Saturday, March 31, 2018
The FBI's Secret Rules
According to The Intercept...
After the famous Church Committee hearings in the 1970s exposed the FBI’s wild overreach, reforms were enacted to protect civil liberties. But in recent years, the bureau has substantially revised those rules with very little public scrutiny. That’s why the Intercept is publishing this special package of articles based on three internal FBI manuals that they exclusively obtained.
These stories illuminate how the FBI views its authority to assess terrorism suspects, recruit informants, spy on university organizations, infiltrate online chat rooms, peer through the walls of private homes, and more.
In addition to the articles collected here - which include nine new pieces and two that they previously published based on the same source material - The Intercept has annotated the manuals to highlight what they found most newsworthy in them. They redacted the sections that could be used to identify individuals or systems for the purpose of causing harm. They’re presenting the stories alongside the manuals because we believe the public has a right to know how the U.S. government’s leading domestic law enforcement agency understands and wields its enormous power.
--
After NSA whistleblower Edward Snowden came forward with revelations of mass surveillance in 2013, journalists Glenn Greenwald, Laura Poitras, and Jeremy Scahill decided to found a new media organization dedicated to the kind of reporting those disclosures required: fearless, adversarial journalism. They called it The Intercept.
Today, The Intercept is an award-winning news organization that covers national security, politics, civil liberties, the environment, international affairs, technology, criminal justice, the media, and more.
YubiKey
YubiKey is a hardware authentication device manufactured by Yubico that supports one-time passwords, public key encryption and authentication, and the Universal 2nd Factor (U2F) protocol developed by the FIDO Alliance (FIDO U2F). It allows users to securely log into their accounts by emitting one-time passwords or using a FIDO-based public/private key pair generated by the device. YubiKey also allows for storing static passwords for use at sites that do not support one-time passwords.
There are several services that integrate with YubiKey. I use YubiKeys to secure log-on to my laptop, protect my password manager, and safeguard some on-line accounts. By using YubiKey as part of my security, an adversary now not only would need to crack my passwords, but would also need to gain physical access to my YubiKey in order to access my computer or on-line accounts.
Google's Advanced Protection Program uses YubiKey to provide "Google’s strongest security for those who need it most." . A list of other services where you can use your YubiKey can be seen here: Services that Integrate with the YubiKey.
You can purchase YubiKey for several sources, including Amazon.
YubiKey 4
YubiKey NEO
YubiKey 4 Nano
FIDO U2F Security Key
Widow of Shooter in Pulse Nightclub Terrorist Attack - Not Guilty!
Widow of Orlando nightclub shooter found not guilty of charges she aided in the massacre.
The acquittal by a federal jury of Noor Salman, the widow of the man who gunned down dozens of people at the Pulse nightclub two years ago, handed federal prosecutors on Friday the rarest of defeats: a loss in a terrorism case.
The outcome was even more striking because the not-guilty verdict came from jurors in Orlando, Fla., where Omar Mateen’s rampage left 49 people dead and 53 others injured, the worst terrorist attack on American soil since Sept. 11, 2001. (New York Times, March 30, 2018)
--
Salman, 31, was arrested in January 2017, months after her husband, Omar Mateen, killed 49 people and injured more than 50 others when he opened fire at Pulse the previous June. Police responding to the attack killed Mateen.
Prosecutors said Salman aided Mateen ahead of his killing spree, then lied to the FBI in an attempt to thwart the investigation.
Jurors began deliberating Wednesday afternoon before returning with a verdict Friday morning.
U.S. Will Require Visa Applicants to Submit Five Years of Social Media Details
The State Department wants to require all U.S. visa applicants to submit their social media usernames, previous email addresses and phone numbers, vastly expanding the Trump administration’s enhanced vetting of potential immigrants and visitors.
In documents published in Friday’s Federal Register, the department said it wants the public to comment on the proposed new requirements, which will affect nearly 15 million foreigners who apply for visas to enter the U.S. each year. Previously, social media, email and phone number histories were only sought from applicants identified for extra scrutiny, such as those who have traveled to areas controlled by terrorist organizations. An estimated 65,000 people per year are in that category.
The new rules would apply to virtually all applicants for immigrant and non-immigrant visas. The department estimates it would affect 710,000 immigrant visa applicants and 14 million non-immigrant visa applicants, including those who want to come to the U.S. for business or education, according to the documents. (Time, March 30, 2018)
Friday, March 30, 2018
Deloitte - Cyber Security Evolved Video
In less than 5 minutes you can experience the speed and intensity of a cyber attack. Today companies can defend themselves, taking control of the situation - effectively fighting back.
Are you prepared?
Watch the Deloitte video on YouTube.
Video with closed captions - English subtitles.
