FBI hack to remain secret from Apple

The FBI has no plans to reveal how they hacked the San Bernardino shooter’s iPhone, not even to Apple.

In March, the FBI announced that they would be dropping their case with Apple after having purchased a hacking tool from a third party to aid in breaking into the phone. Apple had cooperated with the FBI, but would not create new firmware to break their own encryption. The high profile nature of this case brought the debate about privacy and security to the national stage. Although there was a judge assigned to rule on the case, the FBI’s purchasing of a hacking tool put the need for a ruling to bed.

Since then, the FBI has been mum on how this hacking tool was able to be successful and how it works. Prior to purchasing the tool, the FBI insisted that it needed Apple to update the firmware in order for them to do a hack on the shooter’s iPhone. The security on iPhone only allows 10 consecutive attempts to break the passcode before all data is erased on the phone.

Apple has a vested interest in understanding the hack, because the tech company would want to patch any vulnerabilities that allowed the FBI to use this tool to access the iPhone.  Hacking into this iPhone will make all iPhones vulnerable to the same sort of attack, which ultimately puts many iPhones around the world at risk.

An Apple attorney has stated that the company has no plans to sue the government to reveal how the San Bernardino iPhone was unlocked.

The government already has policies in place, called theVulnerabilities Equities Process, which governs disclosure of security problems to companies. This policy is notoriously shrouded in secrecy, but the government is generally supportive of vulnerability disclosure in order to ensure that vulnerabilities are not exploited by malicious hackers.

The FBI has found success with this tool, but it doesn’t mean that they are in a place to support vulnerability disclosure. The agency has already made plans to argue that it does not know enough about the hacking tool that it purchased to substantively explain how it works. FBI director James Comey has revealed that his agency spent more than $1 million to obtain the tool.

Article via TechCrunch, 26 April 2016

Photo El FBI no necesita a Apple para desbloquear un iPhone by iphonedigital [Creative Commons Attribution-NonCommercial-NoDerivs]

 


ESPN fires Schilling over transgender comments

ESPN fired Curt Schilling, a major league baseball analyst, over expressing offensive comments regarding transgender people.

“ESPN is an inclusive company,” the network said in a statement emailed to The Washington Post. “Curt Schilling has been advised that his conduct was unacceptable and his employment with ESPN has been terminated.”

Schilling’s conduct has been called into question before by ESPN for offensive or political statements that the analyst has made. But, it was his social media post on Tuesday that was the last straw for the network. Schilling posted a meme that depicted a man wearing a wig and ripped clothing. His comments accompanying the post read, “A man is a man no matter what they call themselves,” referring to the recent bathroom laws that have been passed in several states. “I don’t care what they are, who they sleep with, men’s room was designed for the penis, women’s not so much. Now you need laws telling us differently? Pathetic.”

After receiving backlash from readers, Schilling went on to say, “You frauds out there ranting and screaming about my ‘opinions’ (even if it isn’t) and comments are screaming for ‘tolerance’ and ‘acceptance’ while you refuse to do and be either.”

Schilling is known for his outspoken comments, so this isn’t the first time that he has garnered controversy over social media. Just last month Schilling was in hot water after telling a radio station that Hillary Clinton“should be buried under a jail somewhere,” violating ESPN policy about sharing political opinions on the election.  He was suspended by ESPN in August, for making comments that compared Muslims to Nazis. This suspension was eventually extended for the rest of the baseball season.

It appears that Schilling expected that his days were numbered with ESPN. Shortly after his suspension during the baseball season, a filing with the Federal Election Commission showed that Schilling, while donating $250 to Ben Carson’s presidential campaign, had listed his employer as “ESPN (Not Sure How Much Longer)” and, under “Occupation,” he wrote, “Analyst (For Now Anyway).”

Article via The Washington Post, 20 April 2016

Photo 150730-D-FW736-016 by DoD News Features [Creative Commons Attribution-NonCommercial-NoDerivs]


Obama bans slave products

Last Wednesday President Obama officially placed a ban on goods imported into the United States that are produced by slave labor. He signed a bill that includes a provision that bans imports of fish caught by slaves in Southeast Asia, gold mined by children in Africa and garments sewn by abused women in Bangladesh. This closes a loophole in an 85 year old tariff law that failed to keep slave produced products out of the U.S.

