18.8 C
London
Sunday, August 20, 2017
Home Tags Ecuador

Tag: Ecuador

As part of this report, we analyze the collected data in our quest for the answer to the question of what interests the current generation of children online.
"My client is shocked," accuser's attorney says.
WikiLeaks said that its founder Julian Assange is confident of winning ‘any fair trial’ in the U.S. and indicated that the founder of the whistleblowing website would stand by all the promises he had made in return for clemency to Chelsea Manning, the former U.S. soldier who disclosed classified data relating to the Iraq War to the site. On Tuesday, Manning’s prison sentence was commuted by U.S. President Barack Obama raising questions whether Assange would keep his part of a deal he proposed online, and agree to extradition to the U.S. WikiLeaks has recently also been a thorn in the side of the Democrats in the U.S. by releasing embarrassing emails leaked from the Democratic National Committee that showed that the organization had favored candidate Hillary Clinton over her rival Senator Bernie Sanders for the party nomination for the presidential elections.
It also published mails from the account of John Podesta, chairman of Clinton’s campaign. U.S. government officials including from the Department of Homeland Security and the Office of the Director of National Intelligence have pointed a finger to Russia for orchestrating the leaks, though WikiLeaks has said it does not collaborate with states in the publication of documents. Last week, WikiLeaks had tweeted that if “Obama grants Manning clemency Assange will agree to US extradition despite clear unconstitutionality of DoJ case.” On Tuesday, WikiLeaks tweeted that Assange was confident of winning any fair trial in the US. “Obama’s DoJ prevented public interest defense & fair jury,” it added.

The new administration of President-elect Donald Trump takes charge on Friday. WikiLeaks also quoted Assange’s counsel Melinda Taylor as saying that Assange is standing by everything that he has said on the “Assange-Manning extradition ‘deal’.” Assange is holed in the embassy in London of the government of Ecuador as U.K. police say they will arrest him if he comes out, to meet an extradition request from Sweden where he is wanted for questioning in a sexual assault investigation. His supporters have expressed concern that if he he is sent to Sweden he could be extradited from there to the U.S. to face espionage charges. A wrinkle is that WikiLeaks claims it does not know of an extradition request sent by the U.S.
In a tweet on Tuesday, Taylor wrote that “US authories consistently affirmed is ongoing national security prosecution against him, but refused 2 affirm/deny sent extradition request.” She added that the U.K. also refuses “to affirm or deny that they have received an extradition request -not the same thing as there being no extradition request.”  Government officials in both countries could not be immediately reached for comment after business hours. In a letter to Loretta E. Lynch, U.S.

Attorney General, Assange’s lawyer in the U.S., Barry J. Pollack, wrote in August that although the Department of Justice had publicly confirmed through court documents and statements to the press that it was conducting an on-going criminal investigation of Assange, the department did not provide him substantive information on the status of the investigation.

The letter was published online by WikiLeaks. The pending investigation into Assange, mentions of which are said to have been made in court documents in the Manning case, is plainly based on his news gathering and reporting activities, Pollack wrote.
Its intention was not to aid U.S. enemies or obstruct justice but to inform people about “matters of great public interest,” he added. In a statement on Obama’s decision to commute Manning’s sentence, Assange said that “in order for democracy and the rule of law to thrive, the Government should immediately end its war on whistleblowers and publishers” such as WikiLeaks and himself.

The statement did not refer to his promise to face extradition to the U.S. “Mr.

