Obama Administration Will Spend $1 Billion on Iris & Facial Recognition Technology

Candice Lanier - For over a year and a half, the Mexican government has been collecting an unprecedented amount of biometric data from minors ages 4 to 17 as part of a youth ID card program. The Electronic Frontier Foundation reports that the data is being gathered for Personal Identity Cards for minors. This I.D. card, according to Mexican authorities, will help streamline registration in schools and health facilities and comes embedded with digital records of iris images, fingerprints, a photograph and a signature for each minor.

EFF reports:

The ID card project is part of the integration of Mexico’s National Population Register (RENAPO), which is intended to provide a unique identity system to conclusively prove identities of all Mexican citizens. Under the program, the Ministry of the Interior will issue Citizen Identity Cards and Personal Identity Cards containing biometric information, first to youth, and later extending to Mexico’s entire adult population.

Since July of 2009, when President Felipe Calderón officially announced the creation of RENAPO, numerous observers have sounded the alarm that the endeavor violates individuals’ privacy rights. Despite serious concerns raised by a governmental accountability agency and a special commission tasked with studying the program, in January of 2011 Mexico nevertheless became the first country in the world to use iris scans as a component of ID cards.”

Meanwhile, the Department of Homeland Security (DHS) has been expanding its biometrics source from fingerprint to iris and facial recognition for identity verification. In addition to collecting iris and facial images on suspected illegal immigrants or immigrants arrested at border patrol stations,the DHS is also developing a program called Future Attribute Screening Technology.  The purpose of the program is to “detect cues indicative of mal-intent” based on factors including ethnicity, gender, breathing, and heart rate.

More

Web could vanish for hordes of people in July, FBI warns

CNET - If your computer is infected with the DNSChanger virus, your summertime Internet activities will be seriously curtailed — as in buh-bye. But a special Web site can help you fix the problem.

The FBI is warning that hundreds of thousands of people could lose their Internet connections come July, unless they take steps to diagnose and disinfect their computers.

The problem is related to malware called DNSChanger that was first discovered way back in 2007 and that has infected millions of computers worldwide.

In simple terms, when you type a Web address into your browser, your computer contacts DNS (or Domain Name System) servers to find out the numerical Internet Protocol (IP) address of the site you’re trying to reach, and then it takes you there. DNSChanger fiddled with an infected machine’s settings and directed it to rogue servers set up by a crime ring — servers that handed out addresses to whatever sites the ring chose.            More

FBI Chief Calls Cyberthreats Public Enemy No. 1

Cyberattacks in various forms — cybercrime, terrorist acts committed via computers and cybattacks from foreign states — will soon be the United States’ most serious threat, according to FBI Director Robert Mueller. He urged the private sector to help by sharing information with law enforcement. His remarks were made at the RSA Conference in San Francisco.

In the near future, cyberthreats will be the leading threat to the United States, FBI Director Robert Mueller warned in a speech on Thursday at the RSA Conference in San Francisco.
Traditional crime, from mortgage and healthcare fraud to child exploitation, have moved online, while terrorists have become increasingly cyber-savvy, Mueller said.

Meanwhile, law enforcement is also confronting hacktivists, organized crime, hostile foreign nations spying on the U.S. and online and mercenary hackers.

Law enforcement needs to take lessons learned from fighting terrorism and apply them to cybercrime, he stated.

While the FBI has built up substantial expertise to deal with cyberthreats, it needs help from the private sector, Mueller said, repeating his often-made call for companies to be forthright about reporting data breaches.

“With cyberterrorism, there are fewer high-impact targets that likely have sophisticated defenses,” Tim Keanini, chief technology officer at nCircle, told TechNewsWorld. “Cybercrime, on the other hand, has become an actual business model with countless targets.”

Cybercrime “has had magnitudes more bite than cyberterrorism for a long time now,” mused Randy Abrams, an independent security consultant.

The Rise of the Terrorist in Cyberspace

Terrorist organizations are using the Internet to grow and connect with each other, and they are doing so openly, Mueller said.           More

Anonymous eavesdrops on FBI conference call

New Scientist - Hacktivist group Anonymous has posted online a recording of a conference call between the US Federal Bureau of Investigation and Scotland Yard – in which detectives both sides of the Atlantic discuss their progress in apprehending Anonymous’s hacktivist brethren.

The call, posted on Youtube (until Google removes it) but also circulating as an MP3 file, highlights the utter insecurity of telephone conference call systems, in which people simply dial in unseen and can listen in without speaking or otherwise making their presence known. All they need enter is a meeting code that is distributed with low security beforehand – something easily gleaned from an accidentally forwarded email, printout, or a hacked email account.                     More

Anonymous Hackers Hit DOJ, FBI, Universal Music, MPAA And RIAA After MegaUpload Takedown

Just minutes after the U.S. Department of Justice repossessed the domains of Megaupload, Megavideo, Megaporn and a collection of other popular filesharing sites, the hacker collective Anonymous got to work on a few takedowns of its own.

On Thursday afternoon, Anonymous claimed credit for cyberattacks that knocked offline the websites of the U.S. Department of Justice, Recording Industry of America, Motion Picture Association of America and Universal Music. The so-called denial of service attacks that overwhelmed those sites with junk traffic came less than an hour after the Justice Department announced the takedown of the Mega sites, along with the arrest of former hacker and Mega founder Kim Dotcom and six others, who are being indicted on charges of copyright infringement and money laundering.

“One thing is certain: EXPECT US!,” wrote the Anonymous-linked Anonops Twitter feed Thursday just after the Mega raid, adding a hashtag for Megaupload.

“Anonymous/Megaupload backlash update: http://RIAA.ORG is now Tango Down,” wrote the Twitter feed Anonnews less than one hour later, as other Anonymous feeds claimed credit for downing Justice.gov and Universalmusic.com.

Update: The U.S. Copyright office website is now down as well. Expect this to go on for a while. “Get some popcorn… it’s going to be a long lulzy night,” writes Anonnews.     More

Germany Sought Info About FBI Spy Tool in 2007

Wired - Two years before the Bavarian state in Germany began using a controversial spy tool to gather evidence from suspect computers, German authorities approached the Federal Bureau of Investigation to discuss a similar tool the U.S. law enforcement agency was using.

The information is interesting in light of recent questions raised about the legality and security of spyware that German authorities have been using to gather evidence from criminal suspects.
Bavarian authorities reportedly began using their spyware in 2009. It’s not known if that spyware is based on the FBI’s, but in July 2007, German authorities contacted the FBI seeking information about its tool.

The request came just days after Threat Level first reported that the FBI had used its so-called “computer and internet protocol address verifier,” or CIPAV, tool to track bomb threats that a 15-year-old student had e-mailed to a Washington state high school. It was the first time the FBI’s use of an internet spy tool was publicly disclosed in connection to a specific case.

The FBI’s assistant legal attache in Frankfurt, Germany, sent an email to Bureau colleagues(.pdf) on July 24, 2007, writing, “I am embarrassed to be approaching you again with a request from the Germans . . . but they now have asked us about CIPAV (Computer Internet Protocol Address Verifier) software, allegedly used by the Bu[reau].”

The email was among a trove of documents that the Electronic Frontier Foundation received this year in response to a 2007 Freedom of Information Act the organization filed to request more information about CIPAV. There are no e-mails in the documents to indicate how the FBI responded to the German government’s request.

Under German law, authorities can use spyware to monitor criminals, but its use is supposed to be limited to the interception of internet telephony and to serious criminal cases.

Members of the Berlin-based Chaos Computer Club, however, examined the so-called R2D2 keylogging Trojan after getting hold of a copy of it, and discovered that it was doing much more than it was legally supposed to do. In addition to monitoring Skype calls and recording keystrokes to capture e-mail and instant messaging communications, the Trojan had the ability to take screenshots and activate a computer’s microphone and webcam to allow someone to remotely spy on activities in a room. Furthermore, the program includes a backdoor that would allow authorities to remotely update the program with additional functionality.               More

Cyber attacks are becoming lethal, warns US cyber commander

Cyber attacks are escalating from large-scale theft and disruption of computer operations to more lethal attacks that destroy systems and physical equipment, according to the head of the US Cyber Command.

 

“That’s our concern about what’s coming in cyberspace – a destructive element,” General Keith Alexander told a conference on cyber warfare, according to the Washington Times.

Alexander, who is also the director of the National Security Agency (NSA), said that future computer-based combat is likely to involve cyber strikes that cause widespread power outages and even physical destruction of machinery.

The potential for cyber attacks to do this, he said, is illustrated by the electrical power outage in the Northeast US in 2003 caused by the freezing of software that controlled the power grid after a tree damaged two high-voltage power lines, and the destruction of a water-driven electrical generator at Russia’s Sayano-Shushenskaya dam in 2009 that was caused by a computer operator remotely starting the generator while one of the dam’s turbines was being serviced.      
More

Oops: Plastic kids toy threatens national security

CNET - Expensive high-tech digital radios used by the FBI, Secret Service, and Homeland Security are designed so poorly that they can be jammed by a $30 children's toy, CNET has learned.

A GirlTech IMME, Mattel's pink instant-messaging device with a miniature keyboard that's marketed to pre-teen girls, can be used to disrupt sensitive radio communications used by every major federal law enforcement agency, a team of security researchers from the University of Pennsylvania is planning to announce tomorrow.

Converting the GirlTech gadget into a jammer may be beyond the ability of a street criminal for now, but that won't last, says associate professor Matt Blaze, who co-authored the paper that will be presented tomorrow at the Usenix Security symposium in San Francisco. CNET obtained a copy of the paper, which will be made publicly available in the afternoon.

"It's going to be someone somewhere creating the Project 25 jamming kit and it'll be something that you download from the Net," Blaze said. "We're not there right now, but we're pretty close."

Project 25, sometimes abbreviated as P25, is the name of the wireless standard used in the radios, which have been widely adopted across the federal government and many state and local police agencies over the last decade. The plan was to boost interoperability, so different agencies would be able to talk to one another, while providing secure encrypted communications.       More

The FBI's Next Generation Identification: Bigger and Faster but Much Worse for Privacy

EFF.Org - This week, the Center for Constitutional Rights (CCR) and several other organizations released documents from a FOIA lawsuit that expose the concerted efforts of the FBI and DHS to build a massive database of personal and biometric information. This database, called “Next Generation Identification” (NGI), has been in the works for several years now. However, the documents CCR posted show for the first time how FBI has taken advantage of the DHS Secure Communities program and both DHS and the State Department’s civil biometric data collection programs to build out this $1 billion database.

Unlike some government initiatives, NGI has not been a secret program. The FBI brags about it on its website (describing NGI as “bigger, faster, and better”), and both DHS and FBI have, over the past 10+ years, slowly and carefully laid the groundwork for extensive data sharing and database interoperability through publicly-available privacy impact assessments and other records. However, the fact that NGI is not secret does not make it OK. Currently, the FBI and DHS have separate databases (called IAFIS and IDENT, respectively) that each have the capacity to store an extensive amount of information—including names, addresses, social security numbers, telephone numbers, e-mail addresses, fingerprints, booking photos, unique identifying numbers, gender, race, and date of birth. Within the last few years, DHS and FBI have made their data easily searchable between the agencies. However, both databases remained independent, and were only “unimodal,” meaning they only had one biometric means of identifying someone—usually a fingerprint.

In contrast, as CCR’s FOIA documents reveal, FBI’s NGI database will be populated with data from both FBI and DHS records. Further, NGI will be “multimodal.” This means NGI is designed to allow the collection and storage of the now-standard 10-print fingerprint scan in addition to iris scans, palm prints, and voice data. It is also designed to expand to include other biometric identifiers in the future. NGI will also allow much greater storage of photos, including crime scene security camera photos, and, with its facial recognition and sophisticated search capabilities, it will have the “increased ability to locate potentially related photos (and other records associated with the photos) that might not otherwise be discovered as quickly or efficiently, or might never be discovered at all.”     More