Maker of Airport Body Scanners Suspected of Falsifying Software Tests

 Articles of Interest, Firearms, Weapons & Personal Safety, Law Enforcement, National security, Terrorism, Cyber Terrorism & Related Crimes, Science & Related Space Technology, Technology & Digital Security  Comments Off
Nov 292012
 

Maker of Airport Body Scanners Suspected of Falsifying Software Tests

WIRED / Threat Level
by Kim Zetter
November 15, 2012

 

TSA Full Body Scanner

 

A company that supplies controversial passenger-screening machines for U.S. airports is under suspicion for possibly manipulating tests on privacy software designed to prevent the machines from producing graphic body images.

The Transportation Security Administration sent a letter Nov. 9 to the parent company of Rapiscan, the maker of backscatter machines, requesting information about the testing of the software to determine if there was malfeasance.

The machines use backscatter radiation to detect objects concealed beneath clothes. But after complaints from privacy groups and others that the machines produce graphic images of passenger’s bodies, the government ordered the machines be outfitted with privacy software by June to replace the invasive images with more generic ones that simply show a chalk-like outline of a body.

While L-3 Communications, the maker of another brand of scanners used in airports, successfully developed the privacy software for its machines, Rapiscan was having problems with its software, according to Bloomberg.

The testing of the software, done earlier this year to determine if it met privacy requirements, was conducted by a third party, so it’s not immediately clear how Rapiscan might have manipulated the tests.

At a hearing on Thursday before the House Transportation Security Subcommittee, Chairman Mike Rogers (R-Alabama) asked John Sanders, assistant administrator for TSA’s office of security capabilities, this very question. Sanders replied obliquely that “before [a test] gets underway, we might believe the system is on one configuration when it’s not in that configuration.”

Sanders said that TSA has no evidence yet that the vendor did manipulate the tests, but is looking into the matter.

“At this point we don’t know what has occurred,” Sanders said. “We are in contact with the vendor. We are working with them to get to the bottom of it.”

The vendor has denied any wrongdoing.

“At no time did Rapiscan falsify test data or any information related to this technology or the test,” Peter Kant, an executive vice president with the company, told Bloomberg.

DHS has spent about $90 million replacing traditional magnetometers with the controversial body-scanning machines.

Rapiscan has a contract to produce 500 machines for the TSA at a cost of about $180,000 each. The company could be fined and barred from participating in government contracts, or employees could face prison terms if it is found to have defrauded the government.

It’s not the first time Rapiscan has been at the center of testing problems with the machines. The company previously had problems with a “calculation error” in safety tests that showed the machines were emitting radiation levels that were 10 times higher than expected.

It turned out the company’s technicians weren’t following protocol in conducting the tests. They were supposed to test radiation levels of machines in the field 10 times in a row, and then divide the results by 10 to produce an average radiation measurement. But the testers failed to divide the results by 10, producing false numbers.

A recent Wired.com three-part series examined the constitutionality, effectiveness and health concerns of the scanners, which were never tested on mice or other biological equivalents to determine the scanners’ health risks to humans.

 

Direct Link:  http://www.wired.com/threatlevel/2012/11/rapiscan-fraudulent-tests/

White House says it thwarted cyberattack

 Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), National security, Terrorism, Cyber Terrorism & Related Crimes, Social Media, Technology & Digital Security  Comments Off
Oct 032012
 

White House says it thwarted cyberattack

U.S. News & World Report
by Jim Kuhnhenn / AP
October 1, 2012

 

 

WASHINGTON (AP) —

The White House is acknowledging an attempt to infiltrate its computer system, but says it thwarted the effort and that no classified networks were threatened.

White House spokesman Jay Carney told reporters the White House is equipped with mitigation measures that identified the attack, isolated it and prevented its spread.

He said there was no indication that any data was removed.

“There are distinctions between those networks that contain classified information and those that don’t, and the attack was against an unclassified network,” Carney said.

Carney described the attack as “spear-phishing” and said such efforts against government computer systems are “not infrequent.” Carney spoke in Henderson, Nev., where President Barack Obama is preparing for his first debate against rival Mitt Romney on Wednesday.

“Phishing” is a tactic that involves sending an email that falsely claims to be from a legitimate enterprise in an attempt to trick the user into turning over information.

Last year, Google Inc. blamed computer hackers in China for a phishing effort against Gmail accounts of several hundred people, including senior U.S. government officials and military personnel. Last November, senior U.S. intelligence officials for the first time publicly accused China of systematically stealing American high-tech data for its own national economic gain.

The White House would not say whether the recent attack was linked to China.

Defense Secretary Leon Panetta, during a visit to China last month, raised the subject of China-based cyberattacks against American companies and the government.

