Daily Digest (6/23)

IRS Used Cellphone Location Data to Seek Out Suspects; FBI Used Philadelphia Protester’s Social Media Data to Charge Her With Setting Police Cars Ablaze; Australian PM: Nation Under Cyberattack by a State Actor; Experts: Huge ‘BlueLeaks’ Breach Could Expose Much Personal Data. Click “Continue reading” below.

IRS Used Cellphone Location Data to Seek Out Suspects

The Internal Revenue Service tried to identify and track potential criminal suspects by purchasing access to a commercial database that records the locations of millions of American cellphones.

The IRS Criminal Investigation unit, or IRS CI, had a subscription to access the data in 2017 and 2018, The Wall Street Journal reports.

The unit revealed how it used the data last week in a briefing to the office of Democratic Oregon Sen. Ron Wyden — and a senatorial aide described the session to the newspaper.

IRS CI officials said agency lawyers had given oral approval to use the database, which was sold by Venntel Inc., a Virginia-based government contractor. The company obtains anonymized location data from the marketing industry and resells it to governments.

IRS CI added that its Venntel subscription lapsed after agents failed to locate targets of interest during the year it paid for the service, according to the Wyden aide.

Federal contracting records show IRS CI paid about $20,000 to access the Venntel platform, about the cost of a single login, according to documents reviewed by the Journal.

Justin Cole, a spokesman for IRS CI, said it entered into a “limited contract with Venntel to test their services against the law-enforcement requirements of our agency.”

The unit pursues the most serious and flagrant violations of tax law, adding that it used the Venntel database in “significant money-laundering, cyber, drug and organized-crime cases,” the Journal reports.

Source (external link):

FBI Used Philadelphia Protester’s Social Media Data to Charge Her With Setting Police Cars Ablaze

A 33-year-old Philadelphia massage therapist has been charged with setting a police SUV on fire during a May 30 protest over the Minneapolis death of George Floyd — and the FBI said they tracked her through her social media history and online shopping patterns over the years.

The woman, Lore Elisabeth Blumenthal, was charged with federal arson and, if convicted, could face a mandatory sentence of seven years in prison, The Philadelphia Inquirer reports.

She is believed to be the first demonstrator arrested based on footage from the city’s protests.

In court filings disclosed last week, Blumenthal allegedly had a peace sign tattoo and wore a mask and a light blue T-shirt during the protest. She was captured on video by television helicopter cameras.

FBI agents tracked the suspect on Instagram, where amateur photographers had taken shots of the masked arsonist, an Etsy shop that sold the T-shirt worn in the video, her LinkedIn page, her profile on the Poshmark fashion site — and, eventually, to her doorstep in nearby Germantown, the Inquirer reports.

However, civil-rights advocates questioned the scope of law-enforcement surveillance of protests and decried the use of the same social media networks protesters have used to spread their message.

“Social media has fueled much of the protests, and has also become a fertile ground for government surveillance,” Paul Hetznecker, an attorney who has organized lawyers to represent Blumenthal and other demonstrators, told the Inquirer. “I think people have lost awareness of that.”

Source (external link):

Australian PM: Nation Under Cyberattack by a State Actor

Australian Prime Minister Scott Morrison said the country’s government agencies and businesses were being targeted by a sophisticated state actor in a large-scale cyberattack, though he did not identify the responsible country.

“We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the tradecraft used,” Morrison said, The Wall Street Journal reports.

He noted that not many countries had the resources to mount such a broad cyberassault. All levels of government, political organizations, education and health-care providers, infrastructure operators and others were under attack, he said.

The assaults had been increasing over several months, he said.

Morrison said officials had no evidence yet of any major personal-data breaches. The government planned to release a new cybersecurity strategy in the coming months that would include significant investments, he added.

Linda Reynolds, the defense minister, said all Australian organizations should be aware to the threat and should move to protect their networks, the Journal reports.

Source (external link):

Experts: Huge ‘BlueLeaks’ Breach Could Expose Much Personal Data

Legal experts said a massive breach of data leaked online last week from police departments across the U.S. could expose sensitive law enforcement investigations and possibly endanger lives.

“With this volume of material, there are bound to be compromises of sensitive operations and maybe even human sources or undercover police, so I fear it will put lives at risk,” Stewart Baker, a Washington lawyer and former assistant secretary in the U.S. Department of Homeland Security, told the KrebsonSecurity column Monday.

“Every organized-crime operation in the country will likely have searched for their own names before law enforcement knows what’s in the files, so the damage could be done quickly.

“I’d also be surprised if the files produce much scandal or evidence of police misconduct,” Baker said. “That’s not the kind of work the fusion centers do.”

The breach — called “BlueLeaks” — resulted from a security hack at Netsential, a Houston-based web developer that maintained a number of state law-enforcement data-sharing portals.

The collection, totaling nearly 270 gigabytes, was released online Friday and was the latest from Distributed Denial of Secrets (DDoSecrets), an alternative to Wikileaks that publishes caches of previously secret data, Krebs reports.

In a Twitter post, DDoSecrets said the BlueLeaks archive indexed “ten years of data from over 200 police departments, fusion centers and other law-enforcement training and support resources,” and that “among the hundreds of thousands of documents are police and FBI reports, bulletins, guides and more.”

Fusion centers are state-owned and operated entities that gather and disseminate law-enforcement and public-safety information between state, local, tribal and territorial, federal and private-sector partners, Krebs reports.

KrebsOnSecurity said it had obtained an internal June 20 analysis by the National Fusion Center Association (NFCA), confirming the validity of the leaked data.

The alert noted that the dates of the files actually spanned nearly 24 years — from August 1996 through June 19, 2020. The data also included names, email addresses, telephone numbers, PDF documents, images, and a large number of text, video, CSV and ZIP files.

“Additionally, the data dump contains emails and associated attachments,” the alert read. “Our initial analysis revealed that some of these files contain highly sensitive information such as ACH routing numbers, international bank account numbers (IBANs), and other financial data as well as personally identifiable information (PII) and images of suspects listed in Requests for Information (RFIs) and other law-enforcement and government agency reports,” according to Krebs.

Source (external link):

— By DPN Staff