close
  • Sc chevron_right

    Secret White House Warrantless Surveillance Program

    news.movim.eu / Schneier · Thursday, 23 November - 02:03

There seems to be no end to warrantless surveillance :

According to the letter, a surveillance program now known as Data Analytical Services (DAS) has for more than a decade allowed federal, state, and local law enforcement agencies to mine the details of Americans’ calls, analyzing the phone records of countless people who are not suspected of any crime, including victims. Using a technique known as chain analysis, the program targets not only those in direct phone contact with a criminal suspect but anyone with whom those individuals have been in contact as well.

The DAS program, formerly known as Hemisphere, is run in coordination with the telecom giant AT&T, which captures and conducts analysis of US call records for law enforcement agencies, from local police and sheriffs’ departments to US customs offices and postal inspectors across the country, according to a White House memo reviewed by WIRED. Records show that the White House has, for the past decade, provided more than $6 million to the program, which allows the targeting of the records of any calls that use AT&T’s infrastructure—­a maze of routers and switches that crisscross the United States.

  • Sc chevron_right

    The Hacker Tool to Get Personal Data from Credit Bureaus

    news.movim.eu / Schneier · Tuesday, 5 September - 19:06

The new site 404 Media has a good article on how hackers are cheaply getting personal information from credit bureaus:

This is the result of a secret weapon criminals are selling access to online that appears to tap into an especially powerful set of data: the target’s credit header. This is personal information that the credit bureaus Experian, Equifax, and TransUnion have on most adults in America via their credit cards. Through a complex web of agreements and purchases, that data trickles down from the credit bureaus to other companies who offer it to debt collectors, insurance companies, and law enforcement.

A 404 Media investigation has found that criminals have managed to tap into that data supply chain, in some cases by stealing former law enforcement officer’s identities, and are selling unfettered access to their criminal cohorts online. The tool 404 Media tested has also been used to gather information on high profile targets such as Elon Musk, Joe Rogan, and even President Joe Biden, seemingly without restriction. 404 Media verified that although not always sensitive, at least some of that data is accurate.

  • Sc chevron_right

    Identifying People Using Cell Phone Location Data

    news.movim.eu / Schneier · Monday, 9 January, 2023 - 04:50 · 1 minute

The two people who shut down four Washington power stations in December were arrested . This is the interesting part:

Investigators identified Greenwood and Crahan almost immediately after the attacks took place by using cell phone data that allegedly showed both men in the vicinity of all four substations, according to court documents.

Nowadays, it seems like an obvious thing to do—although the search is probably unconstitutional . But way back in 2012, the Canadian CSEC—that’s their NSA—did some top-secret work on this kind of thing. The document is part of the Snowden archive, and I wrote about it:

The second application suggested is to identify a particular person whom you know visited a particular geographical area on a series of dates/times. The example in the presentation is a kidnapper. He is based in a rural area, so he can’t risk making his ransom calls from that area. Instead, he drives to an urban area to make those calls. He either uses a burner phone or a pay phone, so he can’t be identified that way. But if you assume that he has some sort of smart phone in his pocket that identifies itself over the Internet, you might be able to find him in that dataset. That is, he might be the only ID that appears in that geographical location around the same time as the ransom calls and at no other times.

There’s a whole lot of surveillance you can do if you can follow everyone, everywhere, all the time. I don’t even think turning your cell phone off would help in this instance. How many people in the Washington area turned their phones off during exactly the times of the Washington power station attacks? Probably a small enough number to investigate them all.

  • chevron_right

    Facebook has been helping law enforcement identify Capitol rioters

    news.movim.eu / ArsTechnica · Friday, 12 February, 2021 - 18:00

Supporters of former President Donald Trump, including Jake Angeli, a QAnon supporter known for his painted face and horned hat, enter the US Capitol on January 6.

Enlarge / Supporters of former President Donald Trump, including Jake Angeli, a QAnon supporter known for his painted face and horned hat, enter the US Capitol on January 6. (credit: Saul Loeb/AFP via Getty Images)

Facebook has gone out of its way to help law enforcement officials identify those who participated in the January 6 riot at the US Capitol, the company said in a Thursday conference call with reporters.

"We were appalled by the violence," said Monika Bickert, Facebook's vice president of content policy. "We were monitoring the assault in real time and made appropriate referrals to law enforcement to assist their efforts to bring those responsible to account."

She added that this "includes helping them identify people who posted photos of themselves from the scene, even after the attack was over" and that Facebook is "continuing to share more information with law enforcement in response to valid legal requests."

Read 5 remaining paragraphs | Comments

index?i=TGnkvRz8H0c:85Tv0GYFEO8:V_sGLiPBpWUindex?i=TGnkvRz8H0c:85Tv0GYFEO8:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • Sc chevron_right

    Police Have Disrupted the Emotet Botnet

    news.movim.eu / Schneier · Thursday, 28 January, 2021 - 16:09 · 1 minute

A coordinated effort has captured the command-and-control servers of the Emotet botnet:

Emotet establishes a backdoor onto Windows computer systems via automated phishing emails that distribute Word documents compromised with malware . Subjects of emails and documents in Emotet campaigns are regularly altered to provide the best chance of luring victims into opening emails and installing malware ­ regular themes include invoices, shipping notices and information about COVID-19 .

Those behind the Emotet lease their army of infected machines out to other cyber criminals as a gateway for additional malware attacks, including remote access tools (RATs) and ransomware .

[…]

A week of action by law enforcement agencies around the world gained control of Emotet’s infrastructure of hundreds of servers around the world and disrupted it from the inside.

Machines infected by Emotet are now directed to infrastructure controlled by law enforcement, meaning cyber criminals can no longer exploit machines compromised and the malware can no longer spread to new targets, something which will cause significant disruption to cyber-criminal operations.

[…]

The Emotet takedown is the result of over two years of coordinated work by law enforcement operations around the world, including the Dutch National Police, Germany’s Federal Crime Police, France’s National Police, the Lithuanian Criminal Police Bureau, the Royal Canadian Mounted Police, the US Federal Bureau of Investigation, the UK’s National Crime Agency, and the National Police of Ukraine.

  • chevron_right

    Insurrectionists’ social media presence gives feds an easy way to ID them

    news.movim.eu / ArsTechnica · Thursday, 7 January, 2021 - 21:19 · 1 minute

The seditionists who broke into the US Capitol on Wednesday were not particularly subtle and did not put any particular effort into avoiding being identified.

Enlarge / The seditionists who broke into the US Capitol on Wednesday were not particularly subtle and did not put any particular effort into avoiding being identified. (credit: Saul Loeb | AFP | Getty Images )

Law enforcement agencies trying to track down insurrectionists who participated in yesterday's events at the US Capitol have a wide array of tools at their disposal thanks to the ubiquity of cameras and social media.

Both local police and the FBI are seeking information about individuals who were "actively instigating violence" in Washington, DC, on January 6. While media organizations took thousands of photos police can use, they also have more advanced technologies at their disposal to identify participants, following what several other agencies have done in recent months.

Several police departments, such as Miami, Philadelphia, and New York City, turned to facial recognition platforms —including the highly controversial Clearview AI —during the widespread summer 2020 demonstrations against police brutality and in support of Black communities. In Philadelphia, for example, police used software to compare protest footage against Instagram photos to identify and arrest a protestor. In November, The Washington Post reported that investigators from 14 local and federal agencies in the DC area have used a powerful facial recognition system more than 12,000 times since 2019.

Read 10 remaining paragraphs | Comments

index?i=WoBat2qFt5Y:yeWC9zaQ-SQ:V_sGLiPBpWUindex?i=WoBat2qFt5Y:yeWC9zaQ-SQ:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • chevron_right

    COVID-19 contact-tracing data is fair game for police, Singapore says

    news.movim.eu / ArsTechnica · Tuesday, 5 January, 2021 - 21:21

Close-up image of a hand holding a palm-sized electronic device.

Enlarge / A user in Singaapore holding the TraceTogether device that can be used for COVID-19 contact tracing in lieu of a smartphone app. (credit: Roslan Rahman | AFP | Getty Images )

The government of Singapore said this week it has used data gathered for COVID-19 mitigation purposes in criminal investigations, sparking privacy concerns about contact tracing both in Singapore and elsewhere in the world.

Singapore's contract-tracing app, TraceTogether, has been adopted by nearly 80 percent of the country's population, according to The Guardian , and Singaporeans are required to use it to enter certain gathering places such as shopping malls.

TraceTogether's privacy statement originally read, "Data will only be used for Covid-19 contact tracing," but it was updated this week to add, "Authorised Police officers may invoke Criminal Procedure Code (CPC) powers to request users to upload their TraceTogether data for criminal investigations. The Singapore Police Force is empowered under the CPC to obtain any data, including TraceTogether data, for criminal investigations," The Register reports.

Read 8 remaining paragraphs | Comments

index?i=AJb39QvhSlw:Ns-raJ4Vj9c:V_sGLiPBpWUindex?i=AJb39QvhSlw:Ns-raJ4Vj9c:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • chevron_right

    Florida police raid home of former state coronavirus data manager

    news.movim.eu / ArsTechnica · Tuesday, 8 December, 2020 - 18:51

Workers removing a sign from a drive-through COVID-19 testing site in Orlando, Fla. in October, 2020.

Enlarge / Workers removing a sign from a drive-through COVID-19 testing site in Orlando, Fla. in October, 2020. (credit: Paul Hennessy | NurPhoto | Getty Images )

Police on Monday raided the Florida home of data scientist Rebekah Jones, who alleged in May that she was fired from her job collating COVID-19 data for the state because she refused to "manipulate" data to make the governor's agenda look more favorable.

"At 8:30 this morning, state police came into my house and took all my hardware and tech," Jones said in a Twitter thread on Monday afternoon. Her initial post included a 30-second video of armed officers pointing guns up a staircase and shouting for Jones' husband and children to come down before another officer shouted, "search warrant!" loudly to no one in particular.

"They pointed a gun in my face. They pointed guns at my kids," Jones added. "They took my phone and the computer I use every day to post the case numbers in Florida, and school cases for the entire country. They took evidence of corruption at the state level."

Read 16 remaining paragraphs | Comments

index?i=975IZwI_uaQ:5pIAxRvs9PU:V_sGLiPBpWUindex?i=975IZwI_uaQ:5pIAxRvs9PU:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA