Tuesday, November 11, 2014

Tuesday Mail

None came today. 

At least the NSA will help you find it if it is lost:

"Report reveals wider tracking of mail in the US" by Ron Nixon | New York Times   October 28, 2014

WASHINGTON — In a rare public accounting of its mass surveillance program, the US Postal Service reported that it approved nearly 50,000 requests last year from law enforcement agencies and its own internal inspection unit to secretly monitor the mail of ordinary Americans for use in criminal and national security investigations.

The number of requests, contained in a little-noticed 2014 audit of the surveillance program by the Postal Service’s inspector general, shows that the surveillance program is more extensive than had been previously disclosed and that oversight protecting Americans from potential abuses is lax.

The audit, along with interviews and documents obtained by The New York Times under the Freedom of Information Act, offers one of the first detailed looks at the scope of the program, which has played an important role in the nation’s surveillance effort since the Sept. 11, 2001 terrorist attacks.

The government was going through mail long before then.

The audit found that in many cases the Postal Service approved requests to monitor an individual’s mail without adequately describing the reason or having proper written authorization.

In addition to raising privacy concerns, the audit questioned the efficiency and accuracy of the Postal Service in handling the requests.

Many requests were not processed in time, the audit reported, and computer errors caused the same tracking number to be assigned to different surveillance requests.

“Insufficient controls could hinder the Postal Inspection Service’s ability to conduct effective investigations, lead to public concerns over privacy of mail and harm the Postal Service’s brand,” the audit concluded. It's the image that is important.

The audit was posted in May without public announcement on the website of the Postal Service inspector general and got almost no attention.

The surveillance program, officially called mail covers, is more than a century old, but is still considered a powerful investigative tool.

At the request of state or federal law enforcement agencies or the Postal Inspection Service, postal workers record names, return addresses, and any other information from the outside of letters and packages before they are delivered to a person’s home.

Law enforcement officials say this deceptively old-fashioned method of collecting data provides a wealth of information about the businesses and associates of their targets, and can lead to bank and property records and even accomplices. (Opening the mail requires a warrant.)

As if this criminal government cared about warrants.

Interviews and court records also show that the surveillance program was used by a county attorney and sheriff to investigate a political opponent in Arizona — the county attorney was later disbarred in part because of the investigation — and to monitor privileged communications between lawyers and their clients, a practice not allowed under postal regulations.

Theodore Simon, president of the National Association of Criminal Defense Lawyers, said he was troubled by the audit and the potential for the Postal Service to snoop uncontrolled into the lives of Americans.

“It appears that there has been widespread disregard of the few protections that were supposed to be in place,” Simon said.

Why did lawless spying just come to mind?

--more--"

As if the Post Office didn't have enough problems already. 

At least their employee information is secure:

"Postal Service discloses major theft of computer data" by David E. Sanger | New York Times   November 11, 2014

WASHINGTON — The Postal Service on Monday became the latest government agency to reveal a major theft of data from its computer systems, telling its employees that an attack “potentially compromised” databases containing postal employees’ names, birth dates, addresses, and Social Security numbers.

They want to collect and store everything but they can't protect anything.

The announcement came just weeks after the White House disclosed an intrusion into its unclassified computer systems, which resulted in a shutdown of some of its communications while the malicious software was being removed.

Who would want to do that?

The working assumption at the White House was that its troubles were caused by Russian hackers.

Meaning it was really the Jewish mafia.

The Postal Service attack, by contrast, seemed to have the signature of Chinese hackers.

Look at the blatant war propaganda blaming the designated enemies.

But attributing attacks is difficult, and first indications are frequently inaccurate. 

And any nation/state like Israel can go through servers in any country.

“It’s an unfortunate fact of life these days that every organization connected to the Internet is a constant target for cyber intrusion activity,” Patrick Donahoe, the postmaster general, said in a written statement. “The United States Postal Service is no different.’’

“Fortunately, we have seen no evidence of malicious use of the compromised data,” Donahoe said.

That is strange.

**********

There was no evidence, the statement said, that credit card numbers or other information from transactions with the Postal Service were affected.

If the attack was Chinese in origin, it raises the question of what the value would be in obtaining personal information about employees and customers.

Yeah, who benefits here?

Unlike the White House, the Postal Service does not handle much classified or sensitive information. But some cyber experts speculate that what the intruders are seeking is an understanding of how federal computer systems operate and what kinds of data are available.

The FBI said it was leading a multiagency investigation into the breach.

Here we go again. 

At least we know who helped the hackers and where they live. 

So it's all $elf-$erving, agenda-pushing $hit, huh?

The Postal Service is not recommending that its customers take any action, the Associated Press reported. ‘‘The intrusion is limited in scope, and all operations of the Postal Service are functioning normally,’’ Postal Service spokesman David Partenheimer said.

So what was it, an NSA exercise?

Partenheimer said that customers at local post offices or those using its website, usps.com, were not affected but that people who used the call center may have had their personal information compromised.

Where is that located, India?

In the cases of attacks this year on Target and Home Depot, which have generally been attributed to Eastern European criminal groups, there has been no evidence of credit card fraud or the use of personal data — leaving a mystery about what the cyber intrusion was intended to reveal.

