Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged exploits

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

How the NSA Plans to Infect 'Millions' of Computers with Malware - The Intercept - 0 views

firstlook.org/...ect-millions-computers-malware

surveillance state NSA GCHQ NSA-methods malware

shared by Paul Merrell on 13 Mar 14 - No Cached
  • Top-secret documents reveal that the National Security Agency is dramatically expanding its ability to covertly hack into computers on a mass scale by using automated systems that reduce the level of human oversight in the process. The classified files – provided previously by NSA whistleblower Edward Snowden – contain new details about groundbreaking surveillance technology the agency has developed to infect potentially millions of computers worldwide with malware “implants.” The clandestine initiative enables the NSA to break into targeted computers and to siphon out data from foreign Internet and phone networks. The covert infrastructure that supports the hacking efforts operates from the agency’s headquarters in Fort Meade, Maryland, and from eavesdropping bases in the United Kingdom and Japan. GCHQ, the British intelligence agency, appears to have played an integral role in helping to develop the implants tactic.
  • The NSA began rapidly escalating its hacking efforts a decade ago. In 2004, according to secret internal records, the agency was managing a small network of only 100 to 150 implants. But over the next six to eight years, as an elite unit called Tailored Access Operations (TAO) recruited new hackers and developed new malware tools, the number of implants soared to tens of thousands. To penetrate foreign computer networks and monitor communications that it did not have access to through other means, the NSA wanted to go beyond the limits of traditional signals intelligence, or SIGINT, the agency’s term for the interception of electronic communications. Instead, it sought to broaden “active” surveillance methods – tactics designed to directly infiltrate a target’s computers or network devices. In the documents, the agency describes such techniques as “a more aggressive approach to SIGINT” and says that the TAO unit’s mission is to “aggressively scale” these operations. But the NSA recognized that managing a massive network of implants is too big a job for humans alone.
  • “One of the greatest challenges for active SIGINT/attack is scale,” explains the top-secret presentation from 2009. “Human ‘drivers’ limit ability for large-scale exploitation (humans tend to operate within their own environment, not taking into account the bigger picture).” The agency’s solution was TURBINE. Developed as part of TAO unit, it is described in the leaked documents as an “intelligent command and control capability” that enables “industrial-scale exploitation.”
  • ...10 more annotations...
  • TURBINE was designed to make deploying malware much easier for the NSA’s hackers by reducing their role in overseeing its functions. The system would “relieve the user from needing to know/care about the details,” the NSA’s Technology Directorate notes in one secret document from 2009. “For example, a user should be able to ask for ‘all details about application X’ and not need to know how and where the application keeps files, registry entries, user application data, etc.” In practice, this meant that TURBINE would automate crucial processes that previously had to be performed manually – including the configuration of the implants as well as surveillance collection, or “tasking,” of data from infected systems. But automating these processes was about much more than a simple technicality. The move represented a major tactical shift within the NSA that was expected to have a profound impact – allowing the agency to push forward into a new frontier of surveillance operations. The ramifications are starkly illustrated in one undated top-secret NSA document, which describes how the agency planned for TURBINE to “increase the current capability to deploy and manage hundreds of Computer Network Exploitation (CNE) and Computer Network Attack (CNA) implants to potentially millions of implants.” (CNE mines intelligence from computers and networks; CNA seeks to disrupt, damage or destroy them.)
  • But not all of the NSA’s implants are used to gather intelligence, the secret files show. Sometimes, the agency’s aim is disruption rather than surveillance. QUANTUMSKY, a piece of NSA malware developed in 2004, is used to block targets from accessing certain websites. QUANTUMCOPPER, first tested in 2008, corrupts a target’s file downloads. These two “attack” techniques are revealed on a classified list that features nine NSA hacking tools, six of which are used for intelligence gathering. Just one is used for “defensive” purposes – to protect U.S. government networks against intrusions.
  • The NSA has a diverse arsenal of malware tools, each highly sophisticated and customizable for different purposes. One implant, codenamed UNITEDRAKE, can be used with a variety of “plug-ins” that enable the agency to gain total control of an infected computer. An implant plug-in named CAPTIVATEDAUDIENCE, for example, is used to take over a targeted computer’s microphone and record conversations taking place near the device. Another, GUMFISH, can covertly take over a computer’s webcam and snap photographs. FOGGYBOTTOM records logs of Internet browsing histories and collects login details and passwords used to access websites and email accounts. GROK is used to log keystrokes. And SALVAGERABBIT exfiltrates data from removable flash drives that connect to an infected computer. The implants can enable the NSA to circumvent privacy-enhancing encryption tools that are used to browse the Internet anonymously or scramble the contents of emails as they are being sent across networks. That’s because the NSA’s malware gives the agency unfettered access to a target’s computer before the user protects their communications with encryption. It is unclear how many of the implants are being deployed on an annual basis or which variants of them are currently active in computer systems across the world.
  • Infiltrating cellphone networks, however, is not all that the malware can be used to accomplish. The NSA has specifically tailored some of its implants to infect large-scale network routers used by Internet service providers in foreign countries. By compromising routers – the devices that connect computer networks and transport data packets across the Internet – the agency can gain covert access to monitor Internet traffic, record the browsing sessions of users, and intercept communications. Two implants the NSA injects into network routers, HAMMERCHANT and HAMMERSTEIN, help the agency to intercept and perform “exploitation attacks” against data that is sent through a Virtual Private Network, a tool that uses encrypted “tunnels” to enhance the security and privacy of an Internet session.
  • Eventually, the secret files indicate, the NSA’s plans for TURBINE came to fruition. The system has been operational in some capacity since at least July 2010, and its role has become increasingly central to NSA hacking operations. Earlier reports based on the Snowden files indicate that the NSA has already deployed between 85,000 and 100,000 of its implants against computers and networks across the world, with plans to keep on scaling up those numbers. The intelligence community’s top-secret “Black Budget” for 2013, obtained by Snowden, lists TURBINE as part of a broader NSA surveillance initiative named “Owning the Net.” The agency sought $67.6 million in taxpayer funding for its Owning the Net program last year. Some of the money was earmarked for TURBINE, expanding the system to encompass “a wider variety” of networks and “enabling greater automation of computer network exploitation.”
  • Before it can extract data from an implant or use it to attack a system, the NSA must first install the malware on a targeted computer or network. According to one top-secret document from 2012, the agency can deploy malware by sending out spam emails that trick targets into clicking a malicious link. Once activated, a “back-door implant” infects their computers within eight seconds. There’s only one problem with this tactic, codenamed WILLOWVIXEN: According to the documents, the spam method has become less successful in recent years, as Internet users have become wary of unsolicited emails and less likely to click on anything that looks suspicious. Consequently, the NSA has turned to new and more advanced hacking techniques. These include performing so-called “man-in-the-middle” and “man-on-the-side” attacks, which covertly force a user’s internet browser to route to NSA computer servers that try to infect them with an implant.
  • To perform a man-on-the-side attack, the NSA observes a target’s Internet traffic using its global network of covert “accesses” to data as it flows over fiber optic cables or satellites. When the target visits a website that the NSA is able to exploit, the agency’s surveillance sensors alert the TURBINE system, which then “shoots” data packets at the targeted computer’s IP address within a fraction of a second. In one man-on-the-side technique, codenamed QUANTUMHAND, the agency disguises itself as a fake Facebook server. When a target attempts to log in to the social media site, the NSA transmits malicious data packets that trick the target’s computer into thinking they are being sent from the real Facebook. By concealing its malware within what looks like an ordinary Facebook page, the NSA is able to hack into the targeted computer and covertly siphon out data from its hard drive. A top-secret animation demonstrates the tactic in action.
  • The TURBINE implants system does not operate in isolation. It is linked to, and relies upon, a large network of clandestine surveillance “sensors” that the agency has installed at locations across the world.
  • The NSA’s headquarters in Maryland are part of this network, as are eavesdropping bases used by the agency in Misawa, Japan and Menwith Hill, England. The sensors, codenamed TURMOIL, operate as a sort of high-tech surveillance dragnet, monitoring packets of data as they are sent across the Internet. When TURBINE implants exfiltrate data from infected computer systems, the TURMOIL sensors automatically identify the data and return it to the NSA for analysis. And when targets are communicating, the TURMOIL system can be used to send alerts or “tips” to TURBINE, enabling the initiation of a malware attack. The NSA identifies surveillance targets based on a series of data “selectors” as they flow across Internet cables. These selectors, according to internal documents, can include email addresses, IP addresses, or the unique “cookies” containing a username or other identifying information that are sent to a user’s computer by websites such as Google, Facebook, Hotmail, Yahoo, and Twitter. Other selectors the NSA uses can be gleaned from unique Google advertising cookies that track browsing habits, unique encryption key fingerprints that can be traced to a specific user, and computer IDs that are sent across the Internet when a Windows computer crashes or updates.
  • Documents published with this article: Menwith Hill Station Leverages XKeyscore for Quantum Against Yahoo and Hotmail Five Eyes Hacking Large Routers NSA Technology Directorate Analysis of Converged Data Selector Types There Is More Than One Way to Quantum NSA Phishing Tactics and Man in the Middle Attacks Quantum Insert Diagrams The NSA and GCHQ’s QUANTUMTHEORY Hacking Tactics TURBINE and TURMOIL VPN and VOIP Exploitation With HAMMERCHANT and HAMMERSTEIN Industrial-Scale Exploitation Thousands of Implants
  • Paul Merrell on 13 Mar 14
     
    *Very* long article. Only small portions quoted.
Paul Merrell

NSA contracted French cyber-firm for hacking help - RT USA - 0 views

rt.com/...nsa-vupen-exploit-hack-978

surveillance state NSA NSA-methods exploit-purchases

shared by Paul Merrell on 28 Mar 14 - No Cached
  • The latest revelation regarding the National Security Agency doesn't come courtesy of Edward Snowden. A Freedom of Information Act request has confirmed the NSA contracted a French company that makes its money by hacking into computers. It's no secret that the United States government relies on an arsenal of tactics to gather intelligence and wage operations against its adversaries, but a FOIA request filed by Muckrock's Heather Akers-Healy has confirmed that the list of Uncle Sam's business partners include Vupen, a French-based security company that specializes in selling secret codes used to crack into computers. Documents responsive to my request to #NSA for contracts with VUPEN, include 12/month exploit subscription https://t.co/x3qJbqSUpa — Heather Akers-Healy (@abbynormative) September 16, 2013 Muckrock published on Monday a copy of a contract between the NSA and Vupen in which the US government is shown to have ordered a one-year subscription to the firm's “binary analysis and exploits service” last September.
  • That service, according to the Vupen website, is sold only to government entities, law enforcement agencies and computer response teams in select countries, and provides clients with access to so-called zero-day exploits: newly-discovered security vulnerabilities that the products' manufacturers have yet to discover and, therefore, have had zero days to patch-up. “Major software vendors such as Microsoft and Adobe usually take 6 to 9 months to release a security patch for a critical vulnerability affecting their products, and this long delay between the discovery of a vulnerability and the release of a patch creates a window of exposure during which criminals can rediscover a previously reported but unpatched vulnerability, and target any organization running the vulnerable software,” Vupen says elsewhere on their website. Last year, Vupen researchers successfully cracked Google's Chrome browser, but declined to show developers how they did so — even for an impressive cash bounty. “We wouldn’t share this with Google for even $1 million,” Vupen CEO Chaouki Bekrar told Forbes' Andy Greenberg of the Chrome hack in 2012. “We don’t want to give them any knowledge that can help them in fixing this exploit or other similar exploits. We want to keep this for our customers.”
  • And why the NSA and other clients may benefit from being privy to these vulnerabilities, knowing how to exploit security holes in adversarial systems is a crucial component to any government's offensive cyber-operations. Last month, the Washington Post published excerpts from the previously secretive “black budget,” a closely guarded ledger listing the funding requests made by America's intelligence community provided by NSA leaker Edward Snowden. According to that document, a substantial goal of the US in fiscal year 2013 was to use a portion of $52.6 billion in secretive funding towards improving offensive cyber-operations.
  • ...1 more annotation...
  • The portion of the contract obtained by Muckrock where the cost of the subscription is listed has been redacted, but a Vupen hacker who spoke to Greenberg last year said deals in the five-figures wasn't uncommon. "People seem surprised to discover that major government agencies are acquiring Vupen's vulnerability intelligence," Bekrar wrote in an email to Information Week's Matthew Schwartz after the NSA contract with his signature was published. "There is no news here, governments need to leverage the most detailed and advanced vulnerability research to protect their infrastructures and citizens against adversaries." Critics of Vupen and its competitors see government-waged cyber-operations in a different light, however. Christopher Soghoian of the American Civil Liberties Union's Speech, Privacy and Technology Project has spoken outright against companies that sell exploits and have equated the computer codes being sold for big money as a new sort of underground arms trade fueling an international, online battle. To Greenberg last year, Soghoian described Vupen as  a “modern-day merchant of death” selling “the bullets for cyberwar," and upon publishing of the NSA contract called the company a “cyber weapon merchant.” The NSA is a customer of French 0-day cyber weapon merchant VUPEN, FOIA docs reveal: (via @ramdac & @MuckRockNews) https://t.co/OPJ82miK3c — Christopher Soghoian (@csoghoian) September 16, 2013
Paul Merrell

Western Spy Agencies Secretly Rely on Hackers for Intel and Expertise - The Intercept - 0 views

firstlook.org/...-nsa-gchq-rely-intel-expertise

surveillance state NSA-targets hackers

shared by Paul Merrell on 05 Feb 15 - No Cached
  • The U.S., U.K. and Canadian governments characterize hackers as a criminal menace, warn of the threats they allegedly pose to critical infrastructure, and aggressively prosecute them, but they are also secretly exploiting their information and expertise, according to top secret documents. In some cases, the surveillance agencies are obtaining the content of emails by monitoring hackers as they breach email accounts, often without notifying the hacking victims of these breaches. “Hackers are stealing the emails of some of our targets… by collecting the hackers’ ‘take,’ we . . .  get access to the emails themselves,” reads one top secret 2010 National Security Agency document. These and other revelations about the intelligence agencies’ reliance on hackers are contained in documents provided by whistleblower Edward Snowden. The documents—which come from the U.K. Government Communications Headquarters agency and NSA—shed new light on the various means used by intelligence agencies to exploit hackers’ successes and learn from their skills, while also raising questions about whether governments have overstated the threat posed by some hackers.
  • By looking out for hacking conducted “both by state-sponsored and freelance hackers” and riding on the coattails of hackers, Western intelligence agencies have gathered what they regard as valuable content: Recently, Communications Security Establishment Canada (CSEC) and Menwith Hill Station (MHS) discovered and began exploiting a target-rich data set being stolen by hackers. The hackers’ sophisticated email-stealing intrusion set is known as INTOLERANT. Of the traffic observed, nearly half contains category hits because the attackers are targeting email accounts of interest to the Intelligence Community. Although a relatively new data source, [Target Offices of Primary Interest] have already written multiple reports based on INTOLERANT collect. The hackers targeted a wide range of diplomatic corps, human rights and democracy activists and even journalists: INTOLERANT traffic is very organized. Each event is labeled to identify and categorize victims. Cyber attacks commonly apply descriptors to each victim – it helps herd victims and track which attacks succeed and which fail. Victim categories make INTOLERANT interesting: A = Indian Diplomatic & Indian Navy B = Central Asian diplomatic C = Chinese Human Rights Defenders D = Tibetan Pro-Democracy Personalities E = Uighur Activists F = European Special Rep to Afghanistan and Indian photo-journalism G = Tibetan Government in Exile
  • In those cases, the NSA and its partner agencies in the United Kingdom and Canada were unable to determine the identity of the hackers who collected the data, but suspect a state sponsor “based on the level of sophistication and the victim set.” In instances where hacking may compromise data from the U.S. and U.K. governments, or their allies, notification was given to the “relevant parties.” In a separate document, GCHQ officials discuss plans to use open source discussions among hackers to improve their own knowledge. “Analysts are potentially missing out on valuable open source information relating to cyber defence because of an inability to easily keep up to date with specific blogs and Twitter sources,” according to one document. GCHQ created a program called LOVELY HORSE to monitor and index public discussion by hackers on Twitter and other social media. The Twitter accounts designated for collection in the 2012 document:
  • ...3 more annotations...
  • Documents published with this article: LOVELY HORSE – GCHQ Wiki Overview INTOLERANT – Who Else Is Targeting Your Target? Collecting Data Stolen by Hackers – SIDtoday  HAPPY TRIGGER/LOVELY HORSE/Zool/TWO FACE – Open Source for Cyber Defence/Progress NATO Civilian Intelligence Council – Cyber Panel – US Talking Points
  • These accounts represent a cross section of the hacker community and security scene. In addition to monitoring multiple accounts affiliated with Anonymous, GCHQ monitored the tweets of Kevin Mitnick, who was sent to prison in 1999 for various computer and fraud related offenses. The U.S. Government once characterized Mitnick as one of the world’s most villainous hackers, but he has since turned security consultant and exploit broker. Among others, GCHQ monitored the tweets of reverse-engineer and Google employee, Thomas Dullien. Fellow Googler Tavis Ormandy, from Google’s vulnerability research team Project Zero, is featured on the list, along with other well known offensive security researchers, including Metasploit’s HD Moore and James Lee (aka Egypt) together with Dino Dai Zovi and Alexander Sotirov, who at the time both worked for New York-based offensive security company, Trail of Bits (Dai Zovi has since taken up a position at payment company, Square). The list also includes notable anti-forensics and operational security expert “The Grugq.” GCHQ monitored the tweets of former NSA agents Dave Aitel and Charlie Miller, and former Air Force intelligence officer Richard Bejtlich as well as French exploit vendor, VUPEN (who sold a one year subscription for its binary analysis and exploits service to the NSA in 2012).
  • The U.S., U.K. and Canadian governments characterize hackers as a criminal menace, warn of the threats they allegedly pose to critical infrastructure, and aggressively prosecute them, but they are also secretly exploiting their information and expertise, according to top secret documents. In some cases, the surveillance agencies are obtaining the content of emails by monitoring hackers as they breach email accounts, often without notifying the hacking victims of these breaches. “Hackers are stealing the emails of some of our targets… by collecting the hackers’ ‘take,’ we . . .  get access to the emails themselves,” reads one top secret 2010 National Security Agency document. These and other revelations about the intelligence agencies’ reliance on hackers are contained in documents provided by whistleblower Edward Snowden. The documents—which come from the U.K. Government Communications Headquarters agency and NSA—shed new light on the various means used by intelligence agencies to exploit hackers’ successes and learn from their skills, while also raising questions about whether governments have overstated the threat posed by some hackers.
Paul Merrell

Apple's New Challenge: Learning How the U.S. Cracked Its iPhone - The New York Times - 0 views

www.nytimes.com/...the-us-cracked-its-iphone.html

surveillance state Apple FBI San-Bernadino iPhone security

shared by Paul Merrell on 31 Mar 16 - No Cached
  • Now that the United States government has cracked open an iPhone that belonged to a gunman in the San Bernardino, Calif., mass shooting without Apple’s help, the tech company is under pressure to find and fix the flaw.But unlike other cases where security vulnerabilities have cropped up, Apple may face a higher set of hurdles in ferreting out and repairing the particular iPhone hole that the government hacked.The challenges start with the lack of information about the method that the law enforcement authorities, with the aid of a third party, used to break into the iPhone of Syed Rizwan Farook, an attacker in the San Bernardino rampage last year. Federal officials have refused to identify the person, or organization, who helped crack the device, and have declined to specify the procedure used to open the iPhone. Apple also cannot obtain the device to reverse-engineer the problem, the way it would in other hacking situations.
  • Paul Merrell on 31 Mar 16
     
    It would make a very interesting Freedom of Information Act case if Apple sued under that Act to force disclosure of the security hole iPhone product defect the FBI exploited. I know of no interpretation of the law enforcement FOIA exemption that would justify FBI disclosure of the information. It might be alleged that the information is the trade secret of the company that disclosed the defect and exploit to the the FBI, but there's a very strong argument that the fact that the information was shared with the FBI waived the trade secrecy claim. And the notion that government is entitled to collect product security defects and exploit them without informing the exploited product's company of the specific defect is extremely weak.  Were I Tim Cook, I would have already told my lawyers to get cracking on filing the FOIA request with the FBI to get the legal ball rolling. 
Paul Merrell

Obama Lets N.S.A. Exploit Some Internet Flaws, Officials Say - NYTimes.com - 0 views

www.nytimes.com/...ernet-flaws-officials-say.html

surveillance state Obama NSA NSA-backdoors exploits must-read Iranian-nukes-myth Stuxnet

shared by Paul Merrell on 13 Apr 14 - No Cached
  • Stepping into a heated debate within the nation’s intelligence agencies, President Obama has decided that when the National Security Agency discovers major flaws in Internet security, it should — in most circumstances — reveal them to assure that they will be fixed, rather than keep mum so that the flaws can be used in espionage or cyberattacks, senior administration officials said Saturday.But Mr. Obama carved a broad exception for “a clear national security or law enforcement need,” the officials said, a loophole that is likely to allow the N.S.A. to continue to exploit security flaws both to crack encryption on the Internet and to design cyberweapons.
  • elements of the decision became evident on Friday, when the White House denied that it had any prior knowledge of the Heartbleed bug, a newly known hole in Internet security that sent Americans scrambling last week to change their online passwords. The White House statement said that when such flaws are discovered, there is now a “bias” in the government to share that knowledge with computer and software manufacturers so a remedy can be created and distributed to industry and consumers.Caitlin Hayden, the spokeswoman for the National Security Council, said the review of the recommendations was now complete, and it had resulted in a “reinvigorated” process to weigh the value of disclosure when a security flaw is discovered, against the value of keeping the discovery secret for later use by the intelligence community.“This process is biased toward responsibly disclosing such vulnerabilities,” she said.
  • The N.S.A. made use of four “zero day” vulnerabilities in its attack on Iran’s nuclear enrichment sites. That operation, code-named “Olympic Games,” managed to damage roughly 1,000 Iranian centrifuges, and by some accounts helped drive the country to the negotiating table.Not surprisingly, officials at the N.S.A. and at its military partner, the United States Cyber Command, warned that giving up the capability to exploit undisclosed vulnerabilities would amount to “unilateral disarmament” — a phrase taken from the battles over whether and how far to cut America’s nuclear arsenal.“We don’t eliminate nuclear weapons until the Russians do,” one senior intelligence official said recently. “You are not going to see the Chinese give up on ‘zero days’ just because we do.” Even a senior White House official who was sympathetic to broad reforms after the N.S.A. disclosures said last month, “I can’t imagine the president — any president — entirely giving up a technology that might enable him some day to take a covert action that could avoid a shooting war.”
  • ...2 more annotations...
  • One recommendation urged the N.S.A. to get out of the business of weakening commercial encryption systems or trying to build in “back doors” that would make it far easier for the agency to crack the communications of America’s adversaries. Tempting as it was to create easy ways to break codes — the reason the N.S.A. was established by Harry S. Truman 62 years ago — the committee concluded that the practice would undercut trust in American software and hardware products. In recent months, Silicon Valley companies have urged the United States to abandon such practices, while Germany and Brazil, among other nations, have said they were considering shunning American-made equipment and software. Their motives were hardly pure: Foreign companies see the N.S.A. disclosures as a way to bar American competitors.Continue reading the main story Continue reading the main story AdvertisementAnother recommendation urged the government to make only the most limited, temporary use of what hackers call “zero days,” the coding flaws in software like Microsoft Windows that can give an attacker access to a computer — and to any business, government agency or network connected to it. The flaws get their name from the fact that, when identified, the computer user has “zero days” to fix them before hackers can exploit the accidental vulnerability.
  • But documents released by Edward J. Snowden, the former N.S.A. contractor, make it clear that two years before Heartbleed became known, the N.S.A. was looking at ways to accomplish exactly what the flaw did by accident. A program code-named Bullrun, apparently named for the site of two Civil War battles just outside Washington, was part of a decade-long effort to crack or circumvent encryption on the web. The documents do not make clear how well it succeeded, but it may well have been more effective than exploiting Heartbleed would be at enabling access to secret data.The government has become one of the biggest developers and purchasers of information identifying “zero days,” officials acknowledge. Those flaws are big business — Microsoft pays up to $150,000 to those who find them and bring them to the company to fix — and other countries are gathering them so avidly that something of a modern-day arms race has broken out. Chief among the nations seeking them are China and Russia, though Iran and North Korea are in the market as well.
  • Paul Merrell on 13 Apr 14
     
    Note that this is only an elastic policy, not law. Also notice that NYT is now reporting as *fact* that the NSA did the cyber attack on the Iranian enrichment centrifuges. By any legal measure, if true that was an act of war, a war of aggression.  So why wasn't the American public informed that we were at war with Iran? 
Paul Merrell

New Snowden Docs Indicate Scope of NSA Preparations for Cyber Battle - SPIEGEL ONLINE - 0 views

www.spiegel.de/...or-cyber-battle-a-1013409.html

surveillance state war & peace cyberwar Snowden NSA-docs

shared by Paul Merrell on 20 Jan 15 - No Cached
  • The NSA's mass surveillance is just the beginning. Documents from Edward Snowden show that the intelligence agency is arming America for future digital wars -- a struggle for control of the Internet that is already well underway.
  • The Birth of D Weapons According to top secret documents from the archive of NSA whistleblower Edward Snowden seen exclusively by SPIEGEL, they are planning for wars of the future in which the Internet will play a critical role, with the aim of being able to use the net to paralyze computer networks and, by doing so, potentially all the infrastructure they control, including power and water supplies, factories, airports or the flow of money.
  • NSA Docs on Network Attacks and ExploitationExcerpt from the secret NSA budget on computer network operations / Code word GENIE Document about the expansion of the Remote Operations Center (ROC) on endpoint operations Document explaining the role of the Remote Operations Center (ROC) Interview with an employee of NSA's department for Tailored Access Operations about his field of work Supply-chain interdiction / Stealthy techniques can crack some of SIGINT's hardest targets Classification guide for computer network exploitation (CNE) NSA training course material on computer network operations Overview of methods for NSA integrated cyber operations NSA project description to recognize and process data that comes from third party attacks on computers Exploring and exploiting leaky mobile apps with BADASS Overview of projects of the TAO/ATO department such as the remote destruction of network cards iPhone target analysis and exploitation with Apple's unique device identifiers (UDID) Report of an NSA Employee about a Backdoor in the OpenSSH Daemon NSA document on QUANTUMSHOOTER, an implant to remote-control computers with good network connections from unknown third parties
  • ...5 more annotations...
  • From a military perspective, surveillance of the Internet is merely "Phase 0" in the US digital war strategy. Internal NSA documents indicate that it is the prerequisite for everything that follows. They show that the aim of the surveillance is to detect vulnerabilities in enemy systems. Once "stealthy implants" have been placed to infiltrate enemy systems, thus allowing "permanent accesses," then Phase Three has been achieved -- a phase headed by the word "dominate" in the documents. This enables them to "control/destroy critical systems & networks at will through pre-positioned accesses (laid in Phase 0)." Critical infrastructure is considered by the agency to be anything that is important in keeping a society running: energy, communications and transportation. The internal documents state that the ultimate goal is "real time controlled escalation". One NSA presentation proclaims that "the next major conflict will start in cyberspace." To that end, the US government is currently undertaking a massive effort to digitally arm itself for network warfare. For the 2013 secret intelligence budget, the NSA projected it would need around $1 billion in order to increase the strength of its computer network attack operations. The budget included an increase of some $32 million for "unconventional solutions" alone.
  • Part 2: How the NSA Reads Over Shoulders of Other Spies
  • NSA Docs on ExfiltrationExplanation of the APEX method of combining passive with active methods to exfiltrate data from networks attacked Explanation of APEX shaping to put exfiltrating network traffic into patterns that allow plausible deniability Presentation on the FASHIONCLEFT protocol that the NSA uses to exfiltrate data from trojans and implants to the NSA Methods to exfiltrate data even from devices which are supposed to be offline Document detailing SPINALTAP, an NSA project to combine data from active operations and passive signals intelligence Technical description of the FASHIONCLEFT protocol the NSA uses to exfiltrate data from Trojans and implants to the NSA
  • NSA Docs on Malware and ImplantsCSEC document about the recognition of trojans and other "network based anomaly" The formalized process through which analysts choose their data requirement and then get to know the tools that can do the job QUANTUMTHEORY is a set of technologies allowing man-on-the-side interference attacks on TCP/IP connections (includes STRAIGHTBIZARRE and DAREDEVIL) Sample code of a malware program from the Five Eyes alliance
  • According to top secret documents from the archive of NSA whistleblower Edward Snowden seen exclusively by SPIEGEL, they are planning for wars of the future in which the Internet will play a critical role, with the aim of being able to use the net to paralyze computer networks and, by doing so, potentially all the infrastructure they control, including power and water supplies, factories, airports or the flow of money. During the 20th century, scientists developed so-called ABC weapons -- atomic, biological and chemical. It took decades before their deployment could be regulated and, at least partly, outlawed. New digital weapons have now been developed for the war on the Internet. But there are almost no international conventions or supervisory authorities for these D weapons, and the only law that applies is the survival of the fittest. Canadian media theorist Marshall McLuhan foresaw these developments decades ago. In 1970, he wrote, "World War III is a guerrilla information war with no division between military and civilian participation." That's precisely the reality that spies are preparing for today.
  • Paul Merrell on 20 Jan 15
     
    Major dump of new Snowden NSA docs by Der Spiegel, with an article by a large team of reporters and computer security experts. Topic: Cyberwar capabilities, now and in the near future. 
Gary Edwards

Professor Hoppe's new book: "The Competition of Crooks") | The God That Failed - 0 views

thegodthatfailed.org/...uner-the-competition-of-crooks

Hans-Hermann-Hoppe Libertarian Democracy

shared by Gary Edwards on 29 Dec 12 - No Cached
  • And perhaps then, finally, will come the realization that democracy – in whose name all these dirty tricks have been done – is nothing more than an especially insidious form of communism, and that the politicians who have wrought this immoral and economic madness and who have thereby enriched themselves personally (never, of course, being liable for the damages they have caused!), are nothing more than a despicable bunch of communist crooks.
  • democracy which is causally responsible for the fatal conditions afflicting us now
  • The number of productive people is constantly decreasing, and the number of people parasitically consuming the income and wealth of this dwindling number of productive people is increasing steadily. This can’t work in the long run.
  • ...20 more annotations...
  • That the whole democratic house of cards has not yet completely collapsed speaks volumes about the still tremendous creative power of capitalism, even in the face of ever-increasing governmental strangulation.
  • And this fact also allows us to conjecture about what economic ‘miracles’ would be possible if we had unimpeded capitalism liberated from such parasitism.
  • the correct realization becomes generally accepted that the only antagonistic conflict of interest in society is the one between tax-payers, i.e. the exploited, and tax-consumers, i.e. the exploiters.:
  • In other words, between the class of people on the one hand who earn their income and assets by producing something that is bought voluntarily and valued accordingly by others; and the class of those on the other hand who produce nothing considered to be of value, but who live instead by living off and enriching themselves from the incomes and assets of other, productive people, forcibly taken via taxation – that is to say all government employees and all recipients of government “welfare assistance”, subsidies and monopolistic privileges.
  • book’s thesis is that the government is a monopolist of ultimate justice and law enforcement and that every monopoly is always bad from the perspective of the consumer – in this case the citizen. Your alternative solution is a private law society.
  • The basic idea is quite simple. Abolish monopoly and encourage competition.
  • I can only go to a state court of law, staffed by judges who themselves are paid from taxes to enforce government regulations.
  • In this way, government-staged robbery, assault, manslaughter, murder, war is “legally” sanctioned.
  • In a private law society, if we had such a conflict, we would instead approach arbitrators who are independent of both parties, and who are competing with other arbitrators for voluntarily paying customers.
  • We would not use an inherently biased judge working for and paid directly by the state, who is therefore partisan, but rather a neutral third party, to adjudicate the normal human legal conflicts arising between existing and recognized property rights and private contract law.
  • the mediation market.
  • My income from my work is my property (not the state’s) and the restaurant is my property (not the state’s).
  • Therefore, any government-imposed tax upon me or use restrictions upon my property (such as a smoking ban) would therefore be judged unlawful, as robbery and expropriation.
  • the state is nothing but a “great band of robbers,” a mafia, only a much larger, more overwhelming and dangerous one.
  • the subject of class consciousness
  • “there’s absolutely no reason in any case why the state should have anything at all to do with the production of money.”
  • And every newly printed bill causes a redistribution of social wealth.
  • More paper money doesn’t make a society richer overall. It’s just more paper. But every new piece of printed paper reduces the purchasing power of all the other previously-existing paper bills
  • these machinations, taking place every day on an almost unimaginable scale, are nothing more than a gigantic case of fraudulent theft.
  • in a competitive environment, a better kind of money would be produced. Why? Because there’ll always be a demand for means of exchange.
  • Gary Edwards on 29 Dec 12
     
    Interview with Hoppe where he once again pushes libertarian thinking forward.  Hoppe puts most of the blame on "democracy" itself, caling it "an insidious form of communism".  Good stuff.  Highlighted parts. excerpt: "That the whole democratic house of cards has not yet completely collapsed speaks volumes about the still tremendous creative power of capitalism, even in the face of ever-increasing governmental strangulation. And this fact also allows us to conjecture about what economic 'miracles' would be possible if we had unimpeded capitalism liberated from such parasitism. If, and when, this insight finally bears fruit will depend upon the class consciousness of the population. There is a Marxist myth, eagerly promoted by the state, of an irreconcilable clash of interests between employers (capitalists) and employees (workers), or between the rich and the poor. As long as this myth prevails in public opinion, nothing at all will change and disaster is inevitable. A fundamental change can only occur if, instead of this, the correct realization becomes generally accepted that the only antagonistic conflict of interest in society is the one between tax-payers, i.e. the exploited, and tax-consumers, i.e. the exploiters.: In other words, between the class of people on the one hand who earn their income and assets by producing something that is bought voluntarily and valued accordingly by others; and the class of those on the other hand who produce nothing considered to be of value, but who live instead by living off and enriching themselves from the incomes and assets of other, productive people, forcibly taken via taxation - that is to say all government employees and all recipients of government "welfare assistance", subsidies and monopolistic privileges. Only when the producer class clearly recognises this, and publicly speaks out; when the producers are finally confident to take the moral high ground and reject the insolent admonitions from the po
Paul Merrell

Top-Secret Document Reveals NSA Spied On Porn Habits As Part Of Plan To Discredit 'Radi... - 0 views

www.huffingtonpost.com/...sa-porn-muslims_n_4346128.html

surveillance state NSA NSA-porn COINTELPRO FBI must-read

shared by Paul Merrell on 28 Nov 13 - No Cached
  • WASHINGTON -- The National Security Agency has been gathering records of online sexual activity and evidence of visits to pornographic websites as part of a proposed plan to harm the reputations of those whom the agency believes are radicalizing others through incendiary speeches, according to a top-secret NSA document. The document, provided by NSA whistleblower Edward Snowden, identifies six targets, all Muslims, as “exemplars” of how “personal vulnerabilities” can be learned through electronic surveillance, and then exploited to undermine a target's credibility, reputation and authority. The NSA document, dated Oct. 3, 2012, repeatedly refers to the power of charges of hypocrisy to undermine such a messenger. “A previous SIGINT" -- or signals intelligence, the interception of communications -- "assessment report on radicalization indicated that radicalizers appear to be particularly vulnerable in the area of authority when their private and public behaviors are not consistent,” the document argues. Among the vulnerabilities listed by the NSA that can be effectively exploited are “viewing sexually explicit material online” and “using sexually explicit persuasive language when communicating with inexperienced young girls.”
  • The Director of the National Security Agency -- described as "DIRNSA" -- is listed as the "originator" of the document. Beyond the NSA itself, the listed recipients include officials with the Departments of Justice and Commerce and the Drug Enforcement Administration. "Without discussing specific individuals, it should not be surprising that the US Government uses all of the lawful tools at our disposal to impede the efforts of valid terrorist targets who seek to harm the nation and radicalize others to violence," Shawn Turner, director of public affairs for National Intelligence, told The Huffington Post in an email Tuesday. Yet Jameel Jaffer, deputy legal director of the American Civil Liberties Union, said these revelations give rise to serious concerns about abuse. "It's important to remember that the NSA’s surveillance activities are anything but narrowly focused -- the agency is collecting massive amounts of sensitive information about virtually everyone," he said. "Wherever you are, the NSA's databases store information about your political views, your medical history, your intimate relationships and your activities online," he added. "The NSA says this personal information won't be abused, but these documents show that the NSA probably defines 'abuse' very narrowly."
  • None of the six individuals targeted by the NSA is accused in the document of being involved in terror plots. The agency believes they all currently reside outside the United States. It identifies one of them, however, as a "U.S. person," which means he is either a U.S. citizen or a permanent resident. A U.S. person is entitled to greater legal protections against NSA surveillance than foreigners are. Stewart Baker, a one-time general counsel for the NSA and a top Homeland Security official in the Bush administration, said that the idea of using potentially embarrassing information to undermine targets is a sound one. "If people are engaged in trying to recruit folks to kill Americans and we can discredit them, we ought to," said Baker. "On the whole, it's fairer and maybe more humane" than bombing a target, he said, describing the tactic as "dropping the truth on them." Any system can be abused, Baker allowed, but he said fears of the policy drifting to domestic political opponents don't justify rejecting it. "On that ground you could question almost any tactic we use in a war, and at some point you have to say we're counting on our officials to know the difference," he said.
  • ...6 more annotations...
  • In addition to analyzing the content of their internet activities, the NSA also examined the targets' contact lists. The NSA accuses two of the targets of promoting al Qaeda propaganda, but states that surveillance of the three English-speakers’ communications revealed that they have "minimal terrorist contacts." In particular, “only seven (1 percent) of the contacts in the study of the three English-speaking radicalizers were characterized in SIGINT as affiliated with an extremist group or a Pakistani militant group. An earlier communications profile of [one of the targets] reveals that 3 of the 213 distinct individuals he was in contact with between 4 August and 2 November 2010 were known or suspected of being associated with terrorism," the document reads. The document contends that the three Arabic-speaking targets have more contacts with affiliates of extremist groups, but does not suggest they themselves are involved in any terror plots. Instead, the NSA believes the targeted individuals radicalize people through the expression of controversial ideas via YouTube, Facebook and other social media websites. Their audience, both English and Arabic speakers, "includes individuals who do not yet hold extremist views but who are susceptible to the extremist message,” the document states. The NSA says the speeches and writings of the six individuals resonate most in countries including the United Kingdom, Germany, Sweden, Kenya, Pakistan, India and Saudi Arabia.
  • The NSA possesses embarrassing sexually explicit information about at least two of the targets by virtue of electronic surveillance of their online activity. The report states that some of the data was gleaned through FBI surveillance programs carried out under the Foreign Intelligence and Surveillance Act. The document adds, "Information herein is based largely on Sunni extremist communications." It further states that "the SIGINT information is from primary sources with direct access and is generally considered reliable." According to the document, the NSA believes that exploiting electronic surveillance to publicly reveal online sexual activities can make it harder for these “radicalizers” to maintain their credibility. "Focusing on access reveals potential vulnerabilities that could be even more effectively exploited when used in combination with vulnerabilities of character or credibility, or both, of the message in order to shape the perception of the messenger as well as that of his followers," the document argues. An attached appendix lists the "argument" each surveillance target has made that the NSA says constitutes radicalism, as well the personal "vulnerabilities" the agency believes would leave the targets "open to credibility challenges" if exposed.
  • One target's offending argument is that "Non-Muslims are a threat to Islam," and a vulnerability listed against him is "online promiscuity." Another target, a foreign citizen the NSA describes as a "respected academic," holds the offending view that "offensive jihad is justified," and his vulnerabilities are listed as "online promiscuity" and "publishes articles without checking facts." A third targeted radical is described as a "well-known media celebrity" based in the Middle East who argues that "the U.S perpetrated the 9/11 attack." Under vulnerabilities, he is said to lead "a glamorous lifestyle." A fourth target, who argues that "the U.S. brought the 9/11 attacks on itself" is said to be vulnerable to accusations of “deceitful use of funds." The document expresses the hope that revealing damaging information about the individuals could undermine their perceived "devotion to the jihadist cause." The Huffington Post is withholding the names and locations of the six targeted individuals; the allegations made by the NSA about their online activities in this document cannot be verified. The document does not indicate whether the NSA carried out its plan to discredit these six individuals, either by communicating with them privately about the acquired information or leaking it publicly. There is also no discussion in the document of any legal or ethical constraints on exploiting electronic surveillance in this manner.
  • While Baker and others support using surveillance to tarnish the reputation of people the NSA considers "radicalizers," U.S. officials have in the past used similar tactics against civil rights leaders, labor movement activists and others. Under J. Edgar Hoover, the FBI harassed activists and compiled secret files on political leaders, most notably Martin Luther King, Jr. The extent of the FBI's surveillance of political figures is still being revealed to this day, as the bureau releases the long dossiers it compiled on certain people in response to Freedom of Information Act requests following their deaths. The information collected by the FBI often centered on sex -- homosexuality was an ongoing obsession on Hoover's watch -- and information about extramarital affairs was reportedly used to blackmail politicians into fulfilling the bureau's needs. Current FBI Director James Comey recently ordered new FBI agents to visit the Martin Luther King, Jr. Memorial in Washington to understand "the dangers in becoming untethered to oversight and accountability."
  • James Bamford, a journalist who has been covering the NSA since the early 1980s, said the use of surveillance to exploit embarrassing private behavior is precisely what led to past U.S. surveillance scandals. "The NSA's operation is eerily similar to the FBI's operations under J. Edgar Hoover in the 1960s where the bureau used wiretapping to discover vulnerabilities, such as sexual activity, to 'neutralize' their targets," he said. "Back then, the idea was developed by the longest serving FBI chief in U.S. history, today it was suggested by the longest serving NSA chief in U.S. history." That controversy, Bamford said, also involved the NSA. "And back then, the NSA was also used to do the eavesdropping on King and others through its Operation Minaret. A later review declared the NSA’s program 'disreputable if not outright illegal,'" he said. Baker said that until there is evidence the tactic is being abused, the NSA should be trusted to use its discretion. "The abuses that involved Martin Luther King occurred before Edward Snowden was born," he said. "I think we can describe them as historical rather than current scandals. Before I say, 'Yeah, we've gotta worry about that,' I'd like to see evidence of that happening, or is even contemplated today, and I don't see it."
  • Jaffer, however, warned that the lessons of history ought to compel serious concern that a "president will ask the NSA to use the fruits of surveillance to discredit a political opponent, journalist or human rights activist." "The NSA has used its power that way in the past and it would be naïve to think it couldn't use its power that way in the future," he said.
  • Paul Merrell on 28 Nov 13
     
