FBI Archives - Page 17 of 23 - Schneier on Security

Entries Tagged "FBI"

Page 17 of 23

The FBI and Wiretaps

To aid their Wall Street investigations, the FBI used DCSNet, their massive surveillance system.

Prosecutors are using the FBI’s massive surveillance system, DCSNet, which stands for Digital Collection System Network. According to Wired magazine, this system connects FBI wiretapping rooms to switches controlled by traditional land-line operators, internet-telephony providers and cellular companies. It can be used to instantly wiretap almost any communications device in the U.S.—wireless or tethered. In other words, you and I have no privacy. The government can listen in on any call made in the continental U.S. (This is all well and good if you trust every government employee. But what if an attorney general running for higher office will do anything to finger a high-profile target? Or what if a prosecutor has a personal grudge he’d like to fulfill? It seems to me it would be easy for this power to fall into the wrong hands.)

Posted on November 2, 2009 at 8:57 AM • View Comments

Matthew Weigman

Fascinating story of a 16-year-old blind phone phreaker.

One afternoon, not long after Proulx was swatted, Weigman came home to find his mother talking to what sounded like a middle-aged male. The man introduced himself as Special Agent Allyn Lynd of the FBI’s cyber squad in Dallas, which investigates hacking and other computer crimes. A West Point grad, Lynd had spent 10 years combating phreaks and hackers. Now, with Proulx’s cooperation, he was aiming to take down Stuart Rosoff and the Wrecking Crew—and he wanted Weigman’s help.

Lynd explained that Rosoff, Roberson and other party-liners were being investigated in a swatting conspiracy. Because Weigman was a minor, however, he would not be charged—as long as he cooperated with the authorities. Realizing that this was a chance to turn his life around, Weigman confessed his role in the phone assaults.

Weigman’s auditory skills had always been central to his exploits, the means by which he manipulated the phone system. Now he gave Lynd a first-hand display of his powers. At one point during the visit, Lynd’s cellphone rang. “I can’t talk to you right now,” the agent told the caller. “I’m out doing something.” When he hung up, Weigman turned to him from across the room. “Oh,” the kid asked, “is that Billy Smith from Verizon?”

Lynd was stunned. William Smith was a fraud investigator with Verizon who had been working with him on the swatting case. Weigman not only knew all about the man and his role in the investigation, but he had identified Smith simply by hearing his Southern-accented voice on the cellphone—a sound which would have been inaudible to anyone else in the room. Weigman then shocked Lynd again, rattling off the names of a host of investigators working for other phone companies. Matt, it turned out, had spent weeks identifying phone-company employees, gaining their trust and obtaining confidential information about the FBI investigation against him. Even the phone account in his house, he revealed to Lynd, had been opened under the name of a telephone-company investigator. Lynd had rarely seen anything like it—even from cyber gangs who tried to hack into systems at the White House and the FBI. “Weigman flabbergasted me,” he later testified.

Posted on September 1, 2009 at 6:21 AM • View Comments

The Security Risks of Accepting Free Laptops

Weird:

The U.S. Federal Bureau of Investigation is trying to figure out who is sending laptop computers to state governors across the U.S., including West Virginia Governor Joe Mahchin and Wyoming Governor Dave Freudenthal. Some state officials are worried that they may contain malicious software.

Posted on August 28, 2009 at 12:27 PM • View Comments

Actual Security Theater

As part of their training, federal agents engage in mock exercises in public places. Sometimes, innocent civilians get involved.

Every day, as Washingtonians go about their overt lives, the FBI, CIA, Capitol Police, Secret Service and U.S. Marshals Service stage covert dramas in and around the capital where they train. Officials say the scenarios help agents and officers integrate the intellectual, physical and emotional aspects of classroom instruction. Most exercises are performed inside restricted compounds. But they also unfold in public parks, suburban golf clubs and downtown transit stations.

Curtain up on threat theater—a growing, clandestine art form. Joseph Persichini, Jr., assistant director of the FBI’s Washington field office, says, “What better way to adapt agents or analysts to cultural idiosyncrasies than role play?”

For the public, there are rare, startling peeks: At a Holiday Inn, a boy in water wings steps out of his seventh floor room into a stampede of federal agents; at a Bowie retirement home, an elderly woman panics as a role-player collapses, believing his seizure is real; at a county museum, a father sweeps his daughter into his arms, running for the exit, while a raving, bearded man resists arrest.

EDITED TO ADD (9/11): It happened in D.C., in the Potomac River, with the Coast Guard.

Posted on August 25, 2009 at 6:43 AM • View Comments

China is the world’s most successful Internet censor. While the Great Firewall of China isn’t perfect, it effectively limits information flowing in and out of the country. But now the Chinese government is taking things one step further.

Under a requirement taking effect soon, every computer sold in China will have to contain the Green Dam Youth Escort software package. Ostensibly a pornography filter, it is government spyware that will watch every citizen on the Internet.

