Saturday, September 29, 2012

3M Window Film Demonstration on Global TV by jordanritch

3M scientist demonstrating their patented security window film and glass bead technologies.

Tuesday, September 25, 2012

Drone hack explained: Professor details UAV hijacking by MovieHyphenArchives

Todd Humphreys' tale about hacking a civilian drone in front of the Department of Homeland Security has gone viral since he conducted the experiment last month. Now the assistant professor at the University of Texas explains his work to us. In an interview with us this week, Todd Humphreys of the University of Texas at Austin's Radionavigation Laboratory reveals that it only took a few researchers, around $1,000 in parts and some seriously smart software to send signals to an unmanned aerial vehicle's GPS receiver, hijack the craft in mid-air and then have it do the department's bidding — all right in front of Homeland Security agents. "The navigations systems of these drones have a variety of sensors," explains Humphreys, "...but at the very bottom is a GPS unit — and most of these drones that will be used in the civilian airspace have a civilian GPS unit which is wide open and vulnerable to this kind of attack. So if you can commander the GPS unit, then you can basically spoon feed false navigation information to the navigation center of these drones." By compiling several years' worth of research into custom-made software, Humphreys was able to do exactly that recently — and right before the DHS. By 2020, the Federal Aviation Administration expects to have as many as 30,000 drones flying over the United States. According to Humphreys, though, the FAA might want to make a few changes before they roll out a domestic UAV for local law enforcement agencies to use. "I'm a big proponent of bringing in drones to the national airspace. They are going to come and we might as well expect it. The question is, how can we bring them in reliably?" he asks. "And right now the dangers of bringing them in, before addressing this problem, is that someone on the ground could hack the drones and turn them into their own device, making them go to a different place or along a different path. So it could cause loss of life, it could cause collisions. But I hope that we can address the problem long before that happens." Humphreys explains to us that he went into the experiment expecting a real challenge by hacking the drone's GPS with a homemade spoofer device, but along with some students, he says he "worked hard to demonstrate that it was indeed possible, and perhaps within the capability of other hackers." "I think the vast majority of Americans are fascinated by drones," he adds, "But there is a lack of deep understanding of the inner workings of the technology and perhaps of the safety threats," which his team is now hoping to highlight by experiments such as these. Also up for discussion, he stresses, is the issue of privacy. "I've got some tall fences around the back of my house and I have a reasonable expectation of privacy when I'm having a barbecue in the back of the house, so of course I wouldn't like to have any drone surveying me and my family as were having a barbecue, but I'd like to see these kinds of concerns balanced with the kind of economic benefit that drones can bring," he says. "So whereas we'd like to welcome them in, we have to address problems of privacy. Now we have to address problems of safety before 2015 when the FAA opens these skies up to drones. "

Monday, September 24, 2012

Six Really Cool Reasons Why You Shouldn't Turn Off A Tweeting Hijacker's Phone

Pittsburgh police and SWAT members escort a suspect, center right, from a hostage-taking on the 16th floor at Three Gateway Center to a police van on Friday, Sept. 21, 2012, in Pittsburgh. Klein Michael Thaxton, 22, surrendered just before 2 p.m., and the man he took hostage was unhurt, Police Chief Nathan Harper said. (AP Photo/Keith Srakocic)

Last week, there was a hostage situation in Pittsburgh that garnered the attention of the national news media.  The subject stormed a building and held a business owner hostage with a knife and hammer while sending "status updates" via Facebook.  It had all the makings of a really bad B-rated movie with your favorite 1990's action hero.  What caught everyone's attention was the status updates during the standoff by the perpetrator.  The police allowed him to communicate via the social networking site to allow him to communicate to them (This is the Pittsburgh Police....We have you surrounded....Please accept our friend request) and his family and friends who they assumed may have better luck at deescalating the situation.  They got fed up finally or were finally able to get Facebook to cooperate and shut down his account.

You might be wondering, as was I, if that was such a great idea.  Here's probably why not and why you shouldn't:
  1. In some situations, you may not have any "eyes and ears" inside.  For hours, the Pittsburgh PD thought they had a bomb-making veteran with some serious PTSD issues.  You can have all the technology in the world but it's worthless if you can't get inside.  Without any further information disclosed, this appears to be the case here.  His status updates can provide information on his mental health status, number of other hostages, weapons, personal contacts he will listen to, etc.
    Screenshot of Facebook "status update" of Pittsburgh suspect
  2. Depending on the device being used to make the "status updates", you may have an opportunity to gain a unique perspective about what's actually happening.  My hacker friends know exactly where I am going with this.  The wonderful thing about modern laptops, smartphones, and tablets is they almost always come with video and audio capabilities.  This is where it might behoove some departments to recruit people with these skill-sets.  A hacker or a trained cyber operative (I know it's cheesy and way too Hollywood) could easily exploit any existing security vulnerabilities the device could be susceptible to and exploit them to gain access to an internal microphone or camera.  With an active Internet connection, you could then transmit what the audio/video components were capturing in real-time.
  3. If a guy's talking, that means he's not dead.  I know - it's bad taste.  Hear me out.  If your perpetrator is still making status updates, that means you have a live bad guy and probably live hostages.  It also means he may not have time to set booby traps if he's overly consumed with clicking "like" on his comments.  
  4. Allow him to believe you have no clue about his Facebook statuses.  Seriously.  Play dumb for as long as you can.  Don't get me wrong - this can and will expire soon.  However, at the offset, it may be wise to play dumb.  You don't want the laptop or cell phone off for any reason.  Remember what I said about "eyes and ears".
  5. Communication with personal contacts.  When looking at the Pittsburgh perpetrator's "status updates", one can't help but notice how he interacted with those who really knew him.  Suppose you get his mom to get out to talk to him/her and it goes bad, who else do you call?  Mom may be out of tune or clueless about his closest friends or even his current relationship status.  Facebook, as we all know, does this for you.  I have LOADS of friends on Facebook.  If you wanted any idea as to who I'm closest to other than my wife and parents, my Facebook interactions would certainly clue you in to some extent.
  6. You have no idea what this situation is about but I bet Facebook will.  People often tell their life stories on Facebook.  They have fights with spouses, girlfriends/boyfriends, parents, assorted family members, friends, and co-workers.  They discover cheating, fraud, and various ethical improprieties.  ALL on Facebook.  What better way than to listen and learn to what's going on in your perpetrator's life and of those in his/her inner circle.  A great example is the screenshot below.  Check out his friend, Markus' post.

As you can see there are many reasons why law enforcement should consider allowing hostage-takers to continue making "status updates".   Remember it is easy in any situation to see only your limitations and pitfalls.  However, a reexamination could prove you have more tools at your disposal than you previously realized.

Monday, September 17, 2012

Terrorist Group of the Week - The Haqqani Network

Back by popular demand: TERRORIST GROUP OF THE WEEK!!

This week we'll be featuring the Haqqani Network.  So let's start by answering a few questions:

