TOP-SECRET – DHS Cybersecurity Order 13636

Executive Order 13636: Improving Critical Infrastructure Cybersecurity Cyber-Dependent Infrastructure Identification Working Group (CDIIWG)

20 pages
For Official Use Only
March 11, 2013Executive Order 13636: Improving Critical Infrastructure Cybersecurity Cyber-Dependent Infrastructure Identification Working Group (CDIIWG)

20 pages
For Official Use Only
March 11, 2013
Executive Order 13636: Improving Critical Infrastructure Cybersecurity Cyber-Dependent Infrastructure Identification Working Group (CDIIWG)

20 pages
For Official Use Only
March 11, 2013

Download

Overview of Executive Order 13636

– Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity was released on February 12, 2013
– Relies on public-private collaboration to improve critical infrastructure cyber posture
– Includes elements to enhance information sharing, develop a cybersecurity framework, and create a voluntary cybersecurity program
– Requires the Department of Homeland Security (DHS) to identify the “critical infrastructure where a cybersecurity incident could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security”

DHS will work with CIPAC to execute Section 9 of the EO

“Within 150 days of the date of this order, the Secretary shall use a risk-based approach to identify critical infrastructure where a cybersecurity incident could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security.” (EO 13636, Section 9)

Apply consistent, objective criteria

Stakeholders include:
– Critical Infrastructure Partnership Advisory Council (CIPAC)
– Sector Specific Agencies (SSA)
– Sector Coordinating Councils (SCC)
– Government Coordinating Councils (GCC)
– Critical infrastructure owners and operators

The list of identified critical infrastructure will be reviewed and updated on an annual basis

Execution of Section 9 will be led by the Cyber-Dependent Infrastructure Identification Working Group (CDIIWG)

Overview of CDII Approach (1 of 2)

Only a small subset of U.S. infrastructure will fall under the focus of the EO activity
– Owners and operators will have the opportunity to provide relevant information
– A review process will be established for the identification as critical infrastructure

Focus is on critical infrastructure that could be compromised through cyber exploitation and which, if incapacitated, could result in catastrophic national, public health, or economic consequences
– Higher standard than debilitating, which is what is used in the base definition to define critical infrastructure
– The Secretary of DHS will provide a list of critical infrastructure most at risk in the context of a cyber incident within 150 days of EO release
– Commercial IT products and consumer information technology services will not be directly designated under the EO as infrastructure most at risk

All sectors will be engaged –through engagement and initial analysis it may be determined that a sector does not have any infrastructure that meets the threshold, the focus of the initial list will not be on that sector(s)

Sectors with existing CI identification processes and lists should be leveraged where appropriate

Functions-based approach to identify critical infrastructure
– Accounts for the virtual and distributed nature of cyber infrastructure
– Focuses on the critical activities, services, or products being produced or provided by a sector, subsector, or mode
– Functions are identified based on the national or regional level consequences that can result from a disruption or exploitation of the infrastructure
– Does not identify a specific organization’s assets, networks, or systems; focus is on sector functions and the types of systems that support them

Requires the application of criteria that will be used to screen the infrastructure that aligns to the critical functions
– Consistently applied within sectors and, where possible, across sectors as well

Stakeholder engagement will be conducted throughout this effort
– CDIIWG will work with sectors (SSAs, SCCs, GCCs) via the CIPAC partnership framework

Download

Overview of Executive Order 13636

– Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity was released on February 12, 2013
– Relies on public-private collaboration to improve critical infrastructure cyber posture
– Includes elements to enhance information sharing, develop a cybersecurity framework, and create a voluntary cybersecurity program
– Requires the Department of Homeland Security (DHS) to identify the “critical infrastructure where a cybersecurity incident could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security”

DHS will work with CIPAC to execute Section 9 of the EO

“Within 150 days of the date of this order, the Secretary shall use a risk-based approach to identify critical infrastructure where a cybersecurity incident could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security.” (EO 13636, Section 9)

Apply consistent, objective criteria

Stakeholders include:
– Critical Infrastructure Partnership Advisory Council (CIPAC)
– Sector Specific Agencies (SSA)
– Sector Coordinating Councils (SCC)
– Government Coordinating Councils (GCC)
– Critical infrastructure owners and operators

The list of identified critical infrastructure will be reviewed and updated on an annual basis

Execution of Section 9 will be led by the Cyber-Dependent Infrastructure Identification Working Group (CDIIWG)

Overview of CDII Approach (1 of 2)

Only a small subset of U.S. infrastructure will fall under the focus of the EO activity
– Owners and operators will have the opportunity to provide relevant information
– A review process will be established for the identification as critical infrastructure

Focus is on critical infrastructure that could be compromised through cyber exploitation and which, if incapacitated, could result in catastrophic national, public health, or economic consequences
– Higher standard than debilitating, which is what is used in the base definition to define critical infrastructure
– The Secretary of DHS will provide a list of critical infrastructure most at risk in the context of a cyber incident within 150 days of EO release
– Commercial IT products and consumer information technology services will not be directly designated under the EO as infrastructure most at risk

All sectors will be engaged –through engagement and initial analysis it may be determined that a sector does not have any infrastructure that meets the threshold, the focus of the initial list will not be on that sector(s)

Sectors with existing CI identification processes and lists should be leveraged where appropriate

Functions-based approach to identify critical infrastructure
– Accounts for the virtual and distributed nature of cyber infrastructure
– Focuses on the critical activities, services, or products being produced or provided by a sector, subsector, or mode
– Functions are identified based on the national or regional level consequences that can result from a disruption or exploitation of the infrastructure
– Does not identify a specific organization’s assets, networks, or systems; focus is on sector functions and the types of systems that support them

Requires the application of criteria that will be used to screen the infrastructure that aligns to the critical functions
– Consistently applied within sectors and, where possible, across sectors as well

Stakeholder engagement will be conducted throughout this effort
– CDIIWG will work with sectors (SSAs, SCCs, GCCs) via the CIPAC partnership framework

DownloadExecutive Order 13636: Improving Critical Infrastructure Cybersecurity Cyber-Dependent Infrastructure Identification Working Group (CDIIWG)

20 pages
For Official Use Only
March 11, 2013

Download

Overview of Executive Order 13636

– Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity was released on February 12, 2013
– Relies on public-private collaboration to improve critical infrastructure cyber posture
– Includes elements to enhance information sharing, develop a cybersecurity framework, and create a voluntary cybersecurity program
– Requires the Department of Homeland Security (DHS) to identify the “critical infrastructure where a cybersecurity incident could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security”

DHS will work with CIPAC to execute Section 9 of the EO

“Within 150 days of the date of this order, the Secretary shall use a risk-based approach to identify critical infrastructure where a cybersecurity incident could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security.” (EO 13636, Section 9)

Apply consistent, objective criteria

Stakeholders include:
– Critical Infrastructure Partnership Advisory Council (CIPAC)
– Sector Specific Agencies (SSA)
– Sector Coordinating Councils (SCC)
– Government Coordinating Councils (GCC)
– Critical infrastructure owners and operators

The list of identified critical infrastructure will be reviewed and updated on an annual basis

Execution of Section 9 will be led by the Cyber-Dependent Infrastructure Identification Working Group (CDIIWG)

Overview of CDII Approach (1 of 2)

Only a small subset of U.S. infrastructure will fall under the focus of the EO activity
– Owners and operators will have the opportunity to provide relevant information
– A review process will be established for the identification as critical infrastructure

Focus is on critical infrastructure that could be compromised through cyber exploitation and which, if incapacitated, could result in catastrophic national, public health, or economic consequences
– Higher standard than debilitating, which is what is used in the base definition to define critical infrastructure
– The Secretary of DHS will provide a list of critical infrastructure most at risk in the context of a cyber incident within 150 days of EO release
– Commercial IT products and consumer information technology services will not be directly designated under the EO as infrastructure most at risk

All sectors will be engaged –through engagement and initial analysis it may be determined that a sector does not have any infrastructure that meets the threshold, the focus of the initial list will not be on that sector(s)

Sectors with existing CI identification processes and lists should be leveraged where appropriate

Functions-based approach to identify critical infrastructure
– Accounts for the virtual and distributed nature of cyber infrastructure
– Focuses on the critical activities, services, or products being produced or provided by a sector, subsector, or mode
– Functions are identified based on the national or regional level consequences that can result from a disruption or exploitation of the infrastructure
– Does not identify a specific organization’s assets, networks, or systems; focus is on sector functions and the types of systems that support them

Requires the application of criteria that will be used to screen the infrastructure that aligns to the critical functions
– Consistently applied within sectors and, where possible, across sectors as well

Stakeholder engagement will be conducted throughout this effort
– CDIIWG will work with sectors (SSAs, SCCs, GCCs) via the CIPAC partnership framework

Overview of Executive Order 13636

– Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity was released on February 12, 2013
– Relies on public-private collaboration to improve critical infrastructure cyber posture
– Includes elements to enhance information sharing, develop a cybersecurity framework, and create a voluntary cybersecurity program
– Requires the Department of Homeland Security (DHS) to identify the “critical infrastructure where a cybersecurity incident could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security”

DHS will work with CIPAC to execute Section 9 of the EO

“Within 150 days of the date of this order, the Secretary shall use a risk-based approach to identify critical infrastructure where a cybersecurity incident could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security.” (EO 13636, Section 9)

Apply consistent, objective criteria

Stakeholders include:
– Critical Infrastructure Partnership Advisory Council (CIPAC)
– Sector Specific Agencies (SSA)
– Sector Coordinating Councils (SCC)
– Government Coordinating Councils (GCC)
– Critical infrastructure owners and operators

The list of identified critical infrastructure will be reviewed and updated on an annual basis

Execution of Section 9 will be led by the Cyber-Dependent Infrastructure Identification Working Group (CDIIWG)

Overview of CDII Approach (1 of 2)

Only a small subset of U.S. infrastructure will fall under the focus of the EO activity
– Owners and operators will have the opportunity to provide relevant information
– A review process will be established for the identification as critical infrastructure

Focus is on critical infrastructure that could be compromised through cyber exploitation and which, if incapacitated, could result in catastrophic national, public health, or economic consequences
– Higher standard than debilitating, which is what is used in the base definition to define critical infrastructure
– The Secretary of DHS will provide a list of critical infrastructure most at risk in the context of a cyber incident within 150 days of EO release
– Commercial IT products and consumer information technology services will not be directly designated under the EO as infrastructure most at risk

All sectors will be engaged –through engagement and initial analysis it may be determined that a sector does not have any infrastructure that meets the threshold, the focus of the initial list will not be on that sector(s)

Sectors with existing CI identification processes and lists should be leveraged where appropriate

Functions-based approach to identify critical infrastructure
– Accounts for the virtual and distributed nature of cyber infrastructure
– Focuses on the critical activities, services, or products being produced or provided by a sector, subsector, or mode
– Functions are identified based on the national or regional level consequences that can result from a disruption or exploitation of the infrastructure
– Does not identify a specific organization’s assets, networks, or systems; focus is on sector functions and the types of systems that support them

Requires the application of criteria that will be used to screen the infrastructure that aligns to the critical functions
– Consistently applied within sectors and, where possible, across sectors as well

Stakeholder engagement will be conducted throughout this effort
– CDIIWG will work with sectors (SSAs, SCCs, GCCs) via the CIPAC partnership framework

PUBLIC INTELLIGENCE – Air Force Office of Special Investigations Publishes Report on Military Sextortion Scams

An image taken from the cover of a February 2013 U.S. Air Force Office of Special Investigations report on cybersex extortion scams.

