The Americas Security News.- Michael J. "Mike" Rogers

The chairman of the House Intelligence Committee Rep. Mike Rogers (R., Mich.), said Sunday that recent reports about Chinese hacking show the U.S. is losing a global cyber war. “We get [hit] every single day by a whole series … of attacks, everything from criminals trying to get into your bank account or steal your identity, to nation states like China who are investing billions and hiring thousands,” he said. READ MORE HERE

Lieutenant General Keith B. Alexander, Director of National Security Agency

Frustration has grown on Capitol Hill, in no small part due to explicit warnings about the growing cyberthreat from the nation’s top military leaders, General Keith Alexander, director of the National Security Agency NSA, who also leads the Pentagon´s  new US Cyber Command and General Martin Dempsey, chairman of the Joint Chiefs of Staff.

“The cyberthreat is real and demands immediate action,” General Alexander wrote in a letter to  Senate Majority Leader Harry Reidin late July. “The time to act is now; we simply cannot afford further delay.” This created opposition from the US Chamber of Commerceand other business groups, and  Senator Jay Rockefeller (D) of west Virginiatook the unusual step Wednesday of writing the CEOs of the 500 largest US companies to request their views on cybersecurity and the legislation aimed at protecting the nation’s critical infrastructure from computer attacks.

The Americas Post - Suddenly on-line game titles like "Modern Warfare" take on a whole new meaning

Forensic experts report that pedophiles are increasingly using gaming systems to prey upon children, while terrorists are now utilizing them for online communication. With this in mind, on April 5 the United States Naval Supply Systems Command contracted a San Francisco company called Obscure Technologies for the research and development of “hardware and software tools that can be used for extracting data from video game systems.”

In response to the growing practice of owners “jailbreaking” consoles in order to play pirated games, gaming companies have fought back with hard-to-break encryptions. As a result, data extraction is a highly complex process which the Department of Homeland Security believes can only be achieved by Obscure Technologies. For the small computer diagnostics and forensics company, with annual sales below $500,000 and less than five employees, the contract award of $177,235.50 is not insignificant.

“Analysis of the game systems requires specific knowledge of working with the hardware of embedded systems that have significant anti-tampering technology. Obscure Technologies has substantial experience in working with such systems. Obscure Technologies has the ability to do cradle-to-grave turnkey servicing of complete hardware systems design,” the contract states.  But the government’s main attraction to this company is most likely its lead engineer’s ability to reverse engineer Microsoft’s Xbox.

According to Foreign Policy, which first broke the story, law enforcement agencies came to the Department of Homeland Security’s Science and Technology Directorate requesting a system that can extract data from game consoles. The DHS then delegated responsibility for leading the research and executing the contract to the Naval Postgraduate School.

With the multi-function nature of modern consoles, including access to social networking profiles, the Internet and peer-to-peer messaging, there’s plenty of interest to law enforcement, but it’s difficult to access. Under the impression that game console data is impervious to being hacked and therefore safe from authorities, pedophiles have in fact been using consoles as a haven for exploitation. In 2008, the FBI announced that Xbox Live was being used by pedophiles for luring and communicating with children at an alarming rate.

Aware of related privacy issues, the contract explicitly states that Obscure Technologies will only crack consoles purchased outside the United States for the duration of the research. As for the data to be extracted from the overseas consoles, the DHS plans on making their research and data publicly available at conferences and academic journals, but under the “constraints of the Common Rule (CFR 46) governing the use of human subject data.” In other words, any identifiable information pertaining to the owner of the consoles will be scrubbed.

The Americas Post - Software from Hitachi Hokusai can scan 36 million biometric faces per second and find target almost instantly.

New Big Brother story. A new CCTV camera technology from Hitachi Hokusai Electric can scan days of archived camera footage instantly, and find any face which has ever walked past it. The camera ‘processes’ faces as it records, so that all faces which pass in front of it are recorded and stored instantly as a searchable biometric record. The software can scan through days of CCTV footage almost instantly.

Hitachi boast that it can scan 35 million faces per second.  Having this technology, if a government has your passport photo or your Facebook photo, they can find you instantly.

When the police – or anyone else – want to search for a particular individual, they’re searching through a gallery of pre-indexed faces, rather than a old fashioned library of photos.

This system is suitable not only for security organizations,  airports , railways, power companies, law enforcement, large stores, etc.., but also for individuals who want to find somebody in the crowd, to find wanted criminals, kidnappers, .  The company aims to make the system available within the next tax year, according to a report in DigInfo.

The system does have some  limitations – it scan faces that are in front of the CCTV camera, and faces have to be at least 40×40 pixels in size to be indexed by the system.

The Americas Post - Anonymous doesn't like the flavor of the Mexican SOPA. Photo Credit: YouTube

Members of the international hacker group Anonymous said on Friday they had attacked Mexican government websites  in protest of a bill seeking official controls over release of information on the internet.

Beginning in the morning, disabled websites included the Ministry of Interior (www.segob.gob.mx), Senate (www.senado.gob.mx), and Chamber of Deputies (www.diputados.gob.mx).  Hours later, the sites were restored.

The reform initiative launched in December by Senator Federico Doring, of the ruling National Action Party (PAN), makes it a crime to share copies of works, music, videos and books protected by copyright on the internet, without authorization of the owners.

“We demand that the Mexican government discontinue this law because it takes away freedom of expression and file sharing,” the group said in a video posted on YouTube to explain the cyberattack.

Anonymous compared the reform proposed by Doring with the U.S. online anti-piracy bill known as SOPA, which was frozen by the Congress last week after major Internet firms protested against the measure.

The government said that Ministry of Interior databases were not at risk during the interruption.

“At no time was the site compromised; integrity of the information was assured,” said Interior Secretary Alejandro Poire, in a press conference in the city of Merida.

“We will check security protocols of the Secretariat website to ensure data integrity and avoid such attacks in the future,” he said.

In September, Anonymous successfully blocked the National Defense Secretariat (SEDENA) website, as well as Congressional web pages for Nayarit state and state government of San Luis Potosi.

That attack was carried out to protest insecurity in Mexico, amid drug-related violence that has killed more than 47,500 people since President Felipe Calderon took office in December 2006.

The high court ruling was a defeat for the Obama administration, which had argued that a warrant was not required to use global positioning system devices to monitor a vehicle on public streets.

The justices unanimously agreed with a precedent-setting ruling by a U.S. appeals court that the police must procure a warrant before using a GPS device for an extended period of time to covertly follow a suspect.

The high court ruled that placement of a device on a vehicle and using it to monitor the vehicle’s movements was prohibited by U.S. constitutional protections against unreasonable searches and seizures of evidence.

There are no precise figures on how often police in the United States use GPS tracking in criminal investigations. But the Obama administration told the court last year it was used rarely by federal law enforcement officials.

The American Civil Liberties Union rights group praised the ruling as an important victory for privacy. “While this case turned on the fact that the government physically placed a GPS device on the defendant’s car, the implications are much broader,” Steven Shapiro of the ACLU said.

“A majority of the court acknowledged that advancing technology, like cell phone tracking, gives the government unprecedented ability to collect, store, and analyze an enormous amount of information about our private lives,” he said.

The Americas Post - Now Big Brother can see right through your clothes. Photo Credit: NYPD

It’s not just in the airport anymore.  The New York City Police Department (NYPD) is working in collaboration with the United States Department of Defense to control illegal firearms by deploying technology to detect concealed weapons carried by people walking down the street.

Using infrared rays, the system scans a “form of radiation emitted from the body” on a person carrying a gun on the city’s streets, New York Police Commissioner Raymond Kelly announced Tuesday at a State of the NYPD event.

Known as terahertz imaging detection, the technology functions on the basis that the rays cannot pass through metal, thereby creating a digital outline of any metal weapon gun people may be hiding.   It is reported to be capable of measuring energy radiating off a body from up to 16 feet away.

Kelly told attendees that the scanner would be used only when reasonable suspicious circumstances called for it and could decrease the frequency of stop-and-search incidents on the street.  The news, however, has raised concerns about privacy.

“It’s worrisome. It implicates privacy, the right to walk down the street without being subjected to a virtual pat-down by the Police Department when you’re doing nothing wrong,” the New York Civil Liberties Union’s Donna Lieberman told CBS New York.

According to NY Post reports, the scanners would be mounted on NYPD vans, with the rays aiming at people on the street.

Security: Joe Parry from Cambridge Intelligence and Victor Bjorgan, CEO og Global Security Services LLC and Publisher of TheAmericasPost.com, during the EISIC 2011 Conference.

How should we communicate the results of our analysis to decision-makers? How to visualize key information for decision makers?  The talk of Joe Parry argued that visualisations and infographics play a very important role, not only for analytical processes of data analysts, but also for explaining the analytical results to decision-makers at the highest of levels.

Some care must be taken to avoid various common pitfalls when designing such visuals: the talk will cover bad examples as well as good in order to uncover design guidelines and practical advice for those wishing to pursue a more visual approach.

in that sense, Joe Parry initiated his keynote that these visualization tools are specially important for law enforcement and National Security. In that sense he recalled an old saying ” a good sketch is better than a long speech”.

What is visualitation? asked Parry to the conferencists. Well , a good visualitation does not consist in just good pictures.

About graphs and numbers, Parry said that the use of interactive data and vissualy representation of data is used to amplify cognition. Parry briefly described how a good visualization helps in the Intel analysis. Described some common pitfalls in data visualization. he recommend the reading of the book written by Westell, Duncan and Weeks on visualization in Intel analyIntel analysissis.

Parry also described a model of intelligence analyzing processes. The final product of such analysis is a report.

In the reports, he does not recommend the use of colours to describe the visual variables. He recommend the use of Kinley Visual variables.

To start the visualization of the Analysis in its low phase, Parry mentioned the visualization of pattern of life, but said this is a analytical tool, not a decission tool. He also said that this analysis must be simplified, not use numbers.

During his keynote speech, Joe Parry showed a photograph of former President George Bush looking a wall full of sketches with the networks and interrelations of all individual terrorists participants in the attacks of September 9/11. It was a very confusing material, President Bush was looking at in this photo. Not the best intelligence visualization report.  President Bush was not looking in the photo at a screen with the three followings ingredients that are important in any report: geovisualization, timeline visualization and network visualization.

Parry said, that if only using that photo, it was impossible for former President Bush tot ake any intelligence decission, because there is no report, but only information.

In things not to do, Joe Parry also told participants that it is no good to put pies in the reports, neither 3D presentations. The intelligence reports for decission makers must avoid the use of colour since there is often a color blind among the public. He recommends not to use labels, simplicity instead  of complexity, no use of black backgrounds, no use of pie charts, not use of misleading scales.

Joe Parry showed enthusiasm while talking about the infographics reports of the New York Times NYT. He said the NYT infographics show all needed info to understand what is happening.

Summarizing, Parry described some of what he called as ” design guidelines” for any Intel report, like  first an overview, always  aim for clarity, show context, show how the situation has changed, make comparison easy, all visual elements must be backed by data, and that the report should be so clear and convincing that the decission makers will act backed by the report.

To know more about the subject, Joe Parry from Cambridge Intelligence mentioned some sites that can be of interest like:

flowingdata.com

infosthetics.com (slow uploading, be patient..)

visualcomplexity.com

nytgraphics.com

stamen.com

visualization.org

Finally, Joe Parry ended his keynote speech saying to all participants: “Back Up everything you say!”

Joe Parry´s email address is joe@cambridge-intelligence.com

His twitter is @parry_joe

Phone nr: 07973 787 233

His address is:

idea Space

The Entrepreneurship Centre

3 Charles Babbage Road

Cambridge CB 3 OGT

Biographical Details:
Joe Parry has worked on visualization and graphics systems for intelligence work for the last thirteen years.
During that time he has done software development, design, systems architecture and more experimental
research projects. He has worked with the intelligence communities of the UK, US and other countries. His
recent professional interests include social network analysis and web-based visualisation systems. This year he started his own software company which is producing what he hopes will be part of a new wave of
investigation software.

Dr.Nasrullah Memon, Program Chair of EISIC 2011 in exclusive interview with TheAmericasPost.com

On the occasion of the EISIC (September 12-14,2011) held in Athens, we interviewed the Program Chair of the event Dr. Nasrullah Memon, professor at the University of Southern Denmark and member of the Steering Committee of the European Intelligence & Security Informatics Conference EISIC on Counterterrorism and Criminology. The event was organized jointly with The International Symposium on Open Source Intelligence and Web Mining (OSINT-WM 2011), and having as Academic Sponsors The University of Arizona, University of Southern Denmark,  and The Hellenic American University, as technical co-sponsor the IEEE Computer Society, as local organizer the Hellenic American University and SPRINGER as the Industry Sponsor.

During the interview, Dr. Memon gave details about EISIC (past, present and future plans) , how the Intelligence Community can take advantage of the Intelligence & Security Informatics discipline, the relationship between counterterrorism and computational criminology, the role of Higher Education, as well as differents kinds of Crime involving information and communication technologies. The privacy problem was also analized during the conversation.

Here is an excerpt of a very interesting interview with one of the world´s most brilliant minds in Defense, Counterterrorism and Security Informatics, Dr. Nasrullah Memon.

Dear Dr. Memon, could you please tell us what is EISIC 2011? Please elaborate on its creation, mission, objectives and members.

EISIC is the European chapter of Intelligence and Security Informatics (ISI) series of conferences. The conference is dynamic and allows academicians, researchers and practitioners to keep abreast of new tools and methodologies in the area of Intelligence Security and Informatics. It is also a venue that fosters networking opportunities for people working in this scientific area.

After my graduation (PhD Defense), Professor Hsinchun Chen, Director, Artificial Lab, University of Arizona, the founder of ISI series of conferences encouraged us to organize the European chapter of ISI. In this context, the first event was organized under the name of EUROISI 2008 at Esbjerg, Denmark.  That event was organized more as a workshop than a conference and it was not very well attended.

In September 2010, while Professor Hsinchun Chen visited University of Southern Denmark, we discussed how to re-organize the European chapter of ISI as an annual event in order to create a consortium involving academic researchers in information technologies, computer science, public policy, criminology, and social and behavior studies as well as local, national, and European law enforcement and intelligence experts, and information technology industry consultants and practitioners to support counterterrorism and national/international security missions of anticipation, interdiction, prevention, preparedness and response to terrorist acts. In other words the mission and objectives for the organization of EISIC series of conferences that came out from the discussions with Prof. Chen are to provide opportunities to establish a European network in the area of Intelligence and Security Informatics.

The organization of the conference was a very difficult task and we started working for the success of the event from September 2010 with the collaboration of Hellenic American University, University of Southern Denmark and University of Arizona. We formed a team from the above mentioned academic institutes and Hellenic American University accepted to host EISIC 2011 in Athens, Greece while University of Southern Denmark accepted to host EISIC 2012 in Odense, Denmark.  As per program chairs, Daniel Zeng and me invited around 100 researchers from academia and industry to work as program committee members. We received 111 submissions for EISIC 2011 and we accepted 27% of high quality papers as LONG papers based on the peer-review process.  The research articles were received from 41 countries from all sub-continents.

The founding members of EISIC 2011 are: Prof. Hsinchun Chen, Prof. George J. Hagerty, Professor Uffe Kock Wiil, Professor Triant Flouris, Dr. Panagiotis Karampelas and myself.

What is your assessment of the conference in Athens?

As per feedback from the audience we found it was a very successful event. The keynote speeches as well as the paper presentations were very well attended by the participants and there were a lot of positive comments on the quality of the presentations. There were also a lot of opportunities for networking between the participants and we witnessed several discussions about future collaborations between the participants. I would like to mention at this point that the host organization played a vital role in the success of the conference sponsoring the expenses of keynote speakers and finding alternatives of certain problems we faced because of unforeseen incidents such as strikes, etc.

