An Italian Data Protecion Authority Secret Report Leak?

According to an Italian newsmagazine, a non-for-public eyes investigation of the Italian Data Protection Act would have found severe security problems in the management of the Internet Exchange Points (the points of the Italian telecommunication network where the various telco networks are mutually interconnected.)

A first remark is that the King is – or might be – naked. If this secret report actually exists (and the IDPA didn’t deny its existence) and has been leaked, the Authority’s information security is not that good, and – therefore – the IDPA should fine itself for this non compliance, instead of just targeting the rest of the (industrial) world.

Coming to the heart of the matter, in the words of the journalists that authored the article:

there is an enormous black hole in the security of the Italian telecommunications. A hole so wide that allows whoever with a proper equipment to have available phone calls, SMS, emails, chat, and social-network posted contents.

The journalists claim that the report verbatim says:

These device are equipped by technical features that can allow the traffic duplication, in real time, of the traffic in transit diverting it to another port (port mirroring)

and that

if somebody wanted to look at the traffic in transit this would be easily done with specific analysis tools …

It is amazing how this article – and the IDPA findings, if proven true – are so poorly legally and technically savvy because:

  • the possibility of performing a port mirroring is necessary to the public prosecution and intelligence agency activities. The point, then, is how and by who these feature are exploited rather than its mere existence, that like-it-or-not are necessary for investigative purposes. One day, maybe, it will be possible to disclose some of the ways traffic data information are asked, but this is another story…
  • there is no evidence of the port mirroring features being abused, misused or cracked,
  • performing a port mirroring in an Internet Exchange Point is not as easy as the article and the IDPA report(?) says: it is not like Independence Day computer virus uploading or Swordfish’s Hugh Jackman “under pressure” hack,
  • there is an easy way, available almost since day one of the pre-internet era to protect users’ communications without caring of what the ISPs do: client-based encryption. But I assume that the Minster of home affair wouldn’t like an IDPA endorsement of the “crypto-for-the-masses” slogan,
  • oddly enough, the IDPA secret report (if true) doesn’t address the serious problem of network devices proprietary firmware and operating systems that prevent an ISP to check on its own the existence of backdoors (as in the recent Cisco affair) and other security flaws.

Google Not To Become A US Defense Contractor

Well, the news isn’t actually “new” but there is one interesting and underlooked Google statement about the acquisition of the (military) robotics firm Boston Dynamics: while the current agreements are honored, Google has no plan to become a defense contractor.

This way Google is depriving the US military system of a top-notch technology, keeping in its own and solely hands what is supposed to be a (although future) critical asset for the US security and safety.

Should this trend be confirmed, we might face in the near future the massive accumulation of advanced technologies in the hands of just one company that might become the “one-stop” for defense – and more broadly – public needs.

 

 

Stop Apple and Google To Take Over Our Cars

Google just announced its “Android Auto” platform, while Apple already did ? it with Carplay. Both platforms require an Internet connection and, it is just matter of time, will become more and more deeply interconnected with the car control system.

But software do fail. It fails because there’s no such thing as a bug-free software, it fails because people do mistakes, it fails because the software house’s roadmap not necessarily matches the final users’ safety.

And I don’t care about the usual PR stunts such as “as soon as we discovered the bug we did our best to fix it the fastest way” or “since the xyz library is licensed and proprietary we can’t keep responsibility for the way the software behave” or, finally, “if you just read the EULA you will find that it is clearly stated that we don’t take any responsibility for blah, blah, blah…”

This is a price we cannot afford to pay.

A Homicide Investigation And The (Still Alive) Data Retention Regulation

The young girl homicide investigation I’ve talked about in a previous post reveals other interesting information, this time about the Telcos’s role in supporting the public prosecution service through the traffic data retention.

The media are reporting (italian only, sorry) that more than 120.000 single mobile calls are under scrutiny spanning from a few months before the kill. But since the fact is more than three years’old, these data aren’t even supposed to exist since the Data Retention Directive forbade its preservation once the (maximum) two-years term expired.

So, hopefully for the justice and the family of the poor girl, at the beginning of the investigation the public prosecutor, as required by law, did issue a traffic data “freezing” order or, better, seized it as dictated by the Italian Criminal Rule of Evidence.

As in the case of the DNA-based evidence, the collection of traffic data without complying the Rule of Evidence might allow the defense lawyers to challenge the reliability of these information especially because the original traffic data have (or should have been) destroyed once collected by the public prosecution service, thus preventing the possibility of double-checking during the trial their actual evidence “weight”.

Lone Wolf Terrorism and Open Source Intelligence

Tomorrow I shall give a talk about Open Source Intelligence and Lone Wolf Terrorism at the “Terrorism and Crime” ? international conference hosted by the University of Chieti.

It will be a chance to debunk the next “national security excuse” invoked to increase mass surveillance and social control for the sake of our “safety”.

Here is the full programme

International Conference on “Terrorism and Crime”

Dedicated to the memory of Prof. Enrico Todisco

University “G. d’Annunzio”, Viale Pindaro 42, Pescara

THURSDAY, JUNE 19 – 2014

Room “Paolo V”

O9 :00-09: 20 – Welcome and greetings

O9: 20 – 11:00 – “Lone Wolf Terrorism

Chair: Yair Sharan

(09:20 – 09:40) Yair Sharan (General Director of the EPI/ first group – Israel)

History of LW terrorism

(09:40 – 10:00) Theodore J.Gordon (co-founder, The Millennium Project):

The Possible Evolution of Lone Wolf Terrorism; an RTD Study

(10:00 – 10:20) Yair Sharan (General Director of the EPI/ first group – Israel)

Prospects for Bio- terrorism

(10:20 – 10:40) Elizabeth Florescu (Director of Research, The Millennium Project)

Lone Wolf Profiling and Social Implications

Discussion

11:00 – 11:30 – Coffee Break

11:30 – 13:30 – Terrorism: Contrast and future prevention

Chair: Arije Antinori Discussant: Gianmarco Cifaldi

(11:30 – 11:50) – Arije Antinori (Sapienza University)

The evolution of the LWT through the web

(11:50 – 12:10) – Salvatore Rapuano (Comando GDF Regione Molise)

The security at airports: prospects and scenarios

(12:10 – 12:30) – Gianmarco Cifaldi – Tatiana Yugay (Un. G. d’Annunzio“, Moscow

State University) – Smart security versus Smart crime

(12:30 – 12:50) – Antonio Cilli (G. d’Annunzio University) – Computer crime and

terrorism

(12:50 – 13:10) – Marco Rosi (Ten. Col. C.C.) – New scenarios of Islamist terrorism:

the phenomenon of the italian homegrown and Foreign fighters

(13:10 – 13:30) – Andrea Monti(University of Milan) – Open Source Intelligence e

Big Data

Discussion

13:30 – 15:30 – Lunch

(15:30 – 16:00) lecture dedicated to the memory of Prof. Enrico Todisco

Prof. Raimondo Cagiano De Azevedo – (Sapienza University)

Live broadcast on: www.unich.it

16:00 – 19:00 – Round table on the future of terrorism

Organizer: Sergio Sorbino Gen C.A. (ris) CC – Moderator:Gianmarco Cifaldi

Participants:

Arije Antinori (Sapienza Univ.) – Gianmarco Cifaldi (Univ. G. d’Annunzio) – Antonio Cilli (Univ. G. d’Annunzio) – Elizabeth Florescu (Millennium Project, World Federation of UN Associations) – Theodor J. Gordon (Millennium Project, “Edward Cornish Award” winner, Futurist of the Year 2010) – Salvatore Rapuano (GdF) – Marco Rosi (Ten. Col. CC) – Carlo Disma (Col. Rivista Italiana Difesa) – Aurelio Soldano (Ufficiale GdF) – Yair Sharan (Director General of EPI/FIRST) – Tatiana Yugay (Moscow ?State ?Univ.) – Augusta Marconi (Univ. G. d’Annunzio)

17:30 Coffè Break

FRIDAY, JUNE 20 – 2014

Room “Paolo V”

Sessions on “The Future Of Crime”

O9 :00-09: 15 – Welcome and greetings

09:15 – 10:50 – Crime and economic activity. Future trends

Chair: Tatiana YugayDiscussants: Andrea Ziruolo

(09:15 – 09:30) – Gianmarco Cifaldi – Tatiana Yugay (University “G. d’Annunzio“,

Moscow State University) Deoffshorization of the Russian economy as a fight against economic crime

(09:30 – 09:45) – Augusta Consorti, Massimo Sargiacomo, Michela Venditti

(University “G. d’Annunzio) – Accounting for illegal activities organized

(09:45 – 10:00) – Andrea Ziruolo(University “G. d’Annunzio) – Bodies of Independent

Assessment of local authorities, by overseeing the performance to yet another bureaucratic structure

(10:00 – 10:15) – Fabizio Lisi (Guardia di Finanza)

Future Trends of economic crimeand perspectives of contrast

Discussion

10:30 – 10:45 – Coffee Break

10:45 – 12:00 – Organized Crime. Future Trends

Chair: Giammarco Cifaldi – Discussants: Arije Antinori

(10:45 – 11:00) – John Gale (Miami judge) – Intenational crime: case study

(11:00 – 11:15) – Franco Sivilli(University “G. d’Annunzio) – From digitization to

datizzatione: the phenomenon of the Big Data in the era of Cloud

Computing

(11:15 – 11:30) – Arije Antinori (University La Sapienza) – The integration of Osint,

Webint and Socint in the analysis of complex criminal phenomena

(11:30 – 11:45) – Gianmarco CifaldiTatiana Yugay (University “G. d’Annunzio“,

Moscow State University) – Smart security versus Smart crime

(12:00 – 12:15) – Elisabetta Narciso (Dirigente Polizia Postale) – New criminal

phenomena in the web

(12:15 – 12:30) – Paolo Piccinelli (Col C.C.) – Micro-crime and prevention strategies Discussion

12:30 – 13:45 –Violence, crime and justice. Temporal and spatial Trends

Chair: Francesco D. d’Ovidio – Discussant: Elizabeth Florescu

(12:30 – 12:45) – Mara Maretti – Elizabeth Florescu ?(University “G. d’Annunzio,

Millennium Project) – Gender-based violence: a sociological reading of

past, present and future

(12:45 – 13:00) – Francesco D. d’Ovidio, Rossana Mancarella, Laura Antonucci

Spatial relationships between changes in crime and the efficiency of

riminal justice in recent years

(13:00 – 13:15) – Antonio Cilli(University “G. d’Annunzio) – Digital investigations

and crime mapping

(13:15 – 13:30) – Pasqualino Cipolla – Italo Cucci(University “G. d’Annunzio,

Journalist) – Violence in sport and criminal tendencies

(13:30 – 13:45) – Gianmarco Cifaldi (University “G. d’Annunzio) – Violence against

children: from virtual to real

Discussion and Interview to Italo Cucci – Live broadcast on: www.unich.it

14:00 – 15:30 – Lunch

15:30 – 16:00 – Theodore J. Gordon“Some Future Ethical Issues”

16:00 – 18:30 – Round table on future of crime

Organizer: Sergio Sorbino (Gen C.A. (Ris) CC) – Moderator: Antonio Cilli

Participants:

Vincenzo D’Antuono (Prefect of Pescara) – Arije Antinori (Coordinator CRI.ME LAB, Rome University) – Filippo Barboso (Quaestor of Chieti) – Angelo Battisti (Sapienza University) – Giuseppe Falasca (Magistrate) – Giovanni Febo (Quaestor of Teramo) – Paolo Passamonti (Quaestor of Pescara) – Paolo Piccinelli (Col. CC) – Fabio Santone (V.Q.A. Polizia di stato) – Yair Sharan (Director General of EPI/FIRST – Israel) – Aurelio Soldano (Cap. GdF) – Armando Tartaro (Univ. G. d’Annunzio)

Conclusions

17:00 Coffè Break

SATURDAY, JUNE 21 – 2014

Room “Paolo V”

Seminars

(09:00 – 09:45) – Arije Antinori10 Years of Digihad. The Evolution of Global Digital

Jihadism

(09:45 – 10:00) – Debate

(10:00 – 10:45) – Yair Sharan – New Technologies and Their Implications

(10:45 – 11:00) – Debate

11:00 – 11:15 – Coffee Break

(11:15 – 12:00) – Theodore J. Gordon New data sources and The Evolution of

Analysis

(12:00 – 12:15) – Debate

(12:15 – 12:45) – Antonio Pacinelli, Simone Di Zio

Conclusions, thanks and future opportunities

13:00 – Lunch