Monday, December 31, 2012

INFOGRAPHIC: How To Deter Burglars

Hire Anonymous! - Cyber Threat Summit 2012 by paulcdwyer



Paul C Dwyer President of the ICTTF International Cyber Threat Task Force discusses the concept of identifying talented individuals (hackers) before they seduced into a world of cybercrime. He discussed traits and characteristics in such vulnerable minors such as Aspergers Syndrome and references the case of Gary McKinnon.

Sunday, December 30, 2012

Off-Duty Deputy Shoots Gunman at San Antonio Movie Theater before He can Shoot People in the Theater by newsninja2012





A gunman entered a San Antonio, Texas Movie Theater on December 17, 2012. Sgt. Lisa Cuello Castellano shot the gunman multiple times before he could shoot anyone in the theater. She has been awarded the "Medal of Valor" for her heroism. Another off-duty officer at the theater, Armondo Olguin, was also recognized for helping to apprehend the gunman.

Raytheon's BattleGuard Remote Weapons Station by raytheoncompany



With its superior range and resolution, BattleGuard is the most modular and highest-performing remote weapon station for current and future tracked and wheeled military vehicles.

Saturday, December 29, 2012

Syrian rebels use homemade rockets (raw footage) by STRATFORvideo



Syrian rebels have been producing homemade rockets and using them to target a government base in Idlib province (Dec. 25, 2012), according to a video obtained by Reuters. For analysis, visit: http://www.Stratfor.com Footage posted with permission from Reuters.

Did Al Qaeda Put a Bomb Up a Goose's Ass? by TheYoungTurks



"The critical acclaim for the new Kathryn Bigelow movie "Zero Dark Thirty" has renewed the debate on the efficacy of torture. The movie dramatizes the decade-long effort to find and eventually kill Osama bin Laden. In a riveting opening section, the film obliquely credits the discovery of the key piece of information in the search for Bin Laden to the torture of an Al Qaeda prisoner held by the CIA. This is at odds with the facts as they have been recounted by journalists reporting on the manhunt, by Obama administration intelligence officials and by legislative leaders."* There's a torture myth being brought on in scenes of Zero Dark Thirty, in which torture is shown as an effective method which lead U.S. forces to Osama Bin Laden. But does it? Did it work when Khalid Shaikh Mohammed, under torture, sent frustrated FBI counter-terrorism agents on literal goose chases? Cenk Uygur breaks down the misleading efficiency of torture. Read more from Terry McDermott/ LA Times: http://articles.latimes.com/2012/dec/23/opinion/la-oe-1223-mcdermott-torture-bigelow-zero-dark-20121223

Mexico forms new fighting force against crime by AlJazeeraEnglish



One of the top priorities for Mexico's new president Enrique Pena Nieto is tackling violence. His predecessor tried going after the leaders of drug cartels. But that had only limited success. Now Pena Nieto's promising to employ a new strategy, by creating a new national police force made up of former military troops. Al Jazeera's Rachel Levin reports from Mexico City.

What the Hell is Smart Power? Rob DuBois at TEDxSunRiver by TEDxTalks



Go on a journey, through a Navy SEAL's eyes, as he embraces the greatest distinctions between necessary evils, truths, peace, and the power of human nature. Rob Dubois believes, it is in our decisions that destiny is shaped. Nowhere is the cost of failure higher than in the life-and-death struggle of armed conflict. In Powerful Peace; A Navy SEAL's Lessons on Peace from a Lifetime at War, author J. Robert DuBois harnesses that real world sense of wartime urgency to guide our search for solutions to the most challenging problems. He takes on a crucial and unprecedented mission for a retired Navy SEAL: the relentless pursuit of interpersonal and international peacemaking as an imperative for global security. A treatise for policy makers and warriors, mediators and educators, Powerful Peace is also a compelling and practical guide to problem solving for every engaged citizen. This game-changing message is equally relevant in the boardroom, the bedroom, and the battlefield. In the spirit of ideas worth spreading, TEDx is a program of local, self-organized events that bring people together to share a TED-like experience. At a TEDx event, TEDTalks video and live speakers combine to spark deep discussion and connection in a small group. These local, self-organized events are branded TEDx, where x = independently organized TED event. The TED Conference provides general guidance for the TEDx program, but individual TEDx events are self-organized.* (Subject to certain rules and regulations)

Thursday, December 27, 2012

Anonymous Gives Tips On How Whistleblowers Should Release Leaks



A blog that is linked with the hacker consortium, Anonymous, has provided what are tips on how whistleblowers should release leaks. It appears, based on recent actions, the group is attempting to reform its perceived image of a group young hackers who want to stir trouble to a force of goodwill, by releasing tips which aim to protect unintentional victims and whistleblowers and guarantee only relevant and actionable information is released. The text from the article is below. 

Leaking documents online is controversial and fall into grey areas of the laws. They are an essential parts of revealing the truth and corruption but there’s various issues. They are dangerous to people manipulating them. They can endanger and harm innocents. They can become noise. It’s therefor essential to better this practice. A good example of a very useful successful leak is WCITleaks.

Do not share unfiltered leaks to the publicYou never know what information are in those leaks. You could go in jail for rest of your life. Only share unfiltered leaks with known and secure leak authorities.

Remove personal informationInnocents could be harmed, it’s impossible to be sure what effects the leaks can have. It’s always better to remove any personal information. We’ll try to provide tools to make this work simpler.

Select important information to releaseWithout context it’s almost impossible to the public, reporters and any inexperienced writer and analyst to understand information from them. It’s also very likely that they will just become noise. That’s why selecting portions of leaks and explaining them to the public is crucial.

Wednesday, December 26, 2012

West Webster, NY Firefighters Shot In Ambush - Mixed Fire and Police Radio Traffic by Radioman911TV



12/24/12 - West Webster, NY Firefighters Shot In Ambush Recording of unedited West Webster Fire and Webster Police radio traffic mixed together by Radioman911.com Audio provided by RadioReference.com

Prison Contraband: Vanguard by Current



Contributor Janet Choi goes inside a California state prison to investigate contraband smuggled inside the cells, and how cellphones are the new security threat. Watch Vanguard on Current TV Mondays at 9pm/8c. VIEW more Vanguard & SUBSCRIBE to the YouTube Playlist here... http://www.youtube.com/view_play_list?p=99EA424C68B5EB55

Inside Chicago School's Extensive Security Measures by ABCNews



As more Newtown shooting victims are laid to rest, we take a look at how one school protects itself.

Tuesday, December 25, 2012

China busts nation-wide child abduction gang by AlJazeeraEnglish



In just one week, China's Ministry of Public Security has rescued dozens of children in a nine-province-wide bust. The government estimates there are around 30-60,000 cases of child abductions in China each year. They are often sold into slave labour or forced to become beggars. Al Jazeera's Gerald Tan reports.

Living in Chicago's Gang Occupied Neighborhoods by AssociatedPress



Chicago is experiencing a more than 50 percent surge in homicides, most of them on the city's south and west sides. In the second of a three part series, The Associated Press looks into the lives of people in those violent neighborhoods. (June 12) Subscribe to the Associated Press: http://bit.ly/APYouTube Download AP Mobile: http://www.ap.org/mobile/ Associated Press on Facebook: http://apne.ws/c7lQTV Associated Press on Twitter: http://apne.ws/bTquhb Associated Press on Google+: http://bit.ly/zuTKBL

Sovereign Citizens and Law Enforcement by SPLCenter



This Southern Poverty Law Center video was created to help law enforcement agencies better prepare for encounters with "sovereign citizens." In the case of two West Memphis, Ark., police officers, Brandon Paudert and Bill Evans, a routine traffic stop of father-and-son sovereign citizen duo Jerry and Joe Kane in May proved fatal when son Joe, 16, leaped from the car firing an AK-47, cutting down both officers. The Kanes died in a shootout with police an hour later in a Wal-Mart parking lot after wounding two more officers. SPLC estimates that as many as 300,000 people may consider themselves sovereign citizens — and the number is growing.

Friday, December 21, 2012

The CRAZIEST Security-Related Kickstarter Project I've Ever Seen


Every now and then, I run across a few advertisements for security products that have me scratching my head.  Unfortunately, most of them are surveillance cameras.  Whether it be their shaky claims on screen resolution or storage on various media, the ads are very "sketchy" to say the least.  Today's gem comes from Kickstarter, the largest crowdsourcing site where entrepreneurs solicit average Internet users to become "angels" for their products.  They entice you with everything from prototypes to trips to their factories.  Most are really good and some aren't so good.

The product's creator made several mistakes:
  • The product is extremely outdated.  The first lesson you learn in sales is to appeal to your prospect's "pain" - the one thing that is a constant concern that will drive them to your product.  Having DVRs stolen is a concern for some businesses.  If your suspect knows what he/she is looking for, they might looking to steal the DVR.  However, if that's a true concern, most businesses will ask that the video be stored off-site or have the DVR installed somewhere secure.  Several companies in the installation/integration business already do this.  
  • The inventor claims to solve the "stolen DVR" issue by "creating a secure video stream to an off-site server, safely located far from the premises and accessible only to you." Again, that's already done by several companies and often add video surveillance inexpensively as part of their package deals.
  • They also claim if their "DVR gets stolen during a theft, you can access the video stream from anywhere in the world for up to 60days, completely FREE of charges. This is a turn-key system requiring virtually NO maintenance, securely storing video 24 hours, 7 days a week."  Why am I paying for DVR if you're storing off-site and I can access the video from anywhere?

Perhaps the worst mistake ANY entrepreneur on Kickstarter can make is offering nothing in return.  For giving them $500 or more (oh you read that right), you get:
Complete plans to setup the system, including step by step instructions that will create and store 24/7 security video coverage securely online FREE that can be retrieved from any computer for up to 60 days.
You're going to give me plans?! For $500, all I get is plans.  Folks, I already know what this was.  It was an attempt to make a really quick buck.  The duration they set for funding this little "project" was 30 days.  No worries because my fellow Netizens recognized the lunacy and criminality behind such a solicitation.  No one funded this scam.  I should have known something was up when I looked at the creator's other projects.  His latest project was a documentary on "A rather large insect-looking "Inviso-Bug" flying off of my deck. These are invisible to the naked eye, only show up under infra-red. I have hours of exclusive video of SWARMS of things around me and am unable to see them or hear them at all!" Gotta love crazy people....

Tuesday, December 18, 2012

Who's More Advanced - Syrian Rebels or DARPA?

Every revolution starts almost the same way.  Rocks are thrown, then Moltov cocktails. Rebels amass small arms.  And then they get "creative".  The same can be said of Syrian rebels who have converted just about every piece of armament they've captured into another weapon.  Take for instance, their use of cluster bombs to manufacture rockets.  Wired Magazine did a piece with video from the rebels on just how this is done.
The fuses from cluster bombs get recycled in makeshift weapons foundries for use inside Qassam-style short-range rockets. Taking a page from Hamas in Gaza, the Syrian rebels are now manufacturing their own rockets — much as they have other weaponry — even though gulf Arab states keep a weapons pipeline flowing.

Back at the foundry, the intact fuse has its benefits. The rebels remove the tail fin from the cluster bomb, leaving the main charge, and then attach a homemade rocket motor.

They've even started manufacturing tanks.  That's right. You read it correctly.  They have designed their own "tank".  It's built from a disassembled car and uses on-board cameras with an video game console controller.  Yup. The Syrian rebels may be more advanced than DARPA.


VIDEO: Outgunned and Pinned Down, Syrian Rebel's Incredible Luck Captured


As young basic trainee, I was taught a many of things in basic training - one of which was the chaos that occurs when under fire.  It takes a disciplined soldier to ignore the hysteria and danger, focus on the mission, fire back at the enemy, and get back to safety when the situation allows.  The video above demonstrates just how lucky one Syrian rebel was.  You'll see bullets hitting all around him, his attempts to fire back, and his ability to get back to his comrades unharmed.  You'll also notice just how lucky he is, though I'm sure he would say "إن شاء الله‎" (God's will).

Monday, December 17, 2012

HACKED: Anonymous Keeps Its Word and Pwns Westboro Baptist Church



As I reported yesterday, the hacker consortium known as Anonymous has targeted the members of Westboro Baptist Church.  The church announced, after the tragic events of 12/14/2012, it would be picketing the funerals of the victims.  Anonymous, along with the rest of the world, took this a bit personal and announced it would be lashing back.  It began with a release of personal information on Westboro Baptist Church members and leaders.  Most recently they decided to hack the church's spokesperson's Twitter account and the resulting Tweets have provided an insight into how the "hacktivist" organization may have found some redemption.

Check out the "tweets" from @DearShirley - the account hacked by Anonymous.






They've even called on the White House to declare Westboro Baptist Church a "hate group":

Even politicians got in the mix:
I'll be checking out the feed some more over the next few things.  It's bound to get even more interesting.

Sunday, December 16, 2012

VIDEO: Hacker Consortium, Anonymous, Message to the Members of Westboro Baptist Church

I'm no huge fan of the hacker consortium called Anonymous, but given the tragic events of 12/14/12, I am not entirely surprised by their actions against those who try to exploit the deaths of the victims. Check out their latest message to the members of the infamous Westboro Baptist Church.

VIDEO: Wi-Fi Security by disconnecters




I found this little gem on YouTube. Give it a look. The only its certainly very interesting with the relative ease it takes to hack into Facebook and other social media sites. Here's the description from the folks at Disconnected on YouTube.
See how your Google and Facebook accounts can now be broken into through social widgets and see a new feature in Disconnect that protects you. Get Disconnect at https://disconnect.me/. Contents: 1. Wi-Fi Snooping (https://youtu.be/g5mFbgxMHqQ?t=26s) 2. Widgetjacking (https://youtu.be/g5mFbgxMHqQ?t=1m32s) 3. Disconnect Security (https://youtu.be/g5mFbgxMHqQ?t=4m10s) Disclaimer: While we think understanding how quickly and easily a nonexpert can compromise your security is important, the attack shown in this video may be considered wiretapping where you live and shouldn't be tried at home except with consent! Credits: Written by Brian Kennish Filmed and edited by Dan Kwon Animated by Brian Kennish and Dan Kwon Music (http://soundcloud.com/folkmusicforrobots/widgetjacking) written and recorded by Brian Kennish Portions filmed at Coffee Adventure in Milpitas, California (https://www.facebook.com/pages/Coffee-Adventure/361643370157)

Friday, December 14, 2012

INTERACTIVE: Who are the world's top importers and exporters of small arms

Yesterday, I came across a map spelling out where the world's small arms come from and where they go.  This information was derived from the Small Arms Survey Report of 2012 by The Graduate Institute of Geneva.  They compiled these figures from official government reports, media speculation, and field research.  I HIGHLY encourage you to both peruse the map and the report to get a better understanding of the small arms issue.

This is the map I previously mentioned.  If you want a bigger map to look at, click here.






Here's some data gleaned from the report:


  • After 15 years of rising homicide rates, El Salvador, Guatemala,  Honduras, Jamaica, and Venezuela all suffer from rates of more than 30 per 100,000—at least five times the global average. Together with Brazil, Colombia, Panama, and Puerto Rico, these countries also exhibit very high proportions of homicides committed with firearms (>70 per cent).
  • Worldwide, at least two million people are living with firearm injuries sustained in non-conflict settings over the past decade. Their injuries generate considerable direct and indirect costs, such as those incurred through treatment, recovery, and lost productivity.
  • In response to increased attacks by Somali pirates, international naval forces and private security companies have stepped up their activities in high-risk waters. As a result, the number of successful attacks dropped in 2011, but pirate groups are increasingly resorting to lethal violence and abusing their hostages during attacks and captivity.
  • State transparency on small arms and light weapons transfers improved on average by more than 40 per cent between 2001 and 2010, but the average score for all states combined remains below half of all available points.

  • Here's a video from the press conference spelling out more of the report's findings:




    UPDATE:I had no way of knowing that this post would be so timely.  I am mortified about the events in Connecticut today and by some of the commentary taking place through social media and other outlets in an attempt to correlate this with a need to address gun control.  I have a simple philosophy in that regard.  Crazy people kill kindergartners and NOT guns.  That being said, I do believe we need to address the ease of access these nutjobs have to weapons which can kill a large volume of people.  I think we need a discussion about we as professionals and citizens can recognize the signs something maybe amiss with people who commit these crimes.  I think the discussion also needs to go much further than what I proposed.  As Jay Carney, President Obama's press secretary said today, "There's a day for gun control review, 'but today is not that day'"  On that note, I ask you that take a moment to think about the victims and the heinous crime that took their lives.

