Investigative & Security Professionals for Legislative Action

Security Related Topics

<< First  < Prev   1   2   3   Next >  Last >> 
  • 18 Dec 2014 7:39 PM | Anonymous member (Administrator)

    A December 18, 2014 article "German researchers discover a flaw that could let anyone listen to your cell calls" by Craig Timberg of The Washington Post should be reviewed by investigative and security professionals. He points out that German researchers discovered security flaws that could allow hackers, spies and criminals listen to private phone calls and intercept text messages on a potentially massive scale – even when cellular networks are using the most advanced encryption presently available.

    The flaws, reported at a hacker conference in Hamburg this month, are the latest evidence of widespread insecurity on SS7, the global network that allows the world’s cellular carriers to route calls, texts and other services to each other. Experts say it’s increasingly clear that SS7, first designed in the 1980s, is riddled with serious vulnerabilities that undermine the privacy of the world’s billions of cellular customers.

    The flaws are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network.

    Those skilled at the myriad functions built into SS7 can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption. There also is potential to defraud users and cellular carriers by using SS7 functions, the researchers say. (The term is short for Signaling System 7 and replaced previous networks called SS6, SS5, etc.)

    These vulnerabilities continue to exist even as cellular carriers invest billions of dollars to upgrade to advanced 3G technology aimed, in part, at securing communications against unauthorized eavesdropping. But even as individual carriers harden their systems, they still must communicate with each other over SS7, leaving them open to any of thousands of companies worldwide with access to the network. That means that a single carrier in Congo or Kazakhstan, for example, could be used to hack into cellular networks in the United States, Europe or anywhere else.

    “It’s like you secure the front door of the house, but the back door is wide open,” said Tobias Engel, one of the German researchers. He is founder of Sternraute, who with Karsten Nohl, chief scientist for Security Research Labs, separately discovered these security weaknesses as they studied SS7 networks in recent months, after The Washington Post reported the widespread marketing of surveillance systems that use SS7 networks to locate callers anywhere in the world. The Post reported that dozens of nations had bought such systems to track surveillance targets and that skilled hackers or criminals could do the same using functions built into SS7.

    The researchers did not find evidence that their latest discoveries, which allow for the interception of calls and texts, have been marketed to governments on a widespread basis. But vulnerabilities publicly reported by security researchers often turn out to be tools long used by secretive intelligence services, such as the National Security Agency or Britain’s GCHQ, but not revealed to the public.

    “Many of the big intelligence agencies probably have teams that do nothing but SS7 research and exploitation,” said Christopher Soghoian, principal technologist for the ACLU and an expert on surveillance technology. “They’ve likely sat on these things and quietly exploited them.”

    The GSMA, a global cellular industry group based in London, did not respond to queries seeking comment about the vulnerabilities that Nohl and Engel have found. For the Post’s article in August on location tracking systems that use SS7, GSMA officials acknowledged problems with the network and said it was due to be replaced over the next decade because of a growing list of security and technical issues.

    The German researchers found two distinct ways to eavesdrop on calls using SS7 technology. In the first, commands sent over SS7 could be used to hijack a cell phone’s “forwarding” function -- a service offered by many carriers. Hackers would redirect calls to themselves, for listening or recording, and then onward to the intended recipient of a call. Once that system was in place, the hackers could eavesdrop on all incoming and outgoing calls indefinitely, from anywhere in the world.

    The second technique requires physical proximity but could be deployed on a much wider scale. Hackers would use radio antennas to collect all the calls and texts passing through the airwaves in an area. For calls or texts transmitted using strong encryption, such as is commonly used for advanced 3G connections, hackers could request through SS7 that each caller’s carrier release a temporary encryption key to unlock the communication after it has been recorded.

    Nohl on Wednesday demonstrated the ability to collect and decrypt a text message using the phone of a German senator, who cooperated in the experiment. But Nohl said the process could be automated to allow massive decryption of calls and texts collected across an entire city or a large section of a country, using multiple antennas.

    “It’s all automated, at the push of a button,” Nohl said. “It would strike me as a perfect spying capability, to record and decrypt pretty much any network… Any network we have tested, it works.”

    Those tests have included more than 20 networks worldwide, including T-Mobile in the United States. The other major U.S. carriers have not been tested, though Nohl and Engel said it’s likely at least some of them have similar vulnerabilities. (Several smartphone-based text messaging systems, such as Apple’s iMessage and Whatsapp, use end-to-end encryption methods that sidestep traditional cellular text systems and likely would defeat the technique described by Nohl and Engel.)

    In a statement, T-Mobile said: “T-Mobile remains vigilant in our work with other mobile operators, vendors and standards bodies to promote measures that can detect and prevent these attacks."

    The issue of cell phone interception is particularly sensitive in Germany because of news reports last year, based on documents provided by former NSA contractor Edward Snowden, that a phone belonging to Chancellor Angela Merkel was the subject of NSA surveillance. The techniques of that surveillance have not become public, though Nohl said that the SS7 hacking method that he and Engel discovered is one of several possibilities.

    U.S. embassies and consulates in dozens of foreign cities, including Berlin, are outfitted with antennas for collecting cellular signals, according to reports by German magazine Der Spiegel, based on documents released by Snowden. Many cell phone conversations worldwide happen with either no encryption or weak encryption.

    The move to 3G networks offers far better encryption and the prospect of private communications, but the hacking techniques revealed by Nohl and Engel undermine that possibility. Carriers can potentially guard their networks against efforts by hackers to collect encryption keys, but it’s unclear how many have done so. One network that operates in Germany, Vodafone, recently began blocking such requests after Nohl reported the problem to the company two weeks ago.

    Nohl and Engel also have discovered new ways to track the locations of cell phone users through SS7. The Post story, in August, reported that several companies were offering governments worldwide the ability to find virtually any cell phone user, virtually anywhere in the world, by learning the location of their cell phones through an SS7 function called an “Any Time Interrogation” query.

    Some carriers block such requests, and several began doing so after the Post’s report. But the researchers in recent months have found several other techniques that hackers could use to find the locations of callers by using different SS7 queries. All networks must track their customers in order to route calls to the nearest cellular towers, but they are not required to share that information with other networks or foreign governments.

    Carriers everywhere must turn over location information and allow eavesdropping of calls when ordered to by government officials in whatever country they are operating in. But the techniques discovered by Nohl and Engel offer the possibility of much broader collection of caller locations and conversations, by anyone with access to SS7 and the required technical skills to send the appropriate queries.

    “I doubt we are the first ones in the world who realize how open the SS7 network is,” Engel said.

    Secretly eavesdropping on calls and texts would violate laws in many countries, including the United States, except when done with explicit court or other government authorization. Such restrictions likely do little to deter criminals or foreign spies, say surveillance experts, who say that embassies based in Washington likely collect cellular signals.

    The researchers also found that it was possible to use SS7 to learn the phone numbers of people whose cellular signals are collected using surveillance devices. The calls transmit a temporary identification number which, by sending SS7 queries, can lead to the discovery of the phone number. That allows location tracking within a certain area, such as near government buildings.

    The German senator who cooperated in Nohl’s demonstration of the technology, Thomas Jarzombek of Merkel’s Christian Democratic Union party, said that while many in that nation have been deeply angered by revelations about NSA spying, few are surprised that such intrusions are possible.

    “After all the NSA and Snowden things we’ve heard, I guess nobody believes it’s possible to have a truly private conversation on a mobile phone,” he said. “When I really need a confidential conversation, I use a fixed-line" phone.

  • 10 Jul 2014 1:34 PM | Anonymous member (Administrator)

    In light of ongoing revelations regarding the NSA and the action of the German government on July 10, 2014 to have the US CIA station chief in Berlin recalled, below is ProPublica's article Here's One Way to Land on the NSA's Watch List: If you downloaded the privacy software Tor in 2011, you may have been flagged to be spied on by Julia Angwin and Mike Tigas.

    Last week, German journalists revealed that the National Security Agency has a program to collect information about people who use privacy-protecting services, including popular anonymizing software called Tor. But it's not clear how many users have been affected.

    So we did a little sleuthing, and found that the NSA's targeting list corresponds with the list of directory servers used by Tor between December 2010 and February 2012 – including two servers at the Massachusetts Institute of Technology. Tor users connect to the directory servers when they first launch the Tor service.

    The revelations were among the first evidence of specific spy targets inside the United States. And they have been followed by yet more evidence. The Intercept revealed this week that the government monitored email of five prominent Muslim-Americans, including a former Bush Administration official.

    It's not clear if, or how extensively, the NSA spied on the users of Tor and other privacy services.

    After the news, one of Tor's original developers, Roger Dingledine, reassured users that they most likely remained anonymous while using the service: "Tor is designed to be robust to somebody watching traffic at one point in the network – even a directory authority." It is more likely that users could have been spied on when they were not using Tor.

    For its part, the NSA says it only collects information for valid foreign intelligence purposes and that it "minimizes" information it collects about U.S. residents. In other words, NSA may have discarded any information it obtained about U.S. residents who downloaded Tor.

    However, according to a recent report by the Privacy and Civil Liberties Oversight Board, the NSA's minimization procedures vary by program. Under Prism, for example, the NSA shares unminimized data with the FBI and CIA.

    In addition, the NSA can also later search the communications of those it has inadvertently caught in its Prism dragnet, a tactic some have called a " backdoor" search. It's not clear if similar backdoors exist for other types of data such as IP addresses.

    In response to the Tor news, the NSA said it is following President Obama's January directive to not conduct surveillance for the purpose of "suppressing or burdening criticism or dissent, or for disadvantaging persons based on their ethnicity, race, gender, sexual orientation, or religion."

    [Disclosure: Mike Tigas is the developer of an app that uses Tor, called the Onion Browser.]

    We updated our chart of NSA revelations to include monitoring of privacy software.


     

  • 04 Nov 2013 9:34 PM | Anonymous member (Administrator)

    ISPLA is pleased to post the item below by Jeff Larson of November 4, 2013 with

    the permission of ProPublica:

    The federal institute that sets national standards for how government, private citizens and business guard the privacy of their files and communications is reviewing all of its previous recommendations [1].

    The move comes after ProPublica, The Guardian and The New York Times disclosed [2] that the National Security Agency had worked to secretly weaken standards to make it easier for the government to eavesdrop.

     The review, announced late Friday afternoon by the National Institute for Standards and Technology, will also include an assessment of how the institute creates encryption standards.

    The institute sets national standards for everything from laboratory safety to high-precision timekeeping. NIST’s cryptographic standards are used by software developers around the world to protect confidential data. They are crucial ingredients for privacy on the Internet, and are designed to keep Internet users safe from being eavesdropped on when they make purchases online, pay bills or visit secure websites.

    But as the investigation by ProPublica, The Guardian and The New York Times in September revealed, the National Security Agency spends $250 million a year on a project called “SIGINT Enabling [3]” to secretly undermine encryption. One of the key goals, documents said, was to use the agency’s influence to weaken the encryption standards that NIST and other standards bodies publish.

    “Trust is crucial to the adoption of strong cryptographic algorithms,” the institute said in a statement [1] on their website. “We will be reviewing our existing body of cryptographic work, looking at both our documented process and the specific procedures used to develop each of these standards and guidelines.”

    The NSA is no stranger to NIST’s standards-development process. Under current law, the institute is required to consult with the NSA when drafting standards. NIST also relies on the NSA for help with public standards because the institute doesn’t have as many cryptographers as the agency, which is reported to be the largest employer of mathematicians [4] in the country.

    “Unlike NSA, NIST doesn’t have a huge cryptography staff,” said Thomas Ptacek, the founder of Matasano Security [5], “NIST is not the direct author of many of most of its important standards.”

    Matthew Scholl, the deputy chief at the Computer Security Division of the institute, echoed that statement, "As NIST Director Pat Gallagher has said in several public settings, NIST is designed to collaborate and the NSA has some of the world’s best minds in cryptography." He continued, "We also have parallel missions to protect federal IT systems, so we will continue to work with the NSA."

    Some of these standards are products of public competitions among academic cryptography researchers, while others are the result of NSA recommendations. An important standard, known as SHA2, was designed by the NSA and is still trusted by independent cryptographers and software developers worldwide.

    NIST withdrew one cryptographic standard, called Dual EC DRGB, after documents provided to news organizations by the former intelligence contractor Edward Snowden raised the possibility that the standard had been covertly weakened by the NSA.

    Soon after, a leading cryptography company, RSA, told software writers to stop using the algorithm in a product it sells. The company promised to remove the algorithm in future releases.

    Many cryptographers have expressed doubt about NIST standards since the initial revelations were published. One popular encryption library changed its webpage [6] to boast that it did not include NIST-standard cryptography. Silent Circle [7], a company that makes encryption apps for smartphones, promised to replace the encryption routines in its products with algorithms not published by NIST.

    If the NIST review prompts significant changes to existing encryption standards, consumers will not see the benefit immediately. “If the recommendations change, lots of code will need to change,” said Tanja Lange, a cryptographer at the University of Technology at Eindhoven, in the Netherlands. “I think that implementers will embrace such a new challenge, but I can also imagine that vendors will be reluctant to invest the extra time.”

    In Friday’s announcement, NIST pointed to its long history of creating standards, including the role it had in creating the first national encryption standard in the 1970s — the Data Encryption Standard, known as DES. “NIST has a proud history in open cryptographic standards, beginning in the 1970s with the Data Encryption Standard,” the bulletin said. But even that early standard was influenced by the NSA. [8]

    During the development of DES, the agency insisted that the algorithm use weaker keys than originally intended — keys more susceptible to being broken by super computers. At the time, Whitfield Diffie, a digital cryptography pioneer, raised serious concerns about the keys. [9] “The standard will have to be replaced in as few as five years,” he wrote.

    The weakened keys in the standard were not changed. DES was formally withdrawn [10] by the institute in 2005.

    The announcement is the latest effort by NIST to restore the confidence of cryptographers. A representative from NIST announced in a public mailing list, also on Friday, that the institute would restore the original version of a new encryption standard, known as SHA3, that had won a recent design competition but altered by the institute after the competition ended. Cryptographers charged that NIST’s changes to the algorithm had weakened it.

    The SHA3 announcement referred directly to cryptographers’ concerns. “We were and are comfortable with that version on technical grounds, but the feedback we’ve gotten indicates that a lot of the crypto community is not comfortable with it,” wrote John Kelsey, NIST’s representative. There is no evidence the NSA was involved in the decision to change the algorithm.

    The reversal took Matthew Green, a cryptographer at Johns Hopkins University, by surprise. “NIST backed down! I’m not sure they would have done that a year ago,” he said.

    Update: A NIST spokesperson responded on Monday afternoon (this story initially stated that NIST declined to comment).

  • 10 Jan 2013 11:10 AM | Anonymous member (Administrator)

    Intelligence and Human Networks

    Stratfor Global Intelligence By Tristan Reed January 10, 2013

    Stratfor views the world through the lens of geopolitics, the study of hard, physical constraints on man's ability to shape reality. Political decisions are limited by the geography in which they take place, eliminating many of the options concocted by ideologues and making their human decisions easier to predict. But the study of geopolitics only takes the understanding of global affairs so far: It identifies the geographical constraints but leaves an array of options open to human actors. So when forecasting on a shorter time frame, analysis must go beyond geographical constraints to more specific, temporal constraints. For this reason, predicting the short-term activities of human actors requires an understanding of the constraints they face in the human terrain within which they operate.

    As a result, one task common to any intelligence organization is defining the human network of a state, criminal organization, militant movement or any other organization to better determine and understand a group's characteristics and abilities. A human network in this sense is a broad term used to describe the intricate web of relations existing in an organization and within a specific region. For anyone or any organization with interests in a given geographic area, understanding the networks of individuals with influence in the region is critical.

    Intelligence and Analysis

    People use human networks to organize the control of resources and geography. No person alone can control anything of significance. Presidents, drug lords and CEOs rely on people to execute their strategies and are constrained by the capabilities and interests of the people who work for them. Identifying these networks may be a daunting task depending on the network. For obvious reasons, criminal organizations and militant networks strive to keep their membership secret, and it is not always apparent who gives the orders and who carries out the orders in a political body. To discern who's who in a group, and therefore whether an individual matters in a group, requires both intelligence and analysis to make sense of the intelligence.

    How intelligence is acquired depends on the resources and methods available to an intelligence organization, while the analysis that follows differs depending on the intent. For example, International Security Assistance Force military operations aimed at disrupting militant networks in   

    Afghanistan would require the collection of informants and signals intelligence followed by analysis to pinpoint the exact location of individuals within a network to enable targeted operations. Simply knowing who belongs to a militant network and their location is not enough; the value lies in the significance and capabilities of an individual in the group. Detaining an individual who lays improvised explosive devices on a road may result in short-term disruptions to the target's area of operations, but identifying and detaining a bombmaker with exclusive experience and training will have a far greater impact.

    The true value of analysis lies in understanding the significance of a particular individual in a network. Mapping out a human network begins with the simple question of who belongs to a particular network. Next, identify and define relationships with other known individuals and organizations. For some, this process takes the form of link analysis, which is a visual representation of a network where each individual is represented in a diagram. Links between the individuals who interact with one another are then depicted. These links show an individual's significance in a group and establish whether he is a lowly scout within a transnational criminal organization who may only interact with his paymaster. The paymaster, by contrast, could be linked to dozens of other group members. Examining how many links within a group an individual has, however, is just scratching the surface of understanding the network.

    Every individual within a given human network has reasons to be tied to others within the network. Understanding what unites the individuals in an organization provides further depth of understanding. Whether it be ideology, mutual interests, familial ties or paid services, why a relationship exists will help determine the strength of such bonds, the motives of the network and the limitations to what a network can accomplish. For example, when assessing the strength of the Syrian regime, it is imperative to identify and examine the inner circle of President Bashar al Assad. Analyzing these members can indicate which factions of the Syrian population and which political and familial groupings support or reject the al Assad regime. That key posts within the government are now occupied primarily by Alawites indicates a combination of regime distrust of the Sunnis and dwindling levels of support from even high-ranking Sunnis. Similarly, examining the once-strong ties of inner circle members who have defected indicates which factions no longer support the regime and points toward other groups that might also have doubts about remaining loyal.

    Rarely is there a completely isolated human network. Human relations typically span multiple regions or even continents. Politicians can have their own business interests, drug traffickers may have counterparts in another country and militant groups may have the sympathy of other groups or even members in a state's government. There are no limits on how separate networks may interact with one another. Understanding a group's ties to other groups further defines the original group's influence. For example, a political leader at odds with the powerful military of his state may find significant constraints in governing (due to the limitations within the human network on figures linking the military assets to political leaders). A drug trafficker with a law enforcement officer on his payroll will likely find less resistance from authorities when conducting illicit business (due to the capabilities that a police officer would provide to the network).

    The reasons for, and methods of, defining a human network will vary depending on the intelligence organization. A nation with vast resources like the

    United States has an exceptionally large focus on human networks around the world and a full array of intelligence disciplines to gather the necessary information. At Stratfor, our reasons to map the intricate web of human relations within an organization differ as we look to understand the constraints that human networks place on actors.