Public Intelligence

The U.S. Air Force Office of Special Investigations (AFOSI) is warning military personnel to avoid becoming victims of online sextortion scams that use “sexual images (obtained either through enticement or malicious code)” to extort money from unsuspecting victims.  “Cyber sextortion” is described as a growing problem among the military services with incidents being reported by “all Military Criminal Investigative Organizations” involving service members stationed in Europe, Asia and the U.S. The AFOSI report, released in February on a restricted basis, was recently posted online on the document-sharing website Scribd.

After reviewing Department of Defense statistics, the AFOSI found that cyber sextortion cases across the military services are primarily “webcam sextortion scams” where they DoD personnel were “enticed to engage in online sexual activities which were secretly recorded” and “money was then extorted from the victims in order to prevent the release of compromising video material.”  Though it is “unclear whether perpetrators are specifically targeting US military members”, the report describes DoD members as potentially “vulnerable to blackmail and extortion” because of the expectation that they maintain “a professional appearance” and the strict requirements for maintaining a security clearance.

According to the AFOSI report, the Naval Criminal Investigative Service (NCIS) has identified four similar cases of cyber sextortion (two on Guam, one in Japan, and one in Bahrain) involving Navy members between August 2012 and November 2012. The U.S. Army Criminal Investigation Command (USACIDC) also reported three cases involving soldiers located in South Korea, Germany, and Texas.  The AFOSI itself has identified multiple cases involving U.S. Air Force members in Japan, South Korea, Alaska, Portugal and Guam.

Many of the incidents reportedly originated from a criminal sextortion ring based in the Philippines.  In a public affairs notice posted earlier this month on the Air Force website, a spokesperson for the AFOSI said that the ring involved “21 employees of a Philippines-based web portal solutions company” who reportedly “targeted hundreds of U.S. Army and Navy members for a period of more than a year”.

To protect against potential sextortion scams, the AFOSI recommends protecting personal information and limiting what information is divulged on social networking sites.  The report also recommends not responding to “unsolicited e-mails or chat requests”, particularly when the communication involves a “request to exchange provocative pictures or videos”.

MORE HERE:

https://publicintelligence.net/afosi-sextortion-scams/

TOP-SECRET – CIA Chief Technology Officer Big Data and Cloud Computing Presentations

The following are presentation slides for talks given by Ira A. “Gus” Hunt, the CIA’s Chief Technology Officer, on the topic of “big data” and cloud computing.  A presentation given by Hunt at the GigaOM Structure:Data conference last week garnered significant attention for his discussion of the CIA’s desire to “collect everything and hang on to it forever.”  Hunt’s presentation was similar to several he has given before, many of which share the same slides, including one which states: “It is really very nearly within our grasp to be able to compute on all human generated information.”

Beyond Big Data: Riding the Technology Wave March 2012 33 pages Download
Big Data Challenges and Opportunities March 2012 23 pages Download
Big Data Operational Excellence Ahead in the Cloud October 2011 24 pages Download

SECRECY NEWS – A LOOK BACK AT CONGRESSIONAL OVERSIGHT OF INTELLIGENCE, 2011-2012

Several nuggets of interest are presented in the latest biennial report
from the Senate Select Committee on Intelligence, summarizing the
Committee's oversight activities in the 112th Congress:

        http://www.fas.org/irp/congress/2013_rpt/srpt113-7.html

*        The Director of National Intelligence abruptly cancelled a multi-year
effort to establish a single consolidated data center for the entire
Intelligence Community a year or so ago, in favor of a migration to cloud
computing.

*        Under criticism that the number of intelligence contractor personnel has
grown too high, too fast, intelligence agencies have been cutting the
number of contractors they employ or converting contractors to government
employees.  But some of those agencies have continued to hire additional
contractors at the same time, resulting in net growth in the size of the
intelligence contractor workforce.

*        A written report on each covert action that is being carried out under a
presidential finding is provided to the congressional committees every
quarter.

The March 22 report also provides some fresh details of the long-awaited
and still unreleased Committee study on CIA's detention and interrogation
program.  That 6,000 page study, which was completed in July 2012 and
approved by the Committee in December 2012, is divided into three volumes,
as described in the report:

"I. History and Operation of the CIA's Detention and Interrogation
Program. This volume is divided chronologically into sections addressing
the establishment, development, and evolution of the CIA detention and
interrogation program."

"II. Intelligence Acquired and CIA Representations on the Effectiveness of
the CIA's Enhanced Interrogation Techniques. This volume addresses the
intelligence attributed to CIA detainees and the use of the CIA's enhanced
interrogation techniques, specifically focusing on CIA representations on
how the CIA detention and interrogation program was operated and managed,
as well as the effectiveness of the interrogation program. It includes
sections on CIA representations to the Congress, the Department of Justice,
and the media."

"III. Detention and Interrogation of Detainees. This volume addresses the
detention and interrogation of all known CIA detainees, from the program's
inception to its official end, on January 22, 2009, to include information
on their capture, detention, interrogation, and conditions of confinement.
It also includes extensive information on the CIA's management, oversight,
and day-to-day operation of the CIA's detention and interrogation program,"
according to the report's description.

"I have read the first volume, which is 300 pages," said CIA Director John
O. Brennan at his February 7 confirmation hearing.  "There clearly were a
number of things, many things, that I read in that report that were very
concerning and disturbing to me, and ones that I would want to look into
immediately, if I were to be confirmed as CIA Director."

"It talked about mismanagement of the program, misrepresentations of the
information, providing inaccurate information," Mr. Brennan said then. "And
it was rather damning in a lot of its language, as far as the nature of
these activities that were carried out."

The Committee said it is awaiting comments on the study from the White
House, the CIA and other executive branch agencies, and that it will then
"discuss the public release of the Study."

On February 15, 2013, Republicans who were members of the Committee in the
last Congress formally filed dissenting comments opposing the study and its
conclusions, the report said.

For its first couple of decades, the Senate Intelligence Committee held
that "even secret activities must be as accountable to the public as
possible," as Sen. Daniel Inouye stated in the Committee's first biennial
report in 1977, and that "as much information as possible about
intelligence activities should be made available to the public," as
Senators Richard Shelby and Bob Kerrey wrote in the 1999 version of the
report.

But in the past decade, the Committee seems to have reconceptualized its
relationship with the public.  It no longer promises to make "as much
information as possible about intelligence activities" available to the
public.  The notion that "secret activities" could be "accountable to the
public" is now evidently considered a contradiction in terms (although
release of the report on CIA interrogation practices, if it ever came to
pass, would nullify and transcend that contradiction).  

Today, as the latest report states, the Committee aims merely "to provide
as much information as possible to the American public about its
intelligence oversight activities."  (Intelligence Oversight Steps Back
from Public Accountability, Secrecy News, January 2, 2013).

Even within the narrowed horizons to which it has limited itself, however,
the report presents a rather attenuated, "skim milk" account of the
Committee's work. Judging from the new report, intelligence oversight
consists of frequent briefings, followed by numerous "evaluations" and
"reviews."

The report provides no indication of any conflict between the Committee
and the intelligence agencies. Consequently, there are no significant
victories (though the successful passage of four consecutive intelligence
authorization bills is a notable achievement), and no meaningful defeats.

At the Brennan confirmation hearing on February 7, Committee chair Sen.
Dianne Feinstein said: "I have been calling, and others have been
calling--the Vice Chairman and I--for increased transparency on the use of
targeted force for over a year, including the circumstances in which such
force is directed against U.S. citizens and noncitizens alike."  And to its
credit, the Committee conscientiously posed a pre-hearing question on
classification reform to Mr. Brennan (which he deflected).

But the new report does not identify any such effort by Committee
leadership to promote increased transparency on targeted killing during the
past Congress.  It does not reference the failure to accomplish the
declassification of Foreign Intelligence Surveillance Court opinions, as
the Committee had been promised in 2011.  Nor does the report address the
abuse of classification authority or cite what the President called "the
problem of overclassification" at all.

_______________________________________________
Secrecy News is written by Steven Aftergood and published by the
Federation of American Scientists.

The Secrecy News Blog is at:
     http://www.fas.org/blog/secrecy/

To SUBSCRIBE to Secrecy News, go to:
     http://www.fas.org/sgp/news/secrecy/subscribe.html

To UNSUBSCRIBE, go to
     http://www.fas.org/sgp/news/secrecy/unsubscribe.html

OR email your request to saftergood@fas.org

Secrecy News is archived at:
     http://www.fas.org/sgp/news/secrecy/index.html

Support the FAS Project on Government Secrecy with a donation:
     http://www.fas.org/member/donate_today.html

_______________________
Steven Aftergood
Project on Government Secrecy
Federation of American Scientists
web:    www.fas.org/sgp/index.html
email:  saftergood@fas.org
voice:  (202) 454-4691
twitter: @saftergood

TOP-SECRET – National Counterterrorism Center Says Urban Exploration Could “Aid Terrorists”

Public Intelligence

The National Counterterrorism Center (NCTC) is warning law enforcement and first responders that urban exploration, an activity that involves trying to gain access to restricted or abandoned man-made structures, can provide useful information for terrorists conducting surveillance of a potential target. Also known as “building hacking”, urban exploration has been around in its modern form for decades, tracing some its recent history to post-war exploration of the Parisian catacombs and members of MIT’s Tech Model Railroad Club Signals and Power Subcommittee, who organized explorations of steam tunnels and rooftops around campus in the late 1950s.