    By Glenn Greenwald, Ryan Gallagher, and Ryan Grim, 26 November 2013. I will annotate later. But this is by far the most important NSA disclosure from Edward Snowden's leaked documents thus far. A report originated by Gen. Alexander himself revealing COINTELPRO like activities aimed at destroying the reputations of non-terrorist "radicalizers," including one "U.S. person." This is exactly the kind of repressive activity that the civil libertarians among us warn about. 
  • Paul Merrell on 28 Nov 13
     
    By Glenn Greenwald, Ryan Gallagher, and Ryan Grim, 26 November 2013. I will annotate later. But this is by far the most important NSA disclosure from Edward Snowden's leaked documents thus far. A report originated by Gen. Alexander himself revealing COINTELPRO like activities aimed at destroying the reputations of non-terrorist "radicalizers," including one "U.S. person." This is exactly the kind of repressive activity that the civil libertarians among us warn about. 
Paul Merrell

Operation AURORAGOLD: How the NSA Hacks Cellphone Networks Worldwide - 0 views

firstlook.org/...nsa-auroragold-hack-cellphones

surveillance state NSA NSA-methods cell-network-penetration AURORAGOLD

shared by Paul Merrell on 06 Dec 14 - No Cached
  • In March 2011, two weeks before the Western intervention in Libya, a secret message was delivered to the National Security Agency. An intelligence unit within the U.S. military’s Africa Command needed help to hack into Libya’s cellphone networks and monitor text messages. For the NSA, the task was easy. The agency had already obtained technical information about the cellphone carriers’ internal systems by spying on documents sent among company employees, and these details would provide the perfect blueprint to help the military break into the networks. The NSA’s assistance in the Libya operation, however, was not an isolated case. It was part of a much larger surveillance program—global in its scope and ramifications—targeted not just at hostile countries.
  • According to documents contained in the archive of material provided to The Intercept by whistleblower Edward Snowden, the NSA has spied on hundreds of companies and organizations internationally, including in countries closely allied to the United States, in an effort to find security weaknesses in cellphone technology that it can exploit for surveillance. The documents also reveal how the NSA plans to secretly introduce new flaws into communication systems so that they can be tapped into—a controversial tactic that security experts say could be exposing the general population to criminal hackers. Codenamed AURORAGOLD, the covert operation has monitored the content of messages sent and received by more than 1,200 email accounts associated with major cellphone network operators, intercepting confidential company planning papers that help the NSA hack into phone networks.
  • Karsten Nohl, a leading cellphone security expert and cryptographer who was consulted by The Intercept about details contained in the AURORAGOLD documents, said that the broad scope of information swept up in the operation appears aimed at ensuring virtually every cellphone network in the world is NSA accessible.
  • ...11 more annotations...
  • “Collecting an inventory [like this] on world networks has big ramifications,” Nohl said, because it allows the NSA to track and circumvent upgrades in encryption technology used by cellphone companies to shield calls and texts from eavesdropping. Evidence that the agency has deliberately plotted to weaken the security of communication infrastructure, he added, was particularly alarming. “Even if you love the NSA and you say you have nothing to hide, you should be against a policy that introduces security vulnerabilities,” Nohl said, “because once NSA introduces a weakness, a vulnerability, it’s not only the NSA that can exploit it.”
  • The AURORAGOLD operation is carried out by specialist NSA surveillance units whose existence has not been publicly disclosed: the Wireless Portfolio Management Office, which defines and carries out the NSA’s strategy for exploiting wireless communications, and the Target Technology Trends Center, which monitors the development of new communication technology to ensure that the NSA isn’t blindsided by innovations that could evade its surveillance reach. The center’s logo is a picture of the Earth overshadowed by a large telescope; its motto is “Predict – Plan – Prevent.”
  • The NSA documents reveal that, as of May 2012, the agency had collected technical information on about 70 percent of cellphone networks worldwide—701 of an estimated 985—and was maintaining a list of 1,201 email “selectors” used to intercept internal company details from employees. (“Selector” is an agency term for a unique identifier like an email address or phone number.) From November 2011 to April 2012, between 363 and 1,354 selectors were “tasked” by the NSA for surveillance each month as part of AURORAGOLD, according to the documents. The secret operation appears to have been active since at least 2010.
  • By covertly monitoring GSMA working groups in a bid to identify and exploit security vulnerabilities, the NSA has placed itself into direct conflict with the mission of the National Institute for Standards and Technology, or NIST, the U.S. government agency responsible for recommending cybersecurity standards in the United States. NIST recently handed out a grant of more than $800,000 to GSMA so that the organization could research ways to address “security and privacy challenges” faced by users of mobile devices. The revelation that the trade group has been targeted for surveillance may reignite deep-seated tensions between NIST and NSA that came to the fore following earlier Snowden disclosures. Last year, NIST was forced to urge people not to use an encryption standard it had previously approved after it emerged NSA had apparently covertly worked to deliberately weaken it.
  • The NSA focuses on intercepting obscure but important technical documents circulated among the GSMA’s members known as “IR.21s.” Most cellphone network operators share IR.21 documents among each other as part of agreements that allow their customers to connect to foreign networks when they are “roaming” overseas on a vacation or a business trip. An IR.21, according to the NSA documents, contains information “necessary for targeting and exploitation.” The details in the IR.21s serve as a “warning mechanism” that flag new technology used by network operators, the NSA’s documents state. This allows the agency to identify security vulnerabilities in the latest communication systems that can be exploited, and helps efforts to introduce new vulnerabilities “where they do not yet exist.” The IR.21s also contain details about the encryption used by cellphone companies to protect the privacy of their customers’ communications as they are transmitted across networks. These details are highly sought after by the NSA, as they can aid its efforts to crack the encryption and eavesdrop on conversations.
  • One of the prime targets monitored under the AURORAGOLD program is the London-headquartered trade group, the GSM Association, or the GSMA, which represents the interests of more than 800 major cellphone, software, and internet companies from 220 countries. The GSMA’s members include U.S.-based companies such as Verizon, AT&T, Sprint, Microsoft, Facebook, Intel, Cisco, and Oracle, as well as large international firms including Sony, Nokia, Samsung, Ericsson, and Vodafone. The trade organization brings together its members for regular meetings at which new technologies and policies are discussed among various “working groups.” The Snowden files reveal that the NSA specifically targeted the GSMA’s working groups for surveillance.
  • Last year, the Washington Post reported that the NSA had already managed to break the most commonly used cellphone encryption algorithm in the world, known as A5/1. But the information collected under AURORAGOLD allows the agency to focus on circumventing newer and stronger versions of A5 cellphone encryption, such as A5/3. The documents note that the agency intercepts information from cellphone operators about “the type of A5 cipher algorithm version” they use, and monitors the development of new algorithms in order to find ways to bypass the encryption. In 2009, the British surveillance agency Government Communications Headquarters conducted a similar effort to subvert phone encryption under a project called OPULENT PUP, using powerful computers to perform a “crypt attack” to penetrate the A5/3 algorithm, secret memos reveal. By 2011, GCHQ was collaborating with the NSA on another operation, called WOLFRAMITE, to attack A5/3 encryption. (GCHQ declined to comment for this story, other than to say that it operates within legal parameters.)
  • The extensive attempts to attack cellphone encryption have been replicated across the Five Eyes surveillance alliance. Australia’s top spy agency, for instance, infiltrated an Indonesian cellphone company and stole nearly 1.8 million encryption keys used to protect communications, the New York Times reported in February.
  • The NSA’s documents show that it focuses on collecting details about virtually all technical standards used by cellphone operators, and the agency’s efforts to stay ahead of the technology curve occasionally yield significant results. In early 2010, for instance, its operatives had already found ways to penetrate a variant of the newest “fourth generation” smartphone-era technology for surveillance, years before it became widely adopted by millions of people in dozens of countries. The NSA says that its efforts are targeted at terrorists, weapons proliferators, and other foreign targets, not “ordinary people.” But the methods used by the agency and its partners to gain access to cellphone communications risk significant blowback. According to Mikko Hypponen, a security expert at Finland-based F-Secure, criminal hackers and foreign government adversaries could be among the inadvertent beneficiaries of any security vulnerabilities or encryption weaknesses inserted by the NSA into communication systems using data collected by the AURORAGOLD project.
  • Vines, the NSA spokeswoman, told The Intercept that the agency was committed to ensuring an “open, interoperable, and secure global internet.” “NSA deeply values these principles and takes great care to honor them in the performance of its lawful foreign-intelligence mission,” Vines said.
  • Documents published with this article: AURORAGOLD – Project Overview AURORAGOLD Working Group IR.21 – A Technology Warning Mechanism AURORAGOLD – Target Technology Trends Center support to WPMO NSA First-Ever Collect of High-Interest 4G Cellular Signal AURORAGOLD Working Aid WOLFRAMITE Encryption Attack OPULENT PUP Encryption Attack NSA/GCHQ/CSEC Network Tradecraft Advancement Team
  • Paul Merrell on 06 Dec 14
     
