Category Archives: DRUGS

Around AU$200m later, data retention mostly used for chasing drugs, not terror

The Attorney-General’s Department has exposed a report outlining the opening months of Australia’s data retention scheme.

Australia’s telecommunications companies have been left with a funding hole of over AU$70 million to cover the capital costs of Australia’s data retention scheme, according to the Telecommunications Interception And Access Act 1979 Annual Report 2015-16 [PDF], while data authorisations for terrorism ranked below those for illicit drug offences.

www.policesearch.net

Despite handing out AU$128 million in grants last year, the report, released on Monday, states that the capital cost to industry will total AU$198 million by the end of the 2016-17 financial year.

“Information collected from industry through the Data Retention Industry Grants Programme indicates that the estimated capital cost of implementing data retention obligations over the period between 30 October 2014 and 13 April 2017 is AU$198,527,354,” the report said.

“[Costs] relate to the anticipated direct upfront capital costs and not the recurring or indirect costs associated with compliance.”

In 2015, Attorney-General George Brandis said he expected the average ongoing cost for telcos to run their data retention system would be around AU$4 per month.

The report said the Attorney-General’s Department (AGD) received 210 applications for funding, of which 10 were withdrawn, and 180 telecommunications providers were found to be eligible for funding. Of that 180, “most” were awarded a grant to cover 80 percent of their costs.

It was also detailed that during the implementation period for the data retention scheme, AGD received 402 data retention implementation plans from 310 providers.

Under Australia’s data retention laws, passed by both major parties in March 2015, telecommunications carriers must store customer call records, location information, IP addresses, billing information, and other data for two years, accessible without a warrant by law-enforcement agencies.

Over the period from October 13, 2015 to June 30, 2016, the report said the offence for which the highest number of authorisations to telco data was made was illicit drug offences, with 57,166. This was followed in ranking by miscellaneous, homicide, robbery, fraud, theft, and abduction.

Terrorism offences ranked below property damage and cybercrime, with 4,454 authorisations made.

As part of the data retention laws, the spirit of the legislation was to restrict access to stored metadata to a list of approved enforcement agencies, with those agencies not on the list theoretically having access removed on October 12, 2015.

Overall, the report said 63 enforcement agencies made 333,980 authorisations for retained data, of which 326,373 related to criminal law.

“In 2015-16, law enforcement agencies made 366 arrests, conducted 485 proceedings, and obtained 195 convictions based on evidence obtained under stored communications warrants,” the report said.

During 2015-16, 3,857 telecommunication interception warrants were issued, with interception data used in 3,019 arrests, 3,726 prosecutions, and 1,812 convictions. Total cost for interception warrants was AU$70.3 million, at an average cost of AU$619,200 per warrant.

Australia Post accounted for 64 authorisations between June 30 and October 12, 2015, compared to none the year before; and the Victorian Department of Economic Development, Jobs, Transport and Resources made 173 authorisations in 3.5 months compared to 226 the entire financial year prior.

It was also noted that on six occasions, warrants were exercised by people not authorised to; in three instances, the Ombudsman could not determine whether stored communications related to the person named on a warrant; and in one instance, it could not determine who had received stored communications from a carrier.

It was also revealed that during the 2015-16 year, the Western Australia Police had received a pair of journalist warrants, which saw 33 authorisations of data made.

“These authorisations were for the purpose of enforcing the criminal law,” the report said.

In April, the Australian Federal Police (AFP) revealed that it had “mistakenly” accessed a journalist’s call records without a warrant in breach of the data retention legislation.

It was subsequently learned that AGD had advised government departments to skirt metadata laws and rely on coercive powers.

In May, the Commonwealth Ombudsman found the AFP to be handling metadata in a compliant manner, but noted a number of exceptions.

“We identified two instances where a stored communications warrant had been applied for and subsequently issued in respect of multiple persons, which is not provided for under the Act,” the report said.

