Schneier on Security: Tagged FBI

Entries Tagged "FBI"

Page 18 of 23

NSA Monitoring U.S. Government Internet Traffic

I have mixed feeling about this, but in general think it is a good idea:

President Bush signed a directive this month that expands the intelligence community’s role in monitoring Internet traffic to protect against a rising number of attacks on federal agencies’ computer systems.

The directive, whose content is classified, authorizes the intelligence agencies, in particular the National Security Agency, to monitor the computer networks of all federal agencies—including ones they have not previously monitored.

[…]

The classified joint directive, signed Jan. 8 and called the National Security Presidential Directive 54/Homeland Security Presidential Directive 23, has not been previously disclosed. Plans to expand the NSA’s role in cyber-security were reported in the Baltimore Sun in September.

According to congressional aides and former White House officials with knowledge of the program, the directive outlines measures collectively referred to as the “cyber initiative,” aimed at securing the government’s computer systems against attacks by foreign adversaries and other intruders. It will cost billions of dollars, which the White House is expected to request in its fiscal 2009 budget.

[…]

Under the initiative, the NSA, CIA and the FBI’s Cyber Division will investigate intrusions by monitoring Internet activity and, in some cases, capturing data for analysis, sources said.

The Pentagon can plan attacks on adversaries’ networks if, for example, the NSA determines that a particular server in a foreign country needs to be taken down to disrupt an attack on an information system critical to the U.S. government. That could include responding to an attack against a private-sector network, such as the telecom industry’s, sources said.

Also, as part of its attempt to defend government computer systems, the Department of Homeland Security will collect and monitor data on intrusions, deploy technologies for preventing attacks and encrypt data. It will also oversee the effort to reduce Internet portals across government to 50 from 2,000, to make it easier to detect attacks.

My concern is that the NSA is doing the monitoring. I simply don’t like them monitoring domestic traffic, even domestic government traffic.

EDITED TO ADD: Commentary.

Posted on February 4, 2008 at 6:30 AM • View Comments

FBI Knows Identity of Storm Worm Writers

Interesting allegation:

…federal law enforcement officials who need to know have already learned the identities of those responsible for running the Storm worm network, but that U.S. authorities have thus far been prevented from bringing those responsible to justice due to a lack of cooperation from officials in St. Petersburg, Russia, where the Storm worm authors are thought to reside.

I’ve written about Storm here.

Posted on January 31, 2008 at 6:16 AM • View Comments

FBI Building Biometrics Database

The FBI is building a vast biometrics database.

Given its track record, does anyone believe for a minute that his or her biometrics information will be secure in this database?

Posted on December 28, 2007 at 1:31 PM • View Comments

Movie-Plot Threat Described as Movie-Plot Threat

The lead paragraphs:

The plot was like something from a Hollywood blockbuster: dozens of foreign terrorists working with a Mexican drug cartel to attack a Southern Arizona Army post with anti-tank missiles and grenade launchers.

Paying one of Mexico’s most ruthless drug cartels $20,000 apiece, 60 Afghan and Iraqi terrorists would be smuggled into Texas and hole up at a safe house.

Their weapons, Soviet-made and easily acquired on the black market, were funneled through Arizona and New Mexico in hand-dug tunnels that cut across the border.
Their target: 13,500 military personnel and civilians working at Fort Huachuca, roughly 75 miles southeast of Tucson.

But (no surprise):

But the plot, widely reported by local stations and national TV networks and The Washington Times, turned out to be nothing more than fiction, an FBI spokesman said Monday.

Posted on November 29, 2007 at 1:44 PM • View Comments

Possible Hizbullah Mole Inside the FBI and CIA

Oops:

The case is clearly a major embarrassment for both the FBI and CIA and has already raised a host of questions. Chief among them: how did an illegal alien from Lebanon who was working as a waitress at a shish kabob restaurant in Detroit manage to slip through extensive security background checks, including polygraphs, to land highly sensitive positions with the nation’s top law enforcement and intelligence agencies?

Here’s another article.

Posted on November 16, 2007 at 12:12 PM • View Comments

The Overblown Threat of Suitcase Nukes

From the AP:

…government experts and intelligence officials say such a threat gets vastly more attention than it deserves. These officials said a true suitcase nuke would be highly complex to produce, require significant upkeep and cost a small fortune.

Counterproliferation authorities do not completely rule out the possibility that these portable devices once existed. But they do not think the threat remains.

“The suitcase nuke is an exciting topic that really lends itself to movies,” said Vahid Majidi, the assistant director of the FBI’s Weapons of Mass Destruction Directorate. “No one has been able to truly identify the existence of these devices.”

Interesting technical details in the article.

Posted on November 15, 2007 at 3:38 PM • View Comments

The Sham of Criminal Profiling

Malcolm Gladwell makes a convincing case that criminal profiling is nothing more than a “cold reading” magic trick.

A few years ago, Alison went back to the case of the teacher who was murdered on the roof of her building in the Bronx. He wanted to know why, if the F.B.I.’s approach to criminal profiling was based on such simplistic psychology, it continues to have such a sterling reputation. The answer, he suspected, lay in the way the profiles were written, and, sure enough, when he broke down the rooftop-killer analysis, sentence by sentence, he found that it was so full of unverifiable and contradictory and ambiguous language that it could support virtually any interpretation.

Astrologers and psychics have known these tricks for years. The magician Ian Rowland, in his classic “The Full Facts Book of Cold Reading,” itemizes them one by one, in what could easily serve as a manual for the beginner profiler. First is the Rainbow Ruse—the “statement which credits the client with both a personality trait and its opposite.” (“I would say that on the whole you can be rather a quiet, self effacing type, but when the circumstances are right, you can be quite the life and soul of the party if the mood strikes you.”) The Jacques Statement, named for the character in “As You Like It” who gives the Seven Ages of Man speech, tailors the prediction to the age of the subject. To someone in his late thirties or early forties, for example, the psychic says, “If you are honest about it, you often get to wondering what happened to all those dreams you had when you were younger.” There is the Barnum Statement, the assertion so general that anyone would agree, and the Fuzzy Fact, the seemingly factual statement couched in a way that “leaves plenty of scope to be developed into something more specific.” (“I can see a connection with Europe, possibly Britain, or it could be the warmer, Mediterranean part?”) And that’s only the start: there is the Greener Grass technique, the Diverted Question, the Russian Doll, Sugar Lumps, not to mention Forking and the Good Chance Guess—all of which, when put together in skillful combination, can convince even the most skeptical observer that he or she is in the presence of real insight.

[…]

They had been at it for almost six hours. The best minds in the F.B.I. had given the Wichita detectives a blueprint for their investigation. Look for an American male with a possible connection to the military. His I.Q. will be above 105. He will like to masturbate, and will be aloof and selfish in bed. He will drive a decent car. He will be a “now” person. He won’t be comfortable with women. But he may have women friends. He will be a lone wolf. But he will be able to function in social settings. He won’t be unmemorable. But he will be unknowable. He will be either never married, divorced, or married, and if he was or is married his wife will be younger or older. He may or may not live in a rental, and might be lower class, upper lower class, lower middle class or middle class. And he will be crazy like a fox, as opposed to being mental. If you’re keeping score, that’s a Jacques Statement, two Barnum Statements, four Rainbow Ruses, a Good Chance Guess, two predictions that aren’t really predictions because they could never be verified—and nothing even close to the salient fact that BTK was a pillar of his community, the president of his church and the married father of two.

Posted on November 14, 2007 at 6:47 AM • View Comments

Modern-Day Revenge

Mad at someone? Turn him in as a terrorist:

A man in Sweden who was angry with his daughter’s husband has been charged with libel for telling the FBI that the son-in-law had links to al-Qaeda, Swedish media reported on Friday.

The man, who admitted sending the email, said he did not think the US authorities would stupid enough to believe him.

The 40-year-old son-in-law and his wife were in the process of divorcing when the husband had to travel to the United States for business.

The wife didn’t want him to travel since she was sick and wanted him to help care for their children, regional daily Sydsvenska Dagbladet said without disclosing the couple’s names.

When the husband refused to stay home, his father-in-law wrote an email to the FBI saying the son-in-law had links to al-Qaeda in Sweden and that he was travelling to the US to meet his contacts.

He provided information on the flight number and date of arrival in the US.

The son-in-law was arrested upon landing in Florida. He was placed in handcuffs, interrogated and placed in a cell for 11 hours before being put on a flight back to Europe, the paper said.

EDITED TO ADD (11/6): Businesses do this too:

In May 2005 Jet’s application for a licence to fly to America was held up after a firm based in Maryland, also called Jet Airways, accused Mr Goyal’s company of being a money-laundering outfit for al-Qaeda. Mr Goyal says some of his local competitors were behind the claim, which was later withdrawn.

Posted on November 6, 2007 at 6:41 AM • View Comments

World Series Ticket Website Hacked?

Maybe:

The Colorado Rockies will try again to sell World Series tickets through their Web site starting on Tuesday at noon.

Spokesman Jay Alves said tonight that the failure of Monday’s ticket sales happened because the system was brought down today by an “external malicious attack.”

There was a presale that “went well”:

The Colorado Rockies had a chance Sunday to test their online-sales operation in advance.

Season-ticket holders who had previously registered were able to log in with a special password to buy extra tickets.

Alves said the presale went well, with no problems.

But some people found glitches, such as being told to “enable cookies” and to set their computer security to the “lowest level.” And some fans couldn’t log in at all.

Alves explained that those who saw a “page cannot be displayed” message had “IP addresses that we blocked due to suspicious/malicious activity to our website during the last 24 to 48 hours. As an example, if several inquiries came from a single IP address they were blocked.”

Certainly scalpers have an incentive to attack this system.

EDITED TO ADD (10/28): The FBI is investigating.

Posted on October 25, 2007 at 11:52 AM • View Comments

UK Police Can Now Demand Encryption Keys

Under a new law that went into effect this month, it is now a crime to refuse to turn a decryption key over to the police.

I’m not sure of the point of this law. Certainly it will have the effect of spooking businesses, who now have to worry about the police demanding their encryption keys and exposing their entire operations.

Cambridge University security expert Richard Clayton said in May of 2006 that such laws would only encourage businesses to house their cryptography operations out of the reach of UK investigators, potentially harming the country’s economy. “The controversy here [lies in] seizing keys, not in forcing people to decrypt. The power to seize encryption keys is spooking big business,” Clayton said.

“The notion that international bankers would be wary of bringing master keys into UK if they could be seized as part of legitimate police operations, or by a corrupt chief constable, has quite a lot of traction,” he added. “With the appropriate paperwork, keys can be seized. If you’re an international banker you’ll plonk your headquarters in Zurich.”

But if you’re guilty of something that can only be proved by the decrypted data, you might be better off refusing to divulge the key (and facing the maximum five-year penalty the statue provides) instead of being convicted for whatever more serious charge you’re actually guilty of.

I think this is just another skirmish in the “war on encryption” that has been going on for the past fifteen years. (Anyone remember the Clipper chip?) The police have long maintained that encryption is an insurmountable obstacle to law and order:

The Home Office has steadfastly proclaimed that the law is aimed at catching terrorists, pedophiles, and hardened criminals—all parties which the UK government contents are rather adept at using encryption to cover up their activities.

We heard the same thing from FBI Director Louis Freeh in 1993. I called them “The Four Horsemen of the Information Apocalypse“—terrorists, drug dealers, kidnappers, and child pornographers—and have been used to justify all sorts of new police powers.

Posted on October 11, 2007 at 6:40 AM • View Comments

←Previous 1 … 16 17 18 19 20 … 23 Next→

Sidebar photo of Bruce Schneier by Joe MacInnis.