When You Weren’t Looking, the Surveillance State Grew
*epilepsy warning*|Hatemail: Newsletter and Intel from the LaBac Hacker Collective
A note from the Collective: Next month will mark a year since George Floyd’s murder by Derek Chauvin, a white former police officer, who will be sentenced for the murder in eight weeks.
It is important that we remain focused on changing the socio-political circumstances that led to Floyd’s murder that continue to systemically oppress and unjustly harm Black people. Chauvin’s conviction indicates a shift in the status quo, but we all know there is still so much work to do. Nationwide civil unrest and community organizing efforts continue to combat the pervasive institutionalized racism that has defined American society for much of its history
We encourage and extend support to our readers engaging in racial justice work in their communities – as accomplices and as members of LaBac continue to do the same. We also ask those of you with the means to consider making donations to your local racial justice groups.
Who Needs Science Fiction When There’s Surveillance Policing?
While #abolishthepolice and #defundthepolice movements are gaining widespread support among young Americans, police are pushing the limits of privacy invasion and surveillance policing. And we’re not even talking about the robotic surveillance “dogs” that the NYPD showcased earlier this month only to send them “to a farm upstate” following the justified public backlash.
Don’t get it twisted, we at LaBac think the robotic cop dogs are absolutely terrifying, but like many things in the digital world, sometimes the greatest security threats are intangible … or at least not necessarily packaged into spry, animal-like robot builds.
This week we’re outlining three policing tools that have exponentially grown over the last two decades and pose critical threats to the future of civilian privacy. Consider them a dystopian surveillance-technology-trifecta. These three tools aren’t the only machinations that police are entertaining (the robot dogs...remember?). Instead, these are tools that have recently caught our attention for being particularly insidious in how, unbeknownst to us, they’ve integrated right into society.
Fusion Centers: The Little Known Mass Surveillance Network
Last week, reports emerged that Maine may soon vote on the first bill in the country to shut down a “fusion center,” an intelligence hub that collects, coordinates, and shares information between different law enforcement agencies across local, state, and federal jurisdictions. Fusion centers were created in the wake of 9/11 and framed as a counter-terrorism tactic, but the American Civil Liberties Union (ACLU) states that the fusion centers have not proven to be effective tools against terrorism.
Most importantly, Electronic Frontier Foundation (EFF), which has documented 76 fusion centers across the country, argues that the centers play a key role in implementing the problematic National Suspicious Activity Reporting Initiative (NSI) which allows law enforcement to investigate individuals for performing innocuous activities, such as taking a photo of a building. In 2020, BlueLeaks dumped records purportedly lifted from fusion centers and allegations surfaced that the centers were being used to monitor peaceful activists. While interest is growing in dismantling fusion centers, they continue to operate as massive intelligence hubs with little transparency or oversight.
Facial Recognition Software: Widely Used and Undeniably Creepy
Unlike fusion centers, concerns about facial recognition software have prompted a wave of local bills banning or restricting uses of the technology in cities like Portland and San Francisco. Last week, a bill restricting law enforcement’s ability to purchase facial recognition data was introduced to the Senate. Despite the various pro-privacy laws in the works, the technology happens to be one of the more pervasive tools used by law enforcement, including federal departments such as ICE.
Earlier this month, BuzzFeed News reported that nearly 2,000 public agencies nationwide conducted identity searches with Clearview AI – a widely used and controversial facial recognition tool linked to far-right ideologues and Holocaust deniers. Targets of these searches included Black Lives Matter protesters and insurrectionists at the Jan. 6 attack on the Capitol Building. In 2020, the NYPD used the technology to track down a Black Lives Matter activist accused of assault – a troubling development for first amendment protections.
Real-Time Crime Centers: The Fusion Center and Facial Recognition Love Child
Fusion centers and Real-Time Crime Centers (RTCCs) share enough similarities that they are sometimes referred to each other interchangeably, but they differ in two key ways. The first is scope: Where fusion centers have regional collection centers, RTCCs are more localized down to the county or city level. The second is data use: Fusion centers consolidate information across jurisdictions while RTCCs access mass troves of data – including license plate readers and (of course) facial recognition software. Analysts at RTCCs often provide intel to first responders or law enforcement, but they also make predictions about potential “future crimes” with historical data, which is also known as “predictive policing,” aka dystopian as fuck.
The EFF’s Atlas of Surveillance project has written detailed reports on nine specific RTCCs and located 86, which means RTCCs now outnumber fusion centers. This makes sense because, unlike fusion centers and facial recognition software, the push against RTCCs hasn’t materialized with the same energy… yet. Instead, RTCCs are expanding and new ones are being built at what seems to be a rapid pace. In the past 30 days, new RTCCs or RTCC network expansions were announced in Florida, New Mexico, and Ohio.
RTCCs are localizing unproven, federal intelligence-sharing tactics designed in a post-9/11 world. Combined with access to highly invasive data collection and surveillance tools, such as facial recognition technology, RTCCs become some sort of franken-surveillance monster. Take a look here to learn more about the presence of RTCCs, fusion centers, or facial recognition technology in your community. For the moment, we must stay vigilant and spread the word.
Hacking Legend and “All-Around Nice Guy,” Dan Kaminsky Passes Away at 42
A member of LaBac Pays Tribute to the prolific hackerOn Saturday, April 24, 2021, a rumor started trending in the hacker Twitterverse claiming Dan Kaminsky (@dakami), Internet Protector, had passed away at 42. As the news of his death spread, the information security community collectively felt the impact throughout. Imagine Captain America dying, except you actually know Cap’ personally. We now know, as confirmed by his family, that Dan passed away from diabetic ketoacidosis (and not from complications from the COVID-19 vaccine like some anti-vaxxer douche canoe claimed on Twitter shortly after Dan's death).
We would now like to take a moment to talk about Dan here on this edition of hatemail.
If you did not have the pleasure of knowing Dan personally, let’s paint a picture: If you've ever watched the movie Hackers, it could be said that Dan's childhood shared some similarities to Dade Murphy in the film. While playing as a child, Dan was caught pentesting military computers at age 11. He didn’t get banned from anything electronic until he turned 18, though, and thanks to his mother, he only received a three-day suspension from the Internet.
In 2008, Dan, then a gainfully employed security researcher, discovered a major flaw in the DNS protocol that would have allowed skilled adversaries to commit various types of fraud and online takeovers. He quickly sought the attention of, among others, the Department of Homeland Security, Cisco, and Microsoft, and then helped roll out the largest-ever synchronized vulnerability patching in Internet history to prevent the exploitation of the flaw. A few years later, ICANN made him one of the 7 DNS recovery key holders – the ultimate honor.
Dan was a fixture of BlackHat, DEF CON, and other cybersecurity-related conferences where he would give talks regularly. Dan’s niece reached out to the community to locate a touching video she made with her uncle right after BlackHat in 2008, talking about DNS long gone from the internet. Someone was able to bring it back to share (be prepared for 1:45 minutes of geeky nostalgia).
Dan did not stop at the DNS protocol, he did SO MUCH for the Internet as we know it today. Whether it was by exposing Sony's scheme to install corporate malware on more than half a million computers, or siding with Apple in their fight against the FBI trying to push backdoors in their encryption, Dan always sided with the People.
With that purpose in mind, in the last few years, he founded Bot or Not (which became White Ops and now HUMAN) with Michael Tiffany, Tamer Hassan, and Ash Kalb in the back of a sci-fi bookstore. The company's noble pursuit was to rid the Internet of fraudulent traffic.
Based on the amount of tributes posted online, Dan’s contributions and comradery touched a large number of folks in the hacking community. Several folks remarked, in this industry, the impact you leave from the people you connect with is remembered much louder than anything else like CVEs, bug bounty $$$, BlackHat talks, or whatever – and Dan’s contributions were prolific, if not legendary.
Explicit Content on the Web
- [Vice] A new piece of legislation called the SAFE TECH ACT, seeks to reform free speech protections online, potentially making it harder for sex workers to safely use encrypted communication services they may rely on for work. The legislation is being compared to the controversial 2018 Fight Online Sex Trafficking Act (FOSTA), which has been criticized for having little impact on curbing abuse while drastically harming sex workers using online platforms.
- [The Verge] A woman identified as “Jane Doe” has filed a lawsuit against Reddit for allowing an ex-boyfriend to repeatedly post nonconsensual, pornographic images taken of her when she was 16-years-old. The lawsuit will test the application of controversial measures implemented under FOSTA.
- [Salty] Carina Capitine writes about how her ex-boyfriend used nudes of her for an art exhibition, without her consent, and meditates on image-based sexual abuse, art, and voyeurism.
On Our Radar...
- [Huffington Post] Footage shows that police kneeled on the back of Mario Gonzalez, a 26-year-old father, for five minutes leading up to his death in police custody in California. The video contradicts the police account of Gonzalez’s death.
- [LGBTQ Nation] On Tuesday, the Texas Senate advanced a bill that would criminalize the parents of trans children as “child abusers” for providing medical procedures or hormone treatments for the purpose of gender transition or gender reassignment.
- [Vice] Indonesian delivery drivers use unofficial apps to spoof their GPS location and receive orders better for them instead of abiding by the algorithm dictated by their app overlords.
Hate speech website: bestnewshere[.]com
Who hosts: Choopa
Today’s site is bestnewshere[.]com. It is the homepage for the Best News Here, a site containing exaggerated summaries of news, along with outrageous conspiracies and claims. The site caught our attention as it has risen in popularity amongst the links shared in hateful online chats.
The site is hosted on Choopa infrastructure. Choopa is an internet hosting provider well known amongst fraudsters and cybercriminals for their tolerance of bad behavior. The IP address for bestnewshere[.]com is 149.28.118[.]2.