Tuesday, January 16, 2018

Understanding Digital Footprints

This document provides material designed to assist law enforcement personnel in protecting themselves and their families from becoming cyber targets: protecting personal information, cyber dos and don'ts, and links to further cyber training and resources. (2.26 MB)

The National White Collar Crime Center (NW3C) also offers a short on-line course: Understanding Digital Footprints (CS 110) - This course introduces learners to the concept of digital footprints and best practices in protecting personal identifying information. Topics include understanding consequences of oversharing personal information, limiting an individual’s digital footprint, protecting privacy on social media sites and steps to take after becoming a target of doxing.

Washington State DOL Stops Giving Personal Info to Feds

OLYMPIA, Wash.  - The Washington state Department of Licensing says it will no longer release personal information to federal immigration authorities without a court order unless required by law. The agency announced the change Monday following a report in The Seattle Times last week that showed the department was handing over personal information to federal authorities 20 to 30 times a month. Washington is one of the few states that allow people without proof of legal U.S. residency to get driver's licenses. Officials also said the agency would end its practice of collecting "information that isn't mandated and could be misused," such as information on license applications about where a person was born.
When DOL gave information to ICE, it redacts a field on the driver's license application showing a Social Security number, but left visible fields showing where someone was born and the ID used (passports or other documents) -- information that could be used as evidence of a foreign-born person who possibly could be in the country illegally.

Monday, January 15, 2018

Risks Incorporated

In August 2016, I completed the Travel Security course presented by Risks Incorporated. For those of you who travel internationally, some type of security training and planning is essential, and I highly recommend training with Risks Incorporated.

I have previously written about foreign travel here in the blog, and for most people having a basic understanding of travel security will be enough to ensure a safe and successful trip. However, in some cases more in-depth training is needed.

DOD personnel traveling overseas are required to receive a travel briefing and comply with the provisions of the DoD Electronic Foreign Clearance Guide. Unfortunately, the travel briefings provided to DOD personnel are often little more than cut and paste from the State Department's web-site and excerpts from the Foreign Clearance Guide itself. My experience with the foreign travel and security briefings I have received from DOD Anti-Terrorism Officers is that such briefings are little better than useless, containing no analysis or area specific research.

Risks Incorporated training however helps you understand the risks that exist in certain parts of the world, and most importantly teaches you how to best avoid, or if necessary confront, these risks. In addition to their training courses, Risks Incorporated offers a series of Free Counter Terrorism, Travel Security & Tactical Training Booklets, that you can download.

Risks Incorporated is a progressive, European - owned and managed bodyguard school and specialist protection company that has proven itself many times on sensitive international operations. They supply corporate investigations, specialist security services, maritime security, executive protection, tactical firearms training, kidnap and ransom, bodyguard services and training worldwide.

The Consular Travel Advisory System

The U.S. Department of State has long issued messaging for the purpose of helping U.S. citizen travelers abroad make the right decisions to keep themselves safe and secure. Some of these were for short-term issues, and others explained longer-term, systemic issues affecting the security environment in a particular country or even across an entire region. Many in the private sector use these products to help formulate security plans for their personnel or facilities positioned abroad, or to govern their policies for international travel. That system has now changed, and many of the products travelers have come to know (such as Travel Warnings and Emergency Messages) are being reformatted, rethought, and simplified.

The State Department's Bureau of Consular Affairs (CA) on January 10, 2018 launched improvements to public safety and security messaging that will make it easier for U.S. citizens to access clear, timely, and reliable information about every country in the world.  CA has replaced its former countrywide products, Travel Warnings and Travel Alerts, with a single "Travel Advisory" for each country.  Each Travel Advisory for every country around the world will be paired with a level of advice based on one of four tiers.

The four levels of advice are:

Level 1 - Exercise Normal Precautions:  This is the lowest advisory level for safety and security risk.  There is some risk in any international travel.  Conditions in other countries may differ from those in the United States and may change at any time.

Level 2 - Exercise Increased Caution:  Be aware of heightened risks to safety and security.  The Department of State provides additional advice for travelers in these areas in the Travel Advisory.  Conditions in any country may change at any time.

Level 3 - Reconsider Travel: Avoid travel due to serious risks to safety and security.  The Department of State provides additional advice for travelers in these areas in the Travel Advisory.  Conditions in any country may change at any time.

Level 4 - Do Not Travel:  This is the highest advisory level due to greater likelihood of life-threatening risks.  During an emergency, the U.S. Government may have very limited ability to provide assistance.  The Department of State advises that U.S. citizens not travel to the country or leave as soon as it is safe to do so.  The Department of State provides additional advice for travelers in these areas in the Travel Advisory.

Conditions in any country may change at any time.

The complete report can be viewed at OSAC.

Sunday, January 14, 2018

CBP Can Demand the Passwords to Your Electronic Devices

An article at "The Identity Project" - New DHS policy on demands for passwords to travelers’ electronic devices - stated that "US Customs and Border Protection [CBP], a component of the Department of Homeland Security, [on January 5, 2018] posted a revised policy on Border Searches of Electronic Devices and a Privacy Impact Assessment of some of the changes made by the new policy.

CBP now says as follows...

Travelers are obligated to present electronic devices and the information contained therein in a condition that allows inspection of the device and its contents... Passcodes or other means of entry may be requested and retained as needed to facilitate the examination of an electronic device or information contained on an electronic device, including information on the device that is accessible through software applications present on the device. If an Officer is unable to complete an inspection of an electronic device because it is protected by a passcode or encryption, the Officer may... detain the device pending a determination as to its admissibility, exclusion, or other disposition.

It seems that according to this policy, CBP can demand that you provide them with the passwords for your electronic devices, allowing them to them go through whatever information those devices may contain. If you refuse to provide your password, CBP can "detain your device" [steal it?]!

More from the Identity Project can be found at https://papersplease.org/

Saturday, January 13, 2018

Kaspersky and the FSB

There was an interesting article in the Moscow Times today "The Specter of Kaspersky Looms Over Russian Cybersecurity Firms". I have highlighted a few passages from the article below, and encourage you to read the entire article if you work, travel, or communicate with friends, family, or business associates in Russia. Although it is no surprise to the Russians, all communications in Russia are monitored by the FSB, and the Russian government maintains escrowed encryption keys that allow the FSB to access all encrypted communication. This ability to monitor communications and have access to escrowed encryption keys is the goal and intent of the FBI in America, in their "Going Dark" debate.

Russian hackers have also struck fear in Western governments and voters. U.S. authorities have accused them of breaking into the servers of the Democratic National Committee and the emails of Hillary Clinton’s campaign staff.

Kaspersky Lab, Russia’s most successful cybersecurity firm and the only one to have established a firm presence abroad, has been accused of cooperating with Russia’s Federal Security Service (FSB) - one of the intelligence agencies accused of directing the hacks.

As a large cybersecurity firm, Kaspersky is a natural ally of Russian intelligence agencies in catching cybercrooks. It is a role that Eugene Kaspersky, the co-founder of the company that carries his name, has welcomed.

That the company has a relationship with intelligence agencies is not unusual, says Mark Galeotti, the coordinator of the Center for European Security at the Institute of International Relations Prague.
"Any major cybersecurity company will have a relationship with the intelligence agency in its country," he says. "If Kaspersky was based in Manchester, it would have a connection with British intelligence."

Until recently, Kaspersky’s close connection with the FSB was not a major worry in the United States.

As Soldatov explains, prior to allegations that it interfered in the 2016 U.S. presidential elections, the FSB was well regarded in the West. In the war against terror, the agency was viewed as an ally, especially after it tried to warn the United States about the Boston bombers.
Whether or not Kaspersky believes his company has helped the FSB spy, however, might be besides the point.

There are legal structures in Russia that render the work of cybersecurity companies transparent to the FSB, says Soldatov. As he puts it, for cybersecurity firms based in the country, the agency is "impossible to escape." That’s because encryption developers are required to procure a license from the FSB that "allows the agency access to everything they do."

There are also laws that allow the Russian government to surveil the country’s internet service providers through a system called the System of Operative-Investigative Measures, or SORM. In October, an American industry official who was briefed by the FBI on Kaspersky Lab pointed to that system as a key concern.

"Whether Kaspersky is working directly for the Russian government or not doesn’t matter; their internet service providers are subject to monitoring," he told the Washington Post. "So virtually anything shared with Kaspersky could become the property of the Russian government."

And a lot is shared with Kaspersky. Because, by definition, antivirus software is invasive. When users download it to their computers, they give the software free reign to rifle through their data for malware. What is recognized as malware is then sent back to Kaspersky headquarters in Moscow, where it is analyzed for threats.

There are also informal structures in Russia the firms must navigate, says Soldatov. These are the so-called siloviki - officials from the country’s military and security agencies, like the FSB, who have their own interests to satisfy.

The agency could have easily planted its own people in the company, says Michael Kofman, a researcher at the Washington-based Wilson Center focusing on security in Russia. "The most effective resource is an organization that doesn't know it's being used," he says.

In effect, Galeotti says, there is simply not much a cybersecurity firm in Russia can do to maintain its autonomy. "If you’re operating in Russia," he says, "you have to accept all the rules of the game."

Friday, January 12, 2018

OPSEC Fundamentals Course

The Operations Security Professional's Association (OSPA)  is a non-profit organization dedicated to providing free OPSEC tools, resources, and training. OSPA offers a free, open to the public, "OPSEC Fundamentals" course that you can complete on-line. The course consists of two lessons and a final assessment. If you pass the short end-of-course assessment you will earn an OSPA certificate of completion.