Saturday, January 6, 2018

Warrantless Electronic Device Searches


Warrantless phone, laptop searches at the US border hit record levels

An article on ZDNet reported that: "new figures released Friday [January 5, 2018] reveal that Customs and Border Protection (CBP) officers searched 30,200 devices -- an increase of about 60 percent year-over-year -- between October 2016 and September 2017. One leading Democratic senator says newly-enacted directives explicitly allow border officials to try to bypass the password or encryption on a device without reasonable suspicion."

CBP published its updated 'Border Search of Electronic Device Directive' on January 5, 2018. The guidance states in part: "In the course of a basic search, with or without suspicion, an Officer may examine an electronic device and may review and analyze information encountered at the border..." To understand the guidelines that apply to search of your electronic devices at the border, it is recommended that you read the Border Search of Electronic Device Directive.
 
In 2017, the Electronic Frontier Foundation (EFF) published guidance on "Digital Privacy at the U.S. Border: Protecting the Data On Your Devices and In the Cloud"

The American Civil Liberties Union (ACLU) discussed the question "Can Border Agents Search Your Electronic Devices?" in a 2017 article. In this article the ACLU recommended the following steps to help protect yourself when crossing the United States border:
  • Travel with as little data and as few devices as possible.
  • Encrypt devices with strong and unique passwords and shut them down when crossing the border.
  • Store sensitive data in a secure cloud-storage account.
  • Upload sensitive photos on your camera to your password-protected laptop or a cloud-storage account.
  • Turn on airplane mode for all of your electronic devices before crossing a border checkpoint.

Similar advice was provided in articles in the New York Times and in Wired.

New York Times - Crossing the Border? Here’s How to Safeguard Your Data From Searches
Wired - A Guide to Getting Past Customs with Your Digital Privacy Intact

Posted by at No comments:

Cellular Telephone Signal Boosters

Many people carry mobile telephones. There are a great number of models, designs, and service providers; but at their core all mobile telephones are just radios that communicate with cell-towers and cell-sites in the area. The standard GSM mobile telephone has a maximum transmission range of 35 kilometers (22 miles), because of technical limitations of the system. CDMA and IDEN have no built-in limit, but the limiting factor is the ability of a low-powered personal mobile telephone to transmit back to the cell-tower. As a rough guide, based on a tall cell-tower and flat terrain, it is possible to get between 50 and 70 km (30 - 45 miles). It must be understood that these are maximum ranges, and many factors serve to reduce that range. Some of these limiting factors include:
  • Height of antenna over surrounding terrain (Line-of-sight propagation).
  • The frequency of signal in use.
  • The transmitter's rated power.
  • The required uplink/downlink data rate of the subscriber's device.
  • The directional characteristics of the site antenna array.
  • Reflection and absorption of radio energy by buildings or vegetation.
  • It may also be limited by local geographical or regulatory factors and weather conditions.  
Because a mobile telephone is really just a radio, you can get a better signal by using an improved antenna and a signal booster.  It is important to note that a signal booster does not create a cellular signal, it only boosts weak signals. If there is no cellular signal whatsoever in your area, a signal booster will not function.
 
Cellular signal boosters can be quite expensive, but one example of a fairly affordable signal booster is the weBoost Drive 4G-S Cell Phone Signal Booster. Combined this with an improved external antenna, such as the Wilson Electronics 800/1900 MHz Magnet Mount Antenna and you will likely push your mobile telephone to near its maximum communication range.
 
The Drive 4G-S can boost cell signals up to 32x, enhancing 4G LTE and 3G signals for one person in a car, truck, van or RV. weBoost's 4G-S is compatible with all US and Canadian networks such as Verizon, AT&T, Sprint, T-Mobile, US Cellular, Straight Talk and more. An optional indoor accessory kit is also available to use the Drive 4G-S as a home signal booster. This FCC & Industry Canada Certified booster comes with all components needed for installation in one package making DIY installation a breeze.
 
If you have a weak cellular signal in an area, a signal booster and improved antenna will certainly be of value. If you have no signal in an area it is either because no signal exists, or because the signal is so weak that you can’t pick it up. An improved external antenna may pick up that very weak signal and allow you to have mobile telephone service where none exists when using just the internal antenna of your mobile telephone.
 
An additional advantage on using a signal booster is that it can extend the run time of your mobile telephone's battery. Mobile telephones increase their power when the signal is weak with the cellular tower, and decrease that power when the signal is strong. Because the signal booster gives you a stronger signal, your mobile telephone needs less power to connect to the cell tower and thus uses less of your battery each hour.
 
Although many cellular signal boosters are designed to be installed in vehicles, because they run off of a 12-volt power supply (your vehicle’s battery) a signal booster could be set up at a hunting camp or bug out location.  Now, having a mobile telephone connection while out in the forest may not be all that important to you, but if it is you should consider the advantages of a cellular signal booster.


