Posts

Caesars Palace Not Held to Same Standard Lavabit Is

/8 Comments/in /by

I’m going to have a longer post about this opinion recommending a judge throw out the warrant, based on evidence FBI obtained by shutting down DSL and then pretending to be the cable guys that would fix it, used in bust Paul Phua (see this article for more).

But I want to point to the excuse FBI Agent Minh Pham used to explain away several other errors he made in the search warrant:

After Pham submitted and obtained the search warrant, he learned the affidavit contained errors. Specifically, it stated that Paul Phua wired $4 million into a Caesars account to secure a credit line. Pham later discovered it was actually Seng Chen “Richard” Yong that requested the wire to secure both their lines of credit. However, at the time Pham submitted the search warrant affidavit, he believed it was correct that Paul Phua had initiated this transfer.

The affidavit also stated Paul Phua had transferred approximately $900,000 from a casino in Fort Lauderdale, Florida, to the Caesars account. However, Pham later learned that Paul Phua had been only one of the individuals who signed the consent to have that money wire-transferred into Yong’s account. At the time Pham submitted the affidavit, he believed the statement was true based on documents from Caesars concerning monetary transfers that he had received. Pham referred to the spreadsheet contained in government’s Exhibit 2F as a document he relied upon to support his statement in the affidavit. The font size was very small and difficult to read.

He also discovered another error in the affidavit days later. There were transfers for $3 million between individuals in the villas. He looked at the spreadsheet, and it was off by one or two lines,” which caused him to associate the wrong name with the transfer. [my emphasis]

The font on the spreadsheet Caesars Palace had given the FBI when it requested they open an investigation was “very small difficult to read.”

You’ll recall that when the FBI went after Lavabit to get its crypto key, Lavar Levison tried to comply by providing a printout of the key. But the government complained it was illegible, and got Levison held in contempt.

In an interesting work-around, Levison complied the next day by turning over the private SSL keys as an 11 page printout in 4-point type. The government, not unreasonably, called the printout “illegible.”

“To make use of these keys, the FBI would have to manually input all 2,560 characters, and one incorrect keystroke in this laborious process would render the FBI collection system incapable of collecting decrypted data,” prosecutors wrote.

The court ordered Levison to provide a more useful electronic copy. By August 5, Lavabit was still resisting the order, and the judge ordered that Levison would be fined $5,000 a day beginning August 6 until he handed over electronic copies of the keys.

Apparently, huge casinos are held to a different standard than small email providers.

 

DOJ’s Claims about the Adequacy of Shitty WiFi Rendered Inoperative

/9 Comments/in , /by

Over at Vice, I have a piece reviewed DOJ’s explanation for why they turned off some alleged Asian mobsters DSL so they could then go in as fake DSL repairmen and collected evidence.

The whole thing has a Keystone cops character, especially since the DSL contractor they had roped into working with them screwed up turning off the DSLs, which is why they now claim he was on a “private frolic” when he collected information on his own (that is a technical legal term meaning “freelancing,” but one doing far more than the evidence allows, in my opinion).

My favorite part, though, is how DOJ claims that turning off someone’s DSL would not create any kind of urgency which would eliminate the notion of consent, because after all they could have used the shitty hotel WiFi.

Perhaps the most disturbing claim, though, is that we all have to be satisfied with crummy hotel Wi-Fi. To dismiss the argument that by turning off the villas’ DSL, FBI had created an urgent need that obviated any kind of consent when the villa residents let in the FBI agents pretending to be DSL repairmen, the government claims that there is no legitimate need to seek better internet access than hotel Wi-Fi or personal cell phone tethers: “Defendants do not identify a single legitimate service or application that could not be adequately supported through the hotel’s WI-FI system, their personal hotspots, or personal cellphones, nor could they.”

The FBI is now claiming, the experience of travelers the world over notwithstanding, that nothing legal could require better Internet access than a hotel’s slow Wi-Fi connection. (Perhaps the Wi-Fi in high-roller villas is better than it is for average travelers, but DOJ’s brief doesn’t make that case by describing the internet speeds Caesars Palace makes available to privileged guests.) Moreover, the government admits that—as many travelers reliant on hotel Wi-Fi can attest—the Wi-Fi just wasn’t all that fast. “The DSL service was faster,” the brief reads.

I mean, I’m not a Malaysian gangster or anything, but I often find myself trying to do things in hotel rooms where neither the WiFi nor my cell phone’s tether provides remotely adequate speed. You know — simple things like posting on a blog. Apparently that’s illegitimate now.

And yes, I have called hotel technicians to help me get the hotel WiFi working and let them right into my room.

Even as I was working on that piece, Kaspersky Lab came out with a warning that hackers (possibly working out of South Korea) have been targeting businessmen through hotel WiFis for 7 years.

Business executives visiting luxury hotels in Asia have been infected with malware delivered over public Wi-Fi networks, Russian security firm Kaspersky Lab has discovered.

The so-called ‘Darkhotel’ hackers managed to tweak their code to ensure that only machines belonging to specific targets were infected, not all visitors’ PCs, and may have included state-sponsored hacking.

They also seemed to have advance knowledge of their victims’ whereabouts and which hotels they would be visiting, Kaspersky said.

CEOs, senior vice presidents, sales and marketing directors and top research and development staff were amongst those on the attackers’ hit list, though no specific names have been revealed.

As soon as they logged onto the hotel Wi-Fi, targets would be greeted with a pop-up asking them to download updates to popular software, such as GoogleToolbar, Adobe Flash and Windows Messenger. But giving permission to the download would only lead to infection and subsequent theft of data from their devices.

You think alleged Asian organized crime members might know that hotel wifi is totally insecure (even setting aside China’s habit of stealing it this way)? You think they may have heard of their peers getting hacked in luxury hotels?

Maybe that’s why they ordered up so many DSL lines.

In any case, DOJ’s argument that there’s no legitimate need for wired Internet access just went out the window.