A computer hard drive which contained huge amounts of personal and sensitive information from the Clinton administration is missing. Some of this information includes Social Security numbers, personal addresses and even scarier, Secret Service and White House operational procedures.
Yesterday, government officials were briefed about the compromise, which was originally discovered in April. The hard drive held a terabyte of computer data that could contain millions of individual records. A terabyte of data would be enough to fill millions of books, according to this article published by the AP.
The media is reporting that the personal information of one of Al Gore's three daughters was one of the millions of records gone missing – although it is not clear which daughter's information was compromised. Given the amount of information stolen, it's likely a lot of other notable as well as ordinary people have been compromised, too. According to articles I read, authorities are still trying to figure out exactly what was on the hard drive.
The drive was lost sometime between March 2008 and April 2009 from the National Archives and Administrations in College Park, MD, which is a Washington suburb near the University of Maryland.
The drive was left out, unsecured, in a room that is frequently left unlocked for ventilation. According to an unidentified source, a researcher who was converting the information to a digital records system left the hard drive on a shelf for an unknown period of time. When the researcher tried to resume work on the project, it was discovered to be missing.
According to Rep. Edolphus Towns, Democrat-N.Y., chairman of the House Oversight and Government Reform Committee, they are seeking more information on the breach, and the FBI is investigating.
The FBI will have a lot of suspects in this case. One hundred badge holders had access to the area. Additionally,the point of compromise is an area where workers, interns and even visitors pass on their way to the restroom.
This information would normally be stored in a secure area. Thus far, officials are quick to point out that it is unknown whether the hard drive was stolen or accidentally lost, and if any sensitive security information was lost.
At this time, either it isn't clear, or no one is saying, whether or not the data was encrypted. Encrypting data is considered a "safe and sane" security practice when dealing with data in transit and has become a legal requirement in many situations.
The House Oversight and Government Reform Committee have pointed to a problem with government agencies being compromised in the past. In a report released in 2006, the Committee came to the conclusion that the problem with agencies being compromised was government-wide. Other findings in the report include: agencies do not always know what was lost, physical security of data is essential and contractors are responsible for many of the breaches.
The report covers from 2003 to 2006 and, in light of this latest occurrence, it appears the problem still exists.
More recently, President Obama has pointed to another problem which does have national security implications and which involves protecting cyberspace from the threats that exist today. Thus far, a study has been conducted, and is being reviewed. Stories in the media have pointed to a concern with cyber warfare and with hackers from foreign countries (notably China and Russia), who have been suspected of targeting government systems.
If you are interested in learning more about Chinese hackers, there is a well written blog on the subject titled "The Dark Visitor (Information on Chinese Hacking". Another non-government source which covers data breaches in general is the Open Security Foundation.
While the implications of this latest issue have yet to be determined, it is not good news from the standpoint of how easily the information was compromised. Of course, this is merely one incident, and if you follow the news, we get bad news about data compromises all the time.
Update 5/20/09: It has now been confirmed that the missing hard drive had no encryption and a $50,000 reward is being offered for information leading to it's recovery. Source: CNet.
Showing posts with label barack obama. Show all posts
Showing posts with label barack obama. Show all posts
Wednesday, May 20, 2009
Saturday, January 17, 2009
Inauguration Security Sets a Record by Itself!
The inauguration of the forty-fourth president, Barack Obama, will have a security force larger than what is currently deployed in Afghanistan to ensure it is a safe and sane event. The human resources securing the event will include Secret Service personnel, almost 30,000 National Guard troops, close to 1,000 FBI personnel, 8,000 police officers, TSA screeners and other more obscure assets.
Mine-Resistant Ambush-Protected Hummer
The security assets deployed for this event are so numerous, I had to read several mainstream news articles and press releases just to try to determine how many agencies were involved. Even after doing this, I would guess there are some that are not being publicly disclosed for good reasons.
Michael Chertoff, Homeland Security Secretary, will be on-hand himself and operating from a multi-agency command center. The command center will have representatives from 58 federal and local agencies. These representatives, who will all be in the same room, will give those involved in the event the ability to instantly communicate with each other.
The command center is live as of this writing and will remain in operation until 4:00 p.m. (Eastern Standard Time) on Wednesday. This is, of course, unless something happens and it needs to remain in operation longer.
Chertoff believes this will be the most complex security event ever mounted, but also mentioned to CNN that he is worried about the cold weather and the impact it might have on unprepared visitors. We need to remember that a lot of unfortunate things can occur when a mass of human beings gather. Unlike most of Bush's administration, Chertoff will remain on duty until after the inauguration is over.
An official press release from Secretary Chertoff, District of Columbia Mayor Adrian M. Fenty, Maryland Governor Martin O’Malley and Virginia Governor Timothy M. Kaine on the inauguration can be seen on the DHS site.
I found more information about inauguration security on the Secret Service site, which states that the FAA (Federal Aviation Administration) will be stepping up security on the air corridors around DC and the Coast Guard will patrol on the Potomac. It also mentions that the police involved will be from the Washington Metropolitan, Park and Capitol departments. If you are attending the event, or live in the area, it has a list of road closures that will be in effect during the inauguration.
The FBI is deploying lot of high-tech security devices including mobile command centers, mine-resistant ambush-protected vehicles, bomb containment vessels and bomb technician vehicles, which resemble a mobile-home.
In addition to the high-tech specialty equipment being deployed by the FBI — they will have a SWAT Team, Hazardous Materials Response Team, Bomb Technicians, an Underwater Search and Response Team and Crisis Negotiators — at the ready to handle a crisis scenario.
Mobile Bomb Containment Vessel
The military personnel — who will be mostly National Guard troops because of a law that prohibits active duty personnel from engaging in domestic law enforcement duties — will have assignments in the events, also. These include providing bomb sniffing dogs, NBC (Nuclear, Biological and Chemical) teams, transportation and communications units.
According to all of the officials involved, there is no specific threat they are worried about. Although some of the pundits are complaining that the security for this event is too intense, the proof in the pudding will be allowing them to claim they were right after it is all over. If that is the case, nothing will have happened and these measures will have accomplished their goal!
Friday, January 09, 2009
Spam Levels on the Rise, Again
With the shutdown of McColo by Internet Service Providers in November, global spam volumes dropped over 50 percent. Sadly, this appears to have been a short-term fix. According to a new Symantec report, the spammers have moved to new locations and the volumes are back up to 80 percent of pre-McColo levels.
While spam originates from a lot of places, the United States is still in the number one spot, with 27 percent of the spam observed originating from there. China and Brazil tied for second place with 7 percent of spam originating from these countries.
The report indicates that URLs in Canadian Pharmacy spam messages were noted as being top-level Chinese domains (.cn TLD). Could this mean that Chinese knock-off (counterfeit) prescriptions are trying to make it appear as if they are coming from Canada? Given the recent concerns of tainted and poisonous merchandise being exported from China, this might be a concern. Of course, I would think that buying prescription meds over the Internet should be a concern to most people, anyway.
In another variation of recently observed spam, a user is invited to join a social networking site. The link goes to a real group, which was created on the social networking site by the spammer. The group then links to a free blogging site, which redirects the victim to the ultimate destination URL. At the destination URL, personal information is requested, which is probably used to sell to marketing companies or used in other spam campaigns. Please note, although not mentioned in the report, that some of these campaigns might have malicious intent or be scams.
Also noted during the holiday season was a lot of e-Card spam. This spam sometimes comes with malware (malicious software) designed to steal personal and financial information or turn your machine in to a spam spewing zombie computer using your credentials.
A partcularly deceptive spam delivery method noted recently is spammers inserting their messages into legitimate newsletters. This method seems to get past spam filters pretty effectively. If the recipient clicks on the message, they are taken to a spammer site. Here again, it might be a site selling junk, but also could be a site with more malicious intent.
Another spam trend in vogue these days is to use the recession as a social engineering lure designed to get people to click on a spam link. Messages are being sent out in the millions touting easy bail-out money to be had and an assortment of the normal get-rich- quick schemes. If it's too good to be true and doesn't make sense, it's normally a scam, and I suspect that most of this type of spam is one.
Last but not least, the spammers are still using President-elect Barack Obama's name to market coin offers, a "Barackumentary DVD" and a free Visa card for helping the Obama clan pick their dog.
Shutting down McColo by reaching out to the ISPs — which was done largely through the work of Brian Krebs at Security Fix (Washington Post) -- showed that a significant impact can be made on spam when ISPs are held accountable. Given that Brian is one person and a journalist, this was an admirable piece of work. The fact that spam is approaching pre-McColo levels tells us that there are more ISPs that need to be held accountable. Maybe in the end, government and international agencies need to follow Brian's example and and make an impact on spam levels that will last a little longer.
Spam is a dangerous pain for everyone who uses e-mail. Most scams, questionable goods and services and cyber-attacks using malicious software start with a spam e-mail. Shutting down the spam operators can only make everyone's experience on the Internet a little more safe and sane.
While spam originates from a lot of places, the United States is still in the number one spot, with 27 percent of the spam observed originating from there. China and Brazil tied for second place with 7 percent of spam originating from these countries.
The report indicates that URLs in Canadian Pharmacy spam messages were noted as being top-level Chinese domains (.cn TLD). Could this mean that Chinese knock-off (counterfeit) prescriptions are trying to make it appear as if they are coming from Canada? Given the recent concerns of tainted and poisonous merchandise being exported from China, this might be a concern. Of course, I would think that buying prescription meds over the Internet should be a concern to most people, anyway.
In another variation of recently observed spam, a user is invited to join a social networking site. The link goes to a real group, which was created on the social networking site by the spammer. The group then links to a free blogging site, which redirects the victim to the ultimate destination URL. At the destination URL, personal information is requested, which is probably used to sell to marketing companies or used in other spam campaigns. Please note, although not mentioned in the report, that some of these campaigns might have malicious intent or be scams.
Also noted during the holiday season was a lot of e-Card spam. This spam sometimes comes with malware (malicious software) designed to steal personal and financial information or turn your machine in to a spam spewing zombie computer using your credentials.
A partcularly deceptive spam delivery method noted recently is spammers inserting their messages into legitimate newsletters. This method seems to get past spam filters pretty effectively. If the recipient clicks on the message, they are taken to a spammer site. Here again, it might be a site selling junk, but also could be a site with more malicious intent.
Another spam trend in vogue these days is to use the recession as a social engineering lure designed to get people to click on a spam link. Messages are being sent out in the millions touting easy bail-out money to be had and an assortment of the normal get-rich- quick schemes. If it's too good to be true and doesn't make sense, it's normally a scam, and I suspect that most of this type of spam is one.
Last but not least, the spammers are still using President-elect Barack Obama's name to market coin offers, a "Barackumentary DVD" and a free Visa card for helping the Obama clan pick their dog.
Shutting down McColo by reaching out to the ISPs — which was done largely through the work of Brian Krebs at Security Fix (Washington Post) -- showed that a significant impact can be made on spam when ISPs are held accountable. Given that Brian is one person and a journalist, this was an admirable piece of work. The fact that spam is approaching pre-McColo levels tells us that there are more ISPs that need to be held accountable. Maybe in the end, government and international agencies need to follow Brian's example and and make an impact on spam levels that will last a little longer.
Spam is a dangerous pain for everyone who uses e-mail. Most scams, questionable goods and services and cyber-attacks using malicious software start with a spam e-mail. Shutting down the spam operators can only make everyone's experience on the Internet a little more safe and sane.
Monday, January 05, 2009
Twitter Users (Including Barack and Britney) Hacked and Phished
The Phishermen (and probably a few women) are always looking for fresh waters to hook some unsuspecting phish — so it should be no surprise that Twitter is their latest target. After all, e-mail, cell phones, and Facebook have already been phished, along with countless desktops and laptops.
According to a Symantec blog post, Twitter users are receiving warning messages from Twitter command and control about this matter. The blog post by Marian Meritt, the Internet Safety Guru at Symantec, gives blogger Chris Pirillo credit for breaking the story on Saturday. According to the blog post at Symantec, the messages appear to come from someone you know at Twitter with a link to a malicious website designed to steal information.
Twitter also put up a warning on their blog. It starts with a Wikipedia definition of phishing and then details how the phishing attack will come in the form of an e-mail message notifying a person they have a Twitter Direct Message. Thus far, the social engineering lures being used in the e-mail go something like this: "Hey! check out this funny blog about you..." and direct the user to click on a link to a fake website.
They also point out that if you look at the URL you'll see that it is not the same as the URL for the normal landing page for Twitter. A trick to do this (without clicking on the link) is to hover your mouse pointer over the link. If you look at the bottom left portion of your page it will display the URL the link goes to. With all the malware people can get nowadays by just visiting (driving-by) a malicious page — this is a much safer way to go about it rather instead of actually clicking on the link to find it.
Twitter blog picture showing where to look for a suspicious URL
Authentic looking phishing sites aren't hard to create. Often the hacker merely copies the pictures of a legitimate site and puts them on a compromised (hacked) site so the activity can't be traced back to them. Hackers frequently seek out sites with poor security to compromise and put up their own (malicious) site.
Also contained in the blog entry are instructions on what to do if you've been phished. Basically, they direct you to their password reset tool and a legitimate e-mail will be sent to you so you can change your password.
Interestingly enough, Twitter also reported this morning that 33 prominent Twitter-ers were hacked over the weekend. Apparently, the notables included President-elect Obama, Rick Sanchez, and Britney Spears. According to Twitter, this attack has nothing to do with the phishing expedition into their waters. Apparently, someone hacked into some of the tools their support team uses to help people with their e-mail.
They also pointed out that Mr. Obama hasn't been twittering lately due to issues with the transition.
According to a Symantec blog post, Twitter users are receiving warning messages from Twitter command and control about this matter. The blog post by Marian Meritt, the Internet Safety Guru at Symantec, gives blogger Chris Pirillo credit for breaking the story on Saturday. According to the blog post at Symantec, the messages appear to come from someone you know at Twitter with a link to a malicious website designed to steal information.
Twitter also put up a warning on their blog. It starts with a Wikipedia definition of phishing and then details how the phishing attack will come in the form of an e-mail message notifying a person they have a Twitter Direct Message. Thus far, the social engineering lures being used in the e-mail go something like this: "Hey! check out this funny blog about you..." and direct the user to click on a link to a fake website.
They also point out that if you look at the URL you'll see that it is not the same as the URL for the normal landing page for Twitter. A trick to do this (without clicking on the link) is to hover your mouse pointer over the link. If you look at the bottom left portion of your page it will display the URL the link goes to. With all the malware people can get nowadays by just visiting (driving-by) a malicious page — this is a much safer way to go about it rather instead of actually clicking on the link to find it.
Twitter blog picture showing where to look for a suspicious URL
Authentic looking phishing sites aren't hard to create. Often the hacker merely copies the pictures of a legitimate site and puts them on a compromised (hacked) site so the activity can't be traced back to them. Hackers frequently seek out sites with poor security to compromise and put up their own (malicious) site.
Also contained in the blog entry are instructions on what to do if you've been phished. Basically, they direct you to their password reset tool and a legitimate e-mail will be sent to you so you can change your password.
Interestingly enough, Twitter also reported this morning that 33 prominent Twitter-ers were hacked over the weekend. Apparently, the notables included President-elect Obama, Rick Sanchez, and Britney Spears. According to Twitter, this attack has nothing to do with the phishing expedition into their waters. Apparently, someone hacked into some of the tools their support team uses to help people with their e-mail.
