VOLUME 1 · ISSUE 1 Active Shooters: Can They Be Stopped?€¦ · “DeathRing” malware found preinstalled on smartphones. Dec. 4 — Researchers with Lookout published a report

VOLUME 1 | ISSUE 1 1

Learning From our eboLa response successes ... and FaiLures

12

ensuring protection oF eLectronic HeaLtH records

16

securing tHe grid against copper tHeFt

18

V O L U M E 1 · I S S U E 1

Active Shooters: Can They Be

Stopped? 20

INFRAGARD CHICAGO MEMBERS ALLIANCE VOLUME 1 | ISSUE 12 3

TABLE OF CONTENTS

VOLUME 1 · ISSUE 1

Official Magazine of

Working to Safeguard Chicago̕s Critical Infrastructure

Editorial Office:4701 Midlothian Turnpike, Ste. 4

Crestwood, IL 60445Phone: 708-293-1430 | Fax: 708-293-1432

E-mail: [email protected]

IMA (ISSN 1553-5797)is published four times per year forThe Chicago InfraGard Members Alliance by Fanning Communications4701 Midlothian Turnpike, Ste. 4Crestwood, IL 60445www.fanningcommunications.com

Subscription rate is $49.99 per year in the United States and Canada; $110.00 per year in all other foreign countries. POSTMASTER: Send address changes to 4701 Midlothian Tpk., Ste. 4, Crestwood, IL 60445.All statements, including product claims, are those of the person or organization making the statement or claim. The publisher does not adopt any such statements as its own, and any such statement or claim does not necessarily reflect the opinion of the publisher. © 2014 Fanning Communications, Inc.

COVER STORY20 | Active Shooters: Can They Be Stopped?

As the trend of school and workplace shootings in this country continues to escalate, what can the security community do to help the public at large identify the next active shooter and prevent him or her from completing the walk down the path to violence?

16 | Ensuring Protection of Electronic Health Records How do we keep unprecedented volumes of highly sensitive data secure?

12 | Learning From Our Ebola Response Outcomes Healthcare and Public Health Sector Chief Dr. Terry Donat examines what we’ve learned from the Ebola experience and how we can better secure our population against the threat of future — and inevitable — epidemics.

18 | Securing the Grid Against Copper TheftHomeland Security Solutions Director Karl Perman describes security experts’ response to the issue of copper pilfering and how we can reduce the vulnerability of infrastructure.

PublisherJohn J. [email protected]

Editor-in-ChiefKarl J. [email protected]

Editor/Graphic DesignerJoseph F. Lindsay [email protected]

Editor/Graphic DesignerDe̕Anna [email protected]

Staff WriterMary [email protected]

Applications ProgrammerJoseph [email protected]

Accounting/BillingJan [email protected]


TABLE OF CONTENTS

7 | President’s Message

9 | SAC’s Message

10 | Intelligence Briefing

15 | Member Notes

25 | Most Wanted

26 | WVU Students Help Develop Mobile Security Software

28 | Mishaps at Nuclear Repository Lead to $54M in Fines

30 | Judges Hear Arguments Over NSA Surveillance

32 | Drones Could Soon Be a Common Sight In the Skies

33 | U.S. — Navy Engineer Tried to Steal Schematics

35 | Artificial Intelligence Aids First Responders

36 | InfraGard Member Focus: Henry Gralak

We were honored to spend some time with Henry Gralak to discuss his experiences in the security industry and are pleased be able to share them with the rest of the InfraGard membership.

39 | Industry Event Calendar

BOARD OF DIRECTORS

Paul SandPresident

AVP, Independent Security Officer,Federal Home Loan Bank of Chicago

Erik HartVice President

Director, Information Security Solutions, Leo Burnett and Arc Worldwide

Jo Ann UgoliniProgramming Director

Security and Investigations, Hillard Heintze

Thomas ElwardTreasurer/Membership DirectorInfrastructure Protection, Exelon

John FanningSecretary/ Communications Director

President & CEO, Fanning Communications, Inc.

Bruce M. BinaAt-Large Director

Vice President of Product Development & Design, Adaptive Rescue Concepts, ARC LLC

Amy BogacAt-Large Director

Director, IT Security Operations, Walgreens

Erick NickersonAt-Large Director

Partner and Marketing Specialist, CCG Solutions, LLC.

Jill CzerwinskiAt-Large Director

Senior Manager, Crowe Horwath

Edward MarchewkaAt-Large Director

Information Security Manager, Chicago Public Schools

Kathy HugIMA/FBI Liaison

Special Agent, Federal Bureau of Investigation


PRESIDENT’S MESSAGE

Greetings, Members:

On behalf of the membership of the InfraGard Chicago Members Alliance (IMA), I want to welcome you to the inaugural issue of IMA magazine.

IMA magazine has been brought to life as a result of much hard work put forth by many InfraGard volunteers. Through this publication, we hope to better inform our membership of emerging threats and identified best practices impacting security professionals and first responders.

The mission of this magazine is to deliver information into the hands of first responders and security professionals in a timely and accurate manner; and in so doing, serve to inform, inspire and promote those professionals who protect American lives, liberty and critical infrastructure.

To ensure the accuracy of what we report, we have created an Editorial Board comprising tenured and respected professionals serving in the security industry. The Editorial Board shall review feature stories and submissions to determine their suitability, relevance and accuracy prior to publication within the magazine.

Our mission is critical. We know the threat is real and that only through vigilance and preparation may we defend against plans and/or respond to events coming from terrorist groups and rogue assailants. IMA magazine will assist in such preparation.

As critical as our mission is, we also understand that without the support of our advertisers, we could not bring this publication forward. I want to thank each advertiser and sponsor for his or her belief in our mission and support of our magazine. I also encourage our readers to show their support for the businesses and organizations who support our industry by using IMA magazine to identify the suppliers and organizations they may require.

Thank you for your attention.

Sincerely,

Paul SandPaul Sand, PresidentInfraGard Chicago Members Alliance

Paul Sand, PresidentInfraGard Chicago Members Alliance


SAC’S MESSAGE

Robert J. Holley, Special Agent in ChargeFBI Chicago Division

Greetings,

InfraGard was founded in 1996 by the FBI and is a government and private sector alliance. Although the program was developed to promote protection of U.S. critical information systems, it has evolved through the years into partnerships dedicated to sharing information and intelligence to prevent hostile acts against the United States. The FBI values these relationships more than ever before in today’s threat environment. With over 80 InfraGard Member Alliances (IMA) nationwide, the FBI is committed to sharing information concerning various terrorism, intelligence, criminal and security matters with our partners. In response, the Chicago IMA has successfully created a forum, IMA magazine, to strengthen and further promote the information-sharing process.

The vision of IMA magazine is to inform readers of lessons learned and best practices identified by both law enforcement and private sector security professionals. We are excited to be a part of this project. We hope this magazine will provide the reader with information that may assist in protecting assets against cybercrime, counterterrorism, counterintelligence and other threats. Each issue of IMA magazine will be peer-reviewed to ensure the accuracy of information and will focus on providing relevant security information across the various sectors InfraGard is designed to protect.

IMA magazine is developed by — and for — the members of InfraGard to enhance our ability to protect our nation’s critical infrastructure. I look forward to our continued alliance and applaud your dedication to the information sharing-process.

Sincerely,

Robert J. HolleyRobert J. HolleySpecial Agent in ChargeFBI Chicago Division


employees or connected to DEA employees. The report found that some DEA personnel exercised poor judgment in giving the man access to DEA personnel and facilities, and receiving gifts from the man.

“DeathRing” malware found preinstalled on smartphones.Dec. 4 — Researchers with Lookout published a report that found that low-cost and counterfeit smartphones manufactured in Asia and Africa that come with a piece of pre-loaded malware known as “DeathRing” that originates from China. The command and control server for the malware appears to be offline, and the malware could be used for SMS or browser phishing.

Health insurance online threats revealed.Dec. 5 — RiskIQ researchers found that websites hosted by third-party code libraries, external providers and excessive mobile app permissions represent the largest risk to users of health insurance Web and mobile self-service tools, now that providers are investing in Web and mobile app infrastructures to establish new customer touch points.

19 hospitalized, thousands evacuated in“intentional” gas leak at Rosemont hotel. Dec. 7 — An intentional chlorine gas leak left 19 people hospitalized with symptoms of nausea and dizziness, and evacuated thousands of people for two hours from the Hyatt hotel in Rosemont, Ill., Dec. 7, during an annual convention. Authorities found a substance consistent with powdered chlorine in a stairwell at the hotel and decontaminated the area.

New variant of Neverquest banking trojan targets North America.Dec. 8 — Researchers with IBM Trusteer reported Dec. 5 that they have observed a new variant of the Neverquest banking trojan being used predominantly against financial institutions in North America, with some additionaltargets in the media, gaming and social networking industries. The malware has been distributed by drive-by downloads using exploit kits as well as by the Chaintor andZemot trojan downloaders.

Red October cyberspy op goes mobile viaspearphishing.Dec. 10 — Researchers with Blue Coat and Kaspersky Lab identified and analyzed a cyber-espionage campaign that

appears similar to the RedOctober campaign dubbed Cloud Atlas or Inception Framework that has been targeting the Android, iOS and BlackBerry devices of specific users in the government, finance, energy, military and engineering sectors in several countries via spearphishing. The malware appears to be primarily designed to record phone conversations and can also track locations, monitor text messages and read contact lists.

Hackers breached payment solutions provider CHARGE Anywhere — Undetected since 2009. Dec. 9 — Electronic payment solutions provider CHARGE Anywhere stated Dec. 9 that attackers had gained access to its network as early as November 2009 using a previously unknown and undetected piece of malware and were able to capture payment card data from some communicationsthat did not have encryption. The company discovered the compromise Sept. 22 and an investigation found that network traffic capture occurred between Aug. 17 and Sept. 24.

Moldova: Seven arrested suspected ofuranium smuggling.Dec. 9 — Authorities in Moldova stated Dec. 9 that they arrested seven people for allegedly smuggling seven ounces of uranium-238 mixed with uranium-235 worth around $2 million. An investigation aided by the FBI found that the suspects were part of an alleged smuggling group that had specialized knowledge of radioactive materials and how to prevent their detection while in transit from Russia.

“Critical” security bugs dating back to1987 found in X Window.Dec. 10 — The developers of the X Window System for Linux and other Unix operating systems issued patches closing several vulnerabilities that could be exploited to crash the system or run malicious code as the root user after they were identified and reported by a researcher at IOActive.

OphionLocker, the new ransomware on theblock.Dec. 11 — Researchers with Trojan7Malware identified a new piece of ransomware known as OphionLocker that uses elliptic curve cryptography (ECC) to encrypt the data on victims’ systems and demand a ransom to decrypt the files. The ransomware was observed in the wild being spread by the RIG exploit kit in drive-by download attacks.

