#2362: Marine Briefs Joint Chiefs On Benghazi Digital Fires/Blackberry Clinton Spoof/Serco 8(a) UN Clock
1. Former Navy SEALs Glen Doherty and Tyrone Woods Serco died in Benghazi on 9/11/12 in a Serco digital fires attack, scripted by domestic enemies of the United States.
2. Serco’s protégé, Base One Technologies, spoofed Hillary Clinton’s Blackberry to inject 9/11 scripts into the U.S. National Command Authority’s Defense Red Switch Network.
3. Serco and Base One — a State Department 8(a) company — use the onion router’s (Tor) Network Time Protocols to synchronize snuff-film productions with the 8(a) UN Clock.
“Digital Fires Instructor Serco – Camp Pendleton, CA Posted 377 days ago Uses information derived from all military disciplines (e.g., aviation, ground combat, command and control, combat service support, intelligence, and opposing forces) to determine changes in enemy capabilities, vulnerabilities, and probable courses of action.”
“EX-OBAMA INTEL HEAD: ‘VERY LIKELY’ CHINA, RUSSIA HACKED HILLARY’S PRIVATE EMAIL ACCOUNT
The Associated Press
by BREITBART NEWS7
A former top intelligence official for the Obama administration believes that it is “very likely” that countries like China and Russia–and maybe even Iran and North Korea–hacked into Hillary Clinton’s private email account while she was secretary of state.
Lt. Gen. Michael Flynn–who ran the Defense Intelligence Agency, which is the sister agency to the CIA, for the Obama administration–told Fox News’s Megyn Kelly on Monday that there is a “very high” probability that nations hostile the United States hacked into Clinton’s private server, which cybersecurity experts have determined had numerous security lapses.
According to a Weekly Standard transcript of the exchange:
Kelly asked, “What do you think the odds are that the Chinese, the Russians hacked into that server and her e-mail account?” “Very high,” Flynn said without hesitation. “Likely.”
“Yep. Likely. They‘re very good at it. China, Russia, Iran, potentially the North Koreans. And other countries who may be ‘our allies’ because they can.”
The State Department never issued Clinton a more secure government blackberry. Politico recently reviewed photos from pool reports during Clinton’s tenure at the agency and determined that she used her less secure personal blackberry in countries like Vietnam, Brazil, and South Korea.
Cybersecurity experts said that “the risk of targeted theft of an official’s data is greatest in nations with telecoms that are owned or largely controlled by the government” because “state-aligned hackers could pull any unencrypted data, such as the metadata connected with a phone call, straight off the cell towers.” Politico noted that in Vietnam, for instance, “there’s a concern Chinese government hackers could pull information from the Vietnamese government-owned telecom — either through an intelligence-sharing agreement with Vietnam or because Vietnamese officials make little effort to keep Chinese spies out of their networks.”
Exploits for dangerous network time protocol vulnerabilities can compromise systems
PATCH NOW: NTP vulns remotely exploitable. Sploits in wild already
Siemens patches critical SCADA flaws likely exploited in recent attacks
How serious of a security threat is the “Bash bug?”
By Lucian Constantin
IDG News Service | Dec 22, 2014 7:01 AM PT
Remote code execution vulnerabilities in the standard implementation of the network time protocol (NTP) can be exploited by attackers to compromise servers, embedded devices and even critical infrastructure systems that run UNIX-like operating systems.
The flaws, which can be exploited by sending specially crafted packets to machines running a vulnerable version of the NTP daemon (ntpd), pose a greater threat to systems where the service runs under a highly privileged user account such as root.
However, even if the ntpd user has limited privileges, attackers could leverage other privilege escalation flaws to gain root access after exploiting the NTP flaws.
The Network Time Foundation, the organization that oversees the NTP project, has released version 4.2.8 of the standard protocol implementation to address the vulnerabilities. Some Linux distributions, including Red Hat, have issued updated packages based on it, but others such as Ubuntu have yet to do so. Manufacturers of network security appliances and other embedded devices are likely still evaluating whether the flaws affect their products.