In this Aug. 22, 1998, file photo, Jalaluddin Haqqani, founder of the militant group the Haqqani network, speaks during an interview in Miram Shah, Pakistan. The Obama administration faces a weekend deadline to decide whether the Pakistan-based Haqqani network should be declared a terrorist organization, a complicated political decision as the U.S. withdraws from Afghanistan and pushes for a reconciliation pact to end more than a decade of warfare. (AP Photo/Mohammed Riaz, File)
  1. What is the Haqqani Network? Quite simply, they are an insurgent group working in Afghanistan against US/NATO interests.  
  2. So they're the Taliban? Not exactly.  They're aligned with the Taliban much like the US is aligned with NATO.  They run similar operations (kidnappings, bombings, etc) and share a common enemy.  As you might imagine, they've also been designated as a terrorist organization courtesy of the US Congress and Barack Obama when they signed the aptly named "Haqqani Network Terrorist Designation Act of 2012"
  3. Who are their leaders?  Mawlawi Jalaluddin Haqqani and his son, Sirajuddin "Siraj" Haqqani are currently the leaders.  Mawlawi was the military commander of the Taliban and is widely believed to be responsible for the escape of Osama bin Laden into Pakistan.  Allegedly, Sirajuddin is a particularly lucky soul as unnamed US authorities recently divulged they had an opportunity to end his life.  Their reason for not taking him out - the presence of women and children where Sirajuddin was located.  I'm somewhat skeptical of this as the US government has often terminated many terrorists in the presence of the families (Osama bin Laden).
  4. Where do they operate? They operate primarily in the Warziristan region of Pakistan, a small hideaway spot bordering Afghanistan.
  5. Wait. So the Pakistanis have a terrorist organization inside their country that openly attack NATO and American interests and assets and they allow that? The Central Intelligence Agency along with others in the Intelligence Community have always speculated both publicly and privately that the Pakistani intelligence agency (ISI) has not only known but in some ways supported the Haqqani Network.  This is the primary reason the US conducts drone operations in Pakistan - to counter and destroy the Haqqani threat.
  6. So what are we doing to counter this threat?  One word - drones.  Some could say the raid on Osama bin Laden was a watershed moment in US/Pakistani relations and greatly limited further covert operations by the US in Pakistan.  The Obama administration has always preferred drones to risking American lives in operations where success was not always certain.  Let's be honest - there is one thing more deadly in Pakistan than a really corrupt Pakistani general - US drone strikes.  If you're the "Number 2 Guy" in AQ or the Haqqani Network, you're not in that position for long.  The US also continues to put pressure on the Pakistanis to do all they can to mitigate the threat as well. That pressure may be having some effect because in September 2011, Sirajuddin Haqqani claimed during a telephonic interview to Reuters that the Haqqani network no longer maintained sanctuaries in northwest Pakistan and the robust presence that it once had there and instead now felt more safer in Afghanistan: "Gone are the days when we were hiding in the mountains along the Pakistan-Afghanistan border. Now we consider ourselves more secure in Afghanistan besides the Afghan people."
  7. What attacks have they carried out? According to Wikipedia, the following attacks have been attributed to them:
    • 14 January 2008: 2008 Kabul Serena Hotel attack is thought to have been carried out by the network.
    • March, 2008: Kidnapping of British journalist Sean Langan was blamed on the network.
    • 27 April 2008: Assassination attempts on Hamid Karzai.
    • 7 July 2008: US intelligence blamed the network for 2008 Indian embassy bombing in Kabul.
    • 10 November 2008: The Kidnapping of David Rohde was blamed on Sirajuddin Haqqani.
    • 30 December 2009: Camp Chapman attack is thought to have been carried out by the network.
    • 18 May 2010: May 2010 Kabul bombing was allegedly carried out by the network.
    • 19 February 2011: Kabul Bank in Jalalabad, Afghanistan.
    • 28 June 2011: According to ISAF, elements of the Haqqani network provided "material support" in the 2011 attack on the Hotel Inter-Continental in Kabul. The Taliban claimed responsibility.
    • 10 September 2011: A massive truck bomb exploded outside Combat Outpost Sayed Abad in Wardak province, Afghanistan, killing five Afghans, including four civilians, and wounding 77 U.S. soldiers, 14 Afghan civilians, and three policemen. The Pentagon blamed the network for the attack.
    • 12 September 2011: US Ambassador Ryan Crocker blamed the Haqqani network for an attack on the US Embassy and nearby NATO bases in Kabul. The attack lasted 19 hours and resulted in the deaths of four police officers and four civilians. 17 civilians and six NATO soldiers were injured. Three coalition soldiers were killed. Eleven insurgent attackers were killed.
    • October 2011: Afghanistan's National Directorate of Security said that six people arrested in an alleged plot to assassinate President Karzai had ties to the Haqqani network

Sunday, September 16, 2012

How the Benghazi Attack Occurred

This is a near-perfect timeline from CNN of how the attack in Benghazi occurred.  I will post a more in-depth analysis once I get to my normal workstation.  Stay tuned.

