PODCAST Panel #1: PeerTalk™ Privacy -vs- National Security

 

Since mid December 2017 our panel was preparing for this first in the series of discussions regarding Privacy -vs- National Security hosted by and drawn from Peerlystcommunity members.

The panel was drawn from a range of disciplines and interests but what united all of the participants was that we are people who are passionate about infosec, civil liberties, and the rule of law.

This series is primarily concerned with how we might align the privacy rights of citizens with the imperatives of predicting, preventing, and reacting to internal & external national security threats.

Our objective was to deliver an opening discussion on the subject matter that would compel further debate and interest, but also attempt to compartmentalise the discrete elements, for discussion on future panels , while at the same time demonstrating the scale of the issues involved with practical real world, non-theoretical examples.

Over the preparation period several pieces were authored on the subject of Privacy -vs- National Security. The links to these associated posts are:

  1. PeerTalk™ Privacy -vs- National Security: One Post To Rule Them All
  2. Video Introduction to Podcast #1 of the PeerTalk™ Privacy -v- National Security Podcast Panel Series
  3. PeerTalk™ Privacy -vs- National Security: Preserve Peace Through (Cyber & Intelligence) Strength
  4. PeerTalk™ Privacy -vs- National Security Sources: In Isolation & Where They Intersect
  5. PeerTalk™ Peerlyst Panel: Privacy vs National Security
  6. PeerTalk™ Privacy -vs- National Security: Gülen FETÖ/PDY, Millî İstihbarat Teşkilatı (MİT) & ByLock
  7. PeerTalk™ Privacy -vs- National Security: You (encryption advocates) are “jerks”, “evil geniuses”, and “pervert facilitators”
  8. PeerTalk™ Privacy -vs- National Security: The Rogues Gallery of Encryption Luddites (Updated 01.16.2018)
  9. Also included below were two essays from panel member Geordie B Stewart MSc CISSP
    1. Polluting the Privacy Debate
    2. Ethical Compromises in the Name of National Security

The questions to the panel in preparation for the discussion were these:

  1. Are recent actions by the Turkish intelligence community reasonable with the backdrop of an alleged serious threat to the security of the state?
  2. Could one ever imagine a similar scenario in the West and if so would it ever be justified?
  3. Does the panel think that while broad brush application of these types of tools and methods by law enforcement and the intelligence community does not happen in the West, does it happen on a case by case basis?
  4. If so, is protecting one person from a miscarriage of justice using illegally obtained surveillance data more important than allowing warrantless mass surveillance and trusting that the intelligence community and political / commercial interests will not abuse the knowledge yielded from the data and rather use it for the national interest?
  5. Finally, does the panel have faith in the oversight and governance mechanism looking to protect citizens of Western nations whose data is acquired by programs such as PRISM and queried using tools such as XKeyscore?”

The panellists were:

Graham Joseph Penrose‍ (Moderator), Interim Manager in a range of Startups, Privacy Advocate, Avid Blogger, and Homeless Activist. I began my career in IT 30 years ago in Banking and in the intervening period I have applied technology and in particular secure communications to assist me in various roles but most aggressively as the owner of a Private MilitarySecurity Company operating in High Risk Areas globally. I am apparently a Thought Leader and Authority in the Privacy space according to various independent third party research organisations and I am member of the IBM Systems Innovators Program.

Kim Crawley‍, Cybersecurity Journalist. A respected and valued contributor to Peerlyst and publications including Cylance,AlienVault, Tripwire, and Venafi.

Emily Crose‍, Network Security Researcher with 10 years experience in both offensive and defensive security roles, 7 of those years were spent in the service of the United States Intelligence Community. She is currently the director of the Nemesis projectand works for a cyber security startup in the Washington DC area.

Lewis De Payne‍, Board Member, Vice President & CTO/CISO of medical diagnostics company aiHEALTH, LLC. CTO/CIIO of a social commerce startup and a founding shareholder in Keynetics responsible for the patented online fraud control tools known as Kount. Lewis has had some adversarial contacts with the FBI that are documented in several of Kevin Mitnick’s (and other writers’) books. Lewis electronically wiretapped the FBI and other law enforcement bureaus, and recorded some of their activities (which included having informants perform illegal wiretaps, so they could gain probable cause to obtain search warrants). In his younger days, Lewis took the US government to court several times In one case his proceedings set legalprecedent when the 9th Circuit Court of Appeals heard his Jencks Action and ruled in his favour causing the FBI to have to return all seized property (and computers) to him, and others.

Geordie B Stewart MSc CISSP‍, Director at Risk Intelligence which company provides a range of specialist infosec services to organisations including risk analysis, policy development, security auditing and compliance, education, training, and continuity planning. Geordie writes and speaks frequently on the topics of Privacy, Ethics and National Security. Partly because he thinks they are important topics, but partly to increase his embarrassment when his web history eventually leaks. Geordie also writes the security awareness column for the ISSA Journal and works in senior security leadership roles for large organisations.

Dean Webb‍, Network Security Specialist. Dean has 12 years of experience in IT and IT Security, as well as over two decades as an instructor and journalist with particular focus on national security issues, espionage, and civil rights.

We enjoyed a wide ranging and informative discussion over the course of the 90 minutes and while we were not in a position to cover all of the material it was a very acceptable starting point and a stake in the ground with respect to what the community can expect from this series of panels.

I opened the discussion with the question:

“Where do the panellists believe that the line should be drawn between what are personal privacy rights versus the needs of national security and do the panellists think that in recent years the public in an atmosphere of “fear” has too easily surrendered a range of privacy rights in favour of national security?”

Please enjoy the recording below which we hope you will find compelling enough to share with your community. We are looking forward to your feedback and we would be very pleased to have your comments, suggestions, and questions. (Don’t forget to subscribe to the Peerlyst YouTube channel so as not to miss the next in our series and also recordings of all of the other panels coming out of the PeerTalk™ initiative.)

ENDS

Top Cybersecurity Threats in Sport (2025)

On October 10th, 2017 at a panel discussion about “Cybersecurity of the Olympic Games” at the University Club, California Memorial Stadium – Missy Franklin, (five-time Olympic medalist) said “We constantly get new technology thrown at us. It’s crazy, but that’s where sports are going.”

Extract:Digital technologies pose an increasingly diverse set of threats to Olympic events, and the newer forms of threat are likely to have more serious consequences. While most hacks today focus on sports stadium IT systems and ticket operations, future risks will include hacks that cut to the integrity of the sporting event results, as well as to core stadiums operations.”

The study The Cybersecurity of Olympic Sports: New Opportunities, New Risks identifies eight key areas of risk for future sporting events:

  1. Stadium system hacks
  2. Scoring system hacks
  3. Photo and video replay hacks
  4. Athlete care hacks
  5. Entry manipulation
  6. Transportation hacks
  7. Hacks to facilitate terrorism or kidnapping
  8. Panic-inducing hacks

Key Olympic sports technology trends that represent several vectors of additional risk:

  1. Gymnastics
    1. Artificial intelligence in scoring
    2. Possible Surprises: Embedded tracking in gymnastics equipment
  2. Swimming
    1. Automated start/finish technology
    2. Possible Surprises: Biometrics in swimsuits
  3. Rowing
    1. Drones above race
    2. GPS tracking of boats
    3. Possible Surprises: Virtual reality real-time viewing
  4. Track & Field
    1. Automatic field event measurement
    2. Possible Surprises: 3D images for track finishes

Selected known cybersecurity incidents from the last three summer Olympic Games include:

BEIJING:

  1. Ticket scamming
  2. DDoS and related attacks against IT infrastructure

LONDON OLYMPICS:

  1. Ticket scamming
  2. DDoS and related attacks against IT infrastructure
  3. False alarm threat to the electrical grid

RIO OLYMPICS:

  1. Ticket scamming
  2. DDoS and related attacks against IT infrastructure
  3. Athlete data hack

END

Profile of “genius” Parscale, who “won” for Trump & the Facebook political influence juggernaut

Parscale — and every political consultant in a similar situation — is doing this interview to build his business. The introduction of sophisticated digital tools to the process of electing candidates has resulted in a bumper crop of people claiming that they have mastered this inscrutable system and that you should hire them.

Fleshed out, Parscale is the man behind the Trump campaign’s digital media efforts in 2016. He was hired to create a website for $1,500 (as he explained in that “60 Minutes” interview) and then his role expanded until he was managing tens of millions of dollars intended to promote the presidential candidate online.

The point of the interview was, in part, to serve as a profile of Parscale but, more broadly, to explain the primary way in which those millions were spent. Per Parscale’s accounting, that was largely on Facebook advertising. Trump’s team advertised on other platforms, too, but “Facebook was the 500-pound gorilla, 80 percent of the budget kind of thing,” Parscale said.

If you do a search for Brad Parscale’s appearance on “60 Minutes,” the first thing that pops up above the results as of Monday morning is an ad for Brad Parscale. And that, in a nutshell, is Brad Parscale.

Right after the campaign, it was the firm Cambridge Analytica that was making this case, arguing that its black-box analysis of the psychology of American voters allowed Trump to target specific sorts of people with ads that dug deep into their brains to trigger a response. The company (owned in part by the family of Robert Mercer, which was in other ways essential to Trump’s success) wanted to convince future candidates that they could work their magic to get them elected, too.

To “60 Minutes,” Parscale dismissed that claim — in part because he was in the midst of claiming that he was the one with the magic touch. He didn’t think Cambridge Analytica’s system of creating “psychographic” profiles of people was sinister, he said — he just didn’t think it worked.

Which is a simply bizarre claim in the broader context. It isn’t that Parscale doesn’t think that building profiles of people to target ads to them doesn’t work. It’s that Parscale doesn’t seem to realize that this is basically what Facebook was doing for him, in real-time.

By its very nature, Facebook does a more complete and more robust version of what Cambridge Analytica claims to accomplish. In 2014, we explained how Facebook’s political tools work, how it combines data about what you’ve clicked with outside consumer data to get as complete a picture of who you are and what you like as anything that exists. But then it overlays the ability to advertise specific things to specific people — and to test and refine and improve on those ads.

This is what Parscale was describing to “60 Minutes” — not his genius, but Facebook’s. He shows the nifty tricks that you can do with Facebook, A/B testing (as the process is known) different versions of ads with different photos and ads that allow the most effective to quickly rise to the surface. He clearly used all of those secret buttons, clicks and technology that he sought, leveraging Facebook’s deep sense of its individual users and tools to target them. Stepping back, Parscale comes off like the guy who hires LeBron James to play on his team in a 3-on-3 basketball tournament and then brags about his capable coaching. He’s an ad buyer, who lets the platform — say, on Google, when you search for his name — do the work.

The takeaway from the “60 Minutes” interview is simple. Facebook is a juggernaut that’s probably more influential in politics than it realizes itself. (See this New York magazine article to that end.)

Parscale says that his wife likes to say that “[he] was thrown into the Super Bowl, never played a game and won.” Right. It’s just that, in that example, he’s neither Tom Brady nor Bill Belichick. At best, he’s the guy who decided to hire them.

Full story ‘60 Minutes’ profiles the genius who won Trump’s campaign: Facebook https://www.washingtonpost.com/news/politics/wp/2017/10/09/60-minutes-profiles-the-genius-who-won-trumps-campaign-facebook/?utm_term=.5c686f2463e8

Focus on Kaspersky hides facts of another NSA contractor theft

The Wall Street Journal based their story on the fact that another NSA contractor took classified documents home with him. Yet another Russian intelligence operation stole copies of those documents. The twist this time is that the Russians identified the documents because the contractor had Kaspersky Labs anti-virus installed on his home computer.

This is either an example of the Russians subverting a perfectly reasonable security feature in Kaspersky’s products, or Kaspersky adding a plausible feature at the request of Russian intelligence. In the latter case, it’s a nicely deniable Russian information operation. In either case, it’s an impressive Russian information operation.

This is a huge deal, both for the NSA and Kaspersky. The Wall Street Journal article contains no evidence, only unnamed sources. But I am having trouble seeing how the already embattled Kaspersky Labs survives this.

What’s getting a lot less press is yet another NSA contractor stealing top-secret cyberattack software. What is it with the NSA’s inability to keep anything secret anymore?

And it seems that Israeli intelligence penetrated the Kaspersky network and noticed the operation.

Full story on CRYPTO-GRAM October 15, 2017 by Bruce Schneier CTO, IBM Resilient schneier@schneier.com https://www.schneier.com

END

Art For Action – Call for Pledges of Donations of Photography and Prints

Hello Everyone,

In preparation for our launch this December (31st) Art for Action (Twitter: @Art4Homeless) are calling for pledges of donations from artists and photographers.

It has been a pretty hectic process getting everything set up to support the charity and to ensure that we comply with the various regulations and to guarantee transparency for everyone involved.

Worthy of note before we say anything else is that all of the proceeds from the sale of donated art and photography will go to homeless charities in Ireland and the United Kingdom.

There will be no fees, no administration charges, no hidden this, that, and the other levied by Art for Action. All staff provide their services on a voluntary basis. Our founder is providing for the cost of all setup and ongoing costs. Some third party costs will be incurred in terms of payment processing fees and auction site fees and these will be paid from the purchase price of each piece – as is the norm – but that is it.

When the website launches there will be an entire section devoted to how Art for Action conducts its affairs and the accounts of the charity will be available for inspection by any member of the public – on request – without cost.

Call for Pledges of Donations – Artists, Photographers, Photojournalists

There are three ways to pledge:

1. Donate a digital version of your print to Art For Action and explicitly consent in writing that Art for Action have been granted the right to promote and resell the print and also specify the number of prints Art for Action can sell of this print, or specify unlimited;

2. Donate a printed version which the artist or photographer or photojournalist sends to our offices for resale;

3. Donate a printed, mounted, and framed version which is sent to our offices for resale;

All of the above choices are at the complete the discretion of the person donating their work. In each case the following information is also required:

  1. Title of the piece and description;
  2. A sample watermarked digital version of the piece (if applicable);
  3. A suggested guide price;
  4. Please email all details of donations (1-3 above) to Art4Action@intelography.com.

We are very grateful for your assistance and we look forward to publishing success stories throughout the coming years while improving the plight of the many people suffering from the effects of homelessness.

Thank you.

Mining for Tickets – Touts & Ticket Stealing Bots

My Face Value is preparing for launch on 31st December 2017. To keep up to date with the latest news follow us on Facebook and Twitter

Automated ticket mining bots can get around security measures designed to limit ticket purchases. These bots can hoover up hundreds of tickets within seconds of their release. The tickets then almost immediately appear at vastly inflated prices on resale websites.

In early 2017 Viagogo a secondary ticketing website was accused of “moral repugnance” for reselling tickets to an Ed Sheeran cancer charity gig for up to £5,000. An £85 seat to see Adele at the London O2 in 2016 was reportedly being sold online for £24,840.

The use of bots will soon become a criminal offence as part of a crackdown on resale websites. Touts who use bots to mine for concert tickets before selling them for massive profits – and blocking fans from seeing their favourite artists – will also face unlimited fines.

Ticketing firms must introduce tougher anti-bot measures and stronger enforcement of consumer rights laws. Presently, too much lip service is paid to the problem without any real steps being taken to combat it. 

Sources

  • Sky News
  • Sky Sports News

ENDS

Ticket Resellers, “Legal” Domestic Touts, Illegal Offshore Touts

My Face Value is preparing for launch on 31st December 2017. To keep up to date with the latest news follow us on Facebook and Twitter

It is important that fans understand that there are different types of secondary ticket companies. Some of these outfits have no affiliation with associations, football clubs, or supporters clubs and are often based offshore so that they are not subject to UK law.

The general resale of football tickets in the UK was banned in 1994 because of safety fears over the possibility of rival fans mingling together. Only outlets officially authorised by clubs can offer unwanted seats. But tickets are not always sold at face value on these websites even though they are authorised by a club to act as an authorised ticket reseller. Other clubs do have deals with resellers where tickets cannot be sold for more than face value.

But overseas firms can avoid UK consumer law and the Society of Ticket Agents & Retailers warns the online trade allows unscrupulous firms to “dupe unsuspecting ticket buyers”.

Under UK law, tickets advertised must include the cost and location of seats in the stadium. But during the course of 5 live Investigates research they found many examples where this did not happen or the tickets arrived late. The investigation also found that Premier League tickets with a face value of £23 were being be resold for as much as £130 each.

In a bid to clamp down on illegal trading clubs commenced seizing tickets in recent years.

Ticketbis

One firm, Ticketbis, was found to have distributed season tickets and it was also claimed it was reselling tickets associated with people already banned from a stadium. When asked to respond to the allegations, Ticketbis, which is based in Spain, said it is a “secure online platform that works as an intermediary between individuals that want to buy and sell tickets in 40 countries”. The company did not comment on the illegal sale of football tickets.

Acknowledgements & Sources

  • Alistair Magowan, Journalist (Article dated 22nd February 2016)
  • BBC Sport
  • Sky Sport
  • BBC 5 Live Investigates

ENDS