Saturday, December 31, 2011

Photoshop: Shark vs SEAL

I ran across a funny pic today, courtesy of the folks at Yell Magazine.  I thought I'd share.  Here's hoping you have a safe and happy New Year except if you're al-Shabaab in which case - well, you get the idea.

(Courtesy: Yell Magazine)

Friday, December 30, 2011

Terrorist Group of the Week - The Sicarii

In a quest to learn more about terrorism and its roots, I've decided to start two new series:  Terrorist of the Week and Terrorist Group of the Week. The criteria is quite simple: I'll be showcasing different groups and individuals according to their interests to me and their significance to terrorist activities.

The first group I'm profiling is the Sicarrii, an ancient Jewish extremist group who used assassinations and kidnapping to expel Romans and other foreign entities from Judea. Many scholars point to them as the "fathers" of modern terrorism. This is not a stretch considering the methods and motives were practically unheard of prior to this. Most revolutions began once armies could be formed to engage occupiers on the battlefield. The Sicarrii did not have the time nor the resources for a conventional army so they used the unpredictability and lethality of their daggers to inflict psychological and strategic casualties on their enemy. These ideas are not foreign to any terrorist groups. Many use assassinations, kidnapping, and other means in order to achieve similar results.
Sicae - ancient dagger used by the Sicarri. Often hidden in their garments,
it was the preferred weapon due to its stealth and concealability.
What made the Sicarri unique was their use of stealth. They hid small daggers under their cloaks called sicae. As it was often difficult to their enemies alone, they often waited for them at mass gather points to strike them. Hidden in a crowd, they could operate without worry of detection before, during, and after the attack.

Who did they go after? Their targets of choice appeared to be Romans and their sympathizers. Some of their notable victims included Jonathan the High Priest, a suspected collaborator. Many were Roman soldiers and administrators. Like most terrorist groups, they struggled to gain popular support. And like most terrorist groups, they turned on the people they were liberting to get their support. At the beginning of the Jewish Revolt of 66 AD, the Sicarii, destroyed the city of Jerusalem's food supply so that the people would be forced to fight against the Roman siege instead of negotiating peace.

Mountaintop fortress and one of the most revered sites in Jewish  history .

Still haven't heard of them?  Ever hear of a place called Masada? That's right - these folks made the infamous stand at Masada along with their leader Simon Bar Giora. He and a group of followers made their way to the abandoned mountaintop fortress in 72 AD.  The standoff lasted until 73 AD when the Romans took over and discovered how deep the Sicarrii conviction was. They all committed suicide rather than surrender.

Thursday, December 29, 2011

DEA Warns of Extortion Scams Using Online Pharmacies and DEA Agent Imposters

Buying prescription drugs online has always been a risky endeavor.  Customers have been duped by  fraudsters who ship placebos and collect their cash.   Or they may not ship at all and just keep the money.  As if that weren't bad enough, the Drug Enforcement Agency is now claiming people are being foiled again using a new scheme.

Impersonating DEA agents, the criminals are using these transactions to call the customers back and threaten arrest for violating drug import laws if they don't wire money to the fraudsters.  Some people have caved in and paid the money only to realize the scheme too late.  Who falls for these crimes?  The elderly usually are easy prey to these.  This is due in part being the largest consumer base of online pharmacies due to the availability of less expensive drugs sold from overseas merchants.  Often, they do not understand the drug import laws and are more likely to not question seemingly authentic authority figure to avoid further trouble.

According to The Denver Channel,
“I’m 52 years old. And I feel like the stupidest person on the earth. Why didn’t I listen to my husband. Why didn’t I do something different? Why am I so darn trusting after all these years?” said a Jefferson County woman who asked to be known only as Elizabeth.

She's cooperating with the DEA now and said she had purchased a weight-loss product online earlier this fall, and soon started getting phone calls at home from three different men, claiming a connection with the DEA.

Elizabeth said she wired nearly $10,000 to individuals in the Dominican Republic, believing she was avoiding jail time.
As you might have guessed or known, it is a crime to impersonate a federal agent.  The DEA is asking anyone receiving a telephone call from a person purporting to be a DEA special agent or other law enforcement official seeking money to refuse the demand and report the threat by calling 877-792-2873.

For further information, the DEA has a page regarding the scam at:

Synthetic Marijuana: Will the law ever catch up to science?

We have reached a point in our "war on drugs" where the laws fail to keep pace with the science behind designing and concealing these drugs.  That seems like a very emphatic statement from a guy who has no degree in science.  However, a story I discovered by the Washington Post has helped me reach this conclusion.  The article outlines how illegal drug chemists have successfully thwarted prosecution by using chemicals not on the drug schedule list set by the Drug Enforcement Agency to manufacture drugs like "spice".

The National Institute on Drug Abuse has this to say about "spice":
“Spice” is used to describe a diverse family of herbal mixtures marketed under many names, including K2, fake marijuana, Yucatan Fire, Skunk, Moon Rocks, and others. These products contain dried, shredded plant material and presumably, chemical additives that are responsible for their psychoactive (mind-altering) effects. Spice mixtures are sold in many countries in head shops, gas stations, and via the Internet, although their sale and use are illegal throughout most European countries. Easy access has likely contributed to Spice’s popularity. While Spice products are labeled “not for human consumption,” they are marketed to people who are interested in herbal alternatives to marijuana (cannabis).
The chemicals used to make "spice" and are of concern to the DEA are CP 47,497 and homologues,HU-210JWH-018, and JWH-073.  One chemical which should have caught your eye is HU-210.  It was recently listed in the Targeting Transnational Drug Trafficking Act of 2011 which prohibits "the manufacture or distribution of a controlled substance in schedule I or II or flunitrazepam by individuals having reasonable cause to believe that such substance will be unlawfully imported into the United States or into waters within 12 miles of the U.S. coast. Prohibits the manufacture or distribution of a listed chemical: (1) intending or knowing that it will be used to manufacture a controlled substance; and (2) intending, knowing, or having reasonable cause to believe that the substance will be unlawfully imported into the United States." This is important to note because chemists have gotten smarter and realized they no longer need HU-210 or any of the other compounds to have similar effects.

