September 27, 2017
Surveillance Program Had 106,000 Foreign Targets in 2016 – United States
With an end-of-year deadline looming to re-authorize a vital foreign intelligence collection tool, senior U.S. government officials said Monday that the program had 106,000 foreign targets in calendar-year 2016 – as they urged renewal, arguing there is “no substitute” for this kind of intelligence. The “702” program – Section 702 of the Foreign Intelligence Surveillance Act (FISA) -- is "the single most important operational statute," one senior government official said, pointing to its effectiveness aiding counter-proliferation efforts, disrupting terrorist plots and aiding warriors on the battlefield. Officials authorized to speak on behalf of their department or agency briefed reporters Monday. As part of the briefing, Director of National Intelligence Dan Coats said its reauthorization is "absolutely a top priority," adding the intelligence community wanted to be "upfront with the American people" about the program, which is only used against foreign targets. Senior U.S. government officials say the tool was instrumental in fleshing out the ISIS network associated with Shawn Parson, who was a recruiter and prolific propagandist who directed sympathizers to launch attacks against western targets. He was killed in Syria in 2015. The U.S. officials also said intelligence from the program helped Turkish authorities identify the assailant in an Istanbul New Year's attack, which killed 39 people. Lawmakers from both parties have expressed their concerns about U.S. citizen information and the safeguards to protect it, as well as whether officials from the Obama White House wrongly leaked the intelligence to damage the incoming Trump team. A senior NSA analyst, whose father was on the ground at the World Trade Center after 9/11 and now suffers serious health issues, emphasized the ripple effect of terrorist acts -- saying there are multiple protections in place to maintain U.S. government commitments to privacy, as well as the integrity of the data.
Passwords for 540,000 Car Tracking Devices Leaked Online – United States
Login credentials of more than half a million records belonging to vehicle tracking device company SVR Tracking have leaked online, potentially exposing the personal data and vehicle details of drivers and businesses using its service. Just two days ago, Viacom was found exposing the keys to its kingdom on an unsecured Amazon S3 server, and this data breach is yet another example of storing sensitive data on a misconfigured cloud server. The Kromtech Security Center was first to discover a wide-open, public-facing misconfigured Amazon Web Server (AWS) S3 cloud storage bucket containing a cache belonging to SVR that was left publicly accessible for an unknown period. Stands for Stolen Vehicle Records, the SVR Tracking service allows its customers to track their vehicles in real time by attaching a physical tracking device to vehicles in a discreet location, so their customers can monitor and recover them in case their vehicles are stolen. The leaked cache contained details of roughly 540,000 SVR accounts, including email addresses and passwords, as well as users' vehicle data, like VIN (vehicle identification number), IMEI numbers of GPS devices. Since the leaked passwords were stored using SHA-1, a 20-years-old weak cryptographic hash function that was designed by the US National Security Agency (NSA), which can be cracked with ease. The leaked database also exposed 339 logs that contained photographs and data about vehicle status and maintenance records, along with a document with information on the 427 dealerships that use SVR's tracking services.
Puerto Rico Power Grid Rebuild After Hurricane Faces Big Hurdles – Puerto Rico
Six days after Hurricane Maria devastated Puerto Rico, officials were still taking stock of what is expected to be a months-long effort to rebuild the island’s power system, keeping much of its 3.4 million people in darkness for an extended period. Maria struck the U.S. territory as a very dangerous Category 4 hurricane last week, with winds up to 155 miles per hour (249 km per hour), leveling large swathes of the island, killing at least 10 residents and cutting off power and telecommunications services. Broken electricity poles and streetlights were seen listing into the middle of highways around the island on Monday, with intersections turned into obstacle courses as cars drove over and around tangled wires and other debris. Unlike Hurricane Irma a week earlier, where tens of thousands of utility workers streamed into Florida shortly after that storm swept through the state, those dedicated to assessing the damage to Puerto Rico’s degraded electrical grid were only starting to get the full measure of the destruction. A full damage assessment has been difficult because of the limited ability to get flights to the island and as federal agencies have been concentrating on life-saving efforts and providing power to crucial infrastructure like hospitals. Rebuilding will be a challenging task for the island’s bankrupt electric utility, Puerto Rico Electric Power Authority (PREPA), already regularly criticized by residents for frequent outages and rates higher than every U.S. state other than Hawaii.
FOR MORE INFORMATION:
To sign up for the complete daily G4S Corporate Risk Services Intelligence Bulletin, as well as regular intelligence and risk updates and news, click here to subscribe!