jm + fbi   15

One Of The Biggest At-Home DNA Testing Companies Is Working With The FBI
Family Tree reveal that they are providing access to customer-submitted DNA records:
“We are nearing a de-facto national DNA database,” Natalie Ram, an assistant law professor at the University of Baltimore who specializes in bioethics and criminal justice, told BuzzFeed News. “We don’t choose our genetic relatives, and I cannot sever my genetic relation to them. There’s nothing voluntary about that.”

Others aired similar concerns. “I would be very against Family Tree DNA allowing law enforcement to have open access to their DNA database,” Debbie Kennett, a British genealogy enthusiast and honorary research associate at University College London said. “I don’t think it’s right for law enforcement to use a database without the informed consent of the consumer.”


(via Antonio Regalado)
biometrics  privacy  dna  family-tree  via:antonio-regalado  genealogy  data-protection  fbi  us 
22 days ago by jm
FBI admits flaws in hair analysis over decades
Wow, this is staggering.
The Justice Department and FBI have formally acknowledged that nearly every examiner in an elite FBI forensic unit gave flawed testimony in almost all trials in which they offered evidence against criminal defendants over more than a two-decade period before 2000. [....]

The review confirmed that FBI experts systematically testified to the near-certainty of “matches” of crime-scene hairs to defendants, backing their claims by citing incomplete or misleading statistics drawn from their case work. In reality, there is no accepted research on how often hair from different people may appear the same. Since 2000, the lab has used visual hair comparison to rule out someone as a possible source of hair or in combination with more accurate DNA testing. Warnings about the problem have been mounting. In 2002, the FBI reported that its own DNA testing found that examiners reported false hair matches more than 11 percent of the time.
fbi  false-positives  hair  dna  biometrics  trials  justice  experts  crime  forensics  inaccuracy  csi 
april 2015 by jm
How to Catch a Terrorist - The New Yorker
This is spot on --
By flooding the system with false positives, big-data approaches to counterterrorism might actually make it harder to identify real terrorists before they act. Two years before the Boston Marathon bombing, Tamerlan Tsarnaev, the older of the two brothers alleged to have committed the attack, was assessed by the city’s Joint Terrorism Task Force. They determined that he was not a threat. This was one of about a thousand assessments that the Boston J.T.T.F. conducted that year, a number that had nearly doubled in the previous two years, according to the Boston F.B.I. As of 2013, the Justice Department has trained nearly three hundred thousand law-enforcement officers in how to file “suspicious-activity reports.” In 2010, a central database held about three thousand of these reports; by 2012 it had grown to almost twenty-eight thousand. “The bigger haystack makes it harder to find the needle,” Sensenbrenner told me. Thomas Drake, a former N.S.A. executive and whistle-blower who has become one of the agency’s most vocal critics, told me, “If you target everything, there’s no target.”
terrorism  false-positives  filtering  detection  jttf  nsa  fbi  surveillance  gchq 
january 2015 by jm
The FBI Used the Web's Favorite Hacking Tool to Unmask Tor Users | WIRED
Since Operation Torpedo [use of a Metasploit side project], there’s evidence the FBI’s anti-Tor capabilities have been rapidly advancing. Torpedo was in November 2012. In late July 2013, computer security experts detected a similar attack through Dark Net websites hosted by a shady ISP called Freedom Hosting—court records have since confirmed it was another FBI operation. For this one, the bureau used custom attack code that exploited a relatively fresh Firefox vulnerability—the hacking equivalent of moving from a bow-and-arrow to a 9-mm pistol. In addition to the IP address, which identifies a household, this code collected the MAC address of the particular computer that infected by the malware.

“In the course of nine months they went from off the shelf Flash techniques that simply took advantage of the lack of proxy protection, to custom-built browser exploits,” says Soghoian. “That’s a pretty amazing growth … The arms race is going to get really nasty, really fast.”
fbi  tor  police  flash  security  privacy  anonymity  darknet  wired  via:bruces 
december 2014 by jm
FBI's "Suicide Letter" to Dr. Martin Luther King, Jr., and the Dangers of Unchecked Surveillance
The entire letter could have been taken from a page of GCHQ’s Joint Threat Research and Intelligence Group (JTRIG)—though perhaps as an email or series of tweets. The British spying agency GCHQ is one of the NSA’s closest partners. The mission of JTRIG, a unit within GCHQ, is to “destroy, deny, degrade [and] disrupt enemies by discrediting them.” And there’s little reason to believe the NSA and FBI aren’t using such tactics.

The implications of these types of strategies in the digital age are chilling. Imagine Facebook chats, porn viewing history, emails, and more made public to discredit a leader who threatens the status quo, or used to blackmail a reluctant target into becoming an FBI informant. These are not far-fetched ideas. They are the reality of what happens when the surveillance state is allowed to grow out of control, and the full King letter, as well as current intelligence community practices illustrate that reality richly.
fbi  surveillance  mlk  history  blackmail  snooping  gchq  nsa 
november 2014 by jm
The FBI Finally Says How It ‘Legally’ Pinpointed Silk Road’s Server
The answer, according to a new filing by the case’s prosecution, is far more mundane: The FBI claims to have found the server’s location without the NSA’s help, simply by fiddling with the Silk Road’s login page until it leaked its true location.
fbi  nsa  silk-road  tor  opsec  dread-pirate-roberts  wired 
september 2014 by jm
"A reason to hang him": how mass surveillance, secret courts, confirmation bias and the FBI can ruin your life - Boing Boing
This is bananas. Confirmation bias running amok.
Brandon Mayfield was a US Army veteran and an attorney in Portland, OR. After the 2004 Madrid train bombing, his fingerprint was partially matched to one belonging to one of the suspected bombers, but the match was a poor one. But by this point, the FBI was already convinced they had their man, so they rationalized away the non-matching elements of the print, and set in motion a train of events that led to Mayfield being jailed without charge; his home and office burgled by the FBI; his client-attorney privilege violated; his life upended.
confirmation-bias  bias  law  brandon-mayfield  terrorism  fingerprints  false-positives  fbi  scary 
february 2014 by jm
If You Used This Secure Webmail Site, the FBI Has Your Inbox
TorMail was a Tor-based webmail system, and apparently its drives have been imaged and seized by the FBI. More info on the Freedom Hosting seizure:
The connection, if any, between the FBI obtaining Freedom Hosting’s data and apparently launching the malware campaign through TorMail and the other sites isn’t spelled out in the new document. The bureau could have had the cooperation of the French hosting company that Marques leased his servers from. Or it might have set up its own Tor hidden services using the private keys obtained from the seizure, which would allow it to adopt the same .onion addresses used by the original sites.

The French company also hasn’t been identified. But France’s largest hosting company, OVH, announced on July 29, in the middle of the FBI’s then-secret Freedom Hosting seizure, that it would no longer allow Tor software on its servers. A spokesman for the company says he can’t comment on specific cases, and declined to say whether Freedom Hosting was a customer. “Wherever the data center is located, we conduct our activities in conformity with applicable laws, and as a hosting company, we obey search warrants or disclosure orders,” OVH spokesman Benjamin Bongoat told WIRED. “This is all we can say as we usually don’t make any comments on hot topics.”
fbi  freedom-hosting  hosting  tor  tormail  seizures  ovh  colo  servers 
january 2014 by jm
How the feds took down the Dread Pirate Roberts | Ars Technica
Well-written, comprehensive writeup of the Silk Road takedown, and the libertarian craziness of Ross William Ulbricht, it's alleged owner and operator
silk-road  drugs  crazy  ross-william-ulbricht  fbi  libertarian  murder  tor 
october 2013 by jm
Edward Snowden's E-Mail Provider Defied FBI Demands to Turn Over SSL Keys, Documents Show
Levison lost [in secret court against the government's order]. In a work-around, Levison complied the next day by turning over the private SSL keys as an 11 page printout in 4-point type. The government called the printout “illegible” and the court ordered Levison to provide a more useful electronic copy.


Nice try though! Bottom line is they demanded the SSL private key. (via Waxy)
government  privacy  security  ssl  tls  crypto  fbi  via:waxy  secrecy  snooping 
october 2013 by jm
Silk Road busted
This is a pretty good summary of the salient points from the criminal complaint against Ross William Ulbricht -- I'd say it's pretty bad news for any users of the dodgy site, particularly given this:
"During the 60-day period from May 24, 2013 to July 23, 2013, there were approximately 1,217,218 communications sent between Silk Road users through Silk Road's private-message system."


According to the complaint, those are now in the FBI's hands -- likely unencrypted.
crime  silk-road  drugs  busts  tor  ross-william-ulbricht  fbi 
october 2013 by jm
FBI Admits It Controlled Tor Servers Behind Mass Malware Attack
The code’s behavior, and the command-and-control server’s Virginia placement, is also consistent with what’s known about the FBI’s “computer and internet protocol address verifier,” or CIPAV, the law enforcement spyware first reported by WIRED in 2007. Court documents and FBI files released under the FOIA have described the CIPAV as software the FBI can deliver through a browser exploit to gather information from the target’s machine and send it to an FBI server in Virginia. The FBI has been using the CIPAV since 2002 against hackers, online sexual predators, extortionists, and others, primarily to identify suspects who are disguising their location using proxy servers or anonymity services, like Tor.

Prior to the Freedom Hosting attack, the code had been used sparingly, which kept it from leaking out and being analyzed.
cipav  fbi  tor  malware  spyware  security  wired 
september 2013 by jm
F.B.I. Seizes Web Servers, Knocking Sites Offline
law enforcement fail. "the agents took entire server racks, perhaps because they mistakenly thought that “one enclosure is = to one server,” [DigitalOne's CEO] said in an e-mail."
search-and-seizure  law-enforcement  fbi  fail  datacenters  racks  digitalone  usa  hosting 
june 2011 by jm
Backdoor Allegations regarding OpenBSD IPSEC
'It is alleged that some ex-developers (and the company<br />
they worked for) accepted US government money to put backdoors into [the OpenBSD] network stack, in particular the IPSEC stack. Around 2000-2001'
openbsd  wow  ipsec  backdoors  fbi  nsa  us-politics  open-source  networking  security  from delicious
december 2010 by jm

Copy this bookmark:



description:


tags: