Page 412

These Pickpocket Secrets Will Make You Cry

Pickpocket tricks explained by neuroscience.

So while sleight of hand helps, it’s as much about capturing all of somebody’s attention with other movements. Street pickpockets also use this effect to their advantage by manufacturing a situation that can’t help but overload your attention system. A classic trick is the ‘stall’, used by pickpocketing gangs all over the world. First, a ‘blocker’, walks in front of the victim (or ‘mark’) and suddenly stops so that the mark bumps into them. Another gang member will be close behind and will bump into both of them and then start a staged argument with the blocker. Amid the confusion one or both of them steal what they can and pass it to a third member of the gang, who quickly makes off with the loot.

I’ve seen Apollo Robbins in action. He’s very good.

Tags: , , , ,

Posted on July 8, 2014 at 6:22 AMView Comments

The Simple Trick that Will Keep You Secure from Government Spies

Last week, the German government arrested someone and charged him with spying for the US. Buried in one of the stories was a little bit of tradecraft. The US gave him an encryption program embedded in a—presumably common—weather app. When you select the weather for New York, it automatically opens a crypto program. I assume this is a custom modification for the agent, and probably other agents as well. No idea how well this program was hidden. Was the modified weather app the same size as the original? Would it pass an integrity checker?

Related: there is an undocumented encryption feature in my own Password Safe program. From the command line, type: pwsafe -e filename

Tags: , , , , , , ,

Posted on July 7, 2014 at 1:51 PMView Comments

NSA Employee Flees to Hong Kong—You Won't Believe What Happens Next

The latest story from the Snowden documents analyzes a large cache of intercepted conversations—actual operational data—and concludes that 90% of the individuals eavesdropped on were not the targets of the surveillance.

Many of them were Americans. Nearly half of the surveillance files, a strikingly high proportion, contained names, e-mail addresses or other details that the NSA marked as belonging to U.S. citizens or residents. NSA analysts masked, or “minimized,” more than 65,000 such references to protect Americans’ privacy, but The Post found nearly 900 additional e-mail addresses, unmasked in the files, that could be strongly linked to U.S. citizens or U.S.residents.

[…]

Many other files, described as useless by the analysts but nonetheless retained, have a startlingly intimate, even voyeuristic quality. They tell stories of love and heartbreak, illicit sexual liaisons, mental-health crises, political and religious conversions, financial anxieties and disappointed hopes. The daily lives of more than 10,000 account holders who were not targeted are catalogued and recorded nevertheless.

Note that this is data that the NSA has repeatedly assured us that Snowden did not have access to.

EDITED TO ADD (7/7): Benjamin Wittes has a good commentary on this.

EDITED TO ADD (7/11): Washington Post reporter Bart Gellman provides some additional context for the story.

EDITED TO ADD(7/14): Good commentaries

Posted on July 7, 2014 at 5:57 AMView Comments

Web Activity Used in Court to Portray State of Mind

I don’t care about the case, but look at this:

“Among the details police have released is that Harris and his wife, Leanna, told them they conducted Internet searches on how hot a car needed to be to kill a child. Stoddard testified Thursday that Ross Harris had visited a Reddit page called “child-free” and read four articles. He also did an Internet search on how to survive in prison, Stoddard said.

“Also, five days before Cooper died, Ross Harris twice viewed a sort of homemade public service announcement in which a veterinarian demonstrates on video the dangers of leaving someone or something inside a hot car.”

Stoddard is a police detective. It seems that they know about his web browsing because they seized and searched his computer:

…investigators confiscated Harris’ work computer at Home Depot following his arrest and discovered an Internet search about how long it would take for an animal to die in a hot car.

Stoddard also testified that Harris was “sexting”—is this a word we use in court now?—with several women on the day of his son’s death, and sent explicit pictures to one of them. I assume he knows that by looking at Harris’s message history.

A bunch of this would not be admissible in trial, but this was a probable-cause hearing, and the rules are different for those. CNN writes: “a prosecutor insisted that the testimony helped portray the defendant’s state of mind and spoke to the negligence angle and helped establish motive.”

This case aside, is there anyone reading this whose e-mails, text messages, and web searches couldn’t be cherry-picked to portray any state of mind a prosecutor might want to portray? (Qu’on me donne six lignes écrites de la main du plus honnête homme, j’y trouverai de quoi le faire pendre.Cardinal Richelieu.)

Tags: , , , , , ,

Posted on July 4, 2014 at 6:24 AMView Comments

NSA Targets the Privacy-Conscious for Surveillance

Jake Appelbaum et al., are reporting on XKEYSCORE selection rules that target users—and people who just visit the websites of—Tor, Tails, and other sites. This isn’t just metadata; this is “full take” content that’s stored forever.

This code demonstrates the ease with which an XKeyscore rule can analyze the full content of intercepted connections. The fingerprint first checks every message using the “email_address” function to see if the message is to or from “bridges@torproject.org”. Next, if the address matched, it uses the “email_body” function to search the full content of the email for a particular piece of text – in this case, “https://bridges.torproject.org/”. If the “email_body” function finds what it is looking for, it passes the full email text to a C++ program which extracts the bridge addresses and stores them in a database.

[…]

It is interesting to note that this rule specifically avoids fingerprinting users believed to be located in Five Eyes countries, while other rules make no such distinction. For instance, the following fingerprint targets users visiting the Tails and Linux Journal websites, or performing certain web searches related to Tails, and makes no distinction about the country of the user.

[…]

There are also rules that target users of numerous other privacy-focused internet services, including HotSpotShield, FreeNet, Centurian, FreeProxies.org, MegaProxy, privacy.li and an anonymous email service called MixMinion as well as its predecessor MixMaster. The appid rule for MixMinion is extremely broad as it matches all traffic to or from the IP address 128.31.0.34, a server located on the MIT campus.

It’s hard to tell how extensive this is. It’s possible that anyone who clicked on this link—with the embedded torproject.org URL above—is currently being monitored by the NSA. It’s possible that this only will happen to people who receive the link in e-mail, which will mean every Crypto-Gram subscriber in a couple of weeks. And I don’t know what else the NSA harvests about people who it selects in this manner.

Whatever the case, this is very disturbing.

EDITED TO ADD (7/3): The BoingBoing story says that this was first published on Tagesschau. Can someone who can read German please figure out where this originated.

And, since Cory said it, I do not believe that this came from the Snowden documents. I also don’t believe the TAO catalog came from the Snowden documents. I think there’s a second leaker out there.

EDITED TO ADD (7/3): More news stories. Thread on Reddit. I don’t expect this to get much coverage in the US mainstream media.

EDITED TO ADD (7/3): Here is the code. In part:

// START_DEFINITION
/*
These variables define terms and websites relating to the TAILs (The Amnesic
Incognito Live System) software program, a comsec mechanism advocated by
extremists on extremist forums.
*/

$TAILS_terms=word(‘tails’ or ‘Amnesiac Incognito Live System’) and
word(‘linux’
or ‘ USB ‘ or ‘ CD ‘ or ‘secure desktop’ or ‘ IRC ‘ or ‘truecrypt’ or ‘
tor ‘);
$TAILS_websites=(‘tails.boum.org/’) or (‘linuxjournal.com/content/linux*’);
// END_DEFINITION

// START_DEFINITION
/*
This fingerprint identifies users searching for the TAILs (The Amnesic
Incognito Live System) software program, viewing documents relating to
TAILs,
or viewing websites that detail TAILs.
*/
fingerprint(‘ct_mo/TAILS’)=
fingerprint(‘documents/comsec/tails_doc’) or web_search($TAILS_terms) or
url($TAILS_websites) or html_title($TAILS_websites);
// END_DEFINITION

Hacker News and Slashdot threads. ArsTechnica and Wired articles.