News of the most recent attack came as the Obama administration is preparing an executive order with new rules to protect U.S. computer systems. After Congress failed this summer to pass a comprehensive cybersecurity bill, the White House said it would use executive branch authorities to improve the nation’s computer security, especially for networks tied to essential U.S. industries, such as electric grids, water plants, and banks.

An initial draft of the order included provisions for voluntary cybersecurity standards for companies, a special council run by the Homeland Security Department and a review to determine if existing cybersecurity regulations are adequate.

But by issuing the executive order just weeks before the election, the White House risks complaints that President Barack Obama is anti-business from Republicans and the same pro-business groups that killed the legislation on Capitol Hill. They opposed a Senate bill that they said could lead to costly rules and regulations that would burden companies without reducing the risks.

Sen. Susan Collins, R-Maine, one of only a few Republicans to support the Senate bill, said Monday that an executive order is a “big mistake” because it can’t grant incentives, such as liability protection, to encourage businesses to share information with government agencies about cybersecurity threats and vulnerabilities.

Executive orders are legally binding, but can be reversed by subsequent administrations, and they don’t reflect a consensus as legislation passed by Congress does, Collins said at a cybersecurity event sponsored by The Wilson Center.

“I fear that it could actually lull people into a false sense of security — that we’ve taken care of cybersecurity,” she said. “And the executive order simply cannot do that.”

__

Associated Press writer Richard Lardner contributed to this article.

 

Direct Link:  http://www.usnews.com/news/us/articles/2012/10/01/white-house-says-it-thwarted-cyberattack

WARNING: New generation of medical implants vulnerable to hackers

 Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), Firearms, Weapons & Personal Safety, National security, Terrorism, Cyber Terrorism & Related Crimes, Social Media, Technology & Digital Security  No Responses »
May 212012
 

New generation of medical implants vulnerable to hackers

wtop.com

By J.J. Green

Monday – 5/21/2012

 

 


jeromeradcliffe400.jpg

Security expert Jerome Radcliffe, a diabetic who uses an insulin pump, showed onlookers at the 2011 Black Hat Technical Security Conference that his pump’s cyber vulnerabilities could lead to severe consequences. (AP/Isaac Brekken, File)

 


WASHINGTON –

Pacemakers, brain implants, insulin pumps and other medically implanted and external devices with wireless interfaces are vulnerable to cyber-attacks by hackers.

A recently released Department of Homeland Security bulletin sent to medical and cybersecurity industry professionals warns of possible future attacks.

This vulnerability raises a new security risk for the average person, high profile public figures and world leaders alike.

“One example of a common vulnerability I’ve seen is a medical device with a wireless interface, where the command and control doesn’t have cryptographic authentication,” says Dr. Kevin Fu, an associate professor in Computer Science at the University of Massachusetts-Amherst.

Fu says a hacker, using a wireless interface, could utilize “another computer or another device to change the settings on a medical device to infuse insulin or control the defibrillation of a heart.”

The problem is “medical devices I’ve seen today don’t generally have a way to know who is issuing a command or who is authorized,” Fu says.

According to the DHS bulletin, “Hackers can take advantage of routine software update capabilities to gain access and, thereafter, manipulate the implant.”

The warning is not speculation. It’s based on fact.

A crowd of people witnessed exactly that last August in Las Vegas.

Security expert Jerome Radcliffe, a diabetic who uses an insulin pump, showed onlookers at the 2011 Black Hat Technical Security Conference that his pump’s cyber vulnerabilities could lead to severe consequences.

He used a laptop and other computer-related gear to remotely disrupt the wireless signals being sent to his insulin pump, reverse them, swap the data being captured about his condition with phony data, and then send it back to the pump.

In effect, he demonstrated he could increase the amount of insulin injected by the pump, or reduce it, which could eventually kill him. During the chilling demonstration, the pump gave no indication someone had been tampered with it.

The National Cybersecurity and Communications Integration Center, which authored the bulletin for DHS, says many devices like these “are vulnerable to cyber-attacks by a malicious actor who can take advantage of routine software update capabilities to gain access and, thereafter, manipulate the implant.”

According to the American Heart Association more than three million people have pacemakers and 600,000 are implanted each year.

“I would be more concerned with the newer devices rather that the older devices that will eventually be phased out,” Fu says.

He says older devices are not susceptible to the wireless vulnerabilities that newer ones are.

Global security is a particular concern because of the number of international figures with implants. Former Vice President Dick Cheney was the well-publicized recipient of a pacemaker. Former Polish President Lech Walesa has one.

There are others. Even though their medical information is closely guarded, the DHS bulletin raises concerns about the security of medical records:

 

“Increased wireless interconnectivity introduces additional configuration challenges between portable devices, medical IT infrastructure, remote facilities, and partner IT infrastructure. Portable medical devices are gaining popularity with the introduction of iPads, smart phones and laptops that use Windows and MAC operating systems. These devices are currently being used by healthcare professionals in direct patient care settings, including in hospitals to discuss healthcare information such as clinical tests, x-rays, and lab results with their patients in real time.”

The DHS document points out that doctors at the University of Chicago use iPads to access patient information and to aid with patient communication during consultations. According to the DHS bulletin, a security software firm discovered malware, called “The Backdoor.Bifrose.AADY,” which affected iPad and iTunes users connecting through Windows operating systems.

The Department of Health and Human Services says it is concerned about exploitation of potential vulnerabilities of medical devices on Medical IT networks because of misconfigured networks or poor security practices.

But Fu says there is good news.

“There is a lot of great research going on in the academic community, in order to increase the security of medical devices. But there has been no complete transfer of technology to the industry. There’s quite a bit more legwork to do,” he says.

Some of that work has been performed by researchers at Purdue University and Princeton University who have developed a proof-of-concept device, called MedMon. It blocks hackers from hijacking or interfering with wireless medical devices, like pacemakers, insulin pumps, or brain implants, but is still in the developmental stages.

The companies that make these devices say they are aware of the risk and have been working on solutions to eliminate the vulnerabilities.

 

Direct Link:   http://www.wtop.com/807/2871848/Medical-implants-vulnerable-to-hackers

DHS Uses Wartime Mega-Camera to Watch Border

 Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), Firearms, Weapons & Personal Safety, Law Enforcement, National security, Terrorism, Cyber Terrorism & Related Crimes, Social Media, Technology & Digital Security  No Responses »
Apr 022012
 

DHS Uses Wartime Mega-Camera to Watch Border

 

WIRED

By Spencer Ackerman

April 2, 2012

 

 

The Department of Homeland Security wants to mount a powerful camera on a Raven Aerostar blimp like this to spy on miles of border at once. Photo: Raven

 

 

One legacy of the Iraq and Afghanistan wars has arrived on the southern border of the United States. The Department of Homeland Security recently completed tests of a powerful camera, one that cut its teeth in the war zones, that captures video of entire miles of border in a single frame. DHS thinks mega-cameras on blimps and aerostats might be the future of border security — if its analysts can only keep up with the glut of data they’ll gather.

The system itself, a wide-area surveillance camera suite known as Kestrel, earned its stripes during the wars. That got DHS interested. “You had this imager flying that was able to archive and save imagery and reconstruct [bomb] emplacement so troops could go after [insurgents] later,” John Applebee, who manages the border camera program for DHS, tells Danger Room. “It also was used for other things every day, like troop protection or perimeter protection, just as we imagine its uses along the continental borders of the United States.”

So for a week of tests, the department mounted Logos Technologies’ Kestrel imager on a 75-foot long Raven Aerostar aerostat tethered 2000 feet above the Arizona desert. DHS reports in a statement that Kestrel helped spot “more than 100 illegal attempted entries and alleged illicit activities in progress.”

“We can see miles from this with a single image frame,” Applebee enthuses. “Within every pixel, you have high-resolution, good, detailed resolution, like high-d-caliber imagery. In every frame, across the frame.”

This is hardly the first time that wartime surveillance technology has made its way home from the battlefield. DHS flies unarmed drones above the northern and southern U.S. borders, snapping pictures. (They carry an “excellent camera system,” Applebee allows, but unlike Kestrel, “you need to know where to point it.”) Police departments nationwide have started using smaller spy drones as well. Earlier this year, DHS expressed interest in camera systems that can spy on four square miles at once, well within the range of the military’s new mega-cameras. Kestrel’s 360-degree camera suite is a step in that direction.

But the migration of those military tools comes the migration of some of the military’s problems. Specifically: the “persistent” video taken by the powerful cameras creates a fire hose of data that analysts struggle to interpret.

And if the glut of video overwhelms the military, DHS — whose annual budget is under $60 billion, an order of magnitude less than the Pentagon’s — is in deep trouble. Applebee is up front about it. “They have the people,” he says. “We do not.”

The answer, he hopes, will come from software. “We’re looking closely at the developments in the military and intelligence communities for ways the software and analysis can be automated, so can we use software tools as a tripwire to signal us and call agent to attention once [the camera observes] a movement has occurred in a given region,” Applebee says. Darpa, the Pentagon’s blue-sky researchers, for instance, are interested in something akin to a “thinking camera” that pre-sorts imagery according to an algorithm based on what an analyst hopes to find.

And perhaps after those pre-selecting imagery tools come online for the military, it won’t take long before civilian law enforcement puts them to use. Applebee certainly hopes so. He sees the wide-eyed Kestrel as a huge help for “securing large areas from illegal intrusion.” Imagine what the next generation of cameras will let him see.

 

Direct Link:  http://www.wired.com/dangerroom/2012/04/homeland-border-camera/#more-77264