NSI Security NewsWatch Banner

A weekly roundup of news, trends and insights designed exclusively for security professionals. This publication is intended for security staff only.


In this issue — May 20, 2020

  • FBI Finds al Qaeda Link After Breaking Encryption on Pensacola Attacker's iPhone
  • Ex-Mayo Clinic Researcher Muhammad Masood Indicted on Terrorism Charge
  • As DCSA Surpasses Background Investigation Goal, Is Trusted Workforce 2.5 Likely?
  • Report: Iran Is Increasing Its Military and Cyber Activity
  • Group Behind WannaCry Now Using New Malware
  • TSA Issues Road Map to Tackle Insider Threat with AI
  • Need for Clearances May Drop as Teleworking Expands, Evanina Says
  • Actions Needed to Enhance DHS Oversight of Cybersecurity at High-Risk Chemical Facilities
  • Intel Community Adapts to New Realities of Security Clearance Evaluation
  • Facebook Reports Spike in Takedowns of Hate Speech, Terrorism

FBI Finds al Qaeda Link After Breaking Encryption on Pensacola Attacker's iPhone (CNN, 5/18/20)

The Saudi military trainee who killed three U.S. sailors and wounded several others in a terror attack last year on a military base in Pensacola, Fla., was a longtime associate of al Qaeda who had communicated with operatives from the group as recently as the night before the shooting, the Justice Department and the FBI announced Monday.  Investigators uncovered the al Qaeda connection after the FBI broke through the encryption protecting the Saudi attacker's iPhones and have been able to use the information on the devices to carry out a recent counterterrorism operation in Yemen, Attorney General William Barr and FBI Director Christopher Wray said.

"The evidence we've been able to develop from the killer's devices shows that the Pensacola attack was actually the brutal culmination of years of planning and preparation by a longtime AQAP associate," Wray said, referring to al Qaeda in the Arabian Peninsula, one of the deadliest branches of the terror group.  Mohammed Alshamrani, a member of the Royal Saudi Air Force who had been training at Naval Air Station Pensacola, was killed by law enforcement during the attack. More

Ex-Mayo Clinic Researcher Muhammad Masood Indicted on Terrorism Charge (NY Post, 5/16/20)

A Pakistani doctor and former Mayo Clinic research coordinator was indicted for providing support to a terrorist group after he told paid informants that he planned to carry out attacks against the U.S.  Muhammad Masood, 28, was formally charged last week for his alleged ties to the Islamic State but has been in custody since he was arrested at the Minneapolis-St. Paul International Airport on March 19.

Federal prosecutors said Masood told informants that he was working for the jihadist group, which controls large swathes of territory in Syria and Iraq.  They said he was in the U.S. on a work visa.  From January to March, Masood made several statements to informants he believed were members of the Islamic State, expressing a desire to fight for the group in Syria and carry out attacks against the U.S., according to court papers. More

As DCSA Surpasses Background Investigation Goal, Is Trusted Workforce 2.5 Likely? (Fed Scoop, 5/14/20)

The Defense Counterintelligence and Security Agency could be ready to take another step in reforming the government’s personnel vetting process, a top national security official said last week, now that the agency has surpassed its target for reducing the backlog in background investigations.  An aggressive effort has led to a nearly 17% increase in processing of new security clearances year-over-year, said Bill Evanina, director of the National Counterintelligence and Security Center.  

That progress has led DCSA to consider what else it can do to maintain momentum, he added.  DCSA set a goal in December to reach a “steady target state” of 200,000 cases pending — a number that would represent a significant improvement in the speed for hiring workers, like many information technology specialists, who need security clearances.  The agency is ahead of the goal. More


What’s the Number One Cause of Security Breaches and Insider Threats?

It can blow through any firewall, defeat expensive technology controls, expose sensitive data, cause laptops and mobile devices to go missing, and leak corporate or national security secrets.  What, you ask, is it?  Employee negligence — the single most common cause of damaging insider threats. If there's a common thread the experts all agree on, it’s that poor training and unaware employees lie at the root of many if not most employee security breaches.