EDITED TO ADD (7/4): EFF points out that it is illegal to target someone for surveillance solely based on their reading:

The idea that it is suspicious to install, or even simply want to learn more about, tools that might help to protect your privacy and security underlies these definitions—and it’s a problem. Everyone needs privacy and security, online and off. It isn’t suspicious to buy curtains for your home or lock your front door. So merely reading about curtains certainly shouldn’t qualify you for extra scrutiny.

Even the U.S. Foreign Intelligence Surveillance Court recognizes this, as the FISA prohibits targeting people or conducting investigations based solely on activities protected by the First Amendment. Regardless of whether the NSA is relying on FISA to authorize this activity or conducting the spying overseas, it is deeply problematic.

Tags: , , , , ,

Posted on July 3, 2014 at 11:01 AMView Comments

Goldman Sachs Demanding E-Mail Be Deleted

Goldman Sachs is going to court to demand that Google retroactively delete an e-mail it accidentally sent.

The breach occurred on June 23 and included “highly confidential brokerage account information,” Goldman said in a complaint filed last Friday in a New York state court in Manhattan.

[…]

Goldman said the contractor meant to email her report, which contained the client data, to a “gs.com” account, but instead sent it to a similarly named, unrelated “gmail.com” account.

The bank said it has been unable to retrieve the report or get a response from the Gmail account owner. It said a member of Google’s “incident response team” reported on June 26 that the email cannot be deleted without a court order.

“Emergency relief is necessary to avoid the risk of inflicting a needless and massive privacy violation upon Goldman Sachs’ clients, and to avoid the risk of unnecessary reputational damage to Goldman Sachs,” the bank said.

“By contrast, Google faces little more than the minor inconvenience of intercepting a single email – an email that was indisputably sent in error,” it added.

EDITED TO ADD (7/7): Google deleted the unread e-mail, without waiting for a court order.

Tags: , , , , ,

Posted on July 3, 2014 at 5:46 AMView Comments

How Traffic Shaping Can Help the NSA Evade Legal Oversight

New research paper on how the NSA can evade legal prohibitions against collecting Internet data and metadata on Americans by forcing domestic traffic to leave and return to the US. The general technique is called “traffic shaping,” and has legitimate uses in network management.

From a news article:

The Obama administration previously said there had been Congressional and Judicial oversight of these surveillance laws—notably Section 215 of the Patriot Act, which authorized the collection of Americans’ phone records; and Section 702 of the Foreign Intelligence Surveillance Act (FISA), which authorized the controversial PRISM program to access non-U.S. residents’ emails, social networking, and cloud-stored data.

But the researchers behind this new study say that the lesser-known Executive Order (EO) 12333, which remains solely the domain of the Executive Branch—along with United States Signals Intelligence Directive (USSID) 18, designed to regulate the collection of American’s data from surveillance conducted on foreign soil—can be used as a legal basis for vast and near-unrestricted domestic surveillance on Americans.

The legal provisions offered under EO 12333, which the researchers say “explicitly allows for intentional targeting of U.S. persons” for surveillance purposes when FISA protections do not apply, was the basis of the authority that reportedly allowed the NSA to tap into the fiber cables that connected Google and Yahoo’s overseas to U.S. data centers.

An estimated 180 million user records, regardless of citizenship, were collected from Google and Yahoo data centers each month, according to the leaked documents. The program, known as Operation MUSCULAR, was authorized because the collection was carried out overseas and not on U.S. soil, the researchers say.

The paper also said surveillance can also be carried out across the wider Internet by routing network traffic overseas so it no longer falls within the protection of the Fourth Amendment.

We saw a clumsy example of this in 2013, when a bunch of Internet traffic was mysteriously routed through Iceland. That one was the result of hacking the Border Gateway Protocol (BGP). I assure you that the NSA’s techniques are more effective and less obvious.

EDITED TO ADD (7/13): Author responds to NSA comments.

Tags: , , , , , , ,

Posted on July 1, 2014 at 3:23 PMView Comments

← Earlier EntriesLater Entries →

Sidebar photo of Bruce Schneier by Joe MacInnis.