On Q Professional Investigations

“In the first Minnesota case to address a new and growing form of cybercrime, federal prosecutors have charged a former state resident with employing “hackers-for-hire” to sabotage the website of a local business.

The case reflects concern among law enforcement officials nationwide that hackers ranging from disgruntled ex-employees to enemy nation states are ramping up attacks on an ever-expanding array of personal digital devices connected to the web.

Prosecutors say John Kelsey Gammell, 46, paid hacking services to inflict a year’s worth of “distributed denial of service” (DDoS) attacks to bring down websites affiliated with Washburn Computer Group, a Monticello business where he used to work.

DDoS attacks overwhelm a network with data, blocking access for legitimate users and even knocking web services offline. Washburn, a point-of-sale system repair company, told prosecutors that Gammell’s attacks cost it about $15,000.

Authorities say Gammell didn’t stop there: He is accused of paying $19.99 to $199.99 in monthly payments to try to bring down web networks that included those of the Minnesota Judicial Branch, Hennepin County and several banks.

“As a society that is increasingly reliant on network-connected devices, these types of cyberattacks pose a serious threat to individuals, businesses, and even our nation’s critical infrastructure,” Acting U.S. Attorney Gregory Brooker in Minneapolis said, speaking generally about the new forms of crime.

The FBI’s Internet Crime Complaint Center reported more than $11 million in losses to victims of DDoS attacks last year.

“We have a growing trend where the sophistication of the dark web and the sophistication of certain professional hackers to provide resources is allowing individuals — and not just experienced individuals — to conduct hacks and conduct DDoS,” said FBI Supervisory special agent Michael Krause, who leads the FBI’s cyber squad in Minneapolis.

Devices such as digital video recorders and home appliances recently have been marshaled by cyber criminals to carry out massive operations like last year’s flooding of a prominent web infrastructure company that affected sites like Amazon and Netflix. In a separate attack, in June 2016, the Minnesota Judicial Branch’s website went down for 10 days, alarming local officials because so many government services have at least some nexus to the web.

“A lot of people think it’s just a nuisance,” said Chris Buse, Minnesota’s chief information security officer. “But it’s not. If you look at what government does — basic critical services — if those services don’t continue, people can literally die.”

Minnesota IT Services, which administers the state’s computer systems, said state networks field an average of more than 3 million attempted cyberattacks daily. Officials say the state still hasn’t experienced a major attack on par with a 2012 South Carolina breach that exposed personal data for 3.7 million residents and cost the state $20 million.

But with hackers able to take over hundreds of millions of unsecured devices worldwide to flood networks in a single DDoS attack, security professionals are trying to stay ahead of the threat.

“In our environment it’s pretty clear now that every organization needs some sophisticated and expensive tools to mitigate these DDoS attacks,” Buse said.

‘We will do much business’

The government’s case against Gammell underlines the difficulty of linking any suspect to the daily torrent of attacks often carried out by far-afield hackers who advertise their services online. Authorities might not have caught Gammell without tracing taunting e-mails he allegedly sent after attacks.

One of his preferred hacking-for-hire services was called vDOS, which was shuttered last year after the arrests of two alleged operators in Israel. The FBI obtained files from vDOS that included records of Gammell’s purchases, attacks and communications with vDOS administrators and customers.

One day in 2015, according to a criminal complaint, Gammell eagerly wrote the company boasting of his success in blowing past a “DDoS mitigation” program to kick an unnamed network offline for at least two days. “We will do much business,” Gammell allegedly wrote. “Thank you for your outstanding product.”

According to an FBI agent’s sworn affidavit, Gammell sought out seven sites offering DDoS-for-hire services and paid monthly fees to three to carry out web attacks from July 2015 to September 2016.

Charges are also expected out of Colorado and New Mexico for firearms offenses stemming from searches in the case.

Appearing in a Minneapolis courtroom last week, Gammell confirmed that he rejected a plea offer that would have resolved all charges and capped his possible prison sentence at a mandatory 15 to 17 years. A federal magistrate is reviewing motions filed by Gammell’s attorney, Rachel Paulose, to dismiss the case or suppress evidence.