Related: Who Hacked JPMorgan? 

Another mystery.

On black markets, e-mail information has some value, and Social Security numbers have even more.

But it is not clear why intruders would be interested in postal employees....

Meaning the likely suspect is the U.S. government itself. 

--more--"

"Federal government struggles against cyberattacks" by Martha Mendoza | Associated Press   November 10, 2014

NEW YORK — A $10-billion-a-year effort to protect sensitive government data, from military secrets to Social Security numbers, is struggling to keep pace with an increasing number of cyberattacks and is unwittingly being undermined by federal employees and contractors.

Workers scattered across more than a dozen agencies, from the Defense and Education departments to the National Weather Service, are responsible for at least half of the federal cyberincidents reported each year since 2010, according to an Associated Press analysis of records.

They have clicked links in bogus phishing e-mails, opened malware-laden websites, and been tricked by scammers into sharing information.

One was redirected to a hostile site after connecting to a video of tennis star Serena Williams.

What were they doing watching a video of a tennis star while at work?

A few act intentionally, most famously former National Security Agency contractor Edward Snowden, who downloaded and leaked documents revealing the government’s collection of phone and e-mail records.

Related: Snowden Surfaces in Sweden

There also was the theft from a contract worker of equipment containing the confidential information of millions of Americans, including Robert Curtis, of Monument, Colo.

‘‘I was angry because we as citizens trust the government to act on our behalf,’’ he said.

How naive.

Curtis, according to court records, was besieged by identity thieves after someone stole data tapes the contractor left in a car, exposing the health records of about five million current and former Pentagon employees and their families.

????? Careless Curtis?

At a time when intelligence officials say cybersecurity trumps terrorism as the No. 1 threat to the United States — and when breaches at businesses such as Home Depot and Target focus attention on data security — the federal government isn’t required to publicize its own data losses.

So when is the cyber false flag attack to crash the collapsing economic $y$tem?

Last month, a breach of unclassified White House computers by hackers thought to be working for Russia was reported not by officials but by the Washington Post. Congressional Republicans complained even they weren’t alerted to the hack.

Why would they bother?

To determine the extent of federal cyberincidents, the AP filed dozens of Freedom of Information Act requests, interviewed hackers, cybersecurity experts, and government officials, and obtained documents describing digital cracks in the system.

The review shows that 40 years and more than $100 billion after the first federal data protection law was enacted, the government is struggling to close holes without the knowledge, staff, or systems to outwit an ever-evolving foe.

 It's tough when you are fighting yourself.

Fears about breaches have been around since the late 1960s, when the federal government began shifting its operations onto computers.

Officials responded with software designed to sniff out malicious programs and raise alarms about intruders. And yet, attackers have always found a way in, exposing tens of millions of sensitive and private records that include employee usernames and passwords and veterans’ medical files.

It's the software $ecurity companies benefiting most, isn't it?

***********

Employees are to blame for at least half of the problems.

Last year, for example, about 21 percent of all federal breaches were traced to government workers who violated policies; 16 percent who lost devices or had them stolen; 12 percent who improperly handled sensitive information printed from computers; at least 8 percent who ran or installed malicious software; and 6 percent who were enticed to share private information, according to an annual White House review.

Documents released to the AP show how workers were lured in....

Reports from the Defense Department’s Defense Security Service, tasked with protecting classified information and technologies in the hands of federal contractors, show how easy it is for hackers to get into DOD networks.

One military user received messages that his computer was infected when he visited a website about schools. Officials tracked the attacker to what appeared to be a Germany-based server.

Germany?

‘‘We’ll always be vulnerable to . . . human-factor attacks unless we educate the overall workforce,’’ said Eric Rosenbach, assistant secretary of defense and cybersecurity adviser.

For every thief or hostile state, there are tens of thousands of victims such as Curtis.

‘‘It is very ironic,’’ said Curtis, himself a cybersecurity expert who worked to provide secure networks at the Pentagon. ‘‘I was the person who had paper shredders in my house. I was a consummate data protection guy.’’

Yeah, how "ironic."

--more--"

So when is the next government-sponsored hack-a-thon? 

At least a private contractor is securing all background checks:

"Security firm breach went undetected; Took months for company to notice" by Stephen Braun | Associated Press   November 04, 2014

WASHINGTON — A cyberattack similar to previous hacker intrusions from China penetrated computer networks for months at USIS, the government’s leading security clearance contractor, before the company noticed, officials and others familiar with an FBI investigation and related official inquiries told the Associated Press.

The breach, first revealed by the company and government agencies in August, compromised the private records of at least 25,000 employees at the Homeland Security Department and cost the company hundreds of millions of dollars in lost government contracts.

In addition to trying to identify the perpetrators and evaluate the scale of the stolen material, the government inquiries have prompted concerns about why detection systems inside the company failed to quickly notice the hackers and whether federal agencies that hired the company should have monitored its practices more closely.

Former employees of the firm, US Investigations Services LLC, also have raised questions about why the company and the government failed to ensure that outdated background reports containing personal data were not regularly purged from the company’s computers. 

But Lois Lerner's e-mails get "lost."

Details about the investigation and related inquiries were described by federal officials and others familiar with the case.

The officials spoke on condition of anonymity because they were not authorized to comment publicly on the continuing criminal investigation, the others because of concerns about possible litigation.

A computer forensics analysis by consultants hired by the company’s lawyers defended USIS’s handling of the breach, noting that it was the company itself that reported the incident.

Kudos for them!

**********

USIS reported the cyberattack to federal authorities on June 5, more than two months before acknowledging it publicly.

The attack had hallmarks similar to past intrusions by Chinese hackers, according to people familiar with the investigation. In March, hackers traced to China were reported to have penetrated computers at the Office of Personnel Management, the federal agency that oversees most background investigations of government workers and has contracted extensively with USIS.

The worst part is they let ISIS terrorists infiltrate the U.S.

--more--"

Time to stamp and send this post:

"Postal Service criticized over stamp image choices" by Lisa Rein | Washington Post   November 09, 2014

WASHINGTON — The cloistered world of postage stamps is roiling again with a public airing of dissent in the ranks of the secretive committee of prominent Americans that chooses new stamp images.

A postal expert whose 12-year term on the Citizens’ Stamp Advisory Committee ended earlier this year pleads with his former colleagues to resist the temptation to choose new stamp images ‘‘with the same profit motives as Big Macs, Slurpees, jeans or neighborhood tattoo parlors.’’

Cary R. Brick writes in a recent column in Linn’s Stamp News that new stamp subjects are being held hostage by ‘‘pie-in-the-sky marketers.’’

‘‘They come from the corporate world of soft drinks and Wal-Marts,’’ wrote Brick, a 30-year House staffer before his appointment to the stamp panel. ‘‘They are still at the table running the show, and I’m now just another consumer. . . . But I still care deeply about the stamp program, as do philatelists and tens of millions of Americans who use the mail.’’

This airing of dirty laundry in the small but passionate stamp community, headlined ‘‘Let’s not throw traditional stamps into the CSAC dumpster,’’ draws another fault line in the debate over whether the cash-poor Postal Service should pursue commercial stamp subjects to attract new collectors and revenue at the expense of more enduring images.

The friction came to a head last fall when the panel grew concerned about how the Postal Service’s marketing staff was pushing pop culture that culminated with the release of stamps honoring Harry Potter.

Members complained to Postmaster General Patrick Donahoe that the panel was being brushed aside in decisions on stamp images. The committee is composed of prominent Americans, including historian Henry Louis Gates Jr. and sportscaster Donna de Varona.

In August, Benjamin Bailar, a former postmaster general and prominent stamp collector who was midway through his term on the panel, resigned in protest, complaining in a letter to Donahoe that the agency is ‘‘prostituting’’ its stamp program in search of ‘‘illusory profits.’’

Brick’s manifesto, written as advice-giving to two new committee members, comes on the heels of turmoil in the Postal Service’s stamp service office, which issues new stamps and acts as a liaison with the committee. The head of the stamp program, Susan McGowan, was replaced recently and moved to another position in the marketing department.

A Postal Service spokeswoman said McGowan was ‘‘detailed’’ to a sales operations and planning position in the marketing department but declined to give a reason for the move.

During McGowan’s tenure, the marketing office took steps to enhance the visibility of new stamps, rankling collectors. Last year, for example, the Postal Service reprinted a version of a famous airmail stamp issued in 1918 with an error known as the Inverted Jenny, which shows a Curtiss JN-4 biplane, or a ‘‘Jenny,’’ upside down.

The misprint of the 24-cent airmail stamp, America’s first, became an instant collector’s item. When it was reissued in 2013, postal officials included in the run 100 sheets that actually show the airplane flying upright. Collectors have called this a gimmick, since stumbling across the new sheets has a low probability.

First-day cover collectors also have been frustrated with the agency’s new strategy of hiding details of upcoming new stamp releases until they are issued to the public, a move to generate excitement from buyers.

Brick’s reference to marketers from the ‘‘corporate world of soft drinks,’’ is a criticism of Nagisa Manabe, a former Coca-Cola executive Donahoe hired in 2012 to reinvigorate the postal brand. Manabe has pushed stamp subjects with a commercial appeal. She moved the stamp program into her department and pushed aside veterans in the program, postal sources have said. Manabe was not available to comment.

Brick urged the two new committee members, Katherine Tobin and Carolyn Lewis, both former governors of the postal board, to ‘‘strive for balance’’ in choosing stamp subjects. He said postal officials should ask a series of postmasters or window clerks what mail customers themselves say they want to see on stamps.

Postal officials, in response to Brick’s column, said they believe they have successfully balanced subjects that define the country’s diverse national culture and beauty ‘‘to appeal to a variety of audiences.’’

“While continuing to commemorate historic events and individuals, it is critically important that we offer subjects to interest younger generations and topical collectors into stamp collecting, such as Harry Potter, Janis Joplin, Jimi Hendrix, and, most recently, Batman,’’ spokesman Mark Saunders said in a statement.

--more--"

Related: Postal Service misjudged ‘Simpsons’

Did you see the postage on that?!!!