Archive for the ‘FBI’ Category


Monday, February 5th, 2018


From the webpage:

From February 5-9, 2018, libraries, archives, and other cultural institutions around the world are sharing free coloring sheets and books based on materials in their collections.

Something fun to start the week!

In addition to more than one hundred participating institutions, you can also find instructions for creating your own coloring pages.

Any of the images you find at Mardi Gras New Orleans will make great coloring pages (modulo non-commercial use and/or permissions as appropriate).

The same instructions will help you make “adult” coloring pages as well.

I wasn’t able to get attractive results for Pedro Berruguete Saint Dominic Presiding over an Auto-da-fe 1495 using the simple instructions but will continue to play with it.

High hopes for an Auto-da-fe coloring page. FBI leaders who violate the privacy of American citizens as the focal point. (There are honest, decent and valuable FBI agents, but like other groups, only the bad apples get the press.)

Discrediting the FBI?

Friday, February 2nd, 2018

Whatever your opinion of the accidental U.S. president (that’s a dead give away), what does it mean to “discredit” the FBI?

Just hitting the high points:

The FBI has a long history of lying and abuse, these being only some of the more recent examples.

So my question remains: What does it mean to “discredit” the FBI?

The FBI and its agents are unworthy of any belief by anyone. Their own records and admissions are a story of staggering from one lie to the next.

I’ll grant the FBI is large enough that honorable, hard working, honest agents must exist. But not enough of them to prevent the repeated fails at the FBI.

Anyone who credits any FBI investigation has motivations other than the factual record of the FBI.

PS: The Nunes memo confirms what many have long suspected about the FISA court: It exercises no more meaningful oversight over FISA warrants than a physical rubber stamp would in their place.

Google About to Publicly Drop iPhone Exploit (More Holiday News!)

Friday, December 8th, 2017

The Jailbreaking Community Is Bracing for Google to Publicly Drop an iPhone Exploit by Lorenzo Franceschi-Bicchierai.

From the post:

Because exploits are so valuable, it’s been a long time since we’ve seen a publicly accessible iPhone jailbreak even for older versions of iOS (let alone one in the wild for an up to date iPhone.) But a tweet sent by a Google researcher Wednesday has got the security and jailbreaking communities in a frenzy. The tweet suggests that Google is about to drop an exploit that is a major step toward an iPhone jailbreak, and other researchers say they will be able to take that exploit and turn it into a full jailbreak.

It might seem surprising that an iPhone exploit would be released by Google, Apple’s closest competitor, but the company has a history of doing so, albeit with less hype than this one is garnering.

Ian Beer is a Google Project Zero security researcher, and one of the most prolific iOS bug hunters. Wednesday, he told his followers to keep their “research-only” devices on iOS 11.1.2 because he was about to release “tfp0” soon. (tfp0 stands for “task for pid 0,” or the kernel task port, which gives you control of the core of the operating system.) He also hinted that this is just the first part of more releases to come. iOS 11.1.2 was just patched and updated last week by Apple; it is extremely rare for exploits for recent versions of iOS to be made public.

Another surprise in the offing for the holiday season! See Franceschi-Bicchierai’s post for much speculation and possibilities.

Benefits from a current iPhone Exploit

  • Security researchers obtain better access to research iPhone security issues
  • FBI told by courts to hire local hackers instead of badgering Apple
  • Who carries iPhones? (security clueless public officials)

From improving the lot of security researchers, local employment for hackers and greater exposure of public officials, what’s there to not like?

Looking forward to the drop and security researchers jumping on it like a terrier pack on a rat.

Shaming Hackers – New (Failing) FBI Strategy

Sunday, October 8th, 2017

There are times, not often, when government agencies are so clueless that I feel pity for them.

Case in point, the FBI strategy reported in FBI’s Cyber Strategy: Shame the Hackers.

From the post:

The Federal Bureau of Investigation wants to publicly shame cyber criminals after they’ve been caught as part of an effort to make sure malicious actors don’t count on anonymity.

“You will be identified pursued, and held to account no matter where you are in the world,” Paul Abbate, the FBI’s executive assistant director of the Criminal, Cyber, Response and Services Branch, said at a U.S. Chamber of Commerce event in Washington Wednesday.

The FBI’s cyber response team is focused on tracking down “high-level network and computer intrusion,” carried out by “state-sponsored hackers and global organized criminal syndicates,” Abbate said. Often, these malicious actors are operating from overseas, using “foreign technical infrastructure” that makes the threats especially difficult to detect.

Once those actors are identified, the FBI tries to “impose costs on them,” which might include ”economic sanctions, prison terms, or battlefield death.” It also aims to “publicly name them, shame them, and let everyone know who they are…[so they] don’t feel immune or anonymous.”

Hmmmm, but if being anonymous is the goal of hackers, why do so many claim credit for hacks?

A smallish sampling of such claims: “Anonymous” claims credit for hacking into Federal Reserve (“Anonymous”), Guccifer 2.0 takes credit for hacking another Democratic committee (Guccifer 2.0), Hacker claims credit for WikiLeaks takedown (Jester), Hacker Group Claims Credit For Taking Xbox Live Offline (Lizard Squad), Hacking Group From Russia, China Claims Credit For Massive Cyberattack (New World Hackers), OurMine claims credit for attack on Pokemon Go servers (OurMine), Grandpa, patriot who goes by ‘The Raptor,’ claims credit for taking down Al Qaeda websites (The Raptor), Iranian Group Claims Credit for Hack Attack on New York Dam (SOBH Cyber Jihad), etc., etc.

Oh, the FBI equates being “anonymous” with:

You didn’t use your home/work email address, leaving your home/work phone numbers and addresses on an “I hacked your computer” note on the victim’s computer.

Hackers avoid leaving their true identity information just like skilled bank robbers don’t write robbery notes on their own deposit slips, it’s a way of avoiding interaction with the police. That’s not shame, that’s just good sense.

As far as “shaming” hackers, the FBI learned nothing from the case of Aaron Swartz, Aaron Swartz stood up for freedom and fairness – and was hounded to his death. Swartz was known among geeks but no where nearly as widely known until prosecutors hounded him to death. How’d shaming work for the FBI in that case?

Public “shaming” of hackers, most of who attack the least sympathetic targets in society, is going to build the public (as opposed to hacker) reputations of “shamed” hackers.

Go ahead FBI, grant hackers the benefit of your PR machinery. “Shame” away.

Defeat FBI Video Booby-Trap

Wednesday, August 9th, 2017

Joseph Cox details “…deanonymizing people in a targeted way using novel or unorthodox law enforcement techniques…” in The FBI Booby-Trapped a Video to Catch a Suspected Tor Sextortionist.

Not an attack on Tor per se but defeated the use of Tor none the less.

Can you spot the suspect’s error?

From the complaint:

F. Law Enforcement Identifies “Brian Kil’s” True IP Address

51. On June 9, 2017, the Honorable Debra McVicker Lynch authorized the execution of a Network Investigative Technique “NIT” (defined in Clause No. 1:17-mj-437) in order to ascertain the IP address associated with Brian Kil and Victim 2.

52. As set forth in the search warrant application presented to Judge Lynch, the FBI was authorized by the Court to add a small piece of code (NIT) to a normal video file produced by Victim 2, which did not contain any visual depictions of any minor engaged in sexually explicit activity. As authorized, the FBI then uploaded the video file containing the NIT to the account known only to Kil and Victim 2. When Kil viewed the video containing the NIT on a computer, the NIT would disclose the true IP address associated with the computer used by Kil.

57. When Kil viewed the video containing the NIT on a computer the NIT disclosed the true IP address associated with the computer used by Kil.

Where did “Kil’s” opsec fail?

“Kil” viewed content of unknown origin on a networked computer.

“Kil” thought the content originated with Victim 2, but all remote content on the Internet should be treated as being of unknown origin.

No one knows if you are a dog on the Internet just as you don’t know if the FBI sent the video you are playing.

Content of unknown origin is examined and stays on non-networked computers. Copy text only to networked systems. If you need the original content, well, you have been warned.

You can see the full complaint at:

Best practice: Remote content, even if from known source, is of unknown origin. (A comrade may have made the document, video, image, but government agents intercepted and infected it.)

