So the NCFTA is a nonprofit organisation which exists to share non-personally-identifiable-information (non-PII) with US Government police and security services:
NCFTA director Ron Plesco lists off his organization’s purpose rotely: “We do information sharing with three goals: ID the cybercrime threat, share toward mitigation, share toward neutralization of threat.”
As part of a non-profit, Plesco could not comment specifically on CISPA, which would, as currently drafted, allow companies to share much richer and more individualized data directly with the government. “We get network data,” says Plesco. “Not PII (personally identifiable information).”
It seems like NCFTA has had a bit of mission creep:
In a lengthy post online, the hackers wrote that last March, they hacked a laptop belonging to an FBI agent named Christopher K. Stangl from the bureau’s Regional Cyber Action Team and the New York FBI office’s Evidence Response Team.
The hackers say the IDs were stored in a file on Stangl’s desktop titled “NCFTA_iOS_devices_intel.csv.”
The file, according to the hackers, contained a list of more than 12 million Apple iOS devices, including Unique Device Identifiers (UDID), user names, names of devices, types of devices, Apple Push Notification Service tokens, ZIP codes, cellphone numbers, and addresses. The hackers released only 1 million UDIDs, however, and did not release the accompanying personal information for the IDs.
Check out the filename.
And now I finally understand where all the recent chatter amongst UK cyber agencies about information sharing with private industry is coming from.
Leave a Reply