Group items tagged

NSA Director Finally Admits Encryption Is Needed to Protect Public’s Privacy The new stance denotes a growing awareness within the government that Americans are not comfortable with the State’s grip on their data. By Carey Wedler | AntiMedia | January 22, 2016 Share this article! https://mail.google.com/mail/?view=cm&fs=1&to&su=NSA%20Director%20Finally%20Admits%20Encryption%20Is%20Needed%20to%20Protect%20Public%E2%80%99s%20Privacy&body=http%3A%2F%2Fwww.mintpress

Rogers cited the recent Office of Personnel Management hack of over 20 million users as a reason to increase encryption rather than scale it back. “What you saw at OPM, you’re going to see a whole lot more of,” he said, referring to the massive hack that compromised the personal data about 20 million people who obtained background checks. Rogers’ comments, while forward-thinking, signify an about face in his stance on encryption. In February 2015, he said he “shares [FBI] Director [James] Comey’s concern” about cell phone companies’ decision to add encryption features to their products. Comey has been one loudest critics of encryption. However, Rogers’ comments on Thursday now directly conflict with Comey’s stated position. The FBI director has publicly chastised encryption, as well as the companies that provide it. In 2014, he claimed Apple’s then-new encryption feature could lead the world to “a very dark place.” At a Department of Justice hearing in November, Comey testified that “Increasingly, the shadow that is ‘going dark’ is falling across more and more of our work.” Though he claimed, “We support encryption,” he insisted “we have a problem that encryption is crashing into public safety and we have to figure out, as people who care about both, to resolve it. So, I think the conversation’s in a healthier place.”

At the same hearing, Comey and Attorney General Loretta Lynch declined to comment on whether they had proof the Paris attackers used encryption. Even so, Comey recently lobbied for tech companies to do away with end-to-end encryption. However, his crusade has fallen on unsympathetic ears, both from the private companies he seeks to control — and from the NSA. Prior to Rogers’ statements in support of encryption Thursday, former NSA chief Michael Hayden said, “I disagree with Jim Comey. I actually think end-to-end encryption is good for America.” Still another former NSA chair has criticized calls for backdoor access to information. In October, Mike McConnell told a panel at an encryption summit that the United States is “better served by stronger encryption, rather than baking in weaker encryption.” Former Department of Homeland Security chief, Michael Chertoff, has also spoken out against government being able to bypass encryption.

The battle over the Federal Communications Commission’s (FCC) repeal of net neutrality rules is entering a new phase, with opponents of the move launching efforts to preserve the Obama-era consumer protections.The net neutrality rules had required internet service providers to treat all web traffic equally. Republicans on the commission decried the regulatory structure as a gross overreach, and quickly moved to reverse them once the Trump administration came to power. The reversal of the rules was published in the Federal Register Thursday, and even though the order is months away from implementation, net neutrality supporters are now free to mount legal challenges to the action. A coalition of Democratic state attorneys general, public interest groups and internet companies have vowed to fight in the courts. Twenty-three states, led by New York and its attorney general, Eric Schneiderman (D), have already filed a lawsuit. 

Even if Democrats do manage to find the tie-breaking vote in the Senate, the bill is almost certain to die in the House. But Democrats see a roll call vote as an opportunity to make GOP members stake out a position on an issue that they think could resonate in the midterm elections. On yet another front, Democratic states around the country have already launched their own attack on the FCC’s rules. Five governors (from Montana, Hawaii, New Jersey, Vermont and New York) have in recent weeks signed executive orders forbidding their states from doing business with internet service providers who violate net neutrality principles. And, according to the pro-net neutrality group Free Press, legislatures in 26 states are weighing bills that would codify their own open internet protections. The local efforts could ignite a separate legal battle over whether states have the authority to counteract the FCC’s order, which included a provision preempting them from replacing the rules.

The emerging court battle over net neutrality could keep the issue in limbo for years.Meanwhile, a separate battle over the rules is brewing in Congress.Senate Democrats have secured enough support to force a vote on a bill that would undo the FCC’s December vote and leave the net neutrality rules in place. The bill, which is being pushed by Sen. Ed MarkeyEdward (Ed) John MarkeyRegulators seek to remove barriers to electric grid storage Markey, Paul want to know if new rules are helping opioid treatment Oil spill tax on oil companies reinstated as part of budget deal MORE (D-Mass.), would use a legislative tool called the Congressional Review Act (CRA) to roll back the FCC’s repeal of net neutrality. The entry of the FCC’s repeal order in the Federal Register Thursday means that the Senate has 60 legislative days to move on the CRA bill. Democrats have secured support from one Republican, Sen. Susan CollinsSusan Margaret CollinsOvernight Tech: Judge blocks AT&T request for DOJ communications | Facebook VP apologizes for tweets about Mueller probe | Tech wants Treasury to fight EU tax proposal Overnight Regulation: Trump to take steps to ban bump stocks | Trump eases rules on insurance sold outside of ObamaCare | FCC to officially rescind net neutrality Thursday | Obama EPA chief: Reg rollback won't stand FCC to officially rescind net neutrality rules on Thursday MORE (Maine), and need just one more to cross the aisle for the bill to pass the chamber. 

