Subscribe to our daily newsletter.
Subscribe

As government turns to Android smartphones, so does malware

2013_06_Screen-Shot-2013-06-26-at-2.29.52-PM Juniper Networks’ Annual Mobile Threats Report

Over the year since the government decided to implement secure smartphones mostly using a version of Google’s Android platform, mobile malware has begun to focus almost exclusively on Android devices, according to a new report.

Juniper Networks, a network equipment manufacturer, released its third annual Mobile Threats Report this week. It found 92 percent of all mobile malware is targeted specifically at Android, compared to 47 percent last year.

This rise is mostly a reflection of Android’s growing market share; it controls roughly 60 percent of the worldwide market for smartphones, tablets and notebooks, according to Canalys. Driven by a dramatic surge in Europe and India, the Android platform is where the consumer — and cybercriminal — is going.

It’s also where the government has been going. Roughly a year ago, the government decided to work with Android while attempting to roll out a secure smartphone for the military. Federal officials met with Apple, but were denied access to the company’s mobile operating system. So the government — specifically the Defense Advanced Research Project Agency — went with the tinkerable Android software, altering the operating system so users could choose which data from the Android and its applications could be sent over the Internet. Neither the Defense Department nor the Homeland Security Department responded to requests for comment for this story.

During the initial period of government secure smartphone development — the first quarter of 2012 — there were only 38,689 samples of mobile malware across all operating systems. Just under half of those, around 18,000, were targeted at Android. By the first quarter of 2013, Juniper identified 276,259 total mobile malware samples — a more than six-fold increase. But more important for the government, that’s more than a 14-fold increase in Android mobile malware.

Which doesn’t mean Apple’s iOS platform would be more secure for the government.

“Theoretical exploits for iOS have been demonstrated, as well as methods for sneaking malicious applications onto the iOS App store,” the report reads. “But cybercriminals have by and large avoided Apple’s products in favor of the greener pastures offered by Google Android.”

Still, government needs to be vigilant. The vast majority of malware is from third-party application stores in Russia and China, two countries the U.S. government has tangled with over other cybersecurity issues.

“While on one hand the [original equipment manufacturers], carriers and software vendors must collaborate to develop platforms that mitigate large threats, enterprises and government organizations need to take a comprehensive look at protecting their data and networks by adopting a holistic approach to mobile security,” said Michael Callahan, Juniper’s vice president of global product marketing for the security business, in a statement.

And the report did find the “fragmented” nature of the Android ecosystem makes its mobile devices more susceptible to malware.

“Over the years, Google’s decentralized ecosystem has made it difficult for software updates — including security patches — to make their way to Android users,” the report reads. “Each Android update from Google must be adapted and then tested by handset makers for each of their (many) hardware variants. That update is distributed to carriers who, in turn, push it to their customers.”

That creates serious lag time between the introduction of new software and actual implementation. Only 4 percent of Android mobile users are using the Android OS, “Jelly Bean,” over six months after its release. Comparatively, estimates are that 90 percent of Apple mobile users are running iOS 6, Apple’s latest operating platform.

The report found nearly three-quarters of mobile malware gets access through downloads of fake applications or by exploiting the mobile payment system, which allows users to donate money or make payments through text message. Last year, as the government developed its secure smartphone, it also vetted each app individually — such as Angry Birds — to determine whether each was safe for employees.

According to the report, Google Play, where Android users download applications, is the most frequently faked application. That finding only emphasizes the need for the government to continue its vigilance as it rolls out secure smartphones.

What elected officials tweeted about landmark SCOTUS ruling

June 26 was a monumental day in the history of those fighting for equal protection under the law. In the case of the United States vs. Windsor, the Supreme Court ruled Section 3 of the Defense of Marriage Act was unconstitutional.

The response on Twitter was overwhelming. Hashtags such as #DOMA, #loveislove, #SCOTUS and #equality rapidly became the highest trending topics on the site. Elected officials — current and former — also took to their 140 characters, pledging their support, and in very rare cases, to express their disappointment at this landmark ruling.

Some openly gay members of Congress also expressed their happiness at the SCOTUS ruling, as did their supporters.

Top department heads also expressed their commitment to supporting the DOMA takedown. Chuck Hagel, defense secretary, said in a statement DOD plans to make the same benefits available to all its military spouses, regardless of sexual orientation.

Attorney General Eric Holder also issued a statement regarding the SCOTUS ruling, saying “as we move forward in a manner consistent with the court’s ruling, the Department of Justice is committed to continuing this work, and using every tool and legal authority available to us to combat discrimination and to safeguard the rights of all Americans.”

Dissenters of the ruling who took to Twitter were few, but among them was former Arkansas governor, Mike Huckabee.

Most other elected officials in support of DOMA opted not to speak out over Twitter.

Overall, response in the Twittersphere was tremendously positive.

Two years after GPRA update, government still lacks clear metrics, information

Editor’s note: Story has been updated to include a comment from Jitinder Kohli, director at Deloitte Consulting LLP.

Federal agencies still have ways to go in creating satisfactory performance metrics and making that information accessible and useful, a new report from the Government Accountability Office found.

Since President Barack Obama updated the 1993 Government Performance and Results Act in 2011, agencies have been making significant strides in monitoring metrics, setting goals and disseminating information. But the new GAO report discovered many agencies still struggling to identify tax expenditures, record their performance and provide useful information to Congress.

“The GPRA Modernization Act is beginning to change the culture of agencies,” said Jitinder Kohli, director at Deloitte Consulting LLP and leader of the Deloitte Federal Government Performance practice. “There is emerging a stronger focus on outcomes and how to achieve them. This is encouraging. But it’s the very early days and there is a lot more to do. In particular, as GAO notes, there is more to do in using and communicating performance information.”

The report lauded agencies for assigning monitoring responsibilities to specific managers. Agencies have gotten better developing agency priority goals with quarterly performance reviews, it found. Of the 24 agencies under the 1990 CFO Act — which created the chief financial officer at federal agencies — all have assigned senior-level officials to the positions of chief operating officer, public information officer and goal leader. Twenty-two of the agencies had also established a senior executive as deputy PIO. These new positions have advanced each agency’s ability to establish and track performance metrics.

But agencies have struggled to assess programs that cut across multiple agencies.

“Agencies have experienced common issues in measuring the performance of various other types of programs and have not made consistent progress in addressing them in the last 20 years,” the report reads. Particularly, due to a lack of “guidance and oversight” from the Office of Management and Budget, “agencies are missing important opportunities to more broadly identify how tax expenditures contribute to each agency’s overall performance.”

The report estimates tax expenditures accounted for $1 trillion in forgone tax revenue during the 2012 fiscal year.

“Therefore, the contributions made by tax expenditures toward broader federal outcomes are unknown,” it reads. “In some areas, forgone revenue due to tax expenditures is nearly equal to or greater than spending for federal outlay programs.”

The information agencies collect is increasingly available, though. The OMB-developed website, Performance.gov, provides quarterly updates on the governmentwide agency priority goals. Still, only 34 percent of federal managers surveyed reported performance information was accessible to agency employees to a “great or very great extent.” Only 17 percent said the public had similar “great or very great” access to this information. And many of the agency priority goals haven’t even been shared with agency employees, rendering the dissemination of the results useless.

GAO also worried about the usefulness of sharing the information with Congress. Part of the 2011 GPRA Modernization Act mandate was to provide Congress with information to assist the legislative process. Performance.gov must improve its design to meet the needs of members and committees of Congress, according to the report.

“Congressional support has played a critical role in sustaining interest in management improvement initiatives over time,” the report reads. “However, our work has found that the performance information that agencies provided to Congress was not always useful for congressional decision making because the information was not clear, directly relevant, or sufficiently detailed.”

Big data ‘is taking advantage of us without our permission’

People disclose data almost every minute of every day.

Google Maps, Twitter and Foursquare track location; Uber and Capital BikeShare know where we’re going and how we’re going to get there; we inform diet sites what we ate and how much time we spent at the gym; our calendars are online; and every time we swipe our credit card at a physical or online merchant, our actions are being tracked.

According to Julie Brill, commissioner of the Federal Trade Commission, “that’s where the ‘big’ in big data comes from.”

Brill spoke June 26 at the 23rd Computers Freedom and Privacy Conference, appropriately themed this year, “Our Computers, Our Freedom: Can You Trust Anyone in the Digital Age?”

Brill points out the National Security Agency leak involving Edward Snowden ignited a much-needed and overdue debate on balancing the privacy rights of citizens and national security. She said Snowden gave the world a “crash course” in the amount of privacy to be expected when participating in an increasingly mobile and online marketplace.

“For those of us who have been looking at the issue of privacy in the Internet age for several years, there is a further benefit,” Brill said. “Americans are now more aware than ever of how much their personal data is free-floating in cyberspace, ripe for any data miner — government or otherwise — to collect, use, package and sell.”

Brill also noted the extent to which we are already flooded with data. In 2011, 1.8 trillion gigabytes of data were created. That number equals every U.S. citizen writing three tweets per minute for almost 27,000 years. Furthermore, 90 percent of all the world’s data has been created in the past two years. If the cost of data storage keeps decreasing and accessibility to technology continues growing, this number is expected to double every two years.

“Therein lies the biggest challenge of big data: It is taking advantage of us without our permission,” Brill said. “Often without consent or warning, and sometimes incompletely surprising ways, big data analysts are tracking our every click and purchase, examining them to determine exactly who we are — establishing our name, good or otherwise — and retaining the information in dossiers that we know nothing about, much less consent to.”

NASA takes to Reddit to spur ‘grand’ ideas for finding asteroids

NASA is going to put a man on an asteroid in the next dozen years, and, like Uncle Sam, it wants you to help.

Mason Peck, chief technologist of the agency with a long tradition of crowdsourcing and public engagement, took to Reddit on Tuesday afternoon for his second “Ask Me Anything” session in as many months.

Although he dodged some questions — “Do you think the suit and tie was a wise choice for this audience?” and “What did Apollo 17 see over the moon? I know NASA will never tell the public they have made contact with other life. So what’s the explanation you guys are sticking with?” — Peck did outline how the U.S. is planning to deflect potentially catastrophic asteroids, and how and why the U.S. is going to put an asteroid into the moon’s orbit and then land humans on it.

“We’ll visit an asteroid by 2025 to teach ourselves how to visit Mars a decade later,” Peck declared, adding if a suitable asteroid is found soon, a spacecraft could be there as early as 2021.

Currently, he said, NASA has detected 95 percent of the asteroids larger than 1,000 meters.

“But there are thousands within that range, large enough to strike the Earth but too small to have been detected yet,” he wrote. Case in point: asteroids such as the 17-meter one that recently exploded over Russia, blowing out windows in 7,200 buildings across six cities. And that was after the atmosphere absorbed most of the energy released when it hit the atmosphere, which registered as 20 to 30 times greater than that of the atomic bomb dropped on Hiroshima in World War II.

Only 1 percent of asteroids such as the one over Russia — smaller than 100 meters — have been identified. To identify these dangerous, yet undercover asteroids, NASA established the “Grand Challenge” on June 18. It’s a partnership across countries, with the private sector, and most important to Reddit, with “citizen scientists.”

“Through the Grand Challenge, we’re looking for YOU to help NASA find them,” Peck wrote.

The Grand Challenge advances NASA’s goal to get an asteroid into lunar orbit — its “Asteroid Initiative” (which will be the theme of a June 27 Google Plus Hangout). The agency is targeting an asteroid between 7 and 10 meters to rope into the moon’s gravitational pull.

“There are a few asteroids we already know about, but none are baselined,” Peck wrote. The program’s initiatives are fully funded by the president’s 2014 budget.

The asteroid initiative plans to launch a robotic spacecraft — built from mostly hardware NASA already has or is working on — able to alter an asteroids path “into an orbit near the moon,” Peck wrote. With this asteroid consistently “accessible,” it can be an ideal testing ground for technologies and systems being built for future space travel.

“The moon is relatively convenient and safe, compared to trying out these systems for the first time in Mars orbit,” Peck wrote. “So, this is a very cost-effective and yet ambitious way to make a lot of progress toward exploring Mars.”

Specifically, NASA plans to send the first robotic spacecraft powered by solar-electric propulsion. It’s a technology Peck believes will be applicable across NASA’s various initiatives as well as in the commercial space industry. “This is a bold move, depending on a technology demo,” he wrote. “That audacity recalls Apollo and the other work that has made NASA great.”

And with proper resources, NASA would even consider putting a human habitat on an asteroid. “The benefits to human exploration are very clear here, even without adding a habitat: We’ll learn about how to help astronauts survive the deep-space radiation environment, and we’ll learn how to operate long-term life-support systems, how to navigate outside Earth orbit, and the list goes on,” Peck wrote.

But of course, what Peck’s “AMA” really came down to was the fatalist question everyone wonders about, “If an [sic] meteorite (similar to the one that recently hit Russia) was headed towards Time [sic] Square or Washington D.C., how much time would you need to deflect it? What could be done about it?”

Off the top of his head, Peck guessed it might take a small spacecraft a few months of using its thrusters to alter the course of an asteroid of that size. But, he emphasized, the planning before the spacecraft could be launched would be more considerable. Which makes research in efficient propulsion and high-precision navigation critical to such a mission’s success.

Another idea Peck proposed would be “to change the spectral properties (color, brightness) of the asteroid to encourage solar pressure to nudge it out of Earth’s way.”

But even this question came back to “YOU,” making this initiative just another link in the long line of NASA’s citizen engagement. Previously, the agency has solicited the public’s ideas on harvesting energy aboard the International Space Station, and asked people to analyze the deluge of photos returning from Mars over the years.

“We’re looking for other good ideas as part of the Grand Challenge, ideas that individuals or institutions like universities could demonstrate in small scale,” Peck wrote.

It’s not ‘The Thomas Crown Affair’; it’s just DHS

The bullet points — an $11.5 million Picasso painting seized by the U.S. government, an Italian couple accused of massive embezzlement, a story spanning from Naples to New York — seem more “The Thomas Crown Affair” than Immigration and Customs Enforcement. But that’s just what happened.

The Justice Department announced Monday it had recently seized a 1909 Pablo Picasso painting, “Compotier et tasse,” from an Italian woman accused of manipulating the city of Naples entire tax system to embezzle $44 million from taxpayers. Gabriella Amati was trying to sell the painting privately in New York City in May when ICE seized the painting. Amati and and her late husband, Angelo Maj, had been charged by the Italian Public Prosecutors’ Office in Milan with embezzlement and fraudulent bankruptcy offenses.

The Homeland Security Investigations Office of International Affairs has 75 attaché offices in 48 countries and works to track down and return stolen, lost or illegally trafficked cultural artifacts. Since 2007, the office has seized and returned 7,150 artifacts — everything from modern paintings to 15th century manuscripts — to 26 different countries.

The HSI attaché office in Rome will work with Italian authorities in Milan to get the Picasso back into Italian hands.

“This is an example of the fine work of our HSI cultural repatriation special agents,” ICE Director John Morton said in a statement. “We will continue our efforts to return stolen antiquities to their rightful owners.”

For a country to reclaim its cultural antiques, it must submit an application to the appropriate U.S. District Court. In the case of “Compotier et tasse” — a cubist take in shades of grey and brown on “fruit bowl and cup,” the painting’s literal translation from French — Italy on Friday submitted an application, which was quickly approved.

“We are pleased to have played a role in securing this valuable work of art by the celebrated artist, Pablo Picasso, on behalf of the Italian government,” said U.S. Attorney for the Southern District of New York Preet Bharara in a statement. “Our commitment to ‘taking the profit out of crime’ transcends national boundaries and is the operating principle of our asset forfeiture program.”

Supermoon rises over the Washington Monument and the Interior Department captures it

The Justice Department announced Monday it had recently seized a 1909 Pablo Picasso painting, “Compotier et tasse,” from an Italian woman accused of manipulating the city of Naples entire tax system to embezzle $44 million from taxpayers. Gabriella Amati was trying to sell the painting privately in New York City in May when ICE seized the painting. Amati and and her late husband, Angelo Maj, had been charged by the Italian Public Prosecutors’ Office in Milan with embezzlement and fraudulent bankruptcy offenses.

FedOSS: Census goes open source

For a country to reclaim its cultural antiques, it must submit an application to the appropriate U.S. District Court. In the case of “Compotier et tasse” — a cubist take in shades of grey and brown on “fruit bowl and cup,” the painting’s literal translation from French — Italy on Friday submitted an application, which was quickly approved.

While Snowden runs, his White House pardon petition hits its mark

With two weeks to spare, an online petition calling on the White House to pardon National Security Agency document leaker Edward Snowden has passed the 100,000 signature benchmark to trigger an official response from the White House.

When the petition went up June 9, mere hours after Snowden revealed himself as the source of the document leak that exposed NSA’s secret data-collection programs, Snowden had yet to be charged with any crime. However, NSA disclosed it had charged Snowden with three felonies — espionage, theft and conversion of government property — on June 21. The maximum sentence for each is 10 years.

In full, the petition reads: “Edward Snowden is a national hero and should be immediately issued a a [sic] full, free, and absolute pardon for any crimes he has committed or may have committed related to blowing the whistle on secret NSA surveillance programs.”

Snowden, who smuggled the classified documents out of NSA facilities on a thumb drive, was working as a systems analyst for Booz Allen Hamilton in Hawaii when he decided to release the information to journalist Glenn Greenwald at The Guardian. Snowden decamped to Hong Kong, then Russia, but was not on a flight to Havana, Cuba, on Monday, as expected.

His current whereabouts are unknown, but WikiLeaks has been assisting with Snowden’s travel costs and applications for asylum in Ecuador and Iceland, as he dodges extradition to the U.S. Ecuador has been protecting WikiLeaks founder Julian Assange for a year, despite calls from the U.S. for extradition to the states.

Due to the classified elements involved in the case, it is unknown whether the Obama administration actually will respond to the petition.

Who is Jon Rymer, Obama’s DOD IG pick?

“We are pleased to have played a role in securing this valuable work of art by the celebrated artist, Pablo Picasso, on behalf of the Italian government,” said U.S. Attorney for the Southern District of New York Preet Bharara in a statement. “Our commitment to ‘taking the profit out of crime’ transcends national boundaries and is the operating principle of our asset forfeiture program.”