    Challenges of Tracking Human Networks

    The individuals in an organization are constantly changing. This means the job of mapping the driving forces in an organization never ends, since relations shift, roles change and individuals often are taken out of the picture altogether. As a result, intelligence collectors must continually task their intelligence assets for new information, and analysts must continually update their organizational charts.

    Logically, the more fluid the membership of an organization, the more difficult it is for an intelligence organization -- or rival organization -- to follow it. As an example, take Los Zetas, who dominate the Mexican border town of

    Nuevo Laredo. The group always will have individuals in the city in charge of running daily criminal operations, such as coordinating gunmen, drug shipments, money laundering and retail drug sales. Within a Mexican transnational criminal organization, the person filling this role is typically called a "plaza boss." Several alleged Zetas plaza bosses of Nuevo Laredowere killed or captured during 2012 in Mexican military operations. With each kill or capture, an organization must replace the former plaza boss. This frequent succession of plaza bosses obviously reshapes the human network operating in Nuevo Laredo.

    It is no simple matter for a collector to ask his informants about, or to eavesdrop through surveillance, for information about the personnel changes. It takes time for a new plaza boss to assume his new responsibilities. A new office manager must get to know his employees and operations before making critical decisions. Additionally, an intelligence collector's assets may not be able to provide updates right away. In the case of an informant, does the informant have the same access to the new plaza boss as the former? Roles are more constant within an organization and can be split up among individuals. Thus, a person who had handled both gunmen and drug shipments may be replaced by two people to break up the responsibilities. Therefore, collectors and analysts must seek to understand the roles of the new plaza boss and whether he has the same influence as the prior one.

    What We Do

    Understanding that the players within organizations change frequently, but that the roles and constraints of an organization transform far more slowly, is key to how Stratfor approaches human networks. For the leader of a nation, the geopolitical imperatives of the nation serve as impersonal forces directing the decisions of a rational individual. For a criminal or insurgent leader, there is only so much that can be done while attempting to avoid notice by law enforcement and the military, and the organization's imperatives will likely remain in place. In determining the constraints and imperatives, we can better identify the significance and courses of actions of an organization without necessarily knowing the details about the individuals serving specific roles.

    Particularly with more clandestine human networks, we continually examine the external effects of known personnel changes. For example, how has the death of a Taliban leader in

    Pakistanaffected the operations of the Tehrik-i-Taliban Pakistanas a whole, such as in the case of the Jan. 3 death of Taliban leader Maulvi Nazir in South Waziristan? Nazir commanded a relatively benign faction of the Pakistani Taliban that kept more aggressive, anti-government factions out of South Waziristan. His removal, and the nature of his removal, could invite militants waging an active fight against the Pakistani government to return to South Waziristan. Ultimately, Nazir was a distinct figure in the Pakistani militant network due to his alliance with Islamabad. While his removal won't change the fact that militants will thrive on the Pakistani-Afghan border (which geography dictates), it does marginally tilt the balance away from Islamabadand toward the militants.

    With the example of Los Zetas in Nuevo Laredo, we know

    Nuevo Laredois a critical location for the transnational criminal organization. As a border town with one of the highest volumes of cross-border commercial shipping to the United States , the city serves as one of the principal sources of revenue for Zetas drug traffickers. For this reason, Los Zetas will certainly continue to replace figures who are removed by military and law enforcement.

    Using this known behavior and the imperatives, we can learn about Los Zetas elsewhere in

    Mexico : By observing the group at a broader geographic level, we can deduce the significance of a capture or death in a specific locale. If the losses of personnel in Nuevo Laredo have had a significant impact on the organization, operations would likely suffer in other geographic areas as the group accommodates its losses in Nuevo Laredo.

    In forecasting the political, economic or security climate of a geographic region, understanding human networks must be incorporated into any analysis. Areas such as

    Mexicoand Syria have geographic elements that define conflicts. Mexico's location between the cocaine producers of the northern Andes and cocaine consumers in the United States ensures that groups will profit off the cocaine flow from south to north. The Sierra Madre Occidental and Sierra Madre Oriental divide trafficking corridors between the east and west coasts of Mexico . But geography alone can't be used to predict how groups will organize and compete with each other within those trafficking corridors. Predicting the spread and scope of violence depends on knowledge of the human network and of who controls the resources and terrain. Similarly, the geographic significance of the Levant to Iranand Iraqdetermines the importance of Syriaas an access point to the Mediterranean, but that alone doesn't determine the future of al Assad's regime. Understanding who his most trusted confidants are, what their relationships are based on and watching their moves enables us to filter the constant news of death and destruction coming out of Syria and to focus on the individuals who directly support al Assad and determine his immediate fate. 

    Inasmuch that humans can overcome geography, they can do so through organizations that control terrain and resources. Understanding the nature of those organizations and how they control those assets requires knowledge of the human network.

    "<a href="http://www.stratfor.com/weekly/intelligence-and-human-networks">Intelligence and Human Networks</a> is republished with permission of Stratfor."

  • 13 Oct 2011 2:04 PM | Anonymous member (Administrator)

    Growing Concern Over the New York City Police Department's Counterterrorism Methods is Repudiated

     

    By Scott Stewart

    In response to the 9/11 attacks, the New York Police Department (NYPD) established its own Counter-Terrorism Bureau and revamped its Intelligence Division. Since that time, its methods have gone largely unchallenged and have been generally popular with New Yorkers, who expect the department to take measures to prevent future attacks.

    Preventing terrorist attacks requires a very different operational model than arresting individuals responsible for such attacks, and the NYPD has served as a leader in developing new, proactive approaches to police counterterrorism. However, it has been more than 10 years since the 9/11 attacks, and the NYPD is now facing growing concern over its counterterrorism activities. There is always an uneasy equilibrium between security and civil rights, and while the balance tilted toward security in the immediate aftermath of 9/11, it now appears to be shifting back.

    This shift provides an opportunity to examine the NYPD’s activities, the pressure being brought against the department and the type of official oversight that might be imposed.

    Under Pressure

    Reports that the NYPD’s Intelligence Division and Counter-Terrorism Bureau engage in aggressive, proactive operations are nothing new. STRATFOR has written about them since 2004, and several books have been published on the topic. Indeed, police agencies from all over the world travel to New York to study the NYPD’s approach, which seems to have been quite effective.

    Criticism of the department’s activities is nothing new, either. Civil liberties groups have expressed concern over security methods instituted after 9/11, and Leonard Levitt, who writes a column on New York police activities for the website NYPD Confidential, has long been critical of the NYPD and its commissioner, Ray Kelly. Associated Press reporters Adam Goldman and Matt Apuzzo have written a series of investigative reports that began on Aug. 24 detailing “covert” NYPD activities, such as mapping the Muslim areas of New York. This was followed by the Aug. 31 publication of what appears to be a leaked NYPD PowerPoint presentation detailing the activities of the Intelligence Division’s Demographics Unit.

    In the wake of these reports, criticism of the NYPD’s program has reached a new level. Members of the New York City Council expressed concern that their constituents were being unjustly monitored. Six New York state senators asked the state attorney general to investigate the possibility of “unlawful covert surveillance operations of the Muslim community.” A group of civil rights lawyers also asked a U.S. district judge in Manhattan to force the NYPD to publicize any records of such a program and to issue a court order to prevent their destruction. In response to the AP investigation, two members of Congress, Reps. Yvette Clarke, D-N.Y., and Rush Holt, D-N.J., asked the Justice Department to investigate. The heat is on.

    After an Oct. 7 hearing regarding NYPD intelligence and counterterrorism operations, New York City Council Public Safety Committee Chairman Peter Vallone said, “That portion of the police department’s work should probably be looked at by a federal monitor.”

    Following Vallone’s statement, media reports cited Congressional and Obama administration officials saying they have no authority to monitor the NYPD. While Vallone claims the City Council does not have the expertise to oversee the department’s operations, and the federal government says that it lacks the jurisdiction, it is almost certain that the NYPD will eventually face some sort of new oversight mechanisms and judicial review of its counterterrorism activities.

    New York City and the Terrorist Threat

    While 9/11 had a profound effect on the world and on U.S. foreign policy, it had an overwhelming effect on New York City itself. New Yorkers were willing to do whatever it took to make sure such an attack did not happen again, and when Kelly was appointed police commissioner in 2002, he proclaimed this as his primary duty (his critics attributed the focus to ego and hubris). This meant revamping counterterrorism and moving to an intelligence-based model of prevention rather than one based on prosecution.

    The NYPD’s Intelligence Division, which existed prior to 9/11, was known mainly for driving VIPs around New York, one of the most popular destinations for foreign dignitaries and one that becomes very busy during the U.N. General Assembly. Before 9/11, the NYPD also faced certain restrictions contained in a 1985 court order known as the Handschu guidelines, which required the department to submit “specific information” on criminal activity to a panel for approval to monitor any kind of political activity. The Intelligence Division had a very limited mandate. When David Cohen, a former CIA analyst, was brought in to run the division, he went to U.S. District Court in Manhattan to get the guidelines modified. Judge Charles Haight modified them twice in 2002 and 2003, and he could very well review them again. His previous modifications allowed the NYPD Intelligence Division to proactively monitor public activity and look for indications of terrorist or criminal activity without waiting for approval from a review panel.

    The Counter-Terrorism Bureau was founded in 2002 with analytical and collection responsibilities similar to those of the Intelligence Division but involving the training, coordination and response of police units. Differences between the two units are mainly bureaucratic and they work closely together.

