Tuesday, May 23, 2017

The Manchester Bombing and Soft Targets

Entering a large public venue like a stadium or concert arena today means passing through security screening. It's not like the security screening you'll get at the airport, but they are definitely checking bags. If you want to see a football game at FedEx Field, you're limited to a clear plastic bag - no purses or backpacks allowed.

What the perpetrator did in this case is what we've been talking about for the last several months, and that is going after the soft spots outside the secure areas. It's interesting to note that this person seems to have traveled by train to get to the arena, but did not set it off there like the Paris attack from a few months ago. Many public transportation systems, especially the one in England, have placed a greater emphasis on security since the London and Spanish train bombings several years back. The CTA in Chicago is one of many transit systems that uses random checks of passengers, or sets up ad hoc screening at stations. My guess however is that if the bomber had come up against a situation where they would have been exposed, we'd be talking about a train bombing and not a concert bombing. 

The harsh truth of the situation is this: you can keep pushing security out further and further, but those with malicious intent will always seek out the soft targets. Unless you start screening people when they exit their homes, you are not going to be able to stop 100% of these attacks. And if they can't use a bomb, they will use some other means to cause mayhem and fear: trucks, cars, guns, knives - whatever tools they have at their disposal.

There are ways to counter this threat. One is increased security awareness for everyone - and not just in public either, but what your friends, family, and coworkers are doing. I have no doubt that news stories in the coming days after the suspect is identified will talk about his or her increased alienation from society, or being swept up in a radical ideology. Someone knew the bomber. Someone saw them buy the materials for the bomb. Someone saw them on the train. Did any of them say anything? If so this might have had a different outcome. 

Intelligence, surveillance, and limits on travel only go so far. Security measures like screening or device bans won't find everything. And we can't suspend every hate site on the internet or recruitment account on Twitter. The kind of security we are looking for begins and ends with regular people who report anything suspicious. 

And even then we won't be able to stop everything. The last piece is resilience: the ability to recover from a deadly attack and keep going. It is easy to succumb to fear and anger in response to these events. But the terrorists' goal is not just to kill - it's to disrupt and cause panic. To stop the wheels of commerce and make people not want to leave their homes. If we let them do that to us, then they've succeeded. They will keep on doing it because it works. 

The last thing they want to see is for us to reopen the arena and have a concert the very next night. We should pay respects to the men, women and children who were killed in this attack, but the best way to honor them is to take away any possible benefit to the perpetrators.


Twitter / ?

TrentonScottH : RT @nytimes: The Manchester suspect was identified as Salman Abedi, a Briton of Libyan descent who lived near the arena https://t.co/GI7glsSxHy
from CTI Consulting https://t.co/GI7gls

Manchester bombing suspect identified: Latest on investigation - CBS News

Confirmation of the name and ideology of the attacker is key, but probably as much is the knowledge that the person appears to have planned this to the best advantage yet not having to deal with security at all. The pre planning apparently showed the bomber that this was the best way to cause the most damage. All this pre planning require the terrorist bomber or one of his cell to visit the site during and after event to pick the best place and time. That was the time we really want to catch these folks. Normally the attacker will not have any weapons on him during this pre planning stage, since he does not want to be picked up with a weapon. But remember he is looking to see what security is around and what are they doing. So if you are at an event look around for people scoping out the venue, people that probably will notice that you are aware of them and try and avoid eye and physical contact with you. Keep an eye of them, they will you, they can not help themselves, at least once every 15 seconds they are going to look at you again to see where you are. If you can get a policeman to respond, watch the activity of the possible suspect as he see's the police officer responding, he may take a number of actions, one is to run, or they will try and hide in plain sight, hoping the Police will not notice them, but watch their body leak signals that they want to get the hell out of there. If he has accomplices he will also not be able to help himself, and will look at them also, letting you and police notice the others as well. All because you kept any eye out for suspect behavior. If you want to know more about catching the bad guys by just staying aware, call CTI to talk about our next training course you can attend. 301-528-8591 will let you reach one of our staff.
from CTI Consulting http://ift.tt/2rM7Dxi

Video: Improving your verbal response to situations

Great training video for all of us, practice grasshopper.
from CTI Consulting http://ift.tt/2rMNFCl

Video: Developing speed, hand, and line coordination

Great training video of drills to increase speed, hand, and line coordination, it shows how do develop you eye hand control, and the speed you need to defend your self. If you have tennis elbow you may want to put on a vibration strap to help prevent damage. This drill is actually to help you with unarmed combat, but looks like a baton drill, you eye had control is key to develop good hand to hand combat skills
from CTI Consulting http://ift.tt/2rPxnIh

The safest place to be in a vehicle ambush attack

This is excellent writing and covers an area we all need to be concerned with
from CTI Consulting http://ift.tt/2qPOWZn

Tense Moments After Bomb Threat Aboard Valley Metro Bus | KFXV The Valleys Fox News

For a first time incident like this it would appear everyone did the right thing. It also allowed the cities effected to test their response plans, and perhaps today they can do what is called a hot wash to discuss what changes they may want to make to their response plan. Use this event as a great training problem, and learn from it. As soon as possible the responders to this event should put out a report and if possible offer a training program to other cities in the Valley on the good and the bad things learned from this event. Police and local governments should use negative events like this to train off of, so they can be handled better in the future.
from CTI Consulting http://ift.tt/2q74qLf

