nym-infragard.us

NRF 2009 Organized Retail Crime Survey

NRF�s Organized Retail Crime survey is distributed each spring to senior loss prevention executives nationwide. This year�s survey features responses from 115 different retail companies, including department/large box, discount, drug, grocery, restaurant and specialty retailers. The 2009 Organized Retail Crime Survey is NRF's fifth annual survey.

Download the Full Report at the National Retail Federation site.

Thanks to Jason Liszkiewicz for the link.

InfraGard Member Receives Patent

John C. Checco, CISSP, CSSLP, a member of Infragard's NY Metro Chapter, recently received US Patent No 7509686 for his security algorithm in keystroke dynamics. Mr. Checco is owner of Checco Services Inc., an information security consulting firm, as well as founder of bioChec keystroke biometric solutions.

A fully‐functional demonstration of the technology is available at www.bioChec.com and the SDK is freely available for in‐house non‐commercial development.

F.B.I. Looks Into a Threat to Reveal Patient Data

November 7, 2008

F.B.I. Looks Into a Threat to Reveal Patient Data

By JOHN MARKOFF

SAN FRANCISCO � The Federal Bureau of Investigation is investigating an extortion letter threatening to expose millions of patient records stolen from Express Scripts, a medical benefits management company.

The company said Thursday that it had been investigating the threat since early October, when it received a letter that contained personal information on about 75 of its members including names, dates of birth, Social Security numbers and, in some cases, prescription information.

The company said that it had immediately notified the F.B.I. and that it had retained outside experts in data security and computer forensics to aid in the company�s internal investigation.

�We have been conducting a thorough investigation since we received this threat and we are taking it very seriously,� said George Paz, chairman and chief executive, in a statement. �We are cooperating with the F.B.I. and are committed to doing what we can to protect our members� personal information and to track down the person or persons responsible for this criminal act.�

The company also announced that it had created a Web site for members to obtain information about the incident and learn how to protect themselves from identity theft. The Web site is www.esisupports.com.

Express Scripts, based in St. Louis, is one of the largest pharmacy benefits management companies in the United States. It handles prescription benefits for approximately 50 million people through clients like health insurers, employers and union-sponsored medical plans.

A spokesman for the company said that Express Scripts was still trying to ascertain the exact nature of the theft.

�All we know about the nature of the data taken is that the letter enabled us to tell where in our system it was taken from,� said the spokesman, Steve Littlejohn. �We�re not ruling anything out.�

He said that because of the investigation, the company was not willing to give details about the nature of the threat letter, such as whether it was sent as an e-mail message or through the United States postal system. He also said that the extortion threat was for money, but would not disclose the amount.

Mr. Littlejohn said the company was still not certain how much data had actually been stolen. He also said the company had not ruled out the possibility of an insider theft.

Copyright 2008 The New York Times Company

Studying Osama bin Laden's audio tapes - Homeland Security Daily Wire reports:

HomeTransport / BorderBiometricsContinuity / RecoveryInfrastructure / ITBiodefenseSurveillanceDetectionSci / TechMarketsPolicyEnergySearch 9/11 + 7: Taking stock Published 11 September 2008 University of California, Davis researcher is studying more than 1,500 audiotapes seized in Afghanistan in 2001; the tapes are recording of conversations from the late 1960s through 2000 among bin Laden and more than 200 of his associates. More than 1,500 audiocassette tapes taken in 2001 from Osama bin Laden's former residential compound in Qandahar, Afghanistan, are yielding new insights into the radical Islamic militant leader's intellectual development in the years leading up to the 9/11 terrorist attacks. Flagg Miller, an assistant professor of religious studies at the University of California, Davis, and the first academic researcher to study the tapes, will present his preliminary observations in a lecture at the Center of Modern Oriental Studies in Berlin on 18 September. The first research paper stemming from Miller's study of the tapes will appear in the October issue of the journal Language & Communication. "Bin Laden did not start out at the top of this movement. He had to earn his way there, build his credibility," said Miller, a noted scholar of Arabic. "These cassettes help to tell us how he did that." The collection offers "unprecedented insight into the debates going on among bin Laden's allies and critics in the five years leading up to the September 11th attacks," Miller said. "They also show his evolution from a relatively unpolished Muslim reformer, orator and jihad recruiter to his current persona, in which he attempts to position himself as an important intellectual and political voice on international affairs." The audiocassettes, along with a number of videotapes, were first acquired by a CNN producer and Afghani translator in the weeks following the Taliban's evacuation from Qandahar on 7 December 2001. After the FBI declined stewardship of the tapes, CNN turned the collection over to the Williams College Afghan Media Project, headed by anthropologist David Edwards. Edwards contacted Miller, a linguist and cultural anthropologist who studies the roles of language and poetry in contemporary Muslim reform in the Middle East. The audiocassettes are now at Yale University, where they are being cleaned, digitized and described; the process will take several years to complete. "In trying to understand bin Laden's own intellectual formation, analysts to date have had to rely exclusively on what he has revealed in statements made to world audiences, or else on what has been reported about him by his former teachers and associates, family members, journalists and various political representatives," said Miller, who is indexing the tapes and has listened to excerpts from many of them. "No equivalent 'library' of his has yet come to light." The tapes date from the late 1960s through 2000 and feature more than 200 speakers from more than a dozen countries in the Middle East, Indian subcontinent and Africa. The speakers, identified on cassette labels, include prominent scholars as well as some of al-Qaida's most important strategic thinkers and operational leaders. The recordings include sermons, political speeches, lectures, formal interviews, exchanges between students and teachers, telephone conversations, radio broadcasts, recordings of live battles and Islamic anthems, as well as trivia contests and studio-recorded audio dramas. Twenty of the audiocassettes contain recordings of bin Laden; twleve of these include material previously unpublished in any language, according to Miller. Among his early observations, Miller has found that bin Laden took many years to identify a single consistent message or political platform. For example, in bin Laden's early recordings he sometimes called non-Muslims throughout the world "dogs," while on other occasions he advised his listeners to engage civilly with Western embassies and consulates by writing letters and organizing public demonstrations to protest Israel's treatment of Palestinians. Bin Laden, however, consistently identified the United States, especially through its support of Israel, as his number-one enemy, even before Iraq's invasion of Kuwait and the massive augmentation of U.S. forces on the Arabian Peninsula, Miller said. The audiocassettes shed light on how the fight against the Soviets in the 1980s shaped bin Laden. The recordings also confirm him as a man who regards his homeland, Saudi Arabia, as corrupt, believes that Islam has been perverted by ruling Arab leaders across the Middle East, views Muslims as victims of global persecution and sees himself as a reformer who is setting Islam on a better path.

Police investigate BT's secret internet monitoring trials

City of London police examine dossier complied by BT customers unhappy with the Phorm Webwise trials run by BT Dinah Greek, Computeract!ve 11 Sep 2008 ADVERTISEMENT Police are examining a dossier concerning the secret trials of the Phorm Webwise internet monitoring software carried out by BT in 2006 and 2007. The move by the City of London Police came after the force was handed the information by IT specialist Alex Hanff, following a protest by BT customers outside the telecom giant�s annual general meeting in July. Mr Hanff and privacy experts believe that BT�s trials were illegal and that Webwise breaches privacy laws including the Data Protection Act and the Regulation of Investigatory Powers Act (RIPA). Dr Richard Clayton, a privacy expert at Cambridge University, who has analysed the software, has written that he is �not happy at all�, and believes that it �performs illegal interception� as defined by the RIPA. The software, which tracks people�s surfing habits with the stated aim of delivering more targeted adverts, has caused a storm of controversy. As well as BT, two other key UK internet service providers, Talktalk and Virgin Media, have said they have plans to use the software. Mr Hanff and privacy experts are also deeply concerned about what may eventually happen to any data that is intercepted. �We are concerned about the potential for further use of individuals� data in light of the US patent application and Phorm�s DPA registration. The DPA registration makes clear reference to holding financial and personal data and being allowed to �export� this,� Mr Hanff said. Phorm said it was certain that Webwise didn't breach any UK laws and it is not clear yet if BT faces any further action by the police concerning the trials it did not inform customers about. A representative for the police said: "City of London Police has not launched a criminal investigation in connection with this matter. We are establishing if any criminal offence has been committed.� BT said it had no comment to make on the matter of the police investigation. The Information Commissioner's Office has said in its view, from the information available at this point, Webwise can be used in a way that will not breach UK laws. However it also said it would continue to monitor the situation. The EU has also stepped into the row and asked the UK Government to clarify if the software breached the laws. However the UK has not responded to the EU yet.

