Resources

Keep Your IoT Devices on a Separate Network, FBI Says

The FBI says owners of IoT (Internet of Things) devices should isolate this equipment on a separate WiFi network, different from the one they’re using for their primary devices, such as laptops, desktops, or smartphones. “Your fridge and your laptop should not be on the same network,” the FBI’s Portland office said in a weekly tech advice column. “Keep your most private, sensitive data on a separate system from your other IoT devices,” it added. The same advice — to keep devices on a separate WiFi network or LAN — has been shared in the past by multiple IT and security experts. The reasoning behind it is simple. By keeping all the IoT equipment on a separate network, any compromise of a “smart” device will not grant an attacker a direct route to a user’s primary devices — where most of their data is stored. Jumping across the two networks would require considerable effort from the attacker. However, placing primary devices and IoT devices on separate networks might not sound that easy for non-technical users. The simplest way is to use two routers.

626

Now Even the FBI is Warning About Your Smart TV’s Security

Smart TVs are like regular television sets but with an internet connection. With the advent and growth of Netflix, Hulu and other streaming services, most saw internet-connected televisions as a cord-cutter’s dream. But like anything that connects to the internet, it opens up smart TVs to security vulnerabilities and hackers. Not only that, many smart TVs come with a camera and a microphone. But as is the case with most other internet-connected devices, manufacturers often don’t put security as a priority. That’s the key takeaway from the FBI’s Portland field office, which just ahead of some of the biggest shopping days of the year posted a warning on its website about the risks that smart TVs pose. “Beyond the risk that your TV manufacturer and app developers may be listening and watching you, that television can also be a gateway for hackers to come into your home. A bad cyber actor may not be able to access your locked-down computer directly, but it is possible that your unsecured TV can give him or her an easy way in the backdoor through your router,” wrote the FBI. The FBI warned that hackers can take control of your unsecured smart TV and in worst cases, take control of the camera and microphone to watch and listen in.

621

FBI’s Use of Surveillance Database Violated Americans’ Privacy Rights: Court

Some of the Federal Bureau of Investigation’s electronic surveillance activities violated the constitutional privacy rights of Americans swept up in a controversial foreign intelligence program (Warning: source paywalled; alternative source), a secretive surveillance court has ruled. The ruling deals a rare rebuke to U.S. spying activities that have generally withstood legal challenge or review. The intelligence community disclosed Tuesday that the Foreign Intelligence Surveillance Court last year found that the FBI’s pursuit of data about Americans ensnared in a warrantless internet-surveillance program intended to target foreign suspects may have violated the law authorizing the program, as well as the Constitution’s Fourth Amendment protections against unreasonable searches.

The court concluded that the FBI had been improperly searching a database of raw intelligence for information on Americans — raising concerns about oversight of the program, which as a spy program operates in near total secrecy. The court ruling identifies tens of thousands of improper searches of raw intelligence databases by the bureau in 2017 and 2018 that it deemed improper in part because they involved data related to tens of thousands of emails or telephone numbers — in one case, suggesting that the FBI was using the intelligence information to vet its personnel and cooperating sources. Federal law requires that the database only be searched by the FBI as part of seeking evidence of a crime or for foreign intelligence information. In other cases, the court ruling reveals improper use of the database by individuals. In one case, an FBI contractor ran a query of an intelligence database — searching information on himself, other FBI personnel and his relatives, the court revealed.

650

FBI seeks to monitor Facebook, oversee mass social media data collection

The FBI is planning to aggressively harvest information from Facebook and Twitter, a move which is likely to cause a clash between the agency and social media platforms.

As reported by the Wall Street Journal, the FBI has recently sought proposals from third-party vendors for technological solutions able to harvest publicly-available information in bulk from Facebook, Twitter, and other social media outlets.

Law enforcement has requested the means to “obtain the full social media profile of persons-of-interest and their affiliation to any organization or groups,” to keep track of users based on their neighborhood, and keyword searches, among other tool functions.

While the FBI believes that such tools can work in harmony with privacy safeguards and civil liberties, the mass collection of names, photos, and IDs — when combined with information from other sources — may do just the opposite.

Back in July, for example, there was a public outcry after it was discovered that the FBI and Immigration and Customs Enforcement (ICE) were plundering databases belonging to the DMV for surveillance and investigative purposes.

633
Stare Into The Lights My Pretties

FOI request garners 18hrs of drone spy footage from FBI of Black Lives Matter protests

In a very COINTELPRO-esque context, the ACLU has received more than 18 hours of video from surveillance cameras installed on FBI aircraft that flew over Baltimore in the days after the death of Freddie Gray in police custody in 2015. The footage offers a rare insight into the workings of a government surveillance operation targeting protests.

“The cache is likely the most comprehensive collection of aerial surveillance footage ever released by a US law enforcement agency… The footage shows the crowds of protesters captured in a combination of visible light and infrared spectrum video taken by the planes’ wing-mounted FLIR Talon cameras. While individual faces are not clearly visible in the videos, it’s frighteningly easy to imagine how cameras with a slightly improved zoom resolution and face recognition technology could be used to identify protesters in the future. ”

The collection of aerial surveillance footage of Baltimore protests from April 29, 2015 to May 3, 2015, from FBI archives is available on their website, or better yet, the Internet Archive.

“Records from the Federal Aviation Administration showed that the FBI’s aircraft, which were registered to front companies to conceal their ownership, carried sophisticated camera systems on board, complete with night-vision capabilities.”

The FBI says they’re only using the planes to track specific suspects in “serious crime investigations,” and that “the FBI flew their spy planes more than 3,500 times in the last six months of 2015, according to an analysis of data collected by the aircraft-tracking site FlightRadar24.”

“The FBI has been criticized in the recent past for its actions regarding domestic advocacy groups. A 2010 report by the Department of Justice Inspector General found the FBI opened investigations connected to organizations such as Greenpeace and the Catholic Worker movement that classified possible “trespassing or vandalism” as domestic terrorism cases. The report also found the FBI’s National Press Office “made false and misleading statements” when questioned by the media about documents obtained by public records requests.”

1361

Catalogue of US Government Surveillance Devices

The Intercept has obtained a secret, internal U.S. government catalogue of dozens of cellphone surveillance devices used by the military and by intelligence agencies. The document, thick with previously undisclosed information, also offers rare insight into the spying capabilities of federal law enforcement and local police inside the United States.

The catalogue includes details on the Stingray, a well-known brand of surveillance gear, as well as Boeing “dirt boxes” and dozens of more obscure devices that can be mounted on vehicles, drones, and piloted aircraft. Some are designed to be used at static locations, while others can be discreetly carried by an individual. They have names like Cyberhawk, Yellowstone, Blackfin, Maximus, Cyclone, and Spartacus. Within the catalogue, the NSA is listed as the vendor of one device, while another was developed for use by the CIA, and another was developed for a special forces requirement. Nearly a third of the entries focus on equipment that seems to have never been described in public before.

Slides of the catalogue available here, while a stylised version is available here.

837

FBI surveilled cars sporting pro-peace bumper stickers, targeting activists

“Tomorrow marks the 35th anniversary of Food Not Bombs—the name given to autonomous groups and independent collectives that serve free vegan and vegetarian food in opposition of poverty and hunger, and also in protest of economic disparity and rapacious militarism. But, “despite seemingly the non-controversial nature of the activist group’s titular three-word mission statement, FBI files released earlier this week show that serving up home-cooked vegan moussaka is apparently enough to warrant suspicions of terrorism.

The files, which begin in the early naughts, appear to be focused on one particular FNB chapter based out of Virginia Commonwealth University in Richmond, Virginia. The bulk of the records concern the organization’s rather obvious opposition to the Iraq war.

In fact, the release included a CD comprised of extensive surveillance footage from an anti-war protest in Richmond on July 3rd, 2003.”

864

Surveillance drones routinely circle over most major cities in United States

785