(sarcasm is my optiate)

From the Telegraph:

Fears are growing that the compulsory ID card scheme may be used to carry out surveillance on people and that a new children’s database may be used to identify likely future criminals.

The Home Affairs Select Committee is calling on ministers to introduce new safeguards to minimise the amount of information collected and stored on Britain’s citizens following a series of data scandals.

Last week it emerged that councils are now using covert surveillance hundreds of times every month to investigate petty offences - such as putting out domestic waste incorrectly and dog fouling - and to check applications for popular schools.

In danger of becoming a surveillance society? Um, don’t look now….

Article Link

The experts at the FBI's newly accredited Regional Computer Forensics Lab in San Diego have already helped solve murders, child porn cases and robberies. They're among the best in the nation at pulling evidence from hard drives, cellphones and memory cards.

There are now 14 such labs in the United States, with two more coming online this year. Last year, the FBI labs collectively performed more than 13,000 forensics examinations. The San Diego lab alone handled more than 1,000 requests from 40 law enforcement agencies in 2007, including 171 child pornography cases and 160 murder investigations.

Wired.com got a rare look at the inner workings of the San Diego lab this week, and we snapped some photos of the toys inside.

Left: Darrell Foxworth greets members of the media in the entrance of the San Diego Regional Computer Forensic Laboratory.

Jeff Cable, assistant director of RCFL, opens the door in to the lab to start the tour. Cable notes that it is very rare that they ever allow anyone but FBI agents through this door.

This device copies the data off the hard drives and makes sure it can't be overwritten.

FBI agent Dan Dandridge plugs a hard drive into a "lunch box," which clones the data off the drive as the first step of a noninvasive examination.

Cellphones can be a treasure-trove of forensic evidence. In one case, a man was robbing a store when his cellphone rang. Captured by a security camera, and studied by the lab, the robber's unique ringtone eventually led to his conviction.

This set of equipment is the AVID video processing system at the San Diego Regional Computer Forensics Laboratory.

Forensic examiner Tim Hamon shows off the inside of the RCFL mobile unit.

Lacking in subtlety, the rolling lab is not used in covert surveillance missions.

Enjoy.]]> Mon, 19 May 2008 02:36:31 +0000 nemesis nemesis-ip nemesis-rip nemesis-igmp nemesis-icmp nemesis-arp nemesis-tcp ettercap plugins ettercap BackTrack Beta 3 Man Pages http://securityratty.com/article/40186d92f5cac8291c8e4722ba6916a4 http://securityratty.com/article/40186d92f5cac8291c8e4722ba6916a4 aircrack-ng, airdecap-ng, airdriver-ng, aireplay-ng, airmon-ng, airodump-ng, airolib-ng, airpwn, airsev-ng, airsnort, airtun-ng, amap, ascii-xfr, atftp, bison, bsqldb, buddy-ng, cabextract, catdoc, catppt, datacopy, dcfldd, decrypt, defncopy, dhcpdump, dmitry, dos2unix, dupemap, easside-ng, etherape, flex, foremost, freebcp, gencases, getattach.pl, hexedit, httpcapture, ike-scan, ivstools, kstats, mac2unix, macchanger, magicrescue, magicsort, makeivs-ng, mboxgrep, minicom, nemesis-arp, nemesis-dns, nemesis-ethernet, nemesis-icmp, nemesis-igmp, nemesis-ip, nemesis-ospf, nemesis-rip, nemesis-tcp, nemesis-udp, nemesis, netcat, nmap, nmapfe, obexftp, obexftpd, p0f, packetforge-ng, psk-crack, rain, runscript, scrollkeeper-config, scrollkeeper-gen-seriesid, sipsak, socat, tcptraceroute, truecrypt, tsql, unicornscan, vomit, wesside-ng, wordview, xls2csv, xminicom, xnmap, gdbm, etter.conf, scrollkeeper.conf, sudoers, scrollkeeper,  80211debug, 80211stats, arpspoof, atftpd, athchans, athctrl, athdebug, athkey, athstats, ath_info, dnsspoof, dnstracer, dsniff, ettercap, ettercap_curses, ettercap_plugins, etterfilter, etterlog, filesnarf, fping, fragroute, fragtest, hping2, hping3, in.tftpd, macof, mailsnarf, msgsnarf, netdiscover, packit, scrollkeeper-preinstall, scrollkeeper-rebuilddb, scrollkeeper-update, sing, sshmitm, sshow, sudo, sudoedit, tcpick, tcpick_italian, tcpkill, tcpnice, tinyproxy, urlsnarf, visudo, webmitm, webspy, wlanconfig

Enjoy.

The Federal Constitutional Court in Karlsruhe said cyber spying violated individuals' right to privacy and could be used only in exceptional cases.

More info:

Germany's Federal Constitutional Court has rejected provisions adopted by the State of North Rhine-Westphalia that allowed investigators to covertly search PCs online. In its ruling, the court creates a new right to confidentiality and integrity of personal data stored on IT systems; the ruling expands the current protection provided by the country's constitutional rights for telecommunications privacy and the personal right to control private information under the German constitution.

In line with an earlier ruling on censuses, the judges found that the modern digital world requires a new right, but not one which is absolute ­ exceptions can be made if there is just cause. The judges did not feel that the blanket covert online searches that North Rhine-Westphalia's (NRW) provisions allowed fell under that category; rather, these searches were found to be a severe violation of privacy.

The court explained that strict legal provisions apply for covert online searches of PCs, as with exceptional cases of telephone tapping or other exceptions to the right to privacy. Specifically, the judges say that private PCs can only be covertly searched "if there is evidence that an important overriding right would otherwise be violated."

More articles. Commentary. And here's the ruling -- in German, of course.

"Like most major corporations, it is our corporate responsibility to have systems in place, including software systems, to monitor threats to our network, intellectual property and our people," Wal-Mart spokeswoman Sarah Clark said in a statement in April. Following the Gabbard firing, Wal-Mart said it conducted a review of its monitoring activities. "There have been changes in leadership, and we have strengthened our practices and protocols in this area," Clark said.

[...]

At a gathering of security specialists in New York City in January of 2006, David Harrison, the former Army military intelligence officer who was hired by Senser to head Wal-Mart's analytical security research center, provided a rare glimpse into the company's monitoring operations. Harrison told the gathering Wal-Mart faces a wide range of threats: "A bombing in China, an armed robbery in Brazil, an armed robbery in Las Vegas, another bomb threat, and that was just yesterday," Harrison said.

To safeguard its employees and operations Wal-Mart has tapped its massive data warehouse of information, now believed to be larger than 4 petabytes (4,000 terabytes), to look for potential threats. It tracks customers who buy propane tanks, for example, or anyone who has fraudulently cashed a check, or anyone making bulk purchases of pre-paid cell phones, which could be tied to criminal activities. "If you try to buy more than three cell phones at one time, it will be tracked," he reportedly told the audience.

[...]

Gabbard, the Wal-Mart employee fired for recording reporters' phone calls, said in his interview with The Wall Street Journal that Wal-Mart uses software from Raytheon Oakley Networks to monitor activity on its network. The Oakley product was originally developed for the U.S. Department of Defense.

The Oakley software is so sophisticated it can allow administrators to visually see what types of information are moving across the network, from Excel spreadsheets to job searches on Monster.com, or photos with flesh tones that might indicate a user is viewing pornography.

And this article talks about ex-CIA agents working for corporations:

The best estimate is that several hundred former intelligence agents now work in corporate espionage, including some who left the C.I.A. during the agency turmoil that followed 9/11. They quickly joined private-investigation firms whose U.S. corporate clients were planning to expand into Russia, China, and other countries with opaque business practices and few public records, and who needed the skinny on international partners or rivals.

These ex-spies apply a higher level of expertise, honed by government service, to the cruder tactics already practiced by private investigators. One such ploy is pretexting -- obtaining information by pretending to be somebody else. While private detectives have long posed as freelance reporters or job recruiters to get people to talk, former agents have elevated pretexting to an art.

[...]

Similarly, ex-agents have helped popularize the use of G.P.S.-based monitoring devices and long-range cameras for following people around. One corporate-espionage technique comes straight from the C.I.A. playbook. In the constant search for the slightest edge, some hedge funds and investment companies have turned to a handful of private-investigation firms for a tactic that seems to fall between science and voodoo. Called tactical behavior assessment, it relies on dozens of verbal and nonverbal cues to determine whether someone is lying. Signs of potential deception include meandering off topic rather than sticking to the facts and excessive personal grooming, such as nervously picking lint off a jacket. This method was developed by former lie-detector experts from the C.I.A.'s Office of Security, which administers polygraph tests to keep agents honest and verify the stories of would-be defectors.

[...]

Most of the ex-agents' activities, from surveillance to lie detection, are perfectly legal. In the wake of the 2006 Hewlett-Packard scandal, detectives used pretexting to obtain the private telephone records of company directors, employees, and journalists. In an effort to track leaks to the media, federal law was tightened to prohibit using fraudulent means to obtain telephone records. Financial records were already off-limits. But federal law doesn't forbid assuming a false identity to get other information -- an area that ex-spies exploit.

Still, a few techniques favored by the spies-for-hire do appear to violate privacy statutes. One of these involves using "data haunts," extreme methods of electronic monitoring such as tracking cell-phone calls and gathering emails by relying on secretly installed software to record computer keystrokes. An ex-C.I.A. agent described a group of his former colleagues who set up shop offshore so that they could tap into telephone calls -- a practice prohibited by federal law -- outside U.S. jurisdiction. "They call themselves the bad boys in the Bahamas," he said.

Even some of the legal methods are controversial within the industry. Certain old-school firms won't stoop to dumpster diving or stealing garbage -- which is usually legal as long as the trash is on a curb or other public property --" because they consider it unethical. They say that the prevalence of former intelligence agents in the field and the rise of unscrupulous tactics have tarnished a business that often struggles with its reputation. One longtime investigator complained that he recently lost business to some ex-C.I.A. officers who promised a potential client that they could obtain the phone and bank records of a target -- something that is illegal in most cases.

[...]

Current and former employees said Diligence's ex-spies also held classes in using false identities to obtain confidential information. Ex-employees said it wasn't unusual for an investigator to have five or six cell phones, each representing a different identity, on his or her desk. And while ex-C.I.A. and former MI5 agents were old hands at such deception, the new initiates sometimes got confused and answered a phone with the wrong name.

All interesting. It seems that corporate espionage has gone mainstream, and the debate is more about how and when.

On a related note, this paragraph disturbed me:

On occasion, Diligence investigators were dispatched to collect garbage from a target's home or office. In some cases, two former employees said, Diligence hired off-duty or retired police officers to take trash so that they could wave their badges and fend off any awkward questions.

It's public authority being used for private interests. We see it a lot -- off-duty police officers guarding private businesses, for example -- and it erodes public trust of authority. In the case above, I'm not even sure it's legal.