Skip to main content

Home/ Indie Nation/ Group items tagged access

Rss Feed Group items tagged

John Lemke

NSA reportedly intercepting laptops purchased online to install spy malware | The Verge - 0 views

  • According to a new report from Der Spiegel based on internal NSA documents, the signals intelligence agency's elite hacking unit (TAO) is able to conduct sophisticated wiretaps in ways that make Hollywood fantasy look more like reality. The report indicates that the NSA, in collaboration with the CIA and FBI, routinely and secretly intercepts shipping deliveries for laptops or other computer accessories in order to implant bugs before they reach their destinations. According to Der Spiegel, the NSA's TAO group is able to divert shipping deliveries to its own "secret workshops" in a method called interdiction, where agents load malware onto the electronics or install malicious hardware that can give US intelligence agencies remote access. While the report does not indicate the scope of the program, or who the NSA is targeting with such wiretaps, it's a unique look at the agency's collaborative efforts with the broader intelligence community to gain hard access to communications equipment. One of the products the NSA appears to use to compromise target electronics is codenamed COTTONMOUTH, and has been available since 2009; it's a USB "hardware implant" that secretly provides the NSA with remote access to the compromised machine.
  • The Der Spiegel report, which gives a broad look at TAO operations, also highlights the NSA's cooperation with other intelligence agencies to conduct Hollywood-style raids. Unlike most of the NSA's operations which allow for remote access to targets, Der Spiegel notes that the TAO's programs often require physical access to targets. To gain physical access, the NSA reportedly works with the CIA and FBI on sensitive missions that sometimes include flying NSA agents on FBI jets to plant wiretaps. "This gets them to their destination at the right time and can help them to disappear again undetected after even as little as a half hour's work," the report notes.
  •  
    While the scope or the targets are reportedly not known, the article also does not mention anything about a search warrant. This is what happens when the government feels they are above the law.
John Lemke

BBC News - Blizzard cuts off Iranian access to World of Warcraft - 0 views

  • "This week, Blizzard tightened up its procedures to ensure compliance with these laws, and players connecting from the affected nations are restricted from access to Blizzard games and services," read the statement. Unfortunately, said Blizzard, the same sanctions meant it could not give refunds to players in Iran or help them move their account elsewhere. "We apologise for any inconvenience this causes and will happily lift these restrictions as soon as US law allows," it added. Although the block on Wow has been imposed by Blizzard, other reports suggest a wider government ban might have been imposed.
John Lemke

The Internet Isn't Broken; So Why Is The ITU Trying To 'Fix' It? | Techdirt - 0 views

  • Of course, internet access has already been spreading to the far corners of the planet without any "help" from the ITU. Over two billion people are already online, representing about a third of the planet. And, yes, spreading that access further is a good goal, but the ITU is not the player to do it. The reason that the internet has been so successful and has already spread as far as it has, as fast as it has, is that it hasn't been controlled by a bureaucratic government body in which only other governments could vote. Instead, it was built as an open interoperable system that anyone could help build out. It was built in a bottom up manner, mainly by engineers, not bureaucrats. Changing that now makes very little sense.
  • And that's the thing. The internet works just fine. The only reason to "fix" it, is to "break" it in exactly the way the ITU wants, which is to favor a few players who have done nothing innovative to actually deserve it.
John Lemke

Active malware operation let attackers sabotage US energy industry | Ars Technica - 0 views

  • Researchers have uncovered a malware campaign that gave attackers the ability to sabotage the operations of energy grid owners, electricity generation firms, petroleum pipelines, and industrial equipment providers.
  • the hacking group managed to install one of two remote access trojans (RATs) on computers belonging to energy companies located in the US and at least six European countries, according to a
  • Called Dragonfly
  • ...3 more annotations...
  • "This campaign follows in the footsteps of Stuxnet, which was the first known major malware campaign to target ICS systems," the Symantec report stated. "While Stuxnet was narrowly targeted at the Iranian nuclear program and had sabotage as its primary goal, Dragonfly appears to have a much broader focus with espionage and persistent access as its current objective with sabotage as an optional capability if required."
  • been in operation since at least 2011
  • "The Dragonfly group is technically adept and able to think strategically," the Symantec report stated. "Given the size of some of its targets, the group found a 'soft underbelly' by compromising their suppliers, which are invariably smaller, less protected companies."
John Lemke

