Resolving the dog's dinner of homeland security data sharing and analysis
- Gordon Housworth [ 5/29/2004 - 11:19 ] #
You should have this five page Homeland Security Reorganization Plan on screen as you read as it will help drive home the enormity of the US C4IR (Command Control Communication Computer Intelligence Recognition) within government charged with homeland security matters. (Go here for the importance of C4IR.) The doc contains:
- Organization of Department of Homeland Security (White House)
- Senate budget committee view (showing Senate confirmed, New, Transferred, and Distinct agencies)
- Anticipated DHS Agency Absorption as of 6 June 2002 (Units to be absorbed and Powers to be assumed)
- Major Cabinet Departments and Agencies involved in Homeland security as of 6 June, 2002 (showing Borders, Emergency Response, CIP, WMD, and Special Production)
- Government Structure after DHS as of 6 June (After creation of new departments)
Reviewing these pages leaves one with little doubt over the opportunities for turf control if not definition, authority assertion in core and gray areas (who cares what the org chart says if you can exert control), confusion over new and transferred responsibilities, loss of institutional knowledge due to transfers and reassignments, simple communication (who to contact and whom to trust as both willing and knowledgeable), and incompatible computer systems and databases.
Leaving aside the disruption of outright "land grabs" such as just occurred between Justice and DHS over the "fright bump" of a summer attack without an accompanying threat elevation, there is the technical matter of an interested analyst "on the hunt" being able to affect timely access of data within these many organizations and so gather enough data to warrant elevation to higher authority for interagency action. (The pre 11 September landscape is littered, for example, with FBI agents having to give up their hunch in the face of no reinforcing info.)
As a fusion analyst (collection, analysis, and presentation of combined multi-sensor/source data), I appreciate the need to integrate these data chimneys so as to allow search and "drill down." Enter the TTIC ("tee-tick") portal of the Terrorism Threat Integration Center that now allows real-time access to "14 separate government information networks, including some CIA and FBI sources. Again speaking as an analyst, data mining or predictive analytics is absolutely essential for terrorist interdiction, thus I am at the flipside of Dataveillance is reborn from data mining: parts of TIA return.
Spooks, Sleuths, and Data Sharing points up the problems of requisite security access, compartmentalization, secure data channels out to first responders where it is often a life or death matter (theirs and the public's), access to individual private data, allowing access to federal/state and other private contractors, and overcoming corporate resistance to data sharing (based on competition and litigation grounds). See Cooptation of commercial data warehouse firms by TIA.
There are no easy answers here, but the threat is real. The problem is how real where and when, and how to prioritize it. It is my assumption that we have not learned to mine what we have in place, yet we race to absorb more without the analysis tools to exploit out to the first responder or warfighter.
Homeland Security Reorganization Plan
US Customs & Border Protection
Spooks, Sleuths, and Data Sharing
MAY 25, 2004
SPECIAL REPORT: HOMELAND SECURITY
By Alex Salkever, Technology editor for BusinessWeek Online
InfoT Public Infrastructure Defense Public Strategic Risk Public
Dataveillance is reborn from data mining: parts of TIA return
- Gordon Housworth [ 5/28/2004 - 23:55 ] #
Senator Akaka asked the GAO to survey federal data mining systems and activities by identifying "planned and operational federal data mining efforts and describe their characteristics." GAO found that 52 of 128 federal agencies and departments (CIA and NSA did not respond to GAO's inquiry) are using, or are planning to use, data mining. Of 199 identified mining efforts, 131 are operational and 68 are planned. Of those 199 data mining efforts, 54 used private-sector data that could include a vast array of corporate data and other data sets in private hands that go far beyond credit card data.
The six most common data mining goals across all departments were to:
- Improve service or performance
- Detect fraud, waste, and abuse
- Analyze scientific and research information
- Manage human resources
- Detect criminal activities or patterns
- Analyze intelligence and detect terrorist activities
The focus of each department varied: DoD led on improving service or performance, managing human resources, and analyzing intelligence and detecting terrorist activities; DoE (Education) led in detecting fraud, waste, and abuse, NASA led in analyzing scientific and research information, while detecting criminal activities or patterns was widely distributed.
