Archive for the ‘Watchlists’ Category

A UK border agent lost his job after authorities discovered he’d placed his wife on a terrorist watch list in an attempt to rid himself of her.

The woman was left stranded in Pakistan for three years because she was unable to fly back to the UK after visiting relatives, according to the Daily Mail.

The agent’s act was only detected after he applied for a promotion, and a background check revealed that his wife was on the watch list. He was reportedly sacked for “gross misconduct.”

The unidentified agent worked at the UK Border Agency’s headquarters in South London. He worked with a unit that was responsible for maintaining the watch list. His promotion would have given him an even higher security clearance.

Photo: Dan Paluska/Flickr

See also:

• No Fly List Includes the Dead
• Eight-Year-Old on TSA Terrorist Watch List Gets Frisked
• Former DOJ Official Caught on Terror Watch List
• Threshold for Getting onto No-Fly List Lowered
• FBI: 19,000 Matches to Terrorist Screening List in 2009

A former TSA worker convicted of planting a logic bomb on a system used to screen airline passengers was sentenced to two years in prison and ordered to pay about $60,000 in restitution to the TSA.

Douglas Duchak, 46, had worked as a data analyst at the TSA’s Colorado Springs Operations Center, or CSOC, since 2004. He planted the malware in late 2009, after the agency gave him two weeks’ notice that he was being terminated from the job he’d held for five years.

The CSOC screens airport workers who have “access to sensitive information and secure areas of the nation’s transportation network,” and also identifies passengers who have a warrant out for their arrest, according to authorities. The CSOC network stores updated information from the government’s terrorist watchlist, as well as criminal histories from the U.S. Marshal’s Service Warrant Information Network.

Duchak’s job was to update the CSOC database as new information arrived from these two sources.

About a week after learning about the fate of his job, surveillance cameras caught Duchak entering the facility after hours. Malware was injected into the system the same evening.

Continue Reading “TSA Worker Gets 2 Years for Planting Logic Bomb in Screening System” »

Ten U.S citizens and residents, three of whom are veterans, are stuck abroad or cannot fly within or out of the United States because they are wrongly on a no-fly list, according to a federal lawsuit lodged Wednesday.

The Oregon federal court case claims the plaintiffs, many with Middle Eastern names who have committed no legal wrongdoing, have asked the Department of Homeland Security and Transportation Security Administration for an explanation, to no avail.

The government, according to the suit brought by the American Civil Liberties Union, has not offered any explanation for plaintiffs’ “apparent placement” on the no-fly list or any other watch list. “They’re too scary to fly but not scary enough to arrest,” quipped Ben Wizner, an ACLU attorney on the case.

Wizner believed it was the first lawsuit testing the constitutionality of the government’s ability to bar flight, though that topic has been the subject of repeated litigation often brought by those forced to undergo heavy screening before flying.

Continue Reading “Too Scary to Fly, Not Scary Enough to Arrest” »

“I was expecting you,” suspected bomber Faisal Shahzad reportedly told the border agents who seized him from his Dubai-bound flight Monday evening.

And clearly the suspect should have been expecting agents, given the trail of clues he allegedly left behind and the steps investigators were taking to close in on him, which were detailed in a wealth of media reports. But even though Customs and Border Protection agents were also expecting Shahzad — his name was on a no-fly list — he managed to slip past airline personnel and board his plane unhindered, only to be caught at the last minute as Emirates flight EK202 was preparing to pull back from its gate.

The near-miss arrest has exposed some flaws in the passenger-screening process, and prompted changes by the Transportation Security Administration. But it also highlights the quick investigative efforts that led authorities to target the suspect in the first place.

By all accounts, the 55 hours between the time a vendor first noticed smoke billowing from a Nissan Pathfinder parked in Times Square — its engine still running — to the minute Shahzad was nabbed were a whirlwind of investigative activity that was greatly aided by Shahzad’s apparent lack of subterfuge skills.

The trail started with the Pathfinder. Inside, police found a number of keys, including one to an Isuzu automobile —  it would later develop that Shahzad was the registered owner of a 1998 Isuzi Rodeo – and one that turned out to open the front door of Shahzad’s Connecticut home, according to the criminal complaint (.pdf) filed against him in New York.