Automated HTTPS Cookie Hijacking

Submitted by mikeperry on Thu, 08/14/2008 - 01:39 This past weekend I gave a talk at DEFCON 16 describing a very common vulnerability with many SSL-secured websites (slides are here). It actually all started last year when I began development on The Torbutton Firefox Extension and agreed to speak at Black Hat USA 2007 and DEFCON 15 on my findings with respect to Tor Security. In that talk, I announced that many sites used over Tor were not setting the 'Encrypted Sessions Only' bit on cookies they set over https. This is the case with GMail, addons.mozilla.org, most Drupal sites, Facebook, Amazon's purchase history, Yahoo mail, Hotmail/MSN, many many online merchants, and a few of my friends' banks. It turns out an adversary able to position themselves in between you and a website is able to inject arbitrary http-based content elements for domains that do not set the 'Encrypted Sessions Only' property of their cookies, and thus cause your client to transmit these cookies via clear text, intercept them, and impersonate you. The important thing to note is that they can do this when you visit ANY website. You do not ever have to leave SSL for the vulnerable site. I described this attack in detail in a post to BugTraq and notified Google a year ago, but unfortunately, my announcement was largely overshadowed by Robert Graham's 'SideJacking' demonstration at Black Hat. His tool was simply a sniffer that just gathered cookies for sites as users on the local network visited them. The attack I described was much more flexible, much more powerful, and just as automated, but without a tool and a demonstration to back up my claims, nobody listened. How an Automated HTTPS Cookie Hijacking is Performed This attack can happen via a number of mechanisms, including via the local wired or wireless network, via Dan Kaminsky's DNS hijack attack, via the Tor network, or via the cable modem network (though this would require a custom modem). The steps are as follows: 1. Cache all DNS responses on the network to obtain a mapping of what host name clients are resolving, so you know the host they are using for server IPs. 2. When a client IP connects to a server IP using https (port 443), look up what hostname they resolved in the DNS cache to get this IP. 3. Add this domain as a target for that client IP. 4. When that IP then connects to ANY http website, look up what targets it has accumulated, and optionally add on a list of custom targets for completely insecure sites such as mail.yahoo.com and mail.live.com. Inject images for each of these into that TCP connection. 5. When the browser fetches these images, it will transmit any insecure cookies for that domain and path. Record the resulting cookies (and any others we happen to see while we're at it) to a Firefox-compatible cookies file. The key property to notice here is that the tool automatically targets ALL insecure sites, not just Gmail. It does not require configuration for the common case. This means you do not get to hide behind obscurity! Just because no one has heard of your dinky little SSL site does not mean you are secure if your cookies are not set to be. Furthermore, the additional optional list of completely insecure sites to always hijack (even if their users never visit them during the attack session) means that popular sites that completely refuse to implement SSL are now incentivized to do so. It is for both these reasons that I have opted to wait another two weeks after my talk before releasing this tool, because I figured these facts would take the longest to sink in. It is possible to cobble together a tool that targets specific sites in a couple hours or maybe a weekend (depending on how well you leverage existing tools, and how extensible the result is). In fact, a site-specific tool has already been released by Enable Security. However, doing the additional work to fully automate the process is probably another weekend or two worth of work, and its work that would be done in secret without people realizing the seriousness of the vulnerability. In fact, despite it taking a year for me to grow impatient enough to opt for a full disclosure shitstorm, coding the tool itself only took 2-3 weekends of my time and about one of Damon McCoy's (who helped make sure it didn't break on his more exotic and heterogeneous wireless test lab network). How to Tell if Your Sites are Secure Since so many sites are likely vulnerable, the actual reporting process is probably going to fall on the shoulders of users. To check your sites under Firefox, go to the Privacy tab in the Preferences window, and click on "Show Cookies". For a given site, inspect the individual cookies for the top level name of the site, and any subdomain names, and if any have "Send For: Encrypted connections only", delete them. Then try to visit your site again. If it still allows you in, the site is insecure and your session can be stolen. You should report this to the site maintainer. Note that some sites do janky things like requiring a random Session ID in the URL, referrer information to be correct, or hidden form elements to be present during navigation. This may end up preventing the above simple test from allowing you in, despite having insecure cookies. These approaches may or may not be secure, depending upon how they implemented it (and why), and really should be considered a "worst practices" sort of thing for protection for this particular attack. For instance, the randomized session ID in the URL may have been specifically designed to protect against CSRF attacks, with no thought whatsoever put into the fact that it can be transmitted on the local network in the 'referrer' string as soon as you navigate to an insecure page (ie, the "about", "routing info", and "help" links of many banks are http, not to mention off site links they might provide). Because of this, is probably best to contact these sites anyway, since hacks like these are homebrew solutions (and potentially designed to defend against completely different attacks) and are much more likely to be failure prone than the tried and tested existing browser security model.