Cops to Congress: We need logs of Americans' text messages | Politics and Law - CNET News - 0 views

  • CNET has learned a constellation of law enforcement groups has asked the U.S. Senate to require that wireless companies retain that information, warning that the lack of a current federal requirement "can hinder law enforcement investigations." They want an SMS retention requirement to be "considered" during congressional discussions over updating a 1986 privacy law for the cloud computing era -- a move that could complicate debate over the measure and erode support for it among civil libertarians. As the popularity of text messages has exploded in recent years, so has their use in criminal investigations and civil lawsuits. They have been introduced as evidence in armed robbery, cocaine distribution, and wire fraud prosecutions. In one 2009 case in Michigan, wireless provider SkyTel turned over the contents of 626,638 SMS messages, a figure described by a federal judge as "staggering."
John Lemke

Kim Dotcom Teases Megabox, Reveals Exclusive Artists? | TorrentFreak - 0 views

  • Kim Dotcom is determined to put the major music labels out of business with Megabox. At the same time he promises to give artists full control over their own work and a healthy revenue stream. Today Dotcom released a video on the making of Megabox which unveils some of the service’s features. The video also shows “The Black Keys,” “Rusko,” “Two Fingers” and “Will.i.am” as exclusive artists.
  • So why would artists join Megabox in the first place? The goal of Megabox is to give the public access to free music and compensate artists through advertising revenue. Megaupload’s founder believes that this “free music” business model has the potential to decrease music piracy while giving artists proper compensation for their work. This revenue comes from the Megakey application that users have to install. Megakey works like an ad blocker, but instead of blocking ads it replaces a small percentage with Mega’s own ads. Those who prefer not to install the app have the option to buy the music instead.
  • “These new solutions will allow content creators to keep 90% of all earnings and generate significant income from the untapped market of free downloads,” Dotcom said.
John Lemke

Want to remotely control a car? $20 in parts, some oily fingers, and you're in command ... - 0 views

  • untraceable, off-the-shelf parts worth $20 that can give wireless access to the car's controls while it's on the road.
  • Illera and fellow security researcher Javier Vazquez-Vidal said that they had tested the CAN Hacking Tool (CHT) successfully on four popular makes of cars and had been able to apply the emergency brakes while the car was in motion, affect the steering, turn off the headlights, or set off the car alarm.
  • currently only works via Bluetooth,
John Lemke

Yahoo webcam images from millions of users intercepted by GCHQ | World news | theguardi... - 0 views

  • Britain's surveillance agency GCHQ, with aid from the US National Security Agency, intercepted and stored the webcam images of millions of internet users not suspected of wrongdoing, secret documents reveal.
  • between 2008 and 2010
  • Optic Nerve, the documents provided by NSA whistleblower Edward Snowden show, began as a prototype in 2008 and was still active in 2012, according to an internal GCHQ wiki page accessed that year.The system, eerily reminiscent of the telescreens evoked in George Orwell's 1984, was used for experiments in automated facial recognition, to monitor GCHQ's existing targets, and to discover new targets of interest. Such searches could be used to try to find terror suspects or criminals making use of multiple, anonymous user IDs
  • ...1 more annotation...
  • Optic Nerve was based on collecting information from GCHQ's huge network of internet cable taps, which was then processed and fed into systems provided by the NSA. Webcam information was fed into NSA's XKeyscore search tool, and NSA research was used to build the tool which identified Yahoo's webcam traffic.
John Lemke

The NSA Uses Powerful Toolbox in Effort to Spy on Global Networks - SPIEGEL ONLINE - 0 views

  • According to internal NSA documents viewed by SPIEGEL, these on-call digital plumbers are involved in many sensitive operations conducted by American intelligence agencies. TAO's area of operations ranges from counterterrorism to cyber attacks to traditional espionage. The documents reveal just how diversified the tools at TAO's disposal have become -- and also how it exploits the technical weaknesses of the IT industry, from Microsoft to Cisco and Huawei, to carry out its discreet and efficient attacks. The unit is "akin to the wunderkind of the US intelligence community," says Matthew Aid, a historian who specializes in the history of the NSA. "Getting the ungettable" is the NSA's own description of its duties. "It is not about the quantity produced but the quality of intelligence that is important," one former TAO chief wrote, describing her work in a document. The paper seen by SPIEGEL quotes the former unit head stating that TAO has contributed "some of the most significant intelligence our country has ever seen." The unit, it goes on, has "access to our very hardest targets."
  •  
    Page One of a good three page read on just how extensive the government's illegal spying operations actually are... the worst part is it is just how extensive the portions of it we know about are!
John Lemke

How LexisNexis and others may have unwittingly aided identity thieves | Ars Technica - 0 views

  • Wednesday's report exposes serious risks in what banks, mortgage companies, and other financial services call "knowledge-based authentication." Representatives from these services frequently rely on a list of about 100 questions such as "What was your previous address?" or "Which company services your mortgage?" when trying to determine if the person on the phone or filling out an application is the individual he claims to be. Ready access to the data stored by the data aggregators can make the difference between a fraudulent application being approved or rejected. Krebs goes on to recount a story told by Gartner fraud analyst Avivah Litan about a fellow analyst who witnessed an identity thief in action.
John Lemke

Officials Say U.S. May Never Know Extent of Snowden's Leaks - NYTimes.com - 0 views

  • “They’ve spent hundreds and hundreds of man-hours trying to reconstruct everything he has gotten, and they still don’t know all of what he took,” a senior administration official said. “I know that seems crazy, but everything with this is crazy.”
  • In recent days, a senior N.S.A. official has told reporters that he believed Mr. Snowden still had access to documents not yet disclosed. The official, Rick Ledgett, who is heading the security agency’s task force examining Mr. Snowden’s leak, said he would consider recommending amnesty for Mr. Snowden in exchange for those documents.
  • “So, my personal view is, yes, it’s worth having a conversation about,” Mr. Ledgett told CBS News. “I would need assurances that the remainder of the data could be secured, and my bar for those assurances would be very high. It would be more than just an assertion on his part.”
John Lemke

Microsoft Announces Windows 10 | TechCrunch - 0 views

  • Starting tomorrow, Microsoft will launch a Windows Insider Program that will give users who are comfortable with running very early beta software access to Windows 10. This first preview will be available for laptops and desktops. A build for servers will follow later.
  • The company went on to detail that its new operating system will have a tailored user experience between different screen sizes — that’s to say that if you are on a smaller device, you will see a different sort of user interface. The code will run across all device categories: “One product family. One platform. One store.”
  • Put more bluntly, the company is going for the enterprise crown.
  • ...4 more annotations...
  • bringing back a few features of Windows 7
  • ncluding a redesigned start menu that combines the basic Windows 7 menu with the (resizable) tiles of the Windows 8 start screen. Windows 8 Metro apps can now also open in a windowed mode on the desktop, so you aren’t taking into the full-screen mode by default and you can use a “modern” Windows 8 side by side with a standard Windows desktop app.
  • multiple desktops
  • command line, too, which has also been improved quite a bit.
  •  
    "the last 943 people to cover the operating system got the name wrong."
John Lemke

Hackers charged with stealing Xbox, 'Call of Duty,' and US Army secrets worth over $100... - 0 views

  • Four hackers have been jointly charged with conspiracies to commit computer fraud, copyright infringement, wire fraud, mail fraud, identity theft, and theft of trade secrets. Individually, they have been charged with counts of aggravated identity theft, unauthorized computer access, copyright infringement, and wire fraud.
  • The defendants, aged between 18 and 28, are believed to have stolen more than $100 million in intellectual property and other proprietary data from the likes of Microsoft Corporation, Epic Games, Valve, and even the US Army. This includes pre-release versions of Gears of War 3 and Call of Duty: Modern Warfare 3, Apache helicopter simulation software developed for the US army, and information about the Xbox One console. Two of the suspects have pleaded guilty, one of which is 22-year old David Pokora. His plea represents what may be the first conviction of a foreign-based individual for hacking into US businesses to steal trade secret information.
  • 18-count superseding indictment
John Lemke

The White House Big Data Report: The Good, The Bad, and The Missing | Electronic Fronti... - 0 views

  • the report recognized that email privacy is critical
  • one issue was left conspicuously unaddressed in the report. The Securities and Exchange Commission, the civil agency in charge of protecting investors and ensuring orderly markets, has been advocating for a special exception to the warrant requirement. No agency can or should have a get-out-of-jail-free card for bypassing the Fourth Amendment.
  • the algorithm is only as fair as the data fed into it.
  • ...22 more annotations...
  • the danger of discrimination remains due to the very digital nature of big data
  • especially the elderly, minorities, and the poor
  • an example of this in Boston, which had a pilot program to allow residents to report potholes through a mobile app but soon recognized that the program was inherently flawed because “wealthy people were far more likely to own smart phones and to use the Street Bump app. Where they drove, potholes were found; where they didn’t travel, potholes went unnoted.”
  • The authors of the report agree, recommending that the Privacy Act be extended to all people, not just US persons.
  • metadata (the details associated with your communications, content, or actions, like who you called, or what a file you uploaded file is named, or where you were when you visited a particular website) can expose just as much information about you as the “regular” data it is associated with, so it deserves the same sort of privacy protections as “regular” data.
    • John Lemke
       
      What is Metadate... then discuss
  • The report merely recommended that the government look into the issue.
    • John Lemke
       
      Did the report give a strong enough recommendation? "looking into" and doing are much different
  • several other government reports have taken a much stronger stance and explicitly stated that metadata deserves the same level of privacy protections as “regular” data.
  • We think the report should have followed the lead of the PCAST report and acknowledged that the distinction between data and metadata is an artificial one, and recommended the appropriate reforms.
    • John Lemke
       
      I very strongly agree.  The report failed in this area.
  • the White House suggested advancing the Consumer Privacy Bill of Rights, which includes the idea that “consumers have a right to exercise control over what personal data companies collect from them and how they use it,” as well as “a right to access and correct personal data.”
  • Consumers have a right to know when their data is exposed, whether through corporate misconduct, malicious hackers, or under other circumstances. Recognizing this important consumer safeguard, the report recommends that Congress “should pass legislation that provides a single national data breach standard along the lines of the Administration's May 2011 Cybersecurity legislative proposal.”
  • While at first blush this may seem like a powerful consumer protection, we don’t think that proposal is as strong as existing California law. The proposed federal data breach notification scheme would preempt state notification laws, removing the strong California standard and replacing it with a weaker standard.
    • John Lemke
       
      In other words, it failed at what can be done and it would actually lower standards when compared to what California has in place currently.
  • We were particularly disconcerted
  • the Fort Hood shooting by Major Nidal Hasan
    • John Lemke
       
      WTF? how did he get in this group?
  • two big concerns
  • First, whistleblowers are simply not comparable to an Army officer who massacres his fellow soldiers
  • Secondly, the real big-data issue at play here is overclassification of enormous quantities of data.
  • Over 1.4 million people hold top-secret security clearances. In 2012, the government classified 95 million documents. And by some estimates, the government controls more classified information than there is in the entire Library of Congress.
    • John Lemke
       
      Don't leave this stat out.  More classified documents than LOC documents.  WTF? A "democracy" with more secret documents than public?
  • The report argues that in today’s connected world it’s impossible for consumers to keep up with all the data streams they generate (intentionally or not), so the existing “notice and consent” framework (in which companies must notify and get a user’s consent before collecting data) is obsolete. Instead, they suggest that more attention should be paid to how data is used, rather than how it is collected.
    • John Lemke
       
      This is the most troubling part perhaps,  isn't the collection without consent where the breech of privacy begins?
    • John Lemke
       
      "notice and consent"
  • An unfortunate premise of this argument is that automatic collection of data is a given
  • While we agree that putting more emphasis on responsible use of big data is important, doing so should not completely replace the notice and consent framework.
  • Despite being a fairly thorough analysis of the privacy implications of big data, there is one topic that it glaringly omits: the NSA’s use of big data to spy on innocent Americans.
    • John Lemke
       
      If we ignore it, it will go away?  Did they not just mostly ignore it and accept it as a given for corporations and completely ignore it regarding the government? Pretty gangster move isn't it?
  • Even though the review that led to this report was announced during President Obama’s speech on NSA reform, and even though respondents to the White House’s Big Data Survey “were most wary of how intelligence and law enforcement agencies are collecting and using data about them,” the report itself is surprisingly silent on the issue.2 This is especially confusing given how much the report talks about the need for more transparency in the private sector when it comes to big data. Given that this same logic could well be applied to intelligence big data programs, we don’t understand why the report did not address this vital issue.
John Lemke

New Zealand Launched Mass Surveillance Project While Publicly Denying It - The Intercept - 0 views

  • Documents provided by NSA whistleblower Edward Snowden show that the government worked in secret to exploit a new internet surveillance law enacted in the wake of revelations of illegal domestic spying to initiate a new metadata collection program that appeared designed to collect information about the communications of New Zealanders.
  • Those actions are in direct conflict with the assurances given to the public by Prime Minister John Key (pictured above), who said the law was merely designed to fix “an ambiguous legal framework” by expressly allowing the agency to do what it had done for years, that it “isn’t and will never be wholesale spying on New Zealanders,” and the law “isn’t a revolution in the way New Zealand conducts its intelligence operations.”
  • Snowden explained that “at the NSA, I routinely came across the communications of New Zealanders in my work with a mass surveillance tool we share with GCSB, called ‘X KEYSCORE.”" He further detailed that “the GCSB provides mass surveillance data into XKEYSCORE. They also provide access to the communications of millions of New Zealanders to the NSA at facilities such as the GCSB facility in Waihopai, and the Prime Minister is personally aware of this fact.”
  • ...4 more annotations...
  • Top secret documents provided by the whistleblower demonstrate that the GCSB, with ongoing NSA cooperation, implemented Phase I of the mass surveillance program code-named “Speargun” at some point in 2012
  • Over the weekend, in anticipation of this report, Key admitted for the first time that the GCSB did plan a program of mass surveillance aimed at his own citizens, but claimed that he ultimately rejected the program before implementation. Yesterday, after The Intercept sought comment from the NSA, the Prime Minister told reporters in Auckland that this reporting was referring merely to “a proposed widespread cyber protection programme that never got off the ground.” He vowed to declassify documents confirming his decision.
  • That legislation arose after it was revealed in 2012 that the GCSB illegally surveilled the communications of Megaupload founder Kim Dotcom, a legal resident of New Zealand. New Zealand law at the time forbade the GCSB from using its surveillance apparatus against citizens or legal residents. That illegal GCSB surveillance of Dotcom was followed by a massive military-style police raid by New Zealand authorities on his home in connection with Dotcom’s criminal prosecution in the United States for copyright violations. A subsequent government investigation found that the GCSB not only illegally spied on Dotcom but also dozens of other citizens and legal residents. The deputy director of GCSB resigned. The government’s response to these revelations was to refuse to prosecute those who ordered the illegal spying and, instead, to propose a new law that would allow domestic electronic surveillance.
    • John Lemke
       
      The Dotcom raid was ruled illegal.  Yet the Dotcom spying was exactly the type of activity of this plan.
  • n high-level discussions between the Key government and the NSA, the new law was clearly viewed as the crucial means to empower the GCSB to engage in metadata surveillance. On more than one occasion, the NSA noted internally that Project Speargun, in the process of being implemented, could not and would not be completed until the new law was enacted.
John Lemke

White House releases trusted Internet ID plan - security, government, Google, Gary Lock... - 0 views

  •  
    The U.S. government will coordinate private-sector efforts to create trusted identification systems for the Internet, with the goal of giving consumers and businesses multiple options for authenticating identity online, according to a plan released by President Barack Obama's administration. The National Institute of Standards and Technology (NIST) will work with private companies to drive development and adoption of trusted ID technologies, White House officials said. The National Strategy for Trusted Identities in Cyberspace (NSTIC), released by the Department of Commerce on Friday, aims to protect the privacy and security of Internet users by encouraging a broad online authentication market in the U.S. "The fact is that the old password and username combination we often use to verify people is no longer good enough," Commerce Secretary Gary Locke said at an NSTIC release event hosted by the U.S. Chamber of Commerce. "It leaves too many consumers, government agencies and businesses vulnerable to ID and data theft."
John Lemke

UK prime minister wants backdoors into messaging apps or he'll ban them | Ars Technica - 0 views

  • He said the Paris attacks, including the one last week on satirical newspaper Charlie Hebdo, underscored the need for greater access.
    • John Lemke
       
      Did they use such encryption in the attack? Would they have been caught even if encryption were not being used? what is up with that, we didn't do any better at catching thugs when they used CBs and many thugs are no smart enough to use encryption and still go uncaught.
1 - 19 of 19
Showing 20 items per page