Group items tagged

Three House committees will jointly investigate allegations U.S. Central Command altered intelligence reports, their chairmen announced Friday.“Today, the House Armed Services Committee, the House Permanent Select Committee on Intelligence and the House Appropriations Committee established a Joint Task Force to investigate allegations that senior U.S. Central Command (CENTCOM) officials manipulated intelligence products,” Reps. David Nunes (R-Calif.), Mac Thornberry (R-Texas) and Rodney Frelinghuysen (R-N.J.) said in a joint statement.Analysts at Centcom have alleged that senior officials altered their reports to paint a rosier picture of the fight against the Islamic State in Iraq and Syria (ISIS).The Pentagon’s inspector general is already conducting an investigation into the allegations.Magazine Foreign Policy reported last month that the task force would be formed.

In their statement, Nunes, Thornberry and Frelinghuysen said the task force would look into the specific allegations, as well as whether there are “systemic problems across the intelligence enterprise in CENTCOM or any other pertinent intelligence organizations.”Reps. Ken Calvert (R-Calif.), Mike Pompeo (R-Kan.) and Brad Wenstrup (R-Ohio) will lead the investigation.“Any accusation of intelligence being altered to fit a political narrative must be fully investigated and those responsible held accountable,” Pompeo said in a written statement. “This matters both to those who gather the intelligence, often at great risk to their personal safety, and to the policymakers who use this intelligence to make what are often life threatening decisions.”In an interview on Fox News, Thornberry said the issue was too important to wait to investigate until after the inspector general.

Democrats are participating, too, he said in the interview.  “They are participating in the investigation,” he said. “Their staff had been involved in the discussions we have had with a variety of folks from Centcom and elsewhere. So again we want to be careful and do it right, but it's important.” The task force expects to have preliminary results early next year, according to the chairmen’s statement.

The Pentagon will consider deploying more special operations troops to fight Islamic State militants if its pilot project in Syria shows signs of progress, a senior Defense official told USA TODAY on Monday.The Pentagon last month announced that 50 commandos would be sent to northern Syria to advise forces battling the Islamic State, also known as ISIL or ISIS. Sending that initial force amounts to "breaking the seal" on inserting special operations forces in Syria and could lead to further deployments, said the official, who was not authorized to speak publicly about planning. The Pentagon will not comment on whether those commandos have arrived in Syria.The trigger for sending more special operations forces, the official said, is the ability of local forces to take ground from ISIL in Syria and hold it. Adding more forces on the ground in Syria would represent a significant deepening of the U.S. commitment to the counter-ISIL effort, potentially requiring additional forces to support them. There are about 3,400 American forces in Iraq.

The Pentagon's counter-ISIL strategy will be the focus of a hearing Tuesday before the House Armed Services Committee; Defense Secretary Ash Carter is scheduled to testify.Rep. Mac Thornberry, the Texas Republican who chairs the committee, said in an interview that he would support a greater commitment of U.S. ground forces to Syria and Iraq, including spotters for airstrikes, if they are part of more robust strategy to confront the Islamic State."The issue is OK, What would it take to really degrade and ultimately destroy ISIS?" Thornberry said. "Send however many guys or assemble whatever coalition is necessary to accomplish that goal."Thornberry dismissed the deployment of 50 commandos as a half measure that won't work."Fifty guys to be deployed is not going to turn the tide of this battle," he said.

The "larger dysfunction," as you express it, arises out of a number of factors. The primary one, in my view, is a philosophical and psychological schizophrenia among the American people.

The Republican chairmen of the Senate and House armed services committees said Monday that President Donald Trump's proposal to boost defense spending by $54 billion for fiscal year 2018 is not enough. Sen. John McCain, R-Ariz., and Rep. Mac Thornberry, R-Texas, are pushing for a $640-billion base defense budget and said the $603-billion proposal unveiled by the White House will not reverse the decline in recent years in spending and military readiness.

Bank of America Corp's Countrywide unit placed profits over quality in a "massive fraud" selling shoddy mortgages to Fannie Mae and Freddie Mac, a U.S. government lawyer said on Tuesday. The claim came at the start of the first case by the government to go to trial against a major bank over defective mortgage practices leading up to the 2008 financial crisis.

The lawsuit is brought under the Financial Institutions Reform, Recovery, and Enforcement Act. The law, passed in the wake of the 1980s savings-and-loan scandals, covers fraud affecting federally insured financial institutions.The Justice Department estimates Fannie and Freddie has a gross loss of $848.2 million on the Countrywide HSSL loans, though their net loss on loans it says were materially defective was $131.2 million.

