Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged Remote-Control-System

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

New Snowden Docs Indicate Scope of NSA Preparations for Cyber Battle - SPIEGEL ONLINE - 0 views

www.spiegel.de/...or-cyber-battle-a-1013409.html

surveillance state war & peace cyberwar Snowden NSA-docs

shared by Paul Merrell on 20 Jan 15 - No Cached
  • The NSA's mass surveillance is just the beginning. Documents from Edward Snowden show that the intelligence agency is arming America for future digital wars -- a struggle for control of the Internet that is already well underway.
  • The Birth of D Weapons According to top secret documents from the archive of NSA whistleblower Edward Snowden seen exclusively by SPIEGEL, they are planning for wars of the future in which the Internet will play a critical role, with the aim of being able to use the net to paralyze computer networks and, by doing so, potentially all the infrastructure they control, including power and water supplies, factories, airports or the flow of money.
  • From a military perspective, surveillance of the Internet is merely "Phase 0" in the US digital war strategy. Internal NSA documents indicate that it is the prerequisite for everything that follows. They show that the aim of the surveillance is to detect vulnerabilities in enemy systems. Once "stealthy implants" have been placed to infiltrate enemy systems, thus allowing "permanent accesses," then Phase Three has been achieved -- a phase headed by the word "dominate" in the documents. This enables them to "control/destroy critical systems & networks at will through pre-positioned accesses (laid in Phase 0)." Critical infrastructure is considered by the agency to be anything that is important in keeping a society running: energy, communications and transportation. The internal documents state that the ultimate goal is "real time controlled escalation". One NSA presentation proclaims that "the next major conflict will start in cyberspace." To that end, the US government is currently undertaking a massive effort to digitally arm itself for network warfare. For the 2013 secret intelligence budget, the NSA projected it would need around $1 billion in order to increase the strength of its computer network attack operations. The budget included an increase of some $32 million for "unconventional solutions" alone.
  • ...5 more annotations...
  • NSA Docs on Network Attacks and ExploitationExcerpt from the secret NSA budget on computer network operations / Code word GENIE Document about the expansion of the Remote Operations Center (ROC) on endpoint operations Document explaining the role of the Remote Operations Center (ROC) Interview with an employee of NSA's department for Tailored Access Operations about his field of work Supply-chain interdiction / Stealthy techniques can crack some of SIGINT's hardest targets Classification guide for computer network exploitation (CNE) NSA training course material on computer network operations Overview of methods for NSA integrated cyber operations NSA project description to recognize and process data that comes from third party attacks on computers Exploring and exploiting leaky mobile apps with BADASS Overview of projects of the TAO/ATO department such as the remote destruction of network cards iPhone target analysis and exploitation with Apple's unique device identifiers (UDID) Report of an NSA Employee about a Backdoor in the OpenSSH Daemon NSA document on QUANTUMSHOOTER, an implant to remote-control computers with good network connections from unknown third parties
  • NSA Docs on Malware and ImplantsCSEC document about the recognition of trojans and other "network based anomaly" The formalized process through which analysts choose their data requirement and then get to know the tools that can do the job QUANTUMTHEORY is a set of technologies allowing man-on-the-side interference attacks on TCP/IP connections (includes STRAIGHTBIZARRE and DAREDEVIL) Sample code of a malware program from the Five Eyes alliance
  • NSA Docs on ExfiltrationExplanation of the APEX method of combining passive with active methods to exfiltrate data from networks attacked Explanation of APEX shaping to put exfiltrating network traffic into patterns that allow plausible deniability Presentation on the FASHIONCLEFT protocol that the NSA uses to exfiltrate data from trojans and implants to the NSA Methods to exfiltrate data even from devices which are supposed to be offline Document detailing SPINALTAP, an NSA project to combine data from active operations and passive signals intelligence Technical description of the FASHIONCLEFT protocol the NSA uses to exfiltrate data from Trojans and implants to the NSA
  • Part 2: How the NSA Reads Over Shoulders of Other Spies
  • According to top secret documents from the archive of NSA whistleblower Edward Snowden seen exclusively by SPIEGEL, they are planning for wars of the future in which the Internet will play a critical role, with the aim of being able to use the net to paralyze computer networks and, by doing so, potentially all the infrastructure they control, including power and water supplies, factories, airports or the flow of money. During the 20th century, scientists developed so-called ABC weapons -- atomic, biological and chemical. It took decades before their deployment could be regulated and, at least partly, outlawed. New digital weapons have now been developed for the war on the Internet. But there are almost no international conventions or supervisory authorities for these D weapons, and the only law that applies is the survival of the fittest. Canadian media theorist Marshall McLuhan foresaw these developments decades ago. In 1970, he wrote, "World War III is a guerrilla information war with no division between military and civilian participation." That's precisely the reality that spies are preparing for today.
  • Paul Merrell on 20 Jan 15
     
    Major dump of new Snowden NSA docs by Der Spiegel, with an article by a large team of reporters and computer security experts. Topic: Cyberwar capabilities, now and in the near future. 
Paul Merrell

Testosterone Pit - Home - The Other Reason Why IBM Throws A Billion At Linux ... - 0 views

www.testosteronepit.com/...billion-at-linux-with-nsa.html

surveillance state NSA Linux Linux-backdoor Solaris FreeBSD Darwin

shared by Paul Merrell on 18 Oct 13 - No Cached
  • IBM announced today that it would throw another billion at Linux, the open-source operating system, to run its Power System servers. The first time it had thrown a billion at Linux was in 2001, when Linux was a crazy, untested, even ludicrous proposition for the corporate world. So the moolah back then didn’t go to Linux itself, which was free, but to related technologies across hardware, software, and service, including things like sales and advertising – and into IBM’s partnership with Red Hat which was developing its enterprise operating system, Red Hat Enterprise Linux. “It helped start a flurry of innovation that has never slowed,” said Jim Zemlin, executive director of the Linux Foundation. IBM claims that the investment would “help clients capitalize on big data and cloud computing with modern systems built to handle the new wave of applications coming to the data center in the post-PC era.” Some of the moolah will be plowed into the Power Systems Linux Center in Montpellier, France, which opened today. IBM’s first Power Systems Linux Center opened in Beijing in May. IBM may be trying to make hay of the ongoing revelations that have shown that the NSA and other intelligence organizations in the US and elsewhere have roped in American tech companies of all stripes with huge contracts to perfect a seamless spy network. They even include physical aspects of surveillance, such as license plate scanners and cameras, which are everywhere [read.... Surveillance Society: If You Drive, You Get Tracked].
  • Then another boon for IBM. Experts at the German Federal Office for Security in Information Technology (BIS) determined that Windows 8 is dangerous for data security. It allows Microsoft to control the computer remotely through a “special surveillance chip,” the wonderfully named Trusted Platform Module (TPM), and a backdoor in the software – with keys likely accessible to the NSA and possibly other third parties, such as the Chinese. Risks: “Loss of control over the operating system and the hardware” [read.... LEAKED: German Government Warns Key Entities Not To Use Windows 8 – Links The NSA.
  • It would be an enormous competitive advantage for an IBM salesperson to walk into a government or corporate IT department and sell Big Data servers that don’t run on Windows, but on Linux. With the Windows 8 debacle now in public view, IBM salespeople don’t even have to mention it. In the hope of stemming the pernicious revenue decline their employer has been suffering from, they can politely and professionally hype the security benefits of IBM’s systems and mention in passing the comforting fact that some of it would be developed in the Power Systems Linux Centers in Montpellier and Beijing. Alas, Linux too is tarnished. The backdoors are there, though the code can be inspected, unlike Windows code. And then there is Security-Enhanced Linux (SELinux), which was integrated into the Linux kernel in 2003. It provides a mechanism for supporting “access control” (a backdoor) and “security policies.” Who developed SELinux? Um, the NSA – which helpfully discloses some details on its own website (emphasis mine): The results of several previous research projects in this area have yielded a strong, flexible mandatory access control architecture called Flask. A reference implementation of this architecture was first integrated into a security-enhanced Linux® prototype system in order to demonstrate the value of flexible mandatory access controls and how such controls could be added to an operating system. The architecture has been subsequently mainstreamed into Linux and ported to several other systems, including the Solaris™ operating system, the FreeBSD® operating system, and the Darwin kernel, spawning a wide range of related work.
  • ...1 more annotation...
  • Among a slew of American companies who contributed to the NSA’s “mainstreaming” efforts: Red Hat. And IBM? Like just about all of our American tech heroes, it looks at the NSA and other agencies in the Intelligence Community as “the Customer” with deep pockets, ever increasing budgets, and a thirst for technology and data. Which brings us back to Windows 8 and TPM. A decade ago, a group was established to develop and promote Trusted Computing that governs how operating systems and the “special surveillance chip” TPM work together. And it too has been cooperating with the NSA. The founding members of this Trusted Computing Group, as it’s called facetiously: AMD, Cisco, Hewlett-Packard, Intel, Microsoft, and Wave Systems. Oh, I almost forgot ... and IBM. And so IBM might not escape, despite its protestations and slick sales presentations, the suspicion by foreign companies and governments alike that its Linux servers too have been compromised – like the cloud products of other American tech companies. And now, they’re going to pay a steep price for their cooperation with the NSA. Read...  NSA Pricked The “Cloud” Bubble For US Tech Companies
Paul Merrell

Newest Remote Car Hacking Raises More Questions About Reporter's Death - WhoWhatWhy - 0 views

whowhatwhy.org/...uestions-about-reporters-death

Dark-State car-hacking Hastings

shared by Paul Merrell on 25 Jul 15 - No Cached
  • As readers of WhoWhatWhy know, our site has been one of the very few continuing to explore the fiery death two years ago of investigative journalist Michael Hastings, whose car left a straight segment of a Los Angeles street at a high speed, jumped the median, hit a tree, and blew up.Our original report described anomalies of the crash and surrounding events that suggest cutting-edge foul play—that an external hacker could have taken control of Hastings’s car in order to kill him. If this sounds too futuristic, a series of recent technical revelations has proven that “car hacking” is entirely possible. The latest just appeared this week.
  • Hackers, seeking to demonstrate the vulnerability of automobiles to remote attacks, were able to largely take over the Jeep Cherokee driven by a writer for the tech magazine Wired:Their code is an automaker’s nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country.They were able to make his car decelerate suddenly, causing the writer to “narrowly avert death” at the hands of a semi-trailer coming up behind him.In an earlier demonstration, they had been able to do similar things with other vehicles:In the summer of 2013, I drove a Ford Escape and a Toyota Prius around a South Bend, Indiana, parking lot while they sat in the backseat with their laptops, cackling as they disabled my brakes, honked the horn, jerked the seat belt, and commandeered the steering wheel.
  • All of this is increasingly drawing the attention—and action— of the authorities. U.S. Senators Richard Blumenthal (D-CT) and Edward J. Markey (D-MA), members of the Commerce, Science and Transportation Committee, introduced legislation Tuesday seeking to establish federal standards for security and privacy of drivers in today’s computer-laden cars.What we do not hear is any discussion about whether the risk has gone beyond the realm of possibility…to a reality.
  • ...2 more annotations...
  • Back when Michael Hastings died, former counterterrorism czar Richard Clarke—by all accounts a sober, no-nonsense man—said that the Hastings’s crash was “consistent with a car cyber attack” and that it was likely that intelligence agencies knew “how to remotely seize control of a car.”It is worth noting, too, that the day before his death, Hastings had “urgently” requested to borrow his neighbor’s car—he wanted to get out of town, but he feared his own car was being tampered with.How is it then that “mainstream” publications, including even Wired, do not talk about the very odd circumstances surrounding the death of a journalist who had made powerful enemies? Did the fact that he had caused a famed general to be fired, that he was investigating the CIA chief, that he told colleagues he himself was being investigated by the FBI—did none of this at least raise the slightest suspicion on the part of our journalistic community? How about the fiery explosion when his car hit a palm tree—which automotive experts say should not normally take place; what about the fact that the engine flew out of the vehicle and landed a considerable distance away–which, again, we are told, is highly unusual?
  • As with so many of these things, the authorities raced to conclude that it was all an unfortunate accident and that there was no more to the story. And virtually the entirety of journalism—Left, Right and Center, Mainstream and “Alternative”—accepted this conclusion without so much as a hint of skepticism.So, now that it has been dramatically demonstrated that accidents can be caused remotely by those targeting a driver, will we see other media stepping up to take a good hard look at the key question: What really happened to Michael Hastings? We hope so, but we aren’t taking any bets.
Paul Merrell

Secret Manuals Show the Spyware Sold to Despots and Cops Worldwide - The Intercept - 0 views

firstlook.org/...hacking-team

surveillance state Hacking-Team Remote-Control-System FinFisher

shared by Paul Merrell on 31 Oct 14 - No Cached
  • When Apple and Google unveiled new encryption schemes last month, law enforcement officials complained that they wouldn’t be able to unlock evidence on criminals’ digital devices. What they didn’t say is that there are already methods to bypass encryption, thanks to off-the-shelf digital implants readily available to the smallest national agencies and the largest city police forces — easy-to-use software that takes over and monitors digital devices in real time, according to documents obtained by The Intercept. We’re publishing in full, for the first time, manuals explaining the prominent commercial implant software “Remote Control System,” manufactured by the Italian company Hacking Team. Despite FBI director James Comey’s dire warnings about the impact of widespread data scrambling — “criminals and terrorists would like nothing more,” he declared — Hacking Team explicitly promises on its website that its software can “defeat encryption.”
  • The manuals describe Hacking Team’s software for government technicians and analysts, showing how it can activate cameras, exfiltrate emails, record Skype calls, log typing, and collect passwords on targeted devices. They also catalog a range of pre-bottled techniques for infecting those devices using wifi networks, USB sticks, streaming video, and email attachments to deliver viral installers. With a few clicks of a mouse, even a lightly trained technician can build a software agent that can infect and monitor a device, then upload captured data at unobtrusive times using a stealthy network of proxy servers, all without leaving a trace. That, at least, is what Hacking Team’s manuals claim as the company tries to distinguish its offerings in the global marketplace for government hacking software. Hacking Team’s efforts include a visible push into the U.S. Though Remote Control System is sold around the world — suspected clients include small governments in dozens of countries, from Ethiopia to Kazakhstan to Saudi Arabia to Mexico to Oman — the company keeps one of its three listed worldwide offices in Annapolis, Maryland, on the edge of the federal intelligence and law-enforcement cluster around the nation’s capital; has sent representatives to American homeland security trade shows and conferences, where it has led training seminars like “Cyber Intelligence Solutions to Data Encryption” for police; and has even taken an investment from a firm headed by America’s former ambassador to Italy. The United States is also, according to two separate research teams, far and away Hacking Team’s top nexus for servers, hosting upwards of 100 such systems, roughly a fifth of all its servers globally.
Paul Merrell

Inside TAO: The NSA's Shadow Network - SPIEGEL ONLINE - 0 views

www.spiegel.de/...lobal-networks-a-940969-3.html

surveillance state NSA TAO NSA-methods parallel-internet must-read

shared by Paul Merrell on 30 Dec 13 - No Cached
  • The insert method and other variants of QUANTUM are closely linked to a shadow network operated by the NSA alongside the Internet, with its own, well-hidden infrastructure comprised of "covert" routers and servers. It appears the NSA also incorporates routers and servers from non-NSA networks into its covert network by infecting these networks with "implants" that then allow the government hackers to control the computers remotely. (Click here to read a related article on the NSA's "implants".) In this way, the intelligence service seeks to identify and track its targets based on their digital footprints. These identifiers could include certain email addresses or website cookies set on a person's computer. Of course, a cookie doesn't automatically identify a person, but it can if it includes additional information like an email address. In that case, a cookie becomes something like the web equivalent of a fingerprint.
  • Once TAO teams have gathered sufficient data on their targets' habits, they can shift into attack mode, programming the QUANTUM systems to perform this work in a largely automated way. If a data packet featuring the email address or cookie of a target passes through a cable or router monitored by the NSA, the system sounds the alarm. It determines what website the target person is trying to access and then activates one of the intelligence service's covert servers, known by the codename FOXACID. This NSA server coerces the user into connecting to NSA covert systems rather than the intended sites. In the case of Belgacom engineers, instead of reaching the LinkedIn page they were actually trying to visit, they were also directed to FOXACID servers housed on NSA networks. Undetected by the user, the manipulated page transferred malware already custom tailored to match security holes on the target person's computer. The technique can literally be a race between servers, one that is described in internal intelligence agency jargon with phrases like: "Wait for client to initiate new connection," "Shoot!" and "Hope to beat server-to-client response." Like any competition, at times the covert network's surveillance tools are "too slow to win the race." Often enough, though, they are effective. Implants with QUANTUMINSERT, especially when used in conjunction with LinkedIn, now have a success rate of over 50 percent, according to one internal document.
  • At the same time, it is in no way true to say that the NSA has its sights set exclusively on select individuals. Of even greater interest are entire networks and network providers, such as the fiber optic cables that direct a large share of global Internet traffic along the world's ocean floors. One document labeled "top secret" and "not for foreigners" describes the NSA's success in spying on the "SEA-ME-WE-4" cable system. This massive underwater cable bundle connects Europe with North Africa and the Gulf states and then continues on through Pakistan and India, all the way to Malaysia and Thailand. The cable system originates in southern France, near Marseille. Among the companies that hold ownership stakes in it are France Telecom, now known as Orange and still partly government-owned, and Telecom Italia Sparkle. The document proudly announces that, on Feb. 13, 2013, TAO "successfully collected network management information for the SEA-Me-We Undersea Cable Systems (SMW-4)." With the help of a "website masquerade operation," the agency was able to "gain access to the consortium's management website and collected Layer 2 network information that shows the circuit mapping for significant portions of the network."
  • ...3 more annotations...
  • It appears the government hackers succeeded here once again using the QUANTUMINSERT method. The document states that the TAO team hacked an internal website of the operator consortium and copied documents stored there pertaining to technical infrastructure. But that was only the first step. "More operations are planned in the future to collect more information about this and other cable systems," it continues. But numerous internal announcements of successful attacks like the one against the undersea cable operator aren't the exclusive factors that make TAO stand out at the NSA. In contrast to most NSA operations, TAO's ventures often require physical access to their targets. After all, you might have to directly access a mobile network transmission station before you can begin tapping the digital information it provides.
  • To conduct those types of operations, the NSA works together with other intelligence agencies such as the CIA and FBI, which in turn maintain informants on location who are available to help with sensitive missions. This enables TAO to attack even isolated networks that aren't connected to the Internet. If necessary, the FBI can even make an agency-owned jet available to ferry the high-tech plumbers to their target. This gets them to their destination at the right time and can help them to disappear again undetected after as little as a half hour's work.
  • Sometimes it appears that the world's most modern spies are just as reliant on conventional methods of reconnaissance as their predecessors. Take, for example, when they intercept shipping deliveries. If a target person, agency or company orders a new computer or related accessories, for example, TAO can divert the shipping delivery to its own secret workshops. The NSA calls this method interdiction. At these so-called "load stations," agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies. All subsequent steps can then be conducted from the comfort of a remote computer. These minor disruptions in the parcel shipping business rank among the "most productive operations" conducted by the NSA hackers, one top secret document relates in enthusiastic terms. This method, the presentation continues, allows TAO to obtain access to networks "around the world."
  • Paul Merrell on 30 Dec 13
     