What activities does EISIC plan to carry out in the near future?

We have a number of long and short term plans in the area of Intelligence and Security Informatics.  We have established the Counterterrorism Research Lab at University of Southern Denmark in October 2009.  Behind the lab there is a small group of researchers (around 10, one Professor, one Associate Professor and several PhD students) working in the area of ISI. We are publishing our research articles in the area in various conferences and journals and we try to establish connections with various law enforcement bodies and intelligence services providing them with our cutting edge technology and experience. Concerning EISIC, we plan to organize EISIC 2012 at our University at Odense on August 22-24, 2012. We also received a number of informal proposals for the organization of collocated events. As soon as we receive formal proposals, we’ll decide accordingly. We have also received informal proposals for the organization of EISIC 2013 and EISIC 2014 in Italy and Sweden respectively. The steering committee will decide as soon as we receive formal proposals for the organization of EISIC and related events in future.

In regard to the Intel discipline, where do you classify the Intelligence Security Informatics ISI? Is it a separate intelligence discipline in and of itself, or part of other intel disciplines like HUMINT, SIGINT, IMINT, etc.?

ISI is a discipline where INTEL disciplines could be benefited. Let us take an example; we are working on a research project (sponsored by the Faculty of Engineering, University of Southern Denmark): Developing an Early Warning System to predict Terrorist Threats. Mostly we use OSINT (Open Source Intelligence), but there is room for counterterrorism experts/INTEL to work. We do not have yet a formal collaboration with INTEL agencies, but I’m sure INTEL people could be benefited as well from ISI research.

What role does higher education play in ISI?

As this is a new inter-disciplinary area, higher education can play a vital role in encouraging students from Sociology, Anthropology, Psychology, Criminology, Computer Science, and Applied Mathematics to adopt research in the area of ISI in order to educate experts to help us in building a SAFE AND SECURE WORLD. It is also a need of the hour to train INTEL people with this emerging area of research.

What is the relationship between counter-terrorism and computational criminology?

Computational criminology like Countering terrorism is an emerging blend of criminology, anthropology, social computing, computer science and applied mathematics. Modern concerns about public safety and security include a focus on a range of events from less serious everyday crimes like shoplifting to personal violent crimes like homicide and ultimately terrorism. Underlying all of these events is a decision process or a chain of steps in target identification, steps that focus first on rough and vague decisions and move towards the precise plot. The fields of counterterrorism and computational criminology involves the use of computational power to identify: (1) crime patterns and emerging patterns; (2) crime generators and attractors; (3) terrorism, organized crime and gang social and spatial networks as well as co-offending networks; and, (4) cybercrime/cyber terrorism. Algorithms are developed using computational topology, hyper-graphs, Social Network Analysis (SNA), Knowledge Discovery and Data-mining (KDD), agent based simulations, dynamic information systems analysis and more for detecting organized crime and predicting terrorist threats.

The methods and models used for counter terrorism and computational criminology can provide information about pattern theory and identification. In short, we treat terrorism as an organized crime, and therefore, it would be possible to use some of the traditional methods to detect terrorism evidences, but also new models can be developed looking into the new type of terrorism of 21^st century.

What is cybercrime and what current challenges does it pose?

Crime involving information and communication technologies (ICT), for example:

·        ICT as an instrument, where ICT can be used as primary tool to commit the offence (Identity theft, Internet scams and Fraud-misappropriation of funds are some of the examples)

·        ICT as target, where ICT is the target of the offence (Hacking, Misuse of  ICT resources, Denial of service, Stealing information)

·        ICT as Ancillary Resource, where conventional crime can be assisted by ICT; in other words technology can be used to commit conventional crime or technology can be used to store information about crime (Fraud, Money laundering, etc., are known examples)

As the cybercrime has border-less and transnational reach, therefore, there is urgent need to establish competency in predictive cyber analysis and to develop trusted relationships to encourage information sharing among the INTEL agencies.  There are number of challenges in cybercrime, for example

·        Enforcing extraterritorial/ trans-border law enforcement activity

·        Many offences are never detected

·        Many detected offences are never reported

·        Difficult to quantify the offence

·        Difficult to “Police” the cyber space

·        Evidence can be intangible

·        Issuing warrant without knowledge of the precise location of data (evidence) can be problematic

·        Evidence can be destroyed during search

·        Encryption and other concealment technologies are available to offenders

·        Human rights and privacy issue, etc.

How can the right to individual privacy be balanced against the need for protection from cybercrime?

It is a very difficult question; I think security is more important than privacy of individual person in some cases.  But according to the laws of each country, the privacy problem should be dealt in treating with cyber criminals.

Dr. Bhavani Thuraisingham and our Publisher Victor Bjørgan during EISIC 2011, European Intelligence & Security Informatics Conference on Counterterrorism and Criminology.

On September 12th, and during the first day of the conference EISIC 2011 “European Intelligence & Security Informatics Conference, on Counterterrorism and Criminology,” the first keynote speech was given by the expert Dr. Bhavani Thuraisingham Cyber ​​Security (BT) (*). The title of his presentation was “Data Mining for Malicious Code Detection and Security Applications”. Among the highlights of his academic dissertation BT defined the meaning of saying that data mining “is the process of posing queries and extracting patterns different from data using techniques”. About its use, she said the technology can be used in national security as well aganist cybercrime and security, like f.e. like to Prevent buildings, destroying critical infrastructure (power, telecom). Dr Thuraisingham said that also can Data Mining find out who the bad guys are, capable of carrying out those Terrorist Activities.
Defining Cyber ​​Security BT said it is a technology to Protect the computer and network systems due to Against Corruption last generation of malware like Trojan horses, worms and viruses, including the ultradangerous malware called RAMAL (Radioactive Adaptive Malware), as well as intrusion detection and auditing.

During the first part of the presentation, BT described her research (together with Prof Latifur Khan and students of the University of Texas) and said that some techniques like the Link Analysis technology can be used to trace the viruses to the perpetrators. Another technology called Classification can prevent future attacks depending on the data mining learned about the terrorists through emails and phone conversations. The technology can also separate between real threats and non threats at all, by reducing false positives and false negatives.

More into details of her speech, BT said that the researched techniques like the CFB Program can extract the code blocker malware from data, and make a control flow analysis. She also compared her System with another already in the market , the code blocker SigFree, and assured her system is better, performs better.   Her System can detect Malware that is evolving continuosly, even every milisecond, like the RAMAL (Radioactive Adaptive Malware). Currently, all last generation malware evolve continuosly and it is difficult to prevent for regular firewalls. Dr. Bhavani Thuraisimgham defined her anti RAMAL malware tech as the NCD Novel Class Detection, and the tool is the system based on NCD, the so called SNOD or SNODMAL).

Currently, the most advanced Malware goes undetected because a continuos change in behaviours , every milisecond, and the regular anti malware software can not keep up that speed.

BT assured that her SNOD hast the ability to detect new classes of malware and its changes. She used the SNODMAL, malware detector using SNOD.

She classified the Malware in two categories: Benign and Novel.

The usefullness of SNODMAL will extend to detect multiple novel malware classes and quarantine them.

Summarizing, BT also revealed that they are working to find the best way to detect where this malware attack comes from, and to be able to attribute the attack, where it come from with 100% certainty (to avoid false accusations). Several countries have been attacjed by these novel malware.

In regard to the privacy matter, BT affirmed that the extract of results of the data mining should be private, this is a legal matter, not only an ethical one.

Once her speech finalized and the round of questions ended, Dr. Bhavani Thuraisimgham met Victor Bjoergan , CEO of the U.S. based Global Security Services LLC,  also Publisher of TheAmericasPost.com and EuropeSecurityNews (this under construction). Both discussed the importance of developing these technologies, and its role anti Cybercrime and the strengthening of global security against terrorism.

(*) READ MORE ABOUT DR. BHAVANI THURAISINGHAM

(**) MORE ON DR.THURAISINGHAM