>From - Sat Mar 02 00:57:17 2024
Received: by 10.100.37.4 with SMTP id k4mr5723042ank.22.1247070640259;
Wed, 08 Jul 2009 09:30:40 -0700 (PDT)
Return-Path: <jm..._at_tscm.com>
Received: from smtpauth00.csee.onr.siteprotect.com (smtpauth00.csee.onr.siteprotect.com [64.26.60.144])
by gmr-mx.google.com with ESMTP id 15si1646213gxk.0.2009.07.08.09.30.39;
Wed, 08 Jul 2009 09:30:40 -0700 (PDT)
Received-SPF: neutral (google.com: 64.26.60.144 is neither permitted nor denied by best guess record for domain of jm..._at_tscm.com) client-ipd.26.60.144;
Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 64.26.60.144 is neither permitted nor denied by best guess record for domain of jm..._at_tscm.com) smtp.mail=jm..._at_tscm.com
Received: from Raphael.tscm.com (unknown [72.70.123.211])
(Authenticated sender: jm..._at_tscm.com)
by smtpauth00.csee.onr.siteprotect.com (Postfix) with ESMTP id 9DF5F7580AC
for <TSCM-..._at_googlegroups.com>; Wed, 8 Jul 2009 11:30:37 -0500 (CDT)
Message-Id: <7.0.1.0.2.20090708120718.15b76060_at_tscm.com>
X-Mailer: QUALCOMM Windows Eudora Version 7.0.1.0
Date: Wed, 08 Jul 2009 12:25:04 -0400
To: TSCM-L <TSCM-..._at_googlegroups.com>
From: "James M. Atkinson" <jm..._at_tscm.com>
Subject: Bomb parts smuggled into 10 federal buildings during test
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="===========_670664968=.ALT"
As some of you are aware, Federal buildings are some of the porous,
and poorly defended locations, and that a TSCM person can document
dozens, if not hundreds of serious problems in any government
building they visit.
To date, every sanctioned or unsanctioned vulnerability study I have
performed on any federal building, location, and site has resulted in
some pretty ugly findings including finding alarm systems that had
been bypassed, top secret document just thrown into dumpsters,
shredders/incinerators not working properly, classified documents
being left out in the open in insecure areas, wireless WLAN access
points being connected to classified networks, gaping holes in
routers, concentrators, and multiplexors, COMSEC equipment being
tampered with, SCIFs being compromised, Crypto leaking all over the
place, and so an on ad nauseam. Door sweeps letting audio leak out,
high ranking officials who talk about cassified matters on what they
think are secure lines (hint: cordless phones), wireless intercom
systems, actual bugs and wiretaps put in place by foreign sites,
microphones being used as part of a security system of a room, and
passing room audio out of classified areas, wireless microphone and
keyboard galore, cordless phones in secure areas, classified traffic
on Crackberries, classified conversations in insecure areas, major
structural integrity problems that makes secrets leak, lighting and
security systems that do not work properly, and so on.
In fact it is very difficult for me to visit a "secure" location and
not find some gapping holes in security given 24 hours (3, eight hour
days or more) of inspections. I still get teased about covertly
breaking into a Top Secret SCIF and breaching a vault door a few
years ago armed with nothing more then a dime in less then 2 minutes.
Bomb parts smuggled into 10 federal buildings during test
By Mike M. Ahlers
CNN
WASHINGTON (CNN) -- Plainclothes investigators sent to test security
at federal buildings in four U.S. cities were successful in smuggling
bomb components through guard posts at all 10 of the sites they
visited, according to a government report.
The investigators then assembled the bombs in restrooms and freely
entered numerous government offices while carrying the devices in
briefcases, the report said.
The buildings contained offices of several federal lawmakers as well
as agencies within the departments of State, Justice and Homeland
Security, which is responsible for safeguarding federal office buildings.
CNN obtained the report late Tuesday, ahead of its expected release
Wednesday at a hearing of the Senate Committee on Homeland Security
and Governmental Affairs.
The Government Accountability Office, the investigative arm of
Congress, conducted the tests to check on the effectiveness of the
Federal Protective Service .The FPS protects federal buildings by
having about 1,200 federal law enforcement officers oversee an army
of 13,000 private security guards.
In a videotape obtained by CNN, a covert GAO inspector places a bag
containing bomb components on an X-ray machine conveyor belt and then
walks through a magnetometer at an unidentified federal building.
Unlike some covert tests that use simulated explosives, the GAO used
actual bomb components in the test and publicly available information
"to identify a type of device that a terrorist could use" to damage a
building.
"The (improvised explosive device) was made up of two parts -- a
liquid explosive and a low-yield detonator -- and included a variety
of materials not typically brought into a federal facility by an
employee or the public," the report says. Investigators obtained the
components at local stores and over the Internet for less than $150,
the report says.
After the components were smuggled into the building and assembled,
the GAO says, it took steps to ensure the device would not explode.
But to demonstrate the device's destructive power, the GAO videotaped
the detonation of several devices at a remote site.
The GAO also released a photograph of a guard asleep at his post and
detailed an instance in which a woman placed an infant in a carrier
on an X-ray machine while retrieving identification. Because the
guard was not paying attention and the machine's safety features had
been disabled, the infant was sent through the X-ray machine,
according to the report.
The FPS dismissed the guard, who, as a result, sued the agency for
failing to provide X-ray training. FPS lost the suit because it could
not prove that the guard had been trained, the report says.
All of the buildings involved in the test were "Level IV" buildings,
meaning they housed more than 450 federal employees and have a high
volume of public contact. The GAO has declined to identify the
specific buildings "because of the sensitivity of some of the
information in our report," the report says.
The GAO said that FPS has taken several steps to improve oversight of
the guard program in response to the GAO investigation.
Specifically, the FPS has authorized overtime to conduct guard post
inspections during off-business hours and is conducting its own
tests. It has also moved to standardize inspections of guard posts
across the country.
In prepared testimony, FPS Director Gary Schenkel said, "It was
apparent FPS was experiencing some serious challenges" when he
arrived at the agency in early 2007. Schenkel says the FPS has been
focused on "standardizing its practices."
"When GAO presented its findings several weeks ago, we took it very
seriously," Schenkel's testimony says. Within three hours of learning
of the issued identified by the GAO, he increased the number of
inspections of guard posts, he said. He has also established a team
to "aggressively attack" the challenge of overseeing the contract
guard program, he said.
Sen. Joseph Lieberman, I-Connecticut and chairman of the Homeland
Security Committee, called the test results "simply unacceptable."
"We knew that the FPS was a troubled agency, but that GAO could
penetrate security at these buildings and make bombs without
detection is truly shocking," he said.
The security lapses "show a disturbing pattern by the Federal
Protective Service of poor training, lapsed documentation, lax
management, inconsistent enforcement of security standards and little
rigor," added Sen. Susan Collins, R-Maine, the committee's ranking member.
The GAO report concludes that FPS "does not fully ensure that its
guards have the training and certifications required to stand post at
federal facilities."
The GAO says it visited six of the 11 FPS regions and that in all six
regions, FPS did not require some of its guards to complete the
mandatory 128 hours of training.
In one region, FPS "has not provided the required 8 hours of (X-ray)
or magnetometer training to its 1,500 guards since 2004," the report says.
The report also says FPS does not have a national guidance on how
often FPS inspectors should check on the contract guards. In several
instances when inspectors have checked on guards, they found
"instances of guards not complying with post orders."
In one case, the GAO report says, a guard was caught using government
computers to manage a for-profit adult Web site.
David Wright, president of a union which represents about 1,000
federal employees, said the study shows the FPS is in a "pretty sad state."
"I do not believe that adequate training is provided (for the
contract guards)," he said. "I think it is very unequal -- kind of a
mish-mash across the country. In some cases we leave training up to
the contractor, and (it) clearly is not sufficient."
Wright says his immediate goal is to have federal officers -- not
contract guards -- protect Level IV buildings, and ultimately to have
them protect Level III buildings as well.
----------------------------------------------------------------------------------------------------
James M. Atkinson Phone: (978) 546-3803
Granite Island Group Fax: (978) 546-9467
127 Eastern Avenue #291 Web: http://www.tscm.com/
Gloucester, MA 01931-8008 E-mail: mailto:jm..._at_tscm.com
http://www.linkedin.com/in/jamesmatkinson
----------------------------------------------------------------------------------------------------
No enterprise is more likely to succeed than one concealed from the
enemy until it is ripe for execution. - Machiavelli, The Prince, 1521
--===========_670664968=.ALT
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html>
<body>
As some of you are aware, Federal buildings are some of the porous, and
poorly defended locations, and that a TSCM person can document dozens, if
not hundreds of serious problems in any government building they visit.
<br><br>
To date, every sanctioned or unsanctioned vulnerability study I have
performed on any federal building, location, and site has resulted in
some pretty ugly findings including finding alarm systems that had been
bypassed, top secret document just thrown into dumpsters,
shredders/incinerators not working properly, classified documents being
left out in the open in insecure areas, wireless WLAN access points being
connected to classified networks, gaping holes in routers, concentrators,
and multiplexors, COMSEC equipment being tampered with, SCIFs being
compromised, Crypto leaking all over the place, and so an on ad nauseam.
Door sweeps letting audio leak out, high ranking officials who talk about
cassified matters on what they think are secure lines (hint: cordless
phones), wireless intercom systems, actual bugs and wiretaps put in place
by foreign sites, microphones being used as part of a security system of
a room, and passing room audio out of classified areas, wireless
microphone and keyboard galore, cordless phones in secure areas,
classified traffic on Crackberries, classified conversations in insecure
areas, major structural integrity problems that makes secrets leak,
lighting and security systems that do not work properly, and so
on.<br><br>
In fact it is very difficult for me to visit a "secure"
location and not find some gapping holes in security given 24 hours (3,
eight hour days or more) of inspections. I still get teased about
covertly breaking into a Top Secret SCIF and breaching a vault door a few
years ago armed with nothing more then a dime in less then 2
minutes.<br><br>
-jma<br><br>
<br><br>
<a href="http://www.cnn.com/2009/POLITICS/07/07/federal.buildings.securit=
y/index.html" eudora="autourl">
http://www.cnn.com/2009/POLITICS/07/07/federal.buildings.security/index.htm=
l</a>
<br><br>
Bomb parts smuggled into 10 federal buildings during test<br>
By Mike M. Ahlers<br>
CNN<br><br>
WASHINGTON (CNN) -- Plainclothes investigators sent to test security at
federal buildings in four U.S. cities were successful in smuggling bomb
components through guard posts at all 10 of the sites they visited,
according to a government report.<br><br>
The investigators then assembled the bombs in restrooms and freely
entered numerous government offices while carrying the devices in
briefcases, the report said.<br><br>
The buildings contained offices of several federal lawmakers as well as
agencies within the departments of State, Justice and Homeland Security,
which is responsible for safeguarding federal office buildings.<br><br>
CNN obtained the report late Tuesday, ahead of its expected release
Wednesday at a hearing of the Senate Committee on Homeland Security and
Governmental Affairs.<br><br>
The Government Accountability Office, the investigative arm of Congress,
conducted the tests to check on the effectiveness of the Federal
Protective Service .The FPS protects federal buildings by having about
1,200 federal law enforcement officers oversee an army of 13,000 private
security guards.<br><br>
In a videotape obtained by CNN, a covert GAO inspector places a bag
containing bomb components on an X-ray machine conveyor belt and then
walks through a magnetometer at an unidentified federal building. Unlike
some covert tests that use simulated explosives, the GAO used actual bomb
components in the test and publicly available information "to
identify a type of device that a terrorist could use" to damage a
building. <br><br>
"The (improvised explosive device) was made up of two parts -- a
liquid explosive and a low-yield detonator -- and included a variety of
materials not typically brought into a federal facility by an employee or
the public," the report says. Investigators obtained the components
at local stores and over the Internet for less than $150, the report
says.<br><br>
After the components were smuggled into the building and assembled, the
GAO says, it took steps to ensure the device would not explode. But to
demonstrate the device's destructive power, the GAO videotaped the
detonation of several devices at a remote site.<br><br>
The GAO also released a photograph of a guard asleep at his post and
detailed an instance in which a woman placed an infant in a carrier on an
X-ray machine while retrieving identification. Because the guard was not
paying attention and the machine's safety features had been disabled, the
infant was sent through the X-ray machine, according to the
report.<br><br>
The FPS dismissed the guard, who, as a result, sued the agency for
failing to provide X-ray training. FPS lost the suit because it could not
prove that the guard had been trained, the report says.<br><br>
All of the buildings involved in the test were "Level IV"
buildings, meaning they housed more than 450 federal employees and have a
high volume of public contact. The GAO has declined to identify the
specific buildings "because of the sensitivity of some of the
information in our report," the report says.<br><br>
The GAO said that FPS has taken several steps to improve oversight of the
guard program in response to the GAO investigation.<br><br>
Specifically, the FPS has authorized overtime to conduct guard post
inspections during off-business hours and is conducting its own tests. It
has also moved to standardize inspections of guard posts across the
country.<br><br>
In prepared testimony, FPS Director Gary Schenkel said, "It was
apparent FPS was experiencing some serious challenges" when he
arrived at the agency in early 2007. Schenkel says the FPS has been
focused on "standardizing its practices."<br><br>
"When GAO presented its findings several weeks ago, we took it very
seriously," Schenkel's testimony says. Within three hours of
learning of the issued identified by the GAO, he increased the number of
inspections of guard posts, he said. He has also established a team to
"aggressively attack" the challenge of overseeing the contract
guard program, he said.<br><br>
Sen. Joseph Lieberman, I-Connecticut and chairman of the Homeland
Security Committee, called the test results "simply
unacceptable."<br><br>
"We knew that the FPS was a troubled agency, but that GAO could
penetrate security at these buildings and make bombs without detection is
truly shocking," he said.<br><br>
The security lapses "show a disturbing pattern by the Federal
Protective Service of poor training, lapsed documentation, lax
management, inconsistent enforcement of security standards and little
rigor," added Sen. Susan Collins, R-Maine, the committee's ranking
member.<br><br>
The GAO report concludes that FPS "does not fully ensure that its
guards have the training and certifications required to stand post at
federal facilities."<br><br>
The GAO says it visited six of the 11 FPS regions and that in all six
regions, FPS did not require some of its guards to complete the mandatory
128 hours of training.<br><br>
In one region, FPS "has not provided the required 8 hours of (X-ray)
or magnetometer training to its 1,500 guards since 2004," the report
says.<br><br>
The report also says FPS does not have a national guidance on how often
FPS inspectors should check on the contract guards. In several instances
when inspectors have checked on guards, they found "instances of
guards not complying with post orders."<br><br>
In one case, the GAO report says, a guard was caught using government
computers to manage a for-profit adult Web site.<br><br>
David Wright, president of a union which represents about 1,000 federal
employees, said the study shows the FPS is in a "pretty sad
state."<br><br>
"I do not believe that adequate training is provided (for the
contract guards)," he said. "I think it is very unequal -- kind
of a mish-mash across the country. In some cases we leave training up to
the contractor, and (it) clearly is not sufficient."<br><br>
Wright says his immediate goal is to have federal officers -- not
contract guards -- protect Level IV buildings, and ultimately to have
them protect Level III buildings as well.<br><br>
<br>
Find this article at: <br>
<a href="http://www.cnn.com/2009/POLITICS/07/07/federal.buildings.securit=
y/index.html" eudora="autourl">
http://www.cnn.com/2009/POLITICS/07/07/federal.buildings.security/index.htm=
l</a>
<br>
<br><br>
<br>
<x-sigsep><p></x-sigsep>
---------------------------------------------------------------------------=
-------------------------<br>
James M.
Atkinson &=
nbsp; &nbs=
p;
Phone: (978) 546-3803<br>
Granite Island
Group &nbs=
p;
Fax: (978) 546-9467<br>
127 Eastern Avenue
#291  =
;
Web:
<a href="http://www.tscm.com/" eudora="autourl">http://www.tscm.com/<br=
>
</a> Gloucester, MA
01931-8008  =
;
E-mail:
<a href="mailto:jm..._at_tscm.com" eudora="autourl">mailto:jm..._at_tscm.com<=
br>
</a> <b>
<a href="http://www.linkedin.com/in/jamesmatkinson" eudora="autourl">
http://www.linkedin.com/in/jamesmatkinson<br>
</a></b>
---------------------------------------------------------------------------=
-------------------------<br>
No enterprise is more likely to succeed than one concealed from the
<br>
enemy until it is ripe for execution. - Machiavelli, The Prince,
1521 </body>
</html>
--===========_670664968=.ALT--
Received on Sat Mar 02 2024 - 00:57:17 CST
This archive was generated by hypermail 2.3.0
: Sat Mar 02 2024 - 01:11:44 CST