    From page 3 of a 3-page article. The entire article is well worth reading. I chose this page to bookmark because of its disclosure that NSA is intercepting new computers before they are delivered and installing hardware and software backdoors, then reshipping them to their intended recipients. Although not mentioned, this implies the complicity of package shipment companies and conceivably government mail systems and original equipment manufacturers ("OEMs").  
Gary Edwards

100th Anniversary of the Beginning of the End? (Part 1) - The Patriot Post - 1 views

patriotpost.us/17878

progressive-socialism Woodrow-Wilson Globalist

shared by Gary Edwards on 30 Apr 13 - No Cached
  • I take the Oath of John Galt and put action to it: "I swear by my life and my love of it, that I will never live for the sake of another person, nor ask another to live their life for me."
  • In this dark day of the former republic, I stand in Resistance to the premier means of acquisition by the State, the Income Tax.
  • "They that can give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety." (Ben Franklin)
  • ...2 more annotations...
  • "A Constitution of Government once changed from Freedom, can never be restored. Liberty, once lost, is lost forever." (John Adams)
  • "Our cause is noble; it is the cause of mankind!" (George Washington)
  • Gary Edwards on 30 Apr 13
     
    Excellent history of how America lost it's Constitutional Republic.  The author tags the first progressive (marxist/socialist) President, Woodrow Wilson, as the culprit.  In 1913 Wilson shoved through the 16th and 17th Amendments.  He also pushed through the midnight express known as the Federal Reserve.  And as if that was not enough damage, he pushed for the "League of Nations" - a precursor to the present day United Nations Globalist New World Order. Oh yeah, the first progressive president also jacked us into humanities first World War. Wilson was a Manchurian stooge for the Globalist Rothschild Banksters, and the USA Bankster contingent led by Rockefeller, Morgan and Carnegie.   Note that in the election of 1896, the Banksters banked the corporatist McKinley against the GOLD standard populist, William Jennings Bryan.  McKinley was assassinated in 1901, and his VP, Teddy Roosevelt, became President.  Roosevelt successfully went after the Robber Bankster Barons; Rockefeller, Carnegie and Morgan, passing the Sherman Anti Trust laws and bringing the criminal corporations to trial.  This set the stage for the Bankster coup in 1913, where, with the election of Wilson the Banksters ended the great Consttitutional Republic and ushered in a century of ever encroaching socialist tyranny. ........................... excerpt: "One hundred years ago, our federal government, under control of the progressive Woodrow Wilson, took actions that have since become a disaster for these United States. Looking back, these actions were the beginning of what could be the end of our Constitutional Republic. With progressives in control in 2013, similar actions are underway that could complete a sinister view by progressives then and now to "transform" us into something our Founders never intended, and most Americans through the years never wanted and still don't. In 1913 our Constitution was amended by the ratification of two amendments, the Sixteenth and Seventeenth, an
Gary Edwards

» EXCLUSIVE: Snowden Level Documents Reveal Stealth DHS Spy Grid Alex Jones' ... - 0 views

www.infowars.com/ts-reveal-stealth-dhs-spy-grid

NSA-Patriot-Act-NDAA Edward-Snowden DHS-Spying

shared by Gary Edwards on 12 Nov 13 - No Cached
  • “The NMS also collects information about every Wi‐Fi client accessing the network, including its MAC address, IP address, signal intensity, data rate and traffic status,” the document reads. “Additional NMS features include a fault management system for issuing alarms and logging events according to a set of customizable filtering rules, along with centralized and version‐controlled remote updating of the Aruba Mesh Operating System software.”
  • Gary Edwards on 12 Nov 13
     
    It just keeps getting better ............... excerpt: "The wireless mesh network, which allows for private communication between wireless devices including cell phones and laptops, was built by California-based Aruba Networks, a major provider of next-generation mobile network access solutions. Labeled by their intersection location such as "1st&University" and "2nd& Seneca," the multiple network devices are easily detected in Seattle's downtown area through a simple Wi-Fi enabled device, leading many residents to wonder if they are being detected in return. "How accurately can it geo-locate and track the movements of your phone, laptop, or any other wireless device by its MAC address? Can the network send that information to a database, allowing the SPD to reconstruct who was where at any given time, on any given day, without a warrant? Can the network see you now?" asked Seattle newspaper The Stranger. According to reports from Kiro 7 News, the mesh network devices can capture a mobile user's IP address, mobile device type, apps used, current location and even historical location down to the last 1,000 places visited. So far Seattle police have been tight-lipped about the network's roll-out, even denying that the system is operational. Several groups including the ACLU have submitted requests to learn the programs intended use, but days have turned to months as the mesh network continues its advancement. According to The Stranger's investigation, Seattle Police detective Monty Moss claims the department has no plans to use the mesh network for surveillance… unless given approval by city council. Despite a recently passed ordinance requiring all potential surveillance equipment to be given city council approval and public review within 30 days of its implementation, the network has remained shrouded in secrecy. Unknown to the public until now, information regarding the system has been hiding in plain view since last February at minimum. Diagr
Paul Merrell

Remarks by Director David H. Petraeus at In-Q-Tel CEO Summit - Central Intelligence Agency - 0 views

www.cia.gov/...in-q-tel-summit-remarks.html

surveillance state CIA Patraeus internet of things CIA-targets NSA-targets

shared by Paul Merrell on 30 Dec 13 - No Cached
  • In any event, our partnership with In-Q-Tel is essential to helping identify and deliver groundbreaking technologies with mission-critical applications to the CIA and to our partner agencies.
  • As you know, our Agency has a global charter to collect intelligence. It’s our job to ensure that challenges that arise in any corner of the world are not surprises to the President or to other policymakers. Certainly, we will continue relentlessly to pursue terrorists and support the troops in several different theaters. That is imperative, and the last year has seen considerable achievement in the fight against al-Qa‘ida and its affiliates. But, to use the kids’ soccer analogy, we cannot turn the counterterrorist fight into a game of magnetball, in which the leadership is always focused on the counterterror mission. Everyone can’t flock to the ball and lose sight of the rest of the field—the whole rest of the world. And it’s an enormous field to cover:  again, the whole world, with proliferation of weapons and technology, cyber threats, counterintelligence threats, the next developments in the evolution of the Arab Spring, Iran, North Korea, China, illegal narcotics, emerging powers, non-state organizations, and even lone wolves. Our duty is nothing less than to be on top of every potential foreign challenge and opportunity facing the United States—and we now have to do it without the steady budget growth we saw in the years after 9/11. And this is why my job is so intellectually stimulating.
  • First, given the digital transparency I just mentioned, we have to rethink our notions of identity and secrecy. In the digital world, data is everywhere, as you all know well. Data is created constantly, often unknowingly and without permission. Every byte left behind reveals information about location, habits, and, by extrapolation, intent and probable behavior. The number of data points that can be collected is virtually limitless—presenting, of course, both enormous intelligence opportunities and equally large counterintelligence challenges. We must, for example, figure out how to protect the identity of our officers who increasingly have a digital footprint from birth, given that proud parents document the arrival and growth of their future CIA officer in all forms of social media that the world can access for decades to come. Moreover, we have to figure out how to create the digital footprint for new identities for some officers. As you all know, exploiting the intelligence opportunities—which is an easier subject to discuss in an unclassified setting than the counterintelligence challenges—will require a new class of in-place and remote sensors that operate across the electromagnetic spectrum. Moreover, these sensors will be increasingly interconnected.
  • ...2 more annotations...
  • The current “Internet of PCs” will move, of course, toward an “Internet of Things”—of devices of all types—50 to 100 billion of which will be connected to the Internet by 2020. As you know, whereas machines in the 19th century learned to do, and those in the 20th century learned to think at a rudimentary level, in the 21st century, they are learning to perceive—to actually sense and respond. Key applications developed by our In-Q-Tel investment companies are focused on technologies that are driving the Internet of Things. These include: Item identification, or devices engaged in tagging; Sensors and wireless sensor networks—devices that indeed sense and respond; Embedded systems—those that think and evaluate; And, finally, nanotechnology, allowing these devices to be small enough to function virtually anywhere.
  • Items of interest will be located, identified, monitored, and remotely controlled through technologies such as radio-frequency identification, sensor networks, tiny embedded servers, and energy harvesters—all connected to the next-generation Internet using abundant, low cost, and high-power computing—the latter now going to cloud computing, in many areas greater and greater supercomputing, and, ultimately, heading to quantum computing. In practice, these technologies could lead to rapid integration of data from closed societies and provide near-continuous, persistent monitoring of virtually anywhere we choose. “Transformational” is an overused word, but I do believe it properly applies to these technologies, particularly to their effect on clandestine tradecraft. Taken together, these developments change our notions of secrecy and create innumerable challenges—as well as opportunities.
  • Paul Merrell on 30 Dec 13
     
    I missed this gem before, from March 1, 2012. Speech by then-CIA chief Gen. David Patraeus to a group of reps. from ICT startups who are employed by CIA through its In-Q-Tel technology development non-profit corp. See https://www.iqt.org/about-iqt/ Patraeus announces that the Internet of Things (devices of all kinds) is becoming an intelligence target. And that boils down to everything from your clock radio to your home's climate control system and more becoming a potential intelligence source. If the CIA is investing in this, you can bit your bippy that NSA is too; Patraeus mentions that "partner agencies" are also receiving applications via the In-Q-Tel investments.  Finally, Patraeus also acknowledges that the intelligence mission extends far beyond counter-terrorism, offering some detail. So it seems that before the Snowden leaks his the press, the intelligence mission was not all about counter-terrorism.
Paul Merrell

Hacking Team Asks Customers to Stop Using Its Software After Hack | Motherboard - 0 views

motherboard.vice.com/...-using-its-software-after-hack

surveillance state Hacking-Team hacked

shared by Paul Merrell on 07 Jul 15 - No Cached
  • But the hack hasn’t just ruined the day for Hacking Team’s employees. The company, which sells surveillance software to government customers all over the world, from Morocco and Ethiopia to the US Drug Enforcement Agency and the FBI, has told all its customers to shut down all operations and suspend all use of the company’s spyware, Motherboard has learned. “They’re in full on emergency mode,” a source who has inside knowledge of Hacking Team’s operations told Motherboard.
  • Hacking Team notified all its customers on Monday morning with a “blast email,” requesting them to shut down all deployments of its Remote Control System software, also known as Galileo, according to multiple sources. The company also doesn’t have access to its email system as of Monday afternoon, a source said. On Sunday night, an unnamed hacker, who claimed to be the same person who breached Hacking Team’s competitor FinFisher last year, hijacked its Twitter account and posted links to 400GB of internal data. Hacking Team woke up to a massive breach of its systems.
  • A source told Motherboard that the hackers appears to have gotten “everything,” likely more than what the hacker has posted online, perhaps more than one terabyte of data. “The hacker seems to have downloaded everything that there was in the company’s servers,” the source, who could only speak on condition of anonymity, told Motherboard. “There’s pretty much everything here.” It’s unclear how the hackers got their hands on the stash, but judging from the leaked files, they broke into the computers of Hacking Team’s two systems administrators, Christian Pozzi and Mauro Romeo, who had access to all the company’s files, according to the source. “I did not expect a breach to be this big, but I’m not surprised they got hacked because they don’t take security seriously,” the source told me. “You can see in the files how much they royally fucked up.”
  • ...2 more annotations...
  • For example, the source noted, none of the sensitive files in the data dump, from employees passports to list of customers, appear to be encrypted. “How can you give all the keys to your infrastructure to a 20-something who just joined the company?” he added, referring to Pozzi, whose LinkedIn shows he’s been at Hacking Team for just over a year. “Nobody noticed that someone stole a terabyte of data? You gotta be a fuckwad,” the source said. “It means nobody was taking care of security.”
  • The future of the company, at this point, it’s uncertain. Employees fear this might be the beginning of the end, according to sources. One current employee, for example, started working on his resume, a source told Motherboard. It’s also unclear how customers will react to this, but a source said that it’s likely that customers from countries such as the US will pull the plug on their contracts. Hacking Team asked its customers to shut down operations, but according to one of the leaked files, as part of Hacking Team’s “crisis procedure,” it could have killed their operations remotely. The company, in fact, has “a backdoor” into every customer’s software, giving it ability to suspend it or shut it down—something that even customers aren’t told about. To make matters worse, every copy of Hacking Team’s Galileo software is watermarked, according to the source, which means Hacking Team, and now everyone with access to this data dump, can find out who operates it and who they’re targeting with it.
Gary Edwards

Statism: Whether Fascist or Communist, It's The Deadly Opposite of Capitalism - Forbes - 0 views

www.forbes.com/...2

shared by Gary Edwards on 02 Jan 14 - No Cached
  • So, we observe a fundamental difference: one system grants the state unlimited power, holding that the individual is the rightless slave of the state; the other system holds individual rights to be supreme and inalienable, with the state limited to a single function: the protection of those rights from physical force and fraud.
  • That is the distinction that must be made. We can expect no clarity in political discussion until the pure, consistent poles are identified: the opposition between dictatorship and liberty, between the individual as the nothing and the individual as sovereign. “Left” and “Right” have to be defined accordingly.
  • But “Left” and “Right” are informal shorthand. The actual terms are: “statism,” on the Left, and “capitalism,” on the Right.
  • ...4 more annotations...
  • Today’s political-economic system is not capitalism–not pure, consistent, uncontrolled, laissez-faire capitalism. Today in America we live in the Entitlement State and the Regulatory State.
  • A government that taxes 40 percent or more of our income, that controls our medical care, that regulates business so thoroughly that every firm large enough to afford it has a department of “compliance,” a government that controls the money supply, sets bank reserve-ratios, regulates stock offerings, margin-ratios, home construction, determines what pharmaceuticals and medical innovations can be sold, operates schools and universities, runs the passenger rail system, forbids “offensive” speech, increasingly intervenes in diet, subsidizes agriculture and “green” businesses, imposes tariffs, decides which businesses may merge, and, we have just learned, spies on its own citizens–is not a government remotely consistent with capitalism.
  • The closest the world ever came to actual capitalism was the United States in the 19th Century, the era of this country’s fastest economic growth. Even in that era, the capitalist, industrial North had to fight a bloody Civil War to end the South’s infamous anti-capitalist institution: slavery.
  • the political spectrum–Left vs. Right–must be defined in terms of statism vs. individual liberty.
  • Gary Edwards on 02 Jan 14
     
    The political spectrum of Left vs Right must be defined in terms of STATISM vs Individual Liberty. Liberty as understood by the Founding Fathers, and baked into the founding documents.
Gary Edwards