As long as domestic production couldn’t meet demand, the government has turned a blind eye to companies exporting these goods. The bill may be a game changer for U.S. Customs and Border Protection and U.S. Immigration and Customs Enforcement, the agencies responsible for preventing goods derived from slavery from entering the country. Last year, an exposé by the Associated Press found Thai companies were shipping seafood into the U.S. that was caught by enslaved workers. As a result of the reports, more than a dozen alleged traffickers were arrested, millions of dollars worth of seafood and vessels seized, and more than 2,000 trapped fishermen have been rescued.

“The old system that leaves the door open to child or slave labor if it’s used to make a product that isn’t made here in the U.S. — that system absolutely must end, and it will,” U.S. Senator Ron Wyden, an Oregon Democrat who spoke against the loophole on the Senate floor, said in a statement.

The legal gap has been in place for so long that politicians who pushed for the change aren’t exactly sure how it will affect businesses cited by human rights groups or the agencies responsible for blocking goods derived from slavery.

“Ending this provision gives those fighting forced labor the confidence they can challenge imports of these products without fear of being undermined by an archaic and outrageous provision of U.S. trade law,”  Keith Chu, a senator who voted for the bill,  said in an e-mail.

Sen. Sherrod Brown, D-Ohio said Wednesday that his office is already asking U.S. Customs and Border Protection to ensure they begin enforcing the new rules when the law takes effect in 15 days. “It’s embarrassing that for 85 years, the United States let products made with forced labor into this country, and closing this loophole gives the U.S. an important tool to fight global slavery”.

 

Article via Mashable, 25 February 2016; Mashable,12 February 2016

Photo: White House Maker Faire (201406180003HQ) by NASA HQ PHOTO  [Creative Commons Attribution-NonCommercial-NoDerivs]


Facebook exec arrested in WhatsApp case

Facebook is becoming the next tech giant to spar with law enforcement over privacy concerns.

Diego Dzodan, a Facebook executive, was arrested by Brazilian federal police on Tuesday for “repeated non-compliance with court orders”, according to a statement released by police. Brazilian police want information from a WhatsApp account that is linked to a drug trafficking investigation. WhatsApp is a messaging service that is used monthly by more than 1.5 billion people worldwide. Dzodan was taken into what the Brazilian police call preventative prison and could be held for a week or more.

Facebook wants to ensure that it maintains the privacy of its users from government intervention. In WhatsApp’s case, the company may not be able to help Brazilian authorities because it does not store users’ messages. In addition, WhatsApp is undergoing increased end to end encryption, which will make it even harder for the company to turn over user data. WhatsApp said in a statement that it disagreed with the Brazilian authorities on the case. “We are disappointed that law enforcement took this extreme step,” the messaging business said. “WhatsApp cannot provide information we do not have.”

Facebook, which bought WhatsApp in 2014 for $19 billion in 2014, condemned the Brazilian government’s move releasing this statement:

“We’re disappointed with the extreme and disproportionate measure of having a Facebook executive escorted to a police station in connection with a case involving WhatsApp, which operates separately from Facebook,” a spokesman said. “Facebook has always been and will be available to address any questions Brazilian authorities may have.”

This isn’t the first time Brazil has gone head to head with WhatsApp. In December, a judge ordered the shutdown of WhatsApp for the country for two days after not complying with a criminal investigation, but the ruling was overturned the next day.

 

Article via CNET, 1 March 2016; The New York Times, 2 March 2016

Photo: WhatsApp / iOS by Álvaro Ibáñez [Creative Commons Attribution-NonCommercial-NoDerivs]


Uber defends driver screening

Uber is back in the news for yet another controversy concerning their drivers. The tech company recently settled a suit with customers who accused the company of less rigorous background checks than was advertised. Now their driver screening process is being scrutinized again as Jason Dalton, an Uber driver,  confessed to a Saturday shooting spree in Kalamazoo, Michigan while picking up customers.

Uber Chief Security Officer Joe Sullivan said that Mr. Dalton had no prior criminal background and no red flags that appeared during his background check that would have cause the company to be concerned. “No background check process would have flagged and anticipated this situation,” Sullivan said.

Until Saturday there were no complaints with Jason Dalton’s driving record with Uber. He had given more than 100 rides since starting with Uber at the end of January and had a rating of 4.73 out of 5. The only indications that he may be dangerous didn’t come until last Saturday, when several riders including one passenger complained of erratic driving. According to the Michigan police, Dalton then started a shooting rampage at 6pm where he wounded 9 people, killing 6. Michigan police state that Dalton started at 6pm by shooting a woman multiple times in a parking lot, and then drove around for hours randomly gunning down innocent bystanders. There have been no connections made between the driver and his victims.

One reason for the emphasis on Uber’s driver screenings is because they have missed criminals before, and they were able to use their job with the service to offend again. Houston is one of the few cities the requires Uber drivers to pass a FBI fingerprint check after an ex-con Uber driver allegedly raped one of his passengers. The city did not believe that Uber’s driver screenings and background checks were thorough enough, since the driver was able to pass Uber’s checks, although he had served 14 years in prison. Prosecutors in California have also questioned Uber’s driver screenings after a driver was found to have been convicted of murder, but Uber’s background check failed to reveal the criminal history.

Critics say that Uber would catch more of these criminals if they ran fingerprints in their background checks. The company currently runs the names of potential drivers through seven years of county and federal courthouse records, a multi-state criminal database, national sex offender registry, Social Security trace and motor vehicle records. Uber rejects anyone with a history of violent crimes, sexual offenses, gun-related violations or resisting arrest. But in light of the recent events, Uber seems to be leaning toward introducing fingerprint identification as part of their process.

Article via CNet, 22 February 2016

Photo via Newsday.com


Apple refuses to hack into terrorist iPhone

Apple is being criticized by a British solider’s family for refusing to hack into an iPhone linked to December’s terrorist attack in San Bernardino, California.

Apple Chief Executive Tim Cook spoke out against the court order on Wednesday, calling the demand “chilling” and saying that compliance would be a major setback for online privacy. Many digital rights groups agree.  The federal government’s attempts to capture data from tech companies has been met with apprehension and fear. Just a few months ago, several tech companies started standing up to government data requests. But not everyone agrees with Apple’s stance on this issue.

Major tech companies like Facebook, Google, and Apple all want to protect their customers’ data by securing it at the highest levels. But, federal governments like the US and the UK want these companies to find ways to hack into customer hardware and accounts, arguing that privacy should not come at the expense of national security. This ongoing battle over encryption puts tech giants on one side, and law enforcement and intelligence on the other.

Fusilier Lee Rigby was off duty and walking down the street near his barracks in Woolwich, England, in May 2013 when he was the victim of a brutal attack by two men who told witnesses they were avenging the killing of Muslims by British soldiers.  Ray McClure, Rigby’s uncle, believes that Apple is doing nothing more than “protecting a murderer’s privacy at the cost of public safety.”

“Valuable evidence is on that smartphone and Apple is denying the FBI access to that information,” McClure said, arguing that a warrant to search a smartphone should be no different than a warrant used to search a property.

In the court order handed to Apple, the company was told it must assist the FBI in unlocking the iPhone linked to San Bernardino gunman Syed Rizwan Farook. In addition to unlocking the phone, The FBI wants Apple to build a new version of its iOS mobile software that would be able to bypass the iPhone’s security so that the agency could hack any device remotely. In an open letter published on Apple’s website, Tim Cook stated that Apple has been working with the FBI, providing data and advice on how to move forward. But the creation of software that would allow the FBI to bypass Apple’s security simply doesn’t exist. “The US government has asked us for something we simply do not have, and something we consider too dangerous to create,” said Apple CEO Time Cook.

Article via Cnet, 18 February 2016

Photo: Apple CEO Tim Cook by Mike Deerkoski [Creative Commons Attribution-NonCommercial-NoDerivs]