Posted on June 07, 2015 by Rift Recon
Last week, the 2015 Oslo Freedom Forum united hundreds of international voices to address some of the world’s most critical human rights issues with the goals of challenging ideas and implementing change. The Rift Recon Team was on site running the conference’s first Tech Lab, which was designed to advise the attending activists, journalists, attorneys, artists, government officials, and other warm bodies on sensitive issues of security, privacy, and anonymity.
“This year’s company presence was markedly different from last year’s,” said Rift Recon CEO Eric Michaud, “Last year we combined a presentation with subsequent focus groups, but we discovered an incredible demand for extensive individualized attention and for competent security practitioners to be present in an ‘on-call’ manner. We then pitched the concept of a “tech lab” to OFF and began planning for the next phase.”
CEO Eric Michaud, Intelligence Instructor Brian O’Shea and Web Application Security Specialist Mike Fauzy worked together over a ten-hour period to address the concerns of a diverse array of inquiring minds, all with the common goal of attacking human rights violations. The team walked attendees through modified risk assessments to determine unique threat levels; probing for adversarial information, personal security capabilities, perceived danger to life, information on past security breaches, and more.
“We knew that presenting a trifecta of experts in their respective fields was critically important,” noted Brian O’Shea, “Unfortunately there tends to be a ‘one-size-fits-all’ approach to working with at-risk populations, when in fact their needs vary extensively and require tailored advice. For example, if we’re speaking to secure communication, some people aren’t using the internet at all and are exclusively sharing information face-to-face, while some are operating in a country where the prevalent phone company is targeting them, ensuring none of their phone communications are secure. You can’t provide those two parties with the same canned advice - the stakes are high, and you’re apt to get people killed.”
Rift Recon is in the process of following up with a handful of at-risk individuals they attended to at OFF and are busy laying the groundwork for an increased focus on human rights issues for the remainder of the year.
“We feel privileged to be welcomed into the trusted community that the Human Rights Foundation facilitates,” Michaud remarked, “We’re honored to be in a position to meet the needs of so many global pioneers.”
For more information on this year’s Oslo Freedom Forum, visit their website for press, upcoming events, and videos of this year’s speakers.
- Arianna Travaglini
Executive Assistant at Rift Recon
Posted on May 24, 2015 by Rift Recon
Tomorrow kicks off the seventh annual Oslo Freedom Forum (OFF) hosted by the Human Rights Foundation (HRF), a non-profit organization that promotes and protects human rights globally, with a focus on closed societies. At last year’s revolutionary conference Rift Recon traveled across the world to present a comprehensive security workshop to the crowds of rights defenders, scholars, dissidents, policymakers, Nobel Laureates,
visionaries, heads of state, journalists, and other activists. Due to the undeniable popularity of the workshop and the demand for more individualized attention to specific incidences of threat and vulnerability, Rift Recon returned to OFF this year in a refurbished capacity.
On Monday May 25th from 11:00-19:30 the team, consisting of CEO Eric Michaud, Intelligence Instructor Brian O’Shea and Web Application Security Specialist Mike Fauzy, will be receiving conference attendees, speakers, staff and sponsors in the 7th Floor Conference Center during a day-long “Tech Lab”.
My experience [at OFF] last year was incredibly enlightening,” said Michaud, who has advised on physical security, lockpicking, and hackerspaces for over a decade, “I was introduced to a number of people who were doing innovative global work, operating at a very high risk level while practicing minimal security measures. That’s terrifying! We want to provide the people fighting for our freedom with accessible, actionable ways to promote 360 degrees of security so that their voices can continue to be heard.”
When a layman hears the word “adversary”, they may think of a competitive coworker or a neighbor with a grudge. In human rights work, that adversary could be an oppressive dictatorship or a violent military regime, and activists must be proactive about educating themselves on preventative security practices and measures.
“Oftentimes with human rights work, the stakes are very high and the adversaries are very talented,” noted Fauzy, who has 15 years of combined experience in software development and Information Security,
“You have to have a clear understanding of who your threat agent is and what their capabilities and resources are, as well as accurately assess your own resources and capacity to defend yourself.”
Tech Lab participants are encouraged to arrive with specific inquiries in mind. They will first be filtered through introductory questions designed to highlight their priorities and determine whether their threats are predominantly physical, cyber, or social in nature. They will then be directed to the appropriate specialist(s) and complete a more thorough risk and vulnerability assessment before receiving customized advice and resource referrals. If necessary, more detailed follow-up appointments will be scheduled on site.
“The number one reason secure measures are not applied is because people are insecure about their own ability to implement them,” remarked O’Shea, who has spent over 20 years in the field of investigations and intelligence, “Knowledge is empowering - if you let yourself be intimidated by the unknown, you’re exposing yourself as a target. People like soft targets, not hard targets. The more expensive you are to go after, the less adversaries will be tempted to attack.”
Tech Lab visitors who are less concerned about a particular threat but curious about generally improving their security skills will also have the opportunity to attend a more informal session with multiple Rift Recon specialists later on in the week.
“These days I have to remind folks that security goes much farther than just downloading an application or installing a program,” Michaud pointed out, “We’re changing people’s idea of how security works. We’re here without agenda - we just want to help people.”
- Arianna Travaglini
Executive Assistant at Rift Recon
Posted on November 06, 2014 by Rift Recon
Back in May of this year, Rift Recon CEO Eric Michaud and Lead Trainer Brian O'Shea were poised to present a comprehensive security workshop geared toward protecting high-risk individuals in possession of sensitive information at the 2014 Oslo Freedom Forum (OFF).
When a hotel union labor strike unexpectedly occurred, the conference was postponed until October 20-22. This left Rift Recon a few months to reexamine and refurbish their presentation, bringing in skilled reinforcements in the way of notorious author, blogger and journalist Violet Blue.
Rift Recon staffer Arianna Travaglini recently got the opportunity to sit down and chat with Blue after she’d returned to the States. She asked Blue about her experience at OFF, the success of her talk, and what it was like working so closely with Rift Recon.
Was this your first time at OFF? If so, how was your overall experience?
This was my first OFF. I’m so thankful I got to participate, because it centered me as a person, a professional and as a citizen of the world. I’ve never been to a conference where every minute was packed with high value; OFF is the pinnacle of connecting with people who make a difference. It was also very emotional, connecting with people who have suffered and given up their personal freedom so that others can have light on their experience – this, among many other things hit home for me. I got to meet and connect with people doing investigative work in other countries that we’re just not hearing about in the Western world – even though some of them are reporting on atrocities and misdeeds in Western countries. I plan to stay connected to everyone I met (a rarity for me) and further their work wherever I can.
I was also relieved to find that so many people shared my views about the OFF experience itself; I had mixed feelings about a couple of things, but I found out I was far from alone in my feelings and observations. Also, I left feeling centered in my purpose, and glad to have stepped very far out of the hacker/activist bubbles to find out where the gaps are between tech’s edges and the needs of people on the ground. People like me, we have much work to do! It’s hard and painful work, but it’s good work.
I did walk away with a very deep anger toward people making security products who don’t understand the gravity of the situations their products go into. For so many entrepreneurs, security is almost just a game to them, a Kickstarter they hope gets popular or an app they try to make into a rockstar vehicle. The people I made lifelong friends with at OFF… just one wrongheaded piece of advice from an armchair activist, of something like using Tor at the wrong place and time, it will actually get them – or me – killed. I met, drank, ate, danced and hugged and bonded with people who have been stabbed, had watched their mother raped, even ate human flesh to survive – people who spoke out against beating women, against surveillance, people who escaped dictators only to emerge with a determination to fight back. They are hunted, watched, and they are targets. Anyone who makes a security product with a promise it can’t deliver must know that what they’re doing has real, horrible harm at the other end of it, and they must be made accountable.
