Home Tags Miami

Tag: Miami

Miami sextortion case asks if a suspect be forced to decrypt...

Does the Fifth Amendment mean you don't have to hand over your password?

Threatpost News Wrap, April 14, 2017

Mike Mimoso, Tom Spring, and Chris Brook recap Infiltrate Con in Miami last week, and Kaspersky Lab's Security Analyst Summit in St. Maarten

The North Atlantic may get is first-ever named storm in March...

Oceans in the northern hemisphere are supposed to still be cold from the winter

Google Fiber makes expansion plans for $60 wireless gigabit service

As Google Fiber scales back fiber builds, signs point to wireless expansion.

FDA confirms toxicity of homeopathic baby products; Maker refuses to recall

The agency confirms elevated levels of belladonna, aka deadly nightshade.

Crims shut off Ukraine power in wide-ranging anniversary hacks

Phishing, denial of service, and remote exploitation part of hacking banquet Hackers of unknown origin cut power supplies in Ukraine for a second time in 12 months as part of wide-ranging attacks that hit the country in December. The attacks were revealed at the S4x17 conference in Miami in which Honeywell security researcher Marina Krotofil offered reporters some detail into the exploitation that began 16 December and raged for four days. She told Dark Reading attackers triggered an hour-long power black out at midnight 17 December by infecting the Pivnichna remote power transmission facility, knocking out remote terminal units and the connected circuit breakers. Further attacks against the State Administration of Railway Transport left Ukrainians unable to purchase rail tickets and delayed payments when the Treasury and Pension Fund was compromised. It was the second network-centric attack to knock out power supply in Ukraine.

Attackers of suspected Russian origin targeted facilities in December 2015. Those 23 December outages affected Ukraine's Prykarpattya Oblenergo and Kyivoblenergo utilities cutting power to some 80,000 customers for six hours. Last month's attacks also used the BlackEnergy and KillDisk malware. Other hacks included highly-convincing and successful phishing attacks against an unnamed Ukrainian bank, various remote exploitation, and denial of service attacks. @Marmusha talks about the recent cyber-attack in Ukraine #S4x17 pic.twitter.com/wg6IUqn3Lz — Parnian (@Parnian_7) January 10, 2017 The phishing attack on 14 July last year used the ancient trick of malicious Word document macros but wrapped it in high levels of obfuscation and anti-forensics. Information Systems Security Partners head of research Oleksii Yasynskyi, who worked on dissecting the hacks, reckoned the attackers were a mix of groups specialising in different aspects of offensive security, from infrastructure to obfuscation and payload delivery. Phishing emails numbered in the thousands. Hackers kept quiet observation for months whenever one payload was successful at breaching one of the Ukrainan assets, Krotofil told MotherBoard Yet the attackers' origin was not disclosed, if it is known; Kiev laid blame squarely on Russia for the similar 2015 utility hacking. Krotofil told Dark Reading the Ukraine's utilities may be seen as a test bed for attacks elsewhere, something she says is common with Russian hackers. Alex Mathews, security evangelist lead with Russian SCADA and industrial control system outfit Positive Technologies told El Reg says vulnerabilities in critical infrastructure are easy to find and difficult to get fixed. “It takes just two days to find a new SCADA flaw, yet almost a year to get it fixed," Mathews says. "The vulnerability of our critical infrastructure is evident. "Those charged with protecting industrial control system and SCADA networks must acknowledge that they’re exposed to cyber threats and take steps to reduce the risk." ® Bootnote While concerns the attacks are a test bed for further control system hacking in other countries, compromising such infrastructure cannot be done by cookie cutter hackers. Control systems are highly specialised with proprietary and often undocumented protocols that are not ordinarily understood outside of specialist fields. Using Ukraine as a means to hack US energy companies for example is further troubled by the variance in security controls that may exist in front of and around control systems. ® Sponsored: Flash enters the mainstream.
Visit The Register's storage hub

Hackers trigger yet another power outage in Ukraine

EnlargeYellowForester reader comments 10 Share this story For the second time in as many years, security researchers have determined that hackers have caused a power outage in Ukraine that left customers without electricity in late December, typically one of the coldest months in that country. The researchers' conclusion, reported by news outlets including Dark Reading, Motherboard, and the BBC, signals yet another troubling escalation in the hacking arena.

A December 2015 attack that caused 225,000 Ukrainians to lose electricity was the first known instance of someone using malware to generate a real-world power outage. Ukrainian officials have pinned the attack on the Russian government, a claim that's consistent with some evidence collected by private security firms. Now, researchers say a second power outage that struck Ukraine in mid-December was also the result of a computer intrusion and bears many of the same technical hallmarks as the first one.
It was part of a series of malicious hacks that have recently targeted key Ukrainian infrastructure, including the country's rail system server, several government ministries, and a national pension fund.

The attacks started on December 6 and lasted through December 20.

The December 17 power outage was the result of an attack at the Pivnichna substation outside Kiev that began shortly before midnight.
It lasted for about an hour. Demonstration of capabilities "The attack [was] not meant to have any lasting dramatic consequences," Marina Krotofil, a security researcher for Honeywell Industrial Cyber Security Labs, told Motherboard. "They could do many more things, but obviously they didn't have this as an intent.
It was more like a demonstration of capabilities." At the S4x17 Conference in Miami on Tuesday, Krotofil said last month's attacks used many of the same tools that were deployed in the year-earlier hack—including a framework known as BlackEnergy and disk-wiping malware called KillDisk.

The breaches stemmed from a massive spear phishing campaign that struck government organizations in July and allowed the attackers to conduct months of covert reconnaissance before finally striking last month.

The phishing e-mail came from a highly trusted individual and contained a macro attachment that infected people who allowed it to run.

The "dropper" malware, DarkReading reported, underwent 500 software builds over a two-week period, a testament to the rigor of the attackers' software development. In a pre-recorded video played at the conference, Oleksii Yasynskyi, head of research for Information Systems Security Partners in Ukraine, which has investigated the attacks, said the attackers belonged to several different groups that worked together.

Among other things, they gathered passwords for targeted servers and workstations and created custom malware for their targets. The attack on the Pivnichna transmission facility shut down the remote terminal units that control circuit breakers.

That hack was less severe than the one used in the 2015 attack, which rendered the devices inoperable and prevented engineers from remotely restoring power. Last month's hacking campaign also made use of denial-of-service attacks. It's still too early to definitively attribute the attacks to the Russian government, but it's also not possible to rule the possibility out. Last month's attack came around the same time that the US intelligence community blamed Russia for hacks against Democratic groups and individuals, attacks that were allegedly aimed at disrupting the 2016 US presidential election.
If Russia is in fact behind campaigns in both countries, the attacks signal Russia's growing willingness to use hacking to achieve geopolitical goals.

Even if Russia isn't involved, the events in Ukraine demonstrate that once-unprecedented attacks on power facilities and other critical infrastructure are quickly becoming the new normal.

Latest Ukraine Blackout Tied To 2015 Cyberattackers

Broad cyberattack campaign hitting finance, energy, transporation in Ukraine were meant to disrupt but not cause major damage, researchers say. S4x17 CONFERENCE -- Miami, Fla.-- A wave of fresh cyberattacks against power substations, defense, finance, and port authority systems in Ukraine last month appear to be the handiwork of the same attackers who in December 2015 broke in and took control of industrial control systems at three regional power firms in that nation and shut off the lights, researchers said here today. A pair of researchers from Ukraine confirmed that a second power outage on Dec. 16, 2016, in the nation also was the result of a cyberattack. Ukrainian officials have identified Russian hackers as the perpetrators, and Ukraine President Petro Poroshenko recently revealed that his nation had suffered 6,500 cyberattacks at the hands of Russia in the past two months. But unlike the 2015 cyberattack that crippled some 27 power distribution operation centers across the country and affected three utilities in western Ukraine, the December 2016 attack hit the Pivnichna remote power transmission facility and shut down the remote terminal units (RTUs) that control circuit breakers, causing a power outage for about an hour. Confirmation of yet another cyberattack campaign against the Ukraine comes at a time when Russian nation-state hacking is a front-burner concern in the US and Western world, especially with the US intelligence community's recent report concluding that Russian president Vladimir Putin directed a wide-ranging campaign to influence the outcome of the 2016 US presidential campaign in favor of President-Elect Donald Trump. US officials say Russia employed cyber espionage attacks against policy groups, US primary campaigns, and the Democratic National Committee (DNC) in 2015, as well as propaganda to influence public opinion. Marina Krotofil, a security researcher for Honeywell Industrial Cyber Security Labs, who today presented the newest findings on the Ukraine hacks, said the attackers appear to be using Ukraine "as a training ground for R&D" - basically a way to hone their attacks on critical infrastructure attacks in general. She said in an interview that this testbed-type approach against Ukraine is considered by experts as a "standard practice" by Russian nation-state attackers for testing out their tools and attacks. This recent campaign worries some US security experts. "The 'red lines' that conventional wisdom taught us would prevent disruptive or destructive attacks in critical infrastructure are dimming, if not gone," says Steve Ward, a senior director at Claroty. "With the 2015 Ukraine incident and the fact that no apparent repercussions followed, it is not surprising to be at the point where a follow-up attack has been confirmed … We should be very concerned with the potential of such attacks in America," Ward says. Honeywell's Krotofil says the latest attacks began on Dec. 6 and lasted until Dec. 20, with each target getting hit one-by-one, via a combination of remote exploits and websites crumbling under distributed denial-of-service attacks. With the Ukraine rail system's server taken offline by the attacks, travelers were unable to purchase train tickets, and cargo shipments also were interrupted, she says. She said the attackers didn't appear to intend to wreak major damage on Ukraine's infrastructure, however. "It's hypothesized that this hacking campaign was to sabotage normal operations in Ukraine to cause disorganization and distrust," she said. "The goal was to destabilize the economy and political situation." The attackers used many of the same tools that they deployed in the 2015 power grid blackout -- including BlackEnergy framework tools and KillDisk. "The attacks [grew] in sophistication," Krotofil said. "They were more organized, with several groups working together like a good orchestra.

That was different from" the 2015 attack that appeared to be more disjointed and disorganized, she said. A spear phish on July 14, 2016, kicked off the first phase of the attacks aimed at a Ukraine bank.

The attachment employed malicious macros that checked for sandboxes and hid its activity with obfuscation techniques.

The researchers did not confirm the initial attack vector for the electric grid, however. Via a translater, in a pre-recorded video shown during Krotofil's talk, Oleksii Yasynskyi - head of research for Information Systems Security Partners in Ukraine and a fellow investigator of the Ukraine attacks - said that the attackers were "several cybercriminal groups" working together. Yasynskyi said the groups employed legitimate IT administrative tools to evade detection as they gathered the necessary intelligence about the networks in the reconnaissance phase of the attacks. They gathered passwords about targeted servers and workstations, for instance, noted Yasynskyi, and they created custom malware for their targets. "The code was written by experts," he said. Macro Got More Game The attackers upped their malicious macro game significantly in the 2016 attacks in comparison to the 2015 attack.

Case in point: 69% of the code in their macro software was for obfuscation, 30% for duping forensic analysis, and only one percent of the code actually corresponded to the macro's ability to launch malware, according to Yasynskyi. "In essence, this macro is a sophisticated container for infiltrating and delivering malicious code for actual intrusion by the attackers," he said. The attackers this time around also put extra effort into making malware analysis as onerous as possible. "It writes itself into certain parts of memory, like a puzzle," he said. "It unwraps only parts it needs at the time. "This only confirms the theory that this was executed by several teams: infrastructure, instruments to automate the analysis and penetration, and to deliver the malicious code," he said. The dropper malware, a custom tool called Hancitor, had two different samples, but some 500 software builds during a two-week period, demonstrating the level of software development by the attackers, Krotofil noted. The attackers also obviously had done the homework in order to wreak havoc on the power grid, such as the inner workings of industrial processes there. "You can't simply get" that information or documents on the Net, Krotofil said. Interestingly, while it took some four months to investigate the 2015 Ukraine power grid attack, it took Yasynskyi and the other investigators only two weeks to investigate the 2016 attacks.

They were able to detect the similar methods and tools in the second attacks based on the research from the previous attacks. Michael Assante, SANS lead for ICS and SCADA security, in a presentation here today noted that the Ukraine attacks raise new issues for ICS/SCADA operators. "In the case of Ukraine, it opened up a lot of questions" after that 2015 attack about how to engage when such physically disruptive events hit, such as who should identify a cyberattack, how to respond, and what protocol to follow if the attack causes damage. Related Content: Kelly Jackson Higgins is Executive Editor at DarkReading.com.
She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ...
View Full Bio More Insights

VW exec arrested during Miami vacation over emissions scandal

reader comments 46 Share this story Enlarge / In this handout provided by the Broward Sheriff's Office, suspect Oliver Schmidt, an executive for Volkswagen poses in this undated booking photo.
Schmidt was arrested January 7, 2017 in Florida and is expected to be charged with conspiracy and fraud in the Volkswagen emissions scandal.
Schmidt was formerly a key emissions compliance manager for VW in the U.S. (Photo by Broward Sheriff's Office via Getty Images) Handout/Getty Images On Saturday night, the FBI arrested Oliver Schmidt, a former emissions compliance executive for Volkswagen Group, as he waited to catch a plane back to Germany at Miami International Airport in Florida.

The arrest is a major setback for VW Group, which has thus far been able to shelter most of its high-level executives from individual prosecution by US authorities. In a Monday appearance in US District Court in Miami, a Justice Department lawyer said that an attorney for Schmidt “had alerted government lawyers that the executive would be in Florida for vacation,” according to the Wall Street Journal. Schmidt, 48, was charged with defrauding the United States, wire fraud, and violating the Clean Air Act. He allegedly played a central role in hiding from US regulators the fact that some 500,000 Volkswagen and Audi vehicles with 2.0L diesel engines sold in the US were equipped with various types of illegal software designed to help the cars pass their emissions tests in a lab and to kill the emissions control system on the cars when they were driving on the road under “real world” conditions. Schmidt allegedly knew of this illegal software since VW Group began using it in Audis in 2009, but the charges the US Government has lodged against him have focused on his involvement between April 2014 and when news of the scandal broke in September 2015.

As an emissions compliance executive for VW Group, Schmidt was based in Detroit, Mich. and was alerted when the International Council for Clean Transportation (ICCT) and West Virginia University produced a report finding that many VW Group diesels showed an alarming divergence from their reported emissions levels when tested in real world driving scenarios. According to the complaint against him (PDF), Schmidt allegedly wrote to other VW Group managers at the time, “It should first be decided whether we are honest.
If we are not honest, everything stays as it is.” For the next year, VW Group danced around regulators’ questions about the study from ICCT and West Virginia University, claiming that the issue could be solved through a minor, voluntary recall. Later in the year, Schmidt wrote an e-mail to the then-CEO of VW Group of America analyzing the “Possible Consequences/Risks” of fallout from the ICCT and West Virginia University Study.
Schmidt added that modifications to the software in Generation 1 and Generation 2 engines “can achieve reductions of NOx emissions under RDE [Real Driving Emissions], but not compliance with the limits.” Even to this day, VW Group has only been able to certify a fix for Generation 3 vehicles—all 2015 models—that will bring the cars into compliance with federal emissions standards. According to the complaint, in August 2015, just a month before the Environmental Protection Agency (EPA), Schmidt traveled to Michigan to meet with a member of the California Air Resources Board (CARB), which had been aggressive in pursuing VW Group’s emissions discrepancies. “Schmidt offered technical reasons and excuses such as ‘irregularities’ or ‘abnormalities’ for the discrepancy without revealing the fundamental reason for the higher NOx measurements on the road: software intentionally installed in VW vehicles so the vehicles could detect and evade emissions testing.” The accusations in the complaint are bolstered by claims from two unnamed cooperating witnesses and James Liang, a engineer for Volkswagen that pleaded guilty to working on the diesel conspiracy in September. Liang has agreed to testify against VW Group to avoid prosecution in the US. Volkswagen has already settled two civil complaints over its illegal software in 2.0L and 3.0L diesel VWs, Audis, and Porsches.

The largest, concerning the 2.0L diesels, will set the company back $15 billion.

Earlier this month, the Wall Street Journal reported that Volkswagen and the Justice Department were considering another billion-dollar settlement based on a criminal investigation of the company.

Charges in that case have not been filed yet, however. Listing image by Handout/Getty Images

How hackers made life hell for a CIA boss and other...

EnlargeFlickr user Erica Zabowski reader comments 26 Share this story A North Carolina man has pleaded guilty to a conspiracy that illegally accessed the e-mail and social media accounts of Central Intelligence Director John Brennan and other senior government officials and then used that access to leak sensitive information and make personal threats. Justin Gray Liverman, 24, of Morehead City, North Carolina, pleaded guilty to conspiracy to violate the Computer Fraud and Abuse Act, commit identity theft, and make harassing, anonymous phone calls, federal prosecutors said Friday.

Among the 10 people targeted in the conspiracy were Brennan; then-Deputy FBI Director Mark Giuliano; National Intelligence Director James R.

Clapper; Greg Mecher, the husband of White House Communication Director Jen Psaki; and other government officials.

The group called itself Crackas with Attitude, and it was led by a co-conspirator going by the name of Cracka. "She talks mad shit abt snowden," Liverman said on December 10, 2015 in an online chat with Cracka, referring to a target who is believed to be Psaki, according to a statement of facts signed by Liverman and filed in US District Court for the Eastern District of Virginia. (The document refers to Mecher and Psaki as Victim 3 and the spouse of Victim 3 respectively.) "If you come across anything related to [Victim 3's spouse] let me know.
If you find her cell or home number omg gimme." Liverman went on to say he wanted to "phonebomb the shitt [sic] outta" Psaki. The statement of facts shows Liverman discussing other intrusions with Cracka.

After getting a cellphone number Cracka had unlawfully obtained from a breached online account belonging to Victim 2, Liverman dialed it to make sure it belonged to the government official, whose real-world identity couldn't be immediately confirmed by Ars. Liverman "then paid an online service to automatically dial Victim 2's phone number once an hour, for 30 days, and leave a threatening recorded message." "We will keep a close eye on your family" Liverman later sent text messages to the cellphone that read in part: "We will keep a close eye on your family, especially your son." The message included a photo of the son that had been unlawfully obtained from one of Victim 2's compromised accounts.

That same day, Liverman publicly posted the cellphone number to pseudonymous Facebook and Twitter accounts and wrote: "This line will be active for only 24hrs, so call/sms it if you want to talk to me ... i also accept sexy nudes lol." Two days later Liverman told Cracka: "if we could get [Victim 2] swatted that would be amazing." Swatting is the term for falsely reporting violent crimes in progress to emergency responders in an attempt to elicit a response from special weapons and tactics police officers. Cracka used Victim 2's official credentials to gain unauthorized access to the Law Enforcement Enterprise Portal, an online database that's supposed to be available only to law enforcement officials.

At Liverman's request, Cracka used his access to obtain a list of more than 80 police officers and law enforcement employees in the Miami area. On January 6, 2016, Liverman posted the list online. The group allegedly also published a 47-page security clearance questionnaire containing highly personal information, which Brennan completed to obtain his post.

Around the same time, the group published a separate spreadsheet containing the personal data of the 29,000 FBI and DHS employees.

A day later, a group member allegedly presented evidence showing it had hijacked accounts belonging to Clapper. According to an affidavit filed in September, the group didn't rely on computer hacking to break into restricted accounts.
Instead, members used social engineering in which they impersonated their targets and various IT support personnel purporting to help the victims. On October 11, 2015, one of the suspects allegedly accessed the account belonging to Brennan by posing as a technician from Verizon.

The suspect then tricked another Verizon employee into resetting the password for Brennan's Internet service. Prosecutors said the suspects went on to take over a Brennan AOL account. The group allegedly used similar techniques to access other accounts.

The affidavit said another group member appeared to gain access to a law enforcement database by calling an FBI help desk and asking that Giuliano's password be reset. Now, Liverman faces a maximum possible sentence of five years in prison at sentencing, which is scheduled for May 12. The statement of facts filed with Friday's guilty plea offers a window into the depravity and viciousness that motivates so many online intrusions.

The perpetrators often succeed not through any technical skill but rather by making fraudulent phone calls that carefully exploit weakness in various companies' customer support services.
It's not the first time social engineering has exacted such a high price, and sadly, it likely won't be the last.

North Carolina Man Admits Role in Online Attacks against U.S Intelligence...

Russia isn't the only place where attacks against the U.S Government come from, as a 24-year-old American pleads guilty to charges he was part of a group that targeted US intelligence officials including CIA chief John Brennan. The first of five individuals associated with the hacker group known as 'Crackas Wth Attitude' (CWA), that are alleged to have hacked online accounts of U.S Government officials in 2015, has pleaded guilty. 24-year-old Justin G. Liverman of North Carolina, entered a plea agreement with the U.S. Justice Department on Jan. 6.Liverman is one of two American citizens and five individuals that were alleged to be part of the CWA effort, that was able to exploit internet accounts owned by senior U.S Government officials including CIA Chief John Brennan and U.S Director of National Intelligence James Clapper."Liverman's plea admits guilt to a conspiracy to commit unauthorized computer intrusions, identity theft, and telephone harassment," the Department of Justice stated.Under the terms of the plea agreement, Liverman pleaded guilty to one felony count of conspiracy.

According to the agreement, Liverman's actions were responsible for $95,000 in damages, out of $1.5 million in total damages caused by the CWA. According to the original affidavit in the case, the CWA attackers used anonymizing software and social media platforms to communicate with each other, as well as to obtains unlawful access to online accounts and harass their victims. The CWA attackers used social engineering techniques in order to exploit victim's accounts.

Among the exploits that were conducted was one in November 2015, when a member of the CWA was able to gain access to a victim's Comcast account. Using the victim's credentials, a member of the CWA was able to gain access to the victim's account for the Law Enforcement Portal (LEEP).

A member of the CWA, then released information from the LEEP system on more than 80 officers from several Miami -area law enforcement agencies.

The CWA also according to the affidavit made a false bomb threat to the Palm Beach County Sherriff's Office in West Palm Beach, Florida in January 2016.As part of the statement of facts filed with the plea agreement, Liverman's role was identified as publicly posting online documents and personal information unlawfully obtained from a victim’s personal account.

Additionally, Liverman sent threatening text messages to the same victim's cellphone.Liverman will be sentenced on May 12 and faces up to five years in prison. His U.S co-defendant, Andrew Otto Boggs who is also from North Carolina, is expected to enter a guilty plea on January 10, according to the DoJ.Liverman's legal defense was assisted by the Courage Foundation, which is a group that aims to help support the efforts of whistleblowers."Nothing was really hacked in this case because important government officials and agencies left the door wide open," Courage attorney Tor Ekelan said in a statement. "One hopes that hostile nation state actors didn't walk through that open door before Justin (Livermore) did."Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com.

Follow him on Twitter @TechJournalist.

US Customs System Outage Grounds Travelers

Monday's "temporary outage" leaves thousands of international travelers stranded.

A nationwide Customs and Border Protection system outage stranded thousands of travelers at airports on Monday.

Folks trying to enter the US via a handful of cities were met with long lines and excessive delays as customs officers manually processed international passengers.

Issues were reported in Atlanta, Ft. Lauderdale, Los Angeles, Miami, and Washington, D.C., as well as Baltimore, Boston, Newark, and San Francisco. All airports came back online Monday night, following what CBP called "a temporary outage" of its processing systems.

"US Customs and Border Protection is experiencing a temporary outage with its processing systems at various air ports of entry and taking immediate action to address the technology disruption," the agency said in a statement to ABC News.

"CBP officers continue to process international travelers using alternative procedures until systems are back online," it continued. "Travelers at some ports of entry are experiencing longer than usual wait times and CBP officers are working to process travelers as quickly as possible while maintaining the highest levels of security."

US Customs and Border Protection did not immediately respond to PCMag's request for comment. According to a tweet, however, there is no indication the disruption was malicious.

According to social media accounts, conditions at Miami International Airport were particularly harsh: an army of angry, hungry people crowded the hallways for three-plus hours as rising temperatures caused fainting and vomiting.

@cnnbrk please let US Customs know the Miami airport could use a little help. Thousands of us waiting in a "line". pic.twitter.com/VGLUOUiaoP

— Garret Prather (@garretp) January 3, 2017

@wsvn immigration @ M.I.A. Hundreds waiting, system has been down for hours pic.twitter.com/kuyR9u7boO

— Reza (@EGerami) January 3, 2017

Nightmare at the #Miami airport for all incoming int'l flights: all systems were down at immigration. Hours of wait #miamiairport pic.twitter.com/MOorFyfv9x

— Sarah (@iLoveSassou) January 3, 2017

Similar scenes were depicted at Washington Dulles International Airport, where Twitter user Richard Walker documented "36 unusable passport express kiosks, 20 unused global entry" stalls, eight agents, and a one-hour wait.