Assange should not be the target of any criminal investigation.
I would welcome the opportunity to discuss with the DOJ the status of its investigation, any request it wants to make for extradition, and its basis for such a request,” Pollack wrote in an email late Tuesday.
Ecuador's embassy in the U.K. says it alone was responsible for cutting WikiLeak's founder Julian Assange's internet connection, stating that the country doesn't want to interfere with the U.S. elections. "The government of Ecuador respects the principle of non-intervention in the affairs of other countries," it said in a Tuesday statement. "It does not interfere in external electoral processes or support a particular candidate." As result, the government has temporarily cut access to some private communications at the embassy, where Assange has resided for four years. Earlier on Tuesday, WikiLeaks blamed U.S. Secretary of State John Kerry for asking Ecuador to cut Assange's internet access, which was shut down on Saturday. The State Dept. said that didn't happen. "That’s just not true. He didn’t raise that." said spokesman Mark Toner. "We weren’t involved in this. We had no involvement in any way, shape, or form in trying to shut down Mr. Assange’s access to the internet." In its Tuesday statement, the Ecuadorian government indicated it was a unilateral decision, saying it does not yield to pressure from foreign states. It pointed out that while Assange has no internet access, Wikileaks hasn't been restricted from carrying out its journalism. Assange had previously vowed to release stolen emails from a Hillary Clinton aide, which might hurt her presidential election chances. WikiLeaks has already released thousands of those documents and continues to do so. The U.S. government, however, suspects that WikiLeaks is helping Russian government hackers to influence the outcome of the presidential election. Earlier this month, U.S. intelligence agencies publicly pointed a finger at Russia for hacking U.S. officials and political groups, and then publishing the stolen documents through sites such as WikiLeaks. WikiLeaks hasn't named its sources, but Assange has denied trying to sabotage Clinton's campaign. The site is fighting off speculation that he is a Russian spy and also recruiting an army of internet users to defend itself from critics. 
Enlarge / WikiLeaks founder Julian Assange comes out on the balcony of the Ecuadorian embassy to address the media in central London on February 5, 2016.Ben Stansall/AFP via Getty Images reader comments 11 Share this story Ecuador, the nation that ...
Enlarge / WikiLeaks founder Julian Assange prepares to speak from the balcony of the Ecuadorian embassy on February 5, 2016 in London, England.

Today, he can't get online.Photo by Carl Court/Getty Images reader comments 83 Share this story WikiLeaks announced via its Twitter account this morning that WikiLeaks founder Julian Assange's Internet connection had been cut off, blaming a "state party" for the outage.

Assange, who has been ensconced in the Ecuadorian embassy in London since he sought asylum there over four years ago to avoid extradition, has been "detained in absentia" by the Swedish government for questioning on allegations of rape. Other lesser allegations have been dropped because they have passed the time allowed by Sweden's statute of limitations. The announcement comes after the postponement of an interview of Assange by Swedish authorities at the Ecuadorian embassy by Ecuador's Attorney General's office.

The interview, which was to take place today, was pushed back by Ecuador until November 17 "to make it possible for Assange's lawyer to attend." WikiLeaks also announced that it had "activated the appropriate contingency plans" in response to the communication outage.

That plan may be related to other posts made from the WikiLeaks account overnight referring to three "precommitments"—one regarding the UK's Foreign & Commonwealth Office (UK FOS), one labeled "John Kerry," and one labeled "Ecuador." The posts included long alphanumeric strings that may have been encryption keys for files already prepositioned on the Internet. "Precommitment" is a term often associated with the concept of a "dead man's switch"—an automated response to an attack that would otherwise leave the target unable to respond, usually intended as a deterrent. It's possible that Assange made arrangements for a "dead man's switch" release of content about the UK Foreign Office, Ecuador and Secretary of State John Kerry that were intended to prevent them from taking action against him at the embassy.
If the code associated with the three "precommitments" are in fact cryptographic keys, then that "dead man's switch" has been activated by Wikileaks. In addition to the recent leaks of e-mails from the Gmail account of John Podesta, a high-ranking official within Hillary Clinton's presidential campaign, and the publishing of files obtained from the Democratic National Committee breach, WikiLeaks has issued "bounties" for leaks from the UK's Labour Party leadership.

Both leaks have been alleged by US officials to have been executed at the direction of the Russian government. Enlarge / "Precommitment" posts from WikiLeaks. Coincidentally, the Russian government-funded news organization RT, operated by TV-Novosti, published a report that RT's accounts in the United Kingdom had been "blocked." That report included a redacted image of a letter from Royal Bank of Scotland unit NatWest stating, "We have recently undertaken a review of your banking arrangements with us and reached the conclusion that we will no longer provide these facilities. You will therefore need to make banking arrangements outside of the The Royal Bank if Scotland Group." The letter said that accounts would be shut down by December. RT has broadcast a show by Assange in the past and has faced sanctions for violation of UK and European broadcast standards, particularly for its coverage of the shoot-down of Malaysia Airlines flight MH17. Ars will update this story as more details become available.
 Download the full report (PDF) Spam: quarterly highlights The year of ransomware in spam Although the second quarter of 2016 has only just finished, it’s safe to say that this is already the year of ransomware Trojans.

By the end of Q2 there was still a large number of emails with malicious attachments, most of which download ransomware in one way or other to a victim’s computer. However, in the period between 1 June and 21 June the proportion of these emails decreased dramatically. The majority of malicious attachments were distributed in ZIP archives.

The decline can therefore be clearly seen in the following graph showing spam with ZIP attachments that arrived in our traps: Number of emails with malicious ZIP archives, Q2 2016 In addition to the decline, June saw another interesting feature: this sort of spam was not sent out on Saturdays or Sundays. The same situation could be observed in KSN: the number of email antivirus detections dropped sharply on 1 June and grew on 22 June. Number of email antivirus detections by day, Q2 2016 This decline was caused by a temporary lull in activity by the Necurs botnet, which is mostly used to distribute this type of malicious spam.

After the botnet resumed its activity, the spam email template changed, and the malicious attachments became even more sophisticated. As in the previous quarter, the spam messages were mainly notifications about bills, invoices or price lists that were supposedly attached to the email.

The attachments actually contained a Trojan downloader written in Javascript, and in most cases the malware loaded the Locky encryptor. For example, some emails (see the screenshot above) contained an attachment with a Trojan downloader. When run, it downloaded Trojan-Ransom.Win32.Locky.agn, which encrypts the data on a victim’s computer and demands a ransom, to be paid in bitcoin. Obfuscation The second quarter saw spammers continue to mask links using various Unicode ranges designed for specific purposes.

This tactic became especially popular in 2015, and is still widely used by spammers. The link in this example looks like this: If you transfer the domain from UTF-8 into the more familiar HTML, it becomes .

The characters, which look quite ordinary, in fact belong to the Mathematical Alphanumeric Symbols UTF range used in highly specific mathematical formulas, and are not intended for use in plain text or hyperlinks.

The dot in the domain is also unusual: it is the fullwidth full stop used in hieroglyphic languages.

The rest of the hyperlink, as well as the rest of the text in these spam messages, is written using the Latin alphabet. Spam in APT attacks In Q2, we came across a number of APT attacks in the corporate sector.

Emails were made to look as if they came from representatives of the targeted company, and contained a request to immediately transfer money to a specific account.

The text was fairly plausible and hinted at a personal acquaintance and previous communication.
In some cases, the emails included the logo of the attacked company.

All the messages conveyed a sense of urgency (“ASAP”, “urgent”, “must be completed today”) – scammers often use this trick in an attempt to catch people off guard, so that they act rather than think. Below is an example: Hello NNNNN, How are you doing! Are you available at the office? I need you to process an overdue payment that needs to be paid today. Thanks, XXXXX The emails were sent selectively – to individual employees, usually connected to the finance department.

The knowledge shown by the scammers suggests the attack was carefully prepared. The most suspicious aspect of the attack was the domain used in the ‘From’ field – myfirm.moby – that differed from the corporate one. Perhaps the attackers hope that some email clients only show the sender’s name by default, while concealing the address. It is not that difficult to write any domain in the ‘From’ field, and in the future we can expect more well-prepared attacks. Sporting events in spam Spam mailings exploiting real-life events have long become an integral part of junk email.
Sporting events are not as popular among spammers as political events, although their use is increasing with every year.

There is a continuous stream of emails mentioning various political figures, while sport-related spam messages usually only appear in the run-up to an event. However, we have noticed that mass mailings can now be launched long before an event starts.

For instance, emails exploiting the Olympic Games in Brazil were discovered over a year ago, in the second quarter of 2015.

The majority of them were fraudulent emails designed to trick recipients and steal their personal information and money. The classic scenario involves false notifications about lottery wins related to 2016 Olympics.

The messages claim that the lottery was held by the official organizers of the games and the recipient was selected at random from millions of addresses.
In order to claim the cash, the recipient has to reply to the email and provide some personal information. The text of the message was often contained in an attached file (.pdf, .doc, .jpg), while the body of the message only displayed a short text prompting the recipient to open the attachment. There were also more traditional messages where the spammer text was included directly in the body of the message. In addition to fraudulent messages, advertising spam was also sent out. Unlike the Olympics, football tournaments have long been used by scammers to grab people’s attention to their spam. Q2 2016 saw the long-awaited UEFA European Championship, and in the run-up to the tournament spam traffic included fake notifications of lottery wins.

The content was no different from that dedicated to the Olympic Games, and the emails also contained attachments explaining why the message was sent. The football theme was also exploited by ‘Nigerian’ scammers.

They sent out emails supposedly on behalf of the former FIFA president, and used the infamous corruption scandal associated with his name to make their messages look more realistic.

They believed that a fabricated story about how Sepp Blatter had supposedly received money and secretly transferred it to an account in a European bank would not arouse suspicion.
In return for keeping the money in their bank accounts, the recipients were promised a 40% cut of the total sum. In order to convince recipients that the message was genuine, the authors even went to the trouble of using the correct name and domain in the ‘From’ field. US politicians in spam The presidential election campaign is now in full swing in the United States and the nominees and their entourages are under close media scrutiny. Of course, spammers couldn’t resist using the names of high-profile politicians in their advertising and fraudulent emails.

For example, numerous ‘Nigerian’ letters were sent in the name of current president Barack Obama and his wife Michelle.
In their ‘official’ emails, the ‘President’ and the ‘First lady’ assured the recipient that a bank card or a check for a very large sum of money had already been issued in their name.

The only thing the recipient had to do was complete some formalities, and the money would be delivered shortly afterwards.
In order to get the instructions from the White House the recipient had to send some personal information, including their email address and the password for their email account, as well as detailed passport information to spoofed email addresses. Another politician whose name regularly cropped up in spam was Donald Trump, one of the contenders for the US presidency.
Spammers offered a unique Trump technique for earning money online: anyone who wanted to know how to get rich, had to click a link in the emails which were designed to look like news reports from CNN and Fox News. The links led to fake news sites also in the style of major media outlets and news networks.

The sites contained a story about a simple method for earning money – the publication of links, which is basically another kind of spam distribution.
In order to participate in the program, a user had to register by providing their phone number and email address. Statistics Proportion of spam in email traffic Percentage of spam in global email traffic, Q2 2016 The largest percentage of spam in the second quarter – 59.46% – was registered in May and was 3 p.p. more than in April.

The average percentage of spam in global email traffic for Q2 amounted to 57.25%. Sources of spam by country Sources of spam by country, Q2 2016 In Q2 2016, the biggest three sources of spam remained the same as in the previous quarter – the US (10.79%), Vietnam (10.10%) and India (10.01%). However, the figures for each country changed: the gap between them narrowed to within a single percentage point. China (6.52%) moved up to fourth with an increase of 1.43 p. p. compared to Q1. Mexico (4.55%) came fifth, followed by Russia (4.07%) and France (3.60%).

Brazil (3.28%), which was fourth in the previous quarter, lost 2.2 p.p. and dropped to eighth place.

Germany (2.97%) and Turkey (2.30%) completed the TOP 10. Spam email size Breakdown of spam emails by size, Q1 and Q2 2016 Traditionally, the most commonly distributed emails are very small – up to 2 KB (72.26%), although the proportion of these emails dropped by 9.6 p.p. compared to the previous quarter. Meanwhile, the share of emails sized 10-20 KB increased by 6.76 p.p.

The other categories saw minimal changes. Malicious email attachments Currently, the majority of malicious programs are detected proactively by automatic means, which makes it very difficult to gather statistics on specific malware modifications.
So we have decided to turn to the more informative statistics of the TOP 10 malware families.
TOP 10 malware families The three most popular malware families remained unchanged from the previous quarter – Trojan-Downloader.JS.Agent (10.45%), Trojan-Downloader.VBS.Agent (2.16%) and Trojan-Downloader.MSWord.Agent (1.82%). The Trojan.Win32.Bayrob family moved up to fourth place (1.68%), while the Backdoor.Win32.Androm family fell from fourth to ninth place with 0.6%. TOP 10 malware families in Q2 2016 A newcomer to this ranking was the Trojan.Win32.Inject family (0.61%).

The malicious programs from this family embed their code in the address space of other processes. The Trojan-Spy.HTML.Fraud family (0.55%) rounded off the TOP 10 in Q2 2016. Countries targeted by malicious mailshots Distribution of email antivirus verdicts by country, Q2 2016 Germany (14.69%) topped the ranking of countries targeted by malicious mailshots, although its share decreased 4.24 p.p.
It was followed by China (13.61%) whose contribution grew 4.18 p.p. Japan (6.42%) came third after ending the previous quarter in seventh with a share of 4.29%. Fourth place was occupied by Brazil (5.57%).
Italy claimed fifth with a share of 4.9% and Russia remained in sixth (4.36%). The US (4.06%) was the seventh most popular target of malicious mailshots.

Austria (2.29%) rounded off this TOP 10. Phishing In Q2 2016, the Anti-Phishing system was triggered 32,363,492 times on the computers of Kaspersky Lab users, which is 2.6 million less than the previous quarter. Overall, 8.7% of unique users of Kaspersky Lab products were attacked by phishers in Q2 of 2016. Geography of attacks The country where the largest percentage of users is affected by phishing attacks was China (20.22%).
In Q2 2016, the proportion of those attacked increased by 3.52 p.p. Geography of phishing attacks*, Q2 2015 * Number of users on whose computers the Anti-Phishing system was triggered as a percentage of the total number of Kaspersky Lab users in the country The percentage of attacked users in Brazil decreased by 2.87 p.p. and accounted for 18.63%, placing the country second in this ranking.

Algeria (14.3%) came third following a 2.92 p.p. increase in its share compared to the previous quarter. TOP 10 countries by percentage of users attacked: China 20.22% Brazil 18.63% Algeria 14.3% United Kingdom 12.95% Australia 12.77% Vietnam 11.46% Ecuador 11.14% Chile 11.08% Qatar 10.97% Maldives 10.94% Organizations under attack The statistics on phishing targets are based on detections of Kaspersky Lab’s heuristic anti-phishing component.
It is activated every time a user attempts to open a phishing page while information about it has not yet been included in Kaspersky Lab’s databases.
It does not matter how the user attempts to open the page – by clicking a link in a phishing email or in a message on a social network or, for example, as a result of malware activity.

After the security system is activated, a banner is displayed in the browser warning the user about a potential threat.
In Q2 of 2016, the share of the ‘Global Internet portals’ category (20.85%), which topped the rating in the first quarter, decreased considerably – by 7.84 p.p.

The share of the ‘Financial organizations’ category grew 2.07 p.p. and accounted for 46.23%.

This category covers ‘Banks’ (25.43%, +1.51 p.p.), ‘Payment systems’ (11.24%, -0.42 p.p.) and ‘Online stores’ (9.39%, +0.99 p.p.). Distribution of organizations affected by phishing attacks by category, Q2 2016 The share of attacks on the ‘Social networking sites’ category increased by 2.65 p.p. and reached 12.4%.

The ‘Online games’ category was also attacked more often (5.65%, + 1.96 p.p.). Meanwhile, the ‘Telephone and Internet service providers’ (4.33%) and the ‘IMS’ (1.28%) categories lost 1.17 p.p. and 2.15 p.p. respectively. Hot topics this quarter The Olympics in Brazil For a number of years now Brazil has been among the countries with the highest proportion of users targeted by phishing.
In 2015 and 2016 phishers have focused on the Rio Olympic Games in Brazil. Last quarter showed that as well as ordinary users, the potential victims of phishing included the organizers of the Olympic Games. The Olympic theme remained popular in Q2, with phishers working overtime to send out fake notifications about big cash wins in a lottery that was supposedly organized by the Brazilian government and the Olympic Committee. ‘Porn virus’ for Facebook users Facebook users are often subjected to phishing attacks.

During one attack in the second quarter, a provocative video was used as bait.

To view it, the user was directed to a fake page imitating the popular YouTube video portal, and told to install a browser extension. This extension requested rights to read all the data in the browser, potentially giving the cybercriminals access to passwords, logins, credit card details and other confidential user information.

The extension also distributed more links on Facebook that directed to itself, but which were sent using the victim’s name. Phisher tricks Compromising domains with good reputation To bypass security software filters, fraudsters try to place phishing pages on domains with good reputations.

This significantly reduces the probability of them being blocked and means potential victims are more trusting.

The phishers can strike it big if they can use a bank or a government agency domain for their purposes.
In Q2, we came across a phishing attack targeting the visitors of a popular Brazilian e-commerce site: the fake page was located on the domain of a major Indian bank.

This is not the first time fraudsters have compromised the domain of a large bank and placed their content on it. Phishing pages targeting the users of the Brazilian store americanas.com When trying to purchase goods on the fake pages of the store, the victim is asked to enter lots of personal information. When it’s time to pay, the victim is prompted to print out a receipt that now shows the logo of a Brazilian bank. The domains of state structures are hacked much more frequently by phishers.
In Q2 2016, we registered numerous cases where phishing pages were located on the domains belonging to the governments of various countries. Here are just a few of them: Phishing pages located on the domains of government authorities The probability of these links being placed on blacklists is negligible thanks to the reputation of the domain. TOP 3 organizations attacked Fraudsters continue to focus most of their attention on the most popular brands, enhancing their chances of a successful phishing attack. More than half of all detections of Kaspersky Lab’s heuristic anti-phishing component fall on phishing pages hiding behind the names of fewer than 15 companies. The TOP 3 organizations attacked most frequently by phishers accounted for 23% of all phishing links detected in Q2 2016. Organization % of detected phishing links 1 Microsoft 8.1 2 Facebook 8.03 3 Yahoo! 6.87 In Q2 2016, this TOP 3 ranking saw a few changes. Microsoft was the new leader with 8.1% (+0.61 p.p.), while Facebook (8.03%, +2.32 p.p.) came second.

The share of attacks targeting Yahoo! (6.87%) fell 1.46 p.p., leaving last quarter’s leader in third. Q2 leader Microsoft is included in the ‘Global Internet portals’ category because the user can access a variety of the company’s services from a single account.

This is what attracts the fraudsters: in the event of a successful attack, they gain access to a number of services used by the victim. Example of phishing on Live.com, a Microsoft service Conclusion In the second quarter of 2016, the proportion of spam in email traffic increased insignificantly – by 0.33 p.p. – compared to the previous quarter and accounted for 57.25%.

The US remained the biggest source of spam.

As in the previous quarter, the top three sources also included Vietnam and India. Germany was once again the country targeted most by malicious mailshots, followed closely by China. Japan, which was seventh in the previous quarter’s ranking, completed the TOP 3 in Q2. Trojan-Downloader.JS.Agent remained the most popular malware family distributed via email. Next came Trojan-Downloader.VBS.Agent and Trojan-Downloader.MSWord.Agent.

A significant amount of malicious spam was used to spread ransomware Trojans such as Locky.

For almost a month, however, cybercriminals did not distribute their malicious spam, but then the Necurs botnet began working again. We don’t expect to see any significant reduction in the volume of malicious spam in the near future, although there may be changes in email patterns, the complexity of the malware, as well as the social engineering methods used by attackers to encourage a user to launch a malicious attachment. The focus of phishing attacks shifted slightly from the ‘Global Internet portals’ to the ‘Financial organizations’ category. The theme of the Olympic Games was exploited by both phishers and spammers to make users visit fake pages with the aim of acquiring their confidential information or simply to get their money. Events in the political arena, such as the presidential election in the US, also attracted spammers, while the sites of government agencies were compromised in phishing attacks. As we can see, the overriding trend of the quarter is that of fraud and making quick money from victims using direct methods such as Trojan cryptors that force unprotected users to pay a ransom, or phishing attacks that target financial organizations, rather than long drawn-out scams.

All of this once again highlights the need for both comprehensive protection on computers and increased vigilance by Internet users.
Donald Trump’s call for "extreme vetting" of visa applications, as well as the temporary suspension of immigration from certain countries, would raise fees and add delays for anyone seeking a visa, including H-1B visas, immigration experts said. In particular, a plan by Trump, the Republican presidential candidate, to stop issuing visas -- at least temporarily -- "from some of the most dangerous and volatile regions of the world" may make it difficult for a significant number of people to get visas. Data assembled by Computerworld through a Freedom of Information Act request shows foreign workers come from all corners of the world, including "dangerous and volatile regions." Trump outlined his immigration enforcement plan in a speech Monday. In 2014, the U.S. approved more than 370,000 H-1B applications.
Some were new entries, and others were for previously approved workers who were either renewing or updating their status. Of that number, 2,234 of the H-1B visa holders were from Pakistan, a country that might appear on a Trump list.

Another 1,102 approved visa holders were from Iran.

There were 658 H-1B visa holders from Egypt, and 256 were from Syria. (Article continues below chart.) Country of Birth for H-1B Visa Holders Country Frequency INDIA 262,730 CHINA 29,936 CANADA 7,653 PHILIPPINES 6,055 KOREA, SOUTH 5,024 UNITED KINGDOM 3,822 MEXICO 3,216 TAIWAN 2,785 FRANCE 2,570 JAPAN 2,268 PAKISTAN 2,234 NEPAL 1,997 GERMANY 1,895 TURKEY 1,850 BRAZIL 1,831 ITALY 1,497 COLOMBIA 1,491 RUSSIA 1,461 VENEZUELA 1,432 SPAIN 1,329 IRAN 1,102 NIGERIA 1,015 ISRAEL 949 IRELAND 932 KOREA 813 UKRAINE 795 ARGENTINA 778 MALAYSIA 771 SINGAPORE 755 VIETNAM 695 EGYPT 658 ROMANIA 648 BANGLADESH 647 INDONESIA 637 SRI LANKA 608 PERU 583 POLAND 576 AUSTRALIA 564 GREECE 556 SOUTH AFRICA 547 HONG KONG 503 BULGARIA 477 THAILAND 476 LEBANON 462 JAMAICA 461 KENYA 437 NETHERLANDS 432 JORDAN 415 CHILE 395 SWEDEN 374 NEW ZEALAND 353 GHANA 341 TRINIDAD AND TOBAGO 333 ECUADOR 302 SYRIA 256 PORTUGAL 253 SWITZERLAND 249 BELGIUM 238 DOMINICAN REPUBLIC 231 SAUDI ARABIA 205 ZIMBABWE 205 HUNGARY 203 Spain 189 AUSTRIA 179 UNKNOWN 179 DENMARK 174 HONDURAS 171 COSTA RICA 165 UNITED ARAB EMIRATES 155 BOLIVIA 150 CZECH REPUBLIC 149 GUATEMALA 149 EL SALVADOR 147 SERBIA AND MONTENEGRO 142 KUWAIT 141 MOROCCO 138 ETHIOPIA 133 CAMEROON 126 FINLAND 125 BAHAMAS 123 MOLDOVA 111 KAZAKHSTAN 108 SLOVAK REPUBLIC 103 CROATIA 102 NORWAY 102 ARMENIA 101 UZBEKISTAN 101 PANAMA 99 URUGUAY 94 ALBANIA 88 UGANDA 88 USSR 87 Serbia 86 LIBYA 84 MONGOLIA 83 TANZANIA 83 BURMA 76 NIGER 74 LITHUANIA 70 GEORGIA 66 GRENADA 58 SENEGAL 58 BARBADOS 57 MACEDONIA 56 LATVIA 54 AZERBAIJAN 52 BOSNIA-HERZEGOVINA 51 CYPRUS 51 ST. LUCIA 51 IRAQ 50 SLOVENIA 50 BELIZE 48 ICELAND 47 ZAMBIA 47 GUYANA 45 NICARAGUA 45 PARAGUAY 45 BAHRAIN 43 TUNISIA 43 ALGERIA 42 MAURITIUS 42 DOMINICA 40 USA 39 ESTONIA 35 KYRGYZSTAN 34 HAITI 30 RWANDA 28 BURKINA FASO 26 MACAU 25 TURKMENISTAN 25 CAMBODIA 24 COTE D'IVOIRE 24 TAJIKISTAN 24 CONGO 22 ST. KITTS-NEVIS 22 SUDAN 22 MALAWI 21 OMAN 21 ST.
VINCENT/GRENADINES 21 MALI 20 ANTIGUA-BARBUDA 19 BOTSWANA 18 IVORY COAST 18 BERMUDA 17 BENIN 16 AFGHANISTAN 15 Kosovo 15 QATAR 15 LUXEMBOURG 13 MADAGASCAR 13 Montenegro 13 YEMEN-SANAA 13 TOGO 12 SIERRA LEONE 11 YUGOSLAVIA 11 GABON 10 GAMBIA 10 NORTHERN IRELAND 10 MALTA 8 NAMIBIA 8 SURINAME 8 SWAZILAND 8 BHUTAN 7 FIJI 7 FRENCH POLYNESIA 7 MOZAMBIQUE 7 BURUNDI 6 CUBA 6 GUINEA 6 LIBERIA 6 BRUNEI 5 NETHERLANDS ANTILLES 5 ARUBA 4 ERITREA 4 KIRIBATI 4 LESOTHO 4 MALDIVES 4 MAURITANIA 4 ANGOLA 3 CAPE VERDE 3 CHAD 3 DEMOCRATIC REPUBLIC OF CONGO 3 SEYCHELLES 3 UNITED STATES 3 ANGUILLA 2 LAOS 2 SOMALIA 2 ARABIAN PENINSULA 1 CAYMAN ISLANDS 1 DJIBOUTI 1 GERMANY, WEST 1 GIBRALTAR 1 GUINEA-BISSAU 1 MARTINIQUE 1 MONACO 1 REUNION 1 Samoa 1 SAO TOME AND PRINCIPE 1 ST.
VINCENT-GRENADINES 1 STATELESS 1 TONGA 1 TURKS AND CAICOS ISLANDS 1 VANUATU 1 Source: USCIS data for approved applications in fiscal year 2014 Trump's plan to admit only people "who share our values and respect our people" didn't indicate how it would be applied.
It also didn't say whether all visa holders -- visitor, H-1B and green card -- would be subject to an ideological litmus test. And what is the correct answer to such a question about American values? "If you ask people born in this country what is an American ideology, I'm not quite sure that we would come out with one answer," said Jessica Lavariega-Monforti, a professor and chair of the political science department at Pace University in New York. "The immigration system, as it currently stands, could not process additional vetting without creating backlogs and increasing wait times for applicants.

At the same time, it is unclear how these policy changes would increase safety against a terrorist attack," said Lavariega-Monforti. John Lawit, an immigration attorney in Irving, Texas, said the U.S. already has a vetting process that begins as soon as someone applies for a tourist visa.

There are different levels of threat, such as being a citizen of Syria, that trigger a much higher level of vetting, he said. "There is a huge financial commitment that must be made in terms of human resources in order to carry on such a vetting program, and a huge, huge increase in fees,” Lawit said. Requiring oaths of some kind is "a lot of posturing with very little substance," he added, and are ineffective in improving security. Lawit said he once assisted H-1B workers who were employed in non-classified jobs at the Sandia and Los Alamos National Laboratories.

The processing time for security checks could run months.

That's an example of extreme vetting, while "extraordinary detailed security investigations are conducted," he said. This story, "Trump's 'extreme' anti-terrorism vetting may be H-1B nightmare" was originally published by Computerworld.