Tag Archives: privacy

What Does Your Cell Know About You?

What Your Cell Knows About You

By Hilary Hylton

From crucial tracking evidence in the Scott Peterson murder trial to exculpatory call records in the Duke alleged rape case, cell phones have emerged as an important resource for both criminal investigators and defense lawyers. Now a small group of international forensic code breakers is working to go beyond the obvious and familiar — the call logs and address books — and tap deeper into our phones, into a hidden gold mine of personal information. Their work is prompting kudos from crime busters while raising concern among civil libertarians.

“Cell phones are ubiquitous in today’s world and nearly all crimes have a digital component to them,” says Rick Mislan, an assistant professor of computer and information technology at Purdue University. Mislan, a former U.S. Army electronic warfare officer, is one of a handful of experts working on forensic methods to access the inner secrets in cell phones. Twenty years ago it would have taken a police agency months of shoe leather and paper hunting to assemble the kind of information that is available on a cell phone’s internal memory and which can be extracted by a deep probe. Says Chris Calabrese of the American Civil Liberties Union technology and liberty program: “They contain a great amount of information that essentially is a subjective picture of our habits, our friends, our interests and activities, and now some even have location tracking.”

Most cell phone owners think simply removing a phone’s SIM card removes personal information, but the phone’s internal memory, even communication exchanged between the phone and its server, remain. Phone manuals detail how to perform multiple reset commands to erase personal information and some online recycling phone services offer command sets for specific phones, but most people never bother to go through the tedious process, Mislan says. For example, child predators who stalk “moblogs” — the cell phone equivalent of web blogs that are popular with young phone users — may believe they have deleted text messages and postings, but the evidence may still exist within the phone’s memory. Mislan recently examined the cell phone of an alleged child pornography ringleader and pulled off 250 “deleted” contacts from its memory.

However, few U.S. law enforcement agencies have the forensic tools at hand and criminals often exploit that advantage, stymieing investigators with simple if crude methods. Drug dealers, Mislan says, will buy throwaway phones, assign distinctive rings to customers or suppliers, and then destroy the screen, leading an arresting officer to believe the phone is broken or the phone’s information is inaccessible. (Old-style forensics often means laboriously photographing cell phone screen after cell phone screen to record evidence.)

Typically, law enforcement agencies rely on simply “thumbing through” a cell phone to retrieve data, says Sgt. Michael Harrington, a detective with the Michigan State police. Another tool, as anyone who has watched the nightly cable crime news shows knows, is “pinging” a phone to search for its location, helpful in missing-persons cases and in tracking suspects. A more complex forensic approach now available utilizes a command system developed in the late 1970s to initialize modems to ask the phone specific questions about the information it may be storing. Those commands, known as AT, were one of the tools 17-year-old hacker George Hotz used to unlock his iPhone from the AT&T network. “Coming into this project I didn’t know that cell phones used AT commands,” Hotz wrote on his blog last week, as he thanked his fellow hackers for their help.

But not all cell phones respond to modem-style commands and some cell phone developers are often loath to share their proprietary technology. Nokia phones are particularly hard to crack, Harrington says. In the U.S. alone there are over 2,000 models of phones — and even within one model line there may be a dozen phones using different codes for each function. “We are in a constant state of catch-up — a company rolls out new models every three to six months,” Mislan says. The Holy Grail for the cell phone code breakers is to develop a forensics tool — a “Swiss Army knife” as Harrington calls it —that can be used easily in the field.

Europe’s single, standardized GSM network, as opposed to the multi networks — GSM, CDMA and iDEN found in the U.S. — gave European forensics investigators an edge as they began to develop ways of accessing a phone’s internal memory. Two of the leading cell phone forensics experts are British — West Yorkshire Detective Constables Steve Hirst and Steve Miller. Like their American colleagues — “tinkerers” as Mislan calls them — the two spend their evenings buying up old cell phones on eBay, deconstructing and decoding them, and then sharing their research online with colleagues around the world.

In Europe, Constable Miller says, so-called “flasher boxes” are used to hold a cell phone’s memory while repairs are under way. The boxes are the size of a deck of cards and come with about 100 cables that can be connected to specific data points on different phones and offer direct access to memory. Flasher technology allows the investigator to do a “hex dump” of the cell phone’s memory — a large amount of hexadecimal code — and then write software to decode the information. It is not the 30-second process seen on the popular CSI television shows, but can take hours of downloading, followed by days and weeks of software development, but the results can be revealing. “You get a fingerprint of who the person is,” says Harrington. Recently, Dutch forensics experts were able to extract vital information via hex dump from the remains of a phone, shattered and soaked in blood and water. “Let’s talk about hex!” is the slogan on phone-forensics.com, a popular online forum where the code breakers chat.

Meanwhile, the demands on the code breakers exceed their ranks, despite a growing number of computer and cell phone forensics programs at U.S. universities. Recently, an Indiana state prison official handed Mislan a bag of smuggled phones confiscated from inmates who are suspected of using them to conduct criminal activities from behind bars, but Mislan says that because of other investigative work, it will be six to 12 months before he has the time to take a look at them.

