Tag: LEA

Cybercrime, Advanced Persistent Threats, and Human-Centric Security

Post author By Christopher Parsons
Post date December 17, 2024

RUSI has published a compelling essay arguing that policy makers and threat intelligence groups should focus more time and attention towards the activities of cyber criminals.

Contemporary cyber criminals:

have many operational characteristics that parallel those of nation-state supported advanced persistent threats
are quickly innovating and developing new exploit processes and chains in reaction to market developments, and
have a real and significant impact on the lives of people around the world.

Moreover, criminals are increasingly targeting critical infrastructure, an activity-type which has characteristically been associated with nation-state supported organizations.

While it’s left unstated in the essay, Larson is also implicitly is calling for a focus on human-centric security practices. Such a focus would see policy makers and cyber practitioners work to more actively stymie the worst harms felt by individuals and communities affected by cyber operations or incidents. Such a focus might, also, see countries or organizations shift resources away from impeding nation-state supported threat actors and towards law enforcement agencies and cybersecurity bodies or, alternately, see national governments update operational guidance to prioritize targeting cyber criminals’ organizations or infrastructure using offensive cyber capacities.

Tags Cyber Security, Cybercrime, Human-Centric Security, LEA, National Security, Policy

Writing

The Data Broker Economy Continues to Endanger Individuals’ Privacy

Post author By Christopher Parsons
Post date December 16, 2024

Mobile advertisers and data brokers routinely collect vast amounts of sensitive information without individuals’ meaningful consent. Sometimes this collection is explicitly mentioned in the terms of service that advertisers provide. However, in many other cases, this collection is linked to “free” functionality services that developers integrate into their applications at the cost of losing control of their users’ data.

These kinds of data brokers fuel a large and mostly invisible data market. But there are times where aspects of it (accidentally) emerge from the shadows.

Recent reporting, first covered by 404 Media, reveals how Fog Reveal sells geolocation services to government agencies. Geofences can be placed around targeted persons’ friends’ and families’ homes, places of worship, doctors’ offices, and offices of a person’s lawyer. Fences can be established retroactively as well as proactively.

These same capacities, it must be noted, can and are also exploited by non-law enforcement agencies. Recent reporting has showcased how the activities of these kinds of data brokers can endanger national security, and they can also put the safety of political and business leaders, to say nothing of regular people, at risk of harm.

Fog Reveal and similar companies are offering an expansive for-sale surveillance capacity. And the capacity, which was once the thing of science fiction, has somehow become banally available for those who can convince private vendors to provide access to the data they have collected.

There remains an open question of how to remedy the current situation: should the focus be on regulating bad actors after they appear or, instead, invest the political capital required to stop the processes enabling the data collection in the first place?

Tags Data Brokers, Fog Reveal, Geolocation, LEA, Mobiles, National Security, Privacy, SDK

Writing

Ongoing Criminal Exploitation of Emergency Data Requests

Post author By Christopher Parsons
Post date November 10, 2024

When people are at risk, law enforcement agencies can often move quickly to obtain certain information from online service providers. In the United States this can involve issuing Emergency Data Requests (EDRs) absent a court order.¹

The problem? Criminal groups are increasingly taking advantage of poor cyber hygiene to gain access to government accounts and issue fraudulent EDRs.

While the full extent of the threat remains unknown, of Verizon’s total 127,000 requests for data in Q2 of 2023, 36,000 were EDRs. And Kodex, a company that is often the intermediary between law enforcement and online providers, found that over the past year it had suspended 4,000 law enforcement users and approximately 30% of EDRs did not pass secondary verification. Taken together this may indicate a concerning cyber policy issue that may seriously endanger affected individuals.

These are just some of the broader policy and cybersecurity challenges that are key to keep in mind, both as new laws are passed and as new cybersecurity requirements are contemplated. It is imperative that lawful government capabilities are not transformed into significant and powerful tools for criminals and adversaries alike.

There are similar kinds of provisions in the Canadian Criminal Code. ↩︎

Tags Cybersecurity, Lawful Access, LEA, Privacy, Surveillance, Transparency