Saturday, March 17, 2018

Facebook Data May Have Been Illicitly Exploited and It Started with a Quiz


The New York Times has reported, and Facebook has confirmed, that Cambridge Analytica, a political data firm that worked for the campaigns of Ted Cruz and then Donald Trump, acquired data from a company associated with Kogan on about 50 million Facebook users, without their permission.

And this is why we don't do Facebook quizzes...


Personal Alarms


A personal alarm serves two main purposes. It can frighten away an attacker, and it serves as a call for help - a signal to others that something is wrong. Personal alarms emit a blaring noise, which should be at least 120 dB to be most effective. Louder is better when it comes to personal alarms. This noise will panic or cause momentary confusion in an attacker, giving you enough opportunity to fight back or run away. However, personal alarms are not just for frightening away an attacker; if the user (such as a child) is lost and needs to be found, the personal alarm can be very effective in calling for someone's attention. A personal alarm is also an excellent device to use to alert other people during any kind of emergency.

While quite effective in deterring crime or a possible attack and in helping locate a lost loved one, a personal alarm may not always be effective in certain situations. In a remote area there may be no one to hear the alarm and come to your aid. It is also possible that a violent attacker could grab the alarm away from you and destroy it, or simply not be deterred by the noise. Even if others hear the alarm, there is no guarantee that they will come to your aid. How much attention do you pay to a car alarm going off in the parking lot?

Understanding the limitations of personal alarms (they are just loud noise makers), I believe that they are a valuable addition to one's security plan. Students on campus, shift workers who walk across a dark parking lot, or anyone else who may need to signal for help can benefit from carrying a personal alarm.

Personal alarms only cost a few dollars, which makes them affordable for almost anyone. Also, they are not weapons so they are legal to carry everywhere. But please keep in mind, that like any self-defense tool, a personal alarm is not magic. No matter how loud your alarm is, it does not put up some kind of magical force field that will protect you from all bad people in the world. They will however, catch most people by surprise and disorient them long enough to give you an opportunity to get away. And they will also attract attention to your situation even if you aren't able to scream for help.


Vigilant Personal Alarm

ZekPro Personal Alarm

Mace Portable Door / Multipurpose Alarm

DEA Drug Fact Sheets

 
You hear about drugs on TV and in the movies, on the radio, in books and magazines, on the Internet, and in daily conversation with friends and peers. Some of the information is accurate, but a lot of it is not.

Here are a few realities to consider:
  • You can’t predict the effect that a drug can have on you - especially if it’s the first time you try it, and even if it’s a small amount or dose. Everyone's brain and body chemistry are different. Everyone's tolerance for drugs is different.
  • Using drugs can lead to abuse, addiction, serious health problems, and even death.
  • Drugs that are legal - prescription and over-the counter (OTC) medications - can be just as dangerous as illegal drugs.
Find out as much as you can about illegal and legal drugs and their effects on your body and brain. The more informed you are, the more confidently you can make the right decision about drugs. Read DEA Drug Fact Sheets for the latest information on drugs of abuse.


Friday, March 16, 2018

Safety and Security for the Business Professional Traveling Abroad


"Corporate espionage is an increasingly serious threat for a business traveler. The perpetrator may be a competitor, opportunist, or foreign intelligence officer. In many countries, domestic corporations collect competitive intelligence with the help and support of their government. To mitigate this risk, your organization’s critical information and technologies should not reside on any hard copy or electronic device you take unless it is absolutely necessary, and if so, then you must safeguard the physical access to the information by using encryption and keeping the material on your person at all times. Hotel safes are not adequate protection." The FBI has published a safety and security awareness brochure that you can download here.

In October 2017, I discussed Foreign Travel here in my blog. I encourage you to read that post, and if traveling for business to further consider the risks that you may face when traveling abroad.

Kevin D. Murray has published an excellent awareness paper for business travelers, "The Top Twenty Information Security Tips for Business Travelers to Closed Society Countries". You can request a free copy of this paper from Mr. Murray's Counterespionage web-site.

Stanford University's IT Department published "Recommendations for Travelers to High Risk Countries" which offers good cyber-security recommendations for travelers.

The Electronic Frontier Foundation (EFF) published "Digital Privacy at the U.S. Border: Protecting the Data On Your Devices".

While adversaries can and do target your electronic devices, remember that they can also target you directly.

 
Elicitation, as described in the FBI brochure, is a common techniques used to gather information from business travelers. A similar brochure about Elicitation and Recruitment is available from the Defense Security Service.
 
The Counterintelligence Awareness and Security Brief provided by CDSE is worth reviewing prior to any foreign travel, and the Office of the Director of National Intelligence has prepared an 8-minute YouTube video, "Your Personal Information: Protecting it from Exploitation" intended to help build security awareness. The Foreign Travel Vulnerability brochure from the Defense Security Service should also be included as part of security awareness training when preparing to travel abroad.  
 
 

Rules for Living in Interesting Times


There is an ancient Chinese curse which says "may you live in interesting times, may you come to the attention of those in authority". These are certainly interesting times, thus - gathered from many sources - I present my rules for living in interesting times.

Download a PDF of my Rules for Living in Interesting Times from my Google Drive.


The Moscow Rules


During the Cold War, the CIA developed unwritten rules of engagement for their spies called the Moscow Rules. Moscow was the most dangerous and difficult destination for a spy so the spies had to have special training in clandestine operations. Although no one had written them down, they were the precepts we all understood... By the time they got to Moscow, everyone knew these rules. They were dead simple and full of common sense...

Although the Cold War is over, the Moscow Rules still provide a useful guideline for individuals living and working in a non-permissive environment. So, collected from various sources, I present you with the Moscow Rules:
  1. Assume nothing.
  2. Technology will always let you down.
  3. Whatever can go wrong, will go wrong, and at the worst possible moment.
  4. Never go against your gut.
  5. Always listen to your gut; it is your operational antennae.
  6. Everyone is potentially under opposition control.
  7. Don’t look back; you are never completely alone.
  8. Go with the flow; use the terrain.
  9. Take the natural break of traffic.
  10. Maintain a natural pace.
  11. Establish a distinctive and dynamic profile and pattern.
  12. Stay consistent over time.
  13. Vary your pattern and stay within your profile.
  14. Be non-threatening: keep them relaxed; mesmerize!
  15. Lull them into a sense of complacency.
  16. Know the opposition and their terrain intimately.
  17. Build in opportunity but use it sparingly.
  18. Don’t harass the opposition.
  19. Make sure they can't anticipate your destination.
  20. Pick the time and place for action.
  21. Any operation can be aborted; if it feels wrong, then it is wrong.
  22. Keep your options open.
  23. If your gut says to act, overwhelm their senses.
  24. Use misdirection, illusion, and deception.
  25. Hide small operative motions in larger non-threatening motions.
  26. Float like a butterfly; sting like bee.
  27. When free, "In Obscura", immediately change direction and leave the area.
  28. Break your trail and blend into the local scene.
  29. Execute a surveillance detection run designed to draw them out over time.
  30. Once is an accident; twice is a coincidence; three times is an enemy action.
  31. Avoid static lookouts; stay away from chokepoints where they can reacquire you.
  32. Select a meeting site so you can overlook the scene.
  33. Keep any asset separated from you by time and distance until it is time.
  34. If the asset has surveillance, then the operation has gone bad.
  35. Only approach the site when you are sure it is clean.
  36. After the meeting or act is done, "close the loop" at a logical cover destination.
  37. Be aware of surveillance’s time tolerance so they aren’t forced to raise an alert.
  38. If an alert is issued, they must pay a price and so must you.
  39. Let them believe they lost you; act innocent.
  40. There is no limit to a human being’s ability to rationalize the truth.

Thursday, March 15, 2018

Untangling the Web: The NSA Guide to Internet Research

 
In 2007, Robyn Winder and Charlie Speight wrote "Untangling the Web: An Introduction to Internet Research" for the National Security Agency (NSA).

"Untangling the Web" is the National Security Agency's guide to finding information on the internet. From the basic to the advanced, this 650-page book offers a fascinating look at tricks the "real spies" use to uncover hidden (and not-so-hidden) information on-line.

On April 19, 2013, the NSA approved this guide for public release. Although the book is now somewhat dated, it still offers may useful tips for on-line research. You can download a PDF copy of "Untangling The Web" from 'The Government Attic' or directly from NSA.Gov.

No Facebook or Twitter? You’re a Spy.


Bottom Line: A spy's tradecraft must constantly evolve because of the rapid changes of the digital age - especially the tools and skills required to maintain a legend, or cover identity. Virtual recordkeeping, modern surveillance technology and the vast amounts of a person's background accessible on open-source platforms such as social media are affecting intelligence operatives' ability to operate covertly overseas.

Background: One of the most fundamental needs for a spy is their legend, or a well-prepared but made-up or assumed identity, also known as cover. Legends allow intelligence officers unique access into companies, ministries and groups of interest where they can recruit agents, manipulate unwitting insiders, or observe, report and take direct action themselves.

Broadly speaking, intelligence officers operate under three forms of cover - diplomatic, official and nonofficial. Diplomatic cover - under which an intelligence officer takes on the face of a diplomat - is likely the most common, as it grants diplomatic immunity as an insurance policy if discovered. Official covers are disclosed to the host governments and those operating under them openly cooperate and liaise directly with intelligence services in allied countries, creating a backchannel for sensitive interactions. Nonofficial cover, also known as deep cover, includes assuming a made-up identity such as a business person or student. Those under nonofficial cover operate without the knowledge of the host government. If caught, they could face severe repercussions.

The full article is on The Cipher Brief.  I found this to be an interesting topic, and something that must be considered by anyone working in a covert or clandestine capacity. In addition to being a concern for intelligence operatives overseas, this is something that should also be considered by undercover police officers, and anyone else needing to establish a legend. A social media presence can support or destroy a cover, but we must also keep in mind what a complete lack of any social media presence says to someone looking at us.


Wednesday, March 14, 2018

Home Depot ordered to pay $27.84 million for customer privacy violations


According to an article in the Californian: Alameda County Superior Court has ordered Home Depot U.S.A., Inc. to pay $27.84 million to resolve allegations that the company... discarded records without rendering private customer information unreadable.

In the civil complaint filed in mid-February, prosecutors alleged that more than 300 Home Depot stores and distribution centers were... tossing documents with sensitive customer information into store trash bins...
--
While the initial investigation focused on environmental violations (sending batteries, solvents, etc. to landfills) there were also significant violations of customer's privacy by Home Depot.

This is a good example of the human factor in security, resulting in a compromise of sensitive information. While I doubt that Home Depot had malicious intent in discarding intact records containing private customer information, the fact is that it did happen.

When you provide your personal and financial information to a business you lose control of that information and there is no guarantee that the business will protect your personal information from loss or compromise.

I recommend always limiting the amount of information that you provide to a business, and using services such as Privacy.Com and Blur to provide yourself with an extra layer of financial privacy.

The Human Factor in Security


Information about individuals is used by businesses to provide customers with a huge array of targeted goods and personalized services that consumers have come to expect. However, if it lands in the wrong hands, this same information can result in harm to the very individuals it was meant to serve. The protection of an individual's personal information has business implications that extend beyond the privacy of any one individual. Private information relative to certain businesses and industries is protected by law. For example, the Health Insurance Portability and Accountability Act (HIPAA) laws protect private medical information. Many states have enacted their own laws, and the federal government is regulated by the Privacy Act of 1974. Legislatures are increasingly responding to calls for greater protection of private information, and stories of improper disclosures of large volumes of private information receive prominent media attention. At present, there is no broad, general federal law protecting the privacy of customer information; most protections are aimed at particular types of information (such as medical or student records, for example) or particular types of businesses (such as medical providers, banks, and financial services businesses, for example). Customers expect their information to be protected and businesses that recognize the need to make privacy part of their business strategy, are ahead of the game. Many companies have gone to great lengths to protect information using technological advances. However, the ability of a business to protect private information it collects as part of its business is only as strong as its weakest link - the human factor - something that technology just can't overcome.

We all make mistakes. We are only human, after all. Unfortunately, when it comes to cyber security, that’s also kind of the problem. The human factors in cyber security are perhaps the biggest challenge when building an effective threat prevention strategy.

Human error is the leading cause of data and security breaches. According to a 2014 article in Venture Beat: "95% of successful security attacks are the result of human error".  It was a person, lured by spear phishing, who opened the gates to the Democratic National Committee attack, as well as major hacks against Snapchat and the health care industry - to name a few examples of that human factor.

Socially engineered threats circumvent many cyber security systems by preying on human error. They use psychological manipulation to push users into performing an action or providing information. In the case of email attacks like phishing, this often involves clicking on an embedded link, downloading malware like ransomware or offering passwords and financial authorization.

In other cases, something as simple as a phone call can be used to collect your personal information.

This is how hackers hack you using simple social engineering (YouTube Video).


What can You Do?

If you run a business or organization that maintains personal information about individuals, it is essential that anyone with access to that information is receive regular training on how to safeguard this information, and the tactics that criminals may use to attempts to access it (i.e. Social Engineering).

Put steps in place to alert users to the possibility of social engineering whenever they access sensitive information and limit the amount of information that employees can access to the minimum amount required to do their jobs. 

Warn employees against making these common mistakes:
  • Discussing sensitive information with "clients" without verifying their identity
  • Failing to report a lost smartphone, tablet or laptop
  • Leaving documents containing sensitive information on desks
  • Using (and losing) unencrypted USB drives
  • Sending unsecure emails
  • Sharing passwords
  • Using the same password for all apps
  • Using obvious passwords (i.e. "Password", birth date, child’s name, "123abc", etc.)
  • Storing passwords within reach of the computer
  • Failing to report suspected illegal activity

As an individual, it is important to limit the amount of information that you provide to any business or organization. If you are told that your personal information is ‘required’ be sure you understand why it is needed, how it will be used, and what will be done to protect it from loss or compromise.
  • Don’t give out your personal information over the telephone. This is especially true if you did not initiate the call.
  • Be aware of phishing, vishing, and other attacks designed to gather your personal information.
  • Never click on links in unsolicited / unverified e-mail.
  • Use strong passwords and 2-Factor Authentication on all of your accounts.
  • Safeguard Your Social Security Number
  • Make sure that all of your personal communication is encrypted, using end-to-end encryption.

We will probably never eliminate human factors as weaknesses in security, but by being aware of these weaknesses and taking steps to address them we become that much more of a hard target.



Tuesday, March 13, 2018

Routine Work Environment Stress and PTSD Symptoms in Police Officers


A study by the National Institutes of Health (NIH)  examined the relationship between routine work environment stress and posttraumatic stress disorder (PTSD) symptoms in a sample of police officers (N = 180) who were first assessed during academy training and reassessed 1-year later. In a model that included gender, ethnicity, traumatic exposure prior to entering the academy, current negative life events, and critical incident exposure over the last year, routine work environment stress was most strongly associated with PTSD symptoms. NIH also found that routine work environment stress mediated the relationship between critical incident exposure and PTSD symptoms and between current negative life events and PTSD symptoms. Ensuring that the work environment is functioning optimally protects against the effects of duty-related critical incidents and negative life events outside police service.

Police service is an inherently stressful occupation, which often results in both physical (e.g., cardiovascular, gastrointestinal, musculoskeletal problems) and psychological symptoms (increased depression, anxiety, posttraumatic stress disorder; e.g.). The very nature of police work includes regular and on-going exposure to confrontation, violence, and potential harm. Exposure to potentially traumatic experiences on a regular basis sets the stage for a series of mental health complications, including posttraumatic stress disorder (PTSD).

Cumulative PTSD can be even more dangerous than PTSD caused from a single traumatic event, largely because cumulative PTSD is more likely to go unnoticed and untreated. When a catastrophic event occurs, such as an officer-involved shooting, most departments have policies and professionals to help an officer address and deal with the aftermath of an event. However, the build-up of events that arise throughout an officer’s career generally do not warrant such specialized attention. As a result, an officer with cumulative PTSD is less likely to receive treatment. (PoliceOne, April 3, 2017)

Why do some cops get PTSD when others don't? That depends on a lot of factors, internal and external to the officer. How well or poorly the officer copes with stress, what else is happening in her life, how many other unprocessed traumas he has, does she have a concurrent condition like depression or substance abuse?  And then there are the external factors, often involving betrayal, slanted media reporting, rejection by the community and lack of support from the officer's agency. (Psychology Today, June 26, 2017)

Symptoms of Posttraumatic Stress Disorder

The symptoms of PTSD are essentially similar whether the cause is a single event or long-term exposure to on-going stress, and they can include the following problems:
  • Sleeplessness
  • Nightmares
  • Difficulty managing emotions
  • Uncharacteristic temper that possibly leads to abuse
  • Substance abuse and addiction
  • Flashbacks
  • Depression
  • Difficulty concentrating
  • Suicidal thoughts and actions

FBI Arrests CEO of Phantom Secure


According to a 2016 article on Engadget: BlackBerry smartphones have secure messaging as a matter of course, but for some that isn't enough: there are custom models that are even more secure thanks to PGP-encrypted mail. However, it seems that these locked down models aren't quite as safe as you'd think. The Netherlands Forensic Institute has confirmed a recent report that it's capable of scooping up encrypted data from PGP-equipped BlackBerry devices. It's not discussing the exact techniques involved, but it's relying on a tool from CelleBrite to get the job done. One possibility is that investigators are guessing the password based on a memory dump, although that normally requires yanking a memory chip off the phone's motherboard.

If it's any consolation, police need physical access to crack these BlackBerrys. Their methods also aren't completely reliable (a small batch couldn't be cracked), and it's uncertain that this will work with every single PGP implementation.

Yet, March 10, 2018 articles on Yahoo Finance and Motherboard stated that " the FBI arrested Vincent Ramos, the founder of the well-established phone mod seller Phantom Secure, for allegedly aiding criminal organizations that include the Sinaloa drug cartel. The company altered BlackBerry and Android devices to disable common features (including the camera and web browsing) while adding Pretty Good Privacy for encrypted conversations."  "The heavily redacted complaint, written by FBI Special Agent Nicholas Cheviron, alleges that even members of the notorious Sinaloa drug cartel used Phantom’s devices, and that the "upper echelon members" of transnational criminal groups have bought Phantom phones. A second source also familiar with the secure phone industry told Motherboard that the devices have been sold in Mexico, Cuba, and Venezuela, as well as to the Hells Angels gang. Cheviron estimates that 20,000 Phantom devices are in use worldwide, with around half of those in Australia; bringing in tens of millions of dollars of revenue to Phantom.

From the complaint filed:

According to PHANTOM own marketing materials and confirmed by our investigation, that of our foreign law enforcement partners, and my personal experience with the devices, I know that PHANTOM SECURE devices are dedicated data devices housed inside a BlackBerry handset. PHANTOM SECURE purchases BlackBerry handsets from Blackberry Limited and other Blackberry re-sellers.

Whereas the standard BlackBerry handset is sold to the public with all the customary smartphone functionalities, PHANTOM marketing materials state that when PHANTOM SECURE receives the BlackBerry handsets, its technical team removes the hardware and software responsible for all external architecture, including voice communication, microphone, GPS navigation, camera, Internet, and Messenger service.

PHANTOM SECURE then installs Pretty Good Privacy software and Advanced Standard on top of an email program, which it routes through servers located in countries, such as Panama and Hong Kong, believed by PHANTOM SECURE to be uncooperative with law enforcement. According to PHANTOM marketing materials, there are several advantages of having our servers and a portion of our business located in Panama, including the fact that Panama does not cooperate with any other country's.

Monday, March 12, 2018

Firearms Murders in the USA in 2016


According to the Center for Disease Control (CDC) there were 38,551 firearms related deaths in the United States in 2016. The Federal Bureau of Investigation (FBI) identified 11,004 (28.54%) of those firearms related deaths in 2016 as murders. 

The American Foundation for Suicide Prevention reported that in 2016, firearms were used to commit suicide 22,938 times. The Washington Post's Fatal Force Database  reported that 963 people were shot and killed by police in 2016. The remaining 3,646 firearms deaths in 2016 may be attributed to other factors such as accidents, and justifiable shooting (self-defense).

While an exact number of gang related murders was not yet available for 2016, the National Gang Center's  previous years' "findings suggest that gangs were involved in approximately 15 percent of all homicides, underscoring the considerable overlap between gang activity and violent crime." If we accept the 15 percent estimate for 2016, the there were 1,651 gang related murders during that year. According to the National Institute of Justice "nearly all gang-related homicides involved guns (95 percent)". The National Gang Center  also looking at previous years' statistics has stated "In a typical year in the so-called "gang capitals" of Chicago and Los Angeles, around half of all homicides are gang-related; these two cities alone accounted for approximately one in four gang homicides..."

According to the FBI, "Some 33,000 violent street gangs, motorcycle gangs, and prison gangs with about 1.4 million members are criminally active in the U.S. and Puerto Rico today. Many are sophisticated and well organized; all use violence to control neighborhoods and boost their illegal money-making activities, which include robbery, drug and gun trafficking, prostitution and human trafficking, and fraud." 

The state with the most firearms murders in 2016 was California with 1,368 murders reported by the FBI UCR. Illinois had 799 firearms related murders in 2016, with 762 of those murders occurring in Chicago.

The United States population in 2016 was approximately 323-Million. With 11,004 firearms related murders in the United States in 2016, the firearms murder rate is expressed as a number as 0.00003407, or 3.4 per 100,000.

According to the National Vital Statistics Report, Volume 66, Number 5 (November 27, 2017) "Deaths: Leading Causes for 2015" of the 113 selected causes of death in the United States, "Assault (homicide) by discharge of firearms" was 107th. "Intentional self-harm (suicide) by discharge of firearms." was 105th out of 113 leading causes of death. It should be noted that most of the entries on the list do not involve intentional killing. Most causes of death referenced by the CDC involve some form of medical malady.

A chart from the FiveThirtyEight web-site shows shootings statistics from major US cities.

 
Shootings (as opposed to murders) are a better method of tracking firearm related crime, but unfortunately nationwide data is not available in the UCR shootings as it is for firearms related murders.

These are some of the firearms related statistics for 2016. But, I caution against drawing statistical based conclusions to firearms problems without considering other factors. For example, in 2016 there were 412,459 full-time law enforcement officers in the United States, and 963 people were shot and killed by police during that year. The FBI estimates there are approximately 1.4-Million gang members in the United States and National Gang Center statistics show around 1,651 gang related murders in 2016. Based on the statistic alone, you are more likely to be shot and killed by a police officer than by a criminal gang member. This of course does not take into account that police officers are acting to defend their communities from violent criminals, while gang members are committing the crime of murder.

Addressing criminal gun violence is important, but calling for bans and restrictions based on statistics alone does not seem to be the answer. The city of Chicago has very strict firearms controls, but there were 4,376 shootings in that city in 2016. California has the strongest gun control laws in the United States, but also had the greatest number of firearms related murders in 2016.

Based on the National Crime Victimization Survey (NCVS), the annual number of self-defense gun uses in the United States is around 100,000 per year. Researchers generally view these estimates as more reliable because the NCVS includes a much larger sample size and it surveys the same households multiple times, which ensures that people are recalling events more accurately.

Having a firearm and being able to use it in a defensive situation is the most effective means of avoiding injury (more so even than offering no resistance) and thwarting completion of violent crime, such as robbery or assault. In general, resisting violent crime is far more likely to help than to hurt.



Detecting a Concealed Weapon - Not Easy!



Detecting a concealed weapon or threat is not easy, even for experienced police officers.

Terrorist attacks and bombings at concerts, sporting events and airports underscore the need for accurate and reliable threat detection. However, the likelihood of a police officer identifying someone concealing a gun or bomb is only slightly better than chance, according to research conducted at Iowa State University (ISU) (August 2017).

It is clear that existing threat detection techniques are not working. The ISU study points to a recent report from the U.S. Government Accountability Office that found indicators the Transportation Security Administration is using are ineffective at detecting airport security threats.

ISU researchers say there is no definitive cue of concealment, and several variables can complicate the issue.

One of the most important concepts of visual weapons screening is behavior clusters. For example, an individual who fails to swing his right arm may be armed and trying to avoid hitting his elbow on the weapon. But an individual who adjusts something under his clothing above the waistline, looks around very nervously and then walks away while not swinging his right arm when he spots an officer watching him is far more likely to be armed. The totality of circumstances will dictate the degree of likelihood of an individual being armed.

The following graphic shows some tips for spotting a hidden handgun that were published by Det. Robert Gallagher, NYC Police Department.

 
While the above tips from Det. Gallagher are valid, they are really only useful for spotting people who are either uncomfortable with a weapon or who are carrying it improperly. Most quality holsters that are designed to be concealed are very difficult to spot, and the people using them are used to carrying, and won't display the behavior and obvious tells shown above.
 
It is also important to note that carrying a concealed weapon (handgun) is legal in most states, which have laws requiring that they issue a conceal carry permit to any resident not specifically prohibited from possessing a firearm. See more about concealed carry on the Handgun Law web-site.

 


Sunday, March 11, 2018

Slam-Fire Guns


I previously discussed Ghost Guns, firearms that are built from parts and starting with an "80%" unfinished lower receiver. While this allows you to build a fully-functional modern firearm, some basic machining skill is required.

But, building a basic functional firearm can be accomplished using only simple tools, and requiring no real skill at machining. The most basic firearm you can build is a slam-fire shotgun.

It is also possible to build a functional handgun in your home workshop.


The following YouTube videos discuss the construction of these simple firearms.

Talon 12 Gauge Home Made Slam-Fire Shotgun

World's Simplest Homemade Pistol...the GB-22!

Homemade Gun: The GB-380

Apocalypse Hardware Store Gun Build!

The point we may draw from this is that outlawing firearms does not mean that firearms will simply disappear. If someone wants a firearm, there is always a way to get one.

Ghost Guns


A "ghost gun" is a firearm that you build yourself - usually from an 80% kit - that doesn’t have a serial number and isn’t registered in any system of government records. 

Is this legal? Can I just build a firearm at home? According to the Bureau of Alcohol, Tobacco, and Firearms (BATF) web-site:

Q: Does an individual need a license to make a firearm for personal use?

A: No, a license is not required to make a firearm solely for personal use. However, a license is required to manufacture firearms for sale or distribution. The law prohibits a person from assembling a non-sporting semiautomatic rifle or shotgun from 10 or more imported parts, as well as firearms that cannot be detected by metal detectors or x-ray machines. In addition, the making of an NFA firearm requires a tax payment and advance approval by ATF.

So, while you would need a license to build firearms for others, if you are building a firearm for your own personal use, this is not regulated by the BATF. It is perfectly legal to build a firearm at home.

Most firearms parts and accessories can be purchased by anyone. The regulated portion of the firearm is the lower receiver. When this portion of a firearm is more than 80% complete, it is defined by the BATF as being a firearm in an of itself.

When the lower receiver is less than 80% complete it is not consider a firearm and can like other firearms parts be purchased by anyone. There are companies that specialize in selling 80% lower parts and kits. (Note that 80% is not specifically defined under the law. See video at the end of this post discussing the law.)  Some of these companies include:
But even major firearms parts distributers such as Brownells sells 80% lower receivers.

The most basic part for an 80% lower receiver kit is just the un-milled lower receiver itself.
Although you can also buy 80% kits that include additional parts for assembling the other parts of the firearm.
Is it difficult to build a “ghost gun” from these 80% lower kits? Well, you aren’t going to be able to build a functioning firearm in your basement with just a hand-drill and a hammer, but with the right tools and a little bit of skill it’s not that hard to do.

Defense Distributed sells a CNC Mill for around $1,700 (March 2018) that is specifically designed for finishing 80% lower receivers. You could buy a bench-top drill and mill machine from Harbor Freight for around $700 (March 2018) that would also work for finishing your 80% lower receivers.

Security Concerns?

Yes, it’s possible (and legal) to build a firearm for personal use. Doesn’t this mean that convicted felons and mentally unstable people who are prohibited from owning firearms can now get one? If you listen to some news channels ghost guns are going to kill us all.


It is far more likely that a person who can’t legally buy a firearm would just steal one instead of taking the time and developing the skill to build one from scratch.

If you own an AR-15 style rifle, go disassemble it. Don’t just field-strip it but take apart the trigger group. Break it down to every spring, screw, nut, and clip. Now put it back together. Some of you will be able to do this easily, but many firearm owners don’t have this level of skill and knowledge about their firearm – but this is the level of skill you will need (plus basic machining skills) to build a firearm from an 80% lower.

Building firearms from 80% lower receiver kits and parts is something that is done by firearms hobbyists and gunsmiths – people who can legally purchase a finished version the same type of firearm they are building. 

There are cases where a person prohibited from owning a firearm has built one and carried out a crime with that firearm, but these cases are extremely rare. If a criminal wants to obtain a firearm he can probably do so, but building that firearm from kits and parts is not likely to be the way he does it.

The other concern with firearms built from kits and parts is that they don’t have serial numbers and are not registered with the government. But then we should probably ask ourselves why the government needs a list of law abiding firearms owners and the type of firearms they own?

80% Lowers & the Law: Combating the "Ghost Gun" Agenda - by: Attorney Alex Kincaid