The legal system also is not keeping pace with forensic investigation methods. There have been several conflicting appellate opinions on warrantless cell phone searches and the law is not “settled” at this point, ACLU’s Calabrese says. Just as emerging fingerprint and DNA technologies were challenged, cell phone evidence is under scrutiny. In the meantime, all of us — innocent citizen and criminals alike — continue to pump ever more data into cell phones and PDAs, those indispensable companions that have so much to say about us.

Read more: SOURCE

Rise of the Machines

New Police Drone Near Houston Could Carry Weapons

By Stephen Dean

CONROE, Texas — A Houston area law enforcement agency is prepared to launch an unmanned drone that could someday carry weapons, Local 2 Investigates reported Friday.

The Montgomery County Sheriff’s Office in Conroe paid $300,000 in federal homeland security grant money and Friday it received the ShadowHawk unmanned helicopter made by Vanguard Defense Industries of Spring.

A laptop computer is used to control the 50-pound unmanned chopper, and a game-like console is used to aim and zoom a powerful camera and infrared heat-seeking device mounted on the front.

“To be in on the ground floor of this is pretty exciting for us here in Montgomery County,
” Sheriff Tommy Gage said.
He said the Unmanned Aerial Vehicle (UAV) could be used in hunting criminals who are running from police or assessing a scene where SWAT team officers are facing an active shooter.
Gage said it will also be deployed for criminal investigations such as drug shipments.

“We’re not going to use it to be invading somebody’s privacy. It’ll be used for situations we have with criminals,” Gage said.

It could have been used to help firefighters in the recent tri-county wildfires, he said, and it also could be handy in future scenarios like a recent search for a missing college student in The Woodlands.

In 2007, Local 2 Investigates uncovered a secret Houston Police Department test of a different kind of drone, fueling a nationwide debate over civil liberties and privacy.

A constitutional law professor and other civil liberties watchdogs told Local 2 Investigates that questions about police searches without warrants would crop up, as well as police spying into back yards or other private areas.

HPD fueled that 2007 controversy even further by suggesting that drones could be used for writing speeding tickets.
The backlash prompted Mayor Annise Parker to scrap HPD’s plans for using drones when she took office.

Gage said he is aware of those concerns.
No matter what we do in law enforcement, somebody’s going to question it, but we’re going to do the right thing, and I can assure you of that,” he said.

He said two deputies are finishing their training and should be ready to fly police missions within the next month.
Tapped to operate the Montgomery County Sheriff’s helicopter UAV are Sgt. Melvin Franklin, a licensed pilot, and Lt. Damon Hall, who heads the department’s crime lab and crime scene unit. The sheriff said Hall’s SWAT team background will assist the department in using the new tool on hostage standoffs or active shooter events.

The ShadowHawk chopper was displayed on a small conference room table as it was unveiled Friday. It displayed a sheriff’s logo and flashing blue lights on the side. On the front of the chopper, a grapefruit sized back unit houses the camera and Forward Looking Infra-Red (FLIR) sensor that can detect heat from a gun or a suspect’s body.

Deputies said they can quickly switch between day and night vision on the camera, which is zoomed and moved from side to side by a game-like console inside a police command vehicle on the ground.

The display shows up on a small TV-like box, while the actual flight controls are handled from a laptop computer.
Michael Buscher, chief executive officer of manufacturer Vanguard Defense Industries, said this is the first local law enforcement agency to buy one of his units.

He said they are designed to carry weapons for local law enforcement.
“The aircraft has the capability to have a number of different systems on board. Mostly, for law enforcement, we focus on what we call less lethal systems,” he said, including Tazers that can send a jolt to a criminal on the ground or a gun that fires bean bags known as a “stun baton.”
You have a stun baton where you can actually engage somebody at altitude with the aircraft. A stun baton would essentially disable a suspect,” he said.
Gage said he has no immediate plans to outfit his drone with weapons, and he also ruled out using the chopper for catching speeders.

“We’re not going to use it for that,” he said.
Chief Deputy Randy McDaniel said, “I’m tickled to death” about using the drone, pointing out that in his years of police work he could imagine countless incidents having ended more quickly and easily.

“It’s so simple in its design and the objectives, you just wonder why anyone would choose not to have it,” said McDaniel.
At the same time Houston police were testing a different drone, the Miami-Dade Metro Police department was also taking test flights of a helicopter UAV, and the Federal Aviation Administration said that department is now using its drone for local police work.

The San Diego Police Department also made local headlines in 2008 for beginning its own flights with a fixed-wing UAV.
But Les Dorr, an FAA spokesman in Washington, said very few local police departments actually have the required certificate of authorization (COA) to fly police missions nationwide.

He said Montgomery County is the first COA by a local police department in all of Texas.

In September 2008, the Government Accountability Office issued a 73-page report that raised issues about police drones endangering airspace for small planes or even commercial airliners.

The report’s author, Gerald Dillingham, told Local 2 Investigates that 65 percent of the crashes of military drones on the battlefield were caused by mechanical failures.
He said a police UAV could lose its link to the ground controllers if wind knocks the aircraft out of range or the radio frequencies are disrupted.

“If you lose that communication link as the result of that turbulence or for any other reason, then you have an aircraft that is not in control and can in fact crash into something on the ground or another aircraft,
” said Dillingham.

Pilots of small planes expressed those concerns in the original 2007 Local 2 Investigates reporting on police drones, and the FAA reported then that police departments across the country were lining up to apply for their own drones.

At Montgomery County, Franklin said an onboard GPS system is designed to keep the UAV on target and connected with the ground controllers. He said coordinates are plotted in advance and a command is given for the UAV to fly directly to that spot, adjusting to turbulence and other factors. He said he and the other controller can alter “waypoints” quickly on the laptop to move the chopper to areas that had not previously been mapped out. He said the aircraft moves at a speed of 30 knots, which he said makes it unsuitable for police pursuits.
Small aircraft pilots have expressed concerns that drones cannot practice the “see and avoid” rule that keeps aircraft from colliding in mid-air. Since the camera may be aimed somewhere else, pilots said police controllers may not be able to see and avoid other aircraft in the area during a sudden police emergency.

Gage said he would take every concern into account as his UAV is deployed.

The only routine law enforcement flights inside the United States over the past four years have been the Department of Homeland Security’s Immigration and Customs Enforcement. Their border flights over Texas and Arizona have included one crash, where the drone lost its link to the ground controller.

SOURCE

……Hello, NSA!

Prepare to Have Your Email Read by the NSA

Custom Search

Adam Clark Estes Jun 17, 2011

With a new major hacking incident seemingly daily, the Department of Defense is scrambling to find the right shield against future for attacks. But why hide behind a shield when you can charge onto the battlefield underneath the invisible but ironclad cloak of the National Security Agency? That’s exactly how the DoD is mounting it’s first strike back at the hackers–a preemptive strike that will increase online surveillance at defense contractors by partnering with internet service providers for privileged access to the rivers of data flowing through their cables. AT&T, Verizon and CenturyLink are all on board.

Giving the NSA more access to the same internet tubes that power your Gmail account sounds a little invasive. At least that’s what James X. Dempsey, vice president for public policy at the civil liberties watchdog group the Center for Democracy and Technology. “We wouldn’t want this to become a backdoor form of surveillance,” Dempsey told The Washington Post, referring to the pilot program that DoD insists will remain limited to the contractors working closely with the government.

“The U.S. government will not be monitoring, intercepting or storing any private-sector communications,” Deputy Secretary William J. Lynn III said Thursday at a global security conference in Paris. However, he added, “We hope the … cyber pilot can be the beginning of something bigger. It could serve as a model that can be transported to other critical infrastructure sectors, under the leadership of the Department of Homeland Security.”

Citing recent attacks on government contractors like Lockheed Martin, Lynn is taking a defensive stance on the privacy issue–pun intended. In other words, the NSA program will test out what some would call surveillance techniques on outside parties, and when the program is ready, it’s not out of the question that the government would move it to the private sector. It makes sense that the DoD is being aggressive. As Reuters reports, the government is getting pretty desperate:

Terabytes of data are flying out the door, and billions of dollars are lost in remediation costs and reputational harm, government and private security experts said in interviews. The head of the U.S. military’s Cyber Command, General Keith Alexander, has estimated that Pentagon computer systems are probed by would-be assailants 250,000 times each hour.

Cyber intrusions are now a fact of life, and a widely accepted cost of doing business.

“We don’t treat it as if it’s here today, gone tomorrow,” said Jay Opperman, Comcast Corp.‘s senior director of security and privacy. “It’s like an insect infestation. Once you’ve got it, you never get rid of it.”

We all saw Men in Black. And Hackers. And The Matrix. Sometimes, in the face of an invasion, the government ought to protect itself and its citizens from danger. That’s basically why an institution like the Department of Defense exists–nobody will argue with that.

But another sort of danger is the fact that, in the context of cybercrime, the public understands so very little about the terms of the government’s efforts. Poll Middle America about what “DDoS attack” or “Stuxnet-like weapons” are. Even the term “fingerprints of malicious code” from The Washington Post coverage of the NSA surveillance program leaves lots of leeway for better informed officials to define the rules of engagement. By its very nature a virtual attack is much harder to visualize than a missile heading to Washington DC. Apologies for the Cold War-style reference, but the Pentagon seems as confused now as they did then about how to balance the actual defense against cyber attackers and the propaganda campaign to win the public’s support.

Which brings us to the mixed messages problem. The other line of narrative around the internet and government protecting the people is a presumably more docile one: the struggle for privacy in the age of Facebook. As enterprising Senators go head to head with the social network and the Google and everyone, lambasting them for deceitfully monitoring American citizens with their confusing privacy policies and location tracking programs, news of a clandestine agreement between internet service providers and the NSA, the most secret of the secret agencies, feels kind of icky. Like a hypocritical bed bug invasion or something.

SOURCE