Is this proof that most tax authorities are crooks?
Vanished tycoon named in tax haven inquiry
…stolen bank documents that were sold to the tax authorities by a whistleblower thief who worked at LGT, one of the principality’s biggest banks.
Tax authorities across the world are now using the data to investigate people suspected of hiding their assets in the tax haven.
Germany’s government last week bought another set of data listing the names of 1,850 more people with bank accounts in the principality.
A partner at one the world’s biggest accountancy firms said: “By buying stolen data, tax authorities have encouraged anyone in a bank in Liechtenstein, Monaco or any other tax haven to sell private banking records for cash.
The thief, Heinrich Kieber, according to Forbes, financed a real estate deal in Spain during 1996 with “uncovered checks”. He was not charged and did not have a criminal record when he joined the bank in Liechtenstein. However, the consequences of his Spanish real estate deal followed him to Liechtenstein. In 2001, he was fined 600,000 Swiss francs ($552,000) for fraud by the Liechtenstein judicial system. To get out of this, he tried to blackmail the authorities with the stolen data. When that didn’t work-out to his satisfaction he sold the data to Germany.
I wonder if this thief and extortionist is paying taxes on his $7.5 million blood money from under his rock or wherever he is hiding. On the other hand, I am certain that the public officials who were complicit in this crime kept their jobs or were promoted.
The U.S. government has published its policy regarding seizing laptops and other devices capable of storing data.
Federal agents may take a traveler’s laptop or other electronic device to an off-site location for an unspecified period of time without any suspicion of wrongdoing, as part of border search policies the Department of Homeland Security recently disclosed. Also, officials may share copies of the laptop’s contents with other agencies and private entities for language translation, data decryption, or other reasons, according to the policies, dated July 16 and issued by two DHS agencies, US Customs and Border Protection and US Immigration and Customs Enforcement… DHS officials said that the newly disclosed policies — which apply to anyone entering the country, including US citizens — are reasonable and necessary to prevent terrorism… The policies cover ‘any device capable of storing information in digital or analog form,’ including hard drives, flash drives, cell phones, iPods, pagers, beepers, and video and audio tapes. They also cover ‘all papers and other written documentation,’ including books, pamphlets and ‘written materials commonly referred to as “pocket trash…”
It seems the best thing is to keep encrypted files on a network drive at home, and download the needed encrypted data after crossing the border.
With Windows XP, to clear the page file on shutdown go to Control Panel->Administrative Tools-> Local Security Policy->Local Policies->Security Options->Shutdown: Clear Virtual Memory Pagefile … enable it. It is wise to enable this setting on every computer you use.
We tell people to travel with a “clean” laptop. However, Windows creates a lot of temporary files. The most damaging can be the Page file. Everything that went into virtual memory is there in a file on the hard drive. Of course you should also use a good file erasure programme before shutting off the laptop.
Evidence Eliminator and similar software can kill out files and perform other tasks. But their use can raise red flags in a legal dispute.
But the wiper programs don’t ensure a clean getaway. They leave behind a kind of digital calling card.
“Not only do these programs leave a trace that they were used, they each have a distinctive fingerprint,” Kessler said. “Evidence Eliminator leaves one that’s different from Window Washer, and so on.”
I recommend the use of file erasure tools, especially when crossing international borders with computers. If you use such a programme regularly you have plausible deniability if you’re accused of erasing data to keep it from the police or the courts. If you always use it, then its “fingerprint” will always be there. If the install date matches the computer’s purchase date, then they can’t say you did this to eliminate the evidence the courts or police were seeking. Also, get a receipt for the wiper programme to show when it was purchased for the same reason.
File erasure programmes are part of prudent security practices and should not be viewed as something suspicious.
This is not a new issue. A 2004 PC World article described the technology. In February, 2008, I wrote about the EU concerns that these secret printer ID codes may break EU Privacy laws. The EFF has a list of the printers that print these secret codes used by the US government to match a document to the laser printer that produced it.
Another article about this appeared in USA Today a few days ago.
Printer dots raise privacy concerns
The dots, invisible to the naked eye, can be seen using a blue LED light and are used by authorities such as the Secret Service to investigate counterfeit bills made with laser printers…
Privacy advocates worry that the little-known technology could ensnare political dissidents, whistle-blowers or anyone who prints materials that authorities want to track.
The dots are produced only on laser devices and not ink-jet printers, which are most commonly used at home…
As an investigator, this might present an opportunity if the dot pattern is consistent enough to be matched to a particular printer or printer type without being able to decode the dots. If this were the case, then you might not need the ability to decode the dots in some instances. For example, at a company with many different types of laser printers. The process of elimination might indicate which printer(s) could have created a document.
Dumpster-diving — going through trash bins in hopes of finding paper records with valuable information like customer names or future product plans — is alive and well in the age of USB flash drives and portable music players.
An excellent article from Robert L. Scheier in Computerworld, on Monday, December 17, 2007 entitled, Dumpster-diving for e-data, discusses the risk factors and offers some solutions.
Popular Mechanics offers advice on how to destroy hard drives.
FoundStone (a division of McAffee) recently released a free tool called SiteDigger. The tool uses the Google API to scan cached pages of a web site and then performs security checks on those cached pages. One of the things it will look for is open security webcams.
Microsoft Has Developed Windows Forensic Analysis Tool for Police
The COFEE, which stands for Computer Online Forensic Evidence Extractor, is a USB “thumb drive” that was quietly distributed to a handful of law-enforcement agencies last June. Microsoft General Counsel Brad Smith described its use to the 350 law-enforcement experts attending a company conference Monday.
The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer’s Internet activity, as well as data stored in the computer.
It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator can scan for evidence on site.
Microsoft did not develop the tools:
COFEE, according to forensic folk who have used it, is simply a suite of 150 bundled off-the-shelf forensic tools that run from a script. None of the tools are new or were created by Microsoft. Microsoft simply combined existing programs into a portable tool that can be used in the field before agents bring a computer back to their forensic lab.Microsoft wouldn’t disclose which tools are in the suite other than that they’re all publicly available, but a forensic expert told me that when he tested the product last year it included standard forensic products like Windows Forensic Toolchest (WFT) and RootkitRevealer.
With COFEE, a forensic agent can select, through the interface, which of the 150 investigative tools he wants to run on a targeted machine. COFEE creates a script and copies it to the USB device which is then plugged into the targeted machine. The advantage is that instead of having to run each tool separately, a forensic investigator can run them all through the script much more quickly and can also grab information (such as data temporarily stored in RAM or network connection information) that might otherwise be lost if he had to disconnect a machine and drag it to a forensics lab before he could examine it.
But given that a U.S. Federal court has ruled that U.S. border guards can search laptop computers without cause, this tool might see wider use than Microsoft anticipated.
The US authorities demand that everybody entering their country have a passport and identity documents compliant with their security standards, but when it comes to their own passports, they have a much lower security standard than they demand of other countries.
The blank passports travel to Europe where a microchip is inserted in the back cover and then onto Thailand where they are fitted with a radio antenna. The Netherlands company that makes the covers for the passport said in October that China stole the technology for the microchips, the Times said.
The Government Printing Office’s decision to export the work has proved lucrative, allowing the agency to book more than $100 million in recent profits by charging the State Department more money for blank passports than it actually costs to make them, according to interviews with federal officials and documents obtained by The Times.
This news story about the apprehension of a man who had child porn on his laptop illustrates how the data on your laptop could be compromised during a border crossing. The actions of this border guard appear to benefit society in this instance.
Texas man arrested at Ottawa airport for child porn faces up to 30 years
The Ottawa Citizen, Published: Sunday, March 23, 2008
The officer asked if he had anything prohibited on his computer and Mr. Moore said he didn’t, but that his brother also used the laptop. When the computer underwent secondary screening, the child pornography files were discovered, and Canadian officials arrested Mr. Moore. He was later transferred to Texas.
When I was traveling and crossing borders frequently, only once did a border guard look at the papers I was carrying. Today, the same border guard is much more likely to probe my laptop.
For the business traveller, this poses significant risk, as the person examining his mobile computer and other electronic devices will either be incompetent or very knowledgeable. The border officials may also have motives for the search that are unrelated to their primary purpose. Each circumstance creates its own risk for the traveller.
The US Government Accountability Office says that stolen sensitive military items have been purchased by undercover government officials on Craigslist and eBay. However, this is like the kettle calling the pot black. The same subcommittee determined that the Defense Department sold chemical protective suits and biological warfare laboratory equipment to the public.
While it is easy to see an element of fear mongering in this, it does remind us that private sector businesses should be checking eBay and Craigslist for their own product and counterfeits. Doing so may reveal a problem with theft, grey marketing, or counterfeiting.
I previously wrote about Bill C-27 and how it will make it an offence in Canada to recklessly make available or sell personal information knowing it will be used to commit fraud.
Google, and others, offer tools such as on-line word processing but your data is housed by that entity, usually in the USA, and is thus subject to the US Patriot Act, and other laws that allow government surveillance of your data.
In my view, using these Web-based collaborative tools amounts to Reckless Personal Information Handling.
Web-based Collaborative Tools
The Globe and Mail recently published an interesting article about this:
Patriot Act haunts Google service
by SIMON AVERY, Globe and Mail March 24, 2008
Some other organizations are banning Google’s innovative tools outright to avoid the prospect of U.S. spooks combing through their data. Security experts say many firms are only just starting to realize the risks they assume by embracing Web-based collaborative tools hosted by a U.S. company, a problem even more acute in Canada where federal privacy rules are at odds with U.S. security measures.
When I travel for work, I undertake what some people consider extreme measures to protect proprietary client data from theft by officials at international borders. These officials do not need warrants to seize or examine anything in your possession when crossing a border and that makes border officials excellent spies. This issue arose recently regarding the actions of the US border officials:
In Canada, one law firm has instructed its lawyers to travel to the United States with “blank laptops” whose hard drives contain no data. “We just access our information through the Internet,” said Lou Brzezinski, a partner at Blaney McMurtry, a major Toronto law firm. That approach also holds risks, but “those are hacking risks as opposed to search risks,” he said.
Creating a “blank laptop” entails more than just hitting the delete key or even using a utility to overwrite existing data. The hacking risk is also greater than most people realize, especially with wireless connections. Even with secure end-to-end encryption, traffic analysis can yield very useful intelligence.
Surveillance Book
This book’s title is deceptive: No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing. (It appears on our Books page and the right side of the main page.)
Every surveillance operative should read this book for its description of what one can learn from proper observation. It is also a must-read for IT security people for its description of these attack methods. This book is about compromising somebody’s security through surveillance and deceit. It also includes many tips for improving what you observe and report as an Investigator.