Of the 54 using private-sector data , four, and possibly more, appear to reconstitute significant parts of Poindexter's discredited Total Information Awareness (TIA) Program which had been renamed Terrorist Information Awareness (remaining TIA) Program in May 2003 before it was ostensibly quashed.
It should be remembered that DARPA's Information Awareness Office (IAO) had many projects beyond TIA, given its mission to "imagine, develop, apply, integrate, demonstrate and transition information technologies, components and prototype, closed-loop, information systems that will counter asymmetric threats by achieving total information awareness":
- Effective Affordable Reusable Speech-to-text (EARS) - automated speech-to-text transcription
- Futures Markets Applied to Prediction (FutureMAP)
- Genisys - database to be implemented as the info center for all IAO activities
- Genoa/Genoa II - structured decision-making argumentation for Genisys and other data
- Human Identification at a Distance (HumanID) - automated biometric identification to detect, recognize and identify humans at a distance
- Translingual Information Detection, Extraction and Summarization (TIDES) - was to be integrated into TIA
- Wargaming the Asymmetric Environment (WAE) - automation to predict terrorist attacks and predictive indicators based on terrorist motivations
In whole or in part, data mining has suffered disappointed expectations and very bad press and so like old TIA became a new TIA, data mining is reemerging as predictive analytics, using next generation technology and less aggressive expectations.
Watchdog groups are especially concerned about four of the programs that constitute a "dragnet" or dataveillance, a surveillance of large groups of people, on citizen and terrorist alike. All are operational and all use personal information, private sector data, and other agency data:
- Verity K2 Enterprise (DIA) - Identify foreign terrorists or US citizens connected to foreign terrorism activities
- PATHFINDER (DIA) - Analyst tool to rapidly analyze government and private sector databases
- Analyst Notebook I2 (DHS) - Correlate events and people to specific information
- Case Management Data Mart (DHS) - Manage law enforcement cases, including Customs cases; reviews case loads, status, and case relationships
I find it interesting that a number of these apps rise from commercial CRM (Customer relationship management), "a comprehensive approach which provides seamless integration of every area of business that touches the customer - namely marketing, sales, customer service and field support-through the integration of people, process and technology, taking advantage of the revolutionary impact of the Internet."
DATA MINING: Federal Efforts Cover a Wide Range of Uses
Data Mining is Dead - Long Live Predictive Analytics!
October 30, 2003
Information Technology and Dataveillance
Principal, Xamax Consultancy Pty Ltd, Canberra
Visiting Fellow, Department of Computer Science, Australian National University
Version of November 1987
InfoT Public Infrastructure Defense Public
More than oceans between the US and UK
- Gordon Housworth [ 5/26/2004 - 23:39 ] #
It is interesting to read the US and UK reporting on a possible al Qaeda attack on US soil in the summer to presidential election period. The reporting in the NY Times and the Washington Post were reasonably similar, but BBC News (audio) is reporting an even stronger version of the BBCNEWS print edition in challenging the timing of the announcement in a period of low administration ratings without an expecting heightening of the alert status from yellow to orange.
The beeb quotes Kerry at relative length, noting in part that today's announcement was "suspicious in an election year, at a time when Mr Bush's opinion poll ratings are falling." There are undoubtedly some in the US that hold a similar opinion but it has yet to surface in our hightstreet press. And the UK are our allies.
Yes, it is possible that al Qaeda wants to repeat its presumed success in Spain here in the US, but I submit that an attack on US soil assists, rather than detracts from, a sitting president. Still, there certainly are targets abounding here in the summer and election period. But I am also troubled by the lack of a move to orange if indeed the risk is so great. I am driven to ask when are we to learn from our mistakes?
Speaking of learning from our mistakes, I note that 9/11 Commission "may fail to produce a unanimous final report" by its 26 July deadline and so resort to separate majority and minority reports. The sticking points seem to devolve around restructuring recommendations of our intel, investigative, and law-enforcement agencies, many of which are said to be "contentious."
