Homeland Security Subpoenas Twitter For Data Breach Finder's Account (zdnet.com) 48
An anonymous reader shares a report: Homeland Security has served Twitter with a subpoena, demanding the account information of a data breach finder, credited with finding several large caches of exposed and leaking data. The New Zealand national, whose name isn't known but goes by the handle Flash Gordon, revealed the subpoena in a tweet last month. The pseudonymous data breach finder regularly tweets about leaked data, found on exposed and unprotected servers. Last year, he found a trove of almost a million patients' data leaking from a medical telemarketing firm. A recent find included an exposed cache of law enforcement data by ALERRT, a Texas State University-based organization, which trains police and civilians against active shooters. The database, secured in March but reported last week, revealed that several police departments were under-resourced and unable to respond to active shooter situations.
Homeland Security's export control agency, Immigration and Customs Enforcement (ICE), served the subpoena to Twitter on April 24, demanding information about the data breach finder's account. ICE demanded Twitter turn over his screen name, address, phone number -- and any other identifying information about the account, including credit cards on the account. The subpoena also demanded the account's IP address history, member lists, and any complaints filed against the Twitter account.
Homeland Security's export control agency, Immigration and Customs Enforcement (ICE), served the subpoena to Twitter on April 24, demanding information about the data breach finder's account. ICE demanded Twitter turn over his screen name, address, phone number -- and any other identifying information about the account, including credit cards on the account. The subpoena also demanded the account's IP address history, member lists, and any complaints filed against the Twitter account.
We'd all be better off (Score:1, Offtopic)
if Twitter just went away one day. It's a part of the culture at this point and collectively making everyone dumber.
Re: (Score:2, Insightful)
Government secrets used to be leaked in newspapers; burn all newspapers!
Re:We'd all be better off (Score:5, Informative)
I feel the same way about the Department of Homeland Security.
Take the pat down! (Score:1)
walking in those big machines will give you cancer
Finder. Not breach creator. Finder. (Score:2, Informative)
How dare you say the king is wearing no clothes!
Comment removed (Score:5, Insightful)
Re: (Score:2)
Well, it is run by Ming the Merciless - and he’s show. a special interest in this particular case.
Re: (Score:2)
Indeed. You know a society is in decline when keeping up appearances becomes far more important than solving problems.
Re: No fan of an HSA TLAs (Score:2)
Tacitus said it best:
"The more corrupt the state, the more numerous the laws."
Incompetence? (Score:4, Insightful)
Re:That's no boating accident (Score:4, Informative)
While you might have thought you were Trolling, I went and looked and discovered something that I never knew existed and it's rather interesting ( at least to me who like's to learn about customs, shipping and laws
what ICE issued was a
Export Enforcement Supeana: WTF is what I said, then I learned, interesting tool they have https://www.law.cornell.edu/cf... [cornell.edu] that's the link to the Cornell legal explanation of it and where it sits in the law books.
Now how it applies to Twitter, well that's up to a lawyer to explain to the readers of slashdot
I understand how it applies to exports but this is confusing how it's being applied to Twitter.
Re: (Score:1)
it seems to me that they tried requiring provision of records without a subpoena and Twitter told them to go fly a kite -- so they went and got a subpoena (just applying the information in the link).
In other words, it "applies to Twitter" because they "say so". Not being an export lawyer, my guess is that their argument goes that since Twitter operates internationally it is inherently doing export and import so it comes under their jurisdiction. And if you are exporting/importing then you have to maintain r
Re: (Score:2)
but this is confusing how it's being applied to Twitter.
It's being applied to Twitter by a very nice smiling man in a black hat, holding a large piece of legal-sized paper on Twitter behind which is a large gun, and saying, "Nice piece of internet real-estate you've got there, ..."
It's the government. Once you finally manage to attract their attention and actually get them pissed, you've got Trouble with a Capital T [youtu.be].
Good info, thanks for sharing it!
Re: (Score:2)
Re: (Score:1)
I thought it was a judge who did the subpoena and not HLS? If so do not get angry at HLS for asking it but at the judge for goving it, if you think they should not have done that.
A subpoena is supposed to be for producing testimony and other evidence in a case. Who would be the defendant in this case? Are they planning to bring some kind of charge against Flash Gordon? WTF? No wrongdoing on his part has been alleged. Surely they're not planning to prosecute the people who left the data accessible.
Blame both. Don't allow yourself to do bad things (Score:3)
Your post was interesting, thanks.