In response, the AFP said its warrant templates were not clear enough.

www.druglinks.info

Henry Sapiecha

With just one wiretap order, US authorities listened in on 3.3 million phone calls

The order was carried out in 2016 as part of a federal narcotics investigation.

NEW YORK, NY — US authorities intercepted and recorded millions of phone calls last year under a single wiretap order, authorized as part of a narcotics investigation.

The wiretap order authorized an unknown government agency to carry out real-time intercepts of 3.29 million cell phone conversations over a two-month period at some point during 2016, after the order was applied for in late 2015.

The order was signed to help authorities track 26 individuals suspected of involvement with illegal drug and narcotic-related activities in Pennsylvania.

The wiretap cost the authorities $335,000 to conduct and led to a dozen arrests.

But the authorities noted that the surveillance effort led to no incriminating intercepts, and none of the handful of those arrested have been brought to trial or convicted.

The revelation was buried in the US Courts’ annual wiretap report, published earlier this week but largely overlooked.

“The federal wiretap with the most intercepts occurred during a narcotics investigation in the Middle District of Pennsylvania and resulted in the interception of 3,292,385 cell phone conversations or messages over 60 days,” said the report.

Details of the case remain largely unknown, likely in part because the wiretap order and several motions that have been filed in relation to the case are thought to be under seal.

It’s understood to be one of the largest number of calls intercepted by a single wiretap in years, though it’s not known the exact number of Americans whose communications were caught up by the order.

We contacted the US Attorney’s Office for the Middle District of Pennsylvania, where the wiretap application was filed, but did not hear back.

Albert Gidari, a former privacy lawyer who now serves as director of privacy at Stanford Law School’s Center for Internet and Society, criticized the investigation.

“They spent a fortune tracking 26 people and recording three million conversations and apparently got nothing,” said Gidari. “I’d love to see the probable cause affidavit for that one and wonder what the court thought on its 10 day reviews when zip came in.”

“I’m not surprised by the results because on average, a very very low percentage of conversations are incriminating, and a very very low percent results in conviction,” he added.

When reached, a spokesperson for the Justice Department did not comment

Contact me securely

Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755–8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

If you see something, leak something. Telling the world holds people in office accountable, no matter how big or small it may be.

There are a number of ways to contact me securely, in ranking order.

Encrypted calls and texts

I use both Signal and WhatsApp for end-to-end encrypted calling and messaging. The apps are available for iPhones and Android devices.

You can reach me at +1 646-755–8849 on Signal or WhatsApp.

I will get back to you as soon as possible if I don’t immediately respond.

Encrypted instant messaging

You can also contact me using “Off The Record” messaging, which allows you to talk to me in real time on your computer. It’s easy to use once you get started. This helpful guide will show you how to get set up.

You will need a Jabber instant messaging account. There are many options to choose from. For anonymity, you should create an account through the Tor browser.

You can reach me at: zackwhittaker@jabber.at during working hours.

When you verify my fingerprint, it’s this: 914F503C 03771A5F A9E2AC91 95861FDA 9B3A7EAD.

Send me PGP email

My email address is zack.whittaker@gmail.com (remove the dot for PGP).

PGP, or “Pretty Good Privacy,” is a great (but tricky-to-use) way of emailing someone encrypted files or messages. PGP works on almost every email account and computer, but using it on your work or home email address won’t hide who you are, or the fact that you sent a reporter an email.

If you want to remain anonymous, go somewhere that isn’t your home or work network. Then, you should use the Tor browser, which hides your location, to access a free email service (like this one or this one).

The EFF has a set of easy-to-use tutorials on how to get started.

You will need my public PGP key to email me securely, available here.

You can also verify my PGP fingerprint to be sure it’s me: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

You can also get this information on my Keybase profile.

When all else fails…

You can always send me things through the mail. My work address is:

Zack Whittaker c/o CBS,
28 E. 28th Street,
New York, NY 10016,
United States of America.

(Updated: January 14 with additional Keybase details.)
(Updated: April 30 with new Jabber fingerprint.)