Although the Pathfinder had stolen license plates and the vehicle identification number (VIN) had been removed from the dashboard, the fact that the bomb failed to explode allowed investigators to retrieve the VIN from the engine block and axles, and trace the vehicle to its registered owner.

That owner, a 19-year-old Connecticut woman, revealed that she’d sold the car three weeks earlier, on April 24, through a Craigslist ad. The buyer had purchased it with $1,300 in cash and had left behind his black Isuzu Rodeo in the parking lot of a supermarket when he drove off with the Pathfinder. He’d also told the seller that she didn’t need to fill out a bill of sale for his new car, since he had his own license plates that he was attaching to the Pathfinder.

Shahzad had phoned the owner to arrange to buy the car, so the feds checked telephone-call records and identified a prepaid Verizon Wireless cellphone that had just been activated April 16. When they looked at the other calls coming to and originating from that phone, they discovered it had received four calls from a phone number in Pakistan that was associated with Faisal Shahzad, according to the criminal complaint.

The same phone had also been used to call a store in Pennsylvania that sells the kind of M-88 fireworks found in the Times Square bomb.

It was at that point that the chain of investigative successes was temporarily broken.

Continue Reading “Bombing Arrest Followed Law Enforcement Slip-Ups and Triumphs” »

A former Transportation Security Administration contractor is being charged in Colorado for allegedly injecting malicious code into a government network used for screening airport security workers and others.

The malicious code, a logic bomb installed last October, was designed to cause damage and disrupt data on servers on an undisclosed date but was caught by other workers before it delivered its payload.

Douglas James Duchak, 46, had worked as a data analyst at the TSA’s Colorado Springs Operations Center, or CSOC, since 2004. The CSOC is used to vet people who have “access to sensitive information and secure areas of the nation’s transportation network,” according to the indictment. A source involved in the case said this involved screening of both passengers and workers at airports and other transportation facilities.

He pleaded not guilty in a Denver federal court on Wednesday and was released on a $25,000 unsecured bond. The indictment did not say whether the malware was crafted to erase or alter data, or simply disable servers.

The CSOC network stores updated information from the government’s terrorist watchlist as well as criminal histories from the U.S. Marshal’s Service Warrant Information Network.

Duchak’s job was to update the CSOC database as new information arrived from these two sources. But on Oct. 15, he was given two weeks’ notice that his job would be terminated.

About a week later, on Oct. 22, Duchak allegedly transmitted the malicious code onto a CSOC server that stored data from the U.S. Marshal’s Service, according to the indictment (.pdf). The next day, he allegedly loaded malicious code to a server containing the Terrorist Screening Database. The source involved in the case said the servers “are part of the system that contains the no-fly list” and added that the code, if it had gone undetected, could have traveled to a facility in another state that uses a similar computer system.

Duchak has been charged in the U.S. District of Colorado with two counts of attempting to cause damage to a protected computer. If convicted, he faces a possible prison sentence of 10 years and a $250,000 fine for each count.

Duchak’s attorney, David Lindsey, disputes the government’s charges and says that the system Duchak worked on was a beta system used for testing statistical analyses.

“It wasn’t connected to anything that had to do with security,” Lindsey said. “Before anything he had his hands on left, it went to another system before it got into any live system that did screening. As I understand it, it is a system that does statistical analyses on the systems that are up and running. And when the tests are run, those are done at one level and then [go to] a second level and then at a final level before the analyses are verified and passed onto anything you would call a live system.”

Lindsey said the CSOC servers that were allegedly targeted for sabotage were used for screening workers primarily and were only “remotely, remotely” related to passenger screening, though he could not elaborate.

“The government has been very misleading in the indictment and press release as to any potential harm [this might have caused] to the public,” he said, adding that the alleged malware was not a virus and will ultimately be shown to have been “nothing.”

Lindsey said that his client was not given a clear answer about why he was let go from his job.

Photo: ellenm1/Flickr

See also:

• 8-Year-Old on TSA Terrorist Watchlist Gets Frisked
• Former DOJ Official Caught on Terror Watchlist
• Threshold for Getting Onto No-Fly List Lowered
• FBI: 19,000 Matches to Terrorist Screening List in 2009

You may be dying, figuratively, to get off the government’s no-fly list, but death won’t guarantee removal.

The government’s no-fly list includes the names of dead suspects to help catch people who may try to assume the suspect’s identity, according to government officials who spoke with The Associated Press.

The no-fly list has been shrouded in mystery since it was first developed after the 9/11 attacks. How people get on the list or get off it has been a closely guarded secret, with only bits of information made public during congressional hearings.

The AP has pieced together the broad steps it takes for someone to get on the list, and some of the changes the list has undergone since it was created nine years ago.

The no-fly list has grown from 3,400 people to about 6,000 since last December, but it did not contain the name of airline passenger Umar Farouk Abdulmuttalab, the AP said. The Nigerian tried to bomb a Detroit-bound Northwest airlines flight on Christmas Day using explosives packed in his underwear.

Abdulmuttalab’s name appeared in a terrorism database after his father tipped off U.S. embassy officials in Nigeria that his son might be involved in extremist activity. The government determined that the information did not meet the standard for placing him on the list or for revoking his U.S. visa.

The new names added to the list since his bombing attempt include people associated with al-Qaida’s Yemen branch (with whom Abdulmuttalab had ties), as well as other people from Nigeria and Yemen who might be connected to Abdulmuttalab, the AP said.

The current number on the no-fly list represents a pared down version of the list in 2004 when 20,000 people were on it. Those numbers were culled in 2007, and people who were no longer considered a threat were removed. These included, for example, some former members of the Irish Republican Army who were considered no longer active in terrorist activity.

As AP notes, sometimes it takes just minutes to get on the no-fly list; other times it takes days or months, depending on the information amassed on a subject.

The first step might be a simple tip to law enforcement or an intelligence agent or may come from information gleaned from a wiretapped conversation. The tip is submitted to the National Counterterrorism Center in Virginia, where it’s entered into a classified database known as Terrorist Identities Datamart Enterprise, or TIDE. The database might include a suspect’s name and relatives and associates. About 2 percent of the names in the database belong to Americans.

Here information is data-mined to connect dots and flesh out partial names and identities. If enough information can be connected to a Terrorist Watchlist target, it’s escalated to the Terrorist Screening Center, also in Virginia, for more analysis. About 350 names are sent to the screening center daily.

Depending on what the analysis turns up, a suspect might wind up on the FBI’s terror watchlist, which includes the names of about 418,000 people — including a New Jersey eight-year-old who regularly gets frisked at the airport. Airport security personnel use the list to single out some travelers for extra screening or interrogation, and the watchlist is also used for screening U.S. visa applicants and gun buyers, as well as suspects stopped by local police.

To get on this list, there must be “reasonable suspicion” that the person is involved in terrorism, according to the AP. People whose names are on this list are singled out for questioning at U.S. borders, but they can still fly. A Justice Department inspector general report last year found that the FBI was mishandling the watch list and failing to add legitimate suspects under terrorist investigation to the list; at the same time not properly updating and removing records from the list so some U.S. citizens are subjected to unjustified scrutiny.

In order to get on the no-fly list, authorities must have the suspect’s full name and age and have information indicating that the suspect is a threat to aviation or national security. The final decision for adding a name to the no-fly list rests in the hands of about six people from the TSA, the AP said.

At this point, a suspect can either be added to a “selectee list,” a list of about 18,000 people who are singled out for extra screening at airports or be put on the no-fly list. Not all people on the no-fly list are prevented from flying, however. Sometimes authorities allow them to travel unimpeded, but place a tail on them to monitor their activity, the AP said.

Photo: Dan Paluska/Flickr

See also:

• Eight-Year-Old on TSA Terrorist Watchlist Gets Frisked
• Former DOJ Official Caught on Terror Watchlist
• Threshold for Getting onto No-Fly List Lowered
• FBI: 19,000 Matches to Terrorist Screening List in 2009

The Transportation Security Administration, attempting to squelch nefarious rumors, has asserted on its web site under a “Mythbuster” feature that “No 8-year-old is on a T.S.A. watch list.”