Due to the ever-changing illicit drug landscape, Senate bill 1612 (Targeting Transnational Drug Trafficking Act of 2011) was drafted.  It would help federal prosecutors charge those who imported or made chemicals used for the explicit purpose of making these compounds.  According to the summary text of the bill,

"Makes it sufficient to prove a conspiracy to commit an offense that requires the person to intend, know, or have reasonable cause to believe that a controlled substance will be unlawfully imported into the United States if only one member of the conspiracy had such intention, knowledge, or reasonable cause to believe."

However, as the Post article demonstrates, there are problems within states who do not have similar laws. Many states use archaic laws which specifically identify the drug and its current chemical makeup. They often fail to take into account how many times drugs like "spice" can be illegal one moment and legal the next due to the countless ways to make the drug without using any banned compounds. This is what gives these drugs their current demand among users who want to be able to purchase the drug "legally" without fear of prosecution. Another problem for some jurisdictions is testing. If you're testing for a group of compounds but the ingredients have changed or are masked, it could make reaching definitive conclusions about test results more difficult or near impossible.

When I was a security officer inside a housing area, I came across several young people who used synthetic marijuana they claimed was for "aroma-therapy". They claimed because this "legal weed" was "legal" because it only contained the scent of marijuana and not the compounds. I did my research and found that to be true as long as that was all there was to it. However, "spice" is known to have a similar scent as these "aroma-therapy" agents. Coincidentally, you can purchase these products online or in "head shops" around the country.

Aromatherapy "legal weed" on display at a storefront in Mississippi

The only way we can proactively combat this trend is to work on solving its underlying societal and individual causes for demand.  By simply eliminating supply or reducing it, you do nothing but increase its demand and value.  I'm not saying legalize it.  However, I believe until we mitigate how we as a society have failed to provide our children with enough intellectually and emotionally satisfying stimulants (i.e. loving homes, forward-thinking academics, community involvement, etc.), we will always be "behind the curve" in this "war".

Tuesday, December 27, 2011

Would you hire marijuana grower as your CSO? The Sinaloa cartel did....

Felipe Cabrera Sarabia is shown to the press under the custody of army soldiers at the federal organized crime investigations headquarters in Mexico City, Dec. 26, 2011. (AP Photo/Marco Ugarte)

When I read a headline announcing Felipe Cabrera Sarabia's capture, I was expecting a guy from Scarface not a guy who looks like he should be at a booth for next year's ASIS conference.  The media and the Mexican authorities have dubbed him Joaquin Guzman Loera's "security engineer".  What that means in the security industry and what that means for the guy who protects the assets and safety of the world's biggest drug cartel are two very dissimilar things.

According to Forbes magazine, "Sarabia has allegedly been running operations for the Sinaloa cartel in northern Mexico". Can you imagine if Steve Jobs had left the daily operations of Apple to his chief security officer? I'm not knocking the person but that's one heck of leap. In addition to finding ways to protect the cartel from the Mexican authorities, Sarabia had the somewhat daunting task of dealing with rival cartels. If you've been paying any attention to events south of the U.S. border, you know this is not getting easier.

How and why Mr. Sarabia earned the moniker "security engineer" are what struck me, given his increased responsibilities since his boss went into hiding. Forbes stated, Mexican army spokesman General Ricardo Trevilla said in a press conference on Monday, "Cabrera and three of his brothers began as marijuana growers and that Cabrera rose through the Sinaloa ranks by using violence against his rivals. In recent months, Cabrera waged war against a rival faction of the Sinaloa cartel known as the "Ms", leading to a surge in violence around Durango."

In this June 20, 2011 photo released by Mexico's Attorney General's office, police from the Federal Public Ministry looks at drums of precursor chemicals for methamphetamine that were seized in Queretaro, Mexico. Mexican authorities have made two major busts in as many months in the quiet central state of Queretaro. In one case, they seized nearly 500 tons (450 metric tons) of precursor chemicals. Another netted 3.4 tons (3.1 metric tons) of pure meth, which at $15,000 a pound would have a street value of more than $100 million. Mexico's most powerful drug cartel appears to be expanding methamphetamine production on a massive scale, filling a gap left by the breakdown of a rival gang that was once the top trafficker of the synthetic drug. (AP Photo/Attorney General's office)

Mexican authorities found 14 mass graves with 287 bodies in Durango.  Cabrera was busy.  Killing is one thing but drug dealing is a whole separate part of his job.  Mexican law enforcement  has seized over 550 metric tons of chemicals used to make methamphetamine, in the last 6 to 8 months.
Mexican police excavating a mass grave in Durango
Just in case you're wondering how do you capture someone like this?  The answer is quite simple - snitches.  I just want you to know I have zero verifiable information to back that up.  However, there a few things the Mexicans admitted that bring me to that conclusion.  They stated not a single shot was fired.  That meant they had actionable intelligence on where he was and how vulnerable he would be when they struck.  You don't get that by listening to a wire all day.  You need someone on the inside and clearly the Mexicans did.

What does this mean for his boss and the cartel?  The U.S. currently has a $5 million bounty for Loera, while the Mexicans want him for $7 million.  Not bad for a guy who Forbes listed as a billionaire with over $1 billion in wealth and was listed as #55 out of 100 on their World's Most Powerful People List for 2011.  As far as the cartel is concerned, who knows.  My guess is they'll capture or kill Loera (my money is on the latter) and they'll proclaim a major "victory".  This will put a very small dent in the overall drug trade, as the international appetite for drugs continues to grow at an exponential rate.  Supply and demand is the law of the drug trade.

If you have any information about the whereabouts of Mr. Loera, call:
1-877-WANTED2 (1-877-926-8332)

Terrorist of the week: Yasi al-Suri

In 2005, Yasin al-Suri made al-Qaeda's
"Top 30 under 30." According to Uncle Sam,
his head is worth $10  million.
Have you seen this guy?  If you have, the United States government would like to have a chat with him.  In the age of the Global on Terror, what that really means is "If you have and would be so kind to let the United States government know, they will pay you a very large reward fee for being able to put him in the crosshairs of a drone pilot."

What did he do?  According to the State Department,
Ezedin Abdel Aziz Khalil, more commonly known as Yasin al-Suri, is a senior al-Qaida facilitator based in Iran. Al-Suri moves money and recruits from across the Middle East into Iran, and then on to Pakistan, to support al-Qaida’s senior leadership. Iranian authorities maintain a relationship with al-Suri and have permitted him to operate within Iran’s borders since 2005.

Al-Suri facilitates the movement of recruits for al-Qaida from the Gulf to Pakistan and Afghanistan via Iran. He is also an important fundraiser for al-Qaida and has collected money from donors and fundraisers throughout the Gulf. Al-Suri funnels significant funds via Iran for onward passage to al-Qaida’s leadership in Afghanistan and Iraq.

Working with the Iranian government, al-Suri arranges the release of al-Qaida personnel from Iranian prisons. When al-Qaida operatives are released, the Iranian government transfers them to al-Suri, who then facilitates their travel to Pakistan.
As you might imagine, our "friends" in Iran flat out deny any connection. According to the Iranian news agency, Fars, Iranian Foreign Ministry spokesman Ramin Mehmanparast said, "The American government's recent unwise scenario regarding Iran's involvement in the September 11, 2001 attacks and the presence of an al Qaeda member in Iran is completely baseless. The US endangers international peace and security through repeating such false claims which are raised to meet Washington's political goals."

What's amazing about the reward and Yasin is the admission that he's been a liaison between al Qaeda and Iran since 2005 when he was 23 years old.  I know of drug dealing thugs who murder people every day and don't even have a sum this high on their heads.  Yasin's bounty is only $15 million less than Ayman Zawhiri, the new chief of al Qaeda.  What does this make Yasin?  I'll tell you what it makes him a high value target.  My guess is if captured or killed, Yasin's disappearance from the global terrorism scene would be a huge victory for American intelligence agencies as well as put a dent in the number of foreign fighters who appear to be growing exponentially.  Another reason you offer this kind of cash is because you know someone out there wants this money more than they care about Yasin.

So this leads me to wonder as to what happens if the government has actionable intelligence on his whereabouts possibly in Iran.  Do we send in Joint Special Operations assets to render him? Do we send in our drones? Do we apply "diplomatic pressure" (i.e. apply another series of ineffective sanctions with a country who does business with other countries not affected by our sanctions)?  Any covert actions, once discovered, could provoke the Iranians into more overt acts of aggression against the United States.

It is highly doubtful the US government expects to actually capture or kill him in Iran.  Why put up the reward then?  Perhaps it's a message for Iran to let them know we know who Yasin is and who he works for.  Whatever their reasons, the government is taking this guy very seriously.

To leave a tip (tell them The Security Dialogue sent you), click on the link below:

Here's a link to Yasin's wanted page:

Here's the Treasury Department's Press Release in July 2011 about Yasin's network:

Sunday, December 25, 2011

TSA vs The Cupcake Lady

Folks, I really do believe TSA has the toughest job during the holiday season.  They screen millions of travelers from all over the world.  Since the tragic events of September 11, 2001, the TSA has successfully kept America's skies safe.  That being said, there a few times in which the commit some of the dumbest mistakes in the name of security.

According to the Washington Post,

"Rebecca Hains said the Transportation Security Administration agent at McCarran International Airport took her cupcake Wednesday, telling her its frosting was enough like a gel to violate TSA restrictions on allowing liquids and gels onto flights to prevent them from being used as explosives." Here's the question that's going through my head - "Seriously?"

As a former military law enforcement officer, I can appreciate the zero-tolerance enforcement standards TSA has. In some security environments, it is best to enforce the rules with no exceptions. I also get the logic this TSA screener had. He or she saw the cupcakes with the glazed frosting which by the way probably looked nothing the ones above and assumed it was best to "play it safe".

Here's where things get strange. The cupcakes are allowed by TSA's regulation. I got this off of their blog listing typical "holiday items" you're allowed to bring on the plane:

Foods: Cakes, pies, bread, donuts, turkeys, etc. are all permitted. Here is a list of items that should be placed in your checked bags or shipped: cranberry sauce, creamy dips and spreads (cheeses, peanut butter, etc.), gift baskets with liquid or gel food items (salsa, jams and salad dressings), gravy (mmm gravy), jams, jellies, maple syrup, oils and vinegars, sauces, soups, wine, liquor and beer.
Is there "more to the story"? Probably. I think Ms. Hains encountered a very strict screener who was performing their duties as prescribed by law. Nothing wrong with that. However, the question which never crossed the screener's mind and is indicative of every foothold we in security take was "Is my taking this cupcake worth having my boss and the Secretary of the Department of Homeland Security hearing about through the Washington Post?" There are times when as a security officer you have to stick to your guns and take a stand no matter who it is you said the dreaded "no" word to. I'm just not sure two cupcakes from a previously screened passenger (remember she went through two airports to get to this point with zero issues) is worth it.

So what do you do? There is no right or wrong answer. You have to be there to figure it out. Perhaps, I would have inquired whether she had the icing with her (i.e. Is the icing cup in your carry-on). Had she replied that she did, then I would have inspected the icing and made a determination from there. I do find it ironic this screener is with an agency which just implemented a risk based philosophy towards passenger search criteria which is supposed to use intelligence, behavioral, and travel pattern data to eliminate these sorts of things from happening.

For a complete list of prohibited items, go to

Saturday, December 24, 2011

GRAPHIC: UAV fleet breakdown

Here's a pretty cool graphic from the folks at The Post.   It gives a breakdown of our current drone fleet.

The growing U.S. drone fleet - The Washington Post

Thursday, December 22, 2011

Commentary: Is censorship a security tool or a huge mistake?

Recently, I learned the U.S. government was looking at legal options to compel Twitter to cancel the accounts of foreign terrorist organizations such as Al Shabaab and the Taliban who are very active on the social media site.  These unnamed officials believe these groups are using their accounts to recruit and promote their propaganda.  As an observer and a person engaged in dialogue (okay - its taunting) with both of these groups, I can attest to the sort of messages they are referring to.  Often, the messages are full of their "exploits" and fail to address their brutality within Somalia's or Afghanistan's civilian populations.  Nor do they address any real plans for Somalia's future given its current economic and political situation.

