Sunday, August 30, 2015
Thursday, August 27, 2015
Sunday, August 23, 2015
Friday, August 21, 2015
WASHINGTON (AP) — U.S. government employees with sensitive jobs in national security or law enforcement were among hundreds of federal workers found to be using government networks to access and pay membership fees to the cheating website Ashley Madison, The Associated Press has learned.
The list includes at least two assistant U.S. attorneys, an information technology administrator in the White House's support staff, a Justice Department investigator, a division chief, and a government hacker and counterterrorism employee at the Homeland Security Department. Others visited from networks operated by the Pentagon.
Federal policies vary by agency as to whether employees could visit websites during work hours like Ashley Madison, which could be considered akin to a dating website. But such use raises questions about what personal business is acceptable — and what websites are OK to visit — for U.S. workers on taxpayer time, especially those with sensitive jobs who could face blackmail.
Hackers this week released detailed records on millions of people registered with the website one month after the break-in at Ashley Madison's parent company, Toronto-based Avid Life Media Inc. The website — whose slogan is, "Life is short. Have an affair" — is marketed to facilitate extramarital affairs.
Few connecting from federal networks had listed government email accounts when subscribing. But the AP was able to trace their government Internet connections, logged by the website over five years and as recently as June. They encompass more than two dozen agencies, such as the departments of State, Justice, Energy, Treasury and Transportation. Others came from House or Senate computer networks.
Records also reveal subscribers signed up using state and municipal government networks nationwide, including those run by the New York Police Department, the nation's largest. "If anything comes to our attention indicating improper use of an NYPD computer, we will look into it and take appropriate action," said the NYPD's top spokesman, Stephen Davis.
The AP is not naming the government subscribers it found because they are not elected officials or accused of a crime. Many federal customers appeared to use nongovernment email addresses with handles such as "sexlessmarriage," ''soontobesingle" or "latinlovers." Some Justice Department employees also appeared to use prepaid credit cards to help preserve their anonymity but nonetheless connected to the service from their office computers.
"I was doing some things I shouldn't have been doing," a Justice Department investigator told the AP. Asked about the threat of blackmail, the investigator said if prompted he would reveal his actions to his family and employer to prevent it. "I've worked too hard all my life to be a victim of blackmail. That wouldn't happen," he said. He spoke on condition of anonymity because he was deeply embarrassed and not authorized by the government to speak to reporters using his name.
Defense Secretary Ash Carter confirmed Thursday the Pentagon was looking into the list of people who used military email addresses. Adultery can be a criminal offense under the Uniform Code of Military Justice.
"I'm aware it," Carter said. "Of course it's an issue because conduct is very important. And we expect good conduct on the part of our people. ... The services are looking into it and as well they should be. Absolutely."
The AP's review was the first to reveal that federal workers used their office systems to access the site, based on their Internet Protocol addresses associated with credit card transactions. It focused on searching for government employees in especially sensitive positions who could perhaps become blackmail targets.
The government hacker at the Homeland Security Department, who did not respond to phone or email messages, included photographs of his wife and infant son on his Facebook page. One assistant U.S. attorney declined through a spokesman to speak to the AP, and another did not return phone or email messages.
A White House spokesman said Thursday he could not immediately comment on the matter. The IT administrator in the White House did not return email messages. While rules can vary by agency, Homeland Security rules, for instance, say devices should be used for only for official purposes. It also prescribes "limited personal use is authorized as long as this use does not interfere with official duties or cause degradation of network services." Employees are barred from using government computers to access "inappropriate sites" including those that are "obscene, hateful, harmful, malicious, hostile, threatening, abusive, vulgar, defamatory, profane, or racially, sexually, or ethnically objectionable."
The hackers who took credit for the break-in had accused the website's owners of deceit and incompetence, and said the company refused to bow to their demands to close the site. Avid Life released a statement calling the hackers criminals. It added that law enforcement in both the U.S. and Canada is investigating and declined comment beyond its statement Tuesday that it was investigating the hackers' claims.
Associated Press writers Alicia Caldwell and Lolita C. Baldor in Washington, Jake Pearson in New York and Raphael Satter in London contributed to this report.
Follow Jack Gillum on Twitter at https://twitter.com/jackgillum and Ted Bridis at https://twitter.com/tbridis
Follow Jack Gillum on Twitter at https://twitter.com/jackgillum and Ted Bridis at https://twitter.com/tbridis
WASHINGTON (AP) — Capping their history-making week, the first female soldiers to complete the Army's rigorous Ranger School are graduating Friday, putting a spotlight on the debate over opening all combat roles to women.
First Lt. Shaye Haver of Copperas Cove, Texas, and Capt. Kristen Griest of Orange, Connecticut, are pinning on the black-and-gold Ranger tab at a graduation ceremony, along with 94 male soldiers, at Fort Benning, Georgia. Defense Secretary Ash Carter called the women Thursday to congratulate them for finishing the nine-week training program.
Their success casts new attention on the obstacles that remain to women who aspire to join all-male combat units, including the 75th Ranger Regiment. Although Haver and Griest are now Ranger-qualified, no women are eligible for the elite regiment, although officials say it is among special operations units likely to eventually be opened to women.
Griest, 26, is a military police officer and has served one tour in Afghanistan. Haver, 25, is a pilot of Apache helicopters. Both are graduates of the U.S. Military Academy at West Point. Of 19 women who began the Ranger course, Haver and Griest are the only two to finish so far; one is repeating a prior phase of training in hopes of graduating soon.
The Army opened Ranger School to female soldiers for the first time this year as service leaders weighed opening more combat jobs to women. How far the military is willing to go toward ending gender restrictions will be evident soon.
Carter said Thursday he will decide by December whether to accept any recommended exceptions to an order, signed by one of his predecessors, Leon Panetta, nearly three years ago that said all positions must be open to qualified women unless service leaders can justify keeping any closed. Any recommended exceptions are due to Carter in October.
Griest told reporters Thursday she hopes her success shows that women "can deal with the same stresses and training that men can." Some current and former military members feel strongly that the Pentagon is going too far to accommodate women.
James Lechner, a retired Army lieutenant colonel and former Ranger, said he questions whether the Ranger course adequately tested the female candidates under combat-simulated conditions and whether it makes sense to open all combat units to women.
"American women certainly serve with honor and distinction, provide some capabilities that males may not be able to provide," Lechner said in a telephone interview. "But when you talk about your fighting units, your combat arms units, especially the infantry, ... you don't need to just have the minimum standards. You need to have as good as you possibly can get."
Janine Davidson, a defense policy analyst at the Council on Foreign Relations and a former Air Force cargo plane pilot, said the success of Griest and Haver and the prospect of the Army fully integrating women into its ground combat force is "policy catching up with reality," given the extensive combat experience women had in Iraq and Afghanistan. It also reflects generational change, she said, which she has heard in conversations with high school students.
"They actually are shocked when they learn that women aren't already doing this kind of stuff - the idea that they themselves would not be allowed to do it," Davidson told reporters Tuesday. Rangers call themselves "masters of special light infantry operations" such as seizing key terrain and infiltrating hostile territory by land, sea or air. They are an arm of Army Special Operations Command and U.S. Special Operations Command.
The Ranger School, which began during the Korean War as the "Ranger Training Command," fails most who enter. For the period between 2010 and 2014, 58 percent of candidates washed out - most of those within the first four days, a phase that includes tests of physical stamina, a land navigation course, and a 12-mile foot march, according to the Ranger training website.
Ranger history pre-dates to the Revolutionary War and includes prominent roles in the War of 1812 and the Civil War. In the June 6, 1944 D-Day landings on the beaches of Normandy, Rangers famously scaled the sheer cliffs of Pointe Du Hoc overlooking Omaha Beach.
Associated Press broadcast correspondent Sagar Meghani contributed to this report.
Thursday, August 20, 2015
Monday, August 17, 2015
WASHINGTON (AP) — A computer breach at the IRS in which thieves stole tax information from thousands of taxpayers is much bigger than the agency originally disclosed.
An additional 220,000 potential victims had information stolen from an IRS website as part of a sophisticated scheme to use stolen identities to claim fraudulent tax refunds, the IRS said Monday. The revelation more than doubles the total number of potential victims, to 334,000.
The breach also started earlier than investigators initially thought. The tax agency first disclosed the breach in May. The thieves accessed a system called "Get Transcript," where taxpayers can get tax returns and other filings from previous years. In order to access the information, the thieves cleared a security screen that required knowledge about the taxpayer, including Social Security number, date of birth, tax filing status and street address, the IRS said.
The personal information was presumably stolen from other sources. The IRS believes the thieves were accessing the IRS website to get even more information about the taxpayers, which could help them claim fraudulent tax refunds in the future.
"As it did in May, the IRS is moving aggressively to protect taxpayers whose account information may have been accessed," the IRS said in a statement. "The IRS will begin mailing letters in the next few days to about 220,000 taxpayers where there were instances of possible or potential access to 'Get Transcript' taxpayer account information."
In all, the thieves used personal information from about 610,000 taxpayers in an effort to access old tax returns. They were successful in getting information from about 334,000 taxpayers. "The IRS's failure to protect private and confidential information from cyber-attacks risks further fraud for hardworking taxpayers," said Sen. Orrin Hatch, R-Utah, chairman of the Senate panel that oversees the IRS. "The agency should act swiftly to alleviate the damage for all those affected."
The IRS isn't the first agency — public or private — to initially underestimate the magnitude of a data breach. The Office of Personnel Management announced earlier this year that hackers had stolen sensitive information on 4.2 million people. The number of affected people has since grown to more than 21 million.
Rep. Peter Roskam, R-Ill., said, "Today's revelation that the IRS didn't fully understand this security breach for months is not confidence-inspiring." Roskam chairs a House subcommittee that oversees the IRS.
The IRS said it is notifying all potential victims and offering free credit monitoring services. The IRS is also offering to enroll potential victims in a program that assigns them special ID numbers that they must use to file their tax returns.
The IRS said Monday that thieves started targeting the website in November. Originally, investigators thought it started in February. The website was shut down in May. On Monday, the IRS did not identify a potential source of the crime. But in May, officials said IRS investigators believe the identity thieves are part of a sophisticated criminal operation based in Russia.
It wouldn't be the first time the IRS has been targeted by identity thieves based overseas. In 2012, the IRS sent a total of 655 tax refunds to a single address in Lithuania, and 343 refunds went to a lone address in Shanghai, according to a report by the agency's inspector general. The IRS has since added safeguards to prevent similar schemes, but the criminals are innovating as well.
The IRS estimates it paid out $5.8 billion in fraudulent refunds to identity thieves in 2013.
Follow Stephen Ohlemacher on Twitter: http://twitter.com/stephenatap