Skype Now Has End-to-End Encrypted "Private Conversations"
In January 2018, Microsoft announced that Skype will offer end-to-end encryption for audio calls, text, and multimedia messages through a feature called Private Conversations. Skype will use the robust, open-source Signal Protocol to implement the encryption, which is set up so that only the devices sending and receiving communications in a conversation can hear or view them.
After Microsoft purchased Skype in 2010, observers noticed changes in its architecture, and people began to move away from Skype over concerns that it may allow third-party and government wiretap surveillance.
Private Conversations makes that sort of snooping impossible. Currently only Skype Insiders can use the service as part of a beta test before it rolls out more broadly. If you want to participate in the beta test and start using Skype with end-to-end encryption now, download "Skye Preview" This works the same as the standard version of Skype, but includes the encryption beta test.
Skype end-to-end encryption isn't on by default; you initiate it by selecting "New Private Conversation" from Skype's "Compose" menu, or from another user's profile. This sends a Private Conversation invitation to the user you selected. If the user accepts the invitation Skype creates an end-to-end encrypted connection between the two devices.
Invitations to chat only last for seven days, after that they expire and need to be re-sent. Each Private Conversation is also limited to the device it started on, so if you want to chat privately on your computer and phone you’ll have to send two separate invitations to the same person. Skype blocks the text of these encrypted conversations from showing up in your notifications as well, for an extra layer of protection.
When you’re ready to end your conversation you have two options. You can delete the chat by right-clicking your mouse (or holding down, if you’re using a smartphone) and then selecting "Delete chat." This won’t delete the encrypted connection, so you can pick up the encrypted conversation again later.
If you really want to end your discussion and delete the encrypted connection, you need to go to the chat header and then scroll down to "End Private Conversation." Once you do that, you’ll need to send a new invitation to start things up again.
Even with Private Conversations turned on, Skype will still be able to access some information about your communications, like when they occur, and how long they last. You will have to decide if you trust Microsoft with your metadata, but that’s a decision you have to make with every encrypted communications service.
I also note that with Microsoft's undated Terms of Service (TOS), effective May 1, 2018, they have stated that they may examine private files and conversations that potentially breach the TOS if they receive a complaint from someone, be those private conversations a Skype chat or an email, etc. The fact that Microsoft can review your private conversations means that the standard encryption (non end-to-end encryption) used in Skype is not secure. Microsoft holds the encryption keys and can thus decrypt and read your private conversations - and presumably turn those conversations over to other agencies.
I have been using Skype end-to-end encryption and like it when it works, but find that it can still be a little bit buggy when generating the Private Conversation invitation. You may have to try a few times to get the invitation to go through, but once the end-to-end encryption channel is established, it works without any problem.
So, do I recommend switching to Skye Private Conversations as your primary means of on-line communication? No, absolutely not, this is still a beta test and requires more review, but if you are currently using Skype anyway, take advantage of the end-to-end encrypted Private Conversations to enhance the security of your communication and help bring this into Skype as a standard feature.
What the @#$%&!? Microsoft Bans Nudity, Swearing in Skype, E-mails, etc.
The Register UK reports that Microsoft has updated its terms of service (TOS) to ban nudity, swearing in Skype, emails, and Office 365 docs. Microsoft has advised customers that offensive language on Skype, in an Outlook.com email, or in an Office 365 Word document is a potentially account-closing offense under its updated terms of use.
The new TOS agreement, which comes into effect on May 1, 2018, now includes the following code-of-conduct item:
** Don’t publicly display or use the Services to share inappropriate content or material (involving, for example, nudity, bestiality, pornography, offensive language, graphic violence, or criminal activity). **
** If you violate these Terms, we may stop providing Services to you or we may close your Microsoft account. We may also block delivery of a communication (like email, file sharing or instant message) to or from the Services in an effort to enforce these Terms or we may remove or refuse to publish Your Content for any reason. When investigating alleged violations of these Terms, Microsoft reserves the right to review Your Content in order to resolve the issue. However, we cannot monitor the entire Services and make no attempt to do so. **
Microsoft told The Register it does not listen to Skype calls, which is good to know. But Microsoft added that it may examine private files and conversations that potentially breach the code-of-conduct if they receive a complaint from someone, be it a Skype chat or an e-mail, etc.
We understand the legalese in the updated TOS needs to be broad so that Microsoft bods can step in when there’s genuine abuse or harassment being thrown around on its services.
But the new agreement is problematic because it hints at far broader and frankly creepy interventions involving rifling through people's private files, if someone is upset at another user. Which in light of recent revelations about abuse of personal data on the internet, just isn’t a good look no matter that the agreement was probably drafted with good intentions.
--
The fact that Microsoft "may examine private files and conversations" in Skype, e-mail, and Office 365 documents clearly shows that these services are NOT secure and should never be used to transmit or store sensitive information.
Thursday, March 29, 2018
Tech Support Fraud Alert
The Internet Crime Complaint Center (IC3) has released an alert on tech support fraud. Tech support fraud involves criminals claiming to provide technical support to fix problems that don't exist. Their methods include placing calls, sending pop-ups, engaging misleading lock screens, and sending emails to entice users to accept fraudulent tech support services. Users should not give control of their computers or mobile devices to any stranger offering to fix problems.
What Is Security Culture?
In February 2018, I discussed some of the resources used by Anarchists, Activists, and Saboteurs.
Another source, recommended by a reader, is the Puget Sound Anarchists web-site.
Of particular interest is their guide What Is Security Culture? The guide is available as a PDF file, and is read on YouTube.
While I do not support anarchists' actions, some of their ideas on maintaining a security culture are applicable to other communities and other ways of living; and some of their ideas are reflected in the platform of the Libertarian Party | Minimum Government. Maximum Freedom.
Good security culture is one of the first and most important things a serious activist should learn. The idea is to minimize the effects of infiltration, disruption, and surveillance through practices that help keep activists, groups, and networks safer. Importantly, it helps political activists prevent paranoia and dispels the unfortunate idea that they should just give up any effort to maintain confidentiality against State and corporate surveillance.
Although previously mentioned, a reader also recommended RATS, by Claire Wolfe.
I note that Claire has a new book scheduled to be released on Amazon Kindle on April 19, 2018: Basics of Resistance: The Practical Freedomista, Book I. The Kindle book is only 99 cents if pre-ordered between now and April 19th. After that the cost will be $3.50-ish.
US Secret Service Study Ties Mass Shootings to Mental Illness
According to a report in USA Today (March 29, 2018) - A striking number of suspects linked to violent attacks in schools and other public places last year were stalked by symptoms of mental illness and nearly half were motivated by real or perceived personal grievances, a new Secret Service report has found.
An examination of 28 attacks, which claimed nearly 150 lives and wounded hundreds of others - from Orlando to Las Vegas - also found that more than three-quarters of the assailants engaged in suspicious communications or conduct that raised concerns from others in advance of the assaults, according to the report due for release Thursday, March 29, 2018.
In the new report, authorities found that 64% of suspects suffered from symptoms of mental illness. And in 25% of the cases, attackers had been "hospitalized or prescribed psychiatric medications" prior to the assaults.
This new report builds on a lengthy, prior examination issued by the agency in 2015, which found that more than half of suspects involved in 43 attacks targeting government facilities or federal officials between 2001 and 2013 suffered symptoms of mental illness, including paranoia, delusions and suicidal thoughts.
Russian Consulate in Seattle - Closed
The Trump administration expelled 60 Russian diplomats on Monday and ordered Russia's consulate in Seattle to close. All consulate staff must be gone by Friday, March 30, 2018.
Senior Trump administration officials said all 60 Russians were spies working in the U.S. under diplomatic cover, including a dozen at Russia's mission to the United Nations. The officials said the administration was taking the action to send a message to Russia's leaders about the "unacceptably high" number of Russian intelligence operatives in the U.S.
They added that the Seattle consulate is a counterintelligence concern because of its proximity to Naval Base Kitsap, as well as Boeing's operations.
The Russian diplomatic mission in Seattle consisted of 7 officials, 42 people all together with family members in total.
The decision to close the Consulate General of the Russian Federation in Seattle and expel 60 Russian diplomats including about ten Russian permanent representatives to the UN, was taken by the US Presidential Administration in response to the poisoning of a former GRU officer Sergei Skripal in the English city of Salisbury on March 4, 2018.
Read more in the Seattle Times article: "Russian spies in Seattle: Black ops, Soviet subs and counter intel in the Pacific Northwest".
Firefox Extension Can Prevent Facebook From Tracking You Around The Web
Firefox Extension Can Prevent Facebook From Tracking You Around The Web
Mozilla, the company behind the popular web browser Firefox, has released a new tool designed to boost user privacy and protect against invasive tracking by Facebook.
Specifically, it prevents Facebook from tracking your visits to other websites by deleting your Facebook cookies and logging you out of Facebook. The next time you navigate to Facebook it will load in a special blue browser tab (this is the "Container").
Facebook Container isolates your Facebook activity from the rest of your web activity in order to prevent Facebook from tracking you outside of the Facebook website via third party cookies.
What does it do?
Facebook Container works by isolating your Facebook identity into a separate container that makes it harder for Facebook to track your visits to other websites with third-party cookies.
How does it work?
Installing this extension deletes your Facebook cookies and logs you out of Facebook.
The next time you navigate to Facebook it will load in a new blue colored browser tab (the “Container”).
You can log in and use Facebook normally when in the Facebook Container. If you click on a non-Facebook link or navigate to a non-Facebook website in the URL bar, these pages will load outside of the container.
Clicking Facebook Share buttons on other browser tabs will load them within the Facebook Container. You should know that using these buttons passes information to Facebook about the website that you shared from.
Which website features will not function?
Because you will be logged into Facebook only in the Container, embedded Facebook comments and Like buttons in tabs outside the Facebook Container will not work. This prevents Facebook from associating information about your activity on websites outside of Facebook to your Facebook identity.
In addition, websites that allow you to create an account or log in using your Facebook credentials will generally not work properly. Because this extension is designed to separate Facebook use from use of other websites, this behavior is expected.
What does Facebook Container NOT protect against?
It is important to know that this extension doesn’t prevent Facebook from mishandling the data that it already has, or permitted others to obtain, about you. Facebook still will have access to everything that you do while you are on Facebook.com, including your Facebook comments, photo uploads, likes, any data you share with Facebook connected apps, etc.
Rather than stop using a service you find valuable, we think you should have tools to limit what data others can obtain. This extension focuses on limiting Facebook tracking, but other ad networks may try to correlate your Facebook activities with your regular browsing. In addition to this extension, you can change your Facebook settings, use Private Browsing, enable Tracking Protection, block third-party cookies, and/or use Firefox Multi-Account Containers extension to further limit tracking.
What data does Mozilla receive from this extension?
Mozilla does not collect data from your use of the Facebook Container extension. We do receive the number of times the extension is installed or removed.
Known Issues
When Facebook is open and you navigate to another website using the same tab (by entering an address, doing a search, or clicking a bookmark), the new website will be loaded outside of the Container and you will not be able to navigate back to Facebook using the back button in the browser.
Facebook Was Able to Siphon Off Phone Call and Text Logs from Android Phones
Fox News, 28 Mar 2018: "The news that Facebook's Android app has been collecting call and text histories is yet another black eye for the social media giant. But just why was Facebook able to siphon off records of who its users were contacting - and when - in the first place? The short answer: Because Google let it. The longer answer: Well, it's complicated. The social network acknowledged on Sunday that it began uploading call and text logs from phones running Google's Android system in 2015 - first via its Messenger app and later through an option in Facebook Lite, a stripped-down version of its main app. Facebook added that only users who gave appropriate permission were affected, that it didn't collect the contents of messages or calls, and that users can opt out of the data collection and have the stored logs deleted by changing their app settings. There's a reason Facebook's actions were restricted to Android phones. Apple locks down app permissions tightly, which offers more privacy protection to iPhone users. "Apple's fundamental approach is to collect the minimum amount of information to keep the service running, and keep customers in control of the information," said Rich Mogull, CEO of the security firm Securosis."
Wednesday, March 28, 2018
Telegram Told to Give Encryption Keys to Russian Authorities
A top Russian court has told encrypted messaging app Telegram to share its encryption keys with state authorities.
Telegram, founded by Russian entrepreneur Pavel Durov, has been fighting an effort by the FSB, the state's security service formerly known as the KGB, which last year demanded that the company hand over its private encryption keys.
The company refused. On Tuesday, the country's supreme court upheld the demand.
Durov said in a tweet following the ruling: "Threats to block Telegram unless it gives up private data of its users won't bear fruit. Telegram will stand for freedom and privacy."
Secure Messengers - Why We Can’t Give You A Recommendation
Gennie Gebhart, a University of Washington graduate, and currently a researcher for the Electronic Frontier Foundation (EFF) has written an excellent article "Why We Can’t Give You A Recommendation" as part of a five-part series discussing secure messaging. Her article explains why there is no one perfect answer when it comes to secure personal communications, but says that if she had to give a recommendation for the average person it would be Signal or WhatsApp. (This is my recommendation as well).
Take a minute to read Ms. Gebhart's article - and the entire five-part series on secure messengers. Most importantly, whether you choose Signal, WhatsApp, or find something that better meets your needs - find and use a secure messenger.
Woe betide whomever transmits plaintext.
It's not just Facebook. Thousands of companies are spying on you.
The following extract from a CNN article (March 26, 2018) highlights how our personal and private information is being used for profit by businesses - often without our knowledge or permission.
There are 2,500 to 4,000 data brokers in the United States whose business is buying and selling our personal data. Last year, Equifax was in the news when hackers stole personal information on 150 million people, including Social Security numbers, birth dates, addresses, and driver's license numbers.
You certainly didn't give it permission to collect any of that information. Equifax is one of those thousands of data brokers, most of them you've never heard of, selling your personal information without your knowledge or consent to pretty much anyone who will pay for it.
Surveillance capitalism takes this one step further. Companies like Facebook and Google offer you free services in exchange for your data. Google's surveillance isn't in the news, but it's startlingly intimate. We never lie to our search engines. Our interests and curiosities, hopes and fears, desires and sexual proclivities, are all collected and saved. Add to that the websites we visit that Google tracks through its advertising network, our Gmail accounts, our movements via Google Maps, and what it can collect from our smartphones.
That phone is probably the most intimate surveillance device ever invented. It tracks our location continuously, so it knows where we live, where we work, and where we spend our time. It's the first and last thing we check in a day, so it knows when we wake up and when we go to sleep. We all have one, so it knows who we sleep with. Uber used just some of that information to detect one-night stands; your smartphone provider and any app you allow to collect location data knows a lot more.
President Signs Overseas Data Access Bill
Engadget, 24 Mar 2018: The House of Representatives has approved a piece of legislation (link) that makes it easier for law enforcement to get access to info even if it's stored in other countries. Officially known as Clarifying Lawful Overseas Use of Data Act, the set of regulations was part of the 2,000-page Omnibus Spending Bill the president has just signed. CLOUD was created to replace the current rules for cross-border access to data, which require requests for info to be ratified by the Senate and vetted by the DOJ. The new rules give the DOJ the power to obtain data US-based tech companies stored overseas, such as the Outlook emails Microsoft stores in Ireland.
The Cloud Act was added to the omnibus spending bill ahead of the voting on the 2,232-page bill. The bill passed 256-167 in the House, and 65-23 in the Senate.
Republic Senator Rand Paul had tweeted March 22, the day of the vote, that "Congress should reject the CLOUD Act because it fails to protect human rights or Americans’ privacy...gives up their constitutional role, and gives far too much power to the attorney general, the secretary of state, the president and foreign governments."
Microsoft posted a letter supporting the bill on March 21, stating that the Cloud Act: "Creates a modern legal framework for how law enforcement agencies can access data across borders. It’s a strong statute and a good compromise that reflects recent bipartisan support in both chambers of Congress, as well as support from the Department of Justice, the White House, the National Association of Attorneys General and a broad cross section of technology companies [...] it gives tech companies like Microsoft the ability to stand up for the privacy rights of our customers around the world. The bill also includes a strong statement about the importance of preventing governments from using the new law to require that U.S. companies create backdoors around encryption, an important additional privacy safeguard."
Tuesday, March 27, 2018
Counterterrorism Yearbook 2018
Counterterrorism Yearbook 2018
Australian Strategic Policy Institute (ASPI), 27 March 2018
Free PDF Download (10.71 MB)
The Counter Terrorism Yearbook is ASPI’s annual flagship publication curated by the Counter Terrorism Policy Centre, now in its second year of publication.
It is a comprehensive resource for academics and policymakers to build on their knowledge of counterterrorism developments in countries and regions around world.
Each chapter in the Yearbook is written by internationally renowned subject matter and regional experts, who provide their insight and commentary on counterterrorism policy, legislation, operations and strategy for a specific country/region, concerning the year in review, and looking at challenges for the year ahead.
Packages Containing Explosives Sent To Several Military Installations
According to open source media, on March 26, 2018 multiple suspicious packages containing explosive materials were sent to several military installations in Washington, D.C. and Virginia.
DOD officials said packages were sent to the CIA, Fort Belvoir and Fort McNair. A Naval Support Facility in Dahlgren, Virginia, also received a suspicious package and at least one package was sent to the National Defense University at Fort McNair in Washington, DC.
Some of the packages included rambling letters that officials described as disturbing. The packages were all ultimately rendered safe. The FBI, BATF, and other Federal agencies are investigating.
In December 2017, I provided information here in the blog concerning
Bomb Threats & Explosive Recognition.
*Stay Alert - Stay Safe*
** UPDATE - A PERSON OF INTEREST HAS BEEN ARRESTED - Statement on the FBI's Response to Suspicious Packages Received by U.S. Government Facilities in the Washington, D.C. Metropolitan Area **
--
You can read more in the following articles:
Suspicious packages’ received at military installations in Washington area
Packages with explosive material sent to military installations in DC area
Multiple suspicious packages sent to DC-area military and intelligence installations
Suspicious Packages Found at Several Military Installations in D.C. Area
Suspicious Packages Containing Explosives Sent To Several Military Installations Around Washington DC
Six suspicious packages sent to military, intelligence sites, officials say
DOJ Renews Push to Require Access to Encrypted Devices
US law enforcement hasn't given up on its dreams of forcing tech companies to allow access to encrypted devices. New York Times sources have learned that the Department of Justice and the FBI have been meeting with security researchers in an effort to develop systems that would let police reach encrypted data without making them vulnerable to hacking. At the same time, officials have reportedly renewed talks about asking Congress to draft and pass legislation requiring the use of those mechanisms.
The new push is still unlikely to please many privacy advocates and security experts. Both camps maintain that there's no such thing as a device that's open to law enforcement, but secure against malicious intruders -- if you introduce a vulnerability for one side, you introduce it for everyone. What's to stop rogue developers from writing tools that make it easy to strip the secret key? There are also philosophical problems. Mandatory access implies that the government has a right to access user data, and that this right is ultimately more important than the security risk it might create for innocent people.
GrayKey iPhone Unlocker Poses Serious Security Concerns
Ever since the case of the San Bernadino shooter pitted Apple against the FBI over the unlocking of an iPhone, opinions have been split on providing backdoor access to the iPhone for law enforcement. Some felt that Apple was aiding and abetting a felony by refusing to create a special version of iOS with a backdoor for accessing the phone’s data. Others believed that it’s impossible to give backdoor access to law enforcement without threatening the security of law-abiding citizens.
In an interesting twist, the battle ended with the FBI dropping the case after finding a third party who could help. At the time, it was theorized that the third party was Cellebrite. Since then it has become known that Cellebrite - an Israeli company - does provide iPhone unlocking services to law enforcement agencies.
Cellebrite, through means currently unknown, provides these services at $5,000 per device, and for the most part this involves sending the phones to a Cellebrite facility.
In late 2017, word of a new iPhone unlocker device started to circulate: a device called GrayKey, made by a company named Grayshift. Based in Atlanta, Georgia...
How it works
GrayKey is a gray box, four inches wide by four inches deep by two inches tall, with two lightning cables sticking out of the front.
Two iPhones can be connected at one time, and are connected for about two minutes. After that, they are disconnected from the device, but are not yet cracked. Some time later, the phones will display a black screen with the passcode, among other information. The exact length of time varies, but it can take up to three days or longer for six-digit passcodes, according to Grayshift documents, and the time needed for longer passphrases is not mentioned.
After the device is unlocked, the full contents of the file system are downloaded to the GrayKey device. From there, they can be accessed through a web-based interface on a connected computer, and downloaded for analysis. The full, unencrypted contents of the keychain are also available for download.
You can read the complete Malwarebytes article here.
A March 5, 2018 article in Forbes: "Mysterious $15,000 'GrayKey' Promises To Unlock iPhone X For The Feds" discusses GrayKey as well.
-----
Like the better-known Cellebrite unlocking tools, GrayKey probably uses one or more zero-day flaws in iOS to brute-force unlock the handsets.
Because this is a brute-force attack against your iPhone's passcode, a longer code will offer more protection. I recommend using a "a custom alphanumeric code" (a combination of letters, numbers, and symbols) to secure your iPhone. Apple Support shows how to set-up a passcode on your iPhone here.
Access to your iPhone doesn't necessarily mean access to all data on the device. Encrypted applications, such as Standard Notes, protected with a different password than the one used to access your iPhone can help protect your private information.
In other posts I have discussed and recommended Wickr, a secure communications app. One of the features included in Wickr is a secure shredder that wipes the slack / freespace on your phone when Wickr is running. According to an e-mail I received from Wickr Support, secure shredder runs while Wickr is open, and while the app is in the background. The shredding will stop if the app is forced closed or when the process has ended. Having Wickr on your iPhone and opening the app for a few minutes each day might be of value for some people - even if you are not using it for secure communication. Wickr is planning to bring back the manual secure shredder option (it was changed to the current automatic mode in a recent update) in 2018.
For many people, our phones store a tremendous amount of personal and private data. Messages to and from friends and family, personal photos, private contacts, passwords and access to other accounts, private e-mail, and much more. There must be a way to keep that data secure.
Now some will say that products like GrayKey and Cellebrite are only used by law enforcement, and since they must have physical access to your iPhone to use their devices you have nothing to worry about unless you are arrested. Well, perhaps, but not everyone who is arrested is guilty of a crime; and once all of your personal and private is pulled into a government investigative record it is there forever.
According to security expert Bruce Schneier: "Little is known about Grayshift or its sales model at this point. We don't know whether sales are limited to US law enforcement, or if it is also selling in other parts of the world. Regardless of that, it's highly likely that these devices will ultimately end up in the hands of agents of an oppressive regime, whether directly from Grayshift or indirectly through the black market. It's also entirely possible, based on the history of the IP-Box, that Grayshift devices will end up being available to anyone who wants them and can find a way to purchase them, perhaps by being reverse-engineered and reproduced by an enterprising hacker, then sold for a couple hundred bucks on eBay."
Monday, March 26, 2018
School Shootings 1927 - 2018
Channel 9 News Denver, CO has posted a database of school shootings, in the United States, from 1927 - 2018.
Despite Heightened Fear Of School Shootings, It's Not A Growing Epidemic. "Schools are safer today than they had been in previous decades," says James Alan Fox, a professor of criminology at Northeastern University who has studied the phenomenon of mass murder since the 1980s.
Other experts agree. Garen Wintemute is an emergency room physician who leads a prominent gun violence research program at the University of California, Davis. He says school shootings, specifically, are not epidemic. "Schools are just about the safest place in the world for kids to be," Wintemute says. "Although each one of them is horrific and rivets the entire nation for a period of time, mass shootings at schools are really very uncommon, and they are not increasing in frequency. What's changed is how aware we are of them."
One thing that stood out in all of these shootings was that "there were plenty of warning signs offered up in the months and years leading up to these horrific events. Few involved someone seemingly untroubled."
Dr. Roger Depue at the University of New Orleans has published a list of "Red Flags, Warning Signs, and Indicators" associated with school shootings in the United States.
Warning signs prior to a mass shooting did not however indicate that the individuals involved suffered from a true mental illness.
Dr. James L. Knoll IV, M.D. and Dr. George D. Annas, M.D., M.P.H writing in Psychiatry Online found that:
Mass shootings by people with serious mental illness represent less than 1% of all yearly gun-related homicides.
The overall contribution of people with serious mental illness to violent crimes is only about 3%. When these crimes are examined in detail, an even smaller percentage of them are found to involve firearms.
Laws intended to reduce gun violence that focus on a population representing less than 3% of all gun violence will be extremely low yield, ineffective, and wasteful of scarce resources. Perpetrators of mass shootings are unlikely to have a history of involuntary psychiatric hospitalization. Thus, databases intended to restrict access to guns and established by guns laws that broadly target people with mental illness will not capture this group of individuals.
Gun restriction laws focusing on people with mental illness perpetuate the myth that mental illness leads to violence, as well as the misperception that gun violence and mental illness are strongly linked. Stigma represents a major barrier to access and treatment of mental illness, which in turn increases the public health burden.
A February 23, 2018 article in the LA Times reported that " Efforts to downplay the role of mental illness in mass shootings are simply misleading. There is a clear relationship between mental illness and mass public shootings.
At the broadest level, peer-reviewed research has shown that individuals with major mental disorders (those that substantially interfere with life activities) are more likely to commit violent acts, especially if they abuse drugs. When we focus more narrowly on mass public shootings - an extreme and, fortunately, rare form of violence - we see a relatively high rate of mental illness.
According to our research, at least 59% of the 185 public mass shootings that took place in the United States from 1900 through 2017 were carried out by people who had either been diagnosed with a mental disorder or demonstrated signs of serious mental illness prior to the attack.
There is clearly some debate over whether individuals who commit school shootings suffer from a mental illness or not. Part of this is because defining a mental illness - or more specifically determining that a person is actually suffering from a particular mental illness - is a difficult task. What is not at debate however is that there is a behavioral problem, a problem of personal conduct that does have warning signs and indicators that can help identify a potential school shooter.
Last week I discussed How to Respond to School Violence, and noted that bullying behavior is very frequently involved in events leading up to school shootings. Addressing this type of behavior will have a much greater effect on preventing the next school shooting than any type of gun ban or restriction. Addressing personal conduct and responsibility does not have the same media and political sensation as cries for gun ban, but addressing the behavioral problems will almost certainly save far more lives than any type of gun control.
Only 13% of Government Workers Take Personal Responsibility for Cybersecurity
Public sector employees in the U.S. have little concern about their personal cybersecurity responsibilities, according to a survey. Just 13% of government employees believe they have complete personal responsibility for the security of their work devices or information, the report carried out by analytics firm YouGov and published by security firm Dtex Systems said. Over 48% of those surveyed said they had no responsibility at all, believing the securing of data to be squarely the remit of IT professionals.
Roughly half of respondents believed that being hacked was inevitable no matter what protective measures they took, while 43% simply didn't believe they could be hacked. Few people surveyed seemed to take seriously the likelihood and frequency of cyber threats - one in three employees believed they were more likely to be struck by lightning than have their work data compromised. M
When looking at what government employees feared most, the survey said: "Only 14 percent report being afraid of someone infiltrating their organization and stealing files, trailing far behind potential scenarios such as a government collapse or food poisoning, and ranking it just three percentage points higher than alien invasion." (CNBC, 3/16/18)
Facebook - The Surveillance Company
A short video commentary about Facebook - The Surveillance Company.
Available on YouTube: here and here.
--
Deleting Facebook? Here Are the Best Alternatives For What You'll Miss
(Wired, March 22, 2018)
Consumer Reports posted an article "How to Quit Facebook" on March 20, 2018
Sunday, March 25, 2018
Block Senders of Harassing E-mail
We have all probably received e-mail that we didn’t want. The >DELETE< button works well to get rid of an occasional annoying e-mail, but what can you do if you receive a lot of annoying e-mail from someone? Spam filters work fairly well to block unsolicited commercial e-mail but may not be effective when the e-mail is directed specifically at you. However, e-mail blocking and filtering is often a very effective way to solve the problem of annoying / harassing e-mail.
Most e-mail providers let you block e-mail from specific senders or even block e-mail from entire domains. Here is how to block senders of annoying / harassing e-mail in some of the most popular e-mail services.
To block a sender in Gmail:
- Sign into your Gmail account.
- Open a message from the sender you'd like to block.
- Click the down arrow located on the top right-hand side of the e-mail.
- Select Block "sender name" in the drop-down menu that appears.
To block a sender in Microsoft Outlook:
- Open Microsoft Outlook.
- Open a message from the sender you'd like to block.
- Right-click somewhere in the message.
- In the drop-down menu that appears, click Junk, and then Block Sender.
To block a sender in Yahoo Mail:
- Log into your Yahoo! Mail account.
- Right-click a message from the sender whose address you'd like to block.
- Select Block from the drop-down menu that appears.
- Check the boxes next to Send all future emails to Spam and Delete all existing emails.
- Click OK.
To block a sender in Mozilla Thunderbird:
- Open Mozilla Thunderbird.
- Open a message from the sender whose address you'd like to block.
- Right-click their address at the top of the message and select Create Filter From...
- In the Filter Rules window that appears, first give the filter a name. For example, something like "Blocked Addresses" would work.
- In the Perform these actions: section, change the box to Delete Message.
- Click OK.
You can also create filters to handle e-mail in certain ways. Filters give you lots of options, such as filtering e-mail that contains specific words in the Subject Line, or in the Body of the e-mail.
By blocking senders of annoying / harassing e-mail and using filters to sort e-mail containing specific words in the Subject Line and/or Body of the message, you can solve most cases of harassment through e-mail. Almost every set of recommendations for dealing with on-line harassment and cyber-bullying says that you should block the sender of annoying / harassing e-mail - because blocking works, it solves the problem.
Of course, blocking the senders of annoying and harassing e-mail isn't the only thing that you need to do to protect yourself from cyber bullying - but it is one of the most important.
It is also worth noting that in most cases where a "victim" of on-line harassment and cyber bullying did not block the harassing messages, the "victim" was part of the problem - often engaging in an on-going exchange of e-mails with the alleged "cyber-bully".
How to Block Someone on Facebook
How to Block Someone on Twitter
How to Block Someone on Instagram
There is nothing the requires you to respond to on-line harassment, or to allow toxic people to share in your social media. Do Not Feed the Trolls - Just Block Them.
Hi-Tech Crime Trends 2017 (Group-IB)
Group-IB's Annual Report on Cybercrime Trends (Available in English and Russian)
Download the report to learn more about:
1. Predictions of increased goals for IT Infrastructure disruption versus money theft.
2. How hackers are learning the logic of critical infrastructure to have better success targeting industrial facilities.
3. How Cyber Criminals have shifted their focus to the Cryptocurrency industry for "quick profit".
--
Group-IB is an international company, founded in 2003, dedicated to preventing and investigating high-tech crimes and online fraud. The company develops software and hardware solutions for proactive cyber defense based on the latest threat intelligence data.
In 2015, Gartner agency included Group-IB in the Top-7 global vendors of threat intelligence. In 2017, the company became the leader of Russia Threat Intelligence Security Services Market Analysis conducted by IDC and became one of Top-5 Threat Intelligence vendors in Forrester's Vendor Landscape: External Threat Intelligence, 2017 report.
Group-IB's head office is located in Moscow, Russia.
Wombat Security User Risk Report - 2017
Wombat Security surveyed more than 2,000 working adults - 1,000 in the US and 1,000 in the UK - about cybersecurity topics and best practices that are fundamental to data and network security. What they found out about the personal habits of these individuals was sometimes heartening, occasionally perplexing, and frequently terrifying - but always enlightening.
Download your copy of their 2017 User Risk Report to see how employees shaped up globally and regionally on cybersecurity awareness issues that are impacting organizations worldwide, including:
- Knowledge of phishing and ransomware
- Safe use of WiFi, location tracking, and social media
- Password habits (including password reuse)
- The types of personal activities (shopping online, playing games, streaming media, etc.) that your organization's devices are being used for by employees and their families and friends.