Posts Tagged ‘Homeland Security’

Russian Threat to Elections ‘Is Real,’ Trump Officials Say

August 3, 2018

Russia, others in a “pervasive” campaign to weaken America’s democracy

Top national security officials vowed Thursday to defend American elections against what they called real threats from Russia only weeks after President Trump seemed to accept President Vladimir V. Putin’s denials of interference during a summit meeting in Finland.

After the meeting, Mr. Trump said he had not meant to endorse Mr. Putin’s denial of election meddling, but insisted that the culprit behind the intrusion“could be other people.” A few days later, he asserted that the idea of any meddling by Russia was “all a big hoax.”

Image result for dan coats, Christopher wray, photos

U.S. Director of National Intelligence Dan Coats and FBI Director Christopher Wray participate in a briefing on election security in the White House press briefing room at the White House in Washington, U.S., August 2, 2018. REUTERS/Carlos Barria

But the men and women charged with detecting and defending against any threats to the American political process showed no such ambivalence. They bluntly said that Russia was behind a “pervasive” campaign to weaken America’s democracy and influence the 2018 election.

They also sought to reassure voters that federal, state and local governments were taking steps to guard against what Christopher A. Wray, the F.B.I. director, described as a “24-7 365-days-a-year” effort by Russia to sow division as Americans head to the polls in the fall.

By  Michael D. Shear and Michael Wines
The New York Times

“Russia attempted to interfere with the last election,” Mr. Wray told reporters in the White House briefing room, “and continues to engage in malign influence operations to this day. This is a threat we need to take extremely seriously and to tackle and respond to with fierce determination and focus.”

Dan Coats, the director of national intelligence, echoed that assessment, saying that “Russians are looking for every opportunity, regardless of party, regardless of whether or not it applies to the election, to continue their pervasive efforts to undermine our fundamental values.”

Mr. Wray and Mr. Coats were joined at the briefing by Kirstjen Nielsen, the secretary of homeland security, John R. Bolton, the president’s national security adviser, and Gen. Paul M. Nakasone, the head of the National Security Agency.

Image result for John Bolton, photos, August 2, 2018

Officials at the briefing did not describe specific threats to the coming elections, and they were vague about how the government was responding to what they called Russia’s interference campaign. But they said Mr. Trump had directed them in a National Security Council meeting last week to aggressively confront the threats.

“Our democracy itself is in the cross hairs,” Ms. Nielsen told reporters. “The progress we have made is real, and the nation’s elections are more resilient today because of the work we are all doing. But we must continue to ensure that our democracy is protected.”

Read the rest (Includes video):


See also:

Trump national security team says Russia behind effort to meddle in U.S. elections


Trump admin says it knows location of all children separated from parents

June 24, 2018

Homeland Security fact sheet does not give timeframe for reuniting families, says migrants must request to have their child deported with them

Migrant families rest from their travels to Matamoros, Mexico, along Gateway International Bridge which connects to Brownsville, Texas, as they seek asylum in the United States. (Miguel Roberts/The Brownsville Herald via AP)

Migrant families rest from their travels to Matamoros, Mexico, along Gateway International Bridge which connects to Brownsville, Texas, as they seek asylum in the United States. (Miguel Roberts/The Brownsville Herald via AP)

AP — Trump administration officials say the US government knows the location of all children in its custody after separating them from their families at the border and is working to reunite them.

A fact sheet on “zero-tolerance prosecution and family reunification,” released Saturday night by the Department of Homeland Security and other agencies involved in the separations, also says a parent must request that their child be deported with them. In the past, the agency says, many parents elected to be deported without their children. That may be a reflection of violence or persecution they face in their home countries.

The fact sheet does not state how long it may take to reunite families. The Port Isabel Service Processing Center in Texas has been set up as the staging ground for the families to be reunited prior to deportation.

How the government would reunite families has been unclear because the families are first stopped by Customs and Border Patrol, with children taken into custody by HHS and adults detained through Immigration and Customs Enforcement. Children have been sent to shelters around the country, raising alarm that parents might never know where their children can be found.

The information comes as protests erupted around the country over the separations and the future of families arriving to the US illegally.

The fact sheet states that ICE has: implemented an identification mechanism to ensure on-going tracking of linked family members throughout the detention and removal process; designated detention locations for separated parents, and will enhance current processes to ensure communication with children in HHS custody; worked closely with foreign consulates to ensure that travel documents are issued for both the parent and child at time of removal; and coordinated with HHS for the reuniting of the child prior to the parents’ departure from the US.

A US Border Patrol agent watches as people who’ve been taken into custody related to cases of illegal entry into the United States, stand in line at a facility in McAllen, Texas, June 17, 2018. (US Customs and Border Protection’s Rio Grande Valley Sector via AP)

As part of the effort, ICE officials have posted notices in all its facilities advising detained parents who are trying to find or communicate with their children to call a hotline staffed 8 a.m. to 8 p.m., Monday through Friday.