The only comfort that I can take from this is that a Republican commission member, Slade Gorton, noted that "the tentative debates have no split on partisan lines by any stretch of the imagination." On reflection, contentious may not be such a bad thing as it may indicate that the commission is trying to stretch itself rather than offering up a bit of embroidery. Now it will boil down to where unanimity can be obtained:
The narrative history of US intel and enforcement failures, substantive options that have a high majority or unanimity, and those options that demand a dissenting minority opinion. Whatever the commission's recommendations, it is unlikely to alter the current summer threat, if it is correct, as the support and initial scouting teams are already active. The shooters cannot be far behind.
Intelligence Indicates Al Qaeda Nearing Attack, Ashcroft Says
By THE ASSOCIATED PRESS
Published: May 26, 2004
New York Times
U.S. Warns of Al Qaeda Threat During Summer
Ridge Cites a 'Continuous Stream of Reporting'
By Susan Schmidt and Dana Priest
Washington Post Staff Writers
Thursday, May 27, 2004; 10:33 AM
US warns al-Qaeda set to attack
Credible intelligence from multiple sources indicates al-Qaeda is planning an attack on America in the coming months, US security chiefs have warned.
Published: 2004/05/26 20:58:33 GMT
9/11 Panel May Not Reach Unanimity on Final Report
By PHILIP SHENON
May 26, 2004
New York Times
InfoT Public Infrastructure Defense Public Terrorism Public
Value from the fringe: "committed" collectors and investigators
- Gordon Housworth [ 5/25/2004 - 23:36 ] #
Those familiar with our analytic work know that we treasure good "time sequences" of properly described events as a means of pattern detection, evidence of trend growth or attenuation, changes in underlying assumptions, and the emergence of new players or vulnerabilities. As it usually falls to us to build these time sequences, I am pleased when we find them in the wild.
As a good sequence requires significant research to make it viable, or for that matter any effort or cause not tracked by the shifting "lens of the news" of the major trade and popular press, I have learned to look to the "committed," i.e., those who have a passion to search out and document what would be obscure or tedious work for the rest of us. Oxfam, ACLU, SPLC, FAS, and various UN relief agencies are good examples of what I call "committed" investigators.
It is also important to note that you might not place the same interpretation on the events in a sequence compiled by a committed group, or agree with the conclusions and recommended action items of the sequence. What is important is to judge the collection process, i.e., what gets captured from what source, what gets excluded, any consistency in the data which would indicate bias, and the accuracy of each individual datum in the sequence. Even a partial sequence in whole or in part can often make a good starting point for building one's own sequence.
One such committed collector is the Center for Cooperative Research, which in its plea for support notes that it takes in less $300 per month. Such collection is driven by a passion greater than money.
In the sense of full disclosure, the Cooperative Research website presently consists of four projects: the Complete 911 Timeline, the Inquiry into the Decision to Invade Iraq, the Inquiry into the Removal of Jean-Bertrand Aristide, and the History of US Interventions. (Remember, it is not a requirement that you agree with the conclusions or the title. It is what you can do with its data.)
Cooperative Research has a great number of timelines and the one that has my interest at the moment is one of four under the group titled US intelligence, the sequence titled Advance information on kind of attack.
Paul Thompson has compiled 118 events from 1993 to September 2002 that leave me with a sinking feeling of missed opportunities and structural collection and dissemination flaws. One learns, for example, that the 11 September hijackers were not so tight lipped or unaware of their fate as some other news items would have it.
It is worth a read. And let there be more committed collectors.
Center for Cooperative Research
InfoT Public Infrastructure Defense Public
Lack of realistic, specific risk assessment bars US firms from joining other nations' commercial efforts
- Gordon Housworth [ 5/16/2004 - 10:45 ] #
And the beheading of Nick Berg has not helped matters. Nor does State instructing US nationals not to enter the country as Commerce and Bremer's Coalition Provisional Authority are urging them to come. US brands are conspicuously absent on a thriving Saddoun Street where "storefronts have the feel of a global bazaar. Glossy billboards show off electronics from South Korea. Vendors hawk cell phone service from Egypt. Corner groceries stock ice cream from the United Arab Emirates."
