Photo Courtesy of Flikr.com
Fall Issue 2015
Maximum Se urity What simple things can you do to protect yourself from hackers? Page 10
What does it take to become part of a Presidential detail?
Page 30
What is TSA doing wrong and how can they fix it?
Page 24
The Experts Will See You Now...
6
Cyber Security
Identity Theft: The Modern Robbery
by Walker Homes
Identity theft is becoming more and more prevalent in America. Learn how it happens and how to avoid it.
10
The United States by ID Theft Cases 2014 by Walker Homes
Identity theft across the nation occurs in varying amounts. This map is an easy way to see where it is committed most and how much it happens near you.
Airport Security
24
Flying Security by Avi Distler
Millions of people travel on airplanes everyday and all of them will go through a TSA security checkpoint. In this article, the author will explore how TSA agents operate, the issues they have in their procedures, and how they can improve in the future.
28
Changes in Airport Security Since 9/11 by Avi Distler
The tragedies of 9/11 greatly changed the security procedures in the U.S.. This story will chronicle these changes, the events that caused them, and how they affected the number of passengers
Maximum Security- Page 2
12
Cyber Security by Christian Stromberger
Meet the people at the forefront of cyber security and get their take on the cyber security field. Learn the basics of cyber security and about the people that are working to keep your info safe.
16
How Hackers Hack by Christian Stromberger
Half of the American adult population will be hacked in their lifetime. Learn what techniques people use to hack you.
18
The Information Arms Race by Eli Cone
As our world becomes increasingly interconnected personal information is more valuable than ever. Learn about the “Arms Race” to defend your information.
22
Six Ways to Protect Yourself Online by Eli Cone
In the wake of the NSA scandal, people have been worried about who has their information. Learn the six ways that you can keep your information safe.
Presidential Security
30
Get Down Mister President! by Tucker Ebest
Presidential Security is growing more advanced with the numerous attacks on the president. Learn what it takes to become part of the security detail for the President.
32
How to Become Part of the Detail by Tucker Ebest
Learn how to become part of the Presidential detail through the Secret Service or through military academies using the author’s comparison of the two paths.
A Letter from the Editor Dear Readers,
Security is a broad subject to fit into one magazine, but I believe our writers have accurately shown the state of some of our nations most paramount endeavours in security. In this magazine, you will find issues covered such as cybersecurity; security against identity theft; password security; and the security of the leader of the free world himself: The President of the United States. Our contributers have interviewed leading experts in each of these fields for information, as well as people who have been up close or affected by these issues. The truth is that this is enough information for
By Walker Holmes you to be, for the most part protected in these specific issues, but it takes years of experience to become an expert in security. Because of this, we have wedged those many years of experience into one small magazine. So, whether you are sitting in your dermatologist’s waiting room or reading your favorite magazine for the 80th time, I hope that you feel a little bit more educated in the complex world of security after reading this. And that you find yourself more capable of keeping yourself, and your information, secure. Sincerely Yours, Walker Holmes, Editor-in-Chief Maximum Security - Page 3
Meet our Authors
Eli was driven by interest to research the increasing role of technology in our society and to understand its positive and negative impacts, in order to properly inform people about how the online world functions and connects people around the world. Eli likes engineering, and likes how it relates to technology. Eli’s hobbies include reading, robotics and rock climbing. He also enjoys observing how the world works, especially through science. Avi is an inquisitive freshman from Austin, TX, and he loves to explore. He is obsessed with understanding the world around him. Avi has been to both coasts of the continental U.S., Alaska, Canada, and England. Through all of his travels, Avi has been fascinated by how TSA airport security works and how they make decisions. He is planning on running track in the spring and is an avid dog lover. Avi also has interests in history, geography and sports statistics. Maximum Security - Page 4
Tucker loves sports, and has always been impressed with how fit the Presidential Security is. He has always wondered how tough it is to protect such an important political figure, who has historically been targeted by many attacks. He is impressed on how they were tasked with such an important role, and wanted to know the stories from some past detail members to know how tough it actually is.
Tucker has played baseball all of his life and likes playing basketball. He also enjoys fantasy football and chess. His favorite football player is Mike Nugent of the Cincinatti Bengals. Editor-in-Chief: Walker considered identity theft important to write about because it affects millions of Americans each year and can be rather easy to avoid, if the right steps are taken. People need to be educated on how to avoid it and how it most commonly occurs. Experts from the University of Texas Center for Identity weigh in on identity theft problems and evasion. Walker enjoys watching sports, especially baseball and football. His favorite teams include the New Orleans Saints and the New York Yankees. Christian is interested in cybersecurity because he has a background in programing with java. He used this as inspiration to write a feature story on this topic. His father also gave him inspiration because he works in this field. Christian hopes to help more people become interested in cybersecurity, so that the entire nation can eventually be protected from hackers. In his free time, Christian plays baseball. He participates in clubs, and plays chess with his friends. Maximum Security - Page 5
Identity Theft The Modern Robbery By Walker Holmes
A man walks down your street, pausing in front of your house. It’s the middle of the day, so he suspects that nobody’s home, but even if you were, you’re probably not guarding your mailbox. He reaches in and snatches all your mail. Most of it may be junk, but some of it comes from your credit card company, or your bank. He can use information found in these letters to steal your identity using social security numbers or prescreened credit card offers. It may not be as theatrical as a train robbery in the old west, or a gangster holding a bank hostage, but this is just as serious; this is identity theft.
Having your identity stolen can take months or even years to remedy, according to CNN Money in an article published this June. It is different from simply having your credit card number stolen, which can be solved with a quick phone call to the bank. An identity can be stolen using nothing but your social security number and a basic knowledge of the tax system Identity theft is a highly desirable path for criminals. Photo Courtesy of Flickr
About 15 Million US citizens are victims of identity theft each year Fraud is a serious problem here in America
This physical form of identity theft has a simple solution: check your mail, but Rachel German, a Ph.D candidate and member of the University of Texas at Austin Center for Identity (UTACI), says that most identity thefts occur online, when your credit card number is stolen after you input it into a website. Maximum Security - Page 6
“In addition to being extremely profitable, and not terribly difficult for the thieves and fraudsters, identity theft is a much safer crime than many traditional forms of fraud and theft, in that investigation and prosecution is far more difficult for law enforcement in many cases, and the pen-
alties when caught are generally far less and use secure severe,” says Ryan Anderson, the Out- words to protect your reach Program Manager for the UTACI. Courtesy of Shutterstock
passdata.