INTELLIGENCE BRIEFING

Cybercriminals testing new PoS malware, “Poslogr.”Dec. 1 — Researchers with Trend Micro detected a new, multicomponent point-of-sale (PoS) malware dubbed “TSPY_POSLOGR.K” that is under development and yields similarities to a recently discovered variant of the BlackPoS malware. Poslogr is designed to read the memory linked to specific processes and collectpayment card information, and researchers continue to work towards identifying which processes are scanned by the malware.

FIN4 attack group targets firms for stock market profit.Dec. 1 — FireEye researchers published a report on a group of attackers known as FIN4 that have targeted high-level figures at various financial services companies, advisory firms, and regulators in order to obtain inside information on business decisions for possible use in stock trading. The group has been active since mid-2013 and uses visual basic applications (VBA) macros in Microsoft Word documents and links to fake Outlook Web App login pages in order to obtain user names and passwords.

OpenVPN versions released since 2005affected by critical flaw.Dec. 2 — The developers of the open-source virtual private network software OpenVPN released a new version of the software to address a critical denial of service (DoS) vulnerability which could allow authenticated attackers to cause servers to crash. The vulnerability affects all OpenVPN 2.x versions released since 2005 as well as OpenVPN Access Server versions prior to version 2.0.11.

Low-risk cybersecurity issue found at nuclear plant.Dec. 2 — The operators of the PPL Susquehanna Steam nuclear power plant in Salem Township stated that they were in the process of correcting an undisclosed cybersecurity issue at the plant identified by the U.S. Nuclear Regulatory Commission (NRC). The issue was described as a low-risk issue and interim measures were put in place to address the vulnerability following the NRC inspection until the permanent measures are complete.

Detroit goes dark: Massive power outageaffects courthouse, schools and more.Dec. 2 — An electrical grid failure in downtown Detroit

Dec. 2 caused a loss of power to the Frank Murphy Hall of Justice, Coleman A. Young Municipal Center, public schools, the Joe Louis Arena, the City-County building, and several other commercial buildings. Detroit Public Schools dismissed students early while The Detroit Historical Museum and Detroit Institute of Arts closed as crews worked to restore power following the rescue of dozens of people from affected buildings.

New “LusyPOS” malware uses Tor for C&C Communications.Dec. 3 — CBTS researchers analyzed a new variant of malware dubbed “LusyPOS” that leverages the Tor network to deploy a technique known as RAM scraping to collect payment card data from infected systems. The malware is similar to the ChewBacca variant which was used to steal payment data from several dozen retailers in the U.S. and other countries.

Iranian CLEAVER hacks through airport security, Cisco boxen.Dec. 3 — Researchers with Cylance published a report on a suspected Iranian hacking group that has compromised a variety of targets including government and military systems, telecommunications companies, research facilities, airports, defense contractors, and utilities in a campaign dubbed Operation Cleaver. The researchers stated that the group compromised critical infrastructure assets and Cisco networking equipment but did not engage in manipulation of those systems.

DNSimple suffers downtime due to 25 Gbps DDoS attack.Dec. 3 — Florida-based DNS provider DNSimple reported that it experienced a distributed denial of service (DDoS) attack Dec. 1 that peaked at 25 Gbps and lasted around 12 hours, causing outages for the company and its customers. The company stated that DNSimple was not targeted but was affected by the DDoS attack after domains already under attack were delegated to the company.

Investigation reveals how Florida man ripped off DEA.Dec. 3 — A report from the U.S. Department of Justice’s Office of the Inspector General found that a now-deceased Jacksonville man who ran the FEBG Bond Fund operated the fund as a Ponzi scheme that defrauded around 130 individuals of over $30 million, more than half of whom were current or former Drug Enforcement Agency (DEA)


It’s been years since public health officials first warned that a massive epidemic in America was all but inevitable. It hasn’t been a question of “if,” but of “when.” And somehow, the general response to Ebola’s arrival was predictable: Alarm. Fear. Uncertainty. A lack of public understanding. Unsure government reaction. The international Ebola crisis isn’t over by any means, but even with the relatively low initial casualty rate inside our borders, is there an acute need for those on the frontlines of health and public safety to re-evaluate its methods and revise its procedures?

According to professionals in the field, including Dr. Terry Donat — InfraGard Public Health and Healthcare Sector Chief — the answer is a resounding yes.

What Could We Have Done Better?Donat suggests that although casualties from the initial incursion of the Ebola virus into America were comparatively low, we shouldn’t be too proud of our overall response. Our lack of situational awareness with regard to this disease and how to cope with it upon its arrival illustrate just how vulnerable the existing system

is, and how much room for improvement remains. “I think the few things that really mattered, the things they failed upon, were, ‘How are we going to secure this country?’ and ‘How are we going to secure individuals that are dealing with this?’” he argues. “I would have thought that in the last 10 years, they would have put together huge pdf and video packages that, if something like this happened, they would have just emailed all of the people in all the hospitals and cities these large information packages, as opposed to spitting it out on an ad hoc basis.”

In a crisis marked by high anxiety, managing the fear surrounding the contagion is paramount. Accurate and timely information is the most effective weapon in combating both the unknown variables that are the source of people’s fears, as well as for preventing the spread of disease. By not directly addressing people’s fears regarding communicability, means of transmission, common symptoms and how to respond in case of a possible infection, the fear of the unknown grows. With it grows the probability of misinformation and, consequently, more widespread infection.

“I think the biggest thing I think the CDC [Centers for Disease Control and Prevention] learned is, you have to deal with the uncertainties,” Donat says. “You have to admit that they’re there, and let adults deal with the issues as they actually exist — not as you want to couch them. Because as soon as there’s one exception, you look like you don’t know what you’re doing. Or that you’ve withheld it purposely.” Obviously, neither of these outcomes is desirable for management of a crisis of unknown proportions.

Donat is careful to caution about a fundamental difference separating Ebola from diseases that are much more communicable, in particular, those that are spread via the respiratory system. “At the same time Ebola was happening, there was an enterovirus that was respiratory-

spread [that ran] across this country — and actually killed a lot more people,” he says. “I always looked at it this way — two things: Number one, sometimes we focus on some things that are scarier at the loss of what may be more important. The other thing is that if we had a respiratory-spread virus — the classic would be influenza — how far behind the eight ball would we really be? It would spread so rapidly. … They couldn’t get ahead of it. … Say it had only 10-percent mortality, not 50 or 90 — they wouldn’t be able to do it.”

Information and Prevention Are the KeyOrganizations like the CDC and the National Institute for Occupational Safety and Health (NIOSH) represent only roughly 20 percent of the healthcare system nationwide. The overwhelming majority of healthcare industry is in the private sector. This is why, Donat asserts, it’s so important that individuals and institutions in the private sector begin to adjust their perspectives with regard to their roles in preserving the security of the population. “They haven’t really seen themselves as the response,” he suggests. “Number one, the private sector, in healthcare especially, really has to see itself as part of the security in this country. Apart from just providing healthcare, they have to be at least aware and theoretically more able to respond than we [in public health] probably are. The second thing I think is, the need to have information. The military has an

armed forces medical intelligence center at Fort Dietrich. We have nothing like that in the private sector.”

Nothing so formalized, in any case. What we do have to work with, Donat says, is a service called ProMED-mail (Program for Monitoring Emerging Diseases, ProMEDmail.org). ProMED-mail is an Internet-based resource for reporting up-to-date information on any situation with the potential to affect the health of a populace or the worldwide population, be it infectious disease, radiation or other toxic exposure. Say, for example, that you witnessed peculiar, acute symptoms in a group of people in a particular location on any given day, for which you have no explanation. Testing has ruled out the most obvious problems, but you’re still without an answer and a treatment plan. By posting your observations to

the ProMED-mail site, you can ask an audience of tens of thousands of professionals worldwide if the symptoms match anything familiar in their experiences.

“Basically, you’re using distributed intelligence or intellect to bear on a problem,” Donat explains. “February and March is when they started to see Ebola, of last year — well ahead of all the crowdsourcing that proved that Ebola was coming.”

In tandem with the dissemination of information, swift and effective vaccination will be of critical importance in preventing the spread of viruses. “That’s going to be the key for Ebola,” Donat says, “because we have no direct treatment.”

How Do We Proceed?Immediacy of information is one of Pro-MED-mail’s strongest assets that it offers to those in the field. From the minute a post identifies a trouble spot on the globe, those concerned with issues of public health at any level can begin an analysis of the potential risks and begin to develop immediate strategies aimed at containment and minimizing exposure. And even with that advantage, it’s still a daunting problem with dimensions and dynamics

(continued on page 14)

Guarding Against the Next EbolaHealthcare and Public Health Sector Chief Dr. Terry Donat examines what we’ve learned from the Ebola experience and how we can better secure our population against the threat of future — and inevitable — epidemics.By Karl J. Paloucek

(AP Photo/CDC, File)

“The private sector, in healthcare especially, really has to see itself as part of the security in this country. … They have to be at least aware and theoretically more able to respond than we [in public health] probably are.”

— Dr. Terry Donat, InfraGard Public Health and Healthcare Sector Chief


that are nearly impossible to grasp completely, especially when you consider that it’s not just those in the public or private sectors of the healthcare industry, but businesses and travelers of every sort who may come into contact with those who are at risk.

“What you have to do is say, ‘Where does [the outbreak of contagion] exist? What are the means that it gets transmitted?” Donat offers. “And, ‘Do I or any of the activities that I have with my employees or family or anyone cross paths?’ I think while many people in security have not looked at those things before, they certainly do when it comes to criminals, or their supply lines, or their resource lines, or physical access to buildings. It’s sort of underutilized [in healthcare].”

A case study: According to the CDC, on March 30, 2014, Liberia’s Ministry of Health and Social Welfare reported to Firestone officials the first known case of the Ebola virus inside the company’s Liberian rubber tree plantation. Firestone Liberia took immediate action to prevent further spread of the disease among its workers and the local population. They set up an incident management system, established procedures for recognizing those with Ebola symptoms and immediately isolated them. By enforcing strict adherence to Ebola infection guideline standards, and offering variable levels of management for those who had come into contact with the infected based on their exposure — such as voluntary home quarantine or quarantine in facilities designed to treat the infected — Firestone officials successfully contained the threat.

