Month: December 2015

FBI Using Top Secret Hacking Weapons

 

A forensic artist with the FBI demonstrates how she does a 3D laser scan of a skull on a computer in Quantico, VA on Wednesday June 20, 2012. Jabin Botsford—The Washington Post The Washington Post via Getty Images
 

A top agency official acknowledged that it uses secret software vulnerabilities in investigations.

The Federal Bureau of Investigation recently made an unprecedented admission: It uses undisclosed software vulnerabilities when hacking suspects’ computers.

Amy Hess, head of the FBI’s science and technology arm, recently went on the record about the practice with the Washington Post. “Hess acknowledged that the bureau uses zero-days,” the Post reported on Tuesday, using industry-speak for generally unknown computer bugs. The name derives from the way such flaws blind side security pros. By the time attackers have begun taking advantage of these coding flubs, software engineers are left with zero days to fix them.

A forensic artist with the FBI demonstrates how she does a 3D laser scan of a skull on a computer in Quantico, VA on Wednesday June 20, 2012.

A top agency official acknowledged that it uses secret software vulnerabilities in investigations.
The Federal Bureau of Investigation recently made an unprecedented admission: It uses undisclosed software vulnerabilities when hacking suspects’ computers.

Amy Hess, head of the FBI’s science and technology arm, recently went on the record about the practice with the Washington Post. “Hess acknowledged that the bureau uses zero-days,” the Post reported on Tuesday, using industry-speak for generally unknown computer bugs. The name derives from the way such flaws blind side security pros. By the time attackers have begun taking advantage of these coding flubs, software engineers are left with zero days to fix them.

Never before has an FBI official conceded the point, the Post notes. That’s noteworthy. Although the news itself is not exactly a shocker. 

It is well known among cybersecurity and privacy circles that the agency has had a zero day policy in place since 2010, thanks to documents obtained by the American Civil Liberties Union and published earlier this year on Wired. And working groups had been assembled at least two years earlier to begin mapping out that policy, as a document obtained by the Electronic Frontier Foundation privacy organization and also published on Wired shows. Now though, Hess, an executive assistant director with the FBI, seems to have confirmed the activity.

(People surmised as much after the FBI was outed as a customer of the Italian spyware firm Hacking Team after hackers stole some of its internal documents and published them online this year, too.)

The agency’s “network investigative techniques,” as these hacking operations are known, originate inside the FBI’s Operational Technology Division in an enclave known as its Remote Operations Unit, according to the Post. They’re rarely discussed publicly, and many privacy advocates have a number of concerns about the system, which they say could potentially be abused or have unsavory consequences.

Law enforcement agencies’ reliance on such exploits poses a Catch-22. On the one hand, hoarding coveted bugs and keeping them secret lets authorities slyly target suspects and collect evidence (with a warrant, of course). On the other hand, alerting tech companies about flaws in their products lets them fix the problems, protecting customers everywhere and securing them against attacks from less well-intentioned hackers and spies. The two incentives are undeniably at odds.

That dilemma grows more complex when another compelling reason for agencies like the FBI to use zero days enters the mix. The hacking method lets investigators sidestep roadblocks posed by strong encryption, a technology that scrambles data and communications and increasingly leaves the Feds in the dark, so to speak, when probing wires and hard drives for incriminating information. Consider the hacking option as the agency’s “plan B,” as the Intercept has detailed.

The tactic isn’t necessarily a bad thing. Indeed, Jonathan Mayer, the Federal Communication Commission’s recently appointed technical lead for investigations who is also a well-known privacy advocate, earlier this year described hacking as a potentially “legitimate and effective law enforcement technique” in an academic paper. Another set of big-name security researchers also recently argued in a paper that targeted hacking campaigns could provide a tolerable alternative to mandating that tech firms add special “backdoor” access to their encrypted products for investigators.

Read the more on Fortune

Bystanders Mistake Woman’s Stabbing As Performance Art At Miami’s Art Basel

Insert eyeball emoji & cue the creepy Freddie Kruger music. 

A woman was viciously stabbed at Art Basel in Miami Beach in front of hundreds of people. 

The real stickler (no pun intended here) is that bystanders thought it was all a part of the show and didn’t immediately react to help the woman, instead mistaking her anguish as performance art.

Wow. Just wow. Unreal. 

Peep the story below and leave a comment. 

The stabbing victim at Art Basel in Miami Beach. Photo: Rudy Perez, courtesy the Miami Herald.

Peep the story from ArtNet.com

An altercation amid the aisles led to bloodshed at Art Basel in Miami Beach at about 5:15 p.m. last night as one visitor to the fair allegedly stabbed another with an X-Acto knife, according to the Miami Herald.

The incident, which involved two women, took place at the fair’s Nova sector, which focuses on young artists, near the booth of Los Angeles’s Freedman Fitzpatrick Gallery and an installation by Miami artist Naomi Fisher called The Swamp of Sagittarius.

The victim reportedly confronted her attacker, who has been identified as 24-year-old Siyuan Zhao, of New York, and accused her of following and repeatedly bumping into her. According to police, Zhao responded by stabbing her in the arms and neck.

The stabbing suspect, who has been identified as 24-year-old Siyuan Zhao, is arrested at Art Basel in Miami Beach. Photo: Rudy Perez, courtesy the Miami Herald.

The injuries were non-life threatening, and the victim was taken to Jackson Memorial Hospital. As Zhao was arrested, according to police reports, she told officers “I had to kill her and two more!” and “I had to watch her bleed!” NBC reports that Zhao is facing an attempted murder charge.

Visitors to the fair were reportedly confused by the stabbing, mistaking it for performance art. The area was quickly marked off with police tape, which some people seem to have thought was part of the installation.

“A guy walked up to me and said, ‘I thought I saw a performance, and I thought it was fake blood, but it was real blood,” Fisher told the Herald. “It’s horrible… I’m so freaked out.”

The Herald reports that Art Basel had increased security measures at the fair following the recent terrorist attacks in Paris, and moved quickly to clean up evidence of the violent event, but not before local photographer Rudy Perez captured graphic images of the incident.

“The attack was an isolated incident that was immediately secured,” said Art Basel Miami Beach spokeswoman Sara Fitzmaurice in a statement. “Our thoughts are with the victim.”