They also pointed out that Mr. Obama hasn't been twittering lately due to issues with the transition.
Sunday, December 21, 2008
Who Hacked the Halls of Congress?
Came across an interesting story about the halls of Congress being hacked in October 2006. Although no one knows or is saying, some speculate that the attack can be traced to the Chinese, who seem to get accused of hacking into a lot of government systems (worldwide). Of course, the Chinese officially deny these allegations.
Shane Harris of the National Journal reported the attack was initially discovered in one office, but cyber-investigators eventually traced it to eight members' offices, where one or more computers were infected. Besides this, seven committee offices, including the Commission on China, Ways and Means and the International Relations Committee were identified as having compromised computers in them. The International Relations Committee (now the Foreign Affairs Committee) had 25 infected computers and an infected server found in it.
The virus discovered was a trojan designed to allow malware (malicious software) to invade government machines and steal information. The investigation revealed that the trojan was probably downloaded by an employee, who clicked on a link in a spam e-mail. This method of dropping a virus on a computer is usually referred to as Phishing.
Phishing attacks are normally designed to steal personal and financial information, which is later used to commit financial crimes and identity theft. While most phishing attacks (from a historical perspective) have been financially motivated, we are now seeing more person/position-targeted attacks. This type of phishing is referred to as spear phishing or whaling. In April, there were reports of spear phishing attacks against corporate executives all over the country.
The unidentified hackers used a wide-array of attack methods and the malware was downloaded from random Internet addresses. It's suspected they were using other infected machines to launch the attacks, which makes the activity even harder to trace. In this latest instance, it makes sense; the intent was to steal confidential and sensitive information.
The article points out that there is a lot of evidence that the Chinese have "penetrated deeply" into both government and corporate systems.
Just hours before the Olympics, Joel Brenner, the top U.S. counterintelligence official, warned Americans to leave their smart phones and other wireless computer devices at home. He told CBS News that the public security services in China can turn on a cell phone and activate its microphone when the owner thinks it's off. In July, Senator Sam Brownback also warned that China was planning to mount a massive espionage operation on guests staying at major hotels during the Olympics.
Last year there was speculation in the press that Commerce Secretary Carlos Gutierrez's laptop was hacked during a visit to China and the information was used to hack into government computers. Even scarier, rumors abound that Chinese hackers have already attacked power grids and that they are developing a cyber-warfare capability.
The article's conclusion points to a just released Report of the CSIS Commission on Cybersecurity for the 44th Presidency. The study recommends that President Elect Obama establish a Cyber-Security Directorate in the NSC, who would direct a National Office for Cyberspace.
As a mere observer of all of this, I think President Elect Obama needs to take this report seriously. We need to remember (especially while a financial crisis is going on) that besides being a threat to National security, hacking also threatens our financial stability. Although this post points to the Chinese, they certainly aren't the only players in the International hacking game, and the problem it presents isn't going away. Sadly, some believe the problem is getting worse.
There is little doubt that change is needed in the way we address this problem and hopefully this is what will occur.
Shane Harris of the National Journal reported the attack was initially discovered in one office, but cyber-investigators eventually traced it to eight members' offices, where one or more computers were infected. Besides this, seven committee offices, including the Commission on China, Ways and Means and the International Relations Committee were identified as having compromised computers in them. The International Relations Committee (now the Foreign Affairs Committee) had 25 infected computers and an infected server found in it.
The virus discovered was a trojan designed to allow malware (malicious software) to invade government machines and steal information. The investigation revealed that the trojan was probably downloaded by an employee, who clicked on a link in a spam e-mail. This method of dropping a virus on a computer is usually referred to as Phishing.
Phishing attacks are normally designed to steal personal and financial information, which is later used to commit financial crimes and identity theft. While most phishing attacks (from a historical perspective) have been financially motivated, we are now seeing more person/position-targeted attacks. This type of phishing is referred to as spear phishing or whaling. In April, there were reports of spear phishing attacks against corporate executives all over the country.
The unidentified hackers used a wide-array of attack methods and the malware was downloaded from random Internet addresses. It's suspected they were using other infected machines to launch the attacks, which makes the activity even harder to trace. In this latest instance, it makes sense; the intent was to steal confidential and sensitive information.
The article points out that there is a lot of evidence that the Chinese have "penetrated deeply" into both government and corporate systems.
Just hours before the Olympics, Joel Brenner, the top U.S. counterintelligence official, warned Americans to leave their smart phones and other wireless computer devices at home. He told CBS News that the public security services in China can turn on a cell phone and activate its microphone when the owner thinks it's off. In July, Senator Sam Brownback also warned that China was planning to mount a massive espionage operation on guests staying at major hotels during the Olympics.
Last year there was speculation in the press that Commerce Secretary Carlos Gutierrez's laptop was hacked during a visit to China and the information was used to hack into government computers. Even scarier, rumors abound that Chinese hackers have already attacked power grids and that they are developing a cyber-warfare capability.
The article's conclusion points to a just released Report of the CSIS Commission on Cybersecurity for the 44th Presidency. The study recommends that President Elect Obama establish a Cyber-Security Directorate in the NSC, who would direct a National Office for Cyberspace.
