Group items tagged

When the incoming emails stopped arriving, it seemed innocuous at first. But it would eventually become clear that this was no routine technical problem. Inside a row of gray office buildings in Brussels, a major hacking attack was in progress. And the perpetrators were British government spies. It was in the summer of 2012 that the anomalies were initially detected by employees at Belgium’s largest telecommunications provider, Belgacom. But it wasn’t until a year later, in June 2013, that the company’s security experts were able to figure out what was going on. The computer systems of Belgacom had been infected with a highly sophisticated malware, and it was disguising itself as legitimate Microsoft software while quietly stealing data. Last year, documents from National Security Agency whistleblower Edward Snowden confirmed that British surveillance agency Government Communications Headquarters was behind the attack, codenamed Operation Socialist. And in November, The Intercept revealed that the malware found on Belgacom’s systems was one of the most advanced spy tools ever identified by security researchers, who named it “Regin.”

The full story about GCHQ’s infiltration of Belgacom, however, has never been told. Key details about the attack have remained shrouded in mystery—and the scope of the attack unclear. Now, in partnership with Dutch and Belgian newspapers NRC Handelsblad and De Standaard, The Intercept has pieced together the first full reconstruction of events that took place before, during, and after the secret GCHQ hacking operation. Based on new documents from the Snowden archive and interviews with sources familiar with the malware investigation at Belgacom, The Intercept and its partners have established that the attack on Belgacom was more aggressive and far-reaching than previously thought. It occurred in stages between 2010 and 2011, each time penetrating deeper into Belgacom’s systems, eventually compromising the very core of the company’s networks.

When the incoming emails stopped arriving, it seemed innocuous at first. But it would eventually become clear that this was no routine technical problem. Inside a row of gray office buildings in Brussels, a major hacking attack was in progress. And the perpetrators were British government spies. It was in the summer of 2012 that the anomalies were initially detected by employees at Belgium’s largest telecommunications provider, Belgacom. But it wasn’t until a year later, in June 2013, that the company’s security experts were able to figure out what was going on. The computer systems of Belgacom had been infected with a highly sophisticated malware, and it was disguising itself as legitimate Microsoft software while quietly stealing data. Last year, documents from National Security Agency whistleblower Edward Snowden confirmed that British surveillance agency Government Communications Headquarters was behind the attack, codenamed Operation Socialist. And in November, The Intercept revealed that the malware found on Belgacom’s systems was one of the most advanced spy tools ever identified by security researchers, who named it “Regin.”

While there is considerable telecom hubris regarding the 5G rollout and increasing speculation that the next generation of wireless is not yet ready for Prime Time, the industry continues to make promises to Rural America that it has no intention of fulfilling. Decades-long promises to deliver digital Utopia to rural America by T-Mobile, Verizon and AT&T have never materialized.  

In 2017, the USDA reported that 29% of American farms had no internet access. The FCC says that 14 million rural Americans and 1.2 million Americans living on tribal lands do not have 4G LTE on their phones, and that 30 million rural residents do not have broadband service compared to 2% of urban residents.  It’s beginning to sound like a Third World country. Despite an FCC $4.5 billion annual subsidy to carriers to provide broadband service in rural areas, the FCC reports that ‘over 24 million Americans do not have access to high-speed internet service, the bulk of them in rural area”while a  Microsoft Study found that  “162 million people across the US do not have internet service at broadband speeds.” At the same time, only three cable companies have access to 70% of the market in a sweetheart deal to hike rates as they avoid competition and the FCC looks the other way.  The FCC believes that it would cost $40 billion to bring broadband access to 98% of the country with expansion in rural America even more expensive.  While the FCC has pledged a $2 billion, ten year plan to identify rural wireless locations, only 4 million rural American businesses and homes will be targeted, a mere drop in the bucket. Which brings us to rural mapping: Since the advent of the digital age, there have been no accurate maps identifying where broadband service is available in rural America and where it is not available.  The FCC has a long history of promulgating unreliable and unverified carrier-provided numbers as the Commission has repeatedly ‘bungled efforts to produce accurate broadband maps” that would have facilitated rural coverage. During the Senate Commerce Committee hearing on April 10th regarding broadband mapping, critical testimony questioned whether the FCC and/or the telecom industry have either the commitment or the proficiency to provide 5G to rural America.  Members of the Committee shared concerns that 5G might put rural America further behind the curve so as to never catch up with the rest of the country

The United States, the United Kingdom and Australia have called on Facebook Inc to not go ahead with end-to-end encryption across its messaging services unless law enforcement officials have backdoor access, saying encryption hindered the fight against child abuse and terrorism.

The United States and United Kingdom also signed a special data agreement that would fast track requests from law enforcement to technology companies for information about the communications of terrorists and child predators. Law enforcement could get information in weeks or even days instead of the current wait of six months to two years. The latest tug-of-war between governments and tech companies over user data could also impact Apple Inc, Alphabet Inc’s Google and Microsoft Corp, as well as smaller encrypted chat apps like Signal.