“Whatever past controversies Firestone has had from their rubber plantation there, as far as dealing with Charles Taylor and the genocide and that, they’ve done an excellent job [dealing with Ebola]. When there was a person who came back from an infected area who had Ebola, they quickly quarantined and took care of that person. They quarantined him and the contacts very quickly. Then they made sure everyone was aware what was going on, and if anyone had symptoms, they said, ‘We’re going to take care of you. We’ll quarantine your family. We’ll take care of them.’ They made awareness [a priority], and then they had resources committed that people trusted. And they were able to lock it down. … I think it was a great success story for the private sector.”

The speed with which Firestone responded to the threat made all the difference. That immediate effort to get in front of the disease and to contain it before it could spread to the rest of the worker population paid off in lives saved, and demonstrates the importance of having an actionable plan in place before an epidemic occurs. It behooves members of the public and private sectors of the healthcare industry to be proactive in their monitoring of

contagious diseases worldwide and to be remain open and up front about the threats posed by any of them so that healthcare as a whole can — hopefully — stay ahead of the next Ebola, whatever it may be.

NEWS

Update: The Saline ShortageOne of the ongoing concerns for the healthcare industry in the U.S. is the continued shortage of saline. For a country facing a possible epidemic outbreak of Ebola, this is potentially cataclysmic. “The reason people die in the 50-to-90 percentile over there [in Africa] is that they mostly die from dehydration,” Donat explains. “If you had to look at a confluence of bad things … if your fluid for rehydration and mixing medicines and irrigating wounds is at a low, and you were to get [a viral epidemic] at the same time where your basic source of making saline is down, you’ve got a major, major problem.”

For example, if a great influenza epidemic were to hit — as with Ebola, influenza patients require a tremendous amount of rehydration, particularly intravenously if they are too sick to actively swallow and keep the fluids down — an inability to meet the demand for saline could, for a measurable percentage of infected persons, mean the difference between life and death.

“I think the importance there is — whether you’re in health or not — to know about what’s going on,” Donat asserts. “How do we make sure we have our supply chains ramped up for these things? Those are the critical, important things, because you can’t just throw people at it without the logistics and support behind that.”

Currently, saline is being imported from Europe to compensate for the shortage in the U.S., but at a time when the world is looking to the thousands who have died in Sub-Saharan Africa, the imperative to return production levels to normal — and to keep existing saline-production facilities worldwide secure — should be considered a global priority.

MEMBER NOTES

Edward Marchewka Moderates Panel at Chicago Leadership ForumIn November, serving in his capacity as Information Security Manager of Chicago Public Schools, Edward Marchewka moderated a panel at the 2014 Chief Information Security Officer (CISO) Leadership Forum in Chicago, as part of the Argyle Executive Forum. The InfraGard At-Large Director, along with the panel that included Greg Bee (CISO, Country Insurance & Financial Services), Rich Campagna (Vice President of Products, Bitglass), Tony Coppa (Vice President of Engineering, AvePoint), John Johnson (Global Security Strategist, John Deere) and Fred Kwong (Head of Privilege Access Control, Farmers Insurance Group of Companies), addressed a robust program of issues confronting information security professionals today.

The discussion, “Securing the Organization While Embracing New Innovations,” examined emerging technologies and their likely impact on business for the coming year, the many-textured pros and cons of cloud computing, data storage and collaboration, and the current best practices to implement for successful incident response. Other compelling, forward-thinking topics explored the questions of whether or not IT security should be a business enabler, and how IT security can foster a culture of security within a given organization.

Robert Reyes appointed as the new Incident Response Lead to HALOCKNew InfraGard member Robert Reyes was recently appointed as the new Incident Response Lead to HALOCK, an information security services consulting firm based in Schaumburg, Ill. A graduate of the University of Arizona, Reyes spent more than 18 years as a special agent with the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF), and six years with the Army Criminal Investigations Division’s Computer Crime Investigation Unit.

“Robert’s 25 years of law enforcement experience make him a tremendous complement to HALOCK’s existing team,” Jim Mirochnik, CEO of HALOCK offered. “Reyes will be leveraging the custom tools and processes he utilized at the Agency to further enhance HALOCK’s incident response delivery framework. This combination of Reyes’ government experience along with HALOCK’s commercial experience rounds out our already strong Incident Response offering to provide a level of breadth and depth that is difficult to match.”

InfraGard welcomes Reyes and congratulates him in his new role. Robert Reyes, Incident Response Lead for HALOCK

Edward Marchewka, Information Security Manager of Chicago Public Schools

IMA Seeks Your VoiceIMA eagerly seeks contributions from professionals in any of the 16 security sectors specified by InfraGard. Stories may be submitted as ideas, drafts or in finished form. (We reserve the right to edit or reject submitted copy). Industry white-papers, press releases and suggestions for Member Notes content — including promotions, honors or activities within the profession — are all welcome and may be sent to: [email protected].


By extending healthcare insurance to people not previously able to afford it, the Affordable Care Act inundated insurers and healthcare providers with unprecedented quantities of new personal data and health information. The act also mandated “meaningful use” of electronic medical records by public and private healthcare providers by 2014. This opened the floodgates for additional electronic transmission of personal data and corresponding threats to privacy and security protections already guaranteed by HIPAA, the Health Insurance Portability and Accountability Act.

Trexin Consulting, a technology consulting firm, has a name for the virtual tsunami of data and corresponding obligations for its safe handling — “disruptive change.” However ominous that may sound, this also means that untold threats also hold countless opportunities for new business.

“This is not a Steven Jobs iPhone moment,” says Glenn Kapetansky, chief security officer for Trexin, which serves clients in several industry sectors, including healthcare. “It’s more like several dominoes falling all at once. … If we were drowning in data before, now it’s gone way beyond that.”

The Office for Civil Rights (OCR) of the Department of Health and Human Services (HHS) is responsible for the administration and enforcement of HIPAA privacy and security rules. It posts security breaches among healthcare providers serving 500 or more patients. These postings have been dubbed by those in the security industry as “the wall of shame,” says Jan Hertzberg, a director at Baker Tilly, an accounting firm and technology risk services practice.

Breaches related to healthcare personnel using and losing zip drives and laptops seemed to dominate earlier postings. In 2014, however, the terms “theft,” “electronic

medical record” and “network server” appeared with greater frequency.

Increased vulnerability to identity theft seems to be a given. “Obviously, the more stuff you put out there, the greater the likelihood of problems,” says Hertzberg, who has specialized in HIPAA-related security and privacy risk management for more than 15 years.

And there’s no getting around putting the information out there. Now, in order to qualify for full Medicare and Medicaid reimbursements, healthcare providers not only must show proof of meaningful use of electronic medical records (EMR) and electronic health records (EHR), they also must demonstrate “that they are doing everything possible to protect personal data,” Hertzberg says.

Many people automatically assume that the government now requires encryption of data, but that’s not the case, he says. That’s because many smaller healthcare providers — individual doctors’ practices and clinics — cannot necessarily afford it. Even so, Hertzberg says, “If you do use encryption, it provides a safe harbor. If you have a data breach and you have encrypted the information, you don’t have to report it.”

In all of this, data protection will continue to include the destruction of documents. A medical practice or hospital transmitting encrypted records, and using password-protected computers and laptops, must also destroy documents so that if there’s an office break-in, the information remains safe, Hertzberg says. With document destruction, a lot of problems go away.

Still, according to Hertzberg, unlike the bygone era of paper records, many more parties share the burden of responsibility for protecting information, whether at rest or in transmission. That’s because HIPAA requirements were updated in 2013 via the Final Omnibus Rule to

expand security requirements to include business associates, a group that includes data storage and cloud service providers.

The resulting atmosphere of increasing liability requires open communication. “One of the worst things that can happen in the event of an information breach is that everyone shuts down and stops communicating,” Hertzberg says. “It’s much better for parties doing business together to work out a plan to communicate in advance of something happening. This results in problems being solved much sooner.”

Conducting “a risk assessment” provides an essential first step to making a good faith effort to adhere to HIPAA privacy and security obligations. “Even if there’s already been a security breach, once you assess the risk, you can identify and prioritize risks,” Hertzberg explains. “You can begin to address problems.”

Best practices for handling HIPAA-sensitive data can be found in abundance all over the Internet. Still, Hertzberg qualifies, “I wish government were more clear about exactly what HIPAA compliance actually means. That’s something the government still needs to work on.”

While more clarity is needed, expectations for those who handle personal health information are steep. As Hertzberg explains, the OCR expects protection to extend beyond the grave. That’s because it’s not uncommon for unscrupulous individuals to hijack information from the deceased to obtain medical coverage. In one case, a woman sought treatment for ovarian cancer after forging the identity of a deceased individual. She also eventually died, but not before the insurer paid more than $600,000 in coverage toward her medical bills, Hertzberg says.

Greed, personal advantage or malicious intent are frequently suspected behind security breaches, but often those motives have not been factors, according to Chad Gough, a computer forensics examiner for 4Discovery, a company specializing in digital and mobile forensics. “Until fairly recently, we’ve seen a lot of inadvertent disclosure with people who are taking work home on laptops.”

Laptop risk is fairly easily mitigated with a password and encryption, he adds. One such scenario involved a nurse’s aid completing a spreadsheet at home. It was necessary to determine what other devices, such as her phone, may have been used to download or transmit information. “You don’t generally need a subpoena for something like this because people are cooperating,” Gough says. “But if they don’t cooperate, then you must obtain a motion to compel, which is a judge’s order to cooperate and turn over the information.”

Gough anticipates that the transmission aspect of data now makes protecting it a lot more challenging, especially given the greater numbers of users. Still, he says, he’s not certain if 4Discovery has handled a data-loss event relating to electronic health records.” A malpractice suit involving the obliteration of nurses’ notes might provide an example, but it may be too early to tell, he says. Solving the mystery of who managed to delete the records, however, might shed light on the status of nurses’ notes as permanent records.

Still other complexities have surfaced in the changing landscape of electronic medical and health records. Gough related the case of two doctors parting ways: One doctor copied patient records to start his own practice. While the records were in the original practice, they were protected by a security server, by passwords and office doors that locked, but when the doctor downloaded information, suddenly the data was no longer encrypted or protected.

“In this case it’s mandatory to notify patients,” Gough says, “and there is cost associated with notification.” Beyond determining which doctor should have rightful access to patient records, there’s the additional burden of deciding who is obligated to pay for informing patients of an information breach, he says. A misuse of data could result in additional liabilities.

The sheer volume of new data brings unwieldiness as well. “If all you’re doing is socking away information, that doesn’t mean you can necessarily get to it,” says Kapetansky of Trexin, pointing to the arrival of big data and the necessity of data marts that enable users to shop for data.

Tapping personal health information is essential to providing better care and reducing cost. As an example, Kapetansky suggests, if a patient would benefit from the latest information about knee-replacement surgery and a healthcare provider wants to relay this, the ability to access health and personal contact information needs to be strong enough to do this. It’s not a matter of pirating data to market an unwanted product, he asserts. “It’s OK if a hospital uses its insights to provide best care. They’re not invading your privacy. They’re just using information they already have to address patient needs.”