So, how do you make sure that your company's information assets are protected? The first line of defense is employee awareness – the critical "humanware” component of your data security armor. NSI’s SECURITYsense awareness program gives your employees the tools and information they need to make security second nature.  Don’t put your organization at risk.  Get SECURITYsense and build awareness quickly and affordably. Click here https://www.nsi.org/securitysense/what-is-securitysense.shtml for more information.


Report: Iran Is Increasing Its Military and Cyber Activity (Defense One, 5/14/20)

Few countries were hit as hard by the COVID-19 pandemic as Iran, which has seen more than 114,000 confirmed cases.  But in recent weeks, open-source intelligence gleaned from Persian- and Arabic-language sources, as well as commercially available location data from mobile devices, suggests that Iranian military activity did not drop off as severely as civilian activity, according to data analytics company Babel Street. 

Both types of activity picked back up in May, and Iran’s support for offensive cyber operations and proxy forces in Yemen and Iraq didn’t show any signs of waning at all.  Babel Street’s analysis drew on commercial telemetry data gleaned from things like apps that collect users’ locations.  In a report released last week, they found that civilian activity dropped more than 90% during parts of March and April, as measured from data collected at the Tehran Grand Bazaar and elsewhere.  Military activity dropped 30% to 50% compared to last year. More

Group Behind WannaCry Now Using New Malware (Gov Info Security, 5/14/20)

A sophisticated hacking group associated with the North Korean government that's been tied to a number of high-profile attacks, including WannaCry, is using three new malware variants, according to DHS’s CISA.  These variants, which include two Trojans and a remote access tool, are being used by the hacking group that CISA calls Hidden Cobra, although others refer to it as the Lazarus Group. 

This group is suspected of carrying out a series of high-profile attacks, including the Sony Pictures hack of 2014 and the WannaCry ransomware attacks of 2017.  Since the latter attack, CISA, DHS and the FBI have regularly issued warnings about North Korea-sponsored hackers and have published data on nearly 30 malware variants associated with hacking groups suspected of working with the regime.  In April, the government announced a $5 million reward for information about suspected North Korean-sponsored attacks. More

TSA Issues Road Map to Tackle Insider Threat with AI (Nextgov, 5/14/20)

The Transportation Security Administration is planning to increase and share information it collects, including that gleaned from employees, with other federal agencies and the private sector in an effort to prevent insiders from perpetrating various harmful malfeasance.  Artificial Intelligence, probabilistic analytics and data mining are among tools the agency listed in a document it issued last week outlining the plan to create an “Insider Threat Mitigation Hub.” 

“The Insider Threat Roadmap defines the common vision for the Transportation Systems Sector that insider threat is a community-wide challenge, since no single entity can successfully counter the threat alone,” TSA Administrator David Pekoske wrote.  In July 2019, a surveillance camera at the Miami International Airport captured footage of an airline mechanic sabotaging a plane’s navigation system with a simple piece of foam.  The TSA road map describes this incident along with a number of others dating back to 2014 spanning a range of activities including terrorism, subversion and attempted or actual espionage. More

Need for Clearances May Drop as Teleworking Expands, Evanina Says (FCW, 5/14/20)

Having a top-secret clearance may no longer be the insignia of an intel worker, according to the intelligence community’s national counterintelligence chief.  “We are just as successful, with some exceptions, with people working at home than we were before.  And I think we have to be flexible and look at our private-sector model and maybe extrapolate that into our intelligence community,” National Counterintelligence and Security Center Director William Evanina said last week.

