Tuesday, February 09, 2010

Google Buzz: Mountainview's Answer to Twitter

Google's answer to Twitter is called Buzz. This is what the welcome page looks like if you (a) get an invitation; and (b) accept it.

Could it succeed? Sure.

I say that with some caveats:

(a) Buzz should, if a Gmail user opts-in, rip the user's list of Twitter followers and largely recreate the very nervous system of the other network in parallel. And this is a good thing -- it takes advantage of open APIs and fosters competition. I wouldn't worry about a bifurcated market; the platforms will adapt or die. And the competition benefits the user.

(b) The concept of 'fast-twitch' and 'slow-twitch' communications systems running in a unified interface (i.e., Twitter and email, respectively) is consistent with how users operate. Consider Facebook and Google Wave: both provide dashboards of real-time messages integrated with persistent (email-style) messages and/or discussion boards.

Twitter has a massive head of steam, to be sure, but 20 years ago Microsoft appeared to be unstoppable force too. And things are moving much more rapidly now.


CBS News Poll Left Running Since January 19th; President Currently Trails Ivan the Terrible and Idi Amin for First-Year Performance

CBS News has had a poll running since January 19th asking visitors to rate the President's first year. The results have to be a bit discomfiting for Meyer Lansky (aka David Axelrod) and Al Capone (aka Rahm Emanuel) since one would assume that CBS is friendly ground.




In short, 87% of respondents give the President a failing grade.

That's gotta be a record.

Democrats shocked -- SHOCKED -- that Republicans won't eat the juicy, tender crap sandwich they cooked up all on their own

That wailing and gnashing of teeth you hear in the distance is the faux outrage ginned up by the Chicago wing of (that is to say -- the entire) White House over the GOP's refusal to participate in a "health care summit."

Now criticism of the Republicans might be warranted if, say, a single one of their ideas was truly on the table. But, as so often happens with this particular administration, truth is in extremely short supply. Because what the Democrats want the Republicans to discuss -- and then swallow -- is their original, Rube Goldberg-esque health care bill.

Yes, that's the same bill from which the GOP was completely excluded. That was crafted behind closed doors in secret meetings. That contains thousands of pages and billions in payoffs to the trial lawyers, the SEIU, Benedict Nelson, Mary Landfill, and every other radical Leftist constituency that had donated to Obama's campaign.

The Washington Compost provides the back-story with one of the highlights featuring the dumbest press secretary of all time. Yes, Robert Gibbs is on the front lines again today, accusing the GOP of -- wait for it -- excessive partisanship. Gibbs, whose birth certificate is rumored to be an apology note from a condom factory, rolled out Standardized Obama Talking Point #19. Memo to Gibbs: excessive repetition won't make it any less of a lie.

White House press secretary Robert Gibbs responded by saying that Obama has sought Republican input since early last year, and the president remains interested in hearing ideas that the GOP believe will advance the cause of health care reform... But he appeared to give little ground on the idea that Obama might abandon the months of work that produced Democratic bills that passed the House and the Senate late last year.

In a nutshell, President Obama -- Huckster-in-Chief -- is selling a "Bipartisan Health Summit" that is strictly predicated upon the exact same crap sandwich that the voters of Massachusetts forcefully spit out only weeks ago.

And when the GOP and the American people reject the same, noxious Sloppy Joe -- constructed by Democrats, for Democrats -- the Alinsky-trained hacks at the White House cry partisanship.

If this were a John Grisham story, readers would think the plot too unrealistic.


Linked by: Michelle Malkin. Thanks!



Death Camps? What Death Camps?

Dan from New York:

The tradition continues! America's fish wrap of record brings us the sunny news that a nuclear Iran will be good for the USA!

What a relief. Let's party like it's 1939!


P.S. Anyone know where the Times finds these morons? Or do these morons find the Times?

Either way, Dan, the Times has established a proud tradition of engaging the most sophisticated morons this side of Brandeis.


New sign spotted high in the mountains


Hat tip: Tim.

Update:




Pwnt: The Terrifying State of Cyberwarfare Today

A recent, nerve-wracking report on the current state of information warfare from MANDIANT is enough to send you off the grid forever (hat tip: Wired). While it does not mention the infamous Google-Adobe hack specifically, it's clear that common traits are discussed. I've captured the highlights because of the importance associated with disseminating this material far and wide. Even if you're not remotely technical, send it to your company's I.T. chief. Whether you like it or not, your organization is at war.

