Later On

A blog written for those whose interests more or less match mine.

Archive for the ‘Law’ Category

An Epidemic of Disbelief

leave a comment »

Barbara Bradley Haggerty writes in the Atlantic:

Robert Spada walked into the decrepit warehouse in Detroit and surveyed the chaos: Thousands of cardboard boxes and large plastic bags were piled haphazardly throughout the cavernous space. The air inside was hot and musty. Spada, an assistant prosecutor, saw that some of the windows were open, others broken, exposing the room to the summer heat. Above the boxes, birds glided in slow, swooping circles.

It was August 17, 2009, and this brick fortress of a building housed evidence that had been collected by the Detroit Police Department. Spada’s visit had been prompted by a question: Why were police sometimes unable to locate crucial evidence? The answer lay in the disarray before him.

As Spada wandered through the warehouse, he made another discovery, one that would help uncover a decades-long scandal, not just in Detroit but across the country. He noticed rows of steel shelving lined with white cardboard boxes, 10 inches tall and a foot wide, stacked six feet high. What are those? he asked a Detroit police officer who was accompanying him. Rape kits, the officer said.“I’m assuming they’ve been tested?” Spada said.

“Oh, they’ve all been tested.”

Spada pulled out a box and peered inside. The containers were still sealed, indicating that the evidence had never been sent to a lab. He opened four more boxes: the same.

“I tried to do a quick calculation,” he later told me. “I came up with approximately 10,000.”

Spada’s estimate was conservative. Eventually 11,341 untested rape kits were found, some dating back more than 30 years—each one a hermetically sealed testament to the most terrifying minutes of a woman’s life, each one holding evidence that had been swabbed or plucked from the most private parts of her body. And in all likelihood, some microscopic part of her assailant—his DNA, his identity—sat in that kit as well.

Or kits.

Eric Eugene Wilkes was known to Detroit police for robbery and carjacking. Not for rape. Yet Wilkes’s DNA was in boxes scattered throughout the warehouse, even as he walked free. His DNA first arrived there more than 18 years ago, after he raped a woman waiting for a bus on December 26, 2000. It next appeared after another rape four months later. Three days after that, police shelved the untested kit from his third victim.

One can imagine a certain rhythm to the process, as police hoist kit after kit onto the metal shelves, not knowing that they hold in their hands the identity of a serial rapist. Here’s the evidence box from a deaf woman Wilkes assaulted in June 2006. There’s one from a woman he raped in May 2007. The kit from his sixth victim arrived in June 2010. Another a month later. Two more in August 2011. His 10th victim, four months after that. Not until he raped his 11th victim, in January 2012, did the sequence end, because that woman saw Eric Wilkes two days after the assault and called the police, who arrested him. Eleven years, 11 violent rapes—all while Wilkes’s identity was preserved in sealed containers that no one had bothered to open.

The untested rape kits would continue to accumulate for years after Spada’s visit. But that August day became a defining moment for survivors of sexual assault. Spada called Kym Worthy, the county prosecutor, and told her what he’d found. “I was livid,” Worthy recalls. “I wanted to test them all immediately.” She began talking to reporters, and the decrepit warehouse in Detroit with the broken windows became a powerful symbol of police negligence.

Since then, Detroit and other jurisdictions across the country have shipped tens of thousands of kits to labs for testing. The results have upended assumptions about sexual predators—showing, for example, that serial rapists are far more common than many experts had previously believed.

But the rape-kit scandal has turned out to be only a visible symptom, a mole on the skin that hints at a pervasive cancer just below the surface. The deeper problem is a criminal-justice system in which police officers continue to reflexively disbelieve women who say they’ve been raped—even in this age of the #MeToo movement, and even when DNA testing can confirm many allegations. From the moment a woman calls 911 (and it is almost always a woman; male victims rarely report sexual assaults), a rape allegation becomes, at every stage, more likely to slide into an investigatory crevice. Police may try to discourage the victim from filing a report. If she insists on pursuing a case, it may not be assigned to a detective. If her case is assigned to a detective, it will likely close with little investigation and no arrest. If an arrest is made, the prosecutor may decline to bring charges: no trial, no conviction, no punishment.

Each year, roughly 125,000 rapes are reported across the United States. Sometimes the decision to close a case is surely correct; no one wants to smear an innocent man’s reputation or curtail his freedom because of a false report. But in 49 out of every 50 rape cases, the alleged assailant goes free—often, we now know, to assault again. Which means that rape—more than murder, more than robbery or assault—is by far the easiest violent crime to get away with.

“Right there,” liz garcia says, pointing to a second-floor window of a modest white house in Cleveland. “That’s the window of the bedroom that I was raped in.” March 23, 2004, she recalls, was a bright, crisp day. With her twin girls in school and her paramedic training almost complete, she decided it was just the day to wash her Ford Explorer. She ran upstairs to the bathroom for a towel. Looking in the mirror, she saw the door swing open behind her. She turned and saw black shoes. Her gaze traveled upward: black pants, black gloves, black jacket, black ski mask.

Over the next two hours, the man dragged Garcia from room to room. She thought of running or jumping out a window, but he was bigger, muscular; he seemed to anticipate her moves. He raped her three times. He was prepared and meticulous. He wore gloves and a condom. He spread a towel on Garcia’s bed, and took it with him when he left. “He had shaved his legs and chest”—she could feel the stubble—“so he wouldn’t leave hair behind. He knew what he was doing.” He ordered her to wash out her mouth, and made her shower as he watched. Before leaving, he told her to count to 500.

