So, just a quick thought here, and with a little prompting by Jon Turley, obviously there is torture, and outright homicide thereon, spelled out and specified by the SSCI Torture Report. As I have said on Twitter, there are many things covered in the SSCI Torture Report and, yet, many things left out.
There are too many instances in the SSCI Torture Report to catalogue individually, but let’s be perfectly clear, the failure to prosecute the guilty in this cock up is NOT restricted to what is still far too euphemistically referred to as “torture”.
No, the criminality of US Government officials goes far beyond that. And, no, it is NOT “partisan” to point out that the underlying facts occurred under the Cheney/Bush regime (so stated in their relative order of power and significance on this particular issue).
As you read through the report, if you have any mood and mind for actual criminal law at all, please consider the following offenses:
These are but a few of the, normally, favorite things the DOJ leverages and kills defendants with in any remotely normal situation. I know my clients would love to have the self serving, toxically ignorant and duplicitous, work of John Yoo and Jay Bybee behind them. But, then, even if it were so, no judge, court, nor sentient human, would ever buy off on that bullshit.
So, here we are. As you read through the SSCI Torture Report, keep in mind that it is NOT just about “torture” and “homicide”. No, there is oh so much more there in the way of normally prosecuted, and leveraged, federal crimes. Recognize it and report it.
But, without any question, my best early takeaway key is that the United States Government, knew, they bloody well knew, at the highest levels, that what was going on in their citizens’ name, legally constituted torture, that it was strictly illegal. They knew even a “necessity” self defense claim was likely no protection at all. All of the dissembling, coverup, legally insane memos by John Yoo, Jay Bybee et. al, and all the whitewashing in the world cannot now supersede the fact that the United States Government, knowing fully the immorality, and domestic and international illegality, proceeded to install an intentional and affirmative regime of torture.
Here, from page 33 of the Report, is the language establishing the above:
…drafted a letter to Attorney General John Ashcroft asking the Department of Justice for “a formal declination of prosecution, in advance, for any employees of the United States, as well as any other personnel acting on behalf of the United States, who may employ methods in the interrogation of Abu Zubaydah that otherwise might subject those individuals to prosecution. The letter further indicated that “the interrogation team had concluded “that “the use of more aggressive methods is required to persuade Abu Zubaydah to provide the critical information we need to safeguard the lives of innumerable innocent men, women and children within the United States and abroad.” The letter added that these “aggressive methods” would otherwise be prohibited by the torture statute, “apart from potential reliance upon the doctrines of necessity or of self-defense.”
They knew. And our government tortured anyway. Because they were crapping in their pants and afraid instead of protecting and defending the ethos of our country and its Founders.
Recently, computer security firm Symantec reported discovery of another intelligence-gathering malware, dubbing it “Regin.”
What’s particularly interesting about this malware is its targets:
Please do read Symantec’s blog post and its technical paper on Regin to understand how it works as well as its targets. Many news outlets either do not understand malware and cybersecurity, or they get facts wrong whenever major malware attacks are reported. Symantec’s revelation about Regin is no different in this respect.
Independent.ie offers a particularly exceptional example distorting Symantec’s report, claiming “Ireland is one of the countries worst hit globally by a dangerous new computer virus that spies on governments and companies, according to a leading technology firm.”
If by “worst hit,” they mean among the top four countries targeted by this malware? Sure. But only 9% of the infections affected Irish-based computers, versus 28% of infections aimed at Russian machines, and 24% affecting Saudi machines. The Independent.ie’s piece reads like clickbait hyperbole, or fearmongering, take your pick.
What wasn’t addressed by the Independent.ie and numerous other outlets, including those covering the tech sector are some fundamental questions:
The Guardian came closest to examining these issues, having interviewed researchers at computer security firm F-Secure to ask the origins of the malware. As of 24-NOV-2014, the firm’s Mikko Hypponen speculated that the US, UK, and/or Israel were behind Regin’s development and deployment.
As of the video embedded above, Hypponen firmly says the UK’s intelligence entity GCHQ is behind Regin, in particular the malware’s invasion of a Belgian telecom network (see video at 07:20). Continue reading
In the middle of a story about a masked US Marshal who was injured in an operation against the cartels in Mexico in July, Devlin Barrett reveals what was obvious, but never confirmed, at the time. US Marshals (and other US personnel) were involved in the operation that nabbed Chapo Guzmán.
The Marshals Service operations in Mexico are carried out by a small group sent for short, specific missions. The goal is to help Mexico find and capture high-value cartel targets.
One operation yielded a great success: The capture of cartel boss Joaquin Guzman Loera, known as “ El Chapo, ” earlier this year. It is unclear whether U.S. Marshals personnel were disguised as Mexican military men on the day he was caught.
Sometimes the Marshals Service targets a person Mexico would like to apprehend but who isn’t wanted by U.S. authorities, the people familiar with the work said.
Marshals personnel on the ground dress in local military garb to avoid standing out and are given weapons to defend themselves.
The reason I was pretty certain at the time Americans were involved was because all of the “Mexican Marines” involved in the operation — at least the ones that showed up in pictures — were fully masked, so fully that they likely hid light hair as often as faces that might get people targeted by the cartels.
Barrett also makes clear that the toys the Marshals are using in the US under Pen Register authority are also being deployed when they work under cover in Mexico.
The Marshals Service works closely with the Mexican Marines because the U.S. agency has expertise at finding fugitives, in part through technology that detects cellphone signals and other digital signatures. That includes airplane flights operated by the agency carrying sophisticated devices that mimic cellphone towers, as reported last week by The Wall Street Journal. That technology works better with a ground presence.
The people familiar with the matter described the Marshals Service as a police agency affected by mission creep. More than five years ago, the Service flew small planes along the border to detect cell signals and locate suspects inside Mexico. About four years ago the flights crossed deep into Mexican airspace, the people said.
They added that, more recently, some flights have been conducted in Guatemala.
I would bet that the tech deployed against Chapo was even niftier than what the Marshals use here. That would allow them to test nifty new technologies against the most hardened targets, and do so without any legal niceties required, before they start conniving judges to authorize the same technologies against easier targets here. So if we look closely at the Chapo operation, we might learned what exotic new technologies are only beginning to be used here in the US.
Jeff Stein has a fascinating read over at Newsweek. From the url, I’m guessing that Stein titled his piece “Moderate Rebels Please Raise Your Hands”, but his editors eventually went with “Inside the CIA’s Syrian Rebels Vetting Machine“. As Stein notes in his opening, the impossibility of finding “moderate” rebels in Syria who are willing to take up arms against the regime of Bashar al-Assad but who won’t eventually get into committing atrocities or push a radical Islamist view has led to much derision of the US plan. Stein notes efforts by Andy Borowitz and Jon Stewart in that arena, although I have played along too (here and here).
But Stein actually took the time to talk to people who have been involved in the effort. What he found is not encouraging at all:
Behind the jokes, however, is the deadly serious responsibility of the CIA and Defense Department to vet Syrians before they receive covert American training, aid and arms. But according to U.S. counterterrorism veterans, a system that worked pretty well during four decades of the Cold War has been no match for the linguistic, cultural, tribal and political complexities of the Middle East, especially now in Syria. “We’re completely out of our league,” one former CIA vetting expert declared on condition of anonymity, reflecting the consensus of intelligence professionals with firsthand knowledge of the Syrian situation. “To be really honest, very few people know how to vet well. It’s a very specialized skill. It’s extremely difficult to do well” in the best of circumstances, the former operative said. And in Syria it has proved impossible.
Daunted by the task of fielding a 5,000-strong force virtually overnight, the Defense Department and CIA field operatives, known as case officers, have largely fallen back on the system used in Afghanistan, first during the covert campaign to rout the Soviet Red Army in the 1980s and then again after the 2001 U.S. invasion to expel Al-Qaeda: Pick a tribal leader who in turn recruits a fighting force. But these warlords have had their own agendas, including drug-running, and shifting alliances, sometimes collaborating with terrorist enemies of the United States, sometimes not.
“Vetting is a word we throw a lot around a lot, but actually very few people know what it really means,” said the former CIA operative, who had several postings in the Middle East for a decade after the 9/11 attacks. “It’s not like you’ve got a booth set up at a camp somewhere. What normally happens is that a case officer will identify a source who is a leader in one of the Free Syrian Army groups. And he’ll say, ‘Hey…can you come up with 200 [guys] you can trust?’ And of course they say yes—they always say yes. So Ahmed brings you a list and the details you need to do the traces,” the CIA’s word for background checks. “So you’re taking that guy’s word on the people he’s recruited. So we rely on a source whom we’ve done traces on to do the recruiting. Does that make sense?”