According to a security notice from the Network Time Foundation, the ntp 4.2.8 update fixes four buffer overflow vulnerabilities, tracked together as CVE-2014-9295 in the Common Vulnerabilities and Exposures database, and fixes three other weaknesses in the protocol’s cryptographic implementation and error handling. All the issues were discovered by Neel Mehta and Stephen Roettger of the Google Security Team.
The U.S. government’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) warned in an advisory Friday that exploit code for these vulnerabilities is publicly available already, which increases the risk associated with them. The organization advised industrial control system operators to evaluate the impact of the flaws in their respective environments, which may differ based on particular configurations.”
“Ntpd typically does not have to run as root,” said Johannes Ullrich, the CTO of the SANS Internet Storm Center, in a blog post. “Most Unix/Linux versions will configure NTP using a lower privileged user.”
“Try to block inbound connections to ntp servers who do not have to be publicly reachable,” Ullrich said. “However, be aware that simple stateful firewalls may not track UDP connections correctly and will allow access to internal NTP servers from any external IP if the NTP server recently established an outbound connection.”
Systems administrators are advised the install the NTP patches as soon as they becomes available for their systems.”
“Advisory (ICSA-14-353-01C) Network Time Protocol Vulnerabilities (Update C)
Original release date: February 05, 2015 | Last revised: February 09, 2015
All information products included in http://ics-cert.us-cert.gov are provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see http://www.us-cert.gov/tlp/.
This updated advisory is a follow-up to the updated advisory titled ICSA-14-353-01B Network Time Protocol Vulnerabilities that was published February 4, 2015, on the NCCIC/ICS-CERT web site.
Google Security Team researchers Neel Mehta and Stephen Roettger have coordinated multiple vulnerabilities with CERT/CC concerning the Network Time Protocol (NTP). As NTP is widely used within operational industrial control systems deployments, ICS-CERT is providing this information for US critical infrastructure asset owners and operators for awareness and to identify mitigations for affected devices. ICS-CERT may release updates as additional information becomes available.
These vulnerabilities could be exploited remotely.
Products using NTP service prior to ntp-4.2.8p1 are affected. This is an open source protocol.
AUTHENTICATION BYPASS BY SPOOFINGp
The IPv6 address ::1 can be spoofed, allowing an attacker to bypass access control lists (ACLs) based on ::1. All NTP4 releases before 4.2.8 are vulnerable. Linux and slightly older Mac OSX kernels are vulnerable, but other tested OSes are not vulnerable to the ::1 spoofing. Proper firewall rulings can mitigate this problem. As this issue may be a kernel issue, rather than NTPD, source-IP based ACLs may be vulnerable as well.
This vulnerability is resolved with NTP-stable4.2.8p1 on February 04, 2014.
CVE-2014-9297q has been assigned by CERT/CC to this vulnerability. A CVSS v2 base score of 9.0 has been assigned; the CVSS vector string is (AV:N/AC:L/Au:N/C:P/I:P/A:C).r
An attacker with a low skill and an exploit script would be able to exploit these vulnerabilities. However, a higher-level of skill would be necessary to craft usable exploit scripts.”
“[Base One Technologies, Ltd. is a DOMESTIC BUSINESS CORPORATION, located in New York, NY and was formed on Feb 15, 1994.This file was obtained from the [Clinton] Secretary of State and has a file number of 1795583].. Conducts IT Security and Risk Assessment in Federal government as well as security testing, implementing security for multiple platforms and operating systems [onion router] around the world … Develops, implements and supports Information Security Counter measures such as honey-pots and evidence [snuff film] logging and incident documentation processes and solutions.”
“The 8(a) Business Development Program assists in the development of small businesses owned and operated by individuals who are socially and economically disadvantaged, such as women and minorities. The following ethnic groups are classified as eligible: Black Americans; Hispanic Americans; Native Americans (American Indians, Eskimos, Aleuts, or Native Hawaiians); Asian Pacific Americans (persons with origins from Burma, Thailand, Malaysia, Indonesia, Singapore, Brunei, Japan, China (including Hong Kong), Taiwan, Laos, Cambodia (Kampuchea), Vietnam, Korea, The Philippines, U.S. Trust Territory of the Pacific Islands (Republic of Palau), Republic of the Marshall Islands, Federated States of Micronesia, the Commonwealth of the Northern Mariana Islands, Guam, Samoa, Macao, Fiji, Tonga, Kiribati, Tuvalu, or Nauru); Subcontinent Asian Americans (persons with origins from India, Pakistan, Bangladesh, Sri Lanka, Bhutan, the Maldives Islands or Nepal). In 2011, the SBA, along with the FBI and the IRS, uncovered a massive scheme to defraud this program. Civilian employees of the U.S. Army Corps of Engineers, working in concert with an employee of Alaska Native Corporation Eyak Technology LLC allegedly submitted fraudulent bills to the program, totaling over 20 million dollars, and kept the money for their own use. It also alleged that the group planned to steer a further 780 million dollars towards their favored contractor.”
“The following positions have the status of Cabinet-rank:
White House Chief of Staff
Environmental Protection Agency
Administrator Gina McCarthy
Office of Management & Budget
Director Shaun L.S. Donovan
United States Trade Representative
Ambassador Michael Froman
United States Mission to the United Nations
Ambassador Samantha Power
Council of Economic Advisers
Chairman Jason Furman
“Serco farewell to NPL after 19 years of innovation 8 January 2015 .. During that period under Serco’s management and leadership, NPL has delivered an extraordinary variety and breadth of accomplishments for the UK’s economy and industry .. .. NPL’s caesium fountain atomic clock is accurate to 1 second in 158 million years and NPL is playing a key role in introducing rigour to high frequency [Clinton 100 Women in Hedge Funds] trading in the City through NPLTime.”
“Serco’s Office of Partner Relations (OPR) helps facilitate our aggressive small business utilization and growth strategies. Through the OPR, Serco [and its drug hub banker HSBC] mentors four local small businesses under formal Mentor Protégé Agreements: Three sponsored by DHS (Base One Technologies, TSymmetry, Inc., and HeiTech Services, Inc.,) and the fourth sponsored by GSA (DKW Communications, Inc.). Serco and HeiTech Services were awarded the 2007 DHS Mentor Protégé Team Award for exceeding our mentoring goals.”
“The Marine Corps Intelligence Activity (MCIA) is a field activity headquarters, U.S. Marine Corps, and a member of both the Defense Intelligence Agency and the United States Intelligence Community. The MCIA describes itself as: “a vital part of military intelligence ‘corporate enterprise,’ and functions in a collegial, effective manner with other service agencies and with the joint intelligence centers of the Joint Chiefs of Staff and Unified Commands.” images and video links below and is standing by to make his briefing.”
McConnell invites The Marine Corps Intelligence Activity (MCIA) to study his work at the Abel Danger website and he offers to brief Marine General Joseph Dunford, the incoming Chairman of the Joint Chiefs of Staff, on how to win an 8(a) UN cyberwar with the domestic enemies of the United States in the Obama Cabinet.
“Digital Fires Instructor Serco – Camp Pendleton, CA
Posted 377 days ago
Uses information derived from all military disciplines (e.g., aviation, ground combat, command and control, combat service support, intelligence, and opposing forces) to determine changes in enemy capabilities, vulnerabilities, and probable courses of action.
•Works directly with customers and team members to determine project scope and specifications.
•Provides research and analysis to support military organizations.
•May support development and analysis of products, including training modules, evaluation tools, etc.
•Presents analysis or products to customers.
•May support policy and procedure development for agency, interagency, or community-wide support.
•May interact with outside customers and functional peer groups.
• Participates in the development, testing, maintenance and delivery of training and educational programs and related materials in support of complex products and/or procedures.
• Knowledge on the operational employment and TTPs of the following C2 systems and software applications in the COC operating environment is required:, AFATDS, FBCB2-BFT, JADOCS, and supporting C2 systems/software applications found available for use the regimental/battalion Combat Operations Center (COC).
• Conducts training sessions and assists in evaluating the effectiveness of training activities.
• May assist with updating course documentation on a continuous basis to ensure timeliness and relevance.
• May work with engineering, technical support and manufacturing to ensure that course material reflects current product features.
Desired Skills and Experience
•Requires a bachelor’s degree in a related field; graduate degree preferred, plus 3 years’ experience as a Military Analyst and/or formal military training. Appropriate clearance level required.
•Work is usually performed at a government site, some of which may be remote.
•Working conditions may vary.
•Travel may be required.
• Have attended DoD formal instructor courses, such as the Marine Corps’ Formal School’s Instructor’s Course, or service equivalent
• Four years of documented experience instructing and employing their respective C2 system in support of MAGTF operations
• Background as an 0844 or 0848 MOS (USMC MOS, or equivalent USA MOS appropriate), with formal training and experience utilizing AFATDS (Advanced Field Artillery Target Data System), EMT (Effects Management Tool), PSS-SOF (Precision Strike Suite – Special Ops Forces)
• Active Secret Clearance or the ability to obtain a Secret clearance is required.
• Formal AFATDS Training required, Strike-Link, PSS-SOF, JADOCS experience desirable”
“Onion routing network for securely moving data through communication networks US 6266704 B1 ABSTRACT The onion routing network is used to protect Internet initiators and responders against both eavesdropping and traffic analysis from other users of the Internet. In the onion routing of the invention, instead of making connections directly to a responding machine, users make connections through onion routers. The onion routing network allows the connection between the initiator and responder to remain anonymous. Anonymous connections hide who is connected to whom and for what purpose from outside eavesdroppers.”
“VATC Provides exercise support to FLINTLOCK 14 VATC Inc. Press Providing Global Strategies for Secure Operations in a Rapidly Changing World VATC PROVIDES EXERCISE SUPPORT TO FLINTLOCK 14 April 2, 2014 Tampa, Florida – Visual Awareness Technologies & Consulting (VATC) was recently selected to provide exercise support during FLINTLOCK 14, an annual regional exercise among African, Western, and U.S. Counterterrorism forces. Directed by the Chairman of the Joint Chiefs of Staff, and sponsored by Joint-Special Operations Task Force-Trans Sahara (JSOTF-TS), the Special Operations Forces (SOF) exercise develops security capabilities and strengthens bonds among exercise participants. This year’s event, planned by Special Operations Command Africa (SOCAFRICA), had more than 500 participants from Burkina Faso, Canada, Chad, France, Italy, Mauritania, the Netherlands, Niger, Nigeria, Norway, Senegal, Spain, the United Kingdom, and the United States. … VATC’s support included world-class Counter-Terrorism (CT), Foreign Internal Defense (FID), and Counter-Insurgency (COIN) subject matter expertise from SOF leaders and operators, scenario development based on operational realities and existent and emergent threats, and scripting of customer tailored orders and injects to include Campaign Plans, Operational Orders, Fragmentary Orders, Order of Battle or Pattern Analysis Databases, Intelligence Fusion products, and Targeting Data. The company also provided 24/7 Joint Exercise Control Group (JECG) support to exercise participants through all phases of planning and execution of strategic, operational, and tactical missions.”
“INTERNATIONAL FIRE TRAINING CENTRE CREW COMMANDER INCIDENT COMMAND INITIAL ACTIONS OF THE CREW COMMANDER Throughout this note he means he/she and his means his/hers. INTRODUCTION Although the Incident Commander will have overall control of the accident or incident ground, it can happen, on occasion, that a Crew Commander, the vehicle and its crew can be the first to arrive. Under these circumstances, it will then fall to the Crew Commander to initiate the first actions necessary to mitigate the incident. This training note is designed to stimulate thought and discussion on the subject of the actions that may need to be considered at an incident, initially under the control of a Crew Commander. .. IFTC/CM/05/119/08/CREW COMMANDER INCIDENT COMMAND INITIAL/TRAINING NOTE/ACTIONS OF THE CREW COMMANDER/Page 7 of 7/ISSUE 2/FEBRUARY 2015 G:fire training globalAVIATIONCC Incident CommandInitialTng NotesActions of the CC Serco Internal”
“About Us Welcome to the International Fire Training Centre (IFTC). We are part of the globally respected services company, Serco.
International Fire Training Centre is the leading aviation fire training centre in the world. Since 1981 it has been located at Durham Tees Valley Airport in the North East of England in what was once a historic Royal Air Force base. During the Second World War it was home to a detachment from the Royal Canadian Air Force flying Lancaster bombers.
The centre is situated in the countryside between Middlesbrough and Darlington both of which are only a few miles away and the city of Newcastle lies 30 minutes away by train.
IFTC trained firefighters are the best in the world. As a graduate of our internationally renowned training centre you will become an elite firefighter of the highest calibre armed with the skills, knowledge and instincts necessary to deal with extreme emergencies at any location in any country.
The training we provide is thorough and rigorous and we set stringent and demanding standards. We have been training new and experienced firefighters from across the globe for decades and our facilities are second to none.
Extensive Dedicated Facilities
A 20 acre dedicated training site with world class simulators and the largest confined space rigs in the UK.
fully equipped classrooms with laboratory equipment to teach firefighting theory.
A virtual reality suite to test decision making under pressure in real time [Digital Fires and The Onion Router].
Our training is designed for those working in the aviation, marine, industrial and offshore sectors. We offer hands on, totally authentic ‘real life’ emergency scenarios including hot fire and black smoke situations. Dealing with chemical spills, confined space situations and casualty recovery are also included.
We train both dedicated firefighters and those whose duties include dealing with fires and other emergency situations. Our trainers are firefighting professionals with extensive hands on experience across all sectors including military, civil and industrial.
Certified and Accredited
All our courses are certified and accredited to meet international requirements including CAA, OPITO, JOIFF and STCW offering you absolute peace of mind. Alternatively we can arrange internationally recognised bespoke courses to meet your particular needs. A number of our courses are also certificated and accredited within the UK with standards including BTEC, City & Guilds and PTLLS.”
“Base One Technologies .. Clients Banking, Finance and Insurance
Oversee the integration of two separate networks, as well as business office operations Key participant in network architecture design for a network handling real time stock/bond trading world-wide.
Provide interactive access to equity markets in the Americas, Europe, Asia, Middle East & Africa
Engineer/implement architecture for client inter-entity links
Develop overall technical solutions including network components, physical and logical topologies, routing policies and disaster recovery schemes
Design ISDN solution for client network and provide contingency planning and disaster recovery design strategies
Participate in the operational turn down of the client network to migrate traffic to the Chase Network in a controlled manner
Management of all IPX issues on Data Highway (the entire USA local and Domestic) with a staff of two.
Performed network designs and provided guidance to different groups on requirements to implement networks on DH
Designed and installed an application specific DS3 ATM network off SONET Ring.
Redesigned Merrill Lynch’s External network, to provide redundancy (dynamically) between buildings.
Engineered and implemented the first true VLAN project for Merrill Lynch using Cisco’s 5500s and 5000 hardware
Authored the IGRP to EIGRP plan for Data Highway which consist of over 1000 routers.
Designed and Implemented a new Market Data Backbone for Merrill Lynch including the engineering of the distribution of the information.
Evaluated Cisco’s Voice Over IP, Voice Over Frame Relay and Voice Over ATM Technologies
Redesigned CITICORP North America OSPF/BGP router network using ATM as the primary transport media, with ISDN for backup.
Redesign various OSPF/BGP areas where sites within an area were closing and areas were merging.
Fine tune ABR routes within BGP Autonomous Systems to provide optimum routing.
Consolidate Tier 3 Feeder Routers in an effort to provide optimum routing and efficient bandwidth usage.
Redesigned the INTRA Area 0 transport medium using ATM and fine tune the routing configuration to provide logical resilience in case of Frame Relay link failures from the ABRs to the feeder sites.
Provide DEC LAT-to-IP and IP-to-LAT translations, Replace access method to SNA from RSRB to DLSw+ and IP
Feasibility study/cost analysis/ resource management/capacity planning for IP over ATM/Frame Relay migration
Architect new network design topology and increase bandwidth via DS3’s
Designed, deployed network architecture and disaster recovery solutions [on the onion router] that withstood 9/11/01 disaster without a single transaction failure despite carrier failure
Client Cards FDDI Migration Project – Architect, manage and implement the client backbone Network Migration from FDDI & token Ring to switched Fast Ethernet
Perform business analysis, feasibility study, budgetary estimate, project management, relocate and consolidate network data sites to new client facilities in support of network expansion. Plan implementation and roll-out Solutions
Site Survey, data collection, facilities management planning, data center environmental facilities planning and cable infrastructure to relocate and consolidate network data
Network management, 3rd level support in NOC
Client Mid-Range Data Center Relocation – consolidate, merge divergent networks, systems, data centers, decommission WAN bridged architecture
Design, implement,provision, procure new network solutions and fault tolerant architecture, architect contingency plan, site relocation cost analysis, Network Impact analysis, WAN bandwidth cost analysis, strategic business analysis, global project planning,enterprise router architecture
Consolidate and merge various technologies and equipment – routers, switches, Gigabit Ethernet, token ring, layer2 & 3 switching, IGRP, OSPF, BGP, (HRSP), DECnet Phase III & IV routing, DECnet, LAT bridging, SNA, DLSW+, SRB, SDLC Tunneling, Frame Relay, X.25, ISDN, ATM, VLAN, Point to Point Transport, SNMP, VAX, HP UNIX, EMS, VTAM”
“Corporate Diversity We are a Government Certified Women-Owned Business We practice Diversity Recruitment and Staffing for IT positions Base One was founded in 1994 by a women engineer who had made a career in technology research for many years. Base One has been very successful in focusing on diversity recruiting and staffing for IT projects. It has been our experience that the greater the diversity mix, the more creative the solution. As in any field the more diverse the viewpoint the more thorough your analysis. Our engineers can think out of the box. Because of our affiliations we have access to pools of resources among more diverse groups & individuals. We work with a large pool of minority professionals who specialize in IT skills. We are able to have access to these resources through our status as a D/MWBD firm and our affiliations. These affiliations assist us in working with resources among more diverse groups & individuals. We are also partnered with firms that are 8A certified as Minority firms, Disabled Veteran firms [such as Metris the coordinator of Jade Helm, see below], Native American firms, Vietnam veteran firms, women owned firms.”
“City A.M. Outsourcing firm Serco has finally received some good news .. After being asked last year to conduct an investigation into whether Serco staff had been misleadingly recording [tagged] prisoners as ready for court when they were not, the Crown Prosecution Service has accepted the view of the City of London Police and put Serco in the clear.”
Field McConnell, United States Naval Academy, 1971; Forensic Economist; 30 year airline and 22 year military pilot; 23,000 hours of safety; Tel: 715 307 8222
David Hawkins Tel: 604 542-0891 Forensic Economist; former leader of oil-well blow-out teams; now sponsors Grand Juries in CSI Crime and Safety Investigation