How did your collaboration with Rift Recon affect your OFF experience?
It enriched my experience, without a doubt. I almost always present alone, and in just the session I did with Rift, I realized there’s a lot more everyone can get out of the material when we combine forces, so to speak. Of course, having presented a session and making myself available meant that there were things I had to miss seeing at OFF. This was because I was working one-on-one with people to do risk assessments and needs/action items – as well as just comparing opsec notes among high-risk journalists, which I realized keeps us sane – but I wouldn’t trade it for anything. Getting to speak alongside Rift was incredible, and I also have to add that I was really impressed with my co-presenters. I hadn’t seen them present, though we all collaborated on the material of course, and watching the way they handled on-the-fly issues throughout the session made me really proud that I was up there with them.
How do you feel your talk was received? If you could do it again, would you do anything differently?
When people come up to you afterward and thank you for making them feel less alone, you know you can sleep that night. It was an honor to have so many amazing people come talk with me afterward, excitedly, and also to be able to share advice with them that I’d learned from working in digitally hostile environments around the world for the past few years. I was really energized when I got to connect with one woman afterward who had amazingly similar opsec practices as I do; you know, it’s such a personal thing, and so unique to every situation and source you deal with. She reports on her investigations tracing terrorist organization funding in a location that’s, at the very least, extremely hostile to women. And we shared opsec practices during and after the presentation; it was incredible!
If I could do anything differently, it would be to have more time, and a breakout session afterward – though I had an impromptu one, nevertheless. The attendees and participants needed more one-on-one time, they had a ton of questions that needed answering. I could have done an entire session on risk assessment in the digital reporting environment. It’s needed.
What was your favorite part of attending OFF?
Every. Single. Minute.
Violet Blue (@violetblue) is an awarded author, notorious blogger, and independent journalist for CNET, Zero Day, ZDNet, CBS News and other outlets. Blue is a notorious public pundit on privacy activism and bleeding-edge tech culture. She is an educator, speaker, crisis counselor, volunteer NGO trainer: Blue is outspoken and controversial. She lost a domain to Libya, has been yelled at by Steve Jobs, and was the first female podcaster. Ms. Blue is well known for breaking news stories at the intersection of cybercrime and activism, as well as the impact of technology on at-risk populations. She was first to break the stories of Wikipedia’s paid-editing scandal; the hacking of US Government institutions such as The Federal Bank and Federal Sentencing website by Anonymous; the Google “real name” (“nymwars”) debacle; and many more stories. Blue has worked and taught in the healthcare harm reduction sectors for over a decade, and participates as an instructor at the UCSF Global Health Program live simulations, where she works alongside Doctors Without Borders and other NGOs to train on-the-ground crisis workers in circumventing hostile media situations.
- Arianna Travaglini
Executive Assistant at Rift Recon
Rift Recon tailors its clients from a suite of exclusive security service providers, in order to meet their specialized needs in software or hardware, utilities for cyber/physical security assessment, tool creation and team outfitting, as well as specialized trainings, and expert referrals.
Our team meets and verifies all equipment needs from solid standards to exotic tooling, and deftly handles client needs for cyber and physical security specialist placement.
Rift operates across a variety of security disciplines including product security, physical security, hardware/software research, and development (including middleware, electronic devices and kits). We also cater to professionals who are striving to meet their own clients’ various cyber and physical security needs.
Our client range spans independent trainers, corporations, to high net worth individuals. We consult red teams, independent cyber or physical security contractors, product security teams, and companies that require exacting, and/or executive-grade assessment reports.
Rift provides a suite of services.
Rift Recon excels at identifying and recruiting top-level talent, and holds a strong track record for meeting our clients’ unique physical security needs.
Discreet and methodical, Rift stands as the premiere company in the world positioned to expertly source, secure, or innovate and manufacture hardware to meet the exacting - often critical - software and hardware security needs of its clients.
Contact Rift Recon day or night for gear, consultations, to explore opportunities, or even just to find out more: [email protected]