 |
Wednesday, December 5, 2001 |
|
Probably everyone who reads RISKS has read about the United States' law
enforcement agencies wish to implement anti-terrorism measures which
adversely impact people's privacy. As reported in Yahoo Magazine, November
2001, the FBI has been pushing to get its Carnivore package installed at
major Internet Service Providers like AOL and EarthLink so that subscriber's
inbound and outbound E-mail can be flagged and read by the FBI.
Before the terrorist attacks on New York, activists had been trying to
disrupt Carnivore and like-minded software packages by stuffing their Web
sites, E-Mail messages, Usenet postings, and mailing list messages with
likely terms and phrases that would trigger collection by Carnivore so that
some hapless FBI stooge has to spend half a minute apiece looking through
tens out thousands of messages. By now, I'd expect, the FBI has tailored
its implementations of Carnivore to detect such repeated, invariant attempts
to choke off their software's usefulness but did the FBI really consider all
of the risks of using Carnivore? I doubt that they did.
You know what happens next, humans being ornery and downright stupid. What
happens next is that activists and idiots both will start farming AOL and
EarthLink E-Mail addresses and software will be written to start spamming
those hundreds of thousands of addresses with variant message texts
containing all the likely terrorism-related keywords inserted Mad-Lib
fashion. Tens of thousands of people will get E-Mail messages with forged
return addresses containing Mad-Lib-like generated terrorist plans and
Carnivore will flag on them. Then when the subscriber who gets the spam
forwards it to both uce@fbi.gov and Norfolk@fbi.gov, Carnivore gets two more
hits. If the subscriber is stupid enough to reply to the E-Mail (and let's
face it: They're using AOL or EarthLink so you know they're not very bright)
and now Carnivore sees a bi-directional link.
The risks are plenty. How many people will the FBI take off of real
criminal investigations and put onto the project to monitor and review bogus
Carnivore hits? If they hire new people, who's going to pay for them? How
many people are going to be visited by the FBI because some idiot keeps
sending them terrorist attack plans? The biggest risk is obvious and I have
to wonder why nobody in the FBI seems worried about it: Real terrorists will
slip through Carnivores' filtration criteria simply because you damn well
know that activists and idiots will be the ones who get to decide what
Carnivore filters and what it hits on.
How will activists get to drive Carnivore? Every time someone gets
questioned by the FBI or finds out from their neighbors that they've been
investigated, the victim will report the fact on the Internet maybe even
posting the E-Mail they received that triggered the software, prompting
activists and idiots to adopt the terms and methodologies which worked,
prompting the FBI to tailor Carnivores' filtration until the next time.
I can't see anything coming out of the struggle besides a pile of useless
software running on ISP's servers fingering innocent people and failing to
point at a single bad guy. ["Fredric L. Rice" via risks-digest Volume 21, Issue 82]
0:00
#
G!
| |
|
In an extraordinary step approved by a federal judge, a computer expert
hacked his way into a government-run, Denver-based financial system last
summer, created a false account and later altered yet another account. All
this happened without the hacker being detected. Those steps, endorsed by
U.S. District Judge Royce C. Lamberth in advance, were revealed Tuesday as
part of a court case involving the Interior Department's handling of more
than 300,000 trust accounts it is supposed to manage for American Indians.
A court-appointed master said the ease with which the government's computer
system could be penetrated was "deplorable and inexcusable." In a report
ordered released by Lamberth, the special master, Alan Balaran, called on
the judge to seize control of the system. [Source: Court-appointed hacker
altered Indian accounts, by Bill McAllister ,
*Denver Post* Washington Bureau Chief, 5 Dec 2001
(http://www.denverpost.com/Stories/0,1002,53%257E254976,00.html; PGN-ed
[The DoI Web site is now OFF THE NET. PGN] ["James H. Paul" via risks-digest Volume 21, Issue 81]
0:00
#
G!
| |
|
German officials are apparently attempting to prove that the PISA results
(Germany is pretty much at the bottom of the pack in regards to education
world-wide) are true and anyone, no matter how ignorant, can be a politician
in Germany:
The German Federal Government and the State governments have agreed to new
measures for protecting youth from pornography on the Internet: according to
the "Financial Times Deutschland" (http://www.ftd.de/pw/de/FTDPRAR3MUC.html)
all such content is banned from 11 p.m. until 6 a.m.
No, this is not April Fools' Day. Really. The German government seems to
think that when it is 11 p.m. in Germany, it is 11 p.m. everywhere else. And
that all those XXX folks on the Internet will happily turn off the sleaze
during the German day when the kiddies are awake.
This has of course caused an uproar amongst those in the know.
Spiegel-on-line wrote an open letter to the guy in charge of publishing this
nonsense, Frank-Walter Steinmeier
http://www.spiegel.de/netzwelt/politik/0,1518,170361,00.html
[The sarcastic wit in the letter may not make it through Babelfish
intact, but it is quite funny]
What a sorry state of affairs. The risks posed by ignorant politicians may
yet be far more dangerous that the odd virus and software mistake.....
Prof. Dr. Debora Weber-Wulff, FHTW Berlin, Treskowallee 8, 10313 Berlin
+49-30-5019-2320 http://www.f4.fhtw-berlin.de/people/weberwu/ [Debora Weber-Wulff via risks-digest Volume 21, Issue 81]
0:00
#
G!
| |
Maximillian Dornseif, 2002.
|
|
|