...These intrusions [against government and corporate entities] appear to be conducted by wellfunded, organized groups of attackers. We call them the “Advanced Persistent Threat” — the APT — and they are not “hackers”. Their motivation, techniques and tenacity are different. They are professionals, and their success rate is impressive.

The APT successfully compromises any target it desires. Conventional information security defenses don’t work. The attackers successfully evade anti-virus, network intrusion detection and other best practices. They can even defeat incident responders, remaining undetected inside the target’s network, all while their target believes they’ve been eradicated...

...Although the U.S. government and defense communities are aware of and countering APT attacks, many victims and targets are unaware and unequipped. Often, these victims of the APT react in a way that does more harm than good.

High-level trending and correlation

Step 1

In every intrusion investigated by MANDIANT, the APT used a consistent exploitation cycle. The attackers typically perform reconnaissance on the target prior to exploitation. Through this reconnaissance, the attackers identify individuals of interest and develop methods of potential access to the target. Targeted individuals range from senior leadership to researchers to administrative assistants.

In multiple cases, MANDIANT identified a number of public website pages from which a victim’s contact information was extracted and subsequently used in targeted social engineering messages.

Step 2

The APT may use several techniques to gain initial access... The most common and successful method has been [through] the use of "spear phishing". The APT attackers target a small number of specific individuals with a spoofed e-mail. For example, if a number of employees recently attended a business conference, the APT attackers might send a spoofed e-mail addressed from a speaker at the conference.

The spoofed e-mail will contain an attachment or a link to a ZIP file. The ZIP file will contain one of several different intrusion techniques:
  • A CHM file containing malware.
  • A Microsoft Office document exploit.
  • Some other client software exploit, like an Adobe Reader exploit.
...The attackers typically operate late in the night (U.S. time) between the hours of 10 p.m. and 4 a.m. These times correlate to daytime in China.

Establish a Backdoor into the Network

The attackers attempt to obtain domain administrative credentials (usually in encrypted form) from the targeted company and transfer the credentials out of the network. MANDIANT identified instances where attackers decrypted the credentials within minutes and used them to escalate privileges, either through a pass-the-hash or other legitimate tool. The attackers then established a stronger foothold in the environment by moving laterally through the network and installing multiple backdoors with different configurations.

The APT intruders use stealthy malware that routinely avoids detection by host-based and network-based security safeguards. The malware is installed with system level privileges through the use of process injection, registry modification, or scheduled services...
  • The malware is continually updated to ensure that it cannot be easily detected by host-based inspection looking for specific filenames, MD5 hashes, or file content searching.
  • The malware uses encryption and obfuscation techniques of its network traffic to make analysis of Command and Control (C2) traffic and data being exfiltrated difficult.
  • The attackers’ malware uses built-in Microsoft libraries, when available, to reduce the size of the executable and other third-party dependencies.
  • The attackers’ malware uses legitimate user credentials so they can better blend in with typical user activity.

Obtain User Credentials

The APT intruders access the majority of compromised systems via valid credentials. They often target domain controllers to obtain user accounts and corresponding password hashes en masse. They also obtain local credentials from compromised systems. They use these credentials to perform NETBIOS log-ons to compromised systems in order to inspect and pilfer data. On average, APT intruders access approximately 40 systems on a victim network using compromised credentials, however MANDIANT has assisted companies with as few as 10 compromised systems and some with over 150. The most commonly-used credentials used have domain administrator privileges.

Install Various Utilities

The APT intruders use utility programs to perform
common system administration tasks [including tools to install] backdoors, dump passwords, obtain e-mail from servers, list running processes, and many other tasks. These utilities are often found on systems that do not contain backdoors. Therefore, we can conclude that the attackers install their utilities by using valid credentials.

Privilege Escalation / Lateral Movement / Data Exfiltration

Once a secure foothold is established, the APT exfiltrate data such as e-mails and attachments, or files residing on user workstations or project file servers. In most cases, the exfiltrated information is compressed using of an archival utility such as password-protected RAR or Microsoft Cabinet File. The data is exfiltrated from the compromised network to a server within the APT’s command and control infrastructure...
  • The use of “staging servers” to aggregate the data they intend to steal.
  • Encryption and compression of the data they steal.
  • Deleting the compressed files they exfiltrated from the “staging server”.
The staging servers are usually identified when a compression utility, such as RAR, is found on the system...

Maintain Persistence

The APT intruders will respond to remediation efforts in order to maintain access to victim networks. As they detect remediation, they will attempt to establish additional footholds and improve the sophistication of their malware.

Trend: The APT Has Become More Sophisticated at Hiding in Normal Network & Host Traffic

APT attackers are becoming more sophisticated in the way they hide command and control protocols in normal network traffic. While some APT traffic is fairly easy to identify, the use of more common user agent strings and better HTTP request headers makes it harder for an untrained eye to detect malicious activity.

The APT is starting to use more randomly-generated information within various protocols to make it harder for a static signature to be developed. Several backdoors use random information within HTTP GET and POST requests that do not match an identifiable pattern; however, the GET and POST headers remain HTTP compliant, so many proxy servers will assume the traffic is legitimate. Thus, detecting malicious activity requires additional knowledge about the network protocol. Advanced regular expressions can sometimes detect the malicious traffic; however, attackers using more than one encryption algorithm effectively scramble the encrypted C2 streams, which makes detection harder.

The APT is also using website domain names and SSL certificates that appear legitimate at first glance. For example, the attackers have spoofed Microsoft, Yahoo! and AOL SSL certificates. They also use backdoors that appear to request a Microsoft Update web page. The attackers are also using a form of HTML comments identified as “ADSPACE” comments. With these comments, encoded commands to the malware are stored after what appears to be a comment for legitimate “adspace” revenue generators. Attackers also use .gif image header information to mask C2 activity as a legitimate file transfer.

Lastly, the APT uses backdoors that communicate over distinct chat protocols. The implant first establishes a connection to the chat service providers, and the attacker then logs into the session and connects. These full-featured backdoors offer the attackers command shells and file transfers to and from the infected machine. It is much more difficult to detect this kind of activity, because the legitimate chat services form a buffer between the victim network and the attacker’s
command and control infrastructure.

APT Malware Trends and Statistics

MANDIANT has identified, collected and analyzed hundreds of unique APT malware samples. A recurring theme is the APT recognizes that being an anomaly in the network leads to detection.

Standard security tools usually do not detect APT malware. When MANDIANT discovers new APT malware, we scan it with the anti-virus and antimalware programs that most organizations use. Of the samples we discovered and examined, only 24% of all the APT malware was detected by security software.

The APT malware “hides in plain sight”. It avoids detection by using common network ports, process injection and Windows service persistence. Every piece of APT malware initiated only outbound network connections. No sample listened for inbound connections. So, unless an enterprise network is specifically monitoring outbound network traffic for APT-related anomalies, it will not identify the APT malware beaconing attempts.

The encryption is not always SSL. We also found encrypted commands sent in cleartext HTML web pages.

Most APT malware is not packed, because packing is relatively easily detected. APT malware that is packed is often more advanced and may contain optimizations or routines that appear to be written directly in assembly language instead of a higher-level programming language. APT attackers that use packed malware are usually more advanced in their skills. They are typically found in more critical targets, such as those with access to more sensitive information.

Because APT malware is difficult to detect, simple malware signatures such as MD5 hashes, filenames, and traditional anti-virus methods usually yield a low rate of true positives. APT malware shares similar characteristics, and profiling APT malware from multiple victims provides the best chance of positive identification.

Trend: Complex Indicators ARE more Likely to Detect Unknown APT-Related Activity


Detecting the APT is incredibly difficult and many organizations are not prepared to effectively identify that they have been compromised. In most cases, initial notification of an APT intrusion originated from a third-party, primarily law enforcement. The primary reason organizations fail to identify the APT is that most of their security devices examine inbound traffic at the perimeter. Most organizations rely solely on antivirus solutions to provide host-based monitoring. In
addition, implementing the ability to monitor internal to internal communications on a network is costly and challenging. In both instances, being able to respond quickly and to deploy APT indicators is difficult, as organizations’ security arsenals are not configured to monitor using this methodology.

Host- and network-based signatures used to detect malicious activity have previously consisted of data like MD5, file size, file name, and service name, etc. Although useful, the lifespan of these type of signatures is often short because attackers can routinely modify their malware to avoid detection. Although those signatures will periodically work to identify attacker activity, MANDIANT has found greater success in adapting specific signatures into what are known as Indicators of Compromise (“IOC” or “indicators”)...