However, you are never completely
About 15 million US citizens are victims of safe from identity theft, says Chris Robidentity theft every year, which is roughly erts, the executive director of commu4% of US citizens, according to Anderson.
nications at the UT Law Department.
Photo Courtesy of Google Images
“ ...It is probably important to accept that no one is completely invulnerable to identity theft, because so many people and institutions hold access to your data that is out of your control,” Roberts says. Such was the case for the victims of identity fraud within the UT Law Department, who had their identities stolen despite security measures taken. However, this is a rare case. Most of the time it is rather easy to avoid identity theft. Roberts says, “If you make stealing from you hard, lowDespite this, avoiding most identity theft level thieves are likely to move on.” The University of Texas at Austin houses the Center for Identity
is actually rather simple. A few precautions can be taken, which is enough to scare off most potential hackers. In interviews with several experts from the University of Texas and found that, when asked how
You are never completely safe from identity theft
With a plethora of unprotected identities walking around, identity thieves have no reason to put in any more work than they have to, so doing things like using a complex password and not throwing away credit card receipts can go a long way.
German said that in order to be safe from identity fraud, one should learn to avoid identity theft, the most common about the different types of scams. answer was to monitor your banking Some of the most common ones include false emails and links on the inMaximum Security - Page 7
ternet, credit information being taken from your trash or mail box, and fraudulent IRS tax returns being filed in your name. Avoiding false emails is typically rather easy; if you don’t recognize Courtesy of Google Images
easiest way to avoid this is to use a site like optoutprescreen.com to prevent credit card companies from sending you promotional items that are prescreened. The other way thieves get paper copies of your credit card information is by lifting it out of your trash. There is a simple solution to this: “Don’t throw away old credit cards or credit card receipts or even junk mail without destroying them,” says Roberts.
John Koskinen, Comissioner of the IRS
Another form of identity theft, fraudulent IRS tax returns are becoming more and more of a problem for the IRS. According to a 2014 study completed by the Treasury Inspector General for Tax
“Don’t throw away old credit
the sender, or anything feels off about cards or credit card receipts the email, don’t open it. Sometimes, or even junk mail without hackers will pose as big websites, such destroying them,” says as Facebook or Spotify, and send you Roberts. emails that appear to be from those sites. If the address of an email doesn’t Administration, the number of taxpaymatch other emails you have received ers affected by identity theft in the first from that site, then don’t trust it. half of 2013 alone was 1.63 million, up from only 1.2 million in all of 2012. The Other forms of fraud can be harder trend has continued, a questioning to avoid, such as credit information of IRS Commissioner John Koskinen stolen from your mail or trash. Credit from the Senate Finance Committee card companies like to screen people’s revealing 2.7 million identities were credit then send them promotional stolen through the IRS system in 2014. items. so that people can file for their This sharp rise has forced the IRS to credit card easily. If a thief steals one of devote more and more resources to these prescreened promotional items, preventing identity theft every year. they can apply for a credit card in your name. According to an article published by Newsweek in October, the Maximum Security - Page 8
The unfortunate part for taxpayers is that the criminal needs only your social security number in order to perpetrate the fraud, so the only good way to avoid IRS tax fraud is to closely monitor your taxes and be careful where you Courtesy of Google Images
“We live in a time when if you make it easy for someone to steal from you, someone will.” Reknowned identity thief, Frank Abagnale
-Frank Abagnale
give away your social security number. Frank Abagnale, the famous identity thief and impostor portrayed by DiCaprio in Catch Me if You Can, famously said, “We live in a time when if you make it easy for someone to steal from you, someone will.”
Maximum Security - Page 9
Photo Courtesy of Google Images
Numbers refer to amount of ID theft cas10,930 es reported with total (47,057) fraud and ID theft cases in parentheses. 4,946
585 (5,135)
(25,015)
962 (8,428) 2,846 (24,798) 1,586
287 (3,255)
(13,057)
States with the most Identity Theft Complaints: 1. California (38,982) 2. Florida (37,059) 3. Texas (25,843) 4. New York (15,959) 5. Illinois (12,317)
38,982 (289,120)
4,579 (36,639)
6,460 (44,296)
542 (3,553)
The United States by Number of ID Theft Cases Reported in 2014 Maximum Security - Page 10
1,611 (12,167)
580 (6,537)
All Information Courtesy of Federal Trade Comission
319 (2,792) 3,229 (26,312) 310 (3,284)
693 (6,602)
4,283 (28,604)
1,506
914 (12,860) (8,721) 1,892 (14,461) 2,656 (16,926)
9,161 (67,865)
10,446 (80,101)
1,136 (9,770)
2,358 (22,265)
4,993 (42,340)
2,481 (16,281) 2,409 (13,376)
3,770 (27,847)
Most ID Theft Complaints per 100,000 People: 1. Florida (186.3) 2. Washington (154.8) 3. Oregon (124.6) 4. Missouri (118.7) 5. Georgia (112.7)
5,921 (55,458)
7,334 (57,838) 3,540 (29,356)
11,384 (89,910)
3,430 (28,489)
5,116 (37,422)
15,959 (117,456)
10,338 (84,582)
12,317 4,498 (73,355) (35,154)
7,195 (38,499)
25,843 (200,311)
726 (8,190)
402 (2,844)
699 (6,918)
3,071 (21,383)
7,144 (60,679) 731 (7,928)
5,734 (40,369)
37,059 (237,451)
By: Walker Holmes
Maximum Security - Page 足11
Cyber Security
Photo Courtesy of Google Images
By: Christian Stromberger Keeping a secure cloud is key to being safe
In 2013, 40 million people woke up to find that their credit card numbers had been compromised. Why? All of this happened because one Target got hacked. Because of this, it gave the hackers access to the large database of credit cards Target had stored. Everyone who shopped at Target and paid with a credit card had been compromised. This made the customer base Target had spent time building angry and upset, while inconveniencing companies like Visa because they had
Maximum Security- Page 12
to fix everyone’s credit card, says those days are long gone. and give people new ones. “The days of kids de According to Tim De- facing websites have been marest, senior director of replaced by money-driven global IT operations at Tes- threats from nation-states, sera Technologies, “things organized crime, ‘hacktivhave changed drastically ists’, as well as insiders to the from the early days of the company,” says Demarest. (commercial) Internet.” Today, there is a lot of Demarest says that money at stake when someone hackers used to just deface hacks into a company. That is websites, to show they had the main reason there are so some skill or to gain ranks many hackers out there just among other hackers. Un- waiting to expose your inforfortunately for us, Demarest mation. For example, when
Sony got hacked, the hackers gained illegal access to movies not yet released to the public, so they lost potential revenue. “[The hackers] extort money from the companies, Sony Picture Entertainment in this case, to either pay the criminals a certain amount of money and think tens and hundreds of millions [of dollars] or they would disclose that movie or make it available for free to the public,” says Brian Brostchi, the director of security solutions for Symantec Corporation.
