Page 8 of 45
The Intercept has published a 120-page catalog of spy gear from the British defense company Cobham. This is equipment available to police forces. The catalog was leaked by someone inside the Florida Department of Law Enforcement.
Here’s the story of how it was done. First, a fake ad on torrent listings linked the site to a Latvian bank account, an e-mail address, and a Facebook page.
Using basic website-tracking services, Der-Yeghiayan was able to uncover (via a reverse DNS search) the hosts of seven apparent KAT website domains: kickasstorrents.com, kat.cr, kickass.to, kat.ph, kastatic.com, thekat.tv and kickass.cr. This dug up two Chicago IP addresses, which were used as KAT name servers for more than four years. Agents were then able to legally gain a copy of the server’s access logs (explaining why it was federal authorities in Chicago that eventually charged Vaulin with his alleged crimes).
Using similar tools, Homeland Security investigators also performed something called a WHOIS lookup on a domain that redirected people to the main KAT site. A WHOIS search can provide the name, address, email and phone number of a website registrant. In the case of kickasstorrents.biz, that was Artem Vaulin from Kharkiv, Ukraine.
Der-Yeghiayan was able to link the email address found in the WHOIS lookup to an Apple email address that Vaulin purportedly used to operate KAT. It’s this Apple account that appears to tie all of pieces of Vaulin’s alleged involvement together.
On July 31st 2015, records provided by Apple show that the me.com account was used to purchase something on iTunes. The logs show that the same IP address was used on the same day to access the KAT Facebook page. After KAT began accepting Bitcoin donations in 2012, $72,767 was moved into a Coinbase account in Vaulin’s name. That Bitcoin wallet was registered with the same me.com email address.
Another article.
Amy Zegert has some good questions, comparing the Orlando Pulse massacre to the Fort Hood massacre from 2009.
It’s a teenager:
British police have arrested a teenager who allegedly was behind a series of audacious—and, for senior U.S. national security officials, embarrassing—hacks targeting personal accounts or top brass at the CIA, FBI, Homeland Security Department, the White House and other federal agencies, according to U.S. officials briefed on the investigation.
[…]
The prominent victims have included CIA Director John Brennan, whose personal AOL account was breached, the then FBI Deputy Director Mark Giuliano, and James Clapper, the director of National Intelligence.
This week, the latest target became apparent when personal details of 20,000 FBI employees surfaced online.
By then a team of some of the FBI’s sharpest cyber experts had homed in on their suspect, officials said. They were shocked to find that a “16-year-old computer nerd” had done so well to cover his tracks, a U.S. official said. a
Not really surprised, but underscores how diffuse the threat is.
As part of a child pornography investigation, the FBI hacked into over 1,300 computers.
But after Playpen was seized, it wasn’t immediately closed down, unlike previous dark web sites that have been shuttered” by law enforcement. Instead, the FBI ran Playpen from its own servers in Newington, Virginia, from February 20 to March 4, reads a complaint filed against a defendant in Utah. During this time, the FBI deployed what is known as a network investigative technique (NIT), the agency’s term for a hacking tool.
While Playpen was being run out of a server in Virginia, and the hacking tool was infecting targets, “approximately 1300 true internet protocol (IP) addresses were identified during this time,” according to the same complaint.
The FBI seems to have obtained a single warrant, but it’s hard to believe that a legal warrant could allow the police to hack 1,300 different computers. We do know that the FBI is very vague about the extent of its operations in warrant applications. And surely we need actual public debate about this sort of technique.
Also, “Playpen” is a super-creepy name for a child porn site. I feel icky just typing it.
I am pleased to have been a part of this report, part of the Berkman Center’s Berklett Cybersecurity project:
Don’t Panic: Making Progress on the “Going Dark” Debate
From the report:
In this report, we question whether the “going dark” metaphor accurately describes the state of affairs. Are we really headed to a future in which our ability to effectively surveil criminals and bad actors is impossible? We think not. The question we explore is the significance of this lack of access to communications for legitimate government interests. We argue that communications in the future will neither be eclipsed into darkness nor illuminated without shadow.
In short our findings are:
- End-to-end encryption and other technological architectures for obscuring user data are unlikely to be adopted ubiquitously by companies, because the majority of businesses that provide communications services rely on access to user data for revenue streams and product functionality, including user data recovery should a password be forgotten.
- Software ecosystems tend to be fragmented. In order for encryption to become both widespread and comprehensive, far more coordination and standardization than currently exists would be required.
- Networked sensors and the Internet of Things are projected to grow substantially, and this has the potential to drastically change surveillance. The still images, video, and audio captured by these devices may enable real-time intercept and recording with after-the-fact access. Thus an inability to monitor an encrypted channel could be mitigated by the ability to monitor from afar a person through a different channel.
- Metadata is not encrypted, and the vast majority is likely to remain so. This is data that needs to stay unencrypted in order for the systems to operate: location data from cell phones and other devices, telephone calling records, header information in e-mail, and so on. This information provides an enormous amount of surveillance data that was unavailable before these systems became widespread.
- These trends raise novel questions about how we will protect individual privacy and security in the future. Today’s debate is important, but for all its efforts to take account of technological trends, it is largely taking place without reference to the full picture.
New York Times coverage. Lots more news coverage here. Slashdot thread. BoingBoing post.
EDITED TO ADD (2/8): Eleven news articles: one, two, three, four, five, six, seven, eight, nine, ten, and eleven.
This is just awful.
Their troll—or trolls, as the case may be—have harassed Paul and Amy in nearly every way imaginable. Bomb threats have been made under their names. Police cars and fire trucks have arrived at their house in the middle of the night to respond to fake hostage calls. Their email and social media accounts have been hacked, and used to bring ruin to their social lives. They’ve lost jobs, friends, and relationships. They’ve developed chronic anxiety and other psychological problems. More than once, they described their lives as having been “ruined” by their mystery tormenter.
We need to figure out how to identify perpetrators like this without destroying Internet privacy in the process.
EDITED TO ADD: One of the important points is the international nature of many of these cases. Even once the attackers are identified, the existing legal system isn’t adequate for shutting them down.
Good article from the Washington Post.
The Intercept has “a secret, internal U.S. government catalogue of dozens of cellphone surveillance devices used by the military and by intelligence agencies.” Lot of detailed information about Stingrays and similar equipment.
The New York Times Magazine has a good story about swatting, centering around a Canadian teenager who did it over a hundred times.
Sidebar photo of Bruce Schneier by Joe MacInnis.