Thank You

Thank you for your service.

Richmond pre-school in Richmond, California will begin tracking pre-schoolers with GPS tags installed on basketball jerseys.[1] The jerseys will be worn while the kids are in school and will track the kid’s whereabouts during the day.   Sung Kim of the county’s employment and human services department suggested that eventually 3,000 man hours of teacher’s labor could be saved from having to track the kids and check them in and out.  The system cost $50,000 and was paid for with Federal Grant money.  3,000 hours of labor for tracking pre-schoolers?

In another case outside Chicago, Palos Heights School District 128 is using GPS technology to track not only buses but also is beginning to install GPS trackers on students’ backpacks. [2] Allegedly some parents feel safer knowing the school has GPS tracking on each kid’s backpack. The district spent $16,000 for the technology.  If a child is missing or unaccounted for, the school can look up the location of the bus, and look up the student’s ID and determine the location of each.

Is this legal?  Some have suggested that students do not have a reasonable right to location privacy while they are in school “custody.”  Perhaps they don’t.  But do teachers or school administrators have a right to location privacy while at school?  Why not equip teachers with GPS devices along with the kids?   Whenever the two are separated by a pre-defined distance, then an alarm can be sent showing that the kids are not under human supervision.  And if schools are equipping students with GPS devices, then how about doing it in other workplaces?  You could track the location of each person in the building and determine how long they spent in the break room, lunchroom, smoking area, or other.

Using GPS devices to track convicted sex-offenders and other felons makes sense.  Tracking product shipments and assets (like buses) makes sense.  But GPS tracking of students is a slippery slope.

But how far will this go?  Do two make a trend?

[2] http://www.nbcchicago.com/news/local-beat/GPS-palos-heights-school-district-128-zpass.html

In another incident, 16 illegal immigrants landed their boat at icon B shown on the map.

The US Marine base is some 50 miles north of the US Border by sea.  There have been local rumors of other boats coming ashore on beaches even further north than 50 miles, including reports of landings on Santa Catalina Island, a roughly 87 mile boat journey from the US Border.

California’s unemployment rate stands at over 12%.  The boats aren’t arriving because of jobs because there aren’t any.  So what else could they be doing?   How about smuggling humans, drugs, and/or terrorists?  Ridiculous?   How do you know if they aren’t stopped and checked?

Photo: Courtesy ESPN.com

Researchers at VeriSign’s iDefense group recently reported that up to 1.5 million Facebook profiles were stolen and for sale in the criminal underground. [i] The sale price was reported between $25-$45 per 1,000 user profiles.  According to the article, Facebook did not respond to requests for comment from Verisign so it could be more or less than 1.5M.  Was James’ profile among that alleged stolen batch or did some other thief steal it?  We will likely never know how it was originally stolen but here’s what happened afterwards.

The thief who had assumed James’ identity asked for a Western Union money transfer and provided a UK physical address where “he” would pick up the money.  More on that later.  How much money did they need?  800 British Pounds, or about $1,150 US.

How did the thief get this far into the scam?

1. Thief somehow obtained the Facebook user name and password for James.
2. Thief noted the registered email address for James, the one associated with his Facebook account.
3. James had used the same password for both Facebook and his email account. (a common mistake) Thief tried that password first and was successful in logging into James’ email account.
4. Thief changes both Facebook and Email account passwords, locking James out.
5. Thief opens up a new Yahoo email account using an address very similar to James’ original email .
6. Thief forwards all email from James’ regular email to the Yahoo account.
7. Now thief sends out his distress email to James’ friends, some of whom respond via email with concern.  Some friends call James on the phone.

James feels violated.   He reports the incident to law enforcement. But because it happens every day, is international, and because no money was transferred, it becomes just another statistic, one of possibly millions. It’s a numbers game for the bad guys. Bad guy buys a 1,000 user names for roughly $50, solicits all the friends in those networks (1,000 users times hundreds of friends), and is looking for at least one gullible friend to wire transfer $1,150. That’s a pretty good return on investment if it works just once.

We offered to help James and here are the steps taken to help him recover:

1. James called his email provider and took back control of his email address.  It was there that he found the forwarded Yahoo email address.  That Yahoo address was set up as a throwaway account—just for this purpose.
2. We contacted Facebook to get his profile back.  To our pleasant surprise, Facebook was very responsive (less than 5 hours) and instructed us to fill out a report at this link. http://www.facebook.com/help.php?page=420 Afterwards they would work to restore his profile.  Facebook restored his account in 3 days after verifying James’ true identity,. (Again, a pleasant surprise in turnaround time)
3. Ensured from now on that James uses a different password for each different web site and that his passwords contain letters, numbers, and symbols.  No recycled passwords allowed.
4. Ensured that James checked his bank accounts and credit cards for odd transactions.
5. Requested that James validate his “friends” in the network to ensure nobody new came in while the thief had control.

There are two and possibly three victims to this type of scam.  The first victim is James.  Someone steals his identity and exploits his goodwill and honest reputation among his friends.  The second victim group is James’ friends. As far as we know, nobody actually sent money but some were concerned enough to send emails-where the thief was waiting to respond.  The third potential victim is the owner of the money pick up location.  This is where the thief or accomplice will physically go to pick up the money if transferred, often using Western Union, but not exclusively.  The owner is a potential victim because he or she might not know they are being used by criminals as a pick up spot.  We would like to help this group too.

Here’s how you can help us help them. If you’ve received an email from your friend requesting urgent money and instructing you to transfer cash, or if you have been victimized yourself, here’s how you can help. We have set up a free reporting site where you can report the physical location of the requested money pickup as displayed in your email.  If a pickup address is listed in your scam email, then report it.  As the number of reported incidents grows, some physical locations will begin to emerge again and again.  If you happen to own or manage one of these locations, then you should contact local law enforcement and let them know you are being used by fraudsters as a potential pick up spot.  While investigating James’ pick up spot in Cardiff, UK, we found 2 other victims reporting the same address so we’ve logged a total of three there to start.

Click here to file a report or view the data: http://sites.google.com/site/report419scam/

Original post was at www.InfoSecIsland.com

Since the publication date, Craigslist (http://www.craigslist.org) has enabled RSS feeds on their site.   So we suggest trying the following as an alternate.

1. Ensure you have your Google Reader page open.
2. Open a second tab or page and run the query you want in Craigslist.   You should see the search results on your page.
3. Copy the entire Craiglist URL shown at the top in the address bar.
4. Go to Google Reader and Click on “Add a Subscription” button in the upper left.
5. Paste in your Copied URL and you should now have an RSS feed for that query.

Another alternative site is http://www.allofcraigs.com You’ll need to navigate to the advanced query screen to create more exact RSS feeds.

How to Automate Collection Efforts Using RSS Feeds

Many people today ride into Facebook, MySpace, Linkedin, and other social network sites with their masks on, expecting privacy and anonymity. But how hard is it to find them?

I was looking for an old colleague of mine who is not on any social sites so I searched Linkedin for his friends in the Washington DC area. I figured they could tell me how to find him.  While looking at the company listings in the area, I came across a guy who, figuratively speaking, had his mask on.  His name was listed as “Private” because he had clicked on some privacy setting in Linkedin.   Wearing a privacy mask in a public room tends to draw more attention to oneself so out of curiosity, I wanted to know who he was.  (Out of respect for Jon’s privacy I won’t disclose him.)  But it took me about 10 seconds. I will show you how easy it is.

But first, back to the Lone Ranger. We can assume the Lone Ranger lived in the area because he was always foiling bad guys within the same desert geography. One can only travel so far and so fast on horse.  So from a given population within a reasonably limited radius, we are looking for someone with the following characteristics:

1. Unique facial features-Square jaw, dark eye color, short black hair

2. Race (White)

3. Body type-Estimated height (5’10-6′), weight (185-200 lbs), and build (muscular)

4. Social circle-Hangs around with an Indian named Tonto.  If you find and “friend” Tonto, you find LR.

5. Pets-Rides a white stallion. It’s the biggest horse in the area and it leaves BIG tracks for ease of following.  It’s also the only white horse living in the area. Goes by the name Silver. Find white stallion, find LR.

So who was the masked man? If they had Internet connectivity at the ranch back then, they could run this query in the Google search box:

location: los angeles county “lone ranger” “tonto” “white stallion”

Go ahead and copy and paste that line as is into Google.  You should find his name pretty quickly.  He passed away in December 1999 at the age of 85.

To find a Linkedin private profile, you follow the same logic.  Search the area with 3 or more characteristics.

So in practice you would search among the web population of Linkedin profiles and pick for example: Job Title, Company, Location, and Educational Institution as identifiers.  The odds are very low that two people have the same set of identical backgrounds but you might have to narrow your search by adding more identifiers if you get multiple profiles. Searching within Linkedin will likely lead you to privacy blocks.  But search from outside in, via Google, and you’ll see things from a new angle.

Here’s the sample query I ran and confirmed with 100% certainty the identity of the Linkedin masked man:

Site:Linkedin.com “Company name” “Washington DC” “ABC University”

The Site command tells you where on the web to conduct your search. In this case, the Linkedin.com domain.  Put quotes around your identifiers to make your query more specific and add a few more if you need to, like previous employer.

There are over 1,000 private profiles in Linkedin.  If you have a real need or desire to remain private on a social network site then maybe you need to rethink your strategy.

That’s the first we’ve heard of dealers equipping their cars with these gadgets, and the first we’ve heard of a hacker exploiting the gadget.  The difference between an exploit scenario and a real exploit is only a mouse click away.

Via Danger Room. http://www.wired.com/threatlevel/2010/03/hacker-bricks-cars/

According to the popular news, failure to connect the dots is the leading cause of nearly all intelligence failures.  The pundits point to the existence of a picture or plot outlined with a bunch of dots.  The only thing missing is to draw lines between the dots and presto, the picture becomes crystal clear.

Things aren’t so simple.  What if you’re given more dots?  Seems like your picture would become more focused with more dots on it.  But what if all those extra dots didn’t belong to that picture and instead were part of other pictures?  What if a bunch of those dots didn’t belong to any pictures at all but were just there to clutter the picture?  How do you separate them, categorize them and begin to assemble pictures?  Now that sounds more like reality.

In 2004, just a short 5 years ago, there were 285 million web servers reported online in the world.   In 2009, that figure tripled to 681 million.  [i] And these are just web servers and don’t include all the private servers that have been implemented since then.

On the wireless side, the International Telecommunications Union (ITU) forecasts mobile cellular subscriptions will surpass 5 Billion in 2010.  [ii]

The forecasted amount of data from these devices can be found in the Cisco® Visual Networking Index (VNI) Global Mobile Data Forecast for 2009-2014.[iii]

The research projects that annual global mobile data traffic will reach 3.6 exabytes per month or an annual run rate of 40 exabytes by 2014.  Such a figure equates to a 39-fold increase from 2009 to 2014, or a compound annual growth rate (CAGR) of 108 percent.

Two major global trends are driving this increase-the proliferation of mobile-ready devices and widespread mobile video content consumption. By 2014, there could be over 5 billion personal devices connecting to mobile networks – and billions more machine-to-machine nodes. Mobile video is projected by the study to represent 66 percent of all mobile data traffic by 2014, increasing 66-fold from 2009 to 2014-the highest growth rate of any mobile data application tracked in the Cisco VNI Global Mobile Data Forecast.

What exactly does 3.6 exabytes per month mean? How much is that?

According to the table below, 5 exabytes equals all the words ever spoken by human beings, and I assume that means all languages. [iv] That’s a lot of dots.

And remember these data numbers are only related to mobile cellular data.  Add in terrestrial network data and mix in some Mandarin, Spanish, English, Portuguese, French, Arabic, and German dots and your pictures start to get cloudy very fast.

So what’s hot in the career forecast for dot-connecting?

Intelligence analysts and investigators.  The ability to make sense and find meaning and context in large amounts of noise.

Translation services.   More data in multiple languages means someone has to decipher the meaning.

Cyber Security.  In 2009, the malware signature counter surpassed 5 Million.  Many of those malware files are designed to steal your data. [v] You will need to increase your security, like it or not.

Cyber Criminal.  Really.  It can be lucrative.  Lots of targets.   Writing malware, stealing credit cards, corporate espionage, or hacking for profit.   It’s a growing business–illicit, but it is a business.

Cyber Law Enforcement.   Didn’t think cyber criminals could operate freely did you?  DHS, FBI, Secret Service, State and local are all ramping up Cyber and forensic capabilities.

Cyber Lawyers.  It’s a wild frontier.  Case Law is still being written in this domain.  If you can charge by the hour, that’s good for you.

A lot has been written already on the Christmas Day panty bomber Abdulmutallab and the lack of dot-connecting that preceded the event.  Some of the databases that could have and should have been checked were in the form of microfiche not too long ago.   Now they are digital dots.  That should make searching through them easier and it does.  But with exabytes of data coming at us from the land and from the air, and even more coming in multiple languages, finding the right pictures among the noise is going to get alot harder.

[ii] “Press Release: ITU sees 5 billion mobile subscriptions globally in 2010,” http://www.itu.int/newsroom/press_releases/2010/06.html

[iii] “Cisco Visual Networking Index Forecast Predicts Continued Mobile Data Traffic Surge -> Cisco News,” http://newsroom.cisco.com/dlls/2010/prod_020910b.html

[iv] “What is How many bytes for…? – Definition from Whatis.com,” http://searchstorage.techtarget.com/sDefinition/0,,sid5_gci944596,00.html

[v] “Triumfant Worldwide Malware Signature Counter Reaches 5 Million In Less Than One Year – DarkReading,” http://www.darkreading.com/vulnerability_management/security/antivirus/showArticle.jhtml?articleID=220600888

As a side note, Eagle was one of many participants conducting research into the report.

Hop over to the link below to review the report.

Project Grey Goose report on Critical Infrastructure: Attacks, Actors, and Emerging Threats