An open letter from a Social Engineer

Hello! My name is social engineer. I like to use any and all information about you to gain access to your money, healthcare records and personal identity. It’s Halloween and it can be a scary time. Sometimes I’m scared by the amount of info people share about themselves and their loved-ones online.

A great way to wrap-up National Cyber Security Awareness Month is to limit the amount of info I have access-to by navigating to this page on facebook and clicking this button called, “Limit Old Posts.” This makes the amount of info available to me much more scarce! You can do this same thing on other social media sites too.

Of course if you need more scaring to be convinced, just sign-in to facebook and head over to http://www.takethislollipop.com for a close-to-home demo of how your own info might be used against you. IF YOU DARE!

Happy Halloween!

Cyber Panel at Nashville Business Journal

A while back I participated in a Cyber panel with the Nashville Business Journal.

Read the article here.

The FBI, Apple and privacy encryption: Why the FBI is putting pressure on Apple to hack a terrorist's iPhone

I've heard a lot of talk lately about why a federal agency would bother with a hardware and software vendor in the course of obtaining a known terrorists associates. Here's my analysis FWIW...

If you follow DOJ cases you'll notice a trend of late where in the course of establishing an air tight case judges are requesting very intimate details of how the FBI and others have come by their information. 

In one recent child porn ring case the FBI was asked to provide all Network Investigative Technique (NIT) methods including code for how they reverse engineered the dark web running on TOR to nail-down one site hosting over 80 percent of darkweb child porn called "PlayPen." But they didn't stop with taking down the site as in previous cases. Instead, they moved the site to their own data center and used it as click-bait to catch more bad guys.

Needless to say those methods and code will be entered into public record. The bad guys will patch the hole and the millions of dollars spent researching and developing said methods and code will be worthless.

Which brings us back to an iPhone and a shooter. My theory and that's really all it is at this point is this. The FBI doesn't really need Apple to crack the phone. Let's not fool ourselves into thinking the FBI and other federal agencies don't have the technical capability of cracking our personal devices. In fact the automatic update feature itself may be just that. Apple itself reports that the FBI has requested a "new version" of the OS that circumvents security features be installed on the phone. So rather  than take a gamble with revealing a high-value back door when the payoff is unknown the FBI is asking Apple to crack it for them. They don't want to show their cards yet.

Which brings us to how Apple will fight the Court order to hack the shooter's phone and Apple's 64-page response citing the unconstitutional nature of the order. Why is this case such a big deal? Why is seemingly everybody talking about it? In the grand scheme of things this case has the potential to have an incredibly profound impact on Constitutional law and will certainly shape the way we use technology and the privacy we (think) we enjoy in the years to come.

The case is slated to advance to a House Judiciary Committee for Encryption on March 1st.