PS: I’m no fan of sextortionists but I am concerned about the use of “booby-trapped” videos against political activists. (Makes you wonder about “jihadist” videos on YouTube doesn’t it?)

Raw FBI Uniform Crime Report (UCR) Files for 2015 (NICAR Database Library)

Friday, June 9th, 2017

IRE & NICAR to freely publish unprocessed data by Charles Minshew.

From the post:

Inspired by our members, IRE is pleased to announce the first release of raw, unprocessed data from the NICAR Database Library.

The contents of the FBI’s Uniform Crime Report (UCR) master file for 2015 are now available for free download on our website. The package contains the original fixed-width files, data dictionaries for the tables as well as the FBI’s UCR user guide. We are planning subsequent releases of other raw data that is not readily available online.

The yearly data from the FBI details arrest and offense numbers for police agencies across the United States. If you download this unprocessed data, expect to do some work to get it in a useable format. The data is fixed-width, across multiple tables, contains many records on a single row that need to be unpacked and in some cases decoded, before being cleaned and imported for use in programs like Excel or your favorite database manager. Not up to the task? We do all of this work in the version of the data that we will soon have for sale in the Database Library.

I have peeked at the data and documentation files and “raw” is the correct term.

Think of it as great exercise for when an already cleaned and formatted data set isn’t available.

More to follow on processing this data set.

How To Avoid Lying to Government Agents (Memorize)

Wednesday, April 26th, 2017

How to Avoid Going to Jail under 18 U.S.C. Section 1001 for Lying to Government Agents by Solomon L. Wisenberg.

Great post but Wisenberg buries his best advice twelve paragraphs into the story. (Starts with: “Is there an intelligent alternative to lying….”)

Memorize this sentence:

I will not answer any questions without first consulting an attorney.

That’s it. Short, sweet and to the point. Make no statements at all other than that one. No “I have nothing to hide,” etc.

It’s like name, rank, serial number you see in the old war movies. Don’t say anything other than that sentence.

For every statement a government agent makes, simply repeat that sentence. Remember, you can’t lie if you don’t say anything other than that sentence.

See Wisenberg’s post for the details but the highlighted sentence is the only one you need.

Spies in the Skies [Fostered by Obama, Inherited by Trump]

Tuesday, November 29th, 2016

Spies in the Skies by Peter Aldhous and Charles Seife.

Post in April of 2016, it reads in part:

Each weekday, dozens of U.S. government aircraft take to the skies and slowly circle over American cities. Piloted by agents of the FBI and the Department of Homeland Security (DHS), the planes are fitted with high-resolution video cameras, often working with “augmented reality” software that can superimpose onto the video images everything from street and business names to the owners of individual homes. At least a few planes have carried devices that can track the cell phones of people below. Most of the aircraft are small, flying a mile or so above ground, and many use exhaust mufflers to mute their engines — making them hard to detect by the people they’re spying on.

The government’s airborne surveillance has received little public scrutiny — until now. BuzzFeed News has assembled an unprecedented picture of the operation’s scale and sweep by analyzing aircraft location data collected by the flight-tracking website Flightradar24 from mid-August to the end of December last year, identifying about 200 federal aircraft. Day after day, dozens of these planes circled above cities across the nation.

The FBI and the DHS would not discuss the reasons for individual flights but told BuzzFeed News that their planes are not conducting mass surveillance.

The DHS said that its aircraft were involved with securing the nation’s borders, as well as targeting drug smuggling and human trafficking, and may also be used to support investigations by the FBI and other law enforcement agencies. The FBI said that its planes are only used to target suspects in specific investigations of serious crimes, pointing to a statement issued in June 2015, after reporters and lawmakers started asking questions about FBI surveillance flights.

“It should come as no surprise that the FBI uses planes to follow terrorists, spies, and serious criminals,” said FBI Deputy Director Mark Giuliano, in that statement. “We have an obligation to follow those people who want to hurt our country and its citizens, and we will continue to do so.”

I’m not surprised the FBI follows terrorists, spies, and serious criminals.

What’s problematic is that the FBI follows all of us and then, after the fact, picks out alleged terrorists, spies and serious criminals.

The FBI could just as easily select people on their way to a tryst with a government official’s wife, or to attend an AA meeting, or to attend an unpopular church.

Once collected, the resulting information is subject to any number of uses and abuses.

Aldhous and Seife report the flights drop 70% on the weekend so if you are up to mischief, plan around your weekends.

When writing about the inevitable surveillance excesses under President Trump, give credit to President Obama and his supporters, who built the surveillance state Trump inherited.

How To DeDupe Clinton/Weiner/Abedin Emails….By Tomorrow

Tuesday, November 1st, 2016

The report by Haliman Abdullah, FBI Working to Winnow Through Emails From Anthony Weiner’s Laptop, casts serious doubt on the technical prowess of the FBI when it says:

Officials have been combing through the emails since Sunday night — using a program designed to find only the emails to and from Abedin within the time when Clinton was secretary of state. Agents will compare the latest batch of messages with those that have already been investigated to determine whether any classified information was sent from Clinton’s server.

This process will take some time, but officials tell NBC News that they hope that they will wrap up the winnowing process this week.

Since Sunday night?

Here’s how the FBI, using standard Unix tools, could have finished the “winnowing” in time for the Monday evening news cycle:

  1. Transform (if not already) all the emails into .eml format (to give you separate files for each email).
  2. Grep the resulting file set for emails that contain the Clinton email server by name or addess.
  3. Save the result of #2 to a file and copy all those messages to a separate directory.
  4. Extract the digital signature from each of the copied messages (see below), save to the Abedin file digital signature + file name where found.
  5. Extract the digital signatures from previously reviewed Clinton email server emails, save digital signatures only to the prior-Clinton-review file.
  6. Search for each digital signature in the Abedin file in the prior-Clinton-review file. If found, reviewed. If not found, new email.

The digital signatures are unique to each email and can therefore be used to dedupe or in this case, identify previously reviewed emails.

Here’s a DKIM example signature:

How can I read the DKIM header?

Here is an example DKIM signature (recorded as an RFC2822 header field) for the signed message:

DKIM-Signature a=rsa-sha1; q=dns;;;
s=jun2005.eng; c=relaxed/simple;
t=1117574938; x=1118006938;

Let’s take this piece by piece to see what it means. Each “tag” is associated with a value.

  • b = the actual digital signature of the contents (headers and body) of the mail message
  • bh = the body hash
  • d = the signing domain
  • s = the selector
  • v = the version
  • a = the signing algorithm
  • c = the canonicalization algorithm(s) for header and body
  • q = the default query method
  • l = the length of the canonicalized part of the body that has been signed
  • t = the signature timestamp
  • x = the expire time
  • h = the list of signed header fields, repeated for fields that occur multiple times

We can see from this email that:

  • The digital signature is dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSb
    This signature is matched with the one stored at the sender’s domain.
  • The body hash is not listed.
  • The signing domain is
    This is the domain that sent (and signed) the message.
  • The selector is jun2005.eng.
  • The version is not listed.
  • The signing algorithm is rsa-sha1.
    This is the algorith used to generate the signature.
  • The canonicalization algorithm(s) for header and body are relaxed/simple.
  • The default query method is DNS.
    This is the method used to look up the key on the signing domain.
  • The length of the canonicalized part of the body that has been signed is not listed.
    The signing domain can generate a key based on the entire body or only some portion of it. That portion would be listed here.
  • The signature timestamp is 1117574938.
    This is when it was signed.
  • The expire time is 1118006938.
    Because an already signed email can be reused to “fake” the signature, signatures are set to expire.
  • The list of signed header fields includes from:to:subject:date.
    This is the list of fields that have been “signed” to verify that they have not been modified.

From: What is DKIM? Everything You Need to Know About Digital Signatures by Geoff Phillips.

Altogether now, to eliminate previously reviewed emails we need only compare:

dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSbav+yuU4zGeeruD00lszZVoG4ZHRNiYzR (example, use digital signatures from Abedin file)

to the digital signatures in the prior-Clinton-review file.

Those that don’t match, are new files to review.

Why the news media hasn’t pressed the FBI on its extremely poor data processing performance is a mystery to me.


PS: FBI field agents with data mining questions, I do off-your-books freelance consulting. Apologies but on-my-books for the tax man. If they don’t tell, neither will I.

How-To Spot An Armchair Jihadist

Wednesday, October 12th, 2016

To efficiently use law enforcement resources against threats to civil order, the police must recognize the difference between an actual jihadist and an armchair jihadist.

An armchair jihadist is one that talks a good game, dreams of raining fire and death on infidels, etc., but in truth, is the Walter Mitty of terrorism.

Unfortunately, law enforcement disproportionately captures armchair jihadists, for example, the arrest of Samata Ullah, who was charged in part with possession of:

…a book about guided missiles and a PDF version of a book about advanced missile guidance and control for a purpose connected with the commission, preparation or instigation of terrorism”

Admitting the romanticism of building one’s own arsenal, how successful do you think an individual or even a large group of individuals would be at building and testing a guided missile?

Here’s a broad outline of the major steps to building a laser guided missile:

The Manufacturing Process

Constructing the body and attaching the fins

1 The steel or aluminum body is die cast in halves. Die casting involves pouring molten metal into a steel die of the desired shape and letting the metal harden. As it cools, the metal assumes the same shape as the die. At this time, an optional chromium coating can be applied to the interior surfaces of the halves that correspond to a completed missile’s cavity. The halves are then welded together, and nozzles are added at the tail end of the body after it has been welded.

2 Moveable fins are now added at predetermined points along the missile body. The fins can be attached to mechanical joints that are then welded to the outside of the body, or they can be inserted into recesses purposely milled into the body.

Casting the propellant

3 The propellant must be carefully applied to the missile cavity in order to ensure a uniform coating, as any irregularities will result in an unreliable burning rate, which in turn detracts from the performance of the missile. The best means of achieving a uniform coating is to apply the propellant by using centrifugal force. This application, called casting, is done in an industrial centrifuge that is well-shielded and situated in an isolated location as a precaution against fire or explosion.

Assembling the guidance system

4 The principal laser components—the photo detecting sensor and optical filters—are assembled in a series of operations that are separate from the rest of the missile’s construction. Circuits that support the laser system are then soldered onto pre-printed boards; extra attention is given to optical materials at this time to protect them from excessive heat, as this can alter the wavelength of light that the missile will be able to detect. The assembled laser subsystem is now set aside pending final assembly. The circuit boards for the electronics suite are also assembled independently from the rest of the missile. If called for by the design, microchips are added to the boards at this time.

5 The guidance system (laser components plus the electronics suite) can now be integrated by linking the requisite circuit boards and inserting the entire assembly into the missile body through an access panel. The missile’s control surfaces are then linked with the guidance system by a series of relay wires, also entered into the missile body via access panels. The photo detecting sensor and its housing, however, are added at this point only for beam riding missiles, in which case the housing is carefully bolted to the exterior diameter of the missile near its rear, facing backward to interpret the laser signals from the parent aircraft.

Final assembly

6 Insertion of the warhead constitutes the final assembly phase of guided missile construction. Great care must be exercised during this process, as mistakes can lead to catastrophic accidents. Simple fastening techniques such as bolting or riveting serve to attach the warhead without risking safety hazards. For guidance systems that home-in on reflected laser light, the photo detecting sensor (in its housing) is bolted into place at the tip of the warhead. On completion of this final phase of assembly, the manufacturer has successfully constructed on of the most complicated, sophisticated, and potentially dangerous pieces of hardware in use today.

Quality Control

Each important component is subjected to rigorous quality control tests prior to assembly. First, the propellant must pass a test in which examiners ignite a sample of the propellant under conditions simulating the flight of a missile. The next test is a wind tunnel exercise involving a model of the missile body. This test evaluates the air flow around the missile during its flight. Additionally, a few missiles set aside for test purposes are fired to test flight characteristics. Further work involves putting the electronics suite through a series of tests to determine the speed and accuracy with which commands get passed along to the missile’s control surfaces. Then the laser components are tested for reliability, and a test beam is fired to allow examiners to record the photo detecting sensor’s ability to “read” the proper wavelength. Finally, a set number of completed guided missiles are test fired from aircraft or helicopters on ranges studded with practice targets.

Did Samata Ullah have the expertise and/or access to the expertise or manufacturing capability for any of those steps?

Moreover, could Samata Ullah have tested and developed a guided missile without someone noticing?

Possession of first principle reading materials, such as chemistry, rocket, missile, etc., manuals or guides is a clear sign an alleged jihadist is an armchair jihadist.

Another sign of an armchair jihadist, along with the possession of such reading materials, is their failure to obtain explosives, weapons, etc., in an effective way.

The United States, via the CIA and the US military, routinely distributes explosives and weapons around the world to various factions.

A serious jihadist need only travel to well known locations and get in line for explosives, RPGs (rocket-propelled grenades), mortars, etc.

Does the weapon in this photo look homemade?


Of course not! Anyone with a passport and a little imagination can possess a wide variety of harmful devices.

But then, they are not an armchair jihadist.

DIY missile/explosive reading clubs of jihadists are not threats to the public. Manufacturing of explosives and missiles are difficult and dangerous, tasks best left to professionals. They are more dangerous to each other than the general public.

When allocating law enforcement resources, remember that the only thing easier to acquire than weapons is possibly marijuana. Anyone planning on building weapons can be ignored as an armchair jihadist.

In the United States and the United Kingdom, law enforcement resources would be better spent in the pursuit of wealthy and governmental pedophiles.

PS: I started to edit the steps for building a guided missile for length but the description highlights the absurdity of the charges in question. Melting steel or aluminum and pouring it into a metal die? Please, that’s not a backyard activity. Neither is pouring molten rocket fuel using a centrifuge.

Avoid FBI Demands – Make Your Product Easily Crackable

Friday, September 23rd, 2016

Joshua Kopstein reports that Apple has discovered a way to dodge future requests for assistance from the FBI.

Make backups of the iOS 10 easily crackable.

From iOS 10 Has a ‘Severe’ Security Flaw, Says iPhone-Cracking Company:

Apple has introduced a “severe” flaw in its newly-released iOS 10 operating system that leaves backup data vulnerable to password-cracking tools, according to researchers at a smartphone forensics company that specializes in unlocking iPhones.

In a blog post published Friday by Elcomsoft, a Russian company that makes software to help law enforcement agencies access data from mobile devices, researcher Oleg Afonin showed that changes in the way local backup files are protected in iOS 10 has left backups dramatically more susceptible to password-cracking attempts than those produced by previous versions of Apple’s operating system.

Specifically, the company found that iOS 10 backups saved locally to a computer via iTunes allow password-cracking tools to try different password combinations at a rate of 6,000,000 attempts per second, more than 40 times faster than with backups created by iOS 9. Elcomsoft says this is due to Apple implementing a weaker password verification method than the one protecting backup data in previous versions. That means that cops and tech-savvy criminals could much more quickly and easily gain access to data from locally-stored iOS 10 backups than those produced by older versions.

After the NSA sat on a Cisco vulnerability for a decade or so, you have to wonder about the motives of Elcomsoft for quick disclosure.

Perhaps they wanted to take away an easy win from their potential competitors?

In any event, be aware that your iOS 10 has a vulnerability the size of a Mack truck.

Got any Russian readers, that’s roughly the equivalent to:


While looking for this image, I saw a number of impressive Russian trucks!

Flash Alert for SQLi?

Tuesday, August 30th, 2016

Never missing a chance to stir the pot of public panic, the FBI issued a “Flash Alert” on an SQLi hack of a state voter database.

If you are missing tools, cheatsheets for SQLi attacks, see my post: Developer Liability For Egregiously Poor Software. I list five cheatsheets along with an SQL scanner list.

SQLi is the top hack, every year since they started keeping such statistics and is now 18 years old.

A Flash Alert for an SQLi attack may as well be:

Flash Alert: Sexual intercourse between humans may lead to pregnancy and venereal disease.

You have been warned! 😉

PS: Consider yourself as having a “DIRECT NEED TO KNOW” before viewing the Flash Alert

FBI, Malware, Carte Blanche and Cardinal Richelieu

Friday, July 15th, 2016

Graham Cluley has an amusing take on the FBI’s reaction to its Playpen NIT being characterized as “malware” in When is malware not malware? When the FBI says so, of course.

As Graham points out, the FBI has been denied the fruits of its operation of a child porn site (alleged identities of consumers of child porn), but there is a deeper issue here beyond than defining malware.

The deeper issue lies in a portion of the FBI brief that Graham quotes in part:

“Malicious” in criminal proceedings and in the legal world has very direct implications, and a reasonable person or society would not interpret the actions taken by a law enforcement officer pursuant to a court order to be malicious.

The FBI brief echoes Cardinal Richelieu in The Three Musketeers:

CARDINAL RICHELIEU. … Document three, the most important of all: A pardon — in case you get caught. It’s call a Carte Blanche. It has the force of law and is unbreakable, even by Royal fiat.

MILADY. (Reading it.) “It is by my order and for the benefit of the State that the bearer of this note has one what he has done.”

The FBI contends a court order, assuming it bothers to obtain one, operates as Carte Blanche and imposes no limits on FBI conduct.

Moreover, once a court order is obtained, reports by the FBI of guilt are sufficient for conviction. How the FBI obtained alleged evidence isn’t open to inspection.

Judges should disabuse the FBI of its delusions concerning the nature of court orders and remind it of its proper role in the criminal justice system. The courts, so far as I am aware, remain the arbiters of guilt and innocence, not the FBI.

National Security Letter (NSL) Resources

Friday, July 1st, 2016

After posting about the use of National Security Letters (NSLs) to abuse the press yesterday, I discovered a very useful paper on NSLs by Charles Doyle. The first one is an abridged version of the second.

National Security Letters in Foreign Intelligence Investigations: A Glimpse at the Legal Background (abridged version of: National Security Letters in Foreign Intelligence Investigations: Legal Background.)

National Security Letters in Foreign Intelligence Investigations: Legal Background

(NOT legal advice)

Doyle identifies two perils posed by National Security Letters:

Contempt of Court

If an NSL contains a nondisclosure notice, it must advice the recipient of its right to seek, or to have the agency seek, judicial review. At the recipient’s request, the issuing agency must petition the court for review, stating the specific facts that support its belief that disclosure might result in one or more of the statutorily identified adverse consequences. 140 If the court agrees that such a risk may exist, it must issue a nondisclosure order. 141 (page 21) Failure to honor a nondisclosure order is punishable as contempt of court, 142…

Contempt of court sanctions come into play if, and only if, the recipient has sought judicial review and becomes subject to a court order.

Non-Court Order Penalties

…and if committed knowingly and with the intent to obstruct an investigation or related judicial proceedings is punishable by imprisonment for not more than five years and/or a fine of not more than $250,000 (not more than $500,000 for an organization). 143

Unpacking the first reference in footnote 143, “18 U.S.C. 1510(e),”

(e) Whoever, having been notified of the applicable disclosure prohibitions or confidentiality requirements of section 2709(c)(1) of this title, section 626(d)(1) or 627(c)(1) of the Fair Credit Reporting Act (15 U.S.C. 1681u(d)(1) or 1681v(c)(1)), section 1114(a)(3)(A) or 1114(a)(5)(D)(i) of the Right to Financial Privacy Act [1] (12 U.S.C. 3414(a)(3)(A) or 3414(a)(5)(D)(i)), or section 802(b)(1) of the National Security Act of 1947 (50 U.S.C. 436(b)(1)),[2] knowingly and with the intent to obstruct an investigation or judicial proceeding violates such prohibitions or requirements applicable by law to such person shall be imprisoned for not more than five years, fined under this title, or both.

As I read 18 U.S.C. 1510(e), it requires:

  1. Notice of the applicable disclosure prohibitions or confidentiality requirements
  2. Disclosure
    1. knowingly (excludes accidental disclosure ?)
    2. with the intent to obstruct an investigation or judicial proceeding

The first step in any government prosecution for leaking an NSL requires proof of the applicable disclosure prohibitions, in other words, that some identified individual was notified of the applicable disclosure prohibitions.

The list of people who could have leaked an NSL of necessity includes all the people in the government with knowledge of the NSL, which I suspect won’t be disclosed to the trier of fact, plus the recipient and their counsel, etc.

Government documents, even FBI documents get leaked on a regular basis.

The lack of NSL leaks appears to be more a matter of timidity than serious jeopardy. The very worse response to terrorist-fiction-driven legislation is to take it seriously.

The more NSAs are treated as anything other than Col. “Bat” Guano responses to a world only he can see, the deeper we become mired in unconstitutional habits and practices.

Secret FBI National Security Letter (NSL) Attacks on Reporters – Safe Leaking?

Thursday, June 30th, 2016

Secret Rules Make It Pretty Easy For The FBI To Spy On Journalists by Cora Currier.

For those of us who suffer from reflexive American exceptionalism, that press censorship happens “over there,” Cora’s story is a sobering read.

From the post:

Secret FBI rules allow agents to obtain journalists’ phone records with approval from two internal officials — far less oversight than under normal judicial procedures.

The classified rules, obtained by The Intercept and dating from 2013, govern the FBI’s use of National Security Letters, which allow the bureau to obtain information about journalists’ calls without going to a judge or informing the news organization being targeted. They have previously been released only in heavily redacted form.

Media advocates said the documents show that the FBI imposes few constraints on itself when it bypasses the requirement to go to court and obtain subpoenas or search warrants before accessing journalists’ information.

Cora goes on to point out that the FBI issued nearly 13,000 NSLs in 2015.

After great coverage on the FBI and its use of NSLs, Cora concludes:

For Brown, of the Reporters Committee, the disclosure of the rules “only confirms that we need information about the actual frequency and context of NSL practice relating to newsgathering and journalists’ records to assess the effectiveness of the new guidelines.”

That’s the root of the problem isn’t it?

Lack of information on how NSLs are being used against journalists in fact.

Care to comment on the odds of getting an accurate accounting of the FBI’s war on journalists from the FBI?

No? I thought not.

So how can that data be gathered?

Question for discussion (NOT legal advice)

In 2005, the non-disclosure requirements for NSLs were modified to read:

18 U.S. Code § 2709 – Counterintelligence access to telephone toll and transactional records

(2) Exception.—

(A)In general.—A wire or electronic communication service provider that receives a request under subsection (b), or officer, employee, or agent thereof, may disclose information otherwise subject to any applicable nondisclosure requirement to—

(i) those persons to whom disclosure is necessary in order to comply with the request;

(ii) an attorney in order to obtain legal advice or assistance regarding the request; or

(iii) other persons as permitted by the Director of the Federal Bureau of Investigation or the designee of the Director.

Each person in the chain of disclosure has to be advised of the requirement to keep the NSL secret.

Unless the law has changed more radically than I imagine, the burden of proving a criminal offense still rests with the government.

If I am served with an NSL and I employ one or more attorneys, who have assistants working on my case, and the NSL is leaked to a public site, it remains the government’s burden to prove who leaked the NSL.

The government cannot force the innocent in the chain of disclosure to exculpate themselves and leave only the guilty party to face justice. The innocence can remain mute, as is the privilege of every criminal defendant.

Is that a fair statement?

If so, how many brave defendants are necessary in the chain of disclosure per NSL?

As Jan says in Twitter and the Monkey Man:

“It was you to me who taught
In Jersey anything’s legal, as long as you don’t get caught”

If that sounds anarchistic, remember the government chose to abandon the Constitution, first. If it wants respect for law, it should respect the Constitution.

How To Get On The FBI Terrorist Watch List

Tuesday, June 28th, 2016

Thomas Neuberger published a list of activities that culmulatively, may get you on the FBI terrorist watch list: We Are All Terror Suspects Under the FBI’s Communities Against Terrorism Program.

Unfortunately, given the secrecy surrounding the FBI terrorist watch list, it isn’t possible to know which activities or to what degree are necessary to ensure your inclusion on the list.

The same is true for the no fly list, except there you will be prevented from flying, which is a definite “tell” that you are on the no fly list.

Thomas outlines the dangers of the FBI terrorist watch list, but not how we can go about defeating those dangers.

One obvious solution is to get everyone on the FBI terrorist watch list. If we are all equally suspects, the FBI will spend all its time trying to separate merely “suspects,” from “really suspects,” from “really terrorist suspects.”