    Notice that they've cracked even 4G.
Paul Merrell

The "Cuban Twitter" Scam Is a Drop in the Internet Propaganda Bucket - The Intercept - 0 views

firstlook.org/...minating-government-propaganda

surveillance state propaganda psywar USAID State-Dept. Obama

shared by Paul Merrell on 06 Apr 14 - No Cached
  • This week, the Associated Press exposed a secret program run by the U.S. Agency for International Development to create “a Twitter-like Cuban communications network” run through “secret shell companies” in order to create the false appearance of being a privately owned operation. Unbeknownst to the service’s Cuban users was the fact that “American contractors were gathering their private data in the hope that it might be used for political purposes”–specifically, to manipulate those users in order to foment dissent in Cuba and subvert its government. According to top-secret documents published today by The Intercept, this sort of operation is frequently discussed at western intelligence agencies, which have plotted ways to covertly use social media for ”propaganda,” “deception,” “mass messaging,” and “pushing stories.” These ideas–discussions of how to exploit the internet, specifically social media, to surreptitiously disseminate viewpoints friendly to western interests and spread false or damaging information about targets–appear repeatedly throughout the archive of materials provided by NSA whistleblower Edward Snowden. Documents prepared by NSA and its British counterpart GCHQ–and previously published by The Intercept as well as some by NBC News–detailed several of those programs, including a unit devoted in part to “discrediting” the agency’s enemies with false information spread online.
  • he documents in the archive show that the British are particularly aggressive and eager in this regard, and formally shared their methods with their U.S. counterparts. One previously undisclosed top-secret document–prepared by GCHQ for the 2010 annual “SIGDEV” gathering of the “Five Eyes” surveillance alliance comprising the UK, Canada, New Zealand, Australia, and the U.S.–explicitly discusses ways to exploit Twitter, Facebook, YouTube, and other social media as secret platforms for propaganda.
  • The document was presented by GCHQ’s Joint Threat Research Intelligence Group (JTRIG). The unit’s self-described purpose is “using online techniques to make something happen in the real or cyber world,” including “information ops (influence or disruption).” The British agency describes its JTRIG and Computer Network Exploitation operations as a “major part of business” at GCHQ, conducting “5% of Operations.” The annual SIGDEV conference, according to one NSA document published today by The Intercept, “enables unprecedented visibility of SIGINT Development activities from across the Extended Enterprise, Second Party and US Intelligence communities.” The 2009 Conference, held at Fort Meade, included “eighty-six representatives from the wider US Intelligence Community, covering agencies as diverse as CIA (a record 50 participants), the Air Force Research Laboratory and the National Air and Space Intelligence Center.” Defenders of surveillance agencies have often insinuated that such proposals are nothing more than pipe dreams and wishful thinking on the part of intelligence agents. But these documents are not merely proposals or hypothetical scenarios. As described by the NSA document published today, the purpose of SIGDEV presentations is “to synchronize discovery efforts, share breakthroughs, and swap knowledge on the art of analysis.”
  • ...5 more annotations...
  • (The GCHQ document also describes a practice called “credential harvesting,” which NBC described as an effort to “select journalists who could be used to spread information” that the government wants distributed. According to the NBC report, GCHQ agents would employ “electronic snooping to identify non-British journalists who would then be manipulated to feed information to the target of a covert campaign.” Then, “the journalist’s job would provide access to the targeted individual, perhaps for an interview.” Anonymous sources that NBC didn’t characterize claimed at the time that GCHQ had not employed the technique.) Whether governments should be in the business of publicly disseminating political propaganda at all is itself a controversial question. Such activities are restricted by law in many countries, including the U.S. In 2008, The New York Times’ David Barstow won a Pulitzer Prize for exposing a domestic effort coordinated by the Pentagon whereby retired U.S. generals posed as “independent analysts” employed by American television networks and cable news outlets as they secretly coordinated their messaging with the Pentagon.
  • The GCHQ document we are publishing today expressly contemplates exploiting social media venues such as Twitter, as well as other communications venues including email, to seed state propaganda–GHCQ’s word, not mine–across the internet:
  • For instance: One of the programs described by the newly released GCHQ document is dubbed “Royal Concierge,” under which the British agency intercepts email confirmations of hotel reservations to enable it to subject hotel guests to electronic monitoring. It also contemplates how to “influence the hotel choice” of travelers and to determine whether they stay at “SIGINT friendly” hotels. The document asks: “Can we influence the hotel choice? Can we cancel their visit?” Previously, der Spiegel and NBC News both independently confirmed that the “Royal Concierge” program has been implemented and extensively used. The German magazine reported that “for more than three years, GCHQ has had a system to automatically monitor hotel bookings of at least 350 upscale hotels around the world in order to target, search, and analyze reservations to detect diplomats and government officials.” NBC reported that “the intelligence agency uses the information to spy on human targets through ‘close access technical operations,’ which can include listening in on telephone calls and tapping hotel computers as well as sending intelligence officers to observe the targets in person at the hotels.”
  • Because American law bars the government from employing political propaganda domestically, that program was likely illegal, though no legal accountability was ever brought to bear (despite all sorts of calls for formal investigations). Barack Obama, a presidential candidate at the time, pronounced himself in a campaign press release “deeply disturbed” by the Pentagon program, which he said “sought to manipulate the public’s trust.” Propagandizing foreign populations has generally been more legally acceptable. But it is difficult to see how government propaganda can be segregated from domestic consumption in the digital age. If American intelligence agencies are adopting the GCHQ’s tactics of “crafting messaging campaigns to go ‘viral’,” the legal issue is clear: A “viral” online propaganda campaign, by definition, is almost certain to influence its own citizens as well as those of other countries.
  • But these documents, along with the AP’s exposure of the sham “Cuban Twitter” program, underscore how aggressively western governments are seeking to exploit the internet as a means to manipulate political activity and shape political discourse. Those programs, carried out in secrecy and with little accountability (it seems nobody in Congress knew of the “Cuban Twitter” program in any detail) threaten the integrity of the internet itself, as state-disseminated propaganda masquerades as free online speech and organizing. There is thus little or no ability for an internet user to know when they are being covertly propagandized by their government, which is precisely what makes it so appealing to intelligence agencies, so powerful, and so dangerous.
  • Paul Merrell on 06 Apr 14
     
    Glenn Greenwald drops a choice few new documents. Well worth viewing. 
Paul Merrell

DOJ Seeks Removal Of Restrictions On Computer Search Warrants - 0 views

www.mintpressnews.com/...190535

surveillance state digital-privacy remote-computer-search 4th Amendment

shared by Paul Merrell on 13 May 14 - No Cached
  • The Justice Department recently submitted proposed new rules on the procedures and practices of the department’s agencies and bureaus. Among the suggested changes is a modification of the Federal Rules of Criminal Procedure Rule 41(b), which empowers a federal court to issue a warrant allowing the federal government to conduct a search of a computer or computer network involved in a criminal investigation. Under current regulations, a warrant issued by a federal court is only valid in that court’s district. As there are 94 federal judicial districts, investigating a widespread attack may require either petitioning dozens of district courts or acting extrajudicially by not seeking a warrant. An extrajudicial investigation, however, cannot be used if criminal convictions are sought, as evidence gathered in this manner is not typically admissible in court. The Justice Department is seeking to make remote access warrants to search, seize and copy electronic information valid for all federal districts.
  • The Justice Department argues that due to the sophistication of cyber-criminals, an offending computer or computer cluster can sit in a district separate from the district where the hackers that infected the target computer anonymously are and separate from the investigators’ district. “Criminals are using multiple computers in many districts simultaneously as part of complex criminal schemes, and effectively investigating and disrupting these schemes often requires remote access to Internet-connected computers in many different districts,” wrote then-acting Assistant Attorney General Mythili Raman in a September letter to the Advisory Committee on the Criminal Rules. “Botnets are a significant threat to the public: they are used to conduct large-scale denial of service attacks, steal personal and financial data, and distribute malware designed to invade the privacy of users of the host computers,” Raman continued. In the letter, Raman cited an investigation of a child porn site that uses The Onion Router Network, or Tor, to anonymize its traffic. The Justice Department argues that it knows the site’s hosting server location, but without a warrant local to the server, the department is prevented from retrieving the server’s user records — including IP and MAC addresses. In most cases, however, law enforcement do not know the physical location of the site’s server, making it impossible to request a specific warrant.
  • In these cases, the Justice Department could request a blanket warrant. This would allow the department to set up a “zero-day” attack on the server — an attack exploiting a manufacturer-unknown or -permitted security flaw, allowing access to the system’s operating software. However, a Texas judge denied the FBI access to such a warrant, saying the Justice Department’s use of “zero-day” attacks in its investigation exposes the public and the target to unknown risks. One typical type of a “zero-day” attack is an infected email that could affect a large number of innocent people if the target used a public computer to access his email. The FBI planned to install a Remote Administration Tool, or RAT, which would distribute such emails in a partially-targeted spam mail distribution. Last year, Federal Magistrate Judge Stephen Smith of the Houston Division of the Southern District of Texas ruled that this was a gross overreach of investigatory intrusion, blocking the plan temporarily. A “zero-day” attack has the potential to activate and control the targeted computer’s peripherals, such as webcams and microphones.
  • ...2 more annotations...
  • Following this ruling, based on the assumptions that federal law enforcement fundamentally act in good faith and that there may be a legitimate need for remote exploitation of computer data, the Justice Department sought to introduce changes to the rules that would overcome Smith’s objections. The proposed change to Rule 41(b) would allow magistrate judges “… to issue a warrant to use remote access to search electronic storage media and to seize electronically stored information located within or outside that district.” The Justice Department has indicated that it wants warrants permitting multiple computers to be searched at the same time, as well as permission to search all of the email and social media accounts accessible from a single computer. Such access would constitute a violation of the Electronic Communications Privacy Act, as the government, under the act, must make demonstrate probable cause to each targeted service provider and obtain and serve a warrant for each service provider. A warrant to search every account active on a computer would be actively bypassing the act’s numerous safeguards.
  • Privacy advocates fear that this rule change would allow prosecutors and the Justice Department to seek out magistrates likely to give them their requested warrants, creating a situation in which the federal government could have a “warrant shop” with just one judge for the whole of the nation. In light of allegations of federal government over-policing — including revelations of aggressive domestic and international electronic spying by the FBI and the National Security Agency — many advocates argue that an examination of the federal government’s commitment to the Fourth Amendment is needed. “The proposed amendment would significantly expand the government’s authority to conduct remote searches of electronic storage media,” the American Civil Liberties Union wrote in a memorandum early last month. “It would also expand the government’s power to engage in computer hacking in the course of criminal investigations, including through the use of malware and other techniques that pose a risk to internet security and that raise Fourth Amendment and policy concerns. “In light of these concerns, the ACLU recommends that the Advisory Committee exercise extreme caution before granting the government new authority to remotely search individuals’ electronic data.” The rules are scheduled to be discussed at the meeting of the Judiciary’s Committee on Rules of Practice and Procedure later this month.
  • Paul Merrell on 13 May 14
     
    The proposed rule change is at pp. 499-501 here. http://www.uscourts.gov/uscourts/RulesAndPolicies/rules/Agenda%20Books/Standing/ST2014-05.pdf#page499 (very large PDF).  This is not just about the government being granted permission to exploit vulnerabilities unknown to the computer owner; the issue arose in a case where the government sought judicial permission to implant a Trojan Horse in a suspect's computer. Moreover, the proposed rule goes far beyond the confines of that case, purporting to authorize the government to skip merrily along searching computers not specified in the warrant, along the purported botnet. To put the icing on the cake, the government wants to be relieved from the requirement that they apply for a warrant in the district in which the computer to be searched is located. ("Oh, Goody! Let's start shopping around for the judges we like instead of the ones we are now required to persuade. What? The Mississippi judge refused to sign the warrant? Oh well, let's try it with that other judge we like, the one in Gnome, Alaska.") In other words, what the government seeks is authority for "general warrants," the very evil that the 4th Amendment was designed to outlaw. Even more outrageously, the proposed rule provides in part: "For a warrant to use remote access to search electronic storage media and seize or copy electronically stored information, the officer must make reasonable efforts to serve a copy of the warrant on the person whose property *was* searched or whose information *was* seized or copied. Service may be accomplished by any means, including electronic means, reasonably calculated to reach that person." Not the use of the past tense "was." So after they have drained your computer of all its data, they may permissibly install a batch file that will display a copy of the warrant on your monitor the next time you boot your computer. With a big red lipstick imprint of a kiss imprinted in the warrant's bottom margin, no doubt
  • Paul Merrell on 13 May 14
     
    The proposed rule change is at pp. 499-501 here. http://www.uscourts.gov/uscourts/RulesAndPolicies/rules/Agenda%20Books/Standing/ST2014-05.pdf#page499 (very large PDF).  This is not just about the government being granted permission to exploit vulnerabilities unknown to the computer owner; the issue arose in a case where the government sought judicial permission to implant a Trojan Horse in a suspect's computer. Moreover, the proposed rule goes far beyond the confines of that case, purporting to authorize the government to skip merrily along searching computers not specified in the warrant, along the purported botnet. To put the icing on the cake, the government wants to be relieved from the requirement that they apply for a warrant in the district in which the computer to be searched is located. In other words, what the government seeks is authority for "general warrants," the very evil that the 4th Amendment was designed to outlaw. Even more outrageously, the proposed rule provides in part: "For a warrant to use remote access to search electronic storage media and seize or copy electronically stored information, the officer must make reasonable efforts to serve a copy of the warrant on the person whose property *was* searched or whose information *was* seized or copied. Service may be accomplished by any means, including electronic means, reasonably calculated to reach that person." Not the use of the past tense "was." So after they have drained your computer of all its data, they may permissibly install a batch file that will display a copy of the warrant on your monitor the next time you boot your computer. With a big red lipstick imprint of a kiss imprinted at the bottom.  To be continued after this is intially posted to Diigo so the content isn't cut off.   
Gary Edwards

American Thinker: Taking Back Our Constitution by Anthony G.P. Marini - 0 views

www.americanthinker.com/...ing_back_our_constitution.html

Take-Back-America usa-constitution tea-party constitutional-conservatism

shared by Gary Edwards on 14 Aug 10 - Cached
  • However, any powers that the Congress derives regarding commerce activities arise from Article I, Section 8 of the Constitution: "[Congress has the power] To regulate Commerce with foreign Nations, and among the several States, and with the Indian tribes[.]"This clause was considered silent because lawmakers couldn't figure out a straight-faced way to exploit this narrowly-defined power: The actual wording gives Congress power to regulate commerce among the states, but not between individual citizens
  • So by conflating a generous reinterpretation with commerce-related laws, the Congress gave itself the authority to regulate individual citizens.
  • Congress required new powers of the purse...the power to tax outside of those powers explicitly set forth in Article I, Section 8 of the Constitution:
  • ...4 more annotations...
  • Congress was able to accomplish what was once unthinkable by past Congresses. Congress acquired the legislative tools required to implement a sweeping, socially progressive agenda using just two words: Commerce and Welfare.
  • two mid-1930s Supreme Court decisions2 did the Congress finally get their desired taxation superpowers.
  • clause. However actual expansions of these powers were a long time coming, and
  • not until
  • Gary Edwards on 14 Aug 10
     
    Americans, the Constitution of the United States of America doesn't belong to us anymore. We have let our guard down one too many times with regard to our constitutional responsibilities, rights, and liberties, and now elected politicians control the document. Because of a lack of vigilance and perhaps of laziness on our part, our representatives and our government constrain and dominate us using legislative powers obtained from interpretations, penumbrae, and self-serving close calls for scant (and vaguely defined) words in our Constitution. It took a long time for Congress and the government to amass these powers that they have taken from us, and they certainly won't relinquish them as easily as we gave them up. But with unflinching purpose, we must begin to take the Constitution back, as well as reimpose limits on congressional powers, for the sake of future Americans. The start of flagrant congressional abuse of the Constitution may be traced to the late 19th century1, when lawmakers found they could exploit the previously "silent" commerce clause. As Americans are highly dependent upon commerce, a government that can control all aspects of commerce is a very powerful government indeed. However, any powers that the Congress derives regarding commerce activities arise from Article I, Section 8 of the Constitution: "[Congress has the power] To regulate Commerce with foreign Nations, and among the several States, and with the Indian tribes[.]" This clause was considered silent because lawmakers couldn't figure out a straight-faced way to exploit this narrowly-defined power: The actual wording gives Congress power to regulate commerce among the states, but not between individual citizens. So by conflating a generous reinterpretation with commerce-related laws, the Congress gave itself the authority to regulate individual citizens.
Paul Merrell

Sorry for letting them snoop? Dell apologizes for 'inconvenience' caused by NSA backdoo... - 0 views

rt.com/...ell-appelbaum-30c3-apology-027

surveillance state NSA NSA-methods backdoors NSA-backdoors hardware

shared by Paul Merrell on 01 Jan 14 - No Cached
  • Security researcher Jacob Appelbaum dropped a bombshell of sorts earlier this week when he accused American tech companies of placing government-friendly backdoors in their devices. Now Texas-based Dell Computers is offering an apology. Or to put it more accurately, Dell told an irate customer on Monday that they “regret the inconvenience” caused by selling to the public for years a number of products that the intelligence community has been able to fully compromise in complete silence up until this week. Dell, Apple, Western Digital and an array of other Silicon Valley-firms were all name-checked during Appelbaum’s hour-long presentation Monday at the thirtieth annual Chaos Communication Congress in Hamburg, Germany. As RT reported then, the 30-year-old hacker-cum-activist unveiled before the audience at the annual expo a collection of never-before published National Security Agency documents detailing how the NSA goes to great lengths to compromise the computers and systems of groups on its long list of adversaries.
  • Spreading viruses and malware to infect targets and eavesdrop on their communications is just one of the ways the United States’ spy firm conducts surveillance, Appelbaum said. Along with those exploits, he added, the NSA has been manually inserting microscopic computer chips into commercially available products and using custom-made devices like hacked USB cables to silently collect intelligence. One of the most alarming methods of attack discussed during his address, however, comes as a result of all but certain collusion on the part of major United States tech companies. The NSA has information about vulnerabilities in products sold by the biggest names in the US computer industry, Appelbaum said, and at the drop off a hat the agency has the ability of launching any which type of attack to exploit the flaws in publically available products.
  • The NSA has knowledge pertaining to vulnerabilities in computer servers made by Dell and even Apple’s highly popular iPhone, among other devices, Appelbaum told his audience. “Hey Dell, why is that?” Appelbaum asked. “Love to hear your statement about that.”
  • ...4 more annotations...
  • Appelbaum didn’t leave Dell off the hook after revealing just that one exploit known to the NSA, however. Before concluding his presentation, he displayed a top-secret document in which the agency makes reference to a hardware implant that could be manually installed onto Dell PowerEdge servers to exploit the JTAG debugging interface on its processor — a critical circuitry component that apparently contains a vulnerability known to the US government. “Why did Dell leave a JTAG debugging interface on these servers?” asked Appelbaum. “Because it’s like leaving a vulnerability in. Is that a bugdoor, or a backdoor or just a mistake? Well hopefully they will change these things or at least make it so that if you were to see this, you would know that you have some problems. Hopefully Dell will release some information about how to mitigate this advance persistent threat.” Appelbaum also provoked Apple by acknowledging that the NSA boasts of being able to hack into any of their mobile devices running the iOS operating system. “Either they have a huge collection of exploits that work against Apple products — meaning they are hoarding information about critical systems American companies product and sabotaging them — or Apple sabotages it themselves,” he said.
  • @DellCares @dellcarespro Inconvenience? You got to be F*ckin kidding me! You place an NSA bug in our servers and call it an inconvenience? — Martijn Wismeijer (@twiet) December 31, 2013
  • TechDirt reporter Mike Masnick noticed early Tuesday that Dell’s official customer service Twitter account opted to issue a cookie-cutter response that drips of insincerity. “Thanks you for reaching out and regret the inconvenience,” the Dell account tweeted to Wismeijer. “Our colleagues at @DellCaresPro will be able to help you out.” “Inconvenience? You got to be F*ckin kidding me!” Wismeijer responded. “You place an NSA bug in our servers and call it an inconvenience?”
  • Security researcher Jacob Appelbaum dropped a bombshell of sorts earlier this week when he accused American tech companies of placing government-friendly backdoors in their devices. Now Texas-based Dell Computers is offering an apology. Or to put it more accurately, Dell told an irate customer on Monday that they “regret the inconvenience” caused by selling to the public for years a number of products that the intelligence community has been able to fully compromise in complete silence up until this week. Dell, Apple, Western Digital and an array of other Silicon Valley-firms were all name-checked during Appelbaum’s hour-long presentation Monday at the thirtieth annual Chaos Communication Congress in Hamburg, Germany. As RT reported then, the 30-year-old hacker-cum-activist unveiled before the audience at the annual expo a collection of never-before published National Security Agency documents detailing how the NSA goes to great lengths to compromise the computers and systems of groups on its long list of adversaries.
Paul Merrell

Who owns space? US asteroid-mining act is dangerous and potentially illegal - 0 views

theconversation.com/-and-potentially-illegal-51073

space-exploitation Congress Space Act of 2015

shared by Paul Merrell on 25 Nov 15 - No Cached
  • Nope, a flag is not enough to make the moon a colony.
  • An event of cosmic proportions occurred on November 18 when the US congress passed the Space Act of 2015 into law. The legislation will give US space firms the rights to own and sell natural resources they mine from bodies in space, including asteroids. Although the act, passed with bipartisan support, still requires President Obama’s signature, it is already the most significant salvo that has been fired in the ideological battle over ownership of the cosmos. It goes against a number of treaties and international customary law which already apply to the entire universe. The new law is nothing but a classic rendition of the “he who dares wins” philosophy of the Wild West. The act will also allow the private sector to make space innovations without regulatory oversight during an eight-year period and protect spaceflight participants from financial ruin. Surely, this will see private firms begin to incorporate the mining of asteroids into their investment plans.
  • Supporters argue that the US Space Act is a bold statement that finally sets private spaceflight free from the heavy regulation of the US government. The misdiagnosis begins here. Space exploration is a universal activity and therefore requires international regulation. The act represents a full-frontal attack on settled principles of space law which are based on two basic principles: the right of states to scientific exploration of outer space and its celestial bodies and the prevention of unilateral and unbriddled commercial exploitation of outer-space resources. These principles are found in agreements including the Outer Space Treaty of 1967 and the Moon Agreement of 1979. The US House Committee on Science, Space and Technology denies there is anything in the act which violates the US’s international obligations. According to this body, the right to extract and use resources from celestial bodies “is affirmed by State practice and by the US State Department in Congressional testimony and written correspondence”. Crucially, there is no specific reference to international law in this statement. Simply relying on US legislation and policy statements to justify the plans is obviously insufficient.
  • ...5 more annotations...
  • Gbenga Oduntan is the author of Sovereignty and Jurisdiction in Airspace and Outer Space: Legal Criteria for Spatial Delimitation. London: Routledge-Cavendish 2012. https://www.routledge.com/products/9780415562126
  • Ever since NASA discovered signs of liquid water on Mars, concerns have been raised about the risk of contaminating the red planet.
  • So what’s at stake? We can assume that the list of states that have access to outer space – currently a dozen or so – will grow. These states may also shortly respond with mining programmes of their own. That means that the pristine conditions of the cradle of nature from which our own Earth was born may become irrevocably altered forever – making it harder to trace how we came into being. Similarly, if we started contaminating celestial bodies with microbes from Earth, it could ruin our chances of ever finding alien life there. Mining minerals in space could also damage the environment around the Earth and eventually lead to conflict over resources. Indeed what right has the second highest polluter of the Earth’s environment got to proceed with some of the same corporations in a bid to plunder outer space? While we’re not there yet, developments towards actual space mining may begin to occur within a decade.
  • Ultimately, the US plans must be understood in the light of existing rules of space law. Money is not a dirty word in space – the total value of the satellite telecommunications industry in 2013 was more than $195bn. Free market principles also apply to the operations of the International Space Station. So, let’s get down to the nitty-gritty.
  • Currently corporations can exploit outer space in a number of ways, including for space tourism and scientific training. Companies may also be allowed to extract certain resources, but the very first provision of the Outer Space Treaty (1967), to which the US is a signatory, is that such exploration and use shall be carried out for the benefit and in the interests of all countries. This therefore prevents the sale of space-based minerals for profit. The treaty also states that outer space shall be the “province of all mankind … and that states shall avoid harmful contamination of space". Meanwhile, the Moon Agreement (1979) has in effect forbidden states to conduct commercial mining on planets and asteroids until there is an international regime for such exploitation. While the US has refused to sign up to this, it is binding as customary international law. The idea that American companies can on the basis of domestic laws alone systematically exploit mineral resources in space, despite huge environmental risks, really amounts to the audacity of greed. The Romans had this all correctly figured out in their legal maxim: “What concerns all must be decided upon by all.”
Gary Edwards

The Libertarian View: Are Tariffs Bad? - 1 views

www.ronpaulforums.com/showthread.php

Libertarian Austrian-Economics Tariffs-NAFTA China Ron-Paul

shared by Gary Edwards on 26 Jan 12 - No Cached
  • Gary Edwards on 26 Jan 12
     
    As many know, i spent quite a bit of time working for a Chinese Company seeking to enter the USA-European software market.  My task was to research the market, discover and define a market opportunity, design the product, and then work as product manager to get that service to market.  I took this job to better understand the Chinese marketplace and how sovereign Chinese companies work.  What i learned is how the Chinese seek to exploit and totally dominate open markets.  Software is just a category whose time has come.  and there are thousands of Chinese companies lining up.  The first step though is to fine tune the existing blueprint used by other Sina sovereigns.  amazing stuff. My take away from this experience is that the USA MUST set up a 30% tariff on ALL imports, and do so IMMEDIATELY!!!  Yesterday is not soon enough! As a newly minted libertarian, i wondered about the obvious conflict with Austrian Economics and their dedication to free markets and free trade?  I found the answer at this Libertarian forum, where many members were in heated discussion.  Comment #7 sums it up best i think.  Including a link to Ron Paul's Tariff-NAFTA speech. The thing is, the 30% Tariff should be part of an overall TAX REDUCTION PLAN.  I support the FAIR TAX and the Balanced Budget Amendment.  As an alternative to the Fair Tax, I would also support a 17% flat tax with no exceptions.  The ideal situation being an immediate, uncompromising, no exceptions 30% tariff on ALL imports coupled with the Fair Tax and the Balanced Budget Amendment.   And yes, i do believe this plan is consistent with the Founding Fathers Constitution.  But it took some kind of research to establish that opinion.   I've also concluded that "conservatism" is a convenient philosophical vehicle for the corrupt crony corporatism of both the military-industrial-complex, banksters and, international corporations.  Free trade and open markets concepts are perverted to become a thin veil
Gary Edwards

