Brett's Blog

Just some ramblings.

The four corners of the Apple v FBI encryption debacle

The four corners of the Apple v FBI encryption debacle

If only the FBI had picked a case where the issue was clear cut…that would make this encryption issue so much easier.

  1. The FBI doesn’t want Apple to simply “unlock” the phone.

Apple (and just about every other high tech company) has been unlocking devices and allowing access to data for law enforcement for decades.  That’s not the issue here.  The FBI wants the encryption to be broken. They want software to be rewritten or written that compromises security features. That’s a lot different than just unlocking a device.  That request breaks security.  Worse yet, it sets a precedent.  Law enforcement knows about precedent setting laws. Sometimes it is good, but sometimes it is not.

  1. It’s not the end of the world if encryption is broken.

Our lights will still turn on. Cars will still run.  Kids will still be able to go to school.  However, online payment systems will be as protected as a wet paper bag, secure communications will be as secure as Windows 3.1, and anything you send electronically is fair game to hackers (and government).  But don’t worry. If encryption is banned or broken, there will still be those able to use encryption (hint: one is government and the other is not law-abiding citizens).

  1. “Terrorist will Go Dark” is the best marketing ever created by government. 

The only time terrorists are not operating in the dark is when they use social media in the open, print terrorism training manuals (which are then posted online), and killing people in the open.  Plus, they still have to drive, fly, walk, eat, sleep, talk, go to the doctor, read a book, watch TV, and surf the Internet.  Terrorist and criminals have all the faults of ‘regular’ folks like complacency, laziness, incompetence, and bad luck when they plan and commit terrorist acts.  I've published two books on catching criminals (and terrorists) with online and forensic investigations.  You can put both books in the hands of a terrorist and the methods to find and catch them will still work.  "Going dark"? If a criminal or terrorist can do all the things needed to carry out their devious plans in encrypted emails ONLY, their plans are going to stink.  Planning an attack or conspiring to commit a crime requires way more than sending encrypted emails.  Working undercover in criminal organizations did teach me a thing or two in how it really works and how they really think and plan.

  1. You have nothing to hide, so what’s the big deal?

The government claims that since you cannot build a house that is impenetrable, you should not have use of encryption that can’t be broken.  Well..if I could make my home impenetrable, you bet I would. If I could buy a safe that was unbreakable, I would.  They just don’t exist.  It’s not that I have anything illegal to hide in a safe, but I don’t want anyone to steal what I have.  It’s not that I have anything top secret in an email, but I just don’t want strangers reading what I am sending to a friend, or to a business colleague.  The point is NOT having something to hide, but rather, NOT hanging my underwear in the front yard on a clothesline for anyone to see or steal (that is, if they wanted to steal my undies…).

...
Continue reading
1377 Hits
0 Comments

Dude, just write the book.

Dude, just write the book.

I had a discussion with a peer of mine about writing a book, in that my peer has been thinking of writing a book but never gets around to doing it.  After about two years of listening to how he should write his book, my response was “Dude, stop talking about it and write the darn book.”

His book idea is a nonfiction technical book and is about **secret topic** (of course I’m not leaking the topic or title!).  He is an expert, or at least knows a heckuv a lot more about the topic than I do.  I would buy the book tomorrow.  I even said that if he had written this book when he first told me about it, we’d be talking about the next edition and I would have already bought the first edition.  "Dude, you’re two years and two editions behind now!”

Which brings me to my point. Years ago, I said the same thing.  “Hey, I think I could write a book.” I said it a few people and one of the guys told me, “Dude, just write the darn book.” And so I did.  Three times already. Started a fourth. Plans for a fifth.  All from one person telling me to stop talking about it and write the book.  I took the suggestion to heart because he had already published several books himself. Thanks HC.

Fair warning: It’s not easy.

If you can get a contract, you’ll have deadlines to meet, standards to keep up, and demands placed on you by the publisher. Worse yet, if you don’t have a contract and want to self-publish, you have to place those same demands on yourself.

...
Continue reading
783 Hits
0 Comments

Let's not go all Patriot Act on this Apple - FBI encryption thing.

Let's not go all  Patriot Act on this Apple - FBI encryption thing.

I’ve been involved in about a half dozen conversations, three different email threads, and twice as many emails with friends and clients about this Apple – FBI encryption issue.   It seems to be a divided opinion with no compromise, at least as far as I can see.

 

FBI's Fight With Apple Over Encryption May Erode European Trust in US - Newsweek

http://news.google.com Sat, 20 Feb 2016 19:24:00 GMT

...
Continue reading
1345 Hits
0 Comments

Apple. Oranges. And Encryption.

Apple. Oranges. And Encryption.

One of the hottest topics currently is the FBI vs Apple battle over encryption, in that the FBI wants Apple to rewrite their operating system in order for law enforcement to bypass Apple’s encryption.  The arguments on both sides are strong. Law enforcement must have the ability to bypass encryption in the name of national security.  Conversely, consumers (in the USA at least) are afforded protections in the Constitution against unreasonable search and seizure.  The third part of this argument is security and safety of ALL electronic data.  If the legal argument stands that encryption is outlawed, that puts all data at risk of being compromised by criminals, disgruntled employees, and lackadaisical custodians of data.

Apple Fights Order to Unlock San Bernardino Gunman's iPhone - New York Times

http://news.google.com Thu, 18 Feb 2016 02:59:37 GMT

New York TimesApple Fights Order to Unlock San Bernardino Gunman's iPhoneNew York TimesApple executives had hoped to resolve the impasse without having to rewrite their own encryption software. They were frustrated that the Justice Department had aired its demand in public, according to an industry executive with knowledge of the case ...Google's CEO just sided with Apple in the encryption debateThe VergeOn Apple, the FBI, encryption, and why you should be worriedVentureBeatApple, The FBI And iP ...

Read more ...

...
Continue reading
822 Hits
2 Comments

Books written by practitioners are many times better than those written by those who 'never done it'

Books written by practitioners are many times better than those written by those who 'never done it'

Many of Syngress published books I’ve read are those written by people simply writing about how they do their job…while they are doing their job.   They are probably not writing while they are physically doing their work, but you know what I mean.

With my first book, Placing the Suspect Behind the Keyboard, I was consulting on a criminal cyber harassment case, two arson cases, and several civil litigation projects. In three of the cases during writing the book, the main goal was identifying users behind the keyboard (in one case, behind a mobile device).  In addition to doing what I knew from my law enforcement detective days, I conferred with experts for tips and tricks on tracking Internet users.  I was writing the book while doing the work.

My current book, Hiding the Behind the Keyboard, was virtually the same, however, this time with a co-author (John Bair). While writing the book, there were multiple interruptions of having to do work in the real-world outside of typing and testing theories. While John was working homicides and examining mobile devices in those cases, I was consulting on employee matters where unidentified employees were creating havoc with their company by being anonymous online. It is one thing to create a perfect scenario to test a theory and quite another to have actual evidence on an active case.  Again, this was another book of authors writing what they do on a daily basis.

I write about this only because I remind myself regularly of college courses I have taken in digital forensics where the required books not only cost an arm and a leg, but were written by academia, not active practitioners.  I’ve even taken a computer forensics course from a community college where the professor had not done one forensic exam…not a single one.  The professor did not even know how to connect a hardware write-blocker to a hard drive. I kid you not.  

I’m not a Syngress employee, but I do like their books. The cost may seem high for some of the books, but it is still about half the price of a college text in the same subject matter.  But the biggest difference is how the books read. I so much prefer reading a book that simply says, “This is how you do it in the real world”. I do not prefer books that speak in terms of an idealized theory.  Reminds me of my Field Training Officers in patrol telling me to forget what I learned at the academy because they were going to teach me what works on the street, in real life.  The best thing I like about the Syngress books is that I can read what the experts are using day-to-day in their own words.

...
Continue reading
774 Hits
0 Comments

Bio-hacked humans and digital forensic issues...

Bio-hacked humans and digital forensic issues...

If you thought The Grudge was the scariest thing you’ve seen on screen, you must have not yet watched Showtime’s ‘The Dark Net’.  In short, the series show how humans are procreating less and merging digitally into technology with bio-hacks. That makes for a bad combination on a few different levels.

Without getting into non-techical issues (such as moral, ethical, or legal), I have a technical question: How the heck are we going to going to do a forensic analysis of a bio-hacked…human?

Before the human race ends up looking like robots, we are already in the era of implanting electronic data devices in our bodies.  Check out http://dangerousthings.com to find how you too can jab an injection device into your hand and shoot a RFID under your skin…all by doing it yourself. As for me, I don't think I'll be joining in that movement anytime soon.

RFID (http://en.wikipedia.org/wiki/Radio-frequency_identification) tags store data. Data such as medical, financial, personal, or any type of information can be stored on a RFID tag, although the amount is quite limited currently (2-10 kilobytes?).  That's not much data, but depending on the content, it may be more than enough to cause a war or bankrupt a company.

...
Continue reading
1287 Hits
1 Comment

Tech Talk Can Get You Lost in Lingo

Tech Talk Can Get You Lost in Lingo

    Every career and academic field has its own “lingo” to the extent that a conversation buried deep in lingo sounds like a foreign language. I have experienced military lingo, law enforcement lingo, and technical lingo in my life to the point that I practically dream in acronyms, speak with words not recognized by Webster’s Dictionary, and instantly recognize the glazed-over look when speaking to an non-native lingo listener.

                The reasons for individualized lingo range from the coolness factor such “oh dark thirty”  in order to express time as ‘really damn early’ to efficiency such as using “HMMWV” instead of saying “High Mobility Multi-purpose Wheeled Vehicle”.  Many acronyms are spoken as works when gives an added effect of the listener not having a clue of what you are talking about.  For example, “I’m going to pick up a hum-v” means “I’m going to pick up a high mobility multipurpose wheeled vehicle”. Even in law enforcement, the acronyms can irritate the most patient listener if they are not in the club.

b2ap3_thumbnail_hmmwv.JPG

                There are two situations where lingo can get you killed, or at least make you feel like you are getting killed. One is in court. The other in your writing.

                Getting killed in court by lingo as a witness is painful. In fact, I’ve seen witnesses get physically ill as if the roach coach burrito eaten at lunch has suddenly reached its final destination in all its glory. Getting beat up on the stand by an attorney or judge is so unpleasant, that time actually slows to a stop and you wonder why you even got up that morning. Using lingo on the stand can give you a bad case of ‘why did I say that?” when being cross examined.

                I talk about lingo today, because I recently experienced one of the best cases of using lingo in all the wrong ways in a federal district court.  I gave my testimony first as the defense expert in a class action lawsuit, and spoke as simply as I could to make sure the judge understood what I intended to say. Then the opposing expert was called. One of the attorneys asked her a question, she answered, but her answer was not only complicated, it was complex, full of lingo, and I even felt a sway of arrogance. I barely understood what she said and took notes to make sure I got correct what she said.

...
Continue reading
1839 Hits
1 Comment

What is this thing "privacy" you speak of?

What is this thing "privacy" you speak of?

 

I luckily missed being born into the Internet generation.  Facebook creeped me out with the amount of information demanded to create an account.  It took me all of 1 minute to create an account, 5 minutes to decide to delete it, and then two hours to figure out how. That was years ago and I still receive email reminders from Facebook to re-join with all my information still in the deleted  account, as if I never deleted it. If you ever wondered what Mark Zuckerberg thought of Facebook users, you may want to take a look...http://www.businessinsider.com/well-these-new-zuckerberg-ims-wont-help-facebooks-privacy-problems-2010-5 

Perhaps a decade of working undercover has made me ultra-paranoid on personal information. At the time of doing UC work, I had little concern of sitting in an illegal business, having dinner with an organized crime figure and having one of his goons run me through Google, because there was no Google when I first started. That changed before I left the narc world and an undercover friend of mine was identified with Internet searches (while he was in the midst of a group of bad guys). If I was still doing undercover work, I'd no longer be doing undercover work. Thanks Google...

I can imagine that being born into the Internet age means never knowing what privacy is, nor have any concern about it all. Kids are literally texting in grade school, Facebooking in middle school, and blogging by high school.  Every generation now willfully gives up every aspect of their lives on social media and to buy some gadget online.

So when I see that the majority of people could care less about their most intimate and private details of their lives, it gives me pause. If you don’t think your Internet searches and web browsing is intimate, take a look at your web history and tell me that you don’t have some secrets in what you look at that you wouldn’t want anyone else to know about you. Health, wealth, and interests. How much more intimate can you get?

...
Continue reading
1123 Hits
0 Comments

The best part of writing a book is finishing the book.

The best part of writing a book is finishing the book.

I choose the title of my latest book (Hiding Behind the Keyboard) to be provocative, although the book may not completely be what you would expect if you think that it is a manual to hide yourself on the Internet. Being from Syngress, this is technically a technical book in that it discusses how to uncover covert communications using forensic analysis and traditional investigative methods.

The targeted audience is those charged with finding the secret (and sometimes encrypted) communications of criminals and terrorists.  Whether the communications are conducted through e-mail, chat, forums, or electronic dead drops, there are methods to find the communications to identify and prevent crimes.

For the investigators, before you get uptight that the book gives away secrets, keep in mind that no matter how many “secrets” are known by criminals or terrorists, you can still catch them using the same methods regardless of how much effort criminals put into not getting caught.

As one example, one of the cases I had years ago as a narcotic detective was an anonymous complaint of a large, indoor marijuana grow operation.  Two plainclothes detectives and I knocked on the door and politely asked for consent to search the home for a marijuana grow.  I told the owner that he didn’t have to give consent, or let us in, and could refuse consent at any time.  He gave consent and we found hundreds of marijuana plants growing in the house.  The point of this story was that on a table near the front door, was a book on how to grow marijuana that was opened to the page that said “when the cops come to your door for consent, say NO!”.  He had the book that advised not to do what he did anyway.

The point being, even when knowing how to commit crimes, criminals are still caught and terrorist plots are still stopped. The more important aspect is that investigators need to know as much as they can and this requires training, education, and books like Placing the Suspect Behind the Keyboard and Hiding Behind the Keyboard.

...
Continue reading
1146 Hits
0 Comments

RegRipper

RegRipper

The short story-if you want RegRipper, get it from GitHub (don't download it from anywhere else)

http://github.com/keydet89

 

What is RegRipper?

RegRipper was created and maintained by Harlan Carvey.  RegRipper, written in Perl, is the fastest, easiest, and best tool for registry analysis in forensics examinations.  RegRipper has been downloaded over 5000 times and used by examiners everywhere.

...
Continue reading
10273 Hits
3 Comments