A parent or guardian trying to determine if a child is in the custody of HHS should contact the Office of Refugee Resettlement National Call Center. Information will be collected and sent to HHS funded facility where minor is located.

US President Donald Trump on Wednesday ordered the practice of separating parents and their children to stop. As of last Wednesday, 2,053 minors who were separated at the border were being cared for in HHS-funded facilities, the fact sheet said.

But it is unclear whether detained parents have access to computers to send an email, or how their phone systems work to call out. Attorneys at the border have said they have been frantically trying to locate information about the children on behalf of their clients.

Until Wednesday, the president, Homeland Security Secretary Kirstjen Nielsen and other officials had repeatedly argued the only way to end the practice was for Congress to pass new legislation, while Democrats said Trump could do it with his signature alone. That is just what Trump did with the executive order.

US Customs and Border Patrol said it had reunited 522 children and that some had never been taken into custody by Health and Human Services, because their parents’ criminal cases were processed too quickly. Officials have said as many as 2,300 children had been separated from the time the policy began through June 9. It is not clear whether any of the 2,000 remaining children were taken into custody after June 9.

The zero tolerance policy of criminally prosecuting anyone caught illegally crossing the border remains in effect, officials have said, despite confusion on the ground on how to carry out Trump’s order. Justice Department officials asked a federal judge to amend a class action settlement that governs how children are treated in immigration custody. Right now, children can only be detained with their families for 20 days; Trump officials are seeking to detain them together indefinitely, as their cases progress. Advocates say family detention does not solve the problem.


US Navy planning new camps, housing to support immigration crackdown

June 23, 2018

The US Navy plans to build sprawling detention centers for tens of thousands of immigrants on remote bases in support of President Donald Trump’s “zero tolerance” policy against unlawful migration, a report said Friday.

Image result for donald trump, angel families, photos

President Trump with Angel families

According to a draft memo obtained by Time magazine, the navy plans to build “temporary and austere” tent cities to house 25,000 migrants across three abandoned air fields in Alabama, 47,000 people at a facility near San Francisco, and another 47,000 at a training center in southern California.

The document estimates the navy would spend $233 million to run a facility for 25,000 over six-months.

Asked for comment, Pentagon spokesman Lieutenant Colonel Jamie Davis said: “The Department of Defense is conducting prudent planning and is looking nationwide at DoD installations should DHS (Department of Homeland Security) ask for assistance in housing adult illegal immigrants.

“At this time there has been no request from DHS for DoD support to house illegal migrants.”

The fate of 2,300 children wrested from their parents at the US border with Mexico remained unclear Friday two days after Donald Trump ended migrant family separations.

While the US leader bowed to global outrage over the splitting of families, conflicting messages were contributing to a sense of chaos in the handling of the crisis.

But having been forced into a climbdown, Trump swung back into fighting mode — insisting he remained committed to the “zero tolerance” policy that aims to deter the flow of migrants from Central America.

“We must maintain a Strong Southern Border. We cannot allow our Country to be overrun by illegal immigrants as the Democrats tell their phony stories of sadness and grief, hoping it will help them in the elections,” he tweeted.

Image result for donald trump, angel families, photos

Angel families share their stories

Trump also met at the White House with parents of victims killed by undocumented immigrants.

The parents standing with Trump have been “permanently separated from their loved ones,” the president said, “because they were killed by criminal illegal aliens.”


Deadly attacks feared as hackers target industrial sites

May 31, 2018
Deadly attacks feared as hackers target industrial sites
© Getty

The hacking threat to critical infrastructure in the United States and beyond is growing larger, with nation states and other malicious actors looking to gain a foothold in sensitive technologies to conduct espionage and potentially stage disruptive or destructive attacks.

Dragos, a firm that specializes in industrial cybersecurity, has released new research asserting that a hacker group responsible for deploying highly sophisticated, destructive malware to an industrial plant in the Middle East last year has begun to expand its operations beyond its initial targets.

“This is no longer about data theft or business disruption. Someone can get hurt. It’s about physical consequences,” said Dan Scali, senior manager for FireEye’s industrial control system security consulting practice.

Last week, researchers at Dragos released new details about a threat group they call “Xenotime.” They said the group has developed hacking tools to compromise and disrupt industrial safety instrumented systems — hardware and software controls that are used to ensure the safe operations of large-scale nuclear, chemical and other industrial plants and allow for emergency stops to take place.

The group, whose origins are not publicly known, deployed malware to an industrial plant in the Middle East last year that specifically targeted Triconex safety systems manufactured by Schneider Electric. The attack caused the plant to shut down.

Now Dragos says that the actors have expanded their operations, making their way into networks of industrial organizations beyond the Middle East. The group has also demonstrated capabilities to potentially disrupt safety systems other than Triconex.

The developments have raised concerns that Xenotime could be moving to carry out destructive attacks, such as triggering chemical explosions.

“It is the most dangerous cyber threat in the world, period,” said Sergio Caltagirone, director of threat intelligence at Dragos.

“Really, there has been no malware in the world so far that has actually put lives at risk, demonstrably,” Caltagirone said. “This adversary is.”

Dragos has provided little technical details about the group’s behavior, and has not divulged the countries now affected by the activity, though CyberScoop reported that U.S. companies were among those breached. Dragos said it has alerted U.S. officials and other foreign governments to the threat.

The Department of Homeland Security, which is responsible for engaging with owners and operators of critical infrastructure to help them guard against cyber sabotage, did not return a request for comment.

Concerns about cyber threats to critical infrastructure from nation states like Russia have been mounting in Washington, particularly in light of twin attacks that knocked out power in Ukraine in 2015 and 2016.

Industrial organizations have stepped up monitoring of their control networks to detect potentially nefarious activity, offering security professionals new insight into malicious actors looking to target critical infrastructure systems around the globe.

“It’s hard to say that we’re seeing specifically a trend because we are working with small numbers,” Scali said.

“But we’ve seen an escalation in attackers capability and also willingness to conduct these types of attacks over time,” Scali added.

Forms of malware specifically designed to target industrial systems — used to power elements of the electric grid, water systems, and other critical services — are rare. The malware associated with Xenotime was only the fifth known malware family targeting these systems since the “Stuxnet” virus was used against Iranian nuclear power plants in 2010.

Both FireEye and Dragos identified the malware in December. While researchers have not publicly identified the breach victim, The New York Times reported it was a petrochemical plant in Saudi Arabia. While the attack inadvertently caused operations at the plant to shut down, experts warn the consequences could have been far worse.

“If you’re attacking the safety instrumented system and trying to make changes to how it operates, you’re trying to hurt or kill someone, damage equipment, cause some other physical consequence or impact on the environment,” Scali said. “There’s a level of audacity around attacking a safety system.”

The activity associated with Xenotime has not been traced to a particular country, though experts suspect the group is linked to a nation state. Private actors don’t have the financial incentive to stage destructive attacks, nor do they possess the significant resources that are needed to hone such capabilities.

Dragos also suspects that the hackers are working with another, unidentified hacking group that first gained access to industrial networks through spearphishing and watering hole attacks and then passed that access to Xenotime.

In most cases, hackers spent between nine months and multiple years inside these networks, conducting intelligence on industrial operations, Caltagirone said.

“Basically, they are learning to become operators themselves inside this environment,” he said.

There have been other signs of nation-state cyber actors conducting reconnaissance on systems powering critical services.

In March, U.S. officials revealed that Russian hackers had staged a multi-year intrusion campaign against companies in the energy sector and other critical services.

In some cases, hackers gained access to energy sector networks and moved laterally in order to gather intelligence on industrial control systems and supervisory control and data acquisition systems — information that could provide a foundation for developing capabilities to stage attacks against targets in the energy sector.

“You need not only to compromise the systems, you also need knowledge of the industrial process,” Scali said. “The more information and reconnaissance that you can do ahead of time … that makes the attacker’s job easer and fills in that missing information that a hacker would need to cause a physical disruption.”

Dragos will release research on Thursday detailing the activities of a threat group the firm calls Covellite, which has breached networks associated with electric companies in Europe, East Asia and North America to gather intelligence on internal industrial operations.

Last September, the group carried out a spearphishing campaign against a small number of U.S. electric companies, though researchers say the hackers have significantly scaled back operations against North American targets.

The hacker group’s techniques have the hallmarks of those used by North Korea’s army of hackers, a force known to U.S. officials as “Hidden Cobra,” though it is unclear exactly how the two are related.

As adversaries continue to evolve in cyberspace, officials are on high alert for attacks that could compromise critical services. Jeanette Manfra, a top Homeland Security cyber official, told The Hill earlier this year that she is keenly focused on working with industry to prevent attacks that could disrupt essential services, from the financial sector to the electric grid.

“I really believe that that is where the risk is,” Manfra said.

Meanwhile, experts anticipate an uptick in cyber activity targeting industrial control systems going forward.

“The ability to affect industrial control systems as part of a potential cyber war and larger kinetic or digital war environment is very high up on the list of many countries,” said Caltagirone. “We expect that, not only is our ability to find them going to get better … but we also know that there is going to be more adversaries entering in this space in the mid- to long-term.”

The Hill

U.S. Homeland Security to compile database of journalists, bloggers and ‘media influencers’

April 8, 2018

DHS looking to create a searchable database of hundreds of thousands of news sources, journalists, bloggers and “media influencers” for the federal government

Japan Times



The U.S. Department of Homeland Security is looking to create a searchable database of hundreds of thousands of news sources, journalists, bloggers and “media influencers” for the federal government, a move a DHS spokesman called “standard practice.”