Case Studies


...During 2009, MANDIANT witnessed the APT targeting multiple local, state and federal government entities whose commonality was their access to information related to terrorism. These attacks increased concerns regarding the type of information sought by the APT. One event involved a spear phishing e-mail containing a malicious file sent to multiple individuals from a fictitious account of an executive. A second event involved an attacker who conducted network exploitation that revealed passwords of user accounts with administrator privileges, networked critical assets and network topology. A third event involved data exfiltration of e-mails and attachments containing terrorism-related information.

When collectively viewed, these incidents clearly indicate an effort to satisfy an intelligence gap. The malicious e-mails in the first event were sent to an organization tasked with consolidating local, state and federal law enforcement agencies into a central location to foster information sharing among various levels of government. The second event involved a high-ranking counter-terrorism official whose e-mail account was targeted with pinpoint accuracy. The third event involved data belonging to a government coordinating authority that receives intelligence information from local, state and federal law enforcement. The stolen data was comprised of e-mail communications, e-mail attachments and networked file share directory file structure and file metadata.

...These events show the APT appears to have clear intelligence requirements including, among others, the suppression of internal political threats. Within each of these targeted organizations, persistence mechanisms were enabled so access to the penetrated networks remained. In these cases, the APT persisted through the use of multiple backdoors and sustained access via multiple network command and control channels.

The backdoors were protected with known and/or custom packers. This indicates that the attackers in this instance were using more advanced APT malware. The command and control channels were masked through the use of SSL, custom base64 encoding or custom layered encoding involving XOR and/or base64 combinations.

This case demonstrates that the APT assigns critical targets to the most advanced APT groups using the most sophisticated malware and command and control communication methods. The degree to which the attackers protect their malware rendered traditional perimeter defense techniques nearly ineffective.

Detection is challenging, but possible, with the right team armed with robust APT indicators. The need for a scalable, enterprise, host-based scanning capability and sophisticated indicators looking for components of APT malware is critical to the success of identifying and defending against the APT.

Significant Findings


In the preceding case studies, the attackers used the custom base64 encoding algorithm that was previously observed by MANDIANT at other commercial organizations and defense contractors. In some cases, the attacker used the additional security of encrypting the traffic with Secure Socket Layer (SSL) communications.

This allowed the attacker to better blend in with legitimate network traffic. It also demonstrates that the attackers are constantly upgrading their tools. Based on the tactics observed, MANDIANT believes the attackers use the least secure tool for the job and upgrade only when necessary to avoid detection...

Defense Contractor

...In early 2009, a medium-sized contractor (CDC1) contacted MANDIANT to assist them in remediating an APT intrusion. The victim was provided with a list of over 100 possibly compromised systems by external sources.

The contractor attempted to remediate the attack by wiping and removing only the compromised systems. They brought MANDIANT in to confirm they had successfully removed the compromise from their network.

After a two-day investigation using APT indicators, volatile data analysis and traditional forensics, MANDIANT identified an additional 20 compromised workstations and servers. During the investigation, MANDIANT determined the APT initially gained access to the cleared defense contractor as far back as early 2007. Command and control malware placed throughout the enterprise was identified as having been installed between 2007 and 2009. MANDIANT also identified that additional spear phishing campaigns were conducted between 2007 and 2009.

MANDIANT identified multiple pieces of APT malware that appeared to fit into at least two distinct categories of APT activity. The command and control communications
included:
  • C2 instructions contained in base64 encoded comments on webpages.
  • Multiple web-based protocols that appeared to blend in with normal web-based traffic.
  • Two custom encryption protocols.
  • SSL.
Over time, it became obvious that the attackers continued to upgrade backdoors that were currently in place. In one instance they installed an implant that used a custom encryption algorithm. In a second instance they leveraged the same functionality and incorporated the same exact command set, but enabled more secure communications using SSL. A third capability leveraged the use of a custom backdoor that took advantage of a chat application programming interface (API) to conduct command and control activity. The use of chat sessions allowed the attacker to take advantage of the API while also providing secure log-on and communication capability.

There were several decisions made by the organization that ultimately hindered their ability to fully remediate the situation. To date, due to the rolling remediation, additional assessments continue to identify new systems compromised by the APT. First, the organization decided to immediately disconnect any compromised system.

The problem with immediately removing compromised systems from the network is that it typically alerts the attacker and lets them know an infected system has been identified. This forces the attacker to shift tactics and use a compromised system that may likely be unknown to the victim organization. The attacker will then likely use different malicious software to communicate with the victim network. This makes it very difficult for the security team to investigate and respond to the latest activity when that activity may be new and unknown...

Defense Contractor

In 2009, a large contractor (CDC2) contacted MANDIANT to perform a threat assessment. The objective of the assessment was to determine the extent of APT activity on their corporate network. The contractor contacted MANDIANT because they knew there were problems, but had no way of identifying the scope of the ongoing compromise. MANDIANT deployed MANDIANT Intelligent Response™ (MIR) to sweep the enterprise network of 50,000+ systems.

Additionally, MANDIANT deployed a set of known network-based indicators. Within 24 hours, we identified more than 10 compromised systems. Within days, MANDIANT used deployed indicators to locate a previously known APT backdoor. Network forensics performed on the captured network traffic indicated backdoors were dormant for various periods of time. By reverse engineering the malware, MANDIANT identified that the implants were configured to sleep for anywhere from a few weeks to a few months, with one implant configured to sleep for over a year. This is a clear example of how patient the APT attackers are and indicates the length of time they strategically invest in a victim network.

...MANDIANT identified additional backdoors that contained the ability to communicate via UDP and TCP network protocols. The malware also contained features that allowed it to operate in an environment where various proxies exist. The implant had the ability to “sniff” network traffic for packets containing “Proxy-authentication” headers. Once identified, the backdoor dynamically generated proxy credentials that allowed the backdoor to successfully communicate with its APT operators.

A second type of APT activity revealed that the attackers used modified base64 encoded commands within comments on a legitimate web page. Through the encoded commands, the compromised system downloaded a total of seven malicious files, including two additional backdoors and the RAR archiving program...

...One unique capability of the additional two backdoors was the ability to self-destruct. If the backdoors could not reach their intended destination, they would remove themselves from the system. The backdoors did not leave any additional backdoors or any traceable system modifications. As a result, the malicious files were more difficult to detect.

A third set of APT activity discovered three versions of malware with version information embedded within an encrypted Windows registry key. MANDIANT identified version revisions and was able to clearly identify additional features bundled with each subsequent version. These features included command and control channels over HTTP that subverted network proxy through supplying valid network credentials...

...A fourth set of masked web traffic was discovered during APT sweeps. When the backdoor beaconed to the attacker’s external command and control server, the HTTP request seemingly requested a web page associated with Microsoft Update; however, the APT’s server was not a legitimate Microsoft Update server. The APT’s software on the server interprets the inbound request for the Microsoft Update page and translates the requests into commands. None of the web pages legitimately existed on the APT server.

There are three types of requests that the command and control server would initiate:
  • Command request beacons: One web page request represented command request beacons from compromised systems.
  • Initial connection requests: Another request represented the initial connection from the APT’s command and control server to the compromised system, indicating the APT was active on the server.
  • This returned various host-based information from the compromised system to the command and control server.
  • Command initiation: The last request passed commands from the APT’s command and control server to the compromised system. Depending on the request, the contents may or may not contain encrypted data with a custom encoded key.
This type of command and control traffic has been detected through the validation of legitimate traffic, such as checking for Microsoft Update activity against known Microsoft net blocks, to check for oddities...

This is only an excerpt of the report. For complete details visit the MANDIANT website.

It's not an option to pretend the threat doesn't exist.


Reference: "MANDIANT M-Trends - The Advanced Persistent Threat", 2010. 1st Edition. MANDIANT Corporation.

Larwyn's Linx: I Was a Teenage President

Have a great link you'd like me to review? Drop me an email. You can also install a Larwyn's Linx blog widget.

Nation

House GOP Responds to Summit Invite: Corner
College Doesn't Make Kids Smarter, Just More Liberal: MereRhet
The New States' Rights Movement: AT

The Life and Times of John Murtha: PJM
Don't Ask, Don't Tell, Don't Change: Wolf
Democrats, Meet Your Biggest Nightmare: AT

I Was a Teenage President: AT
Why Fear Big Government?: Hanson
How Many Harvard Think Tanks Does It Take...: Commentary

Ben Nelson to oppose radical SEIU appointee?: Malkin
Health Care Rationing Bill Gets Nuke from Orbit: Red State
Ten Rules for GOP Radicals: Hawkins

Economy

Why Unions are Deadly in Education: RWN
Snow Closes US Senate, Saves Taxpayers $80 Billion: GWP
How the Parties Really Differ on Health Care: RWN

Our Schools Need More Money?: RWN
MI: 'Union leaders are ready to interview candidates' for Governor: BlogProf
China's Debt Bomb: Post

Paul Ryan's Freaky-Good Plan for Making America Solvent, Forever: Ace

Climate & Energy

Penn State Whitewashes ClimateGate Fraudster: Moonbattery
NOAA Global Warming Announcement Cancelled due to Blizzard: Maggie
Baghdad Bob Joins NOAA: Surber

“Green police” ad: good marketing for Audi?: Hot Air

Media

Magazine Circulation Craters, Experts Baffled: JWF
Sarah Palin's Breasts and Andrew Sullivan: JRubin
Leonard Pitts Jr Likens Obama Gesture To One Made By God!: BlogProf

Great: Huffpo Blogger Wants Sharia, Is Official Representative of Somalian Taliban (and Works for CAIR): Jawa
How’s That Media Bias Working Out For You?: Driscoll
10-year olds are sexual beings?: Brutally Honest

Yes, Really. Marvel Comics and Captain America Says Tea Parties Are Dangerous and Racist: RWN
What else was written on Sarah Palin's hand?: Powers
Far Left Crank Andrea Mitchell Mocks Sarah Palin – Writes Notes on Her Hand: GWP

Red Eye Celebrates Third Year By Topping CNN Prime Time Last Week: Mediaite

World

Sarah Palin Endorses 'Bomb Iran': Corner
Iran's Influence on Iraq Continues Growing: PJM
Iran starts uranium enrichment: Maktoob

Ayatollah: Iran's military will 'punch' West: Times
Europe: Khat smuggling finances al-Shabaab: IIE
Schoolgirls on violent rampage in Mecca after cell phones confiscated: Maktoob

SciTech

Researcher reveals how IE flaw can turn your PC into a public file server: Network World
Report Details Hacks Targeting Google, Others: Wired

Cornucopia

All American Boy Under Duress: TNOYF
A Little Tension Reliever from Scotland: FoxTeeth


Monday, February 08, 2010

Did Democrat Open Border Policies Touch Off the Mortgage Meltdown?

Last year the Norfolk Crime Examiner featured a startling interview with a mortgage contractor who "personally audited thousands of sub prime loans."

"Over 50% of the subprimes were for cash-out refi’s. Regardless of the loan criteria used to pull random samplings for audits, the majority of the last names were Hispanic. The loans I audited were primarily in CA, NV, AZ, FL, CO, compare those to the states with the highest number of foreclosures [and] illegal aliens."

Are these figures plausible? Most assuredly. A June 2007 MarketWatch article confirmed that "...[m]ore than half of subprime loans are actually cash-out refinance loans... we see subprime offers all-over the place: 'consolidate your debts' or 'tap you home's equity,' the ads read. As Lee puts it, why not pay off credit cards with 18% annual interest rates with a 9% loan?"

The auditor continued, "One borrower stole the [social security number] of a retiree and took out $3.5 million in loans, turned around and did cash-out refi’s, then fled the country. The retiree was left with ruined credit, $3.5 million in loans and trouble with the IRS."

Interestingly, cash-out refi's hit a 16-year high in late 2006.

Because subprime cash-out refi's were known to have higher default rates well before this, a reckoning could have been predicted by regulators.

"During the bailout, I called my Congressman and other leadership including Barney Frank and asked if there was a provision within the Bill that prohibited illegal aliens from being bailed out…..the answer was no. I asked if there was a provision in the Bill that helped homeowners that did not take out subprimes but are faced with losing their home due to the negative impact of subprimes and was told... no. So in other words, those that committed crimes to obtain the loans will get a helping hand to bail them out, compliments of the US [t]axpayer!"

"Of course, we all know that, on October 26, 2001, President Bush signed the USA Patriot Act. However, I would wager to say that almost no one knows that contained in section 326(b) of the USA Patriot Act is a provision that allows US banks to accept Mexican Matricula Consular cards (MCCs) as a valid form of ID for opening bank accounts."

