In another incident, 16 illegal immigrants landed their boat at icon B shown on the map.

The US Marine base is some 50 miles north of the US Border by sea.  There have been local rumors of other boats coming ashore on beaches even further north than 50 miles, including reports of landings on Santa Catalina Island, a roughly 87 mile boat journey from the US Border.

California’s unemployment rate stands at over 12%.  The boats aren’t arriving because of jobs because there aren’t any.  So what else could they be doing?   How about smuggling humans, drugs, and/or terrorists?  Ridiculous?   How do you know if they aren’t stopped and checked?

Photo: Courtesy ESPN.com

Researchers at VeriSign’s iDefense group recently reported that up to 1.5 million Facebook profiles were stolen and for sale in the criminal underground. [i] The sale price was reported between $25-$45 per 1,000 user profiles.  According to the article, Facebook did not respond to requests for comment from Verisign so it could be more or less than 1.5M.  Was James’ profile among that alleged stolen batch or did some other thief steal it?  We will likely never know how it was originally stolen but here’s what happened afterwards.

The thief who had assumed James’ identity asked for a Western Union money transfer and provided a UK physical address where “he” would pick up the money.  More on that later.  How much money did they need?  800 British Pounds, or about $1,150 US.

How did the thief get this far into the scam?

1. Thief somehow obtained the Facebook user name and password for James.
2. Thief noted the registered email address for James, the one associated with his Facebook account.
3. James had used the same password for both Facebook and his email account. (a common mistake) Thief tried that password first and was successful in logging into James’ email account.
4. Thief changes both Facebook and Email account passwords, locking James out.
5. Thief opens up a new Yahoo email account using an address very similar to James’ original email .
6. Thief forwards all email from James’ regular email to the Yahoo account.
7. Now thief sends out his distress email to James’ friends, some of whom respond via email with concern.  Some friends call James on the phone.

James feels violated.   He reports the incident to law enforcement. But because it happens every day, is international, and because no money was transferred, it becomes just another statistic, one of possibly millions. It’s a numbers game for the bad guys. Bad guy buys a 1,000 user names for roughly $50, solicits all the friends in those networks (1,000 users times hundreds of friends), and is looking for at least one gullible friend to wire transfer $1,150. That’s a pretty good return on investment if it works just once.

We offered to help James and here are the steps taken to help him recover:

1. James called his email provider and took back control of his email address.  It was there that he found the forwarded Yahoo email address.  That Yahoo address was set up as a throwaway account—just for this purpose.
2. We contacted Facebook to get his profile back.  To our pleasant surprise, Facebook was very responsive (less than 5 hours) and instructed us to fill out a report at this link. http://www.facebook.com/help.php?page=420 Afterwards they would work to restore his profile.  Facebook restored his account in 3 days after verifying James’ true identity,. (Again, a pleasant surprise in turnaround time)
3. Ensured from now on that James uses a different password for each different web site and that his passwords contain letters, numbers, and symbols.  No recycled passwords allowed.
4. Ensured that James checked his bank accounts and credit cards for odd transactions.
5. Requested that James validate his “friends” in the network to ensure nobody new came in while the thief had control.

There are two and possibly three victims to this type of scam.  The first victim is James.  Someone steals his identity and exploits his goodwill and honest reputation among his friends.  The second victim group is James’ friends. As far as we know, nobody actually sent money but some were concerned enough to send emails-where the thief was waiting to respond.  The third potential victim is the owner of the money pick up location.  This is where the thief or accomplice will physically go to pick up the money if transferred, often using Western Union, but not exclusively.  The owner is a potential victim because he or she might not know they are being used by criminals as a pick up spot.  We would like to help this group too.

Here’s how you can help us help them. If you’ve received an email from your friend requesting urgent money and instructing you to transfer cash, or if you have been victimized yourself, here’s how you can help. We have set up a free reporting site where you can report the physical location of the requested money pickup as displayed in your email.  If a pickup address is listed in your scam email, then report it.  As the number of reported incidents grows, some physical locations will begin to emerge again and again.  If you happen to own or manage one of these locations, then you should contact local law enforcement and let them know you are being used by fraudsters as a potential pick up spot.  While investigating James’ pick up spot in Cardiff, UK, we found 2 other victims reporting the same address so we’ve logged a total of three there to start.

