security threats-AP Reports EPA’s Pruitt Spent Millions On Security, Travel
Environmental Protection Agency chief Scott Pruitt’s concern with his safety came at a steep cost to taxpayers as his swollen security detail blew through overtime budgets and at times diverted officers away from investigating environmental crimes.
Altogether, the agency spent millions of dollars for a 20-member full-time detail that is more than three times the size of his predecessor’s part-time security contingent.
EPA spokesman Jahan Wilcox cited “unprecedented” threats against Pruitt and his family as justification for extraordinary security expenses such as first-class airfare to keep him separate from most passengers — a perk generally not available to federal employees.
But Pruitt apparently did not consider that upgrade vital to his safety when taxpayers weren’t footing the bill for his ticket. An EPA official with direct knowledge of Pruitt’s security spending said the EPA chief flew coach on personal trips back to his home state of Oklahoma.
The EPA official spoke on condition of anonymity for fear of retaliation.
New details in Pruitt’s expansive spending for security and travel emerged from agency sources and documents reviewed by The Associated Press. They come as the embattled EPA leader fends off allegations of profligate spending and ethical missteps that have imperiled his job.
Shortly after arriving in Washington, Pruitt demoted the career staff member heading his security detail and replaced him with EPA Senior Special Agent Pasquale “Nino” Perrotta, a former Secret Service agent who operates a private security company.
The EPA official knowledgeable about Pruitt’s security spending says Perrotta oversaw a rapid expansion of the EPA chief’s security detail to accommodate guarding him day and night, even on family vacations and when Pruitt was home in Oklahoma.
Perrotta also signed off on new procedures that let Pruitt fly first-class on commercial airliners, with the security chief typically sitting next to him with other security staff farther back in the plane. Pruitt’s premium status gave him and his security chief access to VIP airport lounges.
The EPA official said there are legitimate concerns about Pruitt’s safety, given public opposition to his rollbacks of anti-pollution measures.
But Pruitt’s ambitious domestic and international travel led to rapidly escalating costs, with the security detail racking up so much overtime that many hit annual salary caps of about $160,000. The demands of providing 24-hour coverage even meant taking some investigators away from field work, such as when Pruitt traveled to California for a family vacation.
The EPA official said total security costs approached $3 million when pay is added to travel expenses.
Wilcox said Pruitt has faced an unprecedented number of death threats against him and his family and “Americans should all agree that members of the President’s cabinet should be kept safe from these violent threats.”
A nationwide search of state and federal court records by AP found no case where anyone has been arrested or charged with threatening Pruitt. EPA’s press office did not respond Friday to provide details of any specific threats or arrests.
Pruitt has said his use of first-class airfare was initiated following unpleasant interactions with other travelers. In one incident, someone yelled a profanity as he walked through the airport.
But on weekend trips home for Sooners football games, when taxpayers weren’t paying for his ticket, the EPA official said Pruitt flew coach.
The source said Pruitt sometimes used a companion pass obtained with frequent flyer miles accumulated by Ken Wagner, a former law partner whom Pruitt hired as a senior adviser at EPA at a salary of more than $172,000. Taxpayers still covered the airfare for the administrator’s security detail.
Walter Shaub, who until last year ran the federal Office of Government Ethics, said it is a potential ethics violation for Pruitt to accept the airline tickets, even if Wagner didn’t pay cash for them. Federal officials are barred from accepting gifts from employees that have a market value of more than $10.
“It would be a very serious ethics problem, indeed, if Pruitt accepted airline tickets from a subordinate,” Shaub said.
The EPA administrator has come under intense scrutiny for ethics issues and outsized spending. Among the concerns: massive raises for two of closest aides and his rental of a Capitol Hill condo tied to a lobbyist who represents fossil fuel clients.
At least three congressional Republicans and a chorus of Democrats have called for Pruitt’s ouster. But President Donald Trump is so far standing by him.
A review of Pruitt’s ethical conduct by White House officials is underway, adding to probes by congressional oversight committees and EPA’s inspector general.
Pruitt, 49, was closely aligned with the oil and gas industry as Oklahoma’s state attorney general before being tapped by Trump. Trump has praised Pruitt’s relentless efforts to scrap, delay or rewrite Obama-era environmental regulations. He also has championed budget cuts and staff reductions at the agency so deep that even Republican budget hawks in Congress refused to implement them.
EPA’s press office has refused to disclose the cost of Pruitt’s security or the size of his protective detail, saying doing so could imperil his personal safety.
But other sources within EPA and documents released through public information requests help provide a window into the ballooning costs.
In his first three months in office, before pricey overseas trips to Italy and Morocco, the price tag for Pruitt’s security detail hit more than $832,000, according to EPA documents released through a public information request.
Nearly three dozen EPA security and law enforcement agents were assigned to Pruitt, according to a summary of six weeks of weekly schedules obtained by Democratic Sen. Sheldon Whitehouse of Rhode Island.
Those schedules show multiple EPA security agents accompanied Pruitt on a family vacation to California that featured a day at Disneyland and a New Year’s Day football game where his home state Oklahoma Sooners were playing in the Rose Bowl. Multiple agents also accompanied Pruitt to a baseball game at the University of Kentucky and at his house outside Tulsa, during which no official EPA events were scheduled.
Pruitt’s predecessor, Gina McCarthy, had a security detail that numbered about a half dozen, less than a third the size of Pruitt’s. She flew coach and was not accompanied by security during her off hours, like on weekend trips home to Boston.
Pruitt was accompanied by nine aides and a security detail during a trip to Italy in June that cost more than $120,000. He visited the U.S. Embassy in Rome and took a private tour of the Vatican before briefly attending a meeting of G-7 environmental ministers in Bologna.
Private Italian security guards hired by Perrotta helped arrange an expansive motorcade for Pruitt and his entourage, according to the EPA official with direct knowledge of the trip. The source described the Italian additions as personal friends of Perrotta, who joined Pruitt and his EPA staff for an hours-long dinner at an upscale restaurant.
Perrotta’s biography, on the website of his company, Sequoia Security Group, says that during his earlier stint with the Secret Service he worked with the Guardia di Finanza, the Italian finance police.
The EPA spent nearly $9,000 last year on increased counter-surveillance precautions for Pruitt, including hiring a private contractor to sweep his office for hidden listening devices and installing sophisticated biometric locks for the doors. The payment for the bug sweep went to a vice president at Perrotta’s security company.
The EPA official who spoke to AP said Perrotta also arranged the installation of a $43,000 soundproof phone booth for Pruitt’s office.
At least five EPA officials were placed on leave, reassigned or demoted after pushing back against spending requests such as a $100,000-a-month private jet membership, a bulletproof vehicle and $70,000 for furniture such as a bulletproof desk for the armed security officer always stationed inside the administrator’s office suite.
Those purchases were not approved. But Pruitt got an ornate refurbished desk comparable in grandeur to the one in the Oval Office.
Among the officials who faced consequences for resisting such spending was EPA Deputy Chief of Staff for Operations Kevin Chmielewski, a former Trump campaign staffer who was placed on unpaid administrative leave this year.
The prior head of Pruitt’s security detail, Eric Weese, was demoted last year after he refused Pruitt’s demand to use the lights and sirens on his government-owned SUV to get him through Washington traffic to the airport and dinner reservations.
5 Common Browser Security Threats, And How To Handle Them
However, the browser also has the potential to betray the user through the very same options which are intended to make life easier since it serves as a ripe target for the theft of confidential data because it holds so many proverbial eggs in its basket.
Security intelligence organization Exabeam conducted some recent research to analyze dozens of popular websites such as Google, Facebook, Amazon, and others to determine what kind of user data is stored when interacting with these entities. They found a significant amount of user information kept both on local storage and in the browser.
As a result, Exabeam released a recent blog post which outlines some of the ways your browser can be used against you along with recommended techniques to stay safe.
Here is a summary of their findings along with some other tips for protection:
1. Accessing browser history
Your browser history is a veritable map of where you go on the internet and for what purpose. And it’s not only possible to tell where you’ve been, but when you’ve been there, establishing your behavioral patterns.
Knowing you access certain sites can lead to phishing attacks against you to obtain your credentials for those sites (assuming you haven’t stored this information in the browser), establishing your purchasing habits (for instance if you are a football fan and visit NFL sites, your credit card company isn’t likely to raise an eyebrow if a slew of charges for football merchandise start showing up on your compromised credit card) or even blackmail if the site(s) in question prove illegal or unethical, or allegations thereof can be made.
Clearing the browser cache is a good way to flush potentially damaging information, especially after engaging in confidential activities such as conducting online banking. This can be performed manually or set to do so automatically such as when closing the browser (Google the details for your browser version and operating system to carry out this and the other recommendations as the steps involved may be subject to change).
Use incognito mode (private browsing) since no harvestable data is stored (if you must use a public system, always make sure to do so with incognito mode).
SEE: Nine ways to disappear from the internet (free PDF) (TechRepublic)
2. Harvesting saved login credentials
Saved logins paired with bookmarks for the associated sites you visit are a deadly combination. Two mouse clicks might be all it takes for a criminal to have access to your banking/credit card website. Some sites do use two-factor authentication, such as texting access codes to your mobile phone, but many of them utilize this on a one-time basis so you can confirm your identity on the system you’re connecting from. Unfortunately, that system is then deemed trusted, so subsequent access may go entirely unchallenged.
Saved credentials associated with your email account is basically like Kryptonite to Superman in a scenario like this. An attacker who can get into your email can reset your password on almost any other website you access. And keep in mind they might not need to be on your system to do so – if they obtain your email address and password they can work at leisure from any other system they choose.
Just taking a series of screenshots (or even utilizing the camera on a mobile phone) can allow an attacker on your system to record all of your saved passwords. Firefox lets you view these quite easily. While Chrome at least requests your logon password to do so, as stated resetting this is quite easy with administrative access (which can be simple to obtain thanks to password reset utilities such as Offline NT Password and Registry Editor).
Don’t save credentials in the browser. Instead, take advantage of free password managers such as KeePass or Password Safe to store passwords (never write them down) via a central master password. These password managers can securely store all your website passwords. A password manager can even access a saved URL and login for you, adding to the convenience and security of your information.
3. Obtaining autofill information
Autofill information can also be deadly. Chrome can save your home address information to make it easier to shop online, but what if your device fell into the wrong hands? Now an attacker knows where you live – and probably whether you’re home.
Turn off autofill for any confidential or personal details.
SEE: Password management policy (Tech Pro Research)
4. Analyzing cookies
Cookies (files stored locally which identify users/link them to sites) are another potential attack vector. Like the browsing history, they can reveal where you go and what your account name might be.
As with #1, incognito mode can also come in handy here.
Disabling cookies is touted as a potential solution, but this has been a problematic “fix” for years since many sites depend on cookies or at least severely limit your functionality (or possibly annoy you with nagging prompts) if these are turned off.
Instead, purging cookies periodically can help protect you, though be prepared to enter information repeatedly as prompted by websites.
5. Exploring the browser cache
The browser cache involves storing sections of web pages for easier access/loading on subsequent visits, which can outline where you’ve been and what you’ve seen. Malware can be tailored to prey upon cache data as well.
Exabeam also considered location history and device discovery to be risky elements in their blog post, stating these could expose user location and other devices used.
As with #1 and #4, incognito mode can also come in handy here, or manually clear the cache as needed, particularly after sensitive operations.
Some other suggestions
I strongly support setting and utilizing complex passwords on your devices which are rotated periodically, and always encrypt local storage devices, especially on portable systems, to reduce the risk of access to browser data.
Use physical security such as cable locks for laptops, and always lock the screen of your systems when not in use (I do this on my home Windows PC as well). Don’t share machines/passwords with other people.
Take advantage of two-factor authentication where possible and set up recovery accounts where possible for your website accounts, and specify your mobile number and security questions for password resets. Be on the lookout for suspicious activity like emails about new accounts or password resets you didn’t request.
Some sites like Facebook can tell who is currently logged into your account (go to Settings then Security and Login), so check these details periodically – especially if anything out of the ordinary is going on.
Exabeam also recommends utilizing anti-malware software which is routinely updated along with several browser-related options (Google your browser and operating system version for the specific details on how to enact these as settings may change).
Users should also consider changing browser settings to further protect their privacy, or at least analyzing them to be aware of what options are currently enabled/disabled. There are guides online for Chrome, Firefox, Internet Explorer, Safari and Opera.
How Experts View Cybersecurity Threats In Businesses: Part 1
Data breach problems have occurred several times during the last few years. They have affected big businesses and even government agencies and political organizations. It is true that getting connected is increasingly necessary. However, the risks of cybersecurity threats in businesses are also growing expotentially. More businesses are at stake, not only the customer data, but also the intellectual property, company reputations, as well as asset safety.
We certainly still remember the attack of WannaCry ransomware that happened several months ago. Databases of many hospitals in different countries were encrypted, thus denying the access by the owners. Likewise, some cases of data breach from credit card companies also happened lately. Unfortunately, several cybersecurity threats in businesses are overlooked by the owners. When the attacks happen, they are not able to mitigate the risks fully.
Cybersecurity Threats in Businesses in the Experts’ Eyes
Don Steinberg from KPMG Voice lately published his interviews with three experts in cybersecurity industry on Forbes website. They provided some insights on cybersecurity threats in businesses. They are Tony Buffomanto from KPMG, Gadi Evron – CEO of Cymmetria (a cybersecurity service provider), and Leonard Brody – the creator of The Great Rewrite.
Information Security Threats Since 2017
The first question of the interview is about information security threats, which have occured since 2017. According to Brody, the cyber attacks have been more technologically sophisticated. As a result, the attacks are broader and more things become the potential victims. On the other side, Evron views the wider cyber attacks are the results of failure to consider the security aspects of the new types of technology. He even predicts that the medical sector will become the targets in the next three or five years.
Similarly, Buffomante notes the shift from personal information attacks, such as credit cacrd information or Social Security numbers to more destructive ones. His special concerns go to medical devices, implantable and wearable devices. In other words, there will be more cybersecurity threats in businesses. The account owners or subscribers are required to have personal code to login to their accounts on online store or online payment systems. The attackers may use the machine learning technology to steal the customer information.
When asked about the most overlooked aspects in web-based businesses, Buffomante points out to the security associated with privileged user accounts. Imagine what the hackers can do if they get access to the super-user privileged accounts managed by a business. He said that many tools owned by the businesses were poorly deployed, thus living the privileged accounts at stakes.
Evron mentioned the security problems in internal network. Sometimes, the businesses owners overlook the possibility that attackers get access into the internal network. If this is the case, there will be very little chance to recover from the damage caused by the hackers. Brody showed similar concerns that many businesses fail to anticipate the internal security attacks.
Buffomante, Evron, and Brody provided us with some insights on the cybersecurity issues. The businesses may overlook important security aspects when building their infrastructure. Do not miss their views on cybersecurity threats in businesses in the interviews conducted by Don Steinberg from KPMG on the next post http://www.blog-search.com