Group items tagged

The U.S. Department of Justice is pushing to make it easier for law enforcement to get warrants to hack into the computers of criminal suspects across the country. The move, which would alter federal court rules governing search warrants, comes amid increases in cases related to computer crimes. Investigators say they need more flexibility to get warrants to allow hacking in such cases, especially when multiple computers are involved or the government doesn’t know where the suspect’s computer is physically located. The Justice Department effort is raising questions among some technology advocates, who say the government should focus on fixing the holes in computer software that allow such hacking instead of exploiting them. Privacy advocates also warn government spyware could end up on innocent people’s computers if remote attacks are authorized against equipment whose ownership isn’t clear.

The government’s push for rule changes sheds light on law enforcement’s use of remote hacking techniques, which are being deployed more frequently but have been protected behind a veil of secrecy for years. In documents submitted by the government to the judicial system’s rule-making body this year, the government discussed using software to find suspected child pornographers who visited a U.S. site and concealed their identity using a strong anonymization tool called Tor. The government’s hacking tools—such as sending an email embedded with code that installs spying software — resemble those used by criminal hackers. The government doesn’t describe these methods as hacking, preferring instead to use terms like “remote access” and “network investigative techniques.” Right now, investigators who want to search property, including computers, generally need to get a warrant from a judge in the district where the property is located, according to federal court rules. In a computer investigation, that might not be possible, because criminals can hide behind anonymizing technologies. In cases involving botnets—groups of hijacked computers—investigators might also want to search many machines at once without getting that many warrants.

Some judges have already granted warrants in cases when authorities don’t know where the machine is. But at least one judge has denied an application in part because of the current rules. The department also wants warrants to be allowed for multiple computers at the same time, as well as for searches of many related storage, email and social media accounts at once, as long as those accounts are accessed by the computer being searched. “Remote searches of computers are often essential to the successful investigation” of computer crimes, Acting Assistant Attorney General Mythili Raman wrote in a letter to the judicial system’s rulemaking authority requesting the change in September. The government tries to obtain these “remote access warrants” mainly to “combat Internet anonymizing techniques,” the department said in a memo to the authority in March. Some groups have raised questions about law enforcement’s use of hacking technologies, arguing that such tools mean the government is failing to help fix software problems exploited by criminals. “It is crucial that we have a robust public debate about how the Fourth Amendment and federal law should limit the government’s use of malware and spyware within the U.S.,” said Nathan Wessler, a staff attorney at the American Civil Liberties Union who focuses on technology issues.

New York Police Department detectives and prosecutors working an alleged underage sexting case against former Congressman Anthony Weiner have turned over a newly-found laptop he shared with wife Huma Abedin to the FBI with enough evidence “to put Hillary (Clinton) and her crew away for life,” NYPD sources told True Pundit. NYPD sources said Clinton’s “crew” also included several unnamed yet implicated members of Congress in addition to her aides and insiders. The NYPD seized the computer from Weiner during a search warrant and detectives discovered a trove of over 500,000 emails to and from Hillary Clinton, Abedin and other insiders during her tenure as secretary of state. The content of those emails sparked the FBI to reopen its defunct email investigation into Clinton on Friday.

But new revelations on the contents of that laptop, according to law enforcement sources, implicate the Democratic presidential candidate, her subordinates, and even select elected officials in far more alleged serious crimes than mishandling classified and top secret emails, sources said. NYPD sources said these new emails include evidence linking Clinton herself and associates to: Money laundering Child exploitation Sex crimes with minors (children) Perjury Pay to play through Clinton Foundation Obstruction of justice Other felony crimes NYPD detectives and a NYPD Chief, the department’s highest rank under Commissioner, said openly that if the FBI and Justice Department fail to garner timely indictments against Clinton and co- conspirators, NYPD will go public with the damaging emails now in the hands of FBI Director James Comey and many FBI field offices. “What’s in the emails is staggering and as a father, it turned my stomach,” the NYPD Chief said. “There is not going to be any Houdini-like escape from what we found. We have copies of everything. We will ship them to Wikileaks or I will personally hold my own press conference if it comes to that.”

The NYPD Chief said once Comey saw the alarming contents of the emails he was forced to reopen a criminal probe against Clinton. “People are going to prison,” he said. Meanwhile, FBI sources said Abedin and Weiner were cooperating with federal agents, who have taken over the non-sexting portions the case from NYPD. The husband-and-wife Clinton insiders  are both shopping for separate immunity deals, sources said. “If they don’t cooperate they are going to see long sentences,” a federal law enforcement source said. NYPD sources said Weiner or Abedin stored all the emails in a massive Microsoft Outlook program on the laptop. The emails implicate other current and former members of Congress and one high-ranking Democratic Senator as having possibly engaged in criminal activity too, sources said. Prosecutors in the office of US Attorney Preet Bharara have issued a subpoena for Weiner’s cell phones and travel records, law enforcement sources confirmed. NYPD said it planned to order the same phone and travel records on Clinton and Abedin, however, the FBI said it was in the process of requesting the identical records. Law enforcement sources are particularly interested in cell phone activity and travel to the Bahamas, U.S. Virgin Islands and other locations that sources would not divulge.

In a recent column, security expert Bruce Schneier proposed breaking up the NSA – handing its offensive capabilities work to US Cyber Command and its law enforcement work to the FBI, and terminating its programme of attacking internet security. In place of this, Schneier proposed that “instead of working to deliberately weaken security for everyone, the NSA should work to improve security for everyone.” This is a profoundly good idea for reasons that may not be obvious at first blush.People who worry about security and freedom on the internet have long struggled with the problem of communicating the urgent stakes to the wider public. We speak in jargon that’s a jumble of mixed metaphors – viruses, malware, trojans, zero days, exploits, vulnerabilities, RATs – that are the striated fossil remains of successive efforts to come to grips with the issue. When we do manage to make people alarmed about the stakes, we have very little comfort to offer them, because Internet security isn’t something individuals can solve.

I remember well the day this all hit home for me. It was nearly exactly a year ago, and I was out on tour with my novel Homeland, which tells the story of a group of young people who come into possession of a large trove of government leaks that detail a series of illegal programmes through which supposedly democratic governments spy on people by compromising their computers.

I explained the book’s premise, and then talked about how this stuff works in the real world. I laid out a parade of awfuls, including a demonstrated attack that hijacked implanted defibrillators from 10 metres’ distance and caused them to compromise other defibrillators that came into range, implanting an instruction to deliver lethal shocks at a certain time in the future. I talked about Cassidy Wolf, the reigning Miss Teen USA, whose computer had been taken over by a “sextortionist” who captured nude photos of her and then threatened to release them if she didn’t perform live sex shows for him. I talked about the future of self-driving cars, smart buildings, implanted hearing aids and robotic limbs, and explained that the world is made out of computers that we put our bodies into, and that we put inside our bodies.These computers are badly secured. What’s more, governments and their intelligence agencies are actively working to undermine the security of our computers and networks. This was before the Snowden revelations, but we already knew that governments were buying “zero-day vulnerabilities” from security researchers. These are critical bugs that can be leveraged to compromise entire systems. Until recently, the normal response to the discovery of one of these “vulns” was to report them to the vendor so they could be repaired.

Here’s what Feinstein described Tuesday morning: At some time after the committee staff identified and reviewed the Internal Panetta Review documents, access to the vast majority of them was removed by the CIA. We believe this happened in 2010 but we have no way of knowing the specifics. Nor do we know why the documents were removed. The staff was focused on reviewing the tens of thousands of new documents that continued to arrive on a regular basis. […] Shortly [after Udall’s comments], on January 15, 2014, CIA Director Brennan requested an emergency meeting to inform me and Vice Chairman Chambliss that without prior notification or approval, CIA personnel had conducted a “search”—that was John Brennan’s word—of the committee computers at the offsite facility. This search involved not only a search of documents provided to the committee by the CIA, but also a search of the ”stand alone” and “walled-off” committee network drive containing the committee’s own internal work product and communications. According to Brennan, the computer search was conducted in response to indications that some members of the committee staff might already have had access to the Internal Panetta Review. The CIA did not ask the committee or its staff if the committee had access to the Internal Review, or how we obtained it. Instead, the CIA just went and searched the committee’s computers.

If what Feinstein alleges is true, it essentially amounts to a constitutional crisis. And she said as much during her speech, describing “a defining moment for the oversight of our intelligence community.” “I have grave concerns that the CIA’s search may well have violated the separation of powers principles embodied in the United States Constitution, including the Speech and Debate clause. It may have undermined the constitutional framework essential to effective congressional oversight of intelligence activities or any other government function,” Feinstein said. “Besides the constitutional implications, the CIA’s search may also have violated the Fourth Amendment, the Computer Fraud and Abuse Act, as well as Executive Order 12333, which prohibits the CIA from conducting domestic searches or surveillance.”

