Sunday, August 2, 2015

Next time they just may take your email! Part 1

In September of 2014 lawyers representing the City of Houston subpoenaed local pastors to provide documents related to the Houston Equal Rights Ordinance. On page 11 of the subpoena, the definitions and instructions are explained. The third bullet point includes the following.

”The terms include, but are not limited to, emails, instant messages, text messages,…”

After protest, meetings and discussions involving people with different thoughts of the legislation the subpoena request was cancelled. However, the topic of this particular blog is not to discuss the Houston Equal Rights Ordinance. My focus will be on email message encryption, why it is important and how it affects you.

In the Stored Wire and Electronic Communications and Transactional Records Access section 2703 it states the following in sections A and B.

"(a) Contents of Wire or Electronic Communications in Electronic Storage.— A governmental entity may require the disclosure by a provider of electronic communication service of the contents of a wire or electronic communication, that is in electronic storage in an electronic communications system for one hundred and eighty days or less, only pursuant to a warrant issued using the procedures described in the Federal Rules of Criminal Procedure (or, in the case of a State court, issued using State warrant procedures) by a court of competent jurisdiction. A governmental entity may require the disclosure by a provider of electronic communications services of the contents of a wire or electronic communication that has been in electronic storage in an electronic communications system for more than one hundred and eighty days by the means available under subsection (b) of this section.

b) Contents of Wire or Electronic Communications in a Remote Computing Service.
(1) A governmental entity may require a provider of remote computing service to disclose the contents of any wire or electronic communication to which this paragraph is made applicable by paragraph (2) of this subsection—
(A) without required notice to the subscriber or customer, if the governmental entity obtains a warrant issued using the procedures described in the Federal Rules of Criminal Procedure (or, in the case of a State court, issued using State warrant procedures) by a court of competent jurisdiction; or
(B) with prior notice from the governmental entity to the subscriber or customer if the governmental entity—
(i) uses an administrative subpoena authorized by a Federal or State statute or a Federal or State grand jury or trial subpoena; or
(ii) obtains a court order for such disclosure under subsection (d) of this section;
except that delayed notice may be given pursuant to section 2705 of this title.”

Simply put, if your email is over 180 days old and it is still available on the server, all the government needs is to issue a subpoena. With a warrant the standard of probable cause needs to be met. Also, a judge is needed to issue a warrant. These requirements may not need to be met in regards to a subpoena.    

Encrypting your email messages is important because it helps protect your right to privacy. This is done by making your email messages difficult to read by unwanted users. Even if the government or an unwanted third party were to access your messages they would need to have access to the key needed to decrypt the messages.

A brute force attack can be performed to decrypt the message so it is very important that the strongest encryption is used. With today’s technology it would take many years to decrypt a message that uses strong encryption. The more encrypted messages that you send and receive the better the system will work. 

In Matthew 10:16 Jesus says “I am sending you out like sheep among wolves. Therefore be as shrewd as snakes and as innocent as doves.” It is wise to learn how to properly use these tools. In part two of this article we will discuss the usage of Pretty Good Privacy (PGP) and how it works to help protect your privacy.
  

References:

Subpoena by the City of Houston
http://www.adfmedia.org/files/WoodfillSubpoenaRequest.pdf

Stored Wire and Electronic Communications and Transactional Records Access section 2703
https://www.law.cornell.edu/uscode/text/18/2703

Wednesday, July 22, 2015

What does the Ashley Madison Hack have to do with the Christian Church.

The Ashley Madison website, back-end databases and possibly its internal network were compromised by hackers calling themselves “The Impact Team” for an unknown period of time. The hackers happen to make themselves known over the weekend. It is unknown how the attack had occurred but 37 million user’s information, company financial data and detailed network information were stolen from the network. Also, the front page of their website was defaced. Samples of the stolen user accounts have been posted online but quickly removed via take down request. There is no guarantee that the data will not be placed online again.

The attack has exposed many millions of men and women desiring to have an affair. Additionally, their names, addresses, credit card numbers and other personal and identifiable information concerning their customers were stolen. Even past customer that paid to have all their information removed from the Ashley Madison system had their information stolen because their information was never removed as advertised. On the surface everything looks to be back to normal at Ashley Madison but behind the scenes they are recovering and working with law enforcement to track down the hackers.

What does this have to do with the Church of Jesus Christ? If the data is released it is likely that people who are hurt will shows up at churches looking for council and healing. Others may need help getting on their feet after going through a costly divorce. Confronting these issues are very important and the church needs to be involved but this is not the focus of this post. During my research of the issue I have seen that many people were supportive of the breech because the site helps people cheat on their spouses. People did not like the idea of helping people commit these acts.

It is clear that people are not in agreement with many of the views of the Christian Church. It is possible that an attack like this can happen to a church. Smaller attacks that defaced websites or steal banking information to transfer funds to overseas accounts have already been done. What would happen if your congregation database were stolen? Would this expose your parishioners to fraud? Do you keep a database of people in Celebrate Recovery? This could be very embarrassing for you and the congregant.

No matter the size of your church if you are keeping and maintaining any kind of database, website or computer network this information must be protected. It must be protected from insider and outsider threats. Many of the Christian’s views make the church a target and it must be prepared. In the coming weeks and months I will be posting some of the things that you can do to reduce the risk of a successful attack and lessen the impact of those attacks that are successful.   

Friday, June 19, 2015

Tinba has been Updated, Armored and Attacking European Banks.


The Tinba (Tiny Banker) Trojan has been updated, armored and is attacking European banks. When initially discovered in 2012 the Tinba Trojan weighed in 20KB and was known as the worlds smallest banking Trojan. Its small size made the Trojan fast and hard to detect. The newest version comes into the battle at 10 times the size or 200KB. The size increase is caused by the additional powerful capabilities added to this Banking Trojan. These capabilities include social engineering techniques, sandbox evasion, CnC authentication and encrypted communications just to name a few.
One of the more fascinating features of this Trojan is the infrastructure built for it. First, the use of encryption is done between the CnC server and Trojan itself. This makes it difficult for law enforcement or security researchers to spoof communications. Additionally, if the built in CnC servers are unavailable the Trojan can use its an algorithm to generate 1000s of possible backup domains as possible host to connect to. If the criminal gang behind the infrastructure were to lose access to the CnC servers they would just need to bring up servers with domain names that would meet the criteria of the algorithm. Last but certainly not least the same infrastructure used to host this Trojan is also hosting other malware. This infrastructure is resilient, powerful and simply amazing!     
If you happen to become infected with this beast it will spring into action once you log into targeted site. It starts by launching webinjects customized for the bank requesting login credentials, personal information or permission to transfer funds. It may also warn you that extra money has been accidentally transferred into your account and it must be refunded immediately.
This Trojan is very powerful and is highly customizable to fit the location and language of the target. The latest version has been customized to target European banks and their customers. Due to the fast pace of change concerning this threat any opportunity must be taken to lower the risk of a successful attack.
What you need to know and do.                
This Trojan has been seen delivered by the Rig Exploit Kit.
Keep your OS and applications updated.
Pay attention to unusual request and changes when you do your online banking, when in any doubt contact your financial institution.    
References: