(U//FOUO) DHS Bulletin: “Anonymous” and Associated Hacker Groups Deploying New Cyber Attack Tools

The hacker collective known as ‘Anonymous’ has successfully attacked a wide range of public and private sector entities since 2003 with relatively crude tools. Historically, they rely on tools such as the Low Orbit Ion Cannon (LOIC) or Botnets to deny access to websites, or hijack or deface web pages and post quasi-political statements, or perform other malicious activity. Since many of these older tools made it relatively easy for law enforcement and other government forces to identify the source of an attack and then arrest the perpetrator, Anonymous members may have recognized a need to have more advanced tools that offered a lesser degree of exposure. They recently claimed to have developed and possibly employed several new cyber attack tools for use in their self-proclaimed ‘internet civil disobedience’ campaigns. The NCCIC, coordinating with several of its partners, believes there are at least four new tools being shared among and employed by Anonymous members: #RefRef, Apache Killer, Anonware, and Universal Rapid Gamma Emitter (URGE).

(U//FOUO) FBI Anonymous’ Participation in “Day of Rage” Protest May Coincide with Cyber Attack

The FBI assesses that the hacktivist group Anonymous is likely to participate in the “Day of Rage” protest scheduled for 17 September 2011 in New York City‟s financial district. While the extent of group members‟ participation in the event is unknown, in late August 2011 Anonymous endorsed the event through propaganda consisting of a video posted on YouTube and a campaign poster, as well as references in their Twitter accounts. In the past, Anonymous has been involved in physical protests that coincided with planned cyber attacks. This could indicate an intention to conduct a cyber attack in conjunction with the “Day of Rage” protest.

Top Companies on London Stock Exchange Have At Least 25% of Their Subsidiaries in Tax Havens

The extent to which FTSE 100 companies use tax havens for their operations is revealed in a database of their subsidiaries compiled for the first time by the development charity ActionAid. The 100 largest groups registered on the London Stock Exchange have more than 34,000 subsidiaries and joint ventures between them. A quarter of these, over 8,000, are located in jurisdictions that offer low tax rates or require limited disclosure to other tax authorities. UK companies are required by law to report a list of their subsidiary companies together with their country of registration to Companies House. However, many of the FTSE 100 have failed to do so in the past. Disclosure of the full list by all 100 groups is the result of a formal complaint made by ActionAid to Companies House and a subsequent investigation by the business secretary, Vince Cable.

Zuccotti Park Owner’s Letter to Police Commissioner Raymond Kelly on Occupy Wall Street

As you know, for over three weeks, Zuccotti Park (the “Park”) has been used by “Occupy Wall Street” and other protesters as their home base. The Park is owned by a Brookfield affiliate and was recently renovated at Brookfield’s considerable expense as an amenity for the general public. It is intended to be a relaxing tree-filled oasis in the midst of the hustle and bustle of Lower Manhattan. We fully support the rights of free speech and assembly, but the manner in which the protesters are occupying the Park violates the law, violates the rules of the Park, deprives the community of its rights of quiet enjoyment to the Park, and creates health and public safety issues that need to be addressed immediately. Within the Park, the protesters have set up living spaces with tarpaulins, mattresses, sleeping bags, tables, bookshelves, gasoline-powered generators and other items that arc inconsistent with the rules and normal public use of the Park. At all hours of the day and night, protesters arc sleeping on benches and walkways, blocking normal pedestrian access to the general public and preventing cleaning and maintenance workers from performing necessary upkeep. When not blocked by protesters, the walkways throughout the Park are blocked by the various items and equipment brought to the Park by the protesters.

Immigration and Customs Enforcement ICEPIC Database May Be in Violation of the Privacy Act

U.S. Immigration and Customs Enforcement is considering whether to halt part of a program that probes profiles of suspects for links to terrorist activity, after federal auditors found the scope of the initiative violates privacy guidelines, federal officials said Tuesday evening. The Pattern Analysis and Information Collection program, or ICEPIC, lets agents search data on individuals under investigation to find nonobvious relationships that could indicate illegal activities or terrorist plots. Within a couple of months after ICEPIC’s launch in 2008, ICE expanded the $150 million program with a new service to let outside analysts also conduct inquiries. But a privacy review that dictates how the program must handle personal information prohibited external access, stated a Government Accountability Office report released Friday. The service “provides functionality that is explicitly excluded in the approved privacy impact assessment,” David A. Powner, GAO director for information technology and management issues, wrote in the report. The study examined privacy protections for data-mining programs throughout ICE’s parent agency, the Homeland Security Department.