There’s also the issue of intimidation. The media reports that have been bubbling up recently around this issue have suggested that Senate investigators illegally obtained the Panetta review—some even raised the specter of hacking by the Senate investigators. The CIA went so far as to file a crime report with the Department of Justice, accusing Senate staffers of illegally obtaining the Panetta review. Tuesday morning, Feinstein strenuously denied the review was illegally obtained, and asserted it was included in the 6.2 million files turned over by the CIA and describing at length why Senate lawyers felt it was a lawful document for the committee to possess. And, in a remarkable statement, Feinstein accused the CIA of intimidation by filing the crime report. “[T]here is no legitimate reason to allege to the Justice Department that Senate staff may have committed a crime. I view the acting general counsel’s referral [to DoJ] as a potential effort to intimidate this staff—and I am not taking it lightly.” Feinstein went on to note one fairly amazing fact. The (acting) general counsel she referred to, who filed the complaint with DoJ, was a lawyer in the CIA’s counterterrorism center beginning in 2004. That means he was directly involved in legal justifications for the torture program. “And now this individual is sending a crimes report to the Department of Justice on the actions of congressional staff,” she noted gravely. “The same congressional staff who researched and drafted a report that details how CIA officers—including the acting general counsel himself—provided inaccurate information to the Department of Justice about the program.”

An internal CIA investigation confirmed allegations that agency personnel improperly intruded into a protected database used by Senate Intelligence Committee staff to compile a scathing report on the agency’s detention and interrogation program, prompting bipartisan outrage and at least two calls for spy chief John Brennan to resign.“This is very, very serious, and I will tell you, as a member of the committee, someone who has great respect for the CIA, I am extremely disappointed in the actions of the agents of the CIA who carried out this breach of the committee’s computers,” said Sen. Saxby Chambliss, R-Ga., the committee’s vice chairman.

The rare display of bipartisan fury followed a three-hour private briefing by Inspector General David Buckley. His investigation revealed that five CIA employees, two lawyers and three information technology specialists improperly accessed or “caused access” to a database that only committee staff were permitted to use.Buckley’s inquiry also determined that a CIA crimes report to the Justice Department alleging that the panel staff removed classified documents from a top-secret facility without authorization was based on “inaccurate information,” according to a summary of the findings prepared for the Senate and House intelligence committees and released by the CIA.In other conclusions, Buckley found that CIA security officers conducted keyword searches of the emails of staffers of the committee’s Democratic majority _ and reviewed some of them _ and that the three CIA information technology specialists showed “a lack of candor” in interviews with Buckley’s office.

The inspector general’s summary did not say who may have ordered the intrusion or when senior CIA officials learned of it.Following the briefing, some senators struggled to maintain their composure over what they saw as a violation of the constitutional separation of powers between an executive branch agency and its congressional overseers.“We’re the only people watching these organizations, and if we can’t rely on the information that we’re given as being accurate, then it makes a mockery of the entire oversight function,” said Sen. Angus King, an independent from Maine who caucuses with the Democrats.The findings confirmed charges by the committee chairwoman, Sen. Dianne Feinstein, D-Calif., that the CIA intruded into the database that by agreement was to be used by her staffers compiling the report on the harsh interrogation methods used by the agency on suspected terrorists held in secret overseas prisons under the George W. Bush administration.The findings also contradicted Brennan’s denials of Feinstein’s allegations, prompting two panel members, Sens. Mark Udall, D-Colo., and Martin Heinrich, D-N.M., to demand that the spy chief resign.

Recently, Techdirt noted that the FBI may soon have permission to break into computers anywhere on the planet. It will come as no surprise to learn that the US's partner in crime, the UK, granted similar powers to its own intelligence services some time back. What's more unexpected is that it has now publicly said as much, as Privacy International explains: The British Government has admitted its intelligence services have the broad power to hack into personal phones, computers, and communications networks, and claims they are legally justifed to hack anyone, anywhere in the world, even if the target is not a threat to national security nor suspected of any crime. That important admission was made in what the UK government calls its "Open Response" to court cases started last year against GCHQ. Here's what it reveals, according to Privacy International:

Buried deep within the document, Government lawyers claim that while the intelligence services require authorisation to hack into the computer and mobile phones of "intelligence targets", GCHQ is equally permitted to break into computers anywhere in the world even if they are not connected to a crime or a threat to national security. Moreover: The intelligence services assert the right to exploit communications networks in covert manoeuvres that severely undermine the security of the entire internet. The deployment of such powers is confirmed by recent news stories detailing how GCHQ hacked into Belgacom using the malware Regin, and targeted Gemalto, the world's largest maker of SIM cards used in countries around the world.

What's important about this revelation is not just the information itself -- many people had assumed this was the case -- but the fact that once more, bringing court cases against the UK's GCHQ has ferreted out numerous details that were previously secret. This shows the value of the strategy, and suggests it should be used again where possible.

The Obama administration is now accusing Russia of cyber-crime and trying to disrupt the US presidential election. The claim is so far-fetched, it is hardly credible. More credible is that the US is reeling from Putin’s stunning humiliation earlier this week. Since June, US media and supporters of Democrat presidential contender Hillary Clinton have been blaming Russian state-sponsored hackers for breaking into the Democratic party’s database. It is further alleged that Moscow is stealthily trying to influence the outcome of the election, by releasing damaging information on Clinton, which might favor Republican candidate Donald Trump. Russia has vehemently denied any connection to the cyber-crime charges, or trying to disrupt the November poll. Now the Obama administration has stepped into the fray by openly accusing Russia. «US government officially accuses Russia of hacking campaign to interfere with elections», reported the Washington Post. This takes the row to a whole new level. No longer are the insinuations a matter of private, partisan opinion. The US government is officially labelling the Russian state for cyber-crime and political subversion.

Predictably, following the latest allegations, there are calls among American lawmakers for ramping up more economic sanctions against Russia. While US intelligence figures are urging for retaliatory cyber-attacks on Russian government facilities. Vladimir Putin’s spokesman Dmitry Peskov derided the US claims as «rubbish». He noted that the Kremlin’s computer system incurs hundreds of hacking attempts every day, many of which can be traced to American origin, but Moscow doesn’t turn around and blame the US government for such cyber-attacks. There are several signs that the latest brouhaha out of Washington is a bogus diversion. As with previous Russian-hacker claims by the Democrats and US media, there is no evidence presented by the Obama administration to support its grave allegations against the Russian government. Assertion without facts does not meet a minimal standard of proof. When reports emerged in June – again through the Washington Post – that the Democrat National Committee (DNC) was hacked by Russian agents, the allegation relied on investigations by a private cyber security firm by the name of CrowdStrike. The firm is linked by personnel to the NATO-affiliated, anti-Russian think tank Atlantic Council. Again no verifiable evidence was presented then, just the word of a dubious partisan source.

Back then the Russian scare story, for that’s what it was, served as a useful diversion from far more important issues. Such as the 19,000 emails released from the DNC database showing that the party chiefs had preordained Clinton’s presidential nomination over her Democrat rival Bernie Sanders. Much-vaunted «US democracy» was exposed as a fraud, and so the Washington establishment quickly went into damage-limitation mode by smearing Russia. It was the whistleblower site Wikileaks, run by Australian journalist Julian Assange, that released the embarrassing emails. It had nothing to do with Russia. Assange has since hinted that his source was within the Democrat party itself. This is where it gets really explosive. Assange has vowed to release more emails that will prove that Clinton as Secretary of State back in 2011-2012 masterminded the supply of weapons and money to Islamist terror networks in Libya and Syria for the objective of regime change. Furthermore, Assange says that the emails prove that Clinton lied under oath to Congress when she denied in 2013 that she was had any involvement in facilitating arms to the jihadists. Assange has said that Wikileaks is going to publish the incriminating emails on Clinton’s alleged gun-running to terrorists this month. If the evidence stands up, Clinton could be prosecuted for perjury as well as treason in aiding and abetting official terrorist enemies of the US.

For months, privacy advocates have been pointing to flaws in CISA, the new reincarnation of the cybersecurity bill known as CISPA that Congress has been kicking around since 2013. But today that zombie bill lurched one step closer to becoming law. The Senate Intelligence Committee passed the Cybersecurity Information Sharing Act, or CISA, by a vote of 14 to one Thursday afternoon. The bill, like the failed Cybersecurity Information Sharing and Protection Act that proceeded it, is designed to encourage the sharing of data between private companies and the government to prevent and respond to cybersecurity threats. But privacy critics have protested that CISA would create a legal framework for companies to more closely monitor internet users and share that data with government agencies.

After Thursday’s vote, Senator Ron Wyden—the only member of the Senate’s intelligence committee to vote against the bill—repeated those privacy concerns in a public statement. “If information-sharing legislation does not include adequate privacy protections then that’s not a cybersecurity bill—it’s a surveillance bill by another name,” he wrote. “It makes sense to encourage private firms to share information about cybersecurity threats. But this information sharing is only acceptable if there are strong protections for the privacy rights of law-abiding American citizens.”

Looking at the most recently revealed public version of CISA, privacy advocates have pointed out that it would allow sharing of personal data that goes beyond cybersecurity threats. It also allows the sharing of private sector data with the government that could prevent “terrorism” or an “imminent threat of death or serious bodily harm.” That language, Open Technology Institute privacy counsel Robyn Greene has argued, means CISA might “facilitate investigations into garden-variety violent crimes that have nothing to do with cyber threats.” “If that weren’t worrisome enough, the bill would also let law enforcement and other government agencies use information it receives to investigate, without a requirement for imminence or any connection to computer crime, even more crimes like carjacking, robbery, possession or use of firearms, ID fraud, and espionage,” Greene wrote in February. “While some of these are terrible crimes, and law enforcement should take reasonable steps to investigate them, they should not do so with information that was shared under the guise of enhancing cybersecurity.”

Senators on Wednesday expressed alarm at explosive allegations that the CIA might have spied on their computers to keep tabs on their controversial review of Bush-era “enhanced interrogation” techniques.ADVERTISEMENTLawmakers from both parties said that if the allegations against the CIA prove true, intelligence officials might have violated the law — and certainly violated the separation of powers enshrined in the Constitution.“I’m assuming that’s it’s not true, but if it is true, it should be World War III in terms of Congress standing up for itself against the CIA, ” Sen. Lindsey Graham (R-S.C.) told The Hill.Intelligence Committee Chairwoman Dianne Feinstein (D-Calif.) confirmed Wednesday that the CIA inspector general was investigating accusations that the covert agency had peered into the panel’s computers. But she didn’t comment on reports that the investigator has referred the matter to the Justice Department.Senate Armed Services Committee Chairman Carl Levin (D-Mich.), an ex officio member of the Intelligence panel, said the charge of spying is “extremely serious.”“There are laws against intruding and tampering, hacking into, accessing computers without permission. And that law applies to everybody,” he said.Brennan in a statement said he was "dismayed" by the “spurious allegations,” which he said were "wholly unsupported by the facts."

His statement was released Wednesday evening as McClatchy reported that the computer spying was allegedly discovered when the CIA confronted the Senate Intelligence panel about documents removed from the agency’s headquarters."I am very confident that the appropriate authorities reviewing this matter will determine where wrongdoing, if any, occurred in either the Executive Branch or Legislative Branch," Brennan said.“Until then, I would encourage others to refrain from outbursts that do a disservice to the important relationship that needs to be maintained between intelligence officials and congressional overseers."The allegations escalated a long-simmering feud between Democrats on the Intelligence panel and the CIA over the committee’s classified interrogation report, which provides an exhaustive look at the treatment of detainees in the years after Sept. 11.Sen. Mark Udall (Colo.) and two other Democrats on the Intelligence panel have criticized the CIA and its director, John Brennan, for blocking their efforts to declassify the 6,300-page investigation.“The CIA tried to intimidate the Intelligence Committee, plain and simple,” Udall said. “I’m going to keep fighting like hell to make sure the CIA never dodges congressional oversight again.”

Senators have said their review, which was completed in December 2012, is harshly critical of interrogation techniques such as waterboarding, concluding that they were ineffective and did not contribute to the capture of Osama bin Laden.Udall and other Democrats say the report needs to be released because it will "set the record straight" about the use of techniques that critics say amount to torture.While Democrats on the panel backed the report’s findings, most of the Intelligence Committee Republicans dissented.The CIA has objected to some of the report’s conclusions as well, though Udall says its internal review contradicts the agency’s public statements.Sen. Martin Heinrich (D-N.M.), who has joined Udall in pressing for the release of the report, said the allegations about CIA spying show the lengths that the agency will go to protect itself.“I think it’s been pretty clear that the CIA will do just about anything to make sure that this detention and interrogation report doesn’t come out,” Heinrich told The Hill.

In a sweeping victory for privacy rights in the digital age, the Supreme Court on Wednesday unanimously ruled that the police need warrants to search the cellphones of people they arrest.While the decision will offer protection to the 12 million people arrested every year, many for minor crimes, its impact will most likely be much broader. The ruling almost certainly also applies to searches of tablet and laptop computers, and its reasoning may apply to searches of homes and businesses and of information held by third parties like phone companies.“This is a bold opinion,” said Orin S. Kerr, a law professor at George Washington University. “It is the first computer-search case, and it says we are in a new digital age. You can’t apply the old rules anymore.”