However, I find the request to be somewhat superficial and insufficient.  It's as if they have no concept of how global the Internet has become in both scope and depth.  I'm perplexed as to what good they foresee coming from this.  By limiting the use of Twitter and other major social media sites, these officials have failed to address other sites for which they have ZERO jurisdiction over and would still be accessible to Al Shabaab and the Taliban's intended audience.  What happens when another site comes along and replaces Twitter as the messenger de facto of major transnational terrorist organizations and their franchises?  What happens when these sites are created and maintained on servers, the U.S. government has no control over?  The United States does not nor should it ever have a firewall like the Chinese do.

Also, they negate how this plays exactly into what these organizations want.  It demonstrates to young, disillusioned, frustrated, and impressionable people how the freedoms our government is supposed to uphold above all else mean very little to it.  In other words, we would be behaving like the governments these groups originally rose up against and from whose failings they gained significant momentum.  Don't get me wrong - I despise what these organizations are and what they really stand for.  I wholeheartedly believe they have an interpretation of Islam that is fundamentally flawed and inherently destructive for the Ummah.  However, censorship like torture, no matter how well-intentioned, produces none of the results you expect to get.

My final question to these lawmakers is, "Can we include domestic terrorist groups and organized crime organizations to the list to be banned?"  They create and promote atmospheres of violence and fear to achieve political goals.  We seem to be proclaiming a war on terrorism and actually fighting only one enemy.  What about the Jewish Defense League, Hutaree, the New Black Panther Party, or the countless other domestic groups that have or are using social media?  The Jewish Defense League whose members attempted to kill a U.S. Congressman in 2001 still has an active Twitter account.  Hutaree, which received notoriety after its members were arrested for plotting events which they believed would bring about the apocalypse, maintained and utilized their YouTube videos to showcase their tactical prowess. Google any violent hate group and their popular slogans and you will discover they or their members maintain and use a vast amount of social media for the same reasons as Al Shabaab or the Taliban. Yet, we've made no moves until now to remove a single group from these sites.

What good does it do to allow them to keep their accounts?  Any casual observers of the Taliban's "tweets" knows they usually receive a "special" reply from a certain other Twitter account.  That's right - the folks at NATO's International Security Assistance Force (ISAF) have an account and they get into a verbal skirmish almost weekly.  This is what Twitter is all about - the ability to say what you want and some other guy having the ability to quickly call "BS" on whatever crap you spewed out.  So while the Taliban uses this space to pass along its propaganda and possibly recruit active members or sympathizers (more likely), NATO has many people capable of answering back.  

Finally, it allows those people involved in intelligence to gather information we might not otherwise get.  It's like I used to tell younger cops - you want your suspect to keep talking even if he's lying because you can tell a lot even from a lie.  The FBI and Justice Department bust organized crime groups all the time using electronic surveillance.  Osama bin Laden was found because someone "talked on the wire".  People get careless the more they talk.  Take it from this former cop-turned-security pro - that's exactly what you want.
"Once you permit those who are convinced of their own superior rightness to censor and silence and suppress those who hold contrary opinions, just at that moment the citadel has been surrendered." ~Archibald MacLeish

Saturday, December 17, 2011

You found what in his pants?!

So this has been a rather peculiar week for the guys and gals at TSA.  Check out the latest find a screener made this week in Buffalo.

A passenger opted out of the body scanner at Buffalo (BUF) and during
the pat-down, a 9” nonmetallic serrated knife was found in his pants pocket.
The passenger stated later that he opted out of the body scanner  because he was
trying to get the knife through security.

Friday, December 16, 2011

UPDATE: Lost Drone or Trojan Horse?

So if you've been keeping tabs on the lost UAV in Iranian hands, you've probably read recently the Iranian claims that they brought the bird down with "electronic warfare".  Many experts have pondered on what techniques could have been used to bring down a "stealth" drone.  A popular theory has consistently been that the Iranians have spoofed the Global Positioning Satellite link between the UAV and its base and used that technology to "guide" the aircraft to their base in Iran.    It's even supported by a report done by the US Air Force on UAV vulnerabilities.  In a nutshell, the Iranians and these experts are claiming the Iranians tricked the UAV into believing the Iranians were the American base in Afghanistan in which it was supposed to be landing at.  What would this entail?  One theory I came across, via a comment on Bruce Schneier's original article on the lost UAV, was the Iranians could have used a mixture of high-gain antennas, a microwave link, and two aircraft following at the same speed as the UAV.

I have some issues with this theory from an intelligence standpoint, as it supposes a lot about the Iranians and their capabilities.
  1. It would lead you to believe the Iranians have a need to bring down a drone which is simply taking pictures that any high-resolution satellite could pick up albeit not in real-time.  The Iranians have known for quite some time that we've been using our technology to spy on them and what areas we would be "curious" about.  Heck, any fourth grade student whose ever played Call of Duty knows that as well.
  2. Second, it presumes the Iranians have the intelligence to know when exactly a UAV is flying and over which area.  Where would they get this type of information?  We have captured ZERO moles inside our government who would/could link sensitive drone technology/intelligence to Iran.  They would require an immense amount of verifiable data for such a project to be undertaken undetected and implemented almost flawlessly such as flight patterns (remember this is a "stealth" aircraft SEVERAL years in the making), satellite data which no other foreign government has used as of yet, real-time drone locations, and types of drones being flown.  Keep in mind the Beast of Khandahar wasn't "discovered" until 2009 at a base in Afghanistan
  3. Third, that it would have the time to detect and dispatch the necessary equipment to those areas.  Even if it had the intelligence necessary, it has little in the ways of "stealth" technology to test this against let alone test it without raising eyebrows in Washington or Tel Aviv. 
  4. Lastly, the Iranians never once thought to employ or use this in their campaign against the United States in Iran.  Seriously, why is this the first time the Iranians have showcased such a bird?  This presumes this is the first "stealth" UAV to fly over Iranian territory.  Surely, if they were as good as some pundits would have you believe, where are the other "stealth" drones?  I know - Iran, now claims to have seven other US drones.  What we know for a FACT is they have one verifiable drone in their custody.  How hard would it be to recreate a mock-up and say they "captured" the others?  Why now has the President requested just this one particular drone?  Because they only had this one and he already got what he wanted when it crashed.
  5. Just because something is possible does not make it plausible.  It is possible I could one day become the CEO of Microsoft, but given my lack of experience as the CEO of a major corporation, it is not plausible.  The same can be said of the Iranians.  They are great at many things.  And are a very good adversary.  However, this is a country that had a 7 year war with a country that took us a few months to overrun (barring the pseudo-quagmire that later ensued with the help of our Iranian "friends").  Having such technology could be useful, in many arenas and operational theaters for Iran, yet it only provides "fruit" for them now?
If I were in the business of punditry and consulting for major media networks, I would stick to the "massive intelligence failure" story.  However, I'm just a guy with a blog so I'll stick with what's plausible and wonder how a multi-million dollar "stealth" aircraft flown by the largest intelligence apparatus has a "mechanical failure" over an enemy's territory whose nuclear development program was brought to its knees by a computer virus invented probably by the aforementioned intelligence agency.