Forget The Backdoor, "ALL HIKVISION PRODUCTS" On Sale

Beware of using these devices, even on sale the same vulnerability is there. With that said if you take precautions they can be used. One they can not be hooked up to the internet on any system you use for virtually anything else. So if you have second network that is separated from the rest of your network, then it should work. The first time you hook it up to your normal home or business network, it will store the password to your router and can send it out, even if you take it off that network, and put it on a (safe network). Do not use the camera inside the home or business, these should only be used in areas that if someone else does see them if will not negatively effect your privacy or security. Some router's have, or if put in place, should have a fairly segmented guest network associated with the main home or small business router, it is still more vulnerable to causing you problems than a standalone router, but it can work. Remember most if not all USA Government agencies have banned the use of these cameras, even the recorders and renamed routers. It should also be mentioned that many more cameras than HIKvison have back door vulnerabilities. You should sign on to IPVM. com to at least read the broad warnings, and if you are involved with a large number of cameras, you should consider paying for a subscription that will keep you on top of the whole IP camera issues, both good and bad. If you go to their web site you can also down load for free their latest e-book on how IP cameras actually any CCTV camera system work.
from CTI Consulting http://ift.tt/2rvLlQ3

Trenton Scott H. on Twitter

TrentonScottH : In the US, you can report suspicious activity to local law enforcement who can respond quickly to assess the situat… https://t.co/FpYxfIHZTh
from CTI Consulting https://twitter.com/i/web/status/867002970038312960

Judge presiding over 'El Chapo's' case shot, killed while jogging outside home - San Antonio Express-News

The video of the assassination is provided. He had no security, no was his security awareness was very low, making this attack successful.
from CTI Consulting http://ift.tt/2dLMHix

CTM leaders in Reynosa are linked with the Gulf Cartel

Ok, we know them now go and arrest them, this should be the answer for all this type of action, lest you think it does not effect us here in the USA, think again they control all transportation to the USA and are slowly gaining control of transportation into Mexico. The truckers try and often are successful in charging the companies that have the product shipped.
from CTI Consulting http://ift.tt/2rvmWx2

Manchester Arena explosion: Latest updates - BBC News

Still looking at the soft targets, it will be interesting how he or they conducted surveillance of the site before hand. If so did they plan to go into the theater or just set it off where they did. Looking a the CCTV in the days and weeks leading up to the attack will tell us a lot. The detonation happen before the entrance to the theater and before when most security starts for this theater, so in the coming days, the question will of course center about should they move security further. Which then means the bad guys will have to plan further out, finding another soft spot, which means the higher level it is going to take will cost more money and manpower, we have to come up with a better game plan. Pre attack surveillance by teams of trained staff, makes more sense, that bonded with better intelligence is key. In my last bomb class for ESI we had non member of the team bring in a backpack with just 40 pounds of simulated explosives in it. A few did notice and called the obvious problem to the classes attention. I would suggest other Police and security use this type of training, it is very obvious once you have seen this type of action to notice a possible problem before detonation. By the way the students did not say anything before my terrorist had left the room, so we all would have probably died, or have been wounded. Remember is all situations like this moving away from the bomb or suspect items is your best move.
from CTI Consulting http://ift.tt/2rb89aN

Monday, May 22, 2017

G M Police on Twitter

TrentonScottH : RT @gmpolice: Police statement on incident at Manchester Arena https://t.co/gaKASukx9a
from CTI Consulting https://twitter.com/gmpolice/status/866786909544230912/photo/1

Shootings, Kidnappings Mark 3rd Week of Mexican Border City Cartel Violence

The last few months have been hell just across the border, and it does not look like it is getting any better. Most of the time the Police and Military in Mexico just try and wait out these clashes, but it puts so many innocent citizens in the line of fire.
from CTI Consulting http://ift.tt/2qXi0RC

Criminal Risk Assessment, Edward Latessa (3 of 7) - YouTube

You deal with individuals every hour of your job, learning how to help determine if the people are a risk to you and other is key to continuing risk assessments during your interactions with them.
from CTI Consulting https://www.youtube.com/watch?v=1EA3eoMvoNY

Improving Officer Safety in Interactions With Citizens Suffering From Mental Illness - YouTube

This is another DOJ Officer training video that we all need to see. Some Departments have had this training, others have invested in much deeper training on the issue for specialized officers, and try to have one on each shift from smaller departments, but this will at least get more of our officers a basic knowledge of the subject.
from CTI Consulting https://www.youtube.com/watch?v=8AwvwA5obxc

Understanding the Effects of Fatigue on Law Enforcement - YouTube

Here is a great training blurb from the DOJ on the effects of fatigue on Law Enforcement and security staff. Well worth the time to watch.
from CTI Consulting https://www.youtube.com/watch?v=5ijZf4Ia22E

Pole winner Scott Dixon, Dario Franchitti robbed at gunpoint in Taco Bell drive-thru | Fox 59

Drive thru's of any type fast food, banks (ATM) and drive thru's are inherently dangerous, getting enough space between you and the car in front of you is difficult, and often even with turning space, you are blocked from escape. Still look for escape points, remember you, even with a smaller car, can jump some pretty tall curbs. Well planned this is a tough situation to be in, even these two kids pulled it off rather easily. If you can always leave space to move, at ATM's pick times that no lines exist, and have everything ready for the transaction, and be ready to move out immediately.
from CTI Consulting http://ift.tt/2rIDrmA

Isis tests chemical weapons on 'human guinea pigs', secret documents reveal | The Independent

This is a continuing story, and even a little attack will cause huge problems in the USA or in Europe. A very small attack would be hard to detect even as the first people get ill and die, so the first attacks, may even go undetected until after a few deaths, or someone takes responsibility.
from CTI Consulting http://ift.tt/2rqvt4m

Instructor Z

Don't try this at home or at the office, with out a trained instructor to keep everyone safe.
from CTI Consulting http://ift.tt/2q33OGH

VIDEO: Cartel Gunmen Hold Up Border City Currency Exchange Store

This is how easy it is to be a criminal in Reynosa the city across the river from where I live. I will say the normal Policeman on either side of the border are not armed this well. They pulled the attack off rather quickly, but it would appear that was because no one stands up to these gangs of Cartel thugs. Motive would appear to be these guys needed a little money. With all the in fighting between the Cartels, it would appear that their payments to the rank and file have been held up, and you know how it is you still got bills to pay if you are a Cartel thug. It also could just be they had a hot date that night and needed a little extra cash, this is the world of Cartel violence, you just take what you want. When these thugs are in the USA to have a more calm weekend, they also bring the same lifestyle with them. They keep this take what you want mind set at restaurants and bar's on our side of the border as well. Most establishments do not report the excesses for fear of retaliation, and least four big establishments in McAllen are either run or have Cartel members as silent (most of the time) partners. We need to report any bad behavior by these thugs as soon as we see it, or we are going to see incidents like this attack in Reynosa on our side of the border.
from CTI Consulting http://ift.tt/2qMBdV1

Friday, May 19, 2017


from CTI Consulting http://con.st/lbgQOpR

US official: ISIS creating chemical weapons cell in new de facto capital - CNNPolitics.com

Chemical weapons in their basic but very deadly form can be made arguably easier than home made explosives. The biggest issue for the terrorists are accidents during their making and during their implementation. The delivery method has been the biggest problem in the past along with the aftermath of an attack. Chemical weapons are in most cases a last resort, but that is what ISIS seems to be in at the moment. Finally they are easy to smuggle into other areas like Europe and even the USA. It is time to dust off your plans and procedures for dealing with these events. Any table top drill should concentrate in shelter in place plans and how to turn off heating and air system to limit the spread.
from CTI Consulting http://ift.tt/2qtM6v6

Thursday, May 18, 2017

Hikvision Backdoor Confirmed

We can not let up on this vulnerability of the HIKVISION products, CCTV are critical to our security systems and these products not only allow for backdoor exploits of the Camera or other HIKVISION device you are using, but once in they can continue into your security systems network, and if you are running your security system on the same network as your admin or normal office work, it can allow access to virtually everything you have on the network. This is not a simple fix, in fact some are reporting when installing patches from HIKVISION, the network actually has more vulnerabilities. Added to this problem is HIKVISION is sold under other companies names as part of their product line, so this vulnerability can be found even in some products sold by American vendors. If you think this is not a critical vulnerability then understand that Homeland Security does not often issue advisories against a product, but has this time. Many USA Goverment agencies have banned an HIKVISION products from being used or even bid on their contracts or installations. This includes DOD and DOJ among many more.
from CTI Consulting http://ift.tt/2qi4uI2


The article is spot on with regards to the costs of lost productivity a device ban would bring, even a limited ban. Using a rented laptop is a non-starter for most people who are concerned with privacy and information security. There is simply no way for the user to be certain if the computer hasn't been compromised by malware. Also, the negative publicity from claims of a lost, stolen or damaged laptop after handing it to an airline will be yet another black eye to an industry already reeling from recent bad press. "My hard drive crashed after I gave it to the United rep" is not something the airline will want to hear, but the media will eat it up. We need to find solutions that minimize the risk of explosives being brought on board that still allow travelers to stay connected and productive, number one. But we could also be witnessing the end of the laptop era as lightweight tablets - which can do nearly as much without the capacity to carry a bomb - become more ubiquitous. (TH)
from CTI Consulting http://con.st/6fGWQoW

Airports Council International - North America

The US economy relies heavily on the ability to move people and goods quickly and efficiently across the country and across the globe. Air transport is big part of that. Keep it safe, keep it secure, and keep it running.
from CTI Consulting http://ift.tt/2qVnj48

Wednesday, May 17, 2017

Move over, Humvee. The U.S. Army has a new ride. | Local Military | pilotonline.com

Larger, higher from the ground, and is ready to go
from CTI Consulting http://ift.tt/2r4HNXv

Ejército y Policía Estatal toman control de seguridad pública en Zihuatanejo

This is becoming a frequent occurrence, Reynosa Mexico in one case had a whole detachment of Army Soldiers put on buses and taken away, stripped of their weapons and jailed. Local Police Departments have been taken into custody all over the Country. In one case near the US border a towns police have been taken away in mass four times in the last two years. Local police are easy targets for the Cartels, they can be at a dinner of a number of them when the Cartels show up and basically tell the Police we will destroy your families if you do not work for us. It is a constant in Mexico at the moment, any type of Law Enforcement are constantly threatened with violence if they do not do the will of the Cartels, local Mayors, even Judges are also threatened, then paid large sums to work for the Cartels. Once paid they know that if they rat on the Cartels they will be exposed as criminals, and the Cartels will start working on the next group. It is not as bad on the USA side of the border, but almost, they (the Cartels) are constantly making threats, and offering money, women, even drugs to law enforcement, and local elected officials. Sometimes they do not use brute force, then find vulnerabilities that humans have, and then exploit them. Drinking, Drugs, and women are the normal and constant issues that the Cartels exploit, they have working girls come over and entice police, border patrol and elected officials, once they partake, then the Cartels move in. If an elected official has a child with some drug or other problem, the Cartels will exploit them and then say they will report the child if the victim does not play for their side. In Mexico it is far worse, and constant. Slowly it is moving to the USA as the Cartels get bolder with each passing year.
from CTI Consulting http://ift.tt/2qOnG00

Mexicans stage ‘Day Without Journalism’ to protest deadly attacks on the news media | World | themonitor.com

It is good to see the Journalists of Mexico standing up for themselves. We all need to stand with them, as much media bias that we see in the USA that turns people off, there is still the freedom of press and it really helps to keep us all free. I hope that we see more support of the Press and Journalists in Mexico, they are sort of the last bastion of hope for the Citizens of Mexico
from CTI Consulting http://ift.tt/2pSLdZF

US intel says Iran supplying ‘explosive boats’ to Houthi militias

Now just imagine one of these explosive boats approaching the NY harbors, not at big commercial ships, but at a flotilla of pleasure craft, it would have a huge effect on the industry, and is another soft target we all need to think about.
from CTI Consulting http://ift.tt/2pKJREd

Focus turns to North Korea sleeper cells as possible culprits in ransomware cyberattack, East Asia News & Top Stories - The Straits Times

As the headline says possible culprits, but read the article, this is right out of Hollywood script writers, but it is real world. North Korea is promoting and to some extent funding, but for the most part these cells are funding themselves, cells of cyber attack squads. They used to be found in China for the most part, but now are found virtually all over the world, at the beck and call of their North Korean Government handlers. They gain money for mother NK, but also provide a terrorist type of cyber attack arm. Another part of this is they are for rent to other Governments, much like the Cuban are. If you are Russia or China and need to cause a problem for say the USA, then you use one of these NK cells to mount an attack on the Pentagon. This allows the Chinese or Russians to claim they had nothing to do with it. Of course Russia has so many cyber folks working on their own, that they always try and claim they can not control them, when in reality they have a pretty firm hand on the controls. But back to the North Korean Sleeper Cells, they are classic intelligence cells, that can cause huge problems with very little cost or effort. I do hope an expose is coming to a TV or Movie near you soon.
from CTI Consulting http://ift.tt/2qw011y

Flight makes emergency landing at OIA after man tries to open cabin door, crash plane, officials say | WFTV

Good job Passengers and Crew of the flight to avert a possible critical problem, we all need to take more responsibility to protect our selves and the people around us.
from CTI Consulting http://ift.tt/2pV3S6i


CTI Vice President Trent Higareda quoted in today's Boston Herald:
from CTI Consulting http://ift.tt/2qqX1FD

Intel seen bringing bigger laptop ban

TrentonScottH : Spoke to @bostonherald regarding impact of a widened laptop ban (barring new security screening tech or methods) https://t.co/Yz7A59Sy64
from CTI Consulting http://ift.tt/2qqX1FD

Tuesday, May 16, 2017

Did Kaspersky step in dog-doo? | CSO Online

Both the Russian based Kaspersky cyber security company and the Chinese based cyber security company, have been found to be working with the Government Espionage agencies in their countries. Both are on a do not use do not buy list by our Government to include contractors working on sensitive programs. This was long suspected, but has recently been verified by former employees of both firms. It is just another of those issues that we in the USA have to acknowledge, Governments like Russia and China have so much control of the companies in their lands, that they can make them do pretty much anything they want.
from CTI Consulting http://ift.tt/2qObXPi

Floor billing expands at CDMX

The unfettered extortion in the market places of Mexico has led to store owners taking the law into their own hands. Complaints to law enforcement even the local governments has not resulted in any arrests or even higher police presence. With the Government allowing this to happen with out any law enforcement, it requires the Store Owners to break the law to stop the criminal action. But the reaction by the store owners, has made them illegal in the eyes of law enforcement and they are constant fear of being arrested. Mexico needs to gain control of the problem, they seem to support the criminals but not the tax payers. As one person put it the government and its law enforcement agencies, are paid by taxes, but their real money comes from criminals paying them off to look the other way. Mexican Citizens deserve better, and hopefully the revolution is coming.
from CTI Consulting http://ift.tt/2rjMjir


CTI Vice President Trent Higareda on the pending air travel device ban:
from CTI Consulting http://ift.tt/2rbHYk6

Monday, May 15, 2017

The Morning Risk Report: Sloppy Board Cyber Practices are Prevalent - Risk & Compliance Journal. - WSJ

As more and more Board members of corporations around the world are being brought into legal actions against the corporations they belong to, Cyber Security practices are just one more vulnerability they have to deal with. Letting a Board members sloppy cyber security practices cause damages to the company can be actionable, and the board members need to understand it.
from CTI Consulting http://ift.tt/2pAjLzF

WikiLeaks Reveals 'AfterMidnight' & 'Assassin' CIA Windows Malware Frameworks

I have to agree in point with Microsoft being upset with the CIA Zero Day vulnerabilities, but you also have to look at Microsoft who read the dumped data as well as the hackers and had not fixed the vulnerability. That is sort of the catch 22 of Zero Day vulnerabilities, it is a vulnerability, but also could be known by other countries, even other private sector hackers. All Zero Day means is that one group thinks they know a vulnerability that others do not know. It maybe true, or it could be a lot of people know the vulnerability and are holding it close to the vest to exploit as needed. Once it is used, then vendors usually patch the vulnerability. Microsoft has known of some vulnerabilities that they have not patched for various reasons, like it is expensive and if know one knows about it, how dangerous can it be. So yes the WikiLeaks is still revealing vulnerabilities, but it is not something the CIA did, it is just a vulnerability they know about. Now these Malwares are a bit different, some of these have been developed by the Agency and they use various Zero Day vulnerabilities to insert them into other folks systems. The Stuxnet mallware, for lack of a better term used, some say, 3 different Zero Day vulnerabilities, but those vulnerabilities are well know, if fact the Stuxnet has been altered and used by China, Russia, even Iran, some hacker still use them, but for the most part the vulnerability is known and patched buy a lot of users.
from CTI Consulting http://ift.tt/2qJGNIO

Saturday, May 13, 2017

U.S. airlines meet with Homeland Security on expanding laptop ban | Reuters

This threat is real, but I am not sure the risk assessment is valid as far as it goes. Yes the threat can be seen in the x-rays shown in this article, but it is the amount of explosives that can be available in these devices. In some of these cases it would appear the explosive content would be less than 6 to 8 ounces. Can this be deadly, yes, it could result in the death of the people around it, and by that it would people with in a few feet, and even then the device would not have a high probability of killing those people, but it would cause sever injuries. As with any explosive device going off the fragmentation from the devices, could reach out and kill people at a further distance, but the chances are fairly low. Its chances of bringing down a plane are very small, the device in the Pan Am 103 bombing was considered to be around 11 ounces, and it did bring down the plane. But what is not talked about is the incredible misfortune that plane experienced. The bomb was in a tape recorder/boombox that was in a suite case, that was in a baggage container with a lot of other suite cases. The misfortune was that the bomb ended up near the edge of the suite case, and that suite case ended up near the edge of the container, and that container just happen to be right up against the body of the plane, actually on a rivet line of the body of the plane. Then to make it all worse the plane was going through a rough patch of air, that put the plane at high stress levels, if any of that had not been in place, it is quite possible the plane could have survived. Now that is the threat, a small tablet or smart phone carrying a small amount of explosives, or perhaps only the detonator for a larger bomb, is the threat we face. Bigger electronic devices are quite probably at much larger threat, and would have to be banned until this threat is resolved either by finding the problem people, and or detecting the device. It is not been fully explained but the problem is exacerbated by the lap tops that have made it on planes and have been detonated, both seemed to be the problem of an insider threat, in this case people working at the airport sneaking devices by security, in one case they have a video of a passenger being given a laptop when he was past security. In some areas of the middle east the insider threat problem is almost insurmountable. In Egypt for instance when the Muslim Brotherhood took control of the government they put followers in a lot of critical spots, some of those spots turned out to be key areas of the airport, to include airport security. In Brussels one of the bombers used to work part time at the airport, and 7 to 9 others working at the airport were also Islamic Radical followers. As the aviation industry comes to terms with this evolving threat, we all have to agree that the insider threat is real and is in many airports. Just look at the number of drugs smuggled on planes every day, in that case the insiders have proven to be people working for the airlines, and airports, and have been TSA screeners, as well as local police. The hardest insiders for the US to deal with would be the TSA staffing since they are in charge of the main line of defense at the airports. There at this point are really no over site control of the TSA except their Internal affairs teams. and if the word gets out in some way then the FBI can move in. In a number of cases the TSA staff ran smuggling operations for over a number of months. If just one pack of drugs was really carrying explosives and the two packages can look identical, then the results could be devastating. Lastly the detection of the devices by screeners even expert screeners, has been a problem for this particular bomb maker. A few years ago two bombs had been put in printer cartridges, an informant told the US about them, and one was found in an Mideastern country, the other made it to London, and was not found on the first two searches. This is the bomber or his trainees that it is believed we are dealing with here. So do we except the risk, do we mitigate the risk, by only letting smaller devices like tablets and almost any smart phone. This is the question, it is a tough one, but one that a risk assessment analyst has to deal with all the time. If I were doing the assessment, I would error on the side of letting more devices on, with a nod to our intelligence folks to give us a heads up.
from CTI Consulting http://ift.tt/2qehb5G

Friday, May 12, 2017

VIDEO: Mexican Cartel Gunmen Hold Prayer Meeting Before Carnage at Texas Border

Less than 5 miles from my home in Texas, when things get to hot for them in Reynosa, they come across the border and start problems over here. When it gets to violent the people move their families to homes in the US, usually owned by family and friends to keep everything legal. Our real problem is that when you walk into a store or bar, you may be dealing with one of these stone cold killers at any moment, and if anything sets them off they start the violence. Many young adults stay away from bars and even high end restaurants at night just so they do not unwittingly run afoul of one of them. The Texas DPS wrote a vulnerability report back in 1013 stating that this type of constant fear of meeting up with a Cartel member is expanding all through Texas, and though it does not show up on the FBI crime statistics it does effect the way everyone goes about their way of life. Women and Men rarely wear jewelry when going to mall's, restaurants, and bars. It is just not worth the risk. It is rare that someone will honk their car horns at a vehicle to make them move for the fear of possibly dealing with a Cartel. Most people once they know who they are dealing with will not report the incidents to the Police for a real fear of reprisals. Mexico needs to get control of their Cartel problems, but our City Fathers on the border need to start getting a handle on the problems on the US side instead of just putting their heads in the sand and saying we do not have a problem. They could start by reading the 2013 DPS report. http://ift.tt/2r9JsHV
from CTI Consulting http://ift.tt/2qaZ7cC

Twitter / ?

TrentonScottH : RT @BleepinComputer: If you have not installed Windows Security Update MS17-010, STOP what your doing and do it NOW! https://t.co/AlcqJ2I7Pg …
from CTI Consulting https://t.co/AlcqJ2I7

Most Wanted Terrorists — FBI

Catching these guys is a high priority, but first you have to know who they are. This is the FBI most recent list. There used to be an app for the old Palm Phones that allowed you to run through these wanted posters, while sitting in airports around the world. But at least a look every once and while may jog your memory, and save some lives and get a bad guy off the street.
from CTI Consulting http://ift.tt/1IQjtJb

Thursday, May 11, 2017

U.S. airlines meet with Homeland Security on expanding laptop ban

TrentonScottH : Get ready, the laptop ban is likely happening on European flights now #aviationsecurity https://t.co/qR6a7cmkOY
from CTI Consulting http://ift.tt/2qyvXFA

Wednesday, May 10, 2017

U.N. aviation agency seeks global approach to laptop ban

TrentonScottH : Portable device concerns will lead to more hassles for fliers until better screening tech is avail #aviationsecurity https://t.co/OARajf51Ok
from CTI Consulting http://ift.tt/2q5zYOJ


TrentonScottH : US Customs Biometric Exit program to rely on facial recognition; has accuracy problems esp if the pool is too large https://t.co/qGIqQ8l0lw
from CTI Consulting http://ift.tt/2mV3hAW

DRT 1301C – The Secret Surveillance Catalogue

When you just have to tap into every cell phone in the area, here is the device for you, it does have limitations like only 10,000 phones at one time. And you can only record a few that you detect and identify at a time. This is not your Police Department gear, or even federal agencies that use title 3 surveillance capabilities, this in the realm of title 10 surveillance, like if you wanted to effect the change of a Governments election process.
from CTI Consulting http://ift.tt/2pd3gfw

10 Steps to Cyber Security - NCSC Site

TrentonScottH : RT @ncsc: Our 10 simple steps to #cybersecurity https://t.co/SSZT7FkTyH https://t.co/8v78y5ksiM
from CTI Consulting http://ift.tt/2lQbsln

NCSC UK on Twitter

TrentonScottH : RT @ncsc: Our 10 simple steps to #cybersecurity https://t.co/SSZT7FkTyH https://t.co/8v78y5ksiM
from CTI Consulting https://twitter.com/ncsc/status/862290386345222144/photo/1

Tuesday, May 9, 2017

TSA recommends security measures for airport "soft targets"

TrentonScottH : Thanks to @jackiefell for the opportunity to talk about the new TSA framework for soft targets #airportsecurity https://t.co/UNi5ovzQa6
from CTI Consulting http://ift.tt/2q0MZKN

Trump's Hiring Goals Could Increase Corruption in the U.S. Border Patrol - The Atlantic

Though the number of corrupt agents represents less than 1 percent of CBP’s 44,000 sworn officers—the largest police force in the U.S. was not mentioned in the lead to this article. If most estimates are correct even 5% of the clergy are guilty of something, as are Police Officers, DOD staff, yes even Federal agencies. So as the spokesman for the Border Patrol says, yes even 1% is a very bad number, it is pretty low. If you see some of the stresses the Cartels put on any border law enforcement officer you wonder also why it is so low. Agents and Officers are met outside their homes by Cartel enforcers that let them know they know where they live. They set up enticements like women and gifts to meet them in bars were they are drinking or eating. Yes the Border Patrol has to keep working to keep the bad agents away, and they are doing a pretty good job of it for the most part, but more agents are not the problem, it is part of the solution, the more agents, the harder to make them stray from the straight an narrow, the 5% figure will still haunt every group, but hopefully it will just be overtime extensions and taking off early.
from CTI Consulting http://ift.tt/2pNM00V

Mexico was second deadliest country in 2016 - CNN.com

This is no surprise to most of us on the border, to folks in war zones in far away countries, it does become a surprise. The Gaza Strip in Palestine or Israel depending on your view has a far worse reputation in the world, but Mexico has a far bigger problem than the Gaza Strip. For some reason the Mexico Problem is largely swept under the run. Many say it is because it shines a negative light on Mexican Immigrants both legal and illegal, or that it shines a bad light on our trade policies, all maybe true, but the biggest issue, is the drug trade. Now days it is front an center for many, but to the Cartels involved it has become much more. For most tracking the drug trade, it accounts for less than half the income of the Cartels these days. Human trafficking, illegal immigration are the next biggest money makers for the Cartels, followed by the theft of oil and extortion becoming more and more of the problem. All these branches are due to the expanding work force of the Cartels, and the need for up and coming Cartel members to make money. Like the Italian mobs of the 50's though 80's who had to branch out to drugs from their tried and true Union actions, and gambling along with prostitution, they had new members coming up that had to be fed, and drugs was the new money maker. Now the Mexican Cartels are reversing down the path, but still using violence to maintain control. This puts our border with Mexico as the most deadliest part of the world. If you look at the Crime maps of Mexico, the border hot spots dominate the crime picture in Mexico. More and more the Cartels are using street gangs like the MS-13 to enforce their control on the US side of the border and expanding their reach every day. New York is looking with horror at what this street gang is capable of, and the Cartels leave a lot of the US action to them and others as they continue to make Mexico as the second deadliest Country in the world.
from CTI Consulting http://ift.tt/2q2boxP

Google 0-Day Hunters Find 'Crazy Bad' Windows RCE Flaw

Ok, this maybe the worst, but there is more to come, so hang on. This is a problem that as any zero day vulnerability probably has been known for some time by our and other intelligence agencies, and will probably show up in a Wikileaks dump at some time. Last month another Zero Day was released and had been a vulnerability for years, for an explanation, a Zero Day vulnerability is a vulnerability someone has found and not told anyone about, so they can use it for their purposes in the future. Since it has never been used, it is a zero day vulnerability, because as soon as it is used, others may use it, or a patch maybe made to counter it. There is a game in the zero day world, and that is who knows about the vulnerability, some hackers find zero day vulnerabilities and hold on to them to sell in the future, some hackers find zero day vulnerabilities and wait to exploit them when it will do the most for them or the worst for the company with the vulnerability. The problem with all these is if someone finds the vulnerability before it is used or sold by the hacker, if that happens the value of the vulnerability goes way down, it may still be sold, but for a far less amount. Once the company attacked finds a fix, then the vulnerability is near worthless, except for those people that have not applied the patch. It was said three separate Zero day vulnerabilities were used in the attack on the Iranian Nuclear facilities. Those were vulnerabilities some governments knew about, and held close to the vest so they could stop the progress of the Iranian Nuclear program. Some privacy folks protested that our government as well as other governments should disclose these vulnerabilities so the systems can be patched. There is a common sense to Governments making every vulnerability known to the world so that hackers can not exploit them, but in the world of cyber espionage and may I say cyber war, we need ways to attack the bad guys as needed.
from CTI Consulting http://ift.tt/2qhMMV8

Flying Solo

Here is a double recommendation for reading an article. One it is put out by ASIS the largest security association in the world, which ever one should belong too, and it is written by Fred Burton of Stratfor a leading intelligence firm that most fortune 500 security directors use. Fred is also a former State Department DIS Agent that has been involved in a number of high profile incidents around the world. He also has a number of books you should probably read at some point. Finally it is just a great article to read, even it it is just your family going on vacation, or you are working with mid to high level executives that are on travel status.
from CTI Consulting http://ift.tt/2pfe5Ls

TSA lays out new security framework for 'soft targets' | TheHill

As Trenton Scott Higareda stated in his previous post, DHS and TSA working with other agencies and the private sector are reevaluating soft targets in aviation and other soft target sites. Airports already have centralized security command centers operating 24 hours a day, at least most do. The soft targets like baggage claim and the ticket counters used by terrorists of late, are now being addressed. But as we advice or Aviation Officers during training that just means the terrorists are going to have to find other soft targets and it is them that probably will have a better idea of where that will be, and should keep an eye on it.
from CTI Consulting http://ift.tt/2pZVp5C

Hostage Negotiations – “If they pay once, they’ll pay again” – Counter Terrorism, Bodyguards, Self-Defense & Travel Security

This is an interesting article, and has some great suggestions , but also has some areas that many in the field are not so on board with. But I learned from it, and I am sure most reading it will get some new insights from it. Kidnapping is not going away, and we all need to understand the back and forth of a kidnapping. EP teams need to understand the basics of kidnapping negotiations, if for no other reason that they do not want to get in the way of negotiations, but also in a border kidnapping like on the Texas Mexico Border, it can often end in a few hours or maximum a week, in other words before a negotiating team can be brought in and set up, it maybe all over. This series of articles here can give you a great leg up, but you may want to have a trained negotiator on speed dial. They are around and can give good pertinent advice to you over the phone if that is all time permits. Chris Voss in California is one, another resource lives in the Austin Texas area. I would read these articles, buy Chris Voss's book and find out how the latest kidnappings in the area you are in have turned out. But all this in your tool box and you will be better ready for the event should it happen. But also remember that most kidnappings follow a game plan that is like the terrorist play book, lots of surveillance, testing of security, practice runs and then the kidnapping, catching on to the bad guys before the incident is your best defense.
from CTI Consulting http://ift.tt/2qNRgmf

Monday, May 8, 2017

Monuments under review by Interior Department | Miami Herald

Many of our Nations Monuments are getting another security review due to new threats against them. Take a look at the list is any are in your area or something you drive by at times, use your skills to look for bad guys targeting them. It is the same as before, people with use surveillance to determine if an attack is possible, they will try and test any security around the monument to see what they may have to face, finally they will probably conduct trial runs to make sure the attack plan is sound. If you are trained on what to look for, you well maybe the one that can stop the next attack.
from CTI Consulting http://ift.tt/2q05KN3

TSA Issues Security Warning About Vehicle-Ramming Threat - Story

If this is getting old talking about Vehicle Ramming Threat, but please take it to heart, the threat is real and the problem is one we need to prepare for. Bollards and other anti ram systems should be considered for use. In this case we are looking for bollard as places people can hide behind or even use as deflection points for people evacuating the area. CTI has numerous posts on the use and capabilities of bollards. Or drop us a line and we would be glad to go over the possible solutions with you. http://ift.tt/2pXQemA
from CTI Consulting http://ift.tt/2pZwTja

Android apps secretly tracking users by listening to inaudible sound hidden in adverts | The Independent

Yes, your apps are spying on you, in the last 6 months these spying apps for android alone have jumped from 34 to 234 some are well known companies hoping to use these apps to better know what you are watching on TV to what you are listening to in your car, but to do this they have to monitor you constantly. You think Big Brother is the problem, no it is the corporate world doing it to you with no one putting and controls on them.
from CTI Consulting http://ift.tt/2qIWQpE

Shifting terror tactics prompt State Department's Europe travel warning | WTOP

Very good article to read, my only comment is do not rule out another 911 style attack. The original AQ that accomplished that as well as the London attack, the attack on the Cole, the two embassies in African, even the Spain rail attack are still out there. They have not gone away, and are planning new attacks everyday. The nice thing is that if you are looking for the lone wolf or AQ lite of the Yemen fame, as well as the ISIS growing conglomerate all over the world, you should find the original AQ teams as they follow the terror playbook. The Original AQ are normally much better trained and use better trade craft, but their planning takes so long, that we have more time to catch them before they attack.
from CTI Consulting http://ift.tt/2pcZm7J

Authorities warn terrorists may try truck-ramming attacks in US | Henry Morgenstern | Pulse | LinkedIn

This is a ticking time bomb for us in the USA, some say it has already happen in the US, but either not recognized as such, or hidden from the general public, we are looking at both issues. But it is going to continue to happen or start either way we need to protect against it. In past posts and on CTI's blog this issue is has been addressed each time it has been documented to have happen.
from CTI Consulting http://ift.tt/2qJRzya

Friday, May 5, 2017

Macron campaign emails appear to be leaked online

TrentonScottH : Macron campaign says it has been the victim of a massive, coordinated hacking operation https://t.co/OX0MYTUIpf
from CTI Consulting http://ift.tt/2pPuQQH

Rogue FBI employee married ISIS terrorist

There is a lot more to know about this case, but it does speak to the fact that insider threats are around us all the time. She was a contractor, and this has become a very big problem for the Federal Government to include the DOD. Being a contract employee is often not part of the inner team is situations like this, and for many breeds loyalty problems from the start. How to work through this problem, is not black and white. But one thing is true in all cases, that is to keep and eye on them at all times, which in it self causes the problem.
from CTI Consulting http://ift.tt/2qlOLXK

Thursday, May 4, 2017

TSA report warns against deadly truck ramming attacks by terrorists

TrentonScottH : TSA Report Warns Against Truck Ramming Attacks By Terrorists - NBC News https://t.co/xxMb6OXloC
from CTI Consulting http://ift.tt/2q2cVa2

Wednesday, May 3, 2017

A Dangerously Convincing Google Docs Phishing Scam Is Spreading Like Crazy

TrentonScottH : Don't click on any unsolicited Google Docs links https://t.co/vaaBjzZfOV
from CTI Consulting http://ift.tt/2qsQJFS

Monday, May 1, 2017

E Hacking News - Latest Hacker News and IT Security News: MS Word hacked with ransomware

This is one we need to know about and be careful with, please let everyone know about this one.
from CTI Consulting http://ift.tt/2poFtJs

Insecure Apps that Open Ports Leave Millions of Smartphones at Risk of Hacking

This is a problem that is only getting worse, apps are notorious for being written quickly and with security either not addressed or poorly addressed. From small firms that want to get onto the app rage and either try and build them themselves or hire a small fly by night firm to build it. Not only do they all to often have security vulnerabilities, they also want to collect as much data from you that they can then sell. Two app firms explain that if you have them build your app they can help you sell the data collected to vendors that can use it. In one case the apps company built apps that had some feature that people may like, and then sell the whole app to companies that target users with those interests. I find it difficult to believe that someone has not filed suite against many of these apps, for privacy violations, or security vulnerabilities. When you gather data and then leave the data vulnerable normally legal action will take place. When it happens a lot of apps are going to be pulled off the internet. This includes some very big names like United Airlines, even games. To many are of the belief that their privacy statements they required to be read. Once a negligence lawsuit blows by that defense, which it will, then the rest will fall as well. Negligence is easy to charge and can become very hard to defend.
from CTI Consulting http://ift.tt/2pyC3C8

Printer and Embedded Device Security | Insight

This is great white paper on printer security that everyone should read. It does not do much good to have secured your computer network and then leave holes in the system by printers vulnerabilities. Not all the problems are high tech, some are simple tried and true old school techniques, like reading what is sitting in the printer tray. In one case court documents sent to a shared printer could be read by everyone using the printer. The actual person that printed the document was in another office and stopped off at a restroom on the way, by the time he got to the printer the highly confidential document was in a read tray nearby to clear the printer for other jobs. Download the white paper and check your printers for security vulnerabilities.
from CTI Consulting http://ift.tt/2qq2HND

Chinese 'Attacking Us From Every Direction', Says US FBI

Let's just say if the FBI is going public with this talk, you can bet they see it as a huge problem. China has made their game plan clear, they want to have a IT based product in every household and every business. The router in many homes and offices are the hub for all traffic in and out. Using many types of attack vectors China has even hit the FBI with bogus routers, many universities, even the DOD. In those they used phony Cisco routers and other compromised IT products. For businesses both large and small, as well as homes, China provides low cost products, ranging from routers to video cameras. They do so with direct sales of their products, but also by selling their products under other companies names. To be able to compete with low cost China products, many American firms are buying Chines products and renaming them, some very big names in the Security Industry are doing it. The third attack vector the Chinese are using, uses parts of other products like low cost printers, that have scanners on them. the scanners for most if not all the three in one low cost printers, have scanner assemblies made in China. Even some of the very high cost printer copiers have Chinese products inside them. But sometimes all it is, is a Chinese chip inside a product, we all see the low cost CCTV products available for business and home use, but what you do not see is the very small computer and data chips used in products. China has been making these cheap as well, and they end up in products from companies all over the world. One of the most used is a little chip that allows translations between IP V4 to and from IP V6, since China has gone 100% IP V6, it makes the majority of the translations chips found in almost all products from computers to CCTV cameras Chinese made. The last vector of the Chinese attack is sending malware that turns many products into surveillance devices for the Chinese. One estimate is over 90% of the computers used in the USA have some version of Chinese malware hidden in the code of the computer. We need to be careful, but also realize we may well be compromised already and chose how we deal with it.
from CTI Consulting http://ift.tt/2q0m6ER