judge
Conspiracy Constitutional Rights Domestic Policy Government Police State Technology Top News

Judge Rules FBI Can Hack Your Email (Here’s How You Stop Them)

What’s the biggest threat to your civil liberties?

Is it Congress crushing every loophole you grasp at for privacy?

That’s a nightmare, but there are bigger.

Is it the rise of presidential candidates who pledge to dismantle fundamental legal protections?

Good guess, but still not there – besides, previous occupants of the White House destroyed those already.

The biggest threat to your civil liberties are judicial decisions and the actions of unelected bureaucrats. Often, the deep effect of these is unclear for months or even years.

One example is a recent decision by federal judge Henry Morgan, Jr. Morgan ruled that Americans have no “expectation of privacy” in their internet protocol address (IP address), a unique identifier for a computer, smart phone, or other electronic device connected to the Internet.

You lose your privacy even if, as the suspect did in this situation, you employ defensive measures to avoid revealing your IP address, such as using a virtual private network (VPN).

According to Morgan’s analysis, while the FBI had a warrant to conduct a search of the suspect’s computer, they didn’t really need it. Why not? Morgan reasoned since hackers can break into computers, police can too.

The effect on all our liberty will be devastating.

In other words, you have no expectation of privacy against a warrantless government search, you also have no expectation of security if you take measures to avoid one.

RE

Based on that reasoning, because people get shot all the time in America, police can shoot anyone they want?

What about your home? About a decade ago, burglars broke into mine and stole my television, stereo, and personal computer (fortunately secured with software encrypting the entire hard drive). Morgan’s decision indicates that since homes get burglarized, police can break into anyone’s home to search for evidence, without a warrant.

It gets worse. As absurd as Judge Morgan’s ruling is, the Supreme Court has approved an obscure change in Rule 41 of the Federal Rules of Criminal Procedure that would enshrine the hacking he approved – albeit with a warrant – into law. At the FBI’s request, the Court ruled in May federal judges may issue nationwide “hacking warrants” if criminal suspects have made any efforts to hide their location.

Related Reading: If You Use Tor Browser, The FBI Just Labeled You a Criminal

Of course, that’s exactly what a VPN is designed to do.

In other words, if you don’t use a VPN, it’s open season for hackers on your PC or smartphone. And if you do use a VPN, it’s open season for the FBI.

The new rules go into effect December 1 – unless Congress blocks them. While the vast majority of our congressional members are spending most of their time campaigning for November re-election, a handful of them have promised to block the changes to Rule 41.

Will Congress block these rules? I wouldn’t count on it. As always, if you want privacy or security, you must rely on you. Your only choice is to protect yourself. But how?

As is often the case, some of the best solutions are outside the politically charged atmosphere of the US.

First, subscribe to a robust VPN to encrypt the data stream on your smartphone and your PC. The one the FBI has apparently compromised is named “Tor,” originally developed by the US Navy. Some friends of mine who know much more about encryption than I do tell me it’s not Tor itself that has been compromised, but rather users’ implementation of it. Personally, I think this distinction is irrelevant for anyone other than encryption techno-groupies.

Instead of Tor, the VPN we use at The Nestmann Group is called “Cryptohippie.” The company’s only US presence is to authenticate connections to Cryptohippie servers in other countries. None of Cryptohippie’s servers are in the US. While I have no way of knowing if Cryptohippie is more or less secure than Tor, it is much less well known and thus likely to be a less attractive target for hackers (including government sanctioned ones) than Tor.

Second, use an email program that facilitates transmission of encrypted messages. My personal choice is Thunderbird, along with a free plug-in called Enigmail. Once you exchange encryption keys with the people you correspond with, Enigmail automatically encrypts and decrypts your messages. What’s more, the messages are permanently encrypted on the server on which they reside. Even if a hacker manages to penetrate the server itself, the content of the messages remains secure.

Third, if you use webmail services, ditch US providers such as Gmail, Yahoo, etc. Use a non-US service that is serious about security and encryption. We use a company called Century Media, which has its servers in Switzerland, for this purpose, but there are many other choices.

A good time to begin securing your electronic life would be today. The US government certainly isn’t going to do it for you.

Source: http://www.activistpost.com/

2 Replies to “Judge Rules FBI Can Hack Your Email (Here’s How You Stop Them)

  1. “First, subscribe to a robust VPN to encrypt the data stream on your smartphone and your PC. The one the FBI has apparently compromised is named “Tor,” originally developed by the US Navy. Some friends of mine who know much more about encryption than I do tell me it’s not Tor itself that has been compromised, but rather users’ implementation of it. Personally, I think this distinction is irrelevant for anyone other than encryption techno-groupies.”

    This is completely wrong.

    First of all Tor is not VPN, VPN uses one hop/server to hide your IP address from the server or website you are connected to and to hide what websites and servers you are connected from your ISP.
    VPN server knows what is your real IP address and to what servers and websites you are connecting to so it can easily be subpoenaed by police to give this information or police can easily monitor internet traffic entering and exiting VPN server and do timing coloration attacks.
    People usually use ordinary web browsers with VPNs that are prone to leaking real IP addresses and other identifying information.

    Tor network consist of around 4000 servers run by various organizations and volutes in different countries around the world, when you connect to the Tor network your Tor client builds multiple circuits each consisting of 3 different servers ( first server stays the same for several weeks for security reasons)
    When you use Tor to browse the web or connect to other internet services (for example an email server).

    First Tor server knows your real IP address and second server in a row but doesn’t know your third server in a row and a website you are browsing, second Tor server in a row know your first and third server in a row but doesn’t know your real IP address and website you are browsing, third server ( exit node) in a row knows website you are browsing and your second server in a row but doesn’t know your first server in a row and your real IP address.
    Geographic distribution and different ownership of Tor servers makes tracing of Tor users extremely difficult.

    Tor unlike VPN comes with a special browser with security enhancements that prevent leaking of the real IP addresses, cookie separation, Tor circuit separation( different IP address for different website), and it tries to make all browsers look the same to the websites to reduce fingerprinting .

    FBI found a bug in Tor Browser (Not Tor client that runs in the background as a process or Tor network) that it can exploit to reveal real IP address of users but this doesn’t make Tor and Tor Browser less secure than VPN because regular browsers that are usually used with VPN are far more exploitable to reveal the real IP address and because of how easy it is to snoop internet traffic entering and exiting VPN server or simply send a subpoena to company that runs VPN to give their logs.

    Tor browser constantly receives new security enhancements and bug patches so bug that FBI uses for their exploit might already be patched.

    Tor Browser also has a security slider that turns on and off various browser functions depending on the security level that is selected so FBI’s exploit might only work on the lowest security level but not on the medium or high security level or on low and medium but not on high because it depends on the browser functionality that is turned off on certain security level, for example javascript, remote JAR file, HTML5 video etc.

  2. Yea- it won’t make any difference if you use a VPN or Tor as far as the courts are concerned. Those who took the proper security precautions would not have been identified by the PlayPen hack. The problem is the technical knowledge and time needed to protect oneself against such attacks are significant. The solution is along the lines of ensuring that a compromised system doesn’t even know what its real IP address is. While other means could also be used to identify a user these NIT devices are unlikely to utilize them. If they are you’d still be able to protect against them by removing web cams, microphones, GPS, wireless cards, and cellular modems. A locked down VPN router would have made this attack ineffective.

Leave a Reply

Your email address will not be published. Required fields are marked *