Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged exploits

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

Cy Vance's Proposal to Backdoor Encrypted Devices Is Riddled With Vulnerabilities | Jus... - 0 views

www.justsecurity.org/...evices-riddled-vulnerabilities

surveillance state encryption-backdoors Vance tyranny right-to-whisper

shared by Paul Merrell on 11 Dec 15 - No Cached
  • Less than a week after the attacks in Paris — while the public and policymakers were still reeling, and the investigation had barely gotten off the ground — Cy Vance, Manhattan’s District Attorney, released a policy paper calling for legislation requiring companies to provide the government with backdoor access to their smartphones and other mobile devices. This is the first concrete proposal of this type since September 2014, when FBI Director James Comey reignited the “Crypto Wars” in response to Apple’s and Google’s decisions to use default encryption on their smartphones. Though Comey seized on Apple’s and Google’s decisions to encrypt their devices by default, his concerns are primarily related to end-to-end encryption, which protects communications that are in transit. Vance’s proposal, on the other hand, is only concerned with device encryption, which protects data stored on phones. It is still unclear whether encryption played any role in the Paris attacks, though we do know that the attackers were using unencrypted SMS text messages on the night of the attack, and that some of them were even known to intelligence agencies and had previously been under surveillance. But regardless of whether encryption was used at some point during the planning of the attacks, as I lay out below, prohibiting companies from selling encrypted devices would not prevent criminals or terrorists from being able to access unbreakable encryption. Vance’s primary complaint is that Apple’s and Google’s decisions to provide their customers with more secure devices through encryption interferes with criminal investigations. He claims encryption prevents law enforcement from accessing stored data like iMessages, photos and videos, Internet search histories, and third party app data. He makes several arguments to justify his proposal to build backdoors into encrypted smartphones, but none of them hold water.
  • Before addressing the major privacy, security, and implementation concerns that his proposal raises, it is worth noting that while an increase in use of fully encrypted devices could interfere with some law enforcement investigations, it will help prevent far more crimes — especially smartphone theft, and the consequent potential for identity theft. According to Consumer Reports, in 2014 there were more than two million victims of smartphone theft, and nearly two-thirds of all smartphone users either took no steps to secure their phones or their data or failed to implement passcode access for their phones. Default encryption could reduce instances of theft because perpetrators would no longer be able to break into the phone to steal the data.
  • Vance argues that creating a weakness in encryption to allow law enforcement to access data stored on devices does not raise serious concerns for security and privacy, since in order to exploit the vulnerability one would need access to the actual device. He considers this an acceptable risk, claiming it would not be the same as creating a widespread vulnerability in encryption protecting communications in transit (like emails), and that it would be cheap and easy for companies to implement. But Vance seems to be underestimating the risks involved with his plan. It is increasingly important that smartphones and other devices are protected by the strongest encryption possible. Our devices and the apps on them contain astonishing amounts of personal information, so much that an unprecedented level of harm could be caused if a smartphone or device with an exploitable vulnerability is stolen, not least in the forms of identity fraud and credit card theft. We bank on our phones, and have access to credit card payments with services like Apple Pay. Our contact lists are stored on our phones, including phone numbers, emails, social media accounts, and addresses. Passwords are often stored on people’s phones. And phones and apps are often full of personal details about their lives, from food diaries to logs of favorite places to personal photographs. Symantec conducted a study, where the company spread 50 “lost” phones in public to see what people who picked up the phones would do with them. The company found that 95 percent of those people tried to access the phone, and while nearly 90 percent tried to access private information stored on the phone or in other private accounts such as banking services and email, only 50 percent attempted contacting the owner.
  • ...8 more annotations...
  • Vance attempts to downplay this serious risk by asserting that anyone can use the “Find My Phone” or Android Device Manager services that allow owners to delete the data on their phones if stolen. However, this does not stand up to scrutiny. These services are effective only when an owner realizes their phone is missing and can take swift action on another computer or device. This delay ensures some period of vulnerability. Encryption, on the other hand, protects everyone immediately and always. Additionally, Vance argues that it is safer to build backdoors into encrypted devices than it is to do so for encrypted communications in transit. It is true that there is a difference in the threats posed by the two types of encryption backdoors that are being debated. However, some manner of widespread vulnerability will inevitably result from a backdoor to encrypted devices. Indeed, the NSA and GCHQ reportedly hacked into a database to obtain cell phone SIM card encryption keys in order defeat the security protecting users’ communications and activities and to conduct surveillance. Clearly, the reality is that the threat of such a breach, whether from a hacker or a nation state actor, is very real. Even if companies go the extra mile and create a different means of access for every phone, such as a separate access key for each phone, significant vulnerabilities will be created. It would still be possible for a malicious actor to gain access to the database containing those keys, which would enable them to defeat the encryption on any smartphone they took possession of. Additionally, the cost of implementation and maintenance of such a complex system could be high.
  • Privacy is another concern that Vance dismisses too easily. Despite Vance’s arguments otherwise, building backdoors into device encryption undermines privacy. Our government does not impose a similar requirement in any other context. Police can enter homes with warrants, but there is no requirement that people record their conversations and interactions just in case they someday become useful in an investigation. The conversations that we once had through disposable letters and in-person conversations now happen over the Internet and on phones. Just because the medium has changed does not mean our right to privacy has.
  • In addition to his weak reasoning for why it would be feasible to create backdoors to encrypted devices without creating undue security risks or harming privacy, Vance makes several flawed policy-based arguments in favor of his proposal. He argues that criminals benefit from devices that are protected by strong encryption. That may be true, but strong encryption is also a critical tool used by billions of average people around the world every day to protect their transactions, communications, and private information. Lawyers, doctors, and journalists rely on encryption to protect their clients, patients, and sources. Government officials, from the President to the directors of the NSA and FBI, and members of Congress, depend on strong encryption for cybersecurity and data security. There are far more innocent Americans who benefit from strong encryption than there are criminals who exploit it. Encryption is also essential to our economy. Device manufacturers could suffer major economic losses if they are prohibited from competing with foreign manufacturers who offer more secure devices. Encryption also protects major companies from corporate and nation-state espionage. As more daily business activities are done on smartphones and other devices, they may now hold highly proprietary or sensitive information. Those devices could be targeted even more than they are now if all that has to be done to access that information is to steal an employee’s smartphone and exploit a vulnerability the manufacturer was required to create.
  • Vance also suggests that the US would be justified in creating such a requirement since other Western nations are contemplating requiring encryption backdoors as well. Regardless of whether other countries are debating similar proposals, we cannot afford a race to the bottom on cybersecurity. Heads of the intelligence community regularly warn that cybersecurity is the top threat to our national security. Strong encryption is our best defense against cyber threats, and following in the footsteps of other countries by weakening that critical tool would do incalculable harm. Furthermore, even if the US or other countries did implement such a proposal, criminals could gain access to devices with strong encryption through the black market. Thus, only innocent people would be negatively affected, and some of those innocent people might even become criminals simply by trying to protect their privacy by securing their data and devices. Finally, Vance argues that David Kaye, UN Special Rapporteur for Freedom of Expression and Opinion, supported the idea that court-ordered decryption doesn’t violate human rights, provided certain criteria are met, in his report on the topic. However, in the context of Vance’s proposal, this seems to conflate the concepts of court-ordered decryption and of government-mandated encryption backdoors. The Kaye report was unequivocal about the importance of encryption for free speech and human rights. The report concluded that:
  • States should promote strong encryption and anonymity. National laws should recognize that individuals are free to protect the privacy of their digital communications by using encryption technology and tools that allow anonymity online. … States should not restrict encryption and anonymity, which facilitate and often enable the rights to freedom of opinion and expression. Blanket prohibitions fail to be necessary and proportionate. States should avoid all measures that weaken the security that individuals may enjoy online, such as backdoors, weak encryption standards and key escrows. Additionally, the group of intelligence experts that was hand-picked by the President to issue a report and recommendations on surveillance and technology, concluded that: [R]egarding encryption, the U.S. Government should: (1) fully support and not undermine efforts to create encryption standards; (2) not in any way subvert, undermine, weaken, or make vulnerable generally available commercial software; and (3) increase the use of encryption and urge US companies to do so, in order to better protect data in transit, at rest, in the cloud, and in other storage.
  • The clear consensus among human rights experts and several high-ranking intelligence experts, including the former directors of the NSA, Office of the Director of National Intelligence, and DHS, is that mandating encryption backdoors is dangerous. Unaddressed Concerns: Preventing Encrypted Devices from Entering the US and the Slippery Slope In addition to the significant faults in Vance’s arguments in favor of his proposal, he fails to address the question of how such a restriction would be effectively implemented. There is no effective mechanism for preventing code from becoming available for download online, even if it is illegal. One critical issue the Vance proposal fails to address is how the government would prevent, or even identify, encrypted smartphones when individuals bring them into the United States. DHS would have to train customs agents to search the contents of every person’s phone in order to identify whether it is encrypted, and then confiscate the phones that are. Legal and policy considerations aside, this kind of policy is, at the very least, impractical. Preventing strong encryption from entering the US is not like preventing guns or drugs from entering the country — encrypted phones aren’t immediately obvious as is contraband. Millions of people use encrypted devices, and tens of millions more devices are shipped to and sold in the US each year.
  • Finally, there is a real concern that if Vance’s proposal were accepted, it would be the first step down a slippery slope. Right now, his proposal only calls for access to smartphones and devices running mobile operating systems. While this policy in and of itself would cover a number of commonplace devices, it may eventually be expanded to cover laptop and desktop computers, as well as communications in transit. The expansion of this kind of policy is even more worrisome when taking into account the speed at which technology evolves and becomes widely adopted. Ten years ago, the iPhone did not even exist. Who is to say what technology will be commonplace in 10 or 20 years that is not even around today. There is a very real question about how far law enforcement will go to gain access to information. Things that once seemed like merely science fiction, such as wearable technology and artificial intelligence that could be implanted in and work with the human nervous system, are now available. If and when there comes a time when our “smart phone” is not really a device at all, but is rather an implant, surely we would not grant law enforcement access to our minds.
  • Policymakers should dismiss Vance’s proposal to prohibit the use of strong encryption to protect our smartphones and devices in order to ensure law enforcement access. Undermining encryption, regardless of whether it is protecting data in transit or at rest, would take us down a dangerous and harmful path. Instead, law enforcement and the intelligence community should be working to alter their skills and tactics in a fast-evolving technological world so that they are not so dependent on information that will increasingly be protected by encryption.
Paul Merrell

NYPD Blows Whistle on New Hillary Emails: Money Laundering, Sex Crimes with Children, C... - 1 views

www.blacklistednews.com/...M.html

Auction 2016 Hillary-emails FBI NYPD Huma Weiner sex-crimes perjury Clinton-Foundation money-laundering obstruction

shared by Paul Merrell on 03 Nov 16 - No Cached
  • New York Police Department detectives and prosecutors working an alleged underage sexting case against former Congressman Anthony Weiner have turned over a newly-found laptop he shared with wife Huma Abedin to the FBI with enough evidence “to put Hillary (Clinton) and her crew away for life,” NYPD sources told True Pundit. NYPD sources said Clinton’s “crew” also included several unnamed yet implicated members of Congress in addition to her aides and insiders. The NYPD seized the computer from Weiner during a search warrant and detectives discovered a trove of over 500,000 emails to and from Hillary Clinton, Abedin and other insiders during her tenure as secretary of state. The content of those emails sparked the FBI to reopen its defunct email investigation into Clinton on Friday.
  • But new revelations on the contents of that laptop, according to law enforcement sources, implicate the Democratic presidential candidate, her subordinates, and even select elected officials in far more alleged serious crimes than mishandling classified and top secret emails, sources said. NYPD sources said these new emails include evidence linking Clinton herself and associates to: Money laundering Child exploitation Sex crimes with minors (children) Perjury Pay to play through Clinton Foundation Obstruction of justice Other felony crimes NYPD detectives and a NYPD Chief, the department’s highest rank under Commissioner, said openly that if the FBI and Justice Department fail to garner timely indictments against Clinton and co- conspirators, NYPD will go public with the damaging emails now in the hands of FBI Director James Comey and many FBI field offices. “What’s in the emails is staggering and as a father, it turned my stomach,” the NYPD Chief said. “There is not going to be any Houdini-like escape from what we found. We have copies of everything. We will ship them to Wikileaks or I will personally hold my own press conference if it comes to that.”
  • The NYPD Chief said once Comey saw the alarming contents of the emails he was forced to reopen a criminal probe against Clinton. “People are going to prison,” he said. Meanwhile, FBI sources said Abedin and Weiner were cooperating with federal agents, who have taken over the non-sexting portions the case from NYPD. The husband-and-wife Clinton insiders  are both shopping for separate immunity deals, sources said. “If they don’t cooperate they are going to see long sentences,” a federal law enforcement source said. NYPD sources said Weiner or Abedin stored all the emails in a massive Microsoft Outlook program on the laptop. The emails implicate other current and former members of Congress and one high-ranking Democratic Senator as having possibly engaged in criminal activity too, sources said. Prosecutors in the office of US Attorney Preet Bharara have issued a subpoena for Weiner’s cell phones and travel records, law enforcement sources confirmed. NYPD said it planned to order the same phone and travel records on Clinton and Abedin, however, the FBI said it was in the process of requesting the identical records. Law enforcement sources are particularly interested in cell phone activity and travel to the Bahamas, U.S. Virgin Islands and other locations that sources would not divulge.
  • ...4 more annotations...
  • The new emails contain travel documents and itineraries indicating Hillary Clinton, President Bill Clinton, Weiner and multiple members of Congress and other government officials accompanied convicted pedophile billionaire Jeffrey Epstein on his Boeing 727 on multiple occasions to his private island in the U.S Virgin Islands, sources said. Epstein’s island has also been dubbed Orgy Island or Sex Slave Island where Epstein allegedly pimps out underage girls and boys to international dignitaries. Both NYPD and FBI sources confirm based on the new emails they now believe Hillary Clinton traveled as Epstein’s guest on at least six occasions, probably more when all the evidence is combed, sources said. Bill Clinton, it has been confirmed in media reports spanning recent years, that he too traveled with Epstein over 20 times to the island.
  • According to other uncovered emails, Abedin and Clinton both sent and received thousands of classified and top secret documents to personal email accounts including Weiner’s unsecured campaign web site which is managed by Democratic political consultants in Washington D.C. Weiner maintained little known email accounts that the couple shared on the website anthonyweiner.com. Weiner, a former seven-term Democratic Congressman from New York, primarily used that domain to campaign for Congress and for his failed mayoral bid of New York City. At one point, FBI sources said, Abedin and Clinton’s classified and top secret State Department documents and emails were stored in Weiner’s email on a server shared with a dog grooming service and a western Canadian bicycle shop. However, Weiner and Abedin, who is Hillary Clinton’s closest personal aide, weren’t the only people with access to the Weiner’s email account. Potentially dozens of unknown individuals had access to Abedin’s sensitive State Department emails that were stored in Weiner’s email account, FBI sources confirmed. FEC records show Weiner paid more than $92,000 of congressional campaign funds to Anne Lewis Strategies LLC to manage his email and web site. According to FBI sources, the D.C.-based political consulting firm has served as the official administrator of the anthonyweiner.com domain since 2010, the same time Abedin was working at the State Department. This means technically Weiner and Abedin’s emails, including top secret State Department emails, could have been accessed, printed, discussed, leaked, or distributed by untold numbers of personnel at the Anne Lewis consulting firm because they can control where the website and it emails are pointed, FBI sources said.
  • According to FBI sources, the bureau’s newly-minted probe into Clinton’s use and handling of emails while she served as secretary of state, has also been broadened to include investigating new email-related revelations, including: Abedin forwarded classified and top secret State Department emails to Weiner’s email Abedin stored emails, containing government secrets, in a special folder shared with Weiner warehousing over 500,000 archived State Department emails. Weiner had access to these classified and top secret documents without proper security clearance to view the records Abedin also used a personal yahoo address and her Clintonemail.com address to send/receive/store classified and top secret documents A private consultant managed Weiner’s site for the last six years, including three years when Clinton was secretary of state, and therefore, had full access to all emails as the domain’s listed registrant and administrator via Whois email contacts. Because Weiner’s campaign website is managed by the third-party consultant and political email guru, FBI agents are burdened with the task of trying to decipher just how many people had access to Weiner’s server and emails and who were these people. Or if the server was ever compromised by hackers, or other actors.
  • Abedin told FBI agents in an April interview that she didn’t know how to consistently print documents or emails from her secure Dept. of State system. Instead, she would forward the sensitive emails to her yahoo, Clintonemail.com and her email linked to Weiner. Abedin said, according to FBI documents, she would then access those email accounts via webmail from an unclassified computer system at the State Dept. and print the documents, many of which were classified and top secret, from the largely unprotected webmail portals. Clinton did not have a computer in her office on Mahogany Row at the State Dept. so she was not able to read timely intelligence unless it was printed out for her, Abedin said. Abedin also said Clinton could not operate the secure State Dept. fax machine installed in her Chappaqua, NY home without assistance. Perhaps more alarming, according to the FBI’s 302 Report detailing its interview with Abedin, none of the multiple FBI agents and Justice Department officials who conducted the interview pressed Abedin to further detail the email address linked to Weiner. There was never a follow up, according to the 302 report. But now, all that has changed, with the FBI’s decision to reopen the Clinton email investigation and the husband and wife seeking immunity deals to testify against Clinton and other associates about the contents of the laptop’s emails.
  • Gary Edwards on 03 Nov 16
     
    "New York Police Department detectives and prosecutors working an alleged underage sexting case against former Congressman Anthony Weiner have turned over a newly-found laptop he shared with wife Huma Abedin to the FBI with enough evidence "to put Hillary (Clinton) and her crew away for life," NYPD sources told True Pundit. NYPD sources said Clinton's "crew" also included several unnamed yet implicated members of Congress in addition to her aides and insiders. The NYPD seized the computer from Weiner during a search warrant and detectives discovered a trove of over 500,000 emails to and from Hillary Clinton, Abedin and other insiders during her tenure as secretary of state. The content of those emails sparked the FBI to reopen its defunct email investigation into Clinton on Friday. But new revelations on the contents of that laptop, according to law enforcement sources, implicate the Democratic presidential candidate, her subordinates, and even select elected officials in far more alleged serious crimes than mishandling classified and top secret emails, sources said. NYPD sources said these new emails include evidence linking Clinton herself and associates to: Money laundering Child exploitation Sex crimes with minors (children) Perjury Pay to play through Clinton Foundation Obstruction of justice Other felony crimes NYPD detectives and a NYPD Chief, the department's highest rank under Commissioner, said openly that if the FBI and Justice Department fail to garner timely indictments against Clinton and co- conspirators, NYPD will go public with the damaging emails now in the hands of FBI Director James Comey and many FBI field offices. "What's in the emails is staggering and as a father, it turned my stomach," the NYPD Chief said. "There is not going to be any Houdini-like escape from what we found. We have copies of everything. We will ship them to Wikileaks or I will personally hold my own press conference if it comes to that." The NYPD
Paul Merrell

What to Do About Lawless Government Hacking and the Weakening of Digital Security | Ele... - 0 views

www.eff.org/...and-weakening-digital-security

surveillance state cybersecurity exploits government malware

shared by Paul Merrell on 13 Aug 16 - No Cached
  • Paul Merrell on 13 Aug 16
     
    It's not often that I disagree with EFF's positions, but on this one I do. The government should be prohibited from exploiting computer vulnerabilities and should be required to immediately report all vulnerabilities discovered to the relevant developers of hardware or software. It's been one long slippery slope since the Supreme Court first approved wiretapping in Olmstead v. United States, 277 US 438 (1928), https://goo.gl/NJevsr (.) Left undecided to this day is whether we have a right to whisper privately, a right that is undeniable. All communications intercept cases since Olmstead fly directly in the face of that right.
Paul Merrell

In Keeping Grip on Data Pipeline, Obama Does Little to Reassure Industry - NYTimes.com - 0 views

www.nytimes.com/...ttle-to-reassure-industry.html

surveillance state NSA Obama Obama-speech sound-of-silence

shared by Paul Merrell on 18 Jan 14 - No Cached
  • Google, which briefly considered moving all of its computer servers out of the United States last year after learning how they had been penetrated by the National Security Agency, was looking for a public assurance from President Obama that the government would no longer secretly suck data from the company’s corner of the Internet cloud.Microsoft was listening to see if Mr. Obama would adopt a recommendation from his advisers that the government stop routinely stockpiling flaws in its Windows operating system, then using them to penetrate some foreign computer systems and, in rare cases, launch cyberattacks.
  • Intel and computer security companies were eager to hear Mr. Obama embrace a commitment that the United States would never knowingly move to weaken encryption systems. They got none of that.
  • Perhaps the most striking element of Mr. Obama’s speech on Friday was what it omitted: While he bolstered some protections for citizens who fear the N.S.A. is downloading their every dial, tweet and text message, he did nothing, at least yet, to loosen the agency’s grip on the world’s digital pipelines. White House officials said that Mr. Obama was committed to studying the complaints by American industry that the revelations were costing them billions of dollars in business overseas, by giving everyone from the Germans to the Brazilians to the Chinese an excuse to avoid American hardware and cloud services. “The most interesting part of this speech was not how the president weighed individual privacy against the N.S.A.,” said Fred H. Cate, the director of the Center of Applied Cybersecurity Research at Indiana University, “but that he said little about what to do about the agency’s practice of vacuuming up everything it can get its hands on.”
  • ...4 more annotations...
  • In fact, behind the speech lies a struggle Mr. Obama nodded at but never addressed head on. It pits corporations that view themselves as the core of America’s soft power around the world — the country’s economic driver and the guardians of its innovative edge — against an intelligence community 100,000 strong that regards its ability to peer into any corner of the digital world, and manipulate it if necessary, as crucial to the country’s security.In public, the coalition was polite if unenthusiastic about the president’s speech. His proposals, the companies said in a statement, “represent positive progress on key issues,” even while “crucial details remain to be addressed on these issues, and additional steps are needed on other important issues.” But in the online chat rooms that users and employees of those services inhabit each day, the president’s words were mocked. “If they really cared about the security of US infrastructure, they’d divulge the vulnerabilities they found or bought from the black market that exploit the security of these systems, so those systems can be fixed, and no one else can exploit them with these exploits,” wrote a user called “higherpurpose” on Hacker News.
  • In an interview, a senior administration official acknowledged that the administration had weighed what the president could say in public about the delicate problems of encryption, or the N.S.A.’s use of “zero day” flaws in software, the name for security holes that have never been seen before. It is a subject the intelligence agencies have refused to discuss in public, and Mr. Obama determined that it was both too secret, and too fluid, to discuss in the speech, officials said.In response to questions, the White House said the president had asked his special assistant for cybersecurity, Michael Daniel, and the president’s office of science and technology policy to study a recent advisory panel’s recommendation that the government get out of the business of corrupting the encryption systems created by American companies.
  • It will not be an easy task. One of the recent disclosures, first reported by Reuters, indicated that the N.S.A. paid millions of dollars to RSA, a major encryption firm, to incorporate a deliberately weakened algorithm into some of its products, giving the government a “back door” to read whatever it wanted. But when the advisory panel concluded that the United States should not “in any way subvert, weaken or make vulnerable generally available commercial software,” the intelligence agencies protested.“Some in the intelligence community saw that as a call for the N.S.A. to get out of cryptography, which is the reason they were created,” the senior official said. He added: “We’ve said that we are very much supportive of U.S. industry and making sure that U.S. industry remains competitive, and able to produce really good products. And N.S.A. has been out there saying they have no interest in breaking encryption that guards global commerce.”
  • But as Mr. Obama himself acknowledged, the United States has a credibility problem that will take years to address. The discovery that it had monitored the cellphone of Chancellor Angela Merkel of Germany, or that it has now found a way to tap into computers around the world that are completely disconnected from the Internet — using covert radio waves — only fuels the argument that American products cannot be trusted.That argument, heard these days from Berlin to Mexico City, may only be an excuse for protectionism. But it is an excuse that often works.
Gary Edwards