Police and ex-burglar working together......

Reformed burglar: Jason Fleming, 32, who broke into more than
150 properties, 
is leading an anti-crime campaign with Police Constable Andy Pickerin
Having spent 1/3 of my career in England, there are moments I truly miss it - in particular their attitude towards crime prevention.  I found a fine example of this in a Daily Mail (UK) article.  It seems a burglar went around scouting out new places to rob.  During his burglary scouting trips, he would note all sorts of things like houses and cars that were easy to rob and which tools would be necessary to gain access to them.  If you're wondering how the cops got a hold of it, that's simple - he dropped them while burglarizing a home.  As you can imagine, the police caught this latest Darwin Award recipient and he's been sentenced to two years imprisonment as a reward for his diligent work.

What makes this a crime prevention masterpiece?  It seems like the local cops weren't just satisfied with just arresting this perpetrator.  No, they saw a "teachable moment" as we Americans like to say.  They magnified the note and began posting it while conducting face-to-face meet-and-greets between local citizens and a "reformed burglar".  So what did they talk about?  He mention the vulnerabilities these residents had such as unlocked vehicles and doors which led into tool sheds or gardens and how he tempted had he still been engaged in his previous profession to pay them another visit.

Targeting Transnational Drug Trafficking Act of 2011 passed by US Senate

Ahhh snap!  According to United States Senate, the boys and gals at the Department of Justice and the Drug Enforcement Administration just got "additional tools to target extraterritorial drug trafficking activity".  Yesterday, December 15, they passed Senate Bill 1612 (aka Targeting Transnational Drug Trafficking Act of 2011) introduced by Senators Gloria Feinstein (D-CA), Richard Blumenthal (D-CT), Robert Casey (D-PA), Charles Grassley (R-IA), Charles Schumer (D-NY), Tom Udall (D-NM), and Ron Wyden (D-OR).    Basically, this makes it a crime to manufacture or distribute a chemical knowing or intending for its import into the United States specifically within 12 nautical miles of the US.  What does that mean?  Let's say, you distribute HU-210 (synthetic cannabis) which is "100 to 800 times more potent than natural THC".  Given the knowledge of its Schedule I status, any chemicals found to be used in its creation could become prosecutable.  The manufacturers of these compounds have also won themselves at the defense table along with you.  If enforced, this might have a profound impact on loophole-savvy "legal pot" storefronts.

Wednesday, December 14, 2011

What happens online - NEVER stays there....

Pay VERY close attention to what I have to say:
  1. The information you see below is not stored on our site and is only visible to you.  I found this site while looking for resources on background check (mostly locating skips).
  2. The information was allocated using information (i.e. torrent files you downloaded, IP address) your computer provided when you, someone in your home, or someone who gained access to your WiFi network downloaded those files.
  3. I am publishing this tool with the hope people will gain a better insight into how their activities can and are being monitored on the Web via information they provide sometimes unknowingly.
  4. There is a removal tool.  However, it only removes your information from their site.  I HIGHLY, HIGHLY, HIGHLY suggest you use it and never have a need for it again.

Tuesday, December 13, 2011

Lost UAV or Trojan Horse?

I'm sure you've read all the hoopla about the Iranians capturing a U.S. spy drone.  The news media has asked just about every intelligence "expert" they have on their rosters.  Most have taken the bait and sensationalized the story almost beyond belief.  The other day I heard someone call it a "massive intelligence failure". Others have claimed the Iranians will reverse engineer  this aircraft (actually the Iranians said this) and use its "stealth" technology.  Some have even lauded the "success" of Iran's first unmanned bombing drone also supposedly equipped with "stealth" technology.  You would think these guys were Romulans.

That's not C-4.....It's my denture cream!!

So, you going see your grandfather at the retirement village he now calls home.  During that visit, he tells you about his planned trip to Detroit.  As a security expert, you warn him about crime and other security-related issues there.  He politely nods and then reaches for his ankle and says, "Stop worrying......I got this covered", as he pulls up his trousers to reveal a fully-loaded semi-automatic pistol on his ankle.

The good folks at TSA stumbled upon one such "packing grandpa" at Detroit Metro Airport.  During a routine scan using "imaging technology", a .38 handgun was found on the unidentified 76 year old's ankle.

Sunday, December 11, 2011

INVESTIGATIVE REPORT: Homegrown Terror Threat to Military Communities

Maj. Nidal Hasan, the Army psychiatrist who is charged with
murder in the Fort Hood shootings 

Love him or hate him - Congressman Peter King can get press coverage on homeland security better than anyone.  On December 7, 2011, he did not fail.  The committee he chairs, the House Committee on Homeland Security published a 14 page "investigative report" on the
"Homegrown Terror Threat to Military Communities".  So what did he say to land himself in the news again?  Oh, I don't know....Perhaps it was this little "gem" found in the report:

"The Committee’s Majority Staff has reason to believe that the actual number of radicalized troops is far more than publicly realized or acknowledged."

That's ironic because the FBI and the ADL have been practically shouting this for quite some time.  It appears to me either the Committee is a little behind on the counter-terrorism information or being a tad bit subjective.  Imagine - subjectivity in politics.


I love it when lawmakers make sense.....
"Focusing on the followers of one religion as the only credible threat to the nation's security is inaccurate, narrow and blocks consideration of emerging threats," said Mississippi Democratic Congressman Ben Thompson, describing how America owes its military personnel a clear understanding of "their mission and a clear definition of their enemy."
"That enemy is not a religion and their mission is not to defeat an ideology. And while some of my colleagues appear to have difficulty grasping this, I am glad that our military people understand it."

Al Shabaab vs The Security Dialogue: Let the Twitter War Begin!!

I'm not necessarily a person who goes "looking for a fight" but I do detest bullies.  Moreover, I hate it when people take something "good" and distort into something more perverse.  So when I had a chance to confront the Somali Al Qaeda franchise - Al Shabaab, I couldn't resist but to get a few good jabs in.

It all started, when I learned they had their own Twitter profile.  One could say, I went looking to start a fight:!/scrivenlking/status/144523301606260736

It would also be safe to say the boys from Al Shabaab were feeling the heat from all over the Twittersphere throughout Somalia (thanks Kenya):!/HSMPress/status/144465393409470464

It didn't help matters that I could have cared less:!/scrivenlking/status/144548956054093826

I was little worried they didn't want to continue this any longer until....!/HSMPress/status/145560239536746497

So naturally I said:!/scrivenlking/status/145581523423338496
The link I provided above is an article describing how
Al Shabaab has denied foreign aid access to Somalia's worst
hit famine areas.

I'm not sure how far I'll take my bantering with these guys.  All I know is they (the writer) is much more articulate with his English vernacular than I originally assumed.  For terrorists, they do seem to be a bit "thin-skinned".  I'm waiting for an actual tweet back from Al Shabaab.  I know they're busy waging jihad (shame it's the lesser jihad as pronounced by Muhaamad) but I'm beginning to wonder how they expect to win the propaganda war if they let something like my desire to pester them get in their way.  Stay tuned - this could get interesting.

For more on Al Shabaab, feel free to visit any of the links below:


Here are some aid groups which do work in Somalia (I HIGHLY encourage you to check them out and DONATE):

  7. Save the Children   
  8. The World Food Programme  
  9. World Vision  
  10. The International Rescue Committee

Wednesday, December 7, 2011

MUST SEE TV: Off the Grid

I, normally try my best not to get overly excited about new television shows especially new security-related shows.  Either they're too good and "jump the shark" by doing something completely unrealistic or actually very real life.  However, when I first glimpsed at an article about a show called Off The Grid, I was having difficulty controlling the copious amounts of drool pooling around my feet.  What's the show about you ask?  According to Security Info,  the premise behind it is "that the two contestants win a million dollars if they can remain hidden from the surveillance experts for a single day, while completing a few essential tasks in downtown Los Angeles".  Not drool-worthy - I know.  People hide in a city and are pursued by non-threatening "experts".  Not real exciting because we've seen this done before - HORRIBLY.  However, here's why the salivation began:
Armed with only very basic information about the two contestants, a team of surveillance experts led by human tracking expert Kevin Reeve, is tasked with learning enough about the contestants to find where they might be and then to go out and actually bring them in. At Kevin's disposal are Rob (an experienced hacker) and Matt (a proven corporate security IT specialist). These guys can infiltrate your cell phone, gain access to public records information and generally put the digital eye on you. Also on the team is Dave, a former Navy SEAL who works a day job training SEAL teams in California. They're exactly the four guys you wouldn't want tracking you in an urban environment.

And the drool accumulates right about here:

As for the security industry, you'll recognize a number of technologies used in the surveillance. There are cameras from Axis Communications and FLIR, UAVs used for video surveillance, facial recognition technology, Ostendo surveillance monitors, mapping technology, advanced mobile communications from Skype, Pelican's tough "go cases", a mobile command unit, and high-end server technology for integrating all the tracking and personnel information that the pursuit team generates.
"We're selling that this is real technology used by the DoD world," said Ebersol. "It is incredibly important for us to be authentic; it's not the Jack Bauer version of technology."
When does it start?  December 7, 2011 at 11pm ET.  Crappy time slot.  Oh well.

Here's a trailer:

FREE Training: Ever wanted to learn how to be a locksmith?

Who like FREE training?  I know I do.  So every time I find FREE training, you better believe I'm going and I'm posting it for all eyes on this site.  The Society of Professional Locksmiths is offering FREE locksmith training for beginners.

Who are they? And what's this FREE training all about? According to their site,
"It is a professional organization that embraces all levels of skill and expertise. Through education and support, the Society provides its members the skills needed to succeed.
That FREE training I mentioned earlier is called the "Locksmith Training Program" which "consists of 12 chapters of "core knowledge" all locksmiths are expected to learn and considered to be manadtory."

To find out more click here.

Pretty cool app from the folks at Homeland Security

Found a pretty nifty tool from the folks at the Department of Homeland Security.  It's a service called SelfCheck.  It's similar to the E-Verify service US employers use to verify your employment eligibility.  It pulls data from US credit agencies and your Passport file to ask identity related questions.  From there, it verifies your eligibility against what I presume other databases (aka "watchlists") and makes it determination.  According to it, I'm "good-to-go".  Note to any companies or agencies I've applied to: That means you CAN hire me.
Self Check is a voluntary, fast, free and simple service that allows you to check your employment eligibility in the United States. If any mismatches are found between the information you provide and your Department of Homeland Security or Social Security Administration records, Self Check will inform you of how to correct those mismatches.
As a side note, you need to be in a location that participates in the service.  Here's some more info on that:
USCIS is releasing the Self Check service in phases. At this point the service is offered only to users that maintain an address in Arizona, California, Colorado, the District of Colombia, Idaho, Louisiana, Maine, Maryland, Massachusetts, Minnesota, Mississippi, Missouri, Nebraska, Nevada, New Jersey, New York, Ohio, South Carolina, Texas, Utah, Virginia, or Washington. The availability of Self Check will be limited for the initial launch as the service is tested and improved upon based on the outcomes of the initial implementation. 

Saturday, December 3, 2011

HOW-TO: Build and Beat a Polygraph

During Defcon 2010, a talk was given on how to build a lie detector and "beat" it.  I've been enthralled by the idea of lie detectors for some time.  My curiosity has always been whether the simple notion of having a scientific manner of detecting deception is psycho-semantic enough to arouse certain deception "indicators" that can be picked up by the machine.  In plain English, I'm curious to whether people fail these tests purely because they know a machine is actively looking for any signs of deception and there is no way to know what questions may be asked so they unconsciously allow themselves to be caught by it.  If anyone has any ideas, feel free to shoot them my way. 