    Thursday, December 13, 2012

    Cyber Defense: The facts associated with the hacker mindset

    I made a really awesome contact with Terry Beaver, a cyber security expert to say the least.  During a recent conversation on LinkedIn, he directed me to his blog, Cyber Integrity.  I was immediately impressed by the first article I saw.  I've included the link to the article and his blog throughout so you can check him out.  Terry, thanks again for continuing to push innovation in the cyber security realm.
    The facts associated with the hacker mindset:
    1. Modern computers are finite state machines – they do not “think.” Hackers are highly intelligent and well skilled at their craft. We must respect that fact.
    2. Information is a commodity and tradeable.
    3. What man can conceive – man can and will hack
    4. Retrofitting security onto existing platforms always fails – not withstanding that most security systems were not designed from the inside out beginning with understanding the hacker culture and methods.
    5. Teenagers have far more time and more energy than adults and will focus on what is cool. The good hack is very cool. Bragging rights are cool.
    6. While this statement was writing, attack vectors were exploited all over the world.
    7. In the commercial world; security is considered not a revenue generator but a revenue drain. In government, it takes second place to red tape. Too many government and business leaders are indifferent to security and at best, it is an afterthought laden with reactive vs. proactive behaviors.
    8. Hackers operate under a meritocracy – clue matters more than prestige and points are scored with their peers for successful hacks.
    9. Information has a shelf life and is subject to being exploited for hacker benefit.
    10. Intellectual property and sensitive data is a means for me to support my lifestyle.
    Postulates of a Hacker:
    1. Understanding how things work is an advantage over ignorance.
    2. Curiosity and ego are more powerful motivators than money.
    3. Nationalism is more important to hackers than ‘props’ (AKA don’t hack where you live – PRC is an exception).
    4. Not all people are rational, therefore choices are not predictable.
    5. Finding flaws and vulnerabilities requires an un-structured approach, out of the box thinking. This is contrary to a U.S. Government cleared engineer who follows structured guidelines.
    6. Success is relative to your environment and your alcohol intake or abusive behaviors. Hackers do not follow social norms and are very self centric in behavior. It may not be disciplined but often the “hack” works.
    7. There are no borders on the Internet
    8. Accountability is an effective “deterrent” against “insecurity” – applies to you, not I. If you fire me up, I will hit (hack) you.
    The Hacker’s conclusions:
    1. If you turn it on and connect it, they will come – and try and take it.
    2. It is curious how very smart and knowledgeable people will beat disciplined trained people and then watch the disciplined ones hide their failures.
    3. The hacker mindset is learned by experience, not by rote or title. Our status is measured on our successes, not on your GSA rating or rank.
    4. Capture the flag is the best paradigm for understanding security.
    5. The race is on to achieve the rapid penetration, not to the organized or disciplined standard or followed policy.
    6. Conventional defenses in “cyber” warfare are easily circumvented and those that set conventional policy are the easiest to hack.
    7. If someone wants to breach your security seriously or badly enough – they will.
    8. The best defense is one that never blinks or sleeps or needs a break, is always on and is real time. Problem is, that is a big challenge for people that have secure benefits, families, run errands for the wife, and go home on holidays and weekends.  Hackers sleep only when they need to.
    9. Closing the barn door after the horse is gone does little good – if one program costs hundreds of millions of dollars to create innovation – and the R&D is acquired with very little work and time by an adversary, then the hack has met its goal and the owner of the R&D and his program has been compromised. It isn’t a simple task, for example, to fund and redesign a modern warfighter component that was years in the making once an enemy acquires your design.
    10. eCommerce is insecure – but so is regular commerce including banking (lead pipe rule)
    11. Advancing and emerging hacker technology always defeats information security policies.
    12. Risk analysis matters more than policies and compliance – stopping an attacker in their tracks on the next hack is far more important that compliance.
    13. There is no accountability for poor security – only excuses.
    14. Competent adversaries exist and are growing in ranks (ATM hacks, Heartland, etc.) Cyber threats are increasing not decreasing.
    15. Confidentiality is a function of time and energy.
    16. Bureaucracies are threatened by people who want to know how things work and hackers demand the right to know.

    Wednesday, December 12, 2012

    Midtown Assassination: Smile! You're on camera.


    A young man was brutally murdered in New York City by way of what many in the media and even law enforcement have deemed a "professional hit".  It was called a "professional hit" mainly due to the pre-hit surveillance on the target and the manner of execution.  However, there are some glaring errors I believe will lead to the killer(s) and co-conspirator's capture.  

    I'm not sure how much many of you know about the assassination "business".  To say the least, as a lay person myself, I can only guess there would be some rules of the trade.  Let me share a few that I think would be important:
    1. Always be aware of your surroundings.  In order to be a successful "hit man", you need to have the element of surprise and concealment.  You need surprise so your target doesn't become alerted to what you're trying to do (i.e. killing them).  If you're a person hired to kill someone, I'm imagining it would be bad for your target to turn around and see you carrying a pistol and getting ready to kill them.  Typically, a "hit man" would need concealment as well so there aren't any potential witnesses who could give away their activity to the target or the authorities.  So can someone explain to me how this "professional" killer didn't take note of the closed circuit television camera and the numerous car a few feet away?  The last thing any "professional" wants is to get caught on tape.  Last I checked, murder for hire is capital offense.
    2. Never do a "hit" on a busy street or in plenty of light.  The way most CCTV cameras work is by using ambient and low-level light to illuminate the images they're capturing.  Most burglars know this - thus why they do what they do at night and in low light.  If I'm to believe what my eyes are showing me above, there are several shadows which appear to be pedestrian feet somewhere in the northern quadrant of this photo.  I can also make out the victim and the killer's face.  Again, another huge no-no for any "professional hit man".
    3. Never allow your escape to be captured on video or by witnesses.  Witness reports are emerging that people saw the killer do the "hit" and noted a probable get-away vehicle which has since been discovered.  It doesn't take a genius to figure out what's about to happen next if not already.  The vehicle will be inventoried and searched for any evidence to include fingerprints and trace evidence left by the "hit man".  Also, take a few moments and imagine how this could have panned out had some hapless witness saw this and blocked the sedan from leaving.
    4. Don't wait at the scene for 30 minutes outside of where you're going to meet the target.  Yup.  That's what this idiot did.  He waited for 30 minutes outside acting very suspicious.  He was seen pacing back and forth by the sedan that was later recovered.  In case you weren't aware, New York is home to some of the most aggressive police in the Western world.  So having a loaded pistol and seen pacing back and forth while waiting for your target is probably not what you want to do.  Below is surveillance footage released by the suspect as he's seen walking and hanging out by his getaway vehicle.  

    So what does this mean for those of us in security and law enforcement?

    • There is an increased level of violence and brazen violent activity by organized crime and other nefarious organizations that use this methodology.  We need to do a better job of educating and encouraging more citizens to report suspicious activity.  We need more foot patrols in our urban areas.  We need to encourage proactive private security elements to be on the look out for suspicious activity and report it to police as soon as possible.