Very mixed signals, uniformly applied. Yet while security remains an issue in very publicized areas, many parts of Iraq go about their business as usual, where security is not the overriding issue. Instead, it is the uncertainty of any rough and tumble emerging market; political, legal, and commercial code that had atrophied under the Baath Party to the point that ownership accreted to the state and only firms or individuals from Arab nations could have "significant ownership rights." That mix conspires to keep US firms on the sidelines while Arab, Asian and European firms that have more tolerance for business uncertainty, given their long experience on the region's street, dominate Iraq's commercial entrepreneurship.
What I like to call the "lens of the news" has colluded with Defense's failure to property predict and stabilize the Iraqi "postwar" landscape to create a stand-off condition in which US firms have point teams on the periphery of Iraq in the relatively business friendly states along the Persian littoral while the banking and telecom awards have gone to others.
I think little will change for US firms until the June handover landscape -- and those who wield its levers of power -- are defined. By that time US firms will be much farther behind more nimble competitors. I would not be surprised to see the likes of the Chinese and Brazilians enter this emerging market before US firms. (China would be thrilled to gain a toehold in Iraq's oilfields not to mention the political and intel toeholds that follow.)
The French must be laughing themselves silly as the supposed 'private sea' of US investment dries up just like the Aral Sea.
U.S. Companies Put Little Capital Into Iraq
Many Firms Interested, but Are Held Back by Security Concerns, Lack of Political Stability
By Ariana Eunjung Cha and Jackie Spinner
Washington Post Staff Writers
Saturday, May 15, 2004; Page A17
InfoT Public Infrastructure Defense Public Strategic Risk Public
DO NOT READ: failure to understand the reach and the persistence of digital information
- Gordon Housworth [ 5/16/2004 - 09:28 ] #
For years we used to joke that more than one issue of Aviation Week & Space Technology "could be stamped Secret Codeword top and bottom [of each page]," given its content down to operating parameters unlikely to be know to the casual observer. We all felt that it had to be leaked due to its specificity and consistency to other materials. We also had identified certain individuals listed on the magazine's masthead whom we felt (as individuals with no inside or privileged information in this area) to be agency employees. We saw it as the give and take between the unclass and class community in which one or more agencies had an interest in making this information available and our contribution was to "neither confirm nor deny" if asked.
So it was with some humor that I read the benighted effort of some defense personnel to close the barn door after the horses had bolted by issuing a high priority broadcast to MLA POL ALL POLICY not to visit the Fox News site to view the "Tugabe report," intentionally misspelling Taguba's name: "spelling is approximate for reasons which will become obvious momentarily."
It is a clear lack of understanding of the reach and the persistence of digital information once it reaches the web, much akin to the lack of understanding of the "legs" that digital imagery of Abu Ghraib would have once those pictures reached the wild. It does not say much for their understanding of human nature either.
The core of the leaked email (itself a triple forward) is as follows:
Fox News and other media outlets are distributing the Tugabe report (spelling is approximate for reasons which will become obvious momentarily). Someone has given the news media classified information and they are distributing it. THE INFORMATION CONTAINED IN THIS REPORT IS CLASSIFIED. ALL ISD CUSTOMERS SHOULD:
1) NOT GO TO FOX NEWS TO READ OR OBTAIN A COPY
2) NOT comment on this to anyone, friends, family etc.
3) NOT delete the file if you receive it via e-mail, but
4) CALL THE ISD HELPDESK AT 602-2627 IMMEDIATELY
This leakage will be investigated for criminal prosecution. If you don't have the document and have never had legitimate access, please do not complicate the investigative processes by seeking information. Again, THE INFORMATION CONTAINED IN THIS REPORT IS CLASSIFIED; DO NOT GO TO FOX NEWS TO READ OR OBTAIN A COPY.
Amazing. This kind of behavior drives interest and eyeballs to the Fox site rather than deflects it.
Military Personnel: Don't Read This!
How a Pentagon email sought to contain the prison abuse scandal
By VIVIENNE WALT / BAGHDAD
Saturday, May. 08, 2004
Pentagon Email Warning
Original document leaked to Time
InfoT Public Infrastructure Defense Public
Delta between worst-case and realistic cyberattacks narrow
- Gordon Housworth [ 5/15/2004 - 08:35 ] #
It is my want to revisit projections and forecasts, mine and others, to look for accuracy in both substance and timing; are assumptions still accurate and if not, why not; what new players and tools have entered the market; and what has shifted. The assumptions and the development process are more interesting than the answer as too many people treat a situation in time as something fixed, instead of seeing it as a still frame in a motion picture (where the trick is to predict the next scene).
One such item is an August 2002 What are the real risks of cyberterrorism? that looked at "possible--though still improbable--worst-case cyberattacks, followed by more realistic threats." In two years, the delta between the worst case and realistic threats has narrowed.
While it is generally true that cyberattacks "come in two forms: one against data, the other on control systems," I would make the distinction that there are three categories: data, analysis of data, and control. Data is often of modest value, especially when data volumes are large and/or frequently changing, and time is short. Actionable information comes from the speedy analysis of data. Poor design, design driven by cost cutting, and design taking immediate advantage of newer technologies without thinking of security intrusion have conspired to create conditions in which data, analysis and control increasingly merge.
The article said that [data attacks] "attempts to steal or corrupt data and deny services" while "control-system attacks attempt to disable or take power over operations used to maintain physical infrastructure" and of those the SCADA systems (supervisory control and data acquisition) and its core RTUs (Remote Telemetry (or Terminal) Units) are key. At the time, Richard Clarke among others said that any "damage resulting from electronic intrusion would be measured in loss of data, not life."
I submit that increasing systems interconnectivity and interdependence is narrowing the gap between loss of data and loss of life. Pursuing the analysis of data as opposed to raw data allows perps to obtain insight that allows them to attack a target either directly or gain an understanding of the means to attack its control systems. If the default shutdown conditions of a control system are poorly designed, interrupting the control system is tantamount to overtaking the system (witness the failure fault paths of older nuclear reactors in the interaction of their physical design and their control systems). If the perps can spot an asymmetrical weakness they will take that path of least resistance, least cost, and least exposure.
It was cold comfort then and far more discomfiting now that the July 2002 Digital Pearl Harbor exercise could conclude that "communications in a heavily populated area" would be disrupted but "would not result in deaths or other catastrophic consequences," In a misplaced presumption of safety, it noted that the attack team "needed $200 million, high-level intelligence and five years of preparation time." If not al Qaeda, that certainly puts at least five nations and the odd drug lord as immediate contenders.
I often speak of the glide slope to the desktop of any technology, i.e., that over time all technologies become small enough and cheap enough to fit on a desktop. I would like to see the Naval War College and Gartner rerun that attack again as I wager that the cost, time, and needed sensitive information would be significantly less. Recent variants of the Sasser worm are believed to have shut down some systems and that was designed and launched by a group of German youths. No $200 million here.
Why should we be surprised? A group of teenager hackers calling themselves the Legion of Doom took control of the BellSouth infrastructure in 1989. "During the attack, the hackers could have tapped phone lines and even shut down the 911 system."
When we see as yet unidentified perps gain control of part of the TeraGrid and nearly gain an ability to launch an enormous DDoS attack, the improbable becomes increasingly likely.
While I still agree that the greatest net threat from al Qaeda remains its C3 ability, I am less comfortable with an earlier comment attributed to Richard Clarke that "Osama bin Laden is not going to come for you on the Internet." At a minimum, the net can be used in a hybrid attack in which the cyber side disrupts the ability of the defender to anticipate, identify, or respond to a physical attack.
What are the real risks of cyberterrorism?
By Robert Lemos
Special to ZDNet
August 26, 2002, 6:23 AM PT
Cybersecurity Public InfoT Public Infrastructure Defense Public
Keep freezing Yankees in the dark, this time so say Yankees
- Gordon Housworth [ 5/14/2004 - 14:10 ] #
A financially needy Massachusetts old industrial city declines an urban renewal, a guaranteed fuel supply, and millions in annual revenue. California-based environmental groups complain that an "over the horizon" offshore terminal will kill marine life.
