Wednesday, June 12, 2013

Thoughts on a PRISM Term

by James B. Rule, a sociologist and a scholar at the University of California, Berkeley, School of Law.

"THE revelation that the federal government has been secretly gathering records on the phone calls and online activities of millions of Americans and foreigners seems not to have alarmed most Americans... We privacy watchers and civil libertarians think this complacent response misses a deeply worrying political shift of vast consequence...

Institutions and techniques predictably outlive the intentions of their creators. J. Edgar Hoover went before Congress in 1931 to declare that “any employee engaged in wiretapping will be dismissed from the service of the bureau.” A few decades later, F.B.I. agents were in full pursuit of alleged Communist sympathizers, civil rights workers and the Rev. Dr. Martin Luther King Jr. — using wiretapping, break-ins and other shady tactics.

We must also ask how far we want government to see into our private lives, even in the prevention and punishment of genuine wrongdoing. The promise that one especially egregious sort of crime (terrorism) can be predicted and stopped can tempt us to apply these capabilities to more familiar sorts of troublesome behavior.

Imagine that analysis of telecommunications data reliably identified failure to report taxable income. Who could object to exploiting this unobtrusive investigative tool, if the payoff were a vast fiscal windfall and the elimination of tax evasion? Or suppose we find telecommunications patterns that indicate the likelihood of child abuse or neglect. What lawmaker could resist demands to “do everything possible” to act on such intelligence — either to apprehend the guilty or forestall the crime.

Using surveillance for predictive modeling to prevent all sorts of undesirable or illegal behavior is the logical next step. These possibilities are by no means a fantastical slippery slope — indeed, the idea of pre-empting criminals before they act was envisioned by Philip K. Dick’s short story “The Minority Report,” later a movie starring Tom Cruise." (more)

Business Espionage - FBI Stops "Millions" from Flying Out of the U.S.

NJ - FBI agents arrested an engineer on Wednesday as he was preparing to return to India with trade secrets he allegedly stole from Becton, Dickinson and Co., the Franklin Lakes-based global medical technology company, authorities said.

B-D Patent from the late 1990's
Ketankumar "Ketan" Maniar, 36, an Indian national who lived in Mahwah until last week, had amassed a veritable tool kit for the manufacture of a new pen-like device for injecting drugs that was being developed by Becton Dickinson, authorities said...
 The stolen information was valued in the millions of dollars and could be used by Maniar to set up a new business or sold to a competitor...

If convicted, Maniar could face up to 10 years in prison and a $250,000 fine. (more)

Tuesday, June 11, 2013

Quote of the Year - You Decide

Quote 1: "You are not even aware of what is possible. The extent of their capabilities is horrifying. We can plant bugs in machines. Once you go on the network, I can identify your machine. You will never be safe whatever protections you put in place."

Quote 2: "You can't come up against the world's most powerful intelligence agencies and not accept the risk. If they want to get you, over time they will." (more - with video interview) 

From an interview with Edward Snowden, self-confessed Intelligence Community whistle-blower, now on the run.

Dead man running?
Russia has offered to consider an asylum request from the US whistleblower Edward Snowden... (more) (sing-a-long)

Guess Who Else is Scared of PRISM

Business and the advertising industry!

via... AdAge
Privacy legislation has been brewing in congress for years now, but a combination of public apathy and strong industry opposition has kept it at bay. Could the Prism data surveillance scandal become the watershed moment that propels it forward?

It's too soon to tell how revelations that the U.S. government has been mining web communications and phone logs will impact public opinion, but none of what the government has been implicated in doing would be possible if corporations weren't mining and storing consumer data, often for advertising purposes...
Of course, many in the ad industry hope this government data-gate serves as a foil to commercial data practices, resulting in less focus on how marketers gather and use consumer information. (more)

Sunday, June 9, 2013

"Whatever happened to OPSEC?"