“He closed the shower curtain, and I heard him go down the stairs. I am standing there. Do I get out? Do I count? And all of a sudden”—Garcia yanked her hand from right to left—“he opens up the shower curtain. I didn’t even hear him come back up the stairs. It was terrifying.”

Satisfied that Garcia had not moved, the man fled.

Although the police didn’t yet know it, a serial rapist had been stalking Cleveland since the mid-1990s. He’d begun with vulnerable women: women willing to sell sex for drugs or money, an unlucky woman whose car ran out of gas, one teenager who was skipping school, another with a prosthetic leg. This should have put the police on high alert, Tim McGinty, a former Cuyahoga County prosecutor, told me. Vulnerable people—drug addicts, prostitutes, people living in poor neighborhoods—are the “canaries in the coal mine. If you’ve got a serial rapist out there, who does he hit first? He hits the vulnerable people.”

By 2004, the rapist had graduated to home invasions and more prosperous victims. One week after the attack on Liz Garcia, a 55-year-old schoolteacher was raped in her home. Only then, after attacks on two middle-class women, did the police make a public plea for leads. The department received an anonymous tip: an envelope with a newspaper clipping and an arrest record for a former probation officer named Nathan Ford. The police apprehended Ford and swabbed him. As part of a pilot study, the department had sent some 250 rape kits off for DNA testing—and Ford’s DNA matched eight of them. But not Liz Garcia’s. The police tested her kit but didn’t find her assailant’s DNA. “They told me I would never know who the attacker was,” she says.

At the time, if you were raped in Cleveland and you were poor or otherwise vulnerable, police would likely make a couple of phone calls and move on. You can see this play out in the police files documenting the response to Nathan Ford’s early attacks. All of Ford’s victims who came forward had forensic exams, but detectives were more likely to shelve the kits than send them to a lab. Rarely did a detective visit the victim, witnesses, or the crime scene. If a victim couldn’t come to police headquarters on the detective’s timetable—because she couldn’t find transportation or child care or get time off from work—she was labeled “uncooperative.” The case was closed. In other instances, the detective wrote that he couldn’t locate the victim, and this was enough to end the investigation. Yet when investigators reopened sexual-assault cold cases 20 years later, they almost always found the victim within a few hours.

When the Cuyahoga County prosecutor’s office hired a team of researchers at Case Western Reserve University, in 2015, to pore through police files and other records connected to thousands of untested rape kits in Cleveland, they quickly spotted the same pattern. In a random sample of cases, mainly from the mid-’90s, they found that the notes from many police investigations barely filled a single page. In 40 percent of cases, detectives never contacted the victim. In three out of four, they never interviewed her. Half of the investigations were closed in a week, a quarter in a day. As for rape kits—the one type of evidence that might definitively identify a rapist—police rarely sent them to the lab for testing. Granted, testing a kit could cost more than $5,000 in the late ’90s and 2000s. But during part of that time, the state was paying police departments to send in evidence. And even when the cost of testing a kit dropped to less than $1,000, police still tucked away the evidence in storage. Ultimately, Cleveland would accumulate some 7,000 untested kits.

Nathan ford’s rampage wasn’t enough to persuade the Cleveland police to begin addressing the rape-kit backlog. What did persuade them was a serial killer. In October 2009, the police discovered the bodies of 11 women buried in the home and backyard of Anthony Sowell, a convicted rapist. Over the years, some of Sowell’s intended victims had escaped and reported his attempts to rape them. But the police had never thoroughly investigated their claims. At least one woman had completed a forensic exam. The police had tested the rape kit—but only for drugs in her system, not for the rapist’s DNA.

The Sowell case became a scandal, and it raised larger questions: Why weren’t attacks on women being investigated? How many rape kits did the police department have in storage? How many had been tested?

Under pressure from then–Ohio Attorney General Mike DeWine, the city’s police department began sending off kits for testing in 2011. Officials called it a “forklift” approach because every box, no matter how old, was shipped to a state lab. At first the progress was slow. But in January 2013, Tim McGinty, who had just been elected Cuyahoga County prosecutor, created a task force devoted to testing the kits and reinvestigating cases. He brought in 25 detectives, mostly out of retirement, and assigned half a dozen assistant prosecutors to the effort. He allowed two reporters from The Plain Dealer to sit in on their weekly meeting.

Within weeks, DNA results started arriving from the lab: More than a third of the rape kits were pinging in the FBI’s Combined DNA Index System, known as CODIS. Created in the 1990s, the database contains DNA profiles collected at crime scenes across the country, many of them linked to the name of a known criminal. Cleveland investigators were soon identifying rapists who had eluded detection for decades. “It was much more fruitful than we ever in our wildest dreams imagined,” recalls DeWine, now the governor of Ohio. Some weeks, Richard Bell, the prosecutor in charge of the task force, would announce 20 new DNA matches.

Investigators sometimes had only a few days to build a 20-year-old case—to locate victims and witnesses and gather their sworn statements—before the statute of limitations ran out. “There was one hit where we turned it around in two days and brought it into the grand jury at 4:15 p.m., before the 4:30 end of day,” Bell recalls. Cases with fewer than 10 days remaining were labeled, in red ink, all hands on deck.

Since Cuyahoga County began forklifting its kits, prosecutors have indicted nearly 750 rapists in cold cases and convicted more than 400 of them. (Detroit, which got a later start, has convicted some 175 men.) “They would never have resurrected the [closed cases] without this project,” Bell says.

For more than a decade, Liz Garcia had wondered whether her rapist would return to kill her and her daughters, as he’d promised. She suffered panic attacks, sometimes five a day. She avoided answering the door. She showered with the curtain open. She left the light on all night. She slept on the couch, with her back to the wall. “I had knives under my pillows. I hid knives all over the house,” she told me.

Not until she found a detective’s card tucked in her door more than a decade later did she cease to regard the world outside her home like a prey without cover. The lab had retested her rape kit using newer technology; this time it detected male DNA and identified her attacker: Nathan Ford. The police also discovered more victims whose kits had been shelved for years, bringing Ford’s total to 22 rape kits. By then he was already in prison and serving a life sentence. Garcia could put away her knives. She still sleeps with the light on.

When the members of Cleveland’s task force began shipping rape kits to the state lab, they didn’t imagine they’d end up fomenting a small revolution in criminology. Yet those evidence boxes uncovered new clues about the behavior of sexual assailants and overturned some basic assumptions—about how often they offend, whom they attack, and how they might be captured.

Rachel Lovell, the lead researcher at Case Western, reviewed the results of the tests and found herself with a new and superior class of information. In the past, most research on rapists relied on prison records or “self-reports”—that is, surveys of people who answered questions anonymously about their behavior. But here, in her hands, were the biological name tags of thousands of men who had committed a rape and walked away. It was a larger and far more objective sample of sexual offenders. It was the difference between a pencil sketch and a color photograph.

What struck her first was the sheer number of repeat offenders: Of the rape kits containing DNA that generated a CODIS hit, nearly one in five pointed to a serial rapist—giving the Cleveland investigators leads on some 480 serial predators to date. On a practical level, this suggested that every allegation of rape should be investigated as if it might have been committed by a repeat offender. “The way we’ve traditionally thought of sexual assault is this ‘he said, she said’ situation, where they investigate the sexual assault in isolation,” Lovell told me. Instead, detectives should search for other victims or other violent crimes committed nearby, always presuming that a rapist might have attacked before. “We make those assumptions with burglary, with murder, with almost any other crime,” Lovell said, “but not a sexual assault of an adult.”

Another surprise for police and prosecutors involved profiling. All but the most specialized criminologists had assumed that serial rapists have a signature, a certain style and preference. Gun or knife? Alley or car? Were their victims white, black, or Hispanic? Investigators even named them: the ponytail rapist, the early-morning rapist, the preacher rapist.

But Lovell recalled sitting in Cleveland’s weekly task-force meeting, listening to the investigators describe cases. They would say: This guy approached two of his victims on a bicycle, but there was this other attack that didn’t fit the pattern. Or: This guy assaulted his stepdaughter, but he also raped two strangers. “I was always like, ‘This seems so very different,’ ” Lovell said. “This is not what we think about a serial offender. Usually we think of serial offenders as particularly methodical, organized, structured—the ones that make TV.”

Eric Beauregard, a criminologist at Simon Fraser University who has interviewed 1,200 sexual offenders, says profiling may fail because a predator’s reality falls short of his fantasy. Most offenders tell him that they do hunt for a certain type of victim, but “what they had in mind and what they selected did not match at all,” he says. “If they are looking for a tall blonde with big breasts, at the end of the day, it was: She was there, she was available, she was alone. Those were the criteria.” Nathan Ford’s victims, for example, were black, white, Hispanic, and Asian; 13 years old and 55; on the west side of the city and on the east.

“Thank God we have DNA,” Dan Clark, one of the Cleveland investigators, says. “Because trying to put together a pattern where there is no pattern is impossible. It’s no wonder we didn’t catch that many people.”

Most rapes, of course, are not committed by strangers. Eighty percent of the time, the rapist is someone a woman knows—they met at a party or a bar; he’s her colleague, friend, mentor, coach. So police saw little reason to send off those rape kits: The man’s identity was never in doubt. But the Cleveland study illuminated another insight—one that shows the tragic consequences of failing to test “acquaintance rape” kits. Historically, investigators had assumed that someone who assaults a stranger by the railroad tracks is nothing like the man who assaults his co-worker or his girlfriend. But it turns out that the space between acquaintance rape and stranger rape is not a wall, but a plaza. When Cleveland investigators uploaded the DNA from the acquaintance-rape kits, they were surprised by how often the results also matched DNA from unsolved stranger rapes. The task force identified dozens of mystery rapists this way. . .

Continue reading.

Written by LeisureGuy

16 September 2019 at 3:27 pm

Director of National Intelligence Tells Congress to Fuck Off

leave a comment »

The US seems to have totally lost its way. Kevin Drum writes at Mother Jones:

A few days ago the inspector general for the intelligence community notified Congress of a whistleblower complaint that was both credible and a matter of “urgent concern.” Rep. Adam Schiff, the Chairman of the House Permanent Select Committee on Intelligence, naturally asked the Director of National Intelligence to provide a copy of the complaint, as required by law. The DNI told him to pound sand. Now Schiff is pissed off:

As Acting Director of National Intelligence, you have neither the legal authority nor the discretion to overrule a determination by the IC IG. Moreover, you do not possess the authority to withhold from the Committee a whistleblower disclosure from within the Intelligence Community that is intended for Congress.

….Your office, moreover, has refused to affirm or deny that officials or lawyers at the White House have been involved in your decision to withhold the complaint from the Committee….The Committee can only conclude, based on this remarkable confluence of factors, that the serious misconduct at issue involves the President of the United States and/or other senior White House or Administration officials. This raises grave concerns that your office, together with the Department of Justice and possibly the White House, are engaged in an unlawful effort to protect the President and conceal from the Committee information related to his possible “serious or flagrant” misconduct, abuse of power, or violation of law.

Accordingly, due to the urgency of the matter and the unlawful decision by your office to withhold from the Committee an Intelligence Community individual’s credible “urgent concern” whistleblower disclosure, the Committee hereby issues the attached subpoena compelling you to transmit immediately to the Committee the disclosure, in complete and unaltered form, as well as to produce other related materials.

The acting DNI, unsurprisingly, is claiming that the whistleblower complaint contains confidential and privileged information, which means he’s not required to turn it over. This has become the Trump administration’s go-to move, despite the fact that, . . .

Continue reading.

Written by LeisureGuy

13 September 2019 at 6:50 pm

Thousands of Poor Patients Face Lawsuits From Nonprofit Hospitals That Trap Them in Debt

leave a comment »

Maya Miller and Beena Raghavendran report in ProPublica:

Over the past few months, several hospitals have announced major changes to their financial assistance policies, including curtailing the number of lawsuits they file against low-income patients unable to pay their medical bills.

Investigative reports have spurred the moves, and they prompted criticism from a top federal official.

“We are learning the lengths to which certain not-for-profit hospitals go to collect the full list price from uninsured patients,” Seema Verma, the administrator of the Centers for Medicare and Medicaid Services, told board members of the American Hospital Association on Tuesday, according to published remarks. “This is unacceptable. Hospitals must be paid for their work, but it’s actions like these that have led to calls for a complete Washington takeover of the entire health care system.”

In June, ProPublica published a story with MLK50 on the Memphis, Tennessee-based nonprofit hospital system Methodist Le Bonheur Healthcare. It brought more than 8,300 lawsuits against patients, including dozens against its own employees, for unpaid medical bills over five years. In thousands of cases, the hospital attempted to garnish defendants’ paychecks to collect the debt.

After our investigation, the hospital temporarily suspended its legal actions and announced a review. That resulted in the hospital raising its workers’ wages, expanding its financial assistance policy and announcing that it would not sue its lowest-income patients. “We were humbled,” the hospital’s CEO, Michael Ugwueke, told reporters.

The same month, NPR reported that Virginia’s nonprofit Mary Washington Hospital was suing more patients for unpaid medical bills than any hospital in the state. Dr. Marty Makary, a surgeon at Johns Hopkins University, and fellow researchers had documented 20,000 lawsuits filed by Virginia hospitals in 2017 alone. The research team found that nonprofit hospitals more frequently garnished wages than their public and for-profit peers.

In mid-August, The Oklahoman reported that dozens of hospitals across the state had filed more than 22,250 suits against former patients since 2016. Saint Francis Health System, a nonprofit that includes eight hospitals, filed the most lawsuits in the three-year span.

In the first week of September, The New York Times reported that Carlsbad Medical Center in New Mexico had sued 3,000 of its patients since 2015. That report was also based on findings from Makary, who just published the book “The Price We Pay: What Broke American Health Care — and How to Fix It.”

And this week, Kaiser Health News and The Washington Post chronicled how Virginia’s state-run University of Virginia Health System sued patients more than 36,000 times over a six-year span.

There is no federal law mandating that nonprofit hospitals provide a specific amount of charity care, nor is there readily accessible data measuring how aggressively each hospital pursues patients for unpaid bills. But consumer advocates say the revelations in recent coverage on hospitals’ litigation practices are troubling.

“It’s dismaying to see how common it is,” said Jenifer Bosco, an attorney with the National Consumer Law Center who helped craft a Model Medical Debt Protection Act.

Nearly half of the nation’s 6,200 hospitals are nonprofits, meaning they are exempt from paying most local, state and federal taxes in return for providing community benefits.

But the issue of nonprofit hospitals engaging in aggressive debt collection practices that push the very communities they are designed to assist into poverty isn’t new.

In 2014, ProPublica reported on a small Missouri hospital that filed 11,000 lawsuits over a five-year span. In response, Sen. Chuck Grassley, R-Iowa, opened an investigation, and the hospital forgave the debts owed by thousands of former patients.

In 2003, The Wall Street Journal detailed how Yale-New Haven Hospital in Connecticut had pursued a patient’s widow to pay off his late wife’s 20-year-old medical bills. The hospital canceled the debt following the article.

“Some of these things are really outrageous,” said Jessica Curtis, a policy expert with Community Catalyst who helped draft billing protections for patients in the Affordable Care Act. “There are really aggressive tactics being used and little consideration or understanding for how those tactics actually impact people.”

Grassley, chairman of the Senate Finance Committee, sent a letter to the commissioner of the Internal Revenue Service in February to renew his inquiries into whether nonprofit hospitals provide sufficient community benefits to qualify for tax breaks.

Since publishing our story on Methodist hospital in Memphis, we’ve continued to work with communities in the city to better understand the toll these lawsuits are taking. . .

Continue reading.

I thought nonprofit hospitals were the good guys. They’re not. They must be watched and regulated, otherwise they do things such as those described above.

Written by LeisureGuy

13 September 2019 at 6:39 pm

The New Target That Enables Ransomware Hackers to Paralyze Dozens of Towns and Businesses at Once

leave a comment »

Renee Dudley reports in ProPublica:

On July 3, employees at Arbor Dental in Longview, Washington, noticed glitches in their computers and couldn’t view X-rays. Arbor was one of dozens of dental clinics in Oregon and Washington stymied by a ransomware attack that disrupted their business and blocked access to patients’ records.

But the hackers didn’t target the clinics directly. Instead, they infiltrated them by exploiting vulnerable cybersecurity at Portland-based PM Consultants Inc., which handled the dentists’ software updates, firewalls and data backups. Arbor’s frantic calls to PM went to voicemail, said Whitney Joy, the clinic’s office coordinator.

“The second it happened, they ghosted everybody,” she said. “They didn’t give us a heads up.”

A week later, PM sent an email to clients. “Due to the size and scale of the attack, we are not optimistic about the chances for a full or timely recovery,” it wrote. “At this time we must recommend you seek outside technical assistance with the recovery of your data.”

On July 22, PM notified clients in an email that it was shutting down, “in part due to this devastating event.” The contact phone number listed on PM’s website is disconnected, and the couple that managed the firm did not respond to messages left on their cellphones.

The attack on the dental clinics illustrates a new and worrisome frontier in ransomware — the targeting of managed service providers, or MSPs, to which local governments, medical clinics, and other small- and medium-sized businesses outsource their IT needs. While many MSPs offer reliable support and data storage, others have proven inexperienced or understaffed, unable to defend their own computer systems or help clients salvage files. As a result, cybercriminals profit by infiltrating dozens of businesses or public agencies with a single attack, while the beleaguered MSPs and their incapacitated clients squabble over who should pay the ransom or recovery costs.

Cost savings are the chief appeal of MSPs. It’s often cheaper and more convenient for towns and small businesses with limited technical needs to rely on an MSP rather than hire full-time IT employees. But those benefits are sometimes illusory. This year, attacks on MSPs have paralyzed thousands of small businesses and public agencies. Huntress Labs, a Maryland-based cybersecurity and software firm, has worked with about three dozen MSPs struck by ransomware this year, its executives said. In one incident, 4,200 computers were infected by ransomware through a single MSP.

Last month, hackers infiltrated MSPs in Texas and Wisconsin. An attack on TSM Consulting Services Inc. of Rockwall, Texas, crippled 22 cities and towns, while one on PerCSoft of West Allis, Wisconsin, deprived 400 dental practices around the country of access to electronic files, the Wisconsin Dental Association said in a letter to members. PerCSoft, which hackers penetrated through its cloud remote management software, said in a letter to victims that it had obtained a key to decrypt the ransomware, indicating that it likely paid a ransom. PerCSoft did not return a message seeking comment.

TSM referred questions about the Texas attack to the state’s Department of Information Resources, which referred questions to the FBI, which confirmed that the ransomware struck the towns through TSM. One of the 22 Texas municipalities has been hit by ransomware twice in the past year while using TSM’s services.

FBI spokeswoman Melinda Urbina acknowledged that MSPs are profitable targets for hackers. “Those are the targets they’re going after because they know that those individuals would be more apt to pay because they want to get those services back online for the public,” she said.

Beyond the individual victims, the MSPs’ shortcomings have a larger consequence. They foster the spread of ransomware, one of the world’s most common cybercrimes. By failing to provide clients with reliable backups or to maintain their own cybersecurity, and in some cases paying ransoms when alternatives are available, they may in effect reward criminals and give them an incentive to strike again. This year, ProPublica has reported on other industries in the ransomware economy, such as data recovery and insurance, which also have enriched ransomware hackers.

To get inside MSPs, attackers have capitalized on security lapses such as weak passwords and failure to use two-factor authentication. In Wisconsin and elsewhere, they also have exploited vulnerabilities in “remote monitoring and management” software that the firms use to install computer updates and handle clients’ other IT needs. Even when patches for such vulnerabilities are available, MSPs sometimes haven’t installed them.

The remote management tools are like “golden keys to immediately distribute ransomware,” said Huntress CEO Kyle Hanslovan. “Just like how you’d want to push a patch at lightning speed, it turns out you can push out ransomware at lightning speed as well.”

Otherwise, the hacker may spread the ransomware manually, infecting computers one at a time using software that normally allows MSP technicians to remotely view and click around on a client’s screen to resolve an IT problem, Hanslovan said. One Huntress client had the “record session” feature of this software automatically enabled. By watching those recordings following the attack, Huntress was able to view exactly how the hacker installed and tracked ransomware on the machines.

In some cases, Hanslovan said, MSPs have failed to save and store backup files properly for clients who paid specifically for that service so that systems would be restored in the event of an attack. Instead, the MSPs may have relied on low-cost and insufficient backup solutions, he said. Last month, he said, Huntress worked with an MSP whose clients’ computers and backup files were encrypted in a ransomware attack. The only way to restore the files was to pay the ransom, Hanslovan said.

