Skip Navigation

Homeland Security News

A collection of open-source homeland security and terrorism news from around the world.
Keyword: cyber threats

On Sept. 7, U.S. citizens, Marc Baier, 49, and Ryan Adams, 34, and a former U.S. citizen, Daniel Gericke, 40, all former employees of the U.S. Intelligence Community (USIC) or the U.S. military, entered into a deferred prosecution agreement (DPA) that restricts their future activities and employment and requires the payment of $1,685,000 in penalties to resolve a Department of Justice investigation regarding violations of U.S. export control, computer fraud and access device fraud laws. The Department filed the DPA today, along with a criminal information alleging that the defendants conspired to violate such laws.

According to court documents, the defendants worked as senior managers at a United Arab Emirates (U.A.E.)-based company (U.A.E. CO) that supported and carried out computer network exploitation (CNE) operations (i.e., “hacking”) for the benefit of the U.A.E government between 2016 and 2019. Despite being informed on several occasions that their work for U.A.E. CO, under the International Traffic in Arms Regulations (ITAR), constituted a “defense service” requiring a license from the State Department’s Directorate of Defense Trade Controls (DDTC), the defendants proceeded to provide such services without a license.

These services included the provision of support, direction and supervision in the creation of sophisticated “zero-click” computer hacking and intelligence gathering systems – i.e., one that could compromise a device without any action by the target. U.A.E. CO employees whose activities were supervised by and known to the defendants thereafter leveraged these zero-click exploits to illegally obtain and use access credentials for online accounts issued by U.S. companies, and to obtain unauthorized access to computers, like mobile phones, around the world, including in the United States.

Read more: Department of Justice

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) published a cybersecurity advisory today to highlight precautions and mitigation steps that public and private sector organizations can take to reduce their risk to ransomware and other cyber attacks, specifically leading up to holidays and weekends. This advisory is based on observations on the timing of high impact ransomware attacks that have occurred previously rather than a reaction to specific threat reporting.

CISA and the FBI outline in the advisory network defense practices that can be taken to manage the risk posed by all cyber threats, including ransomware. One recommended action is for organizations with necessary capabilities to engage in preemptive threat hunting on their networks to search for signs of threat actors. For organizations unfamiliar with this best practice, the advisory provides basic elements to threat hunting and explains the benefits of a proactive strategy. The advisory also contains recommendations for fundamental best practices that should be adopted by all organizations, including implementing multi-factor authentication for remote access and administrative accounts.

Read more: Homeland Security Today

The U.S. State Department was hit by a cyberattack and notifications of a potentially serious breach were made by the Department of Defense Cyber Command, a Fox News reporter said on Saturday.

A knowledgeable source told Reuters the State Department has not experienced significant disruptions and has not had its operations impeded in any way.

Fox News reported that the breach is believed to have occurred weeks ago. It’s unclear when it was first discovered, according to the reporter’s tweet thread. The extent of the breach and whether or not there is any ongoing risk to operations is also unclear.

Read more: CNBC

A security researcher said Monday that nearly 2 million records of personally identifiable information -- including passport details, dates of birth, and names -- were exposed in what may be the leak of a secret terrorist watchlist. The records included "no-fly" status information for each person's record, according to a report by Bleeping Computer.

In a blog post on LinkedIn, Security Discovery researcher Bob Diachenko said he discovered the trove of records online July 19 in an unprotected Elasticsearch cluster, which required no password or identity authentication to access. Diachenko said the exposed server had a Bahrain IP address, and it's unclear whether the server is owned by the US government or another party.

Diachenko said he reported his finding to the US Department of Homeland Security the same day, but the records weren't removed from public view until Aug. 3. It's unclear whether any other unauthorized parties had access to the exposed records during that time.

Read more: CNet

Federal agencies responsible for safeguarding the security and personal data of millions of Americans have failed to implement basic defenses against cyberattacks, according to a report from Senate investigators released Tuesday. The agencies earned a C- report card for falling short of federally-mandated standards in the 47-page report by the Senate Homeland Security Committee.

The report also concluded that Americans' personal information remains at risk in the wake of a slew of high-profile cyber attacks and evaluated two years of inspector general reports.

The audit accuses eight critical agencies, including the Department of Homeland Security (DHS), the State Department and the Social Security Administration (SSA) of relying on outdated systems, ignoring mandatory security patches and failing to protect sensitive data such as names, date of birth, income, social security numbers and credit card numbers.

Read more: CBS News