"It should be noted that while... Congress ordered American banks to recognize these Mexican-issued cards, there is not one Mexican bank which accepts their own government’s Matricula Consular card as a valid form of ID, because the bearer’s identity is basically untraceable."

In fact, members of the House Judiciary Committee confirm that Mexican banks do not accept Matricula Consular cards as valid identification.

In 2004, a Congressional effort to limit the use of MCCs was defeated by a consortium of financial institutions, immigrants’ rights groups, consumer groups, and many others. These organizations had formed a loose coalition to defeat, again, limitations on the use of consular ID cards by banks, credit unions, thrifts and other financial institutions.

By a vote of 222 to 177, the House passed a bipartisan amendment (HA 754), introduced by Representatives Barney Frank (D-MA), Pastor (D-AZ), Hinojosa (D-TX), Oxley (R-OH) and Kolbe (R-AZ). It prohibited the Treasury Dept. from implementing regulations regarding the acceptance of FCCs by financial institutions.

But prior to that hearing, the FBI was adamantly opposed to the use of MCCs as valid identification. Assistant Director Steve McCraw's testimony before Congress in 2003 was blunt: "...consular ID cards are primarily being utilized by illegal aliens in the United States. Foreign nationals who are present in the U.S. legally have the ability to use various alternative forms of identification -- most notably a passport -- for the purposes of opening bank accounts..."

The FBI identified a variety of problems with MCCs:

* There was no centralized database of MCCs
* There were no interconnected, local databases of MCCs and, therefore, no way to authenticate the validity of a card
* MCCs could be obtained with little -- and sometimes -- no documentation whatsoever
* MCCs were easily forged (90% in circulation had no security features at all)

In 2003, Gabriel Manjarrez, Senior Vice President and Hispanic Marketing Executive of Bank of America testified before the House Subcommittee on Financial Institutions and Consumer Credit. He explained, "...The first program I want to discuss is our initiative to accept the use of the Mexican consulate ID, the Matricula Consular. We developed this initiative [in 2001] because we wanted to make it easier for Mexican citizens living in the USA to have access to banking services from Bank of America... Today, every single Bank of America banking center recognizes the Matricula Consular as a valid form of identification."

At least a dozen U.S. banks and mortgage insurers offered home loan programs targeted at illegal aliens.

And anecodotal evidence would appear to confirm alarming abuse of the system; the infamous $720,000 mortgage to two pairs of illegal immigrants with a combined annual income of less than $50,000 comes to mind.

Consider the findings of the auditor: "Over 50% of the sub primes were for cash-out refi’s. Regardless of the loan criteria used to pull random samplings for audits, the majority of the last names were Hispanic. The loans I audited were primarily in CA, NV, AZ, FL, CO, compare those to the states with the highest number of foreclosures & illegal aliens."

* * * * * * * * *

Now that we -- the taxpayers -- have ownership stakes in most of the large banks, I have three very simple questions for the new stewards of the banks -- our Congress:

What's the total percentage of subprime loans that have defaulted?
What's the total percentage of subprime loans that used a Matricular Consular card as the primary ID that have defaulted?
And how is it that Barney Frank -- who appears to be at the intersection of every legislative and regulatory failing of the mortgage system -- isn't being investigated by every agency in the country?

The answers to these questions would appear to be critical to the avoidance of a future catastrophe. I would recommend that you contact your own banker and your fine, upstanding representatives in Congress.


Hat tip: Steve Sailer.

Talk to the Hand

The new posters are here.



Bill Ayers Publishes His First Children's Book

Well, if he did, it would probably look something like this.

Nail bombs are nothing new for this despicable loon.


Best of the Steven Seagal Movie Titles

Another classic Ace of Spades thread, circa 1988. Or thereabouts. The contest: come up with the best Steven Seagal Movie Title. My favorites?

Steven Seagal is... Mounting Keith Olbermann

Steven Seagal is... Straining the Girdle

Steven Seagal is... Eating for Two

Steven Seagal is... Rightsizing His Fame

Steven Seagal is... Pinching a Loaf

Steven Seagal is... Getting Real Pissed

Steven Seagal is... On the Rag

Steven Seagal is... Hiding The Gerbil

Steven Seagal is... Shocking the Monkey

Steven Seagal is... Up 'Till Eleven

Steven Seagal is... Driving His Sentra

Steven Seagal is... Pretending He's Twins

Steven Seagal is... Killing For Peace

Steven Seagal is... Shaving my Pooter

Steven Seagal is... Porky Le Bang-Bang

Steven Seagal is... Coding in FORTRAN

Steven Seagal is... Throatwobbler Mangrove

Steven Seagal is... Munching on Frito's

Steven Seagal is... Fighting the Sun

Steven Seagal is... In Time Out

Steven Seagal is... The Ponytail Identity
Steven Seagal is... Against All Ponytails
Steven Seagal is... Fistful Of Ponytails
Steven Seagal is... Ponytail Of Desire
Steven Seagal is... Paths Of Ponytails
Steven Seagal is... The Ponytail Mutiny
Steven Seagal is... Full Metal Ponytail

Steven Seagal is... Not full Yet
Steven Seagal is... Back For Thirds

Steven Seagal is... Easier to Kill

Steven Seagal is... Pirating Pay Cable
Steven Seagal is... Licking Green Stamps
Steven Seagal is... Sniffing Gas Tanks

Steven Seagal is... Doing 63 in a 55
Steven Seagal is... Sweatin' To Oldies
Steven Seagal is... On Hold With His Agent

Steven Seagal is... Out of quarters

Steven Seagal is... Silent But Deadly

Steven Seagal is... Priced To Move

Steven Seagal is... Rubbing One Out

Steven Seagal is... Breaking A Hip

Steven Seagal is... Learning to Run

Steven Seagal is... Hard to Clothe

I got nothin' left.

Later:

Steven Seagal is... Out of Breath

Steven Seagal is... Scheduling a Colonoscopy

Steven Seagal is... Where Mullets Dare
Steven Seagal is... Valley of the Mullets
Steven Seagal is... Raging Mullet
Steven Seagal is... David Mulletfield
Steven Seagal is... The Mulletfather
Steven Seagal is... One Flew Over the Mullet's Nest
Steven Seagal is... Cool Hand Mullet


New Car for Women Defies Even the Most Persistent Thief

Bernie sent this one in:

Renault and Ford are working on a jointly produced vehicle targeted at women.

It merges the Clio and Taurus platforms and reportedly will be branded as the Cliotaurus.

According to a press release, the typical thief will be unable to find the vehicle, even if someone tells him exactly where it is.

Hey, don't blame me, I'm just the messenger. Can I at least get a rimshot?

Exclusive: Joe Biden caught using notes scrawled on his hand

Our eagle-eyed cub reporter Biff Spackle spotted this intriguing image from the 2009 inauguration ceremony. Note soon-to-be Veep Joe Biden's upraised palm.

A closeup reveals the shocking notes:

That Joe Biden --- always cracking us up!


John Murtha passes away; traffic jam outside Johnstown PA results as residents flee his massive NDIC boondoggle

Rep. John Murtha, Democrat of Pennsylvania, passed away today at age 77. Our condolences go out to his family.

Democrats wasted no time in using Murtha's death to push for government-run health care.

Murtha was famous, or infamous depending upon how you look at things, for earmarks. Possibly his most noteworthy legacy is the National Drug Interdiction Center, or NDIC. Situated 140 miles away from Washington DC in a small Pennsylvania town, the NDIC is considered by experts to be a complete waste of money as it is entirely redundant with real drug and law enforcement agencies.

...the center has survived largely due to unflagging support from Murtha, the Johnstown Democrat who brought NDIC to his district in the early 1990s...


Residents flee Johnstown, PA, home of the troubled NDIC, after the town received word of the passing of Rep. John Murtha.
“This expensive facility duplicates programs already operating in multiple other agencies, including the FBI and the Department of Justice,” U.S. Rep. Mike Rogers, R-Michigan, said in a statement... “Such misuse of resources is unacceptable and extremely dangerous.”

...It is the third consecutive year that Murtha has had to lobby for NDIC money after President Bush proposed closing the Johnstown facility.

Other troubles have dogged the center... In June 2004, NDIC Director Michael Horn was ousted after a Justice Department probe... Employees had complained of poor management, low morale, gender bias and wasteful spending.

And in May 2005, U.S. News & World Report published a scathing investigative article that said NDIC was “troubled from the start” and had an unclear mission.

One official called the center a “jobs program that Mr. Murtha wanted.”

As recently as last year, Murtha had shoved a $44,000,000 appropriation for the NDIC through Congress.

But it's not like there's a financial crisis going on or anything.