PRIVACY: Should the FBI Get Records about Your Internet Activity Without a Subpoena?

Posted on August 1, 2010 by Peter S. Vogel

A recent report that the White House wants the FBI to have access to an individual’s Internet activity may help with investigation of terrorism or intelligence, but what about our expectation of privacy? Notwithstanding all of Mark Zuckerberg’s recent comments about privacy, last winter Zuckerberg he told a live audience that if he were to ‘create Facebook again today, user information would by default be public.’ Also Google CEO Eric Schmidt admitted in a CNBC interview that under the US Patriot Act that Google would turn over user information (which Google maintains for 18 months) without question. So maybe we have less privacy than we may think, but in the name of national security alone does it make sense for the White House/FBI to not even both getting a federal judge to issue a subpoena?

COMPANY PRIVACY: Social Engineer Defcon Contest

At the annual Defcon meetings (July 30-August 1) in Las Vegas there was a 3 day contest to see which Social Engineer could get the most company data from 30 companies. The FBI is not too happy, but after consulting lawyers from the Electronic Frontier Foundation the following contest rules were created:

Each Social Engineer is sent via email a dossier with the name and URL of their target company chosen from the pool of submitted names.

Pre-Defcon you are allowed to gather any type of information you can glean from the WWW, their websites, Google searches and by using other passive information gathering techniques. You are prohibited from calling, emailing or contacting the company in any way before the Defcon event. We will be monitoring this and points will be deducted for “cheating”.

The goal is to gather points for the information obtained and plan a realistic and appropriate attack vector. The point system will be revealed during the Defcon event. All information should be stored in a professional looking report. 1 week prior to Defcon you will submit your dossiers for review to the judging panel.

Stay tuned to see how successful the Social Engineers were in getting information from these 30 companies. How easy will it be to get information? We all know the answer, pretty easy!
 

Tags: , , , , , , ,

Washington Post: "33 Arrested as FBI Busts Global 'Phishing' Ring"

Posted on October 9, 2009 by Peter S. Vogel

Great news and I guess the FBI is following my blog! The day following my blog about large scale phishing attacks the FBI reported that “law enforcement authorities in California, Nevada and North Carolina arrested 33 people Wednesday as part of an international crackdown on "phishing," e-mail scams that trick people into giving personal and financial data to counterfeit Web sites.”

Phishing Scam Spooked FBI Director Off E-Banking

Really great to know that even the FBI Director Robert Mueller almost fell for a phishing scam. So clearly if Director Mueller is susceptible, isn’t everyone? Everyone needs to be careful.

Good Advice- Read the Phishing Emails

As I blogged that Paypal contacted me, but I didn’t fall for the scam…it was pretty obvious because the email I got was misspelled:.    (ending with a capital eye rather than a small l) so look closely at the email I received and decide if you would respond to an email like this:


If people read emails and see that PayPaI is misspelled or the content doesn’t add up…they should think twice before responding...and hopefully advoid falling for the latest phishing scam!
 

Tags: , ,