Green Dam has many uses. It can police a list of forbidden Web sites. It can monitor a user’s reading habits. It can even enlist the computer in some massive botnet attack, as part of a hypothetical future cyberwar.

China’s actions may be extreme, but they’re not unique. Democratic governments around the world—Sweden, Canada and the United Kingdom, for example—are rushing to pass laws giving their police new powers of Internet surveillance, in many cases requiring communications system providers to redesign products and services they sell.

Many are passing data retention laws, forcing companies to keep information on their customers. Just recently, the German government proposed giving itself the power to censor the Internet.

The United States is no exception. The 1994 CALEA law required phone companies to facilitate FBI eavesdropping, and since 2001, the NSA has built substantial eavesdropping systems in the United States. The government has repeatedly proposed Internet data retention laws, allowing surveillance into past activities as well as present.

Systems like this invite criminal appropriation and government abuse. New police powers, enacted to fight terrorism, are already used in situations of normal crime. Internet surveillance and control will be no different.

Official misuses are bad enough, but the unofficial uses worry me more. Any surveillance and control system must itself be secured. An infrastructure conducive to surveillance and control invites surveillance and control, both by the people you expect and by the people you don’t.

China’s government designed Green Dam for its own use, but it’s been subverted. Why does anyone think that criminals won’t be able to use it to steal bank account and credit card information, use it to launch other attacks, or turn it into a massive spam-sending botnet?

Why does anyone think that only authorized law enforcement will mine collected Internet data or eavesdrop on phone and IM conversations?

These risks are not theoretical. After 9/11, the National Security Agency built a surveillance infrastructure to eavesdrop on telephone calls and e-mails within the United States.

Although procedural rules stated that only non-Americans and international phone calls were to be listened to, actual practice didn’t always match those rules. NSA analysts collected more data than they were authorized to, and used the system to spy on wives, girlfriends, and famous people such as President Clinton.

But that’s not the most serious misuse of a telecommunications surveillance infrastructure. In Greece, between June 2004 and March 2005, someone wiretapped more than 100 cell phones belonging to members of the Greek government—the prime minister and the ministers of defense, foreign affairs and justice.

Ericsson built this wiretapping capability into Vodafone’s products, and enabled it only for governments that requested it. Greece wasn’t one of those governments, but someone still unknown—a rival political party? organized crime?—figured out how to surreptitiously turn the feature on.

Researchers have already found security flaws in Green Dam that would allow hackers to take over the computers. Of course there are additional flaws, and criminals are looking for them.

Surveillance infrastructure can be exported, which also aids totalitarianism around the world. Western companies like Siemens, Nokia, and Secure Computing built Iran’s surveillance infrastructure. U.S. companies helped build China’s electronic police state. Twitter’s anonymity saved the lives of Iranian dissidents—anonymity that many governments want to eliminate.

Every year brings more Internet censorship and control—not just in countries like China and Iran, but in the United States, the United Kingdom, Canada and other free countries.

The control movement is egged on by both law enforcement, trying to catch terrorists, child pornographers and other criminals, and by media companies, trying to stop file sharers.

It’s bad civic hygiene to build technologies that could someday be used to facilitate a police state. No matter what the eavesdroppers and censors say, these systems put us all at greater risk. Communications systems that have no inherent eavesdropping capabilities are more secure than systems with those capabilities built in.

This essay previously appeared—albeit with fewer links—on the Minnesota Public Radio website.

Posted on August 3, 2009 at 6:43 AM • View Comments

This Week's Terrorism Arrests

Four points. One: There was little danger of an actual terrorist attack:

Authorities said the four men have long been under investigation and there was little danger they could actually have carried out their plan, NBC News’ Pete Williams reported.

[…]

In their efforts to acquire weapons, the defendants dealt with an informant acting under law enforcement supervision, authorities said. The FBI and other agencies monitored the men and provided an inactive missile and inert C-4 to the informant for the defendants, a federal complaint said.

The investigation had been under way for about a year.

“They never got anywhere close to being able to do anything,” one official told NBC News. “Still, it’s good to have guys like this off the street.”

Of course, politicians are using this incident to peddle more fear:

“This was a very serious threat that could have cost many, many lives if it had gone through,” Representative Peter T. King, Republican from Long Island, said in an interview with WPIX-TV. “It would have been a horrible, damaging tragedy. There’s a real threat from homegrown terrorists and also from jailhouse converts.”

Two, they were caught by traditional investigation and intelligence. Not airport security. Not warrantless eavesdropping. But old fashioned investigation and intelligence. This is what works. This is what keeps us safe. Here’s an essay I wrote in 2004 that says exactly that.

The only effective way to deal with terrorists is through old-fashioned police and intelligence work—discovering plans before they’re implemented and then going after the plotters themselves.

Three, they were idiots:

The ringleader of the four-man homegrown terror cell accused of plotting to blow up synagogues in the Bronx and military planes in Newburgh admitted to a judge today that he had smoked pot before his bust last night.

When U.S. Magistrate Judge Lisa M. Smith asked James Cromitie if his judgment was impaired during his appearance in federal court in White Plains, the 55-year-old confessed: “No. I smoke it regularly. I understand everything you are saying.”

Four, an “informant” helped this group a lot:

In April, Mr. Cromitie and the three other men selected the synagogues as their targets, the statement said. The informant soon helped them get the weapons, which were incapable of being fired or detonated, according to the authorities.

The warning the warning I wrote in “Portrait of the Modern Terrorist as an Idiot” is timely again:

Despite the initial press frenzies, the actual details of the cases frequently turn out to be far less damning. Too often it’s unclear whether the defendants are actually guilty, or if the police created a crime where none existed before.

The JFK Airport plotters seem to have been egged on by an informant, a twice-convicted drug dealer. An FBI informant almost certainly pushed the Fort Dix plotters to do things they wouldn’t have ordinarily done. The Miami gang’s Sears Tower plot was suggested by an FBI undercover agent who infiltrated the group. And in 2003, it took an elaborate sting operation involving three countries to arrest an arms dealer for selling a surface-to-air missile to an ostensible Muslim extremist. Entrapment is a very real possibility in all of these cases.

Actually, that whole 2007 essay is timely again. Some things never change.

Posted on May 22, 2009 at 6:11 AM • View Comments

Allocating Resources: Financial Fraud vs. Terrorism

Interesting trade-off:

The FBI has been forced to transfer agents from its counter-terrorism divisions to work on Bernard Madoff’s alleged $50 billion fraud scheme as victims of the biggest scam in the world continue to emerge.

The Freakonomics blog discusses this:

This might lead you to ask an obvious counter-question: Has the anti-terror enforcement since 9/11 in the U.S. helped fuel the financial meltdown? That is, has the diversion of resources, personnel, and mindshare toward preventing future terrorist attacks—including, you’d have to say, the wars in Afghanistan and Iraq—contributed to a sloppy stewardship of the financial industry?

It quotes a New York Times article:

Federal officials are bringing far fewer prosecutions as a result of fraudulent stock schemes than they did eight years ago, according to new data, raising further questions about whether the Bush administration has been too lax in policing Wall Street.

Legal and financial experts say that a loosening of enforcement measures, cutbacks in staffing at the Securities and Exchange Commission, and a shift in resources toward terrorism at the F.B.I. have combined to make the federal government something of a paper tiger in investigating securities crimes.

We’ve seen this problem over and over again when it comes to counterterrorism: in an effort to defend against the rare threats, we make ourselves more vulnerable to the common threats.

Posted on January 9, 2009 at 6:54 AM • View Comments

FBI's New Cryptanalysis Contest

From their website.

Posted on January 5, 2009 at 2:56 PM • View Comments

FBI Stoking Fear

Another unsubstantiated terrorist plot:

An internal memo obtained by The Associated Press says the FBI has received a “plausible but unsubstantiated” report that al-Qaida terrorists in late September may have discussed attacking the subway system.

[…]

The internal bulletin says al-Qaida terrorists “in late September may have discussed targeting transit systems in and around New York City. These discussions reportedly involved the use of suicide bombers or explosives placed on subway/passenger rail systems,” according to the document.

“We have no specific details to confirm that this plot has developed beyond aspirational planning, but we are issuing this warning out of concern that such an attack could possibly be conducted during the forthcoming holiday season,” according to the warning dated Tuesday.

[…]

Rep. Peter King, the top Republican on the House Homeland Security Committee, said authorities “have very real specifics as to who it is and where the conversation took place and who conducted it.”

“It certainly involves suicide bombing attacks on the mass transit system in and around New York and it’s plausible, but there’s no evidence yet that it’s in the process of being carried out,” King said.

Knocke, the DHS spokesman, said the warning was issued “out of an abundance of caution going into this holiday season.”

Got that: “plausible but unsubstantiated,” “may have discussed attacking the subway system,” “specific details to confirm that this plot has developed beyond aspirational planning,” “attack could possibly be conducted,” “it’s plausible, but there’s no evidence yet that it’s in the process of being carried out.”

I have no specific details, but I want to warn everybody today that fiery rain might fall from the sky. Terrorists may have discussed this sort of tactic, possibly at one of their tequila-fueled aspirational planning sessions. While there is no evidence yet that the plan is in the process of being carried out, I want to be extra-cautious this holiday season. Ho ho ho.

Posted on November 27, 2008 at 12:27 PM • View Comments

←Previous 1 … 15 16 17 18 19 … 23 Next→

Sidebar photo of Bruce Schneier by Joe MacInnis.