Did the White House Help Plan the Syrian Chemical Attack? - 0 views

news.google.com/?ar=1378234139

Syria Banksters Saudis Sunni-Shiite-War

shared by Gary Edwards on 03 Sep 13 - No Cached
  • Gary Edwards on 03 Sep 13
     
    "by Yossef Bodansky excerpt: There is a growing volume of new evidence from numerous sources in the Middle East - mostly affiliated with the Syrian opposition and its sponsors and supporters - which makes a very strong case, based on solid circumstantial evidence, that the August 21, 2013, chemical strike in the Damascus suburbs was indeed a pre-meditated provocation by the Syrian opposition. The extent of US foreknowledge of this provocation needs further investigation because available data puts the "horror" of the Barack Obama White House in a different and disturbing light. On August 13-14, 2013, Western-sponsored opposition forces in Turkey started advance preparations for a major and irregular military surge. Initial meetings between senior opposition military commanders and representatives of Qatari, Turkish, and US Intelligence ["Mukhabarat Amriki"] took place at the converted Turkish military garrison in Antakya, Hatay Province, used as the command center and headquarters of the Free Syrian Army (FSA) and their foreign sponsors. Very senior opposition commanders who had arrived from Istanbul briefed the regional commanders of an imminent escalation in the fighting due to "a war-changing development" which would, in turn, lead to a US-led bombing of Syria. The opposition forces had to quickly prepare their forces for exploiting the US-led bombing in order to march on Damascus and topple the Bashar al-Assad Government, the senior commanders explained. The Qatari and Turkish intelligence officials assured the Syrian regional commanders that they would be provided with plenty of weapons for the coming offensive. Indeed, unprecedented weapons distribution started in all opposition camps in Hatay Province on August 21-23, 2013. In the Reyhanli area alone, opposition forces received well in excess of 400 tons of weapons, mainly anti-aircraft weaponry from shoulder-fired missiles to ammunition for light-guns and machine guns. The weapons were distri
  • Gary Edwards on 03 Sep 13
     
    "by Yossef Bodansky excerpt: There is a growing volume of new evidence from numerous sources in the Middle East - mostly affiliated with the Syrian opposition and its sponsors and supporters - which makes a very strong case, based on solid circumstantial evidence, that the August 21, 2013, chemical strike in the Damascus suburbs was indeed a pre-meditated provocation by the Syrian opposition. The extent of US foreknowledge of this provocation needs further investigation because available data puts the "horror" of the Barack Obama White House in a different and disturbing light. On August 13-14, 2013, Western-sponsored opposition forces in Turkey started advance preparations for a major and irregular military surge. Initial meetings between senior opposition military commanders and representatives of Qatari, Turkish, and US Intelligence ["Mukhabarat Amriki"] took place at the converted Turkish military garrison in Antakya, Hatay Province, used as the command center and headquarters of the Free Syrian Army (FSA) and their foreign sponsors. Very senior opposition commanders who had arrived from Istanbul briefed the regional commanders of an imminent escalation in the fighting due to "a war-changing development" which would, in turn, lead to a US-led bombing of Syria. The opposition forces had to quickly prepare their forces for exploiting the US-led bombing in order to march on Damascus and topple the Bashar al-Assad Government, the senior commanders explained. The Qatari and Turkish intelligence officials assured the Syrian regional commanders that they would be provided with plenty of weapons for the coming offensive. Indeed, unprecedented weapons distribution started in all opposition camps in Hatay Province on August 21-23, 2013. In the Reyhanli area alone, opposition forces received well in excess of 400 tons of weapons, mainly anti-aircraft weaponry from shoulder-fired missiles to ammunition for light-guns and machine guns. The weapons were distri
Paul Merrell

Intelligence Archives - Secrecy News - 0 views

blogs.fas.org/...intelligence

surveillance state DoD social media

shared by Paul Merrell on 06 Aug 13 - No Cached
  • The U.S. military has been investigating the use of sophisticated data mining tools to probe social media and other open sources in order to support military operations against money laundering, drug trafficking, terrorism and other threats.  But the window for doing so may be closing as the social media landscape changes, according to an internal assessment. U.S. Special Operations Command (SOCOM) National Capital Region (NCR) conducted a series of experiments over the past year under the rubric “QUANTUM LEAP” that was intended to test “non-traditional” tools and techniques to advance the SOCOM mission. An after-action report on the first experiment said it “was successful in identifying strategies and techniques for exploiting open sources of information, particularly social media, in support of a counter threat finance mission.”  Counter threat finance refers to efforts to disrupt an adversary’s finances.  A copy of the SOCOM NCR report was obtained by Secrecy News.  See “Project QUANTUM LEAP: After Action Report,” 12 September 2012. “Major lessons learned were the pronounced utility of social media in exploiting human networks, including networks in which individual members actively seek to limit their exposure to the internet and social media…,” the report said.
  • The report said that as valuable as the opportunity created by new techniques for data mining of open sources appears to be, it may prove to be transient. “We are currently in a ‘window’ of opportunity for exploitation of social media sources for application to CTF [counter threat finance] or other SOCOM NCR missions. This window could be as narrow as 18-24 months before the social media phenomenon transforms. This future transformation is unknown and could offer additional opportunities, or existing opportunities could be closed, but the only thing that is certain is that there will continue to be rapid change.”
Paul Merrell

N.S.A. Report Outlined Goals for More Power - NYTimes.com - 0 views

www.nytimes.com/...ined-goals-for-more-power.html

surveillance state NSA NSA-ambitions

shared by Paul Merrell on 25 Nov 13 - No Cached
  • Officials at the National Security Agency, intent on maintaining its dominance in intelligence collection, pledged last year to push to expand its surveillance powers, according to a top-secret strategy document.
  • In a February 2012 paper laying out the four-year strategy for the N.S.A.’s signals intelligence operations, which include the agency’s eavesdropping and communications data collection around the world, agency officials set an objective to “aggressively pursue legal authorities and a policy framework mapped more fully to the information age.” Written as an agency mission statement with broad goals, the five-page document said that existing American laws were not adequate to meet the needs of the N.S.A. to conduct broad surveillance in what it cited as “the golden age of Sigint,” or signals intelligence. “The interpretation and guidelines for applying our authorities, and in some cases the authorities themselves, have not kept pace with the complexity of the technology and target environments, or the operational expectations levied on N.S.A.’s mission,” the document concluded. Using sweeping language, the paper also outlined some of the agency’s other ambitions. They included defeating the cybersecurity practices of adversaries in order to acquire the data the agency needs from “anyone, anytime, anywhere.” The agency also said it would try to decrypt or bypass codes that keep communications secret by influencing “the global commercial encryption market through commercial relationships,” human spies and intelligence partners in other countries. It also talked of the need to “revolutionize” analysis of its vast collections of data to “radically increase operational impact.”
  • The N.S.A. document, titled “Sigint Strategy 2012-2016,” does not make clear what legal or policy changes the agency might seek. The N.S.A.’s powers are determined variously by Congress, executive orders and the nation’s secret intelligence court, and its operations are governed by layers of regulations. While asserting that the agency’s “culture of compliance” would not be compromised, N.S.A. officials argued that they needed more flexibility, according to the paper. Senior intelligence officials, responding to questions about the document, said that the N.S.A. believed that legal impediments limited its ability to conduct surveillance of terrorism suspects inside the United States. Despite an overhaul of national security law in 2008, the officials said, if a terrorism suspect who is under surveillance overseas enters the United States, the agency has to stop monitoring him until it obtains a warrant from the Foreign Intelligence Surveillance Court. “N.S.A.’s Sigint strategy is designed to guide investments in future capabilities and close gaps in current capabilities,” the agency said in a statement. “In an ever-changing technology and telecommunications environment, N.S.A. tries to get in front of issues to better fulfill the foreign-intelligence requirements of the U.S. government.”
  • ...4 more annotations...
  • Critics, including some congressional leaders, say that the role of N.S.A. surveillance in thwarting terrorist attacks — often cited by the agency to justify expanded powers — has been exaggerated. In response to the controversy about its activities after Mr. Snowden’s disclosures, agency officials claimed that the N.S.A.’s sweeping domestic surveillance programs had helped in 54 “terrorist-related activities.” But under growing scrutiny, congressional staff members and other critics say that the use of such figures by defenders of the agency has drastically overstated the value of the domestic surveillance programs in counterterrorism. Agency leaders believe that the N.S.A. has never enjoyed such a target-rich environment as it does now because of the global explosion of digital information — and they want to make certain that they can dominate “the Sigint battle space” in the future, the document said. To be “optimally effective,” the paper said, “legal, policy and process authorities must be as adaptive and dynamic as the technological and operational advances we seek to exploit.” Intent on unlocking the secrets of adversaries, the paper underscores the agency’s long-term goal of being able to collect virtually everything available in the digital world. To achieve that objective, the paper suggests that the N.S.A. plans to gain greater access, in a variety of ways, to the infrastructure of the world’s telecommunications networks.
  • Yet the paper also shows how the agency believes it can influence and shape trends in high-tech industries in other ways to suit its needs. One of the agency’s goals is to “continue to invest in the industrial base and drive the state of the art for high performance computing to maintain pre-eminent cryptanalytic capability for the nation.” The paper added that the N.S.A. must seek to “identify new access, collection and exploitation methods by leveraging global business trends in data and communications services.” And it wants to find ways to combine all of its technical tools to enhance its surveillance powers. The N.S.A. will seek to integrate its “capabilities to reach previously inaccessible targets in support of exploitation, cyberdefense and cyberoperations,” the paper stated. The agency also intends to improve its access to encrypted communications used by individuals, businesses and foreign governments, the strategy document said. The N.S.A. has already had some success in defeating encryption, The New York Times has reported, but the document makes it clear that countering “ubiquitous, strong, commercial network encryption” is a top priority. The agency plans to fight back against the rise of encryption through relationships with companies that develop encryption tools and through espionage operations. In other countries, the document said, the N.S.A. must also “counter indigenous cryptographic programs by targeting their industrial bases with all available Sigint and Humint” — human intelligence, meaning spies.
  • Above all, the strategy paper suggests the N.S.A.’s vast view of its mission: nothing less than to “dramatically increase mastery of the global network.” Other N.S.A. documents offer hints of how the agency is trying to do just that. One program, code-named Treasure Map, provides what a secret N.S.A. PowerPoint presentation describes as “a near real-time, interactive map of the global Internet.” According to the undated PowerPoint presentation, disclosed by Mr. Snowden, Treasure Map gives the N.S.A. “a 300,000 foot view of the Internet.”  Relying on Internet routing data, commercial and Sigint information, Treasure Map is a sophisticated tool, one that the PowerPoint presentation describes as a “massive Internet mapping, analysis and exploration engine.” It collects Wi-Fi network and geolocation data, and between 30 million and 50 million unique Internet provider addresses — code that can reveal the location and owner of a computer, mobile device or router — are represented each day on Treasure Map, according to the document. It boasts that the program can map “any device, anywhere, all the time.”  The documents include addresses labeled as based in the “U.S.,” and because so much Internet traffic flows through the United States, it would be difficult to map much of the world without capturing such addresses.
  • The program takes advantage of the capabilities of other secret N.S.A. programs. To support Treasure Map, for example, the document states that another program, called Packaged Goods, tracks the “traceroutes” through which data flows around the Internet. Through Packaged Goods, the N.S.A. has gained access to “13 covered servers in unwitting data centers around the globe,” according to the PowerPoint. The document identifies a list of countries where the data centers are located, including Germany, Poland, Denmark, South Africa and Taiwan as well as Russia, China and Singapore.
Paul Merrell

Internet Giants Erect Barriers to Spy Agencies - NYTimes.com - 0 views

www.nytimes.com/...-barriers-to-spy-agencies.html

surveillance-state NSA-reform DIY-reform internet-hardening digital-privacy

shared by Paul Merrell on 08 Jun 14 - No Cached
  • As fast as it can, Google is sealing up cracks in its systems that Edward J. Snowden revealed the N.S.A. had brilliantly exploited. It is encrypting more data as it moves among its servers and helping customers encode their own emails. Facebook, Microsoft and Yahoo are taking similar steps.
  • After years of cooperating with the government, the immediate goal now is to thwart Washington — as well as Beijing and Moscow. The strategy is also intended to preserve business overseas in places like Brazil and Germany that have threatened to entrust data only to local providers. Google, for example, is laying its own fiber optic cable under the world’s oceans, a project that began as an effort to cut costs and extend its influence, but now has an added purpose: to assure that the company will have more control over the movement of its customer data.
  • A year after Mr. Snowden’s revelations, the era of quiet cooperation is over. Telecommunications companies say they are denying requests to volunteer data not covered by existing law. A.T.&T., Verizon and others say that compared with a year ago, they are far more reluctant to cooperate with the United States government in “gray areas” where there is no explicit requirement for a legal warrant.
  • ...8 more annotations...
  • Eric Grosse, Google’s security chief, suggested in an interview that the N.S.A.'s own behavior invited the new arms race.“I am willing to help on the purely defensive side of things,” he said, referring to Washington’s efforts to enlist Silicon Valley in cybersecurity efforts. “But signals intercept is totally off the table,” he said, referring to national intelligence gathering.“No hard feelings, but my job is to make their job hard,” he added.
  • Hardware firms like Cisco, which makes routers and switches, have found their products a frequent subject of Mr. Snowden’s disclosures, and their business has declined steadily in places like Asia, Brazil and Europe over the last year. The company is still struggling to convince foreign customers that their networks are safe from hackers — and free of “back doors” installed by the N.S.A. The frustration, companies here say, is that it is nearly impossible to prove that their systems are N.S.A.-proof.
  • Many point to an episode in 2012, when Russian security researchers uncovered a state espionage tool, Flame, on Iranian computers. Flame, like the Stuxnet worm, is believed to have been produced at least in part by American intelligence agencies. It was created by exploiting a previously unknown flaw in Microsoft’s operating systems. Companies argue that others could have later taken advantage of this defect.Worried that such an episode undercuts confidence in its wares, Microsoft is now fully encrypting all its products, including Hotmail and Outlook.com, by the end of this year with 2,048-bit encryption, a stronger protection that would take a government far longer to crack. The software is protected by encryption both when it is in data centers and when data is being sent over the Internet, said Bradford L. Smith, the company’s general counsel.
  • Mr. Smith also said the company was setting up “transparency centers” abroad so that technical experts of foreign governments could come in and inspect Microsoft’s proprietary source code. That will allow foreign governments to check to make sure there are no “back doors” that would permit snooping by United States intelligence agencies. The first such center is being set up in Brussels.Microsoft has also pushed back harder in court. In a Seattle case, the government issued a “national security letter” to compel Microsoft to turn over data about a customer, along with a gag order to prevent Microsoft from telling the customer it had been compelled to provide its communications to government officials. Microsoft challenged the gag order as violating the First Amendment. The government backed down.
  • In Washington, officials acknowledge that covert programs are now far harder to execute because American technology companies, fearful of losing international business, are hardening their networks and saying no to requests for the kind of help they once quietly provided.Continue reading the main story Robert S. Litt, the general counsel of the Office of the Director of National Intelligence, which oversees all 17 American spy agencies, said on Wednesday that it was “an unquestionable loss for our nation that companies are losing the willingness to cooperate legally and voluntarily” with American spy agencies.
  • In one slide from the disclosures, N.S.A. analysts pointed to a sweet spot inside Google’s data centers, where they could catch traffic in unencrypted form. Next to a quickly drawn smiley face, an N.S.A. analyst, referring to an acronym for a common layer of protection, had noted, “SSL added and removed here!”
  • Facebook and Yahoo have also been encrypting traffic among their internal servers. And Facebook, Google and Microsoft have been moving to more strongly encrypt consumer traffic with so-called Perfect Forward Secrecy, specifically devised to make it more labor intensive for the N.S.A. or anyone to read stored encrypted communications.One of the biggest indirect consequences from the Snowden revelations, technology executives say, has been the surge in demands from foreign governments that saw what kind of access to user information the N.S.A. received — voluntarily or surreptitiously. Now they want the same.
  • The latest move in the war between intelligence agencies and technology companies arrived this week, in the form of a new Google encryption tool. The company released a user-friendly, email encryption method to replace the clunky and often mistake-prone encryption schemes the N.S.A. has readily exploited.But the best part of the tool was buried in Google’s code, which included a jab at the N.S.A.'s smiley-face slide. The code included the phrase: “ssl-added-and-removed-here-; - )”
Paul Merrell

Core Secrets: NSA Saboteurs in China and Germany - The Intercept - 0 views

firstlook.org/...core-secrets

surveillance state NSA HUMINT China Germany South-Korea

shared by Paul Merrell on 11 Oct 14 - No Cached
  • The National Security Agency has had agents in China, Germany, and South Korea working on programs that use “physical subversion” to infiltrate and compromise networks and devices, according to documents obtained by The Intercept. The documents, leaked by NSA whistleblower Edward Snowden, also indicate that the agency has used “under cover” operatives to gain access to sensitive data and systems in the global communications industry, and that these secret agents may have even dealt with American firms. The documents describe a range of clandestine field activities that are among the agency’s “core secrets” when it comes to computer network attacks, details of which are apparently shared with only a small number of officials outside the NSA.
  • with vast amounts of customer data, including phone records and email traffic. But documents published today by The Intercept suggest that even as the agency uses secret operatives to penetrate them, companies have also cooperated more broadly to undermine the physical infrastructure of the internet than has been previously confirmed. In addition to so-called “close access” operations, the NSA’s “core secrets” include the fact that the agency works with U.S. and foreign companies to weaken their encryption systems; the fact that the NSA spends “hundreds of millions of dollars” on technology to defeat commercial encryption; and the fact that the agency works with U.S. and foreign companies to penetrate computer networks, possibly without the knowledge of the host countries. Many of the NSA’s core secrets concern its relationships to domestic and foreign corporations.
  • Sentry Eagle includes six programs: Sentry Hawk (for activities involving computer network exploitation, or spying), Sentry Falcon (computer network defense), Sentry Osprey (cooperation with the CIA and other intelligence agencies), Sentry Raven (breaking encryption systems), Sentry Condor (computer network operations and attacks), and Sentry Owl (collaborations with private companies). Though marked as a draft from 2004, it refers to the various programs in language indicating that they were ongoing at the time, and later documents in the Snowden archive confirm that some of the activities were going on as recently as 2012.
  • ...3 more annotations...
  • The agency’s core secrets are outlined in a 13-page “brief sheet” about Sentry Eagle, an umbrella term that the NSA used to encompass its most sensitive programs “to protect America’s cyberspace.” “You are being indoctrinated on Sentry Eagle,” the 2004 document begins, before going on to list the most highly classified aspects of its various programs. It warns that the details of the Sentry Eagle programs are to be shared with only a “limited number” of people, and even then only with the approval of one of a handful of senior intelligence officials, including the NSA director. “The facts contained in this program constitute a combination of the greatest number of highly sensitive facts related to NSA/CSS’s overall cryptologic mission,” the briefing document states. “Unauthorized disclosure…will cause exceptionally grave damage to U.S. national security. The loss of this information could critically compromise highly sensitive cryptologic U.S. and foreign relationships, multi-year past and future NSA investments, and the ability to exploit foreign adversary cyberspace while protecting U.S. cyberspace.”
  • The most controversial revelation in Sentry Eagle might be a fleeting reference to the NSA infiltrating clandestine agents into “commercial entities.” The briefing document states that among Sentry Eagle’s most closely guarded components are “facts related to NSA personnel (under cover), operational meetings, specific operations, specific technology, specific locations and covert communications related to SIGINT enabling with specific commercial entities (A/B/C).” It is not clear whether these “commercial entities” are American or foreign or both. Generally the placeholder “(A/B/C)” is used in the briefing document to refer to American companies, though on one occasion it refers to both American and foreign companies. Foreign companies are referred to with the placeholder “(M/N/O).” The NSA refused to provide any clarification to The Intercept.
  • Documents: Sentry Eagle Brief Sheet (13 pages) TAREX Classification Guide (7 pages) Exceptionally Controlled Information Listing (6 pages) ECI WHIPGENIE Classification Guide (7 pages) ECI Pawleys Classification Guide (4 pages) ECI Compartments (4 pages) CNO Core Secrets Slide Slices (10 pages) CNO Core Secrets Security Structure (3 pages) Computer Network Exploitation Classification Guide (8 pages) CNO Core Secrets (7 pages)
Paul Merrell

The 'Athens Affair' shows why we need encryption without backdoors | Trevor Timm | Comm... - 0 views

www.theguardian.com/...ns-affair-encryption-backdoors

surveillance state NSA Athens-Affair Bamford

shared by Paul Merrell on 11 Oct 15 - No Cached
  • Just as it seems the White House is close to finally announcing its policy on encryption - the FBI has been pushing for tech companies like Apple and Google to insert backdoors into their phones so the US government can always access users’ data - new Snowden revelations and an investigation by a legendary journalist show exactly why the FBI’s plans are so dangerous. One of the biggest arguments against mandating backdoors in encryption is the fact that, even if you trust the United States government never to abuse that power (and who does?), other criminal hackers and foreign governments will be able to exploit the backdoor to use it themselves. A backdoor is an inherent vulnerability that other actors will attempt to find and try to use it for their own nefarious purposes as soon as they know it exists, putting all of our cybersecurity at risk. In a meticulous investigation, longtime NSA reporter James Bamford reported at the Intercept Tuesday that the NSA was behind the notorious “Athens Affair”. In surveillance circles, the Athens Affair is stuff of legend: after the 2004 Olympics, the Greek government discovered that an unknown attacker had hacked into Vodafone’s “lawful intercept” system, the phone company’s mechanism of wiretapping phone calls. The attacker spied on phone calls of the president, other Greek politicians and journalists before it was discovered. According to Bamford’s story, all this happened after the US spy agency cooperated with Greek law enforcement to keep an eye on potential terrorist attacks for the Olympics. Instead of packing up their surveillance gear, they covertly pointed it towards the Greek government and its people. But that’s not all: according to Snowden documents that Bamford cited, this is a common tactic of the NSA. They often attack the “lawful intercept” systems in other countries to spy on government and citizens without their knowledge:
  • Exploiting the weaknesses associated with lawful intercept programs was a common trick for NSA. According to a previously unreleased top-secret PowerPoint presentation from 2012, titled “Exploiting Foreign Lawful Intercept Roundtable”, the agency’s “countries of interest” for this work included, at that time, Mexico, Indonesia, Egypt and others. The presentation also notes that NSA had about 60 “Fingerprints” — ways to identify data — from telecom companies and industry groups that develop lawful intercept systems, including Ericsson, as well as Motorola, Nokia and Siemens. It’s the exact nightmare scenario security experts have warned about when it comes to backdoors: they are not only available to those that operate them “legally”, but also to those who can hack into them to spy without anyone’s knowledge. If the NSA can do it, so can China, Russia and a host of other malicious actors.
Gary Edwards

Works and Days » Zero Jobs 101 - the Psychology of Alienating Employers - 0 views

pajamasmedia.com/...job-killing-101

VDH Obammunism financial-collapse crony-socialism

shared by Gary Edwards on 07 Sep 11 - No Cached
  • Here is the lament I heard: the near $5 trillion in borrowing in just three years, the radical growth in the size of the federal government and its regulatory zeal, ObamaCare, the Boeing plant closure threat, the green jobs sweet-heart deals and Van Jones-like “Millions of Green Jobs” nonsense, the vast expansion in food stamps and unemployment pay-outs, the reversal of the Chrysler creditors, politically driven interference in the car industry, the failed efforts to get card check and cap and trade, the moratoria on new drilling in the Gulf, the general antipathy to new fossil fuel exploitation coupled with new finds of vast new reserves, the new financial regulations, an aggressive EPA oblivious to the effects of its advocacy on jobs, the threatened close-down of energy plants, the support for idling thousands of acres of irrigated farmland due to environmental regulations, the constant talk of higher taxes, the needlessly provocative rhetoric of “fat cat”, “millionaires and billionaires,” “corporate jet owners,” etc. juxtaposed, in hypocritical fashion, to Martha’s Vineyard, Costa del Sol, and Vail First Family getaways — all of these isolated strains finally are becoming a harrowing opera to business people.
  • “This bunch doesn’t like me much and I’m going to hunker down, hoard my cash, and sit out the next year and a half until they are gone.”
  • And the administration’s efforts to counteract these symbols and impressions by courting a high-profile, hyper-capitalist Warren Buffett, or a GE CEO Jeffrey Immelt have proven even more ironic:
  • ...3 more annotations...
  • the former calls for higher taxes that his firms seek to avoid, or targets his post-mortem wealth to (more efficient?) private foundations that rob the Treasury of billions in lost inheritance taxes, or knows higher taxes won’t much matter to his tens of billions in net worth;
  • the latter’s firm paid no 2010 U.S. income taxes on many of its profits and outsourced jobs overseas.
  • Borrow another $5 trillion?
  • Gary Edwards on 07 Sep 11
     
    Nobody lays it out so quickly and too the point as VDH..... awesome summary of sweeping reach.  I've been hesitant to apply the term "crony capitalism" to Obama even though his Bankster relationships and continuing bailouts scream loudly.  It seems to me that the term "crony socialism" better fits the full range of fascist power brokering Obama engages in.  Big Government, Big Banksters, Big Unions, Big Media, Big Education.  If anything, Obammunism is BIG! VDH excerpt: Here is the lament I heard: the near $5 trillion in borrowing in just three years, the radical growth in the size of the federal government and its regulatory zeal, ObamaCare, the Boeing plant closure threat, the green jobs sweet-heart deals and Van Jones-like "Millions of Green Jobs" nonsense, the vast expansion in food stamps and unemployment pay-outs, the reversal of the Chrysler creditors, politically driven interference in the car industry, the failed efforts to get card check and cap and trade, the moratoria on new drilling in the Gulf, the general antipathy to new fossil fuel exploitation coupled with new finds of vast new reserves, the new financial regulations, an aggressive EPA oblivious to the effects of its advocacy on jobs, the threatened close-down of energy plants, the support for idling thousands of acres of irrigated farmland due to environmental regulations, the constant talk of higher taxes, the needlessly provocative rhetoric of "fat cat", "millionaires and billionaires," "corporate jet owners," etc. juxtaposed, in hypocritical fashion, to Martha's Vineyard, Costa del Sol, and Vail First Family getaways - all of these isolated strains finally are becoming a harrowing opera to business people.
Paul Merrell

U.S. to China: We Hacked Your Internet Gear We Told You Not to Hack | Wired Enterprise ... - 0 views

www.wired.com/...nsa-cisco-huawei-china

surveillance state U.S. China NSA-backdoors

shared by Paul Merrell on 01 Jan 14 - No Cached
  • The headline news is that the NSA has surreptitiously “burrowed its way into nearly all the security architecture” sold by the world’s largest computer networking companies, including everyone from U.S. mainstays Cisco and Juniper to Chinese giant Huawei. But beneath this bombshell of a story from Der Spiegel, you’ll find a rather healthy bit of irony. After all, the United States government has spent years complaining that Chinese intelligence operations could find ways of poking holes in Huawei networking gear, urging both American businesses and foreign allies to sidestep the company’s hardware. The complaints grew so loud that, at one point, Huawei indicated it may abandon the U.S. networking market all together. And, yet, Der Speigel now tells us that U.S. intelligence operations have been poking holes in Huawei networking gear — not to mention hardware sold by countless other vendors in both the States and abroad. “We read the media reports, and we’ve noted the references to Huawei and our peers,” says William Plummer, a Huawei vice president and the company’s point person in Washington, D.C. “As we have said, over and over again — and as now seems to be validated — threats to networks and data integrity can come from any and many sources.”
  • Plummer and Huawei have long complained that when the U.S. House Intelligence Committee released a report in October 2012 condemning the use of Huawei gear in telephone and data networks, it failed to provide any evidence that the Chinese government had compromised the company’s hardware. Adam Segal, a senior fellow for China Studies at the Center for Foreign Relations, makes the same point. And now we have evidence — Der Spiegel cites leaked NSA documents — that the U.S. government has compromised gear on a massive scale. “Do I see the irony? Certainly the Chinese will,” Segal says, noting that the Chinese government and the Chinese press have complained of U.S hypocrisy ever since former government contractor Edward Snowden first started to reveal NSA surveillance practices last summer. “The Chinese government has been hammering home what they call the U.S.’s ulterior motives for criticizing China, and there’s been a steady drumbeat of stories in the Chinese press about backdoors in the products of U.S. companies. They’ve been going after Cisco in particular.”
  • To be sure, the exploits discussed by Der Spiegel are a little different from the sort of attacks Congress envisioned during its long campaign against Huawei and ZTE, another Chinese manufacturer. As Segal and others note, Congress mostly complained that the Chinese government could collaborate with people inside the two companies to plant backdoors in their gear, with lawmakers pointing out that Huawei’s CEO was once an officer in China’s People’s Liberation Army, or PLA, the military arm of the country’s Communist party. Der Spiegel, by contrast, says the NSA is exploiting hardware without help from anyone inside the Ciscos and the Huaweis, focusing instead on compromising network gear with clever hacks or intercepting the hardware as it’s shipped to customers. “For the most part, the article discusses typical malware exploits used by hackers everywhere,” says JR Rivers, an engineer who has built networking hardware for Cisco as well as Google and now runs the networking startup Cumulus Networks. “It’s just pointing out that the NSA is engaged in the practice and has resources that are not available to most people.” But in the end, the two types of attack have the same result: Networking gear controlled by government spies. And over the last six months, Snowden’s revelations have indicated that the NSA is not only hacking into networks but also collaborating with large American companies in its hunt for data.
  • ...2 more annotations...
  • Jim Lewis, a director and senior fellow with the Center for Strategic and International Studies, adds that the Chinese view state-sponsored espionage a little differently than the U.S. does. Both countries believe in espionage for national security purposes, but the Chinese argue that such spying might include the theft of commercial secrets. “The Chinese will tell you that stealing technology and business secrets is a way of building their economy, and that this is important for national security,” says Lewis, who has helped oversee meetings between the U.S. and the Chinese, including officers in the PLA. “I’ve been in the room when they’ve said that. The last time was when a PLA colonel said: ‘In the U.S., military espionage is heroic and economic espionage is a crime. In China, the line is not that clear.’” But here in the United States, we now know, the NSA may blur other lines in the name of national security. Segal says that although he, as an American, believes the U.S. government is on stronger ethical ground than the Chinese, other nations are beginning to question its motives. “The U.S has to convince other countries that our type of intelligence gathering is different,” he says. “I don’t think that the Brazils and the Indias and the Indonesias and the South Africas are convinced. That’s a big problem for us.”
  • The thing to realize, as the revelations of NSA snooping continue to pour out, is that everyone deserves scrutiny — the U.S government and its allies, as well as the Chinese and others you may be more likely to view with skepticism. “All big countries,” Lewis says, “are going to try and do this.”
  • Paul Merrell on 01 Jan 14
     
    Of course, we now know that the U.S. conducts electronic surveillance for a multitude of purposes, including economic. Check this group's notes tagged "NSA-targets" and/or "NSA-goals".
Paul Merrell

Secret US cybersecurity report: encryption vital to protect private data | US news | Th... - 0 views

www.theguardian.com/...ect-data-cameron-paris-attacks

surveillance-state NSA GCHQ encryption hypocrisy

shared by Paul Merrell on 17 Jan 15 - No Cached
  • A secret US cybersecurity report warned that government and private computers were being left vulnerable to online attacks from Russia, China and criminal gangs because encryption technologies were not being implemented fast enough. The advice, in a newly uncovered five-year forecast written in 2009, contrasts with the pledge made by David Cameron this week to crack down on encryption use by technology companies.
  • In the wake of the Paris terror attacks, the prime minister said there should be no “safe spaces for terrorists to communicate” or that British authorites could not access. Cameron, who landed in the US on Thursday night, is expected to urge Barack Obama to apply more pressure to tech giants, such as Apple, Google and Facebook, which have been expanding encrypted messaging for their millions of users since the revelations of mass NSA surveillance by the whistleblower Edward Snowden.
  • Cameron said the companies “need to work with us. They need also to demonstrate, which they do, that they have a social responsibility to fight the battle against terrorism. We shouldn’t allow safe spaces for terrorists to communicate. That’s a huge challenge but that’s certainly the right principle”. But the document from the US National Intelligence Council, which reports directly to the US director of national intelligence, made clear that encryption was the “best defence” for computer users to protect private data. Part of the cache given to the Guardian by Snowden was published in 2009 and gives a five-year forecast on the “global cyber threat to the US information infrastructure”. It covers communications, commercial and financial networks, and government and critical infrastructure systems. It was shared with GCHQ and made available to the agency’s staff through its intranet.
  • ...6 more annotations...
  • An unclassified table accompanying the report states that encryption is the “[b]est defense to protect data”, especially if made particularly strong through “multi-factor authentication” – similar to two-step verification used by Google and others for email – or biometrics. These measures remain all but impossible to crack, even for GCHQ and the NSA. The report warned: “Almost all current and potential adversaries – nations, criminal groups, terrorists, and individual hackers – now have the capability to exploit, and in some cases attack, unclassified access-controlled US and allied information systems.” It further noted that the “scale of detected compromises indicates organisations should assume that any controlled but unclassified networks of intelligence, operational or commercial value directly accessible from the internet are already potentially compromised by foreign adversaries”.
  • The report had some cause for optimism, especially in the light of Google and other US tech giants having in the months prior greatly increased their use of encryption efforts. “We assess with high confidence that security best practices applied to target networks would prevent the vast majority of intrusions,” it concluded. Official UK government security advice still recommends encryption among a range of other tools for effective network and information defence. However, end-to-end encryption – which means only the two people communicating with each other, and not the company carrying the message, can decode it – is problematic for intelligence agencies as it makes even warranted collection much more difficult.
  • The previous week, a day after the attack on the Charlie Hebdo office in Paris, the MI5 chief, Andrew Parker, called for new powers and warned that new technologies were making it harder to track extremists. In November, the head of GCHQ, Robert Hannigan, said US social media giants had become the “networks of choice” for terrorists. Chris Soghoian, principal senior policy analyst at the American Civil Liberties Union, said attempts by the British government to force US companies to weaken encryption faced many hurdles.
  • The Guardian, New York Times and ProPublica have previously reported the intelligence agencies’ broad efforts to undermine encryption and exploit rather than reveal vulnerabilities. This prompted Obama’s NSA review panel to warn that the agency’s conflicting missions caused problems, and so recommend that its cyber-security responsibilities be removed to prevent future issues.
  • The memo requested a renewal of the legal warrant allowing GCHQ to “modify” commercial software in violation of licensing agreements. The document cites examples of software the agency had hacked, including commonly used software to run web forums, and website administration tools. Such software are widely used by companies and individuals around the world. The document also said the agency had developed “capability against Cisco routers”, which would “allow us to re-route selected traffic across international links towards GCHQ’s passive collection systems”. GCHQ had also been working to “exploit” the anti-virus software Kaspersky, the document said. The report contained no information on the nature of the vulnerabilities found by the agency.
  • Michael Beckerman, president and CEO of the Internet Association, a lobby group that represents Facebook, Google, Reddit, Twitter, Yahoo and other tech companies, said: “Just as governments have a duty to protect to the public from threats, internet services have a duty to our users to ensure the security and privacy of their data. That’s why internet services have been increasing encryption security.”
Paul Merrell

Declaration For The Americas Moves Toward Signing Without US And Canada - 0 views

www.mintpressnews.com/...204328

OAS Indigenous-people's-rights U.S.-foreign-policy

shared by Paul Merrell on 15 Apr 15 - No Cached
  • Negotiations held over the past 18 years toward resolving historic issues of land dispossession and conflicts over natural resources with indigenous peoples of the Americas are finally expected to reach consensus by May. “We were told there are some states very interested in getting the declaration done so we can move to another stage in the Organization of American States (OAS) and be able to enforce the rights recognized,” said Leonardo A. Crippa, a senior attorney for the Indian Law Resource Center in Washington. “It’s aiming to be completed by May so the text can be submitted for approval to the General Assembly of the OAS, which is meeting in D.C. in June.”
  • This process began in 1989, when the OAS General Assembly approved a resolution to ask the Inter-American Commission of Human Rights (IACHR) to prepare a declaration on the rights of indigenous people of North America, South America, Central America and the Caribbean. The IACHR submitted the first Draft American Declaration on the Rights of Indigenous Peoples in 1997. Also that year, the Indian Law Resource Center and other indigenous rights groups such as the Native American Rights Fund in Colorado petitioned the OAS to create a working group to discuss issues with member states and work toward reaching consensus on resolutions.
  • “We are doing our best to advise indigenous representatives, have discussions with the OAS, and compose language that is more defined than the U.N. Declaration [on the Rights of Indigenous Peoples] to reflect regional issues,” Crippa said. Yet, as Crippa notes, the United States and Canada, among other OAS states, have not accepted the jurisdiction of the Inter-American Court on Human Rights and continue to refuse to sign onto the draft declaration. A statement released by the U.S. delegation to the negotiations in March states: “The United States remains committed to addressing the urgent issues of indigenous peoples in the hemisphere, including combating societal discrimination against indigenous peoples, increasing indigenous participation in national political processes, addressing lack of infrastructure and poor living conditions in indigenous areas, and collaborating on issues of land rights and self governance.” It also notes that the U.S. “continues to believe the OAS can be mobilized to make a practical difference in the lives of indigenous peoples,” but reiterates that it refuses to sign the declaration.
  • ...4 more annotations...
  • The study also found that Brazil is the country with the greatest diversity of indigenous peoples in isolation, followed by Peru and Bolivia. The current version of the OAS declaration includes Article XXVI, agreed by consensus in 2005, specifically for indigenous peoples in voluntary isolation to have the right to remain in that condition and to live freely and in accordance with their cultures. “In most cases the key recommendation is to prevent contact either by state agencies, officials, non-government organizations or companies wanting to exploit resources of their lands,” Crippa said. Their ancestors lived on the land long before the current states even existed. Vulnerable and at risk of disappearing entirely, they cannot advocate for their own rights. The study cites the National Environment Commission of Peru’s findings that from 1950 to 1957 a total of 11 indigenous groups disappeared completely from the Amazon, and of those remaining, 18 are in grave danger of disappearing, as they each have fewer than 225 members.
  • “There are regional particulates that are unique and not defined in the U.N. Declaration [UNDRIP],” Crippa said. He used the example of people in the Americas living in voluntary isolation, emphasizing, “We need to protect these peoples from internal armed conflicts, such as in Colombia, where they’re caught in the middle of military, paramilitary and guerrilla forces. It’s a situation of a government of a country trying to control land of indigenous peoples without respect to their rights.” Indigenous peoples in voluntary isolation are groups or individuals who remain untouched by non-indigenous populations. They do not maintain contact with non-indigenous populations, may reject any type of contact, or may have chosen to return to their traditional culture and break relations with non-native societies in favor of maintaining their own ways of life. A provision to protect indigenous communities living in isolation has been approved in the OAS draft declaration, which has no corresponding provision in UNDRIP.
  • When efforts to resolve issues have failed to find remedy in their own country, the IACHR can be appealed to. All 35 member states of the OAS are under the jurisdiction of the IACHR, headquartered in Washington. No country can be a part of the OAS process without ratifying the OAS Charter. “All 35 member countries have signed the Declaration on the Rights and Duties of Man of 1948,” said Maria Isabel Rivera, director of Press and Publications for the IACHR. “This means the Commission analyzes all cases and petitions and monitors human rights situations in those countries under the light of the rights recognized in the Declaration.” Countries that have not ratified the convention include the Bahamas, Belize, Canada, Cuba, Guyana, St Kitts and Nevis, St. Lucia, St. Vincent and the Grenadines, and the U.S. Thus, cases originating in these countries cannot be brought to the Inter-American Court of Human Rights, but they can be brought to IACHR in a petition of injustice.
  • The OAS draft declaration recommends protections including legislation that specifically addresses indigenous rights to land, culture and self-determination, and training programs for state employees, who may encounter issues that affect communities living in voluntary isolation. It further recommends studies for projects which take into account people living in isolation nearby, and sanctions for those violating natural resources protections. It also calls for limiting commercial tourism in the territories of people living in voluntary isolation and urges companies, organizations and governments to work in coordination with indigenous groups which aim to protect indigenous rights toward free and prior consent. “Indigenous peoples have the right to maintain, express, and freely develop their cultural identity in all respects, free from any external attempt at assimilation,” the draft also states. “The States shall not carry out, adopt, support, or favor any policy to assimilate the indigenous peoples or to destroy their cultures.”
  • Paul Merrell on 15 Apr 15
     
    Did the U.S. refuse because it wishes to retain the option of exploiting indigenous peoples' lands? 
Gary Edwards

Columbine Survivor Pens Bold Open Letter to Obama Rejecting Gun Control: 'Whose Side Ar... - 0 views

www.theblaze.com/...-control-whose-side-are-you-on

Gun-Control second-amendment Evan-Todd

shared by Gary Edwards on 21 Feb 13 - No Cached
  • Gary Edwards on 21 Feb 13
     
    Amazing letter from Columbine survivor, Evan Todd, to Obama, explaining why Obama's gun control proposals are non sense. Evan Todd's open letter to Obama, below. - Mr. President, As a student who was shot and wounded during the Columbine massacre, I have a few thoughts on the current gun debate. In regards to your gun control initiatives: Universal Background Checks First, a universal background check will have many devastating effects. It will arguably have the opposite impact of what you propose. If adopted, criminals will know that they can not pass a background check legally, so they will resort to other avenues. With the conditions being set by this initiative, it will create a large black market for weapons and will support more criminal activity and funnel additional money into the hands of thugs, criminals, and people who will do harm to American citizens. Second, universal background checks will create a huge bureaucracy that will cost an enormous amount of tax payers dollars and will straddle us with more debt. We cannot afford it now, let alone create another function of government that will have a huge monthly bill attached to it. Third, is a universal background check system possible without universal gun registration? If so, please define it for us. Universal registration can easily be used for universal confiscation. I am not at all implying that you, sir, would try such a measure, but we do need to think about our actions through the lens of time. It is not impossible to think that a tyrant, to the likes of Mao, Castro, Che, Hitler, Stalin, Mussolini, and others, could possibly rise to power in America. It could be five, ten, twenty, or one hundred years from now - but future generations have the natural right to protect themselves from tyrannical government just as much as we currently do. It is safe to assume that this liberty that our forefathers secured has been a thorn in the side of would-be tyrants ever since the Second Amendmen
Paul Merrell

GCHQ taps fibre-optic cables for secret access to world's communications | UK news | gu... - 0 views

www.guardian.co.uk/...ecret-world-communications-nsa

surveillance state NSA GCHQ UK Snowden must-read

shared by Paul Merrell on 22 Jun 13 - No Cached
  • Britain's spy agency GCHQ has secretly gained access to the network of cables which carry the world's phone calls and internet traffic and has started to process vast streams of sensitive personal information which it is sharing with its American partner, the National Security Agency (NSA).The sheer scale of the agency's ambition is reflected in the titles of its two principal components: Mastering the Internet and Global Telecoms Exploitation, aimed at scooping up as much online and telephone traffic as possible. This is all being carried out without any form of public acknowledgement or debate.One key innovation has been GCHQ's ability to tap into and store huge volumes of data drawn from fibre-optic cables for up to 30 days so that it can be sifted and analysed. That operation, codenamed Tempora, has been running for some 18 months.
  • GCHQ and the NSA are consequently able to access and process vast quantities of communications between entirely innocent people, as well as targeted suspects.This includes recordings of phone calls, the content of email messages, entries on Facebook and the history of any internet user's access to websites – all of which is deemed legal, even though the warrant system was supposed to limit interception to a specified range of targets.The existence of the programme has been disclosed in documents shown to the Guardian by the NSA whistleblower Edward Snowden as part of his attempt to expose what he has called "the largest programme of suspicionless surveillance in human history"."It's not just a US problem. The UK has a huge dog in this fight," Snowden told the Guardian. "They [GCHQ] are worse than the US."
  • However, on Friday a source with knowledge of intelligence argued that the data was collected legally under a system of safeguards, and had provided material that had led to significant breakthroughs in detecting and preventing serious crime.Britain's technical capacity to tap into the cables that carry the world's communications – referred to in the documents as special source exploitation – has made GCHQ an intelligence superpower.By 2010, two years after the project was first trialled, it was able to boast it had the "biggest internet access" of any member of the Five Eyes electronic eavesdropping alliance, comprising the US, UK, Canada, Australia and New Zealand.UK officials could also claim GCHQ "produces larger amounts of metadata than NSA". (Metadata describes basic information on who has been contacting whom, without detailing the content.)By May last year 300 analysts from GCHQ, and 250 from the NSA, had been assigned to sift through the flood of data.The Americans were given guidelines for its use, but were told in legal briefings by GCHQ lawyers: "We have a light oversight regime compared with the US".
  • ...8 more annotations...
  • When it came to judging the necessity and proportionality of what they were allowed to look for, would-be American users were told it was "your call".The Guardian understands that a total of 850,000 NSA employees and US private contractors with top secret clearance had access to GCHQ databases.
  • For the 2 billion users of the world wide web, Tempora represents a window on to their everyday lives, sucking up every form of communication from the fibre-optic cables that ring the world.The NSA has meanwhile opened a second window, in the form of the Prism operation, revealed earlier this month by the Guardian, from which it secured access to the internal systems of global companies that service the internet.The GCHQ mass tapping operation has been built up over five years by attaching intercept probes to transatlantic fibre-optic cables where they land on British shores carrying data to western Europe from telephone exchanges and internet servers in north America.This was done under secret agreements with commercial companies, described in one document as "intercept partners".The papers seen by the Guardian suggest some companies have been paid for the cost of their co-operation and GCHQ went to great lengths to keep their names secret. They were assigned "sensitive relationship teams" and staff were urged in one internal guidance paper to disguise the origin of "special source" material in their reports for fear that the role of the companies as intercept partners would cause "high-level political fallout".
  • "The criteria are security, terror, organised crime. And economic well-being. There's an auditing process to go back through the logs and see if it was justified or not. The vast majority of the data is discarded without being looked at … we simply don't have the resources."However, the legitimacy of the operation is in doubt. According to GCHQ's legal advice, it was given the go-ahead by applying old law to new technology. The 2000 Regulation of Investigatory Powers Act (Ripa) requires the tapping of defined targets to be authorised by a warrant signed by the home secretary or foreign secretary.However, an obscure clause allows the foreign secretary to sign a certificate for the interception of broad categories of material, as long as one end of the monitored communications is abroad. But the nature of modern fibre-optic communications means that a proportion of internal UK traffic is relayed abroad and then returns through the cables.
  • The categories of material have included fraud, drug trafficking and terrorism, but the criteria at any one time are secret and are not subject to any public debate. GCHQ's compliance with the certificates is audited by the agency itself, but the results of those audits are also secret.An indication of how broad the dragnet can be was laid bare in advice from GCHQ's lawyers, who said it would be impossible to list the total number of people targeted because "this would be an infinite list which we couldn't manage".There is an investigatory powers tribunal to look into complaints that the data gathered by GCHQ has been improperly used, but the agency reassured NSA analysts in the early days of the programme, in 2009: "So far they have always found in our favour".
  • Historically, the spy agencies have intercepted international communications by focusing on microwave towers and satellites. The NSA's intercept station at Menwith Hill in North Yorkshire played a leading role in this. One internal document quotes the head of the NSA, Lieutenant General Keith Alexander, on a visit to Menwith Hill in June 2008, asking: "Why can't we collect all the signals all the time? Sounds like a good summer project for Menwith."By then, however, satellite interception accounted for only a small part of the network traffic. Most of it now travels on fibre-optic cables, and the UK's position on the western edge of Europe gave it natural access to cables emerging from the Atlantic.
  • The processing centres apply a series of sophisticated computer programmes in order to filter the material through what is known as MVR – massive volume reduction. The first filter immediately rejects high-volume, low-value traffic, such as peer-to-peer downloads, which reduces the volume by about 30%. Others pull out packets of information relating to "selectors" – search terms including subjects, phone numbers and email addresses of interest. Some 40,000 of these were chosen by GCHQ and 31,000 by the NSA. Most of the information extracted is "content", such as recordings of phone calls or the substance of email messages. The rest is metadata.
  • The GCHQ documents that the Guardian has seen illustrate a constant effort to build up storage capacity at the stations at Cheltenham, Bude and at one overseas location, as well a search for ways to maintain the agency's comparative advantage as the world's leading communications companies increasingly route their cables through Asia to cut costs. Meanwhile, technical work is ongoing to expand GCHQ's capacity to ingest data from new super cables carrying data at 100 gigabits a second. As one training slide told new users: "You are in an enviable position – have fun and make the most of it."
  • British spy agency collects and stores vast quantities of global email messages, Facebook posts, internet histories and calls, and shares them with NSA, latest documents from Edward Snowden reveal
  • Paul Merrell on 22 Jun 13
     
    Note particularly that the Brit criteria adds economic data to the list of categories categories the NSA trawls for and shares its data with the U.S. NSA. Both agencies claim to be targeting foreigners, so now we're into the "we surveil your citizens; you surveil our citizens, then we'll share the results" scenario that leaves both sides of the pond with a superficial excuse to say "we don't surveil our own citizens, just foreigners." But it's just ring-around-the-rosy. 850,000 NSA employees and U.S. private contractors with access to GCHQ surveillance databases.  Lots more in the article that I didn't highlight.
Paul Merrell

US Corporations Used Personal Armies To Uproot, Terrorize Colombia - 0 views

www.mintpressnews.com/...222821

war & peace corporate-wars Columbia Coke Chiquita BP United-Fruit

shared by Paul Merrell on 07 Dec 16 - No Cached
  • Some of the numerous foreign corporations accused of serious human rights abuses in Colombia include fruit companies Dole, Del Monte, and Chiquita, agribusiness giant Cargill, and other representatives of the fossil fuel industry like Texaco (formerly Texas Petroleum Company) and Exxon Mobil. Heeding corporate orders, paramilitary groups murdered union and labor rights activists, tortured and terrorized countless indigenous and Afro-Colombian people, and devastated entire villages of subsistence farmers to make way for mining, fossil fuel extraction, or plantations that would bring massive profits to foreign corporations. The Colombian military — and, in at least one high-profile massacre, the U.S. military — sometimes lent a hand in these human rights crimes. “Every human rights person I work with in Colombia believes the peace process is a necessary precondition” to ending corporate exploitation of Colombia, Dan Kovalik, a human rights and labor rights lawyer who teaches at the University of Pittsburgh School of Law, told MintPress News.
  • In court, “Chiquita admitted to paying paramilitaries and giving them 3,000 Kalashnikov rifles between 1997 and 2004,” Kovalik said. Chiquita allied with the United Auto-Defense Forces of Colombia (AUC), one of the country’s most violent paramilitary groups, Steven Cohen noted in a report for ThinkProgress in 2014. The AUC, a group once designated as a terrorist group by the U.S. government, is responsible for thousands of deaths in Colombia. It turns out that Chiquita had been playing both sides of the conflict. Cohen reported: “By its own account, Chiquita made at least 100 payments — $1.7 million in total — to the AUC between 1997 and 2004. In the decade prior to that, the company had maintained a similar arrangement with the Revolutionary Armed Forces of Colombia (FARC), the nominally leftist rebel group chased out of the region by the combined (and coordinated) efforts of the AUC and Colombian military.”
  • “There’s been some recent reports that [Chiquita’s funding of paramilitaries] may have continued until very recently through a subsidiary,” Kovalik added. While these allegations remain unproven in court, they do suggest a staggering number of victims. Multiple lawsuits were consolidated in 2011, accusing Chiquita of being involved in the killings of as many as 4,000 Colombian nationals. While the evidence is clearest in the case of Chiquita, other international banana growers are suspect as well. “According to Salvatore Mancuso, a high-ranking paramilitarian in U.S. prison, Dole and Del Monte also worked with the paramilitaries,” Kovalik said. “All the banana companies have.” Mancuso is currently serving a 15-year sentence in a federal prison and has been spoken openly about the influence that corporations like Chiquita hold in Colombia.
  • ...6 more annotations...
  • The influence of banana growers in Colombia pre-dates the ongoing civil war. In 1928, the Colombian government brutally shut down a strike by United Fruit Company banana pickers under threat from the U.S. government. Some estimates put the death toll from the military action as high as 2,000, including workers, women and children. United Fruit was once one of the most powerful corporations in the world, manipulating the governments and economies of multiple Latin American countries. Chiquita was a trademark of United Fruit until 1990, when the company renamed itself Chiquita Brands International in an effort to rehabilitate its image. (Chiquita was purchased by two Brazilian companies in 2015, and is now headquartered in Switzerland.)
  • “It should be noted under the peace agreement, at least the one that went down in October, Coca-Cola was one of the companies named [that will be] subjected to further investigation for paramilitary ties,” Kovalik said. Coca-Cola, or at least its Colombian bottlers, have also been linked to paramilitary groups and human rights abuses. The bottlers and the company’s Atlanta headquarters have faced multiple lawsuits over attacks on union organizers. A 2010 documentary, “The Coca-Cola Case,” focused on the soda giant’s role in turning Colombia into the “trade union murder capital of the world,” June Chua wrote in a review for Rabble.ca that year.
  • Colombia is rich with resources that foreign corporations are eager to exploit, particularly in the mining, agriculture, and biofuels industries. “Mining is probably the biggest threat now to indigenous people, Afro-Colombians and peasants, and will continue to be as the peace agreement goes forward,” Kovalik added. Justin Podur, an author and global political analyst, told MintPress that Colombian human rights activists frequently say that “displacement in Colombia is not a side effect of the war, it’s really the point of the war.” Whether by design or coincidence, decades of unrest created fertile ground for profit.
  • In one of the most shocking examples of fossil fuel companies supporting the death and displacement of Colombian people, Kovalik highlighted the “the Santo Domingo massacre, in which Occidental Petroleum were part of an operation to bomb the Santo Domingo community.”
  • In a 2005 article for Z Net on the massacre, Kovalik and Luis Galvis explained: “On December 13, 1998, in what has become one of the most notorious war crimes in Colombia, the hamlet of Santo Domingo was attacked by a U.S. cluster bomb from a Colombian Air Force helicopter. Seventeen civilians, including 7 children, were killed as a result of the bombing.” In 2002, the Los Angeles Times revealed that the bombing had actually been carried out at the behest of, and with the assistance of, the Houston-based oil company which had its headquarters in Los Angeles at the time. Times staff writer T. Christian Miller wrote: “Los Angeles-based Occidental Petroleum, which runs an oil complex 30 miles north of Santo Domingo, provided crucial assistance to the operation. It supplied, directly or through contractors, troop transportation, planning facilities and fuel to Colombian military aircraft, including the helicopter crew accused of dropping the bomb.”
  • And, earlier this year, Gilberto Torres, a Colombian union activist, sued BP in London. He alleges that in 2002, he was kidnapped and tortured for 42 days by paramilitaries who were following orders from the oil giant.
Paul Merrell

Mozilla Wants Heads-Up From FBI on Tor Browser Hack - 0 views

theintercept.com/...p-from-fbi-on-tor-browser-hack

surveillance state Firefox Tor zero-day-exploits FBI

shared by Paul Merrell on 31 May 16 - No Cached
  • The maker of the Firefox browser is wading into an increasingly contentious court battle over an undisclosed security vulnerability the FBI used to track down anonymous users of a child-porn site. The FBI took over a dark web child-pornography site called Playpen last year and, rather than shut it down, used a secret, still-undisclosed vulnerability in the Tor Browser to install malware on the computers of more than 1,000 users that allowed the FBI to determine their locations. But in Tacoma, Washington, lawyers for a school administrator caught in the dragnet have successfully demanded the right to review the malware in order to pursue their argument that it, rather than he, was responsible for the illicit material ending up on his computer. The Tor Browser is a free browser that shields a user’s identity. It is also based on code from the Firefox browser. Mozilla, the organization behind Firefox, has long worried that the Tor Browser vulnerability might still be out there, could be exploited by bad actors, and could exist in Firefox, which is much more widely used than the Tor Browser.
  • So while it seems likely that the FBI will go to great lengths not to turn over the code – possibly dropping the case altogether – Mozilla’s top lawyer, Denelle Dixon-Thayer, is now arguing “that the government must disclose the vulnerability to us before it is disclosed to any other party.” She explained: “Court ordered disclosure of vulnerabilities should follow the best practice of advance disclosure that is standard in the security research community. In this instance, the judge should require the government to disclose the vulnerability to the affected technology companies first, so it can be patched quickly.” Dixon-Thayer noted that Mozilla isn’t taking sides, pro- or anti-disclosure. It just wants to make sure that if there is disclosure, Mozilla gets it first. Here is the legal brief Mozilla filed on Wednesday. The issue of when the government should disclose security vulnerabilities is a hotly contested issue outside the courtroom as well.
  • The Obama administration’s policy is that when the government learns of a new flaw, it has to submit the flaw to an interagency group. The White House says that group has a “strong bias” toward disclosure to vendors so that they can fix them, rather than just letting the agencies keep the flaws secret and continue to use them. But the evidence suggests that is not the case.
Paul Merrell

The Orlando massacre: the lies, the exploitation and unasked questions | The Vineyard o... - 0 views

thesaker.is/oitation-and-unasked-questions

war & peace Orlando false-flag

shared by Paul Merrell on 18 Jun 16 - No Cached
  • The “Islamic homophobe” thesis bites the dust in less than 24 hours Right from the start, the Orlando shooting made no sense to me and I said so pretty clearly in an article I posted the same day. You can read the full article here, so I will only mention my main conclusion: that this event had nothing to do with homosexuality, Islam or guns and that: If this is not about homosexuality, Islam or guns, what is it about? It is about making us believe that is is about homosexuality, Islam and guns, of course! Less than 24 hours later, two of the key aspects of the official narrative (really, “spin”) are now already falling apart. Homophobia The MSM was full of articles denouncing the alleged “homophobia” of the shooter. Even the so-called “alternative” or “independent” echoed this nonsense (see here and here). And now we find out that the shooter himself was a homosexual and that he used “gay dating apps”. So unless we now re-brand Omar Mateen as a “self-hating homosexual” it will be hard to spin this one as a “homophobic hate crime”.
  • Islam It gets better. While most of us have now heard that Omar Mateen was a Muslim and that he had pledged allegiance to Daesh. It now turns out that he did pledged allegiance to both ISIS and Hezbollah! It might be useful to repeat here that while nominally both ISIS and Hezbollah are “Muslim”, the ISIS Takfiris consider Shia as kufars, as apostates, who betrayed true Islam and turned to idolatry. They also consider them “Iranian agents”. As for Hezbollah, they are The Number One (all in caps) enemy of Daesh/ISIS gang and they refer to these Takfiri maniacs as “devils” (shaitan). What this means is simple and leaves only a few options: Either Omar Mateen knew nothing about Islam Or Omar Mateen was coerced into making this statement and he deliberately made it absurd Or Omar Mateen never said any such thing Pick your favorite hypothesis, but what is darn certain is that the contents of his alleged statement leave the “Islamic theory” shattered into pieces. There is simply absolutely no way any real Muslim would simultaneously pledged allegiance to ISIS and Hezbollah at the same time. (Oh sure, visceral Islam-haters will still claim that Islam is to blame, just as Putin-haters will blame Putin, Jew haters will blame Jews, etc. but the factual basis of the “Islamic theory” is now gone).
Paul Merrell

N.S.A. Devises Radio Pathway Into Computers - NYTimes.com - 1 views

www.nytimes.com/...not-connected-to-internet.html

surveillance state NSA NSA-capabilities air-gap-penetration must-read

shared by Paul Merrell on 16 Jan 14 - No Cached
  • The National Security Agency has implanted software in nearly 100,000 computers around the world that allows the United States to conduct surveillance on those machines and can also create a digital highway for launching cyberattacks.While most of the software is inserted by gaining access to computer networks, the N.S.A. has increasingly made use of a secret technology that enables it to enter and alter data in computers even if they are not connected to the Internet, according to N.S.A. documents, computer experts and American officials.The technology, which the agency has used since at least 2008, relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers. In some cases, they are sent to a briefcase-size relay station that intelligence agencies can set up miles away from the target.
  • The radio frequency technology has helped solve one of the biggest problems facing American intelligence agencies for years: getting into computers that adversaries, and some American partners, have tried to make impervious to spying or cyberattack. In most cases, the radio frequency hardware must be physically inserted by a spy, a manufacturer or an unwitting user.
  • The N.S.A. and the Pentagon’s Cyber Command have implanted nearly 100,000 “computer network exploits” around the world, but the hardest problem is getting inside machines isolated from outside communications.
  • ...8 more annotations...
  • the program, code-named Quantum, has also been successful in inserting software into Russian military networks and systems used by the Mexican police and drug cartels, trade institutions inside the European Union, and sometime partners against terrorism like Saudi Arabia, India and Pakistan, according to officials and an N.S.A. map that indicates sites of what the agency calls “computer network exploitation.”“What’s new here is the scale and the sophistication of the intelligence agency’s ability to get into computers and networks to which no one has ever had access before,” said James Andrew Lewis, the cybersecurity expert at the Center for Strategic and International Studies in Washington. “Some of these capabilities have been around for a while, but the combination of learning how to penetrate systems to insert software and learning how to do that using radio frequencies has given the U.S. a window it’s never had before.”
  • A program named Treasure Map tried to identify nearly every node and corner of the web, so that any computer or mobile device that touched it could be located.
  • Over the past two months, parts of the program have been disclosed in documents from the trove leaked by Edward J. Snowden, the former N.S.A. contractor. A Dutch newspaper published the map of areas where the United States has inserted spy software, sometimes in cooperation with local authorities, often covertly. Der Spiegel, a German newsmagazine, published the N.S.A.'s catalog of hardware products that can secretly transmit and receive digital signals from computers, a program called ANT. The New York Times withheld some of those details, at the request of American intelligence officials, when it reported, in the summer of 2012, on American cyberattacks on Iran.
  • A 2008 map, part of the Snowden trove, notes 20 programs to gain access to big fiber-optic cables — it calls them “covert, clandestine or cooperative large accesses” — not only in the United States but also in places like Hong Kong, Indonesia and the Middle East. The same map indicates that the United States had already conducted “more than 50,000 worldwide implants,” and a more recent budget document said that by the end of last year that figure would rise to about 85,000. A senior official, who spoke on the condition of anonymity, said the actual figure was most likely closer to 100,000.
  • The N.S.A.'s efforts to reach computers unconnected to a network have relied on a century-old technology updated for modern times: radio transmissions.In a catalog produced by the agency that was part of the Snowden documents released in Europe, there are page after page of devices using technology that would have brought a smile to Q, James Bond’s technology supplier.
  • One, called Cottonmouth I, looks like a normal USB plug but has a tiny transceiver buried in it. According to the catalog, it transmits information swept from the computer “through a covert channel” that allows “data infiltration and exfiltration.” Another variant of the technology involves tiny circuit boards that can be inserted in a laptop computer — either in the field or when they are shipped from manufacturers — so that the computer is broadcasting to the N.S.A. even while the computer’s user enjoys the false confidence that being walled off from the Internet constitutes real protection.The relay station it communicates with, called Nightstand, fits in an oversize briefcase, and the system can attack a computer “from as far away as eight miles under ideal environmental conditions.” It can also insert packets of data in milliseconds, meaning that a false message or piece of programming can outrace a real one to a target computer. Similar stations create a link between the target computers and the N.S.A., even if the machines are isolated from the Internet.
  • Computers are not the only targets. Dropoutjeep attacks iPhones. Other hardware and software are designed to infect large network servers, including those made by the Chinese.Most of those code names and products are now at least five years old, and they have been updated, some experts say, to make the United States less dependent on physically getting hardware into adversaries’ computer systems.
  • But the Stuxnet strike does not appear to be the last time the technology was used in Iran. In 2012, a unit of the Islamic Revolutionary Guards Corps moved a rock near the country’s underground Fordo nuclear enrichment plant. The rock exploded and spewed broken circuit boards that the Iranian news media described as “the remains of a device capable of intercepting data from computers at the plant.” The origins of that device have never been determined.
  • Paul Merrell on 16 Jan 14
     
    Even radio transceivers emplanted in USB jacks. So now to be truly secure, we need not only an air gap but also a Faraday cage protecting the air gap. 
‹ Previous 21 - 40 of 170 Next › Last »
Showing 20 items per page