GAO Report: DHS Data Mining Systems Do Not Ensure Protection of Privacy

As part of a systematic evaluation framework, agency policies should ensure organizational competence, evaluations of a system’s effectiveness and privacy protections, executive review, and appropriate transparency throughout the system’s life cycle. While DHS and three of its component agencies—U.S. Customs and Border Protection, U.S. Immigration and Customs Enforcement, and the U.S. Citizenship and Immigration Services—have established policies that address most of these key policy elements, the policies are not comprehensive. For example, DHS policies do not fully ensure executive review and transparency, and the component agencies’ policies do not sufficiently require evaluating system effectiveness. DHS’s Chief Information Officer reported that the agency is planning to improve its executive review process by conducting more intensive reviews of IT investments, including the data-mining systems reviewed in this report. Until such reforms are in place, DHS and its component agencies may not be able to ensure that critical data mining systems used in support of counterterrorism are both effective and that they protect personal privacy.

Afghan Opium Production Has Risen 61% Since 2010

Opium production in Afghanistan rose by 61% this year compared with 2010, according to a UN report. The increase has been attributed to rising opium prices that have driven farmers to expand cultivation of the illicit opium poppy by 7% in 2011. Last year opium production halved largely due to a plant infection which drastically reduced yields. Afghanistan produces 90% of the world’s opium – 5,800 tonnes this year – the main ingredient of heroin.

UNODC Afghanistan Opium Survey October 2011

The total area under opium poppy cultivation in Afghanistan in 2011 was estimated at 131,000 hectares (ha), a 7% increase compared to 2010. 95% of total cultivation took place in nine provinces in the Southern and Western regions, which include the most insecure provinces in the country. This confirms the link between insecurity and opium cultivation observed since 2007. The number of poppy-free provinces decreased from 20 in 2010 to 17 in 2011 as Baghlan and Faryab provinces in the Northern region and Kapisa province in the Eastern region lost their poppy-free status. Potential opium production in 2011 was estimated at 5,800 mt, a 61% increase compared to 2010, when opium yields were much reduced due to plant diseases.

UN Human Rights Report on Torture and Abuse of Afghan Detainees October 2011

From October 2010 to August 2011, the United Nations Assistance Mission in Afghanistan (UNAMA) interviewed 379 pre‐trial detainees and convicted prisoners at 47 detention facilities in 22 provinces across Afghanistan. In total, 324 of the 379 persons interviewed were detained by National Directorate of Security (NDS) or Afghan National Police (ANP) forces for national security crimes ‐ suspected of being Taliban fighters, suicide attack facilitators, producers of improvised explosive devices, and others implicated in crimes associated with the armed conflict in Afghanistan. Interviews were conducted at facilities including ANP detention centres, NDS facilities, Ministry of Justice prisons and juvenile rehabilitation centres; as a result of transfers, the interviews dealt with detainees located in 24 of Afghanistan’s 34 provinces. With two exceptions, Government officials from the ANP, NDS, Ministry of Justice and other departments cooperated with UNAMA and provided full access to detainees and facilities. UNAMA acknowledges the critical and extremely difficult role that NDS and ANP have in safeguarding national security in the current situation of armed conflict in Afghanistan. Torture and Abuse of Detainees by NDS and ANP UNAMA’s detention observation found compelling evidence that 125 detainees (46 percent) of the 273 detainees interviewed who had been in NDS detention experienced interrogation techniques at the hands of NDS officials that constituted torture, and that torture is practiced systematically in a number of NDS detention facilities throughout Afghanistan. Nearly all detainees tortured by NDS officials reported the abuse took place during interrogations and was aimed at obtaining a confession or information. In almost every case, NDS officials stopped the use of torture once detainees confessed to the crime of which they were accused or provided the requested information. UNAMA also found that children under the age of 18 years experienced torture by NDS officials. More than one third of the 117 conflict‐related detainees UNAMA interviewed who had been in ANP detention experienced treatment that amounted to torture or to other cruel, inhuman or degrading treatment.

Verisign Website Takedown Anti-Abuse Domain Use Policy

Abusive activity on the internet continues to rise, and public concern about the safety of the internet is clear. Verisign is aware that some reports have sought to portray the com/net TLDs as being at risk from maliciousness. All parts of the internet community are feeling the pressure to be more proactive in dealing with malicious activity. ICANN has recognized this and the new gTLD Applicant Guidebook requires new gTLDs to adopt a clear definition of rapid takedown or suspension systems that will be implemented. To address concerns over malware, Verisign is seeking to (i) provide a malware scanning service to assist registrars in identifying legitimate sites that have been infected and (ii) establish an anti-abuse policy to facilitate the takedown of abusive non-legitimate sites.

NYPD Using College Campuses to Infiltrate Muslim Student Groups

With its whitewashed bell tower, groomed lawns and Georgian-style buildings, Brooklyn College looks like a slice of 18th Century America dropped into modern-day New York City. But for years New York police have feared this bucolic setting might hide a sinister secret: the beginnings of a Muslim terrorist cell. Investigators have been infiltrating Muslim student groups at Brooklyn College and other schools in the city, monitoring their Internet activity and placing undercover agents in their ranks, police documents obtained by The Associated Press show. Legal experts say the operation may have broken a 19-year-old pact with the colleges and violated U.S. privacy laws, jeopardizing millions of dollars in federal research money and student aid. The infiltration was part of a secret NYPD intelligence-gathering effort that put entire Muslim communities under scrutiny. Police photographed restaurants and grocery stores that cater to Muslims and built databases showing where people shopped, got their hair cut and prayed. The AP reported on the secret campaign in a series of stories beginning in August.

IARPA Wants to Build “Data Eye in the Sky” For Analyzing Internet Activity

More than 60 years ago, in his “Foundation” series, the science fiction novelist Isaac Asimov invented a new science — psychohistory — that combined mathematics and psychology to predict the future. Now social scientists are trying to mine the vast resources of the Internet — Web searches and Twitter messages, Facebook and blog posts, the digital location trails generated by billions of cellphones — to do the same thing. The most optimistic researchers believe that these storehouses of “big data” will for the first time reveal sociological laws of human behavior — enabling them to predict political crises, revolutions and other forms of social and economic instability, just as physicists and chemists can predict natural phenomena.

FBI Launching Nationwide Facial Recognition Photo Search Service

The FBI by mid-January will activate a nationwide facial recognition service in select states that will allow local police to identify unknown subjects in photos, bureau officials told Nextgov. The federal government is embarking on a multiyear, $1 billion dollar overhaul of the FBI’s existing fingerprint database to more quickly and accurately identify suspects, partly through applying other biometric markers, such as iris scans and voice recordings. Often law enforcement authorities will “have a photo of a person and for whatever reason they just don’t know who it is [but they know] this is clearly the missing link to our case,” said Nick Megna, a unit chief at the FBI’s criminal justice information services division. The new facial recognition service can help provide that missing link by retrieving a list of mug shots ranked in order of similarity to the features of the subject in the photo.

(U//FOUO) U.S. Army North Crips Targeting Uniformed Soldiers in Retaliation for Oklahoma Murders

On 21 Sep 11, USACIDC reported the CRIPS have put out an order to shoot any Solider in uniform on sight in retaliation for the shooting of their members by Soldiers earlier in the week. The Lawton Oklahoma Police Department has confirmed the CRIPS have threatened to kill soldiers in uniform. The threat stems from when the soldiers, in retaliation for drug rip off, entered the off-post residence of the CRIPS, robbed and subsequently shot some of the CRIPS members. Three of the victims were identified as members of the “107 Hoover CRIPS.”

U.S. Ranks Fifth Globally in Financial Secrecy

Switzerland climbed to the top of a financial secrecy index, even after a global crackdown on tax evasion, according to a report from the Tax Justice Network. The Alpine country, whose secrecy laws date back to 1934, was followed by The Cayman Islands, Luxembourg and Hong Kong, the London-based Tax Justice Network said. The U.S., which topped a 2009 index through the state of Delaware, was placed fifth in a study of 72 tax jurisdictions published today. While Switzerland agreed in March 2009 to meet international standards to avoid being blacklisted as a tax haven by the Organization for Economic Cooperation and Development, the country continues to resist the automatic exchange of information, the Tax Justice Network said. Agreements signed in August with the U.K. and Germany to end disputes over tax evasion will “entrench Swiss banking secrecy,” according to the study.

White House “WikiLeaks” Executive Order on Improving Security of Classified Networks

This order directs structural reforms to ensure responsible sharing and safeguarding of classified information on computer networks that shall be consistent with appropriate protections for privacy and civil liberties. Agencies bear the primary responsibility for meeting these twin goals. These structural reforms will ensure coordinated interagency development and reliable implementation of policies and minimum standards regarding information security, personnel security, and systems security; address both internal and external security threats and vulnerabilities; and provide policies and minimum standards for sharing classified information both within and outside the Federal Government. These policies and minimum standards will address all agencies that operate or access classified computer networks, all users of classified computer networks (including contractors and others who operate or access classified computer networks controlled by the Federal Government), and all classified information on those networks.