Regardless of the many challenges, electronic sharing of health information among healthcare providers and insurers is expected to improve care. If all goes well, the result is a “longitudinal patient record” that contains an individual’s complete medical history, which provides a more comprehensive picture and enables better care. “At best,” says Kapetansky, “this is something on the order of a health history compiled by the old country doctor who’s known you your entire life.”

Monitoring The Changing Health Records LandscapeHow do we keep unprecedented volumes of highly sensitive data secure? By Susan DeGrane


As the trend of copper pilfering continues to occur due to its high value in the market — around $3 per pound at the time of this writing — security measures taken to protect the valuable equipment have increased.

The cost of time spent replacing the wire, coupled with the purchasing cost of new copper, takes a toll on infrastructure. Karl Perman, the Director of Homeland Security Solutions, said that the cost of replacement along with the personnel cost is “easily triple the cost of salvage value” since people have to be redirected from other previously scheduled work to replace the copper, which slows the progress of their newer projects.

The two biggest concerns about dealing with the problem, in addition to the high cost of replacing copper, Perman noted, are the potential for loss of life to the perpetrator and the loss of power to a particular area, which could

lead to a blackout. He said that thefts “run the gamut” from less intelligent criminals who, unaware of the risks of electricity, break into yards and touch energized lines, risking electrocution, to insiders at utility companies who, having access to the site, may borrow their company’s forklift and take copper from the copper dumpster for an “unofficial bonus program.” Other thieves might take material that has been salvaged or is found on the ground. Or, what has become prevalent is the stealing of large rolls of uninsulated or insulated copper wire and burning the coating off and selling the exposed copper wire for salvage.

The FBI, scrap dealers, and the various utility companies that use copper have taken a variety of steps to guard copper and lessen the likelihood of thieves’ success. The measures counter every step of the pathway thieves have to take to pilfer: from detection of thieves’ entry and prevention of access to the copper, to making scrap dealers

who may receive stolen copper aware that the copper was indeed stolen. Security officers, motion sensors, alarm systems that sound when somebody tries to climb or cut a fence, locking up the spools in sealed containers that have some kind of access control, and accurate daily inventories are all employed to reduce the risk of theft.

When thieves are successful in acquiring copper, they can still be apprehended. Businesses can mark spools and the wire itself with the company’s name so that ownership can be proved in prosecution; they can spray paint the copper a particular color, or even use data dots that only appear when exposed to ultraviolet light. This is where the essential coordination between energy companies, scrap dealers and law enforcement comes in. Upon realization that copper has been pilfered, companies can report the loss to the Institute of Scrap Recycling Industries Inc.’s (ISRI) website: scraptheftalert.com, a nationwide program. Scrap dealers can check the website and ascertain whether or not copper they receive matches the description of stolen copper.

“The way it would work is, someone would steal it, someone would realize it’s stolen … and they would report it to the ISRI … and then the ISRI would then send out an alert saying, ‘Hey, Joe’s electricity company in Omaha, Nebraska, had a theft of xyz wire. Please be on the lookout,’” Perman described. “And then a recycler would get that actual copper in their store or yard and say ‘Oh, wow, look, this guy’s trying to sell this’ and then basically call the authorities … when they turn it over, that would be considered a recovery for that particular property, so that’s how they track those stats.

“There are legitimate scrap resalers and there are illegitimate scrap dealers, but I believe the ones that subscribe to this ISRI program are legitimate and they’re trying to do the right thing,” he said. “And that’s why there’s been success with the partnership between those of us in critical infrastructure, law enforcement and then along with the actual scrappers themselves.” Use of the website has increased from 652 alerts in 2009 to 2,240 at press time in 2014. There were about 18,000 active users in 2014 with a total recovery amount of about $1,575,532.

In order to help encourage the scrappers even further to join and use the program, he suggested increasing their recognition for their participation, perhaps a decrease in their insurance premiums, a “stamp of approval” from ISRI, or even a reward program, which would lessen the ability of thieves to sell the copper.

“I think also more public education of the issue as well as more making laws, particularly against theft from critical infrastructure; I think that goes a long way also,” he said,

adding that making it a higher misdemeanor or felony to tamper with critical infrastructure would garner more police attention. Requiring people to provide government-issued identification when selling more than a particular poundage of copper also prevents a lot of people from illegally selling the material.

“Everyone across the board is really doing a better job. This stuff, which used to be stored outside right next to an building or next to a railroad crossing … now everyone’s pretty much locking this stuff up like it’s gold,” he said. “So there’s a little more awareness of it.”

For example, electrician crews that do critical infrastructure work now take copper spools and assets from the warehouse and have to prep the job site instead of, as in the past, going right to the site and starting to work after inventory associates had dropped it off, since the materials could be taken overnight. According to Perman, crews often require extra time to transport materials from storage to the site. “[It] could be at least one to three hours a day depending on where the material warehouse is located and where the worksite is. It adds up over time.”

There are also many people that are starting to use copper welded grounds instead of pure copper, which is less attractive to thieves since it is a lot less valuable, or using other metals such as PVC, plastic, nylon or polymers instead of copper. Advances in security technology have been instrumental as well, with the increased ability to include multiple technologies on one platform, the availability of remote monitoring, and generally more affordable security options. Cameras now have infrared, low-light and thermal functions, and have really come a long way in the past decade.

“Where there’s money to be made, there’s always going to be that supply of people willing to make it, even if it includes nefarious activities,” he said. “I think that the different technologies that are available, the awareness of it, the partnerships that have been made with the law enforcement, as well as the scrap dealers themselves, have mitigated somewhat the [problem] … I think this would have been a lot worse than it is today if there were not these steps in place; if people were not taking advantage of the technology; if they were not having awareness; if they weren’t having the partnerships, I think we’d be a lot worse off than we are today. … However … the problem still exists. It’s still a large problem and that’s because of supply and demand. There’s copper that’s available and folks are going to be willing to steal it.”

(AP Photo/The News Tribune, Bruce Kellman)

Thwarting Copper Thieves Through Promoting PartnershipsHomeland Security Solutions Director Karl Perman describes security experts’ response to the issue of copper pilfering and how we can reduce the vulnerability of infrastructure.By Mary T. Stroka


TACKLING THE ACTIVE SHOOTER TREND

As the trend of school and workplace shootings in this country continues

to escalate, what can the security community do to

help the public at large identify the next active

shooter and prevent him or her from completing

the walk down the path to violence?

By Karl J. Paloucek

In September of this past year, the Federal Bureau of Investigation (FBI) released the results of a study examining 160 active shooter incidents that took place between 2000 and 2013. The aim of this study was to provide first responders with information to assist in the preparation and response to such events, in the hopes of saving lives and keeping themselves out of harm’s way as best as possible. An overview of the study’s findings (at right) illustrates some of the facts about this trend in violence, but analysis is only part of the puzzle of how to respond to such incidents.

At the most recent InfraGard quarterly meeting, two presenters, Bureau spokesperson Jill Pettorelli and Robert Davis, Senior Vice President of West Coast Operations at security risk management firm Hillard Heintze presented to attendees on issues of active shooter prevention and tactical response. The questions raised by the speakers addressed the core issues concerning those hoping to manage active shooter situations in the future, such as: How do these incidents play out? Why do shooters do what they do? And what are the most effective strategies, both for preventing an at-risk individual or group from acting out a lethal fantasy, and for engaging everyone from first responders to those in business management to proactively take a leadership role in creating an active shooter response plan.

Most incidents involving an active shooter end in mere minutes — typically before first responders even make it to the scene. For this reason, Pettorelli asserted, it’s imperative that businesses and institutions of every stripe establish an efficient, achievable plan for the active shooter contingency.

Who Is the Shooter?While it’s a common perception that the active shooter can be profiled as an angry, withdrawn individual who may affect a certain outward appearance, be it “goth” or another form of countercultural expression, the truth, according to the Bureau’s study of these situations, is rather less clear. People who have started down the “pathway to violence,” as the Bureau describes it, may not fit a convenient stereotype, but the good news is that there are some common attributes through which these troubled individuals may be successfully identified by those close to them.

It’s reasonable to expect that a potential shooter might have a history of mental illness and a possible criminal record. But these are highly fallible criteria: Not everybody who requires treatment for mental or emotional disorders is even diagnosed, let alone treated; and many potential shooters may not yet have any criminal record of note. According to Pettorelli, what the Bureau does tend to look

for — and what it suggests that threat assessment teams look for, in turn — are exhibited patterns of behavior and personality suggesting that an attack is possible. The warning signs are plentiful: Typically, the potential shooter will be someone who has self-esteem issues, and who feels


Findings of the FBI’s Active Shooter StudyThe FBI’s “A Study of Active Shooter Incidents in the United States Between 2000 and 2013” comprises 160 such events, including the shootings at Virginia Tech; Sandy Hook Elementary School; the U.S. Holocaust Memorial Museum; Fort Hood; the movie theater in Aurora, Colo.; the Sikh temple in Wisconsin; the Washington Navy Yard, and many others. Some of the fi ndings aren’t so surprising, but the study does paint a dynamic picture of the active shooter phenomenon as it continues to unfold:

• Frequency of active shooter incidents is on the rise: The fi rst seven years of the study yield an average of 6.4 incidents annually. The last seven years average 16.4 incidents each year.

• Not counting the shooters, these 160 incidents resulted in 1,043 casualties, including 486 deaths and 557 wounded.

• Out of the 160 incidents featured in the study, all but six shooters were male. And only two incidents involved more than one shooter.

• More than half of the episodes — 90 of the 160 — ended on the shooter’s initiative, whether by suicide or fl ight.

• In 21 cases, unarmed citizens managed to successfully subdue the shooter. In 21 incidents in which law enforcement engaged the shooter, nine offi cers were killed and 28 were wounded.

• In 73 of the 160 events included in the study (45.6 percent), the shooting took place in a commercial environment. The next-highest number of events — 39 (24.3 percent) — occurred in an educational setting. The remaining incidents took place at government properties, open spaces, houses of worship and other locations specifi ed in the study.

(AP Photo/Julio Cortez)

INFRAGARD CHICAGO MEMBERS ALLIANCE20


isolated or excluded from his or her peer group. He or she likely displays an extreme, disproportionate sense of anger and a heightened sense of paranoia, and also shows a fascination with acts of violence in film, television and/or video games.

It’s not uncommon for a potential shooter to voice thoughts relating to a possible attack well in advance — talk about revenge or of having a “hit list” is a major red flag that should not be ignored. At this junction in the pathway to violence, such talk may be interpreted as a plea for help on the part of the at-risk individual, a seeking out of a necessary intervention before the plan taking shape in that person’s mind has to be pursued.

Other signs to watch for include delusional perceptions or behavior, as well as any significant loss for the person of concern, be it a job, relationship, family member or certainty of the future — particularly if the person has no apparent mechanism for coping with the loss or any real emotional support. The combination of these factors can suggest an individual highly at risk of doing harm to himself or herself, or to others.

Another potent sign, of course, would be a sudden, contextually inappropriate acquisition of guns or other weapons. Context is extremely important here, because there are plenty of people who work in the security industry, for example, for whom acquiring guns and training with them is part of their working lives. While access to guns isn’t the single most important risk factor on its own, it has proved to be absolutely pivotal for the potential shooter. Easy availability of firearms makes the fantasy of power or potency all the more tangible, and consequently, visualizing the crime much more real and accessible.

Visualization and planning are a huge part of the ritual and run-up to a potential shooter’s attack. This is an important point: It belies the notion that any active shooter suddenly

“snaps,” or “goes postal” — in virtually every case, the shooter has followed a similarly predictable pathway to violence. By definition, then, if there’s a predictable pattern of behavior involved, it is possible to detect and prevent a tragic outcome.

Prevention and PreparednessThe threat of an active shooter can exist in any segment of society — from schools and government offices to any business in the private sector. Because of this high degree of uncertainty, formation of a threat assessment team for any business or institution should be regarded as a must, with an active shooter committee as part of the task force, aimed at focused communication between the threat assessment team and the immediate community. Proper threat assessment happens in three stages:

1. Identification – Detection of an at-risk person who exhibits behavior common to previous active shooters. Any individual manifesting symptoms of depression, intense anger, disproportionate feelings of hurt or humiliation, and/or a fixation on violence should raise an alarm.

2. Assessment – Determination of whether or not the person or people pose a legitimate threat, or if the warning signs prove to be false indicators based on further investigation. Institutions and businesses need to be trained and equipped to properly make this distinction.

3. Management – Taking timely, active and appropriate steps to minimize the threat of violence — in best-case scenarios, intervention.

One of the tragedies of every shooting in the workplace, at school, or in the community at large is that in nearly every instance, certain insights previously glazed over suddenly come into full focus. Some may have suspected that something wasn’t right, but failed to come forward because they weren’t sure or didn’t want to cause trouble for anyone. Silence can be deadly — and this is why it’s so

important to establish a threat assessment team, and right from the outset, to involve everyone in the community it intends to serve.

Ideally, the threat assessment team will glean and process information about a potential threat in its early stages, and intervene before an actual threat materializes. Communication is absolutely critical to the effectiveness of any threat assessment effort for the same reason that anti-terrorist professionals have to rely on the public to “say something” if the public sees something — it simply isn’t

possible for security professionals or advocates to have eyes or ears everywhere.

The most reliable sources with information on a developing threat will be those closest to the troubled individual — family and friends, but also work colleagues or other peers of proximity. Successful threat assessment and mitigation depends heavily on the willingness of those people to come forward and let threat assessors know that a potential risk exists.


INSIGHT

Surviving in an Active Shooter ScenarioThe best way to minimize casualties resulting from active shooters is to prevent incidents from taking place at all. But in an active shooter situation, where first responders often arrive at a scene when an event is over, there are ways to increase the odds of survival. Armed with this information, anyone facing the wildly unpredictable danger of a gunman or similar assailant can have a plan of action pre-formulated for escape or defense should the need arise. Be aware that if you find yourself in the vicinity of an active

shooter, your life may depend on your mental and physical ability to deal with the situation.

If at all possible, RUN:• Have a pre-planned escape route in mind.• Leave personal belongings behind.• Evacuate regardless of whether or not others

follow.• Help others to escape if you can.• Do not attempt to move wounded persons.• Keep others away from anywhere the shooter may

be.

• Keep your hands visible.• Call 911 immediately when you know you are safe

— even if you know others have done so.

If you can’t get away, HIDE:• Hide in an area out of the shooter’s sight.• Lock or block any door between your hiding place

and the shooter.• Silence your cell phone, including vibration mode,

and remain as silent as possible.

Only if you’re confronted and can’t escape, FIGHT:• Fight as a last resort, and only when your life is in

imminent danger.• Try as aggressively as possible to incapacitate the

shooter.• Grab what’s nearest and most effective to arm

yourself, or throw items at the shooter.• Fully aggressive commitment to your actions is

essential — your survival depends on it.

School resource officers train during an active shooter scenario at Sevierville Intermediate School in Sevierville, Tenn., Monday, July 7, 2014. (AP Photo/The Mountain Press, Curt Habraken)


Those in the community should be encouraged to speak up, but they have to know what to look for. Threat assessors should let community members know what should alert them — not just in terms of a shooter’s typical behavioral characteristics as outlined above — but to look for potentially alarming patterns within a larger context: Violence typically results from something of a formula of specific conditions involving the would-be shooter, past stressful events, a current stressful situation and a target. By observing a distressed person’s behavior in a larger context of events surrounding and directly affecting that

person, his or her actions — and intentions — are much more easily read.

Effective communication with the staff, students and community members the treat assessment team is designed to serve is vital, but reaching out to the network of first responders in the larger community is also imperative. At the November InfraGard meeting, a panel of first responders addressed the assembled audience on the importance of having accurate and current information on a tactical response call. One of the priorities they voiced was the importance of businesses and institutions being proactive and reaching out to jurisdictional agencies — police and fire departments, for example — to provide building floor plans that can be retrieved and reviewed en route in the event of an emergency. Inviting first responders into the building or space being secured to test their radios and other communication equipment is highly recommended, as well. Both these steps go a long way to assuring the most effective response in a shooter situation. And in spite of these being easy steps that any organization can take toward greater security, when asked why businesses, schools and other institutions don’t routinely do this, the panel responded, “Nobody asks.” Cooperation between the community at large and first responders needs to be fostered and facilitated to ensure not only the safety of students and on-site personnel in the event of an active shooting incident, but of first responders themselves.

The panel was very vocal about the importance of the 911 calls they receive in active shooter situations, and about

encouraging those who have reached safety to call 911 regardless of whether or not others have already done so. By flooding 911 dispatchers with calls, first responders get a much bigger sampling of information about what is happening, and they get it in very close to real time. This is precisely the sort of information first-response teams need going into a potentially lethal situation, and threat assessment teams and active shooter committees should take care to articulate that to their staff, students and personnel.

In the best-case scenario, every business or institution would have people on-site with active shooter training — something Davis recommends highly. That may not always be practicable, but regardless, establishing the threat assessment team and active shooting committee should be considered a top priority, if for no other reason than it lets everybody concerned know that you care about their safety. According to the panel of first responders at the November InfraGard quarterly meeting, the value of established threat assessment teams to their work, when done effectively, is “priceless.” Because they know just how preventable active shooter situations can be.

How preventable are they? Enough so that at the end of 2013, United States Attorney General Eric Holder credited Andre Simons and his Behavioral Analysis Unit 2 (BAU2) with the prevention of 148 mass shootings and other violent attacks — an incredible achievement by any measure. By his own admission, Holder maintains that this success rate is difficult to actually quantify, obviously, due to the lack of an event being the definition of success in this case, but he does affirm that not one case to which he and BAU2 have been called for support has resulted in a mass shooting or event. For his team and for everyone dealing with this nightmare of a problem, intervention is the key — intervention and preparedness. Through coordination, observation and communication, we need to escalate our coordinated efforts to maximize opportunities for successful intervention, and work to neutralize the active shooter phenomenon.

INSIGHT

One of the tragedies of every shooting in the workplace, at school, or in the community at large is that in nearly every instance, certain insights

previously glazed over suddenly come into full focus.

MOST WANTED

Nicolae Popescu is wanted for his alleged participation in a sophisticated Internet Fraud scheme in which criminal enterprise conspirators, based in Romania and elsewhere in Europe, posted advertisements on Internet auction market sites for merchandise for sale. Such advertisements contained images and descriptions of vehicles and other items for sale, but those items did not really exist. Conspirators posing as sellers then negotiated via e-mail with unsuspecting buyers in the United States. These “sellers” sent fraudulent invoices, that appeared to be from legitimate online payment services, to the victim buyers, with instructions for payment to bank accounts held by other conspirators in the United States. These conspirators opened United States bank accounts under false identities using fraudulent passports made in Europe by other conspirators. When victims wired money to an account identified on the false invoices, the conspirator associated

with that account would be notified and then would withdraw the proceeds and send them via wire transfer to another conspirator based on e-mailed instructions.

A federal arrest warrant was issued for Nicolae Popescu on Dec. 20, 2012, in the United States District Court, Eastern District of New York, Brooklyn, New York, after he was charged by indictment for Conspiracy to Commit Wire Fraud, Money Laundering, Passport Fraud, and Trafficking in Counterfeit Service Marks; Wire Fraud; Money Laundering; Passport Fraud; and Trafficking in Counterfeit Service Marks.

Popescu speaks Romanian. He may have traveled to Europe.

Source: FBI.gov

Most Wanted: NICOLAE POPESCUWANTED FOR: Conspiracy to Commit WireFraud, Money Laundering, Passport Fraud, and Trafficking in Counterfeit Service Marks; Wire Fraud; Money Laundering; Passport Fraud; Trafficking in Counterfeit Service Marks

REWARD: The United States Department of State’s Transnational Organized Crime Rewards Program is offering a reward of up to $1 million for information leading to the arrest and/or conviction of Nicolae Popescu.


CHARLESTON, W. Va. (AP) — It was a typical Friday for West Virginia University engineering students Alex Dunn, Steven Amerman and Walter Ferrell.

At their Kingwood Street home in Morgantown, Ferrell washed dishes in a dimly lit kitchen and Dunn cooked boxed macaroni on the stovetop. While Amerman was down the hall screaming at his opponent in an online League of Legends match, the two complained about a frustrating situation they had gotten themselves into: A roommate, who still owed them $750 in rent, was moving out the next morning and had given no indication of whether he was going to pay up.

Complicating matters further, they weren’t sure they would be able to cover the unexpected expense with their meager student-employee incomes.

Having finished the dishes, Ferrell stirred a packet of grape-flavored drink mix into a pitcher of tap water, sighed and said, “This is what our lives have come to.”

While the three friends deal with the same hardships most college students face, their time at WVU has been anything but typical.

Like many of their peers, Dunn, Amerman and Ferrell balance class and work schedules, but they also are software developers for Confirmix, a Morgantown-based technology startup that has garnered the attention of high-profile investors in both public and private sectors.The company, started earlier this year, has created consumer and enterprise identity authentication technologies that use biometric and facial recognition software.

The company’s work in the business sector has been kept

under wraps, but a consumer application called Secure Selfies is currently in early stages of development.Secure Selfies will use the company’s technology to prevent unauthorized access of mobile phones, tablets and their contents by using the device’s camera to lock and unlock it.

The application has been featured on CNBC’s Tech Crowd, the development team has met with wealthy investors, and while the startup could soon be worth millions, it has roots firmly planted in WVU’s Statler College of Engineering.It all started in Thirimachos Bourlai’s human and computer interaction class, which Ferrell took as an elective in the fall 2013 semester.

Amerman, who had recently moved in with Ferrell, eventually joined the class after attending one of Bourlai’s lectures while he waited for Ferrell to get out of class.Amerman, a senior from North Berwick, Maine, said Bourlai had him hooked in that short hour.

“I went home and immediately registered,” he said.

Over the course of the semester, Amerman and Ferrell impressed Bourlai, who promised them jobs in the school’s multi-spectral imaging lab if they passed his class.

“He told us, ‘I̕ll give you a job if you get an A,’” said Ferrell, a junior from Elkview in Kanawha County.

Little did they know Bourlai had been recruiting them for some time to help him create the software he came up with years earlier.

Working odd jobs for cash at the time, Amerman and Ferrell happily accepted the offer and got the needed grade, not knowing exactly what Bourlai had in mind.

WVU Students Help Develop Mobile Security SoftwareStudents use biometric and facial recognition software in consumer application aimed at mobile phone security.By Samuel SpecialeCharleston Daily Mail

Soon after, a chance encounter in an elevator led to the addition of Dunn, a senior from Scott Depot in Putnam County.

With the three students on board, Bourlai pitched the idea for a project that utilized biometric scanning, which Dunn, Amerman and Ferrell admit they knew nothing about.Out of necessity, they quickly figured things out though, because Bourlai gave them a major project and very little time to complete it.

The project was to create the first iteration of the Secure Selfie application so it could be demoed for investors.

“He came to us and said, ‘You have a week to finish this,” Ferrell said.

A difficult task even for an expert in biometric programming, the three students said they worked for what seemed like a week straight.

Dunn said they wrote 1,500 lines of code, which he indicated was a lot for the type of demo they did. It took 150 total hours of work to complete, he added.

They each took on tasks that favored their area of expertise. Amerman programmed, Dunn coded algorithms and Ferrell kept the server built on his computer functioning properly.

Investors were impressed with the demo, Dunn said.

The team has made several versions since then and hope to have the application out to market in the near future.Ferrell said the application’s name was influenced by several instances of celebrity photos being spread across the Internet after their phones were hacked.

Bourlai added that mobile security is a major concern for many and that there already is a market for applications like Secure Selfies.

“When more biometric safeguards are built into a phone, it is more difficult to hack,” he said, though he added it can also complicate the user experience.

“You probably don’t want to scan your fingerprint, face and all these other things just to use your phone,” he said. “But, if you’re a banker, you may want that extra security.”That’s why the team is looking at creating security tiers with multiple modes of authentication.

While Secure Selfies is the property and brand of Confirmix, the technology it uses is owned and licensed by WVU.

Confirmix chairman and co-founder Patrick Esposito said

all the company’s heavy lifting was done at the university.

“The components and algorithms of Secure Selfies — what I call the secret sauce — came out of WVU,” Esposito said.Ferrell said he is proud of that and thinks it’s something the WVU community should embrace.

“The thing is, this isn’t happening at MIT, Harvard or Carnegie Mellon,” he said. “It’s happening here in West Virginia.

“You don’t see stuff like this here,” Ferrell added. “We’re pretty normal guys. Before all this, we just sat around and played video games.”

A lot has happened since Dunn, Amerman and Ferrell accepted Bourlai’s offer.

Ferrell didn’t want to give any details, but he said he, Dunn and Amerman could make a small fortune if things go right.

And while the prospect of making millions is enticing, Dunn, Amerman and Ferrell say they plan on completing their degrees at WVU. They also said they would consider continuing their studies in graduate school, though that depends on what happens to the company.

If the last year is any indication of what could come, things could take off.

In the meantime, the team was waiting out the final days of a Kickstarter campaign to raise $50,000 to get the Secure Selfies application up and running on Google’s mobile marketplace. If the fundraiser is successful, the team will quickly develop versions for Apple and Windows devices.While they only had 26 percent of the $50,000 currently pledged with three days left in the campaign, the team expected the needed money to come in time.

Even if the goal isn’t met, the team expects it will only be a matter of time until people are using their technology.While that would likely be enough for most, Dunn, Amerman and Ferrell say their measure of success is getting WVU President Gordon Gee to post a selfie of him using their application on his social media sites.

Gee, known for many things — his extensive bow tie collection chief among them — is an avid selfie-taker and often posts pictures of himself with students, celebrities and random objects.

“If he would do that, we would be so legitimate,” Ferrell said.

A launch date for Secure Selfies hasn’t been set yet, but the team expects it to be available for download on Android in spring 2015.


ALBUQUERQUE, N.M. (AP) — New Mexico [Dec. 5, 2014] levied more than $54 million in penalties against the U.S. Department of Energy for numerous violations that resulted in the indefinite closure of the only U.S. underground nuclear waste repository.

The state Environment Department delivered a pair of compliance orders to Energy Secretary Ernest Moniz, marking the state’s largest penalty ever imposed on the federal agency. Together, the orders outline more than 30 state-permit violations at the Waste Isolation Pilot Plant

in southeastern New Mexico and at Los Alamos National Laboratory.

The orders and the civil penalties that come with them are just the beginning of possible financial sanctions the

Energy Department could face in New Mexico. The state says it’s continuing to investigate and more fines are possible.

The focus has been on a canister of waste from Los Alamos that ruptured in one of the Waste Isolation Pilot Plant’s storage rooms in February. More than 20 workers were contaminated, and the facility was forced to close, putting in jeopardy efforts around the U.S. to clean up tons of Cold War-era waste.

The state accuses Los Alamos of mixing incompatible waste, treating hazardous waste without a permit and failing to notify regulators about changes in the way waste was being handled. The penalties for the lab total $36.6 million.

“New Mexico does not need to choose between fulfilling the laboratory’s mission and protecting the environment,” Ryan Flynn, state environment secretary, said in a letter to Los Alamos officials. “DOE now has an opportunity to learn from these mistakes and implement meaningful corrective actions that will ensure the long-term viability of the Los Alamos National Laboratory.”

He wrote a similar letter to officials at the Waste Isolation Pilot Plant, saying New Mexicans understand the nuclear repository’s importance but that it must be operated and maintained with “the highest standards of safety and complete transparency.” The nuclear dump’s penalties total $17.7 million.

Moniz has said repeatedly that it’s a top priority for his agency to get the Waste Isolation Pilot Plant on track, and he took steps earlier this year to shift oversight of the cleanup work at Los Alamos from the National

Nuclear Security Administration to his agency’s Office of Environmental Management.

It wasn’t immediately clear Saturday whether the Department of Energy would seek a hearing on the

penalties levied by New Mexico or pursue settlement negotiations. A message seeking comment was left with the agency.

Watchdog Don Hancock said the penalties are a good first step.

“The big question now is what amount of time, effort and money are LANL and WIPP going to spend to contest the violations, which they shouldn’t. They should focus on what they’re going to do about fixing the problems,” he said.

Federal officials are expected to release a final accident investigation report before the end of the year. They have already said that cleanup and resuming full operations at the Waste Isolation Pilot Plant could take years. The price tag has been estimated at $500 million.

The state’s investigation has covered the radiological release as well as a fire nine days earlier that involved a truck carrying salt in another area of the underground facility. The state says its findings confirmed the existence of major procedural problems that contributed to the events.

While investigators have yet to pinpoint exactly what caused the barrel to breach, they suspect a chemical reaction in highly acidic waste that was packed with organic cat litter to absorb moisture.

FILE - This undated file aerial view shows the Los Alamos National laboratory in Los Alamos, N.M. (AP Photo/Albuquerque Journal)

“The big question now is what amount of time, effort and money are LANL and WIPP going to spend to contest the violations, which they shouldn’t. They should focus on what they’re going to do about fixing the problems.”

— Don Hancock, Watchdog

Mishaps at Nuclear Repository Lead to $54M in FinesCurrent financial sanctions may be just beginning of troubles for U.S. Energy Department in face of more than 30 state-permit violations.By Susan Montoya Bryan


SEATTLE (AP) — A federal appeals court heard arguments in an Idaho woman’s challenge to the National Security Agency’s bulk collection of phone records — the third time in recent months that appeals courts around the country have considered the controversial counterterrorism program.

Calling herself an ordinary American upset about the program, nurse Anna J. Smith sued the government last year, arguing the agency’s collection of call records violates

the Fourth Amendment’s prohibition on unreasonable searches and seizures.

In June, U.S. District Court Judge Lynn Winmill in Boise, Idaho, disagreed — but nevertheless noted that the case raised privacy questions that could wind up before the Supreme Court.

“We’re dealing with a dragnet of call records,” Smith’s attorney and husband, Peter Smith, told a three-judge

Judges Hear Arguments Over NSA SurveillanceIdaho nurse sues U.S. government, arguing that the National Security Agency’s sweep of phone records violates Fourth Amendment rights.By Gene JohnsonAssociated Press

panel of the 9th U.S. Circuit Court of Appeals on Monday. “Anna’s not a criminal defendant. She’s not a suspect in any crime. And yet her records are being swept up.”

The government has acknowledged that under a USA Patriot Act provision, and with authorization from the Foreign Intelligence Surveillance Court, it collects data from telecommunications companies showing the time

and length of calls, along with numbers dialed. With a further showing to the Foreign Intelligence Surveillance Court, investigators can then run queries of that data in an effort to uncover links involving suspected terrorists.

The Justice Department called it an “important government anti-terrorism program” in its briefing to the 9th Circuit.

“It is true that, under the program, the government acquires a large volume of business records containing telephony metadata,” department lawyers wrote. “But consistent with the governing Foreign Intelligence Surveillance Court orders authorizing the program, that information is used and analyzed only under highly restricted circumstances.”

The New York-based 2nd U.S. Circuit Court of Appeals recently heard arguments in an appeal of a judge’s opinion that upheld the program’s legality, while the D.C. appeals court heard arguments last month after a judge there found the program probably is unconstitutional.

The flurry of cases followed revelations by former NSA contractor Edward Snowden about once-secret intelligence collection programs.

President Barack Obama has called for an end to the bulk collection of phone records of millions of Americans not suspected of crimes. Earlier this year, he suggested instead that Congress make changes that would have telecommunications companies — not the government — maintain the records, which could then be queried by

investigators with appropriate court orders.

The arguments in Smith’s case focused on how to interpret the Supreme Court’s 1979 ruling in Smith v. Maryland.

In that case, the justices upheld a decision by Baltimore police to collect, without a warrant, phone numbers a criminal suspect dialed over three days. The court held

that people have no expectation of privacy in phone records because information about who they call is provided to a third party — the phone company.

Peter Smith told the judges that the NSA’s bulk collection of phone records concerning millions of Americans bears little resemblance to the 1979 case. The scope of data collected here could allow the government to piece together an intimate picture of someone’s life: whether a person has a medical problem or has been calling a suicide hotline or getting counseling for alcoholism, he said.

Judge Richard C. Tallman questioned whether Anna Smith had standing to challenge the program.

While the government has acknowledged that records of Verizon business clients are among those collected, it has not confirmed that Verizon’s personal phone customers, including Smith, are among them.

However, Smith also is represented by the American Civil Liberties Union and the Electronic Frontier Foundation. The ACLU is a Verizon business client, and her communications with the organization could be swept up, Jameel Jaffer, the ACLU’s deputy legal director, noted after the hearing.

Idaho real estate attorney Peter Smith, left, and his wife, nurse Anna J. Smith, pose for a photo outside the federal appeals court building Monday, Dec. 8, 2014, in downtown Seattle. A three-judge panel of the 9th U.S. Circuit Court of Appeals heard arguments Monday in Anna Smith’s case challenging the National Security Agency’s bulk collection of Americans’ phone records; Peter Smith argued the case on her behalf. (AP Photo/Gene Johnson)

“Anna’s not a criminal defendant. She’s not a suspect in any crime. And yet her records are being swept up.”

— Peter Smith, Attorney


MONTGOMERY, Ala. (AP) — Unmanned drones may be a common sight in the skies over Alabama within the next few years, doing everything from scouting traffic accidents to delivering packages.

“I think in the next five years you’ll see these aircraft fully integrated in the airspace,” said John McGraw, a former Federal Aviation Administration official. “I think they'll have the ability to sense and avoid other [air] traffic. … I think you’ll see that they’re part of everyday life.”

Some agencies already use unmanned aircraft here.Homeland Security Deputy Director Shirrell Roberts said Northport firefighters and Mobile police have put them to use. But he said other Alabama first responders have drones and are afraid to use them until they have clear policies and procedures in place.

“There’s a great hesitancy,” Roberts said.

The FAA is expected to propose new rules soon. Meanwhile, a task force of state leaders is trying to prepare for that new future by looking at ways to use drones.

Groups representing agriculture, education, law enforcement and more told the task force that they see a wealth of opportunities. They said drones could be used to help out on the farm, to monitor power lines, to map land and in many other ways.

McGraw said the flying vehicles could examine the underside of bridges or dangerous areas of plants far

more quickly and safely than a person could. They could fly package deliveries to remote areas. And there are more potential uses arriving every day as the technology improves.

The task force’s goal is to get FAA approval to expand the use of drones in Alabama and establish guidelines for their use. Their recommendations are due to the governor by Jan. 15.

McGraw is an Auburn graduate and said he sees a lot of potential for the use of unmanned planes here.

“Alabama is interested, is asking the right questions and certainly has a strong history in the aerospace/aviation industry,” he said.

Officials also said they’ve run into some privacy concerns.The idea of having cameras hovering overhead may upset some people, McGraw acknowledged. But he said it’s not much of a change in a world that’s already full of monitoring devices on the ground.

“(People) need to realize that there are two cameras on every cell phone,” he said. “There are security cameras inside and outside of almost every building we’re in every day. … You’re probably on camera most of the time.

“They really need to look at the bigger picture and realize that the cameras on an unmanned aircraft don’t change the situation that much, and that there are laws in place already to protect them.”

NORFOLK, Va. (AP) — A Navy civilian engineer has been indicted on charges he tried to steal schematics of an aircraft carrier under construction and have them sent to Egypt.

Federal prosecutors said Mostafa Ahmed Awwad, 35, of Virginia was arrested on two counts of attempted exportation of defense articles and technical data.

Prosecutors said Awwad tried to steal technical data in the designs of the USS Gerald R. Ford in late October. Awwad provided computer drawings downloaded from the Navy to an undercover FBI agent posing as an Egyptian intelligence officer.

The Ford is the lead ship in a new class of carriers. It is scheduled for delivery to the Navy in 2016.

According to an FBI affidavit, Awwad began working for Navy last February in the Norfolk Naval Shipyard’s nuclear engineering and planning department.

An undercover agent speaking in Arabic contacted Awwad in September and the pair met the next day at a park. At the meeting, Awwad asserted that was his intention to use his position of trust with the Navy to obtain military technology for use by the Egyptian government.

The pair also met in October at a hotel where Awwad described a plan to circumvent Navy computer security by installing software enabling him to copy documents without tripping a security alert, the affidavit said.

The undercover agent was given aircraft carrier drawings marked with warnings that foreign distribution could result in criminal prosecution. Awwad indicated he understood the computer drawings would be used in Egypt. He agreed to provide the agent with passport photos to produce a fake Egyptian passport so Awwad could travel without alerting U.S. government officials.Awwad also asked for $1,500 to buy a tiny camera to enable him to photograph restricted material around the shipyard, the affidavit said.

On Oct. 23, Awwad retrieved $3,000 in cash from a pre-arranged drop site along a secluded hiking trail and left behind a container with an external hard drive and two passport photos. The FBI later collected the container.Awwad was observed at his Navy office on Nov. 28 holding what appeared to be aircraft carrier design schematics, which he placed on the floor and photographed, the affidavit said.

Awwad is scheduled for a detention hearing on Dec. 10 in federal court.

The charges carry a maximum penalty of 20 years in prison on each count upon conviction.

Drones Could Soon Be a Common Sight In the SkiesFAA expects unmanned aircraft to be “fully integrated” in public airspace inside of five years.By Brad HarperThe Montgomery Advertiser

U.S.: Navy Engineer Tried to Steal SchematicsCivilian engineer caught attempting to deliver naval aircraft carrier plans to Egyptian authorities faces up to 20 years.Associated Press


One of the most over-applied terms in technology in recent years has to be “game-changing.” But for first responders anxious for the most current, fastest-transmitted, accurate data on an incident to which they’re responding, it’s a term that’s going to be difficult not to use when talking about iOmniscient’s Automated Surveillance Action Platform (ASAP). The ASAP is a system that integrates artificial intelligence technology with CCTV cameras to drastically reduce the response time for first responders in the event of an accident or other emergency situation.

Suppose the CCTV system picks up an image of a person falling to the floor in a bank or other secure area. This might be a startling incident and other people may rush to that person’s aid to help the person up. But couple the falling person with a preceding bang, like the shot of a gun, and the violent scattering of people from the scene, and the ASAP system will recognize that an incident is taking place. The camera will have recorded the event, but the system automatically seeks out the nearest available first-response unit — be it a squad car, fire station or other

emergency service — and transmits not just the video of the incident, but directions on how to reach the scene.

According to iOmniscient, which won The Australian Innovation Challenge 2014 for its advanced use of information and communication technology, the ASAP system can reduce the average response time for emergency situations by approximately 20 minutes, bringing the typical response time to under five minutes — an incredible feat that also helps reduce the stress and workload of control room staff.

“We are proud to contribute to a smarter and safer future with the help of our patent-pending technology that reduces response times for emergency services by up to 80 percent,” iOmniscient Managing Director Ivy Li said of the honor bestowed on this innovative development. “It helps to make the user more productive and effective in supporting the public when there are accidents and other emergencies.”

Artificial Intelligence Aids First Responders in iOmniscient’s ASAP™ System

NEW TECHNOLOGY


Many of you are aware that InfraGard member Henry Gralak finally stepped down after serving many years as a member of the Board of Directors. At the November quarterly meeting, those assembled honored Henry and his contributions to the security community with a plaque recognizing his dedication and years of service to the InfraGard Chicago Members Alliance.

Henry, who has been coping with a myriad of illnesses, has had an extraordinarily colorful career full of moments both euphoric and harrowing. We were honored to spend some

time with him to discuss his experiences in the security industry and are pleased to be able to share them with the rest of the InfraGard membership.

IMA: Let’s start at the beginning — where did your interest in public safety begin, and how?

Henry Gralak: When I got out of high school, I went to work for Illinois Bell very briefly. Many young guys there — Russell Howard, rest his soul — Russell had just gotten out of the service. We worked together at Illinois

MEMBER NEWS

Henry Gralak is pictured at his kitchen table in Chicago with a copy of the LIFE magazine article in which he appeared during his service with the Chicago Police Department, photos from his tour of duty in Vietnam and other mementos from his years of duty. (Photo: Karl J. Paloucek)

Bell for a couple of years. The draft got me in 1968. When I went into the service, Russ joined the Chicago Police Department. I came back from Vietnam — one of the first guys I meet up with is Russell Howard. We’re having a nice steak dinner at Sabatino’s on Irving Park Road, and talking about the old days. Russ asks, “What are you gonna do?” “Russ,” I says, “I don’t know. I’m glad to be alive.” He goes, “Have you ever considered the police department?” And I raved and ranted, and said, “I want no part of uniforms; I want no part of guns anymore — screw all of that!”

At that time, we were not very popular. We — the vets. We’re coming back to a country that was torn apart by the War. I really had a difficult time getting a job. Drove a cab, did a lot of odd things just to make money. I took the police test because Russ asked me to. I wound up No. 2 on the list. Long story short, I raised my right hand, and 28 years later, I left.

IMA: As a police veteran, I’m sure you have an opinion on how policing has changed and evolved in the years since you left the force — especially in the wake of the Ferguson decision.

HG: Listening to this stuff — it’s tearing me apart. One of the advantages of knowing that you’re not going to live much longer is that you don’t really care about politics. You’ll tell people the truth. I couldn’t be a police officer in today’s day and age. Back in August when I addressed InfraGard, I told the audience that police officers were not saints, but they certainly aren’t sinners, either. We did the best that we could. The constraints placed against law enforcement began in our era. By constraints, I mean everything from Miranda, on. But we adapted to those changes and did it well. We carried our heads high; we worked with a lot of integrity and pride. But in today’s day and age, it seems there are those who don’t even want police officers to exhibit such pride.

IMA: What, for you, have been some of the more memorable and most meaningful highlights — what, in hindsight, makes you most proud?

HG: I’ve had a few. I want to say 1974 or 1975 when I was put on a special assignment and told to come to work the next day in my dress uniform. “You’re going to drive around the director of news affairs and a photographer from LIFE magazine,” I was told. And literally, I did just that. For 12 hours, I escorted the director and the LIFE photographer, I’ll never forget. The photographer was from the Netherlands. Co Rentmeester was his name and he became known for his coverage of the Vietnam War. It was the first time that LIFE did something called, “One Day in the Life of America.” They picked a city and decided to document, in photographs, 24 hours of crime. I drove them

around for 12 hours and wound up getting my picture in LIFE magazine. It was an interesting experience. How many immigrant kids can say they got their picture in LIFE magazine? Twelve hours later, I turned the director and LIFE photographer over to a young officer named Bruce Harrison. Little did I suspect that just two weeks later, we would be burying Bruce. He and his partner were killed in the line of duty — gunned down in a tavern.

As a sergeant, I worked for Pope John Paul II, on his detail. I was the assistant field operations boss. I met lots of famous people during my career. Pat Nixon gave me a kiss on the cheek for supposedly saving her life. We didn’t really save her life, but that’s the way it looked to the press and public. We did a lot of unusual things. When we weren’t working high crime we did sporting events. The old Chicago Stadium. Cubs Park, Sox Park. As a matter of fact, I did the last [Bears] game at Wrigley Field, as a patrol officer when they moved them from Wrigley Field to Soldier Field.

IMA: You were one of the first to respond out at O’Hare to an incident involving a plane that lost an engine some years ago. Can you tell us a bit about that experience?

HG: During the blizzard [of ’79], we worked twelve hours on and twelve hours off for 44 days straight, no days off. It was one of the few times the Chicago Police Department paid officers overtime. Their definition of overtime was that all the overtime that we accrued in those 44 days would be paid at your hourly rate times two — that’s what they offered and I took it. It was money. Well, 1979, I’m in the parking lot of the old O’Hare International Bank at Cumberland and the Kennedy Expressway, going to deposit that overtime money. I remember getting off my motorcycle, taking off my helmet and I heard it and then I felt it. I looked up, and there was this huge fireball. First thing I thought of was, “Standard oil tanks over at Elmhurst Road and Higgins had blown up.” I went inside the bank. Guy’s name was Christiansen — Fred Christiansen. Retired chief, Park Ridge Police Department. Fred greets me, “Hey, Henry.” I says, “Hi. What the hell just happened out there?” He says, “Yeah, we heard it in here.” Well, he called his old friends at the Park Ridge Police Department. The initial word was, a cargo plane crashed outside of O’Hare. That changed in less than two minutes — it was a fully loaded passenger plane, American Airlines, Flight 191, a DC-10 aircraft. It was May 25, 1979. The plane went down just outside of O’Hare. I thought, “Oh, man — don’t tell me.”


InfraGard Member Focus: Henry GralakBy Karl J. Paloucek


Being on a motorcycle that day, I had an advantage. I got on my bike and I started heading toward the fireball — where I last saw it. Traffic was absolutely jammed on the expressway, on Higgins, on Touhy Avenue. You name it — nothing was moving. I spent most of the time riding down sidewalks, in the grass — anywhere I could find a place to put two tires. And I got there. I was, I think, the sixth or seventh police officer to arrive on the scene. And it was horrendous — absolutely horrendous. The heat was overwhelming. There was nothing we could do. Once the smell of death gets in your nostrils, you never forget it. It reminded me of Vietnam and napalm. We lost everybody in that airplane. It happened on a Friday afternoon. We were brought back formally the next day. We were sent home on Sunday. Monday they asked for volunteers to come back and work identification there. I volunteered. I told my team — I had eight men working for me, then — “You don’t have to go; this is not going to be fun; it’s not going to be easy. I won’t think anything less of you if you don’t go.” Seven out of the eight in my team came with me. We spent 29 days out there, working on the identification process. It was extremely difficult.

IMA: Even though Chicago wasn’t an epicenter, 9/11 would have affected you here as well as anywhere. How did that event change your life and your work?

HG: I went to work for United Airlines a year and a half before September 11. September 11 was a Tuesday morning — 7:30 in the morning our time. I tend not to listen to the radio in the morning. If I do, it’s oldies-but-goodies. And as I’m stepping out of the bathroom, ready to throw on some clothes, I hear on the radio station that I was listening to: “We have information that the South Tower just collapsed.” I froze in my tracks. The South Tower, to me, meant only one thing — the World Trade Center. I turned on a TV, and lo and behold, I watched it in just about real time. A few minutes later I open the trunk of my car and check my recovery manuals. I was one of two disaster recovery coordinators for United. My partner, Bob Mackie, he did the mainframes. I had global network infrastructure — the network side of the house. We trained constantly. The airlines are very big on training. They take security very seriously.

By the time I got [to O’Hare], it was about 9:30 or 10:00 in the morning, our time. Traffic significantly backed up all around the airport. We already had three layers of security in front of the reservations building. It was bedlam in there.

By the end of that day, which for us was around midnight, we knew that we, as an airline, were not under attack. But it changed our lives forever. Two Wednesdays following — I want to say, Sept. 26 — we called it Bloody Wednesday,

because on that day alone, United fired over 23,000 people. In a single day. We just got assigned to a new boss. He did it the right way. Before I even sat down with him privately, he said, “Hank, I want you to know you’re OK.” The rest however, was downhill from there. Fifty-percent salary cut and forced to pay for health insurance — $404 every two weeks. I looked at my paycheck and said, “You know something? I can’t even afford gas right now.” I thought I got lucky getting a job with Motorola, but that also turned out to be not as good as I thought it would be. Motorola began downsizing the same year I was hired.

IMA: You were recognized at the most recent meeting for your many years of leadership and service. What has InfraGard as an organization meant to you over the years?

HG: When I first was exposed to InfraGard, I thought it to be a fantastic, interesting concept. That the private sector — citizens — could actually partner and work with the FBI was an amazing and innovative idea. The FBI that I grew up with in the police department — you didn’t talk to the FBI; you didn’t talk to anybody in government, and God forbid if you did. You’d be ostracized or vilified or both. You just didn’t do it. I liked what was presented. When I first started attending meetings and working with InfraGard, there were parts of government that people simply took for granted or never heard of. There was a gentleman — I think he’s an adjunct professor from DePaul, as I recall. The first time I encountered him with InfraGard, he showed us how you can walk into your local Ace or True Value Hardware, and buy the components you need to make a bomb. That was a real eye opener.

For the longest time, I was the only former police officer to be involved in the Chicago Chapter of InfraGard. At that time, colleagues were starting to dwindle because of age and retirement, but still I have to ask where were we and why weren’t we there? Same goes for my brethren in the fire department. InfraGard is a platform that every first-responder should use to help prepare for what we all know can and will come our way.

IMA: It’s really been quite a career and life for you, hasn’t it?

HG: As I told the folks back in August, over at InfraGard, I said, “You can tell by my accent, I’m a foreigner.” Because I am — I came to this country in 1951. Naturalized citizen when I turned 18. We didn’t do too bad. Parents came over here with nothing except two sons and one suitcase. My brother retired as the financial officer for DeVry, and I managed to have what turned out to be a checkered career that I truly enjoyed.

MEMBER NEWS

2015 Government Cyber Security SBIR Workshop Jan. 13-15, 2015Venue TBD - Washington, D.C.

2015 ATAC Anti-Piracy Conference Jan. 18, 2015Red Rocks Casino Resort Spa 11011 W. Charleston Blvd., Las Vegas, NV atacglobal.com

SecureWorld Expo 2015 - Charlotte, NC Feb. 11, 2015Harris Conference Center 3216 Cpcc Harris Campus Dr., Charlotte, NCwww.secureworldexpo.com

SecureWorld Expo 2015 - Boston, MA March 4-5, 2015Hynes Convention Center Exhibit Hall B 900 Boylston St., Boston, MA www.secureworldexpo.com

SecureWorld Expo 2015 - Philadelphia, PA March 18-19, 2015DoubleTree by Hilton Hotel Philadelphia Valley Forge301 W. Dekalb Pike, King of Prussia, PA www.secureworldexpo.com

connect:ID — An Exploration of Physical & Digital Identity in the 21st Century March 23-25, 2015Walter E. Washington Convention Center 801 Mt. Vernon Pl. NW, Washington, D.C. www.connectidexpo.com

SecureWorld Expo 2015 - Kansas City, MO April 1, 2015Kansas City Convention Center301 W. 13th St., Kansas City, MO www.secureworldexpo.com

INTERPOL World 2015 April 14-16, 2015Sands Expo & Convention Centre10 Bayfront Ave., Singapore www.interpol-world.com

International Security Conference & Expo West April 14-17, 2015Sands Expo and Convention Center201 Sands Ave., Las Vegas, NV www.iscwest.com

RSA Conference April 20-24, 2015Moscone Center 747 Howard St., San Francisco, CA www.rsaconference.com

Border Security Expo 2015 April 21-22, 2015Phoenix Convention Center100 N. 3rd St., Phoenix, AZ www.bordersecurityexpo.com

SecureWorld Expo 2015 - Houston, TX May 13, 2015Norris Conference Centers Houston/CityCentre816 Town & Country St. #210, Houston, TX www.secureworldexpo.com

CNP Expo 2015 May 18-21, 2015Caribe Royale Orlando8101 World Center Dr., Orlando, FL cardnotpresent.com

SecureWorld Expo 2015 - Atlanta, GA May 27-28, 2015Cobb Galleria Centre (Ballroom)2 Galleria Pkwy SE, Atlanta, GA www.secureworldexpo.com

UDT 2015 (Undersea Defence Technology)June 3-5, 2015Ahoy Rotterdam Ahoy-weg 10, 3084 BA Rotterdam, Netherlandswww.udt-global.com

Gartner Security & Risk Management Summit June 8-11, 2015Gaylord National Resort & Convention Center201 Waterfront St., National Harbor, MD www.gartner.com/technology/summits/na/security

SecureWorld Expo 2015 - Portland, OR June 17, 2015DoubleTree by Hilton - Portland1000 NE Multnomah St., Portland, OR www.secureworldexpo.com

Electronic Security Expo 2015 June 24-26, 2015Baltimore Convention Center1 W. Pratt St., Baltimore, MD www.esxweb.com

INDUSTRY EVENT CALENDAR

Start making plans today to attend the knowledge-sharing events impacting the security industry in the coming months:

Care to have your event included in a future Industry Event Calendar? Email your event details to [email protected].

INFRAGARD CHICAGO MEMBERS ALLIANCE40

Documents

VOLUME 1 · ISSUE 1 Active Shooters: Can They Be Stopped?€¦ · “DeathRing” malware found preinstalled on smartphones. Dec. 4 — Researchers with Lookout published a report