Category Archives: Security

Study Details Racism in LAPD Traffic Stops

Data in a new LA Times report (and posted to github) reveals that despite whites being found with contraband more often, blacks and latinos are stopped far more often to be searched.

…a black person in a vehicle was more than four times as likely to be searched by police as a white person, and a Latino was three times as likely.

Yet whites were found with drugs, weapons or other contraband in 20% of searches, compared with 17% for blacks and 16% for Latinos. The totals include both searches of the vehicles and pat-down searches of the occupants.

The analysis in the report indicates less evidence was used to prompt a search of latinos and blacks than whites. On top of that, after being stopped and searched, whites also saw better treatment and lower arrest rates.

Blacks and Latinos were more than three times as likely as whites to be removed from the vehicle and twice as likely to either be handcuffed or detained at the curb, the Times analysis found.

About 3% of blacks and Latinos stopped by the LAPD were arrested, compared with 2% of whites.

To put it another way, the city is 9% black yet 27% of people being searched are black; the city is 28% white, yet 18% of those being searched are white.

US Administration Fights to Protect Human Trafficking and Disinformation Platforms

The U.S. already has a reputation for its lax approach to infrastructure regulation that “encouraged the spread of disinformation and supported a powerful forum for harassment and bullying”.

Current occupants of the White House are taking that even further.

American infrastructure is said to be getting legal protections against accountability pushed on foreign trade deals, known as adding in Section 230.

Last year, Congress overwhelmingly approved a bill making it possible to sue online platforms for knowingly facilitating sex trafficking. Lawmakers have raised the prospect of creating additional carve-outs for the online sale of opioids. Critics of Section 230 say they are alarmed by the inclusion of its provisions in trade deals.

In other words despite representatives in U.S. government working to protect the world from clear and documented harms, the White House is headed in an opposite direction by trying to instead protect criminal behavior such as child trafficking operating in the U.S..

This relates directly to other recent news that the American cloud service providers often are abused by men operating them to victimize women and children around the world.

Studies repeatedly show “it’s disproportionately women who are targeted” using cloud services and enslaved.

Seventy-six percent of trafficked persons are girls and women and the Internet is now a major sales platform.

Epstein no longer being protected by powerful American men, found dead in his cell and quickly forgotten, may actually mean he was replaced by technology…and that’s why now it is being made untouchable instead of him.

By allowing lawsuits to proceed as one would normally expect, a court would be able to deliberate and find the right balance between freedoms of expression and clear cases of harm.

“The use of Twitter by the defendants to post allegedly defamatory statements cannot subject the plaintiff to the terms of use agreement and the forum selection clause as it would not subject a plaintiff who did not have a Twitter account to the terms of use agreement,” the ruling states.

Okta SRE Pleads Guilty to Stealing IDs to Violate Women’s Privacy

Once again, cloud services very predictably show why they can be less secure than running your own.

We’ve warned for many years of cloud insider abuse like this, using examples from Uber, Google and Facebook.

In many of these cases it’s male engineers in American technology companies using their power and privilege to stalk and abuse women.

The US Department of Justice has posted details of a 34 year old man who is said to have worked at Yahoo.

In pleading guilty, Ruiz, a former Yahoo software engineer, admitted to using his access through his work at the company to hack into about 6,000 Yahoo accounts. Ruiz cracked user passwords, and accessed internal Yahoo systems to compromise the Yahoo accounts. Ruiz admitted to targeting accounts belonging to younger women, including his personal friends and work colleagues. He made copies of images and videos that he found in the personal accounts without permission, and stored the data at his home. Once he had access to the Yahoo accounts, Ruiz admitted to compromising the iCloud, Facebook, Gmail, DropBox, and other online accounts of the Yahoo users in search of more private images and videos. After his employer observed the suspicious account activity, Ruiz admitted to destroying the computer and hard drive on which he stored the images.

That last sentence is concerning for anyone who has done digital forensics. How was Ruiz tipped off that he was being observed by an internal investigations team?

He wasn’t just a software engineer, he was a Site Reliability Engineer (SRE). And he wasn’t just a Yahoo engineer

LinkedIn profile of Reyes Ruiz, identity thief hired as SRE by Okta

That career path reveals a far worse story than what is being reported right now.

A SRE is a person with deep access inside the cloud provider. They are trusted with the most sensitive data because, in theory, without giving them access a system could become unreliable or go offline.

For example, here’s a single line command in virtual (VMware) environments that exports a copy of an entire server. In a disaster (planning) scenario it could be essential to keeping services running:

Copy-DatastoreItem vmstore:\Datacenter01\StorageArray01\DBNodes\* C:\SREisGod\StolenUserSecrets

Imagine instead, as you can see from the destination path name at the end of that line, any evil SRE just wants to steal ALL the data. SRE staff literally have keys to any kingdom trusting their employer. Even if the data was stored encrypted, using this command it’s decrypted by design.

I’ve repeatedly designed systems to protect against exactly this kind of insider threat and customers need to explicitly ask for proof that one exists. This is a disaster for both Okta and Yahoo if they cannot account for SRE access on their systems, particularly during the hours Ruiz was working.

His eight months at Okta, a widely used identity management company, could be an even bigger problem than Yahoo. Although to be fair the timing is interesting for both cases. Yahoo in 2007 when he joined was the biggest identity provider in the world. In 2018 Okta was claiming to be the leader in this space.

It looks like Okta apparently fired him as soon as the indictments were unsealed that detailed his long-term abuse of being a privileged SRE to game identity management. What Okta hasn’t said is whether they’ve concluded an internal investigation of all his access to identity as an SRE.

This is huge. I can’t overstate enough that an identity management cloud provider, holding the secrets of millions of people, hired an identity thief. It’s like saying a bank hired a bank robber to guard their safe.

Given inside knowledge and access at the service provider he allegedly cracked passwords of thousands of young women, including those he knew and worked with, in order to steal their images. Then he used their identity information to pivot through their cloud accounts that shared the same password to steal more images.

Two lessons here:

One. Okta is a core identity management company that hired a predator who clearly joined companies to commit crimes. Anyone using Okta or a similar service needs to be prepared for this level of insider threat being reported. Although we can pressure Okta on reasons screening didn’t block this hire, we can’t assume screens will be perfect and instead should demand they prove his actions were limited and detected.

Two. Re-use of passwords is what made one evil cloud staff member able to access so many other cloud accounts. Impersonation was possible by Ruiz because users didn’t setup different passwords on each cloud service. Password managers are free and a baseline requirement for users today. Also multi-factor authentication (MFA) would have made SRE theft of user secrets less effective and should be considered another baseline requirement (caveat: nothing is perfect. see new FBI warning on MFA bypass).

There’s a third point about avoiding tipping off suspects during investigations, and preserving evidence, but we don’t have enough details yet on why or how badly that security team at Yahoo was compromised.

Drone Wars in Syria

Update March 2022: Drone wars in Ukraine is highlighting many of the same issues reported below.


Russian gas-engine model plane (Orlan-10 drone) downed in Syria with its big red parachute

The site “AINonline” offers us a count of drones in battles over Syria. Russia, for example, has recorded 23,000 flights of their own and claims 118 opposition drones shot-down with the vast majority this year.

The following section on “gaps in electronic warfare shield” was particularly interesting as it emphasizes Russia’s current dependence (pun not intended) on primitive jamming systems and kinetic counter-measures.

Russian official, deputy defense minister for military technical cooperation with foreign countries General Aleksandr Fomin, accused U.S. forces of assisting the Syrian rebels in carrying out drone attacks on the Khmeimeem airbase. Speaking at the Xiangshan security forum in Beijing last fall, he said that, “a group of 13 drones moved according to a common plan of combat deployment, under control of a single crew team. That time, a U.S. Navy P-8 Poseidon ASW aircraft was on an eight-hour patrol mission over the Mediterranean Sea. Upon reaching out our electronic warfare shield, the drones retreated somewhat to receive correcting instructions and began using satellite communications channels to receive outside assistance to find and explore gaps in that shield. Then the drones attempted to penetrate through, only to be destroyed.”

Apparently, Fomin was referring to January 6, when Russian forces shot down seven drones with anti-aircraft missiles and crash-landed seven by jamming the drones’ flight control systems.

Unclear why seven and seven was reported as a group total of 13 drones.

The rising scale of drone operations by Russia is part of a tale (pun intended) of their newfound ability to turn the U.S. into a dog they hope to wag around (even though last year that turned out very badly for them).