A sophisticated FBI-produced spyware program has played a crucial behind-the-scenes role in federal investigations into extortion plots, terrorist threats and hacker attacks in cases stretching back at least seven years, newly declassified documents show. As first reported by Wired.com, the software, called a "computer and internet protocol address verifier," or CIPAV, is designed to infiltrate a target’s computer and gather a wide range of information, which it secretly sends to an FBI server in eastern Virginia. The FBI’s use of the spyware surfaced in 2007 when the bureau used it to track e-mailed bomb threats against a Washington state high school to a 15-year-old student. But the documents released Thursday under the Freedom of Information Act show the FBI has quietly obtained court authorization to deploy the CIPAV in a wide variety of cases, ranging from major hacker investigations, to someone posing as an FBI agent online. Shortly after its launch, the program became so popular with federal law enforcement that Justice Department lawyers in Washington warned that overuse of the novel technique could result in its electronic evidence being thrown out of court in some cases. "While the technique is of indisputable value in certain kinds of cases, we are seeing indications that it is being used needlessly by some agencies, unnecessarily raising difficult legal questions (and a risk of suppression) without any countervailing benefit," reads a formerly-classified March 7, 2002 memo from the Justice Department’s Computer Crime and Intellectual Property Section.

The documents, which are heavily redacted, do not detail the CIPAV’s capabilities, but an FBI affidavit in the 2007 case indicate it gathers and reports a computer’s IP address; MAC address; open ports; a list of running programs; the operating system type, version and serial number; preferred internet browser and version; the computer’s registered owner and registered company name; the current logged-in user name and the last-visited URL. After sending the information to the FBI, the CIPAV settles into a silent "pen register" mode, in which it lurks on the target computer and monitors its internet use, logging the IP address of every server to which the machine connects. The documents shed some light on how the FBI sneaks the CIPAV onto a target’s machine, hinting that the bureau may be using one or more web browser vulnerabilities. In several of the cases outlined, the FBI hosted the CIPAV on a website, and tricked the target into clicking on a link. That’s what happened in the Washington case, according to a formerly-secret planning document for the 2007 operation. "The CIPAV will be deployed via a Uniform Resource Locator (URL) address posted to the subject’s private chat room on MySpace.com."

The software’s primary utility appears to be in tracking down suspects that use proxy servers or anonymizing websites to cover their tracks.

It wasn’t ever seriously in doubt, but the FBI yesterday acknowledged that it secretly took control of Freedom Hosting last July, days before the servers of the largest provider of ultra-anonymous hosting were found to be serving custom malware designed to identify visitors. Freedom Hosting’s operator, Eric Eoin Marques, had rented the servers from an unnamed commercial hosting provider in France, and paid for them from a bank account in Las Vegas. It’s not clear how the FBI took over the servers in late July, but the bureau was temporarily thwarted when Marques somehow regained access and changed the passwords, briefly locking out the FBI until it gained back control. The new details emerged in local press reports from a Thursday bail hearing in Dublin, Ireland, where Marques, 28, is fighting extradition to America on charges that Freedom Hosting facilitated child pornography on a massive scale. He was denied bail today for the second time since his arrest in July. Freedom Hosting was a provider of turnkey “Tor hidden service” sites — special sites, with addresses ending in .onion, that hide their geographic location behind layers of routing, and can be reached only over the Tor anonymity network. Tor hidden services are used by sites that need to evade surveillance or protect users’ privacy to an extraordinary degree – including human rights groups and journalists. But they also appeal to serious criminal elements, child-pornography traders among them.

The apparent FBI-malware attack was first noticed on August 4, when all of the hidden service sites hosted by Freedom Hosting began displaying a “Down for Maintenance” message. That included at least some lawful websites, such as the secure email provider TorMail. Some visitors looking at the source code of the maintenance page realized that it included a hidden iframe tag that loaded a mysterious clump of Javascript code from a Verizon Business internet address. By midday, the code was being circulated and dissected all over the net. Mozilla confirmed the code exploited a critical memory management vulnerability in Firefox that was publicly reported on June 25, and is fixed in the latest version of the browser. Though many older revisions of Firefox were vulnerable to that bug, the malware only targeted Firefox 17 ESR, the version of Firefox that forms the basis of the Tor Browser Bundle – the easiest, most user-friendly package for using the Tor anonymity network. That made it clear early on that the attack was focused specifically on de-anonymizing Tor users. Tor Browser Bundle users who installed or manually updated after June 26 were safe from the exploit, according to the Tor Project’s security advisory on the hack.

