Tech Law

SPOTLIGHT ON SECURITY

FBI Looking to ‘Friend’ Terrorists

Social networks are popular with lots of folks, including terrorists. That’s why the FBI is looking for a contractor that will design an “early warning system” for it based on monitoring chatter on the likes of Facebook, Twitter and Google+.

To identify potential “bad actors,” the agency will be looking for terrorist keywords like “gangs,” “small pox,” “leak,” “recall” and “2600,” a hacker magazine that dates back to the days of Captain Crunch.

Crunch, also known as John Draper, used a toy whistle found in boxes of the breakfast cereal from which he took his moniker to produce a 2,600 Hz tone that could be used to make free long distance phone calls.

“Social media is changing how people organize and how sentiment is spread,” Richard Stiennon, chief research analyst with IT-Harvest, told TechNewsWorld. “For the FBI to tap into that is logical.”

Some civil liberties advocates, though, were concerned about the FBI proposal.

“They say they’ll be mining publicly available data, but a lot of people who post things on the Internet don’t understand that the government could be mining that data,” Electronic Frontier Foundation Staff Attorney Jennifer Lynch told TechNewsWorld.

“They’re not thinking that the government is collecting their data and mapping it with their associates or their friends’ comments,” she continued.

Both the Army and Air Force have been working on projects aimed at exploiting social media to identify terrorist activity, but the FBI proposal contains a new wrinkle, according to Lynch.

“It will use geospatial mapping tools to map people and their associates to figure out where they are and where they’re having their conversations,” she said. “That is worrisome.”

Hacking a Railroad?

Conflicting reports have appeared regarding foreign hackers invading the systems of a railroad in the Pacific Northwest and disrupting service there over a two-day period in December.

On Dec. 1, service on an unidentified railroad was disrupted and schedules delayed about 15 minutes, according to a U.S. Transportation Security Administration meeting summary obtained by the Nextgov website.

The next day, a “second event occurred,” but it did not affect any schedules.

Last week, however, the Association for American Railroads denied that any computer-based, targeted attack on a railroad had taken place.

Such confusion over an alleged cyberattack on the infrastructure isn’t unusual, according to Joe Weiss of Applied Control Solutions.

“Control system engineers just don’t have the tools that IT has to say, ‘yea and verily, a cyber attack occurred,'” he told TechNewsWorld.

Opening a Security Risk

Google announced it’s revamping its privacy policies this week, which disturbed SafeGov.org, an independent watchdog of the federal cloud.

What upset SafeGov is that, as part of its policy simplification program, Google will be aggregating information from all its users across all the Google services they use. That poses a security risk to government employees, according to SafeGov’s Jeff Gould.

“By putting all this information in one place and cross-referencing it all, it makes it easier for people to accidentally disclose information that can be used against them in a hacking or phishing attack,” he told TechNewsWorld.

Google has said that the new policy changes will not be applied to government employees, but Gould maintained that the technology that’s used to mine data from Google’s consumer users remains in the company’s government apps.

“Google, or any other cloud vendor, should not be data-mining the information that government workers put into their email, shared documents or calendar,” he declared.

Breach Diary

  • Jan. 22: Unknown hackers breach King Saud University, in Riyad, Saudi Arabia, and post stolen information from 812 user accounts to the Internet.
  • Jan. 23: AntiSec breaches OnGuardOnline.gov, a website managed by the U.S. Federal Trade Commission that offers Internet security advice to consumers, in protest of antipiracy legislation before Congress.
  • Jan. 24: New York State Public Service Commission announces the records of more than 2 million utility customers may have been breached by unidentified hackers. The probe involves New York State Electric & Gas (NYSEG) and Rochester Gas and Electric (RG&E); both claim there is no proof that their customers’ data was mishandled.

John Mello is a freelance technology writer and former special correspondent for Government Security News.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
More in Tech Law

Technewsworld Channels