As the world focuses on the high-tech spying of the National Security Agency, the misplaced card offers a rare glimpse inside the seemingly low-tech but prevalent snooping of the United States Postal Service. Mr. Pickering was targeted by a longtime surveillance system called mail covers, but that is only a forerunner of a vastly more expansive effort, the Mail Isolation Control and Tracking program, in which Postal Service computers photograph the exterior of every piece of paper mail that is processed in the United States — about 160 billion pieces last year. It is not known how long the government saves the images. Together, the two programs show that snail mail is subject to the same kind of scrutiny that the National Security Agency has given to telephone calls and e-mail. The mail covers program, used to monitor Mr. Pickering, is more than a century old but is still considered a powerful tool. At the request of law enforcement officials, postal workers record information from the outside of letters and parcels before they are delivered. (Actually opening the mail requires a warrant.) The information is sent to whatever law enforcement agency asked for it. Tens of thousands of pieces of mail each year undergo this scrutiny. The Mail Isolation Control and Tracking program was created after the anthrax attacks in late 2001 that killed five people, including two postal workers. Highly secret, it seeped into public view last month when the F.B.I. cited it in its investigation of ricin-laced letters sent to President Obama and Mayor Michael R. Bloomberg. It enables the Postal Service to retroactively track mail correspondence at the request of law enforcement. No one disputes that it is sweeping.

“In the past, mail covers were used when you had a reason to suspect someone of a crime,” said Mark D. Rasch, who started a computer crimes unit in the criminal division’s fraud section of the Justice Department and worked on several fraud cases using mail covers. “Now it seems to be ‘Let’s record everyone’s mail so in the future we might go back and see who you were communicating with.’ Essentially you’ve added mail covers on millions of Americans.” Bruce Schneier, a computer security expert and an author, said whether it was a postal worker taking down information or a computer taking images, the program was still an invasion of privacy. “Basically they are doing the same thing as the other programs, collecting the information on the outside of your mail, the metadata, if you will, of names, addresses, return addresses and postmark locations, which gives the government a pretty good map of your contacts, even if they aren’t reading the contents,” he said.

A sophisticated FBI-produced spyware program has played a crucial behind-the-scenes role in federal investigations into extortion plots, terrorist threats and hacker attacks in cases stretching back at least seven years, newly declassified documents show. As first reported by Wired.com, the software, called a "computer and internet protocol address verifier," or CIPAV, is designed to infiltrate a target’s computer and gather a wide range of information, which it secretly sends to an FBI server in eastern Virginia. The FBI’s use of the spyware surfaced in 2007 when the bureau used it to track e-mailed bomb threats against a Washington state high school to a 15-year-old student. But the documents released Thursday under the Freedom of Information Act show the FBI has quietly obtained court authorization to deploy the CIPAV in a wide variety of cases, ranging from major hacker investigations, to someone posing as an FBI agent online. Shortly after its launch, the program became so popular with federal law enforcement that Justice Department lawyers in Washington warned that overuse of the novel technique could result in its electronic evidence being thrown out of court in some cases. "While the technique is of indisputable value in certain kinds of cases, we are seeing indications that it is being used needlessly by some agencies, unnecessarily raising difficult legal questions (and a risk of suppression) without any countervailing benefit," reads a formerly-classified March 7, 2002 memo from the Justice Department’s Computer Crime and Intellectual Property Section.

The documents, which are heavily redacted, do not detail the CIPAV’s capabilities, but an FBI affidavit in the 2007 case indicate it gathers and reports a computer’s IP address; MAC address; open ports; a list of running programs; the operating system type, version and serial number; preferred internet browser and version; the computer’s registered owner and registered company name; the current logged-in user name and the last-visited URL. After sending the information to the FBI, the CIPAV settles into a silent "pen register" mode, in which it lurks on the target computer and monitors its internet use, logging the IP address of every server to which the machine connects. The documents shed some light on how the FBI sneaks the CIPAV onto a target’s machine, hinting that the bureau may be using one or more web browser vulnerabilities. In several of the cases outlined, the FBI hosted the CIPAV on a website, and tricked the target into clicking on a link. That’s what happened in the Washington case, according to a formerly-secret planning document for the 2007 operation. "The CIPAV will be deployed via a Uniform Resource Locator (URL) address posted to the subject’s private chat room on MySpace.com."

The software’s primary utility appears to be in tracking down suspects that use proxy servers or anonymizing websites to cover their tracks.

12 August 1988  Cover, pages 10-12   Somebody's  listening  . . . and they don't give a damn about personal privacy or commercial confidence. Project 415 is a top-secret new global surveillance system. It can tap into a billion calls a year in the UK alone. Inside Duncan Campbell on how spying entered the 21st century . . .  They've got it taped In the booming surveillance industry they spy on whom they wish, when they wish, protected by barriers of secrecy, fortified by billions of pounds worth of high, high technology. Duncan Campbell reports from the United States on the secret Anglo-American plan for a global electronic spy system for the 21st century capable of listening in to most of us most of the time   American, British and Allied intelligence agencies are soon to embark on a massive, billion-dollar expansion of their global electronic surveillance system. According to information given recently in secret to the US Congress, the surveillance system will enable the agencies to monitor and analyse civilian communications into the 21st century. Identified for the moment as Project P415, the system will be run by the US National Security Agency (NSA). But the intelligence agencies of many other countries will be closely involved with the new network, including those from Britain, Australia, Germany and Japan--and, surprisingly, the People's Republic of China. New satellite stations and monitoring centres are to be built around the world, and a chain of new satellites launched, so that NSA and its British counterpart, the Government Communications Headquarters (GCHQ) at Cheltenham, may keep abreast of the burgeoning international telecommunications traffic.

Both the new and existing surveillance systems are highly computerised. They rely on near total interception of international commercial and satellite communications in order to locate the telephone or other messages of target individuals. Last month, a US newspaper, the Cleveland Plain Dealer, revealed that the system had been used to target the telephone calls of a US Senator, Strom Thurmond. The fact that Thurmond, a southern Republican and usually a staunch supporter of the Reagan administration, is said to have been a target has raised fears that the NSA has restored domestic, electronic, surveillance programmes. These were originally exposed and criticised during the Watergate investigations, and their closure ordered by President Carter. After talking to the NSA, Thurmond later told the Plain Dealer that he did not believe the allegation. But Thurmond, a right-wing Republican, may have been unwilling to rock the boat. Staff members of the Permanent Select Committee on Intelligence said that staff were "digging into it" despite the "stratospheric security classification" of all the systems involved. The Congressional officials were first told of the Thurmond interception by a former employee of the Lockheed Space and Missiles Corporation, Margaret Newsham, who now lives in Sunnyvale, California. Newsham had originally given separate testimony and filed a lawsuit concerning corruption and mis-spending on other US government "black" projects. She has worked in the US and Britain for two corporations which manufacture signal intelligence computers, satellites and interception equipment for NSA, Ford Aerospace and Lockheed. Citing a special Executive Order signed by President Reagan. she told me last month that she could not and would not discuss classified information with journalists. But according to Washington sources (and the report in the Plain Dealer, she informed a US Congressman that the Thurmond interception took place at Menwith Hill, and that she p

A secret listening agreement, called UKUSA (UK-USA), assigns parts of the globe to each participating agency. GCHQ at Cheltenham is the co-ordinating centre for Europe, Africa and the Soviet Union (west of the Ural Mountains). The NSA covers the rest of the Soviet Union and most of the Americas. Australia--where another station in the NSA listening network is located in the outback--co-ordinates the electronic monitoring of the South Pacific, and South East Asia.

The U.S. government started keeping secret records of Americans' international telephone calls nearly a decade before the Sept. 11 terrorist attacks, harvesting billions of calls in a program that provided a blueprint for the far broader National Security Agency surveillance that followed.For more than two decades, the Justice Department and the Drug Enforcement Administration amassed logs of virtually all telephone calls from the USA to as many as 116 countries linked to drug trafficking, current and former officials involved with the operation said. The targeted countries changed over time but included Canada, Mexico and most of Central and South America.Federal investigators used the call records to track drug cartels' distribution networks in the USA, allowing agents to detect previously unknown trafficking rings and money handlers. They also used the records to help rule out foreign ties to the bombing in 1995 of a federal building in Oklahoma City and to identify U.S. suspects in a wide range of other investigations.The Justice Department revealed in January that the DEA had collected data about calls to "designated foreign countries." But the history and vast scale of that operation have not been disclosed until now.

The now-discontinued operation, carried out by the DEA's intelligence arm, was the government's first known effort to gather data on Americans in bulk, sweeping up records of telephone calls made by millions of U.S. citizens regardless of whether they were suspected of a crime. It was a model for the massive phone surveillance system the NSA launched to identify terrorists after the Sept. 11 attacks. That dragnet drew sharp criticism that the government had intruded too deeply into Americans' privacy after former NSA contractor Edward Snowden leaked it to the news media two years ago.More than a dozen current and former law enforcement and intelligence officials described the details of the Justice Department operation to USA TODAY. Most did so on the condition of anonymity because they were not authorized to publicly discuss the intelligence program, part of which remains classified.The DEA program did not intercept the content of Americans' calls, but the records — which numbers were dialed and when — allowed agents to map suspects' communications and link them to troves of other police and intelligence data. At first, the drug agency did so with help from military computers and intelligence analysts

The extent of that surveillance alarmed privacy advocates, who questioned its legality. "This was aimed squarely at Americans," said Mark Rumold, an attorney with the Electronic Frontier Foundation. "That's very significant from a constitutional perspective."Holder halted the data collection in September 2013 amid the fallout from Snowden's revelations about other surveillance programs. In its place, current and former officials said the drug agency sends telecom companies daily subpoenas for international calling records involving only phone numbers that agents suspect are linked to the drug trade or other crimes — sometimes a thousand or more numbers a day.Tuesday, Justice Department spokesman Patrick Rodenbush said the DEA "is no longer collecting bulk telephony metadata from U.S. service providers." A DEA spokesman declined to comment.

Uncle Sam’s Databases of Suspicion A Shadow Form of National ID

We do know that the nation’s domestic-intelligence network is massive, including at least 59 federal agencies, over 300 Defense Department units, and approximately 78 state-based fusion centers, as well as the multitude of law enforcement agencies they serve. We also know that local law enforcement agencies have themselves raised concerns about the system’s lack of privacy protections.

The SAR database is part of an ever-expanding domestic surveillance system established after 9/11 to gather intelligence on potential terrorism threats. At an abstract level, such a system may seem sensible: far better to prevent terrorism before it happens than to investigate and prosecute after a tragedy. Based on that reasoning, the government exhorts Americans to “see something, say something” -- the SAR program’s slogan. Indeed, just this week at a conference in New York City, FBI Director James Comey asked the public to report any suspicions they have to authorities. “When the hair on the back of your neck stands, listen to that instinct and just tell somebody,” said Comey. And seeking to reassure those who do not want to get their fellow Americans in trouble based on instinct alone, the FBI director added, “We investigate in secret for a very good reason, we don't want to smear innocent people.”

It was already being described as the worst hack of the U.S. government in history. And it just got much worse.A senior U.S. official has confirmed that foreign hackers compromised the intimate personal details of an untold number of government workers. Likely included in the hackers’ haul: information about workers’ sexual partners, drug and alcohol abuse, debts, gambling compulsions, marital troubles, and any criminal activity.Those details, which are now presumed to be in the hands of Chinese spies, are found in the so-called “adjudication information” that U.S. investigators compile on government employees and contractors who are applying for security clearances. The exposure suggests that the massive computer breach at the Office of Personnel Management is more significant and potentially damaging to national security than officials have previously said.

Three former U.S. intelligence officials told The Daily Beast that the adjudication information would effectively provide dossiers on current and former government employees, as well as contractors. It gives foreign intelligence agencies a roadmap for finding people with access to the government’s most highly classified secrets.Obama administration officials had previously acknowledged the breach of information that applicants voluntarily disclose on a routine questionnaire, called Standard Form 86, but the theft of the more detailed and wide-ranging adjudication information appears to have gone overlooked.

“Whoever compromised the adjudication information is going to have clear knowledge, beyond what’s in the SF86, about who the best targets for espionage are in the United States,” Michael Adams, a computer security expert who served more than two decades in the U.S. Special Operations Command, told The Daily Beast. “This is the most successful cyber attack in the history of the United States,” owing to the amount and quality of the information that was stolen, Adams said. U.S. intelligence officers spend years trying to recruit foreign spies to gather the kinds of details and insights that are contained in adjudication information, one former senior U.S. official said. This official, who requested anonymity, added that adjudication information would give foreign intelligence services “enormous leverage” over U.S. personnel whom they might forcibly interrogate for information or try to recruit.

President Obama plans to announce legislation Tuesday that would shield companies from lawsuits for sharing computer threat data with the government in an effort to prevent cyber­attacks. On the heels of a destructive attack at Sony Pictures Entertainment and major breaches at JPMorgan Chase and retail chains, Obama is intent on capitalizing on the heightened sense of urgency to improve the security of the nation’s networks, officials said. “He’s been doing everything he can within his executive authority to move the ball on this,” said a senior administration official who spoke on the condition of anonymity to discuss legislation that has not yet been released. “We’ve got to get something in place that allows both industry and government to work more closely together.”

The legislation is part of a broader package, to be sent to Capitol Hill on Tuesday, that includes measures to help protect consumers and students against ­cyberattacks and to give law enforcement greater authority to combat cybercrime. The provision’s goal is to “enshrine in law liability protection for the private sector for them to share specific information — cyberthreat indicators — with the government,” the official said. Some analysts questioned the need for such legislation, saying there are adequate measures in place to enable sharing between companies and the government and among companies.

“We think the current information-sharing regime is adequate,” said Mark Jaycox, legislative analyst at the Electronic Frontier Foundation, a privacy group. “More companies need to use it, but the idea of broad legal immunity isn’t needed right now.” The administration official disagreed. The lack of such immunity is what prevents many companies from greater sharing of data with the government, the official said. “We have heard that time and time again,” the official said. The proposal, which builds on a 2011 administration bill, grants liability protection to companies that provide indicators of cyberattacks and threats to the Department of Homeland Security.