The lessons of St Paul - Stratfor Reports...

September 10, 2008 By Fred Burton and Scott Stewart On Sept. 5, two men from Austin, Texas, were charged in U.S. District Court in Minneapolis in connection with a plot to disrupt the Republican National Convention (RNC) held in St. Paul, Minn., last week. According to the criminal complaint filed in the case, each man was charged with one count of possessing Molotov cocktails. In the complaint, authorities noted that one of the men, Bradley Crowder, was arrested Sept. 1 for disorderly conduct. The second man, David McKay, was apparently arrested Sept. 1 but then released. McKay was arrested a second time after a search warrant on the apartment at which he and Crowder were staying in St. Paul uncovered a total of eight completed Molotov cocktails. Authorities claim that Crowder and McKay had planned to use the Molotov cocktails against police vehicles in a parking lot near the apartment where they had stayed. According to an FBI affidavit, law enforcement officers used electronic means to monitor a conversation McKay had about using the incendiary devices. In the monitored conversation, McKay reportedly said, ��it�s worth it if an officer gets burned or maimed.� Crowder and McKay, who were part of a small cell of activists that called itself the Austin Affinity Group, also brought a rented trailer to St. Paul that contained 35 improvised riot shields made from stolen traffic barrels. According to an FBI affidavit, the shields included protruding screws � an indication that they were not just defensive shields, but offensive weapons that could be used against the police. During the execution of the search warrant on the men�s apartment, police also recovered gas masks, slingshots, helmets and kneepads � items that underscore the protesters� plans to actively resist the police. Crowder and McKay were not the only ones planning to use potentially deadly means to disrupt the RNC. On Aug. 30, Matthew DePalma of Flint, Mich., was arrested by agents from the Joint Terrorism Task Force at a residence in Minneapolis and found to be in possession of five Molotov cocktails. DePalma was also charged in Federal District Court with possession of the devices. According to an affidavit, DePalma told an FBI source that he planned to use the Molotov cocktails on police. In one conversation, DePalma reportedly told the FBI source, �I will light one of those pigs on fire.� Crowder, McKay and DePalma were only three among the more than 800 demonstrators arrested in connection with the efforts to shut down the RNC. Six of the primary organizers of the effort � an ad hoc group that called itself the RNC Welcoming Committee (RNCWC) � were also arrested Aug. 29 and charged with conspiracy to commit riot under Minnesota state law. The complaints and affidavits filed in connection with this case provide an excellent look into the organization and tactics of the anarchists comprising the RNCWC. They also provide a great deal of detail regarding the combined efforts of federal, state and local authorities to infiltrate the group and to defang its most aggressive components. RNC Welcoming Committee The RNCWC is a self-described anarchist and anti-authoritarian organizing body created to disrupt the RNC. According to its Web site, nornc.org, the group�s purpose was to �crash the convention� and shut down and disrupt the RNC. The RNCWC�s plan was to provide a loose organizational framework that would help integrate and coordinate the efforts of affinity groups from around the country � including the Austin affinity group headed by Crowder that included McKay. The affinity groups, which are in effect autonomous cells, were then expected to develop their own individual tactical plans and implement them. The RNCWC would provide assistance with logistics and coordination between the various affinity groups. In September 2007, the RNCWC began its planning in earnest when it held a pre-RNC conference in St. Paul, where some 100 activists met to plan their strategy for disrupting the convention. Most participants who came from outside St. Paul were either representatives of existing affinity groups or were intending to form an affinity group when they returned home. The conference also featured a number of smaller breakout meetings that focused on issues such as nationwide communication, security, legal support, logistics, media, coalition building and direct action planning. Some of the tactics discussed during the direct action planning session included the possible kidnapping of convention delegates, arson, vandalism, occupation of federal buildings in the Twin Cities and the blockading of roads and bridges. In the end, the delegates at the September meeting formulated a three-tiered approach to disrupting the convention. Tier one consisted of establishing 15 to 20 blockades utilizing a variety of tactics to create an inner and outer ring around the Xcel Energy Center � the site of the RNC. Tier two included immobilizing the delegates� transportation infrastructure, including shuttle buses used to move them between their hotels and the convention site. The third tier included blocking the five bridges connecting the Twin Cities. The RNCWC articulated general guidelines for affinity groups to use in accomplishing these three tiers in a set of principles called the �3Ss� � swarm, seize and stay. The swarm principle encourages activists to move into and around St. Paul in groups of various size and attack like bees or fire ants � in numbers large enough to overwhelm authorities at a specific location. This tactic is a staple of anarchist demonstrations, where a number of affinity groups come together to form a larger formation called a black bloc. The large congregation of similarly-dressed activists inside the black bloc is intended to make it difficult for law enforcement to identify the perpetrators of any particular illegal action as individuals find shelter within � and attack from � the large numbers of people comprising the formation. The black bloc is also intended to provide safety in numbers and keep individual activists from being arrested. The seize pri nciple encourages activists to occupy facilities and to block streets and building entrances. Such blockades can be either fixed or moving. The stay principle, a longtime anarchist tactic, encourages activists to maintain engagement in the protest activity and to regroup with and reinforce their fellow activists as needed while the swarm group moves around. On Sept. 30, the RNCWC published a formal call to action in which it outlined its three-tiered strategy. It also called on the various affinity group leaders to get organized, hold regional meetings and develop their own plans and tactics to implement the overall three-tiered strategy according to the 3Ss. Individual affinity group leaders were also urged to train and practice with the members of their respective affinity groups in the implementation of those tactics. Indeed, several of the RNCWC core activists practiced their blockade techniques July 2 when they used dragon sleeves � devices protesters use to lock themselves together and to buildings and other structures � during a protest at a facility belonging to military equipment manufacturer Alliant Techsystems in Anoka, Minn. During the spring, the RNCWC conducted a nationwide tour during which it traveled to, or communicated with, affinity groups in 67 cities. On May 3 it hosted a second pre-RNC conference in St. Paul called the �5.3,� which was attended by more than 100 activists representing at least 40 affinity groups and other organizing bodies from across the country. At the conference, St. Paul was divided into seven sectors, and different organizations were assigned responsibility for the direct actions that would occur within those sectors, according to the FBI affidavit. The RNCWC members living in St. Paul conducted extensive preoperational surveillance of the city and particularly the area around the Xcel center and created detailed surveillance packets for each of the seven sectors they had divided the city into. They then provided a packet to each nonlocal affinity group that had assumed responsibility for conducting direct action attacks within the particular sector. This provided the affinity groups with a huge head start in their tactical planning. Two of the core RNCWC members also reportedly told an informant that they conducted detailed surveillance of Republican presidential candidate John McCain�s security detail during a June 19 campaign stop in St. Paul. From July 31 to Aug. 3, the RNCWC and a group called Unconventional Action Midwest hosted an �action camp� at Lake Geneva in Minnesota. This camp was attended by approximately 50 people from many parts of the United States. The action camp was intended to train activists in a variety of direct action tactics, ranging from the manufacture of Molotov cocktails to less violent civil disobedience such as the use of dragon sleeves, lock boxes and tripods to create human barricades that would obstruct traffic. Attendees at the action camp were expected to take the skills they learned back to their respective affinity groups. The Long Arm of the Law According to the search warrant affidavit approved by a state district court judge Sept. 2, anarchists were not the only people present at the action camp held at Lake Geneva. A law enforcement source referred to in the affidavit as Confidential Reliable Informant 2 (CRI 2) was also in attendance. In fact, the various complaints and affidavits filed in connection with the RNCWC arrests make it very clear that law enforcement sources and even one undercover officer had thoroughly penetrated the RNCWC since shortly after its inception and had attended the planning sessions to include the pre-RNC event in September 2007 and the pre-RNC event in May 2008. These law enforcement penetrations appear to have allowed the authorities to identify many of the most violence-prone individuals and target them in an effort to disrupt their potentially deadly schemes. Certainly, they were able to arrest Crowder, McKay and DePalma and recover the Molotov cocktails before the devices could be deployed. This intelligence also allowed law enforcement authorities to arrest six of the primary RNCWC organizers Aug. 29, before the RNC, and execute a series of search warrants that seized a large quantity of the demonstrators� equipment before it could be deployed. Items seized during those search warrants included caltrops, spike strips, buckets of marbles and dragon sleeves as well as other tactically useful items such as gas masks and disguises intended to help protesters get past police checkpoints. Computers and planning maps were also seized. However, the fact remains that many of the affinity groups were still able to launch direct action and block streets with dumpsters, fly signs from high-rise buildings, deploy dragon sleeve blockades, slash tires, throw bricks and other items from bridges onto cars, throw caltrops and spike strips on streets to flatten tires, shoot at police and convention attendees with slingshots, block delegate buses, assault delegates (physically and with noxious chemical sprays) and generally create large-scale mayhem and vandalism. These direct actions resulted in most of the more than 800 arrests during the RNC. These activities clearly showed that not all the affinity groups had been penetrated or rendered impotent. The RNCWC was unable to fully implement its three-tiered strategy, but it did have the strength to attempt all three stages. It executed operations intended to block intersections, attack shuttle buses and block bridges. Some of these efforts met with success for a limited period of time, but the RNCWC�s goal of significantly interfering with the RNC was clearly not met. The RNCWC meetings and its action training camp all included blocks of training on operational security � what the activists refer to as �creating a strong security culture.� Indeed, after the September 2007 gathering, the RNCWC announced that it had discovered one �local police cooperator� in attendance and had expelled him from all activities. They clearly attempted to vet attendees, but apparently their efforts did not go far enough, and the informants and the undercover officer were able to crash the protesters� party. However, not all the affinity groups appear to have been penetrated, so it appears that some of them were apparently more security conscious than others. Due to the legal requirements for search warrant affidavits and criminal complaints, the two confidential sources and the undercover officer used to monitor the RNCWC will be easily identified by the activists when they read those documents and apply deductive reasoning. This means that the usefulness of these particular individuals in monitoring similar groups in the future will likely be over. Essentially, their cover has been blown, and new sources will need to be developed. Following the events of last week, the cat-and-mouse game between left-wing activists and law enforcement informants will continue, with each side seeking to learn from the experiences in St. Paul. From an outside perspective, it appears that the law enforcement agencies have gained the upper hand in this round, and clearly have learned from past law enforcement failures such as the 1999 �Battle in Seattle.� One lesson learned from Seattle was the need to focus national attention on such events to help prevent a security failure. Now, high-profile events such as the RNC, the Democratic National Convention and even the Super Bowl are labeled as national security special events � a designation that ensures the receipt of millions in additional federal dollars for police and security coverage and, not insignificantly, greatly increased intelligence support from the federal government. These additional resources greatly bolster the efforts of local and state police agencies to protect these events from threats, whether they emanate from militant anarchists or militant jihadists. In the case of St. Paul, these efforts and funding greatly aided designs to penetrate the RNCWC organization. The Future of the Radical Anarchist Movement When reviewing the material posted on the RNCWC Web site, it is clear that its vision went far beyond the RNC event itself. One of the key objectives it hoped to achieve from the demonstration was to gain some momentum and build the operational capabilities of the radical anarchist movement for the future. According to the Web site, �A new reality will not emerge by simply stopping the four day spectacle of the RNC. We need folks with an alternative vision to come to the Twin Cities and turn their dreams into reality. Start something new, be creative, and come ready to build sustainable alternatives worth fighting for and defending. The new skills that we teach, learn, and put into practice here will allow us to return to our communities stronger, smarter, and more empowered.� This is an interesting statement to ponder when one considers the type of skills the RNCWC taught at their pre-RNC meetings and action training camp, and the skills the various affinity groups employed during the protests against the RNC. However, since the much-publicized �Battle in Seattle,� these anarchist demonstrations have been steadily declining in size, if not in intensity. The demonstrations in St. Paul were smaller than those in Seattle in 1999 or in New York at the 2004 RNC. In fact, the NYPD arrested more than 1,800 protesters in connection with that event, compared to just over 800 arrests in St. Paul. Certainly, police preparation in anticipation of such events has markedly improved after the 1999 Seattle protest where police were caught off guard and unprepared. As noted above, coordinated local, state and federal efforts like those seen in St. Paul to gather intelligence in order to disrupt the activists via arrests and search warrants have been increasingly effective. Despite declining numbers � a trend we believe will continue � the anarchist fringe is not going to totally disappear any time soon. Young radical anarchists such as Crowder and McKay, in their early teens at the time of the Seattle riots, are part of a new generation of violent protesters radicalized after that event. This newer generation of radical anarchists appears to be smaller, but no less dedicated or willing to use violence against the political, corporate and governmental entities they view as enemies. They will not hesitate to damage property or � as the alleged plots and comments of Crowder, McKay and DePalma signify � hurt people to achieve their goals. It is also significant that many of the protesters in St. Paul came from places outside Minnesota. Ultimately, when they leave St. Paul, they take the skills and disruptive tactics learned there back home with them. We are likely to see these tactics emerge in other cities in the future.

INMA Press Release

NEWS RELEASE For immediate release July 28, 2008 Media Contacts: Sheri Donahue (703) 772-2294 InfraGard National Members Alliance Announces Dr. Kathleen Kiernan as Chairman of the Board of Directors (Washington, DC) � (July 28) � A 29-year Federal Law Enforcement official is the new leader of the InfraGard National Members Alliance. InfraGard was started by the FBI 12 years ago as an alliance between the FBI and the over 26,000 FBI-vetted members to provide two-way rapid interface with the Bureau and the leaders and experts of this country�s critical infrastructure. Dr. Kathleen Kiernan, retired Assistant Director for the Bureau of Alcohol Tobacco Firearms and Explosives (ATF), has been named as the Chairman of the InfraGard National Board of Directors. Dr. Kiernan has been a member of the Board of Directors for the last two years. �Dr. Kiernan is the ideal leader to shape the future of the InfraGard program and concept, and I am confident in her ability to enable trusted relationships across the public and private sectors and build infrastructure protection, one local community at a time,� said Dr. Phyllis Schneck, who has led the National presence since 2001. Dr. Kiernan spent a 29-year career in Federal Law Enforcement and is currently the CEO of The Kiernan Group, Inc. She previously served as the Assistant Director for the Office of Strategic Intelligence and Information for the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF). Dr. Kiernan is a Council Vice President for ASIS International, a member of the International Association of Chiefs of Police (IACP) Terrorism subcommittee, an Intelligence Fellow (2001), and graduate of the FBI�s National Executive Institute, Class 26. Dr. Kiernan has a Doctorate in Education from Northern Illinois University (with highest honors) and a Master's of Science degree in Strategic Intelligence from the Joint Military Intelligence College in Washington, D.C. She also holds a Master's of Arts degree in International Transactions from George Mason University in Virginia. In 2001, Dr. Kiernan was recognized as an outstanding scholar by Northern Illinois University and as an outstanding alumnus in 2005. Dr. Kiernan is a faculty member of Johns Hopkins University where she teaches in the Masters Program on Intelligence Analysis. She is a Senior Fellow for the George Washington University Homeland Security Policy Institute and is a member of the Army Science Board. In taking on this role, Dr. Kiernan praised the efforts of both Dr. Schneck and the Board of Directors for building such a viable and vitally important organization, she commented that �as a result of this pioneering work, there are subject matter experts representing all 18 elements of the national critical infrastructure engaged in contributing to a safer America.� Dr. Schneck said, �Dr. Kiernan brings the optimal combination of experience, intelligence and personality necessary to engage an entire nation on a focused, local mission.� In addition to Dr. Kiernan, the following have been added to the Board of Directors. - Ms. Dyann Bradbury was elected by the 86 InfraGard Members Alliances (IMAs) at the Annual InfraGard National Congress on June 02 to serve a three-year term on the INMA Board. Ms. Bradbury is currently Associate Director of Compliance for ecommerce service provider Digital River. - Mr. Michael Hershman was appointed by the INMA Board of Directors to a two-year term on the INMA Board. Mr. Hershman is President and CEO of The Fairfax Group. - Mr. Bryant Tow was re-elected at the Annual Congress to a second three-year term on the INMA Board by the 86 IMAs at the Annual Congress. Mr. Tow currently is the Global Competency Lead � Enterprise Security for Unisys Corp. In addition to the above Board members, the following officers have been elected to one-year terms by the INMA Board. - Mr. Ronald L. Dick will serve as the President of the Corporation for the INMA beginning in January 2009. Until that time, current President Robert Schmidt will be Acting President. Mr. Dick retired from the FBI after 25 years in federal law enforcement. Most recently, he served as a Senior Executive as the Director of the National Infrastructure Protection Center (NIPC) and FBI Deputy Assistant Director for the Counterterrorism and Cyber Crimes Divisions. Mr. Dick is currently a Director for Homeland Security Programs for Computer Sciences Corporation (CSC). - Mr. Joseph Calvanico is the Vice President for Fundraising. Mr. Calvanico is the Director of Real Estate Valuation and Property Tax for Grant Thornton LLP. - Mr. Jerry Dixon has been re-elected to serve as the Vice President for Government Relations. Mr. Dixon is currently the Director of Analysis for Team Cymru focused on supporting customers and conducting cyber-security research. - Deputy Superintendent Mr. Bill Casey, Board member, has been elected to be the INMA�s Parliamentarian. Mr. Casey has been with the Boston Police Department since 1983. - Ms. Sheri Donahue has been re-elected by the Board of Directors to serve as the Secretary of the INMA as well as having been contracted as the Managing Director. Ms. Donahue is currently with Norwich University Applied Research Institutes (NUARI), an affiliate of Norwich University, Northfield, VT. - Mr. Freeman Mendell, Board member, has been elected to be the Treasurer of the INMA. Mr. Mendell is the EDP Audit Manager for the Galveston County Auditor�s Office in Galveston County, TX. - Mr. Paul Page is the Vice President for Corporate Communications. Mr. Page is with ABC/ESPN Sports where he does play by play for auto racing and other outdoor sporting events. - Mr. Robert Pate has been re-elected by the Board of Directors as the Vice President for Special Projects. Mr. Pate is currently Chief Security Officer with Renesys. - Ms. Laurie Venditti has been selected as the Vice President Regional Communications. Ms. Venditti is the Business Development Manager for Autonomy-Virage Security and Surveillance. Full bios for all INMA Board Members and Officers are available at www.infragardmembers.org. About InfraGard and the InfraGard National Members Alliance The InfraGard Program began in 1996 as a collaborative effort between private sector cyber professionals and the FBI field office in Cleveland Ohio. The FBI later expanded the program to every field office in the country. In 2003 the private sector members of InfraGard formed the �InfraGard National Members Alliance� (INMA). The INMA is a non-profit Delaware LLC with 501(c)3 status. The INMA LLC is comprised of 86 separate 501(c)3 InfraGard Members Alliances (IMAs) that represent over 26,000 FBI-vetted, InfraGard Subject Matter Experts. The INMA has a dual-focus value proposition. It provides its members with unmatched opportunities to promote the physical and cyber security of their organizations through access to a trusted, national network of Subject Matter Experts from the public and private sectors. And, it provides government stakeholders, across the local, state, and Federal levels, with unmatched access to the expertise and experience of critical infrastructure owners and operators. For more ###

Fly Flags at Half Staff on Peace Officers Memorial Day

Question: On what two days does federal law require American flags to be flown at half staff? Answer: Memorial Day (last Monday in May) and May 15, Peace Officers Memorial Day.

At our GovSec streaming video event in Washington, D.C. last month NY Metro InfraGard President Joe Concannon interviewed Craig W. Floyd, the Chairman and Chief Executive Officer of the National Law Enforcement Officers Memorial Fund (NLEOMF).

In honor of our country's Peace Officers and to provide more information on the National Law Enforcement Officers Memorial we have provided both the interview and a virtual tour of the memorial on our Meeting and Event Blog.

BIO5 Researcher Identifies Cities at Risk for Bioterrorism

Boise, ID, is considered high risk, while Tucson ranks low.

By University Communications March 3, 2008

A University of Arizona researcher has created a new system to dramatically show American cities their relative level of vulnerability to bioterrorism.

Walter W. Piegorsch, an expert on environmental risk, has placed 132 major cities � from Albany, N.Y., to Youngstown, Ohio � on a color-coded map that identifies their level of risk based on factors including critical industries, ports, railroads, population, natural environment and other factors.

Piegorsch is the director of a new UA graduate program in interdisciplinary statistics and a professor of mathematics in the College of Science, as well as a member of the UA�s BIO5 Institute.

The map marks high-risk areas as red (for example, Houston and, surprisingly, Boise, ID), midrange risk as yellow (San Francisco) and lower risk as green (Tucson). The map shows a wide swath of highest-risk urban areas running from New York down through the Southeast and into Texas. Boise is the only high-risk urban area that lies outside the swath.

The model employs what risk experts call a benchmark vulnerability metric, which shows risk managers each city�s level of risk for urban terrorism.

Piegorsch says terrorism vulnerability involves three dimensions of risk � social aspects, natural hazards and construction of the city and its infrastructure.

He concludes that the allocation of funds for preparedness and response to terrorism should take into account these factors of vulnerability.

Read Full Article

Full Size Map from Article