    What this case does demonstrate is a very important lesson for all of us:
    • Report any and all suspicious activity.  There is no harm with having a police officer come out and investigate the nature of your suspicion.  That's their job.  No one wants to be a snitch but a man brought a weapon into a neighborhood where anyone could have been a collateral victim.  Having the homicide detectives show up two hours later is not the way to keep your street safe.  Call it in.  If you don't want to get involved and just need to make the initial report so someone will come out, make the call and tell the operator you don't want to give your name.  Explain you'll make a statement if it turns into something where a serious crime has been committed.  Many time the police may not need you to make a statement.  One call to the police could have spared this young man's life.  Now we'll never know.

    Monday, December 10, 2012

    VIDEO: Holiday Crime Prevention - The Tampa PD Way


    The Tampa Police Department got a little "creative" with sharing sound holiday crime prevention tips.  While I fully expect you to indulge in quite the hearty laugh at the comedic effort, please take their message to heart.  Many thefts which occur during the holiday season can be prevented.  An old adage I shared with base personnel from my days as a crime prevention officer in the United States Air Force is "the key to preventing most crimes rests with victims not police officers."

    Cybersecurity | Senator Lieberman speaks before Senate about the need for cybersecurity legislation by JoeLieberman



    The U.S. Senate Wednesday rejected a second chance to move forward with critical cybersecurity legislation supported by top-ranking members of the nation's intelligence, national, and homeland security communities. By a vote of 51-47, the Senate failed to approve a procedural motion to end debate on the bill, S. 3414, and move to a final vote. Read the full text of the Senator's statement here: http://www.lieberman.senate.gov/index.cfm/news-events/news/2012/11/senate-rejects-second-chance-to-safeguard-most-critical-cyber-networks-protect-economic-national-security

    Senator Feinstein on Cybersecurity by SenatorFeinstein



    Senator Dianne Feinstein spoke on the Senate floor on Nov. 12, 2012, about cybersecurity and the need to protect the United States from devastating cyber attacks.

    How the LAPD are slashing car crime with Geospatial Intelligence by dgieurope



    DGI's Online Editor, Dan Mellins-Cohen takes an unlikely turn at the geospatial intelligence and defence conference and speaks to Captain Sean Malinowski of the Los Angeles Police Department to find out the remarkable way they are utilising the power of geoint to slash car crime in LA!

    Why Senator Tom Coburn Is Wrong About Columbus

    Pro 3XE Underwater Search and Recovery Vehicle cited in Senator Tom Coburn's report
    Credit: http://www.atlantasmarine.com/product/videoray-pro-3-gto

    Last week, Senator Tom Coburn released a report criticizing various municipalities and the Department of Homeland Security for spending taxpayer dollars frivolously on various pieces of equipment, training exercises, and conferences.  His report, titled “Safety at Any Price: Assessing the Impact of Homeland Security Spending in US Cities, mentioned several cities including Columbus, Ohio.  I grew up in the Buckeye state for a while. As such, I pay attention to any allegations against our capital city, particularly with respect to homeland security.   So, I read the report and was surprised by its allegations.

    On his web site, Senator Coburn states,
    "Columbus, OH’s Underwater Robot: Columbus, Ohio recently purchased an “underwater robot” using a $98,000 UASI grant. The robot is mounted with a video providing a full-color display to a vehicle on shore. Officials on the Columbus City Council went so far as to declare the purchase an “emergency,” not because of security needs, but because of “federal grant deadlines.” If the money was not spent quickly, it would have returned to the Treasury. (Pg. 27 & 28 )"
    In the report, he goes on further to state,
    "The Columbus dive team, however, is responsible only for underwater search and recovery missions – not for rescue missions that may happen during a terror attack.  One of the team’s higher profile missions in recent years was the recovery of a
    $2 million “sunken treasure” in the Scioto River."
    So, naturally I did my own "investigation" into this allegation made against Columbus and DHS. Here's what I found out:
    1. Columbus's police department is solely responsible for search and recovery.  It's in the standard operation procedures.  That much is true.  What his report fails to acknowledge is that after a terror attack the most important job any first responder agency can have is the search for human remains and evidence.  That too is in their SOP.  It states, "Underwater search and recovery operations encompass underwater criminal investigations, the recovery of bodies and property, and other operations, which by their nature fall into the scope of duties and obligations of the Division of Police."  Additionally, the Scioto River is 218 miles long and goes through downtown Columbus.  It also lays along the "approach" for Columbus International Airport.  Any counter-terrorism expert worth his/her salary will tell you this would be a natural place for an attack to occur and for law enforcement to begin search and recovery operations.  Given that debris fields from most major attacks extend for miles, it would be prudent for any law enforcement agency to look for evidence and possible human remains along this river.  My favorite item to back this up came from the FBI dive team site.  Yup.  The FBI says, "Our underwater experts can find clues and map out crime scenes in exactly those places and more...They’ve got some fancy tools and technologies to help them do their jobs: “side-scan sonar” that can detect debris...miniature remote-controlled subs that send real-time color video to the surface for on-the-spot identification and that can make videotapes of underwater searches for future use.  We’ve called on our dive teams many times over the years since the first one was launched in 1982. For example:  When TWA Flight 800 exploded over the Atlantic in 1996, our New York team helped scour a 40-square mile patch of the ocean floor, recovering the remains of all 230 victims and 96 percent of the airplane....Our teams have even traveled overseas to support such investigations as the terrorist attack on the USS Cole."
    2. Columbus, Ohio is/was a terrorist target.  Many people don't think of Columbus, Ohio as being of major interest to al Qaeda.  However, in 2004, we learned different.  Nuradin Abdi, a Somali native plotted with three of his friends to attack a Columbus mall. Abdi entered this country with the sole intent to target Americans, after illegally entering in 1999.  In 2002, he along with two friends discussed bombing a mall in Columbus.  Abdi was sentenced to 10 years and was deported back to Somalia in November 2012.  Here's a link to his indictment - http://www.investigativeproject.org/documents/case_docs/85.pdf.  Here's a map of downtown Columbus.  Note it's approximal distance to the airport and the Scioto River:
      View Larger Map
    3. The Homeland Security Grant Program (HSGP) this grant is managed states its purpose is "to directly support expanding regional collaboration and is meant to assist participants in their creation of regional systems for prevention, protection, response, and recovery."  Part of any response and recovery effort is search and recovery.  Seriously.  Anyone who took Emergency Management 101 knows that much.  The quicker you get to the bodies and the evidence the sooner you can figure who attacked you and more importantly, how.
    4. The New York Police Department has the same robot.  How is it that I'm the only one who caught that?  That's right.  NYPD uses this robot on the missions I described and for bomb detection as well.  Why?  Because they have a river that flows through the heart of their city.  The only exception is the Scioto currently doesn't allow commercial ships due to the 2012 drought.
    5. DHS did have a deadline that was approaching and the city council deemed funding was neccessary and determined it an emergency.  Why would call this an emergency?  Because of the ridiculous amount of time it takes for a city to make any purchases on their own.  The city simply didn't have $98k for an underwater robot.  What the report failed to mention was the city had done this numerous other times in an attempt to stockpile on homeland security equipment they felt they needed.  They purchased a similar robot for their fire department.  The exception is the fire department can't use their robot or their divers for recovery of evidence or remains.  This simply is not in their area of operations (AO).
    So there you have it.  The truth about Columbus isn't what Senator Coburn made it out to be.  Senator Coburn is trying to bill himself as a good steward of taxpayer money.  While I appreciate his diligence, I am struggling with why he didn't go to these cities himself and ask the same questions I did.  Moreover, why isn't his staff asking these questions instead of producing hilarious cover art for his reports.


    Video: The History of Access Control

    The history or evolution of access control is congruent with the history of security.  Some would argue that it is the cornerstone of what we think of as being "secure". We have tailored a many of our defenses and detection apparatus towards our entryways first because that's where we feel the threat is more likely to attack us from there.  In most cases this is true.  That being said, there has been an almost comedic approach to how we should conduct access control using technology as an aid.  It seems like security technology researchers work overtime just to find parts on our body to determine where we're most unique to qualify as an "identifier".

    This video is an ode to such approaches.  While modern access control technology is effective in certain applications, this video demonstrates how we've gone from being okay with being "secure" to needing to be "mega-secure".  It was made by Peter Lanaris of Lido Distributors, a supplier of HID products, access control accessories and ID badging supplies.


    Wednesday, December 5, 2012

    Review: Guardly Will Change What You Think About 911


    As you know, I am always looking for cool security products to talk to you about. About a week ago, I started a conversation with Josh Sookman via LinkedIn about his mobile application called Guardly. According to the company's web site, Guardly is "a platform for emergency communication that changes the way mobile personal safety is delivered. Smartphone users that find themselves in an emergency situation can alert, connect and collaborate with local authorities as well as their own personal safety networks in a single tap. Guardly is committed to dramatically decreasing the amount of time it takes responders to arrive at an emergency."  The company was founded in August 2010 and its mobile application is available for download on Windows, Android, Blackberry, and iTunes.

    So how does Guardly separate itself from competitors that in my opinion, failed miserably. It stands out on the information it provides to dispatchers and emergency contacts. Most companies who attempt to do what Guardly has done will at a bare minimum only provide maybe a GPS location and will often limit how many people you can notify. According to Mr. Sookman, "Within 5 seconds, Guardly can provide information like who is involved, what is going on (type of emergency) and where the emergency is." if you've ever been in an emergency dispatch center or an actual emergency situation, you know how critical timing is with getting this type of information. As they say, "The sooner the better." On college campuses who used the application they noticed an overall reduction in response time by 44%, according to a case study published by the company. Vicki Brown, Director, Campus Services Security at OCAD University says, "Our partnership with Guardly enables the University to extend the reach of its emergency phones on campus by putting a virtual emergency phone onto smartphones carried by students. It also enables us to track changes to the location of an emergency in real-time and communicate with the victim and his/her responding safety network throughout the incident until resolved." 

    Guardly can also provide information like alert history which according to Mr. Sookman, is useful in situations like harassment or domestic abuse. This is information other jurisdictions may not have, particularly if the original agency is in the private sector. Guardly enables the original agency to forward the intel it has on a particular emergency via its Enterprise platform. Of course, as a personal download choice on your mobile phone, there won't be an alert history to share.

    A few days ago, I wrote a piece on duress situations and how important it was to have duress switches in areas where the interaction between suspect and victim take place. Guardly does this as well. Once you tap the Guardly icon, it counts down from a preset number while vibrating each second and automatically sends out an alert. Depending on your preference, it can be set to automatically call 911 and your emergency contacts or just your contacts. Guardly also used what Sookman termed "geofences" which in essence are geographical boundaries. Guardly enterprise customers set up "geofences" around their respective properties on a map and when alerts come through in their fence they receive a "status update". If the institution is sending first responders like security or in-house medical and the caller escalates the emergency to a 911 call center that sends an outside agency to respond, the customer is alerted and can send the caller's alert history and profile data to the 911 dispatcher.

    Initial screen you see when you tap the Guardly app

    I found setting up Guardly was extremely easy. You fill out some very basic information, followed by certain health information like blood type or any other known medical information. It will also ask for your addresses (home and work), email, and backup numbers. You will need to provide information on your contacts like name, cell phone number, and email. I recommend cell phone numbers for contacts because Guardly can also send texts to them as well. What I found interesting was that it warns users to alert your contacts that you've made them emergency contacts. I got at least three emails from people asking what the service was (Guardly will send them an email to confirm that you have added them as a contact). I did this to see if my contacts would in fact get an email.

    What is unique, on both its personal and enterprise platforms, are its emergency contact groups. In my opinion, this is where Guardly makes its most notable departure from its rivals. You can create groups depending on the types of emergencies you expect to encounter like food allergies, stalking, abuse, etc. I have one set for work emergencies.  Once an alert has been sent out, your contacts can then join a conference call about your emergency with you and the dispatcher using the infrastructure from your cellular provider through Guardly.

