Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged email-hacks

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

Canadian Spies Collect Domestic Emails in Secret Security Sweep - The Intercept - 0 views

firstlook.org/...ony-express-email-surveillance

surveillance state Canada CSE bulk-collection email

shared by Paul Merrell on 27 Feb 15 - No Cached
  • Canada’s electronic surveillance agency is covertly monitoring vast amounts of Canadians’ emails as part of a sweeping domestic cybersecurity operation, according to top-secret documents. The surveillance initiative, revealed Wednesday by CBC News in collaboration with The Intercept, is sifting through millions of emails sent to Canadian government agencies and departments, archiving details about them on a database for months or even years. The data mining operation is carried out by the Communications Security Establishment, or CSE, Canada’s equivalent of the National Security Agency. Its existence is disclosed in documents obtained by The Intercept from NSA whistleblower Edward Snowden. The emails are vacuumed up by the Canadian agency as part of its mandate to defend against hacking attacks and malware targeting government computers. It relies on a system codenamed PONY EXPRESS to analyze the messages in a bid to detect potential cyber threats.
  • Last year, CSE acknowledged it collected some private communications as part of cybersecurity efforts. But it refused to divulge the number of communications being stored or to explain for how long any intercepted messages would be retained. Now, the Snowden documents shine a light for the first time on the huge scope of the operation — exposing the controversial details the government withheld from the public. Under Canada’s criminal code, CSE is not allowed to eavesdrop on Canadians’ communications. But the agency can be granted special ministerial exemptions if its efforts are linked to protecting government infrastructure — a loophole that the Snowden documents show is being used to monitor the emails. The latest revelations will trigger concerns about how Canadians’ private correspondence with government employees are being archived by the spy agency and potentially shared with police or allied surveillance agencies overseas, such as the NSA. Members of the public routinely communicate with government employees when, for instance, filing tax returns, writing a letter to a member of parliament, applying for employment insurance benefits or submitting a passport application.
  • Chris Parsons, an internet security expert with the Toronto-based internet think tank Citizen Lab, told CBC News that “you should be able to communicate with your government without the fear that what you say … could come back to haunt you in unexpected ways.” Parsons said that there are legitimate cybersecurity purposes for the agency to keep tabs on communications with the government, but he added: “When we collect huge volumes, it’s not just used to track bad guys. It goes into data stores for years or months at a time and then it can be used at any point in the future.” In a top-secret CSE document on the security operation, dated from 2010, the agency says it “processes 400,000 emails per day” and admits that it is suffering from “information overload” because it is scooping up “too much data.” The document outlines how CSE built a system to handle a massive 400 terabytes of data from Internet networks each month — including Canadians’ emails — as part of the cyber operation. (A single terabyte of data can hold about a billion pages of text, or about 250,000 average-sized mp3 files.)
  • ...1 more annotation...
  • The agency notes in the document that it is storing large amounts of “passively tapped network traffic” for “days to months,” encompassing the contents of emails, attachments and other online activity. It adds that it stores some kinds of metadata — data showing who has contacted whom and when, but not the content of the message — for “months to years.” The document says that CSE has “excellent access to full take data” as part of its cyber operations and is receiving policy support on “use of intercepted private communications.” The term “full take” is surveillance-agency jargon that refers to the bulk collection of both content and metadata from Internet traffic. Another top-secret document on the surveillance dated from 2010 suggests the agency may be obtaining at least some of the data by covertly mining it directly from Canadian Internet cables. CSE notes in the document that it is “processing emails off the wire.”
  • Paul Merrell on 27 Feb 15
     
    " CANADIAN SPIES COLLECT DOMESTIC EMAILS IN SECRET SECURITY SWEEP BY RYAN GALLAGHER AND GLENN GREENWALD @rj_gallagher@ggreenwald YESTERDAY AT 2:02 AM SHARE TWITTER FACEBOOK GOOGLE EMAIL PRINT POPULAR EXCLUSIVE: TSA ISSUES SECRET WARNING ON 'CATASTROPHIC' THREAT TO AVIATION CHICAGO'S "BLACK SITE" DETAINEES SPEAK OUT WHY DOES THE FBI HAVE TO MANUFACTURE ITS OWN PLOTS IF TERRORISM AND ISIS ARE SUCH GRAVE THREATS? NET NEUTRALITY IS HERE - THANKS TO AN UNPRECEDENTED GUERRILLA ACTIVISM CAMPAIGN HOW SPIES STOLE THE KEYS TO THE ENCRYPTION CASTLE Canada's electronic surveillance agency is covertly monitoring vast amounts of Canadians' emails as part of a sweeping domestic cybersecurity operation, according to top-secret documents. The surveillance initiative, revealed Wednesday by CBC News in collaboration with The Intercept, is sifting through millions of emails sent to Canadian government agencies and departments, archiving details about them on a database for months or even years. The data mining operation is carried out by the Communications Security Establishment, or CSE, Canada's equivalent of the National Security Agency. Its existence is disclosed in documents obtained by The Intercept from NSA whistleblower Edward Snowden. The emails are vacuumed up by the Canadian agency as part of its mandate to defend against hacking attacks and malware targeting government computers. It relies on a system codenamed PONY EXPRESS to analyze the messages in a bid to detect potential cyber threats. Last year, CSE acknowledged it collected some private communications as part of cybersecurity efforts. But it refused to divulge the number of communications being stored or to explain for how long any intercepted messages would be retained. Now, the Snowden documents shine a light for the first time on the huge scope of the operation - exposing the controversial details the government withheld from the public. Under Canada's criminal code, CSE is no
Paul Merrell

Spy Tech Company 'Hacking Team' Gets Hacked | Motherboard - 0 views

motherboard.vice.com/...mpany-hacking-team-gets-hacked

surveillance-state Hacking-Team hacking-the-spies

shared by Paul Merrell on 06 Jul 15 - No Cached
  • Sometimes even the cops get robbed. The controversial Italian surveillance company Hacking Team, which sells spyware to governments all around the world, including agencies in Ethiopia, Morocco, the United Arab Emirates, as well as the US Drug Enforcement Administration, appears to have been seriously hacked. Hackers have made 500 GB of client files, contracts, financial documents, and internal emails, some as recent as 2015, publicly available for download. Hacking Team’s spokesperson Eric Rabe did not immediately respond to Motherboard’s calls and email asking for verification that the hacked information is legitimate. Without confirmation from the company itself, it’s difficult to know what percentage of the files are real—however, based on the sheer size of the breach and the information in the files, the hack appears to be authentic. What’s more, the unknown hackers announced their feat through Hacking Team’s own Twitter account.
  • he hackers composed the tweets as if they were written by Hacking Team. “Since we have nothing to hide, we're publishing all our e-mails, files, and source code,” the hackers wrote in a tweet, which included the link to around 500 Gb of files. The hackers also started tweeting a few samples of internal emails from the company. One of the screenshots shows an email dated 2014 from Hacking Team’s founder and CEO David Vincenzetti to another employee. In the email, titled “Yet another Citizen Lab attack,” Vincenzetti links to a report from the online digital rights research center Citizen Lab, at the University of Toronto’s Munk School of Global Affairs, which has exposed numerous cases of abuse from Hacking Team’s clients. Hacking Team has never revealed a list of its clients, and has always and repeatedly denied selling to sketchy governments, arguing that it has an internal procedure to address human rights concerns about prospective customers.
  • It’s unclear exactly how much the hackers got their hands on, but judging from the size of the files, it’s certainly a large collection of internal files. A source who asked to speak anonymously due to the sensitivity of the issue, told me that based on the file names and folders in the leak, the hackers who hit Hacking Team "got everything." A few hours after the initial hack, a list of alleged Hacking Team customers was posted on Pastebin. The list includes past and current customers. Among the most notable, there are a few that were previously unknown, such as the FBI, Chile, Australia, Spain, and Iraq, among others.
  • ...1 more annotation...
  • The breach on Hacking Team comes almost a year after another surveillance tech company, the competing FinFisher, was hacked in a similar way, with a hacker leaking 40 Gb of internal files. FinFisher, like Hacking Team, sells surveillance software to law enforcement agencies across the world. Their software, once surreptitiously installed on a target’s cell phone or computer, can be used to monitor the target’s communications, such as phone calls, text messages, Skype calls, or emails. Operators can also turn on the target’s webcam and exfiltrate files from the infected device.
Paul Merrell

Here Are All the Sketchy Government Agencies Buying Hacking Team's Spy Tech | Motherboard - 0 views

motherboard.vice.com/...-buying-hacking-teams-spy-tech

surveillance state Hacking-Team hacked

shared by Paul Merrell on 07 Jul 15 - No Cached
  • They say what goes around comes around, and there's perhaps nowhere that rings more true than in the world of government surveillance. Such was the case on Monday morning when Hacking Team, the Italian company known for selling electronic intrusion tools to police and federal agencies around the world, awoke to find that it had been hacked itself—big time—apparently exposing its complete client list, email spools, invoices, contracts, source code, and more. Those documents show that not only has the company been selling hacking tools to a long list of foreign governments with dubious human rights records, but it’s also establishing a nice customer base right here in the good old US of A. The cache, which sources told Motherboard is legitimate, contains more than 400 gigabytes of files, many of which confirm previous reports that the company has been selling industrial-grade surveillance software to authoritarian governments. Hacking Team is known in the surveillance world for its flagship hacking suite, Remote Control System (RCS) or Galileo, which allows its government and law enforcement clients to secretly install “implants” on remote machines that can steal private emails, record Skype calls, and even monitor targets through their computer's webcam. Hacking Team in North America
  • According to leaked contracts, invoices and an up-to-date list of customer subscriptions, Hacking Team’s clients—which the company has consistently refused to name—also include Kazakhstan, Azerbaijan, Oman, Saudi Arabia, Uzbekistan, Bahrain, Ethiopia, Nigeria, Sudan and many others. The list of names matches the findings of Citizen Lab, a research lab at the University of Toronto's Munk School of Global Affairs that previously found traces of Hacking Team on the computers of journalists and activists around the world. Last year, the Lab's researchers mapped out the worldwide collection infrastructure used by Hacking Team's customers to covertly transport stolen data, unveiling a massive network comprised of servers based in 21 countries. Reporters Without Borders later named the company one of the “Enemies of the Internet” in its annual report on government surveillance and censorship.
  • we’ve only scratched the surface of this massive leak, and it’s unclear how Hacking Team will recover from having its secrets spilling across the internet for all to see. In the meantime, the company is asking all customers to stop using its spyware—and likely preparing for the worst.
Paul Merrell

Hacking Team Asks Customers to Stop Using Its Software After Hack | Motherboard - 0 views

motherboard.vice.com/...-using-its-software-after-hack

surveillance state Hacking-Team hacked

shared by Paul Merrell on 07 Jul 15 - No Cached
  • But the hack hasn’t just ruined the day for Hacking Team’s employees. The company, which sells surveillance software to government customers all over the world, from Morocco and Ethiopia to the US Drug Enforcement Agency and the FBI, has told all its customers to shut down all operations and suspend all use of the company’s spyware, Motherboard has learned. “They’re in full on emergency mode,” a source who has inside knowledge of Hacking Team’s operations told Motherboard.
  • Hacking Team notified all its customers on Monday morning with a “blast email,” requesting them to shut down all deployments of its Remote Control System software, also known as Galileo, according to multiple sources. The company also doesn’t have access to its email system as of Monday afternoon, a source said. On Sunday night, an unnamed hacker, who claimed to be the same person who breached Hacking Team’s competitor FinFisher last year, hijacked its Twitter account and posted links to 400GB of internal data. Hacking Team woke up to a massive breach of its systems.
  • A source told Motherboard that the hackers appears to have gotten “everything,” likely more than what the hacker has posted online, perhaps more than one terabyte of data. “The hacker seems to have downloaded everything that there was in the company’s servers,” the source, who could only speak on condition of anonymity, told Motherboard. “There’s pretty much everything here.” It’s unclear how the hackers got their hands on the stash, but judging from the leaked files, they broke into the computers of Hacking Team’s two systems administrators, Christian Pozzi and Mauro Romeo, who had access to all the company’s files, according to the source. “I did not expect a breach to be this big, but I’m not surprised they got hacked because they don’t take security seriously,” the source told me. “You can see in the files how much they royally fucked up.”
  • ...2 more annotations...
  • For example, the source noted, none of the sensitive files in the data dump, from employees passports to list of customers, appear to be encrypted. “How can you give all the keys to your infrastructure to a 20-something who just joined the company?” he added, referring to Pozzi, whose LinkedIn shows he’s been at Hacking Team for just over a year. “Nobody noticed that someone stole a terabyte of data? You gotta be a fuckwad,” the source said. “It means nobody was taking care of security.”
  • The future of the company, at this point, it’s uncertain. Employees fear this might be the beginning of the end, according to sources. One current employee, for example, started working on his resume, a source told Motherboard. It’s also unclear how customers will react to this, but a source said that it’s likely that customers from countries such as the US will pull the plug on their contracts. Hacking Team asked its customers to shut down operations, but according to one of the leaked files, as part of Hacking Team’s “crisis procedure,” it could have killed their operations remotely. The company, in fact, has “a backdoor” into every customer’s software, giving it ability to suspend it or shut it down—something that even customers aren’t told about. To make matters worse, every copy of Hacking Team’s Galileo software is watermarked, according to the source, which means Hacking Team, and now everyone with access to this data dump, can find out who operates it and who they’re targeting with it.
Paul Merrell

US Intel Vets Dispute Russia Hacking Claims - Consortiumnews - 0 views

consortiumnews.com/...-dispute-russia-hacking-claims

war & peace Auction 2016 Russia hacking debunked VIPS

shared by Paul Merrell on 13 Dec 16 - No Cached
  • As the hysteria about Russia’s alleged interference in the U.S. election grows, a key mystery is why U.S. intelligence would rely on “circumstantial evidence” when it has the capability for hard evidence, say U.S. intelligence veterans. Veteran Intelligence Professionals for Sanity MEMORANDUM Allegations of Hacking Election Are Baseless A New York Times report on Monday alluding to “overwhelming circumstantial evidence” leading the CIA to believe that Russian President Vladimir Putin “deployed computer hackers with the goal of tipping the election to Donald J. Trump” is, sadly, evidence-free. This is no surprise, because harder evidence of a technical nature points to an inside leak, not hacking – by Russians or anyone else.
  • We have gone through the various claims about hacking. For us, it is child’s play to dismiss them. The email disclosures in question are the result of a leak, not a hack. Here’s the difference between leaking and hacking: Leak: When someone physically takes data out of an organization and gives it to some other person or organization, as Edward Snowden and Chelsea Manning did. Hack: When someone in a remote location electronically penetrates operating systems, firewalls or any other cyber-protection system and then extracts data. All signs point to leaking, not hacking. If hacking were involved, the National Security Agency would know it – and know both sender and recipient. In short, since leaking requires physically removing data – on a thumb drive, for example – the only way such data can be copied and removed, with no electronic trace of what has left the server, is via a physical storage device.
  • These collection resources are extensive [see attached NSA slides 1, 2, 3, 4, 5]; they include hundreds of trace route programs that trace the path of packets going across the network and tens of thousands of hardware and software implants in switches and servers that manage the network. Any emails being extracted from one server going to another would be, at least in part, recognizable and traceable by all these resources. The bottom line is that the NSA would know where and how any “hacked” emails from the DNC, HRC or any other servers were routed through the network. This process can sometimes require a closer look into the routing to sort out intermediate clients, but in the end sender and recipient can be traced across the network. The various ways in which usually anonymous spokespeople for U.S. intelligence agencies are equivocating – saying things like “our best guess” or “our opinion” or “our estimate” etc. – shows that the emails alleged to have been “hacked” cannot be traced across the network. Given NSA’s extensive trace capability, we conclude that DNC and HRC servers alleged to have been hacked were, in fact, not hacked. The evidence that should be there is absent; otherwise, it would surely be brought forward, since this could be done without any danger to sources and methods. Thus, we conclude that the emails were leaked by an insider – as was the case with Edward Snowden and Chelsea Manning. Such an insider could be anyone in a government department or agency with access to NSA databases, or perhaps someone within the DNC.
  • ...1 more annotation...
  • As for the comments to the media as to what the CIA believes, the reality is that CIA is almost totally dependent on NSA for ground truth in the communications arena. Thus, it remains something of a mystery why the media is being fed strange stories about hacking that have no basis in fact. In sum, given what we know of NSA’s existing capabilities, it beggars belief that NSA would be unable to identify anyone – Russian or not – attempting to interfere in a U.S. election by hacking. For the Steering Group, Veteran Intelligence Professionals for Sanity (VIPS)
Gary Edwards

Arnold Ahlert: Russia Would Love a Third Obama Term - The Patriot Post - 0 views

patriotpost.us/43984

Hillary

shared by Gary Edwards on 09 Aug 16 - No Cached
  • New York Post columnist John Crudele obliterates the despicable word-parsing. “Clinton was so careless when using her BlackBerry that the Russians stole her password,” he writes. “All Russian President Vladimir Putin’s gang had to do was log into Clinton’s account and read whatever they wanted.” When it comes to the DNC hack, “The Russians did it” is the theme-du-jour. Clinton campaign manager, Robby Mook stated Sunday that “experts are telling us that Russian state actors broke into the DNC, stole these emails, [and are] releasing these emails for the purpose of helping Donald Trump.” The campaign itself echoed that assertion. “This is further evidence the Russian government is trying to influence the outcome of the election.”
  • The reliably leftist Politico — so far left that reporter Ken Vogel remains employed there despite sending a story to the DNC before he sent it to his own editor — is quite comfortable advancing that agenda, using it as a vehicle to buff up Clinton’s tenure as secretary of state. “Former U.S. officials who worked on Russia policy with Clinton say that Putin was personally stung by Clinton’s December 2011 condemnation of Russia’s parliamentary elections, and had his anger communicated directly to President Barack Obama,” Politico reports. “They say Putin and his advisers are also keenly aware that, even as she executed Obama’s ‘reset’ policy with Russia, Clinton took a harder line toward Moscow than others in the administration. And they say Putin sees Clinton as a forceful proponent of ‘regime change’ policies that the Russian leader considers a grave threat to his own survival.” Yet even Politico is forced to admit the payback angle is “speculation,” and that some experts remain “unconvinced that Putin’s government engineered the DNC email hack or that it was meant to influence the election in Trump’s favor as opposed to embarrassing DNC officials for any number of reasons.”
  • Americans would also be wise to remain highly skeptical of this claim for any number of reasons. WikiLeaks founder Julian Assange asserts there is “there is no proof whatsoever” Russia is behind the hack and that “this is a diversion that’s being pushed by the Hillary Clinton campaign.” To be fair, Assange is a Russian sympathizer, and leftists aren’t the only ones attributing the hack to the Russians. The same FBI that gave Clinton a pass will be investigating the DNC hack, and at some point the bureau will reach a conclusion. In the meantime, it might be worth considering that this smacks of a carefully orchestrated disinformation campaign similar to the one Clinton and several other Obama administration officials engineered with regard to Benghazi. While Clinton was never held personally or legally accountable for the deaths of four Americans, it is beyond dispute that she lied unabashedly about a video causing the attack, while sending her daughter a damning email at 11:12 p.m. on Sept. 11, 2012, admitting the administration knew “the attack had nothing to do with the film. It was a planned attack, not a protest.” The theme of this coordinated narrative? Clinton campaign chair John Podesta referred Monday night to “a kind of bromance going on” between Putin and Trump. Clinton campaign manager Robby Mook echoed that assertion, insisting the email dump comes on the heels of “changes to the Republican platform to make it more pro-Russian.”
  • ...3 more annotations...
  • The Leftmedia were equally obliging. “The theory that Moscow orchestrated the leaks to help Trump … is fast gaining currency within the Obama administration because of the timing of the leaks and Trump’s own connections to the Russian government,” reports the Daily Beast. Other Leftmedia examples abound. “Until Friday, that charge, with its eerie suggestion of a Kremlin conspiracy to aid Donald J. Trump, has been only whispered,” shouted the New York Times. “Because the leaks are widely suspected of being the result of a Russian hacking operation, they can be used to reinforce the narrative that Russian President Vladimir Putin is rooting for Trump and that Trump, in turn, would be too accommodating to Moscow,” adds the Los Angeles Times. “Why would Russian President Vladimir Putin want to help Donald Trump win the White House?” asks NPR. “If you want to indulge in a bit of conspiracy theory, remember that Russian President Vladimir Putin has praised candidate Trump as recently as June,” states the Burlington Free Press.
  • Ultimately, here’s the question: If the Russians could access the DNC server, they could certainly access Clinton’s unsecure server. And if they could access Clinton’s server, including the 33,000 emails she deleted (maybe some were about how the Clintons profited from selling American uranium to Russia), ask yourself who they’d rather have in the Oval Office: Donald Trump, who professed admiration for Putin but remains a highly unpredictable individual — or Hillary Clinton, who could be subjected to blackmail for as long as eight years? Russia’s clear objective would be to have the weakest American leadership they can get. Blackmail aside, what would be weaker than an extension of Obama’s presidency?
  • Moreover, it is just as likely a number of the so-called “experts” as well as Clinton’s useful idiot media apparatchiks have considered the blackmail possibility and are trying to divert attention from it with a phony Trump connection story. Democrats can theorize, complain and blame to their hearts' content, but none of it obscures the reality that the DNC — and by extension Hillary Clinton and the entire Democrat Party — are a conglomeration of morally bereft, utterly incompetent individuals wholly ill-equipped to handle internal security, much less national security. And they are aided and abetted by an equally corrupt media, more than willing to abide that potentially catastrophic reality as long as it gets a Democrat in the Oval Office. WikiLeaks has promised additional dumps with be forthcoming. How much deeper Democrats sink is anyone’s guess.
  • Gary Edwards on 09 Aug 16
     
    "If one lives by the vulnerable server, one dies by the vulnerable server. As the week unfolds, America is witnessing the ultimate unmasking of the Democrat Party, an entity whose self-aggrandizing claims of unity, fairness and intellectual honesty have been revealed as utterly fraudulent by a flood of DNC emails released by WikiLeaks. Moreover, a stunning level of hypocrisy attends the entire exposure, as DNC Chairwoman Debbie Wasserman Schultz is sent packing for this breach of confidential party information, while Hillary Clinton, whose equally accessible private server contained far more critical top-secret information, officially became the party's standard-bearer. But not to worry, assured FBI Director James Comey, who insisted there was no direct evidence that Clinton's server had been hacked by hostile actors - before adding it was possible that hostile actors "gained access" to Clinton's accounts. Clinton was equally adept at making semantical distinctions. "If you go by the evidence, there is no evidence that the system was breached or hacked successfully," Clinton said. "And I think that what's important here is follow the evidence. And there is no evidence. And that can't be said about a lot of other systems, including government systems.""
Paul Merrell

FBI Director: Sony's 'Sloppy' North Korean Hackers Revealed Their IP Addresses | WIRED - 0 views

www.wired.com/...s-failed-use-proxies-sony-hack

war & peace cyberwar North-Korea Sony-hack FBI Comey

shared by Paul Merrell on 08 Jan 15 - No Cached
  • The Obama administration has been tightlipped about its controversial naming of the North Korean government as the definitive source of the hack that eviscerated Sony Pictures Entertainment late last year. But FBI director James Comey is standing by the bureau’s conclusion, and has offered up a few tiny breadcrumbs of the evidence that led to it. Those crumbs include the claim that Sony hackers sometimes failed to use the proxy servers that masked the origin of their attack, revealing IP addresses that the FBI says were used exclusively by North Korea. Speaking at a Fordham Law School cybersecurity conference Wednesday, Comey said that he has “very high confidence” in the FBI’s attribution of the attack to North Korea. And he named several of the sources of his evidence, including a “behavioral analysis unit” of FBI experts trained to psychologically analyze foes based on their writings and actions. He also said that the FBI compared the Sony attack with their own “red team” simulations to determine how the attack could have occurred. And perhaps most importantly, Comey now says that the hackers in the attack failed on multiple occasions to use the proxy servers that bounce their Internet connection through an obfuscating computer somewhere else in the world, revealing IP addresses that tied them to North Koreans.
  • “In nearly every case, [the Sony hackers known as the Guardians of Peace] used proxy servers to disguise where they were coming from in sending these emails and posting these statements. But several times they got sloppy,” Comey said. “Several times, either because they forgot or because of a technical problem, they connected directly and we could see that the IPs they were using…were exclusively used by the North Koreans.” “They shut it off very quickly once they saw the mistake,” he added. “But not before we saw where it was coming from.” Comey’s brief and cryptic remarks—with no opportunity for followup questions from reporters—respond to skepticism and calls for more evidence from cybersecurity experts unsatisfied with the FBI’s vague statements tying the hack to North Korean government. In a previous public announcement the FBI had said only that it found “similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks,” as well as IP addresses that matched prior attacks it knows to have originated in North Korea. At that time, the FBI also said it had further evidence matching the tools used in the attack to a North Korean hacking attack that hit South Korean banks and media outlets.
  • Following those elliptical statements, the cybersecurity community demanded more information be released to prove North Korea’s involvement. Some have even signed a petition on the White House website calling for more transparency in the investigation. Well-known security blogger and author Bruce Schneier has compared the FBI’s “trust us” mentality to the claims of the Bush administration about Saddam Hussein’s nonexistent weapons of mass destruction in the run-up to the Iraq War. Without more information, security experts themselves have remained deeply divided in their conclusions about who hacked Sony.
  • ...1 more annotation...
  • That pseudo-explanation will likely do little to quell the security community’s doubts. Even if the hackers appeared to fail to use proxies on some occasions, it could still be very difficult to be sure those “real” IP addresses weren’t proxies themselves designed to serve as further misdirection. And a nagging loose thread remains that the Guardians of Peace hackers in their initial statements to Sony tried to extort money from the company before making any political demands. Sony’s Kim Jong-un assassination comedy “The Interview,” the suppression of which is believed by many to be the North Korean government’s motive in the hack, wasn’t even mentioned by the hackers until long after the intrusion was underway. Comey didn’t address that plot hole in the North Korean explanation in his speech.
Paul Merrell

From Radio to Porn, British Spies Track Web Users' Online Identities - 0 views

theintercept.com/...ck-web-users-online-identities

surveillance state GCHQ Black-Hole

shared by Paul Merrell on 27 Sep 15 - No Cached
  • HERE WAS A SIMPLE AIM at the heart of the top-secret program: Record the website browsing habits of “every visible user on the Internet.” Before long, billions of digital records about ordinary people’s online activities were being stored every day. Among them were details cataloging visits to porn, social media and news websites, search engines, chat forums, and blogs. The mass surveillance operation — code-named KARMA POLICE — was launched by British spies about seven years ago without any public debate or scrutiny. It was just one part of a giant global Internet spying apparatus built by the United Kingdom’s electronic eavesdropping agency, Government Communications Headquarters, or GCHQ. The revelations about the scope of the British agency’s surveillance are contained in documents obtained by The Intercept from National Security Agency whistleblower Edward Snowden. Previous reports based on the leaked files have exposed how GCHQ taps into Internet cables to monitor communications on a vast scale, but many details about what happens to the data after it has been vacuumed up have remained unclear.
  • Amid a renewed push from the U.K. government for more surveillance powers, more than two dozen documents being disclosed today by The Intercept reveal for the first time several major strands of GCHQ’s existing electronic eavesdropping capabilities.
  • The surveillance is underpinned by an opaque legal regime that has authorized GCHQ to sift through huge archives of metadata about the private phone calls, emails and Internet browsing logs of Brits, Americans, and any other citizens — all without a court order or judicial warrant
  • ...17 more annotations...
  • A huge volume of the Internet data GCHQ collects flows directly into a massive repository named Black Hole, which is at the core of the agency’s online spying operations, storing raw logs of intercepted material before it has been subject to analysis. Black Hole contains data collected by GCHQ as part of bulk “unselected” surveillance, meaning it is not focused on particular “selected” targets and instead includes troves of data indiscriminately swept up about ordinary people’s online activities. Between August 2007 and March 2009, GCHQ documents say that Black Hole was used to store more than 1.1 trillion “events” — a term the agency uses to refer to metadata records — with about 10 billion new entries added every day. As of March 2009, the largest slice of data Black Hole held — 41 percent — was about people’s Internet browsing histories. The rest included a combination of email and instant messenger records, details about search engine queries, information about social media activity, logs related to hacking operations, and data on people’s use of tools to browse the Internet anonymously.
  • Throughout this period, as smartphone sales started to boom, the frequency of people’s Internet use was steadily increasing. In tandem, British spies were working frantically to bolster their spying capabilities, with plans afoot to expand the size of Black Hole and other repositories to handle an avalanche of new data. By 2010, according to the documents, GCHQ was logging 30 billion metadata records per day. By 2012, collection had increased to 50 billion per day, and work was underway to double capacity to 100 billion. The agency was developing “unprecedented” techniques to perform what it called “population-scale” data mining, monitoring all communications across entire countries in an effort to detect patterns or behaviors deemed suspicious. It was creating what it said would be, by 2013, “the world’s biggest” surveillance engine “to run cyber operations and to access better, more valued data for customers to make a real world difference.”
  • A document from the GCHQ target analysis center (GTAC) shows the Black Hole repository’s structure.
  • The data is searched by GCHQ analysts in a hunt for behavior online that could be connected to terrorism or other criminal activity. But it has also served a broader and more controversial purpose — helping the agency hack into European companies’ computer networks. In the lead up to its secret mission targeting Netherlands-based Gemalto, the largest SIM card manufacturer in the world, GCHQ used MUTANT BROTH in an effort to identify the company’s employees so it could hack into their computers. The system helped the agency analyze intercepted Facebook cookies it believed were associated with Gemalto staff located at offices in France and Poland. GCHQ later successfully infiltrated Gemalto’s internal networks, stealing encryption keys produced by the company that protect the privacy of cell phone communications.
  • Similarly, MUTANT BROTH proved integral to GCHQ’s hack of Belgian telecommunications provider Belgacom. The agency entered IP addresses associated with Belgacom into MUTANT BROTH to uncover information about the company’s employees. Cookies associated with the IPs revealed the Google, Yahoo, and LinkedIn accounts of three Belgacom engineers, whose computers were then targeted by the agency and infected with malware. The hacking operation resulted in GCHQ gaining deep access into the most sensitive parts of Belgacom’s internal systems, granting British spies the ability to intercept communications passing through the company’s networks.
  • In March, a U.K. parliamentary committee published the findings of an 18-month review of GCHQ’s operations and called for an overhaul of the laws that regulate the spying. The committee raised concerns about the agency gathering what it described as “bulk personal datasets” being held about “a wide range of people.” However, it censored the section of the report describing what these “datasets” contained, despite acknowledging that they “may be highly intrusive.” The Snowden documents shine light on some of the core GCHQ bulk data-gathering programs that the committee was likely referring to — pulling back the veil of secrecy that has shielded some of the agency’s most controversial surveillance operations from public scrutiny. KARMA POLICE and MUTANT BROTH are among the key bulk collection systems. But they do not operate in isolation — and the scope of GCHQ’s spying extends far beyond them.
  • The agency operates a bewildering array of other eavesdropping systems, each serving its own specific purpose and designated a unique code name, such as: SOCIAL ANTHROPOID, which is used to analyze metadata on emails, instant messenger chats, social media connections and conversations, plus “telephony” metadata about phone calls, cell phone locations, text and multimedia messages; MEMORY HOLE, which logs queries entered into search engines and associates each search with an IP address; MARBLED GECKO, which sifts through details about searches people have entered into Google Maps and Google Earth; and INFINITE MONKEYS, which analyzes data about the usage of online bulletin boards and forums. GCHQ has other programs that it uses to analyze the content of intercepted communications, such as the full written body of emails and the audio of phone calls. One of the most important content collection capabilities is TEMPORA, which mines vast amounts of emails, instant messages, voice calls and other communications and makes them accessible through a Google-style search tool named XKEYSCORE.
  • As of September 2012, TEMPORA was collecting “more than 40 billion pieces of content a day” and it was being used to spy on people across Europe, the Middle East, and North Africa, according to a top-secret memo outlining the scope of the program. The existence of TEMPORA was first revealed by The Guardian in June 2013. To analyze all of the communications it intercepts and to build a profile of the individuals it is monitoring, GCHQ uses a variety of different tools that can pull together all of the relevant information and make it accessible through a single interface. SAMUEL PEPYS is one such tool, built by the British spies to analyze both the content and metadata of emails, browsing sessions, and instant messages as they are being intercepted in real time. One screenshot of SAMUEL PEPYS in action shows the agency using it to monitor an individual in Sweden who visited a page about GCHQ on the U.S.-based anti-secrecy website Cryptome.
  • Partly due to the U.K.’s geographic location — situated between the United States and the western edge of continental Europe — a large amount of the world’s Internet traffic passes through its territory across international data cables. In 2010, GCHQ noted that what amounted to “25 percent of all Internet traffic” was transiting the U.K. through some 1,600 different cables. The agency said that it could “survey the majority of the 1,600” and “select the most valuable to switch into our processing systems.”
  • According to Joss Wright, a research fellow at the University of Oxford’s Internet Institute, tapping into the cables allows GCHQ to monitor a large portion of foreign communications. But the cables also transport masses of wholly domestic British emails and online chats, because when anyone in the U.K. sends an email or visits a website, their computer will routinely send and receive data from servers that are located overseas. “I could send a message from my computer here [in England] to my wife’s computer in the next room and on its way it could go through the U.S., France, and other countries,” Wright says. “That’s just the way the Internet is designed.” In other words, Wright adds, that means “a lot” of British data and communications transit across international cables daily, and are liable to be swept into GCHQ’s databases.
  • A map from a classified GCHQ presentation about intercepting communications from undersea cables. GCHQ is authorized to conduct dragnet surveillance of the international data cables through so-called external warrants that are signed off by a government minister. The external warrants permit the agency to monitor communications in foreign countries as well as British citizens’ international calls and emails — for example, a call from Islamabad to London. They prohibit GCHQ from reading or listening to the content of “internal” U.K. to U.K. emails and phone calls, which are supposed to be filtered out from GCHQ’s systems if they are inadvertently intercepted unless additional authorization is granted to scrutinize them. However, the same rules do not apply to metadata. A little-known loophole in the law allows GCHQ to use external warrants to collect and analyze bulk metadata about the emails, phone calls, and Internet browsing activities of British people, citizens of closely allied countries, and others, regardless of whether the data is derived from domestic U.K. to U.K. communications and browsing sessions or otherwise. In March, the existence of this loophole was quietly acknowledged by the U.K. parliamentary committee’s surveillance review, which stated in a section of its report that “special protection and additional safeguards” did not apply to metadata swept up using external warrants and that domestic British metadata could therefore be lawfully “returned as a result of searches” conducted by GCHQ.
  • Perhaps unsurprisingly, GCHQ appears to have readily exploited this obscure legal technicality. Secret policy guidance papers issued to the agency’s analysts instruct them that they can sift through huge troves of indiscriminately collected metadata records to spy on anyone regardless of their nationality. The guidance makes clear that there is no exemption or extra privacy protection for British people or citizens from countries that are members of the Five Eyes, a surveillance alliance that the U.K. is part of alongside the U.S., Canada, Australia, and New Zealand. “If you are searching a purely Events only database such as MUTANT BROTH, the issue of location does not occur,” states one internal GCHQ policy document, which is marked with a “last modified” date of July 2012. The document adds that analysts are free to search the databases for British metadata “without further authorization” by inputing a U.K. “selector,” meaning a unique identifier such as a person’s email or IP address, username, or phone number. Authorization is “not needed for individuals in the U.K.,” another GCHQ document explains, because metadata has been judged “less intrusive than communications content.” All the spies are required to do to mine the metadata troves is write a short “justification” or “reason” for each search they conduct and then click a button on their computer screen.
  • Intelligence GCHQ collects on British persons of interest is shared with domestic security agency MI5, which usually takes the lead on spying operations within the U.K. MI5 conducts its own extensive domestic surveillance as part of a program called DIGINT (digital intelligence).
  • GCHQ’s documents suggest that it typically retains metadata for periods of between 30 days to six months. It stores the content of communications for a shorter period of time, varying between three to 30 days. The retention periods can be extended if deemed necessary for “cyber defense.” One secret policy paper dated from January 2010 lists the wide range of information the agency classes as metadata — including location data that could be used to track your movements, your email, instant messenger, and social networking “buddy lists,” logs showing who you have communicated with by phone or email, the passwords you use to access “communications services” (such as an email account), and information about websites you have viewed.
  • Records showing the full website addresses you have visited — for instance, www.gchq.gov.uk/what_we_do — are treated as content. But the first part of an address you have visited — for instance, www.gchq.gov.uk — is treated as metadata. In isolation, a single metadata record of a phone call, email, or website visit may not reveal much about a person’s private life, according to Ethan Zuckerman, director of Massachusetts Institute of Technology’s Center for Civic Media. But if accumulated and analyzed over a period of weeks or months, these details would be “extremely personal,” he told The Intercept, because they could reveal a person’s movements, habits, religious beliefs, political views, relationships, and even sexual preferences. For Zuckerman, who has studied the social and political ramifications of surveillance, the most concerning aspect of large-scale government data collection is that it can be “corrosive towards democracy” — leading to a chilling effect on freedom of expression and communication. “Once we know there’s a reasonable chance that we are being watched in one fashion or another it’s hard for that not to have a ‘panopticon effect,’” he said, “where we think and behave differently based on the assumption that people may be watching and paying attention to what we are doing.”
  • When compared to surveillance rules in place in the U.S., GCHQ notes in one document that the U.K. has “a light oversight regime.” The more lax British spying regulations are reflected in secret internal rules that highlight greater restrictions on how NSA databases can be accessed. The NSA’s troves can be searched for data on British citizens, one document states, but they cannot be mined for information about Americans or other citizens from countries in the Five Eyes alliance. No such constraints are placed on GCHQ’s own databases, which can be sifted for records on the phone calls, emails, and Internet usage of Brits, Americans, and citizens from any other country. The scope of GCHQ’s surveillance powers explain in part why Snowden told The Guardian in June 2013 that U.K. surveillance is “worse than the U.S.” In an interview with Der Spiegel in July 2013, Snowden added that British Internet cables were “radioactive” and joked: “Even the Queen’s selfies to the pool boy get logged.”
  • In recent years, the biggest barrier to GCHQ’s mass collection of data does not appear to have come in the form of legal or policy restrictions. Rather, it is the increased use of encryption technology that protects the privacy of communications that has posed the biggest potential hindrance to the agency’s activities. “The spread of encryption … threatens our ability to do effective target discovery/development,” says a top-secret report co-authored by an official from the British agency and an NSA employee in 2011. “Pertinent metadata events will be locked within the encrypted channels and difficult, if not impossible, to prise out,” the report says, adding that the agencies were working on a plan that would “(hopefully) allow our Internet Exploitation strategy to prevail.”
Paul Merrell

M of A - Sony Hack - NYT Editors Find New Iraq WMD - 0 views

www.moonofalabama.org/...ditors-find-new-iraq-wmd-.html

war & peace North-Korea U.S.-foreign-policy Sony-hack Obama

shared by Paul Merrell on 22 Dec 14 - No Cached
  • A Japanese company with some offices in California was hacked. Several terrabytes of data were copied off its internal networks and some of it was put on file sharing sites. One of the items copied was a film produced in Canada that depicts as comedy the terror act of killing of a current head of state. The U.S. State Department applauded that movie scene. But there were tons of other data like social security numbers, payroll data, and internal emails stolen all of which that might have been the real target of the hackers. The tools to hack the company are well known and in the public domain. The company, Sony, had lousy internal network security and had been hacked before. The hackers probably had some inside knowledge. They used servers in Bolivia, China and South Korea to infiltrate. There is zero public evidence in the known that the hack was state sponsored.
  • But the U.S. is claiming that the event is a "national security matter". Who's national security? Japan's? Canada's? Why? A private Japanese entertainment(!) company left the doors open and had some equipment vandalized and some of its private property stolen. Why, again, is that of U.S. "national interest"? Why would the U.S. even consider some "proportional response"? The White House is anonymously accusing the state of North Korea of having done the hack. It provides no evidence to support that claim and the government of North Korea denied any involvement. The FBI and Sony say they have no evidence for such a claim. Still the New York Times editors eat it all up:
  • North Korean hackers, seeking revenge for the movie, stole millions of documents, including emails, health records and financial information that they dished out to the world. How do the editors know that these were "North Korean hackers"? The same way the knew about Iraq's weapons of mass destruction? Make believe and anonymous claims by U.S. government officials? Yeah - those folks never lie. Right?
  • Paul Merrell on 22 Dec 14
     
    What bothers me most here is that there are no voices calling for Obama to refrain from a "proportional response" until there is a Congressional authorization for use of military force. Cyberwarfare is warfare, after all.
Paul Merrell

WikiLeaks: Clinton Campaign Panics After Obama's Statements On Private Email Server - 0 views

www.mintpressnews.com/...221805

Auction 2016 Clinton-emails Obama

shared by Paul Merrell on 27 Oct 16 - No Cached
  • An email hacked from the private Gmail account of John Podesta, Hillary Clinton’s campaign chair, is raising new questions about when President Barack Obama found out about Clinton’s private email server. In a March 7, 2015 interview with CBS News’ senior White House correspondent Bill Plante, Obama said he hadn’t been aware of Clinton’s use of a private email server during her time as secretary of state until “the same time everybody else learned it through news reports.”
  • On Tuesday, WikiLeaks’ highlighted a March 7, 2015 email found in its archives of Podesta’s emails, writing: “Clinton campaign panics after Obama misleads public over Clinton emails.”
  • In the original email sent shortly after the CBS interview aired, Josh Schwerin, spokesperson for Hillary For America, Clinton’s 2016 presidential campaign, alerted Jennifer Palmieri, the campaign’s director of communications, about Obama’s statements. Schwerin wrote: “Jen you probably have more on this but it looks like POTUS just said he found out HRC was using her personal email when he saw it in the news.” The email also includes a link to a March 7, 2015 tweet from Katherine Miller, a political editor at Buzzfeed. “I have some questions here,” she wrote about Obama’s statement.
  • ...1 more annotation...
  • Schwerin’s email was also sent to Nicholas Merrill, Clinton’s traveling press secretary, and other close Clinton associates. Merrill, in turn, forwarded the email to Cheryl Mills, former White House counsel to Bill Clinton and a top aide to Hillary Clinton. Hours later, Mills forwarded the email chain to Podesta, writing: “we need to clean this up – he has emails from her – they do not say state.gov” On Tuesday, Jon Scott, host of Fox News’ “Happening Now,” said the email showed Mills going into “damage control mode.” He added: “That is going to be the matter of some discussion, you would imagine, on Capitol Hill. What the president told the world versus what he may have known or perhaps should have known.” Some conservative news sources have suggested the email chain shows the president lied or was involved in a cover-up about Clinton’s private email server.
Paul Merrell

How the NSA Plans to Infect 'Millions' of Computers with Malware - The Intercept - 0 views

firstlook.org/...ect-millions-computers-malware

surveillance state NSA GCHQ NSA-methods malware

shared by Paul Merrell on 13 Mar 14 - No Cached
  • Top-secret documents reveal that the National Security Agency is dramatically expanding its ability to covertly hack into computers on a mass scale by using automated systems that reduce the level of human oversight in the process. The classified files – provided previously by NSA whistleblower Edward Snowden – contain new details about groundbreaking surveillance technology the agency has developed to infect potentially millions of computers worldwide with malware “implants.” The clandestine initiative enables the NSA to break into targeted computers and to siphon out data from foreign Internet and phone networks. The covert infrastructure that supports the hacking efforts operates from the agency’s headquarters in Fort Meade, Maryland, and from eavesdropping bases in the United Kingdom and Japan. GCHQ, the British intelligence agency, appears to have played an integral role in helping to develop the implants tactic.
  • The NSA began rapidly escalating its hacking efforts a decade ago. In 2004, according to secret internal records, the agency was managing a small network of only 100 to 150 implants. But over the next six to eight years, as an elite unit called Tailored Access Operations (TAO) recruited new hackers and developed new malware tools, the number of implants soared to tens of thousands. To penetrate foreign computer networks and monitor communications that it did not have access to through other means, the NSA wanted to go beyond the limits of traditional signals intelligence, or SIGINT, the agency’s term for the interception of electronic communications. Instead, it sought to broaden “active” surveillance methods – tactics designed to directly infiltrate a target’s computers or network devices. In the documents, the agency describes such techniques as “a more aggressive approach to SIGINT” and says that the TAO unit’s mission is to “aggressively scale” these operations. But the NSA recognized that managing a massive network of implants is too big a job for humans alone.
  • “One of the greatest challenges for active SIGINT/attack is scale,” explains the top-secret presentation from 2009. “Human ‘drivers’ limit ability for large-scale exploitation (humans tend to operate within their own environment, not taking into account the bigger picture).” The agency’s solution was TURBINE. Developed as part of TAO unit, it is described in the leaked documents as an “intelligent command and control capability” that enables “industrial-scale exploitation.”
  • ...10 more annotations...
  • TURBINE was designed to make deploying malware much easier for the NSA’s hackers by reducing their role in overseeing its functions. The system would “relieve the user from needing to know/care about the details,” the NSA’s Technology Directorate notes in one secret document from 2009. “For example, a user should be able to ask for ‘all details about application X’ and not need to know how and where the application keeps files, registry entries, user application data, etc.” In practice, this meant that TURBINE would automate crucial processes that previously had to be performed manually – including the configuration of the implants as well as surveillance collection, or “tasking,” of data from infected systems. But automating these processes was about much more than a simple technicality. The move represented a major tactical shift within the NSA that was expected to have a profound impact – allowing the agency to push forward into a new frontier of surveillance operations. The ramifications are starkly illustrated in one undated top-secret NSA document, which describes how the agency planned for TURBINE to “increase the current capability to deploy and manage hundreds of Computer Network Exploitation (CNE) and Computer Network Attack (CNA) implants to potentially millions of implants.” (CNE mines intelligence from computers and networks; CNA seeks to disrupt, damage or destroy them.)
  • But not all of the NSA’s implants are used to gather intelligence, the secret files show. Sometimes, the agency’s aim is disruption rather than surveillance. QUANTUMSKY, a piece of NSA malware developed in 2004, is used to block targets from accessing certain websites. QUANTUMCOPPER, first tested in 2008, corrupts a target’s file downloads. These two “attack” techniques are revealed on a classified list that features nine NSA hacking tools, six of which are used for intelligence gathering. Just one is used for “defensive” purposes – to protect U.S. government networks against intrusions.
  • The NSA has a diverse arsenal of malware tools, each highly sophisticated and customizable for different purposes. One implant, codenamed UNITEDRAKE, can be used with a variety of “plug-ins” that enable the agency to gain total control of an infected computer. An implant plug-in named CAPTIVATEDAUDIENCE, for example, is used to take over a targeted computer’s microphone and record conversations taking place near the device. Another, GUMFISH, can covertly take over a computer’s webcam and snap photographs. FOGGYBOTTOM records logs of Internet browsing histories and collects login details and passwords used to access websites and email accounts. GROK is used to log keystrokes. And SALVAGERABBIT exfiltrates data from removable flash drives that connect to an infected computer. The implants can enable the NSA to circumvent privacy-enhancing encryption tools that are used to browse the Internet anonymously or scramble the contents of emails as they are being sent across networks. That’s because the NSA’s malware gives the agency unfettered access to a target’s computer before the user protects their communications with encryption. It is unclear how many of the implants are being deployed on an annual basis or which variants of them are currently active in computer systems across the world.
  • Infiltrating cellphone networks, however, is not all that the malware can be used to accomplish. The NSA has specifically tailored some of its implants to infect large-scale network routers used by Internet service providers in foreign countries. By compromising routers – the devices that connect computer networks and transport data packets across the Internet – the agency can gain covert access to monitor Internet traffic, record the browsing sessions of users, and intercept communications. Two implants the NSA injects into network routers, HAMMERCHANT and HAMMERSTEIN, help the agency to intercept and perform “exploitation attacks” against data that is sent through a Virtual Private Network, a tool that uses encrypted “tunnels” to enhance the security and privacy of an Internet session.
  • Eventually, the secret files indicate, the NSA’s plans for TURBINE came to fruition. The system has been operational in some capacity since at least July 2010, and its role has become increasingly central to NSA hacking operations. Earlier reports based on the Snowden files indicate that the NSA has already deployed between 85,000 and 100,000 of its implants against computers and networks across the world, with plans to keep on scaling up those numbers. The intelligence community’s top-secret “Black Budget” for 2013, obtained by Snowden, lists TURBINE as part of a broader NSA surveillance initiative named “Owning the Net.” The agency sought $67.6 million in taxpayer funding for its Owning the Net program last year. Some of the money was earmarked for TURBINE, expanding the system to encompass “a wider variety” of networks and “enabling greater automation of computer network exploitation.”
  • Before it can extract data from an implant or use it to attack a system, the NSA must first install the malware on a targeted computer or network. According to one top-secret document from 2012, the agency can deploy malware by sending out spam emails that trick targets into clicking a malicious link. Once activated, a “back-door implant” infects their computers within eight seconds. There’s only one problem with this tactic, codenamed WILLOWVIXEN: According to the documents, the spam method has become less successful in recent years, as Internet users have become wary of unsolicited emails and less likely to click on anything that looks suspicious. Consequently, the NSA has turned to new and more advanced hacking techniques. These include performing so-called “man-in-the-middle” and “man-on-the-side” attacks, which covertly force a user’s internet browser to route to NSA computer servers that try to infect them with an implant.
  • To perform a man-on-the-side attack, the NSA observes a target’s Internet traffic using its global network of covert “accesses” to data as it flows over fiber optic cables or satellites. When the target visits a website that the NSA is able to exploit, the agency’s surveillance sensors alert the TURBINE system, which then “shoots” data packets at the targeted computer’s IP address within a fraction of a second. In one man-on-the-side technique, codenamed QUANTUMHAND, the agency disguises itself as a fake Facebook server. When a target attempts to log in to the social media site, the NSA transmits malicious data packets that trick the target’s computer into thinking they are being sent from the real Facebook. By concealing its malware within what looks like an ordinary Facebook page, the NSA is able to hack into the targeted computer and covertly siphon out data from its hard drive. A top-secret animation demonstrates the tactic in action.
  • The TURBINE implants system does not operate in isolation. It is linked to, and relies upon, a large network of clandestine surveillance “sensors” that the agency has installed at locations across the world.
  • The NSA’s headquarters in Maryland are part of this network, as are eavesdropping bases used by the agency in Misawa, Japan and Menwith Hill, England. The sensors, codenamed TURMOIL, operate as a sort of high-tech surveillance dragnet, monitoring packets of data as they are sent across the Internet. When TURBINE implants exfiltrate data from infected computer systems, the TURMOIL sensors automatically identify the data and return it to the NSA for analysis. And when targets are communicating, the TURMOIL system can be used to send alerts or “tips” to TURBINE, enabling the initiation of a malware attack. The NSA identifies surveillance targets based on a series of data “selectors” as they flow across Internet cables. These selectors, according to internal documents, can include email addresses, IP addresses, or the unique “cookies” containing a username or other identifying information that are sent to a user’s computer by websites such as Google, Facebook, Hotmail, Yahoo, and Twitter. Other selectors the NSA uses can be gleaned from unique Google advertising cookies that track browsing habits, unique encryption key fingerprints that can be traced to a specific user, and computer IDs that are sent across the Internet when a Windows computer crashes or updates.
  • Documents published with this article: Menwith Hill Station Leverages XKeyscore for Quantum Against Yahoo and Hotmail Five Eyes Hacking Large Routers NSA Technology Directorate Analysis of Converged Data Selector Types There Is More Than One Way to Quantum NSA Phishing Tactics and Man in the Middle Attacks Quantum Insert Diagrams The NSA and GCHQ’s QUANTUMTHEORY Hacking Tactics TURBINE and TURMOIL VPN and VOIP Exploitation With HAMMERCHANT and HAMMERSTEIN Industrial-Scale Exploitation Thousands of Implants
  • Paul Merrell on 13 Mar 14
     
    *Very* long article. Only small portions quoted.
Paul Merrell

Operation Socialist: How GCHQ Spies Hacked Belgium's Largest Telco - 0 views

firstlook.org/...elgacom-hack-gchq-inside-story

surveillance state GCHQ NSA Regin-malware Belgacom

shared by Paul Merrell on 15 Dec 14 - No Cached
  • When the incoming emails stopped arriving, it seemed innocuous at first. But it would eventually become clear that this was no routine technical problem. Inside a row of gray office buildings in Brussels, a major hacking attack was in progress. And the perpetrators were British government spies. It was in the summer of 2012 that the anomalies were initially detected by employees at Belgium’s largest telecommunications provider, Belgacom. But it wasn’t until a year later, in June 2013, that the company’s security experts were able to figure out what was going on. The computer systems of Belgacom had been infected with a highly sophisticated malware, and it was disguising itself as legitimate Microsoft software while quietly stealing data. Last year, documents from National Security Agency whistleblower Edward Snowden confirmed that British surveillance agency Government Communications Headquarters was behind the attack, codenamed Operation Socialist. And in November, The Intercept revealed that the malware found on Belgacom’s systems was one of the most advanced spy tools ever identified by security researchers, who named it “Regin.”
  • The full story about GCHQ’s infiltration of Belgacom, however, has never been told. Key details about the attack have remained shrouded in mystery—and the scope of the attack unclear. Now, in partnership with Dutch and Belgian newspapers NRC Handelsblad and De Standaard, The Intercept has pieced together the first full reconstruction of events that took place before, during, and after the secret GCHQ hacking operation. Based on new documents from the Snowden archive and interviews with sources familiar with the malware investigation at Belgacom, The Intercept and its partners have established that the attack on Belgacom was more aggressive and far-reaching than previously thought. It occurred in stages between 2010 and 2011, each time penetrating deeper into Belgacom’s systems, eventually compromising the very core of the company’s networks.
  • When the incoming emails stopped arriving, it seemed innocuous at first. But it would eventually become clear that this was no routine technical problem. Inside a row of gray office buildings in Brussels, a major hacking attack was in progress. And the perpetrators were British government spies. It was in the summer of 2012 that the anomalies were initially detected by employees at Belgium’s largest telecommunications provider, Belgacom. But it wasn’t until a year later, in June 2013, that the company’s security experts were able to figure out what was going on. The computer systems of Belgacom had been infected with a highly sophisticated malware, and it was disguising itself as legitimate Microsoft software while quietly stealing data. Last year, documents from National Security Agency whistleblower Edward Snowden confirmed that British surveillance agency Government Communications Headquarters was behind the attack, codenamed Operation Socialist. And in November, The Intercept revealed that the malware found on Belgacom’s systems was one of the most advanced spy tools ever identified by security researchers, who named it “Regin.”
  • ...7 more annotations...
  • Snowden told The Intercept that the latest revelations amounted to unprecedented “smoking-gun attribution for a governmental cyber attack against critical infrastructure.” The Belgacom hack, he said, is the “first documented example to show one EU member state mounting a cyber attack on another…a breathtaking example of the scale of the state-sponsored hacking problem.”
  • Publicly, Belgacom has played down the extent of the compromise, insisting that only its internal systems were breached and that customers’ data was never found to have been at risk. But secret GCHQ documents show the agency gained access far beyond Belgacom’s internal employee computers and was able to grab encrypted and unencrypted streams of private communications handled by the company. Belgacom invested several million dollars in its efforts to clean-up its systems and beef-up its security after the attack. However, The Intercept has learned that sources familiar with the malware investigation at the company are uncomfortable with how the clean-up operation was handled—and they believe parts of the GCHQ malware were never fully removed.
  • The revelations about the scope of the hacking operation will likely alarm Belgacom’s customers across the world. The company operates a large number of data links internationally (see interactive map below), and it serves millions of people across Europe as well as officials from top institutions including the European Commission, the European Parliament, and the European Council. The new details will also be closely scrutinized by a federal prosecutor in Belgium, who is currently carrying out a criminal investigation into the attack on the company. Sophia in ’t Veld, a Dutch politician who chaired the European Parliament’s recent inquiry into mass surveillance exposed by Snowden, told The Intercept that she believes the British government should face sanctions if the latest disclosures are proven.
  • What sets the secret British infiltration of Belgacom apart is that it was perpetrated against a close ally—and is backed up by a series of top-secret documents, which The Intercept is now publishing.
  • Between 2009 and 2011, GCHQ worked with its allies to develop sophisticated new tools and technologies it could use to scan global networks for weaknesses and then penetrate them. According to top-secret GCHQ documents, the agency wanted to adopt the aggressive new methods in part to counter the use of privacy-protecting encryption—what it described as the “encryption problem.” When communications are sent across networks in encrypted format, it makes it much harder for the spies to intercept and make sense of emails, phone calls, text messages, internet chats, and browsing sessions. For GCHQ, there was a simple solution. The agency decided that, where possible, it would find ways to hack into communication networks to grab traffic before it’s encrypted.
  • The Snowden documents show that GCHQ wanted to gain access to Belgacom so that it could spy on phones used by surveillance targets travelling in Europe. But the agency also had an ulterior motive. Once it had hacked into Belgacom’s systems, GCHQ planned to break into data links connecting Belgacom and its international partners, monitoring communications transmitted between Europe and the rest of the world. A map in the GCHQ documents, named “Belgacom_connections,” highlights the company’s reach across Europe, the Middle East, and North Africa, illustrating why British spies deemed it of such high value.
  • Documents published with this article: Automated NOC detection Mobile Networks in My NOC World Making network sense of the encryption problem Stargate CNE requirements NAC review – October to December 2011 GCHQ NAC review – January to March 2011 GCHQ NAC review – April to June 2011 GCHQ NAC review – July to September 2011 GCHQ NAC review – January to March 2012 GCHQ Hopscotch Belgacom connections
Gary Edwards

Paul Albaugh: Death and Hillary Clinton - The Patriot Post - 0 views

patriotpost.us/44198

Hillary

shared by Gary Edwards on 09 Aug 16 - No Cached
  • Did Clinton’s emails seal this man’s fate? As National Review’s Jim Geraghty notes, “[I]t’s unnerving to see she was discussing such material on an insecure system. We don’t know for certain that the Iranians had successfully hacked into Clinton’s server — as FBI Director Comey said, hackers are good at covering their tracks — but it seems foolish to assume Tehran could not. Friendly references to Amiri in private email by Hillary and her staff would destroy his claims to his captors that he wasn’t voluntarily helping American intelligence.” More likely than Iran doing the hacking is that Russia is the culprit. The two nations are thick as thieves when it comes to Iran’s nuclear program, and it’s extremely likely that Moscow has some valuable dirt on Clinton, some of which was perhaps shared with the mullahs.
  • So what of Clinton’s emails? In 2010, Jake Sullivan sent two emails about a week apart to Hillary’s private server. Neither of the emails mentioned Amiri by name, but the first email notes that the videos were a “psychological” issue and that “our friend has to be given a way out.” The second email, sent two days before CNN reported a $5 million payout, warned of “problematic news stories” to come as a cover for Amiri’s return to Iran. So while the emails didn’t mention Amiri by name, Iranian intelligence could have no doubt figured out that the person she was referring to in these emails was indeed Amiri. This is what FBI Director James Comey meant when he called Hillary “extremely careless in the handling of very sensitive, highly classified information.”
  • There are other untimely, mysterious deaths in the last six weeks as well — all with ties to the Clintons. Last week, there were two deaths within two days. The first was a prominent Clinton critic, researcher and reporter for the American Free Press named Victor Thorn. He was found in his home, dead of a gunshot wound to the head, in what has been reported as a suicide. It was his 54th birthday. The second was a Bernie Sanders supporter named Shawn Lucas, who was serving the Democrat National Committee and former DNC chairwoman Debbie Wasserman Schultz with a class action lawsuit for alleged fraud and rigging the primary election in favor of Hillary Clinton. He was found dead on Aug. 2, on the floor of his bathroom. There are several others who have died strange and untimely deaths with unsatisfactory explanation. But the common denominator is that they were somehow tied to or knew something about the Clintons and had either reported or were about to blow the whistle on their wrongdoings.
  • ...1 more annotation...
  • It feels like the 1990s all over again, when Vince Foster and numerous others met an untimely and suspicious demise. This is the Hillary Clinton that the Leftmedia doesn’t want you to know about. The same woman who recently said that she may have “short circuited” her recent email explanation. Speaking of deaths and lies, the parents of two Benghazi victims — Patricia Smith, the mother of Sean Smith, and Charles Woods, the father of Tyrone Woods — filed a wrongful death lawsuit against Clinton Monday. The two allege that Clinton’s “reckless handling” of classified information contributed to their sons' deaths. And while the circumstances surrounding the Iranian scientist or the two Americans are mysterious, we know that Clinton is responsible for the deaths of Smith, Woods and two others in Benghazi. And then she lied about it for political gain. Indeed, she lied to the public and then has the audacity to lie and say that she didn’t lie. This woman is filled with corruption and lies yet she is the “most qualified person ever” to run for president? Too few seem to know about her wrongdoings and malicious behavior. Or they don’t care.
  • Gary Edwards on 09 Aug 16
     
    "For as long as the Clintons have been in the national spotlight, people linked to them have turned up dead. We're sure that's only the stuff of mythology among the "vast right-wing conspiracy," but this week brings news of more of the same. Despite FBI and Leftmedia attempts to keep Americans as uninformed as possible about Hillary Clinton's history of corruption and lies, there is new information about the death of an Iranian nuclear scientist named Shahram Amiri. Normally, the death of a foreigner wouldn't catch the attention of many Americans. But in this case, Amiri was in contact with Clinton via email, and the circumstances and timing of his death are more than suspicious. Who was this man that was just publicly hanged shortly after returning to Iran? Amiri was one of Iran's nuclear scientists, and in 2009 he disappeared while on a pilgrimage to Saudi Arabia, and he reappeared in several online videos in the United States. The timing of his disappearance was at the height of Western efforts to disrupt Iran's nuclear program. In 2010, he returned to Iran, and was greeted with a hero's welcome. Soon after, he disappeared again. This past weekend, he was publicly tried and executed. According to an Iranian judiciary spokesman, Amiri had access to Iran's secret and classified information and was linked to Iran's number one enemy (and financier), America. He was also accused of providing the U.S. with vital and secret information about Iran. So what happened between his 2010 return to Iran and this past weekend? Well, the revelations of Hillary Clinton's email scheme and the release of her emails, which contained several references to Amiri. "
Paul Merrell

DOJ Pushes to Expand Hacking Abilities Against Cyber-Criminals - Law Blog - WSJ - 0 views

blogs.wsj.com/...lities-against-cyber-criminals

surveillance state DoJ government-malware criminal-procedure

shared by Paul Merrell on 29 Mar 14 - No Cached
  • The U.S. Department of Justice is pushing to make it easier for law enforcement to get warrants to hack into the computers of criminal suspects across the country. The move, which would alter federal court rules governing search warrants, comes amid increases in cases related to computer crimes. Investigators say they need more flexibility to get warrants to allow hacking in such cases, especially when multiple computers are involved or the government doesn’t know where the suspect’s computer is physically located. The Justice Department effort is raising questions among some technology advocates, who say the government should focus on fixing the holes in computer software that allow such hacking instead of exploiting them. Privacy advocates also warn government spyware could end up on innocent people’s computers if remote attacks are authorized against equipment whose ownership isn’t clear.
  • The government’s push for rule changes sheds light on law enforcement’s use of remote hacking techniques, which are being deployed more frequently but have been protected behind a veil of secrecy for years. In documents submitted by the government to the judicial system’s rule-making body this year, the government discussed using software to find suspected child pornographers who visited a U.S. site and concealed their identity using a strong anonymization tool called Tor. The government’s hacking tools—such as sending an email embedded with code that installs spying software — resemble those used by criminal hackers. The government doesn’t describe these methods as hacking, preferring instead to use terms like “remote access” and “network investigative techniques.” Right now, investigators who want to search property, including computers, generally need to get a warrant from a judge in the district where the property is located, according to federal court rules. In a computer investigation, that might not be possible, because criminals can hide behind anonymizing technologies. In cases involving botnets—groups of hijacked computers—investigators might also want to search many machines at once without getting that many warrants.
  • Some judges have already granted warrants in cases when authorities don’t know where the machine is. But at least one judge has denied an application in part because of the current rules. The department also wants warrants to be allowed for multiple computers at the same time, as well as for searches of many related storage, email and social media accounts at once, as long as those accounts are accessed by the computer being searched. “Remote searches of computers are often essential to the successful investigation” of computer crimes, Acting Assistant Attorney General Mythili Raman wrote in a letter to the judicial system’s rulemaking authority requesting the change in September. The government tries to obtain these “remote access warrants” mainly to “combat Internet anonymizing techniques,” the department said in a memo to the authority in March. Some groups have raised questions about law enforcement’s use of hacking technologies, arguing that such tools mean the government is failing to help fix software problems exploited by criminals. “It is crucial that we have a robust public debate about how the Fourth Amendment and federal law should limit the government’s use of malware and spyware within the U.S.,” said Nathan Wessler, a staff attorney at the American Civil Liberties Union who focuses on technology issues.
  • ...1 more annotation...
  • A Texas judge who denied a warrant application last year cited privacy concerns associated with sending malware when the location of the computer wasn’t known. He pointed out that a suspect opening an email infected with spyware could be doing so on a public computer, creating risk of information being collected from innocent people. A former computer crimes prosecutor serving on an advisory committee of the U.S. Judicial Conference, which is reviewing the request, said he was concerned that allowing the search of multiple computers under a single warrant would violate the Fourth Amendment’s protections against overly broad searches. The proposed rule is set to be debated by the Judicial Conference’s Advisory Committee on Criminal Rules in early April, after which it would be opened to public comment.
Paul Merrell

Western Spy Agencies Secretly Rely on Hackers for Intel and Expertise - The Intercept - 0 views

firstlook.org/...-nsa-gchq-rely-intel-expertise

surveillance state NSA-targets hackers

shared by Paul Merrell on 05 Feb 15 - No Cached
  • The U.S., U.K. and Canadian governments characterize hackers as a criminal menace, warn of the threats they allegedly pose to critical infrastructure, and aggressively prosecute them, but they are also secretly exploiting their information and expertise, according to top secret documents. In some cases, the surveillance agencies are obtaining the content of emails by monitoring hackers as they breach email accounts, often without notifying the hacking victims of these breaches. “Hackers are stealing the emails of some of our targets… by collecting the hackers’ ‘take,’ we . . .  get access to the emails themselves,” reads one top secret 2010 National Security Agency document. These and other revelations about the intelligence agencies’ reliance on hackers are contained in documents provided by whistleblower Edward Snowden. The documents—which come from the U.K. Government Communications Headquarters agency and NSA—shed new light on the various means used by intelligence agencies to exploit hackers’ successes and learn from their skills, while also raising questions about whether governments have overstated the threat posed by some hackers.
  • By looking out for hacking conducted “both by state-sponsored and freelance hackers” and riding on the coattails of hackers, Western intelligence agencies have gathered what they regard as valuable content: Recently, Communications Security Establishment Canada (CSEC) and Menwith Hill Station (MHS) discovered and began exploiting a target-rich data set being stolen by hackers. The hackers’ sophisticated email-stealing intrusion set is known as INTOLERANT. Of the traffic observed, nearly half contains category hits because the attackers are targeting email accounts of interest to the Intelligence Community. Although a relatively new data source, [Target Offices of Primary Interest] have already written multiple reports based on INTOLERANT collect. The hackers targeted a wide range of diplomatic corps, human rights and democracy activists and even journalists: INTOLERANT traffic is very organized. Each event is labeled to identify and categorize victims. Cyber attacks commonly apply descriptors to each victim – it helps herd victims and track which attacks succeed and which fail. Victim categories make INTOLERANT interesting: A = Indian Diplomatic & Indian Navy B = Central Asian diplomatic C = Chinese Human Rights Defenders D = Tibetan Pro-Democracy Personalities E = Uighur Activists F = European Special Rep to Afghanistan and Indian photo-journalism G = Tibetan Government in Exile
  • In those cases, the NSA and its partner agencies in the United Kingdom and Canada were unable to determine the identity of the hackers who collected the data, but suspect a state sponsor “based on the level of sophistication and the victim set.” In instances where hacking may compromise data from the U.S. and U.K. governments, or their allies, notification was given to the “relevant parties.” In a separate document, GCHQ officials discuss plans to use open source discussions among hackers to improve their own knowledge. “Analysts are potentially missing out on valuable open source information relating to cyber defence because of an inability to easily keep up to date with specific blogs and Twitter sources,” according to one document. GCHQ created a program called LOVELY HORSE to monitor and index public discussion by hackers on Twitter and other social media. The Twitter accounts designated for collection in the 2012 document:
  • ...3 more annotations...
  • These accounts represent a cross section of the hacker community and security scene. In addition to monitoring multiple accounts affiliated with Anonymous, GCHQ monitored the tweets of Kevin Mitnick, who was sent to prison in 1999 for various computer and fraud related offenses. The U.S. Government once characterized Mitnick as one of the world’s most villainous hackers, but he has since turned security consultant and exploit broker. Among others, GCHQ monitored the tweets of reverse-engineer and Google employee, Thomas Dullien. Fellow Googler Tavis Ormandy, from Google’s vulnerability research team Project Zero, is featured on the list, along with other well known offensive security researchers, including Metasploit’s HD Moore and James Lee (aka Egypt) together with Dino Dai Zovi and Alexander Sotirov, who at the time both worked for New York-based offensive security company, Trail of Bits (Dai Zovi has since taken up a position at payment company, Square). The list also includes notable anti-forensics and operational security expert “The Grugq.” GCHQ monitored the tweets of former NSA agents Dave Aitel and Charlie Miller, and former Air Force intelligence officer Richard Bejtlich as well as French exploit vendor, VUPEN (who sold a one year subscription for its binary analysis and exploits service to the NSA in 2012).
  • Documents published with this article: LOVELY HORSE – GCHQ Wiki Overview INTOLERANT – Who Else Is Targeting Your Target? Collecting Data Stolen by Hackers – SIDtoday  HAPPY TRIGGER/LOVELY HORSE/Zool/TWO FACE – Open Source for Cyber Defence/Progress NATO Civilian Intelligence Council – Cyber Panel – US Talking Points
  • The U.S., U.K. and Canadian governments characterize hackers as a criminal menace, warn of the threats they allegedly pose to critical infrastructure, and aggressively prosecute them, but they are also secretly exploiting their information and expertise, according to top secret documents. In some cases, the surveillance agencies are obtaining the content of emails by monitoring hackers as they breach email accounts, often without notifying the hacking victims of these breaches. “Hackers are stealing the emails of some of our targets… by collecting the hackers’ ‘take,’ we . . .  get access to the emails themselves,” reads one top secret 2010 National Security Agency document. These and other revelations about the intelligence agencies’ reliance on hackers are contained in documents provided by whistleblower Edward Snowden. The documents—which come from the U.K. Government Communications Headquarters agency and NSA—shed new light on the various means used by intelligence agencies to exploit hackers’ successes and learn from their skills, while also raising questions about whether governments have overstated the threat posed by some hackers.
Paul Merrell

Lavabit To Release Code As Open Source, As It Creates Dark Mail Alliance To Create Even... - 0 views

www.techdirt.com/...surveillance-proof-email.shtml

surveillance state NSA Dark Mail Alliance NSA-blowback

shared by Paul Merrell on 31 Oct 13 - No Cached
  • This whole morning, while all these stories of the NSA hacking directly into Google and Yahoo's network have been popping up, I've been at the Inbox Love conference, all about the future of email. The "keynote" that just concluded, was Ladar Levison from Lavabit (with an assist from Mike Janke from Silent Circle), talking about the just announced Dark Mail Alliance, between Lavabit and Silent Circle -- the other "security" focused communications company who shut down its email offering after Lavabit was forced to shut down. Levison joked that they went with "Dark Mail" because "Black Mail" might have negative connotations. Perhaps just as interesting, Levison is going to be releasing the Lavabit source code (and doing a Kickstarter project to support this), with the hope that many others can set up their own secure email using Lavabit's code, combined with the new Dark Mail Alliance secure technology which will be available next year. As noted, the Alliance is working on trying to create truly secure and surveillance-proof email. Of course, nothing is ever 100% surveillance proof -- and both members of the alliance have previously claimed that it was almost impossible to do surveillance-proof email. However, they're claiming they've had a "breakthrough" that will help.
  • The newly developed technology has been designed to look just like ordinary email, with an interface that includes all the usual folders—inbox, sent mail, and drafts. But where it differs is that it will automatically deploy peer-to-peer encryption, so that users of the Dark Mail technology will be able to communicate securely. The encryption, based on a Silent Circle instant messaging protocol called SCIMP, will apply to both content and metadata of the message and attachments. And the secret keys generated to encrypt the communications will be ephemeral, meaning they are deleted after each exchange of messages. For the NSA and similar surveillance agencies across the world, it will sound like a nightmare. The technology will thwart attempts to sift emails directly from Internet cables as part of so-called “upstream” collection programs and limit the ability to collect messages directly from Internet companies through court orders. Covertly monitoring encrypted Dark Mail emails would likely have to be done by deploying Trojan spyware on a targeted user. If every email provider in the world adopted this technology for all their users, it would render dragnet interception of email messages and email metadata virtually impossible.
  • Importantly, they're not asking everyone to just trust them to be secure -- even though both companies have the right pedigree to deserve some level of trust. Instead, they're going to release the source code for public scrutiny and audits, and they're hoping that other email providers will join the alliance. At the conference, Levison recounted much of what's happened over the last few months (with quite a bit of humor), joking about how he tried to be "nice" in giving the feds Lavabit's private keys printed out, by noting that he included line numbers to help (leaving unsaid that this would make OCR'ing the keys even more difficult). He also admitted that giving them the paper version was really just a way to buy time to shut down Lavabit.
  • ...1 more annotation...
  • Janke came up on stage to talk about the importance of changing the 40-year-old architecture of email, because it's just not designed for secure communications. The hope is that as many other email providers as possible will join the Alliance and that this new setup becomes the de facto standard for end-to-end secure email, which is where Levison's open sourcing of his code gets more interesting. In theory, if it all works out, it could be a lot easier for lots of companies to set up their own "dark mail" email providers. Either way, I would imagine that this development can't make the NSA all that happy.
  • Paul Merrell on 31 Oct 13
     
    Oh, Goody!
Paul Merrell

Secret Manuals Show the Spyware Sold to Despots and Cops Worldwide - The Intercept - 0 views

firstlook.org/...hacking-team

surveillance state Hacking-Team Remote-Control-System FinFisher

shared by Paul Merrell on 31 Oct 14 - No Cached
  • When Apple and Google unveiled new encryption schemes last month, law enforcement officials complained that they wouldn’t be able to unlock evidence on criminals’ digital devices. What they didn’t say is that there are already methods to bypass encryption, thanks to off-the-shelf digital implants readily available to the smallest national agencies and the largest city police forces — easy-to-use software that takes over and monitors digital devices in real time, according to documents obtained by The Intercept. We’re publishing in full, for the first time, manuals explaining the prominent commercial implant software “Remote Control System,” manufactured by the Italian company Hacking Team. Despite FBI director James Comey’s dire warnings about the impact of widespread data scrambling — “criminals and terrorists would like nothing more,” he declared — Hacking Team explicitly promises on its website that its software can “defeat encryption.”
  • The manuals describe Hacking Team’s software for government technicians and analysts, showing how it can activate cameras, exfiltrate emails, record Skype calls, log typing, and collect passwords on targeted devices. They also catalog a range of pre-bottled techniques for infecting those devices using wifi networks, USB sticks, streaming video, and email attachments to deliver viral installers. With a few clicks of a mouse, even a lightly trained technician can build a software agent that can infect and monitor a device, then upload captured data at unobtrusive times using a stealthy network of proxy servers, all without leaving a trace. That, at least, is what Hacking Team’s manuals claim as the company tries to distinguish its offerings in the global marketplace for government hacking software. Hacking Team’s efforts include a visible push into the U.S. Though Remote Control System is sold around the world — suspected clients include small governments in dozens of countries, from Ethiopia to Kazakhstan to Saudi Arabia to Mexico to Oman — the company keeps one of its three listed worldwide offices in Annapolis, Maryland, on the edge of the federal intelligence and law-enforcement cluster around the nation’s capital; has sent representatives to American homeland security trade shows and conferences, where it has led training seminars like “Cyber Intelligence Solutions to Data Encryption” for police; and has even taken an investment from a firm headed by America’s former ambassador to Italy. The United States is also, according to two separate research teams, far and away Hacking Team’s top nexus for servers, hosting upwards of 100 such systems, roughly a fifth of all its servers globally.
Paul Merrell

Top spy: Despite intelligence 'war' with Russians, it's too soon to blame them for DNC ... - 0 views

www.politico.com/...dnc-hack-russia-226384

Auction 2016 DNC-hack emails Clapper Russians

shared by Paul Merrell on 31 Jul 16 - No Cached
  • Spy chief James Clapper said Thursday that U.S. intelligence services are facing a "version of war" with Russia — but it's too soon to blame the old Cold War rival for hacking the Democratic National Committee's emails. He said it's also too early to say whether the people who leaked those emails are trying to throw the presidential election to Donald Trump, as Hillary Clinton's campaign has charged. Story Continued Below "I don't think we're quite ready yet to make a call on attribution," Clapper said at the Aspen Security Forum in Colorado. "There are just a few usual suspects out there." Additionally, he said, "We don't know enough to ascribe motivation regardless of who it might have been." The reasons for the administration's reluctance to assign blame are a combination of two factors, Clapper said: uncertainty about whether the Russians are the culprits, and the lack of a decision yet on whether the U.S. should "name and shame" them if indeed they committed the cyberattack. No one should be "hyperventilating" about the hack, though, he said. "I'm shocked somebody did some hacking," he said, sarcastically taking the voice of someone who was surprised. "That's never happened before."
  • Paul Merrell on 31 Jul 16
     
    In other words, Clapper is saying that Team Hillary is trying to change the subject from the content of the DNC emails to bl;aming the Russians for the hack, without sufficient evidence to do so. Of course Hillary wants the subject changed. But will she get a way with it?
Paul Merrell

Hacked Emails Reveal NATO General Plotting Against Obama on Russia Policy - 0 views

theintercept.com/...nato-general-emails

war & peace Ukraine Russia NATO Breedlove Obama leak emails

shared by Paul Merrell on 07 Jul 16 - No Cached
  • Retired U.S. Air Force Gen. Philip Breedlove, until recently the supreme commander of NATO forces in Europe, plotted in private to overcome President Barack Obama’s reluctance to escalate military tensions with Russia over the war in Ukraine in 2014, according to apparently hacked emails from Breedlove’s Gmail account that were posted on a new website called DC Leaks. Obama defied political pressure from hawks in Congress and the military to provide lethal assistance to the Ukrainian government, fearing that doing so would increase the bloodshed and provide Russian President Vladimir Putin with the justification for deeper incursions into the country. Breedlove, during briefings to Congress, notably contradicted the Obama administration regarding the situation in Ukraine, leading to news stories about conflict between the general and Obama. But the leaked emails provide an even more dramatic picture of the intense back-channel lobbying for the Obama administration to begin a proxy war with Russia in Ukraine. In a series of messages in 2014, Breedlove sought meetings with former Secretary of State Colin Powell, asking for advice on how to pressure the Obama administration to take a more aggressive posture toward Russia.
  • Breedlove attempted to influence the administration through several channels, emailing academics and retired military officials, including former NATO supreme commander Wesley Clark, for assistance in building his case for supplying military assistance to Ukrainian forces battling Russian-backed separatists.
  • Breedlove did not respond to a request for comment. He stepped down from his NATO leadership position in May and retired from service on Friday, July 1. Breedlove was a four-star Air Force general and served as the 17th Supreme Allied Commander of NATO forces in Europe starting on May 10, 2013. Phillip Karber, an academic who corresponded regularly with Breedlove — providing him with advice and intelligence on the Ukrainian crisis —  verified the authenticity of several of the emails in the leaked cache. He also told The Intercept that Breedlove confirmed to him that the general’s Gmail account was hacked and that the incident had been reported to the government.
  • ...3 more annotations...
  • Der Spiegel reported that Breedlove “stunned” German leaders with a surprise announcement in 2015 claiming that pro-Russian separatists had “upped the ante” in eastern Ukraine with “well over a thousand combat vehicles, Russian combat forces, some of the most sophisticated air defense, battalions of artillery” sent to Donbass, a center of the conflict. Breedlove’s numbers were “significantly higher” than the figures known to NATO intelligence agencies and seemed exaggerated to German officials. The announcement appeared to be a provocation designed to disrupt mediation efforts led by Chancellor Angela Merkel. In previous instances, German officials believed Breedlove overestimated Russian forces along the border with Ukraine by as many as 20,000 troops and found that the general had falsely claimed that several Russian military assets near the Ukrainian border were part of a special build-up in preparation for a large-scale invasion of the country. In fact, much of the Russian military equipment identified by Breedlove, the Germans said, had been stored there well before the revolution in Ukraine.
  • The emails, however, depict a desperate search by Breedlove to build his case for escalating the conflict, contacting colleagues and friends for intelligence to illustrate the Russian threat. Karber, who visited Ukrainian politicians and officials in Kiev on several occasions, sent frequent messages to Breedlove — “per your request,” he noted — regarding information he had received about separatist military forces and Russian troop movements. In several updates, Breedlove received military data sourced from Twitter and social media. Karber, the president of the Potomac Foundation, became the center of a related scandal last year when it was discovered that he had facilitated a meeting during which images of purported Russian forces in Ukraine were distributed to the office of Sen. James Inhofe, R-Okla., and were published by a neoconservative blog. The pictures turned out to be a deception; one supposed picture of Russian tanks in Ukraine was, in fact, an old photograph of Russian tanks in Ossetia during the war with Georgia.
  • The emails were released by D.C. Leaks, a database run by self-described “hacktivists” who are collecting the communications of elite stakeholders such as political parties, major politicians, political campaigns, and the military. The website currently has documents revealing some internal communications of the Hillary Clinton presidential campaign and George Soros’s Open Society Foundation, among others.
  • Paul Merrell on 07 Jul 16
     
    Four-star general commanding NATO uses Gmail? He must have wanted his emails to be publicized.
Paul Merrell

Russia Hysteria Infects WashPost Again: False Story About Hacking U.S. Electric Grid - 0 views

theintercept.com/...bout-hacking-u-s-electric-grid

war & peace U.S.-foreign-policy Russophobia fake-news WaPo electrical-grid-hack MSM-propaganda

shared by Paul Merrell on 03 Jan 17 - No Cached
  • The Washington Post on Friday reported a genuinely alarming event: Russian hackers have penetrated the U.S. power system through an electrical grid in Vermont. The Post headline conveyed the seriousness of the threat: The first sentence of the article directly linked this cyberattack to alleged Russian hacking of the email accounts of the DNC and John Podesta — what is now routinely referred to as “Russian hacking of our election” — by referencing the code name revealed on Wednesday by the Obama administration when it announced sanctions on Russian officials: “A code associated with the Russian hacking operation dubbed Grizzly Steppe by the Obama administration has been detected within the system of a Vermont utility, according to U.S. officials.” The Post article contained grave statements from Vermont officials of the type politicians love to issue after a terrorist attack to show they are tough and in control. The state’s Democratic governor, Peter Shumlin, said: Vermonters and all Americans should be both alarmed and outraged that one of the world’s leading thugs, Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality of life, economy, health, and safety. This episode should highlight the urgent need for our federal government to vigorously pursue and put an end to this sort of Russian meddling.
  • Vermont Sen. Patrick Leahy issued a statement warning: “This is beyond hackers having electronic joy rides — this is now about trying to access utilities to potentially manipulate the grid and shut it down in the middle of winter. That is a direct threat to Vermont and we do not take it lightly.” The article went on and on in that vein, with all the standard tactics used by the U.S. media for such stories: quoting anonymous national security officials, reviewing past acts of Russian treachery, and drawing the scariest possible conclusions (“‘The question remains: Are they in other systems and what was the intent?’ a U.S. official said”).  The media reactions, as Alex Pfeiffer documents, were exactly what one would expect: hysterical, alarmist proclamations of Putin’s menacing evil: Our Russian "friend" Putin attacked the U.S. power grid. https://t.co/iAneRgbuhF — Brent Staples (@BrentNYT) December 31, 2016
  • The Post’s story also predictably and very rapidly infected other large media outlets. Reuters thus told its readers around the world: “A malware code associated with Russian hackers has reportedly been detected within the system of a Vermont electric utility.”   What’s the problem here? It did not happen. There was no “penetration of the U.S. electricity grid.” The truth was undramatic and banal. Burlington Electric, after receiving a Homeland Security notice sent to all U.S. utility companies about the malware code found in the DNC system, searched all its computers and found the code in a single laptop that was not connected to the electric grid. Apparently, the Post did not even bother to contact the company before running its wildly sensationalistic claims, so Burlington Electric had to issue its own statement to the Burlington Free Press, which debunked the Post’s central claim (emphasis in original): “We detected the malware in a single Burlington Electric Department laptop not connected to our organization’s grid systems.” So the key scary claim of the Post story — that Russian hackers had penetrated the U.S. electric grid — was false. All the alarmist tough-guy statements issued by political officials who believed the Post’s claim were based on fiction.
  • ...2 more annotations...
  • UPDATE: Just as The Guardian had to do just two days ago regarding its claim about WikiLeaks and Putin, the Washington Post has now added an editor’s note to its story acknowledging that its key claim was false:
  • Is it not very clear that journalistic standards are being casually dispensed with when the subject is Russia?
1 - 20 of 93 Next › Last »
Showing 20 items per page