There is, of course, a huge problem with this approach:
A particularly vivid example was provided recently by Peter Theo Curtis, an American held hostage in Syria for two years. A U.S.-backed Free Syrian Army (FSA) unit that briefly held him hostage casually revealed how it collaborated with Al-Qaeda’s al-Nusra Front, even after being “vetted” and trained by the CIA in Jordan, he wrote in The New York Times Magazine.
“About this business of fighting Jabhat al-Nusra?” Curtis said he asked his FSA captors.
“Oh, that,” one said. “We lied to the Americans about that.”
But it is even worse. Consider this bit about the details of how the “trace” is carried out:
American embassies around the world are open to just about anybody who wants to sign up for the FSA. “They fill out a form. You get their four-part name, their date of birth, and then their tribe and where they’re from and all that,” the former operative explained. “Their work history, if there is any. Then you take that and run your traces through all your databases—your HUMINT and SIGINT [agency acronyms for information from human spies and National Security Agency intercepts, called signals intelligence]. And then you take certain aspects of that information, and you sanitize it, and you send it by cable to your station in whatever country, and you ask for their traces on this individual, to see if anything comes up.
“The problem with that process,” the former operative continued, “is when you have a person sitting at a computer who doesn’t know how to standardize Arabic names.… They may translate it correctly, but the person typing it in may or may not know how to look for it with all the name variances that might already be in the system.”
That one is just jaw-dropping. I have a hot tip for those folks tasked with tracing. A super-secret piece of software known as Google seems perfectly able to handle searches of names of groups or people. Whenever I Google new names, I often get back hits on variant transliterations without having to feed them into the search separately.
At any rate, though, when I first saw this article flit by last night, I jokingly suggested on Twitter that the CIA needs the Hogwarts sorting hat:
One important point that the CIA is missing, though, is that it seems to me that anyone who is stepping forward to want weapons and other support for the Syrian war has already self-selected to a large extent. And they are much more likely to be Slytherin than Gryffindor.
Over at Vice, I have a piece reviewed DOJ’s explanation for why they turned off some alleged Asian mobsters DSL so they could then go in as fake DSL repairmen and collected evidence.
The whole thing has a Keystone cops character, especially since the DSL contractor they had roped into working with them screwed up turning off the DSLs, which is why they now claim he was on a “private frolic” when he collected information on his own (that is a technical legal term meaning “freelancing,” but one doing far more than the evidence allows, in my opinion).
My favorite part, though, is how DOJ claims that turning off someone’s DSL would not create any kind of urgency which would eliminate the notion of consent, because after all they could have used the shitty hotel WiFi.
Perhaps the most disturbing claim, though, is that we all have to be satisfied with crummy hotel Wi-Fi. To dismiss the argument that by turning off the villas’ DSL, FBI had created an urgent need that obviated any kind of consent when the villa residents let in the FBI agents pretending to be DSL repairmen, the government claims that there is no legitimate need to seek better internet access than hotel Wi-Fi or personal cell phone tethers: “Defendants do not identify a single legitimate service or application that could not be adequately supported through the hotel’s WI-FI system, their personal hotspots, or personal cellphones, nor could they.”
The FBI is now claiming, the experience of travelers the world over notwithstanding, that nothing legal could require better Internet access than a hotel’s slow Wi-Fi connection. (Perhaps the Wi-Fi in high-roller villas is better than it is for average travelers, but DOJ’s brief doesn’t make that case by describing the internet speeds Caesars Palace makes available to privileged guests.) Moreover, the government admits that—as many travelers reliant on hotel Wi-Fi can attest—the Wi-Fi just wasn’t all that fast. “The DSL service was faster,” the brief reads.
I mean, I’m not a Malaysian gangster or anything, but I often find myself trying to do things in hotel rooms where neither the WiFi nor my cell phone’s tether provides remotely adequate speed. You know — simple things like posting on a blog. Apparently that’s illegitimate now.
And yes, I have called hotel technicians to help me get the hotel WiFi working and let them right into my room.
Even as I was working on that piece, Kaspersky Lab came out with a warning that hackers (possibly working out of South Korea) have been targeting businessmen through hotel WiFis for 7 years.
Business executives visiting luxury hotels in Asia have been infected with malware delivered over public Wi-Fi networks, Russian security firm Kaspersky Lab has discovered.
