This is a most excellent place for technology news and articles.
Remember that most hacking is not done by breaking encryption and running code. It's %100 social engineering. The weakest point is always a person.
Most activism groups aren't really screening for membership.
Usually it's, "you want to join ? Cool, I'll add you."
Edit: Just read the article. They went out of their way to try to make it sound like this group was up to something other than legally show up to immigrant court and keep watch for heinous police behavior.
The memo did not provide any further details about the individual or their alleged past calls for violence and offered no specifics or evidence to explain why the FBI characterized them as “anarchist violent extremists”. The courtwatch efforts have been non-violent, and the FBI did not respond to an inquiry seeking specific examples of violence and did not answer questions about whether law enforcement had ongoing access to the private group.
Oh so it's an activist group that's doing valuable work but has no need to background check for security. Makes sense, basically every activist or political group is on signal these days.
I guess "FBI infiltrated group of immigration activist" would be boring and not fitting the FUD about encrypted messaging...
Imagine saying "Feds should follow the law" is an extreme anarchist statement.
It becomes one every anti left scare (red, but also green and lavender)
Wouldn't be surprised if they went undercover as a member and was just accepted to the group.
Lowest barrier to entry
My guess as well. Historically, the FBI has spent substantial resources infiltrating groups deemed even the smallest threat to state power.
The FBI’s report from August, prepared by its New York division, does not make clear how the bureau accessed the Signal group
The question I’m most curious to have answered
Sounds like they joined a large group chat as a member
The FBI, the documents show, gained access to conversations in a “courtwatch” Signal group that helps coordinate volunteer activists who monitor public proceedings at three New York federal immigration courts. The US government has repeatedly been accused of violating immigrants’ due process rights at those courts.
I don't know who still needs to hear this, so I'm going to say it again for the people in the back.
Assume every form of communication you have is being spied on.
If you're using an app like signal or similar, make sure you and everyone else in the chat has encryption enabled.
Verify the other users in the chat.
Do not plan any activity that could be considered a criminal enterprise on an electronic device with a connection to the internet.
If you're using an app like signal or similar, make sure you and everyone else in the chat has encryption enabled.
PSA: There's no way to disable encryption in Signal.
That's why I said an app like signal. People assume that every app works the same. Telegram had issues with encryption where all parties didn't have encryption enabled but one or more of the parties involved assumed the chat was still encrypted.
However I should probably change that to read more along the lines of: know the features and settings of your app and ensure that encryption settings are set to maximize the protection of privacy.
I'm gonna have to workshop that. It's a mouthful.
Either way, thank you for pointing that out.
This had nothing to do with encryption. 99.99% of breaches aren't some pen hack, it's social engineering of someone to gain access. You have all the best software and practices in place, but if the dumbass on the fourth floor decides that they're gonna let someone in who's called them from Microsoft, then it doesn't matter.
They let the FBI into the chat because they don't know opsec for shit.
I agree that you're right. My thought was it was more likely that they socially engineered their way into getting invited to the chat.
This is why I said that a lot of people are the weakest link in their own secured communications networks.
Shocking revelation.