> do not get angry at HLS for asking it but at the judge for giving it, if you think they should not have done that.
We don't know why they're asking, or what basis (evidence) they have to support the subpoena, but let's assume for a moment that there is a bad subpoena, that the subpoena shouldn't have been done. If so, I would definitely blame the people who decided to get a bad subpoena that they shouldn't have gotten. "The judge let us get away it" isn't an excuse for
If the finder (Score:2, Interesting)
is a US citizen will IRS also be putting his last 10 years under scrutiny?
Isn't this akin to shooting the messenger?
Or is the finder in the game and looking to get the feds to take down his competition?
Re: (Score:2)
This seems clear evidence that if you find an official has made a mistake, you ensure that your notice of that is really anonymous. Possibly by selling it on the black market.
The horse is already out (Score:5, Insightful)
In a sane world, they would be finding them to give them a medal. If he could find those leaks, there's a good chance somebody else already had. And these days it seems the only way to get companies to acknowledge and fix leaks is to make them public, otherwise they get swept under the rug.
On a side note, having a hard time seeing how this falls under the purview of ICE. And I'm sure the government will be going after the medical telemarketing firm for a breach of HIPAA
Re: (Score:1)
TFA says: Although ICE's public image is often viewed through a lens of detentions and deportations, a large part of the agency's work includes fighting national security threats and fighting transnational crime, including prosecuting those who violate export laws.
Remember, this is publicly accessible data (Score:5, Insightful)
Re:Remember, this is publicly accessible data (Score:5, Insightful)
They're going after someone who walks down the virtual street pointing out things that are publicly accessible without a single functional access control mechanism. This isn't a "hacker," it's a person that points at something on the digital street that anyone could find and access anyway. This person has committed no crimes whatsoever in doing this.
He committed the worst crime imaginable in the eyes of the US Government.
He revealed the incompetence and ineffectiveness of a US Government security agency. To those in government, there are few crimes as onerous as revealing their incompetence and lawbreaking for all to see.
It appears that the NSA and other US TLAs have been too busy with US domestic mass surveillance, data-farming, and domestic political shenanigans to bother with piddly things like securing national infrastructure and other mundane tasks they were created to perform. Very sad.
Strat
interesting prioritization (Score:3)
the fuckups allowing all that private data to leak out won't be held accountable as wrongdoers, just the person pointing it all out
there's always more to the story than we're being told
target might be someone else (Score:1)
You may be jumping to the conclusion that this guy is under investigation -- possible, but not necessarily. The person under investigation could be the person who possibly exposed this data to the internet intentionally. If you are selling an ICE agent database, your client is a probably a drug exporter in Mexico, and the Internet facilitates transfer. Flash Gordon could be subpoena'ed as a material witness. Surely it happens, every once in a while, that the US justice system is seeking a legitimate bad
Re: (Score:2)
No, I'm jumping to the conclusion that the guy is being persecuted. They probably haven't yet decided what they're going to charge him with, but they'll come up with something. This isn't the way you contact someone to ask for their help, this is an attempt to bludgeon him with the law. Judging by what has thus far been said, the applicability of the law they're using is quite dubious, but if they can threaten Twitter enough, they can get the guy id'd. This is much more like coercion than asking for hel
Export Enforcement Subpoena??? (Score:1)
The Twitter user is in New Zealand, correct? What exactly got exported that requires enforcement? Also, none of the information ICE is asking for is covered by ITAR, so the subpoena is unenforceable on its face.
Twitter should just respond by ceasing to operate in the United States, which would have the added bonus effect of shutting up the Cheeto-in-Chief.
Shoot the messenger (Score:2)
And you will not get any bad news anymore. Short-term this may be nice, long-term it is a disaster. Is this agency staffed by complete and utter morons?
Whose security is the DHS defending? (Score:2)
The security of the American state, or of the incompetents who make these mistakes? Does ANYONE vote for the first?
*sigh* (Score:1)
There is probably a 30% chance this is legitimate (we want to talk to this person in case this was part of a planned leak) a 50% chance it is a scare tactic to prevent people from using free speech (if someone finds this information about LEOs they should tell us, not put it online), and a 20% chance it was reactionary chest thumping (how dare they make Law Enforcement Look bad!)
I hate living in a world where it's impossible to tell the difference without being incredibly biased one way or the other.
Re: (Score:2)
You are an anonymous poster on the internet presuming to speak for a government that lies more often than it tells the truth. Why should we believe you?