close
    • chevron_right

      Surveillance through Push Notifications

      news.movim.eu / Schneier · Monday, 4 March - 22:38 · 1 minute

    The Washington Post is reporting on the FBI’s increasing use of push notification data—”push tokens”—to identify people. The police can request this data from companies like Apple and Google without a warrant.

    The investigative technique goes back years. Court orders that were issued in 2019 to Apple and Google demanded that the companies hand over information on accounts identified by push tokens linked to alleged supporters of the Islamic State terrorist group.

    But the practice was not widely understood until December, when Sen. Ron Wyden (D-Ore.), in a letter to Attorney General Merrick Garland, said an investigation had revealed that the Justice Department had prohibited Apple and Google from discussing the technique.

    […]

    Unlike normal app notifications, push alerts, as their name suggests, have the power to jolt a phone awake—a feature that makes them useful for the urgent pings of everyday use. Many apps offer push-alert functionality because it gives users a fast, battery-saving way to stay updated, and few users think twice before turning them on.

    But to send that notification, Apple and Google require the apps to first create a token that tells the company how to find a user’s device. Those tokens are then saved on Apple’s and Google’s servers, out of the users’ reach.

    The article discusses their use by the FBI, primarily in child sexual abuse cases. But we all know how the story goes:

    “This is how any new surveillance method starts out: The government says we’re only going to use this in the most extreme cases, to stop terrorists and child predators, and everyone can get behind that,” said Cooper Quintin, a technologist at the advocacy group Electronic Frontier Foundation.

    “But these things always end up rolling downhill. Maybe a state attorney general one day decides, hey, maybe I can use this to catch people having an abortion,” Quintin added. “Even if you trust the U.S. right now to use this, you might not trust a new administration to use it in a way you deem ethical.”

    • chevron_right

      Widespread FBI abuse of foreign spy law sets off “alarm bells,” tech group says

      news.movim.eu / ArsTechnica · Tuesday, 23 May, 2023 - 22:09 · 1 minute

    Widespread FBI abuse of foreign spy law sets off “alarm bells,” tech group says

    Enlarge (credit: Chip Somodevilla / Staff | Getty Images North America )

    The FBI isn't supposed to use its most controversial spy tool to snoop on emails, texts, and other private communications of Americans or anyone located in the United States. However, that didn't stop the FBI from sometimes knowingly using its Foreign Intelligence Surveillance Act (FISA) Section 702 powers to conduct warrantless searches on US persons more than 280,000 times in 2020 and 2021, according to new disclosures. US Senator Ron Wyden (D-Ore.) described the searches as  "shocking abuses."

    Among the most concerning so-called backdoor searches on Americans were disclosures that the FBI ran more than 23,000 queries on people involved in storming the US Capitol, 19,000 on political campaign donors, and 133 on protestors after the police killing of George Floyd. The deputy director of the Center for Democracy and Technology's Security and Surveillance Project, Jake Laperruque, said that "these latest revelations should set off alarm bells across Congress," urging lawmakers in a statement not to re-authorize FISA Section 702 at the end of this year—when it's due to expire—without a "full overhaul."

    "The systemic misuse of this warrantless surveillance tool has made FISA 702 as toxic as COINTELPRO and the FBI abuses of the Hoover years," Laperruque said, while his group's press release noted that the court opinion "confirmed the worst fears of civil rights and civil liberties advocates.

    Read 30 remaining paragraphs | Comments

    • chevron_right

      FBI Disables Russian Malware

      news.movim.eu / Schneier · Wednesday, 10 May, 2023 - 15:26

    Reuters is reporting that the FBI “had identified and disabled malware wielded by Russia’s FSB security service against an undisclosed number of American computers, a move they hoped would deal a death blow to one of Russia’s leading cyber spying programs.”

    The headline says that the FBI “sabotaged” the malware, which seems to be wrong.

    Presumably we will learn more soon.

    • chevron_right

      Feds seize 13 more DDoS-for-hire platforms in ongoing international crackdown

      news.movim.eu / ArsTechnica · Tuesday, 9 May, 2023 - 00:06

    A domain seizure notice from the Justice Department, showing the national seals of several other governments.

    Enlarge / A domain seizure notice from the Justice Department, showing the national seals of several other governments.

    The US Justice Department has sized the domains of 13 DDoS-for hire services as part of an ongoing initiative for combatting the Internet menace.

    The providers of these illicit services platforms describe them as “booter” or “stressor” services that allow site admins to test the robustness and stability of their infrastructure. Almost, if not all, are patronized by people out to exact revenge on sites they don’t like or to further extortion, bribes, or other forms of graft.

    The international law enforcement initiative is known as Operation PowerOFF. In December, federal authorities seized another 48 domains. Ten of them returned with new domains, many that closely resembled their previous names.

    Read 5 remaining paragraphs | Comments

    • chevron_right

      Congressman confronts FBI over “egregious” unlawful search of his personal data

      news.movim.eu / ArsTechnica · Friday, 10 March, 2023 - 18:57 · 1 minute

    Rep. Darin LaHood (R-Ill.)

    Enlarge / Rep. Darin LaHood (R-Ill.) (credit: Bill Clark / Contributor | CQ-Roll Call, Inc. )

    Last month, a declassified FBI report revealed that the bureau had used Section 702 of the Foreign Intelligence Surveillance Act (FISA) to conduct multiple unlawful searches of a sitting Congress member’s personal communications. Wired was the first to report the abuse , but for weeks, no one knew exactly which lawmaker was targeted by the FBI. That changed this week when Rep. Darin LaHood (R-Ill.) revealed during an annual House Intelligence Committee hearing on world threats that the FBI’s abuse of 702 was “in fact” aimed at him.

    “This careless abuse by the FBI is unfortunate,” LaHood said at the hearing, suggesting that the searches of his name not only “degrades trust in FISA” but was a “threat to separation of powers” in the United States. Calling the FBI’s past abuses of Section 702 “egregious,” the congressman—who is leading the House Intelligence Committee's working group pushing to reauthorize Section 702 amid a steeply divided Congress—said that “ironically,” being targeted by the FBI gives him a “unique perspective” on “what’s wrong with the FBI.”

    LaHood has said that having his own Fourth Amendment rights violated in ways others consider “frightening” positions him well to oversee the working group charged with implementing bipartisan reforms and safeguards that would prevent any such abuses in the future.

    Read 17 remaining paragraphs | Comments

    • chevron_right

      FBI finally admits to buying location data on Americans, horrifying experts

      news.movim.eu / ArsTechnica · Thursday, 9 March, 2023 - 17:41

    FBI Director Christopher Wray, left, and National Security Agency Director Gen. Paul Nakasone, testify during the Senate Select Intelligence Committee hearing on worldwide threats on Wednesday, March 8, 2023.

    Enlarge / FBI Director Christopher Wray, left, and National Security Agency Director Gen. Paul Nakasone, testify during the Senate Select Intelligence Committee hearing on worldwide threats on Wednesday, March 8, 2023. (credit: Tom Williams / Contributor | CQ-Roll Call, Inc. )

    At a Senate Intelligence Committee hearing yesterday, FBI Director Christopher Wray confirmed for the first time that the agency has in the past purchased the location data of US citizens without obtaining a warrant, Wired reported .

    This revelation, which has alarmed privacy advocates, came after Sen. Ron Wyden (D–Ore.) asked Wray directly, “Does the FBI purchase US phone-geolocation information?” Wray’s response tiptoed around the question but provided a rare insight into how the FBI has used location data to surveil Americans without any court oversight.

    “To my knowledge, we do not currently purchase commercial database information that includes location data derived from Internet advertising,” Wray said. “I understand that we previously—as in the past—purchased some such information for a specific national security pilot project. But that’s not been active for some time.”

    Read 10 remaining paragraphs | Comments

    • chevron_right

      Insurrectionists’ social media presence gives feds an easy way to ID them

      Kate Cox · news.movim.eu / ArsTechnica · Thursday, 7 January, 2021 - 21:19 · 1 minute

    The seditionists who broke into the US Capitol on Wednesday were not particularly subtle and did not put any particular effort into avoiding being identified.

    Enlarge / The seditionists who broke into the US Capitol on Wednesday were not particularly subtle and did not put any particular effort into avoiding being identified. (credit: Saul Loeb | AFP | Getty Images )

    Law enforcement agencies trying to track down insurrectionists who participated in yesterday's events at the US Capitol have a wide array of tools at their disposal thanks to the ubiquity of cameras and social media.

    Both local police and the FBI are seeking information about individuals who were "actively instigating violence" in Washington, DC, on January 6. While media organizations took thousands of photos police can use, they also have more advanced technologies at their disposal to identify participants, following what several other agencies have done in recent months.

    Several police departments, such as Miami, Philadelphia, and New York City, turned to facial recognition platforms —including the highly controversial Clearview AI —during the widespread summer 2020 demonstrations against police brutality and in support of Black communities. In Philadelphia, for example, police used software to compare protest footage against Instagram photos to identify and arrest a protestor. In November, The Washington Post reported that investigators from 14 local and federal agencies in the DC area have used a powerful facial recognition system more than 12,000 times since 2019.

    Read 10 remaining paragraphs | Comments

    index?i=WoBat2qFt5Y:yeWC9zaQ-SQ:V_sGLiPBpWUindex?i=WoBat2qFt5Y:yeWC9zaQ-SQ:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
    • chevron_right

      Iran behind supposed “Proud Boys” voter-intimidation emails, Feds allege

      Kate Cox · news.movim.eu / ArsTechnica · Thursday, 22 October, 2020 - 19:59

    A man in a suit speaks in front of a Justice Department logo.

    Enlarge / FBI Director Chrisopher Wray speaking at a press conference in Washington, DC, on October 7. (credit: Jim Watson | AFP | Bloomberg | Getty Images )

    We now have less than two weeks to go before the federal voting deadline on November 3, and basically everything is, as many expected, hitting the fan at once. Now, intelligence officials and lawmakers are all but begging Americans to be less credulous with what they see and hear online amid new allegations that actors from Iran emailed individual voter-intimidation efforts.

    Director of National Intelligence John Ratcliffe and FBI Director Christopher Wray joined forces at a hastily announced press conference Wednesday night to issue a warning that foreign actors "have taken specific actions to influence public opinion relating to our elections." Specifically, Ratcliffe said, actors from Iran and Russia, separately, had obtained "some voter registration information" and were using it "to communicate false information to registered voters that they hope will cause confusion, sow chaos, and undermine your confidence in American democracy."

    Ratcliffe was referring to an email campaign that started earlier this week, when some voters in Florida, Arizona, and Alaska started receiving threatening messages .

    Read 17 remaining paragraphs | Comments

    index?i=0BkhHAoV588:k4vU_eAPNtI:V_sGLiPBpWUindex?i=0BkhHAoV588:k4vU_eAPNtI:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
    • chevron_right

      Feds say active exploits of critical Zerologon bug threaten elections orgs

      Dan Goodin · news.movim.eu / ArsTechnica · Saturday, 10 October, 2020 - 00:43

    Feds say active exploits of critical Zerologon bug threaten elections orgs

    Enlarge (credit: Getty Images)

    The FBI and the cybersecurity arm of the Department of Homeland Security said they have detected hackers exploiting a critical Windows vulnerability against state and local governments and that in some cases the attacks are being used to breach networks used to support elections.

    Members of unspecific APTs—the abbreviation for advanced persistent threats—are exploiting the Windows vulnerability dubbed Zerologon. It gives attackers who already have a toehold on a vulnerable network access to the all-powerful domain controllers that administrators use to allocate new accounts and manage existing ones.

    To gain initial access, the attackers are exploiting separate vulnerabilities in firewalls, VPNs, and other products from companies including Juniper, Pulse Secure, Citrix NetScaler, and Palo Alto Networks. All of the vulnerabilities—Zerologon included—have received patches, but as evidenced by Friday’s warning from the DHS and FBI, not everyone has installed them. The inaction is putting governments and elections systems at all levels at risk.

    Read 3 remaining paragraphs | Comments

    index?i=NwLiumpU8Mk:mYxs4BE2ScM:V_sGLiPBpWUindex?i=NwLiumpU8Mk:mYxs4BE2ScM:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA