An amateur vs. ISIS (and the FBI): A car salesman investigates and ends up in prison

The New York Times reports: By his own account, Toby Lopez was a supremely ordinary guy. He sold Toyotas and lived with his mother in a tidy rancher here with a cherry tree out front. He was proud that he could connect with customers — anyone from a Superior Court judge to, as he put it, “Redneck Bill from down on the farm.” What passed for excitement was the time his young niece won a beauty contest and he chauffeured her in a red Corvette in a local parade.

Then a high school friend was killed in Afghanistan, and the Islamic State began beheading American journalists. Horrified, Mr. Lopez heard on CNN one day in the fall of 2014 that the Islamic State was active on Twitter, and he went online to see what he could find. “I was intrigued,” said Mr. Lopez, 42. “What could they possibly be saying on Twitter?”

What followed was a radical break from his humdrum life. He was pulled into the murky world of Internet jihadists, sparring with them from his office at the car dealership and late into the night at home. Before long, he was talking for hours on Skype with a man who claimed — falsely, as it would turn out — to be a top ISIS military commander, trying to negotiate the release of hostages. Mr. Lopez contacted the F.B.I. and began a testy relationship with counterterrorism agents who came to believe he might pose a danger. In the end, he landed in federal prison, where he was held for nearly 14 months without trial.

The story of one man’s deepening obsession with a terrorist group is a reminder of how the Internet provides easy portals to distant, sometimes dangerous worlds. It shows the complications for law enforcement agents who confront an overeager amateur encroaching on their turf. [Continue reading…]

Facebooktwittermail

FBI director suggests bill for iPhone hacking topped $1.3 million

The New York Times reports: The director of the F.B.I. suggested Thursday that his agency paid at least $1.3 million to an undisclosed group to help hack into the encrypted iPhone used by an attacker in the mass shooting in San Bernardino, Calif.

At a technology conference in London, a moderator asked James B. Comey Jr., the F.B.I. chief, how much bureau officials had to pay the undisclosed outside group to demonstrate how to bypass the phone’s encryption.

“A lot,” Mr. Comey said, as audience members at the Aspen Institute event laughed.

He continued: “Let’s see, more than I will make in the remainder of this job, which is seven years and four months, for sure.”

The F.B.I. had been unwilling to say anything at all until Thursday about how much it paid for what has become one of the world’s most publicized hacking jobs, so Mr. Comey’s cryptic comments about his own wages and the bounty quickly sent listeners scurrying in search of their calculators.

The F.B.I. director makes about $185,100 a year — so Mr. Comey stands to earn at least $1.35 million at that base rate of pay for the remainder of his 10-year term. [Continue reading…]

Facebooktwittermail

Well-known ISIS operative instructed Americans to kill Pamela Geller, prosecutors reveal

The Washington Post reports: The Justice Department on Thursday revealed that a well-known Islamic State operative instructed a Boston-area man to kill Pamela Geller, the organizer of a controversial Muhammad cartoon contest in Texas last year.

In court documents, prosecutors said that Junaid Hussain, a British militant, had been communicating with Usaamah Abdullah Rahim, 26, who along with two friends discussed beheading Geller.

Rahim, however, changed his mind and instead decided to target a police officer. He was shot and killed in June 2015 in Roslindale, Mass., after he attacked members of an FBI-led surveillance team while wielding a large knife, officials said. [Continue reading…]

Facebooktwittermail

FBI says it needs hackers to keep up with tech companies

The New York Times reports: The F.B.I. defended its hiring of a third party to break into an iPhone used by a gunman in last year’s San Bernardino, Calif., mass shooting, telling some skeptical lawmakers on Tuesday that it needed to join with partners in the rarefied world of for-profit hackers as technology companies increasingly resist their demands for consumer information.