Last week's news sparked much discussion about privacy. Here is one semi-sarcastic exchange between two well-respected, over-50 security professionals...
 

Q. "Whatever happened to OPSEC?"
 

A. "Indeed. Whatever happened to OPSEC?

I think you and I are seeing the "generation gap" from the other side, now.
Yesterday, I was talking to a sixteen year-old about the past week's news (PRISM and the Supreme Court decision on DNA).
 

The attitude was, "So?"
 

Geeez, the under-30 crowd has no expectation of privacy. It is a foreign concept to them. They grew up going to school with cameras aimed at them all day, and Ra-parents checking their email, and cocooning them in play dates and bike helmets. Sprinkle with general self: indulgence, centered-ness, and entitlement, and this is what evolves—a new world where real privacy is a quaint concept.
 

Their new world is "look at me, look at me", tweet, tweet, tweet. The new privacy hinges on SnapChat zaps, and the ability to 'friend' and 'unfriend'.

The first Eloi of this new wave are starting to take their places in business and government. They are being egged on, and in turn enabling, a few dystopian power-elders. Together they constructed PRISM. The flip side of the coin, however, is that they don't get to do it in private.

 

So, to answer the question, OPSEC and Privacy have joined hands... and are skipping on their merry f-ing way to oblivion.

Saturday, June 8, 2013

The PRISM of Surveillance - 2002-2013

The Information Awareness Office (IAO) was established by the Defense Advanced Research Projects Agency (DARPA) in January 2002 to bring together several DARPA projects focused on applying surveillance and information technology to track and monitor terrorists and other asymmetric threats to U.S. national security, by achieving Total Information Awareness (TIA). 

Following public criticism that the development and deployment of this technology could potentially lead to a mass surveillance system, the IAO was defunded by Congress in 2003. 
However, several IAO projects continued to be funded, and merely run under different names. (more) (60's update... "We all prism'ers chicky babe, we all locked in.")

Obama: 'Nobody Is Listening to Your Telephone Calls'

President Barack Obama on Friday defended his administration's vast collection of emails and telephone records, saying the programs help prevent terrorist attacks while imposing only "modest encroachments" on people's privacy...

"When it comes to telephone calls, nobody is listening to your telephone calls," the president said. 

 Mr. Obama made clear that his own views of such intelligence-gathering efforts have evolved since he was a candidate for the presidency in 2008. He suggested he is now more comfortable with the "trade-offs" involved in guarding against terrorism. (more)

Thursday, June 6, 2013

FutureWatch: 24/7 Outdoor Surveillance from 17,000 Feet - Recorded & Searchable

A new camera developed by the Pentagon's research arm was highlighted in a recent special on PBS' "Nova" in an episode called "Rise of the Drones." It's a camera system so detailed it can discern specific movements and even what a subject is wearing.

The Defense Advanced Research Projects Agency's (DARPA's) Autonomous Real-Time Ground Ubiquitous Surveillance Imaging System (ARGUS) has 1.8 billion pixels (1.8 gigapixels), making it the world' highest resolution camera. 




The sensors on the camera are so precise, PBS stated it is the equivalent to the capabilities of 100 Predator drones in a medium city.

Spain - Law to Install Spyware Being Drafted

Spain pushing for right to install government spyware on citizens' devices...

Spanish daily El País reported on Tuesday that the bill, drawn up by the ministry of justice, is still in its draft phase. But should it be passed into law, police authorities would have the power to install spyware on computers, laptops, tablets, mobile phones and even USBs and external hard drives in order to harvest personal information about the owner.

The bill states that targets would have to be suspected of terrorism, organized crime, child pornography, online fraud or cyber-bullying offenses carrying a minimum sentence of three years for the use of spyware to be authorized. The spyware would be installed remotely, the report said, and the target machine would have to be physically located in Spain. (more)


FutureWatch: See a trend?

Technorant - Your children are slaves to their smartphones...

A Caution Sign on the Highway of Life
Summary: (from the article) Today's teens and pre-teens are overly reliant on technology, lazy, self-entitled, and are the worst read of any generation. (more)


The author is a bit harsh, but the article may give smart kids a little help in taking back their lives... if they read it.

Wednesday, June 5, 2013

Secret Files Released - Edward VIII Bugged by His Own Government

Intelligence files kept secret for almost 80 years today reveal that phone calls from Buckingham Palace and the monarch’s Windsor residence, Fort Belvedere, were monitored while he decided whether to give up the throne for Wallis Simpson.

The revelation suggested an extraordinary breakdown of trust between Edward and his Government amid the constitutional crisis in December 1936.

The Cabinet papers also show the huge lengths the then Home Secretary Sir John Simon went to try and keep a lid on the looming controversy after a journalist leaked the story. (more)

A 'Trust But Verify' SpyWare App

"Within 3 months more than 80k people used Spy Your Love mobile application to spy their partner’s mobile phone (7000 couples are still daily using application). 

Spy your Love is mobile application that comes with controversial solution of partner's cheating and trust issues. Solution is based on mutual and voluntary monitoring/sharing of phone calls, SMS and Facebook messages. Mutual means that both partners are spying each other. Partners are losing 15% of their privacy but getting 90% assurance that their partner is faithful." (more)

Grain-of-Salt Alert: This excerpted from a Slovakian press release, hence the odd syntax. It is, however, an interesting spyware app concept.

Moto X - The Creepy Boyfriend You Never Knew You Wanted

Imagine a spy with access to a second-by-second record of your location and all of your electronic communications—and which is also the world’s most sophisticated superbrain, capable of mining all that information, big data-style, for unexpected connections... 

...the Moto X... essentially, it’s the world’s most sophisticated cluster of sensors you can wear on your person, and it’s going to know every single thing you do, whether it’s driving, sleeping or taking a walk around the block. Google is betting that you will love your pocket Stasi so much you’ll never want to be without it—and Google is right...

For example, the phone knows how fast you’re traveling, so it might not let you text while driving. And it has enough contextual information to know not only whether or not you just took it out of your pocket, but also why you just took it out of your pocket, so it can immediately fire up the camera app when you want to take a picture...

It’s the fact that Google’s forthcoming phone will start to know that “why”—the causal connections that stitch together our actions and desires—that is nothing short of astonishing...
Normal smartphones are limited in their ability to spy on you because their makers never anticipated that this is a thing you’d want to do. (more)

Tuesday, June 4, 2013

The VD of Apple iOS Devices - Unsafe Charging

Using the bogus charger, a team from Georgia Institute of Technology managed to infect a phone with a virus in less than a minute.  

Any device using Apple's iOS operating system would be as vulnerable to infection, claim the trio. More details of their work will be given at the upcoming Black Hat USA hacker conference. (more)

But this will not surprise our regular Security Scrapbook readers... "Joseph Mlodzianowski and Robert Rowley, built a juice jacking kiosk at Defcon 2011 to educate the masses about the risks associated with blindly plugging in mobile devices." (more)

Sunday, June 2, 2013

Attention High School Seniors: Get a Spy Job... Sha na na na, sha na na na na,

When the NSA’s brand-new $1.2 billion data center goes live in Bluffdale, Utah this fall, the nation’s spy agency is going to need a special kind of person to keep the lights on, the networks humming, and the servers from melting down.

So two years ago, the agency got in touch with Richard Brown, the dean of the College of Engineering at the University of Utah, and asked him to craft a special program that could teach computer science students all of the networking, electrical engineering, and server cooling skills that they’d need to run one of the world’s largest data centers...
 
His school’s Data Center Engineering program will go live this fall, with bachelors and masters-level certifications. With its cool climate and inexpensive energy, Utah is already home to data center facilities for many tech companies including Twitter, eBay, Workday and Oracle. (more) (sing-a-long)