mon cyber attack that we pro- to the computer, they also gain tect against would be called access to valuable company is what is referred to as spear phishing,” says Brotschi. information on that computer.
“The most common attack we protect against is what is referred to as spear phishing” -Brian Brostchi
Spear phishing, Brotschi says, is when a hacker sends a specific person an email that is crafted for them to be most likely to open a link or attachment included in the email. If the person opens the attachment, it downloads malicious code onto their computer that allows “The goal is not necesthe hackers to have access to what is on their computers. sarily to infect all individuals in an organization. It is to infect The goal of this is not to the right individuals that then Brotschi also says how affect the specific individuals, can lead the criminals to highhackers try to get into our it is to affect whole companies. valued assets, which they can computers. “...the most com- When the hackers gain access turn into money,” says Brotschi Spear Phishing
Photo Courtesy of Google Images Maximum Security- Page 13
Photo Courtesy of Google Images
Symantec is a major company that helps keep people cyberly secure
These high-valued assets can be many things. Brotschi says what hackers may do if Boeing Corporation got hacked. He says that if you are building airplanes and you have all of the plans and drawings stored inside of a database, email system or file servers the hackers may be able to gain access to that information, and they can sell them to a large number of competitors to Boeing. This would be highly valuable information for the competitors and they would be willing to pay a lot of money to get the information. Brotschi goes on to say how this is most certainly an illegal activity. He also mentions how his company and others like his Maximum Security- Page 14
help stop this from happening. entry to valuable information, and become very Another type of meth- profitable, says Sandell. od to hack into a computer Sandell says that this is where is a FSH dictionary attack. the cybersecurity companies come in, they stop the hack “[The hackers] just ers from wreaking havoc on have a program they run that the general population. Ofgoes in and tries to connect tentimes, cybersecurity comto every computer they can panies are there to make your connect to on Port 22 which company harder to attack than is the typical FSH port and if your neighbor’s. Imagine a robit connects successfully it has ber at a block of houses. One this big list of passwords, com- of the houses has an alarm on mon passwords, thousands of it, but the others do not. In this them, and it will just try every instance, the robber is more single password it can try and likely to rob the houses without see if it can break into that alarms on them. The ‘alarms’ machine,” says Bruce Sand- for cybersecurity companies ell, Field Engineer at Rocana. are automated detection systems that can detect various This is just another types of attacks on companies. way that hackers can gain
“So one of the biggest problems with cyber security is you can only look for the things you know to look for. If you never have experienced them or no one has ever reported them before, you don’t know what to look for,” says Sandell. Sandell’s company helps automate the search process, making it easier to detect activity out of the ordinary. This way, the companies do not need to know every way that a hacker can get in, because many times there are millions of entrances that hackers can use. With this software, it is very easy to detect a problem and fix it immediate-
“One of the biggest problems about cyber security is that you can only look for the things you know to look for” -Brian Brostchi
“I’ll go out to a customer’s site and I’ll install our software. I’ll work with them to understand what their environment is like and help them to start getting all the data from all these different systems and devices into our software.” Sandell says about what a typical work day for him is like. ly, before it gets out of hand. By teaching the people how to use the software, Sandell says he can help them more
easily detect and solve problems presented by hackers. The companies are now more adequately equipped in case of an attack, and they know what to do if an attack were to be launched against them. Brotschi was asked if the “good guys” will ever win, or if it is an infinite game of catchup. “Yes, the good guys do protect and have been protecting computer systems, computers and the infrastructure that we all rely on today... So I would say for the most part the good guys are ahead of the bad guys but it is most certainly is a cat and mouse type of game that is being played on a global scale and with very high stakes,” says Brotschi.
Stay safe! And always secure yousrself
Photo Courtesy of Google Images Maximum Security- Page 15
How Hackers Hack By Christian Stromberger
Have you ever wondered how hackers actually hack you? Here are three common types of hacking that can make hackers very rich. The first type of hacking that we will go over is spear phishing. Brian Brotschi says that this is when the hacker makes a specialized email that has a link or attachment on it and sends it to a targeted person (usually a person whose computer has access to a company’s clas-
1
sified information) who will click on it, it is called spear phishing. When they click the link, a virus gets downloaded onto their computer. Then the hacker can use the company information on the hacked computer to sell to competitors to that company and make money.
Photos Courtesy of Google Images Email : If you ned andy help at all just kilck on Help me save the world ad click lon link https: wwww,clickh.com
Click on the link to get your prize!
$ You Have a virus and the hacker has everything on this computer
Maximum Security- Page 16
$
$
$
$ $
The second type of hacking is the trojan horse scheme. According to Bruce Sandell, this is when a hacker sends out an advertisement that looks
2
Click Here! This is an ad from a trusted website!
The third and final type of I will go over is called a dictionary attack. Tech Target explains that this attack is where a hacker tries a very long list of common passwords on a
3
Login Username: Password:
Password Succsessful
Here you can see three types of hacking, spear phishing, trojan attacks, and dictionary attacks.
like one from a trusted source. When the person clicks on the ad, it downloads the virus, giving the hacker access to the computer.
$
$
You Have a virus and the hacker has everything on this computer
$
$ $
$
computer and eventually, one of the passwords will work. This type of hacking can be easily avoided if you have a password that is made from multiple phrases or have a wait period after several failed passcode attempts. Password Failed
1 minute later...
Password Failed
$
$
$ $
$ $
All three of these are illegal activities, and can make hackers very rich. Maximum Security- Page 17
THE INFORMATION ARMS RACE: Who wants access to your personal information, and why it is important. By Eli Cone
Maximum Security- Page 18
Courtesy of Pixabay
Your name is Pat. Today is a relatively slow and mundane Monday and you are momentarily left with nothing better to do but draw your smart phone and sift through pictures on Instagram. However, much to your dismay, you have been logged out and cannot recall what your password was in the first place. So you log into your e-mail, reset the password to something more memorable, like the password to your e-mail. Once again you are free to roam this online realm of memes, pictures of food, and selfies as far as the eye can see! Access to such a vast array of information is something we often take for granted. It’s often hard to recognize the immemorial arms race, the intricate game of cat and mouse across the centuries, one technological innovation after another, which made our entire technologically integrated way of living possible today. This game of cat and mouse is far from over, and the Internet is only the latest platform of innovation, and exploitation. For example, let’s say someone gains access to your (Pat) e-mail. They then have access to everything connected to that e-mail, this could be your Instagram and other social media, Amazon account, even online banking. If they have access to your private information,
online accounts, credit card number, social security, etc. You are no longer Pat, they are Pat, at least as far as all your online transactions are concerned. According to a 2015 Ponemon Institute Cost of Data Breach Report, the average data breach has increased to about 3.5 million dollars’ worth of damage. Within this statistic is consumer information, corporate data, and funds siphoned directly from Bank accounts. In addition, according to the 2015 Verizon Data Breach Report the industries we rely on the most are frequently targeted: Public Services with 50,315 recorded breaches in 2015 “We have been having this ‘arms race’ since the Lysians took a pebble of electrum... Struck a little shape on it and said it’s a coin,” says Josh Handell, an Austin based principal consultant for Catapult Systems with more than 20 years of experience in the software industry. With history as proof, the current problems we are facing are nothing new.
Maximum Security- Page 19
Photo courtesy of Pixabay
Providing security of information has been a concern of people and governments long before the age of the Internet. Handell gives the example of traveler’s checks in the 1840s and 50s. “When the Wild West was the Wild West they came up with the concept of traveler’s checks, and they had to know if a traveler’s check was a forgery” says Handell. “They solved that problem, and then technology caught up, and they came up with another way to solve it.” For as long as civilization has been around, Handell says, human nature has driven an ongoing arms race for informational security, from the dawn of language, to early trade, to the computer. The Internet is only the latest front in this conflict. “When we talk about security we are really talking about two discrete problems, encryption is a way to solve those problems, and cryptography is also a way to solve those problems. We are talking about authentication, and authentication is this idea that I really know you are you… and authorization is saying that you are allowed to do this task” says Handell. On the Internet, Handell says, the traditional method of ensuring authorization and authentication is the password in addition to some encryption or hashing software. For example, here is what most likely happens when you log into your e-mail account. First you enter in your password. Your password is the either hashed or encrypted. Encryption uses a key to convert the password or any information being exchanged into a nearly incomprehensible string of characters that can later be decoded. The two types of encryption include symmetrical encryption, where the information is encoded and decoded with the same key, and asymmetric encryption where the message can only be encrypted with a private key and decrypted with a public key. Hashing is similar to encryption, except hashes cannot be decrypted. For this reason most passwords are hashed. Hashes can also be “salted” meaning that a string of randomly generated numbers is also interspersed among the characters. Once the password has been hashed the resulting hash is then compared to the hashed password stored under your user name in a database. If the two match up, then that is what authenticates you, and you receive authorization to enter the system. Although the password is still frequently used across the majority of online businesses, the iconic image of the password as a protective bulwark for personal information can no longer stand up to the reality. “Just because a company didn’t think about it there is always a way to crack the code, some kind of authentication, some kind of encryption,” says Alex Useche, a certified ethical hacker and an ISO certified security
Maximum Security- Page 20
software engineer who works for Catapult Systems, “It doesn’t stay sound forever.” There are numerous methods of bypassing security, “You can use tools like brute force. Among password hackers there used to be a very famous one the late 90s, early 2000s called [John] the Ripper, where you just give the software a dictionary, the dictionary just contains a list of words, and the software will then try to use brute force to enter to get the passwords, and then just go and try different combinations.” Useche says. “System are getting a lot faster at that.” According to the 2015 Data Breach Investigations Report by Verizon the four most common methods of obtaining user data include hacks using stolen credentials, RAM Scrapers, Keyloggers, and Phishing. By obtaining administrative credentials hackers can download malicious software onto corporate computers. RAM Scrapers were used in the recent hacks on Target and Home Depot where the software was downloaded remotely onto credit card readers that collected the credit card numbers of customers. Keyloggers can be downloaded onto personal computers to document each press of a key, collecting user names, passwords, and credit card numbers. “One way that is very common right now is social engineering techniques. For example… An e-mail to somebody in this company who had access to the systems of software that were running their database… and they opened a document that wasn’t a legitimate document. [The file] took advantage of a flaw Word had that was running a program using system privileges. It took advantage of that to inject some malware into the computer which allowed the hacker to have control of that computer,” says Useche. What Alex Useche just described is called Phishing, and is a common example of social engineering. As online transactions become increasingly interconnected, with Twitter accounts linked to e-mail accounts, e-mail accounts linked to bank accounts, having access to one thing means that you have access to all of them. Taking advantage of this, social engineering techniques have become a prevalent, and effective method of breaking into personal accounts, and even the websites of large corporations and government agencies Useche says. This could be anything from Phishing to something as simple as the “forgot my password” option on a personal e-mail account. Using information available to me on Facebook accounts I was able to break into the emails of some of my family members, where I had almost immediate access to banking information, and business transactions (All I did was send some humiliating e-mails but you get the point). The software for many kinds of exploits, like Keyloggers, Ram Scrapers, John the Ripper, are even conveniently available online to download.
Last year’s Target hack provides an example of the devastating impact these kinds of attacks can have: According to the Target Website, Target had to spend more than 10 million dollars in liability to the 40 million people whose credit and debit cards were compromised.
technology. However, Bhansali says the main thing hindering the industry is that many people are still apprehensive to make use of this recently readily available technology. After all, can’t a fingerprint just be taken from a glass?
Hackers may come from a variety of different backgrounds, and have a variety of different motives.
“Whenever I identify a fingerprint, I either log into my computer or log into a website, [Bio Metrics] can be so secure that a hacker can hack the website, but they can’t get enough information to recreate a fingerprint on the other side.” Says Bhansali. “Also, even if they cut off my finger or get my fingerprint off of a glass, modern Bio Metric technology can actually test if a fingerprint is alive.”
“There are financial purposes. [Another] thing that a lot of people in the hacker community talk about now is that in the nineties, people were getting into hacking because they were curious. [They] were trying to find out how the Internet worked, and if they were able to penetrate a system they then had bragging rights within the hacker community,” Useche says. “They will use some kind of name that they will go under and will get some notoriety, and they will just kind of feel the rush of getting inside that system.” Traditionally, a major motive for hackers has been notoriety. This is still the case with many hackers, however, as business moved online, so did organized crime. Today many hackers seek out financial gains, stealing credit card numbers, identities, and draining bank accounts. In addition, groups of people calling themselves “hacktivists” such as the Anonymous have emerged. “Hacktivists will have some kind of political aim or social reason for getting access to the information they are trying to access,” says Alex Useche. “Hacktivism” often is targeted at large organizations or governments for the purpose of drawing attention to an issue. For example, the major Sony hack allegedly perpetrated by North Korean hackers in 2014 where hackers stole more than 40 gigabytes of sensitive data. As technology advances new problems arise, but so do innovative solutions. One potential solution beginning to catch on in the mainstream is Bio Metric authentication. “At the end of the day a traditional password is not secure because it is something you know” says Apurva Bhansali, the founder of Softex, an Austin based company that specializes in Bio Metric security. “When we come to Bio Metrics however, with fingerprint technology it is specifically matching something about you. A fingerprint in this case, which can not be altered or stolen, or it would take some really difficult doings to steal your fingerprint.
According to Bhansali much of the stigma against Bio Metrics is unfounded, and as this rapidly advancing technology becomes cheaper and more readily available we will soon see it incorporated into our everyday transactions. Bio Metric Authentication will soon be protecting our smart phones, laptops, and even credit cards . For example, Windows Hello which identifies facial features, voice authentication, or a fingerprint scanner. These can then be used with some other step, like using your phone to log into your computer, or a password perhaps, to provide significantly more secure authentication then just a password. This is only the beginning of the age of the Internet; we are far from the end of this game of cat and mouse. “It’s a human evolution. We will come up with a better way to do something, somebody will find a new way to exploit it, and we will find a way to protect that exploit,” Handell says. “ When the protection to that exploit becomes too painful somebody will come up with an even better way to do something that will be more secure than the previous method.” Our lives have already moved online, and things will only become more interconnected from here on out. As the traditional password becomes an outdated institution we will need to adopt new methods of protecting our personal information. The rate our technology is advancing demands that we adapt faster than ever before. In the coming decades we will might see the rise of the Internet of Things, and even Quantum Computing that can access any system we once thought secure. The “arms race” is far from over, but replacing the password is a good place to start.
Bio metric security is already widely employed by many government agencies, and is just recently beginning to catch on in the mainstream. Recently, Apple bought a Bio Metric company called AuthenTech. Their finger print scanners can now be found in the latest iPhone models, and Samsung smartphones also employ this
Maximum Security- Page 21
6 How Ways to Protect to Protect Yourself Yourself The internet may make commerce and daily interractions easier than ever, it also presents new dangers. As out lives move online information is easier to access than ever it is crucial that people understand how they cna protect themselves online.
1. Have a Strong Password And Don’t Reuse passwords Have strong passwords that are not reused in multiple accounts. Having a strong password makes it significantly harder to crack. According to the McAffee Security Advice Center a good password is longer than six characters, utilizes a combination of letters numbers and special characters, and does not spell out any recognizable word or pattern. However, according to the UT center for identity, the strength of your password matters little if you do not use discretion with your email.
Username:
Passowrd:
7.
2. Use descretion with your email Compose
Download free RAM You just won the lottery!!! I made $10,000 a day working from home Nigerian prince needs your help!
Your email is a valuable tool that people often use for just about everything. It is extremely important to remember that we must use our email wisely, in what we use it for and what information can be accessed from our your email. McAfee recommends never sending anything you would not want a stranger to see, like credit card information, social security numbers, or other private information over email. The UT Center for Identity also suggests asking tough questions to recover your email, using a secure encrypted email service, and to download encryption software.
3. Watch for scams and phishing attacks Have you ever visited a sketchy website only to discover that you are the 1,000,000 visitor, and have the chance to win a free prize!? Well, it is fake. The FCC counsels users not to trust these offers that are to good to be true because in reality they are; so as a general rule, fact check your every transaction on the internet to ensure that it is secure and trustworthy. This, however is difficult to do with Phishing attacks. Phishing attacks are disguised as emails from a trusted source, like a company or bank. On these emails there could be a link to a fake website. By clicking this link, a virus can be downloaded onto your computer, or the website may ask for personal information. To prevent Phishing attacks from taking advantage of you the FCC suggests that you not provide personal information for such emails. Furthermore, confirm that the email was sent by the company by calling them or visiting the actual website.
Maximum Security- Page 22
So sha frie to ha Me Ide live soc ide use
Photo co
CONGRATULATIONS!
THIS IS NOT A SCAM! YOU ARE THE 100,000,000th VISITOR!
Click Here
McCafee 212 Viruses Removed
6. Have Anti-Virus Software Running at All Times The great thing about anti-virus software is that it is not something you actively have to do to protect your computer. According to McAfee, good anti-virus software is capable of constantly running on your computer to prevent malware, adware, spam and identity theft.
Don’t overshare
fakebook
ocial Media has become an integral part of our everyday lives. We are entertaining and interesting information, communicate with ends, take perfectly cropped and filtered selfies. However, according the UT Center for Identity the interconnected nature of social media as its downsides. The depth of intimate details people post on Social edia can help hackers break into private accounts and create fake entities. This can have a devastating a effect on your career and your elihood. The UT Center for Identity recommends making sure your cial media accounts are set on private, and to not post personally entifying information like your birthdate or high school that can be ed to access personal accounts.
ourtesy of Pixabay
John Doe Hi! My mothers maiden name is Stewart, I went to Westside High School, and my birthday is September 31st. Please hack me!
8. Your computer may already be
infected
The best way to fight malware is to prevent it from ever reaching your computer in the first place. but sometimes it may already be too late. If your computer or device is infected there are a few peculiar activities to look for that give it away. According to the UT Center for Identity, these signs include unusual activity in the system, like slow downs, error messages, new icons you do not remember installing, and your computer may send you to unexpected websites or homepages. If this is the case for you then the UT Center for Identity suggests that you immediately stop using the computer for shopping, banking, and anything that involves passwords or personally identifying information. Check that your security software is running and up to date, and if so, set it to find and delete malware.
Maximum Security- Page 23
“TSA officers actually have a lot of latitude in determining whether somebody can go through procedural manual,” says Price, the airport security expert, shedding some light on how TSA agents oper
Flying Security Is TSA really keeping us safe? By Avi Distler
T
We have been fying in airplanes since the earlt 20th century, but are we safe when we fly today
he Transportation Security Agency is in charge of keeping us safe when we travel. However a report by ABC News in June 2015 says that when breach testing was done by undercover agents from the Department of Homeland Security, TSA airport staff failed to identify 95% of the prohibited and potentially dangerous items. In the aftermath of this report, people are asking: “Can we really trust TSA to keep us safe when we fly? According to the TSA website, their mission is to “Protect the nation’s transportation systems to ensure freedom of movement for people and commerce.” (TSA) The TSA was created in the wake of the tragedies of September 11, 2001 to help prevent similar attacks in the future. Using the Aviation Security Act as their guide, TSA has significantly tightened airport security (TSA). The TSA has also exponentially increased the amount of manpower used to keep airports secure. Unfortunately, these added measures have not been able to totally prevent incidents in airports. This has led to widespread criticism of the TSA’s practices and their agents in the media recently with headlines like “7 Reasons
Maximum Security-Page 24
the TSA Sucks (A Security Expert’s Perspective)” published on a website called Cracked.com. “It’s difficult to measure [the success of TSA agents] because [it is similar to estimating] how many times [someone has] not robbed your home because there was a light on inside and gave the appearance [that] the door was locked,” says Jeffrey Price, the owner of Leading Edge Strategies based in Denver, Colorado and an expert on Airport security, when asked about the effectiveness of TSA agents. TSA come from a wide range of backgrounds, but they all get the same type of training. “TSA’s initial officer training ranges from 135 to 225 hours of classroom and on-the-job training, depending on the position and technology located at their specific airport,” says Carrie Harmon, a TSA Regional Public Affairs Manager based in Washington D.C.. Harmon also says that the only requirements for hiring are being a U.S. Citizen or U.S. National at time
the security checkpoint or not. Literally it boils down to six sentences in rates.
of application submission, be at least 18 years of age at time of application submission, pass a Drug Screening and Medical Evaluation, and pass a background investigation, including a credit and criminal check. “We’re not able to hire college educated professionals into those roles because it is seemingly unaffordable. So we hire people who have general skills that can pass a security background check,” says David Fremont, a frequent traveler from Seattle, Washington, in a criticism of TSA’s hiring process. “I think that they are often times either overstaffed or understaffed depending on the circumstance. I also believe that there seems to be grave inconsistencies among the TSA representatives and [they are] very inconsistent between airports,” says Fremont, who was also highly critical of TSA and their agents. Fremont is a world traveler and has a Global Entry card that gives him access to the TSA Precheck line in every airport, but he has noticed major
Photo Courtesy of Wikipedia.com
inconsistencies from airport to airport in their handling of that line. He says that sometimes the TSA Precheck line, which is supposed to be for frequent travelers who need to move faster, is sometimes slower than the regular security line. At other times, when the Precheck line is not open, TSA agents are confused with how to deal with the Precheck travelers in the regular line. “[TSA Precheck] might be the right direction to go because the vast majority of the public aren’t a threat. So let’s narrow that down to people who really want to cause a problem. I think they [TSA] are going in the right direction,” says Price on the topic of TSA Precheck. Both Price and Fremont also used the words like “effective” and “reasonably well” when first asked to describe how good a job the TSA is doing. “It has been 14 years since 9/11 and we haven’t had any similar events in a hijacking of an airplane. In that regard, one must assume that individuals [who] aim to harm others are trying all the time, and yet have been unsuccessful,” says Fremont, despite being generally critical of TSA.
Maximum Security-Page 25
the
TSA agents have a hard job to do that includes having to make quick decisions that may anger some people. Most of the time TSA agents do an adequate job in choosing who to search, according to Price. They are given all the training they should need, including up to 225 hours of classroom and on-the-job training according to Harmon from the TSA’s Public Affairs Office. Harmon notes that over 20% of TSA agents are veterans and some agents do come in with experience in law enforcement. Another large group of agents are individuals who become agents in an effort to honor the memories or those who died on 9/11 according to Harmon. One of the biggest issues is that TSA agents face today, in the words of Harmon, is TSA agents have difficult jobs that are not always fully appreciated by travelers. Several sources suggested ways to improve the perception of the TSA and the problems exposed by the DHS report. Fremont suggested limiting the amount of people with TSA Precheck and adding more off-job training to help fix some of the problems he sees in his travels. He cites situations where backups occurred because of small technical mistakes made by newer agents. While increases in off-job training may not be imminent, other changes are in progress. In an address to congress in June, the new TSA Director, Peter V. Neffenger, says that the TSA will decrease the amount of TSA Prechecks to those who have applied and been approved. However, he also stated that TSA will encourage more people to sign up for the program which involves several interviews, a background check and a fee. Other countries have employed somewhat different airport security procedures. According to an article written by Daniel Wagner, CEO of a security firm called Country Risk Solutions, featured in the Huffington Post in 2014, stated that Israel Maximum Security-Page 26
Photo Courtesy of Wikipedia.com
Israel is widely considered at be at the forfront of airport security
is “the gold standard for establishing and maintaining security in all its forms” especially in airport security. At Israel’s main airport in Tel Aviv, passengers cars go through several forms of screening and passengers are interviewed by security officials even before they reach the ticket counter. Unlike airport security in the U.S., in Israel, passengers are not required to remove their shoes and the Israelis still only use metal detectors, according to Wagner. According to Price, copying the Israelis’ security system is easier said than done. “The challenge of using Israeli security here in the United States is just the scale. The Ben Gurion Airport has the same number of passengers that pass through annually as
Photo Courtesy of Flikr.com
Travelers move through a busy security checkpoint at the Seattle-Tacoma Airport
San Diego International Airport. So Photo Courtesy of The TSA does have its flaws, but no one let’s multiply that by several hundred Wikipedia.com can deny that they have an important thousand at this point. Somewhere job to do. According to the TSA, [around] 600-800 million the new proposed changes passengers per year in the should address the problems United States. Israel is doing exposed by the DHS report. like eight million,” says Price Everyday these men and on the topic of copying women work hard to keep Israel’s system. us safe and some have Price does suggest paid a price as evidence that we could implement by attacks on TSA agents some of the Israelis’ in New Orleans and Los procedures into the TSA’s Angeles. operating procedures. He also “Just take away all of the suggests the possibility of security and see what TSA implementing biometrics TSA is not perfect, but they have plans to improve. happens” says Price when similar to what is used in the asked about what would U.K.. Price strongly emphasized the point happen without the TSA keeping us secure.■ that TSA is still more effective than airport security in many other countries. Maximum Security-Page 27
How Airport Security has changed since 9/11? By Avi Distler
Millions
Much of our current airport security procedures were implimented after the tragedies of 9/11. This timeline shows these changes, the events that caused them, and what effect the events had on the number of passengers. Air Travel Passenge 780
2007:
TSA began requiring passengers toremove electronics such as laptops, video cameras, and other electronic devices from their bags during airport security. This change further slowed the speed of airport security lines.
760
liqiud 740
720
# of Passengers in Millions
700
680
2002:
According to data collected by the World Bank, There was a dramatic drop in travelers from 622,187,846 in 2001 to 598,410,415 in 2002.
660
640
620
600
580 2001
Maximum Security-Page 28
2006: According to the
TSA
LA Times, in 2006 all liquid, gels, and aerosols were restricted from carryons and TSA instituted mandatory shoe screening which increased the time spent by travelers in airport security lines.
2001: Following the 9/11 tragedy
the Aviation and Transportation Security Act (ATSA) is signed into law. This gave the federal government direct responsibility for airport screening and the Transportation Security Administration (TSA) is created to oversee security in all modes of travel causing stricter practices for airport security.
2003
Year
2005
2007 Year
2015: TSA failed to identify 67 out of 70 (95%) of fake
95%
ers in the U.S. by Year
2009:
Umar Faruk Abdulmutallab, a Nigerian citizen, attempted to detonate an explosive device concealed in his underwear. TSA worked with DHS, foreign partners, and air carriers to swiftly implement enhanced aviation
prohibited items in tests done by the Department of Homeland Security. This caused the acting director of TSA to reassigned and the new director was asked to appear before Congress to explain how TSA was going to fix the problems exposed b y the testes.
2014:
The United States set a record with the largest number of passengers in a calendar year with 762,560,000.
2015: According to the
New York Times, a man wielding a machete attacked TSA officers at the Louis Armstrong New Orleans International Airport. The man sprayed officers with wasp spray and then swung at them with a machete. No officers were seriously wounded by the attack, although one TSA agent was hit by a bullet during the ensuing gunfight.
security measures.
2010:
TSA deployed approximately 500 Advanced Imaging technology units to airports nationwide, fulfilling its goal to implement this highly effective security tool. According to TSA, “[This] advanced imaging technology represents the best available technology to safely screen passengers for metallic and non-metallic threats including weapons, explosives and other objects concealed under layers of clothing without physical contact.�
2009
2011
Year
2013
# of Passengers
2015
Maximum Security-Page 29
Get Down Mr. President!
E
Presidential Security By: Tucker Ebest
verything comes full circle in life. You may hear this phrase often, and don’t think much about it. You probably do not actually think about the true meaning of the phrase, like Greg Davis did. Now, he may seem like an ordinary person if you pass him on the street, or see him at one of his sons football games. You might not think much of him, besides that he is supporting his kid, like any other parent. The truth is far from that, though he is supporting his kid. Greg has brought an amazing story with him through his life, and has worked with many individuals that people dream of meeting. Greg Davis’s life really did come full circle when he got to work presidential detail for Mr. Reagan and Bush during their times in presidency. Presidential Detail is protecting the president in all ways possible, to ensure safety. Greg and his team would plan where the president would go, make sure the location was safe, act as bodyguards, and overall, protect the president. Now, he did not get this opportunity easily, he had to go through many years at universities and go through rigorous training. That is not all he did to serve the country though. He also worked in the military, which helped him get the opportunity. This is not everything you need to become detail for somebody this important to the United States of Maximum Security - Page 30
America. Greg had to graduate at the top of his class at the Marine Boot Camp. From there, he went to MOS school (Military Occupational Specialization), which for him was 5811 Military Police. After graduating from the top of his class there, he got selected for the U.S. Marine HMX-ONE Presidential Security Detail. Photo Courtesy of Greg Davis
Greg Davis, who worked Presidential Datail.
“I was honored to be selected for this assignment and I was surrounded by extremely talented individuals.” Greg Davis says.
success and the pressure put on him. Cole does not think it is really pressure that his father is very successful in life, he more thinks of it as motivation to allow him to do even better in the future. Photo Courtesy of Google Images
Greg Davis says. He is very grateful for the option to be in such an important role. This experience, believe it or not, was not his first choice in life. Most people that end up in Presidential Detail had this goal from a very early age, hoping to serve the country by protecting the president. But for Greg, before wanting to be on Presidential Detail, he wanted to be an olympic gymnast. He appeared on the training squad for the team, but a broken arm kept him from his goal. The tragic injury kept him from his original goal, but gave way to another amazing career path, that Greg Davis embarked upon later down the road.
“Though I did not succeed in the Olympic quest, I learned, from strong leadership, that I needed to turn my desire and commitment to other goals in my life.” says Greg Davis, describing how he turned his focus from olympic athlete to Presidential Detail. He learned not to dwell on the past, instead, make an impact on the future. The work Greg Davis did on Detail did not only affect himself, the president, or the United States. It has had a major affect on his family, especially on Cole Davis, his middle child. “I first learned about what my dad did when I was in 3rd grade at Veterans Day at Gullett Elementary,” Cole Davis says, who is the son of Greg Davis. Cole felt his life changed when he learned what his dad did, but did not feel discouraged by his father’s
Cole Davis’ father worked presidential security.
“I don’t feel a lot of pressure, because I know that if he did good I will.” says Cole Davis.
He said that he is going to try his best to make an impact on the world, just like his father. Greg Davis and his wife are often away from home working as police officers, or in Greg Davis’s instance, also training cadets, so Cole does not get to see his parents much, and lives at his grandparents house on Lexington Avenue.
Maximum Security - Page 31
“I don’t see them until the end of the day so I cherish it whenever I can.” says Cole Davis. who is glad to see his parents being successful in their fields of work, and hopes that he can be successful like them someday.
the lack of resources, they rely on the local law enforcement. They help with the knowledge of the landscape, and contributed many agents to work alongside the Secret Service. Without the local law enforcements, the jobs for the Secret Service would be much harder. Though it took a lot of time to get to where he ended, the end result was rewarding. He got to do what he wanted to do, which was stay in Texas for some time. That is the reason he choose to do detail on Lady Bird Johnson and the Vice President of the United States. By choosing that, he got to stay in Texas for a little more time.
“Everything comes full circle in life - so I take a deep satisfaction knowing that I served my Country, the United States Marine Corps, and currently the State of Texas with commitment and dedication. I can only hope that for the men and women For David Chaney, he had a different proPhoto Courtesy of David Chaney that I serve, and have served with, know that they came first” Greg Davis says, referring to all of his past co operatives and now trainees. Greg is not the only person who had an incredible job with memories that last a lifetime. David Chaney worked a similar job as Greg Davis, but with different important icons. David Chaney, who used to work detail for Vice President Al Gore and Dick Cheney, as well as Ms. Lady Bird Johnson, also trained many people while in the International Training Division. David trained 3,000 officials while there, who were mainly from foreign law enforcements. “ I loved being able to impart knowledge to other individuals...we were able to impart skills and practical investigative techniques that they could take back to their assignments and teach to their comrades.” David was a part of the Secret Service, which has limited resources. Because of Maximum Security - Page 32
David Chaney on detail with the Secret Service. cess than Greg Davis, since he was in the Secret Service. “All Agents are destined to eventually bechosen for some type of permanent protective assignment it is part of the job... Agents have a preference list they maintain listing their choices of which assignment they would prefer.”
He chose Lady Bird Johnson Detail and Al Gore Detail for his list of preferences. From 1990 to 1997, he worked at the Dallas Field Office, but then he was given the detail assignment. After he completed his assignment, he trained 3,000 trainees and then eventually stopped work at the Secret Service. Greg Davis and David Chaney both trained or are training many people during their line of duty. This is a very important thing for ex operatives to do, so they can pass the knowledge to future detail members, and give them advice from agents who actually worked on the force. This way, the cadets and trainees do not get their information from a textbook, but from a person who has been in the situations the cadets will encounter in the future. This way, the instructor can tell them how to act accordingly to situations that they will encounter, not just what is in written text of a handbook on presidential security. “As a young lad, I knew I was going to serve my country at some point; So not serving was not ever going to be an option. I am thankful for the opportunities I have had and serving in the Marines was a tremendous honor to be part a tradition that has been around for over 200 years.” Greg Davis says, since he knew that he was going to serve the country in some way. He originally wanted to represent the country in the olympics, but he put his knowledge and quick thinking to use in Presidential Detail. He also served the country as a Lance-Corporal in the military, before he got upgraded to Presidential Detail. David Chaney helped serve with many assignments such as detail for Vice Presidents Al Gore and Dick Cheney, as well as Mrs. Lady Bird Johnson, and has done a lot of
work at the field office in Dallas. They have succeeded in something most people could not handle, and many don’t get the opportunity. They were blessed with the chance, and they took advantage of it, while serving the country at the same time. Both have done a lot of work not just for their country though , but have set an example for their family. Photo Courtesy of David Chaney
David Chaney working with local police officers.
“ I am very proud to call him my dad” says Cole Davis. he is very proud of all of his father’s achievements, and happy that he will get to serve the country some day too. Maximum Security - Page 33
Academies By Tucker Ebest In 1802, the United States Military Academy was made, helping train the militia, and in November 1864 they put four opperatives to protect Lincoln. West Point Academy produces 1000 graduates per year, and they go into the military generally. Greg Davis went into the Marine boot camp, and through Military Occupational Specialization (MOS) schools, and after graduating top of his class, he got picked for Presidential Security. People go through many different paths to get to Detail though.
The Academies train cadets to work at many different jobs, including: •Military opperative •Presidential Security •Coast Guard •Marine/Navy •Detail for other important political figures like the Vice President, Presidents family, and other family members of the President and Vice President.
There are 5 main U.S. Service Academies that train cadets to be on the force to help protect the United States and it’s important figures.
Maximum Security - Page 34
Secret Service By Tucker Ebest In 1894, the Secret Service assigned a small detail to protect the pesident, which was discontinued shortly after it gained eyes in the public. In 1902, though, they put Secret Service members on Presidential Detail. According to www.secretservice.gov, there are aproximately 3200 agents in the Secret Service, but only 1300 are uniformed officers. The rest of the members are technitians. The Secret Service is a small organization that relys heavily on local service to aid on opperations. According to David Chaney, the local services supply manpower and knowledge of the layout of the area to help the Secret Service.
The Secret Service helps protect: •The President and Vice President •Direct family members of the President and Vice President •Visiting heads of state from foreign countries and their family •Major Presidential Candidates within 120 days of election and their family. •Other people that are designated for Executive order by the President of the United States.
The Headquarters of the Secret Service is in Washington D.C., and has agents assigned to 136 field offices, According to https://whitehouse.gov1.info/secretservice/
SS
Maximum Security - Page 35