Earlier this March, cyber-security firm Kaspersky Labs released information on a newly discovered, highly advanced piece of malware dubbed Slingshot. The malware targeted Latvian-made Internet routers popular in the Middle East, Africa, and Southeast Asia. Kaspersky’s reports reveal that the malware had been active since at least 2012, and speculates that it was government-made, owing to its sophistication and its use of novel techniques rarely seen elsewhere. Those investigating the matter further have drawn the conclusion that Slingshot was developed by the U.S. government, with some reports quoting former officials as connecting it to the Pentagon’s JSOC special forces. For those following the cyber security and malware sphere, this is a huge revelation, putting the U.S. government in the hot seat for deploying cyber attacks that harm a much greater range of innocent users beyond their intended targets. Kaspersky’s own findings note that the code was written in English, using a driver flaw to allow the implanting of various types of spyware. Among those mentioned by Moscow-based Kaspersky was an implant named “GOLLUM,” which notably was mentioned in one of the leaked Edward Snowden documents. Further findings suggest that Slingshot had common code with only two other known pieces of software, both malwares, which were attributed to the NSA and CIA, respectively, by analysts. Though various U.S. agencies are all denying comment, things are clearly pointing uncomfortably in their direction.

A group of Chinese computer scientists from academia and industry have published a paper documenting a tool for fooling facial recognition software by shining hat-brim-mounted infrared LEDs on the user's face, projecting CCTV-visible, human-eye-invisible shapes designed to fool the face recognition software. The tactic lets the attacker specify which face the categorizer should "see" -- the researchers were able to trick the software into recognizing arbitrary faces as belonging to the musician Moby, the Korean politician Hoi-Chang and others.

1. Executive Summary Ahmed Mansoor is an internationally recognized human rights defender, based in the United Arab Emirates (UAE), and recipient of the Martin Ennals Award (sometimes referred to as a “Nobel Prize for human rights”).  On August 10 and 11, 2016, Mansoor received SMS text messages on his iPhone promising “new secrets” about detainees tortured in UAE jails if he clicked on an included link. Instead of clicking, Mansoor sent the messages to Citizen Lab researchers.  We recognized the links as belonging to an exploit infrastructure connected to NSO Group, an Israel-based “cyber war” company that sells Pegasus, a government-exclusive “lawful intercept” spyware product.  NSO Group is reportedly owned by an American venture capital firm, Francisco Partners Management. The ensuing investigation, a collaboration between researchers from Citizen Lab and from Lookout Security, determined that the links led to a chain of zero-day exploits (“zero-days”) that would have remotely jailbroken Mansoor’s stock iPhone 6 and installed sophisticated spyware.  We are calling this exploit chain Trident.  Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements.   We are not aware of any previous instance of an iPhone remote jailbreak used in the wild as part of a targeted attack campaign, making this a rare find.

The Trident Exploit Chain: CVE-2016-4657: Visiting a maliciously crafted website may lead to arbitrary code execution CVE-2016-4655: An application may be able to disclose kernel memory CVE-2016-4656: An application may be able to execute arbitrary code with kernel privileges Once we confirmed the presence of what appeared to be iOS zero-days, Citizen Lab and Lookout quickly initiated a responsible disclosure process by notifying Apple and sharing our findings. Apple responded promptly, and notified us that they would be addressing the vulnerabilities. We are releasing this report to coincide with the availability of the iOS 9.3.5 patch, which blocks the Trident exploit chain by closing the vulnerabilities that NSO Group appears to have exploited and sold to remotely compromise iPhones. Recent Citizen Lab research has shown that many state-sponsored spyware campaigns against civil society groups and human rights defenders use “just enough” technical sophistication, coupled with carefully planned deception. This case demonstrates that not all threats follow this pattern.  The iPhone has a well-deserved reputation for security.  As the iPhone platform is tightly controlled by Apple, technically sophisticated exploits are often required to enable the remote installation and operation of iPhone monitoring tools. These exploits are rare and expensive. Firms that specialize in acquiring zero-days often pay handsomely for iPhone exploits.  One such firm, Zerodium, acquired an exploit chain similar to the Trident for one million dollars in November 2015. The high cost of iPhone zero-days, the apparent use of NSO Group’s government-exclusive Pegasus product, and prior known targeting of Mansoor by the UAE government provide indicators that point to the UAE government as the likely operator behind the targeting. Remarkably, this case marks the third commercial “lawful intercept” spyware suite employed in attempts to compromise Mansoor.  In 2011, he was targeted with FinFisher’s FinSpy spyware, and in 2012 he was targeted with Hacking Team’s Remote Control System.  Both Hacking Team and FinFisher have been the object of several years of revelations highlighting the misuse of spyware to compromise civil society groups, journalists, and human rights workers.

