-13102]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2013-04467]

=======================================================================
-----------------------------------------------------------------------

PRIVACY AND CIVIL LIBERTIES OVERSIGHT BOARD

[Notice-PCLOB-2013-01; Docket No. 2013-0004; Sequence No. 1]

No FEAR Act Notice; Notice of Rights and Protections Available 
Under Federal Antidiscrimination and Whistleblower Protection Laws

AGENCY: Privacy and Civil Liberties Oversight Board.

ACTION: Notice.

-----------------------------------------------------------------------

SUMMARY: In accordance with the requirements of the Notification and 
Federal Employee Antidiscrimination and Retaliation Act of 2002, the 
Privacy and Civil Liberties Oversight Board is providing notice to its 
employees, former employees, and applicants for Board employment about 
the rights and remedies available to them under the federal anti-
discrimination, whistleblower protection, and retaliation laws.

FOR FURTHER INFORMATION CONTACT: Claire McKenna, Legal Counsel, at 202-
366-0365 or claire.mckenna.pclob@dot.gov.

SUPPLEMENTARY INFORMATION: On May 15, 2002, Congress enacted the 
Notification and Federal Employee Antidiscrimination and Retaliation 
Act of 2002, Public Law 107-174, also known as the No FEAR Act. The Act 
requires that federal agencies provide notice to their employees, 
former employees, and applicants for employment to inform them of the 
rights and protections available under federal anti-discrimination, 
whistleblower protection, and retaliation laws.

Anti-Discrimination Laws

    A federal agency cannot discriminate against an employee or 
applicant with respect to the terms, conditions, or privileges of 
employment on the basis of race, color, religion, sex, national origin, 
age, disability, marital status, or political affiliation. 
Discrimination on these bases is prohibited by one or more of the 
following statutes: 5 U.S.C. 2302(b)(1), 29 U.S.C. 206(d), 29 U.S.C. 
631, 29 U.S.C. 633a, 2 U.S.C. 791, and 42 U.S.C. 2000e-16.
    If you believe that you have been the victim of unlawful 
discrimination on the basis of race, color, religion, sex, national 
origin, or disability, you must contact an Equal Employment Opportunity 
(EEO) counselor within 45 calendar days of the alleged discriminatory 
action, or, in the case of personnel action, within 45 calendar days of 
the effective date of the action, before you can file a formal 
complaint of discrimination with your agency. This timeline may be 
extended by the Board under the circumstances described in 29 CFR 
1614.105(a)(2). If you believe that you have been the victim of 
unlawful discrimination on the basis of age, you must either contact an 
EEO counselor as noted above or give notice of intent to sue to the 
Equal Employment Opportunity Commission (EEOC) within 180 calendar days 
of the alleged discriminatory action. If you are alleging 
discrimination based on marital status or political affiliation, you 
may file a written complaint with the U.S. Office of Special Counsel 
(OSC) (see contact information below). In the alternative (or in some 
cases, in addition), you may pursue a discrimination complaint by 
filing a grievance through the Board's administrative or negotiated 
grievance procedures, if such procedures apply and are available.

Whistleblower Protection Laws

    A federal employee with authority to take, direct others to take, 
recommend, or approve any personnel action must not use that authority 
to take or fail to take, or threaten to take or fail to take, a 
personnel action against an employee or applicant because of disclosure 
of information by that individual that is reasonably believed to 
evidence violations of law, rule, or regulation; gross mismanagement; 
gross waste of funds; an abuse of authority; or a substantial and 
specific danger to public health or safety, unless disclosures of such 
information is specifically prohibited by law and such information is 
specifically required by executive order to be kept secret in the 
interest of national defense or the conduct of foreign affairs.
    Retaliation against an employee or applicant for making a protected 
disclosure is prohibited by 5 U.S.C. 2302(b)(8). If you believe that 
you have been the victim of whistleblower retaliation, you may file a 
written complaint (Form OSC-11) with the U.S. Office of Special Counsel 
at 1730 M Street NW., Suite 218, Washington, DC 20036-4505 or online 
through the OSC Web site, http://www.osc.gov.

