Entries Tagged "FBI"

Page 14 of 23

The Efficacy of Post-9/11 Counterterrorism

This is an interesting article. The authors argue that the whole war-on-terror nonsense is useless—that’s not new—but that the security establishment knows it doesn’t work and abandoned many of the draconian security measures years ago, long before Obama became president. All that’s left of the war on terror is political, as lawmakers fund unwanted projects in an effort to be tough on crime.

I wish it were true, but I don’t buy it. The war on terror is an enormous cash cow, and law enforcement is spending the money as fast as it can get it. It’s also a great stalking horse for increases in police powers, and I see no signs of agencies like the FBI or the TSA not grabbing all the power they can.

The second half of the article is better. The authors argue that openness, not secrecy, improves security:

The worst mistakes and abuses of the War on Terror were possible, in no small part, because national security is still practiced more as a craft than a science. Lacking rigorous evaluations of its practices, the national security establishment was particularly vulnerable to the panic, grandiosity, and overreach that colored policymaking in the wake of 9/11.

To avoid making those sorts of mistakes again, it is essential that we reimagine national security as an object of scientific inquiry. Over the last four centuries, virtually every other aspect of statecraft—from the economy to social policy to even domestic law enforcement—has been opened up to engagement with and evaluation by civil society. The practice of national security is long overdue for a similar transformation.

Maintaining the nation’s security of course will continue to require some degree of secrecy. But there is little reason to think that appropriate secrecy is inconsistent with a fact-based culture of robust and multiplicative inquiry. Indeed, to whatever partial extent that culture already exists within the national security establishment, it has led the move away from many of the counterproductive security measures established after 9/11.

Yet, in the ten years that Congress has been debating issues like coercive interrogation, ethnic profiling, and military tribunals, the House and Senate Intelligence committees, which have all the proper security clearances to evaluate such questions, have never established any formal process to consistently evaluate and improve the effectiveness of U.S. counterterrorism measures.

Establishing proper oversight and evaluation of the efficacy of our security practices will not come easily, for the security craft guards its claims to privileged knowledge jealously. But as long as the practice of security remains hidden behind a veil of classified documents and accepted wisdoms handed down from generation to generation of security agents, our national security apparatus will never become fully modern.

Here’s the report the article was based on.

Posted on September 2, 2011 at 1:34 PMView Comments

Cryptography and Wiretapping

Matt Blaze analyzes the 2010 U.S. Wiretap Report.

In 2000, government policy finally reversed course, acknowledging that encryption needed to become a critical part of security in modern networks, something that deserved to be encouraged, even if it might occasionally cause some trouble for law enforcement wiretappers. And since that time the transparent use of cryptography by everyday people (and criminals) has, in fact, exploded. Crypto software and algorithms, once categorized for arms control purposes as a “munition” alongside rocket launchers and nuclear triggers, can now be openly discussed, improved and incorporated into products and services without the end user even knowing that it’s there. Virtually every cellular telephone call is today encrypted and effectively impervious to unauthorized over-the-air eavesdropping. Web transactions, for everything from commerce to social networking, are now routinely encrypted end-to-end. (A few applications, particularly email and wireline telephony, remain stubbornly unencrypted, but they are increasingly the exception rather than the rule.)

So, with this increasing proliferation of eavesdrop-thwarting encryption built in to our infrastructure, we might expect law enforcement wiretap rooms to have become quiet, lonely places.

But not so fast: the latest wiretap report identifies a total of just six (out of 3194) cases in which encryption was encountered, and that prevented recovery of evidence a grand total of … (drumroll) … zero times. Not once. Previous wiretap reports have indicated similarly minuscule numbers.

I second Matt’s recommendation of Susan Landau’s book: Surveillance or Security: The Risks Posed by New Wiretapping Technologies (MIT Press, 2011). It’s an excellent discussion of the security and politics of wiretapping.

Posted on July 27, 2011 at 2:10 PMView Comments

Smuggling Drugs in Unwitting People's Car Trunks

This is clever:

A few miles away across the Rio Grande, the FBI determined that Chavez and Gomez were using lookouts to monitor the SENTRI Express Lane at the border. The lookouts identified “targets”—people with regular commutes who primarily drove Ford vehicles. According to the FBI affidavit, the smugglers would follow their targets and get the vehicle identification number off the car’s dashboard. Then a corrupt locksmith with access to Ford’s vehicle database would make a duplicate key.

Keys in hand, the gang would put drugs in a car at night in Mexico and then pick up their shipment from the parked vehicle the next morning in Texas, authorities say.

This attack works because 1) there’s a database of keys available to lots of people, and 2) both the SENTRI system and the victims are predictable.

Posted on July 25, 2011 at 5:59 AMView Comments

Members of "Anonymous" Hacker Group Arrested

The police arrested sixteen suspected members of the Anonymous hacker group.

Whatever you may think of their politics, the group committed crimes and their members should be arrested and prosecuted. I just hope we don’t get a media flurry about how they were some sort of cyber super criminals. Near as I can tell, they were just garden variety hackers who were lucky and caught a media wave.

EDITED TO ADD (7/19): I understand that the particular people arrested are innocent until proven guilty—hence my use of the word “suspected” in the first sentence—but there doesn’t seem any question that members of the group claimed credit for criminal cyber attacks. I suppose I could have said “the group allegedly committed crimes,” but that seemed overly cautious.

And yes, I agree that calling them a “group” is probably giving them more organizational credit than they have.

EDITED TO ADD (7/19): More news articles.

EDITED TO ADD (7/25): Last December, Richard Stallman wrote about the Anonymous group and their actions as a form of protest.

EDITED TO ADD (8/12): Department of Justice press release on the arrests.

Posted on July 19, 2011 at 2:50 PMView Comments

Degree Plans of the Future

You can now get a Master of Science in Strategic Studies in Weapons of Mass Destruction. Well, maybe you can’t:

“It’s not going to be open enrollment (or) traditional students,” Giever said. “You worry about whether you might be teaching the wrong person this stuff.”

At first, the FBI will select students from within its ranks, though Giever wants to open it to other law enforcement agencies. Rather than traditional tuition, agencies will contract with the school, paying about $300,000 a year for groups of 15 to 20 full-time students, according to documents submitted to the board of governors of the State System of Higher Education.

Posted on July 15, 2011 at 6:31 AMView Comments

25% of U.S. Criminal Hackers are Police Informants

I have no idea if this is true:

In some cases, popular illegal forums used by cyber criminals as marketplaces for stolen identities and credit card numbers have been run by hacker turncoats acting as FBI moles. In others, undercover FBI agents posing as “carders” ­—hackers specialising in ID theft ­—have themselves taken over the management of crime forums, using the intelligence gathered to put dozens of people behind bars.

So ubiquitous has the FBI informant network become that Eric Corley, who publishes the hacker quarterly, 2600, has estimated that 25% of hackers in the US may have been recruited by the federal authorities to be their eyes and ears. “Owing to the harsh penalties involved and the relative inexperience with the law that many hackers have, they are rather susceptible to intimidation,” Corley told the Guardian.

But if I were the FBI, I would want everyone to believe that it’s true.

Posted on June 8, 2011 at 3:46 PMView Comments

Hijacking the Coreflood Botnet

Earlier this month, the FBI seized control of the Coreflood botnet and shut it down:

According to the filing, ISC, under law enforcement supervision, planned to replace the servers with servers that it controlled, then collect the IP addresses of all infected machines communicating with the criminal servers, and send a remote “stop” command to infected machines to disable the Coreflood malware operating on them.

This is a big deal; it’s the first time the FBI has done something like this. My guess is that we’re going to see a lot more of this sort of thing in the future; it’s the obvious solution for botnets.

Not that the approach is without risks:

“Even if we could absolutely be sure that all of the infected Coreflood botnet machines were running the exact code that we reverse-engineered and convinced ourselves that we understood,” said Chris Palmer, technology director for the Electronic Frontier Foundation, “this would still be an extremely sketchy action to take. It’s other people’s computers and you don’t know what’s going to happen for sure. You might blow up some important machine.”

I just don’t see this argument convincing very many people. Leaving Coreflood in place could blow up some important machine. And leaving Coreflood in place not only puts the infected computers at risk; it puts the whole Internet at risk. Minimizing the collateral damage is important, but this feels like a place where the interest of the Internet as a whole trumps the interest of those affected by shutting down Coreflood.

The problem as I see it is the slippery slope. Because next, the RIAA is going to want to remotely disable computers they feel are engaged in illegal file sharing. And the FBI is going to want to remotely disable computers they feel are encouraging terrorism. And so on. It’s important to have serious legal controls on this counterattack sort of defense.

Some more commentary.

Posted on May 2, 2011 at 6:52 AMView Comments

Security Risks of Running an Open WiFi Network

As I’ve written before, I run an open WiFi network. It’s stories like these that may make me rethink that.

The three stories all fall along the same theme: a Buffalo man, Sarasota man, and Syracuse man all found themselves being raided by the FBI or police after their wireless networks were allegedly used to download child pornography. “You’re a creep… just admit it,” one FBI agent was quoted saying to the accused party. In all three cases, the accused ended up getting off the hook after their files were examined and neighbors were found to be responsible for downloading child porn via unsecured WiFi networks.

EDITED TO ADD (4/29): The EFF is calling for an open wireless movement. I approve.

Posted on April 26, 2011 at 6:59 AMView Comments

1 12 13 14 15 16 23

Sidebar photo of Bruce Schneier by Joe MacInnis.