On Monday, Paulose told U.S. Magistrate Judge David Schultz that evidence the FBI obtained from an unnamed researcher should be thrown out and suggested the data could itself have been retrieved by hacking.

Paulose, who did not respond to messages seeking comment for this story, also argued in pretrial motions that Gammell didn’t personally attack Washburn.

“The government has failed to charge a single one of those ‘cyber hit men’ services, named and evidently well known to the government,” Paulose wrote. “Instead the government’s neglect has allowed the professional cyber hit men for hire to skip off merrily into the night.”

Addressing Schultz last week, Paulose described the attacks on Washburn as “essentially a prank on a dormant site not doing business.”

“Even if Mr. Gammell thinks it’s a prank,” Assistant U.S. Attorney Timothy Rank replied, “it’s a criminal prank.”

View Source

HOUSTON - Fake FEMA inspectors have been spotted in a couple of Houston neighborhoods. But they didn’t do their research very well.

The neighborhoods they’ve hit did not even flood. That was the first red flag when a man knocked on Kathy Horner’s front door.

“And he identified himself as a FEMA inspector,” said Horner.

She said the man even looked the part.

“He did have a very official looking badge,” said Horner.

But she knew her family never filed a claim for flood damage.Therefore, she never opened the door.

She also took a photo of the man’s white sedan before he left the neighborhood.

“I set the alarm and called the constable,” said Horner.

Horner posted a warning on the NextDoor app under the heading “FEMA Inspector Impersonator.”

Her story mirrors a post from a homeowner on 24th Street titled “Beware of supposed FEMA inspector.” The man in that case bolted when confronted with a camera.

“These are real bottom feeders,” said neighbor Michael Silverman.

He hates to think people would fall for such a scam, especially in areas unaffected by the flood.

“So any FEMA workers that would come around here would be very suspicious,” said Silverman. “And I would think they would be looking to take advantage of some people.”

According to FEMA, you should always ask to see an inspector’s badge up close. A FEMA shirt or jacket does not make them legitimate.

Another very important reminder is that inspectors never show up unannounced. They have no reason to be at a home if the owner did not file a claim or register for disaster assistance.

“Just be careful about who you talk to,” said Horner. “Don’t let anybody in your home.”

And be watchful of warnings from people who’ve encountered potential imposters.

Here’s a template of a federal ID that official inspectors will have. They may also say “contractor” on the bottom.

View Source

“A Lynwood woman who allegedly stole the identity and bar license number of an attorney is expected to face a federal judge today on charges she filed immigration petitions on behalf of foreign nationals who believed she was a legitimate lawyer.

Jessica Godoy Ramos, 36, was arrested late Wednesday pursuant to a criminal complaint that charges her with mail fraud and aggravated identity theft, according to the U.S. Attorney’s Office.

According to the criminal complaint, Ramos accepted thousands of dollars from several dozen aliens who sought her services in an attempt to obtain legal status in the United States. The complaint affidavit alleges that Ramos filed immigration petitions on the behalf of some aliens, but in other cases she never performed any services for her clients.

In at least one instance, Ramos created counterfeit immigration parole documents which a client was able to use to enter the United States, the government alleges.

The complaint alleges that Ramos’ clients initially believed she was a legitimate immigration attorney, but several became suspicious when Ramos directed them to appear at U.S. Citizenship and
Immigration Services offices for interviews — but they did not have any scheduled appointments.

“The crimes alleged in this case victimized dozens of immigrants who were attempting to realize the American dream by paying someone they thought was a lawyer,” said acting U.S. Attorney

Sandra R. Brown. “This type of scam, which unfortunately targets new immigrants too often, undermines our immigration system and can shatter dreams of obtaining legal status to remain in the United States.”

If convicted, Ramos would face up to 20 years in federal prison for the mail fraud count and a mandatory consecutive sentence of two years for the aggravated identity theft charge.

“Unscrupulous immigration practitioners not only exploit the trust of their often-unwitting victims, but by filing fraudulent immigration applications they create a security vulnerability and potentially rob deserving immigrants of benefits they rightfully deserve,” said Joseph Macias, special agent in charge for U.S. Immigration and Customs Enforcement’s Homeland Security
Investigations in Los Angeles.

Federal authorities began investigating Ramos in February after the HSI- led Document and Benefit Fraud Task Force received a tip from USCIS about five of Ramos’ clients who went to USCIS offices in downtown Los Angeles expecting to pick up their non-existent “green cards.”

“People who wish to file for benefits with U.S. Citizenship and Immigration Services have a right to proper representation,” said USCIS Los Angeles District Director Donna Campagnolo. “This
case is a good example of all agencies involved working together to ensure that the integrity of the program is preserved and individuals are able to retain proper representation to aide them through the process.”

View Source

“The Transportation Security Administration (TSA) has deployed more than 1,100 members of its workforce to help with hurricane relief efforts in some of the hardest-hit areas.

About 500 employees were dispatched to assist with screening operations at impacted airports, while another 660 TSA workers volunteered to serve on the Department of Homeland Security’s “Surge

Capacity Force” to help deliver aid directly to storm survivors.

At Cyril King Airport in St. Thomas, which was severely damaged by Hurricane Irma, the TSA has had to use alternative screening methods — such as canine teams and hand-held metal detectors — to screen passengers for charter flights.

And in San Juan, Puerto Rico, the airport was so crippled by Hurricane Maria that Federal Aviation Administration technicians had to use chainsaws to clear a path in order to reach radar sites and restore the radar technology.

“I am proud and humbled by the spirit and dedication to service exhibited by the TSA workforce. Several TSA officers even walked miles from their homes in St. Thomas to reach the airport,” said TSA Administrator David Pekoske in a statement.

“Make no mistake, TSA stands ready to help reopen impacted airports following Hurricane Maria, and I am very gratified by the continued commitment to mission demonstrated by TSA employees across the country,” he said.

The TSA volunteers came from 20 airports around the country. The agency vowed to continue using local personnel and volunteers to help airports and airlines recover from the disaster.
The Hill”

View Source

“Just beside Hogan’s Alley, the mock town and training facility at the FBI Academy in Quantico, Virginia, there’s a cluster of modern two-story buildings with several classrooms. Inside one of the classrooms, new agent trainees are forming their squads for the morning when they receive word that an “explosion” has occurred in a nearby city.

Over the previous few weeks, the squad has been using the skills they’ve learned to investigate a simulated hotel bombing and track down the criminals responsible for the attack. With this new report, trainees suspect that the events could be linked to terrorist activity. But before they can identify subjects, the squad needs to gather intelligence, conduct interviews, and dig up more clues.

The agents’ partners in this effort are new FBI intelligence analysts who are training right alongside them. Analysts—the men and women who help gather, share, and make sense of information and intelligence from all corners of the globe—have never been more vital to the Bureau’s mission in this post-9/11 world. By integrating their training, the FBI is replicating what agents and analysts will experience in their coming cases and ensuring that seamless collaboration is part of their DNA from day one.

“Agent and analyst trainees need to understand each other’s respective job roles and how that plays out in the real world,” says Carrie Richardson-Zadra, a supervisory special agent with the FBI’s Investigative and Intelligence Training Unit. “That’s why we have them work together from the moment they arrive at the academy.”

Later in the exercise, trainees begin questioning the wife of a suspected extremist (played by a local actor). She’s reluctant to talk at first, but by using their newly learned interviewing tactics based on building rapport, the new agents are slowly able to obtain the information they need to stop a potential terrorist attack. If it weren’t for the insight provided by the intelligence analysts in their squad, the trainees wouldn’t have been so successful.

While trainees are integrated both inside and outside the classroom, specialized courses are provided to students based on what their roles will be in the field. For new agent trainees, the academic side of the training is demanding and includes a broad range of subjects that ground them in the fundamentals of law, ethics (see sidebar), behavioral science, interviewing and report writing, basic and advanced investigative and intelligence techniques, interrogation, and evidence collection.

Agent trainees also receive more than 90 hours of instruction and practical exercises focused on tactics, operations planning, cooperating witnesses and informants, physical and electronic surveillance, undercover operations, and intelligence.

The rigorous academics are vital to the future success of agent trainees. They will need to learn the basics of federal law, the U.S. Constitution, and the legal process. If agents don’t understand all of the details governing searches, questions could be raised during trial about the credibility of recovered evidence.

The intelligence analysts will ultimately graduate before the agents after 12 weeks at Quantico. At that point, new agent trainees begin their tactical training and set their sights on the crooked criminals and gangs waiting for them in Hogan’s Alley.”

Read More

“Part 1: The First Week

It’s a hot afternoon in August, and the last of the trainees steps off a coach bus parked outside a dormitory at the FBI Academy. One by one, young men and women from all walks of life make their way toward the entrance with luggage in tow.

A sense of nervous excitement can be felt as supervisors, counselors, and others meet each trainee inside the lobby. They shuffle from station to station and gather paperwork, equipment, class schedules, and dorm assignments. At one of the stops, trainees receive standard-issue polo shirts, khaki pants, and workout gear.

This diverse band of trainees is converging on Quantico from across the country with one goal in mind: to complete the Basic Field Training Course and become special agents of the FBI.

The training will be taxing on many levels—academically, physically, and psychologically—and success is far from guaranteed. But through the close bonds inevitably formed by fellow classmates and support from the Academy’s training staff, new agents will endure the challenges that lie ahead.

Over the span of five months, trainees will learn the fundamentals of the special agent tradecraft. They’ll root out drug dealers and bank robbers in Hogan’s Alley, the FBI’s mock town and practical training facility. They’ll expose terrorist cells and learn how to conduct challenging interviews. They’ll study legal issues and investigative procedures, gather and analyze evidence, and fire thousands of rounds at the range. Along the way, new agent trainees will work alongside new intelligence analysts to identify threats and develop critical thinking skills.

The intense training regimen is necessary to prepare new agents to carry out the FBI’s complex mission of protecting the nation from a host of major national security and criminal threats—including those posed by terrorists, spies, hackers, gangs, and more—while upholding civil rights and the Constitution of the United States.

Just getting to the Academy was a long and hard-fought journey for the trainees arriving this summer day. They had to compete against tens of thousands of applicants in one of the most grueling selection processes in the country. Navigating the many elements of the application process—including several rounds of interviews and a thorough background check—was its own test. Ultimately, perseverance paid off.

Like their predecessors, this class of new agents comes with a variety of career experiences—some not as traditional as you might expect. The majority of students have military, law enforcement, or criminal justice backgrounds, but there are also former teachers, scientists, IT professionals, entrepreneurs, and more.”

Read More

Homeland Security Department offices are dropping the ball on information security controls, according to a pair of audits released last week.

Auditors with the firm KPMG walked through offices and cubicles of staff for the DHS chief information officer and chief financial officer after work hours and found unsecured laptops and mobile devices and written down passwords, according to one of the audits.

The inspectors also found unsecured documents marked “for official use only” and documents that contained employees or citizens’ personal information, according to the audit, which was performed during the 2016 fiscal year.

The unsecured information was found in three out of 69 workspaces the auditors visited, KPMG said.

The audit also found password configurations used by those officers that didn’t meet departmentwide standards and a plan for configuring access controls for sensitive data that was still in draft form.

A separate audit released Tuesday for DHS’ main cyber division, the National Protection and Programs Directorate, found deficiencies that “limited NPPD’s ability to ensure that critical financial and operational data were maintained in such a manner to ensure their confidentiality, integrity, and availability.”

NPPD couldn’t produce a complete and accurate list of all contractors that stopped serving the division during the 2016 fiscal year, according to the audit.

The division also didn’t have sufficient controls to monitor when employee and contractor digital accounts were closed or recertified or when a user’s privileges were elevated, the audit found.

The audit also found weaknesses in ways the division scanned its systems for digital vulnerabilities and found NPPD didn’t fully comply with rules concerning database passwords and elevating user privileges.

View Source

Chicago police, federal agents and prosecutors are launching a new initiative Friday to stem the flow of illegal firearms in the city as part of efforts to curb rampant gun violence that President Donald Trump says is at “epidemic proportions.”

Trump’s remark on Twitter came ahead of an announcement by Chicago police and the Bureau of Alcohol, Tobacco, Firearms and Explosives about the formation of the Chicago Crime Gun Strike Force. The Chicago Sun-Times reported 20 additional ATF agents have been sent to Chicago.

State police, intelligence analysts and state and federal prosecutors will target illegal guns and repeat gun offenders, Chicago police said. Superintendent Eddie Johnson said in a statement Thursday night that “we are foundationally changing the way we fight crime in Chicago.”

Trump tweeted Friday morning that “Crime and killings in Chicago have reached such epidemic proportions that I am sending in Federal help.” In January, he warned Chicago about its high number of homicides, saying on Twitter that he is ready to “send in the Feds.”

Trump’s latest tweet said there have been 1,714 shootings in Chicago this year. The Sun-Times said its count showed 1,737 people have been shot in 2017, including 306 who died. The Associated Press sent a message to a police spokesman seeking their most recent count.

Police and federal officials note, however, that efforts to curb gun violence in Chicago have been cooperative — and are ongoing. Under the new effort, the federal prosecutors and prosecutors from Cook County will work on new strategies to prosecute gun crimes and offenders.

Attorney General Jeff Sessions, speaking Friday on the Fox News Channel’s morning show, “Fox & Friends,” said the Justice Department is “sending in additional gun investigators” to Chicago and that he has urged the U.S. attorney’s office to prosecute gun cases aggressively.

“The police have been demoralized in many ways,” he said. “In many ways, the policies in Chicago have not been working. Murders are way, way too high. It is critical for the people of Chicago’s public safety that we begin to work together here and deport violent criminals that have been convicted. They need to not be a sanctuary city, they need to be protecting the people of Chicago from violent criminals.”

Read More

All the nickels, dimes and quarters travelers leave behind at airport security checkpoints adds up to big bucks — enough that next time you forget your change after emptying your pockets, you might want to go back for it.

In fiscal year 2016, travelers left behind a record $867,812.39, according to a report from the Transportation Security Administration. That’s over $100,000 more than went unclaimed the previous year. Of that amount, nearly $80,000 was in foreign currency.

“TSA makes every effort to reunite passengers with items left at the checkpoint, however there are instances where loose change or other items are left behind and unclaimed,” TSA spokeswoman Lisa Farbstein said. “Unclaimed money, typically consisting of loose coins passengers remove from their pockets, is documented and turned into the TSA financial office.”

New York’s John F. Kennedy International Airport ranked the highest for unclaimed money with $70,615. That was followed by Los Angeles International at $44,811.82. Among D.C. area airports, only Dulles International made the top 10 in unclaimed funds with $20,801.25.

National Airport travelers, however, weren’t far behind Dulles, leaving $18,753.31. And despite being the region’s busiest airport, travelers left only $5,946.50 at checkpoints at Baltimore-Washington International Marshall Airport.

So where does all that spare change go? In 2005, Congress gave the TSA the authority to spend the money on security operations.

Read More

The images are disturbing: cargo trucks plowing into crowds of people enjoying holiday street festivals and markets.

In recent years, these terrorist attacks have happened often — mostly in European countries — leaving dozens of people dead and hundreds injured.

Now, the U.S. Transportation Security Administration wants truck rental agencies to be more vigilant in efforts to prevent these attacks, releasing a report this week that outlines the increased threat of such incidents.

The report, titled “Vehicle ramming attacks: Threat landscape, indicators and countermeasures,” notes that in the last three years, at least 173 people have been killed and more than 700 wounded in 17 ramming attacks around the world. Within the six-page report, the TSA urges truck companies to report suspicious activity — for example, would-be renters asking about altering a truck — to law enforcement officials.

Moreover, the report warns that no community, “large or small, rural or urban, is immune to attacks of this kind by organized or ‘lone wolf’” attackers.

“Terrorist organizations overseas have advocated conducting vehicle ramming attacks — using modified or unmodified motor vehicles — against crowds, buildings and other vehicles,” the TSA writes in the report. “Such attacks could target locations where large numbers of people congregate, including parades and other celebratory gatherings, sporting events, entertainment venues or shopping centers.”

Read More