A Geek With Guns

Discount security adviser to the proles.

Archive for the ‘Law and Disorder’ tag

Be Careful When Taking Your Computer In For Servicing

without comments

How many of you have taken your computer in to be repaired? How many of you erased all of your data before taking it in? I’m often amazed by the number of people who take their computer in for servicing without either replacing the hard drive or wiping the hard drive in the computer. Whenever I take any electronic device in for servicing I wipe all of the data off of it and only install an operating system with a default user account the repairer can use to log in with. When I get the device back I wipe it again and then restore my data from a backup.

Why am I so paranoid? Because you never know who might be a paid Federal Bureau of Investigations (FBI) snitch:

The doctor’s attorney says the FBI essentially used the employee to perform warrantless searches on electronics that passed through the massive maintenance facility outside Louisville, Ky., where technicians known as Geek Squad agents work on devices from across the country.

Since 2009, “the FBI was dealing with a paid agent inside the Geek Squad who was used for the specific purpose of searching clients’ computers for child pornography and other contraband or evidence of crimes,” defense attorney James Riddet claimed in a court filing last month.

Riddet represents Dr. Mark Albert Rettenmaier, a gynecological oncologist who practiced at Hoag Hospital until his indictment in November 2014 on two felony counts of possession of child pornography. Rettenmaier, who is free on bond, has taken a leave from seeing patients, Riddet said.

Because the case in this story involved child pornography I’m sure somebody will accuse me of trying to protect people who possess child pornography. But data is data when it comes to security. The methods you can use to protect your confidential communications, adult pornography, medical information, financial records, and any other data can also be used to protect illicit, dangerous, and downright distasteful data. Never let somebody make you feel guilty for helping good people protect themselves because the information you’re providing them can also be used by bad people.

Due to the number of laws on the books, the average working professional commits three felonies a day. In all likelihood some data on your device could be used to charge you with a crime. Since the FBI is using computer technicians as paid informants you should practice some healthy paranoia when handing your devices over to them. The technician who works on your computer could also have a side job of feeding the FBI evidence of crimes.

But those aren’t the only threats you have to worry about when taking your electronic devices in for servicing. I mentioned that I also wipe the device when I get it back from the service center. This is because the technician who worked on my device may have also installed malware on the system:

Harwell had been a Macintosh specialist with a Los Angeles-area home computer repair company called Rezitech. That’s how he allegedly had the opportunity to install the spy software, called Camcapture, on computers.

While working on repair assignments, the 20-year-old technician secretly set up a complex system that could notify him whenever it was ready to snap a shot using the computer’s webcam, according to Sergeant Andrew Goodrich, a spokesman with the Fullerton Police Department in California. “It would let his server know that the victim’s machine was on. The server would then notify his smartphone… and then the images were recorded on his home computer,” he said.

When your device is in the hands of an unknown third party there is no telling what they may do with it. But if the data isn’t there then they can’t snoop through it and if you wipe the device when you get it back any installed malware will be wiped as well.

Be careful when you’re handing your device over to a service center. Make sure the device has been wiped before it goes in and gets wiped when it comes back.

Written by Christopher Burg

May 27th, 2016 at 11:00 am

The FBI Cares More About Maintaining Browser Exploits Than Fighting Child Pornography

without comments

Creating and distributing child pornography are two things that most people seem to agree should be ruthlessly pursued by law enforcers. Law enforcers, on the other hand, don’t agree. The Federal Bureau of Investigations (FBI) would rather toss out a child pornography case than reveal one stupid browser exploit:

A judge has thrown out evidence obtained by the FBI via hacking, after the agency refused to provide the full code it used in the hack.

The decision is a symptom of the FBI using investigative techniques that are usually reserved for intelligence agencies, such as the NSA. When those same techniques are used in criminal cases, they have to stack up against the rights of defendants and are subject to court processes.

The evidence that was thrown out includes child pornography allegedly found on devices belonging to Jay Michaud, a Vancouver public schools worker.

Why did the FBI even bring the case Michaud if it wasn’t willing to reveal the exploit that the defense was guaranteed to demand technical information about?

This isn’t the first case the FBI has allowed to be thrown out due to the agency’s desperate desire to keep an exploit secret. In allowing these cases to be thrown out the FBI has told the country that it isn’t serious about pursuing these crimes and that it would rather all of us remain at the mercy of malicious hackers than reveal the exploits it, and almost certain they, rely on.

I guess the only crimes the FBI actually cares to fight are the ones it creates.

Written by Christopher Burg

May 26th, 2016 at 10:00 am

FBI Director Concerned That Videos Of Police Beating People May Dissuade Police From Beating People

with one comment

James Comey, the current director of the Federal Bureau of Investigations (FBI), has a lot of concerns on his plate. One of his biggest concerns is the propagation of effective cryptography, which is making it harder for his agents to snoop through any random schmuck’s data. Another concern of his is the propagation of high quality cameras:

WASHINGTON — The director of the F.B.I. reignited the factious debate over a so-called “Ferguson effect” on Wednesday, saying that he believed less aggressive policing was driving an alarming spike in murders in many cities.

James Comey, the director, said that while he could offer no statistical proof, he believed after speaking with a number of police officials that a “viral video effect” — with officers wary of confronting suspects for fear of ending up on a video — “could well be at the heart” of a spike in violent crime in some cities.

“There’s a perception that police are less likely to do the marginal additional policing that suppresses crime — the getting out of your car at 2 in the morning and saying to a group of guys, ‘Hey, what are you doing here?’” he told reporters.

“Marginal additional policing” is a fancy way of saying harassment. Consider the example he gave. Why should a police officer pull over a car at two in the morning just to ask what the occupants are doing? If the officer didn’t catch them actually doing something illegal he shouldn’t have pulled them over. Period.

But the viral videos that Comey is referring to are videos of police using force. I’m an advocate of recording all police interactions. If you are a party to a police interaction you should record it, even if it’s something as minor as getting pulled over for speeding. You should also record any police interactions you come across. Police are almost never held accountable for wrongdoing in this country but the few times they are usually only happen because there was a video of the misconduct.

If the threat of being recorded on video dissuades police officers from harassing innocent people I would consider that an added bonus. Apparently Comey feels differently.

Written by Christopher Burg

May 25th, 2016 at 10:00 am

Mossberg To Courts: Muh Intellectual Property

with one comment

Drop-in triggers are nothing new. There are approximately one bajillion drop-in triggers available for AR pattern rifles and some rifles, like the Tavor, are designed around drop-in trigger packs. The fact that everybody and their grandmother manufacturers drop-in triggers hasn’t stopped Mossberg from suing basically everybody because it believes a patent it purchased some time ago grants it a monopoly on the bloody obvious:

In another instance of the firearms industry feeding on it’s own, it appears that Mossberg is exercising it’s control on the original Chip McCormick patent (US 7,293,385 B2), that it acquired a while ago, and bringing lawsuits against a number of manufacturers of drop in triggers.

Mossberg currently licenses the design to the new CMC company, who has apparently decided to get Mossberg to go after their competition, i.e. anyone making drop in triggers.

This is an example of patent trolling. Mossberg didn’t invent drop-in triggers, it purchased a patent covering their design. It also conveniently waited to file a lawsuit until after numerous manufacturers were making drop-in triggers, which coincidentally allows Mossberg to reap more wealth than it could have if it filed a lawsuit the moment somebody violated the patent. Then there is the fact that the patent is absurd. The idea of packaging up the components of a trigger so it can be easily inserted into a firearm isn’t novel or innovative. It’s bloody obvious.

I can only hope that a court renders this patent invalid and Mossberg is forced to pay the attorney fees for all of the companies it’s trying to exploit.

Written by Christopher Burg

May 24th, 2016 at 10:00 am

Linksys Won’t Lock Out Third-Party Firmware

without comments

The Federal Communications Commission (FCC), an agency that believes it has a monopoly on the naturally occurring electromagnetic spectrum, decreed that all Wi-Fi router manufacturers are now responsible for enforcing the agency’s restrictions on spectrum use. Any manufacturer that fails to be the enforcement arm of the FCC will face consequences (being a government agency must be nice, you can just force other people to do your work for you).

Most manufacturers have responded to this decree by taking measures that prevent users from loading third-party firmware of any sort. Such a response is unnecessary and goes beyond the demands of the FCC. Linksys, fortunately, is setting the bar higher and will not lock out third-party firmware entirely:

Next month, the FCC will start requiring manufacturers to prevent users from modifying the RF (radio frequency) parameters on Wi-Fi routers. Those rules were written to stop RF-modded devices from interfering with FAA Doppler weather radar systems. Despite the restrictions, the FCC stressed it was not advocating for device-makers to prevent all modifications or block the installation of third-party firmware.

[…]

Still, it’s a lot easier to lock down a device’s firmware than it is to prevent modifications to the radio module alone. Open source tech experts predicted that router manufacturers would take the easy way out by slamming the door shut on third-party firmware. And that’s exactly what happened. In March, TP-Link confirmed they were locking down the firmware in all Wi-Fi routers.

[…]

Instead of locking down everything, Linksys went the extra mile to ensure owners still had the option to install the firmware of their choice: “Newly sold Linksys WRT routers will store RF parameter data in a separate memory location in order to secure it from the firmware, the company says. That will allow users to keep loading open source firmware the same way they do now,” reports Ars Technica’s Josh Brodkin.

This is excellent news. Not only will it allow users to continue using their preferred firmware, it also sets a precedence for the industry. TP-Link, like many manufacturers, took the easy road. If every other manufacturer followed suit we’d be in a wash of shitty firmware (at least until bypasses for the firmware blocks were discovered). By saying it would still allow third-party firmware to be loaded on its devices, Linksys has maintained its value for many customers and may have convinced former users of other devices to buy its devices instead. Other manufacturers may find themselves having to follow Linksys’s path to prevent paying customers from going over to Linksys. By being a voice of reason, Linksys may end up saving Wi-Fi consumers from only having terrible firmware options.

Written by Christopher Burg

May 19th, 2016 at 10:00 am

The War On Drugs Breeds More Dangerous Drugs

with one comment

Imodium may be the new over-the-counter scary drug but it appears that W-18 is the new illicit scary drug (which is in desperate name of a marketing department to give it a better name):

For the second time in a year, police in Alberta have uncovered a drug called W-18, a synthetic opioid that’s 100 times more powerful than fentanyl — and 10,000 more powerful than morphine.

Police in Edmonton announced Wednesday they seized four kilograms of the substance in powder form during a raid carried out in December during a fentanyl investigation. The powder was then sent to Health Canada, which confirmed on Tuesday that it was W-18.

Staff Sergeant Dave Knibbs told a press conference that this amount of powder could have produced hundreds of millions of W-18 pills.

A stronger substance that people can voluntarily put into their bodies? The horror!

In all seriousness though, W-18 is likely a more dangerous drug than fentanyl but it is also a byproduct of the war on drugs. The iron law of prohibition states that the potency of a prohibited substance increases along with the enforcement of the prohibition:

Super potent pot is not a market failure. It is simply the result of government prohibition. In fact, it is one of the best examples of the iron law of prohibition. When government enacts and enforces a prohibition it eliminates the free market which is then replaced by a black market. This typically changes everything about “the market.” It changes how the product is produced, how it is distributed and sold to consumers. It changes how the product is packaged and in particular, the product itself. The iron law of prohibition looks specifically at how prohibition makes drugs like alcohol and marijuana more potent. The key to the phenomenon is that law enforcement makes it more risky to make, sell, or consume the product. This encourages suppliers to concentrate the product to make it smaller and thus more potent. In this manner you get “more bang for the buck.”

During alcohol prohibition (1920-1933), alcohol consumption went from a beer, wine, and whiskey market to one of rotgut whiskey with little wine or beer available. The rotgut whiskey could be more than twice as potent of the normal whiskey that was produced both before and after prohibition. The product is then diluted at the point of consumption. During the 1920s all sorts of cocktails were invented to dilute the whiskey and to cover up for bad smells and tastes.

Therefore, the current high potency of marijuana is not a market phenomenon, nor is it a market failure. It is primarily driven by government’s prohibition and the odd incentives that this produces on the sellers’ side of the market. Under these conditions consumers may prefer higher potency marijuana, ceteris paribus, but it is not primarily a consumer driven phenomenon.

W-18 is the byproduct of stronger enforcement of opioid prohibitions. Since law enforcers are concentrating their efforts on opioids such as heroine and fentanyl the producers are responding by making a more concealable version (as the product is more potent less is needed for the desired effect) that is easier to transport under the watchful eye of the badged men with guns.

This is just another example of how the war on drugs has actually made the drug market more dangerous. In addition to adding the risk of men with guns kicking down the doors of drug users at oh dark thirty and shooting their family pets, the war on drugs has also made the substances themselves more dangerous by creating an environment that motivates producers to increase the potency. So long as the war on opioids continues we will see more potent forms. In a few years W-18 will likely become a footnote in history; just another less potent version of a new opioid. This trend will continue until the war on drugs is ended and producers are no longer encouraged to make ever increasingly potent substances.

Written by Christopher Burg

May 18th, 2016 at 10:30 am

I Guess Oracle Will Sue MariaDB Next

without comments

Oracle is still butthurt over the fact that it snapped up Java when it purchased Sun Microsystems and still hasn’t figured out how to make it profitable. Google on the other hand, managed to take the Java application programming interface (API) and use it for Android, which is turning the company a tidy profit. After getting its ass handed to it in court only to have a dimwitted judge reverse the decision, Oracle is pushing forward with its desperate attempt to get its hands on some of the wealth Google created. Oracle is now claiming that Google owes damages. Why? Apparently because it’s offering Android for free:

Catz also testified that Oracle’s Java licensing business was hurt by Android. Customers that used to buy licenses for Java, including Samsung, ZTE, Motorola, and others, don’t buy licenses from Oracle anymore. “They don’t take a license from us anymore, because they use Android, which is free,” she said.

Licensing contracts that used to be $40 million deals are now $1 million deals, Catz said. She gave the example of Amazon, which was formerly a customer but chose to go with Android for the Kindle Fire. When Amazon came out with its popular mid-range Kindle, the Paperwhite, the e-reader company chose to license Java only after Oracle offered a massive discount.

“In order to compete, we ended up giving a 97.5 percent discount for the Paperwhite,” she said, “because our competition was free.”

As for the mobile licensing business, since the launch of Android, it has performed “very, very poorly,” Catz said.

What’s next? Will Oracle sue the people behind MariaDB? For those who don’t know, MariaDB is a fork of MySQL, which is another product that Oracle acquired when it purchased Sun Microsystems. MariaDB, like the Android API, is a free product based on software Oracle acquired through its purchase of Sun Microsofts that could be taking market share from its expensive software!

Should manufacturers and developers of a product that’s sold directly for money be able to sue competitors who offer a free alternative? If you ask some antitrust supporters the answer is yes. But if you ask anybody with a brain the answer is no.

Consider Oracle’s situation. Android basically ate its lunch because nobody is buying its mobile Java software. Does that indicate that Google is somehow at fault because it made Android free? No. Such an assumption would imply that free products always win in the market when that isn’t the case. Sometimes a free product is so shitty that an expensive alternative still wins out. Consider Microsoft Windows. It’s still the most popular desktop operating system out there even though Linux, FreeBSD, OpenBSD, and a number of other free alternatives exist. Why? Because Windows offers features that consumers want and alternative don’t offer. Software compatibility, driver support, etc. are desirable features to many people. So desirable in fact that they’re willing to pay for them even though a free alternative exists. Without those features consumers see the free alternatives as so shitty that the savings associated with using them aren’t worth it. In spite of what the famous saying says, you actually can compete with free.

Android isn’t winning over mobile Java simply because it’s free. It’s winning because it offers features that consumers want. There is a massive software library available for Android that isn’t available for mobile Java. Google includes many desirable applications including clients for its popular Maps and Gmail services. Hardware developers want consumers to buy their phones so they tend to favor software that consumers want, which is part of the reason so many Android mobile devices exist while so few Windows ones do.

Google isn’t responsible for Oracle’s dwindling mobile Java profits, Oracle is for not making it a compelling product.

Written by Christopher Burg

May 18th, 2016 at 10:00 am

Fear Is The Last Refuge Of A Scoundrel

without comments

Stingray is a product name for an IMSI-catcher popular amongst law enforcers. Despite the devices being trivial enough that anybody can build one for $1,500, law enforcers have been desperate to keep the devices a secret. The Federal Bureau of Investigations (FBI), for example, would rather throw out cases than disclose its Stingray usage.

Here in Minnesota law enforcers are also busy keeping tight wraps on Stingray usage:

A Fox 9 Investigation has revealed that tracking warrants for a surveillance device called StingRay have routinely been kept sealed, despite a law requiring them to become public with 90 days.

The StingRay device is used by the Bureau of Criminal Apprehension about 60 times a year, said BCA Superintendent Drew Evans. Hennepin County Sheriff also had a StingRay, but a spokesperson said they discontinued it after using it only four times.

Why the secrecy? If you were expecting a detailed legal defense you’re going to be left wanting. The only defense law enforcers can muster is fear. Whenever a law enforcement department is pressed about the secrecy of Stingray devices they respond with the scariest case they can think of that involved the device

“This technology has been absolutely critical in locating some of Minnesota’s most violent criminals, more quickly than we ever were before,” Evans said.

Photo State of surveillance: StingRay warrants sealed despite changes in Minnesota law
Law enforcement used the technology last month when a disgruntled client allegedly gunned down a clerk at a St. Paul law firm and then went on the run. Police had the suspect’s cell phone and tracked him down.

[…]

“Just this week we were able to locate a level 3 sexual offender that was non-compliant, a suspect in a series of serial rapes, and a homicide suspect, this week alone,” he explained.

This usually satisfies journalists and the general public but shouldn’t. Whenever a law enforcer brings up a scary case where they used a Stingray device the immediate response should be, “So what?”

So what if the devices were used in secrecy to find a suspected murderer or a level three sex offender? Will these devices suddenly cease working if they’re subjected to the same oversight as any other law enforcement technology? Will they power off forever the minute a warrant is unsealed? No.

Law enforcers have no legal justification for keeping these devices secret, which is why they’re resorting to fear tactics. The question everybody should be asking is why they’re so desperate to keep these devices in the shadows. I theorize that there is a known weakness in the technology that would make them potentially inadmissible in court. What other reason could there be to go so far as to throw out individual cases rather than unseal warrants and release technical details about the devices? It’s not like the devices are a novel technology that nobody knows how to make or defend against.

The State Sucks At Language

without comments

Under any sane legal system the label criminal would be reserved for those who victimize others. But the legal systems of most modern developed countries use the label to describe anybody who has violated any of the State’s decrees, regardless of how arbitrary they may be. Because of this we have people walking around who have been labeled criminals but have never victimized anybody. Fortunately the Department of Justice (DoJ) is finally recognizing this fact, although I doubt it’s intentionally, and is moving away from the term criminal to describe the people it targets:

The Department Of Justice has been phasing out the use of the word “criminal” to describe criminals. On the DOJ website the newer term, “justice-involved individual,” can be traced back to 2009. However, the term has seen more and more daylight over the last couple of years.

I’ve seen quite a few neocons flipping their shit about this but it really is a good move. The DoJ spends a great deal of its time harassing drug buys and sellers, tax evaders, unlicensed firearm dealers, and other people who haven’t actually victimized anybody. That being the case, it makes sense to refer to its targets by something other than criminals.

With that said, the DoJ, like every other government agency, sucks at language. Justice-involved individual is also a misnomer for the same reason the agency’s name is a misnomer; the word justice implies a wrong being righted. Without a victim there is no wrong to right and therefore no justice to be had. A better label would be a legal-involved individual.

Written by Christopher Burg

May 12th, 2016 at 10:00 am

The War Against Privacy

with one comment

If you read the erroneously named Bill of Rights (which is really a list of privileges, most of which have been revoked) you might be left with the mistaken impression that you have a right to privacy against the State. From the National Security Administration’s (NSA) dragnet surveillance to local police departments using cell phone interceptors, the State has been very busy proving this wrong. Not to be outdone by the law enforcement branches, the courts have been working hard to erode your privacy as well. The most recent instance of this is a proposed procedural change:

The Federal Rules of Criminal Procedure set the ground rules for federal criminal prosecutions. The rules cover everything from correcting clerical errors in a judgment to which holidays a court will be closed on—all the day-to-day procedural details that come with running a judicial system.

The key word here is “procedural.” By law, the rules and proposals are supposed to be procedural and must not change substantive rights.

[…]

But the amendment to Rule 41 isn’t procedural at all. It creates new avenues for government hacking that were never approved by Congress.

The proposal would grant a judge the ability to issue a warrant to remotely access, search, seize, or copy data when “the district where the media or information is located has been concealed through technological means” or when the media are on protected computers that have been “damaged without authorization and are located in five or more districts.” It would grant this authority to any judge in any district where activities related to the crime may have occurred.

In layman’s terms the change will grant judges the ability to authorize law enforcers to hack into any computer using Tor, I2P, a virtual private network (VPN), or any other method of protecting one’s privacy (the wording is quite vague and a good lawyer could probably stretch it to include individuals using a public Wi-Fi access point in a restaurant). The point being made with this rule proposal is clear, the State doesn’t believe you have any right to protect your privacy.

This should come as no surprise to anybody though. The State has long held that your right to privacy stops where its nosiness begins. You’re not allowed to legally possess funds the State isn’t aware of (financial reporting laws exist to enforce this), manufacture and sell firearms the State isn’t aware of, or be a human being the State isn’t aware of (registering newborn children for Social Security and requiring anybody entering or leaving the country to provide notice and receive approval from the State).