Let Us In Keep Them Out - F-Secure (Security Awareness Video)

The F-Secure Cyber-Security video, "Let Us In - Keep The Out" highlights ways that criminals might target your organization. The video is a useful lead-in for security awareness training.

 

FBI Attempted An Unprecedented Grab For Google Location Data

Back in March, as it investigated a spate of armed robberies across Portland, Maine, the FBI made an astonishing, unprecedented request of Google. The feds wanted the tech giant to find all users of its services who’d been within the vicinity of at least two of nine of those robberies. They limited the search to within 30-minute timeframes around when the crimes were committed. But the request covered a total space of 45 hectares and could’ve included anyone with an Android or iPhone using Google’s tools, not just the suspect.

The FBI then demanded a lot of personal information on affected users, including their full names and addresses, as well as their Google account activity. The feds also wanted all affected users’ historical locations.

Outside of concerns around government overreach, the FBI’s remarkable attempt to force Google to assist in its investigation will likely worry all who were disturbed by an Associated Press investigation published on Monday that claimed Google continued to track people even when they turned location features off.

The court warrants unearthed by Forbes indicate some at the FBI believe they have a right to that location data too, even if it belongs to innocents who might be unwittingly caught up in invasive government surveillance. And the government feels such fishing expeditions are permissible; it issued the warrant on Google without knowing whether or not the suspect used an Android device or any of the company services at all.

Nathan Wessler, staff attorney at the American Civil Liberties Union (ACLU), told Forbes it was unlikely the average user of Google services would know such government searches were even possible. “I think it’d be surprising to learn that Google and other tech companies kept these kinds of records that are searchable ... to help find people at a specific location at a specific time.

“People should have an understanding of what data is being collected of theirs and how they can protect it.”

Marina Medvin, an attorney and founder of Medvin Law, said the warrant amounted to “a completely indiscriminate search of a large group of people.”

Despite limiting the search to users who’d been at two of the locations within certain timeframes, Medvin said the government didn’t go far enough. “This is a general search, which is prohibited under our Constitution. It is not particularized, a legal prerequisite to obtain a warrant under U.S. law,” she said. “The Supreme Court explained that the purpose of the particularity requirement is to make general searches impossible and to prevent ‘a general, exploratory rummaging.’

“Yet, general, exploratory rummaging of a bunch of people who visited these places is exactly what would result if such a warrant were executed successfully.”  (Forbes, August 15, 2018)
--

Leaked City Documents Give Protesters Heads-up on Homeless Camp Cleanups

A stand-off between Seattle’s Navigation Team and activists led to tense moments during an unsanctioned homeless camp cleanup in the Ravenna Woods in April.

Protestors blocked a garbage truck from going into the area to pick up waste and debris. The city’s Navigation Team scheduled the cleanup after a felon living in the camp was arrested with 30 rounds of assault rifle ammunition, brass knuckles and several large knives.

Immediately following the cleanup, questions were raised about how activists had known about it, since the city does not publish the schedule ahead of time.

KIRO 7 filed a public disclosure request and obtained emails that reveal that aides in Seattle City Council member Kshama Sawant’s office, and sometimes Sawant herself, are forwarding the cleanup lists to community activists, including those behind the protest at the cleanup in April.

The activist who received forwarded information about the Ravenna Woods cleanup tweeted the night before

That list has been forwarded to members of the public at least 10 times since the beginning of the year.  Sawant has been an outspoken critic of the unsanctioned camp cleanups.  (KIRO 7, August 16, 2018)
--

The Ravenna Woods homeless camp is just one of hundreds or thousands similar camps in cities across the United States. Regardless of how you feel about the clean-up and removal of homeless camps, this story shows another issue with regard to data privacy and security.

Individuals with access to data may misuse that information or provide it to individuals for whom it was not intended. When the actions of government are seen to be inappropriate, controversial, or illegal it becomes easier for activists groups, journalists, and others to develop sources of information inside of these government agencies.

Technical means can prevent some types of disclosure, but generally speaking, once an insider has control of information there is very little that can be do to prevent its compromise if the insider is untrustworthy.

An Insider Threat Awareness course is available on-line from CDSE.

It should also be noted that community activist groups may have good sources of information and the ability to analyze large amounts of raw data.

 

Botched CIA Communications System Helped Blow Cover of Chinese Agents

It was considered one of the CIA’s worst failures in decades: Over a two-year period starting in late 2010, Chinese authorities systematically dismantled the agency’s network of agents across the country, executing dozens of suspected U.S. spies. But since then, a question has loomed over the entire debacle.

How were the Chinese able to roll up the network?

Now, nearly eight years later, it appears that the agency botched the communication system it used to interact with its sources, according to five current and former intelligence officials. The CIA had imported the system from its Middle East operations, where the online environment was considerably less hazardous, and apparently underestimated China’s ability to penetrate it.

The penetration of the communication system seems to account for the speed and accuracy with which Chinese authorities moved against the CIA’s China-based assets.

The communications system used in China during this period was internet-based and accessible from laptop or desktop computers, two of the former officials said.

In the words of one of the former officials, the CIA had “fucked up the firewall”... 
(Foreign Policy, August 15, 2018)
--

If all of your tradecraft is tied to an Internet connection, it won't be long until your agents are tied to post in front of a firing squad.

Technology will fail. Systems can be hacked. Or, you could have had an idiot configure your covert communications system.

Media Omits Key Detail About ICE Arresting Man Taking Wife To Hospital

On Saturday, dozens of media outlets reported that federal Immigration and Customs Enforcement (ICE) agents arrested an illegal alien who was taking his wife to the hospital to deliver their baby — but they conveniently left out one key detail: the man was a wanted murder suspect.

Agents arrested murder suspect Joel Arrona-Lara when he stopped to get gas while taking his wife, Maria del Carmen Venegas, to the hospital so she could give birth.

Many media outlets ran with misleading headlines that conveyed a sense of brutality and inhumanity as the political Left is currently trying to demonize ICE. Many publications didn't even include the fact Arrona-Lara was a homicide suspect in their reports.

Here are some of the headlines featured by the media:

The Washington Post: "ICE arrested a man driving his pregnant wife to give birth. She drove herself to the hospital."

The Sacramento Bee: "They were on their way to the hospital to have a baby when ICE took him away"

CBS News: "ICE detains man driving pregnant wife to hospital to deliver baby"

Time: "ICE Agents Detained a Man Driving His Pregnant Wife to the Hospital"

Slate: "ICE Officers Arrest Man Who Was Driving Pregnant Wife to Hospital for C-Section"

NY Mag: "ICE Arrests Husband Who Was Taking Wife to Give Birth at Hospital"

Newsweek: "Ice Agents, Part Of Trump Crackdown, Detain Husband Driving Pregnant Wife To Deliver Baby"

One of the only media outlets to report that Arrona-Lara was a murder suspect in the title and in the report was NBC News, which reported that ICE specifically noted that Arrona-Lara was arrested because of an "outstanding warrant issued for his arrest in Mexico on homicide charges."

The timing of the media's latest deception to demonize the Trump administration for political gain comes just two days after more than 350 newspapers wrote op-eds bemoaning President Donald Trump's attacks on the media for inaccurately covering news stories and for sometimes reporting blatantly false information.  (Daily Wire, August 18, 2018)
--

Fake News, the reporting of false information or the reporting of information in a manner that supports a particular political agenda at the expense of the facts, is a significant problem for anyone trying to understand what actually happened with regard to a particular news story.

According to a 2016 Gallup Poll "Americans' trust and confidence in the mass media "to report the news fully, accurately and fairly" has dropped to its lowest level in Gallup polling history, with only 32% saying they have a great deal or fair amount of trust in the media."

Even worse than our lack of trust in the news media is our lack of trust in government. According to the Pew Research Center (December 14, 2017) "Public trust in the government remains near historic lows. Only 18% of Americans today say they can trust the government in Washington to do what is right “just about always” (3%) or “most of the time” (15%)."

We can't trust the government to do what's right, we can't trust the news media to report the news fully, accurately and fairly, and we can't trust our police and military to not spy on us, invade our privacy, and violate our Constitutional rights and freedoms.

Who can you trust?

Like 'Salem Witch Trials': Maria Butina Treated 'Inhumanly' in Custody

Like 'Salem Witch Trials': Maria Butina Treated 'Inhumanly' in Custody - YouTube Video

A fund in support of Russian citizen Maria Butina, currently in custody in the United States, was opened on the Internet, her lawyer Robert Driscoll told TASS on Friday.

The website, which calls on people to make donations to support efforts of Butina’s defense to secure her release, is in Russian and English languages and holds pictures of the detained Russian national as well as her short biography.

"Your donations will help Maria and her lawyers to provide the best possible defense in court for her," a statement from the authors of the website says. "We will be very grateful for donations from friends and supporters. Information about sponsors will be strictly confidential."

Butina’s lawyer Driscoll told TASS that "The fund was established to allow friends and supporters to help pay for her legal defense."

"Donations of large or small sums are welcome as easily made via the website," he said. "We have not fixed a particular amount, but her defense will be expensive."

"For example, the government will produce over 10 Terabytes of data for the defense to review - the equivalent of millions of pages," Butina’s lawyer stated. "Fortunately, a generous American supporter paid her legal fees up until her arrest (i.e., for the Senate testimony and documents production) but now the costs have escalated and she needs financial support."

Driscoll thanked TASS for highlighting this issue saying "I appreciate that you will write a story on this. I think strong donations (both in terms of dollars and numbers of small donations) will let her know how much people in Russia, America, and around the world support her."

Maria Butina, 29, was arrested in Washington on July 15, on the eve of the Helsinki summit between Russian President Vladimir Putin and his US counterpart Donald Trump. The Russian gun rights activist is facing charges of conspiracy for conducting activities in the interests of a foreign state. Investigators claim that she was engaged in these activities without registering as a foreign agent at the US Department of Justice.

The FBI said Butina arrived in the United States in August 2016 on a student entry visa and took up studies at the American University. She received the master’s degree in international relations in May 2018, according to her lawyer.

Butina is a member of the board of the Russian public associations ‘The Right to Guns’. In this capacity, she attended the National Prayer Breakfast in Washington in February 2017 where President Donald Trump took part.

Russian Foreign Ministry Spokeswoman Maria Zakharova said earlier that Moscow considered Washington’s allegations against Butina to be groundless and politically motivated. According to her, Russia has been doing everything possible to protect the woman’s legitimate rights and interests.

(TASS, August 18, 2018)
--

U.S. Government Seeks Facebook Help to Wiretap Messenger

Reuters (August 17, 2018) reported that the U.S. government is trying to force Facebook Inc (FB.O) to break the encryption in its popular Messenger app so law enforcement may listen to a suspect’s voice conversations in a criminal probe.

The previously unreported case in a federal court in California is proceeding under seal, so no filings are publicly available, but the three people told Reuters that Facebook is contesting the U.S. Department of Justice’s demand.

The judge in the Messenger case heard arguments on Tuesday on a government motion to hold Facebook in contempt of court for refusing to carry out the surveillance request, according to the sources, who spoke on condition of anonymity.

If the government prevails in the Facebook Messenger case, it could make similar arguments to force companies to rewrite other popular encrypted services such as Signal and Facebook’s billion-user WhatsApp, which include both voice and text functions, some legal experts said.

Facebook is arguing in court that Messenger voice calls are encrypted end-to-end, meaning that only the two parties have access to the conversation.

Ordinary Facebook text messages, Alphabet Inc’s (GOOGL.O) Gmail, and other services are decrypted by the service providers during transit for targeted advertising or other reasons, making them available for court-ordered interception.

End-to-end encrypted communications, by contrast, go directly from one user to another user without revealing anything intelligible to providers.

Facebook says it can only comply with the government’s request if it rewrites the code relied upon by all its users to remove encryption or else hacks the government’s current target, according to the sources.
--

Facebook Messenger 'Secret Conversations' are end-to-end encrypted, but a standard message sent via Messenger is not. If you use Facebook Messenger for private communication, always use Secret Conversations, or consider using WhatsApp for encrypted communication. WhatsApp is owned by Facebook. If you want to move away from Facebook for your private conversations, I recommend that you use Signal Private Messenger.