    Typical Guardly collaboration screen

    Did I mention you can even send a photo to the dispatcher or your emergency contacts? It will allow you to send an instant message from your phone to the dispatcher. This, of course, is available only on its Enterprise platforms. Mr. Sookman informed me they have customers ranging from campus police, corporate security elements, real estate agencies, and private security firms. A visit to their web site is a testimony to the success they've had with these entities. LeFrancis Arnold, President, California Association of Realtors says, "With criminal attacks against realtors on the rise and the prevalent usage of smartphones by realtors,it was a natural fit to equip our members with Guardly as a tool to stay safe...We encourage members to take advantage of this technology and to share it with family, friends, and clients." Mr. Sookman told me there has been "some expressed interest" by municipalities in the United States and Canada.

    Given my experiences with this application, I would HIGHLY recommend any agency who deals with emergency situations to take a serious look into Guardly.

    To learn more about Guardly and how it can benefit you or your organization, click on the link below:

    Tuesday, December 4, 2012

    Top 8 Coolest Android Apps For Security Professionals

    As a security professional, I recognize that I am in a niche career field.  With regards to being in a small but growing industry, I'm forever discovering the small amounts of electronic tools to aid me in my professional endeavors.  Even worse, I have an Android smartphone.  If you've Googled anything having to do with apps or web sites that have tools for our industry, you already know iTunes has a significant portion of quality products.  I'm no quitter and I like to think outside of the box.  Over the course of this year, I discovered several apps that have just the right tools needed in this job.

    1. First and foremost is the note-taking app - Evernote.  This app when paired with an existing account through their site enables you to take notes, record audio, tag your location, and attach pictures and other documents.  Whether you're in an investigator or a physical security planner in the field, this app is perfect.
     Click here to learn more.


    2.  Next up is EvidenceCam. This app will - stamp your GPS coordinates, date/time, and address where you're located as well as include a "Notes" tab to add user notes regarding the photos captured. This app is great for investigators who take photos for evidentiary reasons. Here's an actual shot from EvidenceCam.  Click here to learn more.


    3.  FloorPlan Creator is perhaps one of my favorites.  It allows you to use your camera and through "augmented reality" create a virtual floor plan of just about any room.Check out the video below to get an idea how it works or click this link to download.



    4.  News360 is a news app which takes your interests and compiles news based on them. Awesome for those times when you need a single place to go for your news.  Here are some if its features I enjoy the most.
    • More than 30,000 sources, from the top national news providers, to local and niche sites and blogs
    • The Home feed - stories from the day’s headline news and your specific interests are merged together into a single stream, so that you don’t have to jump between sources and topics to avoid missing anything important 
    • A flexible and smart personalization system, so that you can tailor your news however you want, by choosing the topics, sources, companies and people you want to follow, and News360 will pick up on the nuances of your interests as you read 
    • Synchronize your interests and saved stories with News360 on your phone or at news360.com 
    • Local news using your tablet’s GPS
    Click here to learn more.

    5.  Ever been out in the field or at your desk trying to determine how a particular vehicle looked?  If you're in the field doing an interview or doing a statement, it can be quite frustrating to rely on a description by a witness or your own recollection possibly hours later.  There's an app to help you accurately identify vehicles called The Patrolman's Vehicle Guide.  According the app's description section, 
    "The Vehicle Identification System (V.I.S.) is the only Patrolman’s vehicle guide that’s made by police officers for use by fellow officers. It’s perfect for law enforcement officials to use on the streets, for pinning down vehicle information when interviewing victims and witnesses, or to help determine or rule out suspect vehicles in an investigation. This app works great for security officers on patrol, too.

    Inside this application, there is an extensive image database of almost every make and model of vehicle released in the past decade. It’s fast, easy to use, and can cut out a lot of time and legwork from the investigation process, which may mean the difference between solving the case or having it go cold."
    To learn more click here.


    6.  Remember me blabbing about Evernote earlier?  Well, give me a second to talk incessantly about PolicePad.  Those of us who have done security operations or law enforcement know how hard it is to take professional and legible notes while you're in the field.  Notepads have pages that can be torn or lost.  As luck would have it, something happens where your have to right a report with accurate times, location, people, and dates.  PolicePad does all of that and a bit more.  Click here to learn more.


    7.  Okay.  There are "cool apps" and then there are COOL apps.  SmartTools is definitely the latter.  It is an all-in-one measuring tool app.  Through the use of the tech available through your phone, it can determine length, angle, slope, level, thread, distance, height, width, area, compass, metal, sound level, and vibration. It also comes with a flashlight and a magnifier. I told you it was awesome. Click here to learn more.



    8.  Let's face it folks.  We meet some interesting people in some very challenging situations.  A prudent security professional realizes any interaction with possible threats can escalate very quickly and has a plan to mitigate the risk from that happening.  One tool I recommend is Guardly.  It's a duress alarm/emergency notification/safety app.  According to the app's description section,
    "Out of the box, Guardly comes packed with a free service that allows you to reach everyone in your safety groups by one-way emergency alerts, which include your location, group name and other information that can help them reach you.

    Guardly’s premium service instantly connects you to a multi-party conference call, private and secure instant messaging session and real-time location tracking throughout the span of your call for help."
    To learn more about Guardly, click here.  Stay tuned because we'll have more details in the very near future about Guardly.  For now just take our word for it, this is an awesome app.



    Folks, this list isn't all-inclusive but I think these apps have been extremely helpful to me in my professional endeavors.  Take this opportunity to look them over and let me know if you have some others you'd like to see added.

    Monday, December 3, 2012

    Honeywell Gets How Duress Switches Should Be Designed

    Duress alarms are nothing new.  I recall during the early years of my career setting off a few by accident.  If I do remember anything else, it would be where they were installed.  The vast majority of accidental annunciations were caused by poor placement.  Many were located near an area where you sat like a desk but that sat knee-high on the average person.  Or they were placed were everyday objects were nearby and prone to collision.

    So you can imagine how delighted I was when I caught this little gem while perusing another blogger, Colin Bodbyl's site - Zeecure.  In this video he's reviewing the Honeywell 264 Money Clip. This is a duress/hold-up alarm designed for cash-only businesses and activates a silent alarm to a central station or the police when the cash is removed from the clip. Of course, this would need to be installed with an existing alarm system.  But this, as Colin aptly pointed out, you no longer need to have a very conspicuous duress button to be located discretely.  Now, the robber gets the "bait-money" and the alarm is set with very little to be done.  Imagine having help dispatched at the onset of the robbery instead of wasting precious seconds or minutes trying to call or push a duress button while completing the transaction.

    An additional problem faced by many security practitioners, with regards to duress alarms, is appearance.  Many duress alarms look like switches with no correlation to where they're placed.  For example, why place a duress switch near a counter-space with no electro-mechanical devices near it?  Why not place it where operator and suspect will have their interaction and it not be seen or look to obvious?  I think designers should remember one key thing about duress switches - ALL BAD GUYS WATCH HEIST MOVIES.  This means they're expecting the duress switch.  Why put employees in danger by having a small metal switch near them?  Why not have something like the Money Clip installed where the interaction is and triggered by the interaction and not the employee?  The awesome thing about the Honeywell 264 Money Clip is it looks like a standard clip found in any cash register or cash drawer. It should be noted Honeywell offers three other types of duress/hold-up alarms to include the 256 Foot Rail, 268 Hold-up Switch, and the 270R Hardwired Hold-up Switch in a plastic case.  A prudent customer would require redundant systems (any of the devices listed previously strategically placed inconspicuously) and (if it's not already included) a duress code (numerical code known to select insiders) added into any alarm control panel as well.  I would prefer one that caused the alarm panel to function normally but send the duress signal to a central station or police dispatcher.  Many systems are designed like this.  However, there are some that are not.  Colin also has some unique uses for it as well.  Check his review out below.





    Click on the link below to get product information:

    Click on the link below to find out where to purchase it:

    Sunday, December 2, 2012

    Force projection Mexican Style

    Drug cartels in Mexico have a proven need for force projection in order to secure their territory. Learning from dictators and criminal enterprises before them, they use a variety of tools to accomplish this ranging from public execution to kidnappings. In the video below, a cartel is filmed using armored civilian vehicles with armed men to demonstrate the prowess of their strength akin to what one would expect to see in far away lands like Somalia not a city a few hundred miles from the world's most powerful democracy.



    Does the Border Fence work? by thewalldoc



    Is the Border fence "working"? Is it stopping illegal immigrants and drug smugglers? Go to http://TheWallDocumentary.com to watch more. The Wall is available on DVD on Amazon.com! http://www.amazon.com/gp/product/B0047PF7KC

    The New Bath Salts? 'White Bull' Cocaine Substitute by TheYoungTurks



    "ADULT stores are selling a synthetic cocaine called White Bull for $100 a gram. This is twice the price of old-fashioned amphetamines that bikies used to cook - and we were told it's stronger than the real and illegal stuff. White Bull is part of a $200-million-a-year catalogue of legal highs that adult stores are marketing as an offset for the drop in DVD sales because of the prevalence of online porn. The man behind the counter at Love Play had only two little bags of White Bull left for sale. He said the store sells out every weekend. ''Less is more with this stuff,'' he said. White Bull is an apparently legal substitute for cocaine, which retails illegally for $350 a gram. ''The feeling is that of cocaine, speed, ecstasy,'' he said. Meaning it keeps you awake, a bit horny and somehow sets a disco beat rocking in your head. It also makes your heart beat faster, and put on a hot glow that suggests one's thermo-regulation system is out of whack."* Cenk Uygur and Ana Kasparian discuss "White Bull," a new synthetic and legal drug that claims to mimic the effects of cocaine. Is White Bull opening a new can of worms? Or is it just a way to raise sales in adult stores? Read more from John Elder/ The Age: http://www.theage.com.au/victoria/hot-market-for-legal-cocaine-20121124-2a0g8.html#ixzz2DtGsKMKj

    South Carolina Governor Discusses Cyber Intrusion by ThePentagonChannel



    South Carolina Governor Nikki Haley talks to TPC anchor SSgt Josh Hauser about South Carolina's recent cyber intrusion and what help is out there for those affected. http://www.dvidshub.net/video/192098/south-carolina-governor-discusses-cyber-intrusion

    Saturday, December 1, 2012

    BruceSchneier - The security mirage - TedX_2010 by Елизавета Павлова



    INFOGRAPHIC: Is Big Brother Watching You, Europe?

    I made the inforgraph below to highlight for those who may be unaware the growing prevalence of CCTV systems throughout Europe.  I was somewhat surprised Oslo was only short 1 percent from tying London as having the most, considering London's known onslaught of surveillance systems.  Though the data is somewhat out of date and certainly not concrete, it is interesting when we remember those numbers have probably increased a great deal and have become much more diverse in their sophistication and development.  I (and so should you) would be curious if those numbers slowed down with the economic downturn experienced throughout most of Europe.  My guess is not as much as one would assume, given that CCTV systems have gotten less expensive and much more easily installed since this report came out.  I have attached the report for your perusal.


    The Thriller on the Twitter Has Begun! G4S vs Securitas

    Okay, folks.  *cue drum roll*  The Twitter Account Showdown of Top Security Firms for 2012 has begun.  Today, we look at the accounts of G4S and Securitas.  It looks like G4S has muscled its way passed Securitas in almost every category. Until next week.



    create infographics with visual.ly

    Friday, November 30, 2012

    US Navy X-47B UCAS first land-based catapult launch by theworacle



    US Navy video of the first catapult launch of the Northrop Grumman X-47B unmanned combat aircraft system demonstrator (UCAS-D) on Nov 29, during shore-based aircraft-carrier integration testing at NAS Patuxent River, Maryland. The X-47B is to take-off and land on a carrier at sea in 2013.

    About Us