Over the last two years, researchers in China and the United States have begun demonstrating that they can send hidden commands that are undetectable to the human ear to Apple’s Siri, Amazon’s Alexa and Google’s Assistant. Inside university labs, the researchers have been able to secretly activate the artificial intelligence systems on smartphones and smart speakers, making them dial phone numbers or open websites. In the wrong hands, the technology could be used to unlock doors, wire money or buy stuff online — simply with music playing over the radio.

Researchers can now send secret audio instructions undetectable to the human ear to Apple’s Siri, Amazon’s Alexa and Google’s Assistant.

Military planners should not anticipate that the United States will ever dominate cyberspace, the Joint Chiefs of Staff said in a new doctrinal publication. The kind of supremacy that might be achievable in other domains is not a realistic option in cyber operations. “Permanent global cyberspace superiority is not possible due to the complexity of cyberspace,” the DoD publication said. In fact, “Even local superiority may be impractical due to the way IT [information technology] is implemented; the fact US and other national governments do not directly control large, privately owned portions of cyberspace; the broad array of state and non-state actors; the low cost of entry; and the rapid and unpredictable proliferation of technology.” Nevertheless, the military has to make do under all circumstances. “Commanders should be prepared to conduct operations under degraded conditions in cyberspace.” This sober assessment appeared in a new edition of Joint Publication 3-12, Cyberspace Operations, dated June 8, 2018. (The 100-page document updates and replaces a 70-page version from 2013.) The updated DoD doctrine presents a cyber concept of operations, describes the organization of cyber forces, outlines areas of responsibility, and defines limits on military action in cyberspace, including legal limits.

The new cyber doctrine reiterates the importance and the difficulty of properly attributing cyber attacks against the US to their source. “The ability to hide the sponsor and/or the threat behind a particular malicious effect in cyberspace makes it difficult to determine how, when, and where to respond,” the document said. “The design of the Internet lends itself to anonymity and, combined with applications intended to hide the identity of users, attribution will continue to be a challenge for the foreseeable future.”

Now Google, at the behest of its friends in Washington, is actively censoring – essentially blocking access to – any websites which seek to warn American workers of the ongoing effort to further attack their incomes, social services, and life conditions by the U.S. central government, and which seek to warn against the impending warfare between U.S.-led Nato and other forces against countries like Iran, Russia, and China, which have in no way threatened the U.S. state or its people

Under its new so-called anti-fake-news program, Google algorithms have in the past few months moved socialist, anti-war, and progressive websites from previously prominent positions in Google searches to positions up to 50 search result pages from the first page, essentially removing them from the search results any searcher will see.    CounterPunch, World Socialist Website, Democracy Now, American Civil liberties Union, Wikileaks are just a few of the websites which have experienced severe reductions in their returns from Google searches.  World Socialist Website, to cite just one example, has experienced a 67% drop in its returns from Google since the new policy was announced. This conversion of Google into a Censorship engine is not a trivial development.   Google searches are currently a primary means by which workers and other members of the public seek information about their lives and their world.  Every effort must be made to combat this serious infringement on the basic rights of freedom of speech and freedom of press.

The Israeli Deputy Foreign Minister, Member of Knesset Tzipi Hotovely, held meetings this week with representatives of YouTube and Google, to find ways of cooperating to censor Palestinian videos from occupied Palestine, videos she dubbed as “inciting violence and terrorism.”Israeli daily Maariv said Hotovely will be working with Google and YouTube officials in a joint mechanism that will be in charge of “monitoring and preventing” any publication of materials deemed by Tel Aviv to be “inflammatory.” Hotovely announced in a Hebrew-only press release that she met with YouTube CEO Susan Wojcicki, and Google’s Director of Public Policy, Jennifer Oztzistzki, at Google’s Silicon Valley Offices. Hotovely said that she received a comprehensive review mechanism for companies to monitor the films that allegedly incite violence, claiming that the supposed ‘incitement videos’ drive young children to go out and stab: ‘The attacks daily in Israel are the result of youths and children incited by the education system and the social networks, this is a daily war of incitement.’ She said that Google agreed to strengthen the bilateral relations with Israel’s Foreign Ministry, and build a mechanism of “collaborative work” that would make both parties partners in monitoring the published materials and censoring them. The Israeli move comes amidst escalating tension in occupied Palestine, and a large number of videos, including those showing Israeli soldiers and officers killing Palestinians execution-style after injuring them, and many videos that in general highlight the suffering of the Palestinian people, living under the illegal Israeli occupation of Palestine. The Israeli coordination with Google and YouTube has very serious implications, and many journalists have spoken out in opposition, saying it is a direct assault on the Freedom of the Press.