Unfortunately for the TSA, the New York Times found an 8-year-old on its list.

Mikey Hicks, a Cub Scout in Camden, New Jersey, is a frequent flyer who can’t seem to get a break because he shares a name with another Michael Hicks who has drawn suspicion from the Department of Homeland Security.

This coincidence has resulted in numerous airport delays for his family over the years.

Mikey, who was born less than a month before the Sept. 11, 2001 terrorist attacks, received his first pat-down by TSA screeners when he was 2 years old — an experience that left him in tears.

He was recently frisked aggressively when his family flew to the Bahamas for vacation on Jan 2, just days after the so-called “underwear bomber” attempted to ignite explosives on a flight from Amsterdam to Michigan.

“Up your arms, down your arms, up your crotch — someone is patting your 8-year-old down like he’s a criminal,” Mikey’s mother told the newspaper. “A terrorist can blow his underwear up and they don’t catch him. But my 8-year-old can’t walk through security without being frisked.”

Mikey’s mother, Najlah Feanny Hicks, is a photojournalist who was cleared by the Secret Service to travel aboard Air Force II with Vice President Al Gore during the Clinton administration.

She said she wanted to take pictures of her son being frisked at the airport but was told it was prohibited. She said that while her son “may have terroristic tendencies at home, he does not have those on a plane.”

Despite the scout’s years-long harassment, his father, also named Michael Hicks, was never stopped by the TSA until this year, during the trip to the Bahamas.

Luckily for Mikey and his father, the suspicious Michael Hicks is not on the government’s “no-fly” list, just a “selectee” watchlist that requires secondary screening for passengers named on it.

The newspaper reports that there are 1,600 Michael Hicks in a national phone directory, who may also be getting such treatment each time they fly.

In the last three years, nearly 82,000 travelers have applied for redress with the DHS due to problems with traveling, the Times reports. More than 25,000 of these cases have yet to be resolved. The Hicks have recently applied for redress.

See also:

• Former DoJ Official Caught on Terror Watchlist

Adding more names to the government’s terrorism watch lists as a way to prevent another underwear bomber, as President Obama promised to do Thursday, won’t work. It will only make things worse. It’s the anti-terrorism equivalent of the D.C. cliché of throwing money at a problem — far short of what we’d expect from the country’s first high-tech president.

From top to bottom, for over a decade, this country’s system for putting suspected terrorists in databases to help keep them out of the country has been a failure. Critics on the right and left (now including Obama) howl that Umar Farouk Abdulmutallab should have been put on a watch list, rather than being allowed to board a plane destined for the United States while he was wearing a bomb. And, rightly so, since he was reported to U.S. authorities as a threat by his own father, there were plenty of other clues, and we’ve spent billions of dollars on high-tech systems that well-paid analysts are supposed to use to detect plots.

Still, that watch list failure is hardly surprising to anyone who has followed the saga of the watch lists, or who remembers that less than a year ago, the DoJ’s inspector general found that the FBI routinely forgets to add subjects of a terrorism investigation to the list. Just as disturbingly, the FBI also neglects to remove people when an investigation is closed.

Given that the lists are used at traffic stops and airline check-ins foreign and domestic — and that the FBI is only one of many three-letter agencies that nominate people to the list — having the good guys on the list and the bad ones off of it is far from ideal.
Continue Reading “Adding More Names to Watch Lists Isn’t Change, It’s a Step Back” »

The government has lowered the criteria for putting someone on a watch list or no-fly list, and has revoked several U.S. visas as a result, according to CNN.

The action will result in more people being grounded from flights or undergoing secondary screening at airports. Officials wouldn’t indicate how many people might be affected.

The terrorist watch list has about 400,000 names on it, according to the most recent figures reported by the government. Most of them are non-U.S. citizens, and the list includes those suspected of providing financial assistance or aid to terrorists.

The “no fly” list, a subset of the watch list, contains about 3,400 names, of which about 170 are U.S. citizens or residents.

In addition to being used by airport security personnel to single out some travelers for extra screening or interrogation, the watchlist is used for, among other things, screening U.S. visa applicants and gun buyers as well as suspects stopped by local police.

In the wake of the attempted Christmas Day attack on a Northwest flight from Amsterdam to Detroit, the government is re-evaluating why would-be bomber Umar Farouk AbdulMutallab wasn’t on its no-fly list — despite government and intelligence agencies receiving suspicious reports about him.

Although the attacker’s father reported concerns about his son to the U.S. embassy in Nigeria, the government determined the information did not meet the standard for placing him on a no-fly list or for revoking his U.S. visa. His father had reported that AbdulMutallab had been expressing radical opinions, had broken ties with the family and might have visited Yemen.

The National Security Agency had also obtained communication intercepts that suggested a Nigerian national might be planning an attack against the United States. But because the dots were never connected, AbdulMutallab was able to slip through airport security.

The government won’t describe the new criteria it’s using for the watch list and no-fly list, other than to say it might involve an evaluation of how much information has been collected on an individual and how reliable the source is.

“It will involve an assessment of risk, the perception of risk and our tolerance of risk,” a senior government official told CNN.

The intelligence community has already used the new criteria to scour the Terrorist Identities Datamart Environment (TIDE) database of more than 500,000 suspects, resulting in new names being added to watch lists and no-fly lists.

The government wouldn’t say how many names were added or how many visas had been revoked as a result of the recent scrub, because the numbers are in flux.

Last month, the FBI reported to a Senate committee that U.S. law enforcement agents and partners had reported “encounters” with suspected terrorists 55,000 times in the last year, and that a check against the terrorist watch list had found a match 19,000 times. The latter figure includes multiple hits on the same people, according to an FBI spokesman, who didn’t know how many unique individuals were counted in the 19,000 hits.

When a person who matches the list is encountered, agents will arrest him (if there’s an outstanding warrant for the person), notify the local fusion center where the suspect resides, or collect additional details (including biometrics or information about traveling companions) to add to his profile.

A Justice Department inspector general report earlier this year found that the FBI was mishandling the watch list and was failing to add legitimate suspects under terrorist investigation to the list while also failing to properly update and remove records from the list, subjecting U.S. citizens to unjustified scrutiny.

Photo: Dan Paluska/Flickr

See also:

• FBI: 19,000 Matches to Terrorist Screening List in 2009

United States law enforcement agents and partners reported “encounters” with suspected terrorists 55,000 times in the last year; a check against the terrorist watchlist found a match 19,000 times, according to testimony presented to the Senate on Wednesday.

The figure includes multiple hits on the same people, according to an FBI spokesman, who didn’t know how many unique individuals were counted in the 19,000 hits.

The statistics appeared in testimony by the FBI’s Timothy Healy, director of the Terrorist Screening Center, or TSC, to the Senate Homeland Security and Government Affairs Committee.

Established in 2003, the TSC is a multi-agency clearinghouse for tips and other information about known and suspected terrorists that is shared with federal, state and local law enforcement agencies, as well as intelligence agencies and 17 foreign partners.

The center maintains the terrorist watchlist, which currently has about 400,000 individuals on it, most of them non-U.S. citizens, and includes those suspected of providing financial assistance or aid to terrorists. A subset of this list, the No Fly list, includes people considered a threat to aviation or national security and contains about 3,400 names, of which about 170 are U.S. persons.

The list is used, among other things, to screen visa applicants and gun buyers as well as suspects stopped by local police. It’s also used by airport security personnel to single out some travelers for extra screening or interrogation. The FBI notes that fewer than 1,000 background checks of gun purchasers between 2004 and 2009 resulted in a positive match against the list, and fewer than 10 percent of those people were prevented from buying the weapon as a result of the match.

In his testimony, Healy noted that the 24-hour center receives “between 400 and 1,200 unique additions, modifications, or deletions of terrorist identities” and about 150 calls a day requesting a determination of whether someone matches the list. During fiscal year 2009, the center processed more than 55,000 reports of “encounters,” a number that is expected to grow as more overseas screening agencies are added to the program and begin submitting reports.

Continue Reading “FBI: 19,000 Matches to Terrorist Screening List in 2009″ »