Six4Three recently published a playbook for the FTC to get to the bottom of Facebook’s secretive deals selling user data without privacy controls. In light of The New York Times article reporting multiple criminal investigations into Facebook surrounding these secretive deals, we’re publishing the playbook for criminal investigators.Perhaps the most important recognition at the outset is that the secretive deals that have been reported, whether those with a handful of device manufacturers or with 150 large technology companies, are just the tip of the iceberg. Those secretive deals handing over user data in exchange for gobs of cash were merely part and parcel of a much broader illegal scheme that begins with Facebook’s transition to mobile in 2012 and continues to this very day. We believe this illegal scheme amounts to a clear RICO violation. The United Kingdom Parliament agrees. Here’s how criminal investigators can overcome Facebook’s incredibly effective concealment campaign and bring a viable RICO case.Facebook’s pattern of racketeering activity is a play in three acts from at least 2012 to present. The first act is all about the desperation resulting from the collapse of Facebook’s desktop advertising business right around its IPO and the various securities violations that resulted. The second act is about covering up those securities violations by illegally building its mobile advertising business via extortion and wire fraud in order to close the gap in Facebook’s revenue projections before the world took notice, which likely resulted in additional securities violations. The third act is about covering up the extortion and wire fraud by lying to government officials investigating Facebook while continuing to effectuate the scheme. We are still in the third act.For almost a decade now Facebook has been covering up one illegal act with another in order to hide how it managed to ramp up its mobile advertising business faster than any other business in the history of capitalism. The abuses of Facebook’s data, from Russian interference in the 2016 election to Cambridge Analytica and Brexit, all stem in substantial part from the decisions Facebook knowingly, willfully and maliciously made to facilitate this criminal conspiracy. Put simply, Facebook’s transition to mobile destabilized the world.

It seemed inevitable, and now it has happened: for the first time ever, feature phones have taken a backseat to smartphones in terms of quantities shipped. In the first quarter of 2013, device makers shipped 216.2 million smartphones worldwide, a volume that accounted for 51.6 percent of total global shipments and that marked the first time smartphones have claimed more than half of all quarterly shipments, according to market researcher IDC.

"Phone users want computers in their pockets," IDC analyst Kevin Restivo said in a statement. "The days where phones are used primarily to make phone calls and send text messages are quickly fading away."

Samsung continued to exert its dominance during the quarter, shipping 70.7 million smartphones for year-over-year growth of 60.7 percent. Second-place Apple shipped 37.4 million iPhones, up 6.6 percent. Other phone makers saw some seriously big surges: Rounding out the top five, LG shipped 10.3 million smartphones (up 110 percent), Huawei shipped 9.9 million (up 94 percent), and ZTE shipped 9.1 million (up 49 percent).

Harris Corp.’s Stingray surveillance device has been one of the most closely guarded secrets in law enforcement for more than 15 years. The company and its police clients across the United States have fought to keep information about the mobile phone-monitoring boxes from the public against which they are used. The Intercept has obtained several Harris instruction manuals spanning roughly 200 pages and meticulously detailing how to create a cellular surveillance dragnet. Harris has fought to keep its surveillance equipment, which carries price tags in the low six figures, hidden from both privacy activists and the general public, arguing that information about the gear could help criminals. Accordingly, an older Stingray manual released under the Freedom of Information Act to news website TheBlot.com last year was almost completely redacted. So too have law enforcement agencies at every level, across the country, evaded almost all attempts to learn how and why these extremely powerful tools are being used — though court battles have made it clear Stingrays are often deployed without any warrant. The San Bernardino Sheriff’s Department alone has snooped via Stingray, sans warrant, over 300 times.

The documents described and linked below, instruction manuals for the software used by Stingray operators, were provided to The Intercept as part of a larger cache believed to have originated with the Florida Department of Law Enforcement. Two of them contain a “distribution warning” saying they contain “Proprietary Information and the release of this document and the information contained herein is prohibited to the fullest extent allowable by law.”  Although “Stingray” has become a catch-all name for devices of its kind, often referred to as “IMSI catchers,” the manuals include instructions for a range of other Harris surveillance boxes, including the Hailstorm, ArrowHead, AmberJack, and KingFish. They make clear the capability of those devices and the Stingray II to spy on cellphones by, at minimum, tracking their connection to the simulated tower, information about their location, and certain “over the air” electronic messages sent to and from them. Wessler added that parts of the manuals make specific reference to permanently storing this data, something that American law enforcement has denied doing in the past.

One piece of Windows software used to control Harris’s spy boxes, software that appears to be sold under the name “Gemini,” allows police to track phones across 2G, 3G, and LTE networks. Another Harris app, “iDen Controller,” provides a litany of fine-grained options for tracking phones. A law enforcement agent using these pieces of software along with Harris hardware could not only track a large number of phones as they moved throughout a city but could also apply nicknames to certain phones to keep track of them in the future. The manual describing how to operate iDEN, the lengthiest document of the four at 156 pages, uses an example of a target (called a “subscriber”) tagged alternately as Green Boy and Green Ben:

Imagine a timeline of the universe, complete with high-resolution videos and images, in which you could zoom from a chronology of Egypt’s dynasties and pyramids to the tale of a Japanese-American couple interned in a World War II relocation camp to a discussion of a mass extinction that occurred on Earth 200 million years ago – all in seconds. Based on an idea from a University of California, Berkeley, student, ChronoZoom – essentially a zoomable timeline of timelines augmented with multimedia features –- is coming to life.

“A program obfuscator would be a powerful tool for finding plausible constructions for just about any cryptographic task you could conceive of,” said Yuval Ishai, of the Technion in Haifa, Israel. Precisely because of obfuscation’s power, many computer scientists, including Sahai and his colleagues, thought it was impossible. “We were convinced it was too powerful to exist,” he said. Their earliest research findings seemed to confirm this, showing that the most natural form of obfuscation is indeed impossible to achieve for all programs. Then, on July 20, 2013, Sahai and five co-authors posted a paper on the Cryptology ePrint Archive demonstrating a candidate protocol for a kind of obfuscation known as “indistinguishability obfuscation.” Two days later, Sahai and one of his co-authors, Brent Waters, of the University of Texas, Austin, posted a second paper that suggested, together with the first paper, that this somewhat arcane form of obfuscation may possess much of the power cryptographers have dreamed of. “This is the first serious positive result” when it comes to trying to find a universal obfuscator, said Boaz Barak, of Microsoft Research in Cambridge, Mass. “The cryptography community is very excited.” In the six months since the original paper was posted, more papers have appeared on the ePrint archive with “obfuscation” in the title than in the previous 17 years.

The EU has been known to make a lot of odd decisions when it comes to tech, such as forcing Microsoft's hand at including a "browser wheel" with its Windows OS, but this latest decision is one I think most people will agree with. One thing that's frustrating about different smartphones is the occasional requirement to use a different charger. More frustrating is actually losing one of these chargers, and being unable to charge your phone even though you might have 8 of another charger readily available.

While this decision would cut down on this happening, the focus is to cut down on waste. On Thursday, the EU's internal market and consumer protection committee voted on forcing smartphone vendors to adopt a standard charger, which common sense would imply means micro USB, given it's already featured on the majority of smartphones out there. The major exception is Apple, which deploys a Lightning connector with its latest iPhones. Apple already offers Lightning to micro USB cables, but again, those are only useful if you happen to own one, making a sudden loss of a charger all-the-more frustrating. While Lightning might offer some slight benefits, Apple implementing a micro USB connector instead would make situations like those a lot easier to deal with (I am sure a lot of us have multiple micro USB cables lying around). Even though this law was a success in the initial voting, the government group must still bring the proposal to the Council which will then lead to another vote being made in the Parliament. If it does end up passing, I have a gut feeling that Apple will modify only its European models to adhere to the law, while its worldwide models will remain with the Lightning connector. Or, Apple might be able to circumvent the law if it offers to include the micro USB cable in the box, essentially shipping the phone with that connector.

The secretive British spy agency GCHQ has developed covert tools to seed the internet with false information, including the ability to manipulate the results of online polls, artificially inflate pageview counts on web sites, “amplif[y]” sanctioned messages on YouTube, and censor video content judged to be “extremist.” The capabilities, detailed in documents provided by NSA whistleblower Edward Snowden, even include an old standby for pre-adolescent prank callers everywhere: A way to connect two unsuspecting phone users together in a call.

he “tools” have been assigned boastful code names. They include invasive methods for online surveillance, as well as some of the very techniques that the U.S. and U.K. have harshly prosecuted young online activists for employing, including “distributed denial of service” attacks and “call bombing.” But they also describe previously unknown tactics for manipulating and distorting online political discourse and disseminating state propaganda, as well as the apparent ability to actively monitor Skype users in real-time—raising further questions about the extent of Microsoft’s cooperation with spy agencies or potential vulnerabilities in its Skype’s encryption. Here’s a list of how JTRIG describes its capabilities: • “Change outcome of online polls” (UNDERPASS) • “Mass delivery of email messaging to support an Information Operations campaign” (BADGER) and “mass delivery of SMS messages to support an Information Operations campaign” (WARPARTH) • “Disruption of video-based websites hosting extremist content through concerted target discovery and content removal.” (SILVERLORD)

• “Active skype capability. Provision of real time call records (SkypeOut and SkypetoSkype) and bidirectional instant messaging. Also contact lists.” (MINIATURE HERO) • “Find private photographs of targets on Facebook” (SPRING BISHOP) • “A tool that will permanently disable a target’s account on their computer” (ANGRY PIRATE) • “Ability to artificially increase traffic to a website” (GATEWAY) and “ability to inflate page views on websites” (SLIPSTREAM) • “Amplification of a given message, normally video, on popular multimedia websites (Youtube)” (GESTATOR) • “Targeted Denial Of Service against Web Servers” (PREDATORS FACE) and “Distributed denial of service using P2P. Built by ICTR, deployed by JTRIG” (ROLLING THUNDER)