NSI Security NewsWatch Banner

A weekly roundup of news, trends and insights designed exclusively for security professionals. This publication is intended for security staff only.


In this issue — January 15, 2020

  • AG: Pensacola Shooting Was Act of Terrorism
  • Government Urges: Upgrade VPN or Expect Cyberattacks
  • Former Marine Posed as Security Member for Marine One, Officials Say
  • Cyber Threats to North American Power Grid Are Growing
  • Iran Is Expanding Its Online Disinformation Operations
  • 'Intrusion Truth' Data Dump Peels Back Layers on Chinese Front Companies
  • Woman Caught in NYC Terrorism Sting Sentenced to 15 Years
  • Government Employees and Contractors Not Subject to the Same Vetting Process
  • FBI Asks Apple for Access to Saudi Shooter's iPhones
  • Special DOJ Unit Cracks Down on China's Illicit Activities
  • Warner Tells ODNI, OPM to Get Moving on Major Security Clearance Reforms

AG: Pensacola Shooting Was Act of Terrorism (USA Today, 1/13/20)

A shooting by a Saudi pilot on a Navy base in Pensacola, Florida, in December was an act of terrorism motivated by "jihadist ideology," Attorney General William Barr said Monday.  The Justice Department's findings were announced about a month after the Saudi pilot, 2nd Lt. Mohammed Alshamrani, fired on service members at Naval Air Station Pensacola.

The 21-year-old shooter, who was part of a U.S. training program for the Saudi military, was killed in the rampage Dec. 6 that also killed three American service members and injured eight others.  Investigators found that on Sept. 11 last year, the shooter posted on social media that "the countdown has begun."  He visited the 9/11 Memorial in New York City over Thanksgiving weekend, and he posted "anti-American, anti-Israeli and jihadi messages" on social media two hours before the attack, Barr said.  More

Government Urges: Upgrade VPN or Expect Cyberattacks (Forbes, 1/13/20)

DHS’s Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert that strongly urges users and administrators alike to update virtual private networks with long-since disclosed critical vulnerabilities.  "Affected organizations that have not applied the software patch to fix a remote code execution (RCE) vulnerability," the CISA alert warns, "can become compromised in an attack." 

What has dictated the need for this level of government agency interest and the urgency of the language used?  The simple answer is the ongoing Travelex foreign currency exchange cyberattack, thought to have been facilitated by no less than seven VPN servers that were late in being patched against this critical vulnerability.  More

Former Marine Posed as Security Member for Marine One, Officials Say (NYT, 1/11/20)

A former United States Marine posed as a security team member for Marine One, the helicopter that transports President Trump, and breached two checkpoints last week at Palm Beach International Airport, authorities said.  The former Marine, Brandon M. Magnan, 37, of Naples, Fla., was charged on Jan. 6 with false impersonation of an officer or employee of the United States, according to a criminal complaint by the United States Secret Service.

It wasn’t clear why Mr. Magnan was trying to get near the helicopter.  Marine One, which is piloted and protected by the Marine Corps unit known as HMX-1, is used to transport the president for shorter trips, the Secret Service said.  Trump was spending his winter vacation in Palm Beach, Fla., at his private Mar-a-Lago resort at the time of the episode. More


Help Your Employees Be More Security Conscious in 2020

People are the weak link in any organization, opening attachments, downloading sensitive information onto thumb drives or sharing documents that they shouldn’t.  In most cases, employees receive some information security training when they join a company, but typically that isn’t repeated on a timely basis.  Just like computers, people must be patched at least every month.  Continuous security awareness solutions from NSI can help solve this problem and ensure everyone in your organization is up to speed on the latest security threats.

A more security-aware workforce can mean the difference between an employee preventing the next data breach, and becoming the next breach.  Protect yourself today with SECURITYsense, the premier information security awareness service from NSI.  It keeps your employees up to date on current threats and tells them how to protect against them — easily and cost effectively. To know more click here https://www.nsi.org/securitysense/what-is-securitysense.shtml.