    As the capabilities of the NYPD’s Intelligence Division and Counter-Terrorism Bureau developed, both faced the challenges of any new or revamped intelligence organization. Their officers learned the trade by taking on new monitoring responsibilities, investigating plots and analyzing intelligence from plots in other parts of the United States and abroad. One of their biggest challenges was the lack of access to information from the federal government and other police departments around the United States. The NYPD also believed that the federal government could not protect New York. The most high-profile city in the world for finance, tourism and now terrorism, among other things, decided that it had to protect itself.

    The NYPD set about trying to detect plots within New York as they developed, getting information on terrorist tactics and understanding and even deterring plots developing outside the city. In addition to the challenges it also had some key advantages, including a wealth of ethnic backgrounds and language skills to draw on, the budget and drive to develop liaison channels and the agility that comes with being relatively small, which allowed it to adapt to changing threat environments. The department was creating new organizational structures with specific missions and targeted at specific threats. Unlike federal agencies, it had no local competitors, and its large municipal budget was augmented by federal funding that has yet to face cyclical security budget challenges.

    Looking for Plots

    STRATFOR first wrote about the NYPD’s new proactive approach to counterterrorism in 2004. The NYPD’s focus moved from waiting for an attack to happen and then allowing police and prosecutors to “make the big case” to preventing and disrupting plots long before an attack could occur. This approach often means that operatives plotting attacks are charged with much lower charges than terrorism or homicide, such as document fraud or conspiracy to acquire explosives.

    The process of looking for signs of a terrorist plot is not difficult to explain conceptually, but actually preventing an attack is extremely difficult, especially when the investigative agency is trying to balance security and civil liberties. It helps when plotters expose themselves prior to their attack and ordinary citizens are mindful of suspicious behavior. Grassroots defenders, as we call them, can look for signs of pre-operational surveillance, weapons purchasing and bombmaking, and even the expressed intent to conduct an attack. Such activities are seemingly innocuous and often legal undefined taking photos at a tourist site, purchasing nail-polish remover, exercising the right of free speech undefined but sometimes these activities are carried out with the purpose of doing harm. The NYPD must figure out how to separate the innocent act from the threatening act, and this requires actionable intelligence.

    It is for this reason that the NYPD’s Demographics Unit, which is now apparently called the Zone Assessment Unit, has been carrying out open observation in neighborhoods throughout New York. Understanding local dynamics, down to the block-by-block level, provides the context for any threat reporting and intelligence that the NYPD receives. Also shaping perceptions are the thousands of calls to 911 and 1-888-NYC-SAFE that come in every day, partly due to the city’s “If you see something, say something” campaign. This input, along with observations by so-called rakers (undercover police officers) allows NYPD analysts to “connect the dots” and detect plots before an attack occurs. According to the AP reports, these rakers, who go to different neighborhoods, observe and interact with residents and look for signs of criminal or terrorist activity, have been primarily targeting Muslim neighborhoods.

    These undercover officers make the same observations that any citizen can make in places where there is no reasonable expectation of privacy. Indeed, law enforcement officers from the local to the federal level across the country have been doing this for a long time, looking for indicators of criminal activity in business, religious and public settings without presuming guilt.

    Long before the NYPD began looking for jihadists, local police have used the same methods to look for mafia activity in Italian neighborhoods, neo-Nazis at gun shows and music concerts, Crips in black neighborhoods and MS-13 members in Latino neighborhoods. Law enforcement infiltration into white hate groups has disrupted much of this movement in the United States. Location is a factor in any counterterrorism effort because certain targeted groups tend to congregate in certain places, but placing too much emphasis on classifications of people can lead to dangerous generalizations, which is why STRATFOR often writes about looking for the “how” rather than the “who.

    Understanding New Threats and Tactics

    As the NYPD saw it, the department needed tactical information as soon as possible so it could change the threat posture. The department’s greatest fear was that a coordinated attack would occur on cities throughout the world and police in New York would not be ramped up in time to prevent or mitigate it. For example, an attack on transit networks in Europe at rush hour could be followed by an attack a few hours later in New York, when New Yorkers were on their way to work. This fear was almost realized with the 2004 train attacks in Madrid. Within hours of the attacks, NYPD officers were in Madrid reporting back to New York, but the NYPD claims the report they received from the FBI came 18 months later. There was likely some intelligence sharing prior to this report, but the perceived lack of federal responsiveness explains why the NYPD has embarked on its independent, proactive mission.

    NYPD officers reportedly are located in 11 cities around the world, and in addition to facilitating a more rapid exchange of intelligence and insight, these overseas operatives are also charged with developing liaison relationships with other police forces. And instead of being based in the U.S. Embassy like the FBI’s legal attache, they work on the ground and in the offices of the local police. The NYPD believes this helps the department better protect New York City, and it is willing to risk the ire of and turf wars with other U.S. agencies such as the FBI, which has a broader mandate to operate abroad.

    Managing Oversight and Other Challenges

    The New York City Council does not have the same authority to conduct classified hearings that the U.S. Congress does when it oversees national intelligence activity. And the federal government has limited legal authority at the local level. What Public Safety Committee Chairman Vallone and federal government sources are implying is that they are not willing to take on oversight responsibilities in New York. In other words, while there are concerns about the NYPD’s activities, they are happy with the way the department is working and want to let it continue, albeit with more accountability. As oversight exists now, Kelly briefs Vallone on various NYPD operations, and even with more scrutiny from the City Council, any operations are likely be approved.

    The NYPD still has to keep civil rights concerns in mind, not only because of a legal or moral responsibility but also to function successfully. As soon as the NYPD is seen as a dangerous presence in a neighborhood rather than a protective asset, it will lose access to the intelligence that is so important in preventing terrorist attacks. The department has plenty of incentive to keep its officers in line.

    Threats and Dimwits

    One worry is that the NYPD is overly focused on jihadists, rather than other potential threats like white supremacists, anarchists, foreign government agents or less predictable “lone wolves.”

    The attack by Anders Breivik in Oslo, Norway, reminded police departments and security services worldwide that tunnel vision focused on jihadists is dangerous. If the NYPD is indeed focusing only on Muslim neighborhoods (which it probably is not), the biggest problem is that it will fail in its security mission, not that it will face prosecution for racial profiling. The department has ample incentive to think about what the next threat could be and look for new and less familiar signs of a pending attack. Simple racial profiling will not achieve that goal.

    The modern history of terrorism in New York City goes back to a 1916 attack by German saboteurs on a New Jersey arms depot that damaged buildings in Manhattan. However unlikely, these are the kinds of threats that the NYPD will also need to think about as it tries to keep its citizens safe. The alleged Iranian plot to carry out an assassination in the Washington area underscores the possibility of state-organized sabotage or terrorism.

    That there have been no successful terrorist attacks in New York City since 9/11 cannot simply be attributed to the NYPD. In the Faisal Shahzad case, the fact that his improvised explosive device did not work was just as important as the quick response of police officers in Times Square. Shahzad’s failure was not a result of preventive intelligence and counterterrorism work. U.S. operations in Afghanistan and other countries that have largely disrupted the al Qaeda network have also severely limited its ability to attack New York again.

    The NYPD’s counterterrorism and intelligence efforts are still new and developing. As such, they are unconstrained compared to those of the larger legacy organizations at the federal level. At the same time, the department’s activities are unprecedented at the local level. As its efforts mature, the pendulum of domestic security and civil liberties will remain in motion, and the NYPD will face new scrutiny in the coming year, including judicial oversight, which is an important standard in American law enforcement. The challenge for New York is finding the correct balance between guarding the lives and protecting the rights of its people.

    ISPLA is grateful for the permission granted by STRATFOR to republish this article. www.stratfor.com

     

  • 28 Apr 2011 1:38 PM | Anonymous member (Administrator)

    The Kapersky Kidnapping – Lessons Learned – Scott Stewart

    On April 24, officers from the anti-kidnapping unit of Moscow’s Criminal Investigation Department and the Russian Federal Security Service (FSB) rescued 20-year-old Ivan Kaspersky from a dacha in Sergiev Posad, a small town about 40 miles northeast of Moscow. Kaspersky, the son of Russian computer software services billionaire Eugene Kaspersky (founder of Kaspersky Lab), was kidnapped on April 19 as he was walking to work from his Moscow apartment. A fourth-year computer student at Moscow State University, Kaspersky was working as an intern at a software company located near Moscow’s Strogino metro station.

    Following the abduction, Kaspersky was reportedly forced to call his father and relay his captors’ demands for a ransom of 3 million euros ($4.4 million). After receiving the ransom call, the elder Kaspersky turned to Russian law enforcement for assistance. On April 21, news of the abduction hit the Russian and international press, placing pressure on the kidnappers and potentially placing Kaspersky’s life in jeopardy. In order to defuse the situation, disinformation was leaked to the press that a ransom had been paid, that Kaspersky had been released unharmed and that the family did not want the authorities involved. Kaspersky’s father also contacted the kidnappers and agreed to pay the ransom. Responding to the ruse, four of the five members of the kidnapping gang left the dacha where Kaspersky was being held to retrieve the ransom and were intercepted by Russian authorities as they left. The authorities then stormed the dacha, arrested the remaining captor and released Kaspersky. The five kidnappers remain in custody and are awaiting trial.

    According to Russia’s RT television network, Russian officials indicated that the kidnapping was orchestrated by an older couple who were in debt and sought to use the ransom to get out of their financial difficulties. The couple reportedly enlisted their 30-year-old son and two of his friends to act as muscle for the plot. Fortunately for Kaspersky, the group that abducted him was quite unprofessional and the place where he was being held was identified by the cell phone used to contact Kaspersky’s father. Reports conflict as to whether the cell phone’s location was tracked by the FSB, the police anti-kidnapping unit or someone else working for Kaspersky’s father, but in any case, in the end the group’s inexperience and naivete allowed for Kaspersky’s story to have a happy ending.

