Dirty Politician: Rick Renzi indicted
Saturday, February 23, 2008
More InfraGard FUD and misinformation
Barnett first goes wrong when he writes:
First, there isn't a "distinct tradeoff." There is no "quid pro quo" required of InfraGard members. All InfraGard members get the same access to bulletins as the others, regardless of whether they share information back. There are some specific sector-oriented subgroups that share information only with each other (and such private groups also exist independently of InfraGard, such as the sector Information Sharing and Analysis Centers, or ISACs). The FBI may come to a company from time to time with specific threat information relevant to them (I've seen this happen once with respect to my own company), but that happens whether a company is a member of InfraGard or not. (Where InfraGard membership might give added benefit is that the FBI knows that the InfraGard member has undergone some rudimentary screening. There are companies that are set up and run by con artists, as well as by foreign intelligence agents, believe it or not, and where there is apparent risk of such a setup, the FBI is obviously going to be less forthcoming than with somebody they already know.)InfraGard’s stated goal “is to promote ongoing dialogue and timely communications between members and the FBI.” Pay attention to this next part:
Infragard members gain access to information that enables them to protect their assets and in turn give information to government that facilitates its responsibilities to prevent and address terrorism and other crimes.I take from this statement that there is a distinct tradeoff, a tradeoff not available to the rest of us, whereby InfraGard members are privy to inside information from government to protect themselves and their assets; in return they give the government information it desires. This is done under the auspices of preventing terrorism and other crimes. Of course, as usual, “other crimes” is not defined, leaving us to guess just what information is being transferred.
Second, "not available to the rest of us" suggests that InfraGard membership is difficult to come by. It's not. I suspect Mr. Barnett himself could be approved, as could whoever does IT security for his company.
Third, there's no need to guess about the "other crimes." The FBI's own priority list tells you:
1. Protect the United States from terrorist attack. (Counterterrorism)
2. Protest the United States against foreign intelligence operations and espionage. (Counterintelligence)
3. Protect the United States against cyber-based attacks and high-technology crimes. (Cyber crime)
4. Combat public corruption at all levels.
5. Protect civil rights.
6. Combat transnational/national criminal enterprises.
7. Combat major white collar crime.
8. Combat significant violent crime.
9. Support federal, state, local, and international partners.
10. Upgrade technology to successfully perform the FBI's mission.
Some might question this list, in particular #5, on the basis of the FBI's past record, but my interactions with law enforcement lead me to believe that there are many who do take #5 quite seriously and would challenge and speak out against actions contrary to it. I was at an InfraGard conference in New Mexico yesterday at which an exchange occurred that went something like this:
Me: I work for a global telecommunications company.
He: You're not one of those companies that's been eavesdropping on us, are you?
Me: No.
He: Good.
"He" was a member of New Mexico's InfraGard--and a member of law enforcement. I'll have more to say about warrantless wiretapping in a moment.
The real issue with this list is that the top two are probably misplaced, and 6-8 (and #10!) have been suffering, as I've previously written about.
Barnett goes on:
Since these members of InfraGard are people in positions of power in the “private” sector, people who have access to a massive amount of private information about the rest of us, just what information are they divulging to government? Remember, they are getting valuable consideration in the form of advance warnings and protection for their lives and assets from government. This does not an honest partnership make; quite the contrary.There are several key ways in which private industry helps the FBI through InfraGard. One is securing their own infrastructure against attacks so that it doesn't create a problem that the FBI needs to devote resources to. Two is by bringing criminal issues that are identified by private companies to the attention of the FBI so that it can investigate and bring prosecutions. Three is by assisting the FBI in its investigations by explaining what evidence that requires technical skills to understand means, and giving them guidance in how to successfully track down criminals.
Barnett goes on to talk about Rep. Jane Harman's bill in Congress, HR1955/S.1959, which I've also briefly commented on at this blog, and makes some significant errors of fact. He writes this this bill "if passed, will literally criminalize thought against government." That's false--the bill doesn't criminalize anything, it just creates a commission that will write a report and make recommendations. That commission has no law enforcement powers of any kind, not even the power of subpoena. Barnett also mistakenly thinks that this bill contains a reference to InfraGard. He writes:
S.1959, if passed, will be attached to the Homeland Security Act and InfraGard is already a part of the Department of Homeland Security. This is not a coincidence. Under section 899b of S.1959 it is stated:Preventing the potential rise of self radicalized, unaffiliated terrorists domestically cannot be easily accomplished solely through traditional Federal intelligence or law enforcement efforts, and can benefit from the incorporation of State and local efforts.This appears to be a direct reference to the InfraGard program.
