Archive for the ‘US Government’ Category

Secret Service Paid TJX Hacker $75,000 a Year

March 23, 2010

Secret Service Paid TJX Hacker $75,000 a Year: “


Convicted TJX hacker Albert Gonzalez earned $75,000 a year working undercover for the U.S. Secret Service, informing on bank card thieves before he was arrested in 2008 for running his own multimillion-dollar card-hacking operation.

The information comes from one of Gonzalez’s best friends and convicted accomplices, Stephen Watt. Watt pleaded guilty last year to creating a sniffer program that Gonzalez used to siphon millions of credit and debit card numbers from the TJX corporate network while he was working undercover for the government.

Watt told Threat Level that Gonzalez was paid in cash, which is generally done to protect someone’s status as a confidential informant. The Secret Service said it would not comment on payments made to informants. Gonzalez’s attorney did not respond to a call for comment.

‘It’s a significant amount of money to pay an informant but it’s not an outrageous amount to pay if the guy was working full time and delivering good results,’ says former federal prosecutor Mark Rasch. ‘It’s probably the only thing he was doing — other than hacking into TJX and making millions of dollars.’

Gonzalez’s salary highlights how entwined he was with the government at the time he participated in the largest identity theft crimes in U.S. history. Gonzalez, 28, is set for sentencing this week on three indictments covering nearly every headline-making bank-card theft in recent years, including intrusions at TJX, Office Max, Hannaford Brothers, 7-Eleven and Heartland Payment Systems (which alone exposed magstripe data on 130 million credit and debit cards). The hacker’s plea agreements contemplate a total prison term of between 17 and 25 years.

Rasch says Gonzalez’s $75,000 is nothing compared to the million-dollar payouts some undercover informants get for high-risk, high-value cases such as Mafia investigations. But Gonzalez’s payments dwarf the meager handouts given previous computer crime informants.

Identity thief Brett Johnson, aka Gollumfun, said he earned $350 a week — the equivalent of about $18,000 a year — while working undercover in the Secret Service’s Columbia, South Carolina, field office helping catch card thieves. Johnson was recruited by the agency in 2005 after he was arrested buying merchandise with counterfeit cashier’s checks; his public service ended 10 months later when agents discovered that, like Gonzalez, Johnson was two-timing them, running a fraudulent tax-return scheme during his off hours that was bringing him an extra $5,000 to $6,000 each week.

Another carder, David ‘El Mariachi’ Thomas, worked undercover for 18 months for the FBI in 2003 and 2004 running a carding site called The Grifters out of a Seattle apartment. The bureau paid rent and expenses for him and his live-in girlfriend, and bought the computers he used to run the undercover operation, but didn’t pay him a salary.

In the 1990s, informant Justin ‘Agent Steal’ Petersen was reportedly paid $200 a week while helping the FBI build a case against Kevin Mitnick, then the number one hacker target on the government’s radar.

For his part, Gonzalez began working for the Secret Service when he was arrested making fraudulent ATM withdrawals in New York. Under the nickname ‘Cumbajohnny,’ he was a top administrator on a carding site called Shadowcrew. The agency cut him loose and put him to work undercover on the site, where he set up a VPN the carders could use to communicate — a supposedly secure communications channel that was actually wiretapped by the Secret Service’s New Jersey office.

That undercover operation, known as ‘Operation Firewall,’ led to the arrest of 28 members of the site in October 2004. After the site went down, Gonzalez changed his nick to ‘Segvec’ and moved to Miami where he resumed his life of crime under the noses of the agents who were paying him. Authorities finally arrested him in May 2008. After many months, he directed them to a stash of more than $1 million in cash buried in a barrel in the backyard of his parents’ home.

Rasch says a number of factors determine what an informant is paid, such as whether they have specialized technical skills or have infiltrated an underground organization; whether they’re putting themselves or family members at risk; and whether the investigations they work involve stolen funds that the government has a good chance of recovering.

‘If I’m working on a case involving $20 million in fraud and the government is likely to get some of that money back, $75,000 is chump change,’ Rasch says. ‘They don’t use paid informants that often…. Criminals will ordinarily cooperate [without payment] in return for a non-prosecution’ or sentence reduction.

The Department of Justice publishes nonbinding guidelines that discuss the necessity of monitoring informants and assessing a criminal’s suitability to be one, but they don’t provide standards for doing so.

Per the attorney general’s guidelines, two law enforcement representatives are required to witness any payment made to a confidential informant and document the payment in the case files, indicating if it’s for information, services or expenses. The informant must also sign or initial a written receipt.

At the time of the payment, the law enforcement agents are required to advise the confidential informant that the payment may be taxable income that must be reported to the IRS and state agencies.

The Secret Service’s embrace of Gonzalez as a professional informant may have reinforced his criminal behavior. Gonzalez felt he’d been rewarded for his preoccupation with computers, according to a letter written by his sister to one of his sentencing judges.

‘All this seemed okay at the time, but psychologically it was feeding an obsession that in the end would become my brother’s downfall,’ Frances Gonzalez Lago told the court in December.

Gonzalez is set for sentencing Thursday in U.S. District Court in Boston for the TJX, Office Max, and Dave & Buster’s breaches. He appears in front of a different judge the next day for sentencing on the Heartland, Hannaford and 7-Eleven thefts. The government is seeking a sentence of 25 years in prison.

Photo of Albert Gonzalez courtesy of Stephen Watt

See Also:

(Via Wired: Threat Level.)


Cybersecurity: Here’s What Really Worries the Pentagon | Danger Room |

January 7, 2010

Cybersecurity: Here’s What Really Worries the Pentagon | Danger Room | ”

Cybersecurity: Here’s What Really Worries the Pentagon
By Noah Shachtman January 6, 2010  |  10:33 am  |  Categories: Info War

In Washington, ‘cybersecurity’ is a term that’s come to have a thousand meanings, and none at all. Any crime, prank, intelligence operation, or foreign-government attack involving a computer has become a ‘cyber threat.’ But at the Pentagon, they aren’t worried about some kid painting a Hitler moustache on Defense Secretary Robert Gates’ online portrait. They’re not even that concerned about a full-scale attack on the military’s networks – even though the modern American way of war depends so heavily on the free flow of data. In the military, there’s now broad agreement that one cyber threat trumps all others: electronic espionage, the infiltration (and possible corruption) of Defense Department networks.

Well-placed spy software not only opens a window for an adversary to look into Ameri”

(Via .)

Movement on the US Cyber Command

January 7, 2010

Movement on the US Cyber Command: “

The US Cyber Command has been an interesting story to watch. Similar to the old Charlie Brown comic strips where he continuously tried kicking the football only to have Lucy pull it away at the last minute. Now Ellen Nakashima, from the Washington Post, is reporting that ‘Pentagon computer-network defense command delayed by congressional concerns.’ Still, movement is occurring. The Pentagon hopes to brief lawmakers this month to clear the way for confirmation hearing of the Cyber Command’s new director.

For a little perspective, remember back in August 2008, the Air Force suspended all efforts to the establishment of the Cyber Command. This was after the Air Force was hyping the Cyber Command capabilities on TV, in Web video advertisement, and in presentations. In September, the Pentagon decided that the US Strategic Command in Omaha, NE should create and run a version of the joint Cyber Command. Deputy Secretary of Defense Gordon England wrote in a memo, ‘Because all the combatant commands, military departments and other defense components need the ability to work unhindered in cyberspace, the domain does not fall within the purview of any particular department or component.’

In October, top Air Force leadership decided to continue efforts to stand up the Cyber Command. At the time, Air Force Secretary Michael Donley made the statement, ‘The conduct of cyber operations is a complex issue, as [Defense] and other interagency partners have substantial equity in the cyber arena. We will continue to do our part to increase Air Force cyber capabilities and institutionalize our cyber mission.’

Top military officials in May 2009 argued for a single joint command and went on to tell the media that a ‘Cyber attack could bring U.S. military response.’ In June 2009, Defense Secretary Robert M. Gates in a memo Stated, ‘Our increasing dependency on cyberspace, alongside a growing array of cyber threats and vulnerabilities, adds a new element of risk to our national security. To address this risk effectively and to secure freedom of action in cyberspace, the Department of Defense requires a command that possesses the required technical capability and remains focused on the integration of cyberspace operations.’

The Defense Department failed to meet an Oct. 1 target launch date. There have been no confirmation hearing for the command’s first director. Nakashima is reporting that the project was delayed by ‘congressional questions about its mission and possible privacy concerns.’

NSA Deputy Director John (Chris) Inglis said ‘90 percent’ of the command’s focus will be on defensive measures because ‘that’s where we are way behind.’ The offensive measure lead to many policy and doctrinal questions involving cyber warfare. Nakashima goes on to report one official familiar with the Pentagon’s plans, who was not authorized to speak for the record, stated ‘The rules can vary dramatically depending upon under what authority you’re doing something. An offensive action is not a decision that can be taken very lightly. It is an extraordinary action because of the consequences that could result for either DOD or the intelligence community or critical U.S. industries.’

Offensive computing is a difficult topic to tackle. Remember Col. Charles W. Williamson III? He ran into a bit of controversy back in May 2008 when he posted ‘Carpet bombing in cyberspace: Why America needs a military botnet.’ He stated, ‘America needs a network that can project power by building an robot network (botnet) that can direct such massive amounts of traffic to target computers that they can no longer communicate and become no more useful to our adversaries than hunks of metal and plastic.’ Richard Bejtlich’s post, ‘Mutually Assured DDoS’ points out several of the problems with a robot network. Sean Sullivan from F-Secure also did a thoughtful response titled ‘US Air Force Colonel Proposes Skynet.’ The problem will always be in cyberspace, attackers do not wear uniforms, nor do they necessarily come from a particular domain. It is not so easy to identifying the enemy. The intelligent attacker makes all effort to blend into the population.

Paul B. Kurtz, a cybersecurity expert who served in the George W. Bush and Clinton administrations stated, ‘I don’t think there’s any dispute about the need for Cyber Command. We need to do better defending DOD networks and more clearly think through what we’re going to do offensively in cyberspace. But the question is how does that all mesh with existing organizations and authorities? The devil really is in the details.’

Nakashima reports officials stated:

‘The initial operating plan for a cyber command is straightforward: to merge the Pentagon’s defensive unit, Joint Task Force-Global Network Operations, with its offensive outfit, the Joint Functional Command Component-Network Warfare, at Fort Meade, home to the NSA. The new command, which would include about 500 staffers, would leverage the NSA’s technical capabilities but fall under the Pentagon’s Strategic Command.

Lt. Gen. Keith B. Alexander, director of the NSA, has been nominated by President Obama to be the director of the Cyber Command. Congressional staff have been briefed three times, and the Pentagon hopes to brief lawmakers this month. Once the staff are satisfied the understand the command’s purpose and operating place, the Senate Armed Service Committee can hold the confirmation hearing for a new director.

Edmund Burke once said, ‘All that is necessary for evil to succeed is that good men do nothing.’ Of course, Saint Bernard of Clairvaux would have cautioned, ‘Hell is full of good intentions or desires.’ While there are many issues involved with the development of a US Cyber Command, steps are continuing to occur. Issues are being considered. Is it progress? I believe so. Stay tuned and we will all see what happens.

(Via System Advancements at the Monastery.)

White House (Finally) Picks New Cyber Czar

December 22, 2009

White House (Finally) Picks New Cyber Czar: “An AP newswire article, via, reports that:

After months of wrangling and delays, President Barack Obama has chosen a national cyber security coordinator to take on the formidable task of organizing and managing the nation’s increasingly vulnerable digital networks.

Obama has tapped Howard A. Schmidt, longtime computer security executive who worked in the Bush administration and has extensive ties to the corporate world, according to a senior White House official, who spoke on condition of anonymity because the announcement will not be made until Tuesday.

Schmidt’s selection comes more than 10 months after Obama declared cyber security a priority and ordered a broad administration review.

The official said Obama was personally involved in the selection process and chose Schmidt after an extensive search because of his unique background and skills. Schmidt will have regular and direct access to the President for cybersecurity issues, the official said.

More here.

(Via Fergie’s Tech Blog.)

U.S. Takes Fight Against Hackers Overseas

December 11, 2009

U.S. Takes Fight Against Hackers Overseas: “An AP newswire article, via, reports that:

The tip came from another country’s law enforcement officials: Eight major banks in the U.S. were being targeted by cybercriminals operating there.

FBI agents fanned out that night to warn the branches that hackers were aiming to break into their computer systems. The banks were able to spot the attempted breaches, and block them, FBI officials said.

Concerned about the rise in this type of sophisticated computer attack from abroad, the FBI and the U.S. Secret Service are beefing up their international cybercrime enforcement, sending agents who specialize in the threats overseas to specifically deal with digital perils.

Their growing coordination with other nations, however, faces legal and political challenges posed by conflicting laws and the lack of broadly accepted international guidelines for Internet oversight.

‘With the increased connectivity in countries that heretofore didn’t have that amount of access, and the technological advances made in corporate America that have put vulnerable financial information online, it’s been the perfect storm,’ said Shawn Henry, assistant director of the FBI’s cyber division.

More here.

(Via Fergie’s Tech Blog.)

Cybersecurity task force established

December 10, 2009

Cybersecurity task force established: “

The Senate Select Committee on Intelligence has set up a bi-partisan taskforce on cybersecurity to evaluate potential online threats and provide recommendations for action to the US intelligence community.

The cybersecurity taskforce, which will be chaired by Senator Sheldon Whitehouse, is expected to complete its review by June 2010. The aim is to evaluate how the country can better coordinate its defenses against the growing challenge posed by cyberespionage, cyberterrorism and cyberwarfare, an issue that has been of mounting concern to the administration as it concentrates on the cybersecurity threat to the US.

The review is the second to take place this year. Following a security breach at the Federal Aviation Administration, President Obama launched a 60-day cybersecurity review and released a broad five-point plan in late May to try to tackle the issue more effectively.

The plan included the creation of a new cyber-czar position to devise, co-ordinate and manage cybersecurity strategy across different government agencies. President Obama said he would personally choose who would fill the cyber-czar position and give whoever was appointed regular access to the Oval Office.

But critics have criticized the role’s lack of teeth. Any appointee to the cyber-czar role would not report directly to the President and would

(Via Hostexploit News RSS.)

US Military cyber forces on the defensive in network battle

November 30, 2009

US Military cyber forces on the defensive in network battle: “

Operation Screaming Whimpering Fist

The US 24th Air Force – the first dedicated American military cyber force to go operational – is ‘not yet a warfighting organisation’ and needs to ‘create an awareness of the battlespace’, according to its commander.…

(Via The Register – Security.)

4 threats that scare CISOs

November 30, 2009

Chief information security officers answer 4 burning questions

6 chief information security officers share how they plan to keep government data and computers safe in the face of constantly changing risks, red tape and tight budgets

By John Moore

Nov 16, 2009

Unto the breach—that’s the everyday reality for the government chief information security officer, arguably one of the most difficult yet important jobs in government IT.

When the CISO title first started appearing on agency organization charts about seven years ago, the job was largely a paper-pushing exercise, focused on gathering data on the security of agency systems and rolling it into an annual report to Congress, as required by the Federal Information Security Management Act.

So what do CISOs need to do to make sure that security gets its due? What problems do they see coming, and how do they plan to address them with limited resources?

To discuss these and other important issues, contributing editor John Moore set up a virtual round table with five current and one former government CISOs. All participants received each question by e-mail and were invited to respond to one another’s answers.

FCC forms cyber security group

November 27, 2009

FCC forms cyber security group: “November 27, 2009 | Follow TG Daily: TWITTER FACEBOOK RSS

In-Q-Tel Invests in FireEye

November 19, 2009

In-Q-Tel Invests in FireEye: “J. Nicholas Hoover writes on InformationWeek:

The independent venture arm of the U.S. intelligence community, In-Q-Tel, has invested in cybersecurity company FireEye, the company announced Wednesday.

In-Q-Tel and FireEye didn’t disclose terms of the agreement, or which intelligence agencies are particularly interested in the technology. However, in a release, they said that the investment ‘will extend FireEye’s cyber security product development and stealth malware technical capabilities to protect against cyber threats.’

The intelligence community has a clear interest in cybersecurity investment. At a conference earlier this month, deputy secretary of defense William Lynn said that more than 100 foreign intelligence agencies are actively trying to hack into federal government systems. The NSA recently announced plans to build a $1.5 billion cybersecurity data center in Utah.

California-based FireEye sells an out-of-band security appliance that monitors all inbound network traffic, employing a blend of signatures and heuristics to analyze traffic for evidence of suspicious behavior. After identifying suspicious traffic, the appliance captures and replays the traffic on virtual machines running in the appliance, which imitate real PCs. If those PCs are compromised, FireEye alerts administrators. By routing the traffic to a virtual machine, FireEye claims it is able to mitigate false positives. The virtual machines are invisible to the customer’s production network.

More here.

(Via Fergie’s Tech Blog.)