Amy Hess, the Federal Bureau of Investigation’s executive assistant director for science and technology, made the comments at a hearing by members of Congress who are debating potential legislation on encryption. The lawmakers gathered law enforcement authorities and Silicon Valley company executives to discuss the issue, which has divided technology companies and officials in recent months and spurred a debate over privacy and security.

The hearing follows a recent standoff between the F.B.I. and Apple over a court order to force the company to help unlock an iPhone used by one of the San Bernardino attackers. Apple opposed the order, citing harm to the privacy of its users. The F.B.I. later dropped its demand for Apple’s help when it found a third-party alternative to hack the device. [Continue reading…]

Facebooktwittermail

Microsoft sues Justice Department to challenge electronic gag order statute

The New York Times reports: Big technology companies have usually played a defensive game with government prosecutors in their legal fight over customer information, fighting or bowing to requests for information one case at a time.

But now, in a move that could broaden the debate over the balance between customer privacy and law enforcement needs, Microsoft is going on the offense.

The software giant is suing the Justice Department, challenging its frequent use of secrecy orders that prevent Microsoft from telling people when the government obtains a warrant to read their emails.

In its suit, filed Thursday morning in Federal District Court in Seattle, Microsoft’s home turf, the company asserts that the gag order statute in the Electronic Communications Privacy Act of 1986 — as employed today by federal prosecutors and the courts — is unconstitutional. [Continue reading…]

Facebooktwittermail

FBI used hacking software decade before iPhone fight

The New York Times reports: In early 2003, F.B.I. agents hit a roadblock in a secret investigation, called Operation Trail Mix. For months, agents had been intercepting phone calls and emails belonging to members of an animal welfare group that was believed to be sabotaging operations of a company that was using animals to test drugs. But encryption software had made the emails unreadable.

So investigators tried something new. They persuaded a judge to let them remotely, and secretly, install software on the group’s computers to help get around the encryption.

That effort, revealed in newly declassified and released records, shows in new detail how F.B.I. hackers worked to defeat encryption more than a decade before the agency’s recent fight with Apple over access to a locked iPhone. The Trail Mix case was, in some ways, a precursor to the Apple dispute. In both cases, the agents could not decode the data themselves, but found a clever workaround.

The Trail Mix records also reveal what is believed to be the first example of the F.B.I. remotely installing surveillance software, known as spyware or malware, as part of a criminal wiretap.

“This was the first time that the Department of Justice had ever approved such an intercept of this type,” an F.B.I. agent wrote in a 2005 document summing up the case.

The next year, six activists were convicted of conspiracy to violate the Animal Enterprise Protection Act in the case. An appeals court upheld the convictions in 2009, and said that the use of encryption, among other things, was “circumstantial evidence of their agreement to participate in illegal activity.”

Ryan Shapiro, a national security researcher and animal welfare advocate, provided the documents in the case to The New York Times after obtaining them in a Freedom of Information Act lawsuit. Several important details remain secret, including whether the tactic worked. The wiretap was disclosed at trial but the software hacking was not, said Lauren Gazzola, one of the defendants, who now works for the Center for Constitutional Rights. [Continue reading…]

Facebooktwittermail

Apple iPhone unlocking manoeuvre likely to remain secret

Reuters reports: The company that helped the FBI unlock a San Bernardino shooter’s iPhone to get data has sole legal ownership of the method, making it highly unlikely the technique will be disclosed by the government to Apple or any other entity, Obama administration sources said this week.

The White House has a procedure for reviewing technology security flaws and deciding which ones should be made public. But it is not set up to handle or reveal flaws that are discovered and owned by private companies, the sources said, raising questions about the effectiveness of the so-called Vulnerabilities Equities Process.

The secretive process was created to let various government interests debate about what should be done with a given technology flaw, rather than leaving it to agencies like the National Security Agency, which generally prefers to keep vulnerabilities secret so they can use them. [Continue reading…]

Facebooktwittermail

FBI paid professional hackers one-time fee to crack San Bernardino iPhone

The Washington Post reports: The FBI cracked a San Bernardino terrorist’s phone with the help of professional hackers who discovered and brought to the bureau at least one previously unknown software flaw, according to people familiar with the matter.

The new information was then used to create a piece of hardware that helped the FBI to crack the iPhone’s four-digit personal identification number without triggering a security feature that would have erased all the data, the individuals said.

The researchers, who typically keep a low profile, specialize in hunting for vulnerabilities in software and then in some cases selling them to the U.S. government. They were paid a one-time flat fee for the solution. [Continue reading…]

Facebooktwittermail

FBI’s ‘shared responsibility committees’ to identify ‘radicalized’ Muslims raise alarms

The Intercept reports: The FBI’s plan to enlist community leaders in “Shared Responsibility Committees” all across the country with the goal of identifying “radicalized” individuals is raising alarm among civil rights activists.

The Shared Responsibility Committees, known as SRCs, “are expanding the informant program under the guise of an intervention program, which it is not,” said Abed Ayoub, legal director of the American-Arab Anti-Discrimination Committee (ADC).

The FBI’s ideas is to have social service workers, teachers, mental health professionals, religious figures, and others interdict young people they believe are on a path towards radicalization. The program was first revealed last November, and while details remain scant, it is widely believed to have been developed along the lines of similar “anti-radicalization” programs in the United Kingdom.

The FBI did not respond to multiple requests for comment.

Experts acknowledge the need to have options beyond sending young people to jail for making threatening statements. The committees purport to offer such an option, by allowing members to offer non-binding recommendations to law enforcement about whether certain individuals should be arrested or offered rehabilitation for their alleged radicalization.

But critics say that despite the FBI’s benign characterization of the SRCs, the proposal amounts to nothing more than an expansion of already existing FBI informant programs. The committees “would be doing the work of the FBI, gathering information. This initiative failed in the U.K., it’s not like this is a new idea,” said Ayoub.

The U.K. program called “Channel” has been widely blamed for alienating the communities it targeted while inflaming attitudes towards authorities. Arun Kundnani, an adjunct professor at New York University and expert on U.K. counterterrorism policy, said he worries that the U.S. program would “suffer from the same problems, such as drawing non-policing professionals into becoming the eyes and ears of counter-terrorism surveillance, and thereby undermining professional norms and relationships of trust among educators, health workers and others.” [Continue reading…]

Facebooktwittermail

Obama’s counterterrorism strategy ‘an abject failure,’ says former official

decay9

The New York Times reports: The banging on the door jolted Sal Shafi awake. F.B.I. agents were looking for his son. “Where’s Adam?” they yelled. “Where’s Adam?”

Terrified, Mr. Shafi led the agents, guns drawn, up the stairs toward his son’s bedroom. He watched as they led his 22-year-old son away in handcuffs, backed by evidence of Adam Shafi’s terrorist ambitions.

He had come to the attention of officials not by a well-placed informant or a sting operation. His father, concerned and looking for help, had simply picked up the phone and led the government right to his son. For months, over the objections of his lawyer, Mr. Shafi had been talking to the F.B.I., believing he was doing the right thing.

“My God,” he thought, soon after the arrest in July. “I just destroyed Adam.”

Had things been different, Mr. Shafi, 62, a Silicon Valley executive, might have become a much-needed spokesman for the Obama administration’s counterradicalization campaign. Who better to talk to other parents about the seductive pull of terror organizations? Trust the government, he would tell them. They do not want to take away your children.

Despite nascent efforts to steer young people away from terrorism, the government’s strategy remains largely built on persuading people to call the F.B.I. when they first suspect a problem. [Continue reading…]

Facebooktwittermail

Intelligence community olive branch on data sharing greeted with skepticism

The Intercept reports: Top intelligence community lawyer Robert Litt has offered a rare olive branch to privacy advocates, in the form of information.

In a post on one of the intelligence community’s favorite blogs on Wednesday, Litt, general counsel for the Office of the Director of National Intelligence, outlined new intelligence data-sharing guidelines that he said will be released soon.

The post, on Just Security, was essentially a response to reporting last month from the New York Times’s Charlie Savage that the NSA would soon be sharing with other government agencies the raw, unfiltered intelligence from the depths of its massive overseas spying programs.

“There has been a lot of speculation about the content of proposed procedures that are being drafted to authorize the sharing of unevaluated signals intelligence,” Litt wrote.

The New York Times story raised concerns that the data, which inevitably includes information about Americans, would become too easily accessible by intelligence agencies including the FBI, potentially leading to fishing expeditions. [Continue reading…]

BuzzFeed reports: Just days after breaking into a terrorist’s iPhone using a mysterious third-party technique, FBI officials on Friday told local law enforcement agencies it will assist them with unlocking phones and other electronic devices.

The advisory, obtained by BuzzFeed News, was sent in response to law enforcement inquiries about its new method of unlocking devices — a technique the FBI said was successful at gaining access to the iPhone 5C belonging to one of the shooters in the deadly San Bernardino, California, attack.

“In mid-March, an outside party demonstrated to the FBI a possible method for unlocking the iPhone,” the message said. “That method for unlocking that specific iPhone proved successful.” [Continue reading…]

Facebooktwittermail

America’s asylum policy is broken

Elizabeth Rubin writes: I recently received a phone call from Alabama. It was Samey Honaryar, an Afghan who had worked as an interpreter with the United States military and had fled Taliban persecution hoping to find asylum here. Samey is not accused of committing any crime. Yet for nearly a year, he’s been locked up in Etowah County Detention Center, among the worst and most remote of immigration detention centers, with little access to lawyers or medical attention.

“I cannot take it anymore,” said Samey, who was planning a hunger strike. “I served this country. I risked my life for this country, and this is how I’m repaid.”

I have reported from Afghanistan frequently since 2001, and I know that interpreters are an essential conduit into a culture easily misread by foreigners. Nearly every translator I’ve worked with has saved my life. But once they choose to work for the military, their job becomes a political act, making them marked men and women for the Taliban.

At a time when Europeans and Canadians are sheltering over a million asylum seekers, many from conflicts created by United States policies, Samey’s treatment demands attention. Documents and witnesses show that Samey risked his life for American soldiers. But he has been cast into immigration purgatory nonetheless, his troubles caused by a toxic mix of bureaucracy, fear, prejudice and, most poignantly, his naïve faith in American honor. [Continue reading…]

Facebooktwittermail

FBI backs off from its day in court with Apple this time – but there will be others

By Martin Kleppmann, University of Cambridge

After a very public stand-off over an encrypted terrorist’s smartphone, the FBI has backed down in its court case against Apple, stating that an “outside party” – rumoured to be an Israeli mobile forensics company – has found a way of accessing the data on the phone.

The exact method is not known. Forensics experts have speculated that it involves tricking the hardware into not recording how many passcode combinations have been tried, which would allow all 10,000 possible four-digit passcodes to be tried within a fairly short time. This technique would apply to the iPhone 5C in question, but not newer models, which have stronger hardware protection through the so-called secure enclave, a chip that performs security-critical operations in hardware. The FBI has denied that the technique involves copying storage chips.

So while the details of the technique remain classified, it’s reasonable to assume that any security technology can be broken given sufficient resources. In fact, the technology industry’s dirty secret is that most products are frighteningly insecure.

[Read more…]

Facebooktwittermail

FBI signed $15 million contract with Apple vendor, Cellebrite; parent company’s stock soars

Fortune reports: The U.S. government’s announcement Monday that it hacked into the San Bernardino terrorist’s iPhone ended the FBI’s legal feud with Apple. But while many observers thought the incident left both the FBI and Apple looking foolish, there does appear to be a winner emerging from the case.

Shares of Suncorp, a Japanese technology company traded on the Tokyo stock exchange (ticker: 6736), soared 17% on Tuesday following the government’s court declaration that it “successfully accessed the data stored on [Syed] Farook’s iPhone.” In all, Suncorp’s shares have more than doubled in the six weeks since February 16, when Apple published its letter refusing to help the FBI.

Suncorp, which specializes in mobile data transfer as well as equipment for a popular Japanese pinball-like game called pachinko, owns Cellebrite, the Israel-based company that reportedly helped the FBI crack the iPhone.

Apple’s stock, meanwhile, was up just about 2% Tuesday afternoon, despite the fact that it is now free of legal expenses relating to the FBI case as well as the technological burden the government tried to impose.

Suncorp’s shares started rising last month, and really took off after the government said last Wednesday that an “outside party” had demonstrated “a possible method for unlocking” the iPhone. An Israeli newspaper quickly identified the unnamed company as Cellebrite, a government contractor that makes a mobile forensic device for extracting and decoding data from smartphones and tablets. Since then, Suncorp’s stock has risen nearly 40%, while Japan’s Nikkei 225 stock market index has been basically flat, and fell slightly on Tuesday.

The odd thing about the company’s dramatic stock rise is that neither the FBI nor Suncorp has confirmed the company was involved in unlocking the phone. In fact, the FBI has said very little so far about how it might have cracked the iPhone. [Continue reading…]

The Daily Beast reports: The FBI has said practically nothing about the “tool” that helped the FBI get inside the phone, as a U.S. law enforcement official called it in a hastily arranged press conference on Monday evening. Nor would the official say whether investigators might use it again on the dozen or so other iPhones the FBI is reportedly trying to gain access to, or whether the bureau would share the tool with local law enforcement agencies, who are believed to have hundreds of phones just waiting to be cracked.

“I think the best answer I can give you is it’s premature to say anything about our ability to access other phones,” said the official, who discussed the case with reporters on condition of anonymity and said almost nothing about where the FBI will go from here.

But he didn’t have to. Comey’s earlier remarks, coupled with the government’s decision to drop the warrant request, sent a message to other tech companies: Work with us, or don’t. We’ll get what we need without you.

Notably, the U.S. official didn’t say whether the FBI would disclose its newfound technique to Apple, which has a vested interest in protecting the security and privacy of its customers. But Cellebrite, an Israeli company, has been identified in some news accounts as the company that came to the FBI’s rescue. It signed a contract with the bureau worth more than $15 million last week.

In other words: The American government may have used foreign hackers to crack the signature product of America’s top technology company.

But it’s hard to imagine Apple didn’t have some idea what was coming. One of Cellebrite’s other clients is Apple itself. [Continue reading…]

Facebooktwittermail

FBI adds two Syrian hackers to its most-wanted list for cybercriminals

The Atlantic reports: In late April 2013, a tweet from the Associated Press claimed that a pair of explosions at the White House had injured President Barack Obama. Markets reacted nearly instantly, sending stocks plunging. But when, a short time later, Press Secretary Jay Carney told reporters there was no explosion, the market quickly righted itself.

The news organization’s Twitter account was hacked, it turned out. A group calling itself the Syrian Electronic Army claimed credit. In only a few minutes, their rogue tweet demonstrated the market-moving power of 140 characters sent from a credible source.

The Syrian Electronic Army has also defaced websites belonging to the U.S. Marines, Harvard University, and Human Rights Watch, as well as websites and Twitter feeds of other major news organizations like the BBC, CNN, and The Washington Post. The group’s members remained anonymous, going by pseudonyms like “The Shadow” and “The Pro.”

But on Tuesday, the Justice Department revealed the identity of three members of the group, charging them with computer hacking and placing two of them on the FBI’s “Cyber’s Most Wanted” list. The FBI is offering a $100,000 bounty for information leading to their arrest. [Continue reading…]

Facebooktwittermail