All foreign journalists who report in the Occupied Territories are required to register with the Israeli military, and any footage that they film is required to go through the Israeli Military Censor’s office before it can be released. With the recent advances in technology, many Palestinians and other civilians have been able to post videos uncensored online. The Israeli government has frequently voiced its discontent with this development, and have worked to find ways to continue to censor videos coming out of the Occupied Palestinian Territories.

The security research team at Checkmarx has made something of a habit of uncovering alarming vulnerabilities, with past disclosures covering Amazon’s Alexa and Tinder. However, a  discovery of vulnerabilities affecting Google and Samsung smartphones, with the potential to impact hundreds of millions of Android users, is the biggest to date. What did the researchers discover? Oh, only a way for an attacker to take control of smartphone camera apps and remotely take photos, record video, spy on your conversations by recording them as you lift the phone to your ear, identify your location, and more. All of this performed silently, in the background, with the user none the wiser.

everal technology companies including Snap Inc, Pinterest, Dropbox and eBay announced a coalition on Tuesday that would advocate the benefits of Section 230, a decades-old law protecting internet firms.Section 230 of the Communications Decency Act protects tech companies from liability over content posted by users, and has been under attack from U.S. President Donald Trump and Republican lawmakers. They have criticized internet platforms’ content moderation decisions and accused them of stifling conservative voices.

Trump said earlier this month that he would veto the $740 billion National Defense Authorization Act unless it includes a measure eliminating the law.

The coalition, Internet Works, said on Tuesday it aims to ensure that policymakers understand “the potential unintended consequences of blunt changes to the law”, including limiting effective content moderation efforts."This coalition brings new voices and diverse perspectives to Washington's current Section 230 debate, which too often focuses on the largest internet platforms," it said here.

Google and Amazon are both set to help build “Project Nimbus,” a mammoth new cloud computing project for the Israeli government and military that is spurring intense dissent among employees and the public alike. Shareholders of both firms will soon vote on resolutions that would mandate reconsideration of a project they fear has grave human rights consequences. Little is known of the plan, reportedly worth over $1 billion, beyond the fact that it would consolidate the Israeli government’s public sector cloud computing needs onto servers housed within the country’s borders and subject solely to Israeli law, rather than remote data centers distributed around the world. Part of the plan’s promise is that it would insulate Israel’s computing needs from threats of international boycotts, sanctions, or other political pressures stemming from the ongoing military occupation of Palestine; according to a Times of Israel report, the terms of the Project Nimbus contract prohibit both companies from shutting off service to the government, or from selectively excluding certain government offices from using the new domestic cloud.

While a wide variety of government ministries will make use of the new computing power and data storage, the fact that Google and Amazon may be directly bolstering the capabilities of the Israeli military and internal security services has generated alarm from both human rights observers and company engineers. In October 2021, The Guardian published a letter from a group of anonymous Google and Amazon employees objecting to their company’s participation. “This technology allows for further surveillance of and unlawful data collection on Palestinians, and facilitates expansion of Israel’s illegal settlements on Palestinian land,” the letter read. “We cannot look the other way, as the products we build are used to deny Palestinians their basic rights, force Palestinians out of their homes and attack Palestinians in the Gaza Strip — actions that have prompted war crime investigations by the international criminal court.” In March, an American Google employee who had helped organize the employee opposition to Nimbus said the company abruptly told her she could either move to Brazil or lose her job, a move she said was retaliation for her stance. Nimbus will now face a referendum of sorts among Google and Amazon shareholders, who next month will vote on a pair of resolutions that call for company-funded reviews of their participation in that project and others that might harm human rights.

A once-robust alliance of federal agencies, tech companies, election officials and researchers that worked together to thwart foreign propaganda and disinformation has fragmented after years of sustained Republican attacks.The GOP offensive started during the 2020 election as public critiques and has since escalated into lawsuits, governmental inquiries and public relations campaigns that have succeeded in stopping almost all coordination between the government and social media platforms.The most recent setback came when the FBI put an indefinite hold on most briefings to social media companies about Russian, Iranian and Chinese influence campaigns. Employees at two U.S. tech companies who used to receive regular briefings from the FBI’s Foreign Influence Task Force told NBC News that it has been months since the bureau reached out. In a testimony last week to the Senate Homeland Security Committee, FBI Director Christopher Wray signaled a significant pullback in communications with tech companies and tied the move to rulings by a conservative federal judge and appeals court that said some government agencies and officials should be restricted from communicating and meeting with social media companies to moderate content. The case is now on hold pending Supreme Court review.“We’re having some interaction with social media companies,” Wray said. “But all of those interactions have changed fundamentally in the wake of the court rulings.”