To that end, think about the following:

  • Report sightings of FBI agents with unknown persons.
  • Report sightings of FBI agents with known persons.
  • Report people entering federal buildings.
  • Report people exiting federal buildings.
  • Report people entering/exiting state/local government offices.
  • Report movements of gasoline, butane, etc., trucks.
  • Report people entering/exiting airports.
  • Report people entering/leaving bars.
  • Report people buying gasoline or butane.
  • Report people buying toys.
  • Report people entering/exiting gun shops/shows.
  • etc.

The FBI increases its ignorance every day by collecting more data than it can usefully process.

Help yourself and your fellow citizens to hide in a sea of data and ignorance.

Reports your sightings to the FBI today!

PS: If that sound ineffectual, remember that the FBI was warned about Omar Mateen, twice. When, not if, a future terrorist attack happens and your accidental report of the terrorist surfaces, how will that make the FBI look?

The FBI has created a data collection madhouse for itself. Help them enjoy it.

I’ll See You The FBI’s 411.9 million images and raise 300 million more, per day

Wednesday, June 15th, 2016

FBI Can Access Hundreds of Millions of Face Recognition Photos by Jennifer Lynch.

From the post:

Today the federal Government Accountability Office (GAO) finally published its exhaustive report on the FBI’s face recognition capabilities. The takeaway: FBI has access to hundreds of millions more photos than we ever thought. And the Bureau has been hiding this fact from the public—in flagrant violation of federal law and agency policy—for years.

According to the GAO Report, FBI’s Facial Analysis, Comparison, and Evaluation (FACE) Services unit not only has access to FBI’s Next Generation Identification (NGI) face recognition database of nearly 30 million civil and criminal mug shot photos, it also has access to the State Department’s Visa and Passport databases, the Defense Department’s biometric database, and the drivers license databases of at least 16 states. Totaling 411.9 million images, this is an unprecedented number of photographs, most of which are of Americans and foreigners who have committed no crimes.

I understand and share the concern over the FBI’s database of 411.9 million images from identification sources, but let’s be realistic about the FBI’s share of all the image data.

Not an exhaustive list but:

Facebook alone is equaling the FBI photo count every 1.3 days. Moreover, Facebook data is tied to both Facebook and very likely, other social media data, unlike my driver’s license.

Instagram takes a little over 5 days to exceed the FBI image count. but like the little engine that could, it keeps trying.

I’m not sure how to count YouTube’s 300 hours of video every minute.

No reliable counts are available for porn images, which streamed from Pornhub in 2015, accounted for 1,892 petabytes of data.

The Pornhub data stream includes a lot of duplication but finding non-religious and reliable stats on porn is difficult. Try searching for statistics on porn images. Speculation, guesses, etc.

Based on those figures, it’s fair to say the number of images available to the FBI is somewhere North of 100 billion and growing.

Oh, you think non-public photos off-limits to the FBI?

Hmmm, so is lying to federal judges, or so they say.

The FBI may say they are following safeguards, etc., but once a agency develops a culture of lying “in the public’s interest,” why would you ever believe them?

If you believe the FBI now, shouldn’t you say: Shame on me?

Playpen (porn) and Tamper-Proof NITs (Chain of Custody)

Sunday, June 12th, 2016

Dr. Christopher Soghoian’s affidavit in UNITED STATES OF AMERICA v. EDWARD JOSEPH MATISH, III, Criminal No. 4:16cr16, Document 83-1, is a highly readable account of why the lack of encryption for the Playpen Network Investigative Technique (NIT) is fatal to the FBI’s case.

In a nutshell, the lack of encryption means that the FBI cannot prove that data from a point of origin was not changed before it reached the FBI’s computer. Anywhere along the network transmission, some third party could have changed or even inserted new content.

In legal speak, it’s call “…the chain of custody.”

Say for example a defendant is charged with illegal possession of a firearm. At trial, the state must product the firearm alleged to be in his possession at the time of his arrest. Moreover, as part of that proof, the state must prove “custody” of that gun at every step of the way.

The arresting officer testifies to the arrest and identifies the gun retrieved from the defendant. They then testify they put that gun into a bag with a label, noting the serial number and then signing the bag after sealing it. Next a crime room technician will testify they received bag # with the officer’s signature and logged it into their evidence log. And so on, up until the officer opens the bag in court and says: “This is the gun I took off of the defendant.”

Break that chain of custody and the evidence isn’t admissible.

The chain of custody doesn’t exist in the Playpen cases because the lack of encryption means the data in question could have been changed at any number of points along the way and the FBI cannot prove otherwise.

Think of it as an affirmative burden of proof. No proof of chain of custody and the evidence is not admissible.

Even a first year FBI trainee should know that rule.

Which makes the FBI’s desire to get D- quality work approved all the more puzzling.

Why not follow the rules and do good work? What so daunting about that?


PS: Should the FBI need advice on following the rules on cyber-evidence matters, don’t contact the Justice Department. They have an unsavory reputation for lying to judges and just as likely would lie to the FBI. Check around for ex-U.S. attorneys with cyberlaw experience.

Intelligence Suicide By Data

Wednesday, June 8th, 2016

Facing Data Deluge, Secret U.K. Spying Report Warned of Intelligence Failure by Ryan Gallagher.

From the post:

The amount of data being collected, however, proved difficult for MI5 to handle. In March 2010, in another secret report, concerns were reiterated about the agency’s difficulties processing the material it was harvesting. “There is an imbalance between collection and exploitation capabilities, resulting in a failure to make effective use of some of the intelligence collected today,” the report noted. “With the exception of the highest priority investigations, a lack of staff and tools means that investigators are presented with raw and unfiltered DIGINT data. Frequently, this material is not fully assessed because of the significant time required to review it.”

Ironic this story appears less than two (2) weeks after reports of the FBI seeking NSL (national security letter) authority to obtain email records and browsing histories.


I should not complain about the FBI, NSA and other government agencies committing intelligence suicide by data.

Their rapidly growing ineffectiveness shields innocents from their paranoid fantasies.

At the same time, that ineffectiveness inhibits the performance of legitimate purposes. (The FBI, once upon a time, had a legitimate purpose, some of the others, well, that’s an issue for debate.)

So we are clear, I don’t consider contracts for “butts in seats” for either contractors or agencies to be for “legitimate purposes.” I reserve the phrase “legitimate purposes” for activities that further the stated goals of the agency, not padding staffing rolls, not occupying as much office space as possible, not having the most forms or whatever other criteria functions as the measure of success in a particular agency.

Hints for federal agencies already committing intelligence suicide by data or approaching that point:

  1. What data sources have proven valuable in the past? (Reminder: Phone metadata records have not. Not ever.)
  2. What data sources, in order of historical importance, are available in case X?
  3. Assemble the data from the top performing resources

For example, if an informant has direct contact with an alleged Islamic State supporter, isn’t that the best source of evidence for their plans and thinking? Do you really need their websearch history from an internet services provider? Considering that you will ask for everyone’s web search history to avoid disclosing the particular web history you are seeking.

To be sure, vendors will sell you as much data processing and storage capacity as you care to purchase, but you won’t be any closer to stopping terrorism. Just closer to the end of your budget for the current fiscal year.

Is intelligence suicide by data a goal of your agency?

Avoiding Imperial (Computer Fraud and Abuse Act (CFAA)) Entanglement – Identification

Monday, May 30th, 2016

FBI raids dental software researcher who discovered private patient data on public server by Dissent Doe.

Dissent Doe summarizes the facts of this case saying:

…Shafer reported that Patterson Dental had left patient data on an unsecured FTP server, and then he called attention to another vulnerability in one post in February, and then again in a second post in March. And now, according to an FBI agent, Patterson Dental was allegedly claiming that in accessing their unsecured anonymous FTP server, Shafer had accessed it “without authorization” and should be charged criminally under CFAA.

Take these recent events with Shafer as an incentive to read up on the Andrew “weev” Auernheimer proceedings (reversed on venue grounds on appeal).

Non-lawyers may enjoy United States v. Auernheimer, and Why I Am Representing Auernheimer Pro Bono on Appeal Before the Third Circuit by Orin Kerr more than the legal briefs.

The legal briefs in Auernheimer are linked at the bottom of this post.

The briefs run five hundred and thirty-nine (539) pages.

That’s five hundred and thirty-nine (539) pages researched, written, edited and polished, all while Auernheimer was in jail.

While reading Orin’s much shorter account and/or the briefs, keep this question in mind:

What pre-condition must exists for the Auernheimer case?

There is one and while obvious, it is often assumed.

I like reading briefs, chasing down references, etc., but unlike Auernheimer was, I’m not sitting in jail, hoping that the appeals court will rule in my favor.

That’s a big difference to keep in mind when debating “great issues.” Some in the debate have more “skin in the game” than others.

I fully agree the poorly written and even more poorly applied Computer Fraud and Abuse Act (CFAA) should be reformed. Dissent Doe mentions a number of supporters for such reform in her post.

However, lots of things that should be true:

  • Robert Mugabe should no longer hold political power anywhere. So long as we are wishing, Mugabe should live long enough to pay for his many crimes. (A very long time.)
  • War criminals named in the Iraq Inquiry report should be extradited from their home countries and face war crimes tribunals in the Hague. This report is due out 6 July 2016.
  • Military spending in every country should be reduced to equal that of Laos.

You may have a different list of “things that should be true,” but aren’t.

While the Computer Fraud and Abuse Act (CFAA) should be re-written and sanely applied, it hasn’t been.

Accepting that, the question becomes how to avoid being snared by it?

Here’s a visual analogy for Shafer and Patterson/FBI:


Can you guess which of the things depicted in this image is Shafer and which is the Patterson/FBI?

The precondition for the Auernheimer case?

A nail that can be distinguished from all the other nails.

Knowing there are lots of nails doesn’t result in any search or arrest warrants. Having a nail you can point to does.

You may feel like (as I do) that’s unfair, the law should be different (sane), etc. Cf. my list and your lists of things that should be true.

I freely admit the cause of intellectual freedom can use martyrs and if you want to be one, test the limits of Computer Fraud and Abuse Act (CFAA), etc., be my guest.

On the other hand, being free to land body blows (legal ones of course) on corrupt and inept government agencies, their agents and masters, serves the cause of intellectual freedom as well.

Dissent Doe captures where I think Shafer went wrong:

Shafer discovered the exposed patient data at the beginning of February and contacted to request help with the notification and responsible disclosure. Both and Shafer began attempting to notify Patterson and clients whose unencrypted patient information had been exposed for an unknown period of time. Over the next few days, we emailed or called Patterson; Timberlea Dental Clinic in Alberta, Canada; Dr. M Stemalschuk in Canada; Massachusetts General Hospital Dental Group; and Dr. Rob McCanon.

Only after Shafer determined that the patient data had been secured did he and disclose the incident publicly. As reported on, Shafer found that 22,000 patients had had their unencrypted sensitive health information at risk of access by others. It is not clear how long the publicly accessible FTP server was available, and Patterson Dental did not answer the questions asked of it on the matter. Shafer told the Daily Dot, however, that the FTP server had been unsecured for years. In an email statement, he wrote (typos corrected):

“Many IT guys in the dental industry know that the Patterson FTP site has been unsecured for many years. I actually remember them having a passworded FTP site back in 2006. To get the password you would call tech support at Eaglesoft\Patterson Dental and they would just give you the password to the FTP site if you wanted to download anything. It never changed. At some point they made the FTP site anonymous. I think around 2010.”

Shafer was waving a red flag to mark his location with “hit me” hand painted on the flag.

The result, so far, you know.

Even if the case goes no further, some other PR hungry Assistant United States Attorney (AUSA) could snatch someone else up for equally specious reasons.

If they wave a red flag with “hit me” hand painted on it.

The first step to avoiding entanglement in the Computer Fraud and Abuse Act (CFAA) is to not be identified with any of the acts that the EFF summarizes as:

There are seven types of criminal activity enumerated in the CFAA: obtaining national security information, compromising confidentiality, trespassing in a government computer, accessing to defraud and obtain value, damaging a computer or information, trafficking in passwords, and threatening to damage a computer. Attempts to commit these crimes are also criminally punishable.

If you are not identified with any acts arguably covered by Computer Fraud and Abuse Act (CFAA), your odds of being arrested for such acts is greatly diminished.

Take the present facts. Clearly insane to claim that access to public data is ever unauthorized.

Multiple Choice Question:

Who is in jail as a result of: an insane view of the law + complaining witness + ASUS = warrant for your arrest.

A. The ASUS?

B. The complaining witness?

C. You?

If by accessing a server (doesn’t matter whether public, private, arguable) and you discover medical records, without revealing your identity, notify plaintiff’s attorneys in the legal jurisdictions where patients live or where the potential defendants are located.

If that seems to lack the “bang” of public shaming, consider that setting plaintiffs lawyers on them makes terriers hunting rats look quite tame. (not for the faint of heart)

You accomplish your goal of darkening the day for some N number of wrong-doers, increasing (perhaps) the protection offered patients, at a greatly diminished risk. A diminished risk that enables you to continue to do good deeds.

There are no, repeat no legal systems that give a shit, if you and all of your friends on social media think it is “unfair.” I may well agree with you too but entanglement in any legal system, even if you “win,” you have lost. Time, money, stress, etc.

Non-identification, however you accomplish that, is one step towards avoiding such entanglements.

Think of non-identification as the red team side of topic maps. The blue team tries to identify subjects while the red team attempts to avoid identification. A number of practical and theoretical issues ensue.

Auernheimer Legal Briefs

Auernheimer’s (Appellant) Initial Brief

Amicus Curiae Brief of Security Researchers Supporting Appellant

Amicus Curiae Brief of Mozilla Foundation, Computer Scientists, and Privacy Experts in Support of Appellant and Reversal

Brief of Amicus Curiae Digital Media Law Project in Support of Defendant-Appellant

Amicus Curiae Brief of National Association of Criminal Defense Lawyers in Support of Appellant

Addendum of National Association of Criminal Defense Lawyers

Government’s Auernheimer Answering Brief

Auernheimer’s Reply Brief

Auernheimer’s Amended Reply Brief

Playpen Defendants 3, FBI 0

Friday, May 27th, 2016

Judge tosses evidence in FBI Tor hacking child abuse case by Bill Carmada.

From the post:

A US federal judge on Wednesday excluded all evidence in a child pornography case that was acquired by the FBI through an exploit compromising the Tor network. The federal government hasn’t announced what it’ll do next, but if it can’t prevail in an appeal, its case against Vancouver, Washington teacher Jay Michaud may well be doomed.

Defendant prevails on the grounds of the FBI refusing to disclose its exploit.

Criminal law 101. The state can’t produce “evidence,” gathered by some unknown means and use it to “prove” the guilt of a defendant.

Every defendant gets to contest the evidence produced against them. In this case, the FBI has chosen to deny a defendant that right.

There are two other Playpen decisions to be aware of:

1) Suppression of Evidence Obtained by FBI’s Use of Network Investigative Techniques (NIT) by Scott Hughes.

From the post:

Last month, a United States district court judge threw out evidence in a child abuse imagery case that the Federal Bureau of Investigation (FBI) had obtained using a hacking tool. While the court ruled to suppress the evidence, it did not prohibit the FBI from using the hacking tool—called a “network investigative technique” (NIT)—to install malware code on suspects’ computers. Rather, the court’s ruling stated that the magistrate judge wrongly granted the FBI’s NIT warrant because the case was not within her jurisdiction, thus violating Federal Rule of Evidence 41(b). Still, this ruling marks a possible stumbling block to an FBI probe and the resulting charges against approximately 137 individuals in the United States.

United States vs. Alex Levin (decision)

This result will be different if an amended Rule 41 is approved (Congress must act by 1 December 2016).

The BBC headline: US Supreme Court approves expanded hacking powers was the first one to catch my attention, although it failed to point to the Supreme Court document in question. To cure that shortfall, see this transmittal letter and amendments to the Federal Rules of Criminal Procedure.

BTW, Scott’s post is an excellent example of how to write a useful blog post on legal issues. Quoting, summarizing, characterizing is all well and good, but many of us are interested in sources and not but the sources.

2) Second Judge Recommends To Discard Evidence Obtained From FBI Mass Hack

From the post:

Paul J Cleary, a Magistrate Judge, is the second judge to suggest that evidence obtained in the FBI mass hack,using malware planted by the federal agency on the infiltrated child porn site PlayPen, be thrown out.

In the mass hack case, the FBI uploaded the malware in February 2015 as part of Operation Pacifier.

On the 25th of last month, the same judge recommended for suppression of evidence (obtainedin the FBI mass hack) in a similar case.

The case involves Scott Fredrick Arterbury.

United States vs. Scott Frederick Arterbury (decision)

Another Rule 41 based decision, which would be decided differently under proposed changes to Rule 41 rules on search warrants.


Although the Rule 41 violation is clear and clean cut, I much prefer the suppression of evidence for failure to disclose its alleged hack of the TOR network. There are many ways to gather the information the FBI claims to possess and proof of how they came to possess it, is a critical link in the chain of evidence.

I have read differing numbers on the defendants charged out of Playpen, but accepting 137 as the high, there are as many as 134 defendants remaining.

Suggestions on how to document the remaining cases? I have searched both the FBI and Justice Department for any mention of the Playpen operation. Number of “hits”: 0.

If you didn’t know better, you would say “the FBI and Justice Department are ashamed of Operation Playpen.” Do you think?

PS: If you need a general background on this story, see: The FBI’s ‘Unprecedented’ Hacking Campaign Targeted Over a Thousand Computers by Joseph Cox.

The Islamic State’s suspected inroads into America – Data Set!

Thursday, May 19th, 2016

The Islamic State’s suspected inroads into America by Adam Goldman , Jia Lynn Yang, and John Muyskens.

From the post:

Federal prosecutors have charged 84 men and women around the country in connection with the Islamic State. So far, 32 have been convicted. Men outnumber women in those cases by about 7 to 1. The average age of the individuals is 27. One is a minor. The FBI says that, in a handful of cases, it has disrupted plots targeting U.S. military or law enforcement personnel.

The post breaks down proceedings by state and lists each person separately, along with the source of the information.

If you are looking for a small but significant data set on terrorism, I think this is the place.

If you develop further information on these cases, repay the original authors by sharing your discoveries.

Mozilla/Tor Vulnerabilities – You Can Help!

Tuesday, May 17th, 2016

You have probably heard the news that the FBI doesn’t have to reveal its Tor hack. Judge Changes Mind, Says FBI Doesn’t Have to Reveal Tor Browser Hack by Joseph Cox.

Which of course means that Mozilla isn’t going to get the hack fourteen days before the defense attorneys do.

While knowing the FBI hack would help fix that particular vulnerability, it would not help fix any other Mozilla/Tor vulnerabilities.

Rather than losing any sleep or keystrokes over the FBI’s one hack, clasped in its grubby little hands, contribute to the discovery and more importantly, fixing of vulnerabilities in Mozilla and Tor.

Let the FBI have its one-trick pony. From what I understand you had to have Flash installed for it to work.

Flash? Really?

Flash users need to mirror their SSN, address, hard drives, etc., to public FTP site. At least then you will have a record of when your data is stolen, I mean downloaded.

Whether vulnerabilities persist in Mozilla/Tor isn’t up to the FBI. It’s up to you.

Your call.

Who Is Special Agent Mark W. Burnett? (FBI)

Monday, May 9th, 2016

In FBI Harassment, Tor developer isis agora lovecruft describes a tale of FBI harrassment, that begins with this business card:


The card was left while no one was at home. At best the business card is a weak indicator of a visitor’s identity. It was later confirmed Mark W. Burnett had visited, in various conversations between counsel and the FBI. See the original post for the harassment story.

What can we find out about Special Agent Mark W. Burnett? Reasoning if the FBI is watching us, we damned sure better be watching them.

The easiest thing to find is that Mark W. Burnett isn’t a “special agent in charge,” as per the FBI webpage for the Los Angeles office. A “special agent in charge” is a higher “rank” than a “special agent.”

Turning to Google, here’s a screenshot of my results:


The first two “hits” are the same Special Agent Mark W. Burnett (the second one requires a password) but the first one says in relevant part:

Special Luncheon Speaker – Mr. Mark W. Burnett, FBI Cyber Special Agent, who will discuss the Bureau’s efforts regarding cyber security measures

The event was:

3rd Annual West Coast Cyber Security Summit
Special Report on Cyber Technology and Its Impact on the Banking Community
The California Club
538 South Flower Street, Los Angeles, CA 90071
Tuesday, May 13, 2014

If you don’t know the California Club, as the song says “…you aren’t supposed to be here.”

So we know that Mark W. Burnett was working for the FBI in May of 2014.

The third “hit” is someone who says they know a Mark W. Burnett but it doesn’t go any further than that.

The last two “hits” are interesting because they both point to the Congressional Record on February 1, 2010, wherein the Senate confirms the promotion of a “Mark. W. Burnett” to the rank of colonel in the United States Army.

I searched U.S. District Court decisions at Justia but could not find any cases where Mark W. Burnett appeared.

The hand written “desk phone” detracts from the professionalism of the business card. It also indicates that Mark hasn’t been in the Los Angeles office long enough to get better cards.

What do you know about Special Agent Mark W. Burnett?

PS: There are hundreds of FBI agents from Los Angeles on LinkedIn but Mark W. Burnett isn’t one of them. At least not by that name.

Canary Watch [Tracking Warrant Service?]

Sunday, May 8th, 2016

Canary Watch

From the webpage:

“Warrant canary” is a colloquial term for a regularly published statement that a service provider has not received legal process that it would be prohibited from saying it had received, such as a national security letter. Canarywatch tracks and documents these statements. This site lists warrant canaries we know about, tracks changes or disappearances of canaries, and allows submissions of canaries not listed on the site.

Follow us on Twitter for updates and notifications about canaries on this site.

All of the “warrant canaries” I saw listed were from service providers and other organizations.

I recently saw a “warrant canary” posted by an individual (more on that this week).

The thought did occur to me that if enough individuals had “warrant canaries” on fairly short (monthly?) renewal cycles, it would be possible to track the service of warrants through particular communities.


“Rule of Law” and Lauri Love

Tuesday, May 3rd, 2016

My recent post, How-To Document Conspiracies and Other Crimes raised concerns with some readers since I did not address the legal niceties of the indictment. Burden of proof, claims not facts, etc. All of which were irrelevant to my point of using “secure IRC” to document a conspiracy or other crimes.

True or false, the indictment serves to illustrate the impact of self-documenting the commission of crimes, if indeed any crimes were committed.

What prompted this post was the suggestion that I was ignoring the “rule of law” in cases such as the one involving Lauri Love.

Perhaps the hacker community is unaware that the “rule of law” is a fiction which the sovereign sets aside at its convenience.

That has always been the case but the disturbing development during the Fear of Terror era, is that abandonment of the “rule of law” has become overt policy.

Iran-Contra is an example of abandoning the “rule of law” but at least those involved were talked about as criminals.

Fast forward to post 9/11 and examples of abandoning the “rule of law” explode: FBI instructs agents to conceal information from triers of fact U.s. v. Michaud, FBI hacking (FBI uses zero day exploits), Director of National Intelligence lies to Congress (Lies, Damned Lies, and Clapper (2015)), are just a few examples. (Is anyone keeping a list of the admitted lies to triers of fact and/or Congress?)

The public and unashamed abandonment of the “rule of law” along with any notion of an independent judiciary, has a deeply corrosive effect on the legitimacy of government.

Judges where alleged crimes against the state are prosecuted, should remember the state abandoned the “rule of law” first. It has no one but itself to blame for the consequences that follow.

Kiddie Porn – Anti-Tor Malware

Thursday, April 28th, 2016

U.S. v. COTTOM (December 22, 2015).

This quote tweeted April 27, 2016 by Anonymous:

Dr. Matt Edman also testified at the hearing. Id. at 84-101. In the Fall of 2012 he was employed by the Mitre Corporation as a senior cyber security engineer assigned to the FBI’s Remote Operations Unit. Id. at 84. He testified he has a bachelor of science degree in computer science from Baylor University and a Master’s Degree and Ph. D. in computer science from Rensselaer Polytechnic Institute. Id. at 85. He essentially corroborated Smith’s testimony. Id. at 85-89. He stated he adapted and configured the application found on to collect the limited set of information from a user’s computer (a unique identifier, the user’s operating system type, version, and architecture) and then send that information to the FBI-controlled server. Id. at 89. He wrote the source code and called it “Cornhusker.” Id. at 87. He stated there was no other functionality installed. Id. He further testified he did not plant porn on anyone’s computer. Id. (emphasis in the Anonymous tweet but not in the original decision)

Without more context, I was puzzled why that portion of the opinion was significant to Anonymous?

Mystery solved this morning when I saw: Former Tor Developer Created Malware for FBI to Unmask Tor Users by Swati Khandelwal.

From Swati’s post:

According to an investigation, Matthew Edman, a cyber security expert and former employee of the Tor Project, helped the FBI with Cornhusker a.k.a Torsploit malware that allowed Feds to hack and unmask Tor users in several high-profile cases, including Operation Torpedo and Silk Road.

I say “mystery solved,” but not really because I still fail to see the complaint about Matthew Edman working on anti-Tor malware?

No one claims Edman did poor work on Tor in hopes of a future exploit.

He was a former Tor employee working for Mitre, who had a client requesting anti-Tor malware.

Who should Mitre have tasked with that job?

Someone who had never used Tor or perhaps someone with greater familiarity with it?

For another take on this issue, see: Gamekeeper turns poacher? The ex-Tor developer who unmasked Tor users for the FBI by Paul Ducklin.

Paul writes:

…Edman is nevertheless being pilloried in the media, as though he were some sort of “gamekeeper turned poacher”, and as though, having once worked on Tor, he ought to have turned his back on law enforcement for ever.

What do you think? Is Edman some sort of turncoat?

Or has he shown that you can be in favour of privacy while also supporting the uncloaking of users when investigating serious crimes?

My answer is: Next question?

Edman was hired and owed his client in each case his best efforts.

What more could anyone ask?

News Flash: Only “Customary” Speakers Protected From Prior Restraint

Thursday, April 21st, 2016

National Security Letters Upheld As Constitutional

From the post:

A federal judge has unsealed her ruling that National Security Letter (NSL) provisions in federal law—as amended by the USA FREEDOM Act—don’t violate the Constitution. The ruling allows the FBI to continue to issue the letters with accompanying gag orders that silence anyone from disclosing they have received an NSL, often for years. The Electronic Frontier Foundation (EFF) represents two service providers in challenging the NSL statutes, who will appeal this decision to the United States Court of Appeals for the Ninth Circuit.

“Our heroic clients want to talk about the NSLs they received from the government, but they’ve been gagged—one of them since 2011,” said EFF Deputy Executive Director Kurt Opsahl. “This government silencing means the service providers cannot issue open and honest transparency reports and can’t share their experiences as part of the ongoing public debate over NSLs and their potential for abuse. Despite this setback, we will take this fight to the appeals court, again, to combat USA FREEDOM’s unconstitutional NSL provisions.”

This long-running battle started in 2011, after one of EFF’s clients challenged an NSL and the gag order it received. In 2013, U.S. District Court Judge Susan Illston issued a groundbreaking decision, ruling that the NSL power was unconstitutional. However, the government appealed, and the Ninth Circuit found that changes made by the USA FREEDOM Act passed by Congress last year required a new review by the District Court.

In the decision unsealed this week, the District Court found that the USA FREEDOM Act sufficiently addressed the facial constitutional problems with the NSL law. However, she also ruled that the FBI had failed to provide a sufficient justification for one of our client’s challenges to the NSLs. After reviewing the government’s justification, the court found no “reasonable likelihood that disclosure … would result in danger to the national security of the United States,” or other asserted dangers, and prohibited the government from enforcing that gag. However, the client still cannot identify itself because the court stayed this portion of the decision pending appeal.

The district court’s decision has many low points, perhaps the lowest is its quoting of the Second Circuit in John Doe, Inc. v. Mukasey:

Although the nondisclosure requirement is in some sense a prior restraint,… it is not a typical example of such a restriction for it is not a restraint imposed on those who customarily wish to exercise rights of free expression, such as speakers in public fora, distributors of literature, or exhibitors of movies. And although the nondisclosure requirement is triggered by the content of a category of information, that category, consisting of the fact of the receipt of an NSL and some related details, it far more limited than the broad categories of information that have been at issue with respect to typical content-based restrictions.

In the court’s judgment since customary speakers weren’t at issue, there’s no protection from prior restraint.

What a bizarre concept.

Are you a speaker in a public fora, distributor of literature, exhibitor of movies?

Well, I don’t qualify as an exhibitor of movies.

Nor do I qualify as a distributor of literature, at least in the sense of a traditional publisher.

Hmmm, do you think I qualify as a speaker in a public fora?

Perhaps, perhaps, but considering the tortured lengths the court went to reach its decision, what do you think the odds are that Wolf Blizer is a speaker in a public fora and I’m not?

Or you for that matter?

Support the EFF in this fight, it’s your right to be informed about FBI excesses and to raise those with your elected representatives that is at stake.

FBI Adds New Meaning to “Safe Sex”

Friday, April 1st, 2016

FBI Honeypot Ensnares Michagan Man by Trevor Aaronson.

From the post:

KHALIL ABU RAYYAN was a lonely young man in Detroit, eager to find a wife. Jannah Bride claimed she was a 19-year-old Sunni Muslim whose husband was killed in an airstrike in Syria. The two struck up a romantic connection through online communications.

Now, Rayyan, a 21-year-old Michigan man, is accused by federal prosecutors of supporting the Islamic State.

Documents released Tuesday show, however, that Rayyan was motivated not by religious radicalism but by the desire to impress Bride, who said she wanted to be a martyr.

Jannah Bride, not a real name, was in fact an FBI informant hired to communicate with Rayyan, who first came to the FBI’s attention when he retweeted a video from the Islamic State of people being thrown from buildings. He wrote later on Twitter: “Thanks, brother, that made my day.”

If you are shy, socially awkward and a woman is throwing herself at you, that’s a warning sign.

Either you have Ben Franklins leaking from your pockets or it is an FBI sting operation.

Check your pockets.

I don’t know of any reliable test for FBI informants but if people:

  1. Volunteer money for illegal purchases
  2. Urge you to say or plan illegal acts
  3. Provide you with plans for illegal objects or substances
  4. Initiate/maintain contact with you for 1, 2, or 3

The question you have to ask yourself:

If they are so hot for action, why are they pestering you?

Unless you think a long stretch in a U.S. prison looks good on your resume, avoid people who want to facilitate you committing illegal acts.

They have an agenda and it isn’t to benefit you. Only themselves.

FBI Hacked San Bernardino IPhone – Why Do You Believe That?

Wednesday, March 30th, 2016

The claim of the FBI to have hacked the San Bernardino IPhone without help from Apple has flooded social and mainstream media.

What I haven’t heard in all that clamor is any reason to credit that claim.

This is the same FBI mentioned in:

Report: ‘Nearly Every’ FBI Forensics Expert Gave Flawed Testimony In ‘Almost All Trials’ Over A 20-Year Period

Official confirmation the FBI lied? (Boston Marathon Bombing)

The Judi Bari Website FBI conspiracy (civil court verdict)

FBI Sanctioned for Lying About Existence of Surveillance Records

Admittedly, it isn’t easy to catch the FBI lying, but these few cases illustrate that lying is a way of life at the FBI.

Or as the 9th Circuit is quoted as saying in FBI Sanctioned for Lying About Existence of Surveillance Records:

The Government argues that there are times when the interests of national security require the Government to mislead the Court. The Court strongly disagrees. The Government’s duty of honesty to the Court can never be excused, no matter what the circumstance. The Court is charged with the humbling task of defending the Constitution and ensuring that the Government does not falsely accuse people, needlessly invade their privacy or wrongfully deprive them of their liberty. The Court simply cannot perform this important task if the Government lies to it. Deception perverts justice. Truth always promotes it.

When you are dealing with a party that has a policy of misleading courts to further “national security,” why would you credit any unsubstantiated claim from that source?

More than a policy, a history of lying to both the public and the courts.

Is it sufficient that the FBI declare it’s not lying today? This time? Or did any media representative even ask that question?

Until an independent expert “hacks” an identical iPhone using the FBI’s “method,” the FBI “hack” of the San Bernardino IPhone ranks with photos of presidents with aliens:


And for equal time purposes:


A skeptical public press would not parrot the unsubstantiated claims of known liars, even when those liars are federal agencies.

But then, we don’t have a skeptical public press.