PressTV - Malaysian plane disappearance linked to 9/11: Barrett - 0 views

www.presstv.ir/...n-plane-incident-linked-to-911

shared by Gary Edwards on 15 Mar 14 - No Cached
  • The FBI has recognized other 9/11 cell call anomalies. For example, according to the FBI, one of the alleged calls from Flight 93 lasted for two hours and six minutes after the supposed crash; another lasted 65 minutes after the official crash time. No wonder the FBI has always taken the official position that "Osama Bin Laden was never wanted in connection with 9/11, because there is no hard evidence Bin Laden had anything to do with 9/11." The FBI knows 9/11 was an inside job. They know – as Elias Davidsson's book Hijacking America's Mind on 9/11 explains – that none of the 19 Arabs blamed for 9/11 was even on board any of the allegedly hijacked planes.
  • Pentagon Comptroller Dov Zakheim, a Zionist extremist, managed to lose 2.3 trillion dollars from the Pentagon's accounts shortly before 9/11. Zakheim's company SPC invented a "flight termination system" designed to allow operators to seize control of aircraft by remote control and fly them from the ground. Several of the key people who developed Zakheim's "Flight Termination System" were on the 9/11 flights. Were they silenced? Or rewarded with money and a new identity in a National Security Witness Protection Program? Zakheim's "Flight Termination System" appears to have been used on 9/11.
  • Was it also used on Malaysian Airlines Flight 370?
  • ...5 more annotations...
  • In his article "Phone calls from the 9/11 planes: How they fooled America," Dr. David Ray Griffin explains that the 9/11 cell phone calls –  starting with the notorious "calls" from Bush Administration cheerleader Barbara Olson to her husband, Bush's Solicitor General Ted Olson –  must have been faked. The FBI agrees with Dr. Griffin. After spending five years telling the American people about the "cell phone calls," the FBI radically revised its story in 2006, admitting that 13 of the 15 alleged 9/11 cell phone calls never happened. Amazingly, the FBI even admitted that Ted Olson never received the famous phone calls from his wife, who (Olson claimed) had supposedly called him from hijacked Flight 77.
  • of justice.
  • Olson should have been immediately arrested for obstruction
  • Dr. Griscom points out that the anomalous cell phone calls from Malaysian Flight 370 are reminiscent of those from the allegedly hijacked airliners of September 11th, 2001. In both cases, "impossible" cell phone calls puzzled experts.
  • The FBI and the media initially reported 15 cell phone calls from hijacked airliners on 9/11. At least one of the recipients, Deena Burnett, was absolutely certain that her husband, a passenger on UA93, had called her from his cell phone, whose number came up on her caller ID. The problem: The Burnett call, and the other alleged cell phone calls, could not possibly have been placed from the airliners, which were flying at high altitudes, too fast and far beyond the range of 2001 cell phone technology.
  • Gary Edwards on 15 Mar 14
     
    Some new thinking about the very strange and mysterious disappearance of Malaysian Airlines Flight 370. Amazingly, some of the most perplexing and explainable mysteries are very similar to unexplained circumstances on 9/11
Paul Merrell

Here Are All the Sketchy Government Agencies Buying Hacking Team's Spy Tech | Motherboard - 0 views

motherboard.vice.com/...-buying-hacking-teams-spy-tech

surveillance state Hacking-Team hacked

shared by Paul Merrell on 07 Jul 15 - No Cached
  • They say what goes around comes around, and there's perhaps nowhere that rings more true than in the world of government surveillance. Such was the case on Monday morning when Hacking Team, the Italian company known for selling electronic intrusion tools to police and federal agencies around the world, awoke to find that it had been hacked itself—big time—apparently exposing its complete client list, email spools, invoices, contracts, source code, and more. Those documents show that not only has the company been selling hacking tools to a long list of foreign governments with dubious human rights records, but it’s also establishing a nice customer base right here in the good old US of A. The cache, which sources told Motherboard is legitimate, contains more than 400 gigabytes of files, many of which confirm previous reports that the company has been selling industrial-grade surveillance software to authoritarian governments. Hacking Team is known in the surveillance world for its flagship hacking suite, Remote Control System (RCS) or Galileo, which allows its government and law enforcement clients to secretly install “implants” on remote machines that can steal private emails, record Skype calls, and even monitor targets through their computer's webcam. Hacking Team in North America
  • According to leaked contracts, invoices and an up-to-date list of customer subscriptions, Hacking Team’s clients—which the company has consistently refused to name—also include Kazakhstan, Azerbaijan, Oman, Saudi Arabia, Uzbekistan, Bahrain, Ethiopia, Nigeria, Sudan and many others. The list of names matches the findings of Citizen Lab, a research lab at the University of Toronto's Munk School of Global Affairs that previously found traces of Hacking Team on the computers of journalists and activists around the world. Last year, the Lab's researchers mapped out the worldwide collection infrastructure used by Hacking Team's customers to covertly transport stolen data, unveiling a massive network comprised of servers based in 21 countries. Reporters Without Borders later named the company one of the “Enemies of the Internet” in its annual report on government surveillance and censorship.
  • we’ve only scratched the surface of this massive leak, and it’s unclear how Hacking Team will recover from having its secrets spilling across the internet for all to see. In the meantime, the company is asking all customers to stop using its spyware—and likely preparing for the worst.
Paul Merrell

US v. Comprehensive Drug Testing, Inc., 621 F. 3d 1162 - Court of Appeals, 9th Circuit ... - 0 views

scholar.google.com/scholar_case

surveillance-state 4th Amendment bulk-collection future-investigations

shared by Paul Merrell on 05 Dec 14 - No Cached
  • Concluding Thoughts
  • This case well illustrates both the challenges faced by modern law enforcement in retrieving information it needs to pursue and prosecute wrongdoers, and the threat to the privacy of innocent parties from a vigorous criminal investigation. At the time of Tamura, most individuals and enterprises kept records in their file cabinets or similar physical facilities. Today, the same kind of data is usually stored electronically, often far from the premises. Electronic storage facilities intermingle data, making them difficult to retrieve without a thorough understanding of the filing and classification systems used—something that can often only be determined by closely analyzing the data in a controlled environment. Tamura involved a few dozen boxes and was considered a broad seizure; but even inexpensive electronic storage media today can store the equivalent of millions of pages of information. 1176*1176 Wrongdoers and their collaborators have obvious incentives to make data difficult to find, but parties involved in lawful activities may also encrypt or compress data for entirely legitimate reasons: protection of privacy, preservation of privileged communications, warding off industrial espionage or preventing general mischief such as identity theft. Law enforcement today thus has a far more difficult, exacting and sensitive task in pursuing evidence of criminal activities than even in the relatively recent past. The legitimate need to scoop up large quantities of data, and sift through it carefully for concealed or disguised pieces of evidence, is one we've often recognized. See, e.g., United States v. Hill, 459 F.3d 966 (9th Cir.2006).
  • This pressing need of law enforcement for broad authorization to examine electronic records, so persuasively demonstrated in the introduction to the original warrant in this case, see pp. 1167-68 supra, creates a serious risk that every warrant for electronic information will become, in effect, a general warrant, rendering the Fourth Amendment irrelevant. The problem can be stated very simply: There is no way to be sure exactly what an electronic file contains without somehow examining its contents—either by opening it and looking, using specialized forensic software, keyword searching or some other such technique. But electronic files are generally found on media that also contain thousands or millions of other files among which the sought-after data may be stored or concealed. By necessity, government efforts to locate particular files will require examining a great many other files to exclude the possibility that the sought-after data are concealed there. Once a file is examined, however, the government may claim (as it did in this case) that its contents are in plain view and, if incriminating, the government can keep it. Authorization to search some computer files therefore automatically becomes authorization to search all files in the same sub-directory, and all files in an enveloping directory, a neighboring hard drive, a nearby computer or nearby storage media. Where computers are not near each other, but are connected electronically, the original search might justify examining files in computers many miles away, on a theory that incriminating electronic data could have been shuttled and concealed there.
  • ...3 more annotations...
  • The advent of fast, cheap networking has made it possible to store information at remote third-party locations, where it is intermingled with that of other users. For example, many people no longer keep their email primarily on their personal computer, and instead use a web-based email provider, which stores their messages along with billions of messages from and to millions of other people. Similar services exist for photographs, slide shows, computer code and many other types of data. As a result, people now have personal data that are stored with that of innumerable strangers. Seizure of, for example, Google's email servers to look for a few incriminating messages could jeopardize the privacy of millions. It's no answer to suggest, as did the majority of the three-judge panel, that people can avoid these hazards by not storing their data electronically. To begin with, the choice about how information is stored is often made by someone other than the individuals whose privacy would be invaded by the search. Most people have no idea whether their doctor, lawyer or accountant maintains records in paper or electronic format, whether they are stored on the premises or on a server farm in Rancho Cucamonga, whether they are commingled with those of many other professionals 1177*1177 or kept entirely separate. Here, for example, the Tracey Directory contained a huge number of drug testing records, not only of the ten players for whom the government had probable cause but hundreds of other professional baseball players, thirteen other sports organizations, three unrelated sporting competitions, and a non-sports business entity—thousands of files in all, reflecting the test results of an unknown number of people, most having no relationship to professional baseball except that they had the bad luck of having their test results stored on the same computer as the baseball players.
  • Second, there are very important benefits to storing data electronically. Being able to back up the data and avoid the loss by fire, flood or earthquake is one of them. Ease of access from remote locations while traveling is another. The ability to swiftly share the data among professionals, such as sending MRIs for examination by a cancer specialist half-way around the world, can mean the difference between death and a full recovery. Electronic storage and transmission of data is no longer a peculiarity or a luxury of the very rich; it's a way of life. Government intrusions into large private databases thus have the potential to expose exceedingly sensitive information about countless individuals not implicated in any criminal activity, who might not even know that the information about them has been seized and thus can do nothing to protect their privacy. It is not surprising, then, that all three of the district judges below were severely troubled by the government's conduct in this case. Judge Mahan, for example, asked "what ever happened to the Fourth Amendment? Was it ... repealed somehow?" Judge Cooper referred to "the image of quickly and skillfully moving the cup so no one can find the pea." And Judge Illston regarded the government's tactics as "unreasonable" and found that they constituted "harassment." Judge Thomas, too, in his panel dissent, expressed frustration with the government's conduct and position, calling it a "breathtaking expansion of the `plain view' doctrine, which clearly has no application to intermingled private electronic data." Comprehensive Drug Testing, 513 F.3d at 1117.
  • Everyone's interests are best served if there are clear rules to follow that strike a fair balance between the legitimate needs of law enforcement and the right of individuals and enterprises to the privacy that is at the heart of the Fourth Amendment. Tamura has provided a workable framework for almost three decades, and might well have sufficed in this case had its teachings been followed. We have updated Tamura to apply to the daunting realities of electronic searches. We recognize the reality that over-seizing is an inherent part of the electronic search process and proceed on the assumption that, when it comes to the seizure of electronic records, this will be far more common than in the days of paper records. This calls for greater vigilance on the part of judicial officers in striking the right balance between the government's interest in law enforcement and the right of individuals to be free from unreasonable searches and seizures. The process of segregating electronic data that is seizable from that which is not must not become a vehicle for the government to gain access to data which it has no probable cause to collect.
  • Paul Merrell on 05 Dec 14
     
    From a Ninth U.S. Circuit Court of Appeals en banc ruling in 2010. The Court's holding was that federal investigators had vastly overstepped the boundaries of multiple subpoenas and a search warrant --- and the Fourth Amendment --- by seizing records of a testing laboratory and reviewing them for information not described in the warrant or the subpoenas. At issue in this particular case was the government's use of a warrant that found probable cause to believe that the records contained evidence that steroids had been found in the urine of ten major league baseball players but searched the seized records for urine tests of other baseball players. The Court upheld the lower courts' rulings that the government was required to return all records other than those relevant to the ten players identified in the warrant. (The government had instead used the records of other player's urine tests to issue subpoenas for evidence relevant to those players potential use of steroids.) This decision cuts very heavily against the notion that the Fourth Amendment allows the bulk collection of private information about millions of Americans with or without a warrantor court order on the theory that some of the records *may* later become relevant to a lawful investigation.   Or rephrased, here is the en banc decision of the largest federal court of appeals (as many judges as most other federal appellate courts combined), in direct disagreement with the FISA Court orders allowing bulk collection of telephone records and bulk "incidental" collection of Americans' telephone conversations on the theory that the records *might* become relevant to national security investigations. Yet none of the FISA judges in any of the FISA opinions published thus far even cited, let alone distinguished, this Ninth Circuit en banc decision. Which says a lot of the quality of the legal research performed by the FISA Court judges. However, this precedent is front and center in briefs filed with the Ni
Paul Merrell

Meet the Israeli-linked firm that sold Big Brother machines to Mubarak, Qaddafi - and W... - 0 views

mondoweiss.net/...chines-qaddafi-washington.html

surveillance state NSA Israel Narus Verint Obama

shared by Paul Merrell on 16 Jun 13 - No Cached
  • In 2006, an AT&T technician named Mark Klein discovered a secret room inside the company’s windowless “Folsom Street Facility” in downtown San Francisco that was bristling with Narus machines. The now notorious Room 641A was controlled by the NSA, which was using it to collect AT&T customer data for data mining and real-time analysis. Thanks to the powerful NarusInsight system, the NSA was able to monitor 108 billion emails from AT&T customers per day.
  • Following a lawsuit filed against AT&T by the Electronic Freedom Foundation, Congress passed the FISA Amendments Act in July 2008, giving retroactive immunity to telecom corporations that assisted the NSA, and relieving them of any consequences for spying on Americans. Cass Sunstein, an informal advisor to Barack Obama’s 2008 presidential campaign who now heads the Office of Information and Regulatory Affairs, and who has urged federal law enforcement to “cognitively infiltrate” anti-government groups, was an outspoken supporter of the retroactive immunity bill. With Sunstein by his side, Obama reversed his initial objections to the NSA’s domestic spying operations, voting as a Senator for retroactive immunity. The vote allowed the NSA to expand its domestic spying operations, clearing the legal hurdles obstructing the creation of PRISM. The stage was set for the second term scandal that would leave Obama reeling.
  • Binney told me that throughout the United States there are currently as many as 20 NSA black sites like Room 641A. Narus devices, he said, have been placed at fiber-optic convergence points, allowing the NSA to retrieve about 80 percent of data carried through telecom and online service providers. Binney emphasized that the devices do not only retrieve so-called metadata, which only offers general records of data, but that they gather the actual content of emails and calls. (“We can reconstruct all of their e-mails along with attachments, see what web pages they clicked on; we can reconstruct their (Voice Over Internet) calls,” said Steve Bannerman, the marketing director of Narus). Thanks to PRISM, the NSA bas been able to “fill in the gaps,” Binney explained, gathering bulk data from communications the NSA might have missed with the NarusInsight system, especially those made between Americans and foreign countries.
  • ...2 more annotations...
  • Another Israeli-linked tech company, Verint, is a subsidiary of the Israeli firm Comverse, which boasts a reputation as “the world’s leading provider… of communications intercept and analysis” technology. Among the many Comverse executives plucked from the ranks of Israeli army intelligence is the company’s founder, Jacob “Kobi” Alexander, an ex-Israeli intelligence agent who cashed in through Israel’s high-tech surveillance industry. Alexander’s lucrative career collapsed in dramatic fashion when he was arrested for fraud in Namibia in 2006 after an international manhunt, and wound up handing over bank accounts worth $46 million to US authorities.
  • Just as AT&T relied on Narus systems, Verint’s DPI devices have been used to fulfill NSA requests for data from Verizon’s subscribers. And as Bamford explained in his 2008 book on the NSA, “Shadow Factory,” much of the data Verint and other private Israeli contractors gather from can be remotely accessed from Israel. “The greatest potential beneficiaries of this marriage between the Israeli eavesdroppers and America’s increasingly centralized telecom grid are Israel’s intelligence agencies,” Bamford wrote.
Paul Merrell

CURIA - Documents - 0 views

curia.europa.eu/...document.jsf

surveillance state EU Court-of-Justice data-retention data privacy

shared by Paul Merrell on 19 Jul 14 - No Cached
  • 37      It must be stated that the interference caused by Directive 2006/24 with the fundamental rights laid down in Articles 7 and 8 of the Charter is, as the Advocate General has also pointed out, in particular, in paragraphs 77 and 80 of his Opinion, wide-ranging, and it must be considered to be particularly serious. Furthermore, as the Advocate General has pointed out in paragraphs 52 and 72 of his Opinion, the fact that data are retained and subsequently used without the subscriber or registered user being informed is likely to generate in the minds of the persons concerned the feeling that their private lives are the subject of constant surveillance.
  • 43      In this respect, it is apparent from recital 7 in the preamble to Directive 2006/24 that, because of the significant growth in the possibilities afforded by electronic communications, the Justice and Home Affairs Council of 19 December 2002 concluded that data relating to the use of electronic communications are particularly important and therefore a valuable tool in the prevention of offences and the fight against crime, in particular organised crime. 44      It must therefore be held that the retention of data for the purpose of allowing the competent national authorities to have possible access to those data, as required by Directive 2006/24, genuinely satisfies an objective of general interest.45      In those circumstances, it is necessary to verify the proportionality of the interference found to exist.46      In that regard, according to the settled case-law of the Court, the principle of proportionality requires that acts of the EU institutions be appropriate for attaining the legitimate objectives pursued by the legislation at issue and do not exceed the limits of what is appropriate and necessary in order to achieve those objectives (see, to that effect, Case C‑343/09 Afton Chemical EU:C:2010:419, paragraph 45; Volker und Markus Schecke and Eifert EU:C:2010:662, paragraph 74; Cases C‑581/10 and C‑629/10 Nelson and Others EU:C:2012:657, paragraph 71; Case C‑283/11 Sky Österreich EU:C:2013:28, paragraph 50; and Case C‑101/12 Schaible EU:C:2013:661, paragraph 29).
  • 67      Article 7 of Directive 2006/24, read in conjunction with Article 4(1) of Directive 2002/58 and the second subparagraph of Article 17(1) of Directive 95/46, does not ensure that a particularly high level of protection and security is applied by those providers by means of technical and organisational measures, but permits those providers in particular to have regard to economic considerations when determining the level of security which they apply, as regards the costs of implementing security measures. In particular, Directive 2006/24 does not ensure the irreversible destruction of the data at the end of the data retention period.68      In the second place, it should be added that that directive does not require the data in question to be retained within the European Union, with the result that it cannot be held that the control, explicitly required by Article 8(3) of the Charter, by an independent authority of compliance with the requirements of protection and security, as referred to in the two previous paragraphs, is fully ensured. Such a control, carried out on the basis of EU law, is an essential component of the protection of individuals with regard to the processing of personal data (see, to that effect, Case C‑614/10 Commission v Austria EU:C:2012:631, paragraph 37).69      Having regard to all the foregoing considerations, it must be held that, by adopting Directive 2006/24, the EU legislature has exceeded the limits imposed by compliance with the principle of proportionality in the light of Articles 7, 8 and 52(1) of the Charter.
  • ...13 more annotations...
  • 58      Directive 2006/24 affects, in a comprehensive manner, all persons using electronic communications services, but without the persons whose data are retained being, even indirectly, in a situation which is liable to give rise to criminal prosecutions. It therefore applies even to persons for whom there is no evidence capable of suggesting that their conduct might have a link, even an indirect or remote one, with serious crime. Furthermore, it does not provide for any exception, with the result that it applies even to persons whose communications are subject, according to rules of national law, to the obligation of professional secrecy. 59      Moreover, whilst seeking to contribute to the fight against serious crime, Directive 2006/24 does not require any relationship between the data whose retention is provided for and a threat to public security and, in particular, it is not restricted to a retention in relation (i) to data pertaining to a particular time period and/or a particular geographical zone and/or to a circle of particular persons likely to be involved, in one way or another, in a serious crime, or (ii) to persons who could, for other reasons, contribute, by the retention of their data, to the prevention, detection or prosecution of serious offences.
  • 1        These requests for a preliminary ruling concern the validity of Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC (OJ 2006 L 105, p. 54).
  • Digital Rights Ireland Ltd (C‑293/12)vMinister for Communications, Marine and Natural Resources,Minister for Justice, Equality and Law Reform,Commissioner of the Garda Síochána,Ireland,The Attorney General,intervener:Irish Human Rights Commission, andKärntner Landesregierung (C‑594/12),Michael Seitlinger,Christof Tschohl and others,
  • JUDGMENT OF THE COURT (Grand Chamber)8 April 2014 (*)(Electronic communications — Directive 2006/24/EC — Publicly available electronic communications services or public communications networks services — Retention of data generated or processed in connection with the provision of such services — Validity — Articles 7, 8 and 11 of the Charter of Fundamental Rights of the European Union)In Joined Cases C‑293/12 and C‑594/12,
  • 34      As a result, the obligation imposed by Articles 3 and 6 of Directive 2006/24 on providers of publicly available electronic communications services or of public communications networks to retain, for a certain period, data relating to a person’s private life and to his communications, such as those referred to in Article 5 of the directive, constitutes in itself an interference with the rights guaranteed by Article 7 of the Charter. 35      Furthermore, the access of the competent national authorities to the data constitutes a further interference with that fundamental right (see, as regards Article 8 of the ECHR, Eur. Court H.R., Leander v. Sweden, 26 March 1987, § 48, Series A no 116; Rotaru v. Romania [GC], no. 28341/95, § 46, ECHR 2000-V; and Weber and Saravia v. Germany (dec.), no. 54934/00, § 79, ECHR 2006-XI). Accordingly, Articles 4 and 8 of Directive 2006/24 laying down rules relating to the access of the competent national authorities to the data also constitute an interference with the rights guaranteed by Article 7 of the Charter. 36      Likewise, Directive 2006/24 constitutes an interference with the fundamental right to the protection of personal data guaranteed by Article 8 of the Charter because it provides for the processing of personal data.
  • 65      It follows from the above that Directive 2006/24 does not lay down clear and precise rules governing the extent of the interference with the fundamental rights enshrined in Articles 7 and 8 of the Charter. It must therefore be held that Directive 2006/24 entails a wide-ranging and particularly serious interference with those fundamental rights in the legal order of the EU, without such an interference being precisely circumscribed by provisions to ensure that it is actually limited to what is strictly necessary.66      Moreover, as far as concerns the rules relating to the security and protection of data retained by providers of publicly available electronic communications services or of public communications networks, it must be held that Directive 2006/24 does not provide for sufficient safeguards, as required by Article 8 of the Charter, to ensure effective protection of the data retained against the risk of abuse and against any unlawful access and use of that data. In the first place, Article 7 of Directive 2006/24 does not lay down rules which are specific and adapted to (i) the vast quantity of data whose retention is required by that directive, (ii) the sensitive nature of that data and (iii) the risk of unlawful access to that data, rules which would serve, in particular, to govern the protection and security of the data in question in a clear and strict manner in order to ensure their full integrity and confidentiality. Furthermore, a specific obligation on Member States to establish such rules has also not been laid down.
  • 60      Secondly, not only is there a general absence of limits in Directive 2006/24 but Directive 2006/24 also fails to lay down any objective criterion by which to determine the limits of the access of the competent national authorities to the data and their subsequent use for the purposes of prevention, detection or criminal prosecutions concerning offences that, in view of the extent and seriousness of the interference with the fundamental rights enshrined in Articles 7 and 8 of the Charter, may be considered to be sufficiently serious to justify such an interference. On the contrary, Directive 2006/24 simply refers, in Article 1(1), in a general manner to serious crime, as defined by each Member State in its national law.61      Furthermore, Directive 2006/24 does not contain substantive and procedural conditions relating to the access of the competent national authorities to the data and to their subsequent use. Article 4 of the directive, which governs the access of those authorities to the data retained, does not expressly provide that that access and the subsequent use of the data in question must be strictly restricted to the purpose of preventing and detecting precisely defined serious offences or of conducting criminal prosecutions relating thereto; it merely provides that each Member State is to define the procedures to be followed and the conditions to be fulfilled in order to gain access to the retained data in accordance with necessity and proportionality requirements.
  • 55      The need for such safeguards is all the greater where, as laid down in Directive 2006/24, personal data are subjected to automatic processing and where there is a significant risk of unlawful access to those data (see, by analogy, as regards Article 8 of the ECHR, S. and Marper v. the United Kingdom, § 103, and M. K. v. France, 18 April 2013, no. 19522/09, § 35).56      As for the question of whether the interference caused by Directive 2006/24 is limited to what is strictly necessary, it should be observed that, in accordance with Article 3 read in conjunction with Article 5(1) of that directive, the directive requires the retention of all traffic data concerning fixed telephony, mobile telephony, Internet access, Internet e-mail and Internet telephony. It therefore applies to all means of electronic communication, the use of which is very widespread and of growing importance in people’s everyday lives. Furthermore, in accordance with Article 3 of Directive 2006/24, the directive covers all subscribers and registered users. It therefore entails an interference with the fundamental rights of practically the entire European population. 57      In this respect, it must be noted, first, that Directive 2006/24 covers, in a generalised manner, all persons and all means of electronic communication as well as all traffic data without any differentiation, limitation or exception being made in the light of the objective of fighting against serious crime.
  • 62      In particular, Directive 2006/24 does not lay down any objective criterion by which the number of persons authorised to access and subsequently use the data retained is limited to what is strictly necessary in the light of the objective pursued. Above all, the access by the competent national authorities to the data retained is not made dependent on a prior review carried out by a court or by an independent administrative body whose decision seeks to limit access to the data and their use to what is strictly necessary for the purpose of attaining the objective pursued and which intervenes following a reasoned request of those authorities submitted within the framework of procedures of prevention, detection or criminal prosecutions. Nor does it lay down a specific obligation on Member States designed to establish such limits. 63      Thirdly, so far as concerns the data retention period, Article 6 of Directive 2006/24 requires that those data be retained for a period of at least six months, without any distinction being made between the categories of data set out in Article 5 of that directive on the basis of their possible usefulness for the purposes of the objective pursued or according to the persons concerned.64      Furthermore, that period is set at between a minimum of 6 months and a maximum of 24 months, but it is not stated that the determination of the period of retention must be based on objective criteria in order to ensure that it is limited to what is strictly necessary.
  • 52      So far as concerns the right to respect for private life, the protection of that fundamental right requires, according to the Court’s settled case-law, in any event, that derogations and limitations in relation to the protection of personal data must apply only in so far as is strictly necessary (Case C‑473/12 IPI EU:C:2013:715, paragraph 39 and the case-law cited).53      In that regard, it should be noted that the protection of personal data resulting from the explicit obligation laid down in Article 8(1) of the Charter is especially important for the right to respect for private life enshrined in Article 7 of the Charter.54      Consequently, the EU legislation in question must lay down clear and precise rules governing the scope and application of the measure in question and imposing minimum safeguards so that the persons whose data have been retained have sufficient guarantees to effectively protect their personal data against the risk of abuse and against any unlawful access and use of that data (see, by analogy, as regards Article 8 of the ECHR, Eur. Court H.R., Liberty and Others v. the United Kingdom, 1 July 2008, no. 58243/00, § 62 and 63; Rotaru v. Romania, § 57 to 59, and S. and Marper v. the United Kingdom, § 99).
  • 26      In that regard, it should be observed that the data which providers of publicly available electronic communications services or of public communications networks must retain, pursuant to Articles 3 and 5 of Directive 2006/24, include data necessary to trace and identify the source of a communication and its destination, to identify the date, time, duration and type of a communication, to identify users’ communication equipment, and to identify the location of mobile communication equipment, data which consist, inter alia, of the name and address of the subscriber or registered user, the calling telephone number, the number called and an IP address for Internet services. Those data make it possible, in particular, to know the identity of the person with whom a subscriber or registered user has communicated and by what means, and to identify the time of the communication as well as the place from which that communication took place. They also make it possible to know the frequency of the communications of the subscriber or registered user with certain persons during a given period. 27      Those data, taken as a whole, may allow very precise conclusions to be drawn concerning the private lives of the persons whose data has been retained, such as the habits of everyday life, permanent or temporary places of residence, daily or other movements, the activities carried out, the social relationships of those persons and the social environments frequented by them.
  • 32      By requiring the retention of the data listed in Article 5(1) of Directive 2006/24 and by allowing the competent national authorities to access those data, Directive 2006/24, as the Advocate General has pointed out, in particular, in paragraphs 39 and 40 of his Opinion, derogates from the system of protection of the right to privacy established by Directives 95/46 and 2002/58 with regard to the processing of personal data in the electronic communications sector, directives which provided for the confidentiality of communications and of traffic data as well as the obligation to erase or make those data anonymous where they are no longer needed for the purpose of the transmission of a communication, unless they are necessary for billing purposes and only for as long as so necessary.
  • On those grounds, the Court (Grand Chamber) hereby rules:Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC is invalid.
  • Paul Merrell on 19 Jul 14
     