I am reminded of the New England and Californian resistance to offshore oilrig drilling in their waters during the gasoline shortages of the 1970s but quite happy to see expanded oil and gas lifts off the shores of Texas and Louisiana. ("Drive 90 -- Freeze a Yankee" became a popular bumper sticker in Houston, Texas. The last of the series was, I believe, "Freeze a Yankee in the dark.")
Regional jibes aside, real and unfounded threats of terrorism are derailing new, desperately needed domestic LNG terminals. (The US has only four, built in the 1970s.) Attempts to flank US resistance by building Mexican terminals have been similarly attacked.
Aside from terrorist threats, LNG risks are less than that of propane or gasoline as it burns with a lazy flame and will not "explode and won't burn in its liquid state. In a spill, the product can be ignited, but only after it vaporizes and combines with a mixture of air ranging from 5% to 15%. Mixtures outside that range are either too lean or too rich to burn and most of the gas, being lighter than air, quickly dissipates." The Algerian LNG liquefaction plant explosion had more to do with its manner of warming the liquid LNG (a steam boiler as opposed to using seawater) than will LNG flammability.
The shift between safe and unsafe has to do with the amount of explosives that can be brought aboard or adjacent to an LNG tanker -- and it has to reach US shores via tanker:
"Ninety-six percent of the world's natural-gas supplies are located in places that are geographically remote, such as West Africa or Qatar. To get that natural gas to other markets, it is first cooled to reduce its volume. The cost of cooling and shipping LNG has plummeted in recent years, allowing companies to deliver it halfway around the world at competitive prices."
Japan has no choice as it has a smidgen of coal along the Shimonoseki Straits and no oil or gas reserves. Japan receives ten LNG shipments weekly via Tokyo Bay adjacent to metropolitan Tokyo.
US nationals still pretend that they have a choice. If demand gets increasingly critical, I can imagine federal eminent domain will step in over a state -- as the US is doing over Nevada with the spent fuels storage facility at Yucca Mountain.
Given that al Qaeda stowaways entered the US using LNG tankers as an underground railroad, something does need to be done in prioritizing and neutralizing realistic threats to our fuel supply as a uniform application of uniformed fear will leave us in an equally difficult position, such as the next hot summer or cold winter.
Personally, the scenarios that I like are to get an LNG tanker into the inner harbor or lash one next to a cruise ship, i.e., delivering target and weapon to one another. Command of the flight deck works as well for tankers as for aircraft. (Doesn't have to be LNG. Texans like myself still remember the aftermath of the accidental detonation of a fertilizer-laden vessel in Texas City, Texas. Pieces of the vessel landed miles away.)
Fears of Terrorism Crush Plans For Liquefied-Gas Terminals
Activists Claim an Explosion Could Create Deadly Fires; Dr. Fay Spreads Message
Industry: Risks Overblown
By JOHN J. FIALKA and RUSSELL GOLD
Staff Reporters of THE WALL STREET JOURNAL
May 14, 2004; Page A1
InfoT Public Infrastructure Defense Public Terrorism Public
While we're looking the other way -- tunnels?
- Gordon Housworth [ 4/27/2004 - 07:04 ] #
I continue to be fascinated by the large number of tunnels dug between Mexico and the US in Arizona and California (New Mexico has few border towns to act as a terminus and Texas has the Rio Grande barrier). Tunnels have been used, for example, between Egypt and Palestinian Gaza. I have heard it said that 'anything that a man can hold in his arms' is already in Israel.
The discovery of the Calexico tunnel brought a moment of reflection. As of April 2003, 21 tunnels had been found since 1990 -- a number a thousand feet long. Drug traffickers are relying more on tunnels to avoid tightened US port security following 11 September. Four of the 21 tunnels had cart and rail systems while nine were equipped with lights and ventilation systems. Some had steel rails to support carts to be drawn through. Seven were in the San Diego County region and 14 were in the Arizona region. Twenty were near ports of entry.
Finding these tunnels is not simple. Soil and geological variations in concert with power line interference makes the use of radar, sonar and electromagnetic radiation tools problematic. Examination of likely areas in concert with background checks and property record examinations on persons of interest carry much of the load. Tipoffs and chance are a major boon.
The rising question is whether terrorists could, for a price, be permitted to smuggle weapons, components, and personnel into the US. If illicit drugs and aliens can be brought across, then terrorists or WMD components can also come across.
Tijuana has been a historically popular crossing point for Middle Eastern nations. Lebanese and Chaldeans (and Iraqi Catholic minority) have been well represented along with some Iraqis. (Mexico really began to pay attention after 11 September.)
The Drug Enforcement Administration (DEA) estimates a tunnel's cost between $800,000 and $1 million to build. That cost and the very high value of the cargo transported would seem to indicate that drogistas would not compromise an expensive asset for a one-shot 'rental,' but we have no guarantee. Besides, a clandestine terrorist may not identify themselves or their cargo and so pass through as one more illegal alien.
In the week after 11 September, I told colleagues that al Qaeda would be as hard to eradicate as drugs, in part because of the difficulty in eliminating illicit transnational channels of any kind. Anytime two or more of these channels even approach one another I have concern.
Tunnel is found near the border at Tecate
A hole in security?
By Anna Cearley
June 18, 2003
Border area seems even more vulnerable in the aftermath of 9/11
By Anna Cearley
May 7, 2003
U.S. drills for drug tunnelsBy Elliot Spagat
Authorities believe they've found another cross-border route to Mexico
April 14, 2004
InfoT Public Infrastructure Defense Public
Finding your financial information on the web
- Gordon Housworth [ 4/26/2004 - 18:43 ] #
In a security environment where 'feel good' security focuses too quickly on the "easy and obvious" you can be assured the terrorists and criminals will have their ID in order.
Given that trafficking in confidential personal and financial information is commonplace on the web, the only thing astonishing about identity theft is that it is not more common (but Dick Clarke expects it to ramp). I can only assume that determined identity thieves prefer to cut a middleman and so reduce detection by dumpster-diving your trash and mail and phishing you online. While recent complaints over accessing personal information with regards to security screening have focused on federal requests to airlines and other commercial databases, we must not overlook the ease by which criminals and terrorists can buy an identity with which they can, say, board an aircraft or run up a tab.
Your social security number, bank balances, and, to a reasonable degree, stock portfolios, can be purchased online from a number of firms for under a thousand dollars, sometimes a few hundred. The only curiosity is the source of the provider's information, e.g., direct from financial institutions, through direct and indirect sharing arrangements, or illegal means.
Given that a drivers license is increasingly seen as a general form of identification and can be used to board a domestic airline and make a Canadian or Mexican border crossing by car or foot, the gaping security holes at state DMVs nationwide makes ID theft and production of a seemingly valid drivers license a ridiculously easy event. The Center for Democracy and Technology (CDT) is spotlighting security problems nationwide in the issuance of the licenses. In 2003, CDT found more than 20 cases in 15 states where bribery or lax security at state DMV offices had resulted in fraudulent issuance of driver's licenses. CDT also warned that adding more biometric information to driver's licenses will not make them reliable as a de facto national ID card, yet we are spending monies exactly in that direction.
The CDT report, "Unlicensed Fraud: How bribery and lax security at state motor vehicle offices nationwide lead to identity theft and illegal driver's licenses" has policy recommendations worth reading.
Forget your bank balance? It's available on the Internet is a typical example as to how easy it is to harvest your personal and financial information.
Yes, only days after this Boston Globe article, a Massachusetts court obtained an emergency court order temporarily barred the Ohio firm selling the data from obtaining or selling personal financial information belonging to Massachusetts residents, but that was only one seller among many, and only one state.
Forget your bank balance? It's available on the Internet
Consumers' financial details easy pickings on the Net
By Bruce Mohl, Globe Staff, 1/4/2004
InfoT Public Infrastructure Defense Public Strategic Risk Public Terrorism Public
|Prev 1 2 3 4 5 6 7 8 9  11 12 13 14 15 Next|
You are on page 10
Items 91-100 of 147.
|<< | December 2013 | >>|