As a mere observer of all of this, I think President Elect Obama needs to take this report seriously. We need to remember (especially while a financial crisis is going on) that besides being a threat to National security, hacking also threatens our financial stability. Although this post points to the Chinese, they certainly aren't the only players in the International hacking game, and the problem it presents isn't going away. Sadly, some believe the problem is getting worse.
There is little doubt that change is needed in the way we address this problem and hopefully this is what will occur.
Sunday, June 22, 2008
Yes we can protect the citizen from the Big Oil Scam!
Recently, I've written a couple of posts about energy speculation and why it's part of the reason for the current energy crisis. This occurs when speculators buy oil on paper with credit, the oil is never delivered and then we are told that supply and demand is driving the prices up.
Then all of a sudden, I read a story that Barack Obama is calling for an end to the speculation many believe is the cause of the out-of-control prices. Some think these high prices are being enabled by a law known as the "Enron Loophole." One would think that after studying all the fraud and financial misdeeds in the Enron scandal -- anything they pushed through Congress would have had action taken on it a long time ago?
Perhaps, I'm a bit of a conspiracy theorist, but having lived in California at the time of the Enron scandal -- I can see clear similarities between that time and now. Two of them are how it is hitting the pocketbook of the average person and that that the economic law of supply and demand is being used as an excuse.
From an article in the Washington Post by Anne E. Kornblut:
The Washington Post article quoted the McCain camp as saying:
Do we have a reversal going on? Prior to this all we've seen are statements on conservation and allowing the oil companies to drill in places they weren't allowed to before.
Please note -- the quote from the McCain camp is partially true -- Mr. McCain has in the past supported legislation to close the Enron Loophole. The problem is that it's been awhile since he has brought up doing anything about it. Perhaps, Mr. Obama will make him remember his original concerns with the problem?
MSNBC's Keith Olbermann did an interesting story on this, which I first saw on my daughter's blog (RaleighRD.blogspot.com), which can be seen, here.
This investigative report points out that Ken Lay starting laying the ground work for the Enron Loophole under the first Bush administration with the blessing of then "new" U.S. Commodity Futures Trading Commission. The Enron Loophole was actually signed into law under the Clinton Administration.
Fast forward to the present and the U.S. Commodity Futures Trading Commission is now going to host a International energy market manipulation conference to look into the speculation issue. Is this a sign that the Enron Loophole has gotten out-of-control?
It also points out that it is probable the speculators will do the same thing with alternative energy sources once they come into vogue.
Of course in all fairness to John McCain, he did vote with the minority in 2002-2003 to close this loophole.
Bill O'Reilly also did an interesting talking point on this subject last Wednesday called "Who Is Hurting You at the Gas Pump." Mr. O'Reilly made a great argument that a large percentage of the prices at the pump are being caused by greedy speculators and that the oil industry and OPEC are along for the ride.
Hopefully, Mr. Obama's statement will inspire the rest of the leadership in Washington to do the right thing and take a serious look at this problem.
In closing, those of us who remember the 70's need to remember we should have been taking a holistic approach to the energy problem long ago. We need to develop alternative sources and find ways to produce energy that aren't going to ruin the planet.
If we ignore the recent lessons on how volatile the energy market is -- there is little doubt we will see the problem in the future again -- and wonder why we didn't do anything about it NOW.
I hope this doesn't turn into a flurry of attacks between Mr. Obama and Mr. McCain. Wouldn't it be nice to see them join hands and do what is in the interest of the general public? I'd also like to see support in Washington to foster what should be a bi-partisan effort.
I'm pretty sure the voting public would appreciate this and should they fail to do so might express their frustrations when they exercise their right to vote!
Then all of a sudden, I read a story that Barack Obama is calling for an end to the speculation many believe is the cause of the out-of-control prices. Some think these high prices are being enabled by a law known as the "Enron Loophole." One would think that after studying all the fraud and financial misdeeds in the Enron scandal -- anything they pushed through Congress would have had action taken on it a long time ago?
Perhaps, I'm a bit of a conspiracy theorist, but having lived in California at the time of the Enron scandal -- I can see clear similarities between that time and now. Two of them are how it is hitting the pocketbook of the average person and that that the economic law of supply and demand is being used as an excuse.
From an article in the Washington Post by Anne E. Kornblut:
Sen. Barack Obama on Sunday rolled out a proposal to curb speculation in energy markets, a plan his advisers said would help stabilize soaring gas prices.
Obama proposed a four-step program that would, among other things, close a so-called "Enron loophole" that protects some energy futures trading from oversight by the Commodity Futures Trading Commission, his advisers said.
The Washington Post article quoted the McCain camp as saying:
"The truth is Barack Obama is following John McCain's lead to close a Wall Street loophole that was signed into law by President Bill Clinton," McCain campaign spokesman Tucker Bounds said in a statement. "John McCain has supported bipartisan efforts to close this loophole and will work to address abuses in oil speculation. Barack Obama has voted the party line for Democrats who claim the loophole is fixed. The fact that Barack Obama is attacking John McCain, despite McCain's leadership on the issue, shows that Barack Obama is driven by the partisan attacks that Americans are tired of."
Do we have a reversal going on? Prior to this all we've seen are statements on conservation and allowing the oil companies to drill in places they weren't allowed to before.
Please note -- the quote from the McCain camp is partially true -- Mr. McCain has in the past supported legislation to close the Enron Loophole. The problem is that it's been awhile since he has brought up doing anything about it. Perhaps, Mr. Obama will make him remember his original concerns with the problem?
MSNBC's Keith Olbermann did an interesting story on this, which I first saw on my daughter's blog (RaleighRD.blogspot.com), which can be seen, here.
This investigative report points out that Ken Lay starting laying the ground work for the Enron Loophole under the first Bush administration with the blessing of then "new" U.S. Commodity Futures Trading Commission. The Enron Loophole was actually signed into law under the Clinton Administration.
Fast forward to the present and the U.S. Commodity Futures Trading Commission is now going to host a International energy market manipulation conference to look into the speculation issue. Is this a sign that the Enron Loophole has gotten out-of-control?
It also points out that it is probable the speculators will do the same thing with alternative energy sources once they come into vogue.
Of course in all fairness to John McCain, he did vote with the minority in 2002-2003 to close this loophole.
Bill O'Reilly also did an interesting talking point on this subject last Wednesday called "Who Is Hurting You at the Gas Pump." Mr. O'Reilly made a great argument that a large percentage of the prices at the pump are being caused by greedy speculators and that the oil industry and OPEC are along for the ride.
Hopefully, Mr. Obama's statement will inspire the rest of the leadership in Washington to do the right thing and take a serious look at this problem.
In closing, those of us who remember the 70's need to remember we should have been taking a holistic approach to the energy problem long ago. We need to develop alternative sources and find ways to produce energy that aren't going to ruin the planet.
If we ignore the recent lessons on how volatile the energy market is -- there is little doubt we will see the problem in the future again -- and wonder why we didn't do anything about it NOW.
I hope this doesn't turn into a flurry of attacks between Mr. Obama and Mr. McCain. Wouldn't it be nice to see them join hands and do what is in the interest of the general public? I'd also like to see support in Washington to foster what should be a bi-partisan effort.
I'm pretty sure the voting public would appreciate this and should they fail to do so might express their frustrations when they exercise their right to vote!
Saturday, March 22, 2008
Barack, Hillary John - Does anyone know where our (your) privacy has gone?
About a week ago, I wrote a post about Britney having her privacy "jacked" by a bunch of "naughty" hospital employees. This occurred at one of the most respected medical and institutions of higher learning in the world, the University of California, Los Angeles.
Ironically, it's now been revealed that another highly respected institution, the State Department had some "naughty" employees "jack" the privacy of the three major presidential candidates, Barack, Hillary and John.
While a lot of us take Britney's exploits with a grain of salt, it's another example where too many people are being given access to too much sensitive information. Even if we take most of Britney's adventures in a not very serious light -- she is a human being and therefore worthy of a little respect and privacy in her personal affairs.
This should be especially true when someone is seeking medical attention of a sensitive nature.
The official spin in both instances is that these events were caused by naughty employees, who were snooping where they shouldn't have been. While it appears there was no sinister intent in all of this, it points to the fact that none of us can count on a little respect or privacy, anymore.
Maybe we have too many databases containing highly personal information that the wrong people have been given access to? You can spend millions on security, but no amount of it will prevent something from being compromised if the wrong person has been given access to it.
Of course, the there is a financial motive to not wanting to fix the problem anytime in the near future. It's no secret that selling personal information is a multi-billion dollar business. Implementing technology is a multi-billion dollar venture, also. It shouldn't surprise us that there is a lobby (with a lot of money), who wants to keep things the way they are.
Because of this, it shouldn't surprise us that we see criminals exploiting the loopholes in protecting information, either. After all, they're making a lot of money off it, also.
If naughty employees with a penchant for snooping could obtain the personal information of three political candidates, it isn't a far stretch that someone with more sinister intentions could have accomplished the same thing. I wonder, who failed to notice that we are now granting "contract employees" access to information of this nature?
After all, this isn't the first time a contract employee, government or otherwise, has compromised sensitive information.
I guess private businesses aren't the only entities outsourcing jobs (and a lot of people's personal information) in the process. We seem to live in a world, where in order to save a little on the bottom line, we seem to ignore basic principles (like need to know) when protecting information.
Perhaps, if we stopped storing sensitive information in too many places with little regard to who can look at it, we would stop being "shocked" when it's compromised?
All a reasonably intelligent person would have to do is look at the number of reported compromises involving sensitive information that occur and then wonder how many more there are that no one knows about? I threw that in because most people, who do something wrong normally don't disclose what they did to third parties.
After a compromise occurs, we all seem content that security enhancements will prevent the next one. Sadly, most of the enhancements introduced so far haven't put a dent in the problem and the saga goes on. In fact, it normally doesn't take very long before we hear about the latest security enhancement being defeated.
Maybe the problem needs to be taken to a more simple level? Perhaps if we weren't storing information in places -- where too many people have access to it -- we would see less of it being compromised?
We live in a world, where technology has made things easier and more productive. The problem is that "easy and productive" is taking a toll on what should be a basic human right, privacy.
The bottom line is that it has become too easy to compromise information and technology makes both good and bad people, more productive.
Saying all that, the three candidates are on record, when it comes to privacy. In July of 2006, Hillary Clinton spoke to a lot of same issues in a speech, where she said:
Likewise, Barack Obama has the following statement about this issue on his site:
In fact if memory serves me correctly, the last time we tried to pass some federal legislation, the end result was that it would have watered down more proactive laws already passed into law at the State level.
I know everyone is busy with the campaign underway so I'm going to include a reference to an article (with an interactive map) showing what State laws on this issue have already been enacted. Included on the map is a interactive flag over the District of Columbia showing which federal laws have not.
Well put together article by csoonline.com, here.
In case anyone reading this can't keep up with the record number of data breaches, Attrition.org had a chronology, here.
PogoWasRight is another place that helps me keep up with the record number of compromises, also.
Ironically, it's now been revealed that another highly respected institution, the State Department had some "naughty" employees "jack" the privacy of the three major presidential candidates, Barack, Hillary and John.
While a lot of us take Britney's exploits with a grain of salt, it's another example where too many people are being given access to too much sensitive information. Even if we take most of Britney's adventures in a not very serious light -- she is a human being and therefore worthy of a little respect and privacy in her personal affairs.
This should be especially true when someone is seeking medical attention of a sensitive nature.
The official spin in both instances is that these events were caused by naughty employees, who were snooping where they shouldn't have been. While it appears there was no sinister intent in all of this, it points to the fact that none of us can count on a little respect or privacy, anymore.
Maybe we have too many databases containing highly personal information that the wrong people have been given access to? You can spend millions on security, but no amount of it will prevent something from being compromised if the wrong person has been given access to it.
Of course, the there is a financial motive to not wanting to fix the problem anytime in the near future. It's no secret that selling personal information is a multi-billion dollar business. Implementing technology is a multi-billion dollar venture, also. It shouldn't surprise us that there is a lobby (with a lot of money), who wants to keep things the way they are.
Because of this, it shouldn't surprise us that we see criminals exploiting the loopholes in protecting information, either. After all, they're making a lot of money off it, also.
If naughty employees with a penchant for snooping could obtain the personal information of three political candidates, it isn't a far stretch that someone with more sinister intentions could have accomplished the same thing. I wonder, who failed to notice that we are now granting "contract employees" access to information of this nature?
After all, this isn't the first time a contract employee, government or otherwise, has compromised sensitive information.
I guess private businesses aren't the only entities outsourcing jobs (and a lot of people's personal information) in the process. We seem to live in a world, where in order to save a little on the bottom line, we seem to ignore basic principles (like need to know) when protecting information.
Perhaps, if we stopped storing sensitive information in too many places with little regard to who can look at it, we would stop being "shocked" when it's compromised?
All a reasonably intelligent person would have to do is look at the number of reported compromises involving sensitive information that occur and then wonder how many more there are that no one knows about? I threw that in because most people, who do something wrong normally don't disclose what they did to third parties.
After a compromise occurs, we all seem content that security enhancements will prevent the next one. Sadly, most of the enhancements introduced so far haven't put a dent in the problem and the saga goes on. In fact, it normally doesn't take very long before we hear about the latest security enhancement being defeated.
Maybe the problem needs to be taken to a more simple level? Perhaps if we weren't storing information in places -- where too many people have access to it -- we would see less of it being compromised?
We live in a world, where technology has made things easier and more productive. The problem is that "easy and productive" is taking a toll on what should be a basic human right, privacy.
The bottom line is that it has become too easy to compromise information and technology makes both good and bad people, more productive.
Saying all that, the three candidates are on record, when it comes to privacy. In July of 2006, Hillary Clinton spoke to a lot of same issues in a speech, where she said:
Privacy is at the crossroads of all these issues, and modern life makes many things easier… and many things easier to know. And yet, privacy is somehow caught in the crosshairs of these changes.
Our economy is increasingly data driven. We have dramatically ramped up surveillance in our efforts to fight terrorists who hide among innocent civilians.
But every day the news contains a story of how the records of millions of consumers, veterans, patients have been compromised.
At all levels, the privacy protections for ordinary citizens are broken, inadequate and out of date.
Likewise, Barack Obama has the following statement about this issue on his site:
Dramatic increases in computing power, decreases in storage costs and huge flows of information that characterize the digital age bring enormous benefits, but also create risk of abuse. We need sensible safeguards that protect privacy in this dynamic new world. As president, Barack Obama will strengthen privacy protections for the digital age and will harness the power of technology to hold government and business accountable for violations of personal privacy.John McCain (as part of a bipartisan committee) has expressed frustration on the privacy issue, also. Here is what he was quoted as saying in a CNet story after a FTC report was released on the state of the state on privacy:
A bipartisan group of senators led by Sen. John McCain, R-Ariz., said it is determined to pass new laws restricting the ability of Web sites to collect and use information from a visitor without that person's consent.There is no doubt that by this point in the game, most of our politicians have made a statement on the privacy issue. Despite these statements, most of the legislation presented in Washington hasn't been passed yet?
For the last several years, Web sites have operated under a form of self-regulation, and industry groups have touted the ever-increasing number of sites posting privacy policies. However, members of the Senate Commerce Committee today decried those steps as inadequate and cited polls showing that the vast majority of consumers opposed industry self-regulation.
In fact if memory serves me correctly, the last time we tried to pass some federal legislation, the end result was that it would have watered down more proactive laws already passed into law at the State level.
I know everyone is busy with the campaign underway so I'm going to include a reference to an article (with an interactive map) showing what State laws on this issue have already been enacted. Included on the map is a interactive flag over the District of Columbia showing which federal laws have not.
Well put together article by csoonline.com, here.
In case anyone reading this can't keep up with the record number of data breaches, Attrition.org had a chronology, here.
PogoWasRight is another place that helps me keep up with the record number of compromises, also.
Monday, February 04, 2008
Push poll favoring Clinton reported in California
(Photo courtesy of EYASU.SOLOMON at Flickr)
I try to stay on the subject of Fraud, Phishing and Financial Misdeeds, but every once in awhile I stray a little off subject.
Although, technically push polling is slightly off subject for this blog, it is similar to what I normally write about. "In the broadest sense, a fraud is a deception made for personal gain," according to Wikipedia.
Substitute personal for political in the Wikipedia definition and some might consider push polling a form of fraud.
In case you are unfamiliar with the term, "push polling," here is Wikipedia's definition:
A push poll is a political campaign technique in which an individual or organization attempts to influence or alter the view of respondents under the guise of conducting a poll. In a push poll, large numbers of respondents are contacted and little or no effort is made to collect and analyze response data. Instead, the push poll is a form of telemarketing-based propaganda and rumor mongering, masquerading as a poll. Push polls are generally viewed as a form of negative campaigning.
With Super Tuesday coming up tomorrow -- and the fact that the great State of California has a lot of delegates at stake -- I wanted to help bring attention to some push polling tactics that are surfacing.
Andrew Malcolm reported on the LA Times blog that a push poll is being conducted in California that appears to favor Hillary Clinton. A former news producer, Ed Coghlan, "played" along on an unsolicited call he received, which supports this contention.
From the blog post:
Ed, who's a former news director for a local TV station, was curious. He said, "Sure, go ahead."Going a little further into Coghan's deduction that he was being push polled:
But a few minutes into the conversation Ed says he noticed a strange pattern developing to the questions. First of all, the "pollster" was only asking about four candidates, three Democrats -- Hillary Clinton, Barack Obama and John Edwards, who was still in the race at the time -- and one Republican -- John McCain.
Also, every question about Clinton was curiously positive, Coghlan recalls. The caller said things like, if you knew that Sen. Clinton believed the country had a serious home mortgage problem and had made proposals to....freeze mortgage rates and save families from foreclosure, would you be more likely or less likely to vote for her?The LA Times did try to nail down the Clinton campaign as to who was behind this poll and here is what happened:
Ed said, of course, more likely.
Every question about the other candidates was negative. If Ed knew, for instance, that as a state senator Obama had voted "present" 43 times instead of taking a yes or no stand "for what he believed," would Ed be more or less likely to vote for him?
Phil Singer, the spokesman for the Clinton campaign. was contacted by e-mail last night. He answered that he was there. He was asked if the Clinton campaign was behind the push-poll knew who was behind it or had any other information on it. That was at 5:27 p.m. Pacific Time Saturday. As of this item's posting time, exactly eight hours later, no reply had been received.
So far as me personally, if I get a pesky (what I consider) telemarketing call from a candidate, I plan to just say "no" and hang up.
Wouldn't it be nice if someone got a do not call list going for political interests that use tactics that are just as seedy (my opinion) as the most deceptive telemarketing tactics the list was designed to protect us from?
Full post about this matter from the Los Angeles Times, here.
Sunday, January 06, 2008
Democratic fundraiser Norman Hsu sentenced to three years
Norman Hsu, who used to be a major fundraiser for Hillary Clinton and the Democratic party has been sentenced to three years for fraud.
John Coté at SFGate reports:
The good news is that we are starting to see a trend, where money isn't the primary factor dictating who will become the next leader.
SF Gate story by John Coté, here.
John Coté at SFGate reports:
Disgraced Democratic fundraiser Norman Hsu, who became a prolific political moneyman even as he was a fugitive from justice, was sentenced Friday to three years in state prison in a San Mateo County grand theft case that dates from the early 1990s.And this isn't the end of it:
Hsu was sentenced in Redwood City more than 15 years after he skipped out on his original court date and fled to Asia.
He will now be transferred to federal custody to face new criminal charges in New York, where he is accused of bilking investors across the country out of at least $20million. Hsu allegedly funneled some of the money to political campaigns, including that of Sen. Hillary Rodham Clinton, while living a lavish lifestyle.Now here is the kicker (his legal defense):
Hsu's attorneys had sought to have the 1990s case dismissed or to allow Hsu to withdraw his no contest plea, saying his right to a speedy trial had been violated because authorities made little attempt to locate him - even as he attended fundraising events and was photographed with political candidates.His attorney is planning to appeal this conviction. Hopefully, a judge won't grant him bail again as I would guess he is probably a flight risk.
The good news is that we are starting to see a trend, where money isn't the primary factor dictating who will become the next leader.
SF Gate story by John Coté, here.
Subscribe to:
Comments (Atom)