In a job request posted last week to the Federal Business Opportunities website, the main contracting website used by the federal government, DHS wrote that it is seeking a contractor that is able to monitor up to 290,000 global news sources, track media coverage in up to 100 languages and can “track online, print, broadcast, cable, radio, trade and industry publications, local sources, national/international outlets, traditional news sources, and social media.”

Image result for department of homeland security, photos

The request also seeks the ability to build lists of journalists “based on beat, location, outlet type/size, and journalist role.”

Data to be collected would also include an analysis of each news source’s “sentiment,” as well as geographical spread, top posters, languages, momentum and circulation.

The database of “top media influencers” would include “present contact details and any other information that could be relevant, including publications this influencer writes for, and an overview of the previous coverage published by the media influencer.”

After the job posting sparked an outcry on social media, DHS press secretary Tyler Houlton tweeted Friday that “despite what some reporters may suggest, this is nothing more than the standard practice.”

“Any suggestion otherwise is fit for tin foil hat wearing, black helicopter conspiracy theorists,” he wrote.

The posting comes amid growing concerns about accuracy in media and the potential for foreign powers to influence U.S. elections and policy through so-called fake news. It also comes amid U.S. President Donald Trump’s frequently criticisms of the mainstream media as “fake news.”

Trump was lambasted in the latest report by watchdog organization Freedom House, which said that global media freedom reached its lowest level in 13 years in 2017.

“It is the far-reaching attacks on the news media and their place in a democratic society by Donald Trump, first as a candidate and now as president of the United States, that fuel predictions of further setbacks in the years to come,” the report said.

Despite these concerns, some said there is little to worry about with the DHS tender.

John Kirby, a former State Department spokesman who currently works as a CNN military and diplomatic analyst, told the network Friday that DHS is unlikely to be the only federal agency monitoring the media.

“Given this administration’s denigration of most media outlets, I understand why the timing of this bid might look suspicious,” Kirby said. “But from what I can tell, this is nothing more than an attempt at media analysis.

“It’s not at all different from what I have seen other agencies undertake to better understand the communication landscape. In fact, it would be PR malpractice not to put something like this together.”

Susan Hennessy, a fellow at the Brookings Institution, also attempted to tamp down concerns, calling such a database “normal and common.”

“I really honestly think this kind of media tracking is a normal and common thing that both private companies and federal agencies do, and it doesn’t alarm me. Sincerely,” Hennessy wrote Friday on Twitter.

Facebook Data Scandal Raises Another Question: Can There Be Too Much Privacy?

April 1, 2018

Are encrypted messaging apps like Telegram and Signal safeguarding your data, or a threat to society?

Image result for Telegram, encrypted messaging apps, photos

WASHINGTON—The firestorm over Facebook Inc.’s handling of personal data raises a question for those pondering a regulatory response: Is there such a thing as too much privacy?

Recent scrutiny of data-analytics firm Cambridge Analytica has shown how questionable actors can abuse the power of networks that play an increasingly large role in society. Facebook claims Cambridge Analytica violated its policies, a charge the firm denies. The firm, which counts Donald Trump’s presidential campaign among its clients, crunched the data of 50 million Facebook profiles claiming it could predict individual personality traits and make ads more effective.

Legislators, the Federal Trade Commission and other agencies now are considering rules to protect the privacy of users of social networks like Facebook. While those efforts remain in the early stages, even tech companies say privately they expect some regulation to happen down the road.

Yet some law-enforcement agencies, including the Federal Bureau of Investigation, and national-security advocates point to a tradeoff, noting that too much privacy can be as bad as too little. Bad actors take advantage of both extremes, abusing access to individuals on networks that are too open or freely conspiring on systems that are too closed.

Law-enforcement agencies rely on access to user data as an important tool for tracking criminals or preventing terrorist attacks. As such, they have long argued additional regulation may be harmful to national security.

Telegram is an example of a service offering users complete security. Encrypted from end to end, domiciled in a country out of reach of subpoenas—and very easy to use—the app is among the top choices of people worried about snooping governments and malicious third parties. Telegram’s reputation has been a double-edged sword.

Clinton Watts, a senior fellow at George Washington University’s Center for Cyber and Homeland Security, said such apps are a big concern for law enforcement. “This is perfect for terrorist groups that want to network, propagate their message and recruit new members,” he said.

Telegram is popular in countries like Iran, where it was instrumental in helping the population organize the wave of antigovernment protests that swept across the country in early January. But it also has become known as the app of choice for Islamic State and other extremist groups, after U.S.-based tech companies like Twitter Inc. began cooperating with government agencies, removing accounts and content that promoted violence.

Governments have little recourse. Iran blocked Telegram during government protests earlier this year, and Russia is threatening to block it unless it turns over user data.

Mr. Watts, who previously worked as an FBI special agent on a counterterrorism task force, said law-enforcement agencies need to invest a lot more in human intelligence and undercover investigators to penetrate secure online spaces.

Some U.S. firms are already adapting to fears of new regulation and offering even greater security than Telegram. Signal, in San Francisco, is emerging as one of the more successful examples. It says it deletes all user information once it is no longer necessary for communication, making it impossible to comply with demands for users’ personal data.

That would make Signal more secure than, for example, WhatsApp, the popular encrypted messaging service, which Facebook bought in 2014 and that stores information such as with whom users are communicating and when.

“When we receive a subpoena for user data,” Signal founder Moxie Marlinspike posted on the company’s website, we “have nothing to send back but a blank sheet of paper.”

Observers warn the #deletefacebook movement will drive more users to these secure systems.

Telegram’s founder, the Russian entrepreneur Pavel Durov, said the firm recorded 200 million active users in March, a 70% increase on the year. “We don’t do deals with marketers, data miners or government agencies,” he wrote in the post on Wednesday. “For us Telegram is an Idea: it is the idea that everyone on this planet has a right to be free.”

Mr. Durov has relocated the company several times since leaving Russia, where it faces a court order to turn over encryption keys to the intelligence services. It is now based in the United Arab Emirates.

Telegram’s terms are simple: No calls to violence, porn or copyright infringement on public channels. The app can’t take action on private channels because all private content is encrypted and largely inaccessible even to the company. The Telegram press team didn’t respond to repeated requests for comment, but the company says it closes hundreds of public channels every day that promote violence or extremist content.

Opportunities for terrorists to exploit secure networks to boost recruitment and spread propaganda were evident in the aftermath of the Friday’s attack in France, when 25-year-old Radouane Lakdim shot at police and took hostages at a small-town supermarket.

Islamic State supporters immediately rallied on Telegram channels, using the incident to call on others to take action and launch a public campaign on Twitter, according to SITE Intelligence Group, which monitors extremist activity online.

Now that U.S. firms are cooperating to an extent with government authorities, apps like Telegram fill an important gap in the market by providing a platform for terrorists to radicalize and spur members to action, said Jesse Morton, a former al Qaeda recruiter who works as a coordinator at the Institute of Strategic Dialogue‘s Against Violent Extremism network.

“People that are more committed and pose a greater risk are still able to view generalized propaganda,” Mr. Morton said. “It’s a grooming process.”

Write to Jessica Donati at

Atlanta’s Cyber Attack Shows the New Security Risks the U.S. Needs to Address—and Fast

March 29, 2018



March 28, 2018
Image result for atlanta, photos

Last week’s ransomware attack on the city of Atlanta’s computer networks offers a chilling reminder that the public sector is directly in the line of fire in the war against cyber terror. With cities and states across the country increasingly relying on artificial intelligence and machine learning to deliver vital services, the risks for residents and businesses are growing exponentially.

Public officials are trying to balance the need to secure infrastructure assets with the need for open government practices. Last August, for instance, in the name of transparency and accountability, a New York City Councilman named James Vacca proposed that the city of New York publicly disclose the source code of all algorithms relied upon in delivering municipal services. These “algos” range from how teachers are evaluated, to when garbage gets collected, to which precincts get the most police officers. The proposal was the first of its kind in any U.S. city—and some privacy advocates assert that it should serve as a model for the rest of the country.

The debate over the management and disclosure of this source code is critical, because governments are increasingly relying on artificial intelligence and machine learning to analyze data and make key decisions. And while these advances offer the promise of better service at a reduced cost to taxpayers, this growing reliance on AI and ML comes with two distinct and potentially conflicting risks.

The first risk is that governments that become overly reliant on AI introduce the potential for bias, particularly racial bias in the criminal justice system. In 2016, a ProPublica investigation found significant racial disparities in criminal justice “risk assessments” produced by algorithms that seek to predict future criminal behavior.

In one notable example, the software wrongly considered a black woman who took a bike from a neighbor’s yard (given a risk score of 8) to be more likely to commit a future crime than a white man arrested for shoplifting who had a lengthy criminal record (he scored a 3). The ProPublica analysis of 7,000 individuals arrested in Broward Country, Florida revealed that this risk assessment tool wrongly identified African-American defendants as potential recidivists at improperly high rates. The software made the inverse mistake of underestimating recidivism rates for whites.

 Image may contain: text

More than 45 states now rely on algorithmic tools to set bond amounts, make parole decisions, or even influence jail sentences. These kinds of automated risk formulas—which have implications for civil liberties and racial inequality—require broad transparency and close scrutiny.

Councilman Vacca’s legislation was aimed squarely at this troubling potential for bias. The challenge, though, is that erring too far on the side of transparency increases the second risk, which is the threat of widespread physical cyberattacks.

When we think about cybersecurity risk, we typically envision attacks on email, networks, websites, and other digital assets. Increasingly, however, we can expect these attacks to target physical assets, and the rise of artificial intelligence and machine learning may provide new and potent vectors for widespread attacks.

Automated systems are rapidly evolving from offering assessments and evaluations to actually delivering implementation. That’s the difference between Waze offering individual drivers the best driving routes and a centralized computer system giving a fleet of autonomous vehicles, or drones, direct instructions.

As cities automate water supply, electricity, mass transit, and hospital services, the cyber threat to these physical assets will rise. We’re already seeing evidence of this. Just before the Atlanta cyberattack, the U.S. Department of Homeland Security and the FBI issued a joint bulletin indicating that Russian hackers successfully penetrated control systems at energy, nuclear, water, aviation, and manufacturing sites.

 Image may contain: text

Herein lies the dilemma with the Vacca bill and similar efforts that have a well-intentioned goal of maximizing transparency to minimize the threat of bias: The more source code governments disclose, the more tools cyber criminals will have at their disposal. Last month, experts from 14 organizations, including OpenAI, Oxford University, and the Center for a New American Security, catalogued the digital, physical, and political risks of AI in a sweeping report. Its core thesis was the “dual-use nature” of AI—the potential for both good—in the form of accelerated scientific discovery and enhanced productivity—and harm from cyberattacks and political disruption.

When weighing the benefits and risks of the Vacca bill, the New York City Council sensibly decided to devote more time to understanding what the city should disclose and how. This is far preferable to diving headfirst into legislating without fully understanding the risks involved. This due diligence—in New York and around the country—must happen quickly.

With his landmark legislation, Councilman Vacca sparked a crucial debate about balancing transparency and security in the new world of artificial intelligence. Citizens deserve to know how their government allocates resources and makes decisions. Yet, governments have an obligation to do all that they can to keep us safe, particularly at a time where cyber hackers too often appear to be one step ahead of the rest of us.

Peter J. Beshar is executive vice president and general counsel of Marsh & McLennanCompanies.


Cyberattack hits Atlanta computers — ‘Everyone who has done business’ with city may be at risk

In a story first reported by 11Alive, Mayor Keisha Lance Bottoms says, ‘We don’t know the extent of the attack.”

ATLANTA – In a story first reported by 11Alive, city of Atlanta computers have been cyber attacked by ransomware that has encrypted some personal and financial data.

“We don’t know the extent of the attack,” said Atlanta Mayor Keisha Lance Bottoms in a Thursday afternoon press conference.

New Atlanta COO Richard Cox said public safety, water and airport operations departments have not been affected.

READ | What to know about the City of Atlanta cyberattack

Officials also said Thursday afternoon they are working with the FBI, U.S. Department of Homeland Security, Cisco cybersecurity officials and Microsoft to determine what information has been accessed and how to resolve the situation.

Bottoms said everyone who has done business with the city is potentially at risk, and advised businesses and consumers to check their bank accounts.

“City payroll has not been affected,” Cox said, “and we have not determined that City Hall will need to be closed on Friday.”

READ | What to do after a data breach or cyberattack

Multiple sources confirmed to 11Alive earlier on Thursday that various city systems have been impacted by the ransomware attack.

According to a statement from the city, its computers are “currently experiencing outages on various internal and customer facing applications, including some applications that customers use to pay bills or access court-related information.

“At this time, our Atlanta Information Management team is working diligently with support from Microsoft to resolve the issue. We are confident that our team of technology professionals will be able to restore applications soon. Our city website,, remains accessible and we will provide updates as we receive them.”

City of Atlanta, GA


The City of Atlanta is currently experiencing outages on various customer facing applications, including some that customers may use to pay bills or access court-related information. We will post any updates as we receive them.

According to the FBI, the bureau is aware of the situation and is “coordinating with the city of Atlanta to determine what happened.”

A screenshot sent to 11Alive from a city employee and analyzed by technical expert and Kennesaw State University professor Andrew Green, shows a bitcoin demand of $6,800 per unit, or $51,000 to unlock the entire system.

Emails have been sent to city employees in multiple departments telling them to unplug their computers if they notice suspicious activity. Professor Green said that directive and the note itself is indicative of a serious ransomware attack.

One expert said based on the language used in the message, the attack resembles the “MSIL” or “Samas” (SAMSAM) ransomware strain that has been around since at least 2016.

According to the U.S. Department of Justice, the SAMSAM strain was used to compromise the networks of multiple U.S. victims, including 2016 attacks on healthcare facilities that were running outdated versions of the JBoss content management application.

SAMSAM exploits vulnerable Java-based Web servers, using open-source tools to identify and compile a list of hosts reporting to the victim’s active directory. The actors then use psexec.exe to distribute the malware to each host on the network and encrypt most of the files on the system. The actors charge varying amounts in Bitcoin to provide the decryption keys to the victim.

Typically, if the ransomware virus is not intercepted before it takes control of systems, the user cannot gain access. The hackers demand money in exchange for a decryption key. Tech experts tell us even if that ransom is paid, the key often doesn’t work. Sometimes, the only way to regain access is to rebuild the entire system.

MARTA experienced a technical outage this morning that prevented their breeze cards from working. But, a spokesperson tells 11Alive their computer problems were unrelated and were due to a connectivity issue.



MARTA is currently experiencing a technical outage impacting MARTA Bid, Breeze Card, Reduced Fare and the MARTA On-the-Go sites. This issue is currently being troubleshot by MARTA IT. We do apologize for any inconvenience caused.

Ransomware attacks on cities and companies are becoming more common and damaging.

PREVIOUS | Secret Service investigating hack of Atlanta Public Schools’ employee paychecks

Earlier this year, reports the city of Leeds, Alabama paid $12,000 in bitcoin, a crypto currency, after their computer systems were taken over. The paper reports that the city was locked out of their systems and were given instructions on sending $12,000 worth of bitcoin to remove the lock.

DHS bulletin: US faces ‘one of the most challenging’ terror threat levels since 9/11

November 10, 2017

Bby Anna Giaritelli | 

The Department of Homeland Security on Thursday released a new bulletin that said the U.S. is facing a significant, ongoing terror threat.”We continue to face one of the most challenging threat environments since 9/11, as foreign terrorist organizations exploit the Internet to inspire, enable, or direct individuals already here in the homeland to commit terrorist attacks,” the bulletin said.

DHS has issued five iterations of the terror threat bulletin since December 2015.

Acting DHS Secretary Elaine Duke said she directed the organization to make an update to extend this new bulletin for six months.

“Our enemies remain focused on attacking the United States, and they are constantly adapting. DHS and its partners are stepping up efforts to keep terrorists out of America and to prevent terrorist recruitment and radicalization here at home, and we urge the public to remain vigilant and report suspicious activity,” Duke said in a statement.

Five Men From Argentina; Friends Killed in New York Terror Attack

November 1, 2017

Police have arrested a man who allegedly drove a pickup truck along a busy bicycle lane, killing eight people. The terror strike has claimed the lives of five Argentinean tourists and injured at least one German citizen.

Eight people died and 11 others were seriously injured on Tuesday after a man driving a pickup truck plowed through people along a busy bicycle lane in New York City before hitting a school bus, officials said.

The incident occured in lower Manhattan shortly after 3 p.m. local time (1900 UTC) near West Side Highway and Chambers Street. The driver, a 29-year-old man, was shot and then taken into custody by police. Police opened fire after he exited the rental truck armed with a paintball gun and a pellet gun. He is expected to survive.

US media identified the driver as Sayfullo Saipov, saying he was an Uzbek national who arrived in the US in 2010. The police said that there were no “outstanding” suspects. Notorious tabloid New York Post said he was an Uber driver, which was later confirmed by the ride hailing company itself.

The truck drove south on the path striking multiple people. 8 people were killed, 11 have serious but non-life threatening injuries.

Read more:

– Facebook, Google, Twitter agree on plan to counter Islamist terror

– Boston man convicted of plotting to behead blogger for ‘Islamic State’

– EU introduces new measures to combat ‘low-tech’ terrorism

Who were the victims?

Five of the victims killed in the attack came from Argentina, the country’s foreign ministry confirmed. They were part of a group of friends celebrating the 30th anniversary of their graduation.

The Belgian foreign minister said a Belgian national was also killed in the attack. At least one German woman was reported injured. Two adults and two children traveling in the school bus at the time of the crash were also among the injured.

Act of terror

Multiple bikes are crushed along a bike path in lower Manhattan in New York, (Reuters/B. McDermid)Witnesses described a scene of panic with people screaming in fear and the path strewn with bodies

US President Donald Trump condemned the attack and ordered newly tightened security checks on immigrants be strengthened even further. He indicated the incident was a terror attack linked to “Islamic State.”

“We must not allow ISIS to return, or enter, our country after defeating them in the Middle East and elsewhere. Enough!” the president wrote on Twitter.

“I have just ordered Homeland Security to step up our already Extreme Vetting Program. Being politically correct is fine, but not for this!”

I have just ordered Homeland Security to step up our already Extreme Vetting Program. Being politically correct is fine, but not for this!

Read more: US restarts stricter refugee program, 11 countries still banned

Trump also released a statement expressing thanks to the first responders “who stopped the suspect and rendered immediate aid to the victims of this cowardly attack. These brave men and women embody the true American spirit of resilience and courage.”

New York City Mayor Bill de Blasio called the incident “an act of terror, and a particularly cowardly act of terror aimed at innocent civilians.”

Anonymously quoted police officials told the Associated Press the suspect had shouted “Allahu Akbar” after exiting the vehicle.

Police Commissioner James O’Neill told journalists that the method of attack and the suspect’s statement enabled officials “to label this a terrorist event.”

New York Governor Andrew Cuomo called it a “lone wolf” attack, saying there was no evidence of a wider plot.

A spokesperson for the US Department of Homeland Security said it was an “apparent act of terrorism.”

aw, amp/rt (Reuters, AP, dpa)



Ariel Erlij, third from left, poses with friends taking part in a high school reunion. Five members of the group, including Erlij, were killed when a terrorist rammed a truck into pedestrians in New York, October 31, 2017. (Facebook)

Among the victims of Tuesday’s terror attack on a bike path near the World Trade Center in New York were five Argentinian men, one of whom was a Jewish businessman, Ariel Erlij.

They were part of a group of eight friends celebrating the 30th anniversary of their high school graduation with a trip to New York City.


Five Argentinian men celebrating school reunion among eight killed

Five friends from Argentina were on holiday celebrating their 30th school reunion when they were killed in a terror attack in New York City.

Key points:

  • Five people killed in New York City attack were celebrating school graduation anniversary
  • US media names Sayfullo Saipov as suspected attacker
  • Eight people were killed and 11 injured when a rented ute was driven into cyclists and pedestrians

Eight were killed and 11 injured after a rented ute was driven into cyclists and pedestrians on a bike path near the World Trade Centre memorial.

The suspect, who has been identified in US media reports as Sayfullo Saipov, an immigrant from Uzbekistan, was shot by police and taken to a local hospital but his condition was not immediately released.

According to Argentina’s Foreign Ministry, the five men were visiting New York as part of a group of friends celebrating the 30th anniversary of their school graduation.

A sixth member of the group was among those hospitalised after the attack.

The incident marked the greatest loss of life from a suspected terrorist attack in New York since suicide hijackers crashed jetliners into the twin towers of the World Trade Centre in lower Manhattan on September 11, 2001, killing more than 2,600 people.

Media player: “Space” to play, “M” to mute, “left” and “right” to seek.

VIDEO: Map shows where the Manhattan ute attack unfolded (ABC News)

The five Argentine citizens killed in the attack were identified by their home government as Hernan Diego Mendoza, Diego Enrique Angelini, Alejandro Damian Pagnucco, Ariel Erlij and Hernan Ferruchi, all from the city of Rosario.

According to Argentine newspaper La Nacion, the men were aged in their late 40s.

Media player: “Space” to play, “M” to mute, “left” and “right” to seek.

VIDEO: Aerial vision shows the aftermath of the terror attack in Manhattan (Image: Reuters/Andrew Kelly) (ABC News)

Argentina’s Foreign Ministry said the five victims travelled to New York to celebrate graduating from Polytechnic College of Rosario 30 years ago.

The ministry said it stood, “with the families in this terrible moment of deep pain, which is shared by all Argentines”.

Foreign Minister Jorge Faurie said he was shocked by the events in New York.

La Nacion reported the friends had taken pictures at the airport before embarking on their trip.

Mr Erlij organised the trip but did not catch the same flight as his friends because of a setback.

He got on a plane the day after instead and met his friends in New York.

Belgium’s Deputy Prime Minister and Foreign Affairs Minister, Didier Reynders, also confirmed in a tweet one of the dead was Belgian.

Attacker shouted ‘Allahu Akbar’

Witnesses said the attacker caused bloody scenes, with bodies and mangled bikes strewn along the path.

After hitting the pedestrians, the ute collided with a school bus and injured two adults and two children.

The driver then got out of the ute and appeared to be holding two weapons, but officials said they were paintball and pellet guns.

He yelled “Allahu Akbar!”, which is Arabic for “God is great”.

The driver was shot in the abdomen and taken into police custody.

New York Governor Andrew Cuomo, a Democrat, described it as a “lone wolf” attack and said there was no evidence to suggest it was part of a wider plot.

US President Donald Trump tweeted it “looks like another attack by a very sick and deranged person”, before adding “we must not allow ISIS [the Islamic State group] to return, or enter, our country after defeating them in the Middle East and elsewhere”.

No terrorist organisation has claimed responsibility for the bloodshed.

Ride-sharing company Uber confirmed Mr Saipov was a driver and had passed a background check.

Uber is “aggressively and quickly” reviewing his history with the company and will pass on information to investigators.

Media player: “Space” to play, “M” to mute, “left” and “right” to seek.

VIDEO: Emergency crews respond after NYC truck incident (Photo: AP) (ABC News)


Trump stepping up ‘extreme vetting’ of US entrants after New York City attack

November 1, 2017


© JIM WATSON / AFP | A Transportion Security Administration officer checks IDs at a security check point in Reagan National Airport in Washington, DC, April 8, 2010.


Latest update : 2017-11-01

President Donald Trump said Tuesday he had ordered more robust “extreme vetting” of travelers coming into the United States following the first deadly attack in New York blamed on terror since the September 11, 2001 strikes.

“I have just ordered Homeland Security to step up our already Extreme Vetting Program. Being politically correct is fine, but not for this!” Trump tweeted.

Last week, global airlines began implementing security interviews for US-bound travelers before checking in for flights.

The president’s attempts at banning travelers from several mainly Muslim nations have been met with successive legal challenges.

His administration has announced that it would resume accepting refugees after a 120-day ban, though arrivals from 11 “high-risk” countries, most of them home to Muslim majorities, will still be blocked.