Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

U.K. Police Seek BlackBerry Messages Following Riots

BlackBerry maker Research In Motion has offered to help the police with their investigation, but has not specified what data will be shared.

Strategic Security Survey: Global Threat, LocalPain
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full slideshow)
Much of the current rioting and looting in London has been coordinated not just via Facebook and Twitter, but also via BlackBerry smartphones that use encrypted communications, according to British authorities.

Using social networks to coordinate protests is nothing new. But when it comes to BlackBerry devices, authorities would have difficulty cracking related communications, and in particular the BlackBerry Messenger (BBM) instant messaging system that is reportedly being favored by protestors.

But on Monday, BlackBerry manufacturer Research In Motion (RIM) said that it had offered to assist investigators. "We feel for those impacted by this weekend's riots in London. We have engaged with the authorities to assist in any way we can," said RIM global sales and regional marketing managing director Patrick Spence, in a statement.

"As in all markets around the world where BlackBerry is available, we cooperate with local telecommunications operators, law enforcement, and regulatory officials," he said, adding that RIM would comply with all relevant U.K. laws, as well as the U.K. government and police forces.

Some of the BBM messages, which can be broadcast from one person to many addresses, and transferred anonymously, have been reposted on social networks and across the Web. One BBM message, for example, read: "Police are NOT ON DIS TING. Everyone meet at 7 at Stratford park and let's get rich."

By many accounts, BlackBerry smartphones are a favored device for coordinating the riots, which largely seem to comprise teenagers and people in their twenties. The choice of smartphone, then, isn't surprising, since BlackBerry smartphones account for 37% of the teenage market share in Britain. That's according to a new Communications Market Report from Ofcom, the independent regulator and competition authority for the United Kingdom. "Anecdotal evidence suggests that this preference is driven by the BlackBerry messenger service (BBM) which offers a free alternative to texting (SMS)," according to the report, which was released on Thursday.

How might U.K. law enforcement agencies recover BBM messages, without RIM's overt offer to help? For starters, they'd have to apply for a court order requiring RIM to turn over requested communications. But RIM, based in Canada, wouldn't necessarily have to comply with those requests.

Law enforcement agencies in the United States also face procedural hoops requesting such data. "Law enforcement must use legal process to obtain information transmitted via BlackBerry," said Christopher Wolf, director of the privacy and information management practice at law firm Hogan Lovells and co-chair of the Future of Privacy Forum. "They cannot just present themselves and say, 'Let me see the data traffic.' For a CIO or telecom manager who might receive a demand from the police for access, the first thing he or she should do is call the company's lawyer for help."

In its statement, RIM didn't specify how it would work with British police. Furthermore, the company wasn't immediately available to respond to requests for comment, including details of how it would protect the privacy of people in Britain who may have communicated about--but not participated in--the riots, as well as whether it would share historical location information for subscribers.

The London riots broke out on Saturday. They were apparently triggered after a 29-year-old man, Mark Duggan, was shot in a minicab in the Tottenham area of London by police officers as part of what they termed a "planned operation," on Thursday, investigating gun crime. But details of his shooting remain unclear. That lack of clarity appears to have triggered the initial riots, leading to widespread looting, numerous fires, and multiple confrontations between protestors and police officers. By Monday night, after three days and nights of incidents, the rioting had spread to eight more areas, including the cities of Liverpool and Birmingham.

U.K. police have said they will prosecute anyone who used Twitter or Facebook to instigate violence. Interestingly, however, people in areas affected by the violence have turned to Twitter to coordinate cleanup efforts. By Tuesday, the Twitter account "Clean Up London" (@Riotcleanup) had attracted more than 70,000 followers.

Attend Enterprise 2.0 Santa Clara, Nov. 14-17, 2011, and learn how to drive business value with collaboration, with an emphasis on how real customers are using social software to enable more productive workforces and to be more responsive and engaged with customers and business partners. Register today and save 30% off conference passes, or get a free expo pass with priority code CPHCES02. Find out more and register.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15570
PUBLISHED: 2020-07-06
The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 mishandles memory allocation failures, which allows an attacker to cause a denial of service via a malformed crash file.
CVE-2020-15569
PUBLISHED: 2020-07-06
PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free in the PlayerGeneric destructor.
CVE-2020-7690
PUBLISHED: 2020-07-06
It's possible to inject JavaScript code via the html method.
CVE-2020-7691
PUBLISHED: 2020-07-06
It's possible to use <<script>script> in order to go over the filtering regex.
CVE-2020-15562
PUBLISHED: 2020-07-06
An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns (aka XML namespace) attribute of a HEAD element when an SVG element exists.