Evanina said he could see not requiring clearances for some positions in the next few years due to teleworking abilities.  “Just because you work in the IC, and just because you have a top-secret clearance, does that mean that everything you do is classified?”  The IC’s culture used to look at having a top-secret clearance as a “pass-fail” test to get in, Evanina said, but that doesn’t mean employees can’t do their jobs from home -- as long as it’s done securely. More

Actions Needed to Enhance DHS Oversight of Cybersecurity at High-Risk Chemical Facilities (GAO, 5/14/20)

Terrorists and others may pose a cyber-threat to high-risk chemical facilities.  Control systems, for example, could be manipulated to release hazardous chemicals.  The Department of Homeland Security started a program more than a decade ago to help address these security risks.

We reviewed the program.  DHS guidance designed to help about 3,300 facilities comply with cybersecurity and other standards has not been updated in over 10 years.  Also, its cybersecurity training program for its inspectors does not follow some key training practices.  We made six recommendations, including that DHS review and update guidance and improve training. More

Intel Community Adapts to New Realities of Security Clearance Evaluation (Law.com, 5/14/20)

Security clearances will almost certainly become an even more valuable credential as our economy transforms amid the COVID-19 pandemic.  The ever-increasing desirability of a security clearance has raised the stakes for those looking to gain or maintain a clearance in these economically uncertain times.  Clearance holders have access to an exclusive and lucrative job market and on average earn close to $40,000 more than their counterparts without a clearance according to a recent survey conducted by ClearanceJobs.com. 

As national security attorney Mark Zaid lamented, “I call security clearances the Willy Wonka golden ticket … It opens incredible doors that otherwise would never be opened, and they typically have a bigger pot of gold at the end of the rainbow than non-cleared positions.”  While well over 30 million Americans have filed initial unemployment claims since mid-March, those employed in jobs that require a security clearance remain largely insulated from the economic volatility caused by the pandemic.  Clearance holders and applicants with an eye toward the value and stability of a job with a clearance already understood the obstacles facing them as they moved through the vetting and reevaluation processes.  More

Facebook Reports Spike in Takedowns of Hate Speech, Terrorism (Reuters, 5/12/20)

Facebook Inc. last week reported a sharp increase in the number of posts it removed for promoting violence and hate speech across its apps, which it attributed to technology improvements for automatically identifying text and images.  The world’s biggest social media company removed about 4.7 million posts connected to hate organizations on its flagship app in the first quarter, up from 1.6 million in the 2019 fourth quarter.  It also deleted 9.6 million posts containing hate speech, compared with 5.7 million in the prior period.

That marks a six-fold increase in hateful content removals since the second half of 2017, the earliest period for which Facebook discloses data.  The company also said it put warning labels on about 50 million pieces of content related to COVID-19, after taking the unusually aggressive step of banning harmful misinformation about the new coronavirus at the start of the pandemic. More

Keep Getting This Newsletter

To ensure delivery to your inbox (not bulk or junk folders), please add NSI@nsi.org to your address book.

SUBSCRIBE: If you were sent this by a colleague and wish to subscribe to NSI's complementary Security NewsWatch e-newsletter, visit http://nsi.org/newsletter.html.


Please feel free to share this e-mail with your colleagues and encourage them to sign up to get their own copy at http://nsi.org/newsletter.html

ADVERTISERS: For information about sponsoring this e-letter, contact sburns@nsi.org or call

NSI LogoNational Security Institute
165 Main Street, Suite 215
Medway, MA 02053
Tel: 508-533-9099
Fax: 508-507-3631
Internet: http://nsi.org



Impact 2020 Announcement


Help Your Employees Become Cyber Aware

Experts agree, well intentioned but careless employees pose just as much of a danger to your organization as faceless hackers on the outside. In fact, 95 percent of successful hack attacks or incidents are attributed to human error.

Learn how to mitigate the accidental insider threat and empower your employees to think securely with these valuable lessons:

  1. How to recognize and respond to social engineering attacks
  2. How to avoid spear-phishing and email scams
  3. How avoid becoming an easy target for hackers
  4. How to prevent human errors that cause security breaches
  5. How to protect sensitive data from hackers, spies and ID thieves

Learn More Button