The so-called ‘Darkhotel’ hackers managed to tweak their code to ensure that only machines belonging to specific targets were infected, not all visitors’ PCs, and may have included state-sponsored hacking.
They also seemed to have advance knowledge of their victims’ whereabouts and which hotels they would be visiting, Kaspersky said.
CEOs, senior vice presidents, sales and marketing directors and top research and development staff were amongst those on the attackers’ hit list, though no specific names have been revealed.
As soon as they logged onto the hotel Wi-Fi, targets would be greeted with a pop-up asking them to download updates to popular software, such as GoogleToolbar, Adobe Flash and Windows Messenger. But giving permission to the download would only lead to infection and subsequent theft of data from their devices.
You think alleged Asian organized crime members might know that hotel wifi is totally insecure (even setting aside China’s habit of stealing it this way)? You think they may have heard of their peers getting hacked in luxury hotels?
Maybe that’s why they ordered up so many DSL lines.
In any case, DOJ’s argument that there’s no legitimate need for wired Internet access just went out the window.
Saturday night, the New York Times published a blockbuster article by James Risen and Matt Apuzzo that was then carried on the front page of Sunday’s print edition. The article described the jaw-dropping revelation that somehow, a lowly Port Authority detective wound up as the primary contact for Jundallah, a Sunni extremist group on the Iran-Pakistan border that attacks Iran (and sometimes Pakistan) with an aim to unify the region that is home to the Baloch people. Further, it appears that through Thomas McHale’s contacts (and McHale’s membership in a Joint Terrorism Task Force), information on Jundallah attacks filtered into the CIA and FBI prior to their being carried out in Iran.
Iran has long accused the US and Israel of having associations with Jundallah, even going so far as to state that the CIA and/or Mossad equip them and help them to plan their attacks. With negotiations between the P5+1 group of countries and Iran now in the home stretch toward a November 24 deadline, Saturday’s disclosure could hardly have come at a worse time. In fact, John Kerry was in Oman, meeting with Iranian Foreign Minister Mohammad Zarif and Catherine Ashton from the EU over the weekend. Despite this disclosure coming out, Sunday’s negotiating session turned into two sessions and a further session was even added on Monday. Upbeat news is still flowing from that meeting, so on first blush the disclosure Saturday didn’t completely disrupt the talks.
My first thought on seeing the article was that it fit perfectly with the previous front page effort by the Times at disrupting the talks. David Sanger “mistakenly” claimed that a new wrinkle in the negotiations would allow Russia to take over enrichment for Iran. This would almost certainly give hardliners the room they need to kill the deal, since maintaining enrichment capacity is a redline issue for Iran.
The reality is that what is under discussion is that Iran would continue its enrichment activities, but ship low enriched uranium to Russia where it would be converted into fuel rods. Evidence that this pathway is making progress can be seen in this morning’s announcement that Iran and Russia have signed an agreement for Russia to build two more nuclear power plants in Iran. It seems that a new wrinkle on the arrangement might allow Russia to prepare the fuel rods inside Iran:
Russia, which is involved in those talks, will also cooperate with Teheran on developing more nuclear power units in Iran, and consider producing nuclear fuel components there, according to a memorandum signed by the heads of the state atomic bodies, Sergey Kirienko of Russia’s Rosatom and Ali Akbar Salehi of Iran’s Atomic Energy Organization (AEOI).
Just as hinting falsely that Iran was negotiating away its enrichment technology was a move by the Times that could have disastrous effects on the ongoing negotiations, I felt that providing this strange story on McHale would give ammunition to those in Iran who see the CIA behind Jundallah. However,there is another possibility. In a Twitter discussion with Arif Rafiq on the disclosure, Rafiq suggested that “the US is coming clean about something that has concerned Iranians for years. Could be a plus”. He later allowed that hardliners could see it as a smoking gun. A further interesting speculation from Laura Rozen on Twitter suggested that perhaps the US played both sides of Jundallah:
— Laura Rozen (@lrozen) November 9, 2014
So let’s consider these nicer possibilities for a moment. Maybe we did give Rigi to the Iranians. Maybe we are admitting Jundallah contacts now as a way of making sure it ends. But if that is the case, Risen and Apuzzo are a very strange source for how this news came out. An admission of this sort is what I would expect to be routed through David Ignatius, Eli Lake or Josh Rogin. Risen would be especially difficult to see as cooperating with specific timing on a disclosure. Recall that the Times spiked his disclosure of Bush’s illegal wiretaps until after the 2004 elections and then only published when the book was about to drop. To believe that Risen is now somehow cooperating with the government is a huge stretch, but he does still appear to be at risk of being subpoenaed in the ongoing DOJ actions in response to the wiretapping disclosure.