Retaliation for Engaging in Protected Activity

    A federal agency cannot retaliate against an employee or applicant 
because that individual exercises his or her rights under any of the 
federal antidiscrimination or whistleblower protection laws listed 
above. If you believe that you are the victim or retaliation for 
engaging in protected activity, you must follow, as appropriate, the 
procedures described in the Antidiscrimination Laws and Whistleblower 
Protection Laws section or, if applicable, the administrative or 
negotiated grievance procedures in order to pursue any legal remedy.

Disciplinary Actions

    Under existing laws, each agency retains the right, where 
appropriate, to discipline a federal employee for conduct that is 
inconsistent with the Federal Antidiscrimination and Whistleblower 
Protection Laws up to and including removal. If OSC has initiated an 
investigation under 5 U.S.C. 1214, however, agencies must seek approval 
from OSC to discipline employees for, among other activities, engaging 
in prohibited retaliation, 5 U.S.C. 1214(f). Nothing in the No FEAR Act 
alters existing laws or permits an agency to take unfounded 
disciplinary action against a federal employee or to

[[Page 13102]]

violate the procedural rights of a federal employee who has been 
accused of discrimination.

Additional Information

    For further information regarding the No FEAR Act regulations, 
refer to 5 CFR 724, as well as the appropriate Board offices. 
Additional information regarding federal antidiscrimination laws can be 
found at the EEOC Web site, http://www.eeoc.gov, and the OSC Web site, 
http://www.osc.gov.

Existing Rights Unchanged

    Pursuant to section 205 of the No FEAR Act, neither the No FEAR Act 
nor this notice creates, expands, or reduces any rights otherwise 
available to any employee, former employee, or applicant under the laws 
of the United States, including the provisions of law specified in 5 
U.S.C. 2302(d).

    Dated: February 21, 2013.
Claire McKenna,
Legal Counsel, Privacy and Civil Liberties Oversight Board.
[FR Doc. 2013-04467 Filed 2-25-13; 8:45 am]
BILLING CODE P

TMZ – Heidi Klum on ‘America’s Got Talent’ — I’m Ready to ‘X’ You

http://youtu.be/RwI6x-gHD5Y

Howie Mandel is already BFFs with Heidi Klum — his new fellow judge on “America’s Got Talent” — in fact, the two are on such close terms … Howie has no problem joking about Heidi slapping her estranged husband Seal.

Published by PI – UNODC Bribery and Corruption in Afghanistan Report – Confidential

CORRUPTION IN AFGHANISTAN: RECENT PATTERNS AND TRENDS

40 pages
December 2012

The large-scale population survey on the extent of bribery and four sector-specific integrity surveys of public officials undertaken by UNODC and the Government of Afghanistan in 2011/2012 reveal that the delivery of public services remains severely affected by bribery in Afghanistan and that bribery has a major impact on the country’s economy. In 2012, half of Afghan citizens paid a bribe while requesting a public service and the total cost of bribes paid to public officials amounted to US$ 3.9 billion. This corresponds to an increase of 40 per cent in real terms between 2009 and 2012, while the ratio of bribery cost to GDP remained relatively constant (23 per cent in 2009; 20 per cent in 2012).

While corruption is seen by Afghans as one of the most urgent challenges facing their country, it seems to be increasingly embedded in social practices, with patronage and bribery being an acceptable part of day-to-day life. For example, 68 per cent of citizens interviewed in 2012 considered it acceptable for a civil servant to top up a low salary by accepting small bribes from service users (as opposed to 42 per cent in 2009). Similarly, 67 per cent of citizens considered it sometimes acceptable for a civil servant to be recruited on the basis of family ties and friendship networks (up from 42 per cent in 2009).

Since 2009 Afghanistan has made some tangible progress in reducing the level of corruption in the public sector. While 59 per cent of the adult population had to pay at least one bribe to a public official in 2009, 50 per cent had to do so in 2012, and whereas 52 per cent of the population paid a bribe to a police officer in 2009, 42 per cent did so in 2012.

However, worrying trends have also emerged in the past three years: the frequency of bribery has increased from 4.7 bribes to 5.6 bribes per bribe-payer and the average cost of a bribe has risen from US$ 158 to US$ 214, a 29 per cent increase in real terms. Education has emerged as one of the sectors most vulnerable to corruption, with the percentage of those paying a bribe to a teacher jumping from 16 per cent in 2009 to 51 per cent in 2012. In general, there has been no major change in the level of corruption observed in the judiciary, customs service and local authorities, which remained high in 2012, as in 2009.

Although with a different intensity, bribery not only affects the public sector but also nonpublic sector entities in Afghanistan. Nearly 30 per cent of Afghan citizens paid a bribe when requesting a service from individuals not employed in the public sector of Afghanistan in 2012, as opposed to the 50 per cent who paid bribes to public officials. The national economic impact of non-governmental bribery is also lower, with an estimated total cost of US$ 600 million, some 15 per cent of the estimated US$ 3.9 billion paid to the public sector.

Significant variations in the distribution of these two types of bribery also exist across Afghanistan. The public sector is most affected by bribery in the Western (where 71 per cent of the population accessing public services experienced bribery) and North-Eastern Regions (60 per cent), while it is least affected in the Southern (40 per cent) and Central (39 per cent) Regions. On the other hand, local individuals and entities not employed in the public sector of Afghanistan, such as village elders, Mullahs and Taliban groups, are more involved in bribery in the Southern region (nearly 60 per cent of those who had contact with such individuals).

The analysis of specific forms of bribery in four different sectors of the public administration in Afghanistan (police, local government, judiciary and education), by means of the integrity surveys, indicates that bribery takes place for different reasons in different circumstances. In most cases bribes are paid in order to obtain better or faster services, while in others bribes are offered to influence deliberations and actions such as police activities and judicial decisions, thereby eroding the rule of law and trust in institutions. For example, 24 per cent of cases in which bribes were offered to the police were related to the release of imprisoned suspects or to avoid imprisonment.

The data show that for every five Afghan citizens who paid at least one bribe in the 12 months prior to the survey, there was one who refused to do so mainly due to a lack of financial resources. This means that the use of bribery in the public sector affects the capacity of the Afghan population to access necessary services, and that — as they are more likely to accept the payment of bribes — higher income households can ensure better accessibility to, and a higher quality of, public services than households with lower incomes. Conversely, citizens with lower incomes are more likely to turn down requests for bribes, which effectively prices them out of the “market” for public services and makes them less likely to receive fair service delivery.

Recruitment in the public sector has shown itself to be an area of concern in Afghanistan as it is largely based on bribes or patronage. About 80 per cent of citizens with a family member recruited into the civil service in the last three years declared that the family member in question received some form of assistance or paid a bribe to be recruited. Civil servants in the four sectors covered in the integrity surveys also acknowledged that assistance with recruitment is widespread. For example, some 50 per cent of police, local government staff and school teachers indicated that they received assistance during their recruitment.

When it comes to reporting bribery, 22 per cent of those who paid a bribe in 2012 reported the incident to authorities such as the police (one third), the public prosecutor’s office and the High Office of Oversight and Anti-Corruption (one fifth each). While the bribery reporting rate in Afghanistan seems to be relatively high by international comparison, it is not clear if the reporting declared in the survey took place in a formal setting since it rarely led to effective results. Indeed, less than a fifth of cases reported to the authorities resulted in a formal procedure and the majority of claims did not lead to any type follow up.

…

Manager Magazin – “GoMoPa” erhielt € 200.000,- von S&K – deklariert als “Schutzgeldzahlung”

http://www.manager-magazin.de/unternehmen/artikel/0,2828,886846,00.html

“GoMoPa-Präsident Klaus Maurischat”

Spam Song by Monty Python – Video

FBI Director Robert Muller – The Cyber Threat: Planning for the Way Ahead


Director Mueller speaks to cyber security professionals in San Francisco. Read text of his remarks.

The Cyber Threat
Planning for the Way Ahead

Denial of service attacks, network intrusions, state-sponsored hackers bent on compromising our national security: The cyber threat is growing, and in response, said FBI Director Robert S. Mueller, the Bureau must continue to strengthen its partnerships with other government agencies and private industry—and take the fight to the criminals.

“Network intrusions pose urgent threats to our national security and to our economy,” Mueller told a group of cyber security professionals in San Francisco today. “If we are to confront these threats successfully,” he explained, “we must adopt a unified approach” that promotes partnerships and intelligence sharing—in the same way we responded to terrorism after the 9/11 attacks.

Focus on Hackers and Intrusions

The FBI over the past year has put in place an initiative to uncover and investigate web-based intrusion attacks and develop a cadre of specially trained computer scientists able to extract hackers’ digital signatures from mountains of malicious code. Learn more

The FBI learned after 9/11 that “our mission was to use our skills and resources to identify terrorist threats and to find ways of disrupting those threats,” Mueller said. “This has been the mindset at the heart of every terrorism investigation since then, and it must be true of every case in the cyber arena as well.”

Partnerships that ensure the seamless flow of intelligence are critical in the fight against cyber crime, he explained. Within government, the National Cyber Investigative Joint Task Force, which comprises 19 separate agencies, serves as a focal point for cyber threat information. But private industry—a major victim of cyber intrusions—must also be “an essential partner,” Mueller said, pointing to several successful initiatives.

The National Cyber Forensics and Training Alliance, for example, is a model for collaboration between private industry and law enforcement. The Pittsburgh-based organization includes more than 80 industry partners—from financial services, telecommunications, retail, and manufacturing, among other fields—who work with federal and international partners to provide real-time threat intelligence.

Another example is the Enduring Security Framework, a group that includes leaders from the private sector and the federal government who analyze current—and potential—threats related to denial of service attacks, malware, and emerging software and hardware vulnerabilities.

Mueller also noted the Bureau’s cyber outreach efforts to private industry. The Domestic Security Alliance Council, for instance, includes chief security officers from more than 200 companies, representing every critical infrastructure and business sector. InfraGard, an alliance between the FBI and industry, has grown from a single chapter in 1996 to 88 chapters today with nearly 55,000 members nationwide. And just last week, the FBI held the first session of the National Cyber Executive Institute, a three-day seminar to train leading industry executives on cyber threat awareness and information sharing.

“As noteworthy as these outreach programs may be, we must do more,” Mueller said. “We must build on these initiatives to expand the channels of information sharing and collaboration.”

He added, “For two decades, corporate cyber security has focused principally on reducing vulnerabilities. These are worthwhile efforts, but they cannot fully eliminate our vulnerabilities. We must identify and deter the persons behind those computer keyboards. And once we identify them—be they state actors, organized criminal groups, or 18-year-old hackers—we must devise a response that is effective, not just against that specific attack, but for all similar illegal activity.”

“We need to abandon the belief that better defenses alone will be sufficient,” Mueller said. “Instead of just building better defenses, we must build better relationships. If we do these things, and if we bring to these tasks the sense of urgency that this threat demands,” he added, “I am confident that we can and will defeat cyber threats, now and in the years to come.”

Unveiled by Cryptome – Bradley Manning Military Spying Analyzed

Bradley Manning Military Spying Analyzed

This comments on Alexa O’Brien’s Narration of Bradley Manning’s court statement, February 28, 2013:

http://www.alexaobrien.com/secondsight/wikileaks/bradley_manning/pfc_bradley_e_manning_
providence_hearing_statement.html

Manning’s statement provides useful information to understand military spying seldom revealed to the public. His statement was not only advised by his defense attorney but vetted by military intelligence as mandated for court proceedings.

1. Manning cites his advanced training as a military spy at Fort Huachaca, AZ, Military Occupational Specialty (MOS) 35F; this MOS requires Top Secret/SCI clearance.*

1.1 He does not describe specific skills he obtained and their application during training. Presumably much of this is classified.