On August 4, all the sites hosted by Freedom Hosting — some with no connection to child porn — began serving an error message with hidden code embedded in the page. Security researchers dissected the code and found it exploited a security hole in Firefox to identify users of the Tor Browser Bundle, reporting back to a mysterious server in Northern Virginia. The FBI was the obvious suspect, but declined to comment on the incident. The FBI also didn’t respond to inquiries from WIRED today. But FBI Supervisory Special Agent J. Brooke Donahue was more forthcoming when he appeared in the Irish court yesterday to bolster the case for keeping Marques behind bars, according to local press reports. Among the many arguments Donahue and an Irish police inspector offered was that Marques might reestablish contact with co-conspirators, and further complicate the FBI probe. In addition to the wrestling match over Freedom Hosting’s servers, Marques allegedly dove for his laptop when the police raided him, in an effort to shut it down.

Computer scientists have proposed a malware prototype that uses inaudible audio signals to communicate, a capability that allows the malware to covertly transmit keystrokes and other sensitive data even when infected machines have no network connection. The proof-of-concept software—or malicious trojans that adopt the same high-frequency communication methods—could prove especially adept in penetrating highly sensitive environments that routinely place an "air gap" between computers and the outside world. Using nothing more than the built-in microphones and speakers of standard computers, the researchers were able to transmit passwords and other small amounts of data from distances of almost 65 feet. The software can transfer data at much greater distances by employing an acoustical mesh network made up of attacker-controlled devices that repeat the audio signals. The researchers, from Germany's Fraunhofer Institute for Communication, Information Processing, and Ergonomics, recently disclosed their findings in a paper published in the Journal of Communications. It came a few weeks after a security researcher said his computers were infected with a mysterious piece of malware that used high-frequency transmissions to jump air gaps. The new research neither confirms nor disproves Dragos Ruiu's claims of the so-called badBIOS infections, but it does show that high-frequency networking is easily within the grasp of today's malware.

The Justice Department recently submitted proposed new rules on the procedures and practices of the department’s agencies and bureaus. Among the suggested changes is a modification of the Federal Rules of Criminal Procedure Rule 41(b), which empowers a federal court to issue a warrant allowing the federal government to conduct a search of a computer or computer network involved in a criminal investigation. Under current regulations, a warrant issued by a federal court is only valid in that court’s district. As there are 94 federal judicial districts, investigating a widespread attack may require either petitioning dozens of district courts or acting extrajudicially by not seeking a warrant. An extrajudicial investigation, however, cannot be used if criminal convictions are sought, as evidence gathered in this manner is not typically admissible in court. The Justice Department is seeking to make remote access warrants to search, seize and copy electronic information valid for all federal districts.

The Justice Department argues that due to the sophistication of cyber-criminals, an offending computer or computer cluster can sit in a district separate from the district where the hackers that infected the target computer anonymously are and separate from the investigators’ district. “Criminals are using multiple computers in many districts simultaneously as part of complex criminal schemes, and effectively investigating and disrupting these schemes often requires remote access to Internet-connected computers in many different districts,” wrote then-acting Assistant Attorney General Mythili Raman in a September letter to the Advisory Committee on the Criminal Rules. “Botnets are a significant threat to the public: they are used to conduct large-scale denial of service attacks, steal personal and financial data, and distribute malware designed to invade the privacy of users of the host computers,” Raman continued. In the letter, Raman cited an investigation of a child porn site that uses The Onion Router Network, or Tor, to anonymize its traffic. The Justice Department argues that it knows the site’s hosting server location, but without a warrant local to the server, the department is prevented from retrieving the server’s user records — including IP and MAC addresses. In most cases, however, law enforcement do not know the physical location of the site’s server, making it impossible to request a specific warrant.

In these cases, the Justice Department could request a blanket warrant. This would allow the department to set up a “zero-day” attack on the server — an attack exploiting a manufacturer-unknown or -permitted security flaw, allowing access to the system’s operating software. However, a Texas judge denied the FBI access to such a warrant, saying the Justice Department’s use of “zero-day” attacks in its investigation exposes the public and the target to unknown risks. One typical type of a “zero-day” attack is an infected email that could affect a large number of innocent people if the target used a public computer to access his email. The FBI planned to install a Remote Administration Tool, or RAT, which would distribute such emails in a partially-targeted spam mail distribution. Last year, Federal Magistrate Judge Stephen Smith of the Houston Division of the Southern District of Texas ruled that this was a gross overreach of investigatory intrusion, blocking the plan temporarily. A “zero-day” attack has the potential to activate and control the targeted computer’s peripherals, such as webcams and microphones.