Kevin Mitnick Discusses Using Social Engineering to Gain Entry in to Telephone Company's Central Hub

You would think an office which is responsible for ensuring the integrity of the electronic communications for the largest city on the western coast of the United States would be a pretty secure location.  Below is Kevin Mitnick discussing how he and a friend (a guy who subsequently became a government witness against him) gained  access to a Los Angeles telecommunications company's central hub.  He also covers this in detail in his biography, Ghost in the Wires: My Adventures as the World's Most Wanted Hacker.

Check out our book review at  

After watching this video, you'll realize why Mitnick's greatest talent wasn't in phone hacking (phreaking) but in social engineering.

Friday, December 2, 2011

Why is my Walmart more protected than my kid's preschool?

Walmart has the lowest prices in town on a lot of items.  This is probably because they're often the only store in some towns.  Recently, I took my son to my local Walmart and began to notice the amount of exterior cameras that were there.  I counted 45!  Then, I began to think of how many must be inside and I remembered seeing they had a roving vehicle patrol contracted to a major security company.  That's when it hit how serious these guys are about their stuff during holiday shopping season or any season for that matter.  Geezo.

Thursday, December 1, 2011

FREE CCTV Training

Closed circuit television systems are in just about every corner of the globe and monitor a huge portion of our lives.  It has been argued, since their inception, we allow them greater access to us than most people we know intimately.  If you have anything to do with security, these cameras and the software which accompany can also be part of your daily work life.   Often times, in security, it is difficult finding free online training on any particular topic especially the fundamentals of CCTV systems.  

Thankfully, the folks at IP Video Market Info were kind of enough to create a blog post which contains hyperlinks to 
"series of videos from Pelco that provide strong coverage of these fundamentals (note: you can download the videos from Pelco's site as well).
The focus of this series is on traditional CCTV.  To complement this, you should read guides on IP video surveillance. Two in-depth guides are available - Axis's Technical Guide to Network Video and Vivotek's IP Video Surveillance Handbook.
Finally, review our tutorials directory for dozens of resources introducing video surveillance and our free Video Surveillance Book."
Did I mention this was FREE training?  Who doesn't like "free" anything particularly when its offered by the guys behind the machines?  What a great starting point to learn more about these systems and how to operate, install, and manage them.

Feel free to check out the rest of the article and training they have available at: 

Commentary: Internment Camps: A 20th Century Solution for a 21st Century Problem?

US Navy 080214-N-5416W-006 A member of the Navy Expeditionary Guard Battalion patrols a corridor in the Camp Delta section of the Joint Detention Group facility in Guantanamo Bay, Cuba
U.S. Navy photo by Petty Officer 3rd Class William Weinert
[Public domain], via Wikimedia Commons

In my military professional endeavors, I have come across a variety of counter-terrorism theories and practices.  One which I always find myself "sitting on the fence" on is warrantless detentions or internment camps.  While I can appreciate the operational necessity to capture, detain, and thus incapacitate certain rogue individuals who are involved in ongoing terrorist operations, I grow concerned due to the lack of accountability and need for legal justification when making such detentions.

We've been down this road before in World War II and the results weren't so great.  One only has to look at The Ringle Report to find evidence of this.

Here's a film about what those camps were like:

Are we entering a world where our fear is governing our national security strategy and allowing for certain or "inalienable" rights to be stripped away?  Don't get me wrong.  I like the fact my government has assets whose sole job is to seek and take whatever legal actions are necessary to prevent the loss of life.  I am one of those sentimental people who says they sleep easier at night knowing this.  However, I cannot but wrestle with the notion we are regressing whether than growing in our current security paradigm.

I recently came across an interesting editorial on the Mercury News' site.  According to the author, S. Floyd Mori,
"A bill on the Senate floor raises the question of whether the Senate has forgotten our history. S. 1253, the National Defense Authorization Act, has a provision in it, unfortunately drafted by Sens. Carl Levin, D-Mich., and John McCain, R-Ariz., that would let any U.S. president use the military to arrest and imprison without charge or trial anyone suspected of having any relationship with a terrorist organization. Although Sen. Dianne Feinstein, D-Calif., and more than a dozen of her colleagues are bravely calling for a halt to a damaging bill, they face significant opposition.

The troubling provision, Section 1031, would let the military lock up both Americans and noncitizens in the 50 states. There would be no charges, no trial, no proof beyond a reasonable doubt. All that would be required would be suspicion."
I went online to further research the bill and I've attached the section of concern:
a) In General- The Armed Forces of the United States are authorized to detain covered persons captured in the course of hostilities authorized by the Authorization for Use of Military Force (Public Law 107-40) as unprivileged enemy belligerents pending disposition under the law of war.

(b) Covered Persons- A covered person under this section is any person, including but not limited to persons for whom detention is required under section 1032, as follows:

(1) A person who planned, authorized, committed, or aided the terrorist attacks that occurred on September 11, 2001, or harbored those responsible for those attacks.

(2) A person who was a part of or substantially supported al-Qaeda, the Taliban, or associated forces that are engaged in hostilities against the United States or its coalition partners, including any person who has committed a belligerent act or has directly supported such hostilities in aid of such enemy forces.

(c) Disposition Under Law of War- The disposition of a person under the law of war as described in subsection (a) may include the following:

(1) Long-term detention under the law of war without trial until the end of hostilities against the nations, organizations, and persons subject to the Authorization for Use of Military Force.

(2) Trial under chapter 47A of title 10, United States Code (as amended by the Military Commissions Act of 2009 (title XVIII of Public Law 111-84)).

(3) Transfer for trial by an alternative court or competent tribunal having lawful jurisdiction.

(4) Transfer to the custody or control of the person's country of origin, any other foreign country, or any other foreign entity

(d) Constitutional Limitation on Applicability to United States Persons- The authority to detain a person under this section does not extend to the detention of citizens or lawful resident aliens of the United States on the basis of conduct taking place within the United States except to the extent permitted by the Constitution of the United States.
Here's the lowdown on three subsections:

  1. Subsection (b) makes it a point to leave out the specifics of what particular operations would be eligible.  In other words, anyone who is not a citizen or legal resident alien suspected of participating in a terrorist action could be detained without so much as a warrant.
  2. Subsection (4) says a person could then be transferred to another foreign country or foreign entity to be detained as well.  Why would someone want to "transfer custody" of these individuals to a foreign country or entity?  In other places, they may not have the legal restraints against certain kinds of detention activities which could be useful in obtaining critical intelligence or they may have a more compelling reason for having them.
  3. The only bit I like about this bill is contained in subsection (d) which says that it does not pertain to citizens and legal alien resident who are conducting suspected activities within our borders.  However, those protections do not extend outside of them.  The only negative side effect I see here is the application of indefinite detention within the US or outside of it for activities our government could see as being terrorist related.  Given the often "shaky" nature of the definition of terrorism and who you're asking, those activities could range from financing to operating a website which post terrorist related materials.
The bill's supporters will claim Guantanamo as a success.  They will allude to the lack of attacks on US soil since its inception ten years ago.  While its detractors will allude to its failures in gathering reliable information and only detaining very few real operators and masterminds.  They will point Khalid Sheikh Muhammad, the 9/11 plotter who while at Guantanamo Bay reportedly told lie after lie in an effort to mislead his interrogators.  

Like these Senators, I want to give our government more powers to act on against ongoing operations.  I sincerely believe some extreme measures would be necessary in certain circumstances such as operations which could result in a large loss of life or cause massive chaos and public unrest.  However, I'm troubled by the bill's lack of specific language or limitations.  Troops and operators on the ground hate such restraints and I can understand why.  The persistent question I ask is, "Where and when does it end?"

SURVEY: Career Progression in the Security Industry

As of late, I've become curious as to how one moves up the corporate security ladder.  In the military, it was quite simple - you took a test and did well on your performance evaluations.  I have become curious how different that is in the private sector so I've decided to ask professionals such as yourselves. Please take a few minutes to answer my survey.  I'll publish the results in a week or so once I have gotten replies back.  Feel free to comment below if you would like to further share your thoughts.

Create your free online surveys with SurveyMonkey, the world's leading questionnaire tool.

BREAKING NEWS: South Korean Prisons Will Soon Have Robots on Patrol

Robotics has revolutionized the modern workforce landscape.  There is not a major good or product that is not manufactured, processed, or delivered without them.  In the proud tradition of innovating new technologies, the South Koreans have done something entirely new.  Quite frankly, I think its VERY cool.

Robots will conducting patrols within the prisons in South Korea.  The Yonhap news site says, "AFC Chairman Lee Baik-chul, also a professor at the Department of Corrections at Kyonggi University, said the robots will perform simple tasks such as patrolling during night hours and this will significantly help human prison guards focus on other more complex tasks."

What will be some of the priorities for these robot sentries?
“It’s at night when problems can occur. The robots will watch for any signs of suicide attempts or physical attacks on prisoners instead of the human guards. This will allow the human guards to work on more difficult problems such as educational work and counseling,” said Lee.
It appears the robots will be using video analytics and cameras installed in their faces. When it sees a deviation from a set parameter of rules, it will alert the central monitor station who will alert guards to take action. The robots will also be capable of being a communications conduit between guard and prisoners through an internal intercom.

Weighing approximately 165 pounds and being 4'11, the robots should be completed and ready for a field testing in March.  If successful, they could be fully implemented in Korea's newer prisons.

Can you imagine if there robots on patrol at San Quentin or your nearby county jail? It would dramatically reduce the workforce needed to patrol and supervise prisoners. It would be a deterrent against some prison violence and possible illegal activities by having additional "eyes and ears". 

Having the robot serve as a conduit between the guards and prisoners could reduce violence between the two adversarial groups. However, it could also drive a wedge further between the two. It might also cause some officers to miss certain areas during the patrols because they relied on the robotic counterparts to cover it. This occurs many times in the private sector where security officers miss their rounds intentionally because of an over-reliance on surveillance and intrusion detection systems which lull many into a false sense of security.

This is a very interesting development in the field of corrects and one that was bound to happen. It is speculative whether the robots will be successful during field testing or in real operational settings. Given the problems we see in video analytics with false alarms or missed deviations which were not in the programmed set of rules, it would be interesting to see how they overcome such obstacles. This is a development which could have profound effects not just for corrections but for the private security and law enforcement counterparts as well.

Check out this video of Korean robotics operational in a different environment:

Wednesday, November 30, 2011


So when Ivy League schools give FREE classes in cryptography, I don't waste any time in signing up.  Looks like Stanford University is doing just that.

Here's some info direct from the FAQ section:
When does the class start?
The class will start in January 2012.
What is the format of the class?The class will consist of lecture videos, which are broken into small chunks, usually between eight and twelve minutes each. Some of these may contain integrated quiz questions. There will also be standalone quizzes that are not part of video lectures, and programming assignments. There will be approximately two hours worth of video content per week.

Will the text of the lectures be available?
We hope to transcribe the lectures into text to make them more accessible for those not fluent in English. Stay tuned.
Do I need to watch the lectures live?No. You can watch the lectures at your leisure.
Can online students ask questions and/or contact the professor?Yes, but not directly There is a Q&A forum in which students rank questions and answers, so that the most important questions and the best answers bubble to the top. Teaching staff will monitor these forums, so that important questions not answered by other students can be addressed. 
Will other Stanford resources be available to online students?No.
How much programming background is needed for the course?The course includes programming assignments and some programming background will be helpful. However, we will hand out lots of starter code that will help students complete the assignments. We will also point to online resources that can help students find the necessary background.
What math background is needed for the course?
The course is mostly self contained, however some knowledge of discrete probability will be helpful. Thewikibooks article on discrete probability should give sufficient background.
How much does it cost to take the course?Nothing: it's free! 
Will I get university credit for taking this course?No.
The course is being taught by Professor Dan Boneh who heads the applied cryptography group at the Computer Science department at Stanford University. Professor Boneh's research focuses on applications of cryptography to computer security. His work includes cryptosystems with novel properties, web security, security for mobile devices, digital copyright protection, and cryptanalysis. He is the author of over a hundred publications in the field and a recipient of the Packard Award, the Alfred P. Sloan Award, and the RSA award in mathematics. Last year Dr. Boneh received the Ishii award for industry education innovation. Professor Boneh received his Ph.D from Princeton University and joined Stanford in 1997.

Here's another look at the link for the class:

About Us