Henry Sapiecha

10 things you should know about the Dark Web [Internet’s underbelly] but probably don’t

A basic overview guide to the Internet’s underbelly — the Dark Web

1…Deep or Dark?

black web keyboard operator image www.intelagencies.com

There’s a difference between the “Deep Web” and “Dark Web.” While the “Clear Web” is the surface area which is indexed by search engines such as Google and Yahoo, the Deep Web is an area search engines can’t crawl for or index. Plunging in further, the Dark Web is a small area within the Deep Web which is intentionally hidden from discovery.

skull crossbones line

2…How do you access the Dark Web?

2

You can’t use standard access methods to gain entry into the Dark Web. The most common method is through the Tor network, an anonymous network created from nodes which disguise online activity. In order to use Tor, you need the Tor browser, and may also need to be issued an invitation to access certain .onion domains hidden within the Dark Web.

skull crossbones line

3…Wait, Onion domains?

3

An .onion address is the result of Onion networking — low-latency communication designed to resist traffic analysis and surveillance. The use of Onion networking is not a perfect solution to maintain anonymity, but it does help disguise who is communicating with whom.

skull crossbones line

4…It’s not just drugs

1

Many of us heard when the underground marketplace Silk Road, one of the largest hidden within the Tor network, was taken down following an investigation by US authorities. However, there are many more vendors peddling their wares within the Dark Web. While drugs are the most commonly-thought of when it comes to the secretive area, you can also purchase a plethora of other illegal goods. Weapons, porn, counterfeit money and fake identities, hacked accounts and even hitmen can be found if you have the cash. If someone annoys you, sending over a SWAT team as a “prank” is also possible.

skull crossbones line

5…It’s also something of an eBay for peculiar items.

5

A quick browse and I could buy lifetime membership passes to popular services such as Netflix, old consoles, clothing, emulators and DVDs, a car or two and bulk weight loss pills. Technology is also popular — there is a wealth of devices available — both counterfeit and apparently legitimate — if you know where to look.

skull crossbones line

6…The Dark Web is used for more than buying and selling.

6

So-called “ethical” hacking and political forums, archives of forbidden books, tips on how to care for your cat — there are potentially thousands of private .onion addresses hosted which go beyond marketplaces.

skull crossbones line

7…Trading is hardly safe or risk-free

7

Whether you take a risk with buying bargain designer clothes on the Clear Web or sink a few Bitcoins in purchasing illegal items through the Dark Web, neither is risk-free.

Vendors and sellers might be trying to avoid the eyes of legal enforcement in the darker side of the Internet, but this doesn’t stop scams from taking place. Scam vendors and quick grab-and-run schemes run rampant — especially as there is no way to follow up with failed sales down the legal route.

skull crossbones line

8…Buying and selling through the Dark Web

4

How do you trade without being linked to bank accounts? Virtual currency is the most common method, which includes “tumbling,” a laundering process which destroys the connection between a Bitcoin address which sends virtual currency and the recipient in the hopes of covering a user’s tracks. Some vendors offer escrow services which holds Bitcoin in trust until goods have been delivered and both parties are happy — although value fluctuations linked to Bitcoin use makes this move risky.

skull crossbones line

9…Avoiding spying eyes

10

Aside from using the Tor browser and VPNs, a number of buyers and sellers use “Tails,” free software which can be booted from flash storage to provide end-to-end encryption for your browsing sessions.

To further cover their tracks, vendors and sellers will often also use public Wi-Fi hotspots to conduct their business.

skull crossbones line

10…Reddit is used as a communication platform for Dark Web transactions

8

Although far from exhaustive, the best Clear Web resource to bounce around and learn a little about the darker, nastier aspects of the Internet is on Reddit. There are sub-forums in which Dark Web vendors and buyers exchange news, thoughts and seller reviews. Advice is also issued on how best to “clean house,” create safe “drop” zones to pick up packages ordered from the Dark Web and what to do if you think law enforcement is keeping an eye on you.

skull crossbones line
 BBB
Henry Sapiecha