Saturday, May 12, 2018
Gmail "Confidential Mode" Has Arrived
On April 28, 2018 I wrote about Gmail's new "Confidential Mode". At that time I said "Confidential mode isn't quite here yet, but should begin to roll out in the coming weeks."
Well today (May 12th) the option to use confidential mode appeared in my e-mail.
If you use Gmail you now have another option to secure your e-mail communications. What I have noticed so far is: you seem to have to be logged into Google to access messages sent in confidential mode. You can "screen shot" a confidential mode message while it is open.
If you use Gmail, and have upgraded to the new version, check your account for the new confidential mode button. Let's test this new security feature and see if we can determine the best ways to use it in our e-mail (Gmail) communications.
Unexpected Turn for Mueller After Indicted Russians Show Up in Court
Former U.S Attorney for the District of Columbia Joe diGenova said Special Counsel Robert Mueller was "not ready" to be called into court by Russian interests he previously indicted.
DiGenova said that at least one of the more than a dozen Russian individuals and companies Mueller indicted earlier this year effectively called his bluff on holding further litigation.
DiGenova said Mueller likely indicted the Russian interests because he "needed something Russian" to be charged in his probe, and that since they are from another country, they would be unlikely to fight back.
"One of the Russian companies sent them to court [over the charges]," diGenova said, adding that Mueller's team then "objected strenuously" to that news.
Tucker Carlson asked if such a situation could be bad for the probe into President Donald Trump.
DiGenova said the judge in the Russians' case told Mueller it must now go to trial since the defendants are willing to litigate.
He said the Russian company wants "a lot of [legal] discovery," which could include documents and the like.
DiGenova said the probe has now become Deputy Attorney General "Rod Rosenstein's monster-in-spades." (Fox News Insider)
--
Well sure, we filed an indictment. And yeah, we took a victory lap in the big bells-n-whistles Main Justice press conference. But that doesn't mean we, like, intended to have a trial... That seems to be the Justice Department's position on its mid-February publicity stunt, the indictment of 13 Russians and three Russian businesses for interfering in the 2016 election.
So . . . guess what? One of those Russian businesses, Concord Management and Consulting, wants its day in court. It has retained the Washington law firm of Reed Smith, two of whose partners, Eric Dubelier and Katherine Seikaly, have told Mueller that Concord is ready to have its trial - and by the way, let’s see all the discovery the law requires you to disclose, including all the evidence you say supports the extravagant allegations in the indictment.
Needless to say, Mueller’s team is not happy about this development since this is not a case they figured on having to prosecute to anything more than a successful press conference. So, they have sought delay on the astonishing ground that the defendant has not been properly served - notwithstanding that the defendant has shown up in court and asked to be arraigned. (National Review)
Communications for Survival and Self-Reliance
In 2003, I wrote a book, Communications for Survival and
Self-Reliance. When the publisher, Paladin Press, went out of business at the
end of 2017, my book went out of print.
Since 2003, many things have changed in the world of
personal communications, but one thing that has remained the same is this: In
and increasingly uncertain world, the ability to have 100-percent control over
your communications is crucial to maintaining personal security.
Today most people have some type of a cell-phone, and today's smartphones are pocket-sized computers capable to accessing the Internet, sending and receiving e-mail, and using messaging apps to communicate instantly almost anywhere in the world -- anywhere with cellular service that is!
Today most people have some type of a cell-phone, and today's smartphones are pocket-sized computers capable to accessing the Internet, sending and receiving e-mail, and using messaging apps to communicate instantly almost anywhere in the world -- anywhere with cellular service that is!
But what happens when cellular service fails, becomes overloaded, or is blocked by the government? While it seems that cellular service is available in every city and most towns, there are still rural areas without reliable service, and in remote and wilderness areas we generally don't expect to have a cellular connection.
When there is no cellular service, you may still have WiFi - a technology for wireless local area networking - access to the Internet. You can also use apps, such as FireChat, to communicate directly with another person using the same app on his or her smartphone. Devices like goTenna allow you to extend your WiFi communication range between two devices.
Radio communication is an option that should not be overlooked when considering personal security options. The FRS/GMRS walkie-talkies are an option for short-range communication. The more powerful Midland Micromobile GMRS radios, available in 5, 15, and 40 watt output, will extend your communications range. These micromobile radios can also be combined with portable power systems for use in remote and wilderness areas.
When there is no cellular service, you may still have WiFi - a technology for wireless local area networking - access to the Internet. You can also use apps, such as FireChat, to communicate directly with another person using the same app on his or her smartphone. Devices like goTenna allow you to extend your WiFi communication range between two devices.
Radio communication is an option that should not be overlooked when considering personal security options. The FRS/GMRS walkie-talkies are an option for short-range communication. The more powerful Midland Micromobile GMRS radios, available in 5, 15, and 40 watt output, will extend your communications range. These micromobile radios can also be combined with portable power systems for use in remote and wilderness areas.
GMRS radios require a license in the United States. There is a license fee, but no exam is required.
The Multi-Use Radio Service (MURS) provides you with five channels for unlicensed communication, at 2-watts or less. Citizens Band (CB) radio may be an option in some areas as well, although I find that CB channels are often crowded with multiple trying to use a channel at once. If you are a boater, you may want to have a radio that includes the VHF Marine Channels.
Amateur Band (HAM) radio is a world-wide endeavor of licensed radio hobbyists. With the proper equipment and skill you can communicate anywhere in the world using HAM radio. There is an exam required to earn your HAM radio license, but the basic Technician license exam is not too difficult. If you are interested in earning your HAM radio license, visit the ARRL for more information.
With your HAM radio license you will gain access to repeater networks that allow you to communicate over long distances. With systems such as the Wide-coverage Internet Repeater Enhancement System (WIRES-X) you can have world-wide communication with a hand-held radio. You may also want to access services like the WinLink Global Radio E-mail system to send and receive e-mail from your radio.
Now radio communication is not private. Generally speaking anyone can tune into your frequency and monitor your communications. However, having the ability to communicate when others do not greatly enhances your security; and there are some things that you can do to protect the content of your radio communications from eavesdroppers.
Having a communications plan is an important part of personal security and preparedness. Ask yourself, if the cellular network failed how would you communicate with others during an emergency?
Amateur Band (HAM) radio is a world-wide endeavor of licensed radio hobbyists. With the proper equipment and skill you can communicate anywhere in the world using HAM radio. There is an exam required to earn your HAM radio license, but the basic Technician license exam is not too difficult. If you are interested in earning your HAM radio license, visit the ARRL for more information.
With your HAM radio license you will gain access to repeater networks that allow you to communicate over long distances. With systems such as the Wide-coverage Internet Repeater Enhancement System (WIRES-X) you can have world-wide communication with a hand-held radio. You may also want to access services like the WinLink Global Radio E-mail system to send and receive e-mail from your radio.
Now radio communication is not private. Generally speaking anyone can tune into your frequency and monitor your communications. However, having the ability to communicate when others do not greatly enhances your security; and there are some things that you can do to protect the content of your radio communications from eavesdroppers.
Having a communications plan is an important part of personal security and preparedness. Ask yourself, if the cellular network failed how would you communicate with others during an emergency?
Creating your Family Emergency Communication Plan starts with one simple question: "What if?"
For demonstrations of various radios and communications techniques, I like the CommsPrepper YouTube channel.
If you would like a PDF (22MB) copy of Communications for Survival and Self-Reliance you can download it from my Google Drive.
KD7KLA WQZH909
Friday, May 11, 2018
Activist Jailed for His Facebook Posts Speaks Out About Secret FBI Surveillance
According to a report in The Guardian (May 11, 2018), a Texas judge has dismissed the indictment against a man believed to be the first prosecuted under a new government effort to track "black identity extremists" nearly six months after he was arrested and jailed.
This should horrify every American: the FBI held a man for 6 months and tried to prosecute him as a “Black Identity Extremist” (BIE)...because he made anti-cop postings on Facebook and attended a Black Lives Matter rally.
The BIE surveillance and failed prosecution of Rakem Balogun, first reported by Foreign Policy, have drawn comparisons to the government’s discredited efforts to monitor and disrupt activists during the civil rights movement, particularly the FBI counterintelligence program called Cointelpro, which targeted Martin Luther King Jr., the NAACP and the Black Panther party.
Michael German, a former FBI agent and fellow with the Brennan Center for Justice’s liberty and national security program, said the BIE assessment was “extraordinarily overbroad” and that the concept was spreading to law enforcement agencies across the US as more black activists were facing surveillance and police harassment.
After being held in jail for six months, the official one-count indictment against Balogun was illegal firearm possession, with prosecutors alleging he was prohibited from owning a gun due to a 2007 misdemeanor domestic assault case in Tennessee.
Balogun said that the Tennessee case stemmed from a dispute with a girlfriend and that he was pressured to plead guilty to get out of jail.
But this month (May 2018), a judge rejected the charge, saying the firearms law did not apply.
Balogun said he also had to accept the fact that the government would probably continue to monitor to him and could seek new ways to disrupt his life. But the threat wouldn’t stop him from organizing and speaking out.
The US attorney’s office and the FBI declined to comment.
--
This case is very concerning to me, not as some might think because of a strong objection to FBI surveillance in an anti-terrorism case, but because there obviously was no case here to begin with.
When the only charge the government can bring is a one-count indictment for illegal firearms possession based on a misdemeanor case from 11 years ago, there is something seriously wrong with the government's conduct in this investigation.
How would you feel if government employees were maintaining secret, hidden files about you; making false allegations about you, and you were the subject of an on-going investigation that dragged on for months?
Service Meant to Monitor Inmates’ Calls Could Track You, Too
Do you use Verizon, AT&T, Sprint, or T-Mobile? If so, your real-time cell phone location data may have been shared with law enforcement without your knowledge or consent.
According to a report by the New York Times (May 10, 2018) a Service Meant to Monitor Inmates’ Calls Could Track You, Too.
Thousands of jails and prisons across the United States use a company called Securus Technologies to provide and monitor calls to inmates. But the former sheriff of Mississippi County, Mo., used a lesser-known Securus service to track people’s cellphones, including those of other officers, without court orders, according to charges filed against him in state and federal court.
The service can find the whereabouts of almost any cellphone in the country within seconds. It does this by going through a system typically used by marketers and other companies to get location data from major cellphone carriers, including AT&T, Sprint, T-Mobile and Verizon, documents show.
As location tracking has become more accurate, and as more people carry their phones at every waking moment, the ability of law enforcement officers and companies like Securus to get that data has become an ever greater privacy concern.
--
Sen. Ron Wyden, a Democratic senator from Oregon whose work often focuses on tech and privacy, sent a letter to the FCC this week demanding an investigation into why a company, contracted to monitor calls of prison inmates, also allows police to track phones of anyone in the US without a warrant.
The bombshell story in The New York Times revealed Securus, a Texas-based prison technology company, could track any phone "within seconds" by obtaining data from cellular giants -- including AT&T, Sprint, T-Mobile, and Verizon -- typically reserved for marketers.
Wyden said the system allows police and government employees to conduct unauthorized and warrantless surveillance, and it "needlessly exposes millions of Americans to potential abuse and surveillance by the government." (ZDNet, May 11, 2018)
The Electronic Frontier Foundation (EFF) also commented on the claim that "Securus Improperly Collects Data and Shares it with Law Enforcement".
"Securus is one of the largest providers of telephone services to jails and prisons throughout the country and its technology enables inmates to make collect and prepaid calls to others outside of the facility - at outrageous, unnecessarily high prices. As part of that provision of service, Securus collects location information on everyone called by a prisoner. Securus has used its ability to collect this information to build an online portal that allows law enforcement to obtain the real-time location data of any customer of the country’s major cellphone carriers - not just people who call or receive calls from a prisoner. Worse, Securus doesn’t even check whether law enforcement requestors actually have legal authority to access the data in the first place, before sharing this private location information."
The Psychology of Passwords
“The Psychology of Passwords: Neglect Is Helping Hackers Win,” a new report from password management firm LastPass highlights how users are still using utterly silly and crackable passwords. And bad habits don’t stop there. The report also found that 59 percent of respondents use the same password across multiple accounts. The report highlights how weak passwords have caused a surge in hackings and data breaches, which has raised concerns regarding security online. Internet users have been time and again advised to use strong passwords containing a combination of letters, numbers, and symbols for better security of accounts. However, it appears that all these warnings are falling on deaf ears.
Hardening Mozilla Firefox Quantum For Privacy & Security 2018 Edition
Viking VPN has published their 2018 how-to guide for hardening Firefox Quantum against security and privacy threats. This guide is intended to show users how to modify Firefox settings to resist surveillance by governments and corporations, to increase the strength of the encryption while browsing and to reduce the amount of data leaking from your browser.
--
I recommend Firefox as a general use browser, and by following the Viking VPN recommendations you can enhance the security of your browser, making yourself a bit more secure on-line.
2017 Internet Crime Annual Report
The Internet Crime Complaint Center (IC3), which has received more than 4 million victim complaints from 2000 through 2017, routinely analyzes complaints like these and disseminates data to the appropriate law enforcement agencies at all levels for possible investigation. The IC3 also works to identify general trends related to current and emerging Internet-facilitated crimes, and it publicizes those findings through periodic alerts and an annual report.
If you use the Internet, the 2017 Internet Crime Report is a document you should read carefully.
You’ll learn a great deal, including:
What the most common crime types reported by victims were (the top three were non-payment and non-delivery, personal data breaches, and phishing/vishing/smishing/pharming scams);
What the most common crime types in terms of dollar loss were (top three were business e-mail compromise/e-mail account compromise, non-payment/non-delivery, and investment scams);
How the IC3 is monitoring trending scams such as business e-mail compromise, ransomware, tech support fraud, elder fraud, and extortion;
Which age groups are more likely to be victimized by Internet-facilitated criminal activity (people over 60 rank number one in terms of victimization and dollar losses);
What victims can do after reporting the crime to the IC3 (take steps to block or freeze bank or credit card accounts, dispute charges, attempt recovery of lost funds, etc.);
Where each U.S. state ranks in terms of the number of victims of Internet-facilitated frauds, dollar losses, and criminal subjects (California has the top spot on all three lists, while Texas and Florida take turns at the number two and number three slots on the lists); and
Which IC3 initiatives directly support law enforcement (remote search capability of its database available to all sworn officers, and the Operation Wellspring initiative, which helps build state and local law enforcement’s cyber investigative capabilities).
Thursday, May 10, 2018
DNS 1.1.1.1
A promising DNS resolver with a security and privacy focus is the new free offer from Cloudflare called 1.1.1.1. While DNSSEC ensures integrity of data between a resolver and an authoritative server, it does not protect the privacy of the "last mile" towards you. DNS resolver, 1.1.1.1, supports both emerging DNS privacy standards - DNS-over-TLS, and DNS-over-HTTPS, which both provide last mile encryption to keep your DNS queries private and free from tampering. The DNS resolver, 1.1.1.1, is also supporting privacy-enabled TLS queries on port 853 (DNS over TLS), so we can keep queries hidden from snooping networks. https://1.1.1.1/
Other DNS resolvers include:
Google Public DNS: Google is doing a great service for the world with this free DNS resolution service. This will speed up your browsing, improve your security, and get you results with no redirection. But guess what? They get something out of it too. They get data. Their DNS resolver is at the address 8.8.8.8.
Quad9: In association with the Global Cyber Alliance and Packet Clearing House and a consortium of industry and non-profit contributors, Quad9 provides a DNS service designed with privacy and security in mind. This reduces risk, speeds browsing, and since it is being fielded by a non-profit there is no collection of personally identifiable information like some other providers. DNS address is 9.9.9.9.
Verisign: Verisign Public DNS is a free DNS service that offers improved DNS stability and security over other alternatives. Verisign respects privacy. DNS data and other PII is not sold or shared or used to serve you ads. Their DNS address is 64.6.64.6
Dark Side - Secret Origins of Evidence in US Criminal Cases
A report from Human Rights Watch (January 2018)
A growing body of evidence suggests that the federal government is deliberately concealing methods used by intelligence or law enforcement agencies to identify or investigate suspects — including methods that may be illegal... Covering up how evidence was originally found deliberately hoodwinks defendants and judges, severely weakening constitutional fair trial rights.
If the government is allowed to violate the US Constitution’s protections and then cover its tracks, this could undermine human rights for people whose liberty is at stake, or anyone else subjected to illegal government surveillance or other unlawful procedures.
The report is based on records from 95 US federal and state criminal cases, analyses of executive branch documents, and 24 interviews with defense attorneys, current and former US officials, and other people with specialized knowledge about the potential deliberate concealment of investigative methods in this manner and the consequences for rights.
Human Rights Watch identified evidence suggesting that US authorities use a range of tactics to create a new story about how an investigation began in order to avoid revealing how information was originally found. The most widely known is commonly described by law enforcement as a “wall stop” or “whisper stop.” Under this practice, a law enforcement or intelligence agency, possibly using information obtained by various forms of surveillance, asks state or local police to find a pretext – often a minor traffic violation – to stop a suspect and then develop a reason to search their vehicle.
An example of this type of illegal activity was reported in an April 2017 article in the Huffington Post: "Antiwar Activists Challenge Army’s Domestic Spying Apparatus in Ninth Circuit".
"PMR activist Phil Chinn, a student at Olympia’s Evergreen State College in 2007, was driving with friends to an antiwar protest at the Port of Grays Harbor in Aberdeen in May of that year. Unbeknownst to Chinn and his friends at the time, the Washington State Patrol had issued an ‘attempt-to-locate’ code for Chinn’s license plate with a message to apprehend “three known anarchists” in a green Ford Taurus and to let the Aberdeen police know.
Trooper Ben Blankenship of the Washington State Patrol pulled Chinn over for going 53 mph in a 55 mph zone, but then decided to charge him with a DUI.
While he was in the trooper’s cruiser, Chinn noticed a computer printout with a picture of his parents’ car he’d been driving the day before. It was at that point Chinn realized he was part of more than just a routine traffic stop and the cops had been looking for him in either car.
Chinn’s charges were eventually dismissed and in 2009 he sued the state patrol, City of Aberdeen, and Grays Harbor County for harassment and false arrest. Over the objections of the US Attorney’s Office in Seattle, which wasn’t even party to the lawsuit, federal judge Robert Bryan ordered police to turn over the intelligence that led to Chinn’s arrest. To avoid disclosure of what the federal government called “Sensitive Security Information,” the case was quickly settled for more than $400,000." (Mr. Chinn is now a practicing attorney in King County, WA).
How to Respond to a Request for an Interview by the Police
The police might contact you in person or by phone and request that you to come to the police station to talk about some vaguely described incident. You are not required to go meet with a police officer or any government agent unless you have received a subpoena from a court. If contacted by the police, insist on a clear explanation of the purpose of the meeting. If the police won't say specifically what they want to ask you about - you are a suspect / subject in their investigation.
If you might be a suspect / subject in an investigation, then tell the police that you choose not to answer questions. Contact an attorney and have the attorney contact the police officer. Do not go to the police station! Do not provide the police with the name of your attorney. Provide your attorney with the name of the police officer that wants to question you. Let your attorney make contact with the police when he or she is ready to do so.
NEVER TALK WITH THE POLICE IF YOU ARE A SUSPECT / SUBJECT IN AN INVESTIGATION WITHOUT AN ATTORNEY PRESENT.
If you are a suspect or person of interest, the police are talking to you to see whether you will admit something to justify detaining or arresting you. You will most likely be making the case against yourself. If they had enough evidence to arrest you, they probably won’t waste time talking to you. Talking to the police may make the difference whether or not you are arrested or if there is enough evidence to convict you. As a practical matter, you will not talk your way out of an arrest. They won’t believe you. Your "denial" will likely be used against you at the trial. Police are experts at pretending to have fingerprints, DNA, witnesses and other evidence that probably does not even exist to trick and trap you. They are investigators trained to use psychological coercive methods to obtain harmful statements. They get innocent people to make confessions and harmful statements. You are just another experiment to see if they can get you to confess or at least make harmful admissions. The police will isolate you and then use minimization or maximization interrogation techniques to coerce a harmful admission from you. Expect either the minimization approach - "it is no big deal, we just need your statement to close the case" or the maximization approach - "you are going to the prison for a long time unless you confess." (Responding to Police Contact - A Citizens' Guide)
Wednesday, May 9, 2018
The Amnesic Incognito Live System (Tails)
Tails or The Amnesic Incognito Live System is a security-focused Debian-based Linux distribution aimed at preserving privacy and anonymity. All its outgoing connections are forced to go through Tor, and non-anonymous connections are blocked. The system is designed to be booted as a live DVD or live USB, and will leave no digital footprint on the machine unless explicitly told to do so.
The Tor Project has provided financial support for its development.
To begin using Tails, go to their web-site and download the current version of the OS (version 3.7 was released on May 9, 2018).
Tails comes with a selection of tools to protect your data using strong encryption:
- Encrypt your USB sticks or external hard-disks using LUKS, the Linux standard for disk-encryption.
- Automatically use HTTPS to encrypt all your communications to a number of major websites using HTTPS Everywhere, a Firefox extension developed by the Electronic Frontier Foundation.
- Encrypt and sign your emails and documents using the de facto standard OpenPGP either from Tails email client, text editor or file browser.
- Protect your instant messaging conversations using OTR, a cryptographic tool that provides encryption, authentication and deniability.
- Securely delete your files and clean your diskspace using Nautilus Wipe.
Much of Tails' appeal is that the OS lives on a discreet and portable USB drive. It's also easy to install, and easy to launch and navigate from almost any Mac or PC with a USB slot.
Tails is not a magic bullet, and it cannot protect against compromised hardware, compromised software, or user error. Remember: encryption, security, and privacy are only as good as the user. Make sure you follow security best practices, and keep in mind that offline and clearnet activity like password and account sharing can compromise your encrypted sessions.
I use and recommend Tails. It is a great, easy to use, OS that is specifically designed to protect your privacy on-line. Will you use Tails every day? Maybe, but even if you don't, having Tails available to protect your more sensitive on-line activities is something you should consider.
Tails 3.7 is out (5/9/2018)
Cybersecurity Basics (Traveler Toolkit)
The Overseas Security Advisory Council (OSAC), part of the U.S. Department of State, Bureau of Diplomatic Security provides safety and security information for Americans traveling and living overseas. OSAC has just published "Cybersecurity Basics" (April 27, 2018) as par of its Traveler Toolkit.
OSAC Cybersecurity Basics
As technical and physical cyber defenses become more robust and effective, individuals have become the increasingly weak link in the security chain. This weakness is exploited by malicious actors through threats like phishing. No matter the technology that a company installs, a data breach or ransomware attack is only one click away. The following tips describe and offer advice regarding common cyber security issues that are non-technical in nature, and are particularly relevant to individuals traveling abroad. These actionable steps can help individuals mitigate risks from a number of online threats. While individuals may suffer from cyber fatigue, cyber threats are only going to increase and a single mistake can lead to a security incident. Therefore, repetition of these precautionary measures is essential to maintaining your security.
Keep privacy settings on: Use privacy settings to maximize your online privacy, especially on social media platforms. In addition, you should disable unnecessary location services. Malicious actors can exploit any personal information they find online.
Use strong passwords: Use long passwords with a mix of characters, as weak passwords undermine other security measures. Do not write down passwords, share them, or repeat them across multiple sites, and be sure to update passwords periodically. A password management system can help you generate strong passwords and store them securely. Avoid using password recovery questions with answers that are easy to guess or could be found in a social media profile.
Encrypt your data: Use encryption to protect data stored on your devices and for communication. Consider the use of a virtual private network (VPN), which can protect online activity by shielding information on public networks from malicious activity.
Only use secure Wi-Fi: Free Wi-Fi may be convenient, but it is not secure. You have no control over the legitimacy or security of public Wi-Fi; therefore, limit connections to public internet, including at hotels, cafes, and airports, and use a VPN if possible. Disable any internet auto-connect features on your devices and delete old Wi-Fi networks.
Never leave devices unattended: The physical security of your devices is as important as the technical security. If you are away from your devices, even for a moment, whether a computer, phone, or external drive, use lock screens and passwords to protect them. Be vigilant in maintaining the physical integrity and security of your devices.
Don’t plug in to your computer: Malware is easily spread through USBs, smartphones, and external drives when plugged into a device. Avoid plugging unknown external devices into your computer, and run a virus scan when you do plug something in. As external devices can carry malware, do not accept any electronic devices as gifts.
Careful with what you click: Scams can be carried out by phone, text, social media message, or email. To mitigate phishing risks, limit the amount of personal information you share. The information you share publicly can potentially help malicious actors access more valuable data. Scrutinize incoming messages, including using anti-virus software to scan attachments, and hover over links with the cursor to verify the URLs. Do not click on anything that you don’t recognize or that looks suspicious in any way.
Disable Bluetooth and Wi-Fi: Malefactors can see what networks you connect to, spoof them, and trick you into connecting to a compromised network later. Therefore, keep your devices “hidden” so they are not discoverable to nearby Bluetooth users, and do not access or transmit sensitive data from a public network.
Enable 2-Factor Authentication (2FA): 2FA adds an additional layer of security to your password, which should not be considered 100% reliable as a lone security measure. Passwords can be compromised in data breaches or guessed using powerful computers. 2FA requires an extra step whenever you log in from a new device, which reduces the ability to hack into a system using a password alone.
Use the right software: Ensure that all individuals in your network are using legitimate software with the latest security updates. Install a trusted anti-virus program and keep software, mobile operating systems, and apps up to date to maximize cyber defense effectiveness. Routinely back up data, as you may need to erase and reinstall your system if you are the victim of a security breach.
AES Encryption
I have previously written about JavaScrypt: Browser-Based Cryptography Tools as a useful AES encryption tool. I like this simple program and recommend that you download and keep a copy among your encryption tools.
There are other AES encryption programs that also allow you to encrypt and decrypt messages and files in your browser.
SafeMess is an on-line encryption program that also allows you to add an expiration time for your message (set for varying times between 3 minutes and 90 days).
InfoEncrypt is a simple encryption program, that allows you to upload your encrypted message to the InfoEncrypt server where it will remain for 90 days. Anyone with the URL, and the password of course, can access and read your message.
Paranoia offers a simple on-line AES text encryption program, but also offers other encryption applications for use on your mobile devices.
Encipher.It offers a simple on-line tool for encrypting text and files, and also allows you to download the program and install it on your computer.
Other programs such as Lockbin and AES Crypt that allow you to download and install AES encryption on your computer; and no doubt there are other good AES encryption programs available from other sources.
Regardless of which encryption program you use, it is essential that you use a long and complex password to generate your encryption key. If you use these encryption programs to share information with others be sure that you share a strong password in advance, for example: GUsPExufuje2eC3 or qUcRa+EJe8azAph. Sharing a list of strong passwords in a face-to-face meeting is a good way to be sure they are not compromised in transmission.
When using symmetric-key encryption (the same shared key (password) to encrypt and decrypt) you should be aware that if someone is able to compromise the key, he or she can decrypt and read all messages encrypted with that key. Using a new key for each message can help prevent this.
--
As you can see from the above programs, and others like them, it is not overly difficult to add strong (AES) encryption to your browser through the use of JavaScript. Calls for back doors into encryption by the FBI, or the blocking of communications programs like Telegram by the Russian FSB will do little to keep strong encryption away from those who want to use it.
Encrypted Communication Apps (OSAC)
Why Use an Encrypted Communications App?
Human behavior is typically one of the biggest cyber vulnerabilities an organization faces; encrypted communication apps help protect against the potential exploitation of human error while also combatting malicious actors. Constituents may have robust cyber and physical security measures at the organizational level, but individual employees and mobile devices can still expose the organization to cyber threats. These threats may be exacerbated when operating or traveling abroad due to differences in the threat environment. As a result, safeguarding the organization at the employee level is critical, and ensuring secure communications among employees is a vital part of this process.
Apps for encrypted communication provide a layer of security at the employee level and reduce the opportunity for hacking or manipulation by malicious actors. Various apps help protect users against multiple cybersecurity threats, including communications/signal-interception, voice-call tapping, and hacking.
Factors to Consider
Users should consider a number of app-related issues, including security features, app prevalence, quality of service, and platform availability. Three crucial security features to protect information and ensure privacy in communications are end-to-end encryption, protected metadata storage, and anti-screen scraping measures. Many new secure-communication apps have built-in technology that focuses on these three features; however, older forms of communication and some apps do not have these as a default setting and/or offer suboptimal protection due to outdated technology, which may include inherited vulnerabilities that malicious actors have discovered and could exploit. Users must carefully examine the available and default features of communications apps when deciding which to use.
End-to-end encryption allows data to be passed only between intended individuals, and enables encryption at all other points. When a message is in transit between the sender and recipient, it remains protected; encryption prevents outside actors from reading the contents if intercepted. Even the app developer and the mobile network cannot see what information is being shared via their own technology.
Preventing access to metadata, which includes contact phone numbers and the number and times of messages, allows for increased privacy for the communicating parties. This can prevent third parties from discovering who is involved in a conversation, where the parties are located, and when messages were exchanged. Often, metadata is used by third parties to track activities and movements of a target.
Screen-scraping prevention technology protects individuals from having their online activity accessed by a third party. Screen scraping involves the transfer of all the contents on the screen of another computer, which is a security problem regardless of the sensitivity of captured information.
App Comparison
The table below provides a brief feature-based comparison of four free apps widely used by OSAC constituents, based on the benchmarking survey. OSAC notes that this is not a recommendation; numerous additional reputable and quality apps, both free and fee-based, are widely available. Some encrypted messaging apps that are popular with security professionals include Signal, WhatsApp, and Wickr. However, there is no one-size-fits-all messaging app that will meet every security and communications need. Which encrypted communications apps private-sector organizations choose to use often depends on their specific organizational needs and the needs of their employees, as well as their exposure to the product.
Signal
WhatsApp
Skype
Many companies and individuals are migrating to more secure means of communication to safeguard their information. While the highlighted apps are not exhaustive of what is available on the market, they represent some of newest and widely used options, with an array of features. It is important to note that each of the above-mentioned apps has been restricted or banned for various reasons in multiple countries. Users should consider the availability of the app in specific countries when developing security and communications protocols.
Tuesday, May 8, 2018
Senate Report: No Evidence That Russians Changed Vote Tallies in 2016
WASHINGTON - There is no evidence that Russian interference in the 2016 presidential election affected the actual vote count, according to the first installment of the Senate Intelligence Committee's Russia report, released Tuesday (May 8, 2018).
The Committee has not seen any evidence that vote tallies were manipulated or that voter registration information was deleted or modified," the report said, confirming a January 2017 assessment by U.S. intelligence agencies.
The committee has been investigating Russian election meddling for about 16 months.
Moscow Activists Say Telcos Disrupted Coverage, by Order of Police
Two days before Vladimir Putin's official inauguration into his fourth term as the president of Russia, protests broke out across the country. At the height of the protests, several activists reported that their mobile phone signals became weak or non-existent. Some said Russian telecom operators were intentionally degrading the quality of service or even delisting their numbers at the orders of the authorities.
Tele2 [one of Russia’s telecom operators] switched off both the cell phone coverage and the mobile internet access around Pushkinskaya square (our reporter felt it himself.) The operator blamed the disruptions on “quality of service improvement works” which happened to be held on May 5.
Activists also claimed evidence of Beeline, Russia’s second largest telecom operator customer, de-listing phone numbers. In a statement to the press, a Beeline representative denied de-listing phone numbers on police orders. The company blamed the disruptions on network overload.
--
Cellular network can be degraded or disrupted by order of government officials, or may simply fail when usage is greater than the capacity of the network to handle the requested traffic. In a case where communication is essential, one should not rely entirely on cell-phones.
Apps like FireChat can help maintain local communication when cellular service and Internet is disrupted. Devices like goTenna Mesh pair to your phone to privately & automatically relay texts and GPS locations between devices, no service (or routers, towers or satellites!) necessary.
VHF/UHF radio communication may be an option in some areas. Operating on Amateur (HAM) Radio bands will require a license to remain legal, but even simple FRS/GMRS radios will provide communication and allow coordination of activities in a close area. It is also possible to set up Secure Voice Communications in an area using WiFi and a network of wireless routers.
When it come to communications - Have a Plan, and Have a Back-up Plan!
Amnesty International Ranks Eleven Companies on Encryption
In 2016, Amnesty International published a report ranking eleven technology companies on encryption and human rights.
Those companies were:
- Apple
- Blackberry
- Kakao Corporation
- LINE
- Microsoft
- Snapchat
- Telegram
- Tencent
- Viber Media
Amnesty wrote - "Encryption helps protect people’s human rights online. By rendering digital data unintelligible, encryption helps ensure that private information sent over the internet stays private. It also allows people to access and operate in safe online spaces where they can speak freely and express their ideas and opinions without fear. Encryption stops cybercriminals from stealing our personal information, and helps prevent unlawful government surveillance of our communications. It is particularly important for human rights defenders and journalists around the world - whether they are dissidents in China, Bahraini activists in exile abroad, or investigative journalists in Europe. A breach of their data security undermines their vital work, and could result in arrest and detention."
You can download a copy of the Amnesty International report here.
I recommend comparing the Amnesty International report with "Mind Your Data - A Guide to Regain Privacy from Wirtschaftsuniversität Wien" that I wrote about in March 2018.
NSA Triples Collection of U.S. Phone Records
According to Reuters (May 7, 2018) the National Security Agency (NSA) collected 534 million records of phone calls and text messages of Americans last year, more than triple gathered in 2016. The records collected by the NSA include the numbers and time of a call or text message, but not their content. U.S. intelligence officials have said the number of records collected would include multiple calls made to or from the same phone numbers and involved a level of duplication when obtaining the same record of a call from two different companies.
The report also showed a rise in the number of foreigners living outside the United States who were targeted under a warrantless internet surveillance program, known as Section 702 of the Foreign Intelligence Surveillance Act, that Congress renewed earlier this year. That figure increased to 129,080 in 2017 from 106,469 in 2016, the report said, and is up from 89,138 targets in 2013, or a cumulative rise over five years of about 45 percent.
Monday, May 7, 2018
Oil & Fuel Filter Suppressors / Silencers for Firearms
Suppressing the sound of a gunshot may be important in hostile and non-permissive environments. The sound of a gunshot can alert others to your presence and draw unwanted attention to your activities. When a gun is fired there are two major sounds. First is the explosion of the round itself being fired and gasses escaping from the barrel of the gun, and second is the sound of the bullet breaking the sound barrier (1,100 feet per second at sea level) if you are shooting supersonic ammunition. There is also the sound of the cycling of the firearm, but this noise is insignificant when compared to the sound of the shot itself.
To suppress the sound of a gunshot you need to resolve the two major sources of noise associated with the shot. We resolve the sound of the bullet breaking the sound barrier by using subsonic ammunition – that is bullets that travel slower than 1,100 feet per second. The problem of suppressing the sound of the round being fired is where suppressors / silencers come into play. In some countries you can buy a suppressor for your firearm with no more effort than buying the firearm itself (i.e. Norway and Poland). In other countries, the United States and the Czech Republic for example, suppressors are highly regulated and require additional applications and fees. If you are in a country that does not restrict the ownership of suppressors, or if you are able to obtain a permit to own a suppressor it is worth having one for any of your firearms where you can use subsonic ammunition.
While modern commercial suppressors can be somewhat complex in their design, suppressing the sound of a gunshot is not particularly difficult. It is interesting to note that a commonly available vehicle oil or fuel filter attached to the end of the barrel of a firearm will significantly reduce the sound of the gunshot. To use an oil or fuel filter as a suppressor you will need a threaded barrel on your firearm, an adapter with internal threads to match the barrel threads and external threads to match the oil / fuel filter threads. This is commonly ½-28 internal thread and ¾-16 external thread. These adapters are sold in many places for building solvent traps. Once you attach an oil or fuel filter to your firearm using this adapter you have a solvent trap, because one end of the filter remains closed. By drilling a hole in the end of the filter that lines up exactly with the barrel you have cleared a flight path for the bullet and created a basic sound suppressor.
More complex suppressors can be built from parts kits using Mag-Light flashlights as the suppressor tube (solvent trap tube), or from kits specifically designed to build suppressors (solvent traps), but as an expedient means the oil or fuel filter is quite effective.
“Hickok45” demonstrates an “Oil Filter Suppressor” on his YouTube channel.
A series on building suppressors from oil filters and fuel filters (currently banned on YouTube) is available on Full30. And, part 3 of the series: Fuel Filter Silencer - What's Inside?
How To Get Off of People Search Sites Like Pipl, Spokeo, and WhitePages
On January 2, 2018 I posted a list of links where you can request removal of your information from people search databases. At the end of January I added an update with additional opt-out links.
Now Motherboard has also published a Long List of Data Broker Sites and How to Opt-Out of Them.
Data broker sites gather information from public records, purchase information such as subscription lists, or scrape data from sites like LinkedIn. They then make portions of this data available on their web-sites for free, and sell more detailed reports for a few dollars.
By using people search sites it is often fairly easy to find the current address and telephone number of someone, and often further details about that person, like family members and work address.
While it is very difficult to remove 100% of your personal information from these data brokers, I do recommend that you opt-out whenever possible. The fewer places your personal information appears in a publicly viewable data base the better.
There is No Middle Ground on Encryption
On May 2, 2018 the Electronic Frontier Foundation wrote: "Encryption is back in the headlines again, with government officials insisting that they still need to compromise our security via a backdoor for law enforcement. Opponents of encryption imagine that there is a “middle ground” approach that allows for strong encryption but with “exceptional access” for law enforcement. Government officials claim that technology companies are creating a world where people can commit crimes without fear of detection. Despite this renewed rhetoric, most experts continue to agree that exceptional access, no matter how you implement it, weakens security. The terminology might have changed, but the essential question has not: should technology companies be forced to develop a system that inherently harms their users? The answer hasn’t changed either: no."
--
Whenever you add a master key, a back door, or some other means of bypassing the security of a device you instill a weakness in that security. Simply put having a way to bypass security makes that security less effective.
Once a way to bypass encryption is added to a device, it is only a matter of time before someone is able to hack it, or until some "authorized user" can be paid off to misuse his or her authorization to that master key or backdoor.
Adding a back door to our encryption does nothing to prevent criminals from using encryption that doesn't have a back door. If US encryption contains back doors, then get your encryption from Russia, or Germany, or Serbia, or the Czech Republic. Use open source encryption, such as Open PGP or various implementations of AES-256 that does not contain a back door.
Josie the Outlaw
A few years ago there was a YouTube Channel - Josie the Outlaw - where a young woman discussed topics of personal freedom and rightful liberties.
Although the channel only has 14 videos, and Josie hasn't posted a video in about three years, the videos that are there are thought-provoking.
I found the three-video series "The End of Oppression" interesting, and watched the remaining videos on the channel as well. Although I do not agree with everything said by Josie the Outlaw, every video gave me something to think about and reflect upon.
The End of Oppression - Part 1: The Problem
The End of Oppression - Part 2: The Game
The End of Oppression - Part 3: Good Funding Evil
Having just shared An Essay on the State of Government here in the blog, I now present the videos of Josie the Outlaw for your consideration.
Sunday, May 6, 2018
Google Alerts
Google Alerts is a content change detection and notification service, offered by, of course, Google. The service sends emails to the user when it finds new results - such as web pages, newspaper articles, blogs, or scientific research - that match the user's search term(s).
You can use Google Alerts to monitor the web for pretty much anything. Whatever search terms you add to your Google Alert will result in an e-mail when Google finds new content for that search term.
For privacy and security, I recommend creating Google Alerts for your name and variations of your name, your telephone number, and your address. Creating a Google Alert for your key personal information can warn you if it appears on-line. (Note here that whatever information you use to create a Google Alert, you are providing that information to Google and asking that Google search the web for that information. You should consider carefully whether you want to create Google Alerts for highly sensitive information like SSNs.)
To create a Google Alert you need to be signed into Google and go to the alerts page. Here you enter your search term(s) and how you want the alerts delivered.
For most people, without a strong public presence, you are unlikely to get any alerts on your key personal information. Still, it only take a few minutes to set up a Google Alert, and this may just give you early warning if your personal information ends up visible on the Internet.
An Essay on the State of Government
It is near certain that the authors of America’s Declaration of Independence, the Constitution and its Bill of Rights could not have anticipated a world in which the average American paid a quarter of their annual income to the government in taxes, a government that secretly monitors our personal communications, collects and stores vast quantities of information about its citizens, and a government in which the concept of privacy is fast approaching extinction. The idea that individual citizens would require government approval in the form of licensing and permits in order to go about their daily lives; a license to travel upon the public highways, a permit to build upon their own private land, a permit to carry a firearm for one’s personal defense, a license to sell fresh farm products at a local market, a license to fish and to hunt, a permit to distill spirits even for personal use, and so many other similar government intrusions into our personal lives would have been unconscionable to the men and women in 1783 (the end of the American Revolutionary War) who had just fought a war to gain their freedom and independence from government oppression.
What the founders of this great Republic did anticipate is that governments, no matter how powerful, will always hunger for more power and that power inevitably corrupts. For this reason, the U.S. Constitution was signed on September 17, 1787 and a Bill of Rights was adopted as part of the U.S. Constitution on December 15, 1791. The Constitution and the Bill of Rights enumerated the rights that the Founding Fathers saw as the natural and God-given rights of man, and it restricted the power of the Federal government to infringe, limit, or interfere in those rights except in the very limited circumstances prescribed by a Constitution.
Unfortunately, the limited government envisioned by the Founding Fathers, and the individual freedoms held to be the God-given right of every American citizen are seldom recognized in practice today. According to a 2015 Gallup Poll, 75% of Americans see widespread corruption in their government (Gallup 2015). It is not just a belief that the government is corrupt, but an actual fear of this corruption by the majority of Americans that raises the greatest concern. According to the Chapman University Survey of American Fears: “Of the 89 potential fears the survey asked about, the one that the highest share of Americans said they were either "afraid" or "very afraid" of was federal government corruption. It was also the only fear that a majority of Americans said they shared.” (Rampell 2015) The Pew Research Center conducted a study of public trust in government between 1958 and 2014 and found that American’s trust of their government was at an all-time low in 2014 (Pew Research Center 2014). If the conclusions of these studies are true, the American government has become morass of corruption, with the majority of American citizens lacking trust in their elected officials and fearing their own government.
We live in a country that has passed so many laws that even our own government cannot count them. According to the American Bar Association, more than 40% of all criminal laws passed since the Civil War (1861-1896) have been passed since 1970, and these new criminal laws are not focused on violent crimes such as murder and rape but are instead focused on nuance regulatory structures (Shepherd 2013). We are protected by a government that regulates our every act and invades our personal privacy so that it can assure us that we are not the enemy that it is protecting us from. As Louisiana State University law professor John Baker was quoted in the Wall Street Journal saying “There is no one in the United States over the age of 18 who cannot be indicted for some federal crime.” (Fields 2011)
"Over criminalization is a serious problem that has led to questionable prosecutions and injures to the public interest. Thousands of criminal laws are scattered throughout the federal criminal code, and hundreds of thousands of regulations are supposed to implement those laws. In addition, the whole notion of consciousness of wrongdoing in the criminal law has been obscured. Because prosecutors have no incentive to change a system that rewards their excesses, revisions may have to come from Congress—itself the source of much of the problem, both in the laws it passes and in the standards it uses to measure prosecutorial success. If we are to take pride in the claim that we are a nation governed by law, the criminal law must be sensible and accessible, not simply a trap for the unwary." (Mukasey 2015)
We live in a world of laws, rules, policies, and regulations. It is these laws, rules, policies, and regulations that help societies to function smoothly and to operate with some degree of regularity and efficiency. They reduce some of the friction between people living in close proximity and help to promote safety and order in our communities. But there is a problem. That problem is that there are so many laws, rules, policies, and regulations that it is almost impossible to exist without violating something on a daily basis. We have reached a point where everything has been criminalized.
OK, so it’s at least theoretically possible that we violate some obscure law on a daily basis, but are people really being arrested for it? According to the Sentencing Project (2015) “between 70 million and 100 million - or as many as one in three Americans - have some type of criminal record”. A study conducted by the University of Georgia found that approximately 8 percent of the American adult population has some type of a felony conviction, and 3 percent of the population has served some time in prison. (Flurry October 1, 2017) The United States has one of the highest incarceration rates in the world.
Do we really have almost one-third of our population being convicted of some crime before an impartial judge and a jury of their peers? Well, no not really. According to the New York Times "97 percent of federal cases and 94 percent of state cases end in plea bargains, with defendants pleading guilty in exchange for a lesser sentence." (Goode 2012) So, are the police arresting the right person in almost every case? If 94 to 97 percent of defendants plead guilty in exchange for some lesser sentence (a plea bargain) our nation’s police forces must be doing an amazing job. Or perhaps there is another reason that people are willing to take a plea bargain instead of having their day in court?
In his lecture, Don’t Talk to Police, Regent Law School Professor James Duane (2008) stated:
“Estimates of the current size of the body of federal criminal law vary. It has been reported that the Congressional Research Service cannot even count the current number of federal crimes. These laws are scattered in over 50 titles of the United States Code, encompassing roughly 27,000 pages. Worse yet, the statutory code sections often incorporate, by reference, the provisions and sanctions of administrative regulations promulgated by various regulatory agencies under congressional authorization. Estimates of how many such regulations exist are even less well settled, but the ABA thinks there are” nearly 10,000.” (Marlinspike 2013)
Professor Duane points out in his lecture that anything that you say to the police can be used against you in court, but that absolutely nothing that you say to the police can possibly help you. A person who is completely innocent of any crime can make a statement that may appear incriminating in the context of a police report. And while no honest police officer wants to see a truly innocent person convicted; police officers are human, they make mistakes, have personal biases, and may become so focused on building a case against the person they know, that they fail to pursue a case against the unknown, but actual offender.
Writing in Rubin v. United States 524 U.S. 1301 (1998) United States Supreme Court Justice Stephen Breyer stated:
“The complexity of modern federal criminal law, codified in several thousand sections of the United States Code and the virtually infinite variety of factual circumstances that might trigger an investigation into a possible violation of the law, make it difficult for anyone to know, in advance, just when a particular set of statements might later appear (to a prosecutor) to be relevant to some such investigation.”
This is perhaps one of the best reason why one should never speak to the police. A particular (and in fact innocent) set of statements can result in a person being charged for an offense never committed. And once charged the prosecutor will of course seek a conviction, a conviction almost always obtained through plea bargaining.
In its 2018 talking points that Heritage Foundation stated:
“The Framers of our Constitution were concerned that an expansive and voluminous criminal code was a threat to the liberty they had just won. The original federal criminal code was limited to what was necessary to get the new government started. The first federal criminal statutes outlawed approximately 30 crimes, and each one carefully supported the needs of the new enterprise. Today, Congress enacts criminal laws not to protect important national interests of a modern nation, but to score political points with an uninformed electorate that has been led to believe that outlawing more and more conduct or increasing the penalty for conduct that is already a crime somehow solves a crime problem.” (Heritage Foundation 2018)
In ‘The Economist’ we read:
“There are over 4,000 federal crimes, and many times that number of regulations that carry criminal penalties. When analysts at the Congressional Research Service tried to count the number of separate offences on the books, they were forced to give up, exhausted. Rules concerning corporate governance or the environment are often impossible to understand, yet breaking them can land you in prison. In many criminal cases, the common-law requirement that a defendant must have a mens rea (i.e., he must or should know that he is doing wrong) has been weakened or erased. The founders viewed the criminal sanction as a last resort, reserved for serious offences, clearly defined, so ordinary citizens would know whether they were violating the law. Yet over the last 40 years, an unholy alliance of big-business-hating liberals and tough-on-crime conservatives has made criminalization the first line of attack—a way to demonstrate seriousness about the social problem of the month, whether it's corporate scandals or e-mail spam...” (Economist 2010)
The idea of over criminalization is nothing new. Whether we look at Justice Breyer’s comments in 1998, the Heritage Foundation’s talking points in 2018, or articles in today’s news we find the same thing. There is such a morass of criminal laws and administrative regulations that it is nearly impossible to exist in today’s society without violating something that could result in a criminal conviction, monetary fines, and prison time.
“We are facing a serious problem in America. We are forgetting what it is like to be free. Where once our Founding Fathers fought a war to throw off the shackles of a true “Nanny State,” we now run from anything that fails to display a “Government Approved” stamp. This fear is corrupting our very appreciation for freedom. Rather than risk offending someone, or dare stoke a passionate response, communities from New York to Texas and California deal with even the slightest perceived disagreement by curbing individual rights. Restricting individual rights has become the default posture by governments at all levels of our society.” (Barr 2014)