Even when backups are available, MSPs sometimes prefer to pay the ransom. Hackers have leverage in negotiations because the MSP — usually a small business itself — can’t handle the volume of work for dozens of affected clients who simultaneously demand attention, said Chris Bisnett, chief architect at Huntress.

“It increases the likelihood that someone will pay rather than just try to fix it themselves,” Bisnett said. “It’s one thing if I have 50 computers that are ransomed and encrypted and I can fix them. There’s no way I have time to go and do thousands of computers all at the same time when I’ve got all these customers calling and saying: ‘Hey, we can’t do any business, we’re losing money. We need to be back right now.’ So the likelihood of the MSP just saying, ‘Oh I can’t deal with this, let me just pay,’ goes up.”

Because there are so many victims, the hacker can make a larger ransom demand with greater confidence that it will be paid, Hanslovan said. Attacking the MSP . . .

Continue reading.

Written by LeisureGuy

12 September 2019 at 5:40 pm

Top Interior official who pushed to expand drilling in Alaska to join oil company there

leave a comment »

Seems an obvious quid pro quo. Juliet Eilperin and Steven Mufson report in the Washington Post:

Last summer, Scott Pruitt left his job heading the Environmental Protection Agency and within a few months had started consulting for coal magnate Joseph W. Craft III. Three weeks after leaving the Interior Department, energy counselor Vincent DeVito joined Cox Oil Offshore, which operates in the Gulf of Mexico, as its executive vice president and general counsel. Now, Joe Balash — who oversaw oil and gas drilling on federal lands before resigning from Interior on Friday — is joining a foreign oil company that is expanding operations on Alaska’s North Slope.

Balash, who served as the Interior Department’s assistant secretary for land and minerals management for nearly two years, confirmed in a phone interview Tuesday night that he will begin working for the Papua New Guinea-based Oil Search, which is developing one of Alaska’s largest oil prospects in years. On Wednesday, Oil Search officials said he would become senior vice president for external affairs in the company’s Alaska operations.

The company is drilling on state lands that lie outside — but nearby — two federal reserves where the Trump administration is pushing to increase oil and gas development: the Arctic National Wildlife Refuge and the National Petroleum Reserve-Alaska. During his time at Interior, Balash oversaw the department’s preparations to hold lease sales on the coastal plain of the 19.3 million-acre refuge and to expand drilling on the 22.8 million-acre reserve to the west of the refuge. Both sites are home to large numbers of migratory birds as well as caribou, polar bears and other wildlife.

Balash said that even though in his new role he would oversee employees who would work with the federal government on energy policy, he would abide by the Trump ethics pledge barring appointees from lobbying their former agencies for five years.

“I’ll supervise those who do,” he said, referring to Oil Search staffers with business before the federal government, “but I have a ton of restrictions dealing with the Department of Interior. Most of Oil Search’s properties are state lands. There isn’t really the federal nexus.”

Nonetheless, Sen. Tom Udall (D-N.M.) sent a letter to Interior’s ethics official Wednesday asking that the department provide copies of all ethics filings made by Balash and any notifications of his negotiations for future employment or compensation.

Udall is the ranking Democrat on the Senate Appropriations Subcommittee on the Interior, Environment, and Related Agencies.

“I believe the public has a compelling interest in knowing whether the necessary steps were taken to address this potential conflict of interest,” Udall wrote.

Oil Search, along with its partner Repsol, has been expanding aggressively in Alaska, where it says it has acquired leases with more than 700 million barrels of crude reserves. In May, the company received the go-ahead from the Army Corps of Engineers, and it plans to ramp up production operations this year and over the winter.

Balash noted that Interior “was not even a cooperating agency” in the decision to grant Oil Search the recent permit under the Clean Water Act.

Oil Search staffers working on community outreach, government affairs, and communications in Alaska will report to Balash in his new position, according to a company spokeswoman.

“Joe is a proud Alaskan and brings significant regulatory and external affairs experience to Oil Search, a company relatively new to operating in the United States,” said Keiran Wulff, Oil Search executive vice president and president for Alaska. “We are excited by the opportunities in Alaska and committed to working with stakeholders in a collaborative manner.”

Danielle Brian, executive director of the Project on Government Oversight, said in an interview that the fact that Balash has been working to make more land available for exploration near Oil Search’s ongoing development raises concerns.

If Balash’s jump to Oil Search “ends up being legal, it’s further confirmation to me that our laws are simply inadequate,” Brian said. “It is hard to have confidence that decisions he was making while he was working for the taxpayers were not impacted by his aspirations or hopes to go work for a company that was materially affected by his work.”

Asked about Balash’s job plans last week, Interior would not comment.

Balash has extensive experience in Alaska state politics. He served as the deputy commissioner for Alaska’s Department of Natural Resources and ran the agency on an acting basis for just over a year, before becoming chief of staff for Sen. Dan Sullivan (R-Alaska). He joined Interior in December 2017.

Earlier, Balash served in the governor’s office as a special assistant on energy and natural resource development. And before that, he worked on the joint legislative budget and audit committee and served as chief of staff to the state Senate president. Balash also attended high school in Fairbanks.

Ethics experts said that regardless of the Alaskan’s job description, his decision to join an oil company raises potential conflict of interest issues, depending in part on the nature of his negotiations with the firm before he left public office.

Under 18 U.S. Code Section 208, a federal official is barred “from participating personally and substantially in a particular Government matter that will affect his own financial interests, as well as the financial interests of” his spouse, children and “a person with whom he is negotiating for or has an arrangement concerning prospective employment.”

“At the point Balash began discussing employment opportunities with Oil Search, he was prohibited from personally and substantially participating in any particular matter that would affect Oil Search’s financial interests,” said Brendan Fischer, federal reform program director at the Campaign Legal Center.

Although Oil Search has not bid on federal leases in Alaska, officials from the firm met with Balash several times while he served as assistant secretary, according to his public calendar. On Jan. 10, 2018, he had a meeting classified as a video call with Wulff and other Oil Search executives, described as a “meet and greet” in his calendar notes. . .

Continue reading.

Not exactly draining the swamp.

Written by LeisureGuy

4 September 2019 at 2:42 pm

Lessons learned by FBI agent who infiltrated white supremacist groups

leave a comment »

Jon Sexton reports in ProPublica:

Late in 2017, ProPublica began writing about a California white supremacist group called the Rise Above Movement. Its members had been involved in violent clashes at rallies in Charlottesville, Virginia, and several cities in California. They were proud of their violent handiwork, sharing videos on the internet and recruiting more members. Our first article was titled “Racist, Violent, Unpunished: A White Hate Group’s Campaign of Menace.”

More articles followed, and another neo-Nazi group, Atomwaffen Division, was exposed.

Michael German, a former federal agent who spent years infiltrating white supremacist groups, said the work of the groups constituted “organized criminal activity,” and he asked, in so many words, “Where is the FBI?”

Federal authorities wound up arresting eight members of the Rise Above Movement, and five of them have since pleaded guilty to federal riot charges. This summer, FBI Director Christopher Wray testified that, over the last nine months, the bureau’s domestic terrorism investigations had led to 90 arrests, many of them involving white supremacists. And in recent weeks, there have been additional arrests: a Las Vegas man said to be affiliated with Atomwaffen and a young man in Chicago affiliated with Patriot Front, another white supremacist group.

The activity concerning the threat of white racists has gone beyond arrests. There have been a variety of proposals making their way through Congress aimed at creating federal criminal statutes that might make prosecuting domestic terrorism threats more effective. The FBI Agents Association has supported new laws.

We went back to German, a fellow with the Brennan Center for Justice’s Liberty and National Security Program and the author of the forthcoming book “Disrupt, Discredit, and Divide: How the New FBI Damages Democracy,” to inquire about the significance of the seeming burst of enforcement efforts.

The FBI, made aware of German’s observations and arguments, declined to comment, but it provided a link to recent testimony by bureau officials before Congress.

There have been a handful of arrests of alleged white supremacists in recent weeks. What do you make of them? A temporary reaction to the El Paso, Texas, massacre? Evidence of a deeper commitment by the FBI? Coincidence?

First, the arrests of several white nationalists allegedly planning acts of violence since the El Paso attack demonstrate beyond question that the FBI has all the authority it needs to act proactively against white supremacist violence. Claims from the FBI Agents Association and other current and former Justice Department officials that the government needs new laws to target this violence are false. I worked successful domestic terrorism undercover operations against white supremacists in the 1990s, and no one ever suggested we didn’t have all the authority we needed.

It is hard to know if these arrests mark a new increase in attention to far-right violence because the Justice Department doesn’t keep reliable data about how many investigations and prosecutions it conducts against white supremacists. It sometimes categorizes them as domestic terrorism, other times as hate crimes or even gang crimes, obscuring the true scope of the violence they inflict on our society. And since the Justice Department defers the investigation and prosecution of hate crimes to state and local law enforcement, the FBI doesn’t even know how many people white supremacists kill each year.

The Justice Department and FBI de-prioritize the investigation and prosecution of far-right violence as a matter of policy, not a lack of authority. These recent cases are a result of increased public pressure to do something about these crimes. But the Justice Department and FBI have done nothing to amend their policies that de-prioritize the investigation of white supremacist crimes. Maintaining public pressure and focusing on changing the biases that drive these policies is essential to forcing a change in priorities at these agencies.

At least two of the arrests appear to have involved a certain infiltration of white hate groups online. Noteworthy? Overdue

Many researchers have suggested that the internet fuels white nationalist violence and therefore suppression of these online communities is necessary. But white supremacists have been killing people in this country for more than a 100 years before the internet was created. They use the internet more to communicate today than 20 years ago, just like all the rest of us do, but that doesn’t mean there is more violence. In fact, as the recent cases suggest, internet communications make them far easier to track and infiltrate, so it is more a boost to law enforcement more than to violent militants.

But mass monitoring of social media for clues isn’t an effective strategy, as there are far more people expressing racist ideas online than committing violence. The FBI would be very busy chasing down false leads, which would only dull the response. Instead, the FBI and other law enforcement agencies should work from reasonable criminal predicates. Where there is objectively credible evidence that someone is planning to do harm they should act. The number of homicides in the U.S. has fallen significantly since the 1980s and 1990s, but so has the clearance rate. Even though there are fewer homicides now, fewer are being solved. I think it is because we are spending so much time and resources on suspicion-less surveillance and intelligence gathering rather than traditional evidence-based law enforcement tactics.

There is a variety of proposed legislation aimed at creating more specific federal domestic terrorism statutes. Worthy? Wrongheaded?

Congress shouldn’t pass broad new laws or stiffer penalties, as there are already dozens of federal statutes outlawing domestic terrorism, hate crimes and organized violent crime that carry significant sentences. There are bills that demand better data collection by the Justice Department, which would reveal where counterterrorism resources should be devoted and where they are being wasted. This is the better approach. Proper policies can’t be developed without a better understanding of the crime problem.

In the meantime, Congress should explore mechanisms to fund and implement community-led restorative justice practices that would redress the communal injuries hate crimes are designed to inflict. White supremacists try to intimidate and marginalize the communities they attack. Making sure these communities are cared for, protected and supported after an attack frustrates that goal. More policing isn’t always the right answer, and certainly not the only one.

There was recently news coverage of leaked FBI threat assessments listing the promotion of an array of political conspiracy theories as a domestic menace. What did you make of that? . . .

Continue reading. There’s more.

Written by LeisureGuy

30 August 2019 at 12:57 pm

The Justice Department Can’t Keep Its Own Law Secret Forever

leave a comment »

Cristian Farias writes in Politico:

When the Supreme Court and lower courts interpret the Constitution and laws, their decrees are public, accessible and subject to debate. In some instances, if an interpretation of the law doesn’t sit well with the public, Congress can respond by amending the law, effectively nullifying a court’s decision. Or if a ruling on a constitutional question is especially egregious, a constitutional amendment, though unlikely, remains an option.

But it turns out there’s a whole category of American law that is above such checks and balances. The public knows nothing about it and there’s no way to challenge it in court, let alone debate it in the halls of Congress.

For decades, the Justice Department’s Office of Legal Counsel has flexed its interpretive power as the ultimate arbiter of what the law is for the executive branch, building a whole body of secret law that remains shielded from public view. Very little is known about these opinions—which carry the force of law, resolve disputes between agencies, direct the conduct of federal officials and can even affect civil rights and liberties. In the view of one scholar, these opinions date “to the beginning of the Republic” and can even “rival the opinions of the Supreme Court.”

These decisions number in the thousands, and the few that become public see the light of day at the discretion of the Justice Department. But the vast majority stay secret—binding executive branch officials and activities across administrations. Because almost everyone who isn’t a lawyer in the office is kept in the dark about these legal conclusions, Congress and the public can’t debate them or seek amendments in the event of abuses. Courts are of no help either.

Indeed, without transparency to test these legal opinions in a court of law or the court of public opinion, it is often the case that the Justice Department has the final say on the actions of federal agencies and officers, and there’s not much anyone can do about it. From Robert Mueller’s decision to follow a 1973 Justice Department recommendationthat a president can’t be indicted while in office to numerouspronouncements shielding Donald Trump or officials in his administration from congressional oversight, the Office of Legal Counsel makes law that holds tremendous sway over issues of public concern.

And yet despite the influence of the office’s opinions across the executive branch and their centrality to many of Trump’s controversies, all the public knows about them is the smattering of decisions that are made public from time to time. The Justice Department claims to have the last word over what gets released to the public, subject to a secretive “publication review committee” that calls the shots.

According to one former Justice Department official, in 1991, when Attorney General William Barr first led the Justice Department, the government only published 13 opinions out of an estimated 625 that the Office of Legal Counsel gave to other agencies—a paltry 2 percent that leaves Americans with little understanding of the law that guided the United States’ government at the time.

In 2016, Congress amended the Freedom of Information Act to place a 25-year cap on documents previously shielded by what the Justice Department calls “deliberative process privilege”—which the government has cited in the past to keep Office of Legal Counsel’s precedent-setting legal opinions secret. By law, then, that type of privilege should no longer cover such decisions older than 25 years—though some or portions of them may still be kept from disclosure if, for example, they contain classified information. And neither should the department be allowed to claim attorney-client privilege over these opinions, which aren’t legal advice but controlling decisions of law.

With this understanding of the law and with an eye toward greater transparency, a group of scholars last week filed a lawsuit in federal courtarguing that Office of Legal Counsel memoranda that are at least 25 years old should be disclosed to the public under the Freedom of Information Act. Among the plaintiffs are historians of presidential power, the civil rights movement, the laws of war, government surveillance and immigration—all areas where the government’s enormous discretion to enforce the law has been guided by legal judgments that our citizenry would be well served to understand and reckon with, even today. The Justice Department didn’t comply with an earlier administrative request for these opinions.

Understanding past overreach could help us better understand today’s.Barr, then and now, is the kind of attorney general whose expansive views of executive power deserve legal scrutiny—and the public is entitled to know to what extent the Office of Legal Counsel abetted or disregarded his maximalist impulses. More than 25 years ago, he was behind some of the Justice Department’s darkest hours: From a lawless surveillance programhe approved that long predated the National Security Agency’s post-9/11 excesses to his role in recommending pardons for officials implicated in the Iran-Contra affair, the American people deserve to know how much secret law he helped create for the presidents he’s served—and how much of it may still be good law for the rest of the executive branch today. For all we know, some of these decisions may have been overruled by later administrations, presidents or attorneys general; the enduring secrecy of these opinions makes it difficult to tell.

Right now, we see these opinions’ weight and opacity playing out. In  . . .

Continue reading.

Written by LeisureGuy

30 August 2019 at 10:57 am

%d bloggers like this: