correlate that log-in database with dates and
times you’re interested in and the locations of those networks. The odds are that
there will only be one match.
Researchers at Carnegie Mellon University did something similar. They put a camera
in a public place, captured images of people walking past, identified them with facial
recognition software and Facebook’s public tagged photo database, and correlated the
names with other databases. The result was that they were able to display personal
information about a person in real time as he or she was walking by. This technology
could easily be available to anyone, using smartphone cameras or Google Glass.
Sometimes linking identities across data sets is easy; your cell phone is connected
to your name, and so is your credit card. Sometimes it’s harder; your e-mail address
might not be connected to your name, except for the times people refer to you by name
in e-mail. Companies like Initiate Systems sell software that correlates data across
multiple data sets; they sell to both governments and corporations. Companies are
also correlating your online behavior with your offline actions. Facebook, for example,
is partnering with the data brokers Acxiom and Epsilon to match your online profile
with in-store purchases.
Once you can correlate different data sets, there is a lot you can do with them. Imagine
building up a picture of someone’s health without ever looking at his patient records.
Credit card records and supermarket affinity cards reveal what food and alcohol he
buys, which restaurants he eatsat, whether he has a gym membership, and what nonprescription items he buys at a pharmacy.
His phone reveals how often he goes to that gym, and his activity tracker reveals
his activity level when he’s there. Data from websites reveal what medical terms he’s
searched on. This is how a company like ExactData can sell lists of people who date
online, people who gamble, and people who suffer from anxiety, incontinence, or erectile
dysfunction.
PIERCING OUR ANONYMITY
When a powerful organization is eavesdropping on significant portions of our electronic
infrastructure and can correlate the various surveillance streams, it can often identify
people who are trying to hide. Here are four stories to illustrate that.
1.Chinese military hackers who were implicated in a broad set of attacks against
the US government and corporations were identified because they accessed Facebook
from the same network infrastructure they used to carry out their attacks.
2.Hector Monsegur, one of the leaders of the LulzSec hacker movement under investigation
for breaking into numerous commercial networks, was identified and arrested in 2011
by the FBI. Although he usually practiced good computer security and used an anonymous
relay service to protect his identity, he slipped up once. An inadvertent disclosure
during a chat allowed an investigator to track down a video on YouTube of his car,
then to find his Facebook page.
3.Paula Broadwell, who had an affair with CIA director David Petraeus, similarly
took extensive precautions to hide her identity. She never logged in to her anonymous
e-mail service from her home network. Instead, she used hotel and other public networks
when she e-mailed him. The FBI correlated registration data from several different
hotels—and hers was the common name.
4.A member of the hacker group Anonymous called “w0rmer,” wanted for hacking US
law enforcement websites, used an anonymous Twitter account, but linked to a photo
of a woman’s breasts taken with an iPhone. The photo’s embedded GPS coordinates pointed
to a house in Australia.Another website that referenced w0rmer also mentioned the name Higinio Ochoa. The
police got hold of Ochoa’s Facebook page, which included the information that he had
an Australian girlfriend. Photos of the girlfriend matched the original photo that
times you’re interested in and the locations of those networks. The odds are that
there will only be one match.
Researchers at Carnegie Mellon University did something similar. They put a camera
in a public place, captured images of people walking past, identified them with facial
recognition software and Facebook’s public tagged photo database, and correlated the
names with other databases. The result was that they were able to display personal
information about a person in real time as he or she was walking by. This technology
could easily be available to anyone, using smartphone cameras or Google Glass.
Sometimes linking identities across data sets is easy; your cell phone is connected
to your name, and so is your credit card. Sometimes it’s harder; your e-mail address
might not be connected to your name, except for the times people refer to you by name
in e-mail. Companies like Initiate Systems sell software that correlates data across
multiple data sets; they sell to both governments and corporations. Companies are
also correlating your online behavior with your offline actions. Facebook, for example,
is partnering with the data brokers Acxiom and Epsilon to match your online profile
with in-store purchases.
Once you can correlate different data sets, there is a lot you can do with them. Imagine
building up a picture of someone’s health without ever looking at his patient records.
Credit card records and supermarket affinity cards reveal what food and alcohol he
buys, which restaurants he eatsat, whether he has a gym membership, and what nonprescription items he buys at a pharmacy.
His phone reveals how often he goes to that gym, and his activity tracker reveals
his activity level when he’s there. Data from websites reveal what medical terms he’s
searched on. This is how a company like ExactData can sell lists of people who date
online, people who gamble, and people who suffer from anxiety, incontinence, or erectile
dysfunction.
PIERCING OUR ANONYMITY
When a powerful organization is eavesdropping on significant portions of our electronic
infrastructure and can correlate the various surveillance streams, it can often identify
people who are trying to hide. Here are four stories to illustrate that.
1.Chinese military hackers who were implicated in a broad set of attacks against
the US government and corporations were identified because they accessed Facebook
from the same network infrastructure they used to carry out their attacks.
2.Hector Monsegur, one of the leaders of the LulzSec hacker movement under investigation
for breaking into numerous commercial networks, was identified and arrested in 2011
by the FBI. Although he usually practiced good computer security and used an anonymous
relay service to protect his identity, he slipped up once. An inadvertent disclosure
during a chat allowed an investigator to track down a video on YouTube of his car,
then to find his Facebook page.
3.Paula Broadwell, who had an affair with CIA director David Petraeus, similarly
took extensive precautions to hide her identity. She never logged in to her anonymous
e-mail service from her home network. Instead, she used hotel and other public networks
when she e-mailed him. The FBI correlated registration data from several different
hotels—and hers was the common name.
4.A member of the hacker group Anonymous called “w0rmer,” wanted for hacking US
law enforcement websites, used an anonymous Twitter account, but linked to a photo
of a woman’s breasts taken with an iPhone. The photo’s embedded GPS coordinates pointed
to a house in Australia.Another website that referenced w0rmer also mentioned the name Higinio Ochoa. The
police got hold of Ochoa’s Facebook page, which included the information that he had
an Australian girlfriend. Photos of the girlfriend matched the original photo that
Similar Books