In an advisory released to law enforcement in November 2012 titled Urban Exploration Offers Insight Into Critical Infrastructure Vulnerabilities, the NCTC warns of the potential risks posed by urban explorers and their online posting of photos and videos depicting their exploration. The NCTC document describes urban explorers as “hobbyists who seek illicit access to transportation and industrial facilities in urban areas” including rooftops, utility tunnels and bridges. According to the NCTC, photos and videos posted online by urban explorers “could be used by terrorists to remotely identify and surveil potential targets” which could “aid terrorists in pinpointing locations in dense urban environments.” The document also makes specific reference to the advancement of navigation and mapping technology, including three-dimensional modeling and geo-tagging, as potentially aiding terrorists to conduct online surveillance of a target. Corporate websites can often provide “information about buildings” and “social media postings of explorers’ activity often identify access points and security flaws” that could be exploited by terrorists.  A 2010 bulletin issued by the Department of Homeland Security expressed similar concerns about the use of Google Earth and other publicly available mapping software for terrorist surveillance.  The bulletin stated that “live Web-based camera feeds combined with street-level and direct overhead imagery views from Internet imagery sites allow terrorists to conduct remote surveillance of multiple potential targets without exposing themselves to detection.”

The NCTC advisory also lists several locations, such as bridges, utility tunnels, rooftops and subways, where an urban explorer might reveal “security flaws”. Along with each location, there is a list of potential access locations and security vulnerabilities that the NCTC believes an urban explorer’s postings could potentially reveal. For example, urban explorers could discover and document the use of a bridge’s “ladders, crosswalk scaffoldings, trap doors, scuttles, and hatches” and reveal methods of accessing “structural components, including caissons (the structures that house the anchor points of a bridge suspension system), to identify weaknesses.”

Past activities by urban explorers have occasionally been mistaken for potential terrorist activity. In 2011 four men were arrested in London for “suspicion of railway trespass and burglary” after they were found near an elevator used by private contractors working on the rail lines for the London Underground. The men were arrested at the Russell Square station, one of the locations of the 7/7 terrorist attacks, after security camera operators saw the men in dark clothing with cameras and feared preparations for a terrorist attack around the upcoming royal wedding between Prince William and Catherine Middleton. A few months later, four men were arrested in New York City for criminal trespass after a local resident saw them “carrying Roman candles and cameras” into the Second Avenue Subway tunnel. The men identified themselves as urban explorers and said they planned to use the Roman candles for lighting photographs.

 

 

 

Urban Exploration TimelineThis guide is aimed at chronicling the history of exploring neglected and off-limits areas as well as the history of modern urban exploration culture. Sorry this guide is still a little biased towards English-speaking countries, but so far most contributors have been English speakers. If you have any corrections or suggestions, please get in touch.
Date Event

Nov
1793
Philibert Aspairt, considered by some the first cataphile, becomes lost while exploring the Parisian catacombs by candlelight. His body is found 11 years later.

1861 Writing in the Brooklyn Standard, poet Walt Whitman describes his visit to Brooklyn’s recently abandoned Atlantic Avenue Tunnel, which in 1844 had been built as the first subway tunnel in the world.

1904 One week after the opening of the subway system, New Yorker Leidschmudel Dreispul is killed by an oncoming train while exploring the new tunnels. The Interborough Rapid Transit company responds by erecting “no trespassing” signs throughout the system.

1916 Harry H. Gardiner, “The Human Fly”, climbs 12 floors and 211 feet up the side of Detroit’s Majestic Building, thereby becoming the first builderer in recorded history.

1921 In perhaps the first organized group expedition to an abandoned building, Dadaists including Andre Breton, Paul Eluard, Francis Picabia and Tristan Tzara organize a trip to the deserted and little-known church of St. Julien le Pauvre in Paris. In promoting the event, the Dadaists promise to remedy “the incompetence of suspect guides and cicerones”, offering instead a series of visits to selected sites, “particularly those which really have no reason for existing”.

1955 Guy Debord publishes his Introduction to a Critique of Urban Geography, and develops a practice called dérive, which consists of travelling through urban environments and noting psychogeographical variations. In the decade that follows, members of the left-leaning Situationist International movement argue that society consists largely of passive spectators and consumers of packaged experiences, and suggest that individuals can shake up this state of affairs by engaging in creative play.

1959 In the US, members of MIT’s Tech Model Railroad Club’s Signals and Power subcommittee engage in semi-systematic excursions into steam tunnels and rooftops around campus, a practice they call “hacking”.

1968 Inspired by the publications of the French resistance that operated through the catacomb network during WWII, Parisian cataphiles begin adopting pseudonyms and communicating with each other through printed paper leaflets they call tracts.

1971 Secretly entering Paris’ Notre Dame cathedral at night, Philippe Petit stretches a steel cable between its towers. The next morning he crosses this improvised high wire, only to be arrested upon descending. Three years later, Petit duplicates his stunt between the twin towers of New York City’s World Trade Center.

1977 The San Francisco Suicide Club, a group which lists “fringe exploration” among its many aims, is founded in San Francisco. This group eventually becomes the Cacophony Society.

1980 Eighteen-year-old rail historian Bob Diamond rediscovers Brooklyn’s Atlantic Avenue Tunnel, which had been sealed up and forgotten since 1861.

1981 Responding to a challenge by a fire marshal who states “Until you climb a building, don’t tell me how to perform a rescue in a high rise building”, Dan Goodwin, aka “Spiderman”, climbs Chicago’s Sears Tower, becoming the first climber to use suction cups to climb glass windows.

1985 In Australia, Sydney drain explorer Rolf Adams begins writing the Sydney Pseudokarst (“false cave”) series in the newsletter of the Sydney University Speleological Society.

Jan
1986
In Australia, Melbourne cave enthusiasts Doug, Sloth and Woody found the Cave Clan, and soon begin exploring storm drains and other man-made caves as well as natural ones. Over the next decade, the Cave Clan absorbs other, smaller draining groups.

May
1987
Members of the Cave Clan discover the drain they dub The Maze, arguably the best storm drain in Australia.

Apr
1989
The first Annual Cave Clan Clannie Awards are held in Melbourne’s ANZAC drain.

Jul
1989
In Australia, Doug publishes the first issue of Il Draino, the Cave Clan newsletter.

1990 In Russia, Moscow-area explorer Vadim Mikhailov and his fellow subterranean explorers form the group Diggers of the Underground Planet.

1990 Eric Bagai publishes an essay called “The First Hackers” in a book called What I Did With My Trash: Ten Years With a TRS-80. Although not widely read, the essay has the distinction of being perhaps the earliest written explanation of what urban exploration is all about.

Sep
1990
Outdoorsman Alan S. North writes The Urban Adventure Handbook, a guide in which he encourages people to climb buildings and explore the city as an accessible alternative to climbing mountains and exploring wilderness. Although not widely read, the handbook inspires a few people to begin using the term “urban adventure” in their writings.

May
1991
After finding a Cave Clan sticker in a drain under Sydney, Predator forms the group’s first official interstate branch, the Sydney Cave Clan. In following years, the Cave Clan founds branches in Adelaide, Brisbane, Canberra, Perth and Hobart.

1994 The Diggers of the Underground Planet find Moscow’s fabled, but officially denied, “Metro-2” subway system. The seven-level-deep system was built in the Stalin era to allow Kremlin officials to evacuate the city quickly.

1994 In the US, Dug Song and Greg Shewchuk publish the first issue of Samizdat, a zine featuring urban stunts involving tunnels and rooftops. They publish two issues before going on permanent hiatus.

1994 In Australia, the Bunker Boyz, a group dedicated to exploring abandoned bunkers and military tunnels, is founded in Sydney.

Feb
1994
The newsgroup alt.college.tunnels is founded and the first message is posted. Early posters include later UE fixtures Eric Chien, Ben Hines and Matthew Landry.

Mar
1995
Kevin Kelm establishes the website Abandoned Missile Base VR Tour, which quickly becomes very popular.

1996 In Russia, the Diggers of the Underground Planet officially register with the Moscow government as the “Center of Underground Research”.

1996 Wes Modes puts up a website called Adventuring, archiving his writings about freighthopping and buildering. The site brings the term “urban adventure” from North’s book to the web.

Apr
1996
Ben Hines puts up the website College Tunnels WWW Resource Site, the official web counterpart to the alt.college.tunnels newsgroup.

Sep
1996
In the US, Max Action and his fellow University of Minnesota explorers form the group “Adventure Squad”, which they later rename Action Squad.

Oct
1996
Ninjalicious publishes the first issue of the paper zine Infiltration. In the editorial of the first issue, he coins the term “urban exploration” and introduces the idea of exploring off-limits areas of all types as a hobby.

Nov
1996
The newsgroup uk.rec.subterranea is founded and the charter is created.

1997 With the third issue of their magazine Jinx, long-time New York City explorers Lefty Leibowitz and L.B. Deyo begin featuring articles on urban mountaineering and exploration. Jinx goes online at planetjinx.com (later jinxmagazine.com).

Apr
1997
Ninjalicious establishes an Elevator Action-themed website for Infiltration and links his site to five or six other sites he finds related to exploring storm drains, college steam tunnels or abandoned buildings.

Jul
1997
In response to increasing spam on the newsgroup alt.college.tunnels, Paul Allen Rice establishes a mailing list where vadders can discuss college tunnels and any manmade underground structures, the Underground list.

Aug
1997
Melbourne explorer Gunny establishes a website for the Cave Clan and annoys some members of the Melbourne Cave Clan by publishing its location lists. Following this controversy, Gunny and Silk go independent and establish the website of the Melbourne Drain Team.

Sep
1997
Berliner Unterwelten, or the Berlin Underground Association, is founded in Germany.

Sep
1997
Ninjalicious establishes the infiltration-l mailing list, which is devoted to exploration of off-limits areas both above and below ground.

Sep
1997
In Scotland, the Milk Grate Gang forms with the purpose of exploring the Glaswegian underworld, and places its adventures online at Subterranean Glasgow.

1998 Explorer and photographer Stanley Greenberg publishes Invisible New York: The Hidden Infrastructure of the City.

Feb
1998
Gunny and Lord Emor of the Melbourne Drain Team establish the Draining webring. In May, Emor hands the ring over to Ninjalicious, who expands the ring’s scope by renaming it the Urban Exploration Ring. The renamed ring quickly expands from six to eighteen websites across Australia, Canada, the US and Britain.

Sep
1998
Wanting to conceal his identity from some people who are harrassing him, Gunny adopts the persona of a New York-based science fiction author named “Johnathan Littell”. Later shedding this identity and adopting the alias Panic, the Melbourne-based explorer apologizes for having mislead people about his identity, explaining “This was done more out of self preservation and an attempt to continue to take an active part in the UE community than an attempt to hurt, mislead or deceive people.”

Dec
1998
Julia Solis establishes a Dark Passage website.

Dec
1998
Yahoo stops lumping 30+ exploration sites into the category Recreation:Cool Links:Recreation and Sports, and creates a new category, Recreation:Hobbies:Urban Exploration.

Dec
1998
German explorers Dietmar and Ingmar Arnold, of Berliner Underwelten, publish Dunkle Welten, a German-language guide to the worlds beneath Berlin.

Jan
1999
Ninjalicious establishes the Infilnews mailing list and sends out the first edition of a semiannual e-mail newsletter covering events of interest to urban explorers.

Mar
1999
Paul Allen Rice creates the domain Urbanexplorers.net, and a website containing many useful links for college tunnelers goes online there shortly afterwards.

Apr
1999
Julia Solis and her explorer friends stage an event called “Dark Passage” in the subway tunnels beneath New York City.

Jun
1999
The Sydney Cave Clan holds the first Golden Torch Awards awards night at the Glebe Island Silos.

Aug
1999
Members of the Sydney Cave Clan publish the first issue of the zine Urbex. They publish three more issues on paper before switching to an electronic format.

2000 Lefty and L.B. found the Jinx Athenaeum Society, which convenes in New York City to hear speeches and debates of interest to urban explorers and others.

2000 Eku Wand and Dietmar Arnold, of Berliner Unterwelten, release Berlin im Untergrund: Potsdamer Platz, an interactive multimedia CD offering tours of subterranean Berlin.

Aug
2000
Minneapolis-area explorers from Mouser’s Under-MN mailing list convene for the first Mouser Week, a weeklong festival of group exploration.

Aug
2000
Canadian explorer Mr. Sable creates a public MSN group and invites members of the Urban Exploration Ring to sign up in order to exchange messages, links and photos. The group, called Urban Explorers, quickly grows to include a membership of more than 100 explorers from Australia, Canada, the UK, the USA, Ireland, France and Holland. An Australian subgroup, Urban Exploration Australia, is also popular for a time, until it is censored by Microsoft.

Oct
2000
Max Action puts up a website for Action Squad.

2001 Julia Solis stumbles upon an unmoderated DMOZ category called “Urban Speleology”, which she adopts and adapts to urban exploration.

Aug
2001
Max Action finds a vast maze of interconnected utility tunnel systems under Minneapolis and St. Paul that he dubs the Labyrinth, and over the next two years, Action Squad thoroughly explores (and Jim Hollison thoroughly maps) the system.

Sep
2001
Terrorists attack the Pentagon and the World Trade Center, and the US and the world go on high alert.

Jan
2002
Ben Brockert establishes a UE News section of his website, but abandons it a few weeks later due to lack of user participation.

Mar
2002
Daniel Joseph Konopka, who had been in touch with the Chicago Urban Exploration group, is arrested after being found with hazardous chemicals in the tunnels under the University of Illinois at Chicago; he is subsequently sentenced to 13 years in prison for having stored cyanide in Chicago’s subway tunnels. Konopka tells authorities he found the cyanide while engaged in urban exploration at an abandoned warehouse in Chicago.

Spring
2002
New York City’s LTV Squad, a graffiti-turned-exploration crew, holds its first spring invitational, gathering 30+ explorers for a day of exploring and socializing in Brooklyn.

Summer
2002
Explorers establish stronger international ties when Canadian Agent K visits Australia, American Jim Hollison and various members of the Australian Cave Clan visit Europe, and Australians Gilligan and Panic independently visit both Europe and North America.

Aug
2002
Julia Solis and her collaborators in New York City form Ars Subterranea, a society populated by artists, architects, historians and urban explorers.

Sep
2002
Julia Solis publishes New York Underground: Anatomie Einer Stadt, a German-language book about subterranean New York City.

Oct
2002
When 922 audience members are taken hostage by Chechen rebels during a performance at a Moscow theatre, Vadim Mikhailov, of the Diggers of the Underground Planet, leads the Russian authorities into the theatre by a little-known underground route.

Nov
2002
Ars Subterranea holds its inaugural event, an exhibit on Underground New York, in Brooklyn’s Atlantic Avenue tunnel.

Nov
2002
Avatar-X launches the website Urban Exploration Resource, and creates a message forum that can be shared across multiple websites. Several other Canadian websites soon begin to use UER’s message board system. Before long, UER replaces the MSN message board as the net’s largest and most active exploration message board.

Mar
2003
Doug launches a full-colour publication called The Cave Clan Magazine and prints 100 copies of the premiere issue.

Mar
2003
Max Action records and releases versions one and two of “UE Favorite Things”, a song which quickly becomes an anthem of sorts.

Apr
2003
The 15th Annual Cave Clan Clannie Awards are held.

Apr
2003
Explorer and photographer Stanley Greenberg publishes Waterworks: A Photographic Journey Through New York’s Hidden Water System.

May
2003
Frustrated by infighting between various branches of the Cave Clan, and particularly the increasing independence of the large and important Sydney branch, Doug quits as editor of Il Draino and hands the publication over to Beanz.

Jul
2003
Jinx releases its book, Invisible Frontier: Exploring the Tunnels, Ruins & Rooftops of Hidden New York.

Aug
2003
An unidentified satirist debuts the website of the Secret Urban Exploration Ninja Mafia, thoroughly mocking the boasting and illiteracy that have become common on some exploration websites and message boards.

Oct
2003
Explorers John Gray and Mark Gerrity publish Abandoned Asylums of New England, a photography book containing more than 220 images of New England asylums.

Apr
2004
The owners of the site Urban Exploration Alberta take most of their content offline after learning that information on their site was used by criminals.

May
2004
Webmasters White Rabbit, of Underground Ozarks, and Mike Dijital, of Abandon Spaces, take their sites offline after being separately threatened with trespassing charges based on information on their sites.

June
2004
Roughly 65 explorers from across North America and a couple from beyond converge on Toronto for a successful four-day exploration convention trickily-titled Office Products Expo 94.

July
2004
A smaller group of explorers from the US and Canada meet up in Rhinebeck, NY, for a weekend of abandonment exploration dubbed NEOPEX (North East Office Products Expo).

Dec
2004
Roughly a dozen explorers convene in Orlando, Florida to attend a successful three-day event called Sexfest (South Eastern eXploration Festival).

Jul
2005
Explorers from the world over unite again for a weekend of exploration and seminars in Montreal, Quebec, organized by the fine people at Urban Exploration Montreal. This year’s event is, naturally, named Office Products Expo 95.

Aug
2005
Ninjalicious publishes Access All Areas: a user’s guide to the art of urban exploration, a more than 240-page book full of UE knowledge, advice and theory.

Aug
2005
Ninjalicious, founder of Infiltration zine and infiltration.org, dies of cancer in Toronto at the age of 31.


For a longer-term and more fun version of this history, check out Max Action’s delightful Rambling Essay on the Past, Present and Future of Urban Exploration.

Revealed – Four Facing Charges in Multi-Faceted Mortgage Fraud Conspiracy

PITTSBURGH—A resident of Verona, Pennsylvania and three residents of Pittsburgh, Pennsylvania have been indicted by a federal grand jury in Pittsburgh on charges of conspiracy, wire fraud, bank fraud, filing false tax returns, and failing to file tax returns, United States Attorney David J. Hickton announced today. The 20-count superseding indictment, returned on March 26, 2013, named George Kubini, 48, of 139 Topaz Drive, Verona, Pennsylvania; Dov Ratchkauskas, 46, of 2527 Mount Royal Boulevard, Pittsburgh, Pennsylvania; Sandra Svaranovic, 52, of 2938 O’Neill Drive, Pittsburgh, Pennsylvania; and Arthur Smith, 63, of 6939 Reynolds Street, Pittsburgh, Pennsylvania. According to the superseding indictment presented to the court, Kubini, Ratchklauskas, Svaranovic, Smith, and a number of other individuals who have already pleaded guilty, participated in a multi-faceted mortgage fraud conspiracy involving hundreds of properties and tens of millions of dollars worth of fraudulent loans. Kubini and Ratchkauskas operated businesses that purchased and sold real estate. The superseding indictment alleges that Kubini and Ratchkauskas sold properties financed through a complex mortgage fraud scheme and that they executed settlement statements that they then knew were fraudulent. The superseding indictment also alleged that Kubini and Ratchkauskas made false representations to borrowers about making improvements to the properties. Other members of the alleged conspiracy who already pleaded guilty include Robert Arakelian, who operated a mortgage broker business called Pittsburgh Home Loans, and Rhonda and Rochelle Roscoe, who operated another mortgage broker business called Riverside Mortgage. The superseding indictment alleges that Arakelian and Rhonda and Rochelle Roscoe, in furtherance of the conspiracy, submitted loan applications to lenders that falsely represented that the borrowers were intending to make payments at the time of the closings related to the purchase of the properties and that they had sufficient assets to make those payments from their own funds. This false representation was corroborated by Verification of Deposits that falsely represented that the borrowers had sufficient money in their bank accounts to make the payments at the closings. Other members of the conspiracy included Bartholomew Matto, Cynthia Pielin, and Crystal Spreng, who all worked at financial institutions and all pleaded guilty to their roles in the conspiracy. Their role was to sign the fraudulent Verifications of Deposit that falsely represented that the borrowers had sufficient funds in their accounts to make the payments at the closings. The conspiracy also involved fraudulent settlement statements that overstated the true sales prices of the properties and falsely represented that the purchases of the properties made substantial payments in connection with the purchase of the properties. Daniel Sporrer was and attorney who executed some of these fraudulent settlement statements and Karen Atkison was an assistant for Sporrer. Sporrer and Atkison all pleaded guilty to their roles in the conspiracy. The superseding indictment alleges that Smith, who is an attorney specializing in closing real estate transactions, similarly participated in the conspiracy by executing fraudulent settlement statements, by fraudulently withdrawing money from his trust account, and by making misrepresentations to a title insurance company. In addition, the conspiracy involved appraisers who made false representations about the properties serving as collateral for the loans. The superseding indictment alleges that Svaranovic, as part of the conspiracy, prepared fraudulent appraisals that falsely represented the conditions of the properties serving as collateral for the loans and overstated the fair market values of those properties. The superseding indictment also alleges that Kubini filed false income tax returns with the Internal Revenue Service that understated his adjusted gross income and that Smith failed to file his tax returns for the calender years 2007 through 2009 despite earning sufficient income to trigger his legal obligation to file his income tax returns. Assistant United States Attorney Brendan T. Conway is prosecuting this case on behalf of the government. The Mortgage Fraud Task Force conducted the investigation leading to the indictment in this case. The Mortgage Fraud Task Force is composed of investigators from federal, state, and local law enforcement agencies and others involved in the mortgage industry. Federal law enforcement agencies participating in the Mortgage Task Force include the Federal Bureau of Investigation; the Internal Revenue Service, Criminal Investigations; the United States Department of Housing and Urban Development, Office of Inspector General; the United States Postal Inspection Service; and the United States Secret Service. Other Mortgage Fraud Task Force members include the Allegheny County Sheriff’s Office; the Pennsylvania Attorney General’s Office, Bureau of Consumer Protection; the Pennsylvania Department of Banking; the Pennsylvania Department of State, Bureau of Enforcement and Investigation; and the United States Trustee’s Office. An indictment is an accusation. A defendant is presumed innocent unless and until proven guilty.