    However, the story also demonstrates that even amateurs can successfully locate and abduct the son of a billionaire, and some very important lessons can be drawn from this case.

    The Abduction

    According to the Russian news service RIA Novosti, Kaspersky’s abductors had been stalking him and his girlfriend for several months prior to the kidnapping. This pre-operational surveillance permitted the kidnappers to determine Kaspersky’s behavioral patterns and learn that he did not have any sort of security detail protecting him. Media reports also indicate that the kidnappers were apparently able to obtain all the information they required to begin their physical surveillance of the victim from information Kaspersky himself had posted on Vkontakte.ru, a Russian social networking site. According to RT, Kaspersky’s Vkontakte profile contained information such as his true name, his photo, where he was attending school, what he was studying, who he was dating, where we was working for his internship and even the addresses of the last two apartments where he lived.

    Armed with this cornucopia of information, it would be very easy for the criminals to establish physical surveillance of Kaspersky in order to gather the additional behavioral information they needed to complete their plan for the abduction. Kaspersky also appears to have not been practicing the level of situational awareness required to detect the surveillance being conducted against him undefined even though it was being conducted by amateurish criminals who were undoubtedly clumsy in their surveillance tradecraft. This lack of awareness allowed the kidnappers to freely follow him and plot his abduction without fear of detection. Kaspersky made himself an easy target in a dangerous place for high net worth individuals and their families. While kidnapping for ransom is fairly rare in the United States, Russian law enforcement sources report that some 300 people are kidnapped for ransom every year in Russia.

    Denial

    In terms of being an easy target, Kaspersky was not alone. It is not uncommon for the children of high net worth families to want to break free of their family’s protective cocoon and “live like a regular person.” This means going to school, working, dating and living without being insulated from the world by the security measures in place around their parents and their childhood homes. This tendency was exemplified by the well-publicized example of George W. Bush’s twin daughters “ditching” their Secret Service security details so they could go out and party with their friends when they were in college.

    Having personally worked as a member of an executive protection detail responsible for the security of a high net worth family, I have seen firsthand how cumbersome and limiting an executive protection detail can be undefined especially a traditional, overt-security detail. A low-key, “bubble-type” detail, which focuses on surveillance detection and protective intelligence, provides some space and freedom, but it, too, can be quite limiting and intrusive undefined especially for a young person who wants some freedom to live spontaneously. Because of the very nature of protective security, there will inevitably be a degree of tension between personal security and personal freedom.

    However, when reacting to this tension, those protected must remember that there are very real dangers in the world undefined dangers that must be guarded against. Unfortunately, many people who reject security measures tend to live in a state of denial regarding the potential threats facing them, and that denial can land them in trouble. We have seen this mindset most strongly displayed in high net worth individuals who have recently acquired their wealth and have not yet been victimized by criminals. A prime example of this was U.S billionaire Eddie Lampert, who at the time of his abduction in 2003 did not believe there was any threat to his personal security. His first encounter with criminals was a traumatic kidnapping at gunpoint. But this mindset can also appear in younger members of well-established families of means who have not personally been victimized by criminals.

    It is important to realize, however, that the choice between security and freedom does not have to be an either/or equation. There are measures that can be taken to protect high net worth individuals and children without employing a full protective security detail. These same measures can also be applied by people of more modest means living in places such as Mexico or Venezuela, where the kidnapping threat is pervasive and extends to almost every strata of society, from middle-class professionals and business owners to farmers.

    In this type of environment, the threat also applies to mid-level corporate employees who serve tours as expatriate executives in foreign cities. Some of the cities they are posted in are among the most crime-ridden in the world, including such places as Mexico City, Caracas, Sao Paulo and Moscow. When placed in the middle of an impoverished society, even a mid-level executive or diplomat is, by comparison, incredibly rich. As a result, employees who would spend their lives under the radar of professional criminals back home in the United States, Canada or Europe can become prime targets for kidnapping, home invasion, burglary and carjacking in their overseas posts.

    The Basics

    Before anything else can be done to address the criminal threat, like any other issue, the fact that there is indeed a threat must first be recognized and acknowledged. As long as a potential target is in a state of denial, very little can be done to protect him or her.

    Once the threat is recognized, the next step in devising a personal protection system is creating a realistic baseline assessment of the threat undefined and exposure to that threat. This assessment should start with some general research on crime and statistics for the area where the person lives, works or goes to school, and the travel corridors between these places. The potential for natural disasters, civil unrest undefined and in some cases the possibility of terrorism or even war undefined should also be considered. Based on this general crime-environment assessment, it might be determined that the kidnapping risk in a city such as Mexico City or Moscow will dictate that a child who has a desire to attend university without a protective security detail might be better off doing so in a safer environment abroad.

    Building on these generalities, then, the next step should be to determine the specific threats and vulnerabilities by performing some basic analyses and diagnostics. In some cases, these will have to be performed by professionals, but they can also be undertaken by the individuals themselves if they lack the means to hire professional help. These analyses should include:

    • In-depth cyberstalking report. Most of the people for whom we have conducted such reports have been shocked to see how much private information analysts are able to dig up on the Internet. This information is available for free (or for a few dollars) to anyone, including criminals, who might be targeting people for kidnapping, extortion or other crimes. The problem of personal information being available on the Internet is magnified when potential targets gratuitously post personal information online, as in the Kaspersky case. Even in cases where personal information is available only to online “friends,” it is quite easy for savvy Internet users to use a false social networking account with an attractive photo to social engineer their way into a circle of friends using common pretexting tactics. Therefore, potential targets need to be extremely careful what they post online, and they also must be aware of what information about them is publicly available on the Internet and how that information may make them vulnerable to being targeted. If it is determined that the information available makes them too vulnerable, changes may have to be made.
    • Baseline surveillance diagnostics. Surveillance diagnostics is a blend of surveillance-detection techniques that are designed to determine if an individual is under systematic criminal surveillance. This can be conducted by the potential targets themselves, if they receive the necessary training, or by a specialized professional surveillance-detection team. As the name suggests, this diagnostic level helps establish a baseline from which to plan future security and surveillance-detection operations.
    • Route analysis. This type of analysis examines the regular travel routes of a potential target in order to identify locations such as choke points that can be used by criminals for surveillance or to conduct an attack. Route analysis can be performed by the same team that conducts surveillance diagnostics, or even by a potential target if the person will thoughtfully examine his or her daily travel routes. Such an analysis allows the potential target to be cognizant of such locations and of the need to increase situational awareness for signs of surveillance or a potential attack as he or she passes through them undefined especially during a highly predictable move like the morning home-to-work commute.
    • Physical security surveys. Such surveys are performed for the home, workplace or school of the potential target. While individuals can effectively conduct such surveys using common sense, a professional assessment can be useful and will often be performed for free by alarm companies. Obviously, any security upgrades required at a workplace or school will require coordination with the security managers for these locations.
    • Response capability assessment. This is a realistic assessment of the capabilities and responsiveness of the local police and security forces as well as fire and medical first-responders. In some places, security personnel themselves may be involved in criminal activity, or prove to be generally unresponsive or incompetent. Knowing their true capabilities is necessary to create a realistic security plan.

    There are some very good private training facilities that can provide individuals with training in things like attack recognition/avoidance, surveillance detection and route analysis as well hands-on skills like tactical driving.

    Guns Alone Are Not the Answer

    Even if a potential target is being afforded a protection detail, it must be remembered that guards with guns are not in and of themselves a guarantee of security. If a group is brazen enough to undertake a kidnapping, they will in many cases and many places not hesitate to use deadly force in the commission of their crime. If they are given free rein to conduct pre-operational surveillance, they will be able to make plans to overcome any security measures in place, including the neutralizing of armed security personnel.

    After recognizing that a threat indeed exists, the next key concept that potential targets need to internalize is that criminals are vulnerable to detection as they plan their crimes, and that ordinary people can develop the skills required to detect criminal activity and take measures to avoid being victimized. The fact is, most criminals practice terrible surveillance tradecraft. They are permitted to succeed in spite of their lack of skill because, for the most part, people simply do not practice good situational awareness.

    The good news for potential targets is that being aware of one’s surroundings and identifying potential threats and dangerous situations is more a mindset or attitude than a hard skill. Because of this, situational awareness is not something that can be practiced only by highly trained government agents or specialized surveillance detection teams undefined it is something that can be practiced by anyone with the will and the discipline to do so. In the Kaspersky case, it is very likely that had the young man been practicing good situational awareness, he would have been able to note the criminals conducting surveillance on him and to take appropriate action to avoid being kidnapped.

    Armed guards, armored vehicles and other forms of physical security are all valuable protective tools, but they can all be defeated by kidnappers who are allowed to form a plan and execute it at the time and place of their choosing. Clearly, a way is needed to deny kidnappers the advantage of striking when and where they choose or, even better, to stop a kidnapping before it can be launched. This is where the intelligence tools outlined above come into play. They permit the potential target, and any security officers working to protect them, to play on the action side of the action/reaction equation rather than passively waiting for something to happen.

    ISPLA is grateful to Stratfor in granting permission to republish this article. www.stratfor.com

  • 26 Nov 2010 4:04 PM | Anonymous member (Administrator)

    Aviation Security Threats and Realities – Stratfor Global Intelligence - By Scott Stewart

    Over the past few weeks, aviation security undefined specifically, enhanced passenger-screening procedures undefined has become a big issue in the media. The discussion of the topic has become even more fervent as we enter Thanksgiving weekend, which is historically one of the busiest travel periods of the year. As this discussion has progressed, we have been asked repeatedly by readers and members of the press for our opinion on the matter.

