I was thinking about this today and the best thing I could come up with is to volunteer at a food bank, homeless shelter, veteran assistance effort, or something meaningful to those that need it. Anything to directly connect my desire to change society to a kinetic action with real people. I’m not rich but still able-bodied and I work in tech. I’m always drifting off thinking about building something, a fence, minor repairs to a home, or even fixing a car where my hands could be more useful. Our country as portrayed through these digital devices is not the same nation we live in. Those people are there to monetize your anger and frustration, contempt, and outrage. Deny them thes responses and uplift your communities instead. You’ll feel better for it. I will feel better for it. Thank you and be safe!
You’ll be lucky if it’s any longer than 24-hours now. There’s no business use case for building and maintaining the technological infrastructure to manage it for years. It’s private info and they can’t sell it to anyone without legal liability. If LE gave them the funds to build this infrastructure and use it for retention then the service provider is essentially an agent of the state at that point.
I can only imagine that the scale of all US SMS messages is absolutely staggering. It probably eclipses all other text formats combined in terms of daily production. Here's a blog post from a few years ago estimating it at 26 billion text messages per day and rising: https://www.textrequest.com/blog/how-many-texts-people-send-...
Not counting media and assuming they are all 160 byte messages, that's 4 terabytes per day, or about 200 wikipedia's per day. I guess that's not too bad in terms of storage requirements, certainly a management amount of data for a telecom to store. But assuming that you want those indexed and easily retrievable somehow, it could get very burdensome to manage and interact with, and that tends to balloon the size at least a little bit as well.
The liability and legal issues around it (both externally and internally - don't want employees spying on their exes, leaking data from celebs, in addition to the policing issues, etc) makes it pretty undesirable to store though.
You are correct. There’s also varying 2-party/1-party consent required depending on the state in the absence of a warrant. But unless you’re targeting the devices, you will not get much at all from service providers. They simply don’t keep it contrary to what I read here.
Major service providers do not maintain SMS history beyond 24 hours, let alone 1-7 years (last time I worked a case that is). They’re transparent about it as well. Look up the LE liaison contacts on their sites and they’ll clearly list what is available or not available. That’s why it’s crucial to get the actual devices themselves. Reason: the infrastructure to manage SMS content for every customer for 7 years with zero business justification/use case is phenomenal. They’d spend most of their time responding to civil and criminal subpoenas/warrants. That would be a feat the NSA would be proud of. Been there and done that a 100 times. (This also aligns with certain VPN providers refusing to keep logs. It’s a cost that provides zero returns, so they cut it as a business decision, not because they’re trying to stick it to the man.
They sold access to send or send/receive messages for use cases where customers would legitimately consent. E.G. a wireless Bluetooth accessory that wants to access and reply to SMS message content on Apple devices that Apple won't grant access to.
Still. It meant a very powerful API key had to be protected and never abused.
I can only imagine others obtain God SMS access like this with less than ethical intentions.
I'm surprised to hear this has changed so significantly since the snowden leaks. Especially after the blatant attack on Qwest CEO Joseph Nacchio for refusing to spy. It was established then that the major mobile telcos in the USA were keeping and providing sms full data for 2-5 years (t-mobile, at&t, verizon, etc).
There's no reason for them to keep those records, other than for law enforcement's sake. No use case for calling up your operator to ask about that text message you got "from Fred at 4am one day a couple years ago."
From a legal perspective, internal counsel may not be able to shield certain things as attorney work product. If an outside counsel is representing the firm the attorney work product privilege is almost impenetrable (in US law). And the privilege can be asserted across all dealings around the investigation and the results. Any firm relying solely on internal counsel needs new counsel. Retainers are a thing.
Are there any “start here” guides for beginning reversing? Like a break it down Barney style? I’ve done some self study and shadowing teams at work but I need to fill in the gaps. Thanks!
Go to The Netherlands, go to Vrije Universiteit Amsterdam. Follow a course called "Binary and Malware Analysis" (if it's still called that). It's from the VUSec group. Follow: Hardware Security, Systems Security and Kernel Programming while you're at it ;-)
These were the hardest courses of my life.
That's all I know, I wish I had an easier answer. I happen to have lived there at the time. I was lucky in that regard for accidentally finding that course.
I can share what worked for me, although I am by no means a pro
I found the book "Reverse Engineering for beginners" quite useful. Its a bit tedious but if your serious about it and go through it a bit it'll give you some solid practice.
Also, write, compile, and reverse own snippets of your code to get more intuition about how things work.
Finally work on a actual target, not something crazy like Photoshop or Word but at least something real to get the practical experience. It might be a bit of a grind but when you do manage to crack/hack whatever it is your trying on, its an euphoric feeling
I learned by jumping head first into a program that used blowfish encryption to calculate a license and etc. the company was gone so this was the only option.
There is definitely a “clicks” moment. It took me three weeks from zero to key generator. Absolutely time worth spending.
As you can see in the other replies, there are many paths that lead to reverse engineering, but I feel like the best way to make the concepts stick is to have "reverse engineer X" be a problem standing in your way (where X is a piece of software, a protocol, etc.)
When you have that problem and you need to solve it, you have a target to throw all the "darts" those tutorials give you, and this will probably be more effective than just reading the material and hoping you'll use some of it in the future.
In my experience, you can learn reversing in an empirical fashion. Download Ghidra or IDA pro, and get cracking. Google every question you may have as you place breakpoints and modify control flow.
Or atleast that's how I got started as a midschooler with infinite time. Also try playing around with Cheat Engine. Don't let it's name fool you, it's a very advanced debugger that's capable to do way more than make you a bullet sponge :)
It’s odd the article likens the popularity of digital currencies to a time immediately preceding the 2008 financial crisis when it is exactly such a crisis that compelled the idea. There’s no point in reading the article any further.
