We've been hearing a lot about a surveillance gap since SolarWinds hack was exposed. Officials call it a “blind spot,” a "visibility" issue and an authorities “gap." But they've been vague about what they mean by it. Turns out it's not quite what you think zetter.substack.com/p/mind-the-gap…
I spoke w/ former NSA General Counsel Glenn Gerstell about the surveillance gap, and it turns out it's not about not being able to see into US private-sector systems at all, but about FBI not being able to get a warrant quickly enough or get one when there isn't probable cause.
Gerstell described hypothetical: NSA sees data leave US computer and go to one in Europe; then data leaves Europe computer and goes to one in Russia. Suspects it's intel stolen by foreign power but doesn't have evidence for probable cause emergency access to US computer to verify
Gerstell thinks NSA or FBI or other authority should be able to access US computer to determine if foreign power is using it as command center to hack other US computers. But this would bypass protections in the Foreign Intelligence Surveillance Act.
"If the NSA or FBI could quickly examine that U.S. machine, they could determine 'within hours' that the machine is a vector for malicious activity by a foreign power. 'And that would be a big improvement over what is now a several-days process,'" he said.
But for emergency access, FISA requires prob cause that a foreign power/agent of foreign power is involved. But it's not always possible to know without accessing US system first. He thinks NSA/FBI should be able to do warrantless search of that US computer without prob cause
Experts like @granick, @RonWyden and others says prob cause protection in FISA is there for good reason. And @DAlperovitch says there's another reason you don't want to allow this:
What if the U.S. system is not a command-and-control server at all but is part of a presidential campaign's infrastructure, and "suddenly you’re monitoring a presidential campaign [computer]? You don’t want to be in that business,” @DAlperovitch told me.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Kim Zetter

Kim Zetter Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @KimZetter

1 Apr
CEO of the Associated Press says the international news service experienced unprecedented cyber "attacks" during the 2020 election. This included 10,000 daily phishing attempts and an average of 1.8 million web-based “attacks” per month. zetter.substack.com/p/ap-says-it-e…
They “came in withering numbers,” were sophisticated, and came from Pakistan, Taiwan and “most especially the Russian Federation” among others. In 2016, AP was hit mostly w/ DDoS attacks. In 2020 they were more sophisticated attempts to “find backdoors" in AP platforms/systems.
AP plays critical role in election reporting and is obvious target for anyone wanting to disrupt results/create confusion. AP feeds content to 12,000+ media outlets around world and counted/compiled votes in 7,000+ US elections in 2020; it's often first to call winner in races.
Read 4 tweets
1 Apr
Another water system hacked - this one in Kansas. Former employee charged w/ gaining remote access and performing activities "that shut down processes at the facility which affect the facility’s cleaning and disinfecting procedures," per indictment. justice.gov/usao-ks/pr/ind…
Wyatt Travnichek was employed by Ellsworth County Rural Water District (aka Post Rock Rural Water District) for 1 yr before resigning in Jan 2019. On March 27, 2019, Post Rock experienced an unauthorized remote intrusion resulting in the shut-down of the facility’s processes.
Post Rock Water District serves more than 1,500 retail customers and 10 wholesale customers over eight Kansas counties. Post Rock’s processes include cleaning and disinfecting customers’ drinking water. In shutting down the cleaning processes, it could have affected public health
Read 4 tweets
25 Mar
Portrait of a Digital Weapon
Ok this is pretty cool. Artist made homage to Stuxnet using de-compiled code that displays character by character, like a digital countdown, over satellite image of Iranian facility it attacked. Note USB cc: @liam_omurchu
macpierce.com/portrait-of-a-…
The artist has documented the entire process of creating it, here: macpierce.com/blog/2021/3/21…
And this is the artist behind the artwork: Portrait of a Digital Weapon
Read 5 tweets
16 Mar
Here's the 15-page report just released by the ODNI about foreign threats to the 2020 election - this is the unclassified version of the larger classified report dni.gov/files/ODNI/doc…
"This [assessment] does not include an assessment of the impact foreign malign influence and interference activities may have had on the outcome of the 2020 election."
"We assess that it would be difficult for a foreign actor to manipulate election processes at scale without detection by intelligence collection, ... through physical and cyber security monitoring around voting systems ..., or in post-election audits."
Read 5 tweets
2 Mar
Microsoft is warning users to apply patch it's releasing today for four zero day vulns found in Exchange email servers - the vulns are being actively exploited by threat group believed to be from China. Details in this thread (and here after 2pm): microsoft.com/security/blog/…
"We strongly urge customers to update on-premises systems immediately. Exchange Online is not affected."

The vulns are CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065; all of which are addressed in today’s updates for Exchange Server.
The vulns affect Microsoft Exchange Server. Exchange Online is NOT affected. 
 
Versions affected are: 
Microsoft Exchange Server 2013 , 2016  and 2019 


Microsoft Exchange Server 2010 is being updated for Defense in Depth purposes.
Read 12 tweets
27 Feb
Thinking about the potential intelligence and deep-fake benefits from grabbing this voice data. “Each of the audio tracks contains metadata including the corresponding user ID: this makes harvesting and processing the voice data of each individual easier.”
“Clubhouse records all audio until every person has left the room, which it says is for safety purposes. Its community guidelines state that temporary audio recording is performed ‘solely for the purpose of supporting incident investigations’ while ‘the room is live.’”
“If a user reports a violation while the room is active, Clubhouse retains the audio [to investigate] and deletes it when this is complete... ‘Audio from muted speakers and audience members is never captured, and all temporary recordings are encrypted’”
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!