Click here to file a report or view the data: http://sites.google.com/site/report419scam/

Original post was at www.InfoSecIsland.com

Since the publication date, Craigslist (http://www.craigslist.org) has enabled RSS feeds on their site.   So we suggest trying the following as an alternate.

1. Ensure you have your Google Reader page open.
2. Open a second tab or page and run the query you want in Craigslist.   You should see the search results on your page.
3. Copy the entire Craiglist URL shown at the top in the address bar.
4. Go to Google Reader and Click on “Add a Subscription” button in the upper left.
5. Paste in your Copied URL and you should now have an RSS feed for that query.

Another alternative site is http://www.allofcraigs.com You’ll need to navigate to the advanced query screen to create more exact RSS feeds.

How to Automate Collection Efforts Using RSS Feeds

Many people today ride into Facebook, MySpace, Linkedin, and other social network sites with their masks on, expecting privacy and anonymity. But how hard is it to find them?

I was looking for an old colleague of mine who is not on any social sites so I searched Linkedin for his friends in the Washington DC area. I figured they could tell me how to find him.  While looking at the company listings in the area, I came across a guy who, figuratively speaking, had his mask on.  His name was listed as “Private” because he had clicked on some privacy setting in Linkedin.   Wearing a privacy mask in a public room tends to draw more attention to oneself so out of curiosity, I wanted to know who he was.  (Out of respect for Jon’s privacy I won’t disclose him.)  But it took me about 10 seconds. I will show you how easy it is.

But first, back to the Lone Ranger. We can assume the Lone Ranger lived in the area because he was always foiling bad guys within the same desert geography. One can only travel so far and so fast on horse.  So from a given population within a reasonably limited radius, we are looking for someone with the following characteristics:

1. Unique facial features-Square jaw, dark eye color, short black hair

2. Race (White)

3. Body type-Estimated height (5’10-6′), weight (185-200 lbs), and build (muscular)

4. Social circle-Hangs around with an Indian named Tonto.  If you find and “friend” Tonto, you find LR.

5. Pets-Rides a white stallion. It’s the biggest horse in the area and it leaves BIG tracks for ease of following.  It’s also the only white horse living in the area. Goes by the name Silver. Find white stallion, find LR.

So who was the masked man? If they had Internet connectivity at the ranch back then, they could run this query in the Google search box:

location: los angeles county “lone ranger” “tonto” “white stallion”

Go ahead and copy and paste that line as is into Google.  You should find his name pretty quickly.  He passed away in December 1999 at the age of 85.

To find a Linkedin private profile, you follow the same logic.  Search the area with 3 or more characteristics.

So in practice you would search among the web population of Linkedin profiles and pick for example: Job Title, Company, Location, and Educational Institution as identifiers.  The odds are very low that two people have the same set of identical backgrounds but you might have to narrow your search by adding more identifiers if you get multiple profiles. Searching within Linkedin will likely lead you to privacy blocks.  But search from outside in, via Google, and you’ll see things from a new angle.

Here’s the sample query I ran and confirmed with 100% certainty the identity of the Linkedin masked man:

Site:Linkedin.com “Company name” “Washington DC” “ABC University”

The Site command tells you where on the web to conduct your search. In this case, the Linkedin.com domain.  Put quotes around your identifiers to make your query more specific and add a few more if you need to, like previous employer.

There are over 1,000 private profiles in Linkedin.  If you have a real need or desire to remain private on a social network site then maybe you need to rethink your strategy.

That’s the first we’ve heard of dealers equipping their cars with these gadgets, and the first we’ve heard of a hacker exploiting the gadget.  The difference between an exploit scenario and a real exploit is only a mouse click away.

Via Danger Room. http://www.wired.com/threatlevel/2010/03/hacker-bricks-cars/

According to the popular news, failure to connect the dots is the leading cause of nearly all intelligence failures.  The pundits point to the existence of a picture or plot outlined with a bunch of dots.  The only thing missing is to draw lines between the dots and presto, the picture becomes crystal clear.

Things aren’t so simple.  What if you’re given more dots?  Seems like your picture would become more focused with more dots on it.  But what if all those extra dots didn’t belong to that picture and instead were part of other pictures?  What if a bunch of those dots didn’t belong to any pictures at all but were just there to clutter the picture?  How do you separate them, categorize them and begin to assemble pictures?  Now that sounds more like reality.

In 2004, just a short 5 years ago, there were 285 million web servers reported online in the world.   In 2009, that figure tripled to 681 million.  [i] And these are just web servers and don’t include all the private servers that have been implemented since then.

On the wireless side, the International Telecommunications Union (ITU) forecasts mobile cellular subscriptions will surpass 5 Billion in 2010.  [ii]

The forecasted amount of data from these devices can be found in the Cisco® Visual Networking Index (VNI) Global Mobile Data Forecast for 2009-2014.[iii]

The research projects that annual global mobile data traffic will reach 3.6 exabytes per month or an annual run rate of 40 exabytes by 2014.  Such a figure equates to a 39-fold increase from 2009 to 2014, or a compound annual growth rate (CAGR) of 108 percent.

Two major global trends are driving this increase-the proliferation of mobile-ready devices and widespread mobile video content consumption. By 2014, there could be over 5 billion personal devices connecting to mobile networks – and billions more machine-to-machine nodes. Mobile video is projected by the study to represent 66 percent of all mobile data traffic by 2014, increasing 66-fold from 2009 to 2014-the highest growth rate of any mobile data application tracked in the Cisco VNI Global Mobile Data Forecast.

What exactly does 3.6 exabytes per month mean? How much is that?

According to the table below, 5 exabytes equals all the words ever spoken by human beings, and I assume that means all languages. [iv] That’s a lot of dots.

And remember these data numbers are only related to mobile cellular data.  Add in terrestrial network data and mix in some Mandarin, Spanish, English, Portuguese, French, Arabic, and German dots and your pictures start to get cloudy very fast.

So what’s hot in the career forecast for dot-connecting?

Intelligence analysts and investigators.  The ability to make sense and find meaning and context in large amounts of noise.

Translation services.   More data in multiple languages means someone has to decipher the meaning.

Cyber Security.  In 2009, the malware signature counter surpassed 5 Million.  Many of those malware files are designed to steal your data. [v] You will need to increase your security, like it or not.

Cyber Criminal.  Really.  It can be lucrative.  Lots of targets.   Writing malware, stealing credit cards, corporate espionage, or hacking for profit.   It’s a growing business–illicit, but it is a business.

Cyber Law Enforcement.   Didn’t think cyber criminals could operate freely did you?  DHS, FBI, Secret Service, State and local are all ramping up Cyber and forensic capabilities.

Cyber Lawyers.  It’s a wild frontier.  Case Law is still being written in this domain.  If you can charge by the hour, that’s good for you.

A lot has been written already on the Christmas Day panty bomber Abdulmutallab and the lack of dot-connecting that preceded the event.  Some of the databases that could have and should have been checked were in the form of microfiche not too long ago.   Now they are digital dots.  That should make searching through them easier and it does.  But with exabytes of data coming at us from the land and from the air, and even more coming in multiple languages, finding the right pictures among the noise is going to get alot harder.

[ii] “Press Release: ITU sees 5 billion mobile subscriptions globally in 2010,” http://www.itu.int/newsroom/press_releases/2010/06.html

[iii] “Cisco Visual Networking Index Forecast Predicts Continued Mobile Data Traffic Surge -> Cisco News,” http://newsroom.cisco.com/dlls/2010/prod_020910b.html

[iv] “What is How many bytes for…? – Definition from Whatis.com,” http://searchstorage.techtarget.com/sDefinition/0,,sid5_gci944596,00.html

[v] “Triumfant Worldwide Malware Signature Counter Reaches 5 Million In Less Than One Year – DarkReading,” http://www.darkreading.com/vulnerability_management/security/antivirus/showArticle.jhtml?articleID=220600888

As a side note, Eagle was one of many participants conducting research into the report.

Hop over to the link below to review the report.

Project Grey Goose report on Critical Infrastructure: Attacks, Actors, and Emerging Threats

I have been intrigued ever since hearing the story of how prisoners in Sau Paulo, Brazil were using carrier pigeons to transport cell phones in and out of the prison. In July 2009, prison Guards at the Danilo Pinheiro prison near Sorocaba, Brazil intercepted an exhausted pigeon as it approached. The tired bird was carrying a backpack. Inside the backpack was a cellphone and a piece of paper with the name of the inmate who was waiting for the phone.  [1]

In yet another Brazilian prison, guards found two carrier pigeons inside the bag of a visitor. Carrier pigeons typically fly home.If you take them to another location, they will make their way back to their home base. The pigeons were likely to be used to send equipment or messages out of the prison.[2]

Other reported stories include:

• 2003-The Daily Times of Pakistan, quoting intelligence sources, said flocks of pigeons are being used by Afghan and Pakistani drug traffickers to carry heroin from Afghanistan to Pakistan, where the traffickers are mostly based. Interestingly, the Taliban have allegedly banned the ownership of pigeons.[3]

• 2006-MOSCOW. — Russian prosecutors say it appears criminals in the Astrakhan region are using carrier pigeons to deliver drugs to prison inmates.

• As early as the 1920’s, drug traffickers in the El Paso-Juarez area used flocks of pigeons, (and dogs), to easily transport drugs across the border.

• Reuters was set up in 1851 by Paul Julius Reuter, a German-born immigrant. He opened an office in the City of London which transmitted stock quotations between London and Paris via the new Calais-Dover cable. Two years earlier he had used pigeons to fly prices between Aachen and Brussels.[4]

• Birds were used throughout World Wars I and II to deliver messages to avoid the risk of radio intercepts.  The French even awarded the homing pigeon, named Cher Ami, a heroic service medal for its flying service during World War I.  (Last time I was in France, I ordered pigeon from the dinner menu just to try it…but I digress.)

The history of pigeons used for messaging goes way back.  Some say the earliest account was Noah’s use of a dove as a carrier pigeon.  Records show the Egyptians and the Persians used them more than 3000 years ago to send messages.  Pigeon racing, where pigeons race each other over long distances, is still a practiced “sport” today. [5]

So what are the characteristics of a carrier pigeon?  How far can they fly? And how much can they carry?

Typically a Rock Pigeon is used as a carrier, although other breeds can be used as well.  Pigeons have an innate ability to find their way home.  No one knows for sure how they navigate (electromagnetic, vision, sense of smell, or a combo of them all) but they are good at it.  Typically they will fly home.  So they are taken to another location and released, finding their way to their home perch.  Some reports indicate that pigeons can be trained to fly round trip, from home to a single destination, and then fly back to their home food source.   There are no reports of pigeons trained to find multiple locations. Distances of 500 miles in a day are typical for pigeon races.  Pigeons can travel up to 50 miles per hour (depending on wind and weather) and can make the approximate 10 hour trip before nightfall.  One of the longest racing records was 1,100 miles. But the average city pigeon flies only about 12 miles per day.  The average weight of a pigeon is 10-16 oz.  Pigeons are usually trained to carry 2.5 oz packages.  But the cell phones in the Brazilian prison photos weigh approximately 7 oz, perhaps partly explaining why the birds were exhausted.  Sometimes birds are used to run two round trip missions per day.  It seems that a roundtrip range of 100 miles could be done twice a day without too much trouble, depending again on weather and load.

So if one wanted to build a “pigeon network”,  what might one look like?  One could construct a hub and spoke network of pigeon nodes, using each pigeon for a specific linear route.   Need your message to fly North instead of West?  At the node, transfer the contents of the delivery between pigeons and send out another bird.  (Or send duplicates to mitigate against falcon attacks.) Or extend your linear range with hubs located along a particular route.  How do you know when your bird arrives?  In pigeon racing, one method used to trigger the clocks is to equip the bird with an RFID leg bracelet. When the bird arrives at its final destination, the bracelet is read by the RFID scanner and a message is sent to the owner, indicating the bird has landed.  In South Africa, an IT company wishing to poke fun at the slow speeds of the network, equipped a carrier pigeon with a 4GB memory stick and had it fly 60 miles to its destination. [6] The bird was reportedly faster than the local line carrying the same amount of data.  Is it possible to send encrypted memory devices on the backs of pigeons over long distances?  Sure is.  Fascinating isn’t it?   Low tech never really went away, it’s just not as sexy as say…Twitter.   But it still works.  And expect to see a lot more of it.

Bon Appetit

[1] “Nation & World | Prison guards intercept carrier pigeon with a cellphone | Seattle Times Newspaper,” http://seattletimes.nwsource.com/html/nationworld/2009417088_pigeonphone04.html [2] “YouTube – Carrier pigeons take drugs and phones into Brazilian jail,” http://www.youtube.com/watch?v=J-mDEtz9mRI [3] “NewsLibrary Search Results,” http://nl.newsbank.com/nl-search/we/Archives?p_product=WT&p_theme=wt&p_action=search&p_maxdocs=200&p_text_search-0=carrier%20AND%20pigeons&s_dispstring=carrier%20pigeons%20AND%20date(04/01/2003%20to%2005/01/2003)&p_field_date-0=YMD_date&p_params_date-0=date:B,E&p_text_date-0=04/01/2003%20to%2005/01/2003)&p_perpage=10&p_sort=YMD_date:D&xcal_useweights=no [4] May 5, 2007.  The Guardian. [5] “Racing Pigeon Digest,” http://www.racingpigeondigest.com/archives/articles/1 [6] “BBC NEWS | Africa | SA pigeon ‘faster than broadband’,” http://news.bbc.co.uk/2/hi/africa/8248056.stm

You can download this post as a PDF.

Links are below.

—————————————————————————————————————————————-

What if DARPA’s Red Balloons Were Dots That Needed Connecting?

Last Updated on Wednesday, 13 January 2010 05:53 Written by Jeffreycarr Sunday, 10 January 2010 11:04

“Our goal in entering this (DARPA) challenge is to understand how to mobilize the vast resources of the human network to face challenges and explore the opportunities that come with living in such a connected world.”

- Riley Crane, Post-doctorate Fellow, MIT Media Lab team

In sum, the U.S. government had the information — scattered throughout the system — to potentially uncover this plot and disrupt the attack.  Rather than a failure to collect or share intelligence, this was a failure to connect and understand the intelligence that we already had.

- Barack H. Obama, President, United States of America

I know that a lot of you feel the same way I do. You’re thinking how can I help fix this problem? And, let’s face it, it’s a pretty big friggin’ problem; not only in terms of what’s at stake but also in its longevity as a thorn in the side of intelligence analysts since…, well, forever. I’ve been thinking about this off and on ever since the President’s remarks and today, on my way home from seeing a movie with my wife, I thought about those red balloons and what might be possible if we leveraged Twitter to harness some of the best creative minds in the country to volunteer their particular skill set to help solve this problem on an as-needed basis.

Just from my work with Project Grey Goose, I’ve come to know lots of talented individuals in varying disciplines who I’m sure would be happy to join an on-call list to volunteer at least some of their work week if their specialty was needed. Perhaps their employers would even agree to pay them for the effort, similar to what Microsoft does for its annual Day of Caring.

I don’t think there’s a larger pool of intellectual talent anywhere in the world than in the United States. Let’s follow MIT’s lead and mobilize via the Social Web, organize it via a wiki, sketch out possibilities on a virtual white board, bring in talent as-needed, and come up with some solutions for the ODNI to apply. Let’s make it a permanent revolving resource so support is always available. And best of all, there are no budgetary issues, no bureaucratic obstacles, no BAAs that take two years to go from white paper to Phase II trials, etc. Just the work, and the best people in the country to do it – now, and for free.

Follow @greyballoons on Twitter to show your willingness to participate, and spread the word. If the idea catches on (let’s say a minimum of 1000 follows), then perhaps DNI Blair will give his endorsement and a new resource will become available to the hard-working individuals inside the IC that are tasked with the day-to-day challenge of meeting the President’s order to fix what has contributed to this intelligence failure.

Update: 11 Jan 2010 - As of 1026 Pacific time, over 50 exceptionally talented individuals have signed on via Twitter and e-mail. If you aren’t on Twitter but want to offer your services to the @greyballoons project, feel free to use email instead.

Update: 12 Jan 2010; 0400 Pacific: 101 participants and counting. 86 from Twitter and 15 via email. Thanks everybody. Please keep spreading the word.

Update: 13 Jan 2010; 0452 Pacific: 146 participants and counting. 103 from Twitter and 43 via email.