Many issues surrounding US support for Jundallah (and MEK) are still quite unresolved in my view. Recall that we had the whole “false flag” controversy back in January of 2012, where it was “disclosed” that Mossad ran Jundallah while posing as CIA. Not too long after that, Sy Hersh disclosed that the US has trained operatives for the MEK (no mention of Jundallah at all in the article) for covert actions against Iran. What particularly raised my hackles in that report was that the training was held at the same site in Nevada where I suspect that the materials used in the 2001 anthrax attacks was produced.
Over at Moon of Alabama, b seems to feel that the US was indeed behind the running of Jundallah. For that to be the case, we are pretty much forced to believe that Risen and Apuzzo have been either duped or coerced. I find so much of what has come out to be conflicting that I doubt we’ll ever completely sort this out. I have no doubts that JSOC and CIA stand ready to see Iran’s enemies prosper, especially as we saw in the MEK training in Nevada. When it comes to involvement in actual operations, I just don’t know. But the possibility that we helped at some times and then handed over Rigi possibly to make up for it sounds so like what our rudderless intelligence services would do that I’m leaning that direction.
There has been a lot of belated attention to the impact that Mark Udall’s loss yesterday will have on the Senate Intelligence Committee. I’ve been pointing to the possibility of a Udall loss and a Richard Burr Chairmanship since March. I warned you all of this when there was still time to do something about it!
Yesterday’s election will have huge impact on intelligence matters. It’s crystal clear, for example, that Burr has zero intention of exercising any oversight into the intelligence community, as we know he has been uninterested in their law-breaking in the past. I actually think Burr may be more interested in their competence than Feinstein has been, but that may be just a pipe-dream.
Burr might even be the very very rare Gang of Four member who doesn’t use the position to leak what the intelligence community wants to make public to the press. I say that because Burr was a key player in requiring the White House to provide the committees a list of sanctioned leaks, which I actually think was a badly needed reform (though I have no idea whether the White House has complied).
There’s also the matter of the 3 or 4 new Republicans that will gain seats on the Intelligence Committee (adding at least one for the majority, along with replacing Saxby Chambliss and Tom Coburn, both of whom retired). It’d be nice to see a libertarian among these — perhaps someone like Mike Lee, given that Utah has a lot of intelligence equities. But I highly doubt Mitch McConnell would put anyone with an interest in civil liberties on the Committee.
But there is one area where yesterday’s shellacking might harbor good news for civil liberties: Thad Cochran.
With Republicans in the majority, Barb Mikulski (D-NSA) will lose her Chairmanship of the Appropriations Committee; Cochran is expected to get that Chair. Mikulski has always been — even more than Dianne Feinstein — the impediment to any real civil liberties change in the Senate, because she is far more powerful. Importantly, she served as a guarantee that smart policies put through on appropriations bills — like Alan Grayson’s elimination of a requirement that NIST consult with the NSA on encryption standards, and the Massie-Lofgren amendment to defund back door searches — would not make it into any final bill.
Losing the majority, even losing Mikulski on Appropriations on all other matters, is a huge loss, don’t get me wrong.
But it does mean that Thad Cochran might, just maybe, allow good things to move through the Senate on appropriations. With Barb Mikulski there was no chance in hell of doing something on an appropriations bill. Without her, there’s at least a possibility. (Remember that Ted Stevens permitted a Ron Wyden amendment defunding TIA to go through appropriations in 2003, so such things are not unheard of.)
There’s no reason to believe that Cochran, in general, is any friendlier to civil liberties than Mikulski. But he’s not the NSA’s own personal senator. And that may be a tiny bright spot.
As you no doubt know, Democrats got shellacked yesterday. Not only did they lose the Senate in spectacular fashion, but Jim and I are stuck with our shitty Republican governors. Locally, the GOP succeeded in term-limiting our Mayor who wins with 80% of the vote.
Steve Vladeck has a post considering how this will affect national security politics. I agree with his ultimate conclusion:
Thus, the real question that I think yesterday’s results raise for national security policy in the 114th Congress is not what this “genuine debate about how best to preserve constitutional values while protecting the Nation from terrorism” will look like, but rather whether the absence of such a debate (which seems increasingly likely) will indeed provoke courts to play the more aggressive role to which Justice Kennedy alluded.
But along the way, Vladeck makes a grave category error by suggesting that Ted Cruz is a libertarian.
Although the realignment thesis requires decent support from the wings of both parties, the consequences of yesterday’s results are to put the focus squarely on how libertarian Republicans approach national security policy–since theirs is the party in power in both chambers. With that in mind, consider Senator Ted Cruz’s fairly remarkable unwillingness to openly endorse Senator Mitch McConnell as majority leader. Whatever that portends with respect to the leadership race, it suggests at the very least that, on some issues, the more libertarian wing of the Republican party may not exactly fall into lockstep with the party’s more moderate elements. And while that was an intriguing enough phenomenon when Republicans only controlled the House, how that plays out when Republicans control both sides of the Capitol will be very interesting to watch.
Ted Cruz is a dangerous narcissistic authoritarian piggybacking on Tea Party popularity and amorphousness to advance his own career. He is not a libertarian.
There are, to be sure, some libertarian senators. Along with Mike Lee and Dean Heller, who get little notice, Rand Paul has learned how better to use Senate procedure to advance libertarian aims. (One piece of evidence that Cruz is not a libertarian is that both he and Paul appear to be running for President, making it clear they don’t have the same agenda.)
That said, one of the most interesting aspects of this election is that Paul did some real campaigning for authoritarian hack Pat Roberts, lending him his Tea Party cred.
Ted Cruz, however, was not out campaigning. Update: According to this, Cruz also campaigned for Roberts.
But the question of how having Cory Gardner and Joni Ernst in the Senate has little to do with their politics, in my opinion.
They have a lot more to do with the difference between Mitch McConnell and John Boehner.
John Boehner is an ineffective leader whose attempt to discipline his party ended up creating leaders who had little to lose.
Mitch McConnell is not an ineffective leader. He has long been able to demand discipline.
Perhaps the best indicator of that is what happened when Jeff Flake, who was superb on civil liberties in the House, moved to the Senate. He’s terrible on those issues now. Pretty much runs and hides in a corner, whimpering, when such issues come up. I’m not sure how Mitch did it, but he managed to neutralize someone who challenged GOP authoritarianism. Completely. I expect the same of Cory Gardner (though will be happy to be proven wrong).
In any case, I would be shocked if Mitch made the error of putting someone like Gardner (or Paul) in one of the at least 3 new Republican slots that will open up on the Intelligence Committee.
The story of the next two years will be about what Mitch — and his heavy discipline — wants to accomplish in the Senate, not about what a few libertarians or pseudo-libertarians want.
JPMorgan’s Form 8-K filed on Thursday with the Securities and Exchange Commission advises:
On October 2, 2014, JPMorgan Chase & Co. (“JPMorgan Chase” or the “Firm”) updated information for its customers, on its Chase.com and JPMorganOnline websites and on the Chase and J.P. Morgan mobile applications, about the previously disclosed cyberattack against the Firm. The Firm disclosed that:
• User contact information – name, address, phone number and email address – and internal JPMorgan Chase information relating to such users have been compromised.
• The compromised data impacts approximately 76 million households and 7 million small businesses.
• However, there is no evidence that account information for such affected customers – account numbers, passwords, user IDs, dates of birth or Social Security numbers – was compromised during this attack.
• As of such date, the Firm continues not to have seen any unusual customer fraud related to this incident.
• JPMorgan Chase customers are not liable for unauthorized transactions on their account that they promptly alert the Firm to.
The Firm continues to vigilantly monitor the situation and is continuing to investigate the matter. In addition, the Firm is fully cooperating with government agencies in connection with their investigations.
According to ZDNet, a forensic security firm suggests the bank’s users’ accounts are now at greater risk of compromise and that password changes and two-factor authentication should be implemented to address the risk.
However, the 8-K’s wording indicates a different security risk altogether as the users’ passwords and Social Security numbers are not compromised.
The disclosure of information compromised combined with earlier reporting about the breach more closely matches a description of that collected by National Security Agency’s TREASURE MAP intelligence collection program. TREASURE MAP gathered information about networks including nodes, but not data created by users at the end nodes of the network. The application delineated the path to the ends. and physical ends, not merely virtual ends of the network. Continue reading