2. Manning cites his military spying duty at Fort Drum, NY.

2.1 He does not describe specifics of what this spying involved. Presumably much of this is classified, particular that associated with spying inside the United States or on US persons.

2.2 Nor if this spying inside the United States and against US persons was legal. Military uses, and perhaps personal use, is likely classified.

3. Manning describes surveilling websites, chat rooms, and other fora as part of his military spying duites, including targets located in the United States and against US persons.

3.1. He does not describe if this surveillance was recorded and applied for military spying purposes by him and/or others in addition to his personal use.

3.2 Nor if this spying inside the United States and against US persons was legal. Military uses, and perhaps personal use, is likely classified.

4. Manning describes chats and communications allegedly with representatives of WikiLeaks.

4.1 He does not describe if these were recorded and/or used for military spying purposes. Presumbly military uses are classified.

5. Manning describes his back-ups of data and analysis of military spying.

5.1 He does not describe military systems back-ups which are conventional in most systems and in particular on systems handling classiifed information.

5.2 Presumably these back-ups will contain data about his and all others’ back-ups and downloads.

6. Manning describes archiving and sharing of spying data and analysis for general use.

6.1 He does not describe multi-level security measures customarily applied to archiving and sharing systems.

6.2 Presumbably these security systems recorded all uploads, downloads and accesses to archiving and sharing systems.

7. Manning describes lax monitoring of computer and network usage, outages, work-arounds and contingencies of systems he used in military spying as justification for his personal initiatives.

7.1 He does not describe counter-intelligence measures to track usage, outage, work-arounds and contingencies long associated with computer and networks, especially those handling classified information.

8. Manning admits to disclosing lightly classified information in his statement.

8.1 He does not disclose any lightly or other classified information in his statement. Presumably advised to not do so.

9. Manning does not describe military spy training in deception, undercover, ruse, lying, impersonation, dupery, false innocence, attacks, counter-attacks, guile, sabotage, planting false information, spread of disinformation, ploys and other spy tradecraft, in particular those associated with the cyber-spy curriculum at Fort Huachuca, AZ.

9.1 Presumbably much of this is classified.

10. Manning describes use of Tor for anonymizing.

10.1 He does not describe faults in Tor:

10.2 Its principal funding by the US Government;

10.3 Its tax-exempt status by the US Government;

10.4 Its principal place of operation in the US;

10.5 Its principal staffing by US persons;

10.6 Its principal board members by US persons;

10.7 Its vulnerability of tracking users through sniffing of nodes and instantaneous access to node activity by planted-ware (including the nodes which claim to not log).

_________

Corollaries:

11. The USG will call 140 or more witnesses for the Manning trial.

11.1 Presumably no prosecution classified testimony will be public, as before.

12. Manning defense will call its witnesses.

12.1 Presumably no defense classified testimony will be public, as before.

13. Military court may withhold information from the public more than civilian courts.

13.1 Information, evidence and testimonry can be classified to avoid disclosure by using military courts to cloak illegal operations.

14. MOS 35F has been revised in response to Manning disclosures, imprisonment and prosecution.

14.1 MOS 35F revisions will not be made public, especially spying inside the United States and against US persons, as before.

15. There will no disclosure of using young service members to spy inside and outside the United States, as long practiced and more recently online.

16. There will be no disclosure of manipulating young service members to believe they know more than they do or getting away with more than they are — standard means and methods of spy operations.

17. There will be no disclosure of manipulating the public by encouraging ostensibly opposition media coverage.

18. There will be no disclosure of manipulating friendly and hostile participants to inform on each other.

More later when the official transcript is released — with the likelihood it may be redacted, doctored or revised for security clearance.

* Top Secret clearance is for life; even it is withdrawn there is no escape from the obligation to never reveal what was learned under the clearance (Daniel Ellsberg readily admits he never revealed all he knew for that reason; nor has the other famous US disclosers not in jail or buried).

TMZ – Chris Brown & Rihanna MURDER Plot on ‘Law & Order: SVU’

Chris Brown & Rihanna MURDER Plot on ‘Law & Order: SVU’

An episode of ‘Law & Order: SVU’ which aired last night was eerily similar to the epic Rihanna-Chris Brown abuse scandal but they took it to an extreme and KILLED OFF the Rihanna character. It seems like these “ripped from the headlines” story plots are a little too easy… how about they try JWoww’s jacked up boob job next?

The Proof: Cyber Attacks since Years – Der Beweis: Die jahrelangen Cyberattacken gegen unsere Webseiten

Ein kleiner Ausschnitt

A little excerpt:

Dear Readers,

since days our websites berndpulch.org and http://www.investment-on.com

are attacked by vicious criminals which have been identified including their comrades.

All the proof is given to the relevant authorities.

In the meantime every attack gives us more evidence against these criminals.

We released a new website

http://www.bernd-pulch.org

is a clone of http://www.berndpulch.org

and some more will follow.

History shows that all censorship could not stop the truth.

In fact people get even more curious about the truth which the censors want

to hide !

Sincerely yours

Bernd Pulch

Publisher

Das Betrugsurteil gegen Klaus Maurischat/”GoMoPa” wg Betruges am eigenen Anleger

“Klaus Maurischat”; “GoMoPa”,

“Klaus Maurischat”, “GoMoPa”,

https://berndpulch.org/das-betrugsurteil-gegen-bennewirtz-und-peter-ehlers-gomopa-partner-maurischat-und-vornkahl-wg-betruges-am-eigen-anleger/

Am 24. April 2006 war die Verhandlung am Amtsgericht Krefeld in der Betrugssache: Mark Vornkahl / Klaus Maurischat ./. Dehnfeld. Aktenzeichen: 28 Ls 85/05 Klaus MaurischatLange Straße 3827313 Dörverden.

Wer soll denn diesen Typen noch irgendwie trauen ?

Und diese Typen berichten über angebliche und tatsächliche Investment Verbrechen ?

Die Strategie ist es, stattdessen ihre Gegner zu kriminalisieren, wie bereits Meridian Capital bewies und wie es die STASI schon immer tat.

The Judgement against “President and CEO” Klaus Maurischat or whatever his name is because he committed fraud AGAINST HIS OWN INVESTORS.

Their strategy is to criminalize their opponents with their network as Meridian Capital showed – a well-known strategy of East German STASI Agents.

Who can trust these fraudsters ?

These guys report about investment crime ?

What a parody….

Bernd Pulch

Magister Artium

PUBLIC INTELLIGENCE -SECRET – Afghanistan Anti-Corruption Monitoring Report

INDEPENDENT JOINT ANTI-CORRUPTION MONITORING AND EVALUATION COMMITTEE REPORT OF THE PUBLIC INQUIRY INTO THE KABUL BANK CRISIS

87 pages
November 15, 2012

Kabul Bank’s controlling shareholders, key supervisors and managers led a sophisticated operation of fraudulent lending and embezzlement predominantly through a loan-book scheme. This resulted in Kabul Bank being deprived of approximately $935 million funded mostly from customer’s deposits. The loan-book scheme provided funds through proxy borrowers without repayment; fabricated company documents and financial statements; and used information technology systems that allowed Kabul Bank to maintain one set of financial records to satisfy regulators, and another to keep track of the real distribution of bank funds. Shareholders, related individuals and companies, and politically exposed people were the ultimate beneficiaries of this arrangement. Over 92 percent of Kabul Bank’s loan-book – or approximately $861 million – was for the benefit of 19 related parties (companies and individuals). Except for the initial investment of $5 million, all shareholder acquisitions and transfers were ultimately funded by money from Kabul Bank.

Kabul Bank’s Credit Department opened loan accounts for proxy borrowers on instruction from senior management, and forged supporting documents including applications, financial statements, and registrations, and employed fake business stamps to lend authenticity to the documents. Many financial statements were forged by Afghan accounting firms, seemingly established for the sole purpose of producing fraudulent documents to support loan files.