    EU Court of Justice decision in regard to a Directive that required communications data retention by telcos/ISPs, finding the Directive invalid as a violation of the right of privacy in communications. Fairly read, paragraph 59 outlaws bulk collection of such records, i.e., it requires the equivalent of a judge-issued search warrant in the U.S. based on probable cause to believe that the particular individual's communications are a legitimate object of a search.  Note also that paragraph 67 effectively forbids transfer of any retained data outside the E.U. So a barrier for NSA sharing of data with GCHQ derived from communications NSA collects from EU communications traffic. Bye-bye, Big Data for GCHQ in the E.U. 
Paul Merrell

See for yourself: Aerial and panoramic views show devastation in Gaza | The Electronic ... - 0 views

electronicintifada.net/...ic-views-show-devastation-gaza

war & peace Gaza Israel Gaza-devastation videos maps photos

shared by Paul Merrell on 31 Aug 14 - No Cached
  • A total of 2,168 people were killed, 521 of them children, during Israel’s 51-day bombardment of the Gaza Strip that ended in a ceasefire agreement on 26 August. Such images help us to understand the reality behind the shocking statistics about the physical destruction: 108,000 people have had their homes destroyed or severely damaged and will need permanent rehousing, according to the UN Office for the Coordination of Humanitarian Affairs (UN OCHA). As the ceasefire allows for more in-depth assessments “it is clear that the scale of damage is unprecedented, with approximately 13 percent of the housing stock affected,” UN OCHA says. “Five percent of the housing stock is uninhabitable – an estimated 18,000 housing units have been either destroyed or severely damaged.” This on top of a shortage of 71,000 housing units before the Israeli attack. Since there is no functioning airport in Gaza and Israel controls the skies, many people have wondered how the aerial video was taken. Another video published by MediaTown in March shows the company’s crew demonstrating their use of a quadcopter remote control aircraft similar to this one to make a video:
  • The photojournalist Lewis Whyld created the “The Gaza War Map,” a website that allows the viewer to see panoramic scenes of various places in Gaza.
  • The viewer can select and virtually stand in any of 20 sites in Gaza from Rafah in the south to Beit Hanoun in the north and see a 360-degree view of the destruction all around. Short of being in Gaza it is an effective way to get a sense of the scale of devastation Israeli bombing has caused. Try it yourself.
  • ...3 more annotations...
  • The United Nations Institute for Training and Research (UNITAR) has published a series of satellite images showing areas of Gaza before and after the Israeli bombardment. Such maps are used by international agencies to make overall damage assessments. For instance, using satellite images, the UN estimated that as of 25 July, the Israeli bombardment had completely destroyed 700 structures and severely damaged 316 others in (a “structure” might be an individual house or an entire apartment block with a number of individual units) in the eastern Gaza City districts of Shujaiya, Tuffah and Shaaf (see the PDF below).
  • For instance, using satellite images, the UN estimated that as of 25 July, the Israeli bombardment had completely destroyed 700 structures and severely damaged 316 others in (a “structure” might be an individual house or an entire apartment block with a number of individual units) in the eastern Gaza City districts of Shujaiya, Tuffah and Shaaf (see the PDF below).
  • UN OCHA has published another invaluable resource, the Gaza Crisis Atlas. Viewable online, it contains numerous maps and satellite images with neighborhood-by-neighborhood information about the destruction in Gaza.
  • Paul Merrell on 31 Aug 14
     
    No blood and gore in any of these. Just a useful collection of video, satellite photos, and maps of the aftermath of summer 2014's Israeli military devastation of Gaza, the world's most densely populated area. Some of the satellite photos have before and after views of the destruction. The only worse devastation of urban areas that I have seen are photos of Dresden and Berlin at the end of World War II. So much for Israel's claims of careful targeting using precision methods of delivery. Wide areas of utter devastation. Using weapons and funds provided by the U.S.  I'm thinking about launching a political action for the U.S. to pay for Gaza reconstruction and humanitarian relief and to deduct that expense from Israel's annual $3 billion in U.S. military aid.  Contrary to widely republished Israeli propaganda, Israel, not Hamas, started this mess. http://america.aljazeera.com/opinions/2014/7/israel-hamas-palestiniansconflictunitedstatesinternationallaw.html  see also Adam Horowitz and Phil Weiss, Claim that Hamas killed 3 teens is turning out to be the WMD of Gaza onslaught, Mondoweiss (26 July 2014),
Paul Merrell

NSA infected 50,000 computer networks with malicious software - nrc.nl - 0 views

www.nrc.nl/...tworks-with-malicious-software

surveillance state NSA NSA-targets malware

shared by Paul Merrell on 25 Nov 13 - No Cached
  • The American intelligence service - NSA - infected more than 50,000 computer networks worldwide with malicious software designed to steal sensitive information. Documents provided by former NSA-employee Edward Snowden and seen by this newspaper, prove this. A management presentation dating from 2012 explains how the NSA collects information worldwide. In addition, the presentation shows that the intelligence service uses ‘Computer Network Exploitation’ (CNE) in more than 50,000 locations. CNE is the secret infiltration of computer systems achieved by installing malware, malicious software. One example of this type of hacking was discovered in September 2013 at the Belgium telecom provider Belgacom. For a number of years the British intelligence service - GCHQ – has been installing this malicious software in the Belgacom network in order to tap their customers’ telephone and data traffic. The Belgacom network was infiltrated by GCHQ through a process of luring employees to a false Linkedin page.
  • The NSA computer attacks are performed by a special department called TAO (Tailored Access Operations). Public sources show that this department employs more than a thousand hackers. As recently as August 2013, the Washington Post published articles about these NSA-TAO cyber operations. In these articles The Washington Post reported that the NSA installed an estimated 20,000 ‘implants’ as early as 2008. These articles were based on a secret budget report of the American intelligence services. By mid-2012 this number had more than doubled to 50,000, as is shown in the presentation NRC Handelsblad laid eyes on.
  • Cyber operations are increasingly important for the NSA. Computer hacks are relatively inexpensive and provide the NSA with opportunities to obtain information that they otherwise would not have access to. The NSA-presentation shows their CNE-operations in countries such as Venezuela and Brazil. The malware installed in these countries can remain active for years without being detected.
  • ...1 more annotation...
  • The malware can be controlled remotely and be turned on and off at will. The ‘implants’ act as digital ‘sleeper cells’ that can be activated with a single push of a button. According to the Washington Post, the NSA has been carrying out this type of cyber operation since 1998.
  • Paul Merrell on 25 Nov 13
     
    Nice interactive graphic too. 
1 - 17 of 17
Showing 20 items per page