Police believe Tamerlan and Dzhokhar Tsarnaev were specially trained to carry out the devastating attack.
More than 1,000 FBI operatives were last night working to track down the cell and arrested a man and two women 60 miles from Boston in the hours before Dzhokhar’s dramatic capture after a bloody shootout on Friday.
A source close to the investigation said: “We have no doubt the brothers were not acting alone. The devices used to detonate the two bombs were highly sophisticated and not the kind of thing people learn from Google.
“They were too advanced. Someone gave the brothers the skills and it is now our job to find out just who they were. Agents think the sleeper cell has up to a dozen members and has been waiting several years for their day to come.”
A specialist team of CIA and FBI interrogators was yesterday flown to a Boston hospital to grill wounded Dzhokhar, 19, about the secret group. The University of Massachusetts student was caught on Friday after hiding out in a boat parked in a garden in locked down Watertown the day after a gun battle with police left his 26-year-old brother and a rookie cop dead.
In all, the San Francisco-based micro-blogging service, in its second so-called transparency report, said there were 815 demands for Twitter account-holder data. Twitter did not say what type of user data was sought in those 815 requests, but it likely includes a mixture of e-mail addresses associated with accounts, IP logs, tweets and direct messages.
Twitter neither said what data it hands over nor said what type of data requires probable-cause warrants. Twitter did not immediately respond for comment.
The disclosure came a week after Google and Yahoo told Wired that it requires probable-cause warrants to divulge to the authorities e-mail and cloud-stored content of its account holders, despite federal law not always demanding that.
MORE . . .
- US gov displays growing appetite for Twitter users’ personal data (boingboing.net)
- The Government Is Still Trying to Spy on a Lot of Your Twitter and Google Data (theatlanticwire.com)
- The Government Is Still Trying to Spy on a Lot of Your Twitter and Google Data (revolutionpac.com)
- Twitter says govt data requests rise (bigpondnews.com)
- Twitter’s transparency report reveals increase in government data requests (guardian.co.uk)
- Data Privacy Day 2013: Twitter reveals US government makes 80% of info requests (rt.com)
- Twitter gives U.S. government its user data 69 percent of the time (digitaltrends.com)
- Twitter: 80% of Government User Data Requests Issued Without a Warrant (mashable.com)
- Twitter: Government user data requests have risen 20 percent (sott.net)
It’s become the email equivalent of separating church and state: work email is for official communications while private accounts are for personal — and sometimes inappropriate — messaging.
The FBI probe into Petraeus — which led to his resignation last Friday — serves as a reminder that even the most private emails sent on commercial online services among people using pseudonyms can be discovered and thrown into the harsh light of scrutiny.
Here are Gmail lessons to be learned from the Petraeus affair:
1. It’s not anonymous.
Petraeus and his biographer Paula Broadwell apparently took steps to protect their communication, such as using pseudonyms to set up an online service account and in communicating with each other. But FBI investigators were able to figure out some information about the account from looking at emails sent from the account to another party. Reportedly this is what led authorities investigating threatening emails to Tampa socialite Jill Kelley from Broadwell.
“Who you are saying it to and where you are saying it from has the least protection under the law,” said Chris Soghoian, principal technologist at the ACLU. “A warrant is needed to find out what you are saying.”
Internet service providers and most websites keep complete records of the Internet Protocol addresses of those who use their services for 18 months, and then slightly blurred records of IP addresses after 18 months. Investigators can obtain that information under the Electronic Communications Privacy Act as long as they have reasonable grounds to believe that it is relevant to an ongoing criminal investigation — less than the probable cause needed to secure a warrant. In the Petraeus case, the FBI reportedly got the necessary court clearances.
The only way that people can use pseudonymous webmail accounts safely is via an anonymizing service like Tor, said Peter Eckersley, technology projects director for the Electronic Frontier Foundation. Tor is installed on a computer and reroutes website visits, instant messages and other communications to other Tor users so it is not possible to identify a single computer, sort of like hiding in a crowd.
2. Government requests for access are increasing and Google and other services play ball.
Google reported Tuesday that law enforcement and courts in the United States made nearly 8,000 requests for user information in the first half of 2012 from all of Google’s products — including Gmail, search, Google Docs, etc. The number of requests from the American law enforcement alone jumped 26 percent from the previous six months, when 6,321 requests were made.
Government officials wanted information on 16,281 accounts, Google said, and Google complied roughly 90 percent of the time.
The report shows governments around the world not only wanted more data for law enforcement purposes but also increased requests to Google to remove content.. “Government surveillance is on the rise,” Dorothy Chou, a senior policy analyst at Google, wrote in a blog post announcing the report.
3. You’re not in cyberspace.
A person’s physical location when sending an email can often be pinpointed from the email they send. Email metadata contains IP addresses of the computers and servers they come in contact with, as well as the unique number associated with the device that sent the emails. Sometimes, the traceable IP of the sender’s device is visible in a sent email — email services such as Yahoo and others reveal information about the sending computer, while messages sent from Gmail’s Web interface do not reveal the information about the sending computer, privacy experts say. Even if it isn’t visible, investigators can obtain it with the use of a subpoena or court order, and determine other accounts accessed from the same location.
MORE . . .
- 5 Gmail lessons from Petraeus affair (politico.com)
- How metadata brought down CIA boss David Petraeus (newscientist.com)
- Gmail Location Data Led FBI to Uncover Top Spy’s Affair (wired.com)
- How CIA Director David Petraeus’s Affair Was Traced Through Email (and How to Keep It From Happening to You) (lifehacker.com)
- David Petraeus scandal: The silliness of using Gmail for your affair (telegraph.co.uk)
Everything on the Internet is monitored in some way. Companies track what you do at work through deep packet inspection to make sure you don’t wander into territory forbidden by company policy, or dump corporate data to a remote server just before you give notice. The Web pages you visit and the HTML-based mass e-mails you open are logged and tracked by advertisers and marketers. And your boss can tell if you’ve ever opened that urgent message or not.
But people usually don’t throw it in your face and shatter whatever remaining illusions of privacy you might have, as someone did to my colleague Andrew Cunningham today.”Oh, man, a PR person was just totally creepy at me,” he interjected over IRC this morning.
The “creepy” was an e-mail that a media representative for a company called ContactMonkey sent on the heels of another one Cunningham had just opened. The second message included information about his location, the e-mail client he had used to open it, and the exact time it had been opened.
The message and the data were a demonstration of Bridge, a $5-a-month service that installs a plugin for Microsoft’s Outlook 2010 mail client and for Google’s Chrome browser for use with GMail. Bridge gives anyone the power to know those details for any message they send—or at least any message that lands in the inbox of someone who trustingly opens e-mails without blocking HTML-embedded images.
MORE . . .
- The spy in your inbox (arstechnica.com)
- Here’s the e-mail trick Petraeus and Broadwell used to communicate (washingtonpost.com)