    We have answered such requests from readers, and we have done a number of media interviews, but we’ve resisted writing a fresh analysis on aviation security because, as an organization, our objective is to lead the media rather than follow the media regarding a particular topic. We want our readers to be aware of things before they become pressing public issues, and when it comes to aviation-security threats and the issues involved with passenger screening, we believe we have accomplished this. Many of the things now being discussed in the media are things we’ve written about for years.

    When we were discussing this topic internally and debating whether to write about it, we decided that since we have added so many new readers over the past few years, it might be of interest to our expanding readership to put together an analysis that reviews the material we’ve published and that helps to place the current discussion into the proper context. We hope our longtime readers will excuse the repetition.

    We believe that this review will help establish that there is a legitimate threat to aviation, that there are significant challenges in trying to secure aircraft from every conceivable threat, and that the response of aviation security authorities to threats has often been slow and reactive rather than thoughtful and proactive.

    Threats

    Commercial aviation has been threatened by terrorism for decades now. From the first hijackings and bombings in the late 1960s to last month’s attempt against the UPS and FedEx cargo aircraft, the threat has remained constant. As we have discussed for many years, jihadists have long had a fixation with attacking aircraft. When security measures were put in place to protect against Bojinka-style attacks in the 1990s undefined attacks that involved modular explosive devices smuggled onto planes and left aboard undefined the jihadists adapted and conducted 9/11-style attacks. When security measures were put in place to counter 9/11-style attacks, the jihadists quickly responded by going to onboard suicide attacks with explosive devices concealed in shoes. When that tactic was discovered and shoes began to be screened, they switched to devices containing camouflaged liquid explosives. When that plot failed and security measures were altered to restrict the quantity of liquids that people could take aboard aircraft, we saw the jihadists alter the paradigm once more and attempt the underwear-bomb attack last Christmas.

    In a special edition of Inspire magazine released last weekend, al Qaeda in the Arabian Peninsula (AQAP) noted that, due to the increased passenger screening implemented after the Christmas Day 2009 attempt, the group’s operational planners decided to employ explosive devices sent via air cargo (we have written specifically about the vulnerability of air cargo to terrorist attacks).

    Finally, it is also important to understand that the threat does not emanate just from jihadists like al Qaeda and its regional franchises. Over the past several decades, aircraft have been attacked by a number of different actors, including North Korean intelligence officers, Sikh, Palestinian and Hezbollah militants and mentally disturbed individuals like the Unabomber, among others.

    Realities

    While understanding that the threat is very real, it is also critical to recognize that there is no such thing as absolute, foolproof security. This applies to ground-based facilities as well as aircraft. If security procedures and checks have not been able to keep contraband out of high-security prisons, it is unreasonable to expect them to be able to keep unauthorized items off aircraft, where (thankfully) security checks of crew and passengers are far less invasive than they are for prisoners. As long as people, luggage and cargo are allowed aboard aircraft, and as long as people on the ground crew and the flight crew have access to aircraft, aircraft will remain vulnerable to a number of internal and external threats.

    This reality is accented by the sheer number of passengers that must be screened and number of aircraft that must be secured. According to figures supplied by the Transportation Security Administration (TSA), in 2006, the last year for which numbers are available, the agency screened 708,400,522 passengers on domestic flights and international flights coming into the

    United States . This averages out to over 1.9 million passengers per day.

    Another reality is that, as mentioned above, jihadists and other people who seek to attack aircraft have proven to be quite resourceful and adaptive. They carefully study security measures, identify vulnerabilities and then seek to exploit them. Indeed, last September, when we analyzed the innovative designs of the explosive devices employed by AQAP, we called attention to the threat they posed to aviation more than three months before the Christmas 2009 bombing attempt. As we look at the issue again, it is not hard to see, as we pointed out then, how their innovative efforts to camouflage explosives in everyday items and hide them inside suicide operatives’ bodies will continue and how these efforts will be intended to exploit vulnerabilities in current screening systems.

    As we wrote in September 2009, getting a completed explosive device or its components by security and onto an aircraft is a significant challenge, but it is possible for a resourceful bombmaker to devise ways to overcome that challenge. The latest issue of Inspire magazine demonstrated how AQAP has done some very detailed research to identify screening vulnerabilities. As the group noted in the magazine: “The British government said that if a toner weighs more than 500 grams it won’t be allowed on board a plane. Who is the genius who came up with this suggestion? Do you think that we have nothing to send but printers?”

    AQAP also noted in the magazine that it is working to identify innocuous substances like toner ink that, when X-rayed, will appear similar to explosive compounds like PETN, since such innocuous substances will be ignored by screeners. With many countries now banning cargo from Yemen, it will be harder to send those other items in cargo from Sanaa, but the group has shown itself to be flexible, with the underwear-bomb operative beginning his trip to Detroit out of Nigeria rather than Yemen. In the special edition of Inspire, AQAP also specifically threatened to work with allies to launch future attacks from other locations.

    Drug couriers have been transporting narcotics hidden inside their bodies aboard aircraft for decades, and prisoners frequently hide drugs, weapons and even cell phones inside body cavities. It is therefore only a matter of time before this same tactic is used to smuggle plastic explosives or even an entire non-metallic explosive device onto an aircraft undefined something that would allow an attacker to bypass metal detectors and backscatter X-ray inspection and pass through external pat-downs.

    Look for the Bomber, Not Just the Bomb

    This ability to camouflage explosives in a variety of different ways, or hide them inside the bodies of suicide operatives, means that the most significant weakness of any suicide-attack plan is the operative assigned to conduct the attack. Even in a plot to attack 10 or 12 aircraft, a group would need to manufacture only about 12 pounds of high explosives undefined about what is required for a single, small suicide device and far less than is required for a vehicle-borne improvised explosive device. Because of this, the operatives are more of a limiting factor than the explosives themselves; it is far more difficult to find and train 10 or 12 suicide bombers than it is to produce 10 or 12 devices.

    A successful attack requires operatives who are not only dedicated enough to initiate a suicide device without getting cold feet; they must also possess the nerve to calmly proceed through airport security checkpoints without alerting officers that they are up to something sinister. This set of tradecraft skills is referred to as demeanor, and while remaining calm under pressure and behaving normally may sound simple in theory, practicing good demeanor under the extreme pressure of a suicide operation is very difficult. Demeanor has proved to be the Achilles’ heel of several terror plots, and it is not something that militant groups have spent a great deal of time teaching their operatives. Because of this, it is frequently easier to spot demeanor mistakes than it is to find well-hidden explosives. Such demeanor mistakes can also be accentuated, or even induced, by contact with security personnel in the form of interviews, or even by unexpected changes in security protocols that alter the security environment a potential attacker is anticipating and has planned for.

    There has been much discussion of profiling, but the difficulty of creating a reliable and accurate physical profile of a jihadist, and the adaptability and ingenuity of the jihadist planners, means that any attempt at profiling based only on race, ethnicity or religion is doomed to fail. In fact, profiling can prove counterproductive to good security by blinding people to real threats. They will dismiss potential malefactors who do not fit the specific profile they have been provided.

    In an environment where the potential threat is hard to identify, it is doubly important to profile individuals based on their behavior rather than their ethnicity or nationality undefined what we refer to as focusing on the “how” instead of the “who.” Instead of relying on physical profiles, which allow attack planners to select operatives who do not match the profiles being selected for more intensive screening, security personnel should be encouraged to exercise their intelligence, intuition and common sense. A Caucasian U.S. citizen who shows up at the U.S. Embassy in Nairobi or

    Dhaka claiming to have lost his passport may be far more dangerous than some random Pakistani or Yemeni citizen, even though the American does not appear to fit the profile for requiring extra security checks.

    However, when we begin to consider traits such as intelligence, intuition and common sense, one of the other realities that must be faced with aviation security is that, quite simply, it is not an area where the airlines or governments have allocated the funding required to hire the best personnel. Airport screeners make far less than FBI special agents or CIA case officers and receive just a fraction of the training. Before 9/11, most airports in the

    United States relied on contract security guards to conduct screening duties. After 9/11, many of these same officers went from working for companies like Wackenhut to being TSA employees. There was no real effort made to increase the quality of screening personnel by offering much higher salaries to recruit a higher caliber of candidate.

    There is frequent mention of the need to make

    U.S. airport security more like that employed in Israel . Aside from the constitutional and cultural factors that would prevent American airport screeners from ever treating Muslim travelers the way they are treated by El Al, another huge difference is simply the amount of money spent on salaries and training for screeners and other security personnel. El Al is also aided by the fact that it has a very small fleet of aircraft that fly only a small number of passengers to a handful of destinations.

    Additionally, airport screening duty is simply not glamorous work. Officers are required to work long shifts conducting monotonous checks and are in near constant contact with a traveling public that can at times become quite surly when screeners follow policies established by bureaucrats at much higher pay grades. Granted, there are TSA officers who abuse their authority and do not exhibit good interpersonal skills, but anyone who travels regularly has also witnessed fellow travelers acting like idiots.

    While it is impossible to keep all contraband off aircraft, efforts to improve technical methods and procedures to locate weapons and IED components must continue. However, these efforts must not only be reacting to past attacks and attempts but should also be looking forward to thwart future attacks that involve a shift in the terrorist paradigm. At the same time, the often-overlooked human elements of airport security, including situational awareness, observation and intuition, need to be emphasized now more than ever. It is those soft skills that hold the real key to looking for the bomber and not just the bomb.

    "Aviation Security Threats and Realities is republished with permission of STRATFOR." <ahref="http://www.stratfor.com/weekly/20101123_aviation_security_threats_and_realities">.

  • 29 Oct 2010 12:46 PM | Anonymous member (Administrator)

    The 2010/2011 Annual Edition of the Kroll Global Fraud Report

    NEW YORK - October 18, 2010 – Theft of information and electronic data at global companies has overtaken physical theft for the first time, according to the latest edition of the Kroll Annual Global Fraud Report. This year’s study shows that the amount lost by businesses to fraud rose from $1.4m to $1.7m per billion dollars of sales in the past 12 months – an increase of more than 20%. The findings are the result of a study commissioned by Kroll with the Economist Intelligence Unit of more than 800 senior executives worldwide.

    While physical theft of cash, assets and inventory has been the most widespread fraud by a considerable margin in previous Global Fraud Reports, this year’s findings reveal that theft of information or assets was reported by 27.3% of companies over the past 12 months, up from 18% in 2009. In contrast, reported incidences of theft of physical assets or stock declined slightly from 28% in 2009 to 27.2% in 2010.

    According to the 2010 survey, 88% of companies said they had been the victim of at least one type of fraud during the past year. Of the specific countries analyzed,

    China is the top market in which companies suffered fraud with 98% of businesses operating there affected. Colombia ranked second with a 94% incidence of fraud in 2010, followed by Brazil with 90%.

    Robert Brenner, vice president of Kroll’s

    Americas region said: “Theft of confidential information is on the rise because data is increasingly portable and perpetrators – often departing or disgruntled employees – can remove it with ease absent sufficient controls. At the same time, there is a growing awareness among thieves of the increasing intrinsic value of an organization’s intellectual property. The results of the survey do not suggest other types of fraud are decreasing but merely that the rise in theft of intellectual capital has outstripped other fraudulent activity that has remained constant. Companies need to regularly evaluate how they are controlling access to information within their organization to ensure they are keeping pace with technological advancement and the imperative for collaboration in the workplace.”

    Information-based industries reported the highest incidence of theft of information and electronic data over the past 12 months. These include financial services (42% in 2010 versus 24% in 2009), professional services (40% in 2010 versus 27% in 2009) and technology, media and telecoms (37% in 2010 versus 29% in 2009).

    The speed of technological developments poses new challenges in the fight against fraud. Nearly one-third (28%) of respondents cited information infrastructure complexity as the single most important factor in raising their exposure to fraud. However, despite the increased risks, only 48% of companies are planning to spend more on information security in the next 12 months, down from 51% last year.

    Other key findings include:

    *                      Fear of fraud dissuades nearly half of companies surveyed from becoming more global: 48% of respondents indicated that fraud had dissuaded them from pursuing business opportunities in at least one foreign country. The biggest impact has been on emerging economies, with fraud deterring 11% of businesses operating in

    China and similar percentages of businesses operating in Africa (11%) and Latin America (10%). Respondents claimed they managed risk in these countries simply by avoiding the regions, even though they may offer attractive investment opportunities.

    *                      Companies are unprepared for regulation: Increased regulation through the Foreign Corrupt Practices Act (FCPA) and the introduction of the

    UK ’s new Bribery Act has created new challenges for companies. According to the survey, nearly two-thirds (63%) of businesses with operations in the US or UK believe the laws do not apply to them or are unsure. As a result, many are unprepared to deal with the regulatory risks: less than one-half (47%) are confident that they have the controls in place to prevent bribery at all levels of the operation, compared with 42% who say they have assessed the risks and put in place the necessary monitoring and reporting procedures.

    *                      Fraud is usually an ‘inside job’: For those companies who have been affected by fraud over the past year, junior employees and senior management were the most likely perpetrators at 22% each, followed by agents or other intermediaries at 11%. The proportion of fraud carried out by these employees ranged from 50% to 60% in North America, Europe and Asia-Pacific to 71% in the Middle East and

    Africa . The number dropped to 42% in Latin America where customers are the primary fraudsters.

    Tom Hartley, vice president of Kroll’s Eurasia region, said: “Some of the most concerning findings from the report this year were that challenges faced by corporates investing in unfamiliar territories in search of growth are dissuading them from expansion. This is a combination of opportunity lying where fraud risk is highest and at the same time, the penalties for regulatory failure and likelihood of prosecution increasing. Companies can manage these risks but need to think broadly about the appropriate steps taken to minimize exposure and investigate suspicious actions.”

    The fourth Kroll Annual Global Fraud Report includes a full detailed industry analysis across a range of fraud categories and regions. To obtain a copy please visit www.kroll.com/fraud.

    Methodology

    Kroll commissioned The Economist Intelligence Unit to conduct a worldwide survey on fraud and its effect on business during 2010. A total of 801 senior executives took part in this survey. Nearly a third (29%) of the respondents were based in North America, 25% in Europe, just under a quarter from Asia-Pacific region and 11% each from Latin America and the Middle East and

    Africa .

    Ten industries were covered, with no fewer than 50 respondents drawn from each industry. The highest number of respondents came from the financial services industry (13%). A total of 51% of the companies polled had global annual revenues in excess of $500m

  • 07 Sep 2010 9:01 PM | Anonymous member (Administrator)

    Anthrax War 2014 the Malaysian Connection by Bob Coen and Eric Nadler, Special to ProPublica 

    Fears about bioterrorism have prompted new efforts by corporations and governments worldwide to build defenses against germ attacks. But some of these arrangements themselves raise security issues. Consider the spirited global contest to corner the franchise on providing halal inoculations against anthrax and other deadly pathogens to the world's 1.7 billion Muslims. Devout Muslims have an understandable aversion to being injected with vaccines grown in pig cells or alcohol, the methods traditionally used by the world's leading pharmaceutical firms to manufacture such drugs. The reluctance of Muslims to accept non-halal polio injections has been linked to the re-emergence of polio in 27 countries that had been free of the debilitating disease, including Pakistan and Afghanistan.

    Enter Emergent BioSolutions, a Rockville, Md., firm with expanding multinational operations that sells a vaccine against anthrax to the U.S. government. In January 2008, in a little-noticed deal, Emergent, or EBS, announced a joint venture with a firm funded by the Malaysian Health Ministry to build 52,000 square feet of "vaccine development and manufacturing infrastructure" on a 62-acre site in an industrial park just outside of Kuala Lumpur. "It is our belief that this joint venture will not only expand the use of our anthrax vaccine in this market, but will also serve as a platform for joint product development and manufacturing activities," Fuad El-Hibri, chief executive of Emergent (the majority partner), said of the deal with Ninebio Sdn Bhd. "It is anticipated that the joint venture will also supply such products and services to certain member countries of the Organization of the Islamic Conference ("OIC") and other countries within Asia," an  href="http://investors.emergentbiosolutions.com/phoenix.zhtml?c=202582&amp;p=irol-newsArticle&amp;ID=1099450&amp;highlight=">EBS press release said. The facility was originally scheduled to open this year, but is now set to begin operations in 2013.  href="http://www.merrick.com/images/uploads/project_sheets/2795.pdf">Web page describing architectural plans</a> for the Malaysian venture is a sentence that has raised some eyebrows. It says the companies plan to build a "biocontainment R&amp;D facility that includes BSL ... 3 and 4 laboratories."

    Biosafety Level 3 ("high-containment") labs are for disease-causing organisms that can cause death in humans, such as anthrax, plague and SARS. Malaysia already has three BSL-3 labs, and there are several thousand worldwide (1,356 in the U.S. alone). Biosafety Level 4 (BSL-4) labs are for diseases that are one step up in the pathogen chain -- invariably fatal, highly contagious and for which no known vaccine or cure exists. Within these labs, the most-dangerous "select agents" -- Ebola virus, Marburg virus, Lassa fever and other hemorrhagic fevers -- are used in countermeasure research, including vaccines, to thwart 21st-century delivery systems and genetic manipulation of these natural horrors. BSL-4's have special safety features, including the use of full-body suits equipped with life support systems.


    These would be Malaysia's first BSL-4 labs. Proliferation experts note that these high-security laboratories -- fewer than three dozen are currently operating worldwide -- are themselves valuable items. The  href="http://hpac.com/ventilation-iaq/biosafety_level_labs/">specialized engineering</a> that allows scientists to safely handle such deadly germs is coveted by terrorists as much as the pathogens within carefully secured walls.

    Geography also counts. In March, Assistant Secretary of State Vann H. Van Diepen told the House Foreign Affairs Subcommittee on Terrorism that one key component of the new "biological threat" is "the growing biotechnology capacity in areas of the world with a terrorist presence." Malaysia, where six in 10 citizens are Muslims, was tied to several terrorist plots earlier in the decade. Al-Qaida leaders used Kuala Lumpur as the "primary operational launch pad" for the 9/11 attacks, the FBI says. An organization known as Jemaah Islamiyah operating out of Malaysia bombed a disco in neighboring Bali in 2002, killing 202 people; the group's leaders were subsequently arrested and executed by Indonesian authorities. More disturbing are recent revelations that Kuala Lumpur was a crucial base of operations in the lucrative black-market nuclear centrifuge network put together by Pakistani scientist A.Q. Khan. For some experts, this raises a question of whether it is wise to encourage the creation of a BSL-4 lab there. Building such a facility in Malaysia does have benefits for American interests in the region.

    Security analysts see the development of an advanced biotech sector in the developing world as inevitable. A U.S. partner allows the American government to have some measure of influence and control on foreign "biodefense" efforts. Malaysian officials say they want the advanced labs to deal with local outbreaks of SARS, dengue, Japanese encephalitis and the lethal Nipah virus, as well as to develop possible bioterrorism vaccines. Such regional self-sufficiency is embraced by the World Health Organization. "The question for (U.S. officials) is, 'How can we ensure a 'responsible' biotech sector in places like Malaysia, which are Muslim and are cranking out capable and well-educated scientists and have the money to build state-of-the-art facilities?'" says Edward Hammond, who used to head the Sunshine Project, which monitors biosecurity efforts. Hammond has long criticized lax U.S. government oversight of facilities handling dangerous bio-agents. He said strategic imperatives have, by and large, trumped security concerns about new overseas labs.

    In Malaysia, says Hammond, U.S. officials are especially wary of China's biotech industries (Chinese vaccine exports to the developing world shot up 20 percent last year.): "The argument is, of course we have the best technology, but the Chinese can make respectable vaccines ... We certainly don't want budding Malaysian biotech companies to turn to China for equipment and expertise." Instead, the Malaysian government turned to EBS -- which holds the exclusive U.S. government contract to supply the controversial anthrax vaccine to the military and the National Strategic Stockpile. Despite FDA approval, health complaints about the vaccine, called BioThrax, persist among those vaccinated. From a modest $24 million investment in 1998, EBS, formerly known as BioPort, has signed U.S. government vaccine contracts worth almost $1 billion, and today operates subsidiaries in 15 countries. Its BioThrax vaccine sets the pace in the expanding anthrax market.

    Customers include the military, first responders, mail carriers and, potentially, the general public under threat scenarios now being drafted on the local, state, federal and international levels. Booster shots of BioThrax are recommended every year during possible exposure to anthrax. EBS can claim a special feel for the Muslim world. El-Hibri, its CEO, is a prominent Muslim businessman born of a Lebanese father and a German mother. He grew up in Lebanon and Europe before coming to the U.S. and earning a bachelor's degree in economics from Stanford and a master's in public and private management from Yale. In addition to his biotech labors, he has worked for Citigroup in New York and Saudi Arabia and in telecommunications in Russia and Venezuela. His British holding -- Porton International -- provided the anthrax vaccine to Saudi Arabia during the first Persian Gulf War.

     
    El-Hibri brought his vaccine operations to America in the late 1990s, cultivating U.S. military, intelligence and political support. One of the original investors/partners in BioPort was the late Adm. William J. Crowe, chairman of the Joint Chiefs of Staff under Ronald Reagan and later Bill Clinton's ambassador to Britain. Today, EBS directors include Louis Sullivan, the Health and Human Services secretary under President George H.W. Bush, and Jerome Hauer, the emergency preparedness czar under former New York Mayor Rudolph Giuliani.

    In the anxious days after 9/11, Michigan Gov. John Engler ordered the National Guard to surround BioPort's anthrax vaccine plant in Lansing because anthrax bacteria were present there. There have been persistent reports that al-Qaida has an interest in producing bioweapons. In 2003, coalition forces raiding a safe house believed to be used by al-Qaida in Iraq discovered a copy of the 1997 environmental assessment of renovations to BioPort's anthrax manufacturing plant in Lansing. Malaysia has promised to be vigilant, which would set it apart from some Asian counterparts. In 2006, Sandia National Laboratories surveyed Asian scientists, including some from Malaysia, and half of them reported that they had no guards at the entrances of their facilities. Only half said there was restricted access to laboratories, and just 54 percent kept a current inventory of toxins and infectious agents they handled. To its credit, the Malaysian government has begun crafting new biosecurity rules and regulations in line with U.S. standards, with the help of Sandia and the encouragement of the State Department.

    We asked EBS if it had begun the application process for licensing the transfer of sensitive biological commodities administered by the Departments of Commerce, State and Defense. The Export Control Act and the International Trafficking in Arms Regulations require companies to get permission when exporting material useful for biowarfare and bioterrorism. We also asked the company some questions about what will be happening in its BSL-3 and BSL-4 labs in Malaysia: What biological agents will be handled? How will the pathogens get on site? Will the work include genetic manipulation or DNA recombination of select agents? Will any of that work be classified? EBS hasn't responded to written questions and phone messages. Its Malaysian partner, Ninebio, likewise refused to answer inquiries. The U.S. government also declined to comment.

    The State Department redirected our inquiry to the Commerce Department, which wouldn't say anything about the EBS-Malaysia deal: "Pursuant to Section 12(c) of the Export Administration Act, the Department of Commerce does not publicly release any information on export license applications, including whether any particular transactions were the subject of license applications." Arms control experts in Europe and the United States are pushing for more effective oversight on deals like the Malaysia project. These include: tougher export controls; a "harmonizing" of international guidelines for securing dangerous pathogens; and international inspection of biological production facilities under the Biological Weapons Convention. The latter is opposed by the U.S. and Russia on commercial as well as effectiveness grounds. The prospects for such reforms are uncertain, and approvals for potentially dangerous deals apparently keep on coming.

    Why the rush? Well, there's the money of course -- $70 billion in U.S. government money alone this past decade for programs for battlefield defense, civilian preparedness and response, and countermeasures including vaccines. Francis Boyle, a law professor at the University of Illinois, suspects that more than just commercial considerations may be at play. Professor Boyle helped to draft the Biological Weapons Anti-Terrorism Act of 1989, which makes it a federal crime to develop or produce biological weapons. He wonders if projects like the Malaysian lab could be used to circumvent U.S. rules against biological projects with offensive applications. Since the 9/11 attacks, the government, via the USA Patriot Act (2001) and the Bioterrorism Preparedness and Response Act (2002), tightened controls over dangerous pathogens and toxins stored, used and transferred within the United States. "It seems to me that this could be a very dangerous end-run by EBS and its government funders around the numerous legal restrictions now put in place since 9/11 making it difficult to research, develop and test bioweapons domestically," says Boyle. Boyle says it's reasonable to ask if the Kuala Lumpur operation will be part of the U.S. government's controversial "laboratory threat characterization research" programs, under which scientists are charged with developing and testing newly bioengineered pathogens under the rubric of developing medical countermeasures for a potential threat. This type of research, mandated by a presidential directive in April 2004, is conducted within classified "Black Projects" sponsored by the Pentagon and the CIA and carried out by private contractors. For its part, the Defense Department says it's not ruling anything out. Asked if such efforts could take place in these Malaysian BSL-4 labs, a spokesman said, "We currently do not have labs in Malaysia but we would be happy to collaborate with the government of Malaysia on bio surveillance, safety and security in the future."

    Suspicions are further fueled by the addition of Ronald Richard to the EBS board of directors. Richard used to head a href="http://www.iqt.org">In-Q-Tel (IQT), the high-tech venture capital arm of the CIA. IQT, started by the CIA in 1999 as an independent, not-for-profit private company, has a unique mission, according to its website, to "attract and build relationships with technology startups outside the reach of the Intelligence community." All of this could be coincidental. But until the government lifts some of the limits imposed by trade laws and national security rules, the risks and benefits of this project remain difficult to assess. In this instance, a little transparency would go a long way. 

    Filmmakers Bob Coen and Eric Nadler's documentary "Anthrax War," <a href="http://www.anthraxwar.com">www.anthraxwar.com</a>, will be broadcast on the ARTE Network in Europe Tuesday night. </em></p><script type="text/javascript" src="http://pixel.propublica.org/pixel.js" async></script>

    Permission has been granted to ISPLA by ProPublica to post this investigative report.

  • 19 Jul 2010 11:09 AM | Anonymous member (Administrator)

    “Top Secret” Homeland Security by The Washington Post

    A comprehensive investigative report by Washington Post reporters Dana Priest and William M. Arkin on U.S Homeland Security is worth reviewing by investigative and security professionals.

    Below are some of the findings of a two-year investigation by The Washington Post that discovered “what amounts to an alternative geography of the United States, a Top Secret America hidden from public view and lacking in thorough oversight. After nine years of unprecedented spending and growth, the result is that the system put in place to keep the United States safe is so massive that its effectiveness is impossible to determine.” The investigation's other findings include:

     

    -  Some 1,271 government organizations and 1,931 private companies work on programs related to counterterrorism, homeland security and intelligence in about 10,000 locations across the United States.

    - An estimated 854,000 people, nearly 1.5 times as many people as live in Washington, D.C., hold top-secret security clearances.

    -  In Washington and the surrounding area, 33 building complexes for top-secret intelligence work are under construction or have been built since September 2001. Together they occupy the equivalent of almost three Pentagons or 22 U.S. Capitol buildings - about 17 million squa* Many security and intelligence agencies do the same work, creating redundancy and waste. For example, 51 federal organizations and military commands, operating in 15 U.S. cities, track the flow of money to and from terrorist networks.

    - Analysts who make sense of documents and conversations obtained by foreign and domestic spying share their judgment by publishing 50,000 intelligence reports each year - a volume so large that many are routinely ignored.

    - These are not academic issues; lack of focus, not lack of resources, was at the heart of the Fort Hood shooting that left 13 dead, as well as the Christmas Day bomb attempt thwarted not by the thousands of analysts employed to find lone terrorists but by an alert airline passenger who saw smoke coming from his seatmate.

    - They are also issues that greatly concern some of the people in charge of the nation's security.

    For more information, visit:http://link.email.washingtonpost.com/r/HXJVEI/1B1KU/4ZCZDZ/0X7XP9/9QUWL/4O/t

<< First  < Prev   1   2   3   Next >  Last >> 

                                                         ISPLA

Powered by Wild Apricot Membership Software