Posted by at No comments:

Friday, January 5, 2018

Secret Groups on Facebook


Once you have a profile on Facebook, you can create groups intended for select individuals, and devoted to specific topics. Anyone with a Facebook account can create a group, just click on the menu arrow at the top of your Facebook page, and select "Create Group" from the drop-down menu. You choose a name for your group, add some initial members, and most importantly for our purposes "Select Privacy" for your group. Here you should select a "Secret Group". 


Secret Groups on Facebook can only be seen by their current and former members. To become a member of a Facebook Secret Group you have to be added or invited by a current member of that group. The differences between the privacy settings on Facebook Public, Closed, and Secret Groups can be seen here, in the Facebook Help Center.

Secret Groups don’t appear in searches, so if the group members don’t advertise its existence the group should remain "secret". Facebook Secret Groups can be very large, having thousands of members, but where they are most effective is among a small group of people sharing a common interest. A Facebook Secret Group could even be used as a private communication channel for just two people.

Just how secret is a Facebook Secret Group? Well, its not visible to people outside of the group, but Facebook administrators can no doubt see the content of a Secret Group, and as the Electronic Frontier Foundation (EFF) pointed out "No matter what type of group you choose and what settings you take advantage of, there is a hard limit on how private Facebook groups can be. If the company receives a government request to turn over user information or take down content, your group may be vulnerable. In some cases, if Facebook's copyright bot flags content in your group for potential copyright infringement, rights holders may be allowed to see it. And if users report content inside your group - even Secret groups - as violating Facebook’s Community Standards, it can be taken down. Users can even be temporarily banned from the platform for such violations." 

So, Facebook Secret Groups are perhaps not really all that secret, but they do add a layer of privacy not available in Public or Closed groups; and they are much more private then simply posting to your Facebook personal profile. Every layer of privacy and security that you add to your life makes you that much harder of a target. So if you have something to share with a group of like-minded people, but you want to avoid the public eye, consider a Facebook Secret Group.
Posted by at No comments:

Thursday, January 4, 2018

Motel 6 Giving Guest Information to US Immigration Authorities


Washington Sues Motel 6 for Giving Guest Information to US Immigration Authorities

SEATTLE  - Washington's attorney general sued Motel 6 on Wednesday [January 3, 2018], alleging the national budget chain disclosed the private information of thousands of its guests to U.S. immigration authorities in violation of the state consumer protection law.

Attorney General Bob Ferguson said motel employees divulged the names, birthdates, driver's license numbers, license plate numbers and room numbers of at least 9,150 guests to U.S. Immigration and Customs Enforcement agents without a warrant. At least six people were detained on or near motel property during a two-year period.

Motel 6 was aware that the agents used the guest registry information to single out guests based on their national origin in violation of Washington state's anti-discrimination law, the state's lawsuit filed in King County Superior Court alleged.

Ferguson said at least six Motel 6 locations in the state - all in the Puget Sound region and corporate-owned - provided the information without guests' knowledge or consent. Washington's Supreme Court makes it clear that guest registry information is private, he said, and Motel 6 violated the law each time it gave out private information.


Posted by at No comments:

Attempts to Illegally Buy Guns Online Fail

A January 3, 2018 article in the Washington Times found that "Most attempts to illegally buy guns online fail, according to a study by federal investigators who found the internet serves as a small loophole for firearms purchases." Federal agents posing as illegal gun buyers failed in nearly all of their dozens of attempts to purchase guns online, according to the multiyear study that tried to examine how current firearms laws could apply to purchases over the internet. All 72 undercover attempts to buy guns through readily accessible internet sites failed, though agents did manage to make two buys out of seven attempts through the more restrictive "dark web," according to the recent report from the Government Accountability Office (GAO). "Tests demonstrated that private sellers GAO contacted on gun forums and other classified ads were unwilling to sell a firearm to an individual who appeared to be prohibited from possessing a firearm," the report said.


Posted by at No comments:

Photocopying A US Govt. ID Is Illegal

 
Have you ever let a business make a copy of your ID? If the ID they copied was a Military ID (including Dependent and Retiree ID), DOD Civilian CAC, or similar Federal government employee ID, they may have violated Federal law (and you may have violated the law by permitting someone to copy your ID).

Photocopying any U.S. government identification is a violation of Title 18, US Code Part I, Chapter 33, Section 701.

The law reads, "Whoever manufactures, sells, or possesses any badge, identification card or other insignia of the design prescribed by the head of any department or agency of the United States for use by any officer or employee thereof, or any colorable imitation thereof, or photographs, prints, or in any other manner makes or executes any engraving, photograph, print, or impression in the likeness of any such badge, identification card, or other insignia, or any colorable imitation thereof, except as authorized under regulations made pursuant to law, shall be fined under this title or imprisoned not more than six months, or both."

According to the DOD: This law does NOT apply to medical establishments like hospitals and doctor’s offices who are allowed to make a copy for filing insurance claims. It also doesn’t apply to other government agencies that are using the copied ID to perform official government business. However, any commercial establishment is prohibited by law from making a copy of your Military ID.

What about letting a business make a copy of some other form of ID, such as your state driver's license? This wouldn't seem to violate the above Federal law, but you should probably ask why the business needs to keep a copy of your ID, and what steps they take to keep that information from being lost or stolen. Data breaches happen all the time, and photocopies of your ID are probably not being stored in a secure database. According to an article in Consumer Reports - Providing your driver's license could put you at risk of identity theft - allowing a business to make a copy of your ID is "a terrible, terrible practice... it’s easily a contributor to identity theft, and it’s unnecessary."


Posted by at No comments:

Wednesday, January 3, 2018

Protect Yourself From Scams

 
Scammers are constantly refining their scams to make them as effective as possible. These criminals are getting increasingly sophisticated in their attempts to get your money or personal details. They know what works and what doesn't. Scams target people of all backgrounds, ages and income levels. Scams succeed because they look like the real thing and catch you off guard when you’re not expecting it. They also exploit your desire to be polite and respectful, as well as your generosity, compassion and good nature. 

Some things that you can do to help protect yourself against scams include:

Sign up with the National Do Not Call Registry - The Do Not Call Registry accepts registrations from both cell phones and land lines. To register by telephone, call 1-888-382-1222. You must call from the phone number that you want to register. To register online (https://www.donotcall.gov), you will have to respond to a confirmation email. After you are registered, you can be pretty sure that any telemarketing call you receive is a scam. Legitimate telemarketers screen their calls against the National Do Not Call List and won't call any registered number. Scammers however will still call and try to get you to fall victim to their crimes.

If it's a Robocall - It's a Scam! - Few things can be more annoying than answering the phone while you're in the middle of something - and then being greeted by a recording. According to the Federal Trade Commission "If you receive a robocall trying to sell you something (and you haven’t given the caller your written permission), it’s an illegal call. You should hang up." A study by Truecaller found that in 2016 roughly 22.1 million Americans lost a total of $9.5 billion in robocall scams.

If it Involves a Non-traditional Payment Method - It's a Scam! - Never pay by wire transfer, prepaid money card, gift card, or other non-traditional payment method. Say no to cash-only deals, high pressure sales tactics, high upfront payments, overpayments, and handshake deals without a contract.

Don't Show Your ID When Making a Credit Card Purchase - According to My Bank Tracker: An unscrupulous store employee could steal customer information from their IDs. This employee can use it to conduct identity theft and apply for credit cards under someone else’s name. Such criminal activity can happen at all types of business. According to the IN Department of Financial Institutions "When you pay for merchandise with a Visa card, MasterCard, or American Express any store that accepts these cards should accept yours too, no questions asked. It's part of the deal that merchants agree to when they become participating members... Your personal ID isn't needed because Visa, MasterCard, and American Express all guarantee payment..." [note that the back of your credit must be properly signed]. The Privacy Rights Clearinghouse points out that many consumers want to protect their privacy and personal security by not revealing their address, birth date, and other information contained on their driver’s license to a stranger. If you do not want to show ID, simply sign your card and refuse to provide ID if asked.

Keep Scammers from Opening Accounts in Your Name - Add A Credit Freeze! - If you’re concerned about identity theft, those reported mega-data breaches, or someone gaining access to your credit report without your permission, you might consider placing a credit freeze on your report. This makes it more difficult for criminals to open new accounts in your name. That’s because most creditors need to see your credit report before they approve a new account. If they can’t see your file, they may not extend the credit. Learn more about a credit freeze on the Federal Trade Commission web-site.

Be Alert to the Fact That Scams Exist. - When dealing with uninvited contacts from people or businesses, whether it's over the phone, by mail, email, in person or on a social networking site, always consider the possibility that the approach may be a scam. Remember, if it looks too good to be true, it probably is. Some common scams are discussed below.

Credit Card Services Scams
Have you received a telephone call that begins: Hello, this is [Scammer] from Credit Card Services? People are being bombarded with scam telephone calls that promise to help lower their credit card interest rates. The recorded calls purport to come from nondescript entities such as "Card Services," "Cardholder Services," etc. Due to the nondescript identification of the caller, some people may believe that the calls are from their credit card company. When people return the calls or press their keypad as directed, however, they may be contacting debt assistance scam artists or identity theft crime rings. "Card Services" calls are made by criminal enterprises whose intent is to obtain personal financial information to commit identity theft. Learn more about Credit Cards Services Scams on the MN Attorney General's web-site.

IRS-Impersonation Telephone Scams
A sophisticated phone scam targeting taxpayers, including recent immigrants, has been making the rounds throughout the country. Callers claim to be IRS employees, using fake names and bogus IRS identification badge numbers. They may know a lot about their targets, and they usually alter the caller ID to make it look like the IRS is calling.  Victims are told they owe money to the IRS and it must be paid promptly through a gift card or wire transfer. Victims may be threatened with arrest, deportation or suspension of a business or driver’s license. In many cases, the caller becomes hostile and insulting. Victims may be told they have a refund due to try to trick them into sharing private information. If the phone isn't answered, the scammers often leave an "urgent" callback request. Learn more about IRS-Impersonation scams on the IRS web-site.

Tech Support Scams
Tech support scams use scare tactics to trick you into paying for unnecessary technical support services that supposedly fix contrived device, platform, or software problems. These scams can use websites to lure you into contacting fake tech support. You may be redirected to these websites automatically by malicious ads found in dubious sites (for example, download locations for fake installers and pirated music or movies). The websites typically use malware in the form of script files like JavaScript or HTML, which can display various fake error messages. The malicious scripts can also put your browser on full screen and spawn pop-up messages that won't go away, essentially locking your browser. The latest evolution in technical support scams is the use of websites that automatically opens the default communication of phone call app with the phone number ready to be dialed. This technique streamlines the entire scam experience, leaving potential victims only one click or tap away from speaking with a scammer. Learn more about Tech Support scams on the Microsoft web-site.

Jury Duty Scams
In various parts of the United States, citizens are being targeted by phone calls and emails, threatening them with prosecution for failing to comply with jury service in federal or state courts. In the calls and emails, recipients are pressured to provide confidential data, potentially leading to identity theft and fraud. These calls and emails, which threaten recipients with fines and jail time if they do not comply, are fraudulent and are not connected with the U.S. courts. Learn more about Jury Duty Scams on the US Courts website.

Payday Loan Scams
The scammer calls you and poses as a payday loan collector. The fake collector then accuses you of failing to repay a payday loan. The scammer says that you’ll be sued if you don’t immediately wire a payment or provide a bank account or credit card number to pay off the supposed debt. The caller may claim to be from a law firm or a government agency like the Federal Trade Commission, and may threaten to garnish your wages or levy your bank account. Other intimidation tactics include threatening to tell your employer or family members you’re a deadbeat, and saying that you’ll be arrested if you don’t pay off the debt. Learn more about Payday Loan Scams on the Lawyers.Com website.

Romance Scams
A romance scam is a confidence trick involving feigned romantic intentions towards a victim, gaining their affection, and then using that goodwill to commit fraud. Victims - predominantly older widowed or divorced women targeted by criminal groups usually from Nigeria - are, for the most part, computer literate and educated. But they are also emotionally vulnerable. And con artists know exactly how to exploit that vulnerability because potential victims freely post details about their lives and personalities on dating and social media sites. Learn more about Romance Scams on the FBI web-site.

Grandparent Scam
The Grandparent Scam targets older individuals with callers pretending to be grandchildren. The scam begins with a phone call from a grandchild -- or so the caller says. But it almost always ends with a desperate plea for money.  The caller says there’s an emergency and asks you to send money immediately. But beware, there’s a good chance this is an imposter trying to steal your money! Learn more about the Grandparent Scam on the AARP web-site.

You can avoid becoming the victim of a scammer by being aware that scams exist, and that you - like anyone else - may be targeted by these criminals. Take steps to always safeguard your personal and financial information, and if you find that you have become a victim of a scam, report it to your local police department, to the Federal Trade Commission, and to the Internet Crime Complaint Center (IC3).

Posted by at No comments:

Tuesday, January 2, 2018

Opt-Out of People Search Databases

 
Data brokers - people search companies - gather information about individuals from a number of sources, and place that information into databases that they then make available on-line. The information is then available to anyone with an Internet connection, for free or perhaps for a small fee. The information in these databases may contain your name, home address, telephone number, e-mail address, date of birth or age, and the names of family members. Fee based databases often contain much more information than is available in the databases you can access for free; but even the free databases may contain more information than you want available to anyone with an Internet connection.

Some data brokers make it easy to remove your information from their publicly viewable databases, while other (less responsible?) companies make it very difficult for you to remove your personal information.

Below are the opt-out / removal links for several of these data brokers. If your threat model is concerned with protecting this type of personal information you should work through the opt-out procedures for each of these companies and remove as much of your personal information as possible from their on-line databases.

Address Search - https://www.addresssearch.com/remove-info.php
AnyWho - http://www.anywho.com/help/privacy
Been Verified - https://www.beenverified.com/faq/opt-out/
DOB Search - https://www.dobsearch.com (Select "Manage My Listing.)
Family Tree Now - http://www.familytreenow.com/optout
Fast People Search - https://www.fastpeoplesearch.com/removal
Go Lookup - https://golookup.com/support/optout
Info Tracer - https://members.infotracer.com/customer/terms?tab=optout
Intelius - https://www.intelius.com/optout.php
Instant Checkmate - https://www.instantcheckmate.com/optout/
John Doe - https://johndoe.com/optout_request
LexisNexis - http://www.lexisnexis.com/privacy/
LexisNexis (KnowX) - https://optout.lexisnexis.com/oo.jsp
Locate Family - https://www.locatefamily.com/removal.html
LookUp - http://www.lookup.com/optout.php
Nuwber - https://nuwber.com/removal/link
PeekYou - http://www.peekyou.com/about/contact/optout/
People Finder - http://www.peoplefinder.com/optout.php 
People Finders - https://www.peoplefinders.com/manage
People Looker - https://www.peoplelooker.com/f/optout/search
People Search Now - https://www.peoplesearchnow.com/opt-out
People Smart - https://www.peoplesmart.com/optout-go
Phone Detective - https://www.phonedetective.com/PD.aspx?_act=OptOutPolicy
Pipl - https://pipl.com/help/remove/ 
Private Eye - https://secure.privateeye.com/optout-form.pdf
Public Records Directory - https://publicrecords.directory/contact.php
Radaris - https://radaris.com/page/how-to-remove
Research.Com - https://www.research.com/people-search/opt-out
Search Bug - https://www.searchbug.com/help.aspx?WHAT=people
Spokeo - http://www.spokeo.com/opt_out/new
Truth Finder - https://www.truthfinder.com/opt-out/
US Identify - http://www.usidentify.com/company/privacy.html (See: Choice & Opt Out)
US Search - http://www.ussearch.com/privacylock
USA People Search - http://www.usa-people-search.com/manage/
Veromi - http://www.veromi.net/Help#26
White Pages - http://www.whitepages.com/suppression_requests
Whitepages Plus - https://whitepages.plus/remove
WP Numbershttp://wpnumbers.com/ (Click "Remove my information")
ZabaSearch - http://www.zabasearch.com/block_records/  

When opting-out of these databases, never provide them with more of your personal information than they already know. If they list your street address, don’t provide them your PO Box; and if they have an old telephone number listed, don’t provide your current number. If they require e-mail verification before removing your information from their databases, use a disposable e-mail address - never provide your personal / private e-mail. 

The above list is by no means exhaustive. There are other data brokers that have your information and may display that information on-line. So, why take the time to opt-out of these data brokers? The idea is to increase the effort that it takes for someone to find your personal information. The more databases from which you are able to remove your personal information, the more difficult it becomes for an adversary to obtain information about you.

Posted by at No comments:

Generating Random Passwords



People are not very good at generating randomness. Yet, for a password to be most secure it should be truly random. There are several password generators available on-line that will make secure passwords for you, and many password managers in which you store your passwords will also generate them for you.

If, however you want to generate a random password consisting of upper and lower-case letters, numbers, and symbols you can do so using a simple 6X6 grid and a single die. In one-half of each cell of your grid write out the upper-case letters of the of the alphabet and the numbers 0-9. In the other half of each cell, write the lower-case letters and ten symbols from your keyboard.

 
To generate a random password, roll a six-sided die three times. On the first roll just determine whether the number is odd or even. An odd number (1, 3, 5) indicates upper-case letters and numbers, and even number (2, 4, 6) indicates lower-case letters and symbols. Now roll the die twice more. The numbers 1-6 provide you coordinates on the grid to determine the letter, number, or symbol for your password. For example, in the grid above rolling 2-1-6 with your die would indicate a "f"; and rolling 3-4-4 would indicate a "V".

Continue rolling your die in this manner to generate as many random characters as necessary for your password. Because the roll of a die is random, and because the odds are exactly the same for any combination of numbers, your generated password will also be random.

The method of password generation is fairly slow, but it does provide you with a way to generate a random string of letters, numbers, and symbols when you don’t have access to a computer based password generator, or when you don’t want to trust the random number generator in your computer.

How long should my password be?

Password strength is based on entropy, or randomness of the password. Generally speaking a randomly generated password should have at least 60 bits of entropy to be considered secure, and 80 bits is even better. Using the method above each character generated has approximately 6 bits of entropy (E=log2(72)). So, a password should be at least 10 characters in length, with 14+ characters being preferred.

Diceware

Diceware is a way to generate random word groups (passphrases) that are easier to remember, but because of their length contain sufficient entropy to make them secure. Diceware is based on the principle that truly random selection of words from a wordlist, can result in easily memorable passwords that are also extremely resistant to attack.

While I prefer very long randomly generated passwords controlled by a password manager, there are still some passwords / passphrases that you must memorize - such as the passphrase granting access to your password manager. This is where using Diceware is an excellent tool for generating that passphrase.

In July 2016, the Electronic Frontier Foundation (EFF) updated the original Diceware wordlist.  Passphrases are generated in the same manner using the EFF list as when using the original Diceware list, but the EFF corrected some issues with the original list that had potential to generate errors.

Consider Diceware and the updated EFF wordlist when you need to generate a memorable random passphrase.


Posted by at No comments:

Monday, January 1, 2018

10 Security Guides to Start 2018


The Wired Guide to Digital Security

The Motherboard Guide to Not Getting Hacked

Jolly Roger's Security Guide for Beginners

Surveillance Self-Defense: Tips, Tools and How-To for Safer Online Communications

Security in a Box - Digital Security Tools and Tactics

Anti-Doxing Guide for Activists Facing Attacks from the Alt-Right

Online Security 101: Tips for Protecting Your Privacy from Hackers and Spies

66 Ways to Protect Your Privacy Right Now - Consumer Reports

The Ultimate Online Privacy Guide

101 Data Protection Tips: Keep Your Passwords, Financial & Personal Information Safe


Posted by at No comments:

Happy New Year 2018

 
Personal Security Resolutions for the New Year
 
Many people make resolutions for the New Year. The intent of these New Year resolutions is usually to make some improvement in their lives during the upcoming year. When making your resolutions for 2018, consider things that will improve personal privacy and security in your life. Some New Year Resolutions that you might want to make are:
 
I will learn at least one new thing every week to help me improve my personal privacy and security.
Read the following blogs during the New Year:

I will update all of my passwords and use a password manager to help secure my personal accounts.
Password managers worth considering include:

I will stop sending SMS/ Text messages and only use End-to-End Encrypted Message Apps. Some recommended messaging apps are:
 
I will use an encrypted e-mail service such as Proton Mail or Tutanota.
 
I will review a copy of my credit report. - You can get a free copy of your credit report from https://www.annualcreditreport.com/
 
I will add a Credit Freeze to each of my credit reports. - You can learn more about credit freezes from the Federal Trade Commission https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs
 
I will help protect my on-line activity by using a search engine that does not track me, and I will encrypt my on-line connections with https://
Browsers that do not track you:
Add HTTPS:// Everywhere to your browser
 
I will Start 2018 With A Clean Slate!
 

Have a Safe and Happy New Year
 
 

Posted by at No comments:

Sunday, December 31, 2017

Surveillance Detection

 
All training programs designed to protect individuals from becoming victims of terrorism recommend that people be alert to surveillance. This is excellent advice, but, unfortunately, in most instances it is insufficient, because people have had no training in detecting surveillance, and terrorist organizations are often relatively sophisticated in their surveillance methods. Detecting surveillance conducted by trained experts is not as easy as most Hollywood films would lead us to believe. Fortunately, however, the type of surveillance conducted by terrorist organizations is not normally as elaborate as that done by intelligence organizations nor does it involve as many people or as much equipment. Nevertheless, for people to have a reasonable chance at detecting most forms of surveillance they would have to be somewhat familiar with the techniques used.
 
The purpose of surveillance is to determine (1) the suitability of the potential target to attack, based upon the physical and procedural security precautions that the individual has taken, and (2) the most suitable time, location, and method of attack. This surveillance may last for days or weeks depending upon the length of time it takes the surveillants to obtain the information that they require. Naturally, the surveillance of a person who has set routines and who takes few precautions will take less time. The people undertaking the surveillance will often not take part in the attack, nor will the attack take place while surveillance is still in progress.
 
Before undertaking surveillance most experts gather information about the subject from other sources. Public records or information made available to the terrorist organization from a sympathetic individual within an organization, local police, or other government office may reveal useful facts about an individual such as the names of family members, an address, a description of vehicles and license numbers, photographs, etc. The surveillants will also make a reconnaissance of the neighborhood in which the target lives and works. This permits them to select positions of observation, the types of vehicles to use, the clothing to be worn, and the type of ruse to use that will give them an ordinary or normal appearance and plausible reasons to be in the area.
 
There are basically three forms of surveillance: foot, vehicle, and stationary (generally categorized as either mobile or static). A brief description of the most common techniques used for each of these forms and methods for detecting each one follows:
 
One or more individuals may undertake foot surveillance. One-person foot surveillance is rather complicated and fairly easy to detect. The surveillance must remain close to the target, particularly in congested areas, to avoid losing him or her. In less congested areas the surveillant can maintain a greater distance, but the lack of other pedestrians makes the surveillant that much more noticeable. The one complicating factor is the use of a disguise to make the surveillant look different (perhaps a uniform). One possible use of a disguise is a shopping bag or some other container for a change of clothes, particularly if the shopping bag is from a store not found in the area or the container somehow seems out of place. Where a disguise is suspected, pay particular attention to shoes and slacks or skirts. These items are less easily and, therefore, less commonly changed. In elevators, watch for people who seem to wait for you to push a button and then select a floor one flight above or below yours.
 
Two-person foot surveillance is more effective in that the second surveillant provides greater flexibility. Normally, one surveillant remains close to the target while the other stays at a greater distance. The second surveillant may follow the first on the same side of the street or travel on the opposite side. Periodically the two surveillants change position so that if the target spots one of them, that one will soon be out of sight, leading the target to think that he or she was mistaken. Obviously, spotting this form of surveillance is more complicated, but individuals who are alert to the people in their vicinity will eventually detect the same surveillant over a period of time.
 
Foot surveillance with three or more people uses the most sophisticated techniques and is the most difficult to spot. Generally, one surveillant remains behind the target close enough to respond to any sudden moves. A second surveillant remains behind the first on the same side of the street with the first surveillant in sight. A third surveillant travels on the opposite side of the street parallel with or just behind the target. In areas where the target has few paths to choose, one surveillant may walk in front of the target, where he or she is least likely to cause suspicion. The positions of the surveillants are frequently changed, most commonly at intersections. The surveillant directly behind the target may move to the opposite side of the street, while another surveillant moves in close behind the target. With the additional surveillants, any surveillant who feels that he or she has been observed may drop out of the formation. The use of this sophisticated technique requires that people be alert not only to those people behind them but also to those across the street and perhaps in front of them. If the same person is seen more than once over a certain distance, surveillance may be suspected even if that person is not continuously seen.
 
Common methods for detecting surveillance apply to all three forms of foot surveillance. The most effective are:
  • stopping abruptly and looking to the rear,
  • suddenly reversing your course,
  • stopping abruptly after turning a corner,
  • watching reflections in shop windows or other reflective surfaces,
  • entering a building and leaving immediately by another exit,
  • walking slowly and then rapidly at intervals,
  • dropping a piece of paper to see if anyone retrieves it,
  • boarding or exiting a bus or subway just before it starts, and
  • making sudden turns or walking around the block.
 
While taking these actions, watch for people who are taken by surprise, react inappropriately, suddenly change direction, or give a signal to someone else. Surveillants will not normally look directly at the target, but they may do so if they are surprised or unaware that you are observing them. It is important to understand however that these techniques for detecting surveillance can also indicate to those following you that you are aware of their presence.
 
Foot surveillance is often used in conjunction with vehicle surveillance since it is likely that the target will use a combination of foot and vehicle transportation. Vehicles used for surveillance are inconspicuous in appearance and of a subdued color. Frequently, the inside dome light is made inoperative so that it will not illuminate the interior of the car when the door is opened. Vehicles will have two or more people in them so that if the target parks his or her vehicle and walks away, the surveillance can be resumed on foot while the driver remains with the vehicle. While moving, the driver gives full attention to driving while the observer operates the radio, watches the target, and makes notes on the target's activities. Sometimes it will be necessary for surveillants to break traffic regulations to avoid losing you. If you see a vehicle run a red light, make an illegal U-turn, travel over the speed limit, or make dangerous or sudden lane changes in an apparent effort to keep up with you, you should, of course, be suspicious of that vehicle. The distance between a surveillance vehicle and the target will vary depending on the speed at which the vehicles are traveling and the amount of traffic. Surveillants will try to keep one or two vehicles between themselves and the target.
 
As with foot surveillance, vehicle surveillance may be undertaken using only one vehicle or using two or more vehicles. One-vehicle surveillance suffers from the same drawbacks as one-person foot surveillance. The target has to be kept in view at all times and followed by the same vehicle. Surveillants can try to overcome this advantage somewhat by changing seating arrangements within the vehicle; putting on and taking off hats, coats, and sunglasses; changing license plates; and turning off onto side streets and then turning back to resume the tail. This makes it necessary for a person suspecting surveillance to remember aspects of a following vehicle that cannot easily be changed such as the make, model, and color of the car and any body damage such as rust, dents, etc.
 
The use of two or more vehicles permits surveillance to switch positions or to drop out of the surveillance when necessary. One vehicle follows the target vehicle and directs other vehicles by radio. The other vehicle may follow behind the lead surveillance vehicle, precede the target vehicle, or travel on parallel roads. At intersections, the vehicle following directly behind the target vehicle will generally travel straight ahead while alerting all other vehicles of the direction in which the target vehicle has turned. Another vehicle in the formation will then take a position behind the target and become the lead vehicle, taking over the responsibility for giving instructions to other surveillants. The former lead vehicle then makes a U-turn or travels around the block to take up a new position ready to resume the lead vehicle position again when necessary.
 
People who have well established routines permit surveillants to use methods that are much more difficult to detect. If, for example, you leave the office at the same time each day and travel by the most direct route to your home or if you live in a remote area with a few or no alternate routes to your home, surveillants have no need to follow you all the way to your residence. An alternative method of surveillance in such situations is leading surveillance and progressive surveillance. In leading surveillance the surveillant travels in front of the target while the observer watches for turns. When the target turns, this is noted. The next day the surveillant makes a turn where the target did the previous day. Over a period of time the surveillants will discover the entire route to the residence while still driving in a position that creates much less suspicion. There are two forms of progressive surveillance. In the first form, surveillants are placed at intersections along the probable routes of the target. When the target makes a turn, this is noted and the position of the surveillants is adjusted to check the next intersection. Eventually, this method leads the surveillants to the residence. In the second form or progressive surveillance, a vehicle will follow the target for a short distance and then turn off. On successive days the surveillant picks up the target where he or she left off the previous day. Leading and progressive surveillance are extremely difficult to detect, but you should not give anyone the opportunity to use these methods.
 
The most effective methods for detecting most forms of vehicle surveillance are:
  • making a U-turn where it is safe to do so,
  • making a turn to the right or left (in general, left turns create greater complications for surveillants because of oncoming traffic that may delay a turn),
  • going through a traffic light just as it is turning red,
  • stopping just beyond a curve or hill, and
  • circling a block.
In each case, watch for the reactions of any vehicles that you may suspect. Any vehicles that make unusual maneuvers should be carefully noted. Do not forget to check for motorcycles or motorbikes, since in many parts of the world they seem to be favored by surveillants because they move easily through heavy traffic.
 
Stationary surveillance is commonly used by terrorist organizations. As mentioned earlier, most attacks take place near the residence or office because that part of the route is least easily varied. Most people are more vulnerable in the morning when departing for work, because morning departure times are more predictable than are evening arrivals.
 
Surveillants seek a position that permits them to observe the residence or office clearly without being observed or suspected. Surveillants want to identify observation points that afford the best view of the target. Foot and vehicular traffic, buildings and terrain around each government facility vary with each location. Pedestrian traffic, rush hour traffic flow, temporary street closure, etc. will affect observation points. If the surveillants decide that it is best not to be seen, they may obtain an apartment or rent office space in the area that provides for an adequate view, but such apartments or office space may not be available and the renting of an apartment or office space could provide clues for a subsequent investigation. The use of an apartment or office space for surveillance, while possibly the most difficult to detect, is generally not the easiest or safest method. Many surveillance teams use vans with windows in the side or back that permit observation from the interior of the van. Often the van will have the name of a store or utility company to provide some pretext for its being in the area. The driver may park the van and walk away, leaving the surveillance team inside. Some teams use automobiles for stationary surveillance, parking the vehicle far enough from the residence or office to be less noticeable, using other vehicles for cover, facing the vehicle away from the target, and using the rear view mirrors to watch.
 
Where it is not possible to watch the residence or office unobserved, surveillants must come up with a plausible reason for being in the area. The types of ruses used are limited only by the surveillant's imagination. Some of the more commonly used covers are automotive repairs due to engine trouble or a flat tire, door to door sales, utility repair crews, lovers in a park, walking a dog, construction work, or sitting at a café. Women and children are often used to give a greater appearance of innocence.
 
Some things to check for are parked vehicles with people in them, cars with more mirrors or mirrors that are larger than normal, people seen in the area more frequently than seems normal, people who are dressed inappropriately, and workers who seem to accomplish nothing.
 
If you become suspicious of a van, note any information printed on the side of the van, including telephone numbers. Check the telephone book to see if such a business exists. Note the license numbers of any suspicious vehicles and provide them to your security office so they can be checked. Make a habit of checking the neighborhood through a window before you go out each day.
 
Detecting surveillance requires a constant state of alertness and must become an unconscious habit. We do not want to encourage paranoia, but a good sense of what is normal and what is unusual in your surroundings could be more important than any other type of security precaution you take. Above all, do not hesitate to report any unusual events to the police. Many people who have been kidnapped realized afterwards that their suspicions had been well founded. If those suspicions had been reported, their ordeal might have been avoided.
 
Since surveillance attempts to determine the suitability of a potential target and the most opportune time for an attack, it is crucial to avoid predictability. Although the recommendation to vary routes and times of arrivals and departures has become trite, implementing it in one's daily schedule has proven to be effective in deterring sufficient terrorist planning. Varying times and routes apply to jogging, shopping and all activities where a pattern can develop.
 
The Federal Emergency Management Agency (FEMA) has a one-hour web-based course
IS-914: Surveillance Awareness: What You Can Do  that provides additional information about detecting surveillance.

Multi-jurisdictional Counterdrug Task Force Training (MCTFT) https://mctft.org offers an 8-hour Surveillance Operations Overview on-line course. This course will provide students with an understanding of the principles of basic surveillance techniques as they apply to the different types of surveillance performed by narcotic officers. During this presentation, the students will become acquainted with the various types and methods of surveillance, the purposes for conducting surveillance, the preparation of surveillance equipment, and the proper execution and documentation of surveillance operations. In the demonstration of basic surveillance techniques, the students will be shown how to apply the various principles discussed in class to actual surveillance situations, including a night time surveillance, via practical exercises and scenarios. (Enrollment in this course is limited to military and law enforcement personnel).
 
Other articles about surveillance that you may find of interest are:
 
Tradecraft: The Counter-Surveillance Route
 
Surveillance, Surveillance Detection And Counter Surveillance
 
Are You Being Followed? A Study in Counter-Surveillance
 
PSD Concepts: Introduction and Daily Routes
 
Surveillance Tradecraft: The Professional's Guide to Surveillance Training
 
This surveillance training book has been compiled as the ultimate guide and reference book for the surveillance operative. There is no other comparable book available in the world today in relation to covert surveillance training. This book will guide you through the process of carrying out covert surveillance whether you are on foot or by car, traveling by public transport or in a static rural or urban location. The book also teaches the aspects of digital photography using long range lenses and incorporates a large section on Surveillance Detection by Anti and Counter Surveillance methods.
 

Posted by at No comments:
Subscribe to: Posts (Atom)