Google News - 0 views

news.google.com/?ar=1375391426

Libertarians freedom-liberty freedom-tyranny authoritarianism-individual-liberty

shared by Gary Edwards on 01 Aug 13 - No Cached
  • Gary Edwards on 01 Aug 13
     
    WOW!!! Incredible presentation concerning the history of Freedom vs. Tyranny. WOW!! If ever there's a MUST Watch, this is it. Very impressive and sweeping comparison of how authoritarian collectivist seize power in a free society and establish their tyrannies. My notes are listed below: How to recognize potential tyrants and keep them from seizing power. The urge to save humanity is always used to justify those who want to rule humanity. - ML Menken Daniel Webster on the Constitution Obstacles to Tyranny : Limited powers of government .... Due Process .... Presumption of Innocence .... Freedom to Dissent .... Armed Populace: The right to be Armed! Due Process .... 5th Amendment .... Emergency powers. there is no authorization in the US Constitution to suspend Due Process or any aspect of the Bill of Rights .... Asset Seizure Laws for criminal activities (alleged - without warrant or court order) .... Eminent Domain: seizure of private property for government uses: 2005 Kelo vs New London seizure based on jobs (economy) and tax revenue possibilities. .... 6th Amendment - right to trial by jury : plea bargaining admonition based on facing the awesome power of the government to prosecute no matter what - intimidation and threat of personal destruction. .... Forced confessions through plea bargaining. .... Indefinite detention without trial or charges: President has power to kill or issue orders without warrant, charges or trial .... Presumption of Innocence: Probable Cause .... Random stops at Border check points. 5th Amendment protections violated .... Sobriety Check Points: 4th and 5th Amendments violated - no presumption of innocence .... Random detention and questioning: airport security pat downs, housing projects, bus transportation .... The Right to Privacy: financial transactions and the IRS audit (without warrant or accusation) .... Warrant-less Spying .... Agents writing their own search warrants .... Snatch and Peek Freedom to Disse
Paul Merrell

FBI Admits It Controlled Tor Servers Behind Mass Malware Attack | Threat Level | Wired.com - 0 views

www.wired.com/...freedom-hosting-fbi

surveillance state FBI Tor NSA

shared by Paul Merrell on 05 Oct 13 - No Cached
  • It wasn’t ever seriously in doubt, but the FBI yesterday acknowledged that it secretly took control of Freedom Hosting last July, days before the servers of the largest provider of ultra-anonymous hosting were found to be serving custom malware designed to identify visitors. Freedom Hosting’s operator, Eric Eoin Marques, had rented the servers from an unnamed commercial hosting provider in France, and paid for them from a bank account in Las Vegas. It’s not clear how the FBI took over the servers in late July, but the bureau was temporarily thwarted when Marques somehow regained access and changed the passwords, briefly locking out the FBI until it gained back control. The new details emerged in local press reports from a Thursday bail hearing in Dublin, Ireland, where Marques, 28, is fighting extradition to America on charges that Freedom Hosting facilitated child pornography on a massive scale. He was denied bail today for the second time since his arrest in July. Freedom Hosting was a provider of turnkey “Tor hidden service” sites — special sites, with addresses ending in .onion, that hide their geographic location behind layers of routing, and can be reached only over the Tor anonymity network. Tor hidden services are used by sites that need to evade surveillance or protect users’ privacy to an extraordinary degree – including human rights groups and journalists. But they also appeal to serious criminal elements, child-pornography traders among them.
  • On August 4, all the sites hosted by Freedom Hosting — some with no connection to child porn — began serving an error message with hidden code embedded in the page. Security researchers dissected the code and found it exploited a security hole in Firefox to identify users of the Tor Browser Bundle, reporting back to a mysterious server in Northern Virginia. The FBI was the obvious suspect, but declined to comment on the incident. The FBI also didn’t respond to inquiries from WIRED today. But FBI Supervisory Special Agent J. Brooke Donahue was more forthcoming when he appeared in the Irish court yesterday to bolster the case for keeping Marques behind bars, according to local press reports. Among the many arguments Donahue and an Irish police inspector offered was that Marques might reestablish contact with co-conspirators, and further complicate the FBI probe. In addition to the wrestling match over Freedom Hosting’s servers, Marques allegedly dove for his laptop when the police raided him, in an effort to shut it down.
  • The apparent FBI-malware attack was first noticed on August 4, when all of the hidden service sites hosted by Freedom Hosting began displaying a “Down for Maintenance” message. That included at least some lawful websites, such as the secure email provider TorMail. Some visitors looking at the source code of the maintenance page realized that it included a hidden iframe tag that loaded a mysterious clump of Javascript code from a Verizon Business internet address. By midday, the code was being circulated and dissected all over the net. Mozilla confirmed the code exploited a critical memory management vulnerability in Firefox that was publicly reported on June 25, and is fixed in the latest version of the browser. Though many older revisions of Firefox were vulnerable to that bug, the malware only targeted Firefox 17 ESR, the version of Firefox that forms the basis of the Tor Browser Bundle – the easiest, most user-friendly package for using the Tor anonymity network. That made it clear early on that the attack was focused specifically on de-anonymizing Tor users. Tor Browser Bundle users who installed or manually updated after June 26 were safe from the exploit, according to the Tor Project’s security advisory on the hack.
  • ...2 more annotations...
  • Perhaps the strongest evidence that the attack was a law enforcement or intelligence operation was the limited functionality of the malware. The heart of the malicious Javascript was a tiny Windows executable hidden in a variable named “Magneto.” A traditional virus would use that executable to download and install a full-featured backdoor, so the hacker could come in later and steal passwords, enlist the computer in a DDoS botnet, and generally do all the other nasty things that happen to a hacked Windows box. But the Magneto code didn’t download anything. It looked up the victim’s MAC address — a unique hardware identifier for the computer’s network or Wi-Fi card — and the victim’s Windows hostname. Then it sent it to a server in Northern Virginia server, bypassing Tor, to expose the user’s real IP address, coding the transmission as a standard HTTP web request.
  • The official IP allocation records maintained by the American Registry for Internet Numbers show the two Magneto-related IP addresses were part of a ghost block of eight addresses that have no organization listed. Those addresses trace no further than the Verizon Business data center in Ashburn, Virginia, 20 miles northwest of the Capital Beltway. The code’s behavior, and the command-and-control server’s Virginia placement, is also consistent with what’s known about the FBI’s “computer and internet protocol address verifier,” or CIPAV, the law enforcement spyware first reported by WIRED in 2007. Court documents and FBI files released under the FOIA have described the CIPAV as software the FBI can deliver through a browser exploit to gather information from the target’s machine and send it to an FBI server in Virginia. The FBI has been using the CIPAV since 2002 against hackers, online sexual predators, extortionists, and others, primarily to identify suspects who are disguising their location using proxy servers or anonymity services, like Tor. Prior to the Freedom Hosting attack, the code had been used sparingly, which kept it from leaking out and being analyzed.
  • Paul Merrell on 05 Oct 13
     
    Taking down the entire Freedom Hosting service because some content was kiddie porn is reminiscent of the U.S. government's proxy take-down of Mega-Upload in New Zealand. Such actions that disable legitimate users or deny access to their data are in my opinion violative of the 1st and 4th Amendments.  It suppresses the Freedom of Speech and seizes more than the 4th Amendment allows.  That our own government would use malware for surveillance purposes under any circumstance is just plain chilling.
Paul Merrell

Turkey Cooks the Books in Syria | The American Conservative - 0 views

www.theamericanconservative.com/...urkey-cooks-the-books-in-syria

war & peace Syria Turkey U.S.-foreign-policy false-flag

shared by Paul Merrell on 25 Apr 14 - No Cached
  • If you had been a reader of The American Conservative magazine back in December 2011, you might have learned from an article written by me that “Unmarked NATO warplanes are arriving at Turkish military bases close to Iskenderum on the Syrian border, delivering weapons [to the Free Syrian Army] derived from Colonel Muammar Gaddafi’s arsenals…” Well, it seems that the rest of the media is beginning to catch up with the old news, supplemented with significant details by Sy Hersh in the latest issue of the London Review of Books in an article entitled “The Red Line and the Rat Line.” The reality is that numerous former intelligence officials, like myself, have long known most of the story surrounding the on-again off-again intervention by the United States and others in Syria, but what was needed was a Sy Hersh, with his unmatched range of contacts deep in both the Pentagon as well as at CIA and State Department, to stitch it all together with corroboration from multiple sources. In a sense it was a secret that wasn’t really very well hidden but which the mainstream media wouldn’t touch with a barge pole because it revealed that the Obama Administration, just like the Bushies who preceded it, has been actively though clandestinely conspiring to overthrow yet another government in the Middle East. One might well conclude that the White House is like the Bourbon Kings of France in that it never forgets anything but never learns anything either.
  • The few media outlets that are willing to pick up the Syria story even now are gingerly treating it as something new, jumping in based on their own editorial biases, sometimes emphasizing the CIA and MI6 role in cooperating with the Turks to undermine Bashar al-Assad. But Hersh’s tale is only surprising if one had not been reading between the lines over the past three years, where the clandestine role of the British and American governments was evident and frequently reported on over the internet and, most particularly, in the local media in the Middle East. Far from being either rogue or deliberately deceptive, operations by the U.S. and UK intelligence services, the so-called “ratlines” feeding weapons into Syria, were fully vetted and approved by both the White House and Number 10 Downing Street. The more recent exposure of the Benghazi CIA base’s possible involvement in obtaining Libyan arms as part of the process of equipping the Syrian insurgents almost blew the lid off of the arrangement but somehow the media attention was diverted by a partisan attack on the Obama Administration over who said what and when to explain the security breakdown and the real story sank out of sight.
  • So this is what happened, roughly speaking: the United States had been seeking the ouster of President Bashar al-Assad of Syria since at least 2003, joining with Saudi Arabia, which had been funding efforts to destabilize his regime even earlier. Why? Because from the Saudi viewpoint Syria was an ally of Iran and was also a heretical state led by a secular government dominated by Alawite Muslims, viewed as being uncomfortably close to Shi’ites in their apostasy. From the U.S. viewpoint, the ties to Iran and reports of Syrian interference in Lebanon were a sufficient casus belli coupled with a geostrategic assessment shared with the Saudis that Syria served as the essential land bridge connecting Hezbollah in Lebanon to Iran. The subsequent Congressional Syria Accountability Acts of 2004 and 2010, like similar legislation directed against Iran, have resulted in little accountability and have instead stifled diplomacy. They punished Syria with sanctions for supporting Hezbollah in Lebanon and for its links to Tehran, making any possible improvement in relations problematical. The 2010 Act even calls for steps to bring about regime change in Damascus. The United States also engaged in a program eerily reminiscent of its recent moves to destabilize the government in Ukraine, i.e., sending in ambassadors and charges who deliberately provoked the Syrian government by meeting with opposition leaders and openly making demands for greater democracy. The last U.S. Ambassador to Syria Robert Ford spoke openly in support of the protesters while serving in Damascus in 2010. On one occasion he was pelted with tomatoes and was eventually removed over safety concerns.
  • ...4 more annotations...
  • Lost in translation is the fact that Washington’s growing support for radical insurgency in Syria would also inevitably destabilize all its neighbors, most notably including Iraq, which has indeed been the case, making a shambles of U.S. claims that it was seeking to introduce stable democracies into the region. Some also saw irony in the fact that a few years before Washington decided al-Assad was an enemy it had been sending victims of the CIA’s rendition program to Syria, suggesting that at least some short-term and long-term strategies were on a collision course from the start, if indeed the advocates of the two policies were actually communicating with each other at all. Prime Minister Recep Tayyip Erdogan of Turkey, whose country shared a long border with Syria and who had legitimate security concerns relating to Kurdish separatists operating out of the border region, became the proxy in the secret war for Washington and its principal European allies, the British and French. When the U.S.-Saudi supported insurgency began to heat up and turn violent, Turkey became the key front line state in pushing for aggressive action against Damascus. Erdogan miscalculated, thinking that al-Assad was on his last legs, needing only a push to force him out, and Ankara saw itself as ultimately benefiting from a weak Syria with a Turkish-controlled buffer zone along the border to keep the Kurds in check.
  • Hersh reports how President Barack Obama had to back down from attacking Syria when the Anglo-American intelligence community informed him flatly and unambiguously that Damascus was not responsible for the poison gas attack that took place in Damascus on August 21, 2013 that was being exploited as a casus belli. The information supporting that assertion was known to many like myself who move around the fringes of the intelligence community, but the real revelation from Hersh is the depth of Turkish involvement in the incident in order to have the atrocity be exploitable as a pretext for American armed intervention, which, at that point, Erdogan strongly desired. As the use of weapons of mass destruction against civilians was one of the red lines that Obama had foolishly promoted regarding Syria Erdogan was eager to deliver just that to force the U.S.’s hand. Relying on unidentified senior U.S. intelligence sources, Hersh demonstrates how Turkey’s own preferred militant group Jabhat al-Nusra, which is generally regarded as an al-Qaeda affiliate, apparently used Turkish-provided chemicals and instructions to stage the attack.
  • Is it all true? Unless one has access to the same raw information as Sy Hersh it is difficult to say with any certainty, but I believe I know who some of the sources are and they both have good access to intelligence and are reliable. Plus, the whole narrative has an undeniable plausibility, particularly if one also considers other evidence of Erdogan’s willingness to take large risks coupled with a more general Turkish underhandedness relating to Syria. On March 23rd, one week before local elections in Turkey that Erdogan feared would go badly for him, a Turkish air force F-16 shot down a Syrian Mig-23, claiming that it had strayed half a mile into Turkish airspace. The pilot who bailed out, claimed that he was attacking insurgent targets at least four miles inside the border when he was shot down, an assertion borne out by physical evidence as the plane’s remains landed inside Syria. Was Erdogan demonstrating how tough he could be just before elections? Possibly.
  • Critics of Hersh claim that the Turks would be incapable of carrying out such a grand subterfuge, but I would argue that putting together some technicians, chemicals, and a couple of trucks to carry the load are well within the capability of MIT, an organization that I have worked with and whose abilities I respect. And one must regard with dismay the “tangled webs we weave,” with due credit to Bobby Burns, for what has subsequently evolved in Syria. Allies like Turkey that are willing to cook the books to bring about military action are exploiting the uncertainty of a White House that continues to search for foreign policy successes while simultaneously being unable to define any genuine American interests. Syria is far from an innocent in the ensuing mayhem, but it has become the fall guy for a whole series of failed policies. Turkey meanwhile has exploited the confusion to clamp down on dissent and to institutionalize Erdogan’s authoritarian inclinations. Ten years of American-licensed meddling combined with obliviousness to possible consequences has led to in excess of 100,000 dead Syrians and the introduction of large terrorist infrastructures into the Arab heartland, yet another foreign policy disaster in the making with no clear way out.
  • Paul Merrell on 25 Apr 14
     
    Former CIA officer Philip Giraldi adds valuable context to revelations of Turkey's involvement in the false flag Sarin gas attack in Syria and in Turkey's follow-up plan to stage a false flag attack on a Turkish tomb in Syria as a pretext for Turkish invasion of Syria. 
Paul Merrell

Boycott, Divest and Sanction Corporations That Feed on Prisons  :    Informat... - 0 views

www.informationclearinghouse.info/article41455.htm

incarceration-nation for-profit-prisons boycott

shared by Paul Merrell on 09 Apr 15 - No Cached
  • All attempts to reform mass incarceration through the traditional mechanisms of electoral politics, the courts and state and federal legislatures are useless. Corporations, which have turned mass incarceration into a huge revenue stream and which have unchecked political and economic power, have no intention of diminishing their profits. And in a system where money has replaced the vote, where corporate lobbyists write legislation and the laws, where chronic unemployment and underemployment, along with inadequate public transportation, sever people in marginal communities from jobs, and where the courts are a wholly owned subsidiary of the corporate state, this demands a sustained, nationwide revolt. “Organizing boycotts, work stoppages inside prisons and the refusal by prisoners and their families to pay into the accounts of phone companies and commissary companies is the only weapon we have left,” said Amos Caley, who runs the Interfaith Prison Coalition, a group formed by prisoners, the formerly incarcerated, their families and religious leaders.
  • These boycotts, they said, will be directed against the private phone, money transfer and commissary companies, and against the dozens of corporations that exploit prison labor. The boycotts will target food and merchandise vendors, construction companies, laundry services, uniforms companies, prison equipment vendors, cafeteria services, manufacturers of pepper spray, body armor and the array of medieval instruments used for the physical control of prisoners, and a host of other contractors that profit from mass incarceration. The movement will also call on institutions, especially churches and universities, to divest from corporations that use prison labor. The campaign, led by the Interfaith Prison Coalition, will include a call to pay all prisoners at least the prevailing minimum wage of the state in which they are held. (New Jersey’s minimum wage is $8.38 an hour.) Wages inside prisons have remained stagnant and in real terms have declined over the past three decades. A prisoner in New Jersey makes, on average, $1.20 for eight hours of work, or about $28 a month. Those incarcerated in for-profit prisons earn as little as 17 cents an hour. Over a similar period, phone and commissary corporations have increased fees and charges often by more than 100 percent. There are nearly 40 states that allow private corporations to exploit prison labor. And prison administrators throughout the country are lobbying corporations that have sweatshops overseas, trying to lure them into the prisons with guarantees of even cheaper labor and a total absence of organizing or coordinated protest.
  • Corporations currently exploiting prison labor include Abbott Laboratories, AT&T, AutoZone, Bank of America, Bayer, Berkshire Hathaway, Cargill, Caterpillar, Chevron, the former Chrysler Group, Costco Wholesale, John Deere, Eddie Bauer, Eli Lilly, ExxonMobil, Fruit of the Loom, GEICO, GlaxoSmithKline, Glaxo Wellcome, Hoffmann-La Roche, International Paper, JanSport, Johnson & Johnson, Kmart, Koch Industries, Mary Kay, McDonald’s, Merck, Microsoft, Motorola, Nintendo, Pfizer, Procter & Gamble, Quaker Oats, Sarah Lee, Sears, Shell, Sprint, Starbucks, State Farm Insurance, United Airlines, UPS, Verizon, Victoria’s Secret, Wal-Mart and Wendy’s.
  • ...4 more annotations...
  • “Prisoner telephone rates in New Jersey are some of the highest in the country,” Caley said. “Global Tel Link charges prisoners and their families $4.95 for a 15-minute phone call, which is about two and a half times the national average for local inmate calling services.”
  • Prison phone services are a $1.2-billion-a-year industry. Prisoners outside New Jersey are charged by Global Tel Link, which makes about $500 million a year, as much as $17 for a 15-minute phone call. A call of that duration outside a prison would cost about $2. If a customer deposits $25 into a Global Tel Link phone account, he or she must pay an additional service charge of $6.95. And Global Tel Link is only one of several large corporations that exploit prisoners and their families. JPay is a corporation that deals in privatized money transfers to prisoners. It controls money transfers for about 70 percent of the prison population. The company charges families that put money into prisoners’ accounts additional service fees of as much as 45 percent. JPay generates more than $50 million a year in revenue. The Keefer Group, which controls prison commissaries in more than 800 public and private prisons, and which often charges prisoners double what items cost outside prison walls, makes $41 million a year in profit.
  • Prisons, to swell corporate profits, force prisoners to pay for basic items including shoes. Prisoners in New Jersey pay $45 for a pair of basic Reebok shoes—almost twice the average monthly wage. If a prisoner needs an insulated undergarment or an extra blanket to ward off the cold at night he must buy it. Packages from home, once permitted, have been banned to force prisoners to buy grossly overpriced items at the commissary or company-run store. Some states have begun to charge prisoners rent. This gouging is burying many prisoners and their families in crippling debt, debt that prisoners carry when they are released from prison. The United States has 2.3 million people in prison, 25 percent of the world’s prison population, although we are only 5 percent of the world’s population. We have increased our prison population by about 700 percent since 1970. Corporations control about 18 percent of federal prisoners and 6.7 percent of all state prisoners. And corporate prisons account for nearly all newly built prisons. Nearly half of all immigrants detained by the federal government are shipped to corporate-run prisons. And slavery is legal in prisons under the 13th Amendment of the U.S. Constitution. It reads: “Neither slavery nor involuntary servitude, except as punishment for crime whereof the party shall have been duly convicted, shall exist within the United States.”
  • Vast sums are at stake. The for-profit prison industry is worth $70 billion. Corrections Corporation of America (CCA), the largest owner of for-profit prisons and immigration detention facilities in the country, had revenues of $1.7 billion in 2013 and profits of $300 million. CCA holds an average of 81,384 inmates in its facilities on any one day. Aramark Holdings Corp., a Philadelphia-based company that contracts through Aramark Correctional Services to provide food to 600 correctional institutions across the United States, was acquired in 2007 for $8.3 billion by investors that included Goldman Sachs. And, as in the wider society, while members of a tiny, oligarchic corporate elite each are paid tens or even hundreds of millions of dollars annually, the workers who generate these profits live in misery.  “It is an abomination that prisoners are paid 22 cents an hour, $1.20 cents a day,” Larry Hamm told the Newark meeting. “Every prisoner should get the minimum wage of New Jersey, $8.38 per hour.”
  • Paul Merrell on 09 Apr 15
     
    Why pay a liveable wage to American workers if you can get prison labor for less than market prices in Bangla Desh? The prison telephone racket has bothered me for many years. The FCC authorized no-limit telephone charges for prisoners and their families on the simplistic grounds of, "well, they prisoners who have reduced civil rights anyway. But it ignored that most prison phone calls are collect calls to families on the outside, who are not prisoners and still have their full civil rights. The for-profit prison industry is a prime example of not thinking things through before privatizing a formerly government function. Privatization creates a lobby for the industry, as Americans have learned all to well with the privatization of most Dept. of Defense work other than actual combat.   Already, for profit prison industries are showing up in state legislatures to demand longer prison sentences. They were the prime movers behind the "mandatory minimum sentence" movement, which has stuffed prisons to overflowing. 
Paul Merrell

Leaked docs show spyware used to snoop on US computers | Ars Technica - 0 views

arstechnica.com/...-used-to-snoop-on-us-computers

surveillance state Gamma-Group FinFisher zero-day-exploits Vupen-Security MSOffice MSIE Acrobat

shared by Paul Merrell on 10 Aug 14 - No Cached
  • Software created by the controversial UK-based Gamma Group International was used to spy on computers that appear to be located in the United States, the UK, Germany, Russia, Iran, and Bahrain, according to a leaked trove of documents analyzed by ProPublica. It's not clear whether the surveillance was conducted by governments or private entities. Customer e-mail addresses in the collection appeared to belong to a German surveillance company, an independent consultant in Dubai, the Bosnian and Hungarian Intelligence services, a Dutch law enforcement officer, and the Qatari government.
  • The leaked files—which were posted online by hackers—are the latest in a series of revelations about how state actors including repressive regimes have used Gamma's software to spy on dissidents, journalists, and activist groups. The documents, leaked last Saturday, could not be readily verified, but experts told ProPublica they believed them to be genuine. "I think it's highly unlikely that it's a fake," said Morgan Marquis-Bore, a security researcher who while at The Citizen Lab at the University of Toronto had analyzed Gamma Group's software and who authored an article about the leak on Thursday. The documents confirm many details that have already been reported about Gamma, such as that its tools were used to spy on Bahraini activists. Some documents in the trove contain metadata tied to e-mail addresses of several Gamma employees. Bill Marczak, another Gamma Group expert at the Citizen Lab, said that several dates in the documents correspond to publicly known events—such as the day that a particular Bahraini activist was hacked.
  • The leaked files contain more than 40 gigabytes of confidential technical material, including software code, internal memos, strategy reports, and user guides on how to use Gamma Group software suite called FinFisher. FinFisher enables customers to monitor secure Web traffic, Skype calls, webcams, and personal files. It is installed as malware on targets' computers and cell phones. A price list included in the trove lists a license of the software at almost $4 million. The documents reveal that Gamma uses technology from a French company called Vupen Security that sells so-called computer "exploits." Exploits include techniques called "zero days" for "popular software like Microsoft Office, Internet Explorer, Adobe Acrobat Reader, and many more." Zero days are exploits that have not yet been detected by the software maker and therefore are not blocked.
  • ...2 more annotations...
  • Many of Gamma's product brochures have previously been published by the Wall Street Journal and Wikileaks, but the latest trove shows how the products are getting more sophisticated. In one document, engineers at Gamma tested a product called FinSpy, which inserts malware onto a user's machine, and found that it could not be blocked by most antivirus software. Documents also reveal that Gamma had been working to bypass encryption tools including a mobile phone encryption app, Silent Circle, and were able to bypass the protection given by hard-drive encryption products TrueCrypt and Microsoft's Bitlocker.
  • The documents also describe a "country-wide" surveillance product called FinFly ISP which promises customers the ability to intercept Internet traffic and masquerade as ordinary websites in order to install malware on a target's computer. The most recent date-stamp found in the documents is August 2, coincidung with the first tweet by a parody Twitter account, @GammaGroupPR, which first announced the hack and may be run by the hacker or hackers responsible for the leak. On Reddit, a user called PhineasFisher claimed responsibility for the leak. "Two years ago their software was found being widely used by governments in the middle east, especially Bahrain, to hack and spy on the computers and phones of journalists and dissidents," the user wrote. The name on the @GammaGroupPR Twitter account is also "Phineas Fisher." GammaGroup, the surveillance company whose documents were released, is no stranger to the spotlight. The security firm F-Secure first reported the purchase of FinFisher software by the Egyptian State Security agency in 2011. In 2012, Bloomberg News and The Citizen Lab showed how the company's malware was used to target activists in Bahrain. In 2013, the software company Mozilla sent a cease-and-desist letter to the company after a report by The Citizen Lab showed that a spyware-infected version of the Firefox browser manufactured by Gamma was being used to spy on Malaysian activists.
1 - 20 of 170 Next › Last »
Showing 20 items per page