Tuesday, March 22, 2016
Using throw away phones is far simpler than coordinating encryption keys for these guys. (Think: Occam's razor.)
Burner phones, not encryption, kept Paris terrorists off the authorities’ radar
New details of the Paris attacks carried out last November reveal that it was the consistent use of prepaid burner phones, not encryption, that helped keep the terrorists off the radar of the intelligence services.
As an article in The New York Times reports: "the three teams in Paris were comparatively disciplined. They used only new phones that they would then discard, including several activated minutes before the attacks, or phones seized from their victims."
The article goes on to give more details of how some phones were used only very briefly in the hours leading up to the attacks. For example: "Security camera footage showed Bilal Hadfi, the youngest of the assailants, as he paced outside the stadium, talking on a cellphone. The phone was activated less than an hour before he detonated his vest." The information come from a 55-page report compiled by the French antiterrorism police for France’s Interior Ministry.
This Times has the facts. Question: Can Apple sue to make the FBI release the security flaw they are using? (So they can patch it)
U.S. Says It May Not Need Apple’s Help to Unlock iPhone
In a new court filing, the government said an outside party had demonstrated a way for the F.B.I. to possibly unlock the phone used by the gunman, Syed Rizwan Farook.
… While the Justice Department must test this method, if it works “it should eliminate the need for the assistance from Apple,” it said in its filing. The Justice Department added that it would file a status report by April 5 on its progress.
… Late on Monday, Judge Sheri N. Pym, the federal magistrate judge in the United States District Court for the Central District of California who was set to hold the hearing, agreed to grant the Justice Department’s motion to postpone the hearing.
The emergence of a potential third-party method to open the iPhone was a surprise, as the government said more than a dozen times in court filings that it could open the phone only with Apple’s help. The F.B.I. director, James B. Comey Jr., also reiterated that point several times during a hearing before Congress on March 1.
(Related) ...and from the other coast, speculation.
Five theories why the FBI postponed a major hearing in case against Apple
… The general public and cybersecurity experts have been throwing ideas the FBI's way for several weeks, and experts said it's unlikely that someone devised a new technical workaround at the last moment. Could there be more to the 11th-hour postponement than the Justice Department is saying?
Here are some theories.
The FBI is giving the ACLU's method a try -- at last.
The FBI is bluffing because it needs more time -- or wants the case to die down.
The NSA stepped in.
Apple tipped off the FBI.
John McAfee, or someone like him, cracked the iPhone.
(Related) A logical approach?
A Coherent Middle Ground in the Apple-FBI All Writs Act Dispute?
(Related) Maybe not
(Related) This is where the world is moving. Will the FBI subpoena everyone?
Google, Microsoft, Yahoo, Other Tech Titans Unite For Proper Email Encryption
Of course they do!
How Self-Driving Cars Will Threaten Privacy
I would have considered this “classified” if for no other reason to protect the Google executive from retaliation. Now, let's consider the legal issues involved when a company tried to overthrow a government.
Clinton email reveals: Google sought overthrow of Syria's Assad
Google in 2012 sought to help insurgents overthrow Syrian President Bashar Assad, according to State Department emails receiving fresh scrutiny this week.
Messages between former secretary of state Hillary Clinton's team and one of the company's executives detailed the plan for Google to get involved in the region.
… "Please keep this very close hold and let me know if there is anything [else] you think we need to account for or think about before we launch. We believe this can have an important impact," Cohen concluded.
The message was addressed to deputy secretary of state Bill Burns; Alec Ross, a senior Clinton advisor; and Clinton's deputy chief of staff, Jake Sullivan. Sullivan subsequently forwarded Cohen's proposal to Clinton, describing it as "a pretty cool idea." [Not sure I would categorize it as “cool” Bob]
And here I thought the purpose of prepaid cards was to avoid connecting me to my purchases.
Agencies Release Guidance to Issuing Banks on Applying Customer ID Program Requirements to Holders of Prepaid Cards
by Sabrina I. Pacifici on Mar 21, 2016
“Federal financial institution regulatory agencies today issued guidance clarifying the applicability of the Customer Identification Program (CIP) rule to prepaid cards issued by banks. The guidance applies to banks, savings associations, credit unions, and U.S. branches and agencies of foreign banks (collectively “banks”). The guidance clarifies that a bank’s CIP should apply to the holders of certain prepaid cards issued by the institution as well as holders of such prepaid cards purchased under arrangements with third-party program managers that sell, distribute, promote, or market the prepaid cards on the bank’s behalf. The guidance describes when, in accordance with the CIP rule, the bank should obtain information sufficient to reasonably verify the identity of the cardholder, including at a minimum, obtaining the name, date of birth, address, and identification number, such as the Taxpayer Identification Number of the cardholder. Agencies issuing the guidance include the Federal Deposit Insurance Corporation, Federal Reserve Board, National Credit Union Administration, Office of the Comptroller of the Currency, and Financial Crimes Enforcement Network.”
SR 16-7: Interagency Guidance to Issuing Banks on Applying Customer Identification Program Requirements to Holders of Prepaid Access Cards
For my Ethical Hacking students.
New Pluralsight course: Ethical Hacking, Denial of Service
They'll have to remake that Nick Cage movie, now it's “Gone in 60 nanoseconds!”
Radio Attack Lets Hackers Steal 24 Different Car Models
For years, car owners with keyless entry systems have reported thieves approaching their vehicles with mysterious devices and effortlessly opening them in seconds. After having his Prius burgled repeatedly outside his Los Angeles home, the New York Times‘ former tech columnist Nick Bilton came to the conclusion that the thieves must be amplifying the signal from the key fob in the house to trick his car’s keyless entry system into thinking the key was in the thieves’ hand. He eventually resorted to keeping his keys in the freezer.
Now a group of German vehicle security researchers has released new findings about the extent of that wireless key hack, and their work ought to convince hundreds of thousands of drivers to keep their car keys next to their Pudding Pops. The Munich-based automobile club ADAC late last week made public a study it had performed on dozens of cars to test a radio “amplification attack” that silently extends the range of unwitting drivers’ wireless key fobs to open cars and even start their ignitions, as first reported by the German business magazine WirtschaftsWoche. The ADAC researchers say that 24 different vehicles from 19 different manufacturers were all vulnerable, allowing them to not only reliably unlock the target vehicles but also immediately drive them away.
I thought for a second this would make a great disciplinary tool, but then the “cruel and unusual” elements sprang to mind.
You Can Now Run Windows 98 in Any Browser Without Plug-Ins
… A few weeks ago, we showed you where you can run Windows 95 in your browser with no extra software. Now it’s Windows 98’s turn; you can run it entirely on Copy.sh’s Windows 98 page. Feel free to check out Minesweeper, listen to those classic Windows sounds, or try to connect to dial-up just to relive the old days.