Saturday, September 15, 2012

A sign of our times...

I created this meme to convey my thoughts on the "opinions" being expressed by the mainstream media and the social media commentaries....

Friday, September 14, 2012

A Real-Life "Expandable"

UPDATE: Turns out the story is true.  In addition to defending his post that day, he saved three comrades.  His mantra - "If they are going to kill me, then I have to kill some of them" is priceless. Sgt Pun exemplifies how security operators conduct themselves under fire.

Thursday, September 13, 2012

10 Facts About the Embassy Crisis

There has been a wide degree of speculation and sensationalism directed at the Embassy crisis.  So let me be the first to provide you with 10 facts we know already.
  1. The Benghazi compound was not equipped to host and protect the large contingent of 37 people it received.  The captain of the police force stated he was prepared for 10 and repeatedly asked for more men and more vehicles to assist in providing security.  Those requests were either denied or delayed by Libyan officials.
  2. We have no confirmation the Ambassador was raped.  There has been a wide degree of speculation and innuendo (translation: lies) by a variety of people for whatever reason that he was raped.  Mind you, no one who has people (who can be verified) on the ground can verify these claims.
  3. The attack was planned.  Let's face it folks no one brings an RPG and moltov cocktails to a peaceful protest unless they're not there to protest.
  4. There have been arrests.  Could this be a Libyan attempt to mitigate other pesky threats or the result of a legitimate and thorough investigation by the Libyan government?  Here's what we do know: Libyan internal security before the war was pretty invasive by Middle East standards and the revolutionaries had many defectors from that regime come over to them.  Is it possible the Libyans have the intelligence network necessary to ferret these individuals out?  Given what we know of the previous regime, it is possible.
  5. Not everyone there attacked the Embassy.  Many protesters claim to have been caught completely off-guard by the attackers.  Many went back home to get their own rifles for their protection and to assist local authorities.
  6. Many casualties were local national police who were woefully unprepared for this threat.
  7. The film was used as a backdrop for the protests.  If you're planning a terror op, you couldn't have asked for a better situation to work with - massive protests, a public thirsty for action, non-participatory governments who would be unprepared for an attack, and the anniversary of your last great attack on your adversary. 
  8. The infamous "apology" was issued by a public relations person who rushed a statement to attempt to mitigate the damage done by this film.  We also know the President knew nothing of the Ambassador's death until Wednesday and neither did anyone else. To claim there was an "apology" for the film by US authorities is speculative at best.
  9. The situation is still dynamic though less so than it was 24 hours ago.
  10. We have ZERO official confirmation the Marines were told to be unarmed at ANY embassy.  If you know US Marine commanding officers and the USMC's history in the Middle East (Lebanon), you know how laughable asking the Marines to go unarmed is.  That has NEVER been a Marine RoE and any speculation or rumor that this was the case is more than likely false. Wired now reports this is categorically false. As if you had any doubt.

Open Letter to President Obama Regarding The US Response to Libyan Crisis

Dear Mr. President,

I know the last 24 to 48 hours have been rough to say the least.  Our embassies in various parts of the Middle East are experiencing protests of varying degrees of severity and intensity.  All of them are being exploited by a film whose horror and lack of comprehensible reasoning is astounding.  Your rival political opponent attacked you for "creating" this atmosphere because we are being perceived as "weak".  I won't go into the hilarity behind such a nonsensical point-of-view.  My reason for writing you is to offer some advice.  My credentials aren't as expansive as some who work for you or those who commentate on mainstream media and the Twitterspehere.  However, I think my advice is unique in that few have offered what I deem to be the only workable solutions.

  1. Take your time but update the American people as much and as often as possible on your progress and even your frustrations.  I understand the climate has created an atmosphere where words like "vengeance" and "justice" (and a few others) are being used to express the sentiment of the moment.  However, these words are very dangerous as I'm sure you're aware.  Numerous presidents before you learned the lesson behind the consequences of reckless uses of these words.  Don't get me wrong - I BELIEVE A MILITARY/TACTICAL SOLUTION IS THE ONLY ACCEPTABLE RESPONSE.  However, I'm afraid if you listen to the some of the commentariat who believe an disproportionate response is somehow a "winnable" solution, you could find yourself in a very precarious position with an ineffective and retroactive response.  Take your time and get actionable intelligence that will identify who these perpetrators are, where they live, eat, & poop, whether the attack was planned, who gave up the safehouse, etc.  As you find out information, including our shortcomings, update the American people sooner than later.  Trust me.  Some information you can't provide due to its sensitivity.  Release what you can.  The last thing you want to do is leave it to a bunch of "talking heads" who look "official" to the American people telling them how you suck.  If your plan is to work and be effective, you need the American people to feel and believe your resolve to get justice and protect our overseas assets is sincere and earnest.
  2. When you update the people, make sure the product is accurate, concise, and organized.  One of the major contributors to this huge SNAFU and others has been the chaotic delivery of message traffic from government officials to the mainstream media.  I understand and totally get that we're in a 24 hour news cycle and that the Internet and smartphones have made everyone a Bob Woodward in the making.  However, try to create an environment where you're the only source for reliable information on the "nuts and bolts" of this dynamic situation.  If there is a story from your government, it comes from you and not some "unidentified source".  If someone talks and the leak is found, consider termination and criminal charges.  This is one OPSEC violation you can't afford.  You can't control the release of sensational images or reports meant to create a story for November but you can control what your government does to make those stories seem very insignificant.
  3. Be honest with the American people.  If someone screwed up, fire them ASAP.  If you screwed up, let them know.  Just don't blame the dead and don't ignore the idiots who did this.  I know you won't but people will examine every speech for the coming weeks to see if you stumble.  Be resolute in determining where mistakes were made and fix them.
  4. Decide as soon as possible how overt you will be with this response.  Covert operations are ridiculous in this setting.  There is no need to be discreet about pooping on these guys.  They know it's coming and they know why.  Your only decisions are whether you will let JSOC assets do what is that they do or will you send a drone to make someone go away.  Mr. President, there are people who think we need to be "ruthless" in our response.  I'm sure those on the other end of a Predator strike would call it anything less than pleasant if they could talk.  As such, I don't recall the survivors of Team Six's raid on Abbottabad claiming their introduction to JSOC was anything resembling peaceful.   There will be deliberation as to what you meant by "We will get justice."  Lets not mince words.  The American people could care less about whether we "attempt to arrest them" and shoot them in the ensuing firefight or if we shove a cruise missile down their throats.  They want blood for what these people did. 
  5. Keep sending the Marines but give them Rules of Engagement that are flexible so they can do what they do.  Again, let's not mince words.  The Marines are specialists in one arena and one arena only.  They break stuff and take lives.  Give them ROE's that reflect that.  If a protester climbs a fence and makes their way on to the Embassy ground, light them up.  Announce these ROE's to the world so that they understand our embassies are vessels for diplomacy and peace but they are guarded by vessels of war.  If you get "mealy mouthed" about this and allow for ROE's that aren't pre-announced and make it more difficult for an 18 year old Marine to make a sound judgement call, you could exasperate this crisis beyond yours and anyone else's control.
  6. Ask the FBI to investigate who Sam Bacile really is and publish that information ASAP.  He gave no due consideration to what his film would do to our troops and people overseas.  Why afford him the same?  The whole world needs to know who this idiot is and what actions will be taken against him and others who wish to create their own foreign policy crises.
Again I know I'm not as versed as others in these matters but very few are behaving in a manner that is rational or effective.  Let me be clear: your actions thus far seem to be on-point.  My suggestions will only bolster your actions and prevent the disaster that could result if you fall to political pressure to act rashly.  

About Us