Cyber Threats to North American Power Grid Are Growing (OilPrice.com, 1/10/20)

Threats of cyberattacks on North America’s electric network systems are growing, industrial cybersecurity firm Dragos said in a report last week.  This year, the firm has identified two groups, Magnallium and Xenotime, which are increasingly probing to compromise electric assets in North America, expanding their targeting from the oil and gas sector to include electric assets.  

“This underscores the trend in threats expanding from single-vertical ICS operations to multi-vertical ICS operations we observe from adversaries targeting industrial entities,” Dragos said in its report.  Another group, Parisite, identified in 2019, has been focusing on exploiting vulnerabilities in remote connectivity services and virtual private network appliances to gain initial access to target industrial control systems (ICS) networks, Dragos said.  “The complete energy infrastructure sector (electric, oil and gas, etc.) of all countries are at risk as companies and utilities face multiple well-resourced ICS-focused adversaries,” Dragos said.  More

Iran Is Expanding Its Online Disinformation Operations (Nextgov, 1/10/20)

Iran is charging ahead with new online efforts to sway public opinion as tensions simmer with the United States, experts say.  So how good is Iran at online influence campaigning and what do those campaigns look like?  The first thing to know is that Iran’s no Russia, whose online disinformation campaigns in 2016 brought the field into mainstream public discussion. 

Tehran’s operators are less sophisticated, less well-funded, and less focused on achieving electoral political outcomes.  But they can have a big effect, particularly in the Middle East, where Iranian influence efforts have affected operations against ISIS and endangered U.S. troops.  Alireza Nader, a senior fellow at the Foundation for the Defense of Democracies, described Iran’s online efforts as “not equal to Russia, perhaps, but nevertheless dangerous.  The regime is known for its hacking capabilities and spends a considerable amount of resources trying to shape discourse on social media.” More

'Intrusion Truth' Data Dump Peels Back Layers on Chinese Front Companies (Cyber Scoop, 1/9/20)

Intrusion Truth is back.  The anonymous group known in the cybersecurity world for publishing detailed blog posts about suspected nation-state hackers released new information last week alleging that Chinese technology companies are recruiting attackers working on Beijing’s behalf.

By identifying job postings seeking offensive cybersecurity skills, the group wrote, they found a number of companies in Hainan, a province in South China, all using the same language in their advertisements.  Some of those companies have only a small web presence outside the job ads seeking offensive-minded computer specialists, suggesting to Intrusion Truth that employers actually are trying to recruit hackers for advanced persistent threat groups.  “We know that these companies are a front for APT activity,” states the blog post. More

Woman Caught in NYC Terrorism Sting Sentenced to 15 Years (NBC NY, 1/9/20)

A federal judge sentenced a New York City woman to 15 years in federal prison for studying how to make bombs for a terrorist attack that prosecutors said would have targeted law enforcement in the United States.  Asia Siddiqui, 35, of Queens, admitted in Brooklyn federal court that she and another woman looked online for recipes for homemade explosives and shopped for components at Home Depot with the intent to bomb government targets.  She was arrested in 2015 and pleaded guilty last year.

Prosecutors asked that Siddiqui be sentenced to two decades behind bars, saying she and her co-defendant “followed and expressed a violent, warped version of Islam which, in their view, demanded that they teach each other and learn how to build a bomb.”  They said Siddiqui wrote two poems and an article published in a magazine called “Jihad Recollections.” More

Government Employees and Contractors Not Subject to the Same Vetting Process (Homeland Security Today, 1/9/20)

Government employees and contractors who require a security clearance are subject to Continuous Evaluation – comprehensive monitoring and periodic re-investigation of their behavior.  According to government policy, both should be subject to the same vetting and adjudication process.  However, the Intelligence and National Security Alliance (INSA) has found two critical differences: the consideration of social media and personnel security information sharing.

A new white paper written by INSA’s Insider Threat Subcommittee says individual government contractors face more rigorous scrutiny, as private companies can monitor employees’ social media as part of their continuous vetting and insider threat protocols.  However, despite the existence of a directive permitting them to do so, government agencies do not monitor their employees’ social media.  Given that intelligence often traces the intention of criminal acts to an individual’s social media use, this is a potentially dangerous lapse in the vetting process. More

FBI Asks Apple for Access to Saudi Shooter's iPhones (Gov Info Security, 1/8/20)

The FBI has sent a letter to Apple asking for help in accessing encrypted data stored on two iPhones belonging to a deceased shooter.  The bureau's request comes as some U.S. government officials have once again started claiming that strong, unbreakable encryption poses a "going dark" threat to public safety.  Reports say the FBI has obtained search warrants to inspect the phones of Second Lt. Mohammed Saeed Alshamrani of the Saudi Royal Air Force.

Alshamrani, who was training at Naval Air Station Pensacola in Florida, killed three people and injured eight with a handgun in December, at the base.  He was shot and killed by police during the incident.  The FBI has told Apple that Alshamrani's devices are encrypted and that efforts to guess his passwords have been unsuccessful. More

Special DOJ Unit Cracks Down on China's Illicit Activities (Washington Times, 1/8/20)

The DOJ’s special China unit is aggressively prosecuting technology theft and other illicit activities by Beijing’s spies and government officials, a senior department official said last week.  China was implicated in more than 80% of all economic espionage cases brought by the DOJ since 2012, and more than 60% of all trade secrets theft cases were linked to Beijing’s aggressive spying and acquisition programs, U.S. officials said.

Those activities involve traditional human and cyber intelligence gathering operations as well as what officials term “nontraditional” spying: the use of students, businesspeople, and other nonprofessional collectors of intelligence.  “It’s an objective fact that the number of economic espionage investigations has increased dramatically in recent years,” Adam Hickey, deputy assistant attorney general in the DOJ’s national security division, said. More

Warner Tells ODNI, OPM to Get Moving on Major Security Clearance Reforms (Fed News Network, 1/7/20)

Senate Intelligence Committee Vice Chairman Mark Warner (D-Va.) is asking the two federal agencies charged with bringing the decades-old security clearance process into the 21st century to accelerate the initiative.  The Office of the Director of National Intelligence and the Office of Personnel Management have been plotting a wide range of changes to the suitability, credentialing and security clearance system — an initiative known as Trusted Workforce 2.0 — for more than a year.

But Warner wants to put some political pressure on an administration initiative that’s received bipartisan endorsement with the recent passage of the annual defense authorization bill.  “I ask that you as the government’s security executive agent and suitability/fitness and credentialing executive agent, respectively, use this unique moment to realize sweeping reform and immediately issue guidance to implement this initiative,” Warner wrote last week in a letter to OPM and ODNI. More

Keep Getting This Newsletter

To ensure delivery to your inbox (not bulk or junk folders), please add NSI@nsi.org to your address book.

SUBSCRIBE: If you were sent this by a colleague and wish to subscribe to NSI's complementary Security NewsWatch e-newsletter, visit http://nsi.org/newsletter.html.


Please feel free to share this e-mail with your colleagues and encourage them to sign up to get their own copy at http://nsi.org/newsletter.html

ADVERTISERS: For information about sponsoring this e-letter, contact sburns@nsi.org or call

NSI LogoNational Security Institute
165 Main Street, Suite 215
Medway, MA 02053
Tel: 508-533-9099
Fax: 508-507-3631
Internet: http://nsi.org



Impact 2020 Banner


Who's Worse:
Employees or Hackers?

Experts agree, well intentioned but careless employees pose just as much of a danger to your organization as faceless hackers on the outside. In fact, 95 percent of successful hack attacks or incidents are attributed to human error.

Learn how to mitigate the accidental insider threat and empower your employees to think securely with these valuable lessons:

  1. How to recognize and respond to social engineering attacks
  2. How to avoid spear-phishing and email scams
  3. How avoid becoming an easy target for hackers
  4. How to prevent human errors that cause security breaches
  5. How to protect sensitive data from hackers, spies and ID thieves

Learn More Button