The reference to "the incorporation of State and local efforts" into "traditional Federal intelligence or law enforcement efforts" in counterterrorism contains no reference to private partnerships, only to combining law enforcement efforts at federal, state, and local levels. This is a reference to what are called "fusion centers," like the Arizona Counter-Terrorism Information Center (ACTIC). The people who work in those centers are people from government agencies (at the federal, state, and local levels) with government security clearances. InfraGard in Phoenix does partner with ACTIC, which in practice means that ACTIC representatives give presentations to InfraGard (all of which I believe have also been open to the general public), ACTIC shares threat information with InfraGard much like the FBI does, and that InfraGard members are encouraged to report potential terrorist tip information to ACTIC. (ACTIC also encourages the general public to do this, which I think is far more likely to waste resources than identify any actual terrorists.)
Note that Barnett is mistaken when he writes that InfraGard is part of the Department of Homeland Security. InfraGard is not a government agency or part of a government agency--it is a non-governmental organization, or actually a collection of non-governmental organizations, which are 501(c)(3) nonprofits, with leadership provided by board members who are InfraGard members. Each chapter has a coordinator from the FBI who is not on the board. The FBI provides guidance and suggestions, but the organizations are run by the boards.
Now Barnett goes into Matt Rothschild territory when he writes: "I’m just speculating, of course, but is it possible that InfraGard will be a domestic police and spying arm for the government concerning “thought crime”?" It's not just speculation, it's uninformed speculation. InfraGard is not part of government and has no police powers of any kind. I've previously addressed the degree to which I think the "spying" is a risk--I think it's relatively low, but worth talking about.
Barnett continues in a Rothschild vein when he says "InfraGard, on the other hand, is an organization cloaked in secrecy. It holds secret meetings with the FBI." This talk of InfraGard being "cloaked in secrecy" is grossly exaggerated. The group has fairly open membership and most meetings are open to the public. When there are meetings restricted to membership, those typically wouldn't be accurately described as "secret meetings with the FBI." I and other members of InfraGard have had private meetings with FBI agents with respect to particular investigations, but it would be inaccurate to describe those as "InfraGard meetings." Law enforcement by its very nature requires a high degree of confidentiality for ongoing investigations, but it is a mistake to infer that this means conspiratorial plotting or spying.Towards the end of his article, Barnett talks about warrantless wiretapping, telecom immunity, and the secrecy of InfraGard membership:
Considering the recent attempts by President Bush and his administration to protect many telecommunications companies and executives from prosecution for releasing private information, how many of the top telecom executives are members of InfraGard? I, for one, would be very interested in this information, but alas, it is not public information; it is secret.What's the sense in which InfraGard membership is secret? Only in that it's not made available to the general public. Barnett writes that "no one outside InfraGard is to know who is a member unless previous approval has been given," but this is his misinterpretation of a guideline he quotes, not what it says. There's nothing prohibiting an InfraGard member from identifying themselves as such, only from identifying others as such without their consent. And if you're going to speak on behalf of InfraGard, you need to get approval from the organization first. (And note that I'm not speaking on behalf of InfraGard here, and have had no approval from InfraGard for what I've written on my blog.) If you're an InfraGard member, you have access to the online directory of InfraGard members. If Barnett is really interested in knowing who is a member, all he has to do is join.
As for "how many of the top telecom executives are members of InfraGard," I haven't looked, but I would be willing to wager that the answer is none. I know that none of the members of the "Senior Leadership Team" of my company are members of InfraGard, though my boss, our VP of Global Security, heads the Rochester, NY chapter of InfraGard. Senior executives of large corporations don't have time or interest to belong to InfraGard, and it's not really geared to them, as opposed to members of their physical and IT security organizations.
And as for warrantless wiretapping (I said I'd get back to it), InfraGard has nothing to do with that and it's foolish to think that it would. That activity has involved direct relationships between incumbent telecom providers (AT&T certainly, and probably Verizon as well) and the National Security Agency, with information restricted to employees holding government security clearances on a "need to know" basis, as the ACLU and EFF lawsuits have revealed. These relationships also probably include commercial relationships, and have included movement of personnel from one to the other--for example, AT&T has a Director of Government Solutions who came from the NSA. InfraGard members, many if not most of which hold no government security clearances, are not in the loop on that activity. (For that matter, I suspect few FBI personnel are in the loop on that, either.)
I find it discouraging that articles like Barnett's are written and published. Such inaccurate information serves to distract from real issues and real government abuses and to discredit those who repeat it, when they have other things to say that are worth hearing, paying attention to, and acting upon. I hope that Barnett and FFF will strive for greater accuracy in the future.
Thursday, February 21, 2008
Canada busts 17 in botnet ring
This barely scratches the surface of online criminal activity. Niels Provos of Google did a study (PDF) that found that of 4.5 million websites scanned between March of 2006 and February of 2007, 450,000 of them attempt to load malware on visiting machines. Sophos' similar survey in July of last year that found that 29% of websites host malware, 28% host porn or gambling content, and 19% are spam-related. Drive-by malware installations (where merely visiting a website causes malware to be loaded onto your machine) are definitely the method of choice for creating botnets today. I recommend using Firefox with the NoScript plugin and the MyWOT plugin to help prevent getting infected by such sites.
Tomorrow, I'll be attending a New Mexico InfraGard conference at which I hope to learn more about recent malware trends (and get my copy of Catch Me If You Can and/or The Art of the Steal autographed by their author). This is another one open to the general public, so I expect no talk about "shoot to kill" powers except in jest.
UPDATE (February 22, 2008): I'm quoted in Brian Jackson's article on the Quebec botnet hacker bust on itbusiness.ca. I'm not entirely happy with the quotes attributed to me--I didn't say "tens of millions," though I said there have been botnets with more than a million hosts, and there are multiple millions of compromised hosts out there. If tens of millions is not accurate today, it will be in the future. The other quotation about IRC got a little bit garbled, but is not far off--I made the point that the bots of today have evolved from a combination of IRC bots of the past combined with denial of service attack tools, remote access trojans, and other malware, and many of them still use IRC as their mode of communication.
Con artists in desperate need of money
The second call, on February 12, gave caller ID of 866-526-9732, and said that I had won a no-catch, all-expenses-paid vacation for two, and asked me for my name and number so that I could be called and told where to pick it up. Unfortunately, it hung up on me while I was trying to provide a fake name and real phone number, so that I could identify the caller and sue them.
The third call, today, gave caller ID of 44-207-414-4370 and was offering a credit card deal to "reduce my interest rate." Again the wording expressed urgency about a limited-time offer and made it sound like it was with regard to a card I already hold. This time, I asked the human operator (after waiting quite some time to get one) what company he's with. I had to ask three times--he kept repeating his script about "any Mastercard or Visa," and I kept saying "no, what company are YOU with." Finally, he said "United Debt Aid," which is no doubt a fake name. I asked him to put me on their do-not-call list and again was hung up on as I was telling him he was working for a bunch of criminals. I didn't get a chance to ask for a written do-not-call policy from any of these three, but I'm sure they don't have them since they're violating the law in several ways already. Prerecord calls with advertising to cell phones are flat out illegal, just as prerecord calls with advertising to residential phones is illegal (without an existing business relationship, according to the FCC, which has incorrectly added an exception not present in the actual statute). So is falsifying caller ID information, so is failing to identify the business calling or on whose behalf the call is being made. So is failing to put me on their do-not-call list, and so is failing to send a written do-not-call policy upon request.
If anybody happens to come across more information that might identify who is behind these calls, let me know--I'd love to sue them.
UPDATE (February 25, 2008): I got another auto warranty one today, Caller ID said 442074791697 and it began "Your auto warranty has expired" and claimed they had been trying unsuccessfully to contact me via mail--two lies in the first two sentences. I pressed 1 to talk to a live operator, who immediately asked me for the year and make of my car. I asked what company is providing the warranty, and he hung up on me. Apparently any questioning at all is reason for these scammers to proceed to the next call recipient.
UPDATE (March 27, 2008): I received two more of these in quick succession--one on March 17 (auto warranty call from 505-217-2684) and one on March 19 (credit card rate reduction call from 305-654-1842).
ConsumerAffairs.com has a story about ripoff auto warranties sold by companies in St. Louis.
Verizon Wireless has filed a law suit against John Does to go after these auto warranty calls.
UPDATE (April 7, 2008): Another auto warranty one, from 305-672-6663.
I believe that at least some of these calls are coming from businesses run by former associates of Fax.com, a defunct broadcast fax and prerecord telemarketing business that received a $5,379,000 fine from the FCC in 2002 which was never collected, and was successfully sued by the D.C. law firm of Covington & Burling for $2.3 million in 2003, which I believe was also never collected. The legal system is not good at dealing with these sorts of criminals, because it's all being left to civil enforcement, when these are the kind of people who need to be thrown in jail.
UPDATE (April 10, 2008): Another from "Heather at account services," caller ID 561-482-7092, for credit card rate reduction. The human being I spoke with confirmed that she's in Boca Raton, FL--on a previous call the company was identified as "United Debt Aid" in Boca Raton.
UPDATE (August 11, 2008): There's a wealth of information about these calls and who's behind them at the Stopping Heather Forums.
Wednesday, February 20, 2008
Scientology critic Shawn Lonsdale dies
His protests against Scientology had declined last year, when he didn't renew the domain registration for his critical website and stopped posting much on his blog. His conflict with Scientology began and peaked in 2006, when Scientology-hired PI's dug up and publicized his two misdemeanor convictions for lewd and lascivious conduct, and subpoenaed him for a deposition regarding their claim that he was an agent of a group prohibited from protesting in downtown Clearwater. I would guess that the group in question was the Lisa McPherson Trust, and that the prohibition was the result of a legal settlement.
Lonsdale appeared in the BBC Panorama episode on Scientology, which can be found on YouTube in its entirety.
Michael Shermer on Anonymous protest of Scientology
Cayman Islands bank gets Wikileaks taken offline
Wikileaks, the whistleblower site that recently leaked documents related to prisons in Iraq and Guantanamo Bay, was taken offline last week by its U.S. host after posting documents that implicate a Cayman Islands bank in money laundering and tax evasion activities.
In a pretty extraordinary ex-parte move, the Julius Baer Bank and Trust got Dynadot, the U.S. hosting company and domain registrar for Wikileaks, to agree not only to take down the Wikileaks site but also to "lock the wikileaks.org domain name to prevent transfer of the domain name to a different domain registrar." A judge in the U.S. District Court for Northern California signed off on the stipulation between the two parties last week without giving Wikileaks a chance to address the issue in court.
The Julius Baer Bank, a Swiss bank with a division in the Cayman Islands, took issue with documents that were published on Wikileaks by an unidentified whistleblower, whom the bank claims is the former vice president of its Cayman Islands operation, Rudolf Elmer. The documents purport to provide evidence that the Cayman Islands bank helps customers hide assets and wash funds.
After failing to convince Wikileaks to take down the documents, the bank went after its U.S. hosting service, which responded by agreeing not only to remove the Wikileaks account from Dyndadot's server but also to help prevent Wikileaks from moving its site to a different host.
Wikileaks is actually still online, even though its domain has been taken out of its control in this highly unusual and inappropriate move by the courts. Bank Julius Baer and its attorneys are making a huge mistake that is now going to drive far more attention to the documents in question than they would have received otherwise.
Wikileaks publishes the correspondence between the organization and the bank's attorneys, in which they refuse to identify their client or the specific documents that they take issue with.Wikileaks board member Julian Assange (author of the security tool "strobe" and technical advisor and researcher for the excellent book Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier, by Suelette Dreyfus), has been quoted saying that Wikileaks will continue to publish:
"The order is clearly unconstitutional and exceeds its jurisdiction," Wikileaks spokesman Julian Assange said in the e-mail statement issued from Paris on Monday. "Wikileaks will keep on publishing. In fact, given the level of suppression involved in this case, Wikileaks will step up publication of documents pertaining to illegal or unethical banking practices."Wikileaks was set up primarily to allow the leaking and publishing of documents from non-Western authoritarian regimes, but it has gotten the most press for its earlier leak of the Guanatanomo Bay operating manual and now for this report of a Cayman Islands/Swiss bank's activities.
In my opinion, Wikileaks is subject to abuse--just like the Internet in general, as well as newspapers and other forms of publication--but that organizations which attempt to use trade secret and copyright law as a tool to conceal illegal or immoral activity should not be permitted to succeed. This particular case appears to be somewhat complex and based on a particular whistleblower's account, and if it only involves tax avoidance (as opposed to evasion), then it doesn't involve the violation of any laws. It is, however, clearly inappropriate for the entire site to be shut down just because of a few specific documents from one case--that would be like shutting down Wikipedia because of the content in one set of articles, or shutting down Blogger because of material posted on one blog. That's the kind of censorship we have seen from some authoritarian regimes in response to critical material, but it's not how the law should work in the United States.
UPDATE (March 4, 2008): Judge White wisely reversed his decision and Wikileaks.org is back at its own domain name.
Sunday, February 17, 2008
Malware in digital photo frames
The SANS Internet Storm Center has documented more details here and here.
As more and more devices have built-in storage and can be connected via USB to PCs, we'll see more and more attacks like this.
Saturday, February 16, 2008
Friday, February 15, 2008
FBI responds to "shoot to kill" claims about InfraGard
In short, the article's claims are patently false. For the record, the FBI has not deputized InfraGard, its members, businesses, or anything else in the program. The title, however catchy, is a complete fabrication. Moreover, InfraGard members have no extraordinary powers and have no greater right to "shoot to kill" than other civilians. The FBI encourages InfraGard members -- and all Americans -- to report crime and suspected terrorist activity to the appropriate authorities.The FBI response also states that Rothschild has "refused even to identify when or where the claimed 'small meeting' occurred in which issues of martial law were discussed," and promises to follow up with further clarifying details if they get that information.
I've updated my own response to Rothschild to include the above information.
Subscribe to:
Posts (Atom)
Posts