After failing to criminally prosecute any of the financial firms responsible for the market collapse in 2008, former Attorney General Eric Holder is returning to Covington & Burling, a corporate law firm known for serving Wall Street clients. The move completes one of the more troubling trips through the revolving door for a cabinet secretary. Holder worked at Covington from 2001 right up to being sworn in as attorney general in Feburary 2009. And Covington literally kept an office empty for him, awaiting his return. The Covington & Burling client list has included four of the largest banks, including Bank of America, Citigroup, JPMorgan Chase and Wells Fargo. Lobbying records show that Wells Fargo is still a client of Covington. Covington recently represented Citigroup over a civil lawsuit relating to the bank’s role in Libor manipulation.

Covington was also deeply involved with a company known as MERS, which was later responsible for falsifying mortgage documents on an industrial scale. “Court records show that Covington, in the late 1990s, provided legal opinion letters needed to create MERS on behalf of Fannie Mae, Freddie Mac, Bank of America, JPMorgan Chase and several other large banks,” according to an investigation by Reuters. The Department of Justice under Holder not only failed to pursue criminal prosecutions of the banks responsible for the mortage meltdown, but in fact de-prioritized investigations of mortgage fraud, making it the “lowest-ranked criminal threat,” according to an inspector general report. For insiders, the Holder decision to return to Covington was never a mystery. Timothy Hester, the chairman of Covington, told the National Law Journal that Holder’s return to the firm had been “a project” of his ever since Holder left to the join the administration in 2009. When the firm moved to a new building last year, it kept an 11th-story corner office reserved for Holder.

Holder’s critics charge that he made a career out of institutionalizing “Too Big to Prosecute” rules within the department. In 1999, as a deputy attorney general, Holder authored a memo arguing that officials should consider the “collateral consequences” when prosecuting corporate crimes. In 2012, Holder’s enforcement chief, Lanny Breuer, admitted during a speech to the New York City Bar Association that the department may go easy on certain corporate criminals if they believe prosecutions may disrupt financial markets or cause layoffs. “In some cases, the health of an industry or the markets are a real factor,” Breuer said. Rather than face accountability for their failures, the incentive structure of modern Washington is designed to reward both men. Breuer left the department in 2013 to rejoin Covington. Holder is set to become among the highest-earning partners at the firm, with compensation in the seven or eight figures.

The AIG-related charges against Goldman go further. Critics such as AIG's former chief executive, Maurice R. "Hank" Greenberg, have contended that Goldman caused AIG's demise and that Goldman should have known, as basic due diligence, that AIG was in way over its head.

The underlying assumption of the Dodd-Frank Act (DFA) is that the 2008 financial crisis was caused by the disorderly bankruptcy of Lehman Brothers.

The financial crisis, however, was caused by the mortgage meltdown, a sudden and sharp decline in housing and mortgage values as a massive housing bubble collapsed in 2007. This scenario is known to scholars as a "common shock"—a sudden decline in the

Last week, the country’s biggest mortgage lenders scored a couple of key victories that will allow them to ease lending standards, crank out more toxic assets, and inflate another housing bubble.  Here’s what’s going on. On Monday,  the head of the Federal Housing Finance Agency (FHFA), Mel Watt, announced that Fannie and Freddie would slash the minimum down-payment requirement on mortgages from 5 percent to 3 percent while making loans more available to people with spotty credit. If this all sounds hauntingly familiar, it should. It was less than 7 years ago that shoddy lending practices blew up the financial system precipitating the deepest slump since the Great Depression. Now Watt wants to repeat that catastrophe by pumping up another credit bubble.

Here’s the story from the Washington Post: “When it comes to taking out a mortgage, two factors can stand in the way: the price of the mortgage,…and the borrower’s credit profile.” On Monday, the head of the agency that oversees the mortgage giants Fannie Mae and Freddie Mac outlined … how he plans to make it easier for borrowers on both fronts. Mel Watt, director of the Federal Housing Finance Agency, did not give exact timing on the initiatives. But most of them are designed to encourage the industry to extend mortgages to a broader swath of borrowers.

Here’s what Watt said about his plans in a speech at the Mortgage Bankers Association annual convention in Las Vegas: Saving enough money for a downpayment is often cited as the toughest hurdle for first-time buyers in particular. Watt said that Fannie and Freddie are working to develop “sensible and responsible” guidelines that will allow them to buy mortgages with down payments as low as 3 percent, instead of the 5 percent minimum that both institutions currently require.”

Micah Lee: What are some operational security practices you think everyone should adopt? Just useful stuff for average people. Edward Snowden: [Opsec] is important even if you’re not worried about the NSA. Because when you think about who the victims of surveillance are, on a day-to-day basis, you’re thinking about people who are in abusive spousal relationships, you’re thinking about people who are concerned about stalkers, you’re thinking about children who are concerned about their parents overhearing things. It’s to reclaim a level of privacy. The first step that anyone could take is to encrypt their phone calls and their text messages. You can do that through the smartphone app Signal, by Open Whisper Systems. It’s free, and you can just download it immediately. And anybody you’re talking to now, their communications, if it’s intercepted, can’t be read by adversaries. [Signal is available for iOS and Android, and, unlike a lot of security tools, is very easy to use.] You should encrypt your hard disk, so that if your computer is stolen the information isn’t obtainable to an adversary — pictures, where you live, where you work, where your kids are, where you go to school. [I’ve written a guide to encrypting your disk on Windows, Mac, and Linux.] Use a password manager. One of the main things that gets people’s private information exposed, not necessarily to the most powerful adversaries, but to the most common ones, are data dumps. Your credentials may be revealed because some service you stopped using in 2007 gets hacked, and your password that you were using for that one site also works for your Gmail account. A password manager allows you to create unique passwords for every site that are unbreakable, but you don’t have the burden of memorizing them. [The password manager KeePassX is free, open source, cross-platform, and never stores anything in the cloud.]

The other thing there is two-factor authentication. The value of this is if someone does steal your password, or it’s left or exposed somewhere … [two-factor authentication] allows the provider to send you a secondary means of authentication — a text message or something like that. [If you enable two-factor authentication, an attacker needs both your password as the first factor and a physical device, like your phone, as your second factor, to login to your account. Gmail, Facebook, Twitter, Dropbox, GitHub, Battle.net, and tons of other services all support two-factor authentication.]

We should armor ourselves using systems we can rely on every day. This doesn’t need to be an extraordinary lifestyle change. It doesn’t have to be something that is disruptive. It should be invisible, it should be atmospheric, it should be something that happens painlessly, effortlessly. This is why I like apps like Signal, because they’re low friction. It doesn’t require you to re-order your life. It doesn’t require you to change your method of communications. You can use it right now to talk to your friends.

ndia decided to proceed with the long-anticipated $5.5 bln deal to purchase Russia’s S-400 surface-to-air missile units despite  the US saying the purchase may affect the relations between Washington and New Dehli. According to the Hindustan Times, India’s Defense Ministry is to ask the apex Cabinet Committee to approve the purchase of the five S-400 Triumf systems, thus  finalizing the agreement.The deal is set to go through despite the fact that the Trump administration warning New Delhi of the possible ramifications of India’s intention to cultivate military ties with Russia, that would imminently jeopardise its relations with the US.Chairman of the U.S. Arms Service Committee Mac Thornberry has said that “the acquisition of this technology will limit, the degree with which the United States will feel comfortable in bringing additional technology into whatever country we are talking about.”In case the purchase officially goes through, the Trump administration's reaction might go as far as punishing India for violating the sanctions imposed against Russia.

India’s decision to rely on the Russian-made S-400 systems that have drawn a lot of interest from international buyers, could jeopardize sales of US-built Predator drones and Patriot missile defense systems. Though the US has been talking up the effectiveness of Patriots, the missile has reportedly been less than effective when used recently by Saudi Arabia.According to NATO classification, S-400 Triumf is Russia's most advanced air defense hardware, boasting unique and unparalleled capabilities. Capable of firing three types of missiles create a layered defense, the S-400 integrates a multifunction radar, autonomous detection and targeting systems, missile launchers and command posts. It can bring down aircrafts as well as missiles at the range of up to 400km.

India is not the only country that has been experiencing tough pressuring from Washington. The US has been very explicit in its criticism of its "strategic partner", Turkey and its deal with Russia to purchase the S-400 systems.According to State Department spokesperson Heather Nauert, Washington is seriously concerned about the fact Turkey as a NATO member would choose to purchase weapons not made in the US. In a bid to pressure Ankara, Assistant US Secretary Wess Mitchell said that unless Turkey backed out, the purchase "could lead to sanctions.”Testifying before the House Foreign Relations committee last week, Secretary of State Mike Pompeo said the US was making efforts to “keep the Turks in a place where they will never acquire the S-400.”Moreover, US lawmakers introduced a bill which would virtually ban F-35 deliveries to Turkey to punish it for its increased "hostility.” The US has also criticized Ankara over the announcement it would look elsewhere in case Washington failed to deliver the F-35s.