Loan funds were transferred shortly after an account was opened (in some cases even before the supporting documents were completed) through fake SWIFT messages and invoices created by Kabul Bank’s Credit Department itself. Actual disbursements were made through electronic payments or cash from the Bank’s vault. The funds eventually made their way to the true beneficiaries, were used to acquire assets for management, or were withdrawn in cash. Electronic transfers had the appearance of being transferred to overseas suppliers, or for other legitimate purposes. Some cash was transferred through the Kabul Airport using Pamir Airways, which was owned by shareholders related to Kabul Bank. Repayment of loans was rare, and most often new loans were created to provide the appearance of repayment.

Other Kabul Bank funds were misappropriated through non-loan disbursements that included excessive expenses, investments in related businesses, fake capital injections, advance payments of rent and salaries, unjustifiable bonuses, salaries paid to non-existent employees, inflated costs for assets, payment for fake assets, and political contributions.

Failure of regulatory and supervisory efforts

There were several opportunities for various national and international bodies to detect and prevent Kabul Bank’s fraudulent activities. The collective failure of banking oversight and enforcement is one of the many contributing factors that allowed hundreds of millions of dollars to be diverted from important Afghan priorities to the personal bank accounts and business enterprises of a few individuals, including the Bank’s shareholders and management.

The earliest opportunity was presented at the licensing stage where it appears that the personal, financial and criminal backgrounds of shareholders, supervisors and managers were not sufficiently reviewed. The Kabul Bank promoters submitted a business plan, articles of association, and some personal and financial disclosures, presenting a picture of competent management with decades of banking experience. However, Da Afghanistan Bank only reviewed the ex-Chairman’s suitability because he was the only shareholder with sufficiently large shareholdings. The suitability of other shareholders was not extensively reviewed. In conducting their background check, Da Afghanistan Bank submitted names to the Ministry of Interior in April 2004, which were cleared in September 2004, several months after Kabul Bank had begun to operate. It is unclear how extensively the Ministry of Interior’s background check was, but it is unlikely that a criminal check at this time would have identified the founder and ex-Chairman as a fugitive from the Russian Federation because this information had not been shared through Interpol until well after the licensing of Kabul Bank.

Kabul Bank’s illicit activities commenced soon after its licensing, but regulatory and law enforcement agencies did not effectively intervene. The capacity of Da Afghanistan Bank to regulate and supervise banks at this time was low. It was not until 2007 – over two-years since Kabul Bank was licensed – that onsite examinations of banks were conducted in Afghanistan. However, throughout the period between 2007 and September 2010, Da Afghanistan Bank carried out four general examinations of Kabul Bank, undertook three special examinations, and took enforcement measures or corrective actions four times.

Supervisory efforts consistently identified regulatory violations related to governance, loan files, and promotional incentives to gain new depositors. None of these efforts identified the extensive fraud occurring at the Bank, partially due to the sophistication of the Bank’s attempts to hide the fraud and partially due to Da Afghanistan Bank’s lack of capacity and failure to use investigative techniques. Additionally, several efforts to take enforcement action against the Bank were met with interference and were not implemented, including an attempt by Da Afghanistan Bank to limit incentive programs to attract depositors and an attempt by the Financial Transactions and Reports Analysis Centre of Afghanistan to issue a fine.

International support was required to bridge the gap between Da Afghanistan Bank’s capacity and requisite levels of supervision leading to the design of programs to develop financial regulatory and supervisory capacity. This international assistance predominantly came in the form of the United States Agency for International Development’s Economic Growth and Governance Initiative which ran from 2005-2011. However, the program was not capable of developing sufficient capacity at Da Afghanistan Bank to detect the fraud at Kabul Bank, nor did the program’s implementing partners – Bearing Point and later Deloitte – detect the fraud or act sufficiently upon fraud indicators.

Video – Monty Python’s best sketch ever

Monty Python’s best sketch ever

My favorite sketch from Monty Python’s Flying Circus.

Video – Monty Python – Spanish Inquisition Torture Scene

http://www.youtube.com/watch?v=CSe38dzJYkY&feature=share&list=PL8542195806E06F7E

Monty Python – Spanish Inquisition Torture Scene

HA! Nobody expects the Spanish Inquisition! Capture and ‘torture’ an old woman.

Hackerattacken und Ausweichdomains – Cyberattacks and replacement domains

Dear Sirs,

since our websites are under heavy attacks since months we have released 1 more replacement domain

which mirrors the content of other websites:

http://www.bernd-pulch.org

Best regards

Bernd Pulch

Magister Artium

Unveiled by PI – U.S. Army Traffic Control Point Operations Smart Card

Center for Army Lessons Learned

2 pages
For Official Use Only
September 2010
2.93 MB

You may engage the following individuals based on their conduct:

• Persons who are committing hostile acts against Coalition forces (CF).
• Persons who are exhibiting hostile intenttowards CF.

These persons may be engaged subject to the following instructions:

Positive identification (PID) is required prior to engagement. PID is a reasonable certainty that the proposed target is a legitimate military target. If no PID, contact your next higher commander for decision.

Use graduated measures of force. When time and circumstance permit, use the following degrees of graduated force when responding to hostile act/intent:

1. Shout verbal warnings to halt.
2. Show your weapon and demonstrate intentto use it.
3. Block access or detain.
4. Warning shots may be permitted in your operating environment (OE)/area of responsibility (AOR).
5. Fire proportional lethal force.

Do not target or strike anyone who has surrendered or is out of combat due to sickness or wounds.

Do not target or strike hospitals, mosques, churches, shrines, schools, museums, national monuments, any other historical and cultural sites, or civilian populated areas or buildings UNLESS the enemy is using them for military purposes or if necessary for your self-defense.

Do not target or strike Local infrastructure (public works, commercial communication facilities , dams), lines of communication (roads, highways, tunnels, bridges, railways), or economic objects (commercial storage facilities, pipelines) UNLESS necessary for self-defense or if ordered by your commander. If you must fire on these objects, fire to disable and disrupt rather than destroy.

ALWAYS minimize incidental injury, loss of life, and collateral damage.

The use of force, including deadly force, is authorized to
protect the following:

• Yourself, your unit, and other friendly forces.
• Detainees
• Civilians from crimes that are likely to cause death or serious bodily harm, such as murder or rape.
• Designated personnel or property, when such actions are necessary to restore order and security.

In general, WARNING SHOTS are authorized ONLY when the use of deadly force would be authorized in that particular situation.

Treat all civilians and their property with respect and dignity. Do not seize civilian property, including vehicles, unless the property presents a security threat. When possible, give a receipt to the property’s owner.

You may DETAIN civilians based upon a reasonable belief that the person:

• Must be detained for purposes of self-defense.
• Is interfering with CF mission accomplishment.
• Is on a list of persons wanted for questioning, arrest, or detention.
• Is or was engaged in criminal activity.
• Must be detained for imperative reasons of security.

Anyone you detain MUST be protected. Force, up to and including deadly force, is authorized to protect detainees in your custody. You MUST fill out a detainee apprehension card for EVERY person you detain.

Looting and the taking of war trophies are prohibited.

All personnel MUST report any suspected violations of the Law of War committed by any US, friendly, or enemy force. Notify your chain of command, Judge Advocate, IG, Chaplain, or appropriate service-related investigative branch.

Monty Python – Travel Agent Sketch Film

From Monty Python’s Flying Circus – Episode 31. Featuring Michael Palin, Eric Idle & Carol Cleveland. Original Broadcast Date: Nov. 16, 1972.

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Protection of Freedoms Act 2012: Draft statutory guidance on the making or renewing of national security determinations allowing the retention of biometric data

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

AFOSI SPECIAL PRODUCT

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Cryptologs

Rate this:

Share this:

INFORMATION SHARING: Additional Actions Could Help Ensure That Efforts to Share Terrorism-Related Suspicious Activity Reports Are Effective

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

THINKING OUT LOUD ABOUT CYBERSPACE (U)

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this: