So, when you log in to your FaceMyTwiBookSpacetter account next time, do you know who your “friends” are? Back in 2008 we had fun with the fact that Satan was on our friends list. But now, it turns out that some of those people in your list might be wearing the mirrored sunglasses with the ear piece.
From Wired:
The next time someone tries to “friend” you on Facebook, it may turn out to be an undercover fed looking to examine your private messages and photos, or surveil your friends and family. The Electronic Frontier Foundation has obtained an internal Justice Department document that describes what law enforcement is doing on social networking sites.
The 33-page document shows that law enforcement agents from local police to the FBI and Secret Service have been logging on to MySpace and other sites undercover to communicate with suspects, read private postings and view photos and videos that are restricted to a user’s friends.
This puts a decidedly bizarre bent on criminal investigations. How many people did they add that were not of a criminal disposition? Did any of this information ultimately get used in court and would it be admissible?
For more on this story read on.
(Image used under CC from Dunechaser)
With the rising tide of threats it has become apparent to the powers that be in Ottawa that they need some help. Now, they’ve turned to private industry for help. If film is any indication that isn’t always the best route.
Sorry, couldn’t resist.
From The Globe and Mail:
CSIS’s corporate-outreach program, which started in the 1990s, largely fell by the wayside during the years after the Sept. 11 attacks in the United States, when fighting terrorism absorbed nearly all the spy service’s energies.
But emerging threats – including shadowy-but-powerful hacker networks based in China – are sparking a renewed federal interest in forging partnerships between the corporate and intelligence worlds.
“CSIS has and continues to speak with various corporations in Canada on potential security threats, which may have an impact on national security interests,” CSIS spokeswoman Isabelle Scott said in an e-mailed response to questions from The Globe and Mail. “CSIS alerts firms to common covert methods used by those who may target them.”
The real harm here is that organization such as CSIS don’t have the resources to hire and retain the talent required to handle emerging threats.
For more on this, read on.
(Image used under CC from romulusnr)
Ah, the epic fail abounds today. Now, having formerly worked for the DoD as a contractor I can say there are good contractors and others that should be given a cigarette and a blindfold.
I wonder where I’m leaning on this story.
From the WSJ:
Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations.
Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes’ systems. Shiite fighters in Iraq used software programs such as SkyGrabber — available for as little as $25.95 on the Internet — to regularly capture drone video feeds, according to a person familiar with reports on the matter.
Now, first off this isn’t hacking. Transmission was/is in the clear. It’s just piss poor design and I’m rather amazed that this one made it into the field without someone catching it. Or maybe they did and were told to hush up in favour of meeting deadlines?
If you send data, or anything else for that matter in clear text, you have zero expectation of privacy. Zilch, zip, nada and bubkiss.
Just to put this firmly in perspective for our non-technical readers this is as secure as…
Or this…
For more on this story please follow the link to the WSJ article.
Article Link (Thx Brooks)
UPDATE: More information on this story from Wired. Apparently, this clear text problem affects more than just drone aircraft.
Ah, that old chestnut. Apparently there is concern that Microsoft has built in a backdoor for the NSA into each copy of Windows 7.
From Computer World:
“The key problem is that NSA has a dual mission, COMPUSEC, computer security, now called cyber security, and SIGINT, signals intelligence, in other words surveillance,” Rotenberg said in an e-mail.
Yesterday, he raised the issue, which isn’t new, of whether the NSA pressures companies like Microsoft to craft so-called “backdoors” into their code that would let the agency track users and intercept users’ communications. Rotenberg called it an “obvious concern,” and added that it might be difficult for major software makers to turn down NSA “suggestions” because the U.S. federal government is an important customer.
I find it interesting that this comes up every time Microsoft releases a new OS. Never gets old. Let’s just all stipulate that, yes, the folks in the puzzle palace can get into your computer any time they want.
For the full article read on.
Hmm. It appears that Palm is a little too interested in what its Palm Pre handset users are up to. A Sprint customer, Joey Hess, discovered that his phone had been happily chirping away sending his info to Palm.
From The Telegraph:
The software developer said that log files for the handset show that his phone has been sending data back to Palm on a regular basis.
Mr Hess said that although the data was sent over a secure link, it contained information about his location, and a list of the applications installed on his handset. It showed how long he spent using those applications, and sent back crash data whenever applications unexpectedly quit.
The information was sent to Palm over a secure channel. Which would mean something if he had consented to the aforementioned monitoring.
Now, I understand crash reports and the like but, this appears at least from the article and the buzz on the tubes to be more than that. At least with crash reports on Microsoft and Apple systems there is a go no go option presented to the user as to whether or not they want to send.
Palm said its privacy policy was similar to many others in the industry. “[It] includes very detailed language about potential scenarios in which we might use a customer’s information, all toward a goal of offering a great user experience,” said the company in a statement. “For instance, when location based services are used, we collect their information to give them relevant local results in Google Maps. We appreciate the trust that users give us with their information, and have no intention to violate that trust.”
The road to hell is paved with good intentions.
So it would appear that the FBI was leaning hard on the Patriot Act last year. Were they trying to get their kicks in before the party was to end with the inauguration of President Obama?
From Wired:
FISA-court authorizations for national security and counter-terrorism wiretaps dropped last year by almost 300, a new Justice Department report to Congress shows. But the FBI’s use of “national security letters” to get information on Americans without a court order increased dramatically, from 16,804 in 2007 to 24,744 in 2008.
The 2008 requests targeted 7,225 U.S. people.
This is still much lower than the number of NSLs issued in 2006 — more than 49,000 — but indicates that the FBI’s reliance on the self-authorized subpoenas is rebounding, after audits in 2006 and 2007 revealed the bureau had been abusing the tool.
So how is the tracking for 2009? I’d be interested i those kind of stats are available.
Greed strikes again. This time a senior US military official with top secret clearance has apparently betrayed his country.
From Dark Reading:
According to a Department of Justice announcement, officials have charged James Wilbur Fondren Jr., deputy director for the U.S. Pacific Command (PACOM) Washington Liaison Office, with espionage conspiracy for providing classified information to an agent of a foreign government. Fondren sold information to a Taiwanese-American man in the form of “opinion papers” that included classified DoD data via an at-home consulting business he ran on the side, according to the affidavit filed this week.
This classic case of espionage also highlights the dangers of the insider threat: Fondren had both a classified DoD computer as well as an unclassified one on his desk.
The odd part is that he will only face a possible 5 year sentence and a fine. Seems a tad light for selling out your country.
The NSA serves a real purpose. I won’t dispute that. Where I have historically had a problem is when the law is flouted and power goes unchecked. More on the surveillance program came to light yesterday in a piece on the NY Times. The article described how the NSA was flagged by the Justice Department because they had,
“detected issues that raised concerns,” it said. Justice Department officials then “took comprehensive steps to correct the situation and bring the program into compliance” with the law and court orders, the statement said.
The phrase “took comprehensive steps” speaks to me on a level that I care not hear. So, what was the root of what I’m rambling on about?
From NY Times:
The National Security Agency intercepted private e-mail messages and phone calls of Americans in recent months on a scale that went beyond the broad legal limits established by Congress last year, government officials said in recent interviews.
Several intelligence officials, as well as lawyers briefed about the matter, said the N.S.A. had been engaged in “overcollection” of domestic communications of Americans. They described the practice as significant and systemic, although one official said it was believed to have been unintentional.
Unintentional. Hmm, that ranks right up there with “the cheque is in the mail”.
Not biting.
But, everything will get better now that the Obama administration is on the job, right?
(play echo)
From the EFF:
The Obama Administration’s shocking decision to assert Bush-era arguments in its motion to dismiss EFF’s case against the government for warrantless wiretapping, Jewel v. NSA, has been slowly working its way into the mainstream news. We’re still hoping for more coverage, but for now there are several examples of recent reporting that are worth pointing to.
Sorry, they’re using Bush-era arguments? Ouch. But, this must all be a misunderstanding, right? Afterall, at least one official said that it was “unintentional”.
From CNET:
The National Security Agency tried to wiretap a member of the U.S. Congress without a warrant, and has engaged in “significant and systemic” illegal surveillance activities in the last few months
Um, yeah. I want to get off now. This ride is making me nauseous.
“Sometimes it feels like, somebody’s watching meeee”
Under the guise of protecting intellectual property, RIM, has admitted that they record every phone call on company lines.
From CNET:
“Everything I have that’s on RIM is recorded and retained as RIM. So if they want to have a chat with somebody and it’s not a chat that’s within RIM’s domain, then they may want their own personal device,” she said.
When asked exactly whether it was conversations, rather than just written information she kept tabs on, Bienfait answered: “Everything. I record everything.”
It wasn’t a violation of privacy, according to Bienfait, who maintained the workers were aware of the surveillance: “They’re doing business inside of RIM. Everything they can say or do can be patented…We’re not violating anybody’s privacy. They’re aware that their information is transparent and in visibility.”
Most firms these days monitor their employees email and occasionally phone calls. RIM has gone for the full package. I understand, as do most, that communications may be monitored. But, I wonder how this plays out from a legal aspect in Canada. Not to mention in other countries where RIM has operations that have laws regarding taping conversations.
According to a report released this week from a think tank, co-founded by RIM co-CEO Jim Balsillie, Canada needs to step its spying efforts on the Chinese.
Um m’kay which would most likely mean something if Canada had a foreign spy service.
A study released this week, A Reassessment of Canada’s Interests in China, finds that Ottawa’s failure to keep its eyes and ears trained on the world’s most populous, and economically dynamic, country is having consequences. Much of the study’s focus is on China’s unconstrained spying and Canada’s relative naiveté.
For example, Ottawa’s envoys to China are said to be so Mandarin-illiterate that they “cannot even read the local daily newspaper” without soliciting the help of locals, whose loyalties are always in question.
And because diplomats are felt to be doing a poor job of interpreting China for Ottawa, federal intelligence agencies are urged to step up.
Hmm, so will we get a foreign spy agency? And why doesn’t this country have one? It’s odd when you consider the long rich history that Canada has on the world stage. Intrepid